Miao’s Thoughts

To discuss how damage assessment fits within cyberconflict, we need to give definitions of these two terms first.

What is cyberconflict? There is not a clear, official definition of cyberconflict yet. Based on my understanding, cyberconflict is political motivated conflict between two or more nations in order to disrupt opponents’ digital systems and protect own systems. Not like traditional kinetic warfare, cyberconflict is conducted by engineers and scientists. Cyberconflict can happen at anytime and finish in a short time. This requires the defender to effectively detect the attack and respond to it quickly.

What is damage assessment? Damage assessment can be divided into two aspects. The first is defensive damage assessment. It analyzes when the attack happened, the magnitude of the damage caused and the approach of the attacker(can this happen again?). The second is offensive damage assessment. it is from the attacker’s point of view. It analyzes the damage caused in the opponent’s system and elicit feedback from the system to see if we need attack again or can break into the system again in the future.

For example, if one found his house has been broken in. From his point of view(DDA), he wants to know when did the burglary happen, what did the burglars take and how did they come in. From the burglars’ point of view, they want to know what can be taken from the house, did the owner find out and did he replace the older lock wich a more powerful one and can they break into the house again.

Damage assessment is very important in both sides of cyberconflIct. Without damage assessment, the defender will have more severe lose and the offender will waste much time and money with no return.

In the defender’s side, when an attack is detected, damage assessment can help them to find out which part of the system is damaged and the other parts of the system can no longer rely on the information, at least temporarily. When a cyberconflict happens with military conflict. The damage assessment can tell the commander the lose in the military capability caused by the atttack and the commander can understand the ir situation in the war and make better decision. What’s more, by analyzing the strategy the attackers using, the defender can evaluate whether the damage can happen again in the same place, or, in other places of the system, there are potential possibility to be attacked again using the same strategy .

In the offender’s side, damage assessment can help them know the damage caused in the opponent’s side and thus they can know whether the attack is successful or not. And by eliciting feedback from the victim system, the offender can know whether the defender has set up an efficient way to fix the damage or not. If not, maybe they can attack the opponent again using the same strategy or even attack another part of the opponent’s system that has the similar defense strategy.

These are all benefit of damage assessment in a cyberconflict and they are in low level(in the context of a particular conflict). However, when we have the damage assessment information of many attacks(no matter from the defender or the offender), we can integrate these information together and from a higher level we can understand the macroscophic damage of cyberconflict can be caused. For example, can cyberconflict coerce the economic system of a nation? What’s the power of cyber attack in a large-scale conflcit between countries? Is it more effective than nuclear weapon? Understanding the impact of cyberconflict and our own capability in the cyberconflict can also help the government make better decision of the political strategy. For example, to sign a treatee of not to use cyberconflcit or not.

All in all, damage assessment is very important in cyberconflcit. It is the metrics of cyberconflcit. With out damage assessment, we cannot know the power and impact of cyberconflict. Just like we need to calculate the Return of Investment after we commit an investment. Otherwise the investment is meaningless.