Tag Archives: war

Cyclones in Cyberspace? How Crowdsourced Cyber Warfare Shaped the Russian-Georgia War

“Cyclones in Cyberspace: Information Shaping and Denial in the 2008 Russia-Georgia War” was just published in Security Dialogue, a respected peer-reviewed journal. The article analyzes “the impact of cyberspace on the conflict between Russia and Georgia over the disputed territory of South Ossetia in August 2008.” The authors Ron Diebert, Rafal Rohozinski and Masashi Crete-Nishihata argue that “cyberspace played a significant, if not decisive, role in the conflict–as an object of contestation and as a vector for generating strategic effects and outcomes.”

The purpose of this blog post is to briefly highlight some important insights from the study by sharing a few key excerpts from the study.


“Cyberspace is now explicitly recognized in United States strategic doc-trine as being equally as important as land, air, sea, and space […]. Dozens of states are actively developing military doctrines for cyberspace operations (Hughes, 2010), while others may be employing unconventional cyberspace strategies. An arms race in cyberspace looms on the horizon (Deibert and Rohozinski, 2011).”

“The US Department of Defense (2010: 86) presently defines cyber- space as ‘a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications net- works, computer systems, and embedded processors and controllers’. This definition acknowledges the interdependence between the physical and informational realm. It also defines cyberspace as the totality of information infrastructures, which includes but is not limited to the Internet. The constitutive elements of cyberspace can be broken down into four levels: physical infrastructure, the code level, the regulatory level, and the level of ideas. These constitutive elements of cyberspace were all present and leveraged during the 2008 conflict between Russia and Georgia.”

“Operations in and through cyber- space were present throughout the conflict and were leveraged by civilian and military actors on both sides. Russian and Georgian forces made use of information operations alongside their con-ventional military capabilities. Civilian leadership on both sides clearly appreciated the importance of strategic communication, and targeted domestic and international media in order to narrate the intent and desired outcome of the conflict.”

“The Internet played an important role as a redistribution channel for media and communications, including news, influential blogs, and rumors. The impact of this media was so effective in the eyes of the Georgian authorities that they decided to censor Russian television broadcasts in major Georgian cities, and to filter access to Russian Internet sites.”

Information Denial

“Both sides (or their sympathizers) employed computer network operations, consisting of attacks designed to disable or degrade key infrastructure, and exploitation or hijacking of government computer systems. In particular, numerous Georgian websites and a few Russian media sites were subject to large-scale distributed-denial-of-service (DDoS) events. The command-and-control (C&C) servers responsible for the DDoS against Georgian systems and websites, as well as other forms of malicious hacking, originated from networks located within the Russian Federation.”

“The Russian government has never claimed responsibility for these activities, and it remains unclear whether these operations were coordina-ted, encouraged, or officially tolerated by Russian authorities. This ambiguity is itself an important emergent property of war fighting in the cyber domain.”

“The DDoS surge and SQL injection-based intrusions against Georgian systems beginning on 8 August were later followed by a series of crowd-sourced DDoS activities targeting Georgian government websites and resources, coordinated on Russian hacker forums. It is unclear whether these activities were sanctioned and organized as a component of a broader political strategy, whether they occurred as a result of informal coordination by the Kremlin’s communications staff and its networks of contacts with the Russian IT community (which includes quasi-criminal groups), or whether they occurred as a result of autonomous third-party actions.”

“In an attempt to mitigate the effects of the DDoS events, Georgian authorities sought assistance from the governments of Estonia, Lithuania, and Poland. Reportedly, Estonian officials put Georgia in contact with a community of cyber-security professionals who provided consultations (Stiennon, 2008). Georgia attempted to counter the effectiveness of the DDoS surge by implementing filters to block the Russian IP addresses and protocols used by the attackers. This effort was successfully countered, and the DDoS surge shifted to foreign servers and software to mask the IP addresses (Bumgarner and Borg, 2009). Georgia’s next step was to mirror several government websites, including that of Georgia’s president, on servers located in the countries that came to its assistance, which conse-quently also became the target of Russian DDoS events.”

