The “Invisible” Attack/Defend Cyber Binary and How it Can Doom Cyber Influence Operations

The following article is an original work published by the Information Professionals Association. Opinions expressed by authors are their own, and do not necessarily reflect the views of or endorsement by the Information Professionals Association.

In this essay, the authors introduce the concept of the Cyber Binary, describe some variables needed to determine the cyber binary’s usefulness in a given situation, and show how to conceptualize non-binary cases.

By Dr. Mike George and Dr. Sean Guillory 

There is no “Information War” or “Ground War” or “this” or “that” war. There is only War, an extremely complex but natural human social phenomenon composed of layer upon layer of interdependent factors driven by the basest human emotions and behaviors. The domains where war is waged and the tools used to wage it are many and varied, but only one thing matters…the memory of it that lives on across humanity and guides future generations. The only ones who know how war ends are the children, and the dead. 

Jim Harrell, Director of the Joint Information Operations Warfare Center

War is historically perceived by the public as a clash of combatants. Force meets force on the field of battle and the superior combatant wins. Another view of war comes from General Pershing who said “Infantry wins battles, logistics wins wars.” This more nuanced definition emphasizes the importance of meeting the needs of warfighters on the battlefield but still centers on attack and defense. However, war is much more complex and focusing only on the martial aspects limits thinking and approaches. A broader view of warfare is offered by U.S. President John Adams who said, “The Revolution was effected before the War commenced. The Revolution was in the minds and hearts of the people; a change in the religious sentiments of their duties and obligations…. This radical change in the principles, opinions, sentiments, and affections of the people, was the real American Revolution.” In other words, the war was won before the first shots were fired. As the US military evolves and matures its capabilities in the cyber arena, this broader approach should drive thinking and policy.

It is natural to think of conflict in terms of attack versus defense with even military strategist Sun Tzu framing warfare in this binary: “Attack is the secret of defense; defense is the planning of an attack.” It is equally natural to mirror conventional warfare paradigms of attack and defense onto the cyber domain of warfare. This approach has obvious roots in the planning and execution of combat operations over the last 250 years. It has equally influential but less obvious roots in standard cybersecurity practices that have evolved in government and business over the last 40 years.

Cybersecurity is increasingly becoming a normal defensive function in every organization. Defenders take every reasonable step to protect their systems from attack and focus on two primary tasks: first, they proactively secure their systems in preparation for an attack; then, when an attack is detected, they respond in a reactive manner. In this paradigm, attackers drive the interactions and have freedom of movement. This attack/defend dichotomy, or “cyber binary” is an obvious, intuitive approach to security. It captures the nature of typical cybersecurity operations where the defenders have no alternatives to defense. Also note that in our use of “attack/defend” for the cyber binary, “attack” assumes roles beyond what is traditionally considered cyber, including approaches like electronic warfare, financial/economic warfare, or even more physical approaches designed to achieve cyber objectives like a kinetic strike to disrupt cyber communications. In most cyber warfare training scenarios, the cyber binary has been adequate, but problems emerge when involving more human/cognitive domain issues like cyber influence operations or when thinking in this cyber binary imposes unnecessary constraints on military cyber operations. The force-on-force notion of attackers and defenders is appropriate for many cyber warfare scenarios but going with the cyber binary as a given unconsciously biases against (or does not incorporate) steps like deterrence or dissuasion that can be taken before conflict erupts that cause an adversary to modify its “principles, opinions, sentiments, and affectations This unconscious bias towards an attack vs. defense framework can be seen in cyber wargames where the attackers have specific objectives that mimic the cybersecurity training objectives presented in “Capture the Flag” scenarios. Based on the status of the flag at the end of the exercise, a win is awarded. Few exercises dive into the tactics that might make capturing the flag unnecessary.

We’re not the first to point out the issues of “reusing frameworks designed for planning and measuring effects that rely on physical and causal relationships” or how influence engagements aren’t binary, but we haven’t seen these points emphasized in the cyber influence spaces where we see this insistence on the cyber binary of attack vs defense as the greatest policy challenge affecting US military cyber operations. We advocate for a solution where strategic and operational planners check their implicit biases around the cyber binary. In this essay, we begin to describe the variables needed to determine if the cyber binary could be useful and we show how to conceptualize non-binary cases.

