Daniel Moore - Offensive Cyber Operations

OFFENSIVE CYBER OPERATIONS

DANIEL MOORE

Offensive Cyber Operations

Understanding Intangible Warfare

HURST & COMPANY, LONDON

First published in the United Kingdom in 2022 by

C. Hurst & Co. (Publishers) Ltd.,

New Wing, Somerset House, Strand, London, WC2R 1LA

Daniel Moore, 2022

All rights reserved.

The right of Daniel Moore to be identified as the author of this publication is asserted by him in accordance with the Copyright, Designs and Patents Act, 1988.

A Cataloguing-in-Publication data record for this book is available from the British Library.

This book is printed using paper from registered sustainable and managed sources.

ISBN: 9781787385610

www.hurstpublishers.com

CONTENTS

ABSTRACT

Cyber-warfare is often discussed and rarely seen. Operations against networks mostly fall below the required threshold, and instead are varying criminal acts or peacetime intelligence gathering missions. To use cyber-warfare effectively, it is essential to distinguish where it begins and ends. The spectre of cyberwar can and should be turned into a spectrum of offensive cyber operations, or OCOs. There is so much to learn by piecing together operational history, public analysis of capabilities, and existing military thought. By exploring the idea of intangible warfareconflict waged through non-physical means such as the information space and the electromagnetic spectrumexisting operational and strategic concepts can be adapted rather than reinvented.

While OCOs are often discussed as a monolithic operational space, they can usefully be divided into presence-based and event-based operations. The former are strategic capabilities that begin with lengthy network intrusions and conclude with an offensive objective. The latter are directly-activated tactical tools that can be field-deployed to immediately create localised effects. This top-level distinction is abstract enough to be usable by military planners and researchers, but specific enough to create two meaningful categories. This book seeks to show how OCOs can contribute to the overall military effort. The first four chapters explore theory, strategy, and the practicalities of different OCOs. The next four chapters are then dedicated to an in-depth examination of OCO strategy demonstrated by the United States, Russia, China, and Iran. Each of the four countries exhibits a unique approach to intangible warfare stemming from differences in culture, resources, history, and circumstance. The case studies help clarify the relative advantages and disadvantages of each country and how it stands to benefit by better employing OCOs within a military context.

ACKNOWLEDGEMENTS

This book was originally submitted as my PhD thesis at the War Studies Department at Kings College London. I owe a great deal of my approach to tackling academic issues in network operations to Thomas Rid, who inspired me through his own writing to carve my own unique space where I could feel my contribution would actually matter. I took his Masters level Cyber Security class in 2012which I would later end up teachingwhere I first encountered cyber as an academic discipline sorely in need of thoughtful, cautious contributions. Im also deeply thankful to Ben Buchanan, who I originally met as a fellow PhD researcher under Thomas, for all his help in turning interesting ideas into coherent analysis.

Over the years numerous people have engaged with and provided critique of my ideas. I couldnt possibly include them all, but Id like to thank Richard Bejtlich, Rob Lee, Max Smeets, Alessio Patalano, David Omand, and Tim Stevens for fascinating conversations that helped to shape key portions of this work. My entire team at iDefense, including Valentino De Sousa, Annabel Jamieson, Christy Quinn, and Charlie Gardner, had to endure numerous rants on offensive operations, whether willingly or otherwise. They not only humoured me but contributed thoughtful ideas, advice, and their own expertise.

One of the greatest experiences Ive had was teaching the Cyber Security class at Kings College London for three years. Throughout those years I met some incredible students who would often go on to find their own places in information security. They were often unwitting but extremely helpful participants in an elaborate experiment to test my ideas against versatile cohorts of critical thinkers, and my work was all the better for it.

Though perhaps not a personal acknowledgement per se, I owe thanks to all those who cover network operations across all angles. This books bibliography is a testament to how multi-disciplinary the field has to be. The sources range broadly between journalists, policy makers, academics, strategists, threat intelligence analysts, and many others. There is simply no other way for the field to thrive, and it is worth acknowledging just how essential the different perspectives are for complete (or near-complete) analysis.

I owe the biggest thank you of all to my wife, Nitzan. The word support does not do her role justice; she is the main reason I maintained my sanity as I attempted to navigate first a full-time job alongside my PhD, and later alongside completing a book, all the while parenting our baby daughter Natalie through a global pandemic. Beyond all that, our long conversations around the key themes in this book resulted in some of the most profound changes to its structure. Her candid feedback allowed me to truly test if my concepts were reasonable to those who do not live and breathe cyber every day.

LIST OF ABBREVIATIONS

INTRODUCTION

Computing is an indispensable facet of modern military operations, but attacks against computers have yet to deliver on the promise of revolutionising warfare. Intelligence collection, command and control, guidance, and weapons platforms themselves are all aided by networks. Even as networks have become pivotal in enabling joint operations, the spectre of cyberwarenvisioning battles waged between and against networkshas yet to come to fruition; war remains innately kinetic. The arrival of the twenty-first century heralded the explosive rise of the cyber-warfare narrative, but its actual utility in warfare is often unclear. It is imperative for strategic intent to lead the use of technology, rather than have technology create de facto strategies. In essence we ask, what limits military forces from realising the potential of cyber-warfare, and how could these limitations be mitigated?