“US cyberspace was also affected, as components of the Georgian government such as the Ministry of Foreign Affairs were shifted to Blogspot and the websites of the president and the Ministry of Defense were moved to servers operated by operated by Tulip Systems (TSHost), a private web- hosting company based in Atlanta, Georgia (Swabey, 2008; Svensson, 2008a). The Georgian expatriate CEO of TSHost contacted Georgian officials and offered the company’s services without notifying US authori-ties. Soon after the Georgian websites were transferred to TSHost, the US-based servers were subject to DDoS. The CEO of TSHost reported these attacks to the FBI, but the company never received US government sanction for migrating the websites (Svensson, 2008b). Moving hosting to US-based TSHost raised the issue of whether the USA had violated its cyber neutrality by permitting Georgia to use its information services during the conflict.”

Deliberate or Emergent?

One of the study’s principle research questions is whether the Russian campaign in cyberspace was deliberate and planned. The authors consider there possible scenarios: (1) the actions were deliberate and planned; (2) the actions were ‘encouraged’ or ‘passively encouraged’ by state agents; or (3) the actions were an unpredictable result and dynamic emergent property of cyberspace itself.  The resulting evaluation of each scenario’s probability suggests that “Russian citizens, criminal groups, and hackers independently organized and/or participated in a self-directed cyber riot against Georgia out of patriotic sentiments.”

“Civilians have voluntarily engaged in warfare activities without the approval or direction of states throughout the history of armed conflict. What makes the actions of civilians in cyberspace different are the characteristics of the domain, where effects can be generated with ease and at rapid speed. Quite simply, collective action is easier and faster in cyberspace than it is in any other physical domain. If this scenario was the case during the Russia–Georgia war, it would signal the emergence of a new factor in cyberspace operations – the capacity for a group other than the belligerents to generate significant effects in and through cyberspace. The unpredictable nature of such outside participation–global in scope, random in distribution–can lead to chaotic outcomes, much like the trajectory and phase of a cyclone.”


“There was leverage gained in the conflict by the pursuit of information denial. Even in environments where the communication environment is constrained, societies are heavily dependent on cyberspace and feel its strategic importance most acutely by its absence. Information-denial strategies are more closely associated with countries of Asia, the Middle East, North Africa, and the CIS–as opposed to the West, which is more comfortable with information projection. Information denial also tends to fit more comfortably within semi-authoritarian or competitive authoritarian countries than democratic ones.”

“The tendencies toward information denial also challenge some of the widespread assumptions about the relationships between new information and communication technologies and conflict. In recent years, a conven-tional wisdom has emerged that links cyber- space with a high degree of transparency around modern wars. Our research suggests that the opposite is more likely to be the case as states and non-state actors aggressively pursue military objectives to shape, control, and suppress the realm of ideas.”

“The tendency toward privateering is very strong in cyber conflict. There is already a large and growing illicit global computer-crime market. This market is attractive to some states because it allows them to execute their missions once removed and clandestinely, thus offering plausible deniability and avoiding responsibilities under international law or the laws of armed conflict. Outsourcing to private actors in cyberspace is an example of what we have elsewhere called ‘next- generation cyberspace controls’ (Deibert and Rohozinski, 2010c). Although we found no direct evidence of cyber-privateering in open sources in this case, it is certainly a possibility. Indeed, some countries may actively cultivate cyber-privateering as a strategy precisely to confuse the battle space and muddy attribution.”

“[…] the scope and scale of contingent effects related to the character of the cyberspace domain present a qualitative difference for international con-flicts. An emergent property related to today’s global information and communications environment, inherent in its complexity, dynamism, and dispersed character, is for acts of cyber warfare to be highly unpredictable and volatile.”

“Although states may plan or ‘seed’ campaigns in cyberspace, such campaigns have a tendency to take on lives of their own because of the unavoidable participation of actors swarming from edge locations (see Der Derian, 1996). We refer to this dynamic as ‘cyclones in cyberspace’ – a phenomenon clearly evident in the August 2008 conflict both in terms of the piling-on of outside participants and the confusion and panic sown in Georgia by its own filtering choices.”

