Nov. 18, 2020

Jack Voltaic®: Bolstering Critical Infrastructure Resilience

According to the Department of Homeland Security (DHS), municipal critical infrastructure has become an ideal target for a range of cyber threat actors including near-peer competitors seeking geopolitical gains and decentralized cyber criminals attempting to hold cities captive for monetary gain. With municipalities predominantly partnering with the private sector for operation of national critical infrastructure as defined in Presidential Policy Directive (PPD) 21, cities, states, and industry entities find themselves on the front lines—possibly the first line of defense—against a perpetual barrage of attacks in cyberspace. Accordingly, a dynamic shift from traditional conflict in the physical world to a homeland defense posture in cyberspace reveals several potential gaps with regard to handling emergency situations, coordinating response efforts, and restoring basic services for citizens.[3] This article seeks to highlight this dynamic environment, and the inherent gaps that exist in bolstering critical infrastructure resilience. Accordingly, the Jack Voltaic® (JV) research framework discussed in this article explores the interconnections among municipal, state, and federal response efforts during a cyber emergency scenario, with added emphasis on critical findings and themes from its Jack Voltaic® 2.5 workshop series. This effort brought together key regional stakeholders from across various levels of governance, the private sector, and academia to discuss the findings of previous JV exercises, lessons learned, and how similar efforts can strengthen critical infrastructure, community resilience, and a whole-of-nation approach to handling cyber threats.[4] This article will highlight common findings and themes from multiple exercises and workshops that further reinforce current JV research and the Jack Voltaic® 3.0 Legal and Policy Tabletop Exercise (TTX). Finally, this article concludes with a detailed discussion about JV 3.0, which is scheduled to execute in September 2020.

Nov. 18, 2020

A Legal Framework for Enhancing Cybersecurity through Public-Private Partnership

The Cyberspace Solarium Commission (CSC) published its report in March 2020 offering emphatic, far-reaching recommendations in the cybersecurity domain. This report highlights the rapidly growing importance of public-private partnership (P3) in this domain as a national security cornerstone, and significantly informs the debate over the public-private balance in the cybersecurity system of governance in the United States. While important questions remain as to the best ways to safeguard public law values, the report strongly supports arguments for informed P3 collaboration, and further discourages the notion that cybersecurity should exclusively be an inherently governmental function. A legal analysis of partnering in the cyber domain suggests the risks of violating existing inherently governmental function rules are low, and navigable. Indeed, the CSC’s strong, bipartisan report accepts this as a given point of departure from the ad hoc P3 system we have today, and recommends concrete steps to advance national security and other public law values such as accountability, transparency, fairness, and privacy. Like legislation that set the stage for the NASA-SpaceX partnership, the CSC’s unequivocal embrace of P3 in the cybersecurity realm has great potential to guide legislation and other steps to reshape and adapt “defense-of-nation” Cyber domain efforts.

Nov. 18, 2020

Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks

This paper extends the work of the Lockheed Martin research team on intrusion kill chains (the identification and prevention of cyber intrusions) in 2010. The theory has languished in the network defender community not because it is not the right idea, but because most InfoSec teams do not have the resources to implement it. What has prevented the success of the intrusion kill chain strategy is a standard framework to collect the intelligence associated with specific adversaries, to share and consume that standardized intelligence with trusted partners, and then to automatically process that intelligence and distribute new prevention controls to the network defender’s security stack. The adversary playbook is that framework.

Nov. 18, 2020

Cyber Maneuver and Schemes of Maneuver

This article is intended to stimulate discussion among cyber warriors and others about an approach to cyber maneuvers at the operational level. Cyberspace is one domain in what is commonly called “Multi-Domain Operations,” while movement and maneuver is one of the warfighting functions in U.S. Army doctrine. This sets the context for a proposed approach to a concept for offensive and defensive cyber maneuver operations that starts with a goal or mission, and allows preparation of the commander’s intent via a scheme of maneuver. The scheme of maneuver includes a sequence of categories of maneuver, which in turn are accomplished by specific cyber (or non-cyber) maneuver actions or fires, thereby connecting the mission to the scheme and categories of maneuver, and then to specific actions and fires. Effectiveness of specific cyber actions and fires will change over time, but the categories of maneuver and their intent are much more enduring. Commanders using this approach do not need to be “techies” to define a cyber scheme of maneuver. So long as the commander has, or has been provided, sufficient understanding of operational-level tradeoffs and effects of offensive and defensive cyber maneuvers, the staff can provide the technical details.

