Assessment of the Virtual Societal Warfare Environment of 2035

Editor’s Note:  This article is part of our Civil Affairs Association and Divergent Options Writing Contest which took place from April 7, 2020 to July 7, 2020.  More information about the contest can be found by clicking here.


James Kratovil is a Civil Affairs Officer in the United States Army, currently working in the Asia-Pacifc region.

Hugh Harsono is currently serving as an Officer in the United States Army. He writes regularly for multiple publications about cyberspace, economics, foreign affairs, and technology. He can be found on LinkedIn @HughHarsono.

Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization or any group


Title:  Assessment of the Virtual Societal Warfare Environment of 2035

Date Originally Written:  April 30, 2020.

Date Originally Published:  June 3, 2020.

Author and / or Article Point of View:  Both authors believe that emerging societal warfare is a risk to U.S. interests worldwide.

Summary:  The world of 2035 will see the continued fracturing of the online community into distinctive tribes, exacerbated by sophisticated disinformation campaigns designed to manipulate these siloed groups. Anonymity on the internet will erode, thus exposing individuals personally to the masses driven by this new form of Virtual Societal Warfare, and creating an entirely new set of rules for interaction in the digital human domain.

Text:  The maturation of several emerging technologies will intersect with the massive expansion of online communities and social media platforms in 2035 to create historic conditions for the conduct of Virtual Societal Warfare. Virtual Societal Warfare is defined by the RAND Corporation as a “broad range of techniques” with the aim of changing “people’s fundamental social reality[1].” This form of warfare will see governments and other organizations influencing public opinion in increasingly precise manners. Where once narratives were shaped by professional journalists, unaltered videos, and fact-checked sources, the world of 2035 will be able to convincingly alter history itself in real time. Citizens will be left to the increasingly difficult task of discerning reality from fantasy, increasing the rate at which people will pursue whatever source of news best fits their ideology.

By 2035, the maturation of artificial intelligence (AI) will transform the information landscape. With lessons learned from experiences such as Russia’s interference with the 2016 elections in the U.S.[2], AI will continue to proliferate the issue of deep fakes to the point where it will be substantially more challenging to identify disinformation on the internet, thus increasing the effectiveness of disinformation campaigns. These AI systems will be able to churn out news stories and video clips showing fabricated footage in a remarkably convincing fashion.

With the population of the global community currently continuing to trend upwards, there is no doubt that an increasing number of individuals will seek information from popular social media platforms. The current figures for social media growth support this notion, with Facebook alone logging almost 2.5 billion monthly active users[3] and Tencent’s WeChat possessing an ever-growing user base that currently totals over 1.16 billion individuals[4]. An explosion in the online population will solidify the complete fracturing of traditional news sites into ones that cater to specific ideologies and preferences to maintain profits. This siloed collection of tailored realities will better allow disinformation campaigns of the future to target key demographics with surgical precision, making such efforts increasingly effective.

Where social media, the information environment, and online disinformation were once in their infancy of understanding, in 2035 they will constitute a significant portion of future organizational warfare. States and individuals will war in the information environment over every potentially significant piece of news, establishing multiple realities of ever starker contrast, with a body politic unable to discern the difference. The environment will encompass digital participation from governments and organizations alike. Every action taken by any organizational representative, be it a public affairs officer, a Department of Defense spokesperson, or key leader will have to take into account their engagement with online communities, with every movement being carefully planned in order to account for synchronized messaging across all web-based platforms. Organizations will need to invest considerable resources into methods of understanding how these different communities interact and react to certain news.

A digital human domain will arise, one as tangible in its culture and nuances as the physical, and organizations will have to prepare their personnel to act appropriately in it. Ostracization from an online community could have rippling effects in the physical world. One could imagine a situation where running afoul of an influential group or individual could impact the social credit score of the offender more than currently realized. Witness the power of WeChat, which not only serves as a messaging app but continually evolves to encompass a multitude of normal transactions. Everything from buying movie tickets to financial services exist on a super application home to its own ecosystem of sub-applications[5]. In 2035 this application constitutes your identity and has been blurred and merged across the digital space into one unified identity for social interactions. The result will be the death of online anonymity. Offend a large enough group of people, and you could see your social rating plummet, impacting everything from who will do business with you to interactions with government security forces.

