Asynchronous Warfare, Part 1: Setting the Stage With a Bit of History About Conventional Warfare

Asynchronous Warfare, Part 1: Setting the Stage With a Bit of History About Conventional Warfare

By Dr. Dennis Prange and edited by Andy Norton

NOTE: This is part 1 of a 4-part series on Asynchronous Warfare. Please watch for other segments over the next several weeks.

“The greatest victory is that which requires no battle. The supreme act of war is to subdue the enemy without fighting.” Sun Tzu, The Art of War.

Why are defenders always underprepared?
If someone did actually declare cyberwar, what would you do differently?

In this blog post series we attempt to answer both questions, to raise awareness, and to speed the adoption of advanced technology that can fight the cyberwar that’s already being waged.

We live in the age of the world order being challenged. The beginning of the 21st century will probably be looked back upon by future generations as a time of curious paradoxes: while our technical achievements appear to transform us into digital demigods, our ability to create reliable order out of chaos is not keeping pace, resulting in a world becoming unrulier every day. Or, as former CIA Director George Tenet once said:

”We have built our future upon a capability we have not learned how to protect.“1

We are constantly creating new ungoverned spaces of interaction while retreating from others where our methods of establishing order failed. This is one reason why the global balance of power is in a process of restructuring. Power migrates especially from the liberal West to any actor adaptive, smart and determined enough to prevail in this hypercompetitive “wild west” environment.

The Internet has created tremendous access to information, improved global interaction, and engagement, and spawned new businesses and innovative business models. It has also completely changed what it means to be secure. And while security has always been seen as an important element that must be considered when moving anything online, security risks have escalated to a much higher level of importance – one that few truly appreciate or understand. The Internet is now a war zone, and the battle being waged is a skewed one, with the bad guys having the upper hand because organizations have not adapted their security strategies accordingly.

In this blog series we’ll explore what this strategic imbalance looks like, and how the attackers are not just after a quick buck but a fundamental weakening of Western economies that tips the global economic balance of power in their favor, with every business of any size being caught in their crosshairs. We’ll conclude with four Golden Rules that will help fend off this sustained attack.

More specifically, we will examine:

  1. A time-proven strategy for a type of insurgent warfare that led to spectacular victories in conflicts such as the Vietnam War. Called “protracted people’s war” by Mao Tse-tung, in this paper it will be named after its most relevant characteristic: Asynchronous Warfare.
  2. Potential parallels between characteristic elements of asynchronous (ground) warfare in the past and the conflicts happening these days in the cyber domain.
  3. The specific phases of asynchronous warfare strategy, and how the telltale signs of these strategies being applied in the cyber domain are already visible.
  4. Strategies that organizations can adopt today to respond to the escalated level of threat presented by the online war we’re now fighting.

Roots of Asynchronous Warfare

In order to understand what’s happening today in the cyber realm, we first need to understand what asynchronous warfare is and how it operates in conventional warfare.

From the perspective of international relations, among the most important reason for the demise of the international order is the fact that the West has lost much of its aura of superiority in warfare since 9/11. Although conventional capabilities, at least regarding the United States, are still able to deter direct confrontation, the situation appears different when it comes to more unconventional forms of warfare. Here, the US and its allies have displayed shortfalls that did not go unnoticed by revisionist states like Iran and North Korea, and non-state actors such as ISIS and Al Qaeda, and encourage them to employ alternative strategies of political aggression.

That said, at the center of attention of this ominous development stand Russia and China. These great powers are proving especially adept at using a host of means to advance their power position in the world. For they have at their disposal a particularly successful alternative to violent political conflict2, the basics of which were conceived by Vladimir Ilyich Lenin and his Bolshevik comrades-in-arms almost a century ago.3

It was eventually perfected by Asian communist leaders Mao Tse-tung (who called the concept “protracted people’s war”4) in China and Ho Chi Minh in Vietnam. Proving to be radically effective, the Vietnamese under “Uncle Ho” and his general Vo Nguyen Giap employed the strategy5 to win against France, the United States, and China in the course of fewer than 30 years. But how is it possible that these ill-equipped insurgency movements won, despite their glaring material inferiority? How could the world’s leading military be forced to leave Vietnam without a victory after almost two decades of intense engagement?

The answer lies in the application of a strategy that works by keeping the conventional forces off-balance at all times. A concept developed by military theorist John Boyd helps to understand how this can be accomplished. The former aviator used his experiences in air combat to scrutinize the mental process that precedes action.

The concept he came up with he called the OODA-Loop.

It has four steps:

While all steps are important, it is the second, the orientation step, that merits special attention. If an insurgent (in this case) is so flexible that he can adapt to any action of a conventional force quicker than they do, he is able to “break into” the OODA-Loop of the conventional army before it had time to orient itself.

