Advertisement

Remote assessment of countries’ cyber weapon capabilities

  • Ghita Mezzour
  • Kathleen M. Carley
  • L. Richard Carley
Original Article

Abstract

Today, a growing number of countries are incorporating cyber troops in their military and announcing intent to develop cyber weapons. Assessing countries’ cyber capabilities has important international policy implications. However, prior work on assessing such capabilities consists mainly of case studies. These case studies require substantial expertise and effort and thus only focus on a few “obvious countries”. In this paper, we develop a socio-computational methodology and populate the methodology using real data in order to assess cyber capabilities of all countries in the world. We leverage the fact that the strength of countries’ cyber capabilities depends on countries’ motivations and latent abilities to develop such capabilities. We develop a socio-cultural model to assess countries’ motivations and present metrics to assess countries’ latent abilities. More specifically, we adapt the Friedkin socio-cultural model in order to capture factors that motivate countries to acquire such capabilities. We then populate the model using publicly available data on international relations and the list of countries that have incorporated cyber security units in their military. Subsequently, we run the model in order to obtain an estimate of countries’ motivations. We estimate countries’ latent abilities by examining the strength of cyber security research, the existence of cyber security institutions, and information technology penetration in these countries. We combine motivation scores and latent ability scores in order to obtain cyber weapon capability scores: high, medium, low, and very low. Our methodology can be used by non-experts who only have access to publicly available data.

Keywords

Cyber weapons Socio-cultural modeling Computational models Cyber security 

Notes

Acknowledgements

This work is supported in part by the North Atlantic Treaty Organization (NATO) Science for Peace and Security (SPS) grant SPS G5319, by the Defense Threat Reduction Agency (DTRA) under grant HDTRA11010102, and the Army Research Office (ARO) under grants ARO W911NF1310154 and ARO W911NF0910273, and the center for Computational Analysis of Social and Organizational Systems (CASOS). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of DTRA, ARO or the US government

