July 31, 2018

Growing Role of Platforms in Cybersecurity

Platforms are becoming a dominant force in business and software architecture. Regardless of where you look across commercial, government, health or military/defense sectors, platforms are increasingly becoming core features of the digital world. They are at the center of digital ecosystems. When we think platforms today, it is important to realize that there is a business view, a technology view, and an ecosystem view. Evolving from highly specialized and expensive Service Delivery Platforms, today these multi-tenant and multi-role platforms provide reusable sets of building block capabilities designed to accelerate the growth and to sustain multiple digital ecosystems.

July 31, 2018

Encounter Battle: Engaging ISIL in Cyberspace

Although the United States withdrew its last remaining combat forces from Iraq in December 2011, a significant insurgency spanning the territory of Iraq and Syria has evolved under a variety of names including the Islamic State, Islamic State in Syria (ISIS) and the Islamic State in Iraq and the Levant (ISIL)—for this work, we choose to employ the title ISIL. Since ISIL’s break with al-Qaeda in February 2014, it has become the chief standard-bearer of a Salafi jihadist movement set upon forming a trans-regional caliphate. In its activities, ISIL has extended its territorial reach across North Africa and the Arabian Peninsula as well as claiming credit for terror attacks from Belgium to Bangladesh. As much as a movement, ISIL is the contemporary brand for Jihadist insurgency in the Middle East and beyond.

July 31, 2018

Direct Commission for Cyberspace Specialties

The US Army executes small-scale direct commission programs for specialties needed within the profession of arms. When expanded into Cyberspace, similar programs can provide an opportunity to enhance readiness and capability while building toward a force of the future. A Cyberspace direct commission program can serve as a test case for removing the traditional bar to lateral entry for technical specialties. Challenges relating to culture, development, and operations may arise during implementation of such a program. This paper hopes to start the initial discussion on these topics and introduce ideas about future research that can contribute to the Army’s assessment of a direct commission program.

July 31, 2018

Digital Network Resilience: Surprising Lessons from the Maginot Line

For most of us today, the phrase “Maginot Line” is a stale but cruel joke, if not just some vague memory from a high school history class. It is well-worn metaphoric shorthand for any defensive measure firmly believed to provide excellent protection, but that is in fact quite useless. Actually, worse than useless—because building a Maginot Line creates the complacency of a false sense of security.

July 31, 2018

Determinants of the Cyber Escalation Ladder

This article investigates how the speed and sophistication of cyber tools shape modern conflict. Using the United States as a case study, it looks at how, when, and why physical and cyber affronts can quickly escalate, and what appropriate counter-actions exist at each stage of the conflict. We also briefly contrast the US physical and cyber conflict escalation ladders with those of China and Russia. Our work has important implications for policy-makers and military leaders as it demonstrates the importance of having cyber escalation ladders for each country. We stress that not only should these ladders include country-specific perceptions of various actors and their likely motivations, but they should also account for other actors’ differences in perception of various physical and cyber actions. The latter could lead to a difference in each state’s understanding of the others’ escalation ladders, and thus unexpected responses.

July 31, 2018

Demonstrating Value and Use of Language–Normalizing Cyber as a Warfighting Domain

Cyberspace has been recognized as a warfighting domain in the US Department of Defense (DoD), yet neither the DoD nor the broader US Government has taken full advantage of military cyber power to defend US interests and project power. One important reason for this is how we choose to consider and describe cyber. Do we treat it as no different from other domains and normalize cyber as a warfighting capability? Or do we recognize it as fundamentally different from other warfighting domains and use cyber-unique approaches? I believe the answer to both questions is “yes”—we need to further normalize cyber as a warfighting capability, yet recognize how it is different from the physical warfighting domains. The key to our future success lies in reconciling these two perspectives.

July 31, 2018

Defending the Democratic Open Society in the Cyber Age – Open Data as Democratic Enabler and Attack Vector

In the security paradigm, privacy is the major challenge for the security of an open society against cyber threats. In contemporary society, privacy is a lesser security challenge than the threat of an increased attack surface and strengthened attack vectors: Big Data, artificial intelligence, and the massive aggregation of public data. In this research note, we introduce a high-level conflict between interests and societal goals that supersede the privacy and security conflict.

July 31, 2018

Cyberspace Operations Collateral Damage - Reality or Misconception?

Practically all military actions have the potential to result in undesirable collateral damage. Laws and international treaties mandate the minimization of civilian casualties and damage to civilian property. To enforce this, the military developed methods and tools to help predict the collateral damage that may result from the employment of specific weapon systems under various conditions. These processes have been refined over time, and are now very effective for the planning of kinetic operations.

July 31, 2018

Cyberspace in Multi-Domain Battle

Today, United States superiority in any domain is no longer a guarantee. The continued low barriers to entry and use of relatively inexpensive cyberspace technologies may create advantages across any domain as well as the human dimension. Domination in any domain no longer makes for a successful military operation. Instead, leveraging multiple domains at specific points of opportunity creates the competitive advantage required to defeat adversaries on future battlefields. Recognizing this new paradigm, the Army and Marine Corps developed the Multi-Domain Battle Concept to deter and defeat enemies. [1]

July 31, 2018

Cybersecurity: Focusing on Readiness and Resiliency for Mission Assurance

Mission assurance is the primary responsibility of all within the Department of Defense (DoD) and ultimately is Commander’s business. It is imperative in today’s rapidly changing information environment that Commanders understand how each of their primary missions is dependent on the operational platform for information for mission success. Having a comprehensive operational understanding of the cybersecurity readiness and capabilities of their information networks; including their ability to identify vulnerabilities and protect against threats, is as essential as understanding physical terrain in a kinetic operation. This involves a complete, end-to-end analysis of the information environment with an understanding of its technology, processes, and people. With that perspective, operational commanders can make informed choices on risk to their missions and implement means to continue operations in the face of an adversary determined to disrupt them.