The cyber binary is appropriate in some situations

For the cyber binary to be appropriate, there needs to be congruence in the interpretation of key factors by different participants on what the situation is or what the goals are within the space. While interpretation can be a conscious, deliberate act, it is usually done unconsciously, driven by unverified assumptions. The classic cyber problem of attribution is an example of this congruence. When participants agree, an attack may proceed. Without a shared interpretation regarding attribution, the attack does not proceed. Regardless of how the interpretation is formed, a congruent interpretation by different sides is a first condition for the cyber binary to be appropriately used. Any computing system, group of people, or influential target (including people, places, and things) is a viable target for attack or defense when either successful defense or interruption of their functions would achieve some measurable, useful impact to larger strategic or operational objectives.

Can an idea be attacked?

Ideas cannot be built or destroyed; they can only be found or lost. Emanations, things associated with ideas, can be attacked or defended.

Cyber influence operations fail to align within the cyber binary due to a lack of congruent interpretations between different parties. Was a certain social media post an “attack”? Was it an accident or misunderstanding that was interpreted as an attack? Was it someone meaning to attack but pretending that it was an accident? Was it meant to be an attack but the “victims” loved it? These are just some of the many interpretations people can take towards a social media posting. Things like who “owns” different intangibles (e.g. memes, hashtags, political movements, fandoms, etc.) and who is truly an ally or adversary (where anonymity and avatars are the norm) also make interpretation rarely congruent by all parties (especially when the majority of users don’t see social media as a “battlespace”).

Another reason why the cyber binary typically fails when it comes to cyber influence operations is that Ideas (and similar meta-concepts like Archetypes and Narratives) cannot be built or destroyed; ideas can only be found or lost. Things associated with ideas, defined as emanations (“an abstract but perceptible thing that issues or originates from a source”; in this case the “source” being the idea), can be attacked or defended. Examples of emanations would be books, believers of an idea (and their resulting actions and how they see their identity), rituals, “holy” sites, “sacred” objects, idols, and even definitions. While usually not framed in this way, influence is essentially using emanations to either change, reinforce, draw attention to, or camouflage interpretations (yes, the same interpretations that need to be congruent between different parties for the cyber binary to be applicable). There is nothing to attack or defend in an idea. The only way to counter an emanation is with another emanation.

The example of the War on Terror helps illustrate this:

–        If one means to have a war on a very specific group of people and their emanations (e.g. destroying their buildings, shutting down their propaganda infrastructure), this has a much better chance of fitting the cyber binary.

–        If one means to have a “war on terrorists”, unless the side accused as terrorists also agree with their ideas as terrorists (vs “freedom fighter” or a true practitioner of their beliefs), there will likely be some incongruity in interpretations that would make it difficult to say the cyber binary would still apply. The result of this is often a battle between alternate emanations.

–        Now say a person truly wanted to destroy the idea of terror. One could destroy all of the emanations possible (books, online information, objects that directly point to the idea, eradication of all believers/practitioners, and even delete the word from dictionaries). Even at this level of effort, the idea of terror that those dictionaries once defined still exists but is “lost” (not destroyed). Even in the case where the interpretations and meaning are understood by all sides, using the cyber binary to try to attack or defend an idea/archetype/narrative is nonsensical because ideas cannot be built or destroyed (with definitions merely being another emanation that “points” to an idea).

Other aspects around ideas and emanations to consider:

–        “Information” is an emanation of an idea that has gone through some layer of interpretation by how it is received or structured (information is ideas given “shape”).

–        “Definitions” are an emanation that usually uses language to point to specific ideas. Note that literally pointing to an object can be a type of ineffable defining. Also remember that there are usually more definitions for an idea than what is in a single dictionary (think multiple languages or defining things to be better understood by different expertise or “explaining it like I’m five”).

–        “Facts” are necessarily true ideas but this doesn’t mean that everything that are called “facts” by people are true (which in terms of the cyber binary, saying that something is a fact or not isn’t necessarily an attack or defense; it’s all based on interpretation).

