In this age of Digital Socialisation, the digital realm is increasingly becoming an important dimension of the contemporary battle-space. Much has been said and done about cyber-threats, however extremely limited or no attention is paid to the challenges that arise from the malicious use of openly available digital information on and around military organisations.
Today, The adversary does not need significant resources or advanced cyber capabilities. To pose a threat, social media and connected technologies are easily accessible and they provide information and infrastructure that can be exploited by anyone with access to an internet-enabled computer.
Social Media is a mix of human psychology (read social behaviour) with the internet of things. This is correct except that the human angle appears to be 70% and the network, the balance 30%. The personal internet was available even in the early 90s, but it was then the synthesis of the human urge to communicate with a person (a face) vis an IP address that brought the explosive growth of social media platforms. The arrival of the smartphone, the handheld connected computer, brought the world into our palms. The benefits of this convergence are many. That said, phones to watches, everything is becoming a computer. It may be surely an achievement to rejoice, but if everything is becoming a computer, then it is to be understood that everything is also becoming a potential surveillance device.
The survival of any military force is a principal consideration in strategic planning and decision-making. It has implications that extend well beyond military operations and into issues such as public support and political cohesion. It is evident every day how the nation’s military protects it’s members. Recently media highlighted the steps taken by the Army for safeguarding soldiers against the coronavirus, over and above the measures constituted by the government. We have also seen how the security of various bases & ports, to guard these vital assets is a military function. Similar to such physical security, digital security is also an aspect that keeps the military planners on their toes.
We have heard measures like app ban, smartphone ban, wearable devices ban etc highlighted in various reports coming out from the military. I won't deny that they are effective, but there is no silver bullet solution here. Being such pervasive technology, apps like Facebook and devices like smartphones & smartwatches are virtually adsorbed onto our daily lives. Their functionality is today a necessity with e-banking, e-commerce and even crucial contact tracing platforms being inescapable requirements. Thus, such a non-implementable total digital isolation, as a protective measure, is of limited value, to say the least.
Separating mobile phones from defence personnel in official areas or during exercises and operations may be critical for operational security in many contexts, but it does not remedy the complex threats in the digital domain. An individual’s digital footprint is created over a period. The allied data-points get collected over years of internet activity, is processed through machine learning & artificial intelligence-based computational processes, creating an online profile. Leaving the smartphone outside a particular office, 5 days a week is a simple indicator that you work inside that office. Subroutines transmitting such location data from your device are even embedded in basic map applications and one does not need covert surveillance infrastructure to extract the same. Similar results can be concluded from analyzing any other interfaced app. Flightradar24 gives info on even Airforce C-17 flights, geotagged selfies have been known to reveal even isolated border locations and it does not matter if the photo is shared on Facebook or Whatsapp or even just emailed, the location metadata is embedded in the pic and has nothing to do with the app.
The military may isolate the individual, but crowd-sourced open information has become a simpler way of getting critical inputs. Recently, a twitter handle posted an old photograph having officers of an elite unit. While many of those may have retired, the comments to the tweet by people having the urge to participate in a discussion, showcase their awareness and naturally seek acknowledgement, gave away the identities of many in the photograph. Cases of people identifying areas and commenting on the military significance of the same are routine and unfortunately can’t be wished away. Information about military capabilities, such as personnel and equipment numbers, can even be obtained from civilian and commercial sensors, such as footage from publicly available or misconfigured traffic and CCTV cameras. It is not that one event is detrimental to the security, but it is the long-term information matrix that can be webbed from such data points that creates the concern.
The defeat of an adversary, by whatever mechanism, is a cognitive outcome. It is the accumulated stresses of combat and perceptions of a situation that leads to fear, flight, or surrender. A military can be made to perceive the enemy’s relative advantages as a battle unfolds and conclude (through cognition) that the cost of continuing will exceed the possible benefits. Trained for kinetic warfare, military leaders struggle to engage with the complete spectrum of the cyber domain, especially the open domain espionage. The adversary is so distributed that conventional thought of carpet-bombing or armoured punch-through can’t be employed and force-wide digital isolation is not a realistic long-term possibility.
This is where active, adaptive digital camouflage can appear as an option.
Camouflage, as a concept, is many times confused with concealment. To camouflage is to merge with the surroundings to make you indiscernible to the observer whereas to conceal is to protect from view. Digital camouflage works on enmeshing military digital information with other ‘noise data’ thereby denying the enemy the ability to zero in on the information and process it into intelligence. But this has to be pre-emptive and adaptive. Pre-emptive measures that create systemic resilience against the malicious use of digital information are critical. Raising awareness about adversarial risks related to the social media information environment is a critical first step, but this general awareness needs augmentation with specific education activities, internal communication measures, evolving regulations etc. This countermeasure is likely to be preferred by militaries as it is based on fundamental deception operations. The measures should protect critical information in one or more of the following ways: minimizing predictable patterns of online behaviour & camouflaging indicators when they can’t be avoided by pairing them with meaningless changes giving out an alternative interpretation for the indicators. Once military commanders adapt these aspects in their mission plan, technical specialists can be tasked for implementation.
Extracting information from the open internet, especially with an overdose of social media posts, is an abundance of low-hanging fruit, where a small investment can pay large dividends. One can counter the adversary only by proactively keeping him occupied in the OODA loop. A distributed denial of opportunities, planned into the operational philosophy is the future on our doorstep. Camouflage is useful for concealment, but it is not a replacement for offensive capabilities. Force preservation in the digital domain needs to be integral in our strategic communication plan.
No comments:
Post a Comment