Global Security and Intelligence Studies Volume 5, Number 1, Spring / Summer 2020 | Page 20
Global Security and Intelligence Studies
The Joint Chiefs of Staff (2019)
define “cyberspace” as:
A global domain within the information
environment consisting
of the interdependent networks
of information technology
infrastructures and resident data,
including the Internet, telecommunications
networks, computer
systems, and embedded processors
and controllers.
The tendency to artificially view
acts that occur in cyberspace as automatically
constituting network and
electronic warfare excludes the impacts
of virtual connectivity that extend far
beyond the underlying infrastructure
that makes its existence possible. This,
we believe is the first mistake—nowhere
in the definition of cyberspace
are the human-related tools and effects
included. In order to begin untangling
the cyber domain from the others, it is
first important to understand exactly
what the larger objectives of cyber warfare
by itself are, and consequently what
they are not.
RAND defines “cyber warfare” as
follows:
The actions by a nation-state or
international organization to
attack and attempt to damage
another nation’s computers or
information networks through,
for example, computer viruses or
denial-of-service attacks.
Cyberwar and its effects, as defined
by the DoD, occur exclusively
within the cyber domain, and are by
their very nature inseparable from the
information systems that magnify the
impacts of war in the information environment.
Attacks on critical infrastructure
(such as railways, hospitals, stock
exchanges, airlines, financial systems,
oil pipelines, water distribution systems,
electric grids, etc.), distributed denial of
service (DDoS) attacks (online banking,
digital news media, government
websites, etc.), malware, ransomware,
and data deletion are some of the most
prominent examples of methods used
to conduct an attack in the cyber domain
(Greenberg 2019). The objective
of an attack in the cyber domain is to
directly target the information itself or
the systems on which the information
resides.
According to the Geneva Centre
for Security Sector Governance, Computer
Network Operations (CNO) are
comprised of three forms: 1) computer
network attacks, which are operations
designed to disrupt, deny, degrade, or
destroy information on computers or
computer networks or the computers
or networks themselves, 2) computer
network exploitation, which is the retrieving
of intelligence-grade data and
information from enemy computers by
ICT means, and 3) computer network
defense, which consists of all measures
necessary to protect one’s own ICT
means and infrastructures. All three
CNO forms of activity can take place
within cyberspace in a manner that
does not rise to the level of impact necessary
to constitute an attack or warfare.
While the impacts from cyber
warfare are potentially many, the underlying
threat that ultimately emanates
6