November 18, 2020 — This paper extends the work of the Lockheed Martin research team on intrusion kill chains (the identification and prevention of cyber intrusions) in 2010. The theory has languished in the network defender community not because it is not the right idea, but because most InfoSec teams do not have the resources to implement it. What has prevented the success of the intrusion kill chain strategy is a standard framework to collect the intelligence associated with specific adversaries, to share and consume that standardized intelligence with trusted partners, and then to automatically process that intelligence and distribute new prevention controls to the network defender’s security stack. The adversary playbook is that framework. MORE
|
November 18, 2020 — This article is intended to stimulate discussion among cyber warriors and others about an approach to cyber maneuvers at the operational level. Cyberspace is one domain in what is commonly called “Multi-Domain Operations,” while movement and maneuver is one of the warfighting functions in U.S. Army doctrine. This sets the context for a proposed approach to a concept for offensive and defensive cyber maneuver operations that starts with a goal or mission, and allows preparation of the commander’s intent via a scheme of maneuver. The scheme of maneuver includes a sequence of categories of maneuver, which in turn are accomplished by specific cyber (or non-cyber) maneuver actions or fires, thereby connecting the mission to the scheme and categories of maneuver, and then to specific actions and fires. Effectiveness of specific cyber actions and fires will change over time, but the categories of maneuver and their intent are much more enduring. Commanders using this approach do not need to be “techies” to define a cyber scheme of maneuver. So long as the commander has, or has been provided, sufficient understanding of operational-level tradeoffs and effects of offensive and defensive cyber maneuvers, the staff can provide the technical details. MORE
|
November 18, 2020 — Hardly a day goes by without a cyber-related news story coming across the wires, yet the International Relations (IR) subdiscipline of cyber conflict studies has yet to meaningfully impact a wider discourse. This article examines the impact of five recent scholarly works on the evolution of this subdiscipline that, while quite popular within the general population, remains largely ignored by the broader International Relations (IR) scholarly community. The article dissects the strengths and weaknesses of these works and their place in the evolving literature by a generation of scholars who are moving debates beyond hyperbole. By highlighting cyber conflict studies to date, this roadmap hopefully will help to advance the study of cyberspace within the IR cyber community. MORE
|
November 18, 2020 — In June 2017, during Ukraine’s multi-year undeclared war with Russia, the NotPetya worm hit Ukraine as part of a “scorched-earth testing ground for Russian cyberwar tactics.” Between 2015 and 2016, Kremlin-backed hackers known as Sandworm focused on Ukrainian government organizations and companies. In the NotPetya cyber-attack against Ukraine, this worm spread automatically, rapidly, and indiscriminately throughout thousands of computers worldwide, crippling multinational companies, including maritime shipping giant Maersk, pharmaceutical giant Merck, food producer Mondelēz International, and even Russia’s state-owned oil company, Rosneft. NotPetya is unlike other malware to date because its goal was purely destructive. It mimicked ransomware but was, in reality, more sinister since there was no amount of ransom that could be paid to decrypt a system’s data because no decryption key even existed. Damages associated with the 2017 NotPetya attack exceeded $10 billion. While there was no loss of life, former U.S. Department of Homeland Security advisor Tom Bossert equated NotPetya’s destructiveness to “using a nuclear bomb to achieve a small tactical victory.” MORE
|
November 18, 2020 — Smart City initiatives are multiplying at an accelerated pace. Hundreds of Smart City pilot projects are aiming to make urban dwelling more sustainable by leveraging automation, and digitizing interactions among technologies, people, and the physical environment. Each project is an ecosystem, with stakeholders ranging from government officials and technology firms with their near infinite supply chains to city residents. Many projects that began as experimental pilots are now integral to the way city government organizations deliver services to their constituents. An increasingly urbanized world, rapidly becoming more dependent upon sophisticated technologies, presents novel and substantial complexities to future military operations. MORE
|
November 18, 2020 — Threat financing describes how threat actors move, manage, and raise funds to support their specific goals. One emerging challenge for Special Operations Forces (SOF) support to counterterrorism missions is digital threat financing. This has risen to prominence in recent years with the evolution of digital currencies, cashless payments, and other forms of financial technology that allow for the near-instantaneous transfer of funds from one party to another. As such, SOF must undertake and prioritize counter-threat finance (CTF) efforts for its Theater Special Operations Commands (TSOCs) and its intelligence analysts to deter violent extremist organizations (VEO). MORE
|
November 18, 2020 — Thomas Kuhn's The Structure of Scientific Revolutions highlights the critical term “paradigm shift,” which occurs when it suddenly becomes evident that earlier assumptions are no longer correct. The plurality of the scientific community studying this domain accepts the change. These paradigm-shifting events can be scientific findings or, as in the social sciences, a system shock that creates a punctured equilibrium, triggering a leap forward acquiring new knowledge. MORE
|
November 18, 2020 — The following book review covers the overview, content, and insights of Majid Yar and Kevin F. Steinmetz’s “Cybercrime and Society” Third Edition, published by SAGE publication in 2019. The structure of the book review includes a cursory background on the authors, the structure of the book content design, an overview of the chapter contents, and a book review conclusion. The book is being reviewed as part of a process to evaluate it for an upcoming undergraduate course in Foundations in Cybersecurity for Computer Science and Criminal Justice students working towards a minor or concentration in Cybersecurity. Provoking questions about our dependence on the Internet and approach to cyber threats. MORE
|
July 27, 2020 — Welcome to our first themed edition of The Cyber Defense Review (CDR). Our inaugural themed edition is focused on information operations (IO) and information warfare (IW). IO and IW are not new constructs within the history of conflict. However, the exponential adoption and weaponization of social media technologies are rapidly changing the character of modern conflict. Soon digitally networked technologies known as the Internet of Things (IoT) will widely come online and supercharge the precision and reach of social media to enable unprecedented influence of targeted populations. These powerful information technologies are enabling our adversaries to achieve strategic goals and objectives that avoid our military strengths within the spaces short of armed conflict. As evidenced in 21st century conflicts thus far, the ubiquitous and amplifying effects of Information Age technologies are being used by our adversaries in ways that create a symphony of chaos, confusion, and polarization of targeted populations. These capabilities provide militarily inferior adversaries with the ability to achieve information parity at the minimum and information advantage at the maximum. If left unchecked, access to inexpensive and increasingly powerful commercial off-the-shelf (COTS) technologies will continue to provide our adversaries with the means to achieve information advantage in continuously innovative ways at a fraction of the cost of conventional warfare. MORE
|
July 27, 2020 — Operations against ISIS, disrupting Russian attempts to interfere in the 2018 US midterm elections and, most recently, countering Iran's attempts to increase instability across the Middle East mark important efforts by the US military to find effective capabilities, doctrinal concepts, and appropriate roles in an era of information warfare. We must fight the battles our adversaries put before us. If our doctrines, systems, and processes do not match that reality, then it is time for new thinking. Through three decades of near-ceaseless global operations, “Information Operations,” or IO has endured as the mainstay approach for how the Armed Services and the Joint Force conceptualize and apply informational power as an integral element of military operations. Despite evolving definitions, ever-changing formulations, and passionate assertions as to both its criticality and utility, IO remains doctrinal and relevant, though often misunderstood, a term of military art. Most often, IO has proved useful at tactical and operational levels of war. At more strategic and political levels, the efficacy of IO remains elusive, and US leaders, both civilian and military, have been less than adept at effectively realizing the potential of “informational power.” MORE
|