An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

The Cyber Defense Review

Articles

1 ... 4 5 6 7 8 9 10 11 12 13 ... 40

Regulating Cyber Warfare Through the United Nations

November 14, 2022 — Cyber warfare is an emerging type of conflict threatening international establishments such as international humanitarian law and the norms guiding interactions between states. Currently, with no means to slow down their use, the rate at which cyber weapons are being produced and launched between states is growing. One organization that can change that is the United Nations. The United Nations possesses several facilities that make it a powerful tool to address the ever-expanding problem of international cyber security. While other options for imposing regulations exist, state governments should favor the United Nations as the premier platform to address this issue. MORE

Cyberspace in Peace and War, 2nd Edition (Book Review)

November 14, 2022 — Martin Libicki’s Cyberspace in Peace and War (2nd Edition) is a cyberwar strategy masterpiece. At this point in my career, rarely do I read books that are so impactful. Readers of Libicki’s second edition will ultimately understand almost all aspects of deterrence, the shifting thinking on cyberspace-based effects as an element of national power, and whether cyber deterrence is achievable. Most importantly, readers will be treated to a sober assessment of "cyberwar" rather than predictions of an imminent "cyber-9/11" This important difference takes the focus off preventing a single catastrophic event and instead highlights the increasing complexity of executing cyber operations in a world of digital connectivity. Libicki claims this distinction, plus the many actors utilizing cyberspace, causes difficulties in establishing deterrence in and through cyberspace. MORE

Introduction: An Offensive Future?

August 16, 2022 — The recent cyberattacks against Colonial Pipeline and Solar Winds in the United States, the Health Service Executive in Ireland, and extensive and ongoing cyber activity in Ukraine highlight the continuing threats and complex security needs of our interdependent societies. Such operations and attacks are conducted by states that do not claim to possess offensive cyber capabilities, such as Russia and China, or by sophisticated cybercriminal gangs who commonly deploy ransomware, particularly with “hack and leak” operations, to generate an enormous amount of revenue. In response, many states have developed cyber capabilities to address the growing insecurity of states, their citizens, and various communities, with varying degrees of success and organization. Thus, as states have been establishing more assertive responses to malicious cyber activities through offensive cyber forces or units of their own, there has been a concurrent development of connecting this with broader cyber security, resilience, and capacity building, often around the pursuit and projection of cyber power. MORE

Prepare and Prevent, Don’t Repair and Repent

August 16, 2022 — Insurance is often treated purely as a tool to mitigate financial risk. The insured can pay a premium for the confidence that if a cyber-attack occurs, they are indemnified for their losses. This paper advocates that insurance can play a more significant role dealing with offensive cyber, by way of relying upon a reinsurance framework. An appropriate insurance framework which assists a non-state actor before, during, and after an attack can facilitate a coordinated response to supporting a state’s national security objectives. When a state opts to use an offensive cyber operation, there is a risk that the operation will inflict unintended consequences/harms and will trigger a retaliatory attack. The proposed reinsurance framework would assist in improving a business’s resilience and security. An underlying reinsurance regime will ensure the framework transfers risk from a specific business and spreads it across society. This paper argues that by reducing and responding to risks and unintended consequences of offensive cyber operations with reinsurance, a state’s offensive cyber strategy may receive a more favourable reception from society. This reduces the risk that an offensive cyber strategy may delegitimise the state. MORE

Exploit Brokers and Offensive Cyber Operations

August 16, 2022 — A necessary step in conducting offensive cyber operations is developing or acquiring an exploit, i.e., a means for taking advantage of a software vulnerability or security deficiency. While these can be developed within government agencies, they can also be procured from private actors. Studying these private markets present an opportunity to understand offensive cyber operations, especially as markets break from the secretive culture of intelligence agencies. This article provides novel evidence of such opportunities by collecting data in the form of the prices quoted by an exploit broker who claims to sell to governments. We find exploit price inflation of 44% per annum, and higher prices for exploits targeting mobile devices relative to desktop devices. Exploits requiring additional capabilities like physical access to the device are quoted at a discount, and no-click remote access vulnerabilities carry a heavy premium. The broker does not quote prices for any exploits that specifically target industrial control systems or IoT devices. We conclude by discussing how these results inform the future of offensive cyber. MORE

