An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

The Cyber Defense Review


1 ... 3 4 5 6 7 8 9 10 11 12 ... 36

Unlearned Lessons Behind Building a Shared Cyber Framework - with your Geo-Political Adversaries – the Hacker Perspective

December 22, 2021 — Even in times of seemingly intractable geo-political conflict, geo-political competitors can find opportunities to develop a common cyber framework – the "Shared Cyber Framework." Achieving cyber stability between two or more nations is not predicated on congruence across all domains of cyber engagement, nor can silence among adversaries advance international stability. From a hacker perspective, this observation seems obvious. Indeed, the technical exchanges during the Cold War between the United States (US) and the former Soviet Union are said to have measurably contributed to both the stability of the bipolar world and, ultimately, the end of the conflict. Yet the current generation of leaders in the major cyber powers have neglected this lesson, both those who exploit access to westernized technologies and those who have responded by attempting to freeze out the attacking nation. For the past few years, the US and China, for example, have increasingly withdrawn from fruitful bilateral discussions. The January 2021 revelations of the Chinese Hafnium Zero Day hack riding shotgun after the December 2020 Russian SolarWinds campaign discoveries suggest few major cyber powers have progressed in finding even small areas of agreement on which to build confidence and a common framework. MORE

Unlearned Lessons: Why They are so Hard to Learn, and What Could Actually Help

December 22, 2021 — Cybersecurity is an old problem, and even though many approaches of the last decade had interesting effects, we’re still far from solving it. Self-iterative, dark complexity is in the way—an intriguing new plague of our age—and only high talents in the right places with leeway for real-world experiments can rescue us from being outpaced by authoritarian models of innovation. To build that, we will have to break some rules. MORE

Fighting Alone is called Losing: The Unlearned Lessons of Fragmented Systems

December 22, 2021 — Cyberspace is a man-made, contested, and competitive domain that is continuously evolving and adapting at speeds and scales difficult to comprehend or imagine. While hardware is geographically located in a physical layer somewhere on earth or in space, the software and data can move freely in a logical layer unless otherwise constrained. The result is a global surface that requires a globally coordinated defense by a global team. Therefore, within the context of cyberspace, the idea of "defending alone" seems ludicrous. Yet, that is exactly how people, firms, and governments have been left alone to approach cybersecurity. As noted in his comments on the SolarWinds hack in March 2021, General Paul Nakasone, the commander of the United States Cyber Command stated that, "[I]t’s not that you can’t connect the dots. You can’t see all the dots. And when defenders can’t see all the dots, security gaps and breaches happen." Ultimately, the cyber domain’s primary lesson is that leaving everyone to defend alone leaves everyone to lose. MORE

Ally or Die: The Unlearned Joint Organizing Lesson and Key to Survival

December 22, 2021 — Joint is better than single service; allied is better than alone; coalition is better than isolation. Neither the United States nor its allies are currently where any would want to be or should be operationally; none are as secure or assured as they should be; and none are performing as efficiently or effectively as required. Given the gravity of national security and the pace of cybersecurity, neither is served by an avoidance of a new call to joining forces in cyberspace. History has repeatedly shown the value of having allies in a tough fight; cyberspace presents that tough fight today. MORE

Small States Learn Different Survival Lessons

December 22, 2021 — Every state wants to learn lessons from the multitude of cyber incidents that strike it and others, so that it can protect itself in the future. But when international cyber incidents are viewed together with geopolitical contestation, the lessons learned by small states are very different from those recognized by the global superpowers. Large states in NATO or the EU need to understand these other lessons to achieve their initiatives in the UN and elsewhere internationally. This chapter conveys five key lessons from the perspective of one small, highly connected state, and its small state neighbors in Southeast Asia. These lessons need to be recognized by the larger, globally dominant nations which seek the support of, or to support, the smaller nations in global cyber conflicts. MORE

Some Things the Giant Could Learn from the Small: Unlearned Cyber Lessons for the US from Israel

December 22, 2021 — Over the last decade, cyber threats have grown in magnitude and diversity, and governments devote massive efforts towards adjusting their cyber stance to the evolving threats of the next decade, developing multiple national cyber strategies and dedicated governmental entities to address cyber threats. The responses build on their own and sometimes other countries' experience. For many small nations, however, modest budgets and resources disadvantage their responses. In contrast, Israel succeeded in becoming a cyber success by deliberately leveraging the advantages of being small – Making quick decisions, having the dexterity to change course rapidly, and centralizing national efforts with relative ease. Israel has focused on organizational processes and thoughtful cyber strategy, offering some lessons that could be useful for other nations that are much larger in scale. MORE

Paradigm Change Requires Persistence - A Difficult Lesson to Learn

December 22, 2021 — Persistent engagement and defend forward are new cyberspace concepts and approaches that are gaining traction across the cyber enterprise. They challenge the assumptions and prescriptions of deterrence theory and thus require perseverance in ensuring the right lessons are learned. Claims by some that SolarWinds represents a failure of these approaches misses the mark in many respects, most of all by applying deterrence metrics inappropriately. Rather, recent experience has demonstrated that competition in cyberspace is going to be continuous. Competing requires persistence rather than episodic responses, and anticipation rather than reaction. MORE

All That Which Is Old, Is New Again – Unlearned Lessons about Metrics of Success in Cyber

December 22, 2021 — In September 2009, the ABA Standing Committee on Law and National Security, the National Strategy Forum, and the McCormick Foundation held a workshop assembling approximately 35 experts on national security threats in cyberspace. The 46-page report, National Security Threats in Cyberspace, explored the then cyber threat vectors, legal frameworks, organizational questions and what the future would bring, among other topics. Our reporter was Paul Rosenzweig; as always, he captured the essence of the discussion – and we ended the report with a chapter on the "Metrics for Success." In short, all that was old is new again – this report is almost 13 years old, but all the metrics remain relevant and the same, and sadly, to a great extent, the metrics reflect policies not met. MORE

Powering the DIME: Unlearned Lessons of Asymmetric National Power in Cyberspace

December 22, 2021 — The United States (US) has a long history of proportional and in-kind response to adversary aggressions. If a US aircraft is shot down, the US will bomb anti-aircraft emplacements and runways or attain air superiority by clearing the skies of other fighter aircraft. If hostile actions are committed in cyberspace, the US will respond with limited cyberspace actions in an attempt to restrain escalation to a kinetic conflict. The US has failed to learn the lesson that conflict in the cyber age is inherently asymmetric and that cyber attack responses need not be quid-pro-quo. There is a range of diplomatic, economic, and information options for effective responses that follows the international legal principle of proportionality and do not necessarily result in escalation to the kinetic actions of warfare. The US should use, and be willing to target in others, all the DIME instruments of national power – i.e., diplomacy, information, military, and economic - to respond to and prevent future aggressions in cyberspace. MORE

Writing the Private Sector Back into the Defense Equation - Unlearned Lessons

December 22, 2021 — Global supply chains received a one-two punch in 2020. The ongoing US-China trade war and COVID-19 made it clear that the increasingly complex, fragile, and opaque global supply chains were no longer sustainable. These significant shocks, coupled with the SolarWinds supply chain compromise and growing concerns over data security and digital supply chain risk, have caused many in the private sector to rethink their global footprint. These global transformations also create a rare opportunity to rethink the role of the private sector in national security. MORE

1 ... 3 4 5 6 7 8 9 10 11 12 ... 36