An increasing concern of intelligence operations is defending against a cyber attack. Part of the equation is to conduct defensive information operations, and the other part is the need to protect "oneself from oneself," or information fratricide. Discuss the challenge of protecting and defending against these types of cyber attacks, detecting them, and restoring capabilities after an attack.

Protecting computer systems from hostile attack or from information fratricide requires constant attention to passive defensive measures, such as application of “patches,” and to active measures, including offensive cyber operations. Information fratricide, as was experienced with spread of the Stuxnet virus, is a risk associated with cyber operations. Robust counterintelligence capabilities and consideration of the consequences of cyber operations are required for self-defense purposes. The attributes that drive connectivity are the weaknesses that make one’s networks or grids vulnerable.

Expert Answers

An illustration of the letter 'A' in a speech bubbles

There is a flip side to every coin, and the issue of connectivity provides a classic example. The more systems are integrated, the more efficient the communications and control of the whole. That is all well and good, until failure occurs. The very attributes that drove systems integration, especially with...

Unlock
This Answer Now

Start your 48-hour free trial to unlock this answer and thousands more. Enjoy eNotes ad-free and cancel anytime.

Start your 48-Hour Free Trial

There is a flip side to every coin, and the issue of connectivity provides a classic example. The more systems are integrated, the more efficient the communications and control of the whole. That is all well and good, until failure occurs. The very attributes that drove systems integration, especially with respect to computer networks, are also the greatest weaknesses that make the whole vulnerable to attack, whether from an outside, hostile source or from an insider intending to damage networks or through an accident accomplishing the same thing. The greater the integration of networks, the greater the susceptibility to single-point failure should something go wrong.

Over time, various components of what is called “critical infrastructure,” the physical and virtual roads or pathways (e.g., railroad networks, electrical grids, computer networks) that sustain modern societies, are made more efficient through integration of multiple networks into a single command and control system. One office or operation, in other words, can control the entirety of the system. Very efficient. Conversely, an attack from a hostile source on such a centralized system can bring down the entirety of that system, causing a far wider scale of disruption and destruction than otherwise would have been the case. Attacking, remotely through cyber networks or up close through physical sabotage of facilities, is much easier the fewer sites one intends to attack. That is single-point failure: attack on or failure of a single site can bring down the whole grid.

Information operations are inherently vulnerable to atmospheric perturbations, faulty equipment, hostile operations intended to disrupt operations, or to what is known as “information fratricide.” Think about cyber operations that have occurred within a national-security context. In 2010, key components of Iran’s nuclear weapons complex—specifically, the operation of cascades of highly sophisticated centrifuges used to process uranium into weapons-grade fuel—began to inexplicably malfunction, including physical destruction of centrifuges. The cause was eventually traced to a malicious software program surreptitiously introduced into the computer networks in Iran’s nuclear weapons facilities.

That “virus,” labeled Stuxnet, was believed to have been programmed and deployed by Iran’s archenemy and the target of Iran’s nuclear weapons program, Israel, possibly in cooperation with the United States. Stuxnet had the desired effect. The flip side to that coin was that a new and extremely malicious computer virus had been introduced, and once deployed, it was difficult to contain. Computers are linked in networks, networks are linked in systems, and viruses spread accordingly.

Containing the damage from malicious software is difficult but done daily by systems operators around the world. “Patches” are regularly installed on computers to protect against newly discovered malware. That process, however, is protracted and laborious and can be very costly and disruptive to operations. Networks can be taken offline, but that defeats the purpose of connectivity, and there is no guarantee that infections will not occur anyway from malware already sitting dormant in a computer system that becomes active at an inconvenient moment. Protecting one’s own networks from one own’s cyber operations is certainly doable, but deniability can be very tricky when motives are considered, and this is a key consideration dating to discovery and identification of Stuxnet. Opening the can of worms known as cyberwarfare legitimizes retaliatory actions on the part of adversaries.

All that is needed to disrupt a sophisticated computer network is a virus introduced through use of a thumb drive by a friendly agent with access to the right computer systems. Foreign intelligence services recruit agents inside other countries for the purpose of attaining the capability to do exactly that. Hardening friendly networks against hostile attack, then, requires not only constant attention to threats from malware, but a robust counterintelligence capability to ferret out individuals recruited by hostile intelligence services as well as disgruntled employees seeking to wreak havoc out of spite.

Approved by eNotes Editorial Team