Wednesday, March 22, 2017

Creating an ecosystem to win a non-conventional war

SHASHI JAYAKUMAR
AND
HO SHU HUANG

MARCH 22, 2017

The concept of battle is changing. The recent announcements by Defence Minister Ng Eng Hen during the Committee of Supply debates represent important acknowledgements that the Ministry of Defence’s (Mindef) thinking on cyber issues and information warfare, as well as the Singapore Armed Forces’ (SAF) doctrine, are moving in step with global developments.



Dr Ng’s announcement of the setting up of a new military cyber command, the Defence Cyber Organisation (DCO), is a milestone in the transformation of the Third Generation SAF. And not before time, too, given the increasing proliferation of hybrid approaches to warfare through unconventional attacks, information warfare and cyber campaigns.

THE RIGHT STUFF

Mindef’s cyber defenders will presumably come from existing in-service talent and the newly-announced National Service (NS) cyber vocation. But creating a fully holistic ecosystem may take more time. Consider Israel’s Talpiot Programme, a scheme which recruits those who excel in science (including computer science) for military research and development units, where they serve an extended form of NS.

Upon leaving the military with advanced degrees, many eventually start successful companies at home or in Silicon Valley. This is their payoff, but they still contribute to Israel economically as civilians and militarily by allowing the Israeli Defence Force to remain connected to the cutting-edge of technology. It is a win-win arrangement where both parties reap benefits.

Our cyber defenders in the DCO and elsewhere will have to be technically proficient. Beyond skill, versatility will be required to address cyber threats. The DCO, the Cyber Security Agency (CSA) and GovTech will need to invest in and take chances on some individuals who are multi-skilled polymaths.

To have an edge, cyber defenders must include individuals who can think out-of-the-box. The British, for example, employed a wide range of intellectually curious individuals at Bletchley Park to crack Nazi Germany’s ciphers during the Second World War. They included chess players, linguists and crossword-puzzle experts, among others.

Militaries are, however, generally known for their regimentation, chain of command and clear division of labour. How will such individuals fit in? There may be challenges in integrating them.

The critical thinking and intellectual curiosity that makes them good at their job may grate against the conventions of a traditional military.

Those who possess the skills and aptitude for the work may be used to an unregimented lifestyle. The British military has waived fitness tests for their reservists involved in cyber operations and allowed them to keep their hair long. Yet there have been instances when British cyber defence reservists were criticised for being unsoldierly in their appearance and conduct, even though the work they do is every bit as important as their frontline peers.

ROLE OF MILITARY IN INFORMATION OPERATIONS

Mindef’s evolutions are timely, but they will ultimately have to go beyond cyber defence. Major powers have for some time now been upping their hybrid (read: unconventional) warfare capability, making major Budget cyber reallocations in particular. This stems from a critical realisation that winning the next conflict will not be solely dependent on military power alone.

Going beyond current concerns on cyber defence of networks and infrastructure, information operations targeting ‘‘heartware’’ will need to be considered. As the Russian Chief of the General Staff, General Valery Gerasimov, has observed, “the information space opens wide asymmetrical possibilities for reducing the fighting potential of the enemy”.

The new-generation aggressor will first use non-military measures. Military information operation units (Russia, for one, has acknowledged the existence of “information troops”) can spread misinformation (through propagating fake news and social media manipulation) in order to bewilder and confuse the defender. This can be coupled with hacking into websites, targeting financial institutions and other critical nodes.

All public institutions in the country are possible targets of a distributed attack — the mass media and religious organisations, cultural institutions, non-governmental organisations, civil society and even academia. Civilian hackers outside the military, but acting as their proxies, can target civilian and military networks.

The precise method used simply has to be sufficiently tailored, enough to significantly diminish heartware and resilience of the target country. In the worst-case scenario, this can cause disaffection and a loss of confidence in the government.

This threat is chronic, not acute. Rather than a surprise cyber strike, an attack may be a more insidious cyber siege (think Leningrad, not Pearl Harbour), where the population is slowly worn down with fake news, social media manipulation and repeated website hacks.

Contrary to what some might think, these strategies are not new, nor (as some would have it) have they been pioneered by Russia in its operations in Crimea and Ukraine.

The methods have simply been refined. It was, after all, Sun Tzu who observed that, to subdue the enemy without fighting is the acme of skill.

It is also worth reminding ourselves that nothing is off the table: The existing laws of armed conflict do not apply to the cyber domain. This ambiguity leaves room for miscalculation and consequently escalation.

A whole-of-government approach will be needed to combat these shapeshifting threats. Total Defence has been held up as a response to campaigns to spread distortion, rumours, misinformation and smears. But how will such an approach be coordinated?

Tasks will have to be divided and roles allocated, with the arrangements continuously refined, especially given that clearly demarcated civilian-military domains may not exist. The DCO may have to work with others — for example, the Ministry of Communication and Information, the CSA and the National Security Coordination Secretariat — to negotiate these threats.

It may well be, too, that the cyber vocation will have to evolve further. While it currently focuses on the protection of network integrity, should there also be a corresponding information vocation as well?

War, as Prussian general and military theorist Carl von Clausewitz famously remarked, is simply the continuation of policy carried out by other means. If he had lived in our present uncertain age, perhaps he might have been moved to remark that hybrid and information operations are simply means (often times less bloody and costly) to achieve what policy and warfare cannot.

ABOUT THE AUTHORS:

Dr Shashi Jayakumar is head of the Centre of Excellence for National Security, S Rajaratnam School of International Studies (RSIS), Nanyang Technological University. Ho Shu Huang is an associate research fellow at RSIS’ Institute of Defence and Strategic Studies.

No comments: