{"id":4594,"date":"2018-03-01T00:00:00","date_gmt":"2018-03-01T00:00:00","guid":{"rendered":"https:\/\/dev.abes.com.br\/?p=4594"},"modified":"2018-03-01T00:00:00","modified_gmt":"2018-03-01T00:00:00","slug":"defesa-cibernetica-exige-desenvolvimento-de-capacidades-ofensivas","status":"publish","type":"post","link":"https:\/\/dev.abes.com.br\/en\/defesa-cibernetica-exige-desenvolvimento-de-capacidades-ofensivas\/","title":{"rendered":"Cyber defense requires developing offensive capabilities"},"content":{"rendered":"
\n

\t\"\"<\/p>\n

\tBy Roberto Gallo and Paulo Sergio Melo de Carvalho<\/p><\/div>\n

  <\/p>\n

\n\tCombination of counterintelligence, euphemisms and the simple ignorance of cyber activity hinder the implementation of a strategic agenda for the Brazilian cyber sector.
\n\t 
\n\tIntroduction<\/strong>
\n\t 
\n\tThe cyber space is related to the use of computer networks where information transits in real time and the greatest difficulty in its conceptualization consists of transporting it from the virtual to the real world, as well as delimiting its borders, a fact that has been worrying the nation-states, therefore, affecting national sovereignty.
\n\t 
\n\tHowever, one fact is unquestionable: human activities are increasingly dependent on computer networks which, despite the enormous benefits they bring to decision making by government authorities and executives, reducing costs and time, are vulnerable to a new threat, the Cyber War.
\n\t 
\n\tThe protection of computer networks of government agencies and related companies is a matter of National Security and should be a concern for the whole of society, extrapolating the military environment, with the understanding that Cybersecurity is the normal situation and Cybersecurity consists of in all actions taken to obtain, maintain or restore the condition of Cybersecurity when it is compromised by hostile acts originating in other Nation States.
\n\t 
\n\tNowadays, those who follow the national or international news have had the opportunity to observe countless news reports that report cyber incidents, from the availability of critical infrastructures - telecommunications, energy, banking system, among others - going through theft of secret information from project projects. diplomatic weapons and communications, for example, even actions with kinetic results that result in loss of life, as in the case of the destruction of Iranian uranium centrifuges.
\n\t 
\n\tMany of these news are the result of military operations sponsored and \/ or carried out by nation-states and, although these are relatively voluminous, proportionally few gain relevance in the media.
\n\t 
\n\tThis is easy to understand: many of these operations have as a measure of success precisely not to be discovered. In other words, it is totally fair to say that there are indeed conflicts in the cyber domain in progress around the world, often sponsored by state entities against both private and public targets, even though there are currently no \u201copen wars\u201d in the classic sense.
\n\t 
\n\tObviousness aside, there are some aspects that end up going unnoticed by the non-military actors of the Defense ecosystem and that deserve to be explained.
\n\t 
\n\tOperational coordination.<\/strong>
\n\t 
\n\tIn the current world situation, characterized by the uncertainty, mutability and volatility of potential threats, as well as by the presence of new non-state actors in possible conflict scenarios, in any country, the military expression of National Power must be prepared permanently, considering international disputes. current and future.
\n\t 
\n\tFor this, strategic-operational measures must be adopted so that they can respond promptly and adequately, anticipating possible adverse scenarios for National Defense.
\n\t 
\n\tIn this context, the Nation-State needs to be able to oppose external and internal threats that may affect its sovereignty, in a manner compatible with its own dimension and its political-strategic aspirations on the international stage.
\n\t 
\n\tThis allows the country to achieve strategic objectives and preserve its national interests, in addition to the exercise of the right of defense guaranteed by the Federal Constitution and the international legal order.
\n\t 
\n\tThus, Cyber Defense must be established as a fundamental activity for the success of military operations at all levels of command, insofar as it enables the exercise of Command and Control, through the protection of information assets, while allowing the same exercise is denied to the opponent.
