1

NATIONAL DEFENCE UNIVERSITY, ISLAMABAD

PAKISTAN

NSWC 2011/12

INDIVIDUAL RESEARCH PAPER

2

Lieutenant Colonel HammadAmjad

 1
RESTRICTED

ABSTRACT OF THE PAPER

The thesis is an endeavor to analyze the true forms and dimensions of a warfare which has

become a reality over the years and which has been employed by a variety of players for obtaining

objectives in the domain of military as well as political and corporate fields. The paper digs out ways

and means adopted by these identities to create certain effects over the targeted entities. The paper

also covers the inherent flaws of internet which allow for certain actors to exploit the vulnerabilities

of the internet and target its users at will. An account of different cyber-attacks in the military and

nonmilitary domain allows the reader to absorb the magnitude of threat along with the diversity of

its manifestation. An effort has been made to evaluate the possibility for establishment of cyber

arms control and cyber security regimes. Purely in the military domain, the impact of Information

Operations and Information Warfare Operations capabilities and our own vulnerabilities in this

regard have been highlighted. The degree of importance accorded to cyber warfare by countries like

US and China as evident through their doctrines and training besides development of weapons and

techniques amply highlights the importance of the subject. Finally, objective analyses followed by

certain relevant recommendations have been compiled to offer a road map to exploit the available

avenues and thwart the threats from our adversaries.

ACKNOWLEDGEMENTS

RESTRICTED
 2
RESTRICTED

First and foremost, I must acknowledge the guidance and support afforded to

me by my supervisor, Air Commodore Usaid Ur Rehman, without whose valuable

input, it would not have been possible to produce this thesis in its finalized form. I

must also acknowledge the assistance provided to me by Lieutenant Colonel

MuneerAfsar and Lieutenant Colonel Muhammad Irfan in the collection of useful data

pertaining to the topic of research. Finally, the support of National Defence University

was vital to have provided me the environment and assistance to produce this paper.

RESTRICTED
 3
RESTRICTED

TABLES OF CONTENTS
Seria Content Page
l

1. Declaration ii

2. Abstract iii

3. Acknowledgements iv

4. List of contents v

5. Chapter 1- Introduction to Cyber Warfare/ Conceptual 1

Framework
a. Definition, purpose and characteristics. 2
b. Evolution of Cyber Warfare 7
(1) Understanding the inherent flaws of software and
hardware.
(2) Vulnerabilities of Internet.
c. Some cyber attacks of contemporary times 8
(1) Military domain.
(2) Non military domain.

6. Chapter 2 – Dimensions of Asymmetric Warfare 12

12
b. Cyber Threats in Asymmetric Warfare.
13
c. Need for cyber arms control and cyber deterrence.
13
d. Need for redefining cyber security.
14
e. Information Operations.
15
f. Forms and capabilities of Information Operations.
16
g. Ways to employ Information Operations
17
capabilities.
18
h. Information Warfare and pattern.
i. Weaknesses of our IO capabilities.
7. Chapter 3 – US/Chinese/Russian Perspective
19
3. US
(1) Training
(2) Formulation of Strategy

RESTRICTED
 4
RESTRICTED

(3) Institutional Developments

4. China 21
(1) Efforts to counter/ develop offensive cyber capability.
(2) Weapons and techniques.
c. Other countries 22

8. Chapter 4 – Analysis and Recommendations 23

9. Bibliography 29

RESTRICTED
 5
RESTRICTED

CHAPTER - 1

INTRODUCTION TO CYBER WARFARE/ CONCEPTUAL FRAMEWORK

1. Introduction. Cyber warfare is an outcome of information age

technologies like satellites, electronic mailing system, internet, computers and micro-
chip. Advancement in these technologies has converted the planet earth into a global
village affecting all facets of human activity including warfare. Increased use of these
Information Technology tools in all walks of life thus makes it mandatory for various
elements of national power to absorb, store, evaluate, use and exchange large
volumes of information at high speed. Electronic banking, barcode scanning,
personal organizers, cellular phones, telephones and modems on airline seats,
electronic meetings and teleconferencing are among the developments that mark
new ways in which people work, govern, transact, business, and teach. This requires
establishment of complex management systems, which invariably contain inherent
strengths and vulnerabilities. Exploiting such vulnerabilities of the enemy has
surfaced as a new dimension of war craft termed as cyber warfare. It is fast gaining
popularity as a means of damaging an enemy’s financial and social structures.
Terrorists have discovered that the path to the fear and chaos that they crave most
may be more easily achieved by a wide scale attack on infrastructure/economic
targets, thus causing a general breakdown in society.
2. Moving into the domain of armed conflicts between nation states, cyber
warfare is increasingly becoming an important part of the concept of asymmetric
warfare. Asymmetric warfare is and will continue to be a legitimate way for
adversaries to gain advantage over one another. Military and intelligence
organizations are preparing the cyber battlefield with things called ‘logic bombs’ and
‘trap doors’ placing virtual explosives in other countries in peacetime. 1 Nations, non-
state actors, even individuals will use the myriad means of asymmetric warfare to
their advantage to serve individual, group or national goals. The large scale
integration of information technology in the modern battlefield has not only added a
whole new dimension to it but also has radically transformed the way the
conventional wars are waged. High speed microprocessors, artificial intelligence
networks, and communication networks spanning the whole globe in an intricate web
1
Richard A Clarke and Robert K Knake, Cyber War, (Harper Collins Publications, USA, 2010),
Introduction.

RESTRICTED
 6
RESTRICTED

have given reality to the concepts previously found in the realm of science fiction
only. In this new form of warfare, bloodless war theatres will emerge where battles
will be fought to attain better situational awareness and information dominance
whereby information warriors may succeed in stopping a war even before it starts or,
wage war in a wholly new dimension.