References

  1. Balzarotti D (2015) 10+ years of system security circus. http://s3.eurecom.fr/~balzarot/notes/top4/index.html. Accessed Jan 2018
  2. Betts RK (1993) Paranoids, pygmies, pariahs and nonproliferation revisited. In: Davis ZS, Benjamin F (eds) The proliferation puzzle: Why nuclear weapons spread (and what results). F. Cass, LondonGoogle Scholar
  3. Billo CG, Chang W (2004) Cyber warfare. an analysis of the means and motivations of selected nation states. Tech. rep., Institute for Security Technology Studies at Darmouth CollegeGoogle Scholar
  4. Bryan K (2009) Capability of the people’s republic of china toconduct cyber warfare and computer network exploitation. Tech. rep., Northrop Grumman CorporationGoogle Scholar
  5. Carr J (2012) Inside cyber warfare. Mapping the cyber underworld, 2nd edn. O’reilley, SebastopolGoogle Scholar
  6. Center for International Development and Conflict Management (2010) International crisis behavior project. http://www.cidcm.umd.edu/icb/. Accessed Dec 2011
  7. Central Intelligence Agency (2010) INTelligence: open source intelligence. https://www.cia.gov/news-information/featured-story-archive/2010-featured-story-archive/open-source-intelligence.html. Accessed Feb 2015
  8. CERT (2014) National computer security incident response teams. http://www.cert.org/csirts/national/contact.html. Accessed Jan 2014
  9. Cirlig CC (2014) Cyber defense in the EU. Preparing for cyber warfare? Tech. rep., European Parliamentary Research Service. http://www.europarl.europa.eu/EPRS/EPRS-Briefing-542143-Cyber-defence-in-the-EU-FINAL.pdf. Accessed Feb 2015
  10. Clarke RA, Knake R (2010) Cyber war: the next threat to national security and what to do about it. Harper Collins, New YorkGoogle Scholar
  11. Davis ZS (1993) The realist nuclear regime. In: Davis ZS, Benjamin F (eds) The proliferation puzzle: why nuclear weapons spread (and what results). F. Cass, LondonGoogle Scholar
  12. de Mesquita BB (2004) Decision-making models, rigor and new puzzles. Eur Union Politics 5:125–138CrossRefGoogle Scholar
  13. de Mesquita BB, Stockman F (1994) European community decision-making: models, applications and comparisons. Yale University Press, New HavenGoogle Scholar
  14. Denning D (2000) Reflections on cyberweapons controls. Comput Secur J XVI(4):43–53Google Scholar
  15. Dumitras T, Shou D (2011) Toward a standard benchmark for computer security research. The worldwide intelligence network environment (wine). In: Workshop on building analysis datasets and gathering experience returns for security (BADGERS), Salzburg, AustriaGoogle Scholar
  16. Elliott D (2011) Deterring strategic cyberattack. IEEE Secur Priv 5(9):36–40CrossRefGoogle Scholar
  17. Frankenstein W, Mezzour G, Carley KM, Carley LR (2015) Remote assessment of countries’ nuclear, biological and cyber capabilities: joint motivation and latent capability approach. Soc Netw Anal Min 5(5):1–21Google Scholar
  18. Friedkin N, Johnsen E (1990) Social influence and opinions. J Math Sociol 15:193–205CrossRefGoogle Scholar
  19. Gartzke E (2007) The Capitalist Peace. Am J Political Sci 51(1):166–191CrossRefGoogle Scholar
  20. Gibler DM (2009) International military alliances, 1648–2008. Correlates of war series. CQ Press, Washington, DCCrossRefGoogle Scholar
  21. Giles K (2011) Information troops—a Russian cyber command? In: 3rd International Conference on Cyber Conflict, Tallinn, EstoniaGoogle Scholar
  22. Hilderth SA (2001) Cyberwarfare. Tech. rep, CRS Report for CongressGoogle Scholar
  23. Horowitz MC, Narang N (2014) Poor man’s atomic bomb? Exploring the relationship between weapons of mass destruction. J Confl Resolut 58(3):509–535CrossRefGoogle Scholar
  24. International Cyber Center George Mason University (2014) Certicc home. http://internationalcybercenter.org/certicc. Accessed Jan 2014
  25. International Telecommunication Union (2012) Measuring the information society. http://www.itu.int/en/ITU-D/Statistics/Documents/publications/mis2012/MIS2012_without_Annex_4.pdf. Accessed Mar 2014
  26. Jo DJ, Gartzke E (2007) Determinants of nuclear weapons proliferation. J Confl Resolut 51(1):167–194CrossRefGoogle Scholar
  27. Kilroy RJ (2008) The US military response to cyber warfare. In: Janczewski L, Colarik AM (eds) Cyber warfare and cyber terrorism. Information Science Reference, HersheyGoogle Scholar