\n\t 
\n\tAs a specialized activity, its execution is based on a systemic conception, with methods, procedures, characteristics and vocabulary that are peculiar to it.
\n\t 
\n\tCyber operations can occur strictly in the 5th domain of the battlefield or in coordination with kinetic operations in the other domains (land, sea, air and space), taking as a classic example the overthrow of the communications system in the Republic of Georgia before and during the invasion Russian 2008, corroborating that kinetic actions to aid cyber actions are also possible, either in the physical positioning of signal intelligence equipment (SIGINT), or in social engineering on a target.
\n\t 
\n\tWrapping, but not.<\/strong>
\n\t 
\n\tToday, in the cyber world there is still no equivalent of what was powder or nuclear fission in the physical world. As a result, a strategy of encastelamento, that is, 100% protective fortification in Defense has reasonable effectiveness, delaying the success of the opponents.
\n\t 
\n\tHowever, mistakenly and often fueled by the distorted perception of suppliers in the world of Information Technology, some embody a mistaken view that protection capabilities are sufficient.
\n\t 
\n\tThis perception is false. Just as in the kinetic world, it is important to deny the environment to the opponent, shoot down their platforms to stop an attack or simply show the muscles for the purpose of deterrence.
\n\t 
\n\tNon-attribution of origin.<\/strong>
\n\t 
\n\tIn the cyber domain, a minimally competent attack leaves no definitive evidence of authorship. The attribution of the origin of attacks most of the time is circumstantial, probabilistic.
\n\t 
\n\tHow to exercise deterrence in a context where retaliation is limited?
\n\t 
\n\tThe answer comes in two axes: actions of intelligence, with the objective of solving targets and, concomitantly, a high power of counterattacks, which counterbalances, from the point of view of the opponent, the low chance of being caught. In other words, in the cyber domain, deterrence requires \u201csharp teeth and sharp eyes\u201d.
\n\t 
\n\tVariety, not quantity.<\/strong>
\n\t 
\n\tDeveloping conventional armament, for example, a 4th generation air-to-air missile, intermediate, involves investments that come close to an R$ 1 billion, for a later production, in low volume, of units that can cost in the range R$ 500 thousand.
\n\t 
\n\tReadiness with such armament mainly means having the local productive capacity - acquired via autochthonous or offset development - and an arsenal with a reasonable number of pieces - after all, 100 units of a missile can do a damage 100 times greater than a single piece.
\n\t 
\n\tThe logic of cyber weaponry is very different: when done in series, developing a cybernetic device can be as cheap as hundreds of thousands of reais, while its use has zero material cost, if there are no licenses for third parties.
\n\t 
\n\tHowever, with each use, there is a reasonable chance that a given weapon will become harmless as the vulnerability (s) it uses become known to the target. Taking this neutralization power into account, it is easy to conclude that a cyber offensive capability typically has a much more favorable cost-benefit ratio than its kinetic counterparts.
\n\t 
\n\tThus, in the cyber world, readiness means constant development of varied artifacts, since cyberspace has no physical limitations of distance and space and has no geographically defined limits, being changeable and dependent on the environmental conditions and the creativity of the human being, where the side effects can be uncontrollable, implying that there is no fully secure computer system.
\n\t 
\n\tIn short, cyberspace is sui generis and dual, since there is usually difficulty in assigning attacks, without knowing whether they are coming from actions carried out by the Nation-States or not.
\n\t 
\n\tDiscussion<\/strong>
\n\t 
\n\tThose who follow the media, especially the channels specialized in information technology commenting on Defense topics, will rarely find clear references to offensive capabilities or cyber weapons. It is understood that situations such as that of Stuxnet, used against Iranian nuclear installations, seem an exception, when apart from the specific degree of sophistication is common.
\n\t 
\n\tOn the other hand, in nation-states with a peaceful constitution and history, where defense is thought of as elements of protection of national integrity, with well-defined borders, the reality of the cyber world is at odds with the traditional pacifist deterrent ideas.
