Strategy and Tactics of Cyber Conflict

On 12 August, the ICDS hosted a lecture by Professor Robert Axelrod from the University of Michigan entitled “Strategy and Tactics of Cyber Conflict” and a discussion moderated by Tallinn University of Technology Associate Professor Rain Ottis.

12.08.2013
On 12 August, the ICDS hosted a lecture by Professor Robert Axelrod from the University of Michigan entitled “Strategy and Tactics of Cyber Conflict” and a discussion moderated by Tallinn University of Technology Associate Professor Rain Ottis.
In his lecture, Professor Axelrod addressed the timing of cyber conflicts. He considered situations in which an actor must choose when and if to exploit vulnerabilities in a target’s network. He offered a simple model that deals with the question of when the resource should be employed by the attacker, knowing that its use today may well prevent it from being available for use later. The heart of the model is the tradeoff between waiting until the stakes of the present situation are high enough to warrant the use of the resource, but not waiting so long that the vulnerability the resource exploits might be discovered and patched even if the resource is never used. The model consists of two elements: stealth shows how well a cyber weapon survives after it has been used, and persistence shows how well it survives when not being used. This model allows for the calculation of the optimal timing for the use of a cyber weapon.
The real life examples included the persistent cyber espionage carried out by the Chinese military, the Stuxnet attack on Iran’s nuclear program, and the Iranian cyber attacks on energy and financial firms in Saudi Arabia and the United States.
The discussion focused on the example of Stuxnet that was expected to have high stealth, but because the malicious code escaped and became public, it turned out to have low stealth. It also had low persistence because it was a wake up call for SCADA owners around the world who realized that an air gap from internet does not protect their systems. Professor Axelrod agreed with the audience that different countries come out with different estimates regarding the optimum timing for the use of cyber weapons, whereas individual hackers such as criminals will use cyber weapons pretty early. He also noted that in some aspects and to a limited extent it is useful to use an analogy of nuclear war.  The professor suggested that governments should offer a better system of rewards and penalties for private companies to encourage them to implement security measures and to fix the known vulnerabilities. It was pointed out by Dr Ottis that the Chinese do not employ expensive and sophisticated methods for espionage but they use already well known weapons. It was said that cyber espionage is perhaps something we just have to live with.
A link to Professor Axelrod’s article „The Strategic Timing of Cyber Exploits“.
Professor Axelrod is best known as the author of The Evolution of Cooperation, an interdisciplinary work that has been cited more than 30,000 times. His current research interests include international security and sense-making.
Dr Rain Ottis is an Associate Professor at Tallinn University of Technology and teaches cyber security at the University of Jyväskylä, Finland. From 2008 to 2012 he served as a scientist at the NATO Cooperative Cyber Defence Centre of Excellence and prior to that assignment he served as a communications officer in the Estonian Defence Forces. Audio recording (low quality)