Enter the new age disinformation campaign. While the internet has become less anonymous, it has not become any less wild, even within the intranets of certain countries. Communities set up in their own bubbles of reality are more readily excited by certain touchpoints, flocking to news organizations and individuals that cater to their specific dopamine rush of familiar news. A sophisticated group wanting to harass a rival organization could unleash massive botnets pushing AI-generated deep fakes to generate perceived mass negative reaction, crashing the social score of an individual and cutting them off from society.

Though grim, several trends are emerging to give digital practitioners and the average person a fighting chance. Much of the digital realm can be looked at as a never-ending arms race between adversarial actors and those looking to protect information and the privacy of individuals. Recognizing the growing problem of deepfakes, AI is already in development to detect different types, with a consortium of companies recently coming together to announce the “Deepfake Detection Challenge[6].” Meanwhile, the privacy industry has continued development of increasingly sophisticated forms of anonymity, with much of it freely available to a tech savvy public. The proliferation of virtual machines, Virtual Private Networks, Onion Routers, blockchain[7], and encryption have prolonged a cat and mouse game with governments that will continue into the future.

Where social media, the information environment, and online disinformation were once in their infancy of understanding, in 2035 they will be key elements used by governments and organizations in the conduct of Virtual Societal Warfare. The merging and unmasking of social media will leave individuals critically exposed to these online wars, with casualties on both sides weighed not in lives lost, but rather everyday lives suppressed by the masses. Ultimately, it will be up to individuals, corporations, and governments working together to even the odds, even as they advance the technology they seek to counter.


Endnotes:

[1] Mazarr, M., Bauer, R., Casey, A., Heintz, S. & Matthews, L. (2019). The emerging risk of virtual societal warfare : social manipulation in a changing information environment. Santa Monica, CA: RAND.

[2] Mayer, J. (2018, September 24). How Russia Helped to Swing the Election for Trump. Retrieved April 16, 2020, from https://www.newyorker.com/magazine/2018/10/01/how-russia-helped-to-swing-the-election-for-trump

[2] Petrov, C. (2019, March 25). Gmail Statistics 2020. Retrieved April 17, 2020, from https://techjury.net/stats-about/gmail-statistics/#gref

[3] Clement, J. (2020, January 30). Number of Facebook users worldwide 2008-2019. Retrieved April 18, 2020, from https://www.statista.com/statistics/264810/number-of-monthly-active-facebook-users-

[4] Thomala, L. L. (2020, March 30). Number of active WeChat messenger accounts Q2 2011-Q4 2019. Retrieved April 18, 2020, from https://www.statista.com/statistics/255778/number-of-active-wechat-messenger-accounts

[5] Feng, Jianyun. (2019, September 26). What is WeChat? The super-app you can’t live without in China. Retrieved April 25, 2020 from https://signal.supchina.com/what-is-wechat-the-super-app-you-cant-live-without-in-china

[6] Thomas, Elise. (2019, November 25). In the Battle Against Deepfakes, AI is being Pitted Against AI. Retrieved April 30, 2020 from https://www.wired.co.uk/article/deepfakes-ai

[7] Shaan, Ray. (2018, May 4). How Blockchains Will Enable Privacy. Retrived April 30, 2020 from https://towardsdatascience.com/how-blockchains-will-enable-privacy-1522a846bf65

2020 - Contest: Civil Affairs Association Writing Contest Assessment Papers Civil Affairs Association Cyberspace James Kratovil Non-Government Entities

Options for Countering the Rise of Chinese Private Military Contractors

Anthony Patrick is a graduate of Georgia State University and an Officer in the United States Marine Corps.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.


National Security Situation:  Future threats to United States (U.S.) interests abroad from Chinese Private Military Contractors.

Date Originally Written:  November, 26, 2018.

Date Originally Published:  December 24, 2018.

Author and / or Article Point of View:  The author is a United States Marine Corps Officer and currently attending The Basic School. 

