December 22, 2021 — Unlearned lessons are those where the harm, attack methods, or malicious tools are demonstrated publicly and yet neglected by those who need to respond or better plan for future attacks. By 2010, reports of network traffic hijack attacks – called here Internet Protocol (IP) or Border Gateway Protocol (BGP) hijacks – had already surfaced. Most notably publicized was the China Telecom IP hijack attack in that year where 15% of the global Internet traffic was rerouted or "hijacked" through servers in China.While the scale of this original event has been debated, there is little doubt that throughout the following decade, attacks of this kind continued. Eight years later, in 2018, we reported on China Telecom using its otherwise seemingly innocent network servers to reroute (or hijack) Internet traffic through China at its will. At the time, the company had 10 "points of presence" (PoPs, locations where a company's routing equipment is located) in North America, each strategically located and available to hijack or divert network traffic through China from North America. The 2018 paper drew significant attention to the problem by the general public (through popular media outlets), the cybersecurity and research communities, and various stakeholders in western nations' governments, and yet the lesson is still unlearned by many of the same nations currently being victimized by China Telecom illicit activity and other BGP hijacks. MORE
|
December 22, 2021 — Securing a nation’s cyber borders requires a high degree of coordination and openness among the relevant units, including real-time information sharing and threat assessment. Unfortunately, however, not only is there little incentive for private sector entities to voluntarily offer the necessary level of cooperation, but policy makers in free societies are reluctant to force such measures on them. Even more unfortunate is the fact that the threats are real, substantial, and have the capacity to have an adverse impact far beyond the initial point of incursion. This raises the question as to whether or not there exist yet-to-be learned lessons that could point us toward a means of motivating businesses and other institutions to accept what would otherwise be unwelcome intrusion and expense. MORE
|
December 22, 2021 — The past decade has ushered the rise of a 'Cyber Westphalian,' increasingly conflictual world characterized by rising great power competition, which now has escalated into ‘Great Systems Conflict’[2] across all digitally dependent societal domains. These struggles are occurring for, through, and enabled by cyberspace, and are now well in evidence globally. Yet, after ten years of experiments in creating organizations, strategies, policies, and offensive campaigns, consolidated democracies have either neglected or missed some valuable lessons. The essays in this special issue provide a broad overview of what was missed, ignored, mistaken, or simply not learned despite indications and experience. They also offer a way forward to tackle some of the more complex issues discussed. The unlearned lessons identified here range over issues of strategic approach, national scale and capacity, institutional change, and the socio-technical-economic system’s framing of the cybered conflict challenge. The authors here—subject matter experts with considerable and well-recognized expertise—are concerned about what we collectively are failing to appreciate and act upon. They intend by these essays to inform future national strategies, policies, and institutions to ensure that these unlearned lessons do not turn into future strategic failures in a rising, deeply cybered, post-westernized, authoritarian world. MORE
|
November 15, 2021 — Since the publication of Johannes Kepler’s novel, Somnium, science fiction has played an interesting role in society. It has been used to inspire (just ask how many current astronauts point to Star Trek as their reason for their chosen profession), to inform about possibilities (driverless cars have appeared in numerous films), or to serve as a warning (pick any post-apocalyptic movie…there’s too many to list).
Many of the current cyberspace challenges we face were, at one time, the stuff of science fiction. While it is possible to fixate on the negative aspects of the current and future state, the many authors in this issue offer potential solutions for our challenges. Hopefully, their perspectives and proposals will move us beyond the status quo to reach a more advantageous state. MORE
|
November 15, 2021 — The United States (US), its allies, and other partners are engaged in long-term strategic competition with Russia and China—near-peer adversaries adept at operating in the grey zone of international law, where the precise contours of the law are difficult to discern. They do so to complicate our response options, in part to avoid provoking a direct military response. Increasingly, cyberspace is that grey zone, a domain in which Russia, China, and other adversaries such as Iran and North Korea mount cyber operations ranging from cyber-enabled espionage, theft, and propaganda campaigns to significantly more disruptive and destructive operations. In particular, they often leverage non-state actors—cyber proxies—to do their bidding because proxies further complicate legal and policy assessments of the operations. And those assessments determine the response options available to victim states. MORE
|
November 15, 2021 — The core concepts of Zero Trust Architecture have existed since the Jericho Forum in 1994 and have served as the goal of cyber security specialists for many years. Zero Trust Networks and Architectures are extremely appealing to institutions of higher learning because they offer the flexibility to support research and learning while protecting resources with different protection levels, depending on the sensitivity of the resource. This paper investigates how other universities can employ the Zero Trust Architectures using the West Point model. MORE
|
November 15, 2021 — The global pandemic forced recognition of what many already knew: the world has changed in ways that significantly alter every organization’s strategic planning; few will adapt and thrive, but most will remain stagnant and perish. The world as we think we know it no longer exists. Every consequential factor, of a weakened competitive position in this new era, will cascade across our traditional landscape of responsibilities: militaries can no longer defend national borders; governments can no longer control what happens to their constituencies; and businesses are now both the primary targets and prime facilitators of global affairs. MORE
|
November 15, 2021 — Risk management in today’s complex threat environment necessitates decision rules that integrate cyber risk control into the overall mission risk profile. This article outlines cyber risk management decision rules that are based on lessons learned from the Expeditionary Signal Battalion-Enhanced (ESB-E) prototype, which adapted Special Operations Forces (SOF) and commercial-off-the-shelf (COTS) capabilities by applying a rapid fielding and feedback approaches within the scope of the Army Futures Command. Focus areas include the use of diverse COTS systems and satellite communications providers to mitigate risk, controlled system maintenance processes, capitalizing on behavioral bias in cybersecurity, integrating enterprise services, and keeping pace with technological innovation trends. Lessons learned are intended to give tactical commanders practical cyber risk management options within the overall scope of mission risk management. MORE
|
November 15, 2021 — The Multi-Domain Operations (MDO) doctrinal framework is the driving mechanism for transforming the U.S. Army into a dominant information-age military force. To address the informational power aspects associated with MDO, the U.S. Army’s Training and Doctrine Command (TRADOC), in partnership with the Cyber Center of Excellence (CCoE), developed the Information Advantage (IA) and Decision Dominance (DD) doctrinal framework. Within this framework, “commanders seek to achieve DD, a desired state in which a commander can sense, understand, decide, act, and assess faster and more effectively than an adversary by gaining and maintaining positions of relative advantage, including IA.” IA is “a condition when a force holds the initiative in terms of relevant actor behavior, situational understanding, and decision-making using all military capabilities through the conduct of Information Advantage Activities (IAA).” Lastly, IAA is defined as “the employment of capabilities to enable decision-making, protect friendly information, inform and educate domestic audiences, inform and influence international audiences, and conduct information warfare.” MORE
|
November 15, 2021 — The open nature of the Internet, allowing the unprecedented free flow of information, has given rise to a new type of attack surface. Cyber activities in the gray zone, which falls between diplomatic engagement and military action, includes disinformation campaigns and influence operations. These activities raise questions regarding responsibility and proportionate response. This article examines the distinction between influence operations and more traditional conflict, specifically in a gray zone of blended activity. It also addresses the role and authorities of the Department of Defense (DoD) governing cyberspace activity. Deterring and countering adversary influence operations require a multipronged approach of regulation, education, and government agency action to focus agency authorities and resources where they are needed most. DoD has the technical resources to lead the government’s efforts to counter and deter such operations but is limited by policy and law. This article considers how DoD can effectively operate under its Title 10 and Title 50 authorities in the gray zone and introduces a heuristic construct for the role of influence operations in the continuum of conflict. MORE
|