Posted on Mar 12, 2023
The lessons learned so far from Russia's cyber war on Ukraine
1.43K
23
3
10
10
0
Posted 2 y ago
Responses: 3
PO1 William "Chip" Nagel good day Brother William, always informational and of the most interesting. Thanks for sharing, have a blessed day!
(5)
(0)
One of the things that few people understand about "cyber weapons" is that "it's not like it is in the movies". We accept that for practically everything else - "Grenades don't explode like that!", "Does anyone even understand how an aircraft flies", "bullets do NOT change course in mid-flight" and so on.
Many of the "cyber weapons" that are talked about are related and even part of cyberspace operations (electronic warfare, information operations, etc), but aren't really "cyber weapons". What we think of when we think 'cyber war' is the uber-smart hacker as soon in the movie going up against some other uber-smart hacker and winning a war of skill in offense and defense ... or some next generation artificial intelligence worming its way through a system to find a critical node and just want to be activated.
There is some truth to those stereotypes, but the reality is that it's nothing like that (well, there are a few cases where it might be like that, but those are some very few exceptions to that statement).
The majority of offensive cyberspace operations is about two things - finding a flaw that can be exploited to cause a system to operate differently then expected and getting access to that flaw. Tens/hundreds of thousands of dollars (in some cases millions) are spent developing 'cyber tools' against those flaws and to get the requisite access needed to employ the tool. In most cases it takes a lot of a resource that is in high demand - time - in order to identify a flaw in an adversary system, develop an exploit for it, and then find a way to deploy it against that system ... any of which a simple change in code could render all your investments of time, money and manpower moot.
Don't get me wrong, there are many different cyber tools that are useable, but in most cases, they are "one shot weapons" because they are easily defeated once known - either by fixing the flaw or denying the access.
Add to it that the access needed to employ a tool is almost always side-by-side with intelligence operations exploiting the same access method. This means it comes down to that classic risk analysis of operations and intelligence called gain-loss analysis. Is the operational effect we want to cause sufficient enough to lose access to the intelligence we are gaining.
Many of the "cyber weapons" that are talked about are related and even part of cyberspace operations (electronic warfare, information operations, etc), but aren't really "cyber weapons". What we think of when we think 'cyber war' is the uber-smart hacker as soon in the movie going up against some other uber-smart hacker and winning a war of skill in offense and defense ... or some next generation artificial intelligence worming its way through a system to find a critical node and just want to be activated.
There is some truth to those stereotypes, but the reality is that it's nothing like that (well, there are a few cases where it might be like that, but those are some very few exceptions to that statement).
The majority of offensive cyberspace operations is about two things - finding a flaw that can be exploited to cause a system to operate differently then expected and getting access to that flaw. Tens/hundreds of thousands of dollars (in some cases millions) are spent developing 'cyber tools' against those flaws and to get the requisite access needed to employ the tool. In most cases it takes a lot of a resource that is in high demand - time - in order to identify a flaw in an adversary system, develop an exploit for it, and then find a way to deploy it against that system ... any of which a simple change in code could render all your investments of time, money and manpower moot.
Don't get me wrong, there are many different cyber tools that are useable, but in most cases, they are "one shot weapons" because they are easily defeated once known - either by fixing the flaw or denying the access.
Add to it that the access needed to employ a tool is almost always side-by-side with intelligence operations exploiting the same access method. This means it comes down to that classic risk analysis of operations and intelligence called gain-loss analysis. Is the operational effect we want to cause sufficient enough to lose access to the intelligence we are gaining.
(4)
(0)
Be alert, no cell phones on the battlefield, no TikTok or other social media on government devices
(3)
(0)
Read This Next