“Cyclones in cyberspace invariably internationalize any cyber conflict. […] As cyberspace penetrates those regions of the world where conflict and instability are ripe and authoritarian regimes prevail, the propensity for more cyclones in cyberspace is high and should concern international security researchers and policymakers.”

For more on cyber war, please see my earlier bog post on “Cyberconflict and Global Politics: New Media, War, Digital Activism.”

How Crisis Mapping Proved Henry Kissinger Wrong in Cambodia

Crisis Mapping can reveal insights on current crises as well as crises from decades ago. Take Dr. Jen Ziemke‘s dissertation research on crisis mapping the Angolan civil war, which revealed and explained patterns of violence against civilians. My colleague Dr. Taylor Owen recently shared with me his fascinating research, which comprises a spatio-historical analysis of the US bombardment of Cambodia. Like Jen’s research, Taylor’s clearly shows how crisis mapping can shed new light on important historical events.

Taylor analyzed a recently declassified Pentagon geo-referenced data set of all US bombings during the Indo-Chinese war which revealed substantial errors in the historical record of what happened to Cambodia between 1965-1973. The spatial and temporal analysis also adds more food for thought regarding the link between the rise of the Khmer Rouge and American air strikes. In particular, Owen’s analysis shows that:

“… the total tonnage dropped on Cambodia was five times greater than previously known; the bombing inside Cambodia began nearly 4 years prior to the supposed start of the Menu Campaign, under the Johnson Administration; that, in contradiction to Henry Kissinger’s claims, and over the warning of the Joints Chiefs of Staff, Base Areas 704, 354 and 707 were all heavily bombed; the bombing intensity increased throughout the summer of 1973, after Congress barred any such increase; and, that despite claims by both Kissinger and Nixon to the contrary, there was substantial bombing within 1km of inhabited villages.”

To be sure, the crisis mapping analysis of Cambodia “transforms our understan-ding of the scale of what happened to Cambodia during the Indochinese war. The  total tonnage of bombs dropped on the country had previously been pegged at some 500,000 tons. The new analysis dramatically revises this figure upwards to “2,756,941 tons of US bombs dropped during no fewer than 230,516 sorties.” To put this figure into context, more bombs were dropped on Cambodia than the number of bombs that the US dropped during all of World War II. Cambodia remains the most heavily bombed country in the world.

Kissinger had claimed that no bombs were being dropped on villages. He gave assurances, in writing, that no bombs would be dropped “closer than 1 km from villages, hamlets, houses, monuments, temples, pagodas or holy places.” As Owen reveals, “the absurdity of Kissinger’s claim is clearly demonstrated” by the crisis mapping analysis below in which the triangles represent village centers and the red points denote bombing targets, often hit with multiple sorties.

Owen argues that “while the villagers may well have hated the Viet Cong, in many cases once their villages had been bombed, they would become more sympathetic to the Khmer Rouge,” hence the supposed link between the eventual Cambodian genocide which killed 1.7 million people (~21% of the population) and the US bombing. To be sure,  “the civilian casualties caused by the bombing significantly increased the recruiting capacity of the Khmer Rouge, whom over the course of the bombing campaign transformed from a small agrarian revolutionary group, to a large anti-imperial army capable of taking over the country.”

In sum, the crisis mapping analysis of Cambodia “challenges both the established historical narrative on the scale and scope of this campaign, as well as our understanding of the effects of large scale aerial bombardment.”

The Mathematics of War: On Earthquakes and Conflicts

A conversation with my colleague Sinan Aral at PopTech 2011 reminded me of some earlier research I had carried out on the mathematics of war. So this is a good time to share some of the findings from this research. The story begins some 60 years ago, when British physicist Lewis Fry Richardson found that international wars follow what is called a power law distribution. A power law distribution relates the frequency and “magnitude” of events. For example, the Richter scale, relates the size of earthquakes to their frequency. Richardson found that the frequency of international wars and the number of causalities each produced followed a power law.

