March 15, 2021 — Digital authoritarianism, or the use of digital technologies to enhance or enable authoritarian governance, has received much attention due to its implications for human rights and global democracy. Yet, often overlooked are the implications of digital authoritarianism for US national security. This article explores
the ways in which digital authoritarianism exposes US national security to risk on three fronts: consolidation of power in authoritarian regimes; increased incentives for authoritarians to promote diffusion of surveillance technologies; and potential insulation against foreign cyber attacks and lowered disincentives for authoritarians to conduct destabilizing cyber operations on the global Internet. MORE
|
March 15, 2021 — Defending against information warfare across the vastness of the social media space is difficult, if not impossible, or so the story goes. Many are trying, many are failing, and we have all heard of the many solutions that will turn the tide someday, somewhere, somehow: increased media literacy, expanded factchecking, banning bots, deleting accounts, redirecting users, curtailing free speech, boosting counter-messaging, etc. But what if there were one solution, better than all others, that no democratic nation dares to touch … yet? MORE
|
March 15, 2021 — This paper proposes the development and inclusion of Information Influence Operations (IIOs) in Cyberspace Operations. IIOs encompass the offensive and defensive use of cyberspace to influence a targeted population. This capability will enable the evolution of strategic messaging in cyberspace and allow response to near peer efforts in information warfare. MORE
|
March 15, 2021 — The following book review explores the content and insights of Dr. Herbert Lin and Dr. Amy Zegart’s Bytes, Bombs, and Spies: The Strategic Dimensions of Offensive Cyber Operations. Initially published in 2018, the book is omposed of a collection of works by prominent cyber scholars, practitioners, and professionals on the strategic uses of offensive cyber operations. MORE
|
November 18, 2020 — Welcome to The Cyber Defense Review (CDR) Fall 2020 edition. As the new Director for the Army Cyber Institute (ACI), I am honored to be joining the CDR team and very excited about this most recent issue of the journal. The CDR plays a critical role in expanding the discussion within the cyber community, from tactical units to national leadership to industry partners to academia. The quality of articles from a diverse group of leaders and thinkers within the community, coupled with an extensive reach that includes foreign allies, partners, and international educational institutes, is a testament to the impact of this journal. The CDR is truly adding to the body of knowledge in the cyberspace domain. MORE
|
November 18, 2020 — In 2018, the United States (US) Department of Defense (DoD) published the 2018 Cyber Strategy summary featuring a new strategic concept for the cyber domain: defend forward. It states DoD will, “defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict.”[1] This reflects an important shift in DoD’s strategic posture, compared to the 2015 Cyber Strategy, in two key ways.[2] First, defend forward rests on the premise that to deter and defeat adversary threats to national security, the US could not solely rely on responding to malicious behavior after the fact. Rather, the DoD should be proactive in maneuvering outside of US cyberspace to observe and understand evolving adversary organizations and, when authorized, conduct operations to disrupt, deny, or degrade their capabilities and infrastructure before they reach the intended targets. Implied, but not explicitly stated, in the 2018 strategy summary is the role of information operations, and the relationship between cyberspace and the information environment. According to US doctrine, the former is a subset of the latter.[3] This article builds on our work as members of the US Cyberspace Solarium Commission to offer a conceptual framework and policy recommendations for integrating information operations in the context of defend forward. Many of the Commission’s 82 recommendations are slated to pass in the Fiscal Year 2021 National Defense Authorization Act (NDAA). MORE
|
