Richard Bejtlich's blog on digital security, strategic thought, and military history.
Updated PhD Thesis Title
Yesterday I posted Latest PhD Thesis Title and Abstract
. One of my colleagues Ben Buchanan subsequently contacted me via Twitter and we exchanged a few messages. He prompted me to think about the title.
Later I ruminated on the title of a recent book by my advisor, Dr. Thomas Rid. He wrote Cyber War Will Not Take Place
. One of the best parts of the book is the title. In six words you get his argument as succinctly as possible. (It could be five words if you pushed "cyber" and "war" together, but the thought alone makes me cringe, in the age of cyber-everything.)
I wondered if I could transform my latest attempt at a thesis title into something that captured my argument in a succinct form.
I thought about the obsession of the majority of the information security community on the tool and tactics level of war. Too many technicians think about security as a single-exchange contest between an attacker and a defender, like a duel.
That reminded me of a problem I have with Carl von Clausewitz's definition of war.We shall not enter into any of the abstruse definitions of war used by publicists. We shall keep to the element of the thing itself, to a duel. War is nothing but a duel on an extensive scale.
- On War, Chapter 1
Clausewitz continues by mentioning "the countless number of duels which make up a war," and then makes his famous statement that "War therefore is an act of violence to compel our opponent to fulfill our will." However, I've never liked the tactically-minded idea that war is a "duel."
This concept, plus the goal to deliver a compact argument, inspired me to revise my thesis title and subtitle to the following:Campaigns, Not Duels: The Operational Art of Cyber Intrusions
In the first three words I deliver my argument, and in the subtitle I provide context by including my key perspective ("operational art"), environment ("cyber," yes, a little part of me is dying, but it's a keyword), and "intrusions."
When I publish the thesis as a book in 2018, I hope to use the same words in the book title.
Latest PhD Thesis Title and Abstract
In January I posted Why a War Studies PhD
? I recently decided to revise my title and abstract to include attention to both offensive and defensive aspects of intrusion campaigns.
I thought some readers might be interested in reading about my current plans for the thesis, which I plan to finish and defend in early 2018.
The following offers the title and abstract for the thesis.
Network Intrusion Campaigns: Operational Art in Cyberspace Campaigns, Not Duels: The Operational Art of Cyber Intrusions*
Intruders appear to have the upper hand in cyberspace, eroding users' trust in networked organizations and the data that is their lifeblood. Three assumptions prevail in the literature and mainstream discussion of digital intrusions. Distilled, these assumptions are that attacks occur at blinding speed with immediate consequences, that victims are essentially negligent, and that offensive initiative dominates defensive reaction.
This thesis examines these assumptions through two research questions. First, what characterizes network intrusions at different levels of war? Second, what role does operational art play in network intrusion campaigns?
By analyzing incident reports and public cases, the thesis refutes the assumptions and leverages the results to improve strategy.
The thesis reveals that strategically significant attacks are generally not "speed-of-light" events, offering little chance for recovery. Digital defenders are hampered by a range of constraints that reduce their effectiveness while simultaneously confronting intruders who lack such restrictions. Offense does not necessarily overpower defense, constraints notwithstanding, so long as the defenders conduct proper counter-intrusion campaigns.
The thesis structure offers an introduction to the subject, and an understanding of cybersecurity challenges and trade-offs. It reviews the nature of digital intrusions and the levels of war, analyzing the interactions at the levels of tools/tactics/technical details, operations and campaigns, and strategy and policy. The thesis continues by introducing historical operational art, applying lessons from operational art to network intrusions, and applying lessons from network intrusions to operational art. The thesis concludes by analyzing the limitations of operational art in evolving digital environments.
*See the post Updated PhD Thesis Title
for details on the new title.
Air Force Enlisted Ratings Remain Dysfunctional
This weekend Vago Muradian interviewed
Lt Gen (ret) David Deptula, most famous for his involvement as a key planner for the Desert Storm air campaign.
I recommend watching the entire video, which is less than 8 minutes long. Three aspects caught my attention. I will share them here.
First, Lt Gen Deptula said that Desert Storm introduced five changes to the character of warfare. I noted that he used the term "character," and not "nature." If you are a student of warfare and/or strategy, you are most likely in the camp that says warfare has an unchanging nature, although its character can change. This is the Clausewitz legacy. A minority camp argues that warfare can change both nature and character.
Second, turning to the five changes introduced by Desert Storm, Lt Gen Deptula listed the following.
1. Desert Storm introduced "expectations of low casualties, for both sides
." I agree with the expectation of low casualties for the US, but I don't think low Iraqi casualties were a primary concern. One could argue that stopping the war during the "highway of death" showed the US didn't want to inflict large casualties on the Iraqi forces, but I still think low casualties were primarily a concern for US troops.
2. Desert Storm "normalized precision."
Even though a minority of the ordnance delivered during the war were precision weapons, their use steadily increased throughout all later conflicts.
3. Desert Storm introduced joint and combined organization and execution
. This was indeed quite a step forward, although I recall reading that that USMC airpower took measures to remain as separate as possible.
4. Desert Storm put the concepts of "effect-based operations" into action.
There is no doubt about this one. Lt Gen Deptula talks about a disagreement with Gen Schwartzkopf's staff concerning disabling the Iraqi power grid. Air power achieved the effect of disabling the grid within 3-4 days, but Schwartzkopf's team used traditional attritional models, noting that less than a certain percentage of destruction mean mission failure. Deptula was right; they were wrong.
5. Desert Storm was the first major conflict where airpower was the centerpiece and key force.
Call me biased, and no disrespect to the land forces in the Gulf, but I agree with this one.
The third and final noteworthy element of the interview involved Lt Gen Deptula's opinion of Islamic State. He said "it's not an insurgency. IS is a state." He said IS possesses the five elements of a state, namely:
2. Key essential systems
5. Fielded military forces
I agree with his assessment. I also believe that Western leaders are unwilling to grant IS the legitimacy of it being a state, so they persist in calling IS names like ISIS, ISIL, Daesh, and so on. I see no problem with that approach, since it incorporates political sensitivities. However, that approach also aggravates the perception that Western leaders are out of touch with reality.