The ever-excellent Roderick Jones at Counterterrorism Blog (who also blogs at MetaSecurity) posits a future in which virtual assassination could be deployed as an effective a tool as that of the 19th century anarchists:

… a cyberspace assassination would seek to achieve the following aims: prevent the candidate from actually being in cyberspace ( the equivalent of virtual-murder), instill fear amongst their supporters that the same may happen to them and as a side-effect force the political campaigns to spend money on their cyber security or force the Secret Service to protect cyber-personas (the protection of cyber-identities is clearly something that all protective security agencies are going to need to consider). The tools to do this arguably already exist - hackers or botnets for hire could be diverted to these ends. This of course is fast-forwarding to a future more virtualized point where society is more reliant on cyber-spaces but similar tools could be applied today.

As with all things virtual, the scenario can be flipped. The use of precision cyber-attacks (or virtual assassinations) against America’s enemies should be considered today as a tactic to disrupt cyber-terrorists.

Read the article here.

Yes, we all read Danger Room, so I don’t normally post material from the team at Wired, but this story is right in the Ubiwar vein. 26 Years After Gibson, Pentagon Defines ‘Cyberspace’, writes Noah Schachtman, and this is the definition, as penned by UD US Deputy Defense Secretary Gordon England:

[A] global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.”

Schachtman notes the divergence from William Gibson’s 1984 definition of cyberspace in Neuromancer, which I’ve expanded slightly from Schachtman’s piece:

Cyberspace. A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts … A graphic representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights receding …

The term ‘cyberspace’ has come a long way since then, a term of which Gibson later said:

All I knew about the word “cyberspace” when I coined it, was that it seemed like an effective buzzword. It seemed evocative and essentially meaningless. It was suggestive of something, but had no real semantic meaning, even for me, as I saw it emerge on the page.

I nicked that quote from Wikipedia, the same entry from which Cyber Warrior got their definition, as I reported yesterday. The USACEWP appear not to have read USAF’s own definition, as stated by Air Force Cyberspace Command:

Cyberspace is a domain like land, sea, air and space and it must be defended. Although we’ve been operating in cyberspace for a very long time - since the invention of telegraph, radio and radar - we now conduct the full range of military operations in this domain. Just as the sea domain is characterized by use of water to conduct operations, and the air domain characterized by operations in and through the atmosphere, the cyber domain is characterized by use of electronic systems and the electromagnetic spectrum. This includes all energy that flows through the electromagnetic spectrum - radio waves, micro-waves, x-rays, gamma rays, and directed energy. If an electronic system emits, transmits or reflects, it’s operating in cyberspace and we are there to take military action.

Schachtman continues:

“Cyberspace is composed of hundreds of thousands of interconnected computers, servers, routers, switches, and fiber optic cables that allow our critical infrastructures to work,” states the Bush administration’s 2003 National Strategy to Secure Cyberspace. “Thus, the healthy functioning of cyberspace is essential to our economy and our national security.”

In the 2006 National Military Strategy for Cyberspace Operations, a classified document, the Joint Chiefs of Staff defined cyberspace as “a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify and exchange data via networked systems and associated physical infrastructures.”

Exactly how that will square with the Pentagon’s new definition of cyberspace remains to be seen.

Well, yes, that’s true. I guess the various agencies agree that cyberspace is a warfighting domain, but what that actually means is unclear. I would hate to come up with an off-the-cuff definition, but then again I’m not paid to. Anyone who feels like having a go, or can point me to some useful resources, please do. As for the military, boys, I suggest returning to Gibson’s prescient definition and extracting what he actually meant.

Update: Right on cue, Joel Davis at Singularity Sunrise writes:

Well, there you go, cyberspace is the global network of interconnected hardware and software which the modern military stands ready to defend and/or attack. What have they omitted from their definition? The wetware - the human mind.

Cyber Warrior

Welcome to the U.S. Army Computer Network Operations - Electronic Warfare Proponent (USACEWP) Blogspot. The purpose of this blog is to foster an active “coversation” through updates from the Director and the USACEWP team. We welcome respectful, courteous and open discussion and feedback.

“In the final analysis, there is no “peace” in cyberspace…”

USACEWP is a subordinate organization to the Army’s Combined Arms Center

Curious. Why would the US Army go for a free blog platform, in this case Blogspot, to hold any ‘coversation’ (shurely shome mishtake), let alone with us? I see no mention of the blog on the USACEWP website. Also, there may never be any ‘peace’ in cyberspace but assuming a state of perpetual cyberwar as a starting point is an unwelcome public expression of belligerence. Or am I missing something here? The quoted expert is apparently Brigadier General Jon M. Davis, US Strategic Command (Network Warfare) (according to The Travelin’ Librarian), who is also responsible for saying ‘as long as we have two eyes and opposable thumbs we’ll fight’.

