1

FoG:ISWhy Arms Control matters. Perspectives for Cyber-Arms Control

Georg Schöfbänker, Linz, oisr@aon.atFoG:ISForschungsgruppe Research GroupInformationsgesellschaft und Information Society and Sicherheitspolitik Security Policy

Austrian Information Centre for Security Policy and Arms ControlAISA

International School on Disarmament and Research on ConflictsISODARCOTrento/Italy, August 2002

2

FoG:ISWhy Arms Control still matters

3

FoG:IS contents 1

•The changing strategic environment in the US IW discourse•The emerging new foreign policy and national security (Bush) doctrine• instead of national defense I would call it “Global Attack Posture” (GAP)

4

FoG:IS contents 2

•identifying IW subsystems which might be regulated by arms control measures•IW definitions (shortly)•realistic ranking of risks & threats in comparison 2 other weapons •how applies International Law 2 IW?

5

FoG:IS contents 3

•What remains to be done•develop a practicable starter argument for the diplomatic floor (forget the non-starters)•more research and deeper understanding of offensive IO R&D (FoG:IS research)

6

FoG:ISIW goes strategic (which is not strategic IW) 1

Milestones in doctrine development•1996: IW Is a set of operations to achieve or deny information superiority and dominance.•1998: IW is Information Operations (IO).

7

FoG:ISIW goes strategic (which is not strategic IW) 2

•2000: IW becomes a separate “military branch” (JV 2020)

•Sep 2001: QDR•Jan 2002: Nuclear Posture Review•October 2002: Unified Command

Plan (merger of STRAT-& SPACECOM

•Fall 2002: finalizing of GAP

8

FoG:ISNew Threats 1991 after Gulf War?

“I’m running out of demons. I’m down to Kim Il Sung and Castro.”Chairman of the Joint Chiefs of staff, Collin Powell, 1991 (after the Gulf war), before the US Congress

9

FoG:ISQuadrenial Defense Review (QDR 1)

„A central objective of the review was to shift the basis of defense planning from a "threat-based" model that has dominated thinking in the past to a "capabilities-based" model for the future. This capabilities-based model focuses more on how an adversary might fight rather than specifically whom the adversary might be or where a war might occur.“

10

FoG:IS QDR 2

„DoD will vigorously pursue new processes and procedures to better exploit existing assets while aggressively developing new technologies that offer great potential for responding to new threats and requirements. In particular, the Department will treat information operations, intelligence, and space assets not simply as enablers of current U.S. forces but rather as core capabilities of future forces.“

11

FoG:IS QDR 3

6 operational tasks•"Protecting critical bases of operations (U.S. homeland, forces abroad, allies, and friends) and defeating CBRNE weapons and their means of delivery;•Assuring information systems in the face of attack and conducting effective information operations;•Projecting and sustaining U.S. forces in distant anti-access or area-denial environments and defeating anti-access and area denial threats;

12

FoG:IS QDR 4

6 operational tasks;•Denying enemies sanctuary by providing persistent surveillance, tracking, and rapid engagement with high-volume precision strike, through a combination of complementary air and ground capabilities, against critical mobile and fixed targets at various ranges and in all weather and terrains;•Enhancing the capability and survivability of space systems and supporting infrastructure; and•Leveraging information technology and innovative concepts to develop an interoperable, joint C4ISR architecture and capability that includes a tailorable joint operational picture."

13

FoG:ISNuclear Posture Review (NPR) 1

A new strategic triade•Offensive strike systems (both nuclear and non-nuclear);•Defenses (both active and passive); and•A revitalized defense infrastructure that will provide new capabilities in a timely fashion to meet emerging threats.

14

FoG:IS NPR 2

This New Triad is bound together by enhanced command and control (C2) and intelligence systems.The addition of non-nuclear strike forces--including conventional strike and information operations."Greater flexibility is needed with respect to nuclear forces and planning..”= more targets in more countries””... improving the tools used to build and execute strike plans so that the national leadership can adapt preplanned options, or construct new options ...”

15

FoG:IS NPR 3Mobile and Relocatable Targets. DoD proposed to develop a systems-level approach, applied across the Services, for holding at risk critical mobile targets.Defeating Hard and Deeply-Buried Targets. DoD would implement a program to improve significantly the means to locate, identify, characterize, and target adversarial hard and deeply buried targets.Long Range Strike. DoD will pursue a systems level approach to defeat critical fixed and mobile targets at varying ranges, in all terrain and weather conditions, and in denied areas.Guided Missile Submarines (SSGNs). DoD has proposed to fund the conversion of four SSBNs, withdrawn from the strategic nuclear service, to SSGN configuration.Precision Strike. Effort to increase the number of targets than can be attacked on a single mission. Elements include a ”Malfunction Information Distribution System” to provide ” a jam-resistant, secure, digital network for exchange of critical information for strike capabilities,” a ” Joint Air-to-Surface Standoff Missile.” A ” Small Diameter Bomb,” and the ” Unmanned Combat Air Vehicle.”New Strike System, "DoD will begin in FY03 to explore concepts for a new strike system that might arm the converted SSGNs. Desired capabilities for this new strike weapons include timely arrival on target, precision, and the ability to be retargeted rapidly.”

