November 15, 2021 — In the field of Artificial Intelligence (AI), Machine Learning (ML) techniques and algorithms have been employed in a wide variety of domains and have demonstrated incredible capabilities as well as continued applicability to an ever-expanding number of areas and applications. Image and speech recognition, medical diagnosis, classification and prediction, information extraction (i.e., deep learning), commercial market and customer analysis, robotics, and self-driving vehicles are a few of the many areas where ML has either made possible or had a significant impact. Yet for all this progress, the field of AI has not yet approached what many consider the holy grail of AI: machines with human-like intelligence. Causal analysis is essential for realizing the vision of human-like reasoning: it brings the ability to determine cause-effect relationships and provides a basis for reasoning about interventions (i.e., doing), as well as what might have happened had events occurred differently (i.e., imagining/retrospection) which are fundamental characteristics of human reasoning. Causal analysis has seen widespread use and success in epidemiology, social science, and other fields for decades. Even so, its use in engineering, computer science, and AI has been limited and its potential is just beginning to be widely recognized and applied. MORE
|
November 15, 2021 — DoD employs about 3.5 million military and civilian direct employees, contractors, and reserve personnel. In addition, over 50,000 contracted entities (e.g., groups and organizations) can connect directly to the DoD Information Network (DoDIN) to collaborate and protect DoD systems and sensitive data. These imperfect users often interact with DoD across multiple classification domains and IT systems. Without focusing on potentially damaging insider activity, DoD will fail to meet the 2018 Cyber Strategy objectives, and adversaries will continue to erode our technical overmatch while imposing excessive remediation costs. This erosion occurs not only through attacks using technical means but also through exploitation of insiders. This article will introduce and urge the implementation of a framework to more effectively address insider threats by providing an empirical measure of each user's risk through their actual behaviors. This model will give the user near-real-time awareness of personal behaviors counter to organizational policy and cybersecurity requirements. This measure will also empower management to target training, remediation, and risk reduction while also allowing decision-makers to determine which user risk-exposed areas, roles, or practices require additional remediation. As a result, all organizational decision levels will be better able to improve cybersecurity resiliency in the face of an ever-evolving insider threat landscape. MORE
|
November 15, 2021 — Telling the future is not yet possible, but we have nearly come to expect it, thanks to incredible achievements in technology which presents us with an ever-improving sense of what is probable. This has introduced interesting challenges, for example, when DoD prepares for future states of the world. This was a challenge recently undertaken by researchers at OUSD (R&E), where a glimpse into science and technology out to the year 2045 was explored as part of a Congressionally mandated report included in the 2020 NDAA. A credible team of experts was commissioned for the effort, who additionally organized a complement of technology analysts and writers. A parallel project was conceptualized and nominated by a few researchers who felt it important to investigate the thoughts and perspectives of professionals whose worldview is dominated by such matters: futurists, technology forecasters, and science fiction writers. Thus, the OUSD (R&E) Principal Director for Cyber agreed to launch Project Valence (the namesake being a nod to the gregarious nature of valence electrons); the members of which successfully reached a dozen such luminaries, and recorded nearly 30 hours of unbridled exploration about the world to come. Notably, regardless of whether visions prove to be true, such a world will undoubtedly feature a fighting force charged with the defense of America, comprised of experts many of whom have not yet been born. MORE
|
August 7, 2021 — Welcome to the Summer 2021 edition of The Cyber Defense Review (CDR) where you will find a collection of thought-provoking articles in this issue.
First, let us start with the elephant in the room: Ransomware. Ransomware has become a household name over the last year, with the frequency and scale of the attacks increasing at an alarming rate. We hear almost weekly of a significant attack affecting multiple organizations, both as primary targets and as downstream collateral targets. The recent Colonial Pipeline shutdown and JBS’s meat processing plant disruptions demonstrated in very real terms the potential impacts of cyberattacks on large portions of the American population. Clearly, the status quo is not working.