  28. Kroenig M (2010) Exporting the bomb technology transfer and the spread of nuclear weapons. Cornell University Press, IthacaCrossRefGoogle Scholar
  29. Lewis JA, Timlin K (2011) Cybersecurity and cyberwarfare. Preliminary assessment of national doctrine and organization. Tech. rep., Center for Strategic and International StudiesGoogle Scholar
  30. Leyden J (2012) Germany reveals secret techie soldier unit, new cyberweapons. http://www.theregister.co.uk/2012/06/08/germany_cyber_offensive_capability/. Accessed Mar 2014
  31. Libicki M (2009) Cyberdeterrence and cyberwar. Tech. Rep. RandGoogle Scholar
  32. Mandiant (2013) APT1: exposing one of china’s cyber espionage units. Tech. RepGoogle Scholar
  33. Maoz Z (2006) Structural equivalence and international conflict: a social networks analysis. J Confl Resolut 50(5):664–689CrossRefGoogle Scholar
  34. Mezzour G, Carley KM, Carley LR (2015) An empirical study of global malware encounters. In: Proceedings of the 2015 symposium and bootcamp on the science of security-HotSoS’15. ACM Press, Urbana, Illinois, pp 1–11Google Scholar
  35. Mezzour G, Carley KM, Carley LR (2017) Global variation in attack encounters and hosting. In: Proceedings of the hot topics in science of security: symposium and bootcamp on-HoTSoS. ACM Press, Hanover, MD, USA, pp 62–73CrossRefGoogle Scholar
  36. Mezzour G, Frankenstein W, Carley KM (2018) Carley LR (2018) A socio-computational approach to predictingbioweapon proliferation. IEEE Trans Comput Social Syst 5(2):458–467CrossRefGoogle Scholar
  37. Narin F, Olivastro D, Stevens KA (1994) Bibliometrics/theory, practice and problems. Eval Rev 18(1):65–76CrossRefGoogle Scholar
  38. New York Times (2012) Panetta warns of dire threat of cyberattack on us. http://www.nytimes.com/2012/10/12/world/panetta-warns-of-dire-threat-of-cyberattack.html. Accessed Mar 2014
  39. Nye JS (2011) Nuclear lessons for cyber security? Strateg Stud Q 5(4):18–38Google Scholar
  40. Nye JS (2013) From bombs to bytes: can our nuclear history inform our cyber future? Bull Atomic Sci 69(5):8–14.  https://doi.org/10.1177/0096340213501338 CrossRefGoogle Scholar
  41. Ortiz JU (2008) Argentina: the challenge of information operation. IOSphereGoogle Scholar
  42. Owens WO, Dam KW, Lin HS (2009) Technology, policy, law, and ethics regarding US acquisition and use of cyberattack capabilities. Tech. Rep., National Research Council (NRC)Google Scholar
  43. Rid T (2012) Cyber war will not take place. J Strateg Stud 35(1):5–32CrossRefGoogle Scholar
  44. Roscini M, Trust Leverhulme (2014) Cyber operations and the use of force in international law. Oxford University Press, OxfordCrossRefGoogle Scholar
  45. Sagan SD (2013) The spread of nuclear weapons: an enduring debate, 3rd edn. W.W. Norton & Co, New YorkGoogle Scholar
  46. SCOPUS (2012) www.scopus.com. Accessed Mar 2014
  47. Shackelford SJ (2009) From nuclear war to net war: anologizing cyber attacks in international law. Berkeley J Int Law 27(1):191–250Google Scholar
  48. Shakarian P, Shakarian J, Ruef A (2013) Introduction to cyber-warfare: a multidisciplinary approach, 1st edn. Syngress Publishing, Maryland HeightsGoogle Scholar
  49. Sharma A (2010) Cyber wars: a paradigm shift from means to ends. Strateg Anal 34(1):62–73CrossRefGoogle Scholar
  50. Smeets M (2018) A matter of time: on the transitory nature of cyberweapons. J Strateg Stud 41(1–2):6–32.  https://doi.org/10.1080/01402390.2017.1288107 CrossRefGoogle Scholar
  51. Thayer BA (1995) The causes of nuclear proliferation and the utility of the nuclear non-proliferation regime. Secur Stud 4(3):463–519MathSciNetCrossRefGoogle Scholar
  52. Waltz KN (2010) Theory of international politics. Waveland Press, Long GroveGoogle Scholar

Copyright information

© Springer-Verlag GmbH Austria, part of Springer Nature 2018

Authors and Affiliations

  • Ghita Mezzour
    • 1
  • Kathleen M. Carley
    • 2
  • L. Richard Carley
    • 3
  1. 1.TICLab, Faculty of Computer Science and LogisticsUniversité Internationale de RabatSala El JadidaMorocco
  2. 2.Institute for Software ResearchCarnegie Mellon UniversityPittsburghUnited States
  3. 3.Electrical and Computer Engineering DepartmentCarnegie Mellon UniversityPittsburghUnited States

Personalised recommendations