IT GRC Forum

In this closing article, last in a set of three, I discuss some international treaties that may or may not apply to Cyber Security. Again I would like to note that the answers I give are merely my opinion on the matter. This article is comprised of two questions. Without further ado:

In continuation of the series I promised you on high-level debates surrounding Cyber Warfare, here is the next article in a series of three. This article will be the longest in the series due to the multi-parted nature of the question. Of course the answers given to each of the questions are merely my opinions on the matter. Please feel free to comment or contact me with relevant remarks.

The NCDI
A few months ago I was engaged by a friend who had desires of starting a new foundation in the Netherlands. He surmised that the Dutch Ministry of Defence could use some help in establishing proper Cyber Doctrine. Now, a scant 6 months later, we find our group is firmly set at 7 people and the foundation has officially been established. It is called the Dutch Institute for Cyber Doctrine (NCDI) and I sincerely hope you will hear more of us in the near future.

Records posted by the Dutch government reflect that the Armed Forces budget for Dutch cyber operations in 2012 has been estimated at 2 million euro´s. A small sum, but still a considerable one in the face of ongoing budget cuts at the Dutch Ministry of Defence. The money is intended to reenforce the Defence department´s digital defences and to develop the capability to partake in "cyber operations".

After writing the article "Cyberspace and 4th Generation Warfare - A Marriage of Convenience" I received many questions and comments that really stirred the conversation. I'd like to further clarify some points and make some more links based on (among other things) observations stolen directly from John Robb's blog. I hope mr. Robb doesn't mind my poaching his IP too much as I make my way forward in linking his theories to how I see the future of cyber conflict.

In 1989 a group of US military analysts including William S. Lind, decided to conveniently ignore the rest of world history and look at evolution in armed conflict starting at a mere 100 years before the inception of the United States. Any biologist worth his salt will tell you that this is too small a sample to take an accurate measurement of such a lengthy ordeal as evolution, but for this article's sake I will digress.

Over the last two years I've seen several outcries over the supposed great shortage in capable Cyber Warriors. But what does this mean, in terms of required skills? Most articles seem to ask for quite a lot; their Cyber Warriors seem to be required to be able to defend their networks (CND in military parlance), attack their adversary's network (CNA), engage in Cyber Espionage (CNE), reverse engineer malware and probably a bit more.

As part of the Dutch National Cyber Security Strategy that was launched earlier this year, one of the two new entities has officially been stood up. On June 30th of this year, Dutch minister Ivo Opstelten (Ministry of Security and Justice) officially installed the Cyber Security Council. The council will be advising both government and private parties on relevant developments in the area of digital security.

In as early as 2004 the various Armed Services of the United States publicly called Cyberspace a new warfighting domain. Now, several years and a whole lot of international incidents later, Cyber Security and Cyber Warfare have become common topics of conversation inside governments, corporations, national laboratories and think-tanks. Over 120 countries worldwide have ramped up efforts to defend themselves against cyber attacks, and are no doubt making sure that they have cyber capabilities of their own.

On february 24th of this year, a report was released by the Ministry of Security and Justice of the Dutch government with the alluring title "National Risk Assessment 2010" (PDF Alert - Dutch). This is not a new phenomenon, its a yearly recurring report that covers the results of scenarios thought up by the government in order to create or improve their strategies. Whats so special about the 2010 report is that for the first time ever, Cyber Conflict is a scenario being covered by the report.

Around September last year I wrote an article on the Dutch government promising a Cyber Security doctrine that was to determine the strategy the Netherlands was to follow in the areas of Cyber Crime, Cyber Warfare and generally all things related to Cyber Security. Well this document has finally arrived, and can be found here (PDF alert - Dutch). Its a decidedly vanilla document with not much meat to it, and the approach our government has taken looks a lot like that of the UK. That is to say: defend and extend on the commercial interests, partake in the various international initiatives pertaining to Cyber and don´t rock the boat too much (cost-wise).

A great many people (expert and layman alike) have been fighting a war on Cyber Warfare semantics these last few months. Some argue that Cyber Warfare is really nothing more than cyber espionage, others even completely dismiss the notion that Cyber Warfare exists. Regardless of your opinion, Cyber Security in general and Cyber Warfare specifically are the talk of the town. Books are written, blogs are typed up and experts roar their opinions from every soapbox they can find. But whats the point?