April 30, 2019

Every Soldier a Cyber Warrior: The Case for Cyber Education in the United States Army

Cyberspace represents a new domain of warfare unlike any other in military history. Cyberwarfare practitioners be they state actors, non-state actors or individual hackers, are capable of tremendous–and readily deniable–damage to an opponent’s civil or military infrastructure. While recent events have focused upon the Islamic State’s ability to use the Internet for recruiting purposes, the real danger to the West comes from its two primary competitors. The Russian and Chinese governments are suspected of using the entire spectrum of cyber warfare as both a standalone capability as well as effectively incorporating it into the more traditional domains of war.

April 30, 2019

Seeing is Believing: Quantifying and Visualizing Offensive Cyber Operations Risk

This paper presents an integration of decision-maker preferences, quantitative risk analysis, and simulation modeling to aid commanders in choosing a course of action (COA) for conducting offensive cyber operations (OCO). It incorporates information from subject matter experts (SMEs) to parameterize a simulation model which provides decision support to mission planners when evaluating different COAs. The methodology is exercised and evaluated by cyberwarfare practitioners.

April 30, 2019

Cyber Attribution: Can a New Institution Achieve Transnational Credibility?

After the United States blamed China for the Office of Personnel Management intrusion in 2015, China called speculation on their involvement neither “responsible nor scientific.” [1] They subsequently suggested it was “imperative to stop groundless accusations, [and] step up consultations to formulate an international code of conduct...” [2] The US-China exchange raises a critical question: what qualifies as “groundless accusations,” and what would “responsible and scientific” attribution of nation-state sponsored attacks look like? The incident raises another question as well: what is the current US process for attribution, and is it achieving its aims? This paper argues that authoritative attribution of cyberattacks to nation-state actors requires more than purely technical solutions.

April 30, 2019

Reshaping Intelligence Operations in the Cyberspace Domain

Cyberspace has become the most active, contested, and congested of the warfighting domains. Both the new National Cyber Strategy and recent Department of Defense (DoD) Cyber Strategy describe an environment wrought with adversaries attempting to gain a military, political, and economic advantage over the United States (US). [1] Given the pace of operations and the rate of change in the environment, new ways of operating develop at a rapid pace. Although DoD has published Joint Publication (JP) 3-12 (Cyberspace Operations) that provides a foundation for understanding cyberspace and operations therein, the Army and Joint Force have a great opportunity (and requirement) to reflect the complexity and fluidity in this new domain and to more fully describe the level of conceptual and practical convergence between the land (physical), human, and cyberspace domains. The Army and Joint Force have the capacity to understand and detail these changes in the land and cyber domains and have the innovative leadership we need to integrate this convergence into our discussions, debates, concepts, and doctrine. The changes involved with the technology and the extent to which cyberspace is impacting the land and human terrain are significant even today. DoD must be bold and innovative to stay ahead of the threat and to take advantage of the potential that exists.

April 30, 2019

Modelling the Cognitive Work of Cyber Protection Teams

Cyber Protection Teams (CPTs) defend our Nation’s critical military networks. While Cyber Security Service Providers are responsible for the continuous monitoring and vulnerability patching of networks, CPTs perform threat-oriented missions to defeat adversaries within and through cyberspace. The research we report here provides a descriptive workflow of cyber defense in CPTs as well as a prescriptive work model that all CPTs should be capable of executing. This paper describes how these models were developed and used to assess technologies and performance of CPTs. Such models offer a variety of benefits to practitioner and research communities, particularly when the domain of practice is closed to most researchers. This project demonstrates the need for continual curation of CPT work models as well as the need for models of work for the other types of cyber teams (i.e. Mission and Support) in the Cyber Mission Force.

April 30, 2019

Code Girls: The Untold Story of the American Women Code Breakers of World War II

In Code Girls, Liza Mundy explores the previously untold story, and largely unrecognized contributions, of the first women to officially serve as part of World War II US intelligence code-breaking efforts. At approximately 11,000, these women comprised more than fifty percent of the 20,000 workers. Based on voluminous research from the National Cryptologic Museum and the National Archives, Mundy brings to life these civilian and military women’s stories as they decrypted messages from the enemy Axis Powers, thereby significantly advancing the Allied war effort.

April 30, 2019

The Cyber Defense Review: The Importance of Partnerships in the Cyber Domain

Welcome to another provocative edition of the CDR, which explores the importance of partnerships in the cyber environment. Crucial to the success and growth of the Army Cyber Institute (ACI) is the development of impactful partnerships. We are most proud of our special relationship and partnership with the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn, Estonia. The NATO CCDCOE is a global thought leader in the discussion and advancement of critical cyber issues—technology, strategy, operations, and law. Each year NATO CCDCOE hosts their prestigious International Conference on Cyber Conflict (CyCon) in Tallinn. This year’s CyCon conference theme of “Silent Battle” seeks to foster a conversation on topics such as vulnerabilities, exploitations and patches, threat detection and attribution, and situational awareness to wage this ‘silent battle.’ The ACI will support this magnificent event with speakers, West Point cadet participation, and distribution of the Spring CDR to all attendees. We at the ACI believe that operational success in the cyber domain derives from the development and evolution of strategic partnerships. We are excited that the CDR facilitates impactful partnerships and is at the fulcrum of the global cyber conversation.

Dec. 20, 2018

Disinformation – Дезинформация (Dezinformatsiya)

Disinformation is defined by Merriam-Webster as “false information deliberately and often covertly spread (as by the planting of rumors) in order to influence public opinion or obscure the truth.” [1] The word disinformation did not appear in English dictionaries until the 1980s. Its origins, however, can be traced back as early as the 1920s when Russia began using the word in connection with a special disinformation office whose purpose was to disseminate “false information with the intention to deceive public opinion.” [2]

Dec. 20, 2018

Operationalizing the Information Environment: Lessons Learned from Cyber Integration in the USCENTCOM AOR

From Joint Publication (JP) 3-13, the Information Environment (IE) is defined as “an aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information.” It is within this environment that our adversaries have engaged us persistently below a threshold that could trigger a kinetic response. Within the IE,

Dec. 18, 2018

Book Review: On Cyber: Towards an Operational Art for Cyber Conflict

The core of Conti and Raymond’s On Cyber: Towards an Operational Art for Cyber Conflict is found in the preface under the self-explanatory title, “Why this book?” and embedded in the following sentence: “The lack of an operational art for cyberspace operations is the inspiration for this book.” Conti and Raymond have identified a wide and open gap in the cyber literature, found not in the cyber hinterlands, but in the pivotal question of, “how do you do cyber operations?” We are now about 20 years into cyber – 20 years ago, cyber defense and cyber operations were all but unknown, and had less than a few references in the now-defunct Alta Vista search engine – and, discussions within the cyber community still occur mainly at the strategic and conceptual level, or at the purely tactical level. The larger policy debate is driven by a non-technical community, and the tactical level quickly becomes highly technical as a subset of computer science.