More recently, my colleague Erik-Lars Cederman sought to explain Richardson’s findings in his 2003 peer-reviewed publication “Modeling the Size of Wars: From Billiard Balls to Sandpiles.” However, Lars used an invalid statistical technique to test for power law distributions. In 2005, I began collaborating with Pro-fessors Neil Johnson and Michael Spagat on related research after I came across their fascinating co-authored study that tested casualty distributions in new wars (internal conflicts) for power laws. Though he was not a co-author on the 2005 study, my colleague Sean Gourely presented this research at TED in 2009.

In any case, I invited Michael to present his research at The Fletcher School in the Fall of 2005 to generate interest here. Shortly after, I suggested to Michael that we test whether conflict events, in addition to casualties, followed a power law distribution. I had access to an otherwise proprietary dataset on conflict events that spanned a longer time period than the casualty datasets that he and Neils were working off. I also suggested we try to test whether casualties from natural disasters follow a power law distribution.

We chose to pursue the latter first and I submitted an abstract to the 2006 American Political Science Association (APSA) conference to present our findings. Soon after, I was accepted to the Santa Fe Institute’s Complex Systems Summer Institute for PhD students and took the opportunity to pursue my original research in testing conflict events for power law distributions with my colleague Dr. Ryan Woodard.

The APSA paper, presented in August 2006, was entitled “Natural Disasters, Casualties and Power Laws:  A Comparative Analysis with Armed Conflict” (PDF). Here is the paper’s abstract and findings:

Power-law relationships, relating events with magnitudes to their frequency, are common in natural disasters and violent conflict. Compared to many statistical distributions, power laws drop off more gradually, i.e. they have “fat tails”. Existing studies on natural disaster power laws are mostly confined to physical measurements, e.g., the Richter scale, and seldom cover casualty distributions. Drawing on the Center for Research on the Epidemiology of Disasters (CRED) International Disaster Database, 1980 to 2005, we find strong evidence for power laws in casualty distributions for all disasters combined, both globally and by continent except for North America and non-EU Europe. This finding is timely and gives useful guidance for disaster preparedness and response since natural catastrophes are increasing in frequency and affecting larger numbers of people.  We also find that the slopes of the disaster casualty power laws are much smaller than those for modern wars and terrorism, raising an open question of how to explain the differences. We show that many standard risk quantification methods fail in the case of natural disasters.


Dr. Woodard and I presented our research on power laws and conflict events at SFI in June 2006. We produced a paper in August of that year entitled “Concerning Critical Correlations in Conflict, Cooperation and Casualties” (PDF). As the title implies, we also tested whether cooperative events followed a power law. As far as I know, we were the first to test conflict events not to mention cooperative events for power laws. In addition, we looked at conflict/cooperation (C/C) events in Western countries.

The abstract and some findings are included below:

Knowing that the number of casualties of war are distributed as a power law and given a rich data set of conflict and cooperation (C/C) events, we ask: Are there correlations among C/C events? Is there a correlation between C/C events and war casualties? Can C/C data be used as proxy for (potentially) less reliable casualty data? Can C/C data be used in conflict early warning systems? To begin to answer these questions we analyze the distribution of C/C event data for the period 1990–2004 in Afghanistan, Colombia, Iran, Iraq, North Korea, Switzerland, UK and USA. We find that the distributions of individual C/C event types scale as power laws, but only over approximately a single decade, leaving open the possibility of a more appropriate fit (for which we have not yet tested). However, the average exponent of the power law (2.5) is the same as that found in recent studies of casualties of war. We find low levels of correlations between C/C events in Iraq and Afghanistan but not in the other countries studied. We find that the distribution of the sum of all conflict or cooperation events scales exponentially. Finally, we find low levels of correlations between a two year time series of casualties in Afghanistan and the corresponding conflict events.


I’m looking to discuss all this further with Sinan and learning more about his fascinating area of research.