Only two posts on the blog so far, the first on 5 May 2008, which defines cyberspace according to its Wikipedia entry. It concludes with this:

Ultimately, leading the C-E [cyber-electronic] transformation means including everyday citizens and involving them in the process. We’ve been reluctant to do this in the past, but Cyberspace changes all the rules. Cyber Warfare requires Cyber Warriors, men and women whose brains can process information in new and faster ways. At the very least, right now, we need Cyber Thinkers who can help to advance our C-E strategy and doctrine, not just within the information environment but across the entire electromagnetic spectrum, including the use of electromagnetic pulse and directed energy, aircraft survivability, and the defeat of improvised explosive devices (IED).

The second post links to a PBS Frontline show, Cyberwar!, but their CyberLink is broken.

I’m not making this up. I’m missing something here. Help me out.

AFP (via Terror News Briefs), reporting on the World Cyber Security Summit in Kuala Lumpur this week (my emphasis, and with added links):

KUALA LUMPUR (AFP) — The threat of cyber-terrorism is growing and most countries are vulnerable to attacks that can shut down critical infrastructure, global experts told a conference here Tuesday.

“The hard reality is that (information technology) has become a tool for cybercrime and cyberterrorism,” said Hamadoun Toure from the United Nations’ International Telecommunication Union.

“Cybersecurity must be the cornerstone of every aspect of keeping ourselves, our countries and our world safe,” he told the conference, which the Malaysian hosts are billing as the first on cyber-terrorism and security.

Toure dismissed as a dangerous myth the idea that events in the virtual world have only a limited impact on the physical world, saying that technology has “changed the dynamics of terrorism”.

Small groups or even individuals are capable of gaining control of millions of computers “which can be used, for instance, to launch denial-of-service attacks on a nation’s critical infrastructure,” he said.

Malaysia said it was launching a global centre to combat cyber-terrorism which will provide an emergency response to high-tech attacks on economies and trading systems around the world.

Prime Minister Abdullah Ahmad Badawi said the centre, which is expected to be built by the end of the year at the nation’s IT hub of Cyberjaya, south of Kuala Lumpur, will be funded by governments and the private sector.

“Every aspect of our daily lives, from communications, public utilities, financial networks to national defence … are highly dependent on information and communications technology to function,” he told the conference.

Abdullah said the threat of cyber-terrorism could no longer be ignored by governments, especially in the most “wired” parts of the world.

“The extent of harm and damage that these cyber-threats can pose to our societies and nations should never be underestimated. Any vulnerability can easily be exploited to bring about truly catastrophic consequences,” he said.

Eugene Kaspersky, founder and CEO of Russian-based anti-virus experts Kaspersky Lab, said the number of cyber-criminals had leapt more than tenfold since last year.

“This means the Internet environment is getting more dangerous… there’s nothing to stop them,” he said.

David Thompson, chief information officer of anti-virus systems manufacturer Symantec Corp., said that the risk of cyber-terrorism grew as nations became more developed.

“Most countries are vulnerable to cyber terrorism, it’s just that some are more prepared than others,” he said.

I would go even further than Hamadan Touré and say that successful counter-strategies should consider the internet as physical before treating it as virtual, rather than reverse-engineering the cognitive process. Whilst the latter has to be desirable for those some way down the track, some root-and-branch restructuring of perceptions at all levels, public, private, and policy, is necessary. Rather than treating the ‘virtual’ as somehow the ‘Other’, think of it more as ‘Self’.

Benjamin Duranske at Virtually Blind flags up a paper by Bart Schermer, partner in consultancy firm Considerati and an assistant professor at the University of Leiden (Faculty of Law) in the Netherlands, Alan Turing and the Matrix: Intelligent Systems for Law Enforcement in Virtual Worlds [.pdf]. It’s a thought-provoking short article, and I’m just going to pull out a few items of particular interest.

Due to the popularity of the MMORPGs [massively multiplayer online roleplaying games] and virtual worlds, where millions of people now interact on a daily basis, their relevance is becoming ever greater within our society. This relevance is heightened by the fact that virtual worlds are not isolated from the real world. While it is possible to view the ‘virtual world’ and the ‘physical world’ (i.e., the real world) as two distinct environments, they interact to a large extent. As such the boundaries of the physical world and the virtual world become blurred. The area where the virtual world touches upon the real world can best be described as ‘interreality’ (Kokswijk, 2003). A good example of this phenomenon is people willing to pay real money for virtual goods. Interreality raises all sorts of interesting possibilities for social interaction and economic activities, however it can also lead to various forms of deviant behavior.

I like the term ‘interreality’. It lends itself well to describing the fuzzy cognitive interface between the Real and the Virtual. It does slightly mask the fact that this is a contingent relationship - the Virtual currently cannot exist without the Real.

