The Cyber Defense Review


1 2 3 4 5 6 7 8 9 10 ... 32

The Cyber Defense Review: So…Anything Interesting Going On?

May 17, 2022 —

As I read through the Spring CDR, I found that the war in Ukraine was on my mind and that I analyzed the articles through that lens. During my reading of each article, I kept asking myself the following:

  • How does this relate to the current and evolving situation in Ukraine?
  • Is Ukraine validating many of our assumptions of modern, multi-domain operations?
  • Or is it a return to more traditional/conventional warfare?
  • Finally, how are other adversaries, such as China, leveraging the situation to their own benefit?

While not written with Ukraine in mind, I think you’ll find many relevant articles in this issue that highlight the need for continued thought leadership in cyberspace, which plays a crucial role in current and future competition and conflicts.


Cyber Crime and Geostrategic Clash Over the Internet

May 17, 2022 — Over the past two decades, global society has shifted significant portions of its social and economic activities online. In the US alone, Internet Association experts estimate that Internet-based commerce accounted for about $2.1 trillion, or 10% of GDP, in 2019. With this rise in economic and social activity, the world has witnessed a dramatic rise in cyber-attacks, mostly by criminal actors seeking to steal assets, defraud victims, and ransom decryption keys. One expert projects that by 2025, worldwide cyber-crime losses will reach a staggering $10.5 trillion, making cyber-crime—were it a country—the world’s third largest economy. For victims, the harm includes not only the cost of cleanup, but the loss of tangible assets such as stolen funds and fraudulent credit card charges, as well as harder-to-quantify figures for businesses that shut down operations or lose valuable intellectual property that finds its way into competitors’ hands. Thus, the consequences for business owners and everyday citizens are severe. Yet progress in stemming the flow of cyber-attacks in the US seems stymied. The White House’s 30-nation meeting on ransomware in October 2021 was a promising initiative, but lacked any mention of private-sector active defense measures. As noted in the 2016 "Into the Gray Zone" report co-authored by ADM Dennis Blair, one of this article’s authors, the US must take active steps not only to protect networks, but also to hunt down threat actors. Doing this at scale will require robust private sector participation. This article suggests one way to achieve this. MORE

Conceptualizing Cyberspace Security Diplomacy

May 17, 2022 — At a time when crippling ransomware incidents have drawn awareness to the risks of cyberattack as perhaps never before—and in which cyber criminals often enjoy toleration and a symbiotic relationship with the government in safe haven jurisdictions such as Russia—cybersecurity and cyber defense are topics of critical importance. In response to these threats, government officials and private cybersecurity experts alike seek effective responses, which increasingly involves cybersecurity-focused diplomatic engagement. This article offers a tentative framework for conceptualizing this challenge and developing more systematic approaches for cybersecurity policy interventions that will support and facilitate cyber diplomacy. MORE

America’s Cyber Auxiliary: Building Capacity and Future Operators

May 17, 2022 —

As the proliferation of cyber threats continues and the complexity and number of online systems grows, the need for updated cyber defenses to appropriately combat the threat will continue to expand into the future. The public and private sectors both heavily rely on accessing and using secure networks. The requirements for defense already outstrip the current capacity the US government has and needs reinforcement.

A cyber auxiliary can provide several ways to augment our cyber defense capacity. Education programs can equip the population with skills and awareness to serve as a solid front-line defense. A cadet program could enhance the educational approach and expose a larger population to in-depth knowledge of cyber defense and network operations, building a cadre for the future. Adult auxiliary members can add capacity to current cyber-defense organizations and be critical actors in aiding civil defense and even DoD. Much like the change in warfare observed during and after World War I, cyberspace is changing and growing. It is time to recognize both the environmental shifts and the opportunities available to the nation to get ahead of the coming cyber tsunami.


AI, Super Intelligence, and the Fear of Machines In Control

May 17, 2022 —

The advent of Big Data is decades old, and the citadels built atop its resources have redefined the landscape, shifting the power balance away from governments and into the gray area between the public and private sectors. Regulatory systems have yet to keep pace. Power has come not so much from the collection, ownership, or acquisition of data, but more from the ability to direct them into strategic assets. The combinations of what you know and who knows what will become the next decade’s most valuable commodities, with those resting on fractured and ineffective decision-making systems losing the competitive battle.

However, it’s important to avoid the superstition of superintelligence, waiting for - or fearing - the day that the machines awaken and take control. The ultimate battle will not be between humans and machines. The battle will be hybrid means and those harnessing the power of true human·machine collaboration will come out on top, thereby achieving true organizational intelligence. This article addresses the foundations of organizational intelligence, and how to navigate the shifting sands and strengthen one’s financial and reputational position within global power dynamics.


