April 26, 2024 — I am honored and humbled to be selected as the editor-in-chief of The Cyber Defense Review. I believe the CDR and the combined efforts of this community will push the envelope on the concepts that will keep the competitive balance tilted in our favor. As we look into the future, to where today’s disruptive technologies and innovation converge, I look forward to having an interactive dialog with readers and writers from across the community to help solve the problems of today as we adapt to long-term global competition and build the campaigns that will have lasting impacts ten years out and beyond. MORE
|
April 26, 2024 — A senior civilian in USCYBERCOM asked me “What matters more: the message or the ability to send that message?” I pondered it momentarily, trying to decide on what message was critically important—was it a 911 call? A call for fire at a critical point in battle? These are critically important. However, the message is meaningless if you do not have a way to send it. It suddenly became clear to me where he was going: it is the ability to send a message that is important. The ability to communicate is paramount to just about everything we do, and cyber turns that ability on or off. After more than a year as the Director of the Army Cyber Institute, I’m not so sure anymore. The articles in this edition of the CDR display that even in this one cyber journal, we look to the history of what we know to help describe the future of cyber, yet there are gaps, and it is difficult. MORE
|
April 26, 2024 — As I look back on 2023, increased tension and conflict around the world highlight the importance of our capabilities and the need for continued efforts to deter aggression and remain fully prepared to prevail in conflict when necessary. Every Soldier and civilian of ARCYBER is keenly aware of these conflicts, and more pointedly, conflict in cyberspace is now an integral element of enduring strategic competition amongst nations. Conflicts in both Ukraine and Gaza have revealed that all belligerents are operating in the cyber domain to support their tactical and strategic objectives. The persistent nature of around-the-clock cyber competition, and continuous preparations for crisis and conflict, requires constant adaptation to optimally employ our limited resources. Often, I am asked, “How exactly does ARCYBER contribute to or support the Army, U.S. Cyber Command (USCYBERCOM), and our overall National Defense?” This simple, straightforward question has a five-part answer.
MORE
|
April 26, 2024 — On October 30, 2023, the Administration released Executive Order (EO) 14110 on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). For several reasons this EO lays a light hand on the Department of Defense (DoD). The DoD had and was already implementing “responsible AI” safeguards for defense programs. A public debate over AI for some time has been in progress among political and IT capital goods elites over a rising concern that uncontrolled commercial and government use of AI is spreading too rapidly into all private and consequential aspects of citizens’ lives but these are areas in which DoD generally plays a limited role. However, adversaries and vendors also get a vote in the future of trust with AI and DoD. MORE
|
April 26, 2024 — ARCYBER is challenged to balance the demands of mission commanders requesting defense of critical missions, Congress directing actions to defend critical resources, and intelligence reports, all resulting in diversion of resources to address perceived threats. Mission Thread Analysis (MTA) is a process to help build understanding and consensus between customers (operational force) and providers (network operators and defenders), offering an analytical framework where both sides detail their operational and technical requirements. ARCYBER redesigned and formalized the MTA process to help inform prioritization, training,
team employment, and optimization of Defensive Cyber Forces.
MORE
|
April 26, 2024 — The question of a Cyber Military Force is not new, although most studies lack practical solutions. This article explores the requirement to establish a separate U.S. Cyber Military Force, detailing threats, precedent, and current gaps and provides a framework for the DoD to recommend Congress establish a separate U.S. Cyber Military Force. Establishing a separate cyber military force under the Department of the Army is a critical and necessary step in addressing the evolving cyber threats facing the United States. Such a force will enable the U.S. to be better positioned to defend its national interests in the cyber domain, develop advanced capabilities, and maintain a competitive advantage over potential adversaries. MORE
|
April 26, 2024 — The U.S. military describes and understands war within the Clausewitzian frame of physical violence to accomplish a political goal by enforcing will on the military of an opposing state through physical actions. However, the cyber domain and the effect of cyber actions reveal that our understanding of war can no longer be restricted to the Clausewitz paradigm. Cyber effects can cause destruction without kinetic actions and brought the cognitive dimension to the forefront of many military leaders’ and planners' thinking. Cyber activities reveal that while new technology may not have changed war, a theoretical foundation built upon Clausewitz narrowly restricts the understanding of war for the modern era. MORE
|
April 26, 2024 — History shows that advantages are gained by the force who uses new technologies to secure their communications. Quantum computing appears to provide a variety of benefits including new ways to secure communications and the ability to not just bypass a cryptologic system, but potential to attack the system itself. While quantum technology is very promising, history shows the vulnerabilities posed by human factors should be taken into account in the design, engineering and implementation of these technologies. MORE
|
April 26, 2024 — As a result of the unique circumstances created by the collapse of the Soviet Union, Russia has developed disproportionate cyber power relative to its economic stature. Russia is only the world’s eleventh-largest economy by gross domestic product (GDP), and its information technology (IT) sector constituted just under 6% of the country’s GDP before Russia’s 2022 invasion of Ukraine. Despite these limitations, Russia is commonly recognized as an elite cyber power. Importantly, Russia relies heavily on cyber professionals from outside its security agencies, including talent from the private sector and associated with organized criminal groups (OCGs), to conduct offensive cyber operations on the state’s behalf. However, after the Russian invasion of Ukraine, a mass exodus in Russian IT professionals occurred and this presents the West with a unique opportunity to weaken Russia’s power in the cyber domain. MORE
|
April 26, 2024 — Cybersecurity suffers from a “tragedy of the commons” problem, where people and institutions have adopted lax security practices due to a tendency to weigh the perceived costs of adopting sound cybersecurity practices as higher than their expected benefits. For example, despite advancements in cybersecurity measures and extensive investments in tools and strategies to counter cyberattacks, foundational best practices have faltered leading to global cybersecurity challenges. Part of the dilemma stems from the fact that cybersecurity continues to be approached with a limited mindset, which creates a significant threshold of social cohesiveness for combating cyber threats. In the meantime, the cyber threat landscape continues to proliferate and exploit the fragile networks that we all inhabit. This paper provides a community-centered framework for cyber resilience that offers a starting point for addressing the tragedy of the commons problem in cybersecurity. MORE
|