The notion of crime is somewhat difficult in MMORPGs and virtual worlds. First of all, defining certain types of behavior in virtual worlds as deviant implies almost by definition regulation of the virtual environment by a central authority … the rules of social conduct within virtual worlds may differ from those in the real world. Thus, functional equivalence of the rules of criminal law in MMORPGs and virtual worlds is not a given.

This is an excellent point, although one far too subtle for most law enforcement agencies to grasp. Their understanding of normative behaviour is likely to be grounded purely in the Real. In a sense, this is correct - why bother with a Virtual infringement if it has no effect in the Real?

Schermer identifies three types of ‘deviant’ behavior - cheating (often endemic and desirable in MMORPG gameplay); virtual crime (theft of virtual goods with Real world value, as in gold farming and captcha solving, slander, defamation, identity fraud, stimulative paedophilia simulation). The third type Schermer defines is that of ‘preparatory actions’:

[The] Internet has contributed greatly to the communication capabilities of organized crime and international terrorism. Through websites, email, internet relay chat (IRC), and instant messaging programs (AOL IM, MSN), criminals and terrorists can communicate effectively and in relative safety. However, criminals are also aware of the fact that their modes of electronic communication can be monitored by law enforcement and intelligence agencies. Therefore, they may turn to less conspicuous forms of communication such as interacting with one another in MMORPGs or virtual worlds.

Note the qualification ‘may’. The present consensus is that terrorist use of virtual worlds is minimal, although this is likely to change. Contrast considered research with the breathless reporting of last summer, in which The Australian and its News Corporation sister The Times of London claimed that “the dismantling and disruption of military training camps in Afghanistan and Pakistan after September 11 forced terrorists to turn to the virtual world.” This notion of ‘virtual sanctuary’ is riddled with conceptual errors as it is, and the facts do not support even the basic premise of these stories.

But, as Schermer says:

It is likely that with the increasing popularity of virtual worlds, virtual crime will become a more serious problem over time. Therefore, at some point in time law enforcement in virtual worlds may become necessary. When it comes to the policing of cyberspace, surveillance plays an important role. For the context of this article, three levels of surveillance play a particular role, viz. 1) surveillance at the IP level, 2) surveillance at the application level, and 3) surveillance at the interaction level.

I agree with this, and Schermer suggests three ways that software agents might undertake surveillance in lieu of human agents. Unobtrusive agents are disembodied elements of the invisible surveillance infrastructure. Avatars could simulate real-life police officers, and would be visible and accessible in-world, much like the ‘bobby-on-the-beat’ model of traditional policing. The third option is undercover agents, posing as normal avatars, and interacting socially with other residents or players. These would not be immediately recognisable as surveillance operatives, as they would pass the Turing test by demonstrating plausible intelligence. They would also be subject to the same risks as real-life agents engaged in surveillance, entrapment and infiltration operations.

Schermer suggests the following legal ramifications:

When we examine the use of software agents for surveillance on the interaction level, it is my opinion we must distinguish between software agents that merely ‘patrol’ cyberspace, and software agents that interact more directly with inhabitants of virtual worlds. For the most part, I feel that the first type of surveillance is part of the normal police task and that as such new rules are not necessary. When software agents actually start interacting with inhabitants of the virtual world, new rules will likely be necessary. The reason for this is that, in general, these agents will be more intelligent and will operate within the personal sphere of the player, where they could form a greater threat to privacy and liberty.

My immediate thought is: within whose jurisdiction does it fall to uphold rights to privacy and liberty? I’d like to think that recent initiatives like Project Reynard will consider the legal implications of policing cyberspace. Does international rights legislation apply? If the internet is non-locative physical space, as I’m beginning to think it should be considered, how do we determine jurisdiction? Through consideration of nationality of actors? ISP location? Location of intended acts? Location of virtual acts - game servers? The virtual world Tribal Net (out in beta this week) uses a distributed network of user-owned PC-based servers - another innovation likely to fox current legal frameworks.

These issues are not going to go away.

I doubt that claiming the Third Amendment against non-consensual harbouring of military botnet code would work but it’s a nice idea.

Amendment 3 - Quartering of Soldiers. Ratified 12/15/1791:

No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.

(h/t harflimon at Brainsturbator)

An interesting graphic from Intelligence Online in a short article, How the Pentagon is Organizing its Cyber Warfare System (requires free registration), showing the command hierarchy of USSTRATCOM:

The NATO equivalent, the Cyber Defence Management Authority, is not yet up and running, despite its launch being expected at the Bucharest Summit last month. If anyone can point me to something concrete about its proposed organisational structure, I’d be most interested. NATO’s Centre of Excellence for Co-operative Cyber Defence in Tallinn, Estonia is also not operational yet.