Cyber Defense Review

Recent Articles

1 2 3 4 5 6 7 8

Beyond Capabilities: Investigating China’s Military Strategy and Objectives in Cyberspace

December 3, 2016 — United States government officials and policymakers regularly warn that China will launch destructive cyberattacks against critical US civilian infrastructure, including electrical grids, water supply stations, and transportation networks. However, they base such predictions on analysis that emphasizes China’s cyberwarfare capabilities, while ignoring the country’s cyberwarfare strategy and objectives. While China may possess the capacity to carry out devastating cyberattacks, does the country want to? Accurately predicting Chinese cyberattacks requires a holistic analysis that considers not just China’s capabilities, but its strategy and objectives as well. This paper relies on military reports and academic articles produced by senior PLA officials to uncover, organize, and ultimately distill Chinese cyberwarfare strategies and objectives. In addition, secondary analysis conducted by Western military experts on China and intelligence gathered by the US government help identity key trends and anomalies found in the primary sources. These documents reveal a Chinese cyberwarfare strategy that calls for cyberattacks to be used during military conflicts in a preemptive manner to disrupt enemy logistics and communications networks. The strategy does not call for the destruction of civilian infrastructure during peacetime. Framing China’s cybersecurity threat within a broader context of strategy and objectives emphasizes that the country may not be the most likely perpetrator of future destructive cyberattacks. This discovery has significant implications for current US national security policy, which is heavily focused on confronting a major Chinese cyberattack. MORE

The Increasing Necessity for a United States Cyber Service

November 21, 2016 — Conducting cyber warfare is cheap and easy.[1] It affords anyone from individual hackers to nation-state actors the ability to wage destructive acts against the United States.[2] In 2009, the Secretary of Defense directed the Commander of U.S. Strategic Command to establish a sub-unified command, U.S. Cyber Command (USCYBERCOM), to prepare the Department of Defense (DoD) for the integration of offensive and defensive cyberspace operations.[3] Due to the constant rate of change in cyberspace, USCYBERCOM has experienced challenges integrating joint force cyber components. A quick examination of the US cyber force organizational chart demonstrates how complex the relationships are between service components and outside agencies. These organizational intricacies have led Admiral Michael Rogers, National Security Agency (NSA) Director and Commander of USCYBERCOM, to ask “is cyber so different, so specialized, so unique, so not well understood that it requires a very centralized, focused, unique construct to how we generate capacity and knowledge?”[4] While still heavily debated, many US government officials believe the existing organizational structure best meets current DoD requirements. However, there is an increasing necessity to transform the joint cyber construct into a stand-alone military service branch or similar entity that is separate from, yet integrated into the other military service branches. This necessity is based on cyberspace operations occurring in a separate operational domain, requiring a different organizational composition than traditional service branches, and hampered by the current joint cyber construct. MORE

Army Tactical Network Quality of Service and Graceful Degradation Concept

November 15, 2016 — The Army tactical network(s) currently comprise multiple, individually federated, transport mechanisms. Almost all warfighting functions, in addition to other specialized services (e.g. medical), maintain a dedicated network communication infrastructure. While this does provide some redundancy[i], it also impedes collaboration and data sharing, as well as greatly increases complexity and Cost, Size, Weight and Power (SWaP) requirements across all tactical echelons. The U.S. Army Cyber Center of Excellence has recently introduced a plan to converge these Command Post (CP) network architectures, promoting the concept of a single transport layer as a means to increase efficiency and enable the sharing of data across all mission functions. Achieving this degree of integration has numerous challenges. This article will focus on just one – critical information delivery assurance. Given that within this network model, all data must share a single finite capacity communication transport layer, how do we ensure that critical information is provided some assurance of guaranteed delivery and responsiveness? To achieve this, we make the case that a converged tactical network must support a comprehensive Quality of Service (QoS) implementation as well as graceful degradation mechanisms. MORE

The False Promise of Hacking Democracy

November 4, 2016 — “Probable impossibilities are to be preferred to improbable possibilities” It is immensely convenient to claim that a Federal election can be hacked; however, the reality of hacking such an election is far more difficult than one might realize. The level of complexity in the US electoral process is such that to hack the election would require a combined feat of technical and social engineering requiring tens of thousands of co-conspirators operating across hundreds of jurisdictional boundaries with divergent laws and practices. Having worked in democracy development for the better part of 10 years on elections in several dozen countries, the state of American electoral security is strong because of its immensely decentralized nature. In a case where the bewildering and often arcane complexity facilitates inefficiency, it is this inefficiency that coincidentally fosters systemic resilience. It is the organizational attributes of a national election run by state and local authorities that make the United States a poor target for any malicious actor attempting to directly affect the polling places where American’s cast their ballots. MORE

Education for the Future of Cyber

November 2, 2016 — Education will be the cornerstone for our nation’s success in cyberspace. The military has made efforts towards building the force necessary to defend its borders within cyberspace. The United States (US), however, will need to invest in its youth to better prepare for the future. This article focuses on current efforts to prepare for cyber warfare through the education system, community programs, and military training. With a better understanding of the current efforts, organizations can strengthen programs or focus on areas necessary to further US capabilities in cyberspace. MORE

FBI Cyber: Preventing Tomorrow’s Threats Today

September 19, 2016 — Is the Federal Bureau of Investigation capable of defending the citizens of the United States of America against cyber-attacks? Are the cyber criminals of today too advanced and unpredictable for the FBI to keep up with? Is it possible for the FBI to predict and overcome such an advanced and ever-changing adversary? Although the cyber domain is challenging law enforcement in new and unpredictable ways, this paper imagines a future in which they are fully capable of combating cyber criminals. By reviewing past successes within the FBI, examining their ability to overcome jurisdictional hurdles, and analyzing their capacity to innovate and adapt to criminals who think they can outsmart them, the FBI of the future will be able to proactively prevent tomorrow’s threats today. MORE