Background:  Over the last six months, the media has been flooded with stories and articles about the possibility of a trade war between the U.S and the People Republic of China (PRC). These talks have mainly focused around specific trade policies such as intellectual property rights and the trade balance between the two nations. These tensions have risen from the PRC’s growing economic influence around the world. While many problems persist between the U.S and the PRC due to the latter’s rise, one issue that is not frequently discussed is the growing use of Private Military Contractors (PMCs) by the PRC. As Chinese companies have moved operations further abroad, they require protection for those investments. While the current number of Chinese PMCs is not large, it has been growing at a worrying rate, which could challenge U.S interests abroad[1]. 

Significance:  Many countries have utilized PMCs in foreign operations. The most significant international incidents involving PMCs mainly come from those based in the U.S and the Russian Federation. However, many other countries with interests abroad have increasingly started to utilize PMCs. One of the most significant examples has been the growing use of Chinese PMC’s. These PMCs pose a very unique set of threats to U.S national security interest abroad[2]. First, like most PMC’s, Chinese contractors come mainly from the Peoples Liberation Army and policing forces. This means that the PMCs have a significant amount of military training. Secondly, the legal relationship between the PMC’s and the PRC is different than in most other countries. Since the PRC is an authoritarian country, the government can leverage multiple forms of coercion to force PMC’s into a certain course of action, giving the government a somewhat deniable capability to control foreign soil. Lastly, the Chinese can use PMC’s as a means to push their desired political endstate on foreign countries. With the U.S still being ahead of the PRC militarily, and with both states having nuclear capabilities, conventional conflict is highly unlikely. One way for the Chinese to employ forces to counter U.S. interests abroad is through the use of PMC’s, similar to what Russia has done in Syria[3]. With this in mind, the U.S will need a proactive response that will address this problem both in the short and long term.  

Option #1:  Increase the Department of Defense’s (DoD) focus on training to counter irregular/asymmetric warfare to address the threat posed by PRC PMCs. 

Risk:  The new National Defense Strategy (NDS) focuses on many aspects of the future conventional battlefield like increasing the size of the U.S Navy, cyber operations, and cutting edge weapons platforms[4]. By focusing more of the DoD’s resources on training to counter irregular / asymmetric warfare, the military will not be able to accomplish the goals in the NDS. This option could also lead to a new generation of military members who are more adept at skills necessary for smaller operations, and put the U.S at a leadership disadvantage if a war were to break out between the U.S and a near peer competitor. 

Gain:  Another major conventional war is highly unlikely. Most U.S. near peer competitors are weaker militarily or have second strike nuclear capabilities. Future conflicts will most likely require the U.S. to counter irregular / asymmetric warfare methodologies, which PRC PMCs may utilize.  By focusing DoD resources in this area, the U.S would gain the ability to counter these types of warfare, no matter who employs them. In addition to being better able to conduct operations similar to Afghanistan, the U.S. would also have the tools to address threats posed by PRC PMCs.  Emphasizing this type of warfare would also give U.S actions more international legitimacy as it would be employing recognized state assets and not trying to counter a PRC PMC with a U.S. PMC. 

Option #2:  The U.S. pursues an international treaty governing the use of PMC’s worldwide.  

Risk:   Diplomatic efforts take time, and are subject to many forms of bureaucratic blockage depending on what level the negations are occurring. Option #2 would also be challenging to have an all-inclusive treaty that would cover every nation a PMC comes from or every country from which an employee of these firms might hail. Also, by signing a binding treaty, the U.S would limit its options in foreign conflict zones or in areas where Chinese PMC’s are operating or where the U.S. wants to use a PMC instead of the military.

Gain:  A binding international treaty would help solve most of the problems caused by PMC’s globally and set the stage for how PRC PMC’s act as they proliferate globally[5]. By making the first move in treaty negotiations, the U.S can set the agenda for what topics will be covered. The U.S can build off of the framework set by the Montreux document, which sets a non-binding list of good practices for PMCs[6]. By using the offices of the United Nations Working Group on PMCs the U.S would be able to quickly pull together a coalition of like minded countries which could drive the larger negotiation process. Lastly, Option #2 would help solve existing problems with PMC’s operating on behalf of other countries, like the Russian Federation. 

Other Comments:  None.

Recommendation:  None.


