An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

The Cyber Defense Review

Articles

1 ... 16 17 18 19 20 21 22 23 24 25 ... 40

Cyber Acquisition Policy Changes to Drive Innovation in Response to Accelerating Threats in Cyberspace

December 9, 2019 — The United States of America faces great risk in the cyber domain because our adversaries are growing bolder, increasing in number, improving their capabilities, and doing so rapidly. Meanwhile, the associated technologies are evolving so quickly that progress toward hardening and securing this domain is ephemeral, as systems reach obsolescence in just a few years and revolutionary paradigm shifts, such as cloud computing and ubiquitous mobile devices, can pull the rug out from the best-laid defensive planning by introducing entirely new regimes of operations. Contemplating these facts in the context of Department of Defense (DoD) acquisitions is particularly sobering because many cyber capabilities bought within the traditional acquisition framework may be of limited usefulness by the time that they are delivered to the warfighter. Thus, it is a strategic imperative to improve DoD acquisitions pertaining to cyber capabilities. This paper proposes novel ideas and a framework for addressing these challenges. MORE

United by Necessity: Conditions for Institutional Cooperation against Cybercrime

December 9, 2019 — Cybercrime continues to grow despite ongoing remediation efforts at the state and international level. The ease of access to commit cybercriminal activity beyond one’s borders makes this an international issue. Examining the cooperative schemes utilized in intergovernmental institutions such as the European Union (EU) Agency for Law Enforcement and Cooperation (Europol) illuminates possible conditions that encourage states to cooperate to fight cybercrime. Testing these conditions shows that the preexistence of an institution in a related issue area serves as the strongest driver of cooperation within an international institution against cybercrime. MORE

Feed the Bears, Starve the Trolls Demystifying Russia’s Cybered Information Confrontation Strategy

December 9, 2019 — This paper seeks to establish an explicit connection between Russian strategic information operations theory and the execution of Russian cyber operations. These operations are part of a larger strategic construct in the Russian lexicon known as “information confrontation” – a concept that is deeply embedded in Russian strategic thought and official doctrine. Furthermore, within the information confrontation concept, the Russians posit an essential distinction between technical and psychological effects. Using this distinction, we attempt to introduce analytical clarity to the study of Russian activities in the cyber domain. Specifically, within the technical/psychological distinction, we find that Russian operations that tend toward the latter tend to be less sophisticated and conducted at some level of remove from direct control by the regime, while the former clearly demonstrates what we refer to as “organizational sophistication.” MORE

Beyond the United Nations Group of Governmental Experts: Norms of Responsible Nation-State Behavior in Cyberspace

December 9, 2019 — While the September 2015 meeting between President Xi of China and President Obama of the United States seemed like a tipping point for norms in cyberspace, the United Nations Group of Governmental Experts (UNGGE) has been developing a useful set of norms for responsible conduct among nations in cyberspace for years. Although consensus was difficult to establish along the way, as it almost always is between nations, the Xi–Obama meeting started the process of establishing a broader agreement on a set of norms that was later endorsed by the Group of Seven and Group of 20. The endorsed norms followed previous agreements and focused on information sharing, cooperation, protection, and avoiding malicious activities within a state’s borders, as well as human rights violations. States were to avoid using their territory for attacks against technologies or critical infrastructure, abstain from disrupting supply chain security, and refrain from using cyber means to harm other states. However, the UNGGE norms effort wavered during 2017 when several key countries backed away from the original agreement for a variety of reasons ranging from inability to enforce it to concerns around its effect on future operations. MORE

A Model for Evaluating Fake News

December 9, 2019 — “Fake news” (FN) is slowly being recognized as a security problem that involves multiple academic disciplines; therefore, solving the problem of FN will rely on a cross-discipline approach where behavioral science, linguistics, computer science, mathematics, statistics, and cybersecurity work in concert to rapidly measure and evaluate the level of truth in any article. The proposed model relies on computational linguistics (CL) to identify characteristics between “true news” and FN so that true news content can be quantitatively characterized. Additionally, the pattern spread (PS) of true news differs from FN since FN relies, in part, on bots and trolls to saturate the news space. Finally, provenance will be addressed, not in the traditional way that examines the various sources, but in terms of the historical evaluations of author and publication CL and PS. MORE