5. Definition, Purpose and Characteristics

a. Definition. Cyber warfare is defined as “Non-kinetic, offensive

actions taken to achieve information superiority by affecting enemy
information based processes, information systems and computer-
based networks”.2 It has often been referred to as the fifth domain of
warfare.
b. Purpose. Following can be some of the purposes:-

(1) Web Vandalism3. Enemy can deactivate or deface government

or military Web pages. (This is usually just a nuisance and easy
to undo.)

(2) Disinformation Campaigns. The Internet is a popular tool for

finding news, and can be used to spread misinformation and
disinformation to affect a population's beliefs or psychology.

(3) Gathering Classified Data. Classified information that is not

handled securely can be intercepted and even tampered with.

(4) Destruction of Information. If a Cyber Warrior has the ability to

alter and manipulate the information then he has the ability to
destroy this information as well.

(5) Disruption in the field. Military activities are carefully

coordinated, and heavily dependent upon electronic
communications transmitted over computers and satellites.
Opponents can block, intercept these vital communications, or

2
Byard Q. Clemmens, “Cyberwarfare: Ways, Warriors and Weapons of Mass Destruction”, Military
Review, September/October 1999, V.79, P.35.
3
Pakistan Computer Emergency Response Team. “The Future of Computers & Internet Cyber
Warfare”.[Online] Available http://pakcert.com.pk/cyberwarfare/

RESTRICTED
 7
RESTRICTED

pollute them with false orders or responses. (This type of cyber

war severely endangers the lives of soldiers in the field.)

(6) Destruction of Information Infrastructure. The Command and

Control system of the Armed Forces or for that matter systems
at national level are solely dependent on the information and
data base of the organizations. The Cyber Warrior may well
decide even to destroy the basic information/ data infrastructure
of the target country or military service to totally shut down the
adversary’s ability to process information or communicate. Thus
setting in the paralysis even before a single shot is fired.

(7) Attacking Critical Infrastructure. Many components of our

national critical infrastructure - electricity, water, fuel,
communications, transportation - are surprisingly vulnerable to
concerted electronic attack. Serious domestic disasters,
including financial meltdown, are possible.

c. Characteristics4
(1) Low Entry Cost. The cyber weapon technologies do not require
sizeable financial resources or state sponsorship. The only
prerequisite for cyber warrior is expertise of the system, and
access to important target information and data network.
(2) Blurred Traditional Boundaries. In cyberspace, the boundaries
between nations and private-sector organizations are porous,
rendering distinctions between war and crime, and between
public and private interests, less meaningful. Similarly distinction
between foreign and domestic sources of cyber threat and
actions is difficult.
(3) Difficulty of Warning and Attack Assessment . There will be
formidable problems in distinguishing between cyber warfare
attacks and other kinds of activities and events, such as
espionage, accidents, system failures, and hacker pranks. An

4
RAND. “Strategic War in Cyberspace”. [Online] Available http://www.rand.org/publications/
RB/RB7106/ 106.html, January 1996.

RESTRICTED
 8
RESTRICTED

inability to make such distinctions could lead to very cautious

responses.
(4) Lack of Intelligence. Vulnerabilities to cyber warfare are poorly
understood. The identities of potential adversaries may be
unknown and classical intelligence collection and analysis
methods may not apply.
(5) Expanded Role for Perception Management . New
information-based techniques like use of internet may
substantially increase the power of deception and image
manipulation activities. Disinformation may become difficult to
handle.
(6) Fall Outs. One of the main features of the cyber attack is the
mass effect that a single event will have on the organization or
the general public. A typical logic bomb goes off in the
computer/data network of the phone company and it puts off the
whole telecommunication network of the country. This logic
bomb may not end in action there rather it may travel down to
the other systems of the targeted organization/country.
d. Actors and their Motives. Literally hundreds of individuals, groups of
people or even nations could be considered as potential actors. Anyone
with a computer, modem, and telephone can gain access to almost any
portion of the information infrastructure from any location whereas;
detecting and tracing such activity can be extremely difficult. Some of
the identified actors, threat level posed by them and their motives are
as under:
(1) Hackers. Although the most numerous and publicized cyber
intrusions and other incidents are ascribed to lone computer-
hacking hobbyists, such hackers pose a negligible threat of
widespread, long-duration damage to national-level
infrastructures. A large majority of hackers does not in fact have
a motive to do so. Nevertheless, their large worldwide population
poses a relatively high threat of an isolated or brief disruption
causing serious damage.

RESTRICTED
 9
RESTRICTED

(2) Hacktivists5. A smaller population of politically active hackers,

which may include individuals and groups with motives against
their own or foreign governments. It poses a medium level threat
of carrying out an isolated but damaging attack. Most
international hacktivist groups, however, appear bent on
propaganda rather than damage to critical infrastructures. Pro-
Beijing Chinese hackers over the years have conducted mass
cyber protests in response to events such as the 1999 NATO
bombing of China’s embassy in Belgrade etc.
(3) Industrial Spies and Organized Crime Groups . International
corporate spies and organized crime organizations also pose a
medium level cyber threat through their ability to conduct
industrial espionage and large-scale monetary theft,
respectively.
(4) Terrorists and their Sympathizers. Traditional terrorists
despite their intentions to damage a nation’s interests are less
developed in their computer network capabilities and propensity
to pursue cyber means than are other types of actors. However,
hot pursuit after the 9/11 attacks revealed increasing use of
cyber space by the terrorist groups and their sympathizers to
formulate plans, carryout financial transactions and
communicate securely. In the near term, terrorists are likely to
stay focused on traditional attack methods as bombs still work
better than bytes.
(5) Target Nation-States. This breed of actors has emerged
especially after the 9/11 incident and is mainly the concern of US
Several nation-states including US designated supporters of
terrorism, such as Syria, Iraq, Iran, Sudan and Libya could
possibly develop cyber warfare capabilities and direct those
against US and her allies.
(6) Thrill Seekers. Any conflict that plays out in cyberspace will
invariably attract a huge number of hackers who simply want to
5
Lawrence K. Gershwin. “Cyber Threat Trends and U.S. network Security”. Speech, U.S. Joint
Economic Committee: 21 June 2011. [Online] Available http://www.cia.gov/nic/speeches/testimony/

