Critical Read

How to define cyber-enabled economic warfare

sphere of binary data 

What: "Framework and Terminology for Understanding Cyber-Enabled Economic Warfare," a new report by Samantha F. Ravich and Annie Fixler for the Foundation for Defense of Democracies.

Why: The U.S. and its allies lack coherent doctrine and policy to defend against the growing range of cyber threats, and that is because of a failure to even agree on a common language to describe a "cyber attack," the authors contend.

Increasingly, nation states and other actors are engaging in cyberattacks designed to undermine the economy of the victim, and such attacks can now cause "economic harm disproportionate to the size or resources of the attacker."

The authors call this "cyber-enabled economic warfare." They argue that the U.S. has not embraced this terminology and therefore hasn't been able to build effective policies, and that the problem is even more complicated when dealing with U.S. allies.

The report contends that NATO's Cooperative Cyber Defence Centre of Excellence lists 15 different definitions for the term "cyber attack" and 11 definitions of "cyber terrorism." The authors argue that until the international community agrees to a common lexicon, policy coordination will continue to be stymied.

The report lays out a proposed set of definitions for various cyber acts.

Cyber-enabled economic warfare is a "hostile strategy involving attack(s) against a nation using cyber technology with the intent to weaken its economy and thereby reduce its political and military power." The authors state that for a cyber campaign to be defined as CEEW, it must meet four criteria: the attack(s) are cyber enabled, intended to cause economic harm, economic damage must be "significant enough to potentially degrade national security capabilities" and that must be the intent.

The report states that not all attacks will meet those four criteria and therefore may fit into other defined categories, such as cyber financial warfare, cyber crime, cyber espionage, cyber terrorism, cyber warfare or cyber-enabled information warfare -- each of which has a specific definition and criteria in the report.

The authors categorize some of the recent major cyber incidents according to this lexicon.

For example, China's economic theft of intellectual property from the U.S. is considered CEEW, along with Russia's cyberattack on Estonia and Iran's Saudi Aramco attack. The authors also contend that the U.S. sanctions on Iran using cyber means to cut off Society for Worldwide Interbank Financial Telecommunication access also falls under CEEW.

The Office of Personnel Management breach and Russia's hacks into U.S. government agencies such as the State Department and the White House constitute cyber espionage, which can be a tactic of CEEW, states the report.

Russia's effort to influence the U.S. election is a "classic case of cyber-enabled information warfare," according to the report, while the North Korean hack of Sony, and Iran's attack on the Las Vegas Sands Corporation are acts of cyber terrorism.

Verbatim: "The U.S. government should work with its allies and the private sector to create a unified understanding of the key concepts broadly related to cyber attacks and, more specifically, related to cyber-enabled economic warfare. Understanding not only the terminology but also the tactics, strategies, and intentions of nation states, non-state actors, and criminal organizations is critical for crafting effective counter-measures and proactive policies."

Read the full report.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • People
    Dr. Ronny Jackson briefs the press on President Trump

    Uncertainty at VA after nominee withdraws

    With White House physician Adm. Ronny Jackson's withdrawal, VA watchers are wondering what's next for the agency and its planned $16 billion health IT modernization project.

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.