Nov. 4, 2016

The False Promise of Hacking Democracy

“Probable impossibilities are to be preferred to improbable possibilities” It is immensely convenient to claim that a Federal election can be hacked; however, the reality of hacking such an election is far more difficult than one might realize. The level of complexity in the US electoral process is such that to hack the election would require a combined feat of technical and social engineering requiring tens of thousands of co-conspirators operating across hundreds of jurisdictional boundaries with divergent laws and practices. Having worked in democracy development for the better part of 10 years on elections in several dozen countries, the state of American electoral security is strong because of its immensely decentralized nature. In a case where the bewildering and often arcane complexity facilitates inefficiency, it is this inefficiency that coincidentally fosters systemic resilience. It is the organizational attributes of a national election run by state and local authorities that make the United States a poor target for any malicious actor attempting to directly affect the polling places where American’s cast their ballots.

Nov. 2, 2016

Education for the Future of Cyber

Education will be the cornerstone for our nation’s success in cyberspace. The military has made efforts towards building the force necessary to defend its borders within cyberspace. The United States (US), however, will need to invest in its youth to better prepare for the future. This article focuses on current efforts to prepare for cyber warfare through the education system, community programs, and military training. With a better understanding of the current efforts, organizations can strengthen programs or focus on areas necessary to further US capabilities in cyberspace.

Sept. 19, 2016

FBI Cyber: Preventing Tomorrow’s Threats Today

Is the Federal Bureau of Investigation capable of defending the citizens of the United States of America against cyber-attacks? Are the cyber criminals of today too advanced and unpredictable for the FBI to keep up with? Is it possible for the FBI to predict and overcome such an advanced and ever-changing adversary? Although the cyber domain is challenging law enforcement in new and unpredictable ways, this paper imagines a future in which they are fully capable of combating cyber criminals. By reviewing past successes within the FBI, examining their ability to overcome jurisdictional hurdles, and analyzing their capacity to innovate and adapt to criminals who think they can outsmart them, the FBI of the future will be able to proactively prevent tomorrow’s threats today.

Sept. 7, 2016

Safeguarding The United States Military’s Cyber Supply Chain

America’s military cyber supply chain (USMCSC) depends on China’s manufacturing sector, yet faces uncertainty with regards to China’s global political stance. While trade between the United States and China is extremely crucial to both country’s economies and respective GDPs, at what point does the US military choose to refrain from doing business with China? China’s desire to become one of the leading global powers has resulted in its significant and aggressive military growth. American defense companies, desiring to maintain revenues and market share, increasingly outsource military manufacturing to Chinese companies. China is slated to become a hub for American military software outsourcing. Given such a flow of information along the cyber supply chain, it is not unreasonable to suspect that China is culling the USMCSC for information for its own militaristic use. If this is the case, should the US military curb or cut trade with China as means of safeguarding American military secrets?

Sept. 7, 2016

There Is No “Cyber”

At the recent Joint Service Academy (JSA) Cyber Security Summit at West Point (20-21 April, 2016), the word “cyber” was used in multiple different facets. As a noun, cyberspace is the “Domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data…” [COL11]. This is perhaps the broadest definition possible, proposed as the Cyberspace Operations Lexicon by the Joint Chiefs of Staff. While the ambiguity with the meaning of the proper noun “Cyber” provides a difficult framework to focus meaningful actions, our use of the words “Cyber”, “Digital” and their like as adjectives serves only to create artificial divisions among researchers, practitioners, and decision-makers in the area.

Sept. 7, 2016

Cyber Domain: Getting Ourselves Ready for Future Readiness and Conflict

The issue. DoD has been trying to establish its plans, structures, processes, and systems to deal with its cybersecurity and operational issues for several years. These efforts have slowly evolved as DoD has clarified and understood its cyber mission. Given the latest proclamation of the cyber roles assigned to government agencies (in the Presidential Policy Directive 41), it is probably time to put together more definitive plans for the DoD cyber forces and the cyber duties associated with all units, service members, and DoD employees. Another recent document that helps DoD sort out its cyber roles comes from the Joint Operating Environment 2035 (JOE2035), subtitled The Joint Force in a Contested and Disordered World, published in 14 July 2016. Essentially, the President’s document assigns DoD to take care of DoD-related contested military cyber issues. The JOE2035 predicts there will be plenty to do by the cyber forces, and identifies a high-probability, almost continuous, context for future conflict in cyberspace by outlining the struggle to define and protect sovereignty in cyberspace for our military. The cyber domain is a growth area with the specter of continuous, sometimes intense, conflict for a long time. With the US depending heavily on the interdependent networks of information technology (Internet, telecommunications networks, computer systems, embedded processors and controllers) and the data, information, and knowledge that is stored and flows through and between these systems, the cyber domain is the place where a high-stakes competition has, is and will be taking place.

