Sept. 15, 2015

Big Data and Cybersecurity

Cyberspace and cybersecurity contain numerous problems in search of novel approaches able to facilitate dynamic, results driven solution sets. Big Data if examined from a complex, multi-disciplinary perspective offers a range of potential advantages to cyber offense and defense for public and private sector entities ranging from small businesses to the national security community. This post, in brief, highlights the foundations of a research push in its infancy to assess the application of big data for national cybersecurity. While the focus is national cybersecurity writ-large, the lessons to be learned are likely to be impactful to organizations and individuals as the economics and applications of big data for cybersecurity become increasingly affordable.

Aug. 27, 2015

New Tools, New Vulnerabilities: The Emerging Cyber-Terrorism Dyad

It is this paper’s contention that as terrorist organizations have grown in geographical reach and influence, so too have they grown in the sophistication of their operations, especially in terms of technology. The exploitation of cyberspace has arguably become the latest force multiplier utilized by terrorist groups in pursuit of various objectives, including (i) carrying out elaborate ideological propaganda campaigns; (ii) radicalization and recruitment of new followers; and (iii) educating recruits on topics ranging from data mining to the use of explosives. Perhaps most significantly, terrorist organizations have increasingly made use of cyberspace in launching attacks on their enemies. Many analysts are quick to point out that to date, such cyberattacks have been unsophisticated and relatively ineffective. While they have been useful in disrupting online domains, they have done little in terms of inflicting actual casualties. A counter argument can be made, however, that focusing primarily on the casualties directly inflicted by cyberattacks conducted by foreign terrorist organizations greatly oversimplifies the issue. Specifically, it ignores the effects wrought by the individuals recruited and trained via cyberspace. The technical knowledge passed on to them with respect to planning and executing attacks has undoubtedly allowed terrorist groups to conduct far more wide-ranging, elaborate and brutally efficient strikes. Cyberspace is therefore not simply a medium through which to communicate and express ideas, but a tool whose effectiveness is limited only by the breadth of creativity of its users, particularly in military applications.

Aug. 27, 2015

Notes on Military Doctrine for Cyberspace Operations in the United States, 1992-2014

As our present theory is to destroy ‘personnel,’ so should our new theory be to destroy ‘command,’ not after the enemy’s personnel has been disorganised, but before it has been attacked, so that it may be found in a state of complete disorganisation when attacked. -JFC Fuller, “Plan 1919” [1] Doctrine ranks among those words that may be more used than understood. In essence, doctrine constitutes the customary way of applying established rules in varying cases. “Custom” might imply a certain lack of flexibility in dealing with the uncommon or the unforeseen, of course, but it also carries positive aspects. It prepares one with a set of basic analytical tools, and leaves room for improvisation when necessary. Improvisation is the watchword; it is what a military establishment does when confronted with a new rival or technology that disrupts not only settled doctrine but the very assumptions underlying concepts of force and power.

Aug. 14, 2015

Senior Snake-Eater’s Predictions On The Future Of Terrorism And How It Can Inspire The Future Of DOD Cyber

Many, many people are writing great things about using U.S. Special Operations Command (SOCOM) as a model for the development of U.S. Cyber Command (CYBERCOM), and many, many people are writing great things about the potential of raising CYBERCOM to a full unified command. However, cyberspace has yet to be recognized as a functional domain deserving of its own dedicated unified command. The comments made by GEN Joseph Votel, commander of SOCOM, at the West Point Senior Conference this past April illustrate the military’s increased emphasis on understanding the vulnerabilities and advantages that cyberspace brings to conflict. The Department of Defense should heed GEN Votel’s words and elevate CYBERCOM to unified command status, and, moreover, use SOCOM as model in developing CYBERCOM. Thanks to our friends at the Combating Terrorism Center at West Point, below is an excerpt from GEN Votel’s speech* dedicated to describing the implications of terrorism in the future operating environment: * I have bolded cyberspace-related nouns to emphasize the targets and attack/influence vectors future terrorist may affect and use to achieve their ends.

Aug. 11, 2015

Is Clausewitz Compatible with Cyber?