RESTRICTED
 10
RESTRICTED

gain notoriety through high profile attacks. Those just jumping on

the bandwagon of a cyber conflict between any two nations are
likely to pose a relatively low threat. However, such individuals
can still have significant disruptive impact.
(7) National Governments. The threats from institutionalized cyber
warfare programmes would range from propaganda and low-
level nuisance web page defacements to espionage and serious
infrastructural disruption with loss of life.
e. Prospective Targets6
(1) Political
(a) National governmental apparatus and centers to include
headquarters, administration offices, ministries and
communication nodes.
(b) Internal state police and forces to incl headquarters,
intelligence systems and support databases.
(c) Propaganda systems: domestic and international e.g.
public affairs, psychological operations, organizations/
networks etc.
(d) Sensitive government and private research centers.
(2) Infrastructure
(a) Public telecommunication switches.
(b) Telephone exchanges.
(c) Fiber optics nodes and repeater stations.
(d) Microwave transmission networks.
(e) Computer and data processing centers.
(f) Energy and power sources e.g. power production/ grid
stations, pumping systems etc.
(g) Government/ private industrial infrastructure.
(h) Ground and air traffic control centers and support
computer systems.
(i) Banks, trading centers, currency control and depositories
databases.
6
Alan D. Campen, Douglas H. Dearth and R. Thomas Goodden, eds. Cyberwar: Security, Strategy
and Conflict in information Age. (New Delhi: Bookmart Publishers, 2000), P.192.

RESTRICTED
 11
RESTRICTED

(j) Food and water distribution systems.

(k) Electronic media like radio, TV and internet.
(3) Military
(a) Warning systems/sensors.
(b) Command, control and communication centers.
(c) Conventional delivery systems.
(d) Command Posts, target acquisition and weapon guidance
systems.
(e) Military records and inventory systems.
6. Evolution of Cyber Warfare
a. Understanding the inherent flaws of software and
hardware
(1) A wide range of companies of a number of countries
are involved in contribution of hardware and the software to a
supply chain system which finally produces the end products
used by the internet and computer users.7
(2) This diversity is driven by the macroeconomics of the
issue involving economic compulsions and interests of
competing players.
(3) This multiplicity paves way for introduction of
vulnerabilities which are accidental as well as intentional to
make internet and computer users the target as well as a
weapon in cyber wars.
b. Vulnerabilities of Internet8
(1) The Addressing System
(a) This is the system that finds out where to go on
the internet for a specific address.
(b) Internet Service Providers (ISPs) are the
companies that carry the internet traffic using the Domain
Name System (DNS) which is a database and part of an
elaborate hierarchy of server computers; susceptible to
attacks by cyber warriors.
7
Richard A Clarke and Robert K Knake, Cyber War, (Harper Collins Publications, USA, 2010), 86.
8
Ibid, 74.

RESTRICTED
 12
RESTRICTED

(2) Routing Among ISPs

(a) This is done through a system known as Border
Gateway Protocol (BGP).
(b) This is the internet postal worker that sorts out
internet traffic directing it to intended destinations. Any
cyber warrior can disrupt so that the traffic could get lost
enroute and not reach its destination.
(3) Unencrypted Domain
(a) Most communication on the internet is
broadcasted openly and only a fraction is encrypted.
(b) ISPs and mail service providers have access
(even if they do not acknowledge) to tune into anyone’s
internet traffic just like tuning in a FM radio channel.
(c) Even a third party can ‘snoop’ to pick the traffic
by acting as a router copying the information before
passing it on to the intended address.
(4) Propagating Medium of Virus
(a) Viruses, worms and phishing scams, collectively
known as malware, are propagated on internet exploiting
flaws of software and user errors.
(b) Some malwares are aimed at disrupting a
computer’s normal operation; others provide a hidden
access point to the system or copy or steal private
information.
(5) Decentralized Design of the Network
(a) Designers of internet did not want governments
to control it so a system was designed that focused more
on decentralization than security.
(b) Each distinct network was supposed to stand on
its own with no global controls at operations level.
7. Some Cyber Attacks of Contemporary Times. There is a history
of cyber attacks recorded and readily available on the internet. A quick look will
reveal the magnitude and diversity of these attacks. It also allows any researcher to

RESTRICTED
 13
RESTRICTED

dig out ways and means adopted to achieve a particular end. It also helps
determining whether these attacks are a standalone affair or a non kinetic application
in a long drawn campaign which may include certain kinetic means as well. Some of
these attacks are briefly covered here.
a. Military Domain
(1) Titan Rain – 2003
(a) This incident involved extraction of 10 – 20 tetra
bytes of data off the Pentagon’s unclassified network by
alleged Chinese cyber warriors.
(b) Chinese military were reported to have created a
facility in Cuba to monitor US internet traffic and
Department of Defense communications.
(2) Syrian Nuclear Facility Attack – September 2007 9
(a) Israeli F-15 Eagles and F-16 Falcons raided an
alleged Nuclear Facility being built by Syria with North
Korean assistance on 6 September 2007.
(b) Syrian Air Defence Network was ‘owned’ by
Israeli Air Force that night since all radars were blank and
ground based controllers which were required to guide air
defence missile systems did not see or do anything.
(c) This was made possible through cyber assault
on the Syrian Air Defence system. There were at least
three different options available to the Israeli cyber
warriors to manage the attack, covered briefly below:
i. A stealth unmanned aerial vehicle (UAV)
flown in Syrian air space earlier into Syrian Air
Defence Radar’s beam could have sent back
computer packets back to the system that could
have made the system malfunction.
ii. Israeli agents could have compromised
the Russian computer code controlling the Syrian
Air Defence network by slipping a trapdoor into the

