ICTs, Strategic Asymmetry and National Security

1
ICTs, Strategic Asymmetry and National Security

• Nir Kshetri
• Bryan School of Business and Economics
• The University of North Carolina-Greensboro

2
Source http//www.cartoonstock.com/directory/h/ha
cking.asp (Accessed March 15, 2005)
3
Warfare and asymmetric technologies Some
examples

• British Army Adopted Maxim Machine-Gun in 1889
• Speed 500 rounds per minute
• 1893-94 Matabele war 50 British soldiers with 4
  Maxim guns fought of 5,000 Matabele warriors
• U.S. Army Cruise missiles, laser-guided bombs,
  satellite reconnaissance systems, high altitude
  reconnaissance aircraft, and unmanned aerial
  vehicles (Rosenberger 2005).

4
Strategic asymmetry

• Employing some sort of differences to gain an
  advantage over an adversary.
• Negative asymmetry A difference an adversary is
  likely to use to exploit a weakness or
  vulnerability.
• Positive asymmetry Capitalizing on differences
  to gain an advantage.
• Only desperate antagonists depend solely on
  asymmetric methods.
• Appropriate combination of symmetric and
  asymmetric methods needed.

5
Institutions, ICTs and national security

• Institutions mechanisms that provide efficient
  solutions to predefined problems
• A terrorist organizations choice of media to
  spread its propaganda
• Mafia groups choice of a company for online
  extortion
• Three pillars of institutions (Scott 1995, 2001)
• Regulative
• Normative
• Cognitive

6
Regulative institutions and ICT-created
asymmetries

• P1 The lack of strong rules of law increases the
  degree of ICT-created positive asymmetries of
  cyber criminals.
• P2 ICT associated business models that increase
  negative asymmetries of governments and citizens
  are less likely to gain regulative legitimacy
• P3 Governments are less likely to provide
  regulative legitimacy to business models that
  allow adversaries to create symmetric
  advantages.

7
Normative institutions and ICT-created
asymmetries

• Introduce "a prescriptive, evaluative, and
  obligatory dimension into social life" (Hoffman
  1999).
• Pressure from
• professional associations e.g., the Honker Union
  of China
• non-profit organizations e.g., American Civil
  Liberties Union (ACLU)
• P4 The strength of normative legitimacy
  influences a) the ability to use ICTs to create
  positive asymmetry and b) the ability to deal
  with negative asymmetries.

8
Cognitive institutions and ICT-created
asymmetries

• ..constitute the nature of reality and the
  frames through which meaning is made" (Scott
  1995).
• perception among Chinese policy makers
  Microsoft and the U.S. government spy on Chinese
  computer users through secret "back doors".
• P5 Perception of ICT-related security threats
  from an adversary results in measures to a)
  create positive asymmetries b) deal with
  vulnerabilities of negative asymmetries.

9
Nation/organization specific factors

• Ability to create positive asymmetry and
  vulnerabilities of negative asymmetry
• Rank effect
• Degree of dependence on digital technologies
• Compatibility with modern ICTs

10
Rank effect

• Rank effect ICT deployment for national security
  diffuses from more advanced to less advanced
  nations.
• Japan plan to introduce passports with chips
  containing biometrics information in 2005
• Automated entry systems in the U.S.-Canada,
  U.S.-Mexico borders
• P6 ICT deployment to create positive asymmetries
  and deal with negative asymmetries varies
  positively with the level of economic development
  of a nation.

11
Degree of dependence on digital technologies

• Businesses with a high dependence on digital
  technologies most likely to fall victim to
  cyber attacks.
• online casinos, banks, and e-commerce hubs
• Garner (1997)
• the more proficient we become at collecting,
  processing, displaying and disseminating
  relevant, accurate information to aid decision
  makers, the more dependent we become on that
  capability and therefore the more lucrative a
  target
• P7 An organizations vulnerability to negative
  asymmetry varies positively with the degree of
  its digitization.

12
Compatibility with ICTs

• Anonymity features of modern ICT tools.
• Encryption technologies reinforced the effect.
• The Storm Cloud case
• U.S. officials not able to identify with
  certainty whether the source was a foreign
  government or a hacking group.
• Terrorists opportunities to get away from laws,
  obligations, and taboos, and express whatever
  they want to say
• P8 The degree of ICT created positive
  asymmetries is positively related to the
  preference of anonymity functions.

13
Managerial and policy implications

• ICT/competitive strategies (e.g., outsourcing)
  beyond obvious considerations (e.g., core
  competence, human resource and service quality)
  Security risk
• Strategies to deal with governments as well as
  cyber criminals measures to use ICTs to manage
  positive and negative asymmetries.
• Integrated approaches combine technology and
  policy measures