Information as Power: Evolving US Military Information Operations

May 17, 2022 —

The 2016 Presidential election that brought Donald Trump to the White House was a turning point in US policies and attitudes toward Internet governance. The discovery of organized Russian influence operations combined with the unexpected election result, led to a fundamental reappraisal of the security implications of the content flowing over global social media. Once seen as a realm of civil society subject to communications or technology policy, social media exchanges are now perceived by many as an arena of geopolitical conflict. The US, many claimed, was engaged in information warfare in a way that implicated national security. This article explores the consequences of the changing perception of Internet content for US military doctrine regarding Information Operations (IO) and the US approach to Internet governance. The article seeks to answer the following two research questions (RQ):

RQ1: What changes in US military organization, policy, doctrine, and practice regarding IO took place after 2016?

RQ2: Are the post-2016 US military organizational structures, doctrines, policies, and practices eroding the distinction between liberal-democratic and authoritarian political systems regarding free expression on the Internet?


"Explicit" Bargains are Essential to Forming Desired Norms in Cyberspace

May 17, 2022 —

As the United States endeavors to establish international norms in cyberspace, it is critical to delineate which behavioral norms it supports, how it plans to establish them, and to what ends the norms are to serve. Espionage does not violate any international norm; participants have tacitly agreed to undertake espionage and counterintelligence that fall below the "scale and effects" attributed to the "use of force" and assume their associated costs in peacetime. Yet not all espionage in cyberspace below this threshold is considered acceptable. For example, the US desires to bar espionage conducted "with the intent of providing competitive advantages to companies or commercial sectors."

Existing literature largely favors tacit bargaining to develop norms in cyberspace. However, the dynamics of the 2015 U.S.–China Cyber Agreement highlight the necessity of both explicit bargains and the prospect of cooperation to avoid costly escalatory spirals. The newly established position of Deputy National Security Advisor for Cyber and Emerging Technology and the formation of Department of State’s Bureau of Cyberspace and Digital Policy offer a chance to develop a US-led multilateral whole-of-government approach for the formation of cyberspace norms. This approach is discussed here, using the the U.S.–China Cyber Agreement to illustrate how it would be preferable over simply relying on tacit bargaining.


Timing Influence Efforts with Information Processing

May 17, 2022 — Thanks to technological advancements and global connectivity, the information environment continues to evolve as new information channels emerge. However, despite evolutions in the information environment, the role and nature of information in people’s lives have not changed. Even with the advent of social media, the internet, and other technologies that have increased access to information, two principles remain the same. The first principle is that people seek information to reduce the uncertainty associated with their perception of insufficient knowledge. The second principle is that information processing is a social process. These principles are explored within the context of timing to facilitate better effects from influence efforts that are sequenced and executed to maximize influence opportunities. The timing of target populations’ information- seeking and socialization represents a window of opportunity for influence. As information is socialized and accepted, the attribution of this information becomes part of a shared reality and storied identity. MORE

The Global Engagement Center’s Response to the Coronavirus Infodemic

May 17, 2022 — COVID-19 has underscored the shortcomings of the US government’s (USG) approach to disinformation. Throughout the pandemic, adversary nations attacked both foreign perceptions of the US abroad as well as Americans’ confidence in their own institutions. The US failed to execute a robust and coherent response against these spurious narratives. This article will review the federal government’s actions with a particular focus on the Global Engagement Center (GEC), the agency nominally tasked to coordinate the federal government’s response to foreign disinformation. MORE

Bitskrieg: The New Challenge of Cyberwarfare

May 17, 2022 — In the 1990s, John Arquilla and David Ronfeldt co-authored an influential series of articles in which they developed the concepts of cyberwar, swarming tactics, and netwar. Drawing on historical analogies that predate the information age, he articulated how information dominance would critically enable future warfare. Today, some senior leaders herald this concept as the centerpiece to strategic success. In Bitskrieg, the professor emeritus at the U.S. Naval Postgraduate School once again draws from history to envision the evolution of conflict. He possesses rich experience to complement it, as he has had fortune to witness and influence US strategic decision-making for the last three decades. In his book, Arquilla provides strategic context for ongoing efforts to increase the use of cloud computing and strong encryption, and articulates a new approach to cyber arms control agreements. His work is insightful to practitioners and leaders throughout the cyber domain. MORE

1 2 3 4 5 6 7 8 9 10 ... 32