- Page 1
- Page 2
- Page 3
- Page 4
- Page 5
- Page 6
- Page 7
- Page 8
- Page 9
- Page 10
- Page 11
- Page 12
- Page 13
- Page 14
- Page 15
- Page 16
- Page 17
- Page 18
- Page 19
- Page 20
- Page 21
- Page 22
- Page 23
- Page 24
- Page 25
- Page 26
- Page 27
- Page 28
- Page 29
- Page 30
- Page 31
- Page 32
- Page 33
- Page 34
- Page 35
- Page 36
- Page 37
- Page 38
- Page 39
- Page 40
- Page 41
- Page 42
- Page 43
- Page 44
- Page 45
- Page 46
- Page 47
- Page 48
- Page 49
- Page 50
- Page 51
- Page 52

- Flash version

© UniFlip.com
background image
Brazil, China, India, Mexico and Russia: what do these
countries have in common? These countries, along with
several other countries, have all participated in nationalistic,
patriotic themed website defacements in response to
perceived threats by adversaries and, coincidentally, these
countries also score on the high end of Hofstede's power
distance index (PDI).
Why should we consider looking at
actions and behaviours through
Hofstede's framework? During
a multicultural studies class, a
professor remarked how the locals
of one country shared with her
the fact that they could always
recognise the American tourists.
They explained it was in the way
they walked, their posture, and the
amount of distance they needed from
those around them. When looking at cyber
behaviours the question arises: if national origin
can be determined by a person's kinetic behaviour, can
national origin be determined by attack behaviour? Like
tourists who telegraph their national origins: can hackers
unwittingly unveil their national origins? Do cultural clues
reside in attack behaviours?
The link between culture and thought has long been
established. Additionally, war and war games are tailored
to reflect adversary behaviours, and these behaviours
are culturally influenced. If kinetic war behaviours can be
culturally influenced, cyber war behaviours should
also share this trait.
Culture is a term that is widely used;
however, a standard definition
appears elusive. Geert Hofstede
provides a definition that is
generally accepted: "the collective
mental programming that
distinguishes one group of people
from another" (Hofstede, Hofstede
and Minkov, 2010). Academia's
adoption of Hofstede's work implicitly
validates his definition.
`Mental programming' is part of the automatic thought
process. This suggests that certain behaviours, specifically
cyber behaviours, may be mentally programmed into
the warrior, and this mental program may be culturally
influenced.
Hofstede et al. (2010) defined six dimensions of culture
and the values are operationalised for each dimension. The
definitions for each dimension can be found in Hofstede's
works. Space limitations result in the omission of the
definitions.
The initial work, in examining cyber behaviours, relied on
known, existing behaviours. Therefore, the initial studies
used self-identified, nationalistic, patriotic themed website
defacements. These defacements were first identified
at www.zone-h.org.
The initial study simply identified
countries that participated in this type
of behaviour. The countries were
grouped together and compared
against the overall population through
means testing. The results showed
that countries with high PDI values
and low collectivist values participated
in these attacks. An incidental
observation found that, countries on
the opposing poles were more likely to be
the victims of these types of attacks instead of
participants. The incidental observation was casual, and
lacked the rigour of an academic study.
A second study was structured to determine if a correlation
existed between the number of attacks and the dimensional
value. This study showed an increase in the number of
attacks as the PDI value increased, the correlation was
strong (0.681). When these attacks were correlated with
collectivism, a strong correlation (0.6669) was also found.
One other dimension, a short-term orientation, also showed
a strong correlation (0.6331) between the number of
attacks and the dimensional value.
Additional studies are planned that
examine other behaviours, and this
particular defacement. These studies
will be used to examine the level of
aggression, and perhaps determine
if a relationship exists between
kinetic action and these defacements.
The ultimate goal is to determine if
Hofstede's framework, that is used to
anticipate behaviours in the corporate
world, is applicable to the cyber realm.
This article is the first in a series of articles that will detail
our progress and observations in pursuit of this line of
research. This research has far reaching implications for
cyber operations. By performing cross-discipline research
and using statistical analysis as the evaluation tool, we believe
that we may be able to extend existing profiles to go
beyond observed behaviours into the realm of forecasting
cyber behaviours and attributing attacks beyond the IP
address.
a different perspective on
attribution
Dr. Char Sample & Dr. Andre Ara Karmanian
· 9 ·