16

FoG:IS NPR 4"Intelligence for Information Operations (IO). Information Operations targeting, weaponeering, and execution requires intelligence collection of finer granularity and depth than is currently available. The intelligence community lacks adequate data on most adversary computer local area networks and other command and control systems.”

17

FoG:IS NPR 5“Additionally, there is limited analytical capability to exploit these networks using IO tools. Investments must continue in order to upgrade and, populate the Modernized Integrated Database for effective IO targeting, weaponeering, and combat assessment essential to the New Triad."

18

FoG:IS Global Attack Posture 1Ministry of Truth newspeech:•“defensive intervention“•The „evil“ lies within ~60 countries•preemtive strikes are possible against all „bad guys“.•don‘t care much about international law (UN-Charta)

examples:

19

FoG:IS Global Attack Posture 2

... „International Law from a philosophical point of view does not exist at all.“

John Bolton. Dep. Ass. Sec. of State for Arms Control, 8 Mai 2001

20

FoG:IS Global Attack Posture 3"What you're seeing from this Administration is the emergence of a new principle or body of ideas. I'm not sure it constitutes a doctrine about what you might call the limits of sovereignty. Sovereignty entails obligations. One is not to massacre your own people. Another is not to support terrorism in any way. If a government fails to meet these obligations, then it forfeits some of the normal advantages of sovereignty

21

FoG:IS Global Attack Posture 4including the right to be left alone inside your own territory. Other governments, including the United States, gain the right to intervene. In the case of terrorism, this can even lead to a right of preventive, or peremptory, self-defense. You essentially can act in anticipation if you have grounds to think it's a question of when, and not if, you're going to be attacked.”

Richard Hass, Director political planning, DOS

22

FoG:IS A dangerous Posture 1consequences:for RMA and IO rich countries:•the more RMA the less the entrance level to use military force (even out of UN Charta)•the less the political oversight over military operations•in case of robot weapons systems with “autonomous decision making capability” the political control is lost at all.

23

FoG:IS A dangerous Posture 2

consequences:for the “have-nots” •arms race and proliferation of concepts•self fulfilling prophecy = more assymetric means such as bioweapons•or attacking state interests where it hurts.

24

FoG:IS

Risk ranking 1develop criteria for arms control

.Goal Virtual

damageRealdamage

Targets ormeans

Prohibition Irrelevant Disasterous C2 ofnukes.

Prohibition Irrelevant High todisaterous

Highlycriticalsystems(NPPs)chemicalindustry ...

25

FoG:IS

An example on C2 insecurity of nukes?

... it is important to recognize that soon both sides (US and Russia) will have the ability to use holograms and other IT manifestations that will offer the opportunity to completely fool one another both on the battlefield and through the airwaves /.../ A hacker simulating an incoming ICBM nuclear attack on the radar screens of the military of either Russia or the United States is but one manifestation of this threat".Thomas, Timothy L. (1999): Information Technology: US/Russian Perspectives and Potential for Military Political Cooperation. In: Cross, Sharyl; Zevelev, Igor; Kremenyuk,Victor & Gevorgian, Vagan (eds): Global Security Beyond the Millennium: American and Russian Perspectives, MacMillan Press, 69-89.

26

FoG:ISRisk ranking 2develop criteria for arms control

.Goal Virtual

damageRealdamage

Targets ormeans

Prohibition Irrelevant High Directedenergyweapons

Prohibition Irrelevant High Other RMAstuff – semiautomatedweaponssystems

27

FoG:IS What to apply from existing body of Law? 1

general principles in humanitarian lawIUS IN BELLO•Proportionality

•Discriminating Noncombatants

• In accordance with IL

28

FoG:IS What to apply from existing body of Law? 2

IUS AD BELLUM•formal declaration (would IW formally

“declared” when the last formally declared war

of the US was at the 5th June 1942 against

Rumania?)

•just cause („the axis of evil“?)

•right intention?

•competent authority (Don Rumsfeld?)

