Sunday, June 19, 2011

AnonOps, LulzSec, & The Modalities Of nth Dimensional Conflict

Credit: Perceivin da multi dimensions
This post contains the beginning of my work to develop a new model with accompanying strategies for defending against anarchist clusters like LulzSec and Anonymous as well as more traditional opponents in cyberspace. I've named it the Principles of nth Dimensional Conflict. Since this is a work in progress and because I intend to flesh the principles and modalities out in more detail in the 2nd edition of Inside Cyber Warfare, I hope that interested parties will feel free to leave a comment with their thoughts and suggestions.

The genesis of this idea began with my first book in which I used the science fiction metaphor of a parallel universe to describe cyberspace: "a mysterious, invisible realm existing in parallel to the physical world, yet able to influence it in countless ways" (p.xiii). It's also why I've opposed the classification of cyberspace as a fifth warfighting domain. The Department of Defense as well as national and international law enforcement agencies have been relying upon traditional models to combat offensive cyber operations of all types with only marginal success. The information security community whose mission is to build software that protects private and government networks has failed miserably in executing that mission. In fact, some of their core principles such as publicizing vulnerability research may be causing more harm than good. The latest innovation is the rise of anarchist clusters like Anonymous and LulzSec who seemingly breach government and corporate websites at will. It has become clear to me that false assumptions about the battlespace have produced ineffective, possibly harmful defensive strategies and that we have to start fresh.

I've laid out some baseline principles that underlie recommended modalities or modes of action. In addition to my own interest in Complexity theory and Quantum physics, my thinking in this area has been greatly influenced by a research paper published by JASON in November, 2010: "Science of Cyber Security".

The Principles:

  • Cyberspace is an artificially constructed environment that is only loosely tied to the physical universe and is not constrained by three dimensional space, therefore there are few apriori constraints on either the attackers or the defenders.
  • It is not possible to definitively measure a level of security as it applies to the general operation of information systems (JASON).

The Modalities:

  • Uncertainty and randomness favor the adversary, therefore defenders must implement components of randomness and uncertainty as part of a network defense strategy
  • Since it isn't possible to anticipate every type of attack, the defender must become a competitor to the adversary and continually attack his own system "in the hopes of finding heretofore undiscovered attacks" before the adversary does.
  • Transparency such as commercial anti-virus systems and InfoSec research favors the adversary. Secrecy favors the defender.
  • For the adversary, trust is more important than identity. Since the Internet favors anonymity by design, defenders may achieve more success by breaching an adversary's trust loop than identifying who the adversary is.

I intend for this project to evolve into something more tangible in relatively short order but I don't expect it to be well-received. There's a lot of money invested (and being made) in the current flawed model and there's no scientific method that can be applied to the field of cybersecurity to help persuade skeptics. Absent scientific evidence, the best reason for corporate executives, military planners, and government policy makers to force themselves to explore and consider alternate paradigms like this one is the rapidly growing popularity of anarchistic hacker crews like LulzSec who will continue to thrive in the antiquated security environment that we've created up until this point. It's time to not only change the game, but the dimensional universe that the game is played in. Yes, we can do that in cyberspace.


  1. Nice work so far. Can't wait to see where you go with this.
    -- Russ Wellen, Focal Points

  2. The most unpredictable aspect of security will always be the human element. Whether an inside attack or someone gaining access through social engineering. We can build the strongest, thickest walls but if someone opens the gate the defense will be useless. Is this something being addressed in the project?

  3. Dear Jeff, your work is very interesting. And good, too. I think there are no many dimensions in Anon or Lulz cyber attacks. Actually, they seems the same as former Russian patriot attacks on Estonia and Georgia. For example, you can imagine that hacker groups are not anarchists at all. They can wage attacks for any government. US for example. Or for Raytheon on General Electrics, for example too. One day, in data mining environment they might be complex. But, today they are human made and very linear. But, JASON paper is good step for further research. It emphasizes lack of identification in cyber warfare. I am very interested in your work. My work encompasses very similar field of cyber security.
    Best wishes,
    Dragan Mladenovic, Serbia

    September 11, 2011 12:38 PM