9
Ibid, 7.

RESTRICTED
 14
RESTRICTED

millions of lines of computer code that run the air

defence program; only to respond to a certain set of
circumstances later on.
iii. The third possibility was that an Israeli
agent could find an optic fibre cable of the air
defence network and splice into the line to give
command that would open the trap door discussed
earlier.
(3) Department of Defence (DoD) and CENTCOM –
November 200810
(a) Classified networks at DoD and CENTCOM
were hacked by unknown foreign intruders.
(b) It took several days to dislodge the intruders and
rescue the network.
(4) Stuxnet – 201011
(a) This complex malware was detected in Iran,
Indonesia and elsewhere.
(b) It was designed to interfere with Siemens
Industrial Control System.
(c) It is regarded to be a cyber weapon aimed at
Iranian nuclear program.
(5) Attack on Australia’s Defence Signals Directorate
October 2010
(a) Australia’s Defence Signals Directorate reported
a huge increase in cyberattacks on the military.
(b) Australia’s Defence Minister, John Faulkner,
revealed there had been 2400 “electronic security
incidents” on Defence networks in 2009 and 5551
incidents between January and August 2010.
b. Non Military Domain
(1) Slammer Worm – 200312

10
‘’Significant Cyber Incidents Since 2006’’.[Online] Available http://techploicy@csis.org, 29.
11
Ibid, 66.
12
Richard A Clarke and Robert K Knake, Cyber War, (Harper Collins Publications, USA, 2010), 99.

RESTRICTED
 15
RESTRICTED

(a) The malware got into and slowed controls on

power grid in eight states of USA and two provinces of
Canada.
(b) 50 million were without electricity and anything
that needed electricity such as water supply system.
(c) The effects were achieved by a hacker giving
specific command on the system.
(2) Georgia – 200813
(a) Computer networks in Georgia were hacked by
unknown hackers and annoying graffiti was posted on
government web sites, coinciding with its standoff against
Russia.
(b) Although no disruption of services took place,
the incident put political pressure on the government.
(c) The attacks were coordinated with Russian
military actions.
(3) Attack on Japanese Industries - August 2011
(a) According to sources in the Japanese
government, Mitsubishi Heavy Industries and twenty other
Japanese defense and high tech firms were the target of
an effort to extract classified defense information.
(b) Japanese officials believe the exploits all
originated from the same source. The intruder used email
with a malicious attachment whose contents were the
same as a legitimate message sent 10 hours earlier.
(4) Attack on Dutch Certification Authority - September
2011
(a) Unknown attackers hacked a Dutch certificate
authority, allowing them to issue more than 500 fraudulent
certificates for major companies and government
agencies. The certificates were used to verify that a
website is genuine.

13
‘’Significant Cyber Incidents Since 2006’’.[Online] Available http://techploicy@csis.org.

RESTRICTED
 16
RESTRICTED

(b) By issuing a false certificate, an attacker can

pretend to be a secure website, intercept e-mail, or install
malicious software.
(c) This was the second hack of a certificate
authority in 2011.

CHAPTER – 2

DIMENSIONS OF ASYMMETRIC WARFARE

8. Cyber Threats in Asymmetric Warfare

a. Once we talk of cyber aspects of asymmetric warfare then all
the related terms like software war, net war, hackers’ war, cyber attacks
and cyber terrorism converge at one point becoming synonymous to
each other. The tools, techniques, actors and even the underlying
philosophy seemingly same; all become part of asymmetric warfare.
Dominant feature, however, remains the use of cyber space as a
medium to wage war and cause mass disruption.
b. Due to cheap availability of IT tools, likelihood of cyber attacks
as means of asymmetric warfare has become high. Such attacks can
be launched by terrorists to spread terror, by criminals for petty financial
gains or by nation-states who cannot afford to wage war against their
adversaries through conventional means. These will not only target the
web sites of government agencies and private companies, but can also
attack more high-value targets such as the networks that control critical
infrastructures.
c. Possible scenarios of cyber attacks in the realm of asymmetry
can be:
(1) Deprive the target nation of communications and
financial resources.
(2) Cause a complete failure of the telephone and
electrical supply systems. The loss of electrical power alone
can result in deaths due to a variety of problems.

RESTRICTED
 17
RESTRICTED

(3) Use internet (which includes sites from all the major
news sources) to spread false information or simply disable all
the news sources on the internet.
(4) Zero out financial accounts of the important
government or private offices, institutions or persons.
(5) Misroute trains, collapse the air traffic control system
and cause failure of all utilities.
(6) Through hacking change the composition of steel at a
mill to make it vulnerable to cracking in extreme hot/cold
weather or manipulate components of a food product to add
some amounts more than the normal so that it is large enough
to become toxic.
(7) Through computer malfunctions cause detonation or
failure of military weapon systems, leaving a country vulnerable
to conventional, or worse, WMD attack.
(8) Cause widespread environmental damage through
explosions at computer-controlled chemical factories,
undetected leaks in the oil pipelines and the bursting of dams.
(9) Fatalities that would result from these attacks include
deaths from transportation accidents, deaths from exposure to
extreme heat or cold caused by power failures, drowning from
burst dams, riots, and the list goes on.
9. Need of Cyber Arms Control and Cyber Deterrence . The world
needs cyber arms-control as well as cyber- deterrence. Such treaties have been
resisted till now by most countries for fear that they could lead to rigid global
regulation of the internet. Moreover US feels that such treaties will ultimately result in
undermining the dominance of American internet companies, stifling innovation and
restricting the openness that underpins the net. Perhaps America also fears that its
own cyber war effort has the most to lose if its well-regarded cyber spies and cyber-
warriors are reined in.
10. Redefining Cyber Security. We have advanced into an age
where cyber security has assumed greater importance in view of the enhanced
capabilities and resource mobilization available to various state and non state actors

