An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

The Cyber Defense Review

Articles

1 ... 6 7 8 9 10 11 12 13 14 15 ... 40

Bitskrieg: The New Challenge of Cyberwarfare

May 17, 2022 — In the 1990s, John Arquilla and David Ronfeldt co-authored an influential series of articles in which they developed the concepts of cyberwar, swarming tactics, and netwar. Drawing on historical analogies that predate the information age, he articulated how information dominance would critically enable future warfare. Today, some senior leaders herald this concept as the centerpiece to strategic success. In Bitskrieg, the professor emeritus at the U.S. Naval Postgraduate School once again draws from history to envision the evolution of conflict. He possesses rich experience to complement it, as he has had fortune to witness and influence US strategic decision-making for the last three decades. In his book, Arquilla provides strategic context for ongoing efforts to increase the use of cloud computing and strong encryption, and articulates a new approach to cyber arms control agreements. His work is insightful to practitioners and leaders throughout the cyber domain. MORE

The Cyber Defense Review: Addressing Critical Unlearned Lessons

December 22, 2021 — Welcome to a unique Special Edition of The Cyber Defense Review (CDR). For the last decade, those who have worked in the cyberspace domain will likely agree that some persistent issues and problems continue to be debated with no clear resolution. These include ideas and solutions that may have been identified but did not gain the necessary traction to achieve positive outcomes. This issue focuses on those "Unlearned Lessons" from the last decade with the intent of encouraging action. The variety of topics covered in the special edition are wide. In this issue, you will find articles on diplomacy, international relations, adversaries, alliances, emerging threats, economics, and beyond. These are not just technical issues, but also societal and governmental challenges exacerbated through the dramatic nature of cyber technology. Each article is kept intentionally short and to the point for maximum effect. MORE

Tallying Unlearned Lessons from the First Cybered Conflict Decade, 2010-2020

December 22, 2021 — The world is now ten years into the age of overt cybered conflict. The "Cyber Westphalian" world is well past infancy, and the newly conflictual world arena faces emerging great power competition across all domains. It is time to tally up the learning. These essays engage that challenge with a twist. They look at what was missed, ignored, mistaken, or simply not learned despite the indicators and experience. This issue reflects most of a conversation held at the U.S. Naval War College in November 2020 where a small group of senior cyber and security practitioners and scholars met for three half-days to share and discuss the lessons of the first decade of cybered conflict. Included among the attendees were former commanders of the various U.S. cyber commands, as well as senior scholars of international relations with considerable cyber research experience. Others averaged a decade or several in involvement with and study of cyberspace, cybered conflict, and cyber campaigns. MORE

Bringing the Law In: Unlearned Lessons for Diplomats and Others

December 22, 2021 — For over twenty years, "developments in the field of information and telecommunication in the context of international security" has been on the agenda of the United Nations (UN). In 2003, the UN General Assembly established the first formal group of governmental experts (UN GGE) to study existing and potential threats in the sphere of information security and possible cooperative measures to address them. From the beginning of this process, the role of international law has been part of the discussions about existing threats in cyberspace and what measures could be taken to minimize those threats. Indeed, at the conclusion of the first UN GGE in 2004, the Chairman explained that the group was unable to conclude a consensus report because, among other reasons, there were "differing interpretations of current international law in the area of international information security." Since the conclusion of this first UN GGE, there have been six more GGEs, with the last one wrapped up in May 2021. Each of these groups were tasked with studying the potential threats from State malicious actions in cyberspace and how international law applied to such State actions, among other topics. In 2018, to expand the representation of States involved in the study, a parallel process–the Open-Ended Working Group (OEWG) on Information and Communication Technology Developments in the Context of International Security–was established at the UN. It is fully composed of UN members. The OEWG was directed to study, among other issues, how international law applies in cyberspace. On March 12, 2021, the OEWG adopted its Final Substantive Report. MORE

Private Actors’ Roles in International Cybersecurity Agreements – Unlearned Lessons

December 22, 2021 — Vocal communities in the West demand a role in international public policy for cyberspace. In some areas of activity, such as privacy, controls on social media content, commercial issues like anti-trust or digital taxation, this private sector involvement is essential. But the unlearned lesson is that it is equally important for national security, as is the effective negotiation on security, which is still the purview of states. One reason for these demands is the erosion of the clear division between internet security and internet governance. Internet governance has been the domain of a multistakeholder community. The members of the multistakeholders community increasingly expect to play a similar role in questions of international cybersecurity. Conversely, most governments had been content to leave internet governance to civil society and corporations, but now, as governance affects their economies and safety, some want a more prominent or even guiding role in the digital world. This confluence - it could even be described as a collision - over roles and responsibilities is complicated by China and Russia’s differing visions for security, data governance, and sovereignty. The tensions between multistakeholders and government and between democracy and authoritarian views of digital governance complicate the discussions of the role of the private sector. MORE

