July 31, 2018

Determinants of the Cyber Escalation Ladder

This article investigates how the speed and sophistication of cyber tools shape modern conflict. Using the United States as a case study, it looks at how, when, and why physical and cyber affronts can quickly escalate, and what appropriate counter-actions exist at each stage of the conflict. We also briefly contrast the US physical and cyber conflict escalation ladders with those of China and Russia. Our work has important implications for policy-makers and military leaders as it demonstrates the importance of having cyber escalation ladders for each country. We stress that not only should these ladders include country-specific perceptions of various actors and their likely motivations, but they should also account for other actors’ differences in perception of various physical and cyber actions. The latter could lead to a difference in each state’s understanding of the others’ escalation ladders, and thus unexpected responses.

July 31, 2018

Demonstrating Value and Use of Language–Normalizing Cyber as a Warfighting Domain

Cyberspace has been recognized as a warfighting domain in the US Department of Defense (DoD), yet neither the DoD nor the broader US Government has taken full advantage of military cyber power to defend US interests and project power. One important reason for this is how we choose to consider and describe cyber. Do we treat it as no different from other domains and normalize cyber as a warfighting capability? Or do we recognize it as fundamentally different from other warfighting domains and use cyber-unique approaches? I believe the answer to both questions is “yes”—we need to further normalize cyber as a warfighting capability, yet recognize how it is different from the physical warfighting domains. The key to our future success lies in reconciling these two perspectives.

July 31, 2018

Defending the Democratic Open Society in the Cyber Age – Open Data as Democratic Enabler and Attack Vector

In the security paradigm, privacy is the major challenge for the security of an open society against cyber threats. In contemporary society, privacy is a lesser security challenge than the threat of an increased attack surface and strengthened attack vectors: Big Data, artificial intelligence, and the massive aggregation of public data. In this research note, we introduce a high-level conflict between interests and societal goals that supersede the privacy and security conflict.

July 31, 2018

Cyberspace Operations Collateral Damage - Reality or Misconception?

Practically all military actions have the potential to result in undesirable collateral damage. Laws and international treaties mandate the minimization of civilian casualties and damage to civilian property. To enforce this, the military developed methods and tools to help predict the collateral damage that may result from the employment of specific weapon systems under various conditions. These processes have been refined over time, and are now very effective for the planning of kinetic operations.

July 31, 2018

Cyberspace in Multi-Domain Battle

Today, United States superiority in any domain is no longer a guarantee. The continued low barriers to entry and use of relatively inexpensive cyberspace technologies may create advantages across any domain as well as the human dimension. Domination in any domain no longer makes for a successful military operation. Instead, leveraging multiple domains at specific points of opportunity creates the competitive advantage required to defeat adversaries on future battlefields. Recognizing this new paradigm, the Army and Marine Corps developed the Multi-Domain Battle Concept to deter and defeat enemies. [1]

July 31, 2018

Cybersecurity: Focusing on Readiness and Resiliency for Mission Assurance

Mission assurance is the primary responsibility of all within the Department of Defense (DoD) and ultimately is Commander’s business. It is imperative in today’s rapidly changing information environment that Commanders understand how each of their primary missions is dependent on the operational platform for information for mission success. Having a comprehensive operational understanding of the cybersecurity readiness and capabilities of their information networks; including their ability to identify vulnerabilities and protect against threats, is as essential as understanding physical terrain in a kinetic operation. This involves a complete, end-to-end analysis of the information environment with an understanding of its technology, processes, and people. With that perspective, operational commanders can make informed choices on risk to their missions and implement means to continue operations in the face of an adversary determined to disrupt them.

July 31, 2018

Cybernomics – Changing the Economics of Cyber Defense

Cyber defense is on an unsustainable trajectory. Thanks to freely distributed and automated attack tools, cheap labor in countries from which attacks are launched, and stolen computing resources assembled into botnets, the cost of cyber-attack is estimated to be one-tenth to one-one hundredth the total cost of cyber defense.

July 31, 2018

Cyber Threat Characterization

In this article, we discuss the threat component of the risk to information systems. We review traditional cyber threat models, then present a technical characterization of the cyber threat along ten dimensions. We cross-reference an industry analysis of the Stuxnet threat to illustrate our thinking and conclude with an outline of the threat model application to the development of Cyber Red Books™.

July 31, 2018

Cyber Situational Awareness

Cyberspace threats are real and growing. Worldwide cybersecurity trends and implications support these assertions: 97% of organizations analyzed in 63 countries have experienced a cyber breach; 98% of applications tested across 15 countries were vulnerable; in 2014, threat groups were present on a victim’s network a median of 205 days before detection; $7.7M was the mean annualized cost of cyber crime across 252 global, benchmarked organizations in 2015; and 60% of enterprises globally spend more time and money on reactive measures versus proactive risk management.[1][2][3][4][5] “Every conflict in the world has a cyber dimension,” testified ADM Michael Rogers, Commander of U.S. Cyber Command and Director of the National Security Agency, before the House Armed Services Committee in March 2015.[6] These facts, and the increasing acknowledgement regarding the importance of cyberspace on operations, place organizational leaders under immense pressure to make sound cybersecurity investment choices. Cybersecurity has truly become a political, military, economic, social, information, infrastructure, physical environment, and time concern for senior leaders.

July 31, 2018

Cyber Risk Assessment in Distributed Information Systems

This paper presents a disciplined approach to cyber risk assessment in distributed information systems. It emphasizes cyber vulnerability assessment in the architecture, specification and implementation—the knowledge of us—as a vital first step in estimating the consequence of information compromise in critical national security systems. A systematic methodology that combines information flow analysis and Byzantine failure analysis allows assessing the effects of information integrity compromises and the development of a Blue Book to guide cooperative Blue Team testing. The analysis of system vulnerability extends to cyber threats—the knowledge of them—leading to the development of a Red Book to inform adversarial Red Team testing. The paper concludes with a notional case study that illustrates this approach.