In the thick of my dissertation, I have not had much on my mind aside from a very particular ‘brand’ of counterinsurgency. However, the recent “cyberattack” on Lockheed Martin has me thinking about the issue again. Bruce Schneier has a good rundown of several stories on the attack, but there is a lot of rumor and speculation right now. What might a foreign actor aim to gain from an attack on Lockheed? Perhaps, an individual could learn about the classified capabilities of a fighter jet and provide those in order to design better air defense capabilities for one or more clients. The act could potentially save a U. S. adversary millions while costing the U. S. billions in the acquisition of a fighter facing obsolescence due to poor information security. In this speculative scenario, cyberwar would be an asymmetric capability, right? In a work-in-progress presentation entitled “The Three Cyber-War Fallacies,” Dave Aitel says no.
Aitel, a veteran of the NSA and CEO of Immunity, Inc., seeks to debunk the following three claims:
1. Cyberwar is asymmetric.
2. Cyberwar is non-kinetic.
3. Cyberwar is not attributable.
These are all provocative claims worth examining, but the first is the most provocative in my view. Despite the low cost components of cyberwar, there are two “carrier class” expenses that go unaccounted: maintenance and analysis. The argument has me intrigued, but I would like some more elaboration here. Perhaps, we will read more as Aitel works through how challenging these three–as he sees them–misconceptions will shape changes in policy and technology.
At any rate, read through the presentation. It makes for interesting reading even in its unfinished form.