Power Versus Pragmatism: Unlearned Lessons in Dealing with China

December 22, 2021 — The prevailing China trope in Washington is that US engagement with China has been a failure. The argument goes that far from turning China into a status quo power aligned with western interests and values, engagement has provided the Chinese Communist Party with the wherewithal to promote an illiberal agenda that poses an existential challenge to the US-led international order. This is both true and an oversimplification that masks the lessons about China unlearned as yet by most Western leaders. It is true in the sense that China has in the past decade taken a markedly illiberal turn and is now demanding that the international order should be modified to accommodate its emergence as a major global power. But it is an oversimplification in that US expectations were at least initially more realistic about what engagement might produce. Any review of past official US pronouncements on the rationale for engagement with China makes it abundantly clear that this was never about promotion of democracy or regime change. Rather the hope was that engagement would result in a China that would play a constructive and stabilizing role in world affairs, in contrast to the highly disruptive role it had played in the Mao era, and evolve towards an "autocracy-lite" regime. The US government’s China experts were under few illusions about the nature of a regime that had demonstrated in June 1989 how far it was prepared to go to maintain its hold on power. Meanwhile China’s Party-state had made no secret that the main aim of China's by-then dramatic economic development was to strengthen the Party’s hold on power, a reality that western policy-makers chose to ignore. MORE

Unlearned Lessons Behind Building a Shared Cyber Framework - with your Geo-Political Adversaries – the Hacker Perspective

December 22, 2021 — Even in times of seemingly intractable geo-political conflict, geo-political competitors can find opportunities to develop a common cyber framework – the "Shared Cyber Framework." Achieving cyber stability between two or more nations is not predicated on congruence across all domains of cyber engagement, nor can silence among adversaries advance international stability. From a hacker perspective, this observation seems obvious. Indeed, the technical exchanges during the Cold War between the United States (US) and the former Soviet Union are said to have measurably contributed to both the stability of the bipolar world and, ultimately, the end of the conflict. Yet the current generation of leaders in the major cyber powers have neglected this lesson, both those who exploit access to westernized technologies and those who have responded by attempting to freeze out the attacking nation. For the past few years, the US and China, for example, have increasingly withdrawn from fruitful bilateral discussions. The January 2021 revelations of the Chinese Hafnium Zero Day hack riding shotgun after the December 2020 Russian SolarWinds campaign discoveries suggest few major cyber powers have progressed in finding even small areas of agreement on which to build confidence and a common framework. MORE

Unlearned Lessons: Why They are so Hard to Learn, and What Could Actually Help

December 22, 2021 — Cybersecurity is an old problem, and even though many approaches of the last decade had interesting effects, we’re still far from solving it. Self-iterative, dark complexity is in the way—an intriguing new plague of our age—and only high talents in the right places with leeway for real-world experiments can rescue us from being outpaced by authoritarian models of innovation. To build that, we will have to break some rules. MORE

Fighting Alone is called Losing: The Unlearned Lessons of Fragmented Systems

December 22, 2021 — Cyberspace is a man-made, contested, and competitive domain that is continuously evolving and adapting at speeds and scales difficult to comprehend or imagine. While hardware is geographically located in a physical layer somewhere on earth or in space, the software and data can move freely in a logical layer unless otherwise constrained. The result is a global surface that requires a globally coordinated defense by a global team. Therefore, within the context of cyberspace, the idea of "defending alone" seems ludicrous. Yet, that is exactly how people, firms, and governments have been left alone to approach cybersecurity. As noted in his comments on the SolarWinds hack in March 2021, General Paul Nakasone, the commander of the United States Cyber Command stated that, "[I]t’s not that you can’t connect the dots. You can’t see all the dots. And when defenders can’t see all the dots, security gaps and breaches happen." Ultimately, the cyber domain’s primary lesson is that leaving everyone to defend alone leaves everyone to lose. MORE

Ally or Die: The Unlearned Joint Organizing Lesson and Key to Survival

December 22, 2021 — Joint is better than single service; allied is better than alone; coalition is better than isolation. Neither the United States nor its allies are currently where any would want to be or should be operationally; none are as secure or assured as they should be; and none are performing as efficiently or effectively as required. Given the gravity of national security and the pace of cybersecurity, neither is served by an avoidance of a new call to joining forces in cyberspace. History has repeatedly shown the value of having allies in a tough fight; cyberspace presents that tough fight today. MORE

1 ... 6 7 8 9 10 11 12 13 14 15 ... 40