–        People can create emanations tying to certain ideas (like with defining, imbuing, or christening) but this doesn’t mean that this is going to be the interpretation that takes hold when a larger audience sees or interacts with the emanation. This trying to connect certain emanations to specific ideas is what company brands try to do and, as any brand manager will tell you, it is extremely difficult to keep symmetry between the intended brand significance and how the audience ultimately perceives it to be.

When should and shouldn’t we use the cyber binary

We are not advocating for the cyber binary to never be used. Attack and defense are part of every conflict. Just like how using Newtonian vs Quantum physics depends on the question and the assumptions, so too does if one should use the cyber binary or a non-binary framework. Having said that, note that even in the “obvious” examples of where the cyber binary is present, the human/cognitive domain is present but is usually ignored because roles, interpretation, and assets have a symmetrical interpretation by those on offense and defense.

For the cyber binary to work, the different players on a side need to either expressly or tacitly agree on the interpretation of different emanations. A server and the value it holds is tacitly agreed upon. Now compare this to a group trying to fool a population with disinformation on social media or even a group trying to defend that same population. Even determining who is on which side is difficult and the vast majority of the population that would be attacked with or defended from disinformation may not understand that they are in an information battlespace.

Another key note: even if a cyber situation (like with cyber influence operations) does not fit with the cyber binary of attack/defend, this DOES NOT mean that this isn’t important for warfare. While these non-binary cases are difficult in terms of interpretation and how ideas can’t be directly attacked or defended (only their emanations can be), one should not give up on trying to understand how this warfare operates. Influence operates in a space where things like “victory” and “defeat” are incubated in the information domain and then collectively decided in the cognitive domain (as “… the memory of it that lives on across humanity …” in the introductory quote says). Ignoring this space is what causes the scenario where one could win all of the battles but ultimately lose the war. Even if one doesn’t think about the situation in terms of offense and defense, a group can still gain an advantage depending on goals, interpretations, and eminences. The group that possesses an apparatus to help figure out how the different sides of interests interpret things as “facts” or assign values like right/wrong will have the strategic advantage in cyber influence operations.

Moving forward

While we hope this paper is a good start, the immediate research need is figuring out more conditions where the cyber binary is not appropriate to use and what these other elements for more non-binary cyber engagement should be. We hope that this is enlightening to cyber practitioners and policy makers to help examine their assumptions, especially when those assumptions get codified into frameworks or policy recommendations.

Additional future research directions may include:

–        Further modeling of “interpretations” to cognitive and neuroscience based frameworks.

–        In philosophical terms, ideas/archetypes/narrative have been framed from a more rationalist standpoint (directly perceived by the mind) with emanations being more empirical/sense based by nature. Folks more savvy on these epistemological frameworks could further explore/challenge these ideas.

–        Where are ideas/archetypes/narratives located? This question is one of the crucial difficulties in trying to define the “cognitive domain” within doctrine and needs further concept development (like would the shared interpretive space where things like “norms” reside be the same or different space than where those timeless, indestructible ideas reside?).

–        Figuring out people’s interpretations and the associated emanations for ideas is difficult to confirm and can even be rapidly changing in some cases. Further study into ways to confirm and to study latency/timing with things like the Overton Window could be of interest. Also, studying concepts like trust, confidence, and understanding of information/sources/outlets to act when it comes to assessing interpretation.

–        Lastly, we focused on cyber influence operations but many of the aspects mentioned could be translated to more “off-line” influence operations.

As we noted in the introduction, this paper is the beginning of what needs to be further elaborated by a dedicated field of research. We hope this initial introduction can help in better understanding the importance of checking implicit biases around thinking if a cyber binary is appropriate for every cyber scenario and not doing so will have our military cyber operations creating their own unnecessary policy challenges.

Authors

Dr. Mike George is a former military intelligence professional. His current work focuses on predictive analysis of the impact of newly identified cybersecurity vulnerabilities.

Dr. Sean Guillory utilizes his cognitive neuroscience training to help with cognitive/human domain capabilities within Defense and National Security. He is also a member of the Information Professionals Association.