Cyber Domain: Getting Ourselves Ready for Future Readiness and Conflict

September 7, 2016 — The issue. DoD has been trying to establish its plans, structures, processes, and systems to deal with its cybersecurity and operational issues for several years. These efforts have slowly evolved as DoD has clarified and understood its cyber mission. Given the latest proclamation of the cyber roles assigned to government agencies (in the Presidential Policy Directive 41), it is probably time to put together more definitive plans for the DoD cyber forces and the cyber duties associated with all units, service members, and DoD employees. Another recent document that helps DoD sort out its cyber roles comes from the Joint Operating Environment 2035 (JOE2035), subtitled The Joint Force in a Contested and Disordered World, published in 14 July 2016. Essentially, the President’s document assigns DoD to take care of DoD-related contested military cyber issues. The JOE2035 predicts there will be plenty to do by the cyber forces, and identifies a high-probability, almost continuous, context for future conflict in cyberspace by outlining the struggle to define and protect sovereignty in cyberspace for our military. The cyber domain is a growth area with the specter of continuous, sometimes intense, conflict for a long time. With the US depending heavily on the interdependent networks of information technology (Internet, telecommunications networks, computer systems, embedded processors and controllers) and the data, information, and knowledge that is stored and flows through and between these systems, the cyber domain is the place where a high-stakes competition has, is and will be taking place. MORE

There Is No “Cyber”

September 7, 2016 — At the recent Joint Service Academy (JSA) Cyber Security Summit at West Point (20-21 April, 2016), the word “cyber” was used in multiple different facets. As a noun, cyberspace is the “Domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data…” [COL11]. This is perhaps the broadest definition possible, proposed as the Cyberspace Operations Lexicon by the Joint Chiefs of Staff. While the ambiguity with the meaning of the proper noun “Cyber” provides a difficult framework to focus meaningful actions, our use of the words “Cyber”, “Digital” and their like as adjectives serves only to create artificial divisions among researchers, practitioners, and decision-makers in the area. MORE

Safeguarding The United States Military’s Cyber Supply Chain

September 7, 2016 — America’s military cyber supply chain (USMCSC) depends on China’s manufacturing sector, yet faces uncertainty with regards to China’s global political stance. While trade between the United States and China is extremely crucial to both country’s economies and respective GDPs, at what point does the US military choose to refrain from doing business with China? China’s desire to become one of the leading global powers has resulted in its significant and aggressive military growth. American defense companies, desiring to maintain revenues and market share, increasingly outsource military manufacturing to Chinese companies. China is slated to become a hub for American military software outsourcing. Given such a flow of information along the cyber supply chain, it is not unreasonable to suspect that China is culling the USMCSC for information for its own militaristic use. If this is the case, should the US military curb or cut trade with China as means of safeguarding American military secrets? MORE

Enter the Policy and Legal Void

August 21, 2016 — Soldiers are down range and have suites of tools available to them that they cannot use to their full capability. They are not technically limited, but rather constrained by the authorities and pre-requisite policies established in a pre-digital age. We tell them to go and defeat ISIS, Al al’Qaeda, or pick another future adversary, but they must do so with their hands tied behind their backs. Make no mistake, as a nation we are currently involved in a global conflict. The conflict is not defined by traditional weapons, but by bits and bytes traversing fiber lines and airwaves. This global information war collides with many of the values of Western Democracies, and the societal constraints of authoritarian regimes. The robust constraints on governmental instruments serve a valuable purpose, yet at the same time our Soldiers in the field are struggling to navigate complex legal and policy waters while corporations are drowning in data that might inform or provide context for a variety of mission sets. The volume and velocity of this data is only set to grow as globally the number of Internet enabled devices increases from approximately 17 billion to 50 billion and beyond. At the beginning of the digital age it is imperative that we, as a society, begin discussing the future we are rapidly entering. MORE

1 2 3 4 5 6 7 8

Comment Disclaimer

If you wish to comment on any of the posted articles, please use the comment box provided below the individual article. The Army Cyber Institute (ACI) reserves the right to modify this policy at any time.

This is a moderated forum. This means that all articles are subject to review. In addition, we expect that the participants will treat each other, as well as our agency and our employees, with respect. We will not post and will remove any comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to others or similar content. We will not post and will remove comments that are spam, clearly "off topic", promote services or products, infringe on copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will not be posted and will be removed. The ACI and the ACI alone will make a determination as to which comments will be posted and/or removed. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of the individuals using the Cyber Defense Review site. These references are not intended to reflect the opinion of the ACI, the Army, the Department of Defense (DoD), its officers, or employees concerning the significance, priority, or the importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying ACI, Army, or DoD endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behavior or sexual assault will be reported to the appropriate authorities. This forum is not:
- To be used to report criminal activity. If you have information for law enforcement, please contact your local police agency.
- Do not submit unsolicited proposals or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
- This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

The ACI does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. The ACI may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. The ACI does not endorse, support, or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on the Cyber Defense Review website. 

Members of the media are asked to send questions to the public affairs office through normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted and may be removed at the discretion of the ACI. We recognize that the web is a 24x7 medium and your comments are welcome at any time. However, given the need to manage federal resources, moderating, posting, and removal of comments will occur during normal business hours Monday through Friday. Comments submitted after hours or on weekends will be reviewed and posted or removed as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic". This means that comments will be reviewed and posted only as it related to the topic that is being discussed within the blog post and "off-topic" posts may be removed. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the ACI, the Department of the Army, the Department of Defense, or the Federal Government.