29

FoG:IS What to apply from existing body of Law? 3

IUS AD BELLUM

•last resort

•proportionality•reasonable hope of success

30

FoG:IS What to apply from existing body of Law? 4

•UN Charta•Protocol 1 Geneva

Convention•Stability Preamble CFE•other international treaties

31

FoG:IS What to apply from existing body of Law? 5

UN Charta Art 2 (4) Prohibition of use of force“What is of use of force in case of computer network attacks or EMP-Weapons?And who cares currently? -> Kosovo, Afghanistan, Iraq attack?

32

FoG:IS What to apply from existing body of Law? 6

Protocol Additional to the Geneva Conventions of 12 August 1949, and relating to the Protection of Victims of International Armed Conflicts (Protocol I), 8 June 1977.

33

FoG:IS What to apply from existing body of Law? 7

Art 36 “new weapons (Protocol 1)”In the study, development, acquisition or adoption of a new weapon, means or method of warfare, a High Contracting Party is under an obligation to determine whether its employment would, in some or all circumstances, be prohibited by this Protocol or by any other rule of international law applicable to the High Contracting Party.

34

FoG:IS Example of a new weapon: Microwave Gun

35

FoG:IS Other examples of a new weapons:

EMP Weapons physical attack on computer networks software attack on computer networks directed energy attack on computer

networks non lethal weapons in the fields of

“crowd control” and urban warfare

36

FoG:IS What to apply from existing body of Law? 8

Art 56 “Protection of works and installations containing dangerous forces” (Protocol 1)

•Works or installations containing dangerous forces, namely dams, dykes and nuclear electrical generating stations shall not be made the object of attack ...

37

FoG:IS What to apply from existing body of Law? 9

Art 52 “General Protection of civilian objects” (Protocol 1)

Civilian objects shall not be the object of attack or of reprisals. Civilian objects are all objects which are not military objectives ...Attacks shall be limited strictly to military objectives.

38

FoG:IS What to apply from existing body of Law? 10

Art 52 “General Protection of civilian objects” (Protocol 1)

In so far as objects are concerned, military objectives are limited to those objects which by their nature, location, purpose or use make an effective contribution to military action and whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage ...

39

FoG:IS Problems of Art. 52

•Technical and systems discrimination of military and non-military objects in case of CNA?•The same question is valid in case of virus attacks

40

FoG:IS What to apply from existing body of Law? 11

CFE Treaty Preamble“... eliminating the capability for launching surprise attack and for initiating large-scale offensive action in Europe." Countable weapons platforms such as EW or IO aircraft would fit into this.

Agreement On Adaptation Of The Treaty On Conventional Armed Forces In Europe. CFE.DOC/1/99

41

FoG:IS some recent quotes 1

”The danger posed by international hack attacks against critical US networks is in some ways comparable to the threat Soviet nuclear warheads posed during the Cold War”

Condoleezza Rice, March 22, 2001

42

FoG:IS some recent quotes 2

”Our United States and our allies ought to develop the capacity to address the true threats of the 21st century. The true threats are biological and informational warfare.”

President Bush. IOWA speech. June 8, 2001

43

FoG:IS Starter Arguments

•No ‚first use‘ of offensive IO•No attacks on critical infrastructures•explanation of the legal matter of IO•strategic stability instead of destabilizing attacks on nuclear C2 systems•ban of directed energy weapons•more to come from Fo:GIS soon when our research project is ok

44

FoG:ISThe philosophical hypes of IW

"apparatus=world”"The disastrous danger of such an universal machine is obvious. In case the total interdependence among all of its part became true, the failure of a single part then might automatically begin to affect the whole apparatus, thus shut it down.“Günter Anders, Austrian Philosopher, husband of Hannah Arendt 1960 in his book: The Antiquity of Mankind

45

FoG:IS

Some simple Precautionary measures to reduce cyber-vulnerabilities

•Don’t put your toaster nor your refrigerator on the web.•Don’t put dial-up modems on oil-pipelines.•Don’t regulate the power output of conventional and nuclear PP by unencrypted radio signals....Otherwise:

46

FoG:IS

Some simple precautionary measurers to reduce cyber-vulnerabilities

“What must be made clear ist that the new concept of weapons is in the process of creating weapons that are closely to the lives of the common people. ... We believe that some morning people will awake to discover with surprise that quite a few gentle and kind things have begun to have offensive and lethal chracteristics.”

Wang Xiangsui (1999): Unrestricted Warfare

47

FoG:IS Thanks for listening !

Dr. Georg Schöfbänker

mailto: oisr@aon.at

http://www.fogis.de

http://members.aon.at/oisr/terror_krise or just “google” “oisr” and “linz”