andrewlb notes

Bytes, Bombs, and Spies

Published:

Bytes, Bombs, and Spies

Metadata

Highlights

  • The nature of target-weapon interaction with kinetic weapons can usually be estimated on the basis of physics experimentation and calculation. Not so with cyber weapons. For offensive cyber operations, this extreme “target dependence” means that intelligence information on target characteristics must be precise, high-volume, high-quality, current, and available at the time of the weapon’s use. (Location 266)
  • Both PPD-20 and the DoD Cyber Strategy note that offensive cyber operations must be conducted in accordance with the laws of armed conflict (LOAC), just as all other U.S. military operations are conducted. To address issues of collateral damage, the DoD has established a “No-Strike and the Collateral Damage Estimation Methodology”27 that requires commanders to compile a list of “no-strike entities” upon which kinetic or nonkinetic attacks would violate LOAC. (Location 371)
  • intelligence, surveillance, and reconnaissance (ISR). (Location 555)
  • While ISR has always been an important contributor to mission success for Department of Defense missions, it is, without a doubt, an essential predicate and enduring companion to mission success in the cyber realm. (Location 623)
  • common view among U.S. Cyber Command’s initial planning staff in 2009–10 was that the first 90 percent of cyber reconnaissance (i.e., ISR), cyber defense, and cyberattack consisted of the common work of finding and fixing a target of interest in cyberspace.12 The remaining 10 percent of a given cyber action was deemed to be all that separated the three possible outcomes of reconnaissance, defense, and attack. (Location 633)
  • To be successful in “detect and respond” scenarios, the defender needs to have near perfect knowledge about potential adversary tactics and signatures (for example, the ability to recognize a segment of code known to have malicious purpose and effects), and these need to be observable at the chosen point of examination. (Location 672)

public: true

title: Bytes, Bombs, and Spies longtitle: Bytes, Bombs, and Spies author: Herbert Lin and Amy Zegart url: , source: kindle last_highlight: 2019-03-25 type: books tags:

Bytes, Bombs, and Spies

rw-book-cover

Metadata

Highlights

  • The nature of target-weapon interaction with kinetic weapons can usually be estimated on the basis of physics experimentation and calculation. Not so with cyber weapons. For offensive cyber operations, this extreme “target dependence” means that intelligence information on target characteristics must be precise, high-volume, high-quality, current, and available at the time of the weapon’s use. (Location 266)
  • Both PPD-20 and the DoD Cyber Strategy note that offensive cyber operations must be conducted in accordance with the laws of armed conflict (LOAC), just as all other U.S. military operations are conducted. To address issues of collateral damage, the DoD has established a “No-Strike and the Collateral Damage Estimation Methodology”27 that requires commanders to compile a list of “no-strike entities” upon which kinetic or nonkinetic attacks would violate LOAC. (Location 371)
  • intelligence, surveillance, and reconnaissance (ISR). (Location 555)
  • While ISR has always been an important contributor to mission success for Department of Defense missions, it is, without a doubt, an essential predicate and enduring companion to mission success in the cyber realm. (Location 623)
  • common view among U.S. Cyber Command’s initial planning staff in 2009–10 was that the first 90 percent of cyber reconnaissance (i.e., ISR), cyber defense, and cyberattack consisted of the common work of finding and fixing a target of interest in cyberspace.12 The remaining 10 percent of a given cyber action was deemed to be all that separated the three possible outcomes of reconnaissance, defense, and attack. (Location 633)
  • To be successful in “detect and respond” scenarios, the defender needs to have near perfect knowledge about potential adversary tactics and signatures (for example, the ability to recognize a segment of code known to have malicious purpose and effects), and these need to be observable at the chosen point of examination. (Location 672)