July 31, 2018

Direct Commission for Cyberspace Specialties

The US Army executes small-scale direct commission programs for specialties needed within the profession of arms. When expanded into Cyberspace, similar programs can provide an opportunity to enhance readiness and capability while building toward a force of the future. A Cyberspace direct commission program can serve as a test case for removing the traditional bar to lateral entry for technical specialties. Challenges relating to culture, development, and operations may arise during implementation of such a program. This paper hopes to start the initial discussion on these topics and introduce ideas about future research that can contribute to the Army’s assessment of a direct commission program.

July 31, 2018

Digital Network Resilience: Surprising Lessons from the Maginot Line

For most of us today, the phrase “Maginot Line” is a stale but cruel joke, if not just some vague memory from a high school history class. It is well-worn metaphoric shorthand for any defensive measure firmly believed to provide excellent protection, but that is in fact quite useless. Actually, worse than useless—because building a Maginot Line creates the complacency of a false sense of security.

July 31, 2018

Determinants of the Cyber Escalation Ladder

This article investigates how the speed and sophistication of cyber tools shape modern conflict. Using the United States as a case study, it looks at how, when, and why physical and cyber affronts can quickly escalate, and what appropriate counter-actions exist at each stage of the conflict. We also briefly contrast the US physical and cyber conflict escalation ladders with those of China and Russia. Our work has important implications for policy-makers and military leaders as it demonstrates the importance of having cyber escalation ladders for each country. We stress that not only should these ladders include country-specific perceptions of various actors and their likely motivations, but they should also account for other actors’ differences in perception of various physical and cyber actions. The latter could lead to a difference in each state’s understanding of the others’ escalation ladders, and thus unexpected responses.

July 31, 2018

Demonstrating Value and Use of Language–Normalizing Cyber as a Warfighting Domain

Cyberspace has been recognized as a warfighting domain in the US Department of Defense (DoD), yet neither the DoD nor the broader US Government has taken full advantage of military cyber power to defend US interests and project power. One important reason for this is how we choose to consider and describe cyber. Do we treat it as no different from other domains and normalize cyber as a warfighting capability? Or do we recognize it as fundamentally different from other warfighting domains and use cyber-unique approaches? I believe the answer to both questions is “yes”—we need to further normalize cyber as a warfighting capability, yet recognize how it is different from the physical warfighting domains. The key to our future success lies in reconciling these two perspectives.

July 31, 2018

Defending the Democratic Open Society in the Cyber Age – Open Data as Democratic Enabler and Attack Vector

In the security paradigm, privacy is the major challenge for the security of an open society against cyber threats. In contemporary society, privacy is a lesser security challenge than the threat of an increased attack surface and strengthened attack vectors: Big Data, artificial intelligence, and the massive aggregation of public data. In this research note, we introduce a high-level conflict between interests and societal goals that supersede the privacy and security conflict.

July 31, 2018

Cyberspace Operations Collateral Damage - Reality or Misconception?

Practically all military actions have the potential to result in undesirable collateral damage. Laws and international treaties mandate the minimization of civilian casualties and damage to civilian property. To enforce this, the military developed methods and tools to help predict the collateral damage that may result from the employment of specific weapon systems under various conditions. These processes have been refined over time, and are now very effective for the planning of kinetic operations.

July 31, 2018

Cyberspace in Multi-Domain Battle

Today, United States superiority in any domain is no longer a guarantee. The continued low barriers to entry and use of relatively inexpensive cyberspace technologies may create advantages across any domain as well as the human dimension. Domination in any domain no longer makes for a successful military operation. Instead, leveraging multiple domains at specific points of opportunity creates the competitive advantage required to defeat adversaries on future battlefields. Recognizing this new paradigm, the Army and Marine Corps developed the Multi-Domain Battle Concept to deter and defeat enemies. [1]

July 31, 2018

Cybersecurity: Focusing on Readiness and Resiliency for Mission Assurance

Mission assurance is the primary responsibility of all within the Department of Defense (DoD) and ultimately is Commander’s business. It is imperative in today’s rapidly changing information environment that Commanders understand how each of their primary missions is dependent on the operational platform for information for mission success. Having a comprehensive operational understanding of the cybersecurity readiness and capabilities of their information networks; including their ability to identify vulnerabilities and protect against threats, is as essential as understanding physical terrain in a kinetic operation. This involves a complete, end-to-end analysis of the information environment with an understanding of its technology, processes, and people. With that perspective, operational commanders can make informed choices on risk to their missions and implement means to continue operations in the face of an adversary determined to disrupt them.

July 31, 2018

Cybernomics – Changing the Economics of Cyber Defense

Cyber defense is on an unsustainable trajectory. Thanks to freely distributed and automated attack tools, cheap labor in countries from which attacks are launched, and stolen computing resources assembled into botnets, the cost of cyber-attack is estimated to be one-tenth to one-one hundredth the total cost of cyber defense.

July 31, 2018

Cyber Threat Characterization

In this article, we discuss the threat component of the risk to information systems. We review traditional cyber threat models, then present a technical characterization of the cyber threat along ten dimensions. We cross-reference an industry analysis of the Stuxnet threat to illustrate our thinking and conclude with an outline of the threat model application to the development of Cyber Red Books™.