RESTRICTED
 18
RESTRICTED

to initiate what is known as cyber terrorism and was regarded a distant possibility.
The world view, especially in the West is fast adjusting to the growing reality. Some
interesting aspects of cyber security confronted by managers and administrators
today are covered in subsequent paragraphs 14.
a. To assume that cyber terrorism would be aimed at critical
infrastructure allowed governments to assign their security
responsibility to the private sector since it owned most of this critical
infrastructure; however this approach is fast losing its credentials.
b. Military and intelligence services and recruited proxy forces
like hackers and criminals can carryout specific tasks.
c. Stealing of intellectual property and confidential business
information by foreign governments, companies or citizens poses a
serious cyber security issue in a world dominated by greater
connectivity and easier access.
d. Politics of a target country can be manipulated through denial
of service attacks, leaks of material obtained through hacking and other
sophisticated exploits without hiring any mob to do so.
e. Cyber crimes are a growing reality. These extract money from
financial institutions and sometimes, continue under the noses of
intelligence and law enforcing agencies since these criminals are being
tolerated for their contributions elsewhere.
f. A need has also risen to redefine an ‘attack’. The United
Nations Charter, and The Hague and Geneva Conventions make clear
that an attack involves physical destruction and casualties.
g. Espionage and state-sponsored crime do not qualify as
attacks and do not justify the use of military force in response.
11. Information Operations. Information Operations are defined
as actions taken to affect adversary information and information systems while
defending one’s own information and information systems. Gathering, exploiting and
protecting information have been critical elements in command, control and
intelligence throughout the history. In future, the significance of information will never

14
Sasakawa Peace Foundation Tokyo, Paper presented on 12 September 2011 titled ‘’Rethinking
Cybersecurity – A Comprehensive Approach, [Online] Available http://techploicy@csis.org,
(accessed December 2011)

RESTRICTED
 19
RESTRICTED

change. The difference will reside in the increased access to information and
improvements in the speed and accuracy of prioritizing and transferring data brought
about by advances in technology. While the friction and the fog of war can never be
eliminated, new technology promises to mitigate their impact. Information Operations
capitalize on the growing sophistication, connectivity, and reliance on Information
Technology.15 The definition of Information Warfare and Information Operations are
broad and include every tool at the nation’s disposal, including Electronic Warfare,
Command and Control Warfare(C2W), Operational Security (OPSEC), military
deception, Psychological Operations (PSYOPS), Physical attack, Computer Network
Attacks (CNA), Command and Control warfare and Special Information Operations
(SIO), physical security etc. Such an all-inclusive definition makes discussion of
Cyber specific issues impractical if not possible. Importance of Information
Operations can be gauged by the statement of Jamie Shea (NATO Spokesman) in
2000 “Public opinion in modern conflict is much more likely to be critical because it is
presented by the media only with short term side effects and the immediate costs of
military action. It is not presented with the long term benefit.
a. Forms of Information Operations16. Due to paucity of
space, these techniques are only being listed here:
(1) Electronic Warfare Operations.
(2) Electronic attack.
(3) Electronic protection.
(4) Electronic warfare support.
(5) Computer network operations.
(6) Psychological operations.
(7) Military deception.
(8) Counter intelligence.
(9) Counter propaganda operations.
(10) Public affairs operations.
b. Capabilities of Information Operations17
(1) Core Capabilities. Electronic Warfare, Computer
Network Operations, Psychological Operations, Military
15
Joint Doctrine for Information Operations, US Joint Pub 3-13, 9 October 1998.
16
Major General Imtiaz Hussain Sherazi, Information Operations, their scope and impact on Pakistan’s
security, Pakistan Army Green Book, 2010, (Instant Print System, 2010), 81.
17
Ibid, 84.

RESTRICTED
 20
RESTRICTED

Deception and Operations Security are integrated into the

planning and execution of operations in the information
environment.
(2) Supporting Capabilities. Information assurance,
physical security, physical attack, counter intelligence and
combat camera have military purposes other than IOs but either
operate in the information environment or have impact on the
information environment.
(3) Relates Information Operations Capabilities .
Public Affairs, civil-military operations and defence
support to public diplomacy.
c. Ways to Employ Information Operations Capabilities 18
(1) Destroy. To damage a system or entity so badly that it
cannot perform any function.
(2) Disrupt. To break or interrupt the flow of information.
(3) Degrade. To reduce the effectiveness or efficiency of
adversary’s Command and Control (C2) or communication
systems, and information collection efforts or means. IOs can
also degrade the morale of a unit, reduce the target’s worth or
value, or reduce the quality of adversary decisions and actions.
(4) Deny. To prevent the adversary from accessing and
using critical information, systems, and services.
(5) Deceive. To cause a person to believe what is not true.
MILDEC seeks to mislead adversary decision makers by
manipulating their perception of reality.
(6) Exploit. To gain access to adversary’s C2 systems to
collect information or to plant false or misleading information.
(7) Influence. To cause others to behave in a manner
favourable to our forces.
(8) Protect. To take action to guard against espionage or
capture of sensitive equipment and information.

18
Ibid, 84.

RESTRICTED
 21
RESTRICTED

(9) Detect. To discover or discern the existence, presence,

or fact of an intrusion into information systems.
(10) Restore. To bring information and information systems
back to their original state.
(11) Respond. To react quickly to an adversary’s or others’
IOs attack or intrusion.
12. Information Warfare. Cyber Warfare can be understood within the
complexity of broad range of Information Warfare as often cyberwar is being used
interchangeably with Information Warfare. Information Warfare can be defined as,
any action to deny, exploit, corrupt, or destroy the enemy’s information and its
functions; protecting ourselves against the actions; and exploiting our own
information operations. “Information Warfare is the offensive and defensive use of
information and information systems to deny, exploit, corrupt, or destroy, an
adversary's information, information-based processes, information systems, and
computer-based networks while protecting one's own. Such actions are designed to
achieve advantages over military or business adversaries.” 19
a. Pattern of Information Warfare Operations 20
(1) Peace Time. Information attacks in peacetime occur
every day to find out the specific vulnerabilities of the target so
that these vulnerabilities can be exploited for optimum gains at
the time of need.
(2) Pre-Hostilities Period. Attacking economic and other
psychosocial targets in addition to random exploitation of military
targets. Cyber attacks during this period have national security
implications and hostile cyber agencies will focus on targets to
set in paralysis before going to the next level.
(3) War Period. Major focus of cyber attacks on military
targets will be on strategic and operational communication
systems, command and control system of weapons of mass
destruction and surveillance intelligence systems.
b. Weaknesses of our IO Capabilities21
19
“Information War - Cyberwar – Netwar”, George J. Stein, Chapter 6.
20
Major General Imtiaz Hussain Sherazi, Information Operations, their scope and impact on Pakistan’s
security, Pakistan Army Green Book, 2010, (Instant Print System, 2010), 84.
21
Ibid, 85.

