Information Operations (IO) is an Operational Risk Management
priority in both the public and private sector these days. Is it lawful
for a U.S. company and U.S. citizens to train and perform cyber warfare
activities on behalf of a foreign country?
Flashback to 2012, The Washington Post reports:
By Ellen Nakashima, Published: November 22
As an example, in the context of the digital attacker we have Sandia Labs Taxonomy:
If we look at the categories that make up the entire "Incident" that Sandia Labs has utilized, we see the following:
By Ellen Nakashima, Published: November 14
Once we have accomplished this fundamental understanding, then true Critical Infrastructure Protection (CIP) cooperation and coordination will occur.
Flashback to 2012, The Washington Post reports:
By Ellen Nakashima, Published: November 22
"In the spring of 2010, a sheik in the government of Qatar began talks with the U.S. consulting company Booz Allen Hamilton about developing a plan to build a cyber-operations center. He feared Iran’s growing ability to attack its regional foes in cyberspace and wanted Qatar to have the means to respond.A common taxonomy was developed years ago for the cyber terms of the computer and network incident domain. Now we need to make sure we all understand what we mean when we say Information Operations policy as it pertains to the digital world.
Several months later, officials from Booz Allen and partner firms met at the company’s sprawling Tysons Corner campus to review the proposed plan. They were scheduled to take it to Doha, the capital of the wealthy Persian Gulf state.
That was when J. Michael McConnell, then a Senior Vice-President at Booz Allen and former Director of National Intelligence in the George W. Bush administration, learned that Qatar wanted U.S. personnel at the keyboards of its proposed cyber-center, potentially to carry out attacks on regional adversaries.
“Are we talking about actually conducting these operations?” McConnell asked, according to several people at the meeting. When someone said that was the idea, McConnell uttered two words: “Hold it.”
As an example, in the context of the digital attacker we have Sandia Labs Taxonomy:
- Hacker
- Spies
- Terrorists
- Corporate Raiders
- Professional Criminals
- Vandals
- Voyeurs
If we look at the categories that make up the entire "Incident" that Sandia Labs has utilized, we see the following:
- Attackers
- Tool
- Vulnerability
- Action
- Target
- Unauthorized Results
- Objectives
- Challenge, Status, Thrill
- Political Gain
- Financial Gain
- Damage
- Existence addresses the question of who is hostile to the assets of concern?
- Capability addresses the question of what weapons have been used in carrying out past attacks?
- History addresses the question of what has the potential threat element (aggressor) done in the past and how many times?
- Intention addresses the question of what does the potential threat element hope to achieve?
- Targeting addresses the question of do we know if an aggressor is performing surveillance on our assets?
By Ellen Nakashima, Published: November 14
President Obama has signed a secret directive that effectively enables the military to act more aggressively to thwart cyberattacks on the nation’s web of government and private computer networks.
Presidential Policy Directive 20 establishes a broad and strict set of standards to guide the operations of federal agencies in confronting threats in cyberspace, according to several U.S. officials who have seen the classified document and are not authorized to speak on the record. The president signed it in mid-October. The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyberwar and cyberterrorism, where an attack can be launched in milliseconds by unknown assailants utilizing a circuitous route. For the first time, the directive explicitly makes a distinction between network defense and cyber-operations to guide officials charged with making often-rapid decisions when confronted with threats.
The policy also lays out a process to vet any operations outside government and defense networks and ensure that U.S. citizens’ and foreign allies’ data and privacy are protected and international laws of war are followed.We believe that as our cultures, countries, agencies and professionals work together on Information Operations (IO) and online counter-terrorism initiatives, we are going to have to develop a solid taxonomy. It will provide the foundation for our clear and accurate risk management methodologies and incident management systems, being developed by relevant organizations in mutual collaboration.
“What it does, really for the first time, is it explicitly talks about how we will use cyber-operations,” a senior administration official said. “Network defense is what you’re doing inside your own networks. . . . Cyber-operations is stuff outside that space, and recognizing that you could be doing that for what might be called defensive purposes.”
Once we have accomplished this fundamental understanding, then true Critical Infrastructure Protection (CIP) cooperation and coordination will occur.