Nov. 18, 2020

Beyond Hyperbole: The Evolving Subdiscipline of Cyber Conflict Studies

Hardly a day goes by without a cyber-related news story coming across the wires, yet the International Relations (IR) subdiscipline of cyber conflict studies has yet to meaningfully impact a wider discourse. This article examines the impact of five recent scholarly works on the evolution of this subdiscipline that, while quite popular within the general population, remains largely ignored by the broader International Relations (IR) scholarly community. The article dissects the strengths and weaknesses of these works and their place in the evolving literature by a generation of scholars who are moving debates beyond hyperbole. By highlighting cyber conflict studies to date, this roadmap hopefully will help to advance the study of cyberspace within the IR cyber community.

Nov. 18, 2020

Why the Law of Armed Conflict (LOAC) Must Be Expanded to Cover Vital Civilian Data

In June 2017, during Ukraine’s multi-year undeclared war with Russia, the NotPetya worm hit Ukraine as part of a “scorched-earth testing ground for Russian cyberwar tactics.” Between 2015 and 2016, Kremlin-backed hackers known as Sandworm focused on Ukrainian government organizations and companies. In the NotPetya cyber-attack against Ukraine, this worm spread automatically, rapidly, and indiscriminately throughout thousands of computers worldwide, crippling multinational companies, including maritime shipping giant Maersk, pharmaceutical giant Merck, food producer Mondelēz International, and even Russia’s state-owned oil company, Rosneft. NotPetya is unlike other malware to date because its goal was purely destructive. It mimicked ransomware but was, in reality, more sinister since there was no amount of ransom that could be paid to decrypt a system’s data because no decryption key even existed. Damages associated with the 2017 NotPetya attack exceeded $10 billion. While there was no loss of life, former U.S. Department of Homeland Security advisor Tom Bossert equated NotPetya’s destructiveness to “using a nuclear bomb to achieve a small tactical victory.”

Nov. 18, 2020

Contesting Key Terrain: Urban Conflict in Smart Cities of the Future

Smart City initiatives are multiplying at an accelerated pace. Hundreds of Smart City pilot projects are aiming to make urban dwelling more sustainable by leveraging automation, and digitizing interactions among technologies, people, and the physical environment. Each project is an ecosystem, with stakeholders ranging from government officials and technology firms with their near infinite supply chains to city residents. Many projects that began as experimental pilots are now integral to the way city government organizations deliver services to their constituents. An increasingly urbanized world, rapidly becoming more dependent upon sophisticated technologies, presents novel and substantial complexities to future military operations.

Nov. 18, 2020

Prioritizing SOF Counter-Threat Financing Efforts in the Digital Domain

Threat financing describes how threat actors move, manage, and raise funds to support their specific goals. One emerging challenge for Special Operations Forces (SOF) support to counterterrorism missions is digital threat financing. This has risen to prominence in recent years with the evolution of digital currencies, cashless payments, and other forms of financial technology that allow for the near-instantaneous transfer of funds from one party to another. As such, SOF must undertake and prioritize counter-threat finance (CTF) efforts for its Theater Special Operations Commands (TSOCs) and its intelligence analysts to deter violent extremist organizations (VEO).

Nov. 18, 2020

COVID-19: The Information Warfare Paradigm Shift

Thomas Kuhn's The Structure of Scientific Revolutions highlights the critical term “paradigm shift,” which occurs when it suddenly becomes evident that earlier assumptions are no longer correct. The plurality of the scientific community studying this domain accepts the change. These paradigm-shifting events can be scientific findings or, as in the social sciences, a system shock that creates a punctured equilibrium, triggering a leap forward acquiring new knowledge.

Nov. 18, 2020

Cybercrime and Society Third Edition: Book Review

The following book review covers the overview, content, and insights of Majid Yar and Kevin F. Steinmetz’s “Cybercrime and Society” Third Edition, published by SAGE publication in 2019. The structure of the book review includes a cursory background on the authors, the structure of the book content design, an overview of the chapter contents, and a book review conclusion. The book is being reviewed as part of a process to evaluate it for an upcoming undergraduate course in Foundations in Cybersecurity for Computer Science and Criminal Justice students working towards a minor or concentration in Cybersecurity. Provoking questions about our dependence on the Internet and approach to cyber threats.