RESTRICTED
 22
RESTRICTED

(1) Media Warfare. Pakistan is dependent on hired

satellite channels, which are not sufficient for a meaningful
response. Our satellite channels are continuously striving
maintain pace with rapidly developing media and information
innovations of our adversary.
(2) Computer/ Software Development. Pakistan is in a
preliminary stage of development of establishing a base for
information technology. She is far behind in computer and
software development.
(3) Trained Personnel. Information technology requires
personnel at different levels of expertise i.e. programmers (first
level), software engineers and analysts (second level) and
software project manager (third level). In Pakistan IT education is
not integrated and is divorced from the IT industry.
(4) Inconsiderate Policies Towards Software Export.
Although government has announced several incentives and tax
breaks for the software sector but still this is not enough.
Following aspects need to be considered:-
(a) Establishment of Software Export Bureau.
(b) Incentive for Manufacturers and Exporters.
(c) Holding of exhibitions.
(d) Commercial Attache’s tasking for improving the
exports.
(5) Local Industry. In Pakistan due to strong prejudice
against local products and services, IT firms either fizzle out or
concentrate only on low volume/high margin products.
(6) Software Piracy. Due to lack of an effective and
foolproof guarantee for software in Pakistan, it is dangerously
exposed to all sorts of piracies and manipulations.

RESTRICTED
 23
RESTRICTED

CHAPTER – 3

CONTEMPORARY PERSPECTIVE/ RESPONSE – CYBER WARFARE

13. US. US realized the importance of cyber security as late as 2001

when under Bush administration; a separate office was set up in White House to
handle the coordination aspects. Following steps are worth mentioning in this regard:
a. Efforts of the team assembled in White House resulted in the
formulation of the ‘National Strategy to Secure Cyber Space’. 22
b. The ‘Comprehensive National cyber security Initiative’ focused
on securing the government’s networks; however, it did not address the
vulnerability of financial sector to cyber war.
c. In 2009, a number of cyber security experts, called ‘Black
Hats’ were asked to arrive at consensus to give recommendations to
the Obama Administration for securing cyber space. The group evolved
consensus on following points:
(1) Federal government must spend more on cyber
security research and development.
(2) There was a need for smart regulation of some of the
aspects of cyber security like federal guidelines for internet
backbone carriers.
(3) Focus should be on resilience rather than attribution
finding so that people must prepare themselves against the
disruptive as well as the destructive nature of attack through
advance planning.

22
Richard A Clarke and Robert K Knake, Cyber War, (Harper Collins Publications, USA, 2010), 112.

RESTRICTED
 24
RESTRICTED

(4) There should be no connectivity between the utility

networks and the internet to separate the critical infrastructure
from free access available on internet.
(5) There was a need to take a lead role by governments
to address cyber security issues.
d. Similarly, it was again in 2009 when President Barack Obama
declared America's digital infrastructure to be a "strategic national
asset," and in May 2010 the Pentagon set up its new U.S. Cyber
Command (USCYBERCOM), headed by General Keith B. Alexander,
director of the National Security Agency(NSA), to defend American
military networks and attack other countries' systems.
e. In the US, Cyber Command was set up to protect the military,
whereas the government and corporate infrastructures are primarily the
responsibility respectively of the Department of Homeland Security and
private companies.
f. In February 2010, top American lawmakers warned that the
"threat of a crippling attack on telecommunications and computer
networks was sharply on the rise." According to The Lipman Report,
numerous key sectors of the US economy along with that of other
nations, are currently at risk, including cyber threats to public and
private facilities, banking and finance, transportation, manufacturing,
medical, education and government, all of which are now dependent on
computers for daily operations.
g. To meet the threats and operational demands of this
unfamiliar territory, the US military is embracing new models and
agendas for training its troops:
(1) Treating cyberspace as a domain means that the
military needs to operate and defend its networks and to
organize, train and equip our forces to perform cyber missions
(2) Efforts range from mandatory cyber education for those
in the lowest ranks to elite training for new, highly specialized
careers in network defense. The transition is eased somewhat

RESTRICTED
 25
RESTRICTED

for a generation that is well-versed in the technologies of the

Information Age.
(3) Under the umbrella of the US Cyber Command,
launched in May 2010, the Air Force, Army, Marine Corps and
Navy have all made progress in preparing troops for cyber
conflict. Collaboration among the services and with the private
sector, rather than the services each having their own training,
is helping the military incorporate best practices and the latest
tools into cyber training. Through those partnerships, the
services are building on their collective knowledge and sharing
classrooms — sometimes even while students are physically
seated thousands of miles apart.
(4) The efforts are already paying off. The U.S. Naval
Academy's class of 2013 will have three times the number of
computer science and IT majors that the class of 2011 did 23.
14. China
a. China is perceived to have acquired both offensive and
defensive cyber war capability systematically. It has, over the years,
done following to enhance its cyber warfare potential 24:
(1) Created citizen hacker groups.
(2) Engaged in extensive cyber espionage, including US
computer software and hardware.
(3) Taken various steps to define its own cyberspace.
(4) Established cyber war military units.
(5) Allegedly laced US infrastructure with logic bombs.
b. China listed ten examples of weapons and techniques used in
cyber space, both in offensive and defensive role. These are 25:
(1) Planting information mines.
(2) Conduct information reconnaissance.
(3) Changing network data.
(4) Releasing information bombs.
23
Amber Corrin, ‘’Cyber training no longer basic’’, 18 November 2011, [Online] Available
http://techploicy@csis.org, (accessed December 2011)
24
Richard A Clarke and Robert K Knake, Cyber War, (Harper Collins Publications, USA, 2010), 54.
25
Ibid, 57.