November 18, 2020 — According to the Department of Homeland Security (DHS), municipal critical infrastructure has become an ideal target for a range of cyber threat actors including near-peer competitors seeking geopolitical gains and decentralized cyber criminals attempting to hold cities captive for monetary gain. With municipalities predominantly partnering with the private sector for operation of national critical infrastructure as defined in Presidential Policy Directive (PPD) 21, cities, states, and industry entities find themselves on the front lines—possibly the first line of defense—against a perpetual barrage of attacks in cyberspace. Accordingly, a dynamic shift from traditional conflict in the physical world to a homeland defense posture in cyberspace reveals several potential gaps with regard to handling emergency situations, coordinating response efforts, and restoring basic services for citizens.[3] This article seeks to highlight this dynamic environment, and the inherent gaps that exist in bolstering critical infrastructure resilience. Accordingly, the Jack Voltaic® (JV) research framework discussed in this article explores the interconnections among municipal, state, and federal response efforts during a cyber emergency scenario, with added emphasis on critical findings and themes from its Jack Voltaic® 2.5 workshop series. This effort brought together key regional stakeholders from across various levels of governance, the private sector, and academia to discuss the
findings of previous JV exercises, lessons learned, and how similar efforts can strengthen critical infrastructure, community resilience, and a whole-of-nation approach to handling cyber threats.[4] This article will highlight common findings and themes from multiple exercises and workshops that further reinforce current JV research and the Jack Voltaic® 3.0 Legal and Policy Tabletop Exercise (TTX). Finally, this article concludes with a detailed discussion about JV 3.0, which is scheduled to execute in September 2020. MORE
|
November 18, 2020 — The Cyberspace Solarium Commission (CSC) published its report in March 2020 offering emphatic, far-reaching recommendations in the cybersecurity domain. This report highlights the rapidly growing importance of public-private partnership (P3) in this domain as a national security cornerstone, and significantly informs the debate over the public-private balance in the cybersecurity system of governance in the United States. While important questions remain as to the best ways to safeguard public law values, the report strongly supports arguments for informed P3 collaboration, and further discourages the notion that cybersecurity should exclusively be an inherently governmental function. A legal analysis of partnering in the cyber domain suggests the risks of violating existing inherently governmental function rules are low, and navigable. Indeed, the CSC’s strong, bipartisan report accepts this as a given point of departure from the ad hoc P3 system we have today, and recommends concrete steps to advance national security and other public law values such as accountability, transparency, fairness, and privacy. Like legislation that set the stage for the NASA-SpaceX partnership, the CSC’s unequivocal embrace of P3 in the cybersecurity realm has great potential to guide legislation and other steps to reshape and adapt “defense-of-nation” Cyber domain efforts. MORE
|
November 18, 2020 — This paper extends the work of the Lockheed Martin research team on intrusion kill chains (the identification and prevention of cyber intrusions) in 2010. The theory has languished in the network defender community not because it is not the right idea, but because most InfoSec teams do not have the resources to implement it. What has prevented the success of the intrusion kill chain strategy is a standard framework to collect the intelligence associated with specific adversaries, to share and consume that standardized intelligence with trusted partners, and then to automatically process that intelligence and distribute new prevention controls to the network defender’s security stack. The adversary playbook is that framework. MORE
|
November 18, 2020 — This article is intended to stimulate discussion among cyber warriors and others about an approach to cyber maneuvers at the operational level. Cyberspace is one domain in what is commonly called “Multi-Domain Operations,” while movement and maneuver is one of the warfighting functions in U.S. Army doctrine. This sets the context for a proposed approach to a concept for offensive and defensive cyber maneuver operations that starts with a goal or mission, and allows preparation of the commander’s intent via a scheme of maneuver. The scheme of maneuver includes a sequence of categories of maneuver, which in turn are accomplished by specific cyber (or non-cyber) maneuver actions or fires, thereby connecting the mission to the scheme and categories of maneuver, and then to specific actions and fires. Effectiveness of specific cyber actions and fires will change over time, but the categories of maneuver and their intent are much more enduring. Commanders using this approach do not need to be “techies” to define a cyber scheme of maneuver. So long as the commander has, or has been provided, sufficient understanding of operational-level tradeoffs and effects of offensive and defensive cyber maneuvers, the staff can provide the technical details. MORE
|