Crisis Mapping the Opening Battle of the Sino-French War

I only had a few hours to explore Taipei last week and thus chose to visit the highly recommended National Place Museum just outside the city. I was well impressed with the Museum’s use of technology, from table-sized “iPads” to 3D virtual reality displays of ancient artifacts. But it was a small and nondescript 127-year-old crisis map that truly stole the show for me.

The crisis map depicts the Battle of Fuzhou (Foochow) also known as the Battle of the Pagoda Anchorage, named for a remarkable Chinese pagoda, the Luoxingta (羅星塔), which still stands on a hill above the harbor today. The battle, which took place in August 1884, was the opening engagement of the Sino-French War which lasted for a year and a half.

Admiral Amédée Courbet, in command of the French squadran, had noticed that the Chinese ships anchored near the harbor swung with the tide and thus decided to plan his attack just before high tide at 2 p.m. on the afternoon of Saturday, August 23, 1884, when he hoped the Chinese ships would have “swung away from the French ships and would be presenting their vulnerable sterns to the attackers.” Courbet’s strategy worked, “virtually destroying the Fujian Fleet, one of China’s four regional fleets.”

I took a picture of the Chinese crisis map on display in Taipei (see below), which is apparently the first copy to make it on the Internet. The caption in English on the bottom right reads: “Diagram of engagement between the French and Chinese naval fleets at Mawei, French warships attack during the afternoon low tide. Chinese vessels anchored at the bows, now face the French astern, unable to use the powerful bow cannons, resulting in the total sinking of the Ch’ing  Fuzhou (Foochow) Naval Fleet, August 23, 1884.”

I was so intrigued and surprised to find this crisis map that I followed up with some online research. The Wikipedia article on the battle was an absolute treasure trove of information and pictures. Take for example, the French version of the crisis map below.

Both maps appear to be more or less at the same scale but only the French includes distance bar (0-500 meters). The French map is also more detailed (history is written by the victors?) but the Chinese one makes more use of color-coding. To get a better sense of what the “battle field” and ships looked liked, check out the following pictures.

The above was painted in the 19th century. The painting below depicts the bombing of the Fuzhou Arsenal on the following day, August 24th.

Contrast the above French version with the Chinese lithograph of the battle below and the Japanese depiction that follows.

The picture below shows the Chinese fleet the night before the French attack. The two following pictures depict the result, the sunken Chinese ships.

Curious to know what the area looks like today? The Wikipedia article also provided a number of pictures.

Know of other crisis maps from hundreds of years ago? If so, please feel free to share in the comments section below. Thanks!

Crowdsourcing and Crisis Mapping World War I

I came across some interesting finds at the National Air and Space Museum this weekend. The World War One (WWI) exhibit had this large, back-lit crisis map:

Now, war maps are nothing new. In this previous blog post, I noted that, “In 1668, Louis XIV of France commissioned three-dimensional scale models of eastern border towns, so that his generals in Paris and Versailles could plan realistic maneuvers. […] As late as World War II, the French government guarded them as military secrets with the highest security classification” (see picture). What struck me about the crisis map of WWI was the text above the title:

“To satisfy the public’s desire for information about the war, newspapers published war maps that provided the locations and military capabilities of the warring nations. This map, published at the outbreak of hostilities illustrates the British view of the war’s global scope.” I’m intrigued by this find and wonder how often these maps were updated and what sources were used. Would public opinion at the time have differed had live crowdsourced crisis maps existed?

Towards the end of the WWI exhibit, I came across this sign, originally posted near the entrances of the London Underground. The warning relates to hostile German aircraft that had begun to bomb London in early 1915. On September 8, a Zepellin raid on the city cause more than half a million pounds of damage.

What stuck me about this warning were the following instructions: “In the event of a hostile aircraft being seen in country districts, the nearest Naval, Military or Police Authorities should, if possible, be advised immediately by Telephone of the time of appearance, the direction of flight, and whether the aircraft is an Airship or an Aeroplane.” Crowdsourcing early warnings of WWI attacks.

Know of other interesting examples of crowsourcing during the first (or second) world war? If so, please feel free to share in the comments section below, I’d love to compile more examples.