July 31, 2018

Welcome to The Cyber Defense Review—A Dynamic Multidisciplinary Dialogue

We are proud to introduce the inaugural print edition of The Cyber Defense Review (CDR). This quarterly journal will generate an intellectual multidisciplinary dialogue through thought provoking scholarly articles and essays on the strategic, operational, and tactical aspects of the cyber domain. The CDR will break down barriers and foster innovative solutions to global cybersecurity challenges. This inaugural CDR compiles perspectives from preeminent thinkers across the government, industry, and academia regarding potential challenges, impacts, and initiatives for consideration as we come to grips with cybersecurity.

July 31, 2018

There IS No Cyber Defense

There is a general principle driving the massive cybersecurity ecosystem that has flourished from the beginning: the necessary trade-off in balancing ease of deployment, the simplicity of operation, stability, and efficacy. While the entire ecosystem is predicated on constraints inherent in the foundational architecture, most in the defender community do not realize or understand what these are. Reliance on flawed fundamental assumptions from what worked years ago has led us to a deeply entrenched, but intrinsically vulnerable environment that is continually compromised by an endless number of exploits. Exploitation occurs in an infinite space that is unsolvable. We are building skyscrapers on quicksand, yet are surprised when they fall.

July 31, 2018

The U.S. Navy’s Evolving Cyber/Cybersecurity Story

You can’t pick up a newspaper or view a cable news program without hearing about cyber, whether cyberattacks, cyber defense, offensive cyber, cybersecurity, cyber threat, cyber Pearl Harbor, etc. You might think this issue just popped up the last few years. But all the armed services have been thinking about cyber for a number of years, in fact DEPSECDEF John Hamre originally used the term “cyber Pearl Harbor” in the 1990s, SECDEF Leon Panetta repeated it in 2012. The Navy in particular has been thinking about cyber for a long time. The origins of the military’s emphasis on cyber and cybersecurity can be traced back to at least 1996, when Joint Chiefs of Staff Chairman General John M. Shalikashvili, U.S. Army, released Joint Vision (JV) 2010. This seminal publication championed “Full Spectrum Dominance” as the “…key characteristic we seek for our Armed Forces in the 21st century.”

July 31, 2018

The Violence of Hacking: State Violence and Cyberspace

The violence of bits and bytes is real. How can we conceive of violence in a digital world? Do traditional definitions provide a reasonable means to understand the impact of violence emanating from cyberspace? This work examines the concept of violence at the state level and builds and argument that violence is not confined to pre-digital static definitions. Like physical violence, cyber violence conducted by states is instrumental and constitutive of both physical and non-physical acts. These acts in combination facilitate state goals, specifically the potential to win wars or achieve related policy objectives. Cyber war is not your father’s war, but it has many of the same effects. What are the first, second and third order effects achievable in cyberspace? Are these effects conceptual or have they been demonstrated? What does and can state violence in cyberspace look like and why is it important?

July 31, 2018

The Strategic Support Force and the Future of Chinese Information Operations

The establishment of the Strategic Support Force (战略支援部队, SSF) in December 2015 was a critical milestone in the history of the Chinese People’s Liberation Army (PLA), against the backdrop of its historic reform agenda. [1] The SSF’s creation reflects an innovation in force structure that could allow the PLA to operationalize its unique strategic and doctrinal concepts for information operations. Despite limited transparency, it is nonetheless possible to glean critical details about the SSF’s composition and key missions, based on a range of open sources. [2] It is clear that the SSF has been designed as a force optimized for dominance in space, cyberspace, and the electromagnetic domain, which are considered critical “strategic commanding heights” for the PLA. [3] Under its Space Systems Department (航天系统部), the SSF has seemingly consolidated control over a critical mass of the PLA’s space-based and space-related assets. Through these capabilities, the SSF has taken responsibility for strategic-level information support (信息支援) for the PLA in its entirety, enhancing its capability to engage in integrated joint operations and remote operations. [4] Concurrently, the SSF has integrated the PLA’s capabilities for cyber, electronic, and psychological warfare into a single force within its Network Systems Department (网络系统部), which could enable it to take advantage of key synergies among operations in these domains. However, beyond the SSF, the PLA also appears to be building up network-electronic operations (网电作战) capabilities within its national Joint Staff Department headquarters and within new regional theater commands (战区), reflecting the emergence of a multi-level force structure specializing in information operations. Thus, the SSF reflects the PLA’s uniquely integrated approach to force structure and operations in these vital new domains. This realization of this paradigm through the SSF will enhance the PLA’s capabilities to fight and win future “informatized” (信息化) wars.