Imagine you find yourself in a boxing match with someone three or four times quicker than you are. Every time you observe where he is and take aim to punch him, he is somewhere else already. This leads to you punch thin air, an ineffective and tiresome method of fighting, made even worse by the fact that your quicker opponent has plenty of time to search for openings in your defenses – and counterstrike.

From a systemic point of view, one could say that if a strategy succeeds in constantly breaking into the defender’s OODA-Loop, it keeps him from synchronizing his actions with those of the attacker. He will always be too late and mispositioned. Focusing on the mechanisms that make this method successful, therefore, it is aptly named Asynchronous Warfare.

The term asynchronous had been used in the first decade of the new millennium6 but appears to have lost in academic usage against the term “asymmetric” warfare. This is unfortunate, given that asynchronous in the sense of “out of step” fits perfectly with the idea of breaking into an enemy’s OODA-Loop and has high descriptive value for what happens in a conflict between conventional and unconventional actors.

One reason is that the level of awareness and the recognition of the start of a conflict between attacker and defender is almost always asynchronous. If a defender does not recognize early attacks, or at least does not recognize them for what they are, he has not even braced himself for an increase of offensives when the attacker is already well into the execution of his strategy.

This situation can be especially relevant in cyberspace, where the discovery and impact of an attack is often not known until much later. By necessity, the technical and operational response of the defender to attacks is also asynchronous, for as soon as he realizes he is engaged in an active intrusion, he finds himself in a position of constant defense, whereas the offensive attacker can dictate the pace of operations.

NEXT: Part 2 – Strategies & Phases, from Initial Subversion to the Coup de Grace

Download the entire Asynchronous Warfare white paper, which includes all 4 parts of this blog post series.

_______________

Footnotes

1 https://www.washingtonpost.com/investigations/understanding-cyberspace-is-key-to-defending-againstdigital-attacks/2013/06/03/d46860f8-ad58-11e4-9c91-e9d2f9fde644_story.html?utm_term=.48f27804de29

2 Media Ajir and Bethany Vailliant: Russian Information Warfare: Implications for Deterrence Theory, https://www.airuniversity.af.edu/Portals/10/SSQ/documents/Volume-12_Issue-3/Ajir.pdf

3 Thomas G Mahnken, Ross Babbage, Toshi Yoshihara: Countering Comprehensive Coercion – Competitive Strategies Against Authoritarian Political Warfare, Center for Strategic and Budgetary Assessments, 30 May 2018, p.11, https://csbaonline.org/research/publications/countering-comprehensive-coercion-competitive-strategies-against-authoritar/publication; Linda Robinson, Todd C. Helmus, Raphael S. Cohen, Alireza Nader, Andrew Radin, Madeline Magnuson, Katya Migacheva: “Modern Political Warfare – Current Practices and Possible Responses”, RAND Corporation, 2018, pp. 51-2, https://www.rand.org/pubs/research_reports/RR1772.html

4 http://www.marx2mao.com/Mao/PW38.html#s1

5 Douglas Pike, Viet Cong: Organization and Technique of the National Liberation Front of South Vietnam, (The MIT Press: new ed. 1970) pp. 37–146. For example, the term was used by Thomas P.M. Barnett in a comment to Frank Hoffman’s post “Are We Ready for Hybrid Wars?” 18 February 2008, http://thomaspmbarnett.com/globlogization/2008/2/18/warfare-now-is-both-asymmetrical-and-asynchronous.html

Dr. Bjoern Dennis Prange

Dr. Bjoern Dennis Prange

In his role as Research Fellow and Analyst at various think tanks he has briefed many senior members of staff on Capitol Hill on transatlantic political affairs, security policy, applied research desiderates on questions of strategic vulnerabilities in the cyber realm, conducting international corporate investigations, He is the Deputy District Chair for the Foreign and Defense Policy, Munich Working Group, and a member of the German Council on Foreign Relations (DGAP), German Atlantic Society (DAG), and the Clausewitz Network for Strategic Studies. Dr. Prange completed his thesis “The War of Organizations – An Exploration of the Influence of Organization on the Success of Armed Forces in Hybrid Warfare.”The thesis provides a framework for methodically analyzing strategic security threats for large organizations that are faced with decentralized, highly adaptable aggressors.
Dr. Bjoern Dennis Prange
Andy Norton

Andy Norton

Andy has been involved in cyber security best practice for over 20 years, specializing in establishing emerging security technologies at Symantec, Cisco and FireEye. In that time, he has presented threat and intelligence briefings for both Bush and Obama administrations, The Cabinet office, the Foreign and Commonwealth office, SWIFT, Swiss National Bank, Prudential Regulation Authority, the Bank of England, The Hong Kong Monetary Authority and NASA. Returning to Europe from Asia in 2011, he has spent the past 5 years helping many of the FTSE 250 companies measure, manage and respond to cyber incidents.
Andy Norton