August 7, 2021 — China is one of the most pervasive actors conducting global cyber espionage, activities that have resulted in two indictments by the U.S. Department of Justice. One thing is clear – if a target or subject area is in China’s strategic interest, it is likely that some level of cyber espionage is being levied against that target, as well as any organization involved in that subject. While reporting by the many countries bordering the Arctic on Chinese cyber-espionage has been limited, given China’s high interest in the Arctic, and its espionage proclivities, China’s activity may well be either undetected or under-reported. MORE
|
August 7, 2021 — The Department of Defense Information Network–Army (DODIN-A) is one of the largest and most complex networks in the world, and commanders are struggling to determine the effectiveness of their defensive posture as threat actors constantly attack the unclassified and classified networks. To gain a shared understanding of threats across its Defensive Cyber Operations–Internal Defensive Measures (DCO-IDM) and the cybersecurity community, the Army must establish a catalog of known and unknown threat techniques. This catalog would provide a list of analyzed threat techniques and potential mitigation actions so that Army forces spend less time reacting to the results of exploitations and more time defeating malicious actors. The catalog would also provide the foundation to support persistent penetration testing to provide a mechanism to find overlooked weaknesses, and to train analysts with real-world vulnerabilities. With this methodology in place, an Attack-Based Defense would establish an objective and quantifiable way to assess the effectiveness of cyber forces, inform commanders on how to employ cyber forces, provide business metrics for where cyber forces can improve, and ensure a common incident response across the enterprise. MORE
|
August 7, 2021 — Professor Paul J. Springer’s book Outsourcing War to Machines: The Military Robotics Revolution “seeks to provide context to the rise and deployment of military robotics. It raises issues with the legality and morality of using these advanced systems and critiques the ways in which they have been used in recent conflicts” (3). This includes, but is not limited to: discussion regarding some of the very first machines deserving the title of “robot,” case studies on robotic applications in the last few decades, speculation surrounding the role of military robotics in the future, and analysis of moral and ethical arguments concerning the use of lethal force by an autonomous system. In all, Springer leaves absolutely nothing out within these pages and provides an extremely thorough overview on the entire history of military robotics. MORE
|
May 18, 2021 — Welcome to the COVID-19 Special Edition of The Cyber Defense Review (CDR). In this issue, we are examining how the pandemic has impacted cybersecurity, and how pandemics may impact it in the future.
The genesis of this issue occurred in early Spring 2020. The COVID-19 pandemic was emerging, infection numbers were rising, and the world began shifting to a telework-focused workplace to mitigate the spread. Immediately, the cyber threat space became much more complex as attack surfaces multiplied. Organizational information security officers and IT departments had to immediately focus on employees’ home systems, networks, and Internet Service Providers (ISP) while maintaining the security of existing company networks. Teleconference capability providers, such as Zoom, instantly became household names and experienced unprecedented growth (Zoom, for example, saw a 30-fold increase in its use), and Virtual Private Networks became commonly used among the growing teleworking population. MORE
|
May 18, 2021 — Over the past year, a massive public health crisis has gripped the world, fundamentally changing the way individuals and entities work and interact with one another. This global pandemic has also caused new cyber threats to surface, along with the expansion of existing threats from criminal organizations and nation-states as well. This introductory piece sets out some of the key threat vectors in the cyber domain specific to COVID-19 that have emerged in the past year. It also highlights some potential paths forward to mitigate the risk presented in this new environment, including implementing critically important public-private collaboration to mitigate threats going forward. MORE
|
May 18, 2021 — 2020 was a year like no other in our lifetime. The COVID-19 Pandemic had a broadly evident and devastating impact on our health, our society, and our economy. Less evident have been adversaries’ attempts to employ cyber-attacks to exacerbate the pandemic through cyber-based disruption, exploitation and cyber-driven disinformation. The focus of this essay is on the nexus between cyber security and our future biological threat security (biothreat security). This article begins with a few key questions. What have we learned from observing adversary cyber tradecraft this year? What can we surmise our adversaries have learned from trying to take advantage of the current pandemic that they will use against the US in the future? More importantly, what can we extrapolate from these observations for the future of cyber-attack as the key element of strategic hybrid non-kinetic warfare? MORE
|
May 18, 2021 — Iwe have learned anything from the COVID-19 pandemic, it is that very bad things can happen very quickly, especially if we are not sufficiently prepared. It turns out that everything we have been told about the pandemic is also relevant for cybersecurity; as such, the pandemic is an exceptional learning tool for cyber professionals.
Cyberattacks are like biological viruses in several ways: they can spread incredibly fast, their consequences can wreak huge economic damage, and the destruction they cause can be very difficult from which to recover. Viruses spread through human social networks and cyber-attacks exploit our online networks of trust.
Viruses and cybercrime are conceptual and invisible, which can make it challenging to understand how they propagate and how they can be stopped. Analogies can be helpful, and there is a strong connection between COVID-19 and cybersecurity that can increase our understanding. We have been forced to learn what it takes to stop a virus; those lessons
are helpful here. MORE
|
May 18, 2021 — A converging trifecta of national disruptive threats – pandemic, cyber attacks, and a rising authoritarian China – is draining the wealth, political harmony, and international influence of today’s consolidated democracies. The result is a more palpably apparent decline in the likely future of democracy as the preferred regime alternative world-wide. The collective dismay and frustration may, however, offer a rarely open door for better postures for democracies in facing a more, not less, turbulent future. This article makes three arguments about a new and more accurate characterization of the coming world as Great Systems Conflict, a list of minimal must-do actions for systemic resilience, and the collective structures critical for resilient democracies over the long-term. The article ends with a discussion of two examples of structures meant to build cybered resilience for allied national systems—domestically in the National Cyber Security Centre equivalents and across consolidated democracies in a Cyber Operational Resilience Alliance. MORE
|
May 18, 2021 — This article argues that the disruption of the coronavirus was a critical opportunity among states to draw compelling narratives and consequently negotiate their power status and level of influence based on their management of the outbreak. This argument will be explored through the Chinese Communist Party (CCP) at the height of the pandemic. The article investigates the evolution of the CCP’s information warfare as an asymmetric capability from its early days of technological inferiority towards its ascendancy to great power status. It highlights the breakthrough of Chinese app TikTok in the US-dominated social media landscape and its potential impact in expanding China’s strategic narrative. Using the proposed analytical tools—assets, tactics, and narratives—this article examines the whole of CCP approach aimed to shape the narrative in China’s favor following the global outcry from its lack of transparency during the early stages of the pandemic set against the backdrop of its deepening strategic rivalry with the US. It concludes that the CCP will continue to capitalize on information warfare to promote the superiority of the Chinese model amid the eruption of unexpected global crises while depicting the decline of the Western-centric order. MORE
|
May 18, 2021 — Immunity to the cybersecurity risks and potential hazards presented using biomedical devices. US Military and civilian personnel use these devices on the Homefront and battlefield. As the use of biomedical devices increases with time and blurs the lines between private and professional, more attention is required of the U.S. Department of Defense (DoD) to understand the strategic importance of securing biomedical devices. This work provides a better understanding of biomedical devices and analyzes current use of biomedical devices within DoD. It also provides recommendations on actions DoD can undertake to safeguard its workforce today and in the near future. This article examines the significance of cybersecurity for biomedical devices within the context of US national security and demonstrates the important role biomedical cybersecurity plays for DoD. MORE
|