July 31, 2018

The Future of Army Maneuver– Dominance in the Land and Cyber Domains

The year is 2025. Just before dawn, several independent 5-man teams from an Army Combined Arms Battalion prepare to launch an attack on a terrorist-insurgent stronghold outside a mega coastal city in a sub-Saharan nation. Before the commander sends in his attack forces, his cyberspace maneuver force has already established a secure communications network using Free Space Optics and Li-Fi and are conducting defensive cyber maneuver to protect and defend key cyber terrain. While monitoring local social media, cyber operators have intercepted insurgent communications, and located their operations center. They begin sending messages on social media to confuse the insurgent network and interfere with their command and control. Next, the cyber operators launch an offensive cyber maneuver, cutting power to the insurgent headquarters. In another offensive maneuver, the cyber force employs electromagnetic pulses to destroy the adversary’s electronic systems followed by a Radio Frequency capability to disable all insurgent vehicles. As dawn breaks, the insurgents awaken to the sound and fury of the Battalion’s direct and indirect fires…

July 31, 2018

The Role of Commercial End-to-End Secure Mobile Voice in Cyberspace

Commercially-available, end-to-end encryption software application solutions address cyber threats from advanced nation-state actors by securing mobile voice communications from eavesdropping. Existing mobile security frameworks, such as explained in a recent Department of Homeland Security (DHS) study, provide a good base for analysis, but are shown to have dealt insufficiently with the threat to mobile voice and corresponding encryption-based safeguards. A secure cyberspace thus requires increased attention to securing voice in addition to data when using mobile devices.

July 31, 2018

The Secret War Against the United States: The Top Threat to National Security and the American Dream Cyber and Asymmetrical Hybrid Warfare An Urgent Call to Action

Imagine if Pearl Harbor had been attacked and there had been no response from Washington. This is the actual case today due to a highly sophisticated, mature, and stealth strategy perpetrated against the United States (US) by advanced military methods leveled at every sector and organization in our society. This includes private sector businesses, all government agencies, the military, and academia—every US organization operating with innovation, intellectual property, or sensitive data. The world is in significant conflict requiring the US government, military, and private sector to deliberately confront this national crisis or become permanently irrelevant. It is no longer “business as usual.”

July 31, 2018

The Cyber Data Science Process

Our world is facing explosive growth in data being communicated on and generated by its people, their systems, and their networks. More data has been created in the past two years than in the entire previous history of mankind (Heidorn, 2016). By 2020, our digital universe of data will grow to 44 zettabytes (or 44 trillion gigabytes) which is ten times its size today. The enormity of this data and our ability to apply advanced technology to leverage it to gain new insights is often described as the era of “big data.” The study and application of big data spawned a new interdisciplinary field known as data science which combines the domains of operations, mathematics, and computer science as well as several ancillary fields such as social science, intelligence, and economics. The application of data science has already shown great promise in a wide range of fields from medicine to business.

July 31, 2018

The Cyber Domain

Both the Department of Defense (DoD) and the North Atlantic Treaty Organization (NATO) have declared that cyber is a “domain”, co-equal with air, land, and sea. DoD also recognizes space as a domain. Merriam-Webster defines a domain as a sphere of knowledge, influence, or activity. [1] Although DoD does not define “domain”, it does define cyberspace as “A global domain within the information environment consisting of the interdependent network of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.” [2] No one has yet proposed what the cyber domain is, where militaries should be operating in cyberspace, and what missions’ militaries should be doing in cyberspace. This article identifies what DoD says their missions are in cyberspace and discusses what areas are appropriate for military operations in cyberspace. Additionally, it argues that militaries must be very careful about what missions they accept in cyberspace, and must circumscribe their forays into cyberspace lest they are overwhelmed by the sheer scope of the domain.