Endnotes:

[1] Swaine, M. D., & Arduino, A. (2018, May 08). The Rise of China’s Private Security (Rep.). Retrieved November 26, 2018, from Carnegie Endowment For International Peace website: https://carnegieendowment.org/2018/05/08/rise-of-china-s-private-security-companies-event-6886

[2] Erickson, A., & Collins, G. (2012, February 21). Enter China’s Security Firms. Retrieved November 26, 2018, from https://thediplomat.com/2012/02/enter-chinas-security-firms/3/

[3] United States., Department of Defense, (n.d.). Summary of the 2018 National Defense strategy of the United States of America: Sharpening the American Military’s Competitive Edge (pp. 1-14).

[4] Gibbons-neff, T. (2018, May 24). How a 4-Hour Battle Between Russian Mercenaries and U.S. Commandos Unfolded in Syria. Retrieved November 25, 2018, from https://www.nytimes.com/2018/05/24/world/middleeast/american-commandos-russian-mercenaries-syria.html

[5] Guardians of the Belt and Road. (2018, August 16). Retrieved November 26, 2018, from https://www.merics.org/en/china-monitor/guardians-of-belt-and-road

[6] Switzerland, Federal Department of Foreign Affairs, Directorate of International Law. (2008, September 17). The Montreux Document. Retrieved November 26, 2018, from https://www.icrc.org/en/doc/assets/files/other/icrc_002_0996.pdf

Anthony Patrick Below Established Threshold Activities (BETA) China (People's Republic of China) Irregular Forces Non-Government Entities Option Papers

Options to Deter Cyber-Intrusions into Non-Government Computers

Elizabeth M. Bartels is a doctoral candidate at the Pardee RAND Graduate School and an assistant policy analyst at the nonprofit, nonpartisan RAND Corporation.  She has an M.S. in political science from the Massachusetts Institute of Technology and a B.A. in political science with a minor in Near Eastern languages and civilization from the University of Chicago.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.


National Security Situation:  Unless deterred, cyber-intrusions into non-government computer systems will continue to lead to the release of government-related information.

Date Originally Written:  March 15, 2017.

Date Originally Published:  May 11, 2017.

Author and / or Article Point of View:  Author is a PhD candidate in policy analysis, whose work focuses on wargaming and defense decision-making.

Background:  Over the years, a great deal of attention has been paid to gaining security in cyberspace to prevent unauthorized access to critical infrastructure like those that control electrical grids and financial systems, and military networks.  In recent years a new category of threat has emerged: the cyber-theft and subsequent public release of large troves of private communications, personal documents and other data.

This category of incident includes the release of government data by inside actors such as Chelsea Manning and Edward Snowden.  However, hacks of the Democratic National Committee and John Podesta, a Democratic party strategist, illustrate that the risk goes beyond the theft of government data to include information that has the potential to harm individuals or threaten the proper functioning of government.  Because the federal government depends on proxies such as contractors, non-profit organizations, and local governments to administer so many public functions, securing information that could harm the government – but is not on government-secured systems – may require a different approach.

Significance:  The growing dependence on government proxies, and the risk such dependence creates, is hardly new[1], and neither is concern over the cyber security implications of systems outside government’s immediate control[2].  However, recent attacks have called the sufficiency of current solutions into question.

Option #1:  Build Better Defenses.  The traditional approach to deterring cyber-exploitation has focused on securing networks, so that the likelihood of failure is high enough to dissuade adversaries from attempting to infiltrate systems.  These programs range from voluntary standards to improve network security[3], to contractual security standards, to counter-intelligence efforts that seek to identify potential insider threats.  These programs could be expanded to more aggressively set standards covering non-governmental systems containing information that could harm the government if released.

Risk:  Because the government does not own these systems, it must motivate proxy organizations to take actions they may not see as in their interest.  While negotiating contracts that align organizational goals with those of the government or providing incentives to organizations that improve their defenses may help, gaps are likely to remain given the limits of governmental authority over non-governmental networks and information[4].

Additionally, defensive efforts are often seen as a nuisance both inside and outside government.  For example, the military culture often prioritizes warfighting equipment over defensive or “office” functions like information technology[5], and counter-intelligence is often seen as a hindrance to intelligence gathering[6].  Other organizations are generally focused on efficiency of day-to-day functions over security[7].  These tendencies create a risk that security efforts will not be taken seriously by line operators, causing defenses to fail.