\n\t 
\n\tThe main reasons for these divergences are related to the immateriality of physical borders and the difficulty in attributing the origin of attacks.
\n\t 
\n\tThis gap is implicitly politically indigestible while the necessary exercise of offensive capabilities in times of peace goes beyond the military sphere.
\n\t 
\n\tIn this context, often the objective reality of the sector is simply ignored or, in less serious cases, euphemisms, such as \u201cactive defense\u201d, are used.
\n\t 
\n\tIt is easy to see how this scenario hinders the strategic horizon of indigenous readiness in any country.
\n\t 
\n\tFor the attacking nation-state, cyber war can be less expensive, both financially and politically, when the attack cannot be seen, making it a viable and appropriate alternative, according to the prospective scenario.
\n\t 
\n\tFrom a defensive point of view, the cyber threat can be considered more complex, given the diversity and vulnerabilities of the technology itself. Thus, the adaptation of the Nation-State to face it must be approached with responsibility, flexibility, speed and strategic vision, with an emphasis on intelligence and information technology activities.
\n\t 
\n\tNot only should the nation-state seek the implementation of new cybernetic structures in the governmental context, but actions in favor of synergy with other partners should be encouraged, through rules for purchasing, contracting and developing products and systems in the areas of information and intelligence technology, fundamental knowledge in this new operational domain of war, cybernetics.
\n\t 
\n\tThe development of Cyber Defense in the Nation-State, therefore, should increase its capacity to act in a network with government agencies, public and civil agencies, academic institutions and the industrial defense base, in order to improve its protection activities, exploration and prompt response to the latent cyber threats from other nation states, organizations and even from diverse groups with the most varied motivations.
\n\t 
\n\t 
\n\tRoberto Gallo<\/em><\/strong> operates since 1999 in cybernetics. He is the founder and executive director of KRYPTUS EED S \/ A, coordinator of the cybernetics committee at ABIMDE and associate professor at the Escola Superior de Guerra de Colombia. He is a laureate of the \u201cAir Marshal Casimiro Montenegro Filho\u201d award from the Presidency of the Republic of Brazil for his doctoral thesis in the Cybernetics area.<\/em>
\n\t 
\n\t 
\n\tPaulo Sergio Melo de Carvalho<\/em><\/strong>, reserve division general, was Chief of the Cyber Defense Center, responsible for carrying out collaborative activities and integration in the Military Cyber Defense System, from March 2014 to April 2016, and the first Commander of the Cyber Defense Command. Currently, he works as a consultant in the cyber sector, working on the FAPESP Project Academic Network of the State of S\u00e3o Paulo (ANSP Network) and advising companies, as well as being an associate professor at the Escola Superior de Guerra de Colombia.<\/p>\n

\tSource: The Defesanet<\/a><\/em><\/div>","protected":false},"excerpt":{"rendered":"

By Roberto Gallo and Paulo Sergio Melo de Carvalho A combination of counterintelligence, euphemisms and a simple lack of knowledge about cyber activity make it difficult to implement a strategic agenda for the Brazilian cyber sector. Introduction Cyberspace relates to the use of computer networks where information travels in real time and [\u2026]<\/p>","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[8,19],"tags":[],"class_list":["post-4594","post","type-post","status-publish","format-standard","hentry","category-artigos","category-ultimas-noticias"],"acf":[],"publishpress_future_action":{"enabled":false,"date":"2026-06-14 07:48:39","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category"},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/posts\/4594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/comments?post=4594"}],"version-history":[{"count":0,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/posts\/4594\/revisions"}],"wp:attachment":[{"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/media?parent=4594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/categories?post=4594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.abes.com.br\/en\/wp-json\/wp\/v2\/tags?post=4594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}