A long draught (almost a month) in this blog is finally coming to an end after I had some great conversations with good friends at the cyber un-conference here in Israel. One of the obvious discussions is around the use of the term cyber (surprise). The general agreement is that the term has been violated pretty badly by security consulting firms and vendors trying to jump on the “cyber” bandwagon without a slim clue of what they are talking about (another shocker!).
But seriously now, we are all to blame for using the term once in a while (yours truly not excluded), while we all refer to different things. So, let’s try to get some order in the media hype and understand (at least the way I see it) what is this cyber we are talking about.
Disclaimer: this is what I believe that Cyber actually refers to. Your mileage may vary…
For me, cyber starts from way up. Beyond technology and Internet, and even beyond warfare and conflict. Cyber is first and foremost a domain. Much like air, land, sea, and space. A domain is (from the Merriam-Webster dictionary):
1. a. complete and absolute ownership of land
b. land so owned
2. a territory over which dominion is exercised
As such, domains that are not under the direct ownership, are treated by sovereign countries as first and foremost economical factors that affect their well-being. Most importantly, shared, or international domains are crucial to enabling international trade, communication, travel and freedom (especially air, sea and space). Such domains are referred to as “global commons“.
Now think of the Internet and the underlying parts that make it work. Computers, network equipment, cabling, satellite communications and other elements that are owned by a variety of private companies, governments, and are under different jurisdictions around the world. Because it is so hard to pinpoint the ownership of a specific part of the Internet, it is much simpler to treat it as a general domain, and as such, a global common. This is exactly how most modern countries act, and how it, much like the other global commons, became an element of conflicts when such countries escalate diplomatic efforts into actions. A good example of how this works can be seen in the work that NATO are putting to address this exact question. Note how a lot of the efforts are placed first on the legal and cooperative elements before addressing the battlefield (NATO and Cyber Defense – PDF) .
So we went from an economical domain that supports communications, trade and information, to an element which countries may use as part of their available conflict management against other countries. Enter: cyberwar. What most abuses of the term these days do not take into account, that cyberwar, much like airwar, seawar, spacewar and landwar is almost never a singular element in a conflict. It is part of a larger strategy and a mean of affecting diplomatic efforts to achieve some goal at a national or international level. Hence, cyber-weapons are never products or pieces of software, but more generally tactics that are deployed in order to gain an advantage in the cyber common in conjunction with other tactics and strategies used in other domains.
I’m sorry that this isn’t the “sexy” cool thing that some consultant that used to do vulnerability assessments is trying to pitch to you, or some product that a vendor is trying to sell you in preparation to the imminent cyberwar that will erupt any minute now and eject all the CD trays of the PCs in your organization. It’s more in the lines of a broader understanding of what elements that would be used in the cyber common would affect us as individuals, organizations, cultures and countries that we should be concerned about. It’s more about how countries are developing capabilities that would be used to gain an advantage over their adversaries in diplomatic conflicts. Whether on an ongoing basis – much like “normal” spying and intelligence gathering is done in times of peace, or in times when more active measures are taken.
The bottom line is that the “Cyber” term is first handled at the higher levels which may have nothing to do with some virus or worm hitting a nuclear plant, and only then translated to the tactics used to protect or attack assets which have some manifestation in that domain.
Now we can all get back to abusing the term. At least we knowhow we are going to abuse it :-).