RESTRICTED
 26
RESTRICTED

(5) Dumping information garbage.

(6) Disseminating propaganda.
(7) Applying information deception.
(8) Releasing clone information.
(9) Organizing information defense.
(10) Establishing network spy stations.
c. Chinese government is believed to be involved in a series of
penetrations of US and European networks, successfully copying and
exporting huge volumes of data.
15. Other Countries
a. Iran claims to have the world’s second-largest cyber-army.
b. Russia, Israel and North Korea boast efforts of their own.
c. NATO is debating the extent to which it should count cyberwar
as a form of “armed attack” that would oblige its members to come to
the aid of an ally.

RESTRICTED
 27
RESTRICTED

CHAPTER – 4

ANALYSIS AND RECOMMENDATIONS

16. Analysis
a. Possibility of Cyber Wars. Cyber wars are possible due
to following:
(1) Existing design of internet.
(2) Flaws in software and hardware.
(3) Allowing critical machines to be controlled from cyber
space.
b. The world is slowly but surely graduating into the threshold of
overt cyber attacks.
c. There is need to agree on modest accords or ‘informal’ rules
of the road to begin with that would raise the political cost of cyber
attacks. The requirement to establish "norms of acceptable behavior in
cyberspace" has to be given due consideration by all nations.
d. Subsequently, but not delaying inordinately, there is a need to
have cyber weapons treaties to prevent cyber wars.
e. Non kinetic application/ warfare, of which cyber warfare is
perhaps the most lethal tool, may accompany most future wars or be
conducted as a standalone activity.
f. Cyber warfare is a global trend.
g. Unlike nuclear capability, cyber war capabilities cannot be
demonstrated.
h. There is a need to have cyber arms control and cyber
deterrence regimes in place to have a coordinated global approach to
counter cyber threats.

RESTRICTED
 28
RESTRICTED

i. Another important issue of cyber security that seems to be

emerging now is the state sponsored espionage and crime besides
growth of offensive military capabilities; issues which need to be dealt
by governments rather than the private sector.
j. The most important goal now is to improve own defenses
before the day arrives when states and non state actors will become
cyber powers.
k. Militaries may not use cyber wars in isolation but as part of
some larger military conflict as this alone cannot win a war. It surely
annoys the opponent. It may cause disruption in the functioning of
critical infrastructure or systems.
l. Cyber security experts admit that it could be just as difficult to
measure the success of training for cyber security as it is to quantify
cyber defense.
m. The worrisome part of the whole issue is the difference in
understanding of the problem. If you ask 10 people what ‘cyber
terrorism’ is, you will get at least nine different answers! When those 10
people are computer security experts, whose task it is to create various
forms of protection against cyber terrorism, this discrepancy moves
from comedic to rather worrisome.
n. Armed forces have given a cursory treatment to the whole
threat spectrum and yet to evolve a comprehensive strategy.
o. Certain Important Conclusions
(1) Cyber War is real.
(2) Cyber War is Fast. Cyber wars present a dilemma
for decision makers wherein the time between the launch of an
attack and its effects is barely measurable.
(3) Cyber War is Global. Covertly acquired or hacked
computers and servers, when kicked into service, make the
cyber war global.
(4) Nontraditional Battle Space. Cyber space presents a
nontraditional battle space where the space used by common

RESTRICTED
 29
RESTRICTED

people from banks to air defense system can be quickly taken

over or knocked out without any fighting on the traditional front.
(5) Cyber War has Begun. Nations are preparing for this
war. Peace time activities range from hacking into each other’s
networks, laying trap doors and logic bombs etc.

17. Recommendations
a. National Level
(1) National Information Security Policy .
Pakistan does not have a national Information Security Policy
based on common standards across the entire length and
breadth of the country. The Government needs to chalk out, in
consultation with the corporate sector, Information Technology
Division and military authorities, a comprehensive National
Information Security standard.
(2) There is a need to establish an Information Technology
Security Task Force.
(3) The government needs to consider provision of certain
incentives to private sector for both computer hard and software
development and manufacture.
(4) All communication and computers relying setups must
be shielded through cyber and net war security systems as part
of a comprehensive cyber security strategy.
(5) Mandatory Information Technology Literacy.
There is a need to introduce mandatory Information
Technology literacy courses for all levels of civil and military
personnel and to make Information Technology literacy a
prerequisite for induction into a particular position of influence in
both civil/ military domains.
(6) Comprehensive Legislation to Combat Cyber
Crime. A comprehensive legislation to combat cybercrime

RESTRICTED
 30
RESTRICTED

and terrorism needs to be brought into effect. Any future

Information Technology policy needs refinement in a dynamic
cyber environment and has to be bolstered with provisions for
easy implementation across international borders.
(7) Basic Computer Literacy. There is a need
to include a compulsory, modern and up-to-date computer
literacy module in the matriculation/ equivalent level curriculum
for high schools. This will enhance HRD in Information
Technology field.
(8) Hacking Expertise. Priority should be
accorded to the development of indigenous hacking expertise
to target adversary’s electronic and computer system.
b. Armed Forces Level
(1) Creation of a dedicated organization and infrastructure
at military strategic level and integration and management of
information and psychological warfare means of the three
services.
(2) Formulation of an effective command, control,
communication, computer, intelligence, information,
surveillance and reconnaissance system.
(3) Development and implementation of long term
Information Technology policy for the three services.
(4) Create Awareness. As we progress and use
more sophisticated equipment we become more vulnerable to
cyber attacks, hence it is important to create awareness in all
ranks regarding Cyber Warfare. Following is required to be
done in this regard:
(a) Awareness within Armed Forces through
issuance of relevant material and delivering
lectures/seminars.
(b) Computer training to be imparted as special
subject in all school/colleges of instruction in the three
services.

