November 14, 2022 — National security communities cannot protect all their information. Yet the exigencies of cyber security and identified network vulnerabilities are trumping more strategic consideration of information protection, and national security communities have found it difficult to adhere to clear and defensible information protection principles. A more strategic approach would focus on identifying and prioritizing the most important organizational information; a defense that aligns information security resources to the most important information, with a clear view of the actions needed to protect against the intelligence capabilities of strategic competitors; and, established mechanisms for situations when preventive security measures will so often fall short, which include standing deception plans and well-coordinated reparative measures. Without defensible principles, the immense cyber security investments being made will not have the desired information security effect. MORE
|
November 14, 2022 — It is conceivable and probable that today’s adversaries have contemplated and recruited for event scenarios in which a physical crisis is pre-ignited by a series of more carefully orchestrated cyber incidents. As extremist groups grow bolder and attract younger more technology-astute prospects, there will be a convergence where both logical and physical attacks methods are used in concert towards a singular goal. These will be much more complex and targeted than the typical diversionary tactics we are prepared for today.
This new breed of threat is multi-modal; it takes advantage of the operational silos between organizations, whether those are departments within a corporation, supply chains or competitors across an industry, regional government agencies across a nation, or multiple governing nations across a global coalition. Planning such complex executions requires extremely intimate knowledge of the disparate targets and their relationships. MORE
|
November 14, 2022 — You would be hard pressed to find a room full of office typists in any present-day corporate setting. Office typists (who reached an apex in the mid-20th century) employed fast typing skills, a mastery of language and grammar, and the ability to take real-time dictation through shorthand.1 However, with the advent of personal computers and email, the speed of business required leaders to improve their own typing and communication skills. Those that embraced these skills quickly outperformed those that failed to adapt. Today, office typists are obsolete; their skills are now integral to everyone in an organization.
Similarly, today’s business leaders rely on teams of data scientists to manage, analyze, and model large amounts of data to inform decisions. Will data scientists one day sustain a fate similar to office typists? It may be too early to make such a prediction. Nonetheless, to compete in the near-future global market, leaders–military and civilian alike–will need to adapt these skills and become data literate with deep knowledge of data capabilities. MORE
|
November 14, 2022 — The Fiscal Year 2019 National Defense Authorization Act (NDAA) established the National Security Commission on Artificial Intelligence (NSCAI) to consider the methods and means necessary to advance development of artificial intelligence (AI), machine learning (ML), and other associated technologies to address America’s national security concerns. NSCAI’s final report to the President and Congress identified areas of weakness that the federal government must address to elevate data security as a national security priority. NSCAI recommended the federal government implement a security development lifecycle approach for AI systems, prioritize data privacy and security considerations as part of larger efforts to strengthen foreign investment screening and supply chain intelligence and risk management, and integrate national security considerations into efforts to legislate and regulate data protection and privacy. MORE
|
November 14, 2022 — This article aims to identify and clarify a hierarchical construct used by defensive cyberspace planners and operators to aid in mission decomposition, assurance, and terrain mapping. The model enables the visualization of complex relationships and equities between cyberspace assets, resources, and warfighting missions.
