Can Attrition Theory Provide Insight for Cyber Warfare?

Abstract

This paper explores the notion that cyber-adversaries can use classic attrition tactics to cause weakness to address follow-on attacks. We conducted a grounded theory study that reviewed historic literature to identify parallels between past attrition tactics and cyber warfare. From historical examples, we see the possibility of an adversary conducting an asymmetric campaign by flooding the adversary with false-positive attacks in order to have them drain resources. For a modern perspective, we interviewed subject-matter experts from a US military command. Thematic analysis demonstrates a link between attrition and cyber-maneuver warfare. One significant finding is that most subject-matter experts agreed a culture of compliance, which encourages a full resources response to security events given full resources, can reduce the ability to maneuver appropriately and takes away from the focus on critical mission functions that cyber security is actually in place to protect. Other common themes that surfaced include that some interviewees believed their organizations were not prepared for cyber war nor are they resourced adequately to respond to a state of cyber war. Issues that need further study are the need to compare and correlate telemetry and metrics of incident responses and better tracking of the dollar-cost value of incident response and cyber tactics.