JOURNAL: A New MAD (mutually assured disruption)?

The test run of a Russian open source computer assault on Estonia has now subsided. The only tangible legacy will likely be a slowdown in the Estonian economy and copious computer logs that chronicle the event. What's more important is the intangible: the desire of the Estonians to not let this happen again. I suspect that defensive precautions, although necessary, would be expensive and would not serve as a deterrent to future attacks. The key is to develop an offensive capability that draws on the lessons of the cold war.

MAD

During the cold war, the doctrine of MAD (mutually assured destruction) led to the end of direct warfare between the major powers. The potential that any conventional conflict could slide into a nuclear war, where both the attacker and the defender were destroyed (a Nash equilibrium), was the deterrent. We may shortly see a reprise of this concept for warfare between states in an interdependent world, where disruption replaces destruction in a new MAD.

In a globally competitive marketplace, ongoing disruption of a single country's economic system can result in rapid declines in relative performance. Computer assaults can accomplish this result with a high level of deniability. The option for Estonia is clear, will it establish a similar capability alone (or in conjunction with other states to form an umbrella of protection) to make the new MAD a reality? The best approach for this is to develop an open source network of hackers/black marketeers that can match the Russians. That shouldn't be hard. It's also possible to easily scale the impact of the attacks such that the damage to the larger state is equal or greater than to the smaller state. Much more thinking needs to be done on this since it could be triggered by non-state actors...

Comments

John, how could this work in a situation such as Thailand, where apparantly the government neither knows who the insurgents actually nor or what their objectives may be?

Posted by: Duncan Kinder | Wednesday, 23 May 2007 at 09:34 AM

Duncan, this is only between states.

Posted by: John Robb | Wednesday, 23 May 2007 at 09:54 AM

Perhaps open-source MAD where spindoktor meets politruk is what we need. This means our people need to be ultra-agile and train for that in everyday life. Lobby-group wants to smuggle a paragraph into law? Let's expose it the guerilla way with a video on youtube of minister painting the slogan on tanker. President wants an unneccessary war? CIA organizes a peace picnic near White House with analysts publicly performing their reports.

This way we could actually spend on MAD-readiness and improve our own democracy. Even exercising civilized freedom-of-speech on possible opposition during peacetime isn't considered illegal as far as I understand human rights.

Perhaps it would work also in state-vs-nonstate conflicts.

But is it doable? Original MAD was top-down manageable, this MAD is different. Open-source means participants should agree on target. Could be actually doable in Estonia, where state is issuing 1024bit crypto chips to citizens (80% of population have IDcards), competing banks are cooperating to strengthen security of online-banking, internet voting is almost open source etc.

Posted by: Peeter Marvet | Wednesday, 23 May 2007 at 01:41 PM

The Russians have long argued for a ban on "cyber weapons" and I've actually sat in on discussions with otherwise very smart people where "digital arms control" was the topic. I don't know from the proliferation business, but the whole thing seemed absurd to me, like we've got a lock on math and code can be export controlled (PGP all over again).

Posted by: Michael Tanji | Wednesday, 23 May 2007 at 10:46 PM

Seems like this type of systems disruption would be fairly easy to frame another for, MAD doesn't work too well when you don't know for sure where the attack came from, in fact the retaliation against another state could be the goal of the origional attack (I.E. chechens attack estonia and estonia retaliates against Russia). This is could be the ultimate force multipier for third party agitators.

Posted by: jasrenn | Thursday, 24 May 2007 at 02:20 AM

I am not sure if MAD could actually be achieved because the barriers to entry for this sort of attack is so low. All you need is a computer and some knowledge (a little basic but that is where it starts). Then you grow a bot net in somewhere, like the US and Southeast Asia to a decent size and you are in business. No dealing with any hazardousness materials or other controlled substances, just basic technology. This also means that the countries themselves do not have to initiate the attack, nor can they stop an attack if the second party follows their demands. There is no real power the country has other than to declare open-season and then ask for a cease-fire from their countryman. The equivalent of giving a huge group guns and ammo and point them to the enemy and hope they will stop when you call them off. That is not taking into account that a third-party may get into the action to blame it on the attacking party. In order for MAD to work, there has to be clear control of the attack and high barriers to entry, neither exist in cyper-world.

Interesting link on the subject:
http://isc.sans.org/diary.html?storyid=2820&rss

Posted by: dcunited2003 | Thursday, 24 May 2007 at 12:47 PM

I don't consider MAD a valid concept in 4GW where an enemy tactic may very well be to collapse his own world around him. As an example, Ahmadinejad, should he be successful in acquiring nuclear weapons (and there's no reason to think that he cannot considering the size of his wallet), will happily bring about a nuclear winter imagining it to be the return of the 12th Imam, accompanied by an Armageddon-like destruction.

Posted by: Jeff Carr | Monday, 11 June 2007 at 06:34 PM

aitc rbmyicdfx jkcyqx oxpuwgel rhon igfevnpu mskofbx

Posted by: ixgjw ogtbnqvk | Monday, 16 March 2009 at 09:20 PM