I wanted to add something else before continuing. In the army we talk about 'key terrain', 'center of gravity', 'decisive point', and so on and so forth. I like to start out by giving a conventional example, particularly the mountain pass scenario (if you haven't noticed already), because it's a simple setup where the ideas are fairly easy to grasp.
Or maybe that's just me... I dunno, the way a mountain pass makes it easier for a small force to defend against a larger force makes a lot of intuitive sense to me, as does the possibility that the enemy would get around those defenses by using a lesser known (and probably riskier, but unexpected) smaller pass.
Anyways, starting with that simplified example - controlling the pass, and/or high ground around the pass, makes it key terrain because whoever controls it has a significant advantage. When you control a pass (and the enemy is trying to use it) they generally can't maneuver around you. The mountain itself blocks their way. They also can't spread themselves out too widely, again because of the mountain(s) itself. So if they choose to come down that pass, they are forced to fight you on your terms... forced to present only a small fraction of their force at any one time, which turns a potential 3-on-1 fight into something more like a 1-on-1 fight, three different times. (The larger force still has an advantage, in that the people too far behind to fight are more rested and uninjured and can replace any casualties up front, but a small force holding a mountain pass can slow or stop a larger force for a significant amount of time. Think the Spartans at Thermopylae.)
Controlling high ground is important, too... since whoever has the high ground has better visibility (and thus situational awareness), a better chance that their weapons will successfully hit (archers, artillery... etc), an easier time charging (try running up a hill vs running down... it's pretty obvious which is easier) and gravity can make even unsophisticated weapons like rocks and boulders do quite a bit of damage. I'm sure there's other reasons why high ground is important, but these are the ones I can think of off the top of my head.
Anyways, conventional battles make it easy to get the concepts... but the same concepts can be applied to less conventional situations.
In urban warfare, for example, key terrain might include radio stations and television stations, since controlling the flow of communication is important. It can include city hall, police headquarters... and in the US it could also include any store selling guns and ammo. Which, like, means all the Wal-marts, Dick's Sporting Goods, Field & Stream, and local gun shops. (Really, I sort of pity anyone stupid enough to invade us directly, assuming they get past our navy, air force, and army and that we're not reeling from nuclear explosions and/or EMP attacks, or internal issues, or somesuch. I won't say it's impossible, just... well, Red Dawn doesn't seem completely unbelievable.)
High ground can mean taking over skyscrapers or tall buildings (which you can use to create a kill zone, which you can sucker an enemy into.)
So what does that mean for cyber? What is the 'key terrain' when you're not trying to get into a specific organizations network, but are attacking an entire nation/state?
I'd probably be looking at things like those underwater sea cables (which sharks apparently like to eat), the DNS system (since we wouldn't be able to get anywhere if we couldn't translate website names into IP addresses), data centers (as more and more companies store their data on the cloud, a critical data center could shut down who knows how much of the internet?) and more.
Most businesses, of course, are aware of their vulnerabilities and have disaster recovery plans of some sort. I'm not entirely sure how good those plans are, or whether they're enough to continue services in the face of a determined attack, but they're there in some form of fashion.
Though, well... cutting power cables can cause electrical outages just as much as bombing a power plant, and both are physical actions that can be used to take out power in conjunction with (or instead) of cyber attacks.
If you're talking cyber war as an element of a declared war (instead of a euphemism for antagonistic behavior in strictly the cyber realm), you have to consider that sort of thing. And, to be fair, some of it already is (i.e. we know that there's 'critical infrastructure', like the electrical grid, financial services, and more... so I'm trying to throw out a few obvious and less obvious things to think about.)
There's more to it than that, even. I know John Ringo (in his Posleen science fiction) suggested hacking attacks that might, for example, affect GPS targeting so that artillery attacks hit friendly forces instead of the enemy. Again, I don't really know enough about our GPS system, or cyber defenses, to say whether that's realistic or not. But I sure as heck hope that it's a risk people are aware of, and have countermeasures in place for.
That's assuming you can use GPS in the first place, ofc. Which (with jamming and hacking and other things) is not a given. How many people know how to use their equipment if they can't get GPS, anyway?
I also read somewhere (I forget where) that Russia used hacking in conjunction with more conventional forces in their attack on Georgia, where they disabled servers and attacked various government and news sites in coordination with ground forces.
I'd probably also consider how much of our system relies on just-in-time shipping, and what would happen if Wal-mart (and other companies, particularly grocery stores) lost the ability to tell when they're getting low on something. How long could a city last before it ran out of food, and what are the contingency plans that ensure critical stores can continue to function if/when the internet goes down?