Democracies and the Future of Offensive (Cyber-Enabled) Information Operations

August 16, 2022 — Cyber-enabled information operations that exploit social media to shape narratives and societal perception vex Western democracies which have long treated the free flow of information as a virtue. Despite these tensions, Western democracies have sought to adapt their cyber forces both to counter and to manipulate social media and other information operations as an offensive weapon. This article evaluates how these democracies thus far have responded to information operations with a focus on offensive information and cyber operations. The article analyzes three topics relevant to the future of democracies and cyber-enabled information operations. First, is an explanation as to why Western democracies failed to anticipate the threat of cyber-enabled information operations. Second, the article catalogs and compares how four major Western democracies have responded to information operations—US, UK, France, and Germany. The final section evaluates whether and how democracies should practice offensive cyber-enabled information operations, and why, in the end, the article concludes that democracies should avoid offensive cyber-enabled information operations because they pose three tensions that undermine democracy: Internet fragmentation, violations of democratic norms, and blowback. MORE

Between Two Stools: Military and Intelligence Organizations

August 16, 2022 — From 2018, members of the coalition fighting against the Islamic State in Iraq and Syria confirmed that they had been conducting offensive cyber activities as part of the campaign in an operation given the codename GLOWING SYMPHONY.[1] While the details of these operations largely remain highly classified, they are the first example of states publicly admitting to such operations during armed conflict. They are also notable as while Fleming in his speech cited above emphasized that the UK effort resulted from cooperation between its signals intelligence (SIGINT) agency GCHQ and the Ministry of Defence (MOD), one of the other partners, Australia, emphasized the role of civilian personnel from its SIGINT organization, the Australian Signals Directorate. This was arguably the first public recognition of the extent to which, at least in some states, intelligence organizations and the military were entwined in the conduct of contemporary offensive cyber operations. MORE

Three Conditions for Cyber Countermeasures

August 16, 2022 — This article explores a variety of opportunities and challenges with the use of cyberspace countermeasures. It critically assesses a set of conditions under which countermeasures can be an appropriate means of offensive cyber: limited aim of defense and deterrence, protection of critical infrastructure, and compliance with rules of behavior. Here, the article shows that countermeasures must be taken for the purpose of active defense and deterrence. Second, they can be appropriate as a means of defending critical infrastructure. Finally, they should be executed by state actors who comply with existing principles of cyberspace behavior. While cyberspace countermeasures can become a socially accepted, legitimate means of active defense and deterrence, the article shows that there are several challenges connected with each of these conditions. For one, there are various degrees of feasibility about what conditions are appropriate for countermeasures. The article also discusses inherent problems in the application of international law, from which rules of engagement are drawn, to cyberspace. The challenges are hard to solve, which may explain why it has been so difficult for the international community to produce a set of agreeable criteria for active defense measures. MORE

The Future of Cyber Conflict Studies: Cyber Subcultures and The Road to Interdisciplinarity

August 16, 2022 — This article has two aims: first, to examine the future of cyber conflict studies and how the study of cyber security can develop in a more interdisciplinary way; second, to assess the meaning of “offensive” and “defensive” cyber security from the perspective of a variety of different academic disciplines. The article argues that a more holistic and nuanced understanding of cyber offence and defence can be achieved if some of the intellectual silos and disagreements that have characterised the debate so far can be deconstructed and overcome. The article is in three parts. The first section briefly outlines some of the definitional fog that has plagued the cyber security discipline, including over what constitutes cyber offense and defence. The paper then summarises four different subcultures of cyber conflict studies that understand and study cyber security in different ways: International Relations (IR), Political Psychology, International Law, and Computer Science. The concluding section discusses how the cyber conflict studies discipline can move forward, be made more rigorous, and less prone to pathology and dead ends, including through the formation of a cohesive but heterogenous epistemic community. MORE

The Failure of Offense/Defense Balance in Cyber Security

August 16, 2022 — The idea of offensive advantage dominates the cyber security field, a framework originating from research on the offense/defense balance in conventional warfare. The basic theory is that the balance of offensive and defensive forces determines what kind of strategy will be most effective. The field of cyber security consistently tries to build on offense/defense balance frameworks with little awareness of the inherent problems of the theory. If the offense is dominant, then the defense would supposedly never win against an aggressive adversary due to the compounding nature of failure. The only solution would be going on the offensive in return. This article identifies three core problems with applying the offensive/defensive balance to cyberspace: (1) the inability to distinguish between the two frames, (2) the failure to understand the impact of perceptions, and (3) the inaccuracy of measurement. The pathology of offensive advantage and being under siege as a defender can only continue to lead to strategic malaise and constant attacks as the defender fails to shore up vulnerabilities due to the mistaken belief in the ascendancy of the offense. MORE

1 ... 4 5 6 7 8 9 10 11 12 13 ... 40