LTC Jared Ware — The theories proposed by Carl Von Clausewitz almost 185 years ago maintain relevance based on their applicability relating to the rise of non-state actors and the increasing relevance of cyber operations in the context of modern warfare. Clausewitzian theory is useful in the Computer Age and continues to offer insights to some of the most consistently experienced issues in modern warfare. The recent release of the Department of Defense (DOD) Cyber Strategy is predicated upon the tenacious adherence to a comprehensive strategy, a topic to which Clausewitz devotes a significant amount of attention. Another area of interest for success in cyber warfare is defining the proper mix of joint Cyber Mission Forces (CMF) to fight and win the nation’s future wars (DOD Cyber Strategy). Clausewitz again provides valuable insights by analyzing the relationship between the branches of service in the context of battlefield efficacy. Some may contend that with the exponential proliferation of technology and non-state actors that Clauswitz and his theories lose relevance, and this may apply in the context of legacy, kinetic-based warfare. However, Clausewitz will continue to influence future generations of American military practitioners simply from the standpoint that his theories remain rooted in the very nature of warfare. Additionally, nation-states and non-state actors will continue to operate across the cyber domain, where the changing definitions of terms such as “lethality” and “magnitude” are factors in a new form of warfare.

July 27, 2015

Thank You Very Much, Mr. Robot

Recent headlines provide a virtually unlimited source of material for Hollywood’s latest trend: the cyber-thriller. From the paranoia-fueled Person of Interest, to the widely-panned CSI:Cyber, these shows attract a huge audience and often inform a significant segment of the population on all things technical. They also, as discussed in a previous Cyber Defense Review post, have the potential to educate users about the risks of information security on a very large scale. USA Networks’ newest cyberpunk thriller, Mr. Robot is one of the newest entrants into the fray. The show has already received rave reviews, not only for its immersive and dark tone, but also for its unusual technical accuracy.

July 17, 2015

A Cyber Discussion

In 1920, the then CPT Dwight Eisenhower wrote an article, titled “Tank Discussion”, for the United States Infantry Association’s Infantry Journal championing the integration of motorization (particularly tanks) into combat arms maneuver. As a member of the minority, his faith in the potential of motorization and the tank resulted in intense scrutiny from the Infantry establishment, which almost ended his career early. Undoubtedly, the tank later proved critical to the Army’s success in WWII. The Strategic Initiatives Group at the Army Cyber Institute conducted a short experiment with the first three paragraphs of “A Tank Discussion”. We replaced occurence of “tank” with “cyber” and updated some language to modern terminology and context. The result is a remarkably relevant commentary given the current tensions in Army during the growth of the Cyber branch.

July 2, 2015

Recruiting Cyber Warriors: Let’s Not Rush to Failure

I have sat through many briefings and discussions on how the Army is short of Cyber warriors and how it will take extraordinary incentives and methods to fill the ranks. There are committees studying this issue and lots of discussion occurring. All of it is well intentioned and motivated by the perception of being behind schedule. However, I think some tactical patience is required and a pause taken to think critically about this issue before we make hasty decisions we may regret.

June 11, 2015

An Emotional Response to Being One of the First Cadets to Branch Cyber

I have been asked multiple times what my emotions were the night I learned that I would be branching cyber. The night was like any other branch night at West Point with all of the First Class cadets anxiously awaiting their fate as army officers. The only difference with this branch night as opposed to the previous decades of them was the inclusion of the new branch, Cyber, to the list of possibilities. I knew going into this night that there were roughly forty to fifty cadets that were competing for Army Cyber slots. All of us had put in work through a selection process known as the Cyber Leader Development Program in which our talents, experiences and skills were assessed by a mentor. I thought my chances were decent because I had put hours into my application packet and had done everything I had been asked to do. I knew I would branch either Army Signal or Army Cyber. My grandpa had been an officer in the Army Signal Corps so I had a historical connection to Army Signal, but my hope and dream was to branch Army Cyber.

May 29, 2015

Implications of Quantum Information Processing On Military Operations

This paper discusses the benefits and drawbacks of quantum computing and quantum cryptography, subsets of the field of Quantum Information Processing (QIP). This field uses quantum mechanics for information processing rather than classical mechanics and portends game-changing implications to technologies long-relied on by military organizations, including computing, communication, and cryptographic systems. Quantum information processing may provide advantageous to Army operations in two areas: massive parallel processing and secure key distribution. Quantum mechanics allows a single quantum computer to compute as dozens or even hundreds of classical computers, known as ‘quantum parallelism.’ This is leading to a new paradigm in computing as these computers undermine current cryptographic systems. Continuing work in other families of cryptographic systems shows promise for being unaffected by quantum processing and quantum mechanics allows for the creation and distribution of completely secret keys. This solution may require fielding a new generation of cryptographic hardware systems throughout the Army. Quantum parallelism applies to data searching, providing a polynomial speed-up for searching large databases, such as cloud storage, personnel systems, or intelligence repositories. “If a quantum computer is ever built, much of conventional cryptography will fall apart!” (Giles Brassard, 1984)