Cyber Warfare as an Instrument of Hybrid Warfare: A Case Study of Pakistan

This research paper analyses the employment of cyber warfare as a tool of hybrid warfare by focusing on the case study of Pakistan. The changing domains of war in hybrid regimes complemented by the ambiguity of cyber warfare, becomes a real destructive instrument of power. Pakistan is a developing country and the cyber space of Pakistan has numerous vulnerabilities which are exploited by our adversaries time and again. Cyber space is closely linked with hybrid warfare and it is employed by both state and non-state actors as an effective instrument of hybrid warfare. The paper begins by the challenging task of defining and briefly analysing the terms such as cyberspace, cyber warfare and hybrid warfare. The research argues how cyber warfare is being linked with hybrid warfare in contemporary times. Subsequently, it attempts to analyse the existing cyberspace of Pakistan to identify its cyber vulnerabilities and how those vulnerabilities have been exploited to undermine the national security of Pakistan through cyber warfare in a hybrid domain. Additionally, the paper highlights the major findings to underpin the requirements of guarding cyber space and concludes by underpinning the need to protect the cyber space from exploitations by multiple actors.&nbsp

The global vulnerability discovery and disclosure system: a thematic system dynamics approach

Vulnerabilities within software are the fundamental issue that provide both the means, and opportunity for malicious threat actors to compromise critical IT systems (Younis et al., 2016). Consequentially, the reduction of vulnerabilities within software should be of paramount importance, however, it is argued that software development practitioners have historically failed in reducing the risks associated with software vulnerabilities. This failure is illustrated in, and by the growth of software vulnerabilities over the past 20 years. This increase which is both unprecedented and unwelcome has led to an acknowledgement that novel and radical approaches to both understand the vulnerability discovery and disclosure system (VDDS) and to mitigate the risks associate with software vulnerability centred risk is needed (Bradbury, 2015; Marconato et al., 2012). The findings from this research show that whilst technological mitigations are vital, the social and economic features of the VDDS are of critical importance. For example, hitherto unknown systemic themes identified by this research are of key and include; Perception of Punishment; Vendor Interactions; Disclosure Stance; Ethical Considerations; Economic factors for Discovery and Disclosure and Emergence of New Vulnerability Markets. Each theme uniquely impacts the system, and ultimately the scale of vulnerability based risks. Within the research each theme within the VDDS is represented by several key variables which interact and shape the system. Specifically: Vender Sentiment; Vulnerability Removal Rate; Time to fix; Market Share; Participants within VDDS, Full and Coordinated Disclosure Ratio and Participant Activity. Each variable is quantified and explored, defining both the parameter space and progression over time. These variables are utilised within a system dynamic model to simulate differing policy strategies and assess the impact of these policies upon the VDDS. Three simulated vulnerability disclosure futures are hypothesised and are presented, characterised as depletion, steady and exponential with each scenario dependent upon the parameter space within the key variables

A system dynamics model of cyber conflict

In this paper we try to determine whether a potential state-aggressor in a recent cyber attack can be identified through an understanding of shared international dependencies between nations. Combining the International Affairs and Systems Science disciplines, we put forth a system dynamics model of cyber conflict which may facilitate the identification of a culpable state or states in a cyber attack through publicly available information. Having identified 22 countries with military or civilian cyber capability, data on economic trade imports and diplomatic relationships were combined to identify dependencies, or countries upon which dependent countries rely for trade or military collaboration. The system dynamics model simulates diplomatic tension between two countries to estimate the probability of a cyber conflict. Nine case studies, in which the likely cyber combatant was identified, are used to test the model. Initial results yielded a number of prior indicators of cyber conflict, such as dips in trade imports from future cyber combatants up to 2 years before a launched cyber attack