Gain:  Denying adversaries the opportunity to infiltrate U.S. systems can prevent unauthorized access to sensitive material and deter future attempted incursions.

Option #2:  Hit Back Harder.  Another traditional approach to deterrence is punishment—that is, credibly threatening to impose costs on the adversary if they commit a specific act.  The idea is that adversaries will be deterred if they believe attacks will extract a cost that outweighs any potential benefits.  Under the Obama administration, punishment for cyber attacks focused on the threat of economic sanctions[8] and, in the aftermath of attacks, promises of clandestine actions against adversaries[9].  This policy could be made stronger by a clear statement that the U.S. will take clandestine action not just when its own systems are compromised, but also when its interests are threatened by exploitation of other systems.  Recent work has advocated the use of cyber-tools which are acknowledged only to the victim as a means of punishment in this context[10], however the limited responsiveness of cyber weapons may make this an unattractive option.  Instead, diplomatic, economic, information, and military options in all domains should be considered when developing response options, as has been suggested in recent reports[11]. 

Risk:  Traditionally, there has been skepticism that cyber incursions can be effectively stopped through punishment, as in order to punish, the incursion must be attributed to an adversary.  Attributing cyber incidents is possible based on forensics, but the process often lacks speed and certainty of investigations into traditional attacks.  Adversaries may assume that decision makers will not be willing to retaliate long after the initiating incident and without “firm” proof as justification.  As a result, adversaries might still be willing to attack because they feel the threat of retaliation is not credible.  Response options will also need to deal with how uncertainty may shape U.S. decision maker tolerance for collateral damage and spillover effects beyond primary targets.

Gain:  Counter-attacks can be launched regardless of who owns the system, in contrast to defensive options, which are difficult to implement on systems not controlled by the government.

Option #3:  Status Quo. While rarely discussed, another option is to maintain the status quo and not expand existing programs that seek to protect government networks.

Risk:  By failing to evolve U.S. defenses against cyber-exploitation, adversaries could gain increased advantage as they develop new ways to overcome existing approaches.

Gain:  It is difficult to demonstrate that even the current level of spending on deterring cyber attacks has meaningful impact on adversary behavior.  Limiting the expansion of untested programs would free up resources that could be devoted to examining the effectiveness of current policies, which might generate new insights about what is, and is not, effective.

Other Comments:  None.

Recommendation:  None.


Endnotes:

[1]  John J. Dilulio Jr. [2014], Bring Back the Bureaucrats: Why More Federal Workers Will Lead to Better (and Smaller!) Government, Templeton Press.

[2]  President Barack Obama [2013], Executive Order—Improving Critical Infrastructure Cybersecurity, The White House Office of the Press Secretary.

[3]  National Institute of Standards and Technology (NIST) [2017], Framework for Improving Critical Infrastructure Cybersecurity, Draft Version 1.1.

[4]  Glenn S. Gerstell, NSA General Councel, Confronting the Cybersecurity Challenge, Keynote address at the 2017 Law, Ethics and National Security Conference at Duke Law School, February 25, 2017.

[5]  Allan Friedman and P.W. Singer, “Cult of the Cyber Offensive,” Foreign Policy, January 15, 2014.

[6]  James M. Olson, The Ten Commandments of Counterintelligence, 2007.

[7]  Don Norman, “When Security Gets in the Way,” Interactions, volume 16, issue 6: Norman, D. A. (2010).

[8]  President Barack Obama [2016], Executive Order—Taking Additional Steps to Address the National Emergency with Respect to Significant Malicious Cyber-Enabled Activities.

[9]  Alex Johnson [2016], “US Will ‘Take Action’ on Russian Hacking, Obama Promises,” NBC News.

[10]  Evan Perkoski and Michael Poznansky [2016], “An Eye for an Eye: Deterring Russian Cyber Intrusions,” War on the Rocks.

[11]  Defense Science Board [2017], Task Force of Cyber Deterrence.

Cyberspace Deterrence Elizabeth M. Bartels Non-Government Entities Option Papers