Friday, December 11, 2009

Abstract on capabilities of novice cyber warriors

Below is an abstract paper idea that I am currently developing. The main idea is to look at the potential actions available for low level attackers - people who have no special training or experience with cyber attacks. The working title is "From pitch forks to laptops: volunteers in cyber conflicts". I would be grateful for any useful references on this topic.


The capability for organized violence in the international setting has normally been the domain of nation states. Cyberspace, however, provides an international arena where almost anyone has the power to attack any target at will. While most of these attacks have little effect, there is often little disincentive to using them, as attribution of cyber attacks and prosecution of attackers is still the exception, instead of the norm. Thus, the 21st century farmers with pitch forks or cyber militia become more than a local force and, if organized well enough, can mount an offensive cyber campaign that could damage the economy or social order of a nation state on the other side of the planet.

In order to test this claim, I will first consider the potential threat from the Internet users who are untrained in hacking techniques and who have very limited resources. In general, there are two types of activities that are open for such persons: supporting the cyber campaign by providing resources, cover and training (among other things) and launching cyber attacks as part of the cyber campaign. It is important to note that the support activities may be more significant than fighting in a People’s War type conflict.

I will proceed by considering the potential threat from advanced hackers or hacker organizations. While there have been many well publicized hactivism campaigns, there are few examples of serious cyber strikes that target critical systems. Therefore, most of this analysis is theoretical, drawing on past examples as appropriate.

In the end, national security planners must face this threat and develop a strategy to counter it. I include some proposals for dealing with the cyber militia problem and discuss the potential merits and pitfalls of farmers with laptops engaging in cyber campaigns both on their own as well as in the service of a state.


  1. I know you are likely long done on this paper, but one of the places you can look for skills assessment data is the curriculum guides like CC2001 and the newer versions like IT2008. These document include outcome based learning objectives that allow you to have a point of reference for skill levels. Based on the Bloom learning taxonomy they are a cookbook for how to create computer scientists and information technology specialists. They also are the cookbook for hacker based skills.

  2. Thanks for the tip. The paper is still in the works, so I'll check these references out.

    I intend to take a somewhat simpler approach, however. In principle, my argument is that one does not need to know much to be dangerous. I plan to post more about this paper by the end of January.