To address this issue, the Honorable Joe R. Reeder (former Under Secretary of the Army) and United States Military Academy (USMA) Cadet Tommy Hall assess the implications of the Colonial Pipeline event and provide seven key lessons that the Nation must address in their article: “Cybersecurity’s Pearl Harbor Moment: Lessons Learned from the Colonial Pipeline Ransomware Attack.” MORE
|
August 7, 2021 — In 2014, former NSA Deputy Director Chris Inglis prophetically observed that “if we were to score cyber the way we score soccer, the tally would be 462-456 twenty minutes into the game, i.e., all offense.” Recent events demonstrate that Inglis’ warning is more urgent than ever, because our cyber defenses remain woefully inadequate. The Washington Post titled a feature article on July 11, 2021: “Would the US really answer cyberattacks with nuclear weapons?” Even to broach this question would prompt a follow-up: Has the US undertaken every practicable effort it can make to insulate its assets from cyberattacks? The discussion below explains why the answer is a resounding “No.” MORE
|
August 7, 2021 — This article proposes that “the strategy of conflict,” or game theory, can enhance joint planning processes applied to cybersecurity operations. Game theory could perhaps prove most useful during operational design for understanding actors, tendencies, and potentials actions inherent in cooperation, competition, and conflict situations. A canonical anti-coordination game, Hawk-Dove, is employed to explore equilibrium evolutionary game strategies and deterrence outcomes applicable to cyberspace operations. Tractable extensions to the Hawk-Dove game are introduced to understand mechanisms for signaling, reputation, norms, and ambiguity in deterrence. Game parameters are transferred to a model of Surprise-Attack for comparison. Advantages and disadvantages for incorporating games in the joint planning process are considered. MORE
|
August 7, 2021 — As US Special Operations Command (USSOCOM) rebalances its primary focus, shifting from Violent Extremist Organizations (VEOs) to competition with Russia and China, there must be a greater emphasis on integrating cyberspace capabilities into the Unconventional Warfare (UW) doctrine. Section 1202 of the National Defense Authorization Act for Fiscal Year (FY) 2018 designates USSOCOM as the lead for irregular warfare, empowering Special Operations Forces (SOF) to leverage select irregular forces, resourced under specific legal authorities to live off the land in support of irregular warfare missions. Combatant Commands retain operational command and control despite this designation. As a recommendation on how the US should employ non-traditional forces, this article shows how nation-states like China, North Korea (DPRK), Iran, and Russia use cyber proxies to conduct combined operations. It then considers how SOF can add an asymmetric technique to unconventional warfare by using cyber-capable irregular forces at the tactical level to serve as force multipliers. Finally, the USSOCOM Resistance Operations Concept (ROC) will be expanded to demonstrate how to better engage cyber proxies within UW. MORE
|
August 7, 2021 — Western journalists have labelled RT, Russia’s state-controlled international television network, as the Kremlin’s “lie machine,” “Putin’s weapon of mass deception,” or even as an active participant in “Russia’s propaganda Blitzkrieg”. However, there is less scholarship on the network, particularly addressing the reasons for its reported success at recruiting a global audience. After a brief topography of Russian foreign-language broadcasting, this article explores this gap in three stages, first explaining why disguise is important to RT’s role as Russia’s information weapon. During moments deemed critical, using the poisoning of Sergei and Yulia Skripal in 2018 as a case study, RT flooded the information space with false or misleading narratives to disrupt Western broadcasting. Here, critical moments denote instances of heightened tension between Russia and the West. This is a subversive campaign that utilizes information within the framework of Giles and Kelushov. During non-critical periods, RT imitates Western news outlets in content and cosmetics to build an image of authenticity and attract a trusting audience. This, in turn, amplifies RT’s subversive campaign during critical moments. Interviews between RT editor-in-chief Margarita Simonyan and Russian journalists support my analysis of RT as Russia’s information weapon and provide a historical perspective on the importance of disguise since the 2008 Georgian War. Second, the article explores RT’s engagement to demonstrate that this tactic is effective in attracting a faithful audience and, therefore, disrupting the narrative space. Finally, the article discusses the possibility of Western countries removing RT’s broadcasting licence, and analyzes disputes between the UK’s broadcasting regulator, Ofcom, and RT. MORE
|
August 7, 2021 — As noted in the 2019 National Intelligence Strategy, technology-driven transformation across social, political, and economic domains continues at warp speed. Implications for militaries and their supporting Intelligence Community (IC) have expanded both in scope and complexity. Joint operational planning and evaluation occur in this disrupted and transitional environment, with very little predictable framework capable of guiding practitioners and strategists. This article addresses this discrepancy. MORE
|
August 7, 2021 — NATO’s ability to communicate and win in the next conflict is based on the idea of Federated Mission Networking (FMN). The US initiative for the FMN is the Mission Partner Environment (MPE). This framework is built around the use of host nation network infrastructure. Recently, adversarial nations have been investing and developing host nation network infrastructure for NATO allies and partners. China, through companies such as Huawei, is leading the development of next-generation networking technologies. Russia has shown in recent conflicts that it will target a nation’s network infrastructure to achieve its military goals. Russian political strategy is to expand its control over the strategic industries of countries in its sphere of influence. National network infrastructure will be considered strategic in the next conflict. Adversarial access to a host nation’s network infrastructure threatens the MPE and NATO’s ability to operate as a unified alliance. NATO must develop a strategy for a unified response by its member nations to protect their network infrastructures against unsecured network equipment of adversarial countries. NATO should also invest in options to provide secure communications for future mission partners which may have already sold control of their national network infrastructure to an adversary. MORE
|