Martin C. Libicki, author of Cyberspace in Peace and War (2nd Edition)
What are the characteristics of cyberwar? How is cyberwar campaign planned and executed?
Cyberwar is the systematic use of cyberattacks to achieve or support the aims that wars are carried out to achieve. It comes in two flavours. Tactical cyberwar is used to support kinetic (traditional) military operations; it is used primarily against military targets. Strategic cyberwar is designed to influence governments and societies; it is primarily used against civilian targets.
Campaign planning would depend on what its purpose is. Tactical cyberwar planning would follow war planning in general, although it may be used beforehand to create opportunities for kinetic war to exploit. Strategic cyberwar planning should also follow from the goals that it is trying to achieve, e.g., regime change, a reduction in popular support for the government policies, to enhance the status and prestige of the attacker, etc.
What will be the role of Artificial Intelligence in cyberwar?
AI is likely to be used both by attackers and defenders. For attackers, AI could be used to find vulnerabilities to exploit and to war-game various attack plans to understand their effects. For defenders, AI could be used on a continuous basis to detect system anomalies that point to intrusions. If AI proves as effective as its proponents maintain, it is likely to further tilt the playing field away from talented amateurs and towards professional organisations.
How have cyber weapons evolved since the Stuxnet attack?
Yes. But cyber weapons do not exist in a vacuum. They evolve as defences (and to a lesser extent, goals) evolve. As defences, for instance, focus on stymying lateral movement, detection, and forensics, offenses therefore evolve to facilitate lateral movement, evade detection and frustrate forensics.
What differentiates cyber defence from cyber offence? Which of these two is a better strategy?
For the most part (that is, excepting ‘active defence’) defence takes place in one’s own systems and offense takes place in the target’s systems. The amount and degree of conflict in third-party systems is, so far, minor. As for which is better, everyone needs defence, but only some can do offense cost-effectively. But, with rare exceptions, it’s not an ‘either/or’. The relative efficacy of each activity (or as an economist might ask, whether the next dollar can be spent wisely) is largely independent of the other.
Given the complexity of the coming algorithmic warfare and the fact that cyber affects all traditional domains of war, what measures should be taken to minimise effects of adversarial learning?
The best tactic is to keep other out of your systems. The second-best is to use deception so that they learn incorrectly (or lack confidence in what they think they learned). The trick with deception is to fool the other side’s hackers without fooling your own users and administrators in the process.