I could probably go on and on about the possibilities, but I think the gist of it has come across... and anything further a) depends on specifics that really require expertise and b) is probably not something I'd want to post even if I did have that sort of expertise.
Or maybe that's just me... I dunno, the way a mountain pass makes it easier for a small force to defend against a larger force makes a lot of intuitive sense to me, as does the possibility that the enemy would get around those defenses by using a lesser known (and probably riskier, but unexpected) smaller pass.
Anyways, starting with that simplified example - controlling the pass, and/or high ground around the pass, makes it key terrain because whoever controls it has a significant advantage. When you control a pass (and the enemy is trying to use it) they generally can't maneuver around you. The mountain itself blocks their way. They also can't spread themselves out too widely, again because of the mountain(s) itself. So if they choose to come down that pass, they are forced to fight you on your terms... forced to present only a small fraction of their force at any one time, which turns a potential 3-on-1 fight into something more like a 1-on-1 fight, three different times. (The larger force still has an advantage, in that the people too far behind to fight are more rested and uninjured and can replace any casualties up front, but a small force holding a mountain pass can slow or stop a larger force for a significant amount of time. Think the Spartans at Thermopylae.)
Controlling high ground is important, too... since whoever has the high ground has better visibility (and thus situational awareness), a better chance that their weapons will successfully hit (archers, artillery... etc), an easier time charging (try running up a hill vs running down... it's pretty obvious which is easier) and gravity can make even unsophisticated weapons like rocks and boulders do quite a bit of damage. I'm sure there's other reasons why high ground is important, but these are the ones I can think of off the top of my head.
Anyways, conventional battles make it easy to get the concepts... but the same concepts can be applied to less conventional situations.
In urban warfare, for example, key terrain might include radio stations and television stations, since controlling the flow of communication is important. It can include city hall, police headquarters... and in the US it could also include any store selling guns and ammo. Which, like, means all the Wal-marts, Dick's Sporting Goods, Field & Stream, and local gun shops. (Really, I sort of pity anyone stupid enough to invade us directly, assuming they get past our navy, air force, and army and that we're not reeling from nuclear explosions and/or EMP attacks, or internal issues, or somesuch. I won't say it's impossible, just... well, Red Dawn doesn't seem completely unbelievable.)
High ground can mean taking over skyscrapers or tall buildings (which you can use to create a kill zone, which you can sucker an enemy into.)
So what does that mean for cyber? What is the 'key terrain' when you're not trying to get into a specific organizations network, but are attacking an entire nation/state?
I'd probably be looking at things like those underwater sea cables (which sharks apparently like to eat), the DNS system (since we wouldn't be able to get anywhere if we couldn't translate website names into IP addresses), data centers (as more and more companies store their data on the cloud, a critical data center could shut down who knows how much of the internet?) and more.
Most businesses, of course, are aware of their vulnerabilities and have disaster recovery plans of some sort. I'm not entirely sure how good those plans are, or whether they're enough to continue services in the face of a determined attack, but they're there in some form of fashion.
Though, well... cutting power cables can cause electrical outages just as much as bombing a power plant, and both are physical actions that can be used to take out power in conjunction with (or instead) of cyber attacks.
If you're talking cyber war as an element of a declared war (instead of a euphemism for antagonistic behavior in strictly the cyber realm), you have to consider that sort of thing. And, to be fair, some of it already is (i.e. we know that there's 'critical infrastructure', like the electrical grid, financial services, and more... so I'm trying to throw out a few obvious and less obvious things to think about.)
There's more to it than that, even. I know John Ringo (in his Posleen science fiction) suggested hacking attacks that might, for example, affect GPS targeting so that artillery attacks hit friendly forces instead of the enemy. Again, I don't really know enough about our GPS system, or cyber defenses, to say whether that's realistic or not. But I sure as heck hope that it's a risk people are aware of, and have countermeasures in place for.
That's assuming you can use GPS in the first place, ofc. Which (with jamming and hacking and other things) is not a given. How many people know how to use their equipment if they can't get GPS, anyway?
I also read somewhere (I forget where) that Russia used hacking in conjunction with more conventional forces in their attack on Georgia, where they disabled servers and attacked various government and news sites in coordination with ground forces.
I'd probably also consider how much of our system relies on just-in-time shipping, and what would happen if Wal-mart (and other companies, particularly grocery stores) lost the ability to tell when they're getting low on something. How long could a city last before it ran out of food, and what are the contingency plans that ensure critical stores can continue to function if/when the internet goes down?
I could probably go on and on about the possibilities, but I think the gist of it has come across... and anything further a) depends on specifics that really require expertise and b) is probably not something I'd want to post even if I did have that sort of expertise.
No comments:
Post a Comment