RESTRICTED
 31
RESTRICTED

(5) Cyber Discipline. Like wireless communication

discipline, cyber discipline should be introduced. This should be
done on a crash programme basis to broaden the base by
developing the security mindedness in use of computers.
(6) Research and Development. There is a need to
create Research and Development facilities to undertake
research in following fields:
(a) Effects of computer viruses on own systems.
(b) Silicon eating microbes and its counter
measures.
(c) Hacking expertise.
(d) Vulnerability to logic bombs and its counter
measures.
(7) Network Security. Security measures have
been taken to safe guard military communication systems
however, the threat to Armed Forces and national network can
come from inside or from hostile cyber agencies. In order to
provide adequate defence, the strategy should be to:
(a) Deny access to the intruder.
(b) Detection of cyber attack.
(c) Eradicate viruses etc, which might have
penetrated in the system.
(d) Recover the damaged data.
(8) Active Cyber Warfare. Weak areas of the enemy’s
electronic and communication systems should be evaluated
and subsequently targeted.
(9) Elements of Cyber Security Strategy
(a) ISP responsibility for consumers. The first
element of cyber security strategy is to make internet
service providers (ISPs) responsible for protecting
consumers and small businesses, who will never be able
to protect themselves. ISPs usually know when their
customers are infected with malicious software

RESTRICTED
 32
RESTRICTED

(malware), but they take no action to remove it. This

should change.
(b) Notification of Breach. Thresholds for
notification would have to be developed.
(c) Regulation of critical infrastructure.
Critical infrastructure companies must bear responsibility
for digital security, particular for securing industrial
control systems that control crucial machinery.
(d) Active defense.
(e) International cooperation.
18. Conclusion. The information revolution, startlingly fast as
it is, shows no signs of slowing. The description of asymmetric warfare and its cyber
aspects, given in this monograph is neither definitive nor conclusive. The discussion
is intended primarily to stimulate thinking in unique and more meaningful ways about
how warfare in the 21st century may be fundamentally different than it is today. And,
of equal importance, evaluating what we should be doing now in order to prepare
ourselves for the present and the future alike.
19. Cyber warfare stands as the predominant defining feature of warfare
in the 21st century. In the asymmetric calculus, it contains opportunities, which if
exploited in the right earnest will afford maximum security to the nation. But the
serious dangers resulting from ignoring its importance can only be ignored at the
peril of the national sovereignty. In our environment its problems are not so
compounded as in the case of developed nations. However, our quest for
modernization and growing dependence on computers is likely to fully expose us to
cyber threat in near future. Indian dominance in computer industry amply reflects her
potentials and standing in the computer related technologies. Should India decide to
exploit her domination, the threat could become meaningful. The recommendations
proffered in the study will not only help to create awareness in the field of cyber
warfare but in tandem will also reduce our vulnerabilities. It must however be
remembered that in the field of cyber warfare best defence lies in the offensive cyber
actions.

RESTRICTED
 33
RESTRICTED

20. Bibliography
a. Clarke, Richard A and Knake, Robert K. Cyber War, (Harper
Collins Publications, USA, 2010).
b. Clemmens, Byard Q. “Cyber Warfare: Ways, Warriors and
Weapons of Mass Destruction”, Military Review, September/October
1999.
c. Pakistan Computer Emergency Response Team. “The Future
of Computers & Internet Cyber Warfare”. [Online] Available
http://pakcert.com.pk/cyberwarfare/.
d. RAND. “Strategic War in Cyberspace”. [Online] Available
http://www.rand.org/publications/ RB/RB7106/ 106.html.
e. Gershwin, Lawrence K. “Cyber Threat Trends and U.S.
network Security”. Speech, U.S. Joint Economic Committee: 21 June
2011. [Online] Available http://www.cia.gov/nic/speeches/testimony/.
f. Campen, Alan D, Dearth, Douglas H and Goodden, R.
Thomas. Cyberwar: Security, Strategy and Conflict in information Age.
(New Delhi: Bookmart Publishers, 2000).

RESTRICTED
 34
RESTRICTED

g. Significant Cyber Incidents Since 2006’’. [Online] Available

http://techploicy@csis.org, 29.
h. Sasakawa Peace Foundation Tokyo, Paper presented on
12 September 2011 titled ‘’Rethinking Cybersecurity – A
Comprehensive Approach, [Online] Available
http://techploicy@csis.org.
i. Joint Doctrine for Information Operations, US Joint
Publications, 9 October 1998.
j. Sherazi, Imtiaz Hussain, Information Operations, their scope
and impact on Pakistan’s security, Pakistan Army Green Book, 2010,
(Instant Print System, 2010).
k. Corrin, Amber. ‘’Cyber training no longer basic’’, 18 November
2011, [Online] Available http://techploicy@csis.org, (accessed
December 2011).
l. Stein, George J. Information War – Cyber war – Net war. AU
Press, 1995.
m. Lapointe, Adriane. “When good Metaphors go bad – the
Metaphoric ‘Branding’ of Cyberspace”, Centre for Strategic and
International Studies, (9 September 2011),
http://csis.org/publication/when-good-metaphors-go-bad-metaphoric-
branding-cyberspace.
n. Lewis, James Andrew. “Rethinking Cyber Security – A
Comprehensive Approach”, Sasakawa Peace Foundation, Tokyo, (12
September 2011), http://csis.org/publication/rethinking-cybersecurity-
comprehensive -approach.
o. “Cyber War-the threat from the internet”, (1 st July
2011),http://www.economist.com/node/16481504.
p. Parks, Raymond C and Duggan, David P. "Principles of
Cyberwarfare," IEEE Security and Privacy.

RESTRICTED