Monitoring Economic Systems in Times of Unrestricted Warfare
Note: This was originally written in 2014 but I believe it still holds true. I have updated some references to newer versions where available.
In our society, information technology (IT) is a vital element. There have been remarkable advances in the way people and entities communicate and interact over the last 20 years. It has been transformative; it gives billions of people around the globe rapid access to information and opportunities (Panetta, 2012). From the first packet-switched networks of ARPANET to the always-on communications of today’s mobile devices, it is clear communications have changed.
Because of this reliance on IT within our critical infrastructures, it is important that we understand what is happening not just within our networks, and whether we can trust those networks to output information and action properly, but also in the larger environments in which those networks exist. After all, one of our adversary’s goals is espionage for economic gain (Hjortdal, 2011). If they plan that goal so we can document, we can take steps to thwart or mitigate their actions. This ability to see what traverses our information ecosystem is vital to preventing economic damage to the US.
The Chinese have pioneered an idea known as ‘non-military war options’ or unrestricted warfare. They define this concept as those actions an actor can take within a state of struggle that does not involve using the military (Qiao et al., 2002). Put another way, it is the use of every conceivable non-military means to achieve a desired outcome during a conflict. It is, therefore, almost everything.
Threat actors use this irregular approach for many reasons. One is asymmetry: many nations know they cannot defeat their enemy in a pure military confrontation on the battlefield. Unrestricted tactics can target the more vulnerable aspects of an otherwise superior adversary. Likewise, an adversary could use such techniques to weaken the resolve of a nation during or before a battle. According to Sun Tzu, no nation wants a protracted conflict; anything that nation can do to shorten the conflict victoriously is necessary .
Examples of unrestricted warfare abound. For example, trade wars between nations affect economic conditions. In such a globally integrated economy, small changes in trade issues might be absorbed, but larger shocks to such systems can quickly spread (Canofari et al., 2014). Such shocks could have a destabilizing effect on the targeted nation. Another example of an unconventional technique is ecological attacks. During the 1991 Iraq War, retreating Iraqi troops set fire to Kuwaiti oil fields, the resulting ecological damage to the Persian Gulf region and beyond was significant (Davis, 1991).
Psychological campaigns can also be crucial elements of a non-military war campaign. For example, threat actors could use the public’s fear response to a threatened attack to create an actual threat. A panic caused by market fluctuations that leads to a run on banks is a real-world example of such an attack. A final example of tactics would be pure economic manipulation. It is this specific threat this paper focuses on.
Continuous Security Monitoring of Economic Systems
Organizations monitor their networks to protect themselves from unauthorized activity. The National Institute of Standards and Technology’s (NIST) Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations (Special Publication 800–137) defines continuous monitoring as “maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions” (Pillitteri et al., 2020, p. 6). It is important to extend this security diligence to monitor the nation’s critical economic infrastructure for signs of tactics, planning, or other indicators of operations. Both researchers and practitioners consider economic warfare tactics at the center of the new non-military options available (Hjortdal, 2011; Qiao et al., 2002).
Consider the following scenario: The fictional nation of Treburina wants to engage in hostilities with the US. Treburina is a populous country; however, its leaders realized many years ago that it did not possess the ability to defeat the US in military terms. It lacks the technology and information needed to overcome the significant military advantage the US has. After all, the US can project military power in short order anywhere in the world.
Treburina has a plan, however; by leveraging the technological resources of those under its control and groups and individuals it has affinities with, it has launched cyber-based attacks against many critical information systems and networks the US government and US-based businesses rely on to update and track information about the US economy. Because of its use of malware installations and the creation of botnets, Treburina now possesses administrator rights on several critical servers in the New York Stock Exchange and the NASDAQ. Treburina also coordinates its plans online in language that, at first glance, appears innocuous.
From this position of strength, Treburina can control the nature and type of information sent from these vital economic stalwarts to national authorities, like the US Department of Commerce or regulatory agencies, such as the Securities and Exchange Commission (SEC). Such manipulation could either cause chaos or sow doubt about the resiliency or performance of the US economy. As the largest economy on the planet per Focus Economics (2017), such issues could have consequences throughout the globe. One only has to review the effects on the planet’s economies from the 2008 housing crisis in the US to foresee the level of damage an intentional attack by Treburina on the information systems holding up our markets would have.
With the advancement of internet capabilities, means of launching cyber-based economic warfare are becoming more readily available to our adversaries by the day. The economic warfare threat has grown from a possibility to a likelihood; and when one considers the impact of a successful attack, the need for adequate defense protocol to protect our nation, specifically our financial infrastructure, is an imperative. Asymmetric warfare against the US will continue to evolve with the emergence of new technologies.
Because of these, the reactive posture the US has traditionally taken to threats is no longer effective. Threat assessments in the future must occur continuously; the nation needs to assess infrastructure risk much faster. In addition, these new threat assessments should include reviews of new technologies; such reviews will help predict how these tools might cause harm to the United States’ economic systems.
Canofari, P., Di Bartolomeo, G., & Piersanti, G. (2014). Theory and practice of contagion in monetary unions: Domino Effects in Emu Mediterranean countries. International Advances in Economic Research, 20(3), 259–267. https://doi.org/10.1007/s11294-014-9471-2
Davis, P. A. (1991, January 24). Ecological danger feared as a result of burning oil war in the Gulf. Baltimore Sun. Retrieved April 24, 2022, from https://www.baltimoresun.com/news/bs-xpm-1991-01-24-1991024089-story.html
Focus Economics. (2017, December 18). The world’s largest economies (2019–2023). Focus Economics | Economic Forecasts from the World’s Leading Economists. Retrieved April 24, 2022, from https://www.focus-economics.com/blog/the-largest-economies-in-the-world
Hjortdal, M. (2011). China’s use of cyber warfare: Espionage meets strategic deterrence. Journal of Strategic Security, 4(2), 1–24. https://doi.org/10.5038/1944-04126.96.36.199
Panetta, L. (2012). Business Executives for National Security. New York City.
Pillitteri, V. Y., Baer, C., Niemeyer, R., Rudman, R., & Urban, S. (2020). Assessing Information Security Continuous Monitoring (ISCM) programs: Developing an ISCM program assessment. Special Publication 800 Series, 1–77. https://doi.org/10.6028/nist.sp.800-137a
Qiao, L., & Wang, X. (2002). Unrestricted warfare: China’s master plan to destroy America. (A. Santoli, Ed.). Pan American Publishing Company.