Aug. 21, 2016

Enter the Policy and Legal Void

Soldiers are down range and have suites of tools available to them that they cannot use to their full capability. They are not technically limited, but rather constrained by the authorities and pre-requisite policies established in a pre-digital age. We tell them to go and defeat ISIS, Al al’Qaeda, or pick another future adversary, but they must do so with their hands tied behind their backs. Make no mistake, as a nation we are currently involved in a global conflict. The conflict is not defined by traditional weapons, but by bits and bytes traversing fiber lines and airwaves. This global information war collides with many of the values of Western Democracies, and the societal constraints of authoritarian regimes. The robust constraints on governmental instruments serve a valuable purpose, yet at the same time our Soldiers in the field are struggling to navigate complex legal and policy waters while corporations are drowning in data that might inform or provide context for a variety of mission sets. The volume and velocity of this data is only set to grow as globally the number of Internet enabled devices increases from approximately 17 billion to 50 billion and beyond. At the beginning of the digital age it is imperative that we, as a society, begin discussing the future we are rapidly entering.

Aug. 10, 2016

The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography

The Code Book is about the mathematics and science of codes and ciphers throughout history. Singh specifically lists two purposes for this book. The first is to show the evolution of codes and ciphers, and the second is to demonstrate their relevance in today’s society. Throughout the eight chapters, he discusses the elements of complex ciphers and simplifies the mathematical details for a general audience. He enthusiastically presents stories surrounding ciphers such as who created them, who sought to break them, and if and how the codebreakers were successful. We, as student and instructor in a course entitled Networks for Cyber Operations, used this book as one of our texts in the Spring semester of 2016.

Aug. 8, 2016

Critical Infrastructure Exercise 16.2 – A Transformative Cybersecurity Learning Experience

With an increased national awareness that the critical infrastructure which keeps our country running is surprisingly vulnerable—not just to physical attacks, but also to cyberattacks that can be initiated from anywhere in the world—the State of Indiana executed CRIT-EX 16.2 on the 18th and 19th of May, 2016, at the Muscatatuck Urban Training Center. This cyberattack readiness exercise focused on improving Indiana’s overall security and responsiveness of its critical infrastructure to face advanced cyber disruption of essential water utility services – presenting an extreme public safety threat. Indiana, like the rest of the country, understands it has a short window of opportunity to prepare for a major cybersecurity event that, if successful, could be as devastating as a major earthquake or tornado. In order to effectively prepare for such a scenario, Indiana’s cybersecurity stakeholders realized they had to build high-functioning, collaborative networks that span the public and private sector. By working to collaborate on high-risk cyber issues, organizations throughout Indiana are elevating their response postures, and preparing to ratchet up their ability to confront the threats of tomorrow [1].

June 28, 2016

Maximizing Flexibility: Mitigating Institutionalized Risk in the Cyber Mission Force

Leaders increasingly focus on the growing risk to national security in cyberspace. Today, there is little need to describe the dynamic and unpredictable nature of cyberspace, a wide and growing threat landscape, and rapidly evolving threat capabilities and tactics. Despite tremendous resources dedicated to securing cyberspace, threats always seem to find a way. In corporate board rooms, cybersecurity means accepting this reality and taking internal defensive measures to mitigate material risk.[1] But the private sector is not defenseless: the DoD established US Cyber Command (USCYBERCOM) and its Service components as part of a full Doctrine, Organization, Training, Materiel, Leadership & Education, Personnel, and Facilities (DOTMLPF) solution for full spectrum cyberspace operations. The country deserves nothing less, but the dynamic nature of cyberspace uniquely challenges DOTMLPF development because of its premise on accurately assessing future capabilities requirements – a major challenge for cyberspace!