At a time when so many Department of Defense mission-essential tasks and functions are cyber enabled, it is more critical now than ever that we strive to model the highly complex cyberspace operational environment in an understandable and useful way. Modeling is a practical means to take logical components of cyberspace, tether them to physical assets, and illuminate how they ultimately support missions. We can then prioritize mission-critical systems and capabilities, organize the defense of those cyberspace elements, and gain confidence we are defending the right things at the right time. While this model is conceptual, it represents a first step toward automating cyberspace terrain mapping that will enable defensive cyber planners and DODIN Cyberspace Forces to respond to the dynamic, man-made terrain that makes up the cyber operational environment. MORE
|
November 14, 2022 — In this article, I review how the international cybersecurity norms, agreed to in 2015 and reaffirmed in 2021 by the member countries of the United Nations (UN), provide guidance to states on their possession and use of offensive cyber capabilities. This is an important exploration given that UN negotiations have reached a provisional climax, and that more states, ranging from major cyber powers to developing cyber nations, are getting involved with offensive cyber activities. I consider the 11 UN norms and extract the specific guidance they offer both to states that conduct offensive cyber operations and to states who have been attacked by offensive cyber activities. Then, I consider the various types of cyber operations that could affect international peace and security before looking at ways through which governments, international bodies and communities of non-governmental organizations can support observance of the UN norms. Finally, I assert that responsible forms of offensive cyber will not be for all states, and that raising the bar – including through the UN norms – benefits all major cyber powers. MORE
|
November 14, 2022 — An increasingly urgent debate rages in many circles about the “Artificial Intelligence (AI) Arms Race” rapidly progressing on a global scale. Among many unanswered questions, one is of particular interest to the United States (US) government: Where does the US stand in this race relative to China? This question is critical because the AI Arms Race “winner” will dominate how AI impacts myriad aspects of human society worldwide. For the US to lead the AI race, it will require a conscious partnership among public, private, and academic sectors, and a strategic alignment with our allies. Our relative position as a world leader, our relative position as an economic leader, and our standing as a moral force for all people’s good and ethical treatment are at risk. MORE
|
November 14, 2022 — Until 2020, biological warfare seemed like a remote threat to military operations and national security. Then, in March 2020, the novel SARS-associated coronavirus (SARS-CoV2) emerged and forced the world, including the Department of Defense (DoD), to acknowledge the calamitous potential of deadly virus pandemics.
The United States 2018 National Biodefense Strategy (NBS) warns of the need to enhance biological threat responses to prevent such detrimental effects.1 It highlights the natural, isolated outbreaks of Systemic Acute Respiratory Syndrome (SARS), Ebola, and Zika viruses as potential agents on which clandestine bioweapon programs or terrorist groups seeking such programs could capitalize. The NBS outlines a plan to prevent, detect, and respond to biological threats, providing defense and deterrence strategies to avert bioweapon use on American civilians or military personnel. A nation with a strong biological defense decreases its population’s vulnerability to pathogens with aggressive exposure mitigation and effective treatment measures, which thereby increase the nation’s resiliency to public health crises. Such defense capabilities change an adversary’s cost-benefit balance so that it avoids initiating a biological attack, providing deterrence from future threats. The success of these response strategies requires cooperation among government, medical, public health personnel, and the general population. MORE
|
November 14, 2022 — To fight and win in cyberspace, the United States needs a Cyber Force. During World War II, air power tipped the scale of victory in favor of the allies, as aviation proved to be an indispensable warfighting capability. The creation of the Air Force was predicated on the notion that the effective employment air power is not a matter of choice, but the very condition on which national survival rested. Today, cyber superiority has wider implications for US national security than air superiority had at the close of World War II; however, the federal government is not structured to effectively defend the US national interests. The current division of cyber authorities precludes comprehensive mitigation of cyber-enabled malicious activities. To effectively combat nation-state and non-state actors targeting US and allied interests in cyberspace, the US should establish a Cyber Force modeled on the U.S. Coast Guard with a reserve component modeled on the National Guard. Combining these models would allow for a single force capable of executing military operations, law enforcement activities, and intelligence collection at the direction of the Departments of Defense and Homeland Security, complemented by an expansive reserve component available to both state governors and the federal government. MORE
|
November 14, 2022 — This case study builds on previous analyses of Russian information warfare and covers the forms and tactics in simultaneous campaigns in Ukraine and the US between 2014 and 2020, using Daniel P. Bagge’s DOPES methodology to discern and analyze patterns within events data from the two campaigns. Use of DOPES illustrates that Russian information warfare possesses discernible forms and tactics across varying contextual situations and is highly flexible. The forms and tactics align with Russian information warfare (IW) doctrine and the goals of reflexive control. The case study concludes with a discussion of strategic and policy level recommendations to counter the effects of Russian IW. MORE
|