Strategic Cyber: Responding to Russian Online Information Warfare

December 9, 2019 — The success of the democratic world and its citizens depends to a great extent on recognizing one’s strategic advantages. Secure on this high ground, a nation can dictate interstate strategic competition in favor of U.S. national security. In cyberspace, that advantage rests on defending and advancing a U.S. ideological advantage inherent in that platform. The quality of openness ensures the unfolding of confrontation well short of armed conflict and winning this war matters most to those seeking to erode U.S. strategic ascendancy. This paper follows Russia’s progression in its effort to reverse its unfavorable situation in cyberspace, largely by hoping to panic the United States into a series of poor policy decisions. A failure to see openness as the means to thwart this cognitive offensive all but hands Russia a victory. Reversing this outcome stands to blunt cyber tensions from giving rise to a means of setting conditions for a fait accompli and a military clash of arms. With this end in mind, there is much reason for optimism at the strategic level of such a war in cyberspace. MORE

Fake News, (Dis)information, and the Principle of Nonintervention: Scope, limits, and possible responses to cyber election interference in times of competition

December 9, 2019 — In the era of asymmetrical conflicts, information and communication technologies (ICT) play an essential role due to their importance in the manipulation and conditioning of public opinion.[1] Several threats are linked to the use of ICT but, in terms of interstate, strategic competition, one of the main dangers is represented by socalled “cyber election interference” (i.e., cyber election-meddling activities carried out by foreign states to influence the electorate of a target state through the diffusion of “fake news” or “alternative truths,” principally via the media and social networks (Facebook, Twitter, YouTube, etc.)). The aim of this paper is to clarify whether and when this kind of interference constitutes a breach of international obligations—in particular, of the principle of nonintervention in the internal affairs of a state—and to envisage possible lawful responses under international law by states targeted by said interference. MORE

Defense Support to the Private Sector New Concepts for the DoD’s National Cyber Defense Mission

December 9, 2019 — Aprimary mission of the Department of Defense (DoD) remains defending the nation in cyberspace, a function which has until this point has been oriented around the traditional Defense Support of Civil Authorities (DSCA) framework. However, conceptual confusion as to the most effective mechanisms for DoD support during national cyber emergencies has generated a perpetual “fog” that restricts the frameworks optimal employment. This paper examines the typical forms of DoD cyber support currently employed, and presents four additional pillars for consideration. These proposed pillars highlight the potential value of the DoD’s defined role and functionality as a supporting command to the private sector during national cyber emergencies. Furthermore, this paper recommends new, adaptable structures and defined roles that can serve as a model for the DoD’s future composition, disposition, and employment in cyberspace when called upon to defend the nation. Because the private sector is on the front lines of the conflict, a new model of Defense Support to the Private Sector (DSPS) needs consideration. MORE

Borders in Cyberspace Strategic Information Conflict since 9/11

December 9, 2019 — “The idea of degrading the opponent's information flow and, conversely, to protect or improve our own, has gained reasonably widespread acceptance and has resulted in important applications.” -- Thomas P. Rona, Weapons Systems and Information War, 1976[1] The Cold War ended in 1991 with the Soviet Union extinct and the United States perhaps the most powerful country in history, at least in relative terms. President Bill Clinton suggested at his 1993 inauguration that conflict had become an isolated phenomenon of extremists fighting against world order, disrupting nations and peoples but holding no real hope of accomplishing anything positive.[2] The end of the Cold War seemed to have restored respect for sovereignty grounded in international law. History had “ended” and the world had turned toward liberalism—but not wholly. MORE

Persistent Engagement, Agreed Competition, and Cyberspace Interaction Dynamics and Escalation

December 9, 2019 — Policymakers and academics have raised concerns over escalation should states adopt a more proactive cyberspace posture. The unspoken context for those fears is potential, episodic, offensive cyber operations that threaten to cause, or cause, physical damage. This narrow focus excludes an equally, if not more important, strategic space—actual, continuous, strategic competition without resort to armed attack, a space which, according to 2018 U.S. strategic guidance, poses a central challenge to national security. U.S. Cyber Command (USCYBERCOM) has described a strategic approach to cyberspace intended to counter and contest adversary gains: persistent engagement. This approach is assessed through a re-consideration of Herman Kahn’s On Escalation. It is concluded that competitive interaction in cyberspace short of armed conflict in an agreed competition, as opposed to spiraling escalation, best explains the dynamic from persistent engagement and, consequently, prevailing concerns of escalation are unwarranted. Agreement to compete robustly short of armed conflict may be the grand strategic consequence of cyberspace. MORE

1 ... 16 17 18 19 20 21 22 23 24 25 ... 40