I promised to walk someone through our Truth&Trust Online #TTOCon (thanks @TTOConference!) poster on “left-of-boom misinfosec” yesterday, but we missed the slot. I hate to disappoint, so here’s your online version…
Check out this thread by Sara-Jayne Terp of the Misinfosec Working Group.
Last year, Sara proposed the ingenious idea that, like cyber operations, cyber-enabled information operations (and disinformation) are also pivoted around the foundational triad of cybersecurity: confidentiality, integrity and availability (C-I-A).
I thought that was a phenomenal statement as it allowed us to define cyber-enabled information operations in machine-to-machine taxonomies and ontologies.
We may never know as to when did the cycle of escalation — which led to the eventual hack of the DNC — begin. It possibly had its origins in the Colour Revolutions, the tenure of the then-Secretary of State Hillary Clinton or maybe even the release of the Panama Papers. The chain of causation certainly diverges from the narrative advertised by the mainstream media.
On July 8, Michael Schmitt, a law professor and former judge advocate in the US Air Force, posted a perplexing tweet about changing his mind on the “status of cyber capabilities as ‘weapons.’” He followed it up with the linkto a recent paper he coauthored for the International Law Studies journal of the US Naval War College.
Schmitt is one of the key architects of the guiding document on international norms of cyber conflict, widely known as the Tallinn Manual. His latest paper severely curtails the legal logic that is the heart of the manual, which, even prior to Schmitt’s admission, was thought to be shaky at best. In fact, the newer set of assumptions proposed by Schmitt may also not stand up to scrutiny, further limiting the manual’s applicability to real-world scenarios.
During my stint with the government, we established formal contact with a Western signals intelligence agency. In one of the highly ceremonial and limited interactions with our counterparts from that agency, my boss joked of recruiting a “young gun” who was spearheading cyber operations. That was me.
While I have always rated myself as a below-average hacker, I was indeed a test case for the government in inducting ‘specialists’ into the system via lateral entry (Don’t ask me how it went).
Despite what the media likes to believe, there are no watersheds in the history of cyber conflict. Offensive cyber operations simply don’t work that way. You don’t irreversibly leap over the Rubicon, but crisscross it a couple of times to derive reasonable threshold estimates of power projection.
Cyber operations — as the militarised, regimented form of hacking is often called — don’t manifest themselves as precision-guided munitions. They’re more like a game of probability.