By adjusting our paradigm for understanding the threats and opportunities in cyberspace, the United States can incrementally build cyber deterrence to shift the balance toward stability. States will still develop and exploit vulnerabilities. However, the proliferation of simple cyber tools for criminal usage can be defeated through increased resiliency. Improved capability and a demonstrated willingness to respond will encourage states to limit offensive cyber to espionage, saving cyber-attacks for the onset of hostilities where attribution is no longer a concern. Reshaping our national cyber defense organization by creating a cyber reserve force, implemented in a flatter, horizontal organization than typically found in government, can disseminate defensive and responsive cyber capabilities against U.S. adversaries.
The Strategic Competition to Shape Cyberspace
The U.S. strategy to positively shape the international community to favor a democratic and accessible Internet requires a sustained, long-term commitment. Practiced behaviors, precedents, dialogue, and agreements will set expectations and reinforce norms over time. Washington must use a comprehensive, whole-of-government effort using various approaches and options to shift the environment away from China and Russia’s repressive vision of cyberspace. Authoritarian regimes will continue to push for norms and governance structure in cyberspace, favoring an illiberal model that threatens the U.S. vision of a free and open domain. The United States can take an active role in countering this authoritarian vision.
Remind Me Again...What Were We Deterring? Cyber Strategy and Why the United States Needed a Paradigm Shift
Persistent engagement is a strategic paradigm for cyberspace born out of failure. Deterrence theory proved neither flexible enough nor well adapted to the domain. A new domain called for a new strategy. Rather than prevent cyber-attacks by convincing the attacker the cost is not worth the risk, persistent engagement seeks to prevent cyber-attacks by disabling the attacker’s capacity preemptively. There are fears around the precedents that persistent engagement sets and how those norms may one day be quite damaging. However, these concerns miss the broader nature of the environment and the already emerging norms that called for a response. To be fair, open questions remain. How the role of national sovereignty in cyberspace continues to develop could drastically alter the evolution of persistent engagement. Nonetheless, persistent engagement is a much sounder starting point for American cyber strategy than deterrence.
Applying Behavioral Economics to Improve Cyberspace Strategy
Addressing cybersecurity through an economic lens highlights the impact of market failures—information asymmetries and misaligned incentives. Some entities fail to invest in adequate security controls because they do not incur the full costs associated with a security incident. The current public and private divide creates an environment where society shoulders most of the risk of cyber-insecurity. To keep pace with relevance, all organizations, including those beyond critical infrastructure sectors, must be able to share information and respond to cyber risk in as close to real-time as possible.
Hype or Hoax: Are Russian Cyber Capabilities Robust Enough to Cripple Ukraine?
First, by analyzing Russia’s past success in cyber and electronic warfare, this essay examines how Putin developed his assumption that Russian cyber operations would overwhelm Ukrainian cyber security measures. Second, it explores how these assumptions contributed to complacency and failure in the war in Ukraine. Finally, the essay discusses how Russia’s failures in Ukraine will shape the future of cyber and electronic warfare.
#Reviewing War at the Speed of Light
Del Monte’s latest book War at the Speed of Light: Directed-Energy Weapons and the Future of Twenty-First Century Warfare explores how lasers, electromagnetic weapons, and other energy-based or -driven weapons could change how future wars are fought. Del Monte argues that these technologies will accelerate the pace of war. The use of directed-energy weapons will mean a faster time to kill resulting in smaller windows for decision making at all levels of conflict. Taken together with artificial intelligence and cyber weapons, Del Monte argues that these changes will upend strategic stability as we understand it today.
#Reviewing Bitskrieg
In Bitskrieg, John Arquilla distills much from his three decades of advocacy about networked warfare into a compact volume accessible to a wide audience. He displays a continuing ability to produce provocative arguments and engaging books. The tenets of Bitskrieg are consistent with many of Arquilla’s previous writings. These include the point that networked warfare or netwar encompasses cyber conflict but extends beyond it.
#Reviewing The Hype Machine
Aral’s seminal book provides two fundamental arguments: first, social media promised and still promises economic, political, and social uplift for people; it can also cause perils, such as external election influence, financial manipulation, privacy issues, spreading of fake news, and so forth. The author also argues that left unchecked, social media can bring disharmony and destruction to a country's economic, political, and social structures. Therefore, he opines that to fully utilise the potential of social media platforms and avoid their drawbacks, there needs to be a rigorous scientific understanding of social media and knowledge of its nuances to eradicate the unscientific hysteria around social media.
Cyberspace is an Analogy, Not a Domain: Rethinking Domains and Layers of Warfare for the Information Age
The buzzwordification of the term domain has long passed the point of diminishing returns, and nowhere is that a greater hazard than with cyber operations. It’s time to re-think cyber to reflect the realities of modern war, and with it the broader lexicon of what constitutes domains and layers of warfare.
Deterrence in Cyber, Cyber in Deterrence
Rather than pulling the cyber domain away from deterrence, current policy has brought cyber elements closer to the U.S.’s broader strategic deterrence strategy. Strategic deterrence now incorporates a well-defined role for cyber that is likely to expand in the future, and strategic deterrence has begun to play a role in cyber deterrence strategy.
#Reviewing 21st Century Power: Strategic Superiority for the Modern Era
The adversaries of today are still human, and the threats of today may not be so conceptually different from those of the Cold War. By looking back at how a previous generation of strategists considered and communicated their strategic challenges in context, we may be able to gain insights into how to address these modern threats. 21st Century Power: Strategic Superiority for the Modern Era is a useful resource toward that end.
Cybersecurity as Attack-Defense: What the French Election Taught Us About Fighting Back
A successful cyber doctrine must epitomize Clausewitz’s argument in favor of an active or attack-based defense, found in a relatively unknown but rich section of On War entitled “Methods of Resistance.” The chapter opens with a compelling reminder that the advantage of the defense is its defining purpose is to ward off an attack, and this warding off has as its principal strength the idea of awaiting.
The Bear’s Side of the Story: Russian Political and Information Warfare
The international stage is complex and fluid, continuously changing, but human nature and the selfish intentions to achieve power have not changed in millennia. The Kremlin has added another facet to their political warfare through the savvy exploitation of new media. They are taking advantage of the West’s belief systems by conducting an end-around and using a form of malicious soft power to gain a position of advantage.
Thucydides in the Data Warfare Era
Diary of an Orphan: Information-Based Effects in the U.S. Military
Tales of the demise of non-kinetic, information effects are greatly exaggerated, but that doesn't stop information operations from being controversial at best, and ineffective at worst. The reason is a matter of preference: deliver the emotional impact of a kinetic strike against a threat, or endure the statistical drudgery of sorting non-kinetic signal from noise. The US spends more on kinetic hardware than many militaries combined, so the Pentagon’s preferences are obvious. Yet information flows, their data generating processes, their interpretation and their implications for battlefield and non-battlefield environments are set to increase exponentially. The challenge in a national security context is not only to think all the way through the information effects of the structure behind the transmission of signal but also through how the signal is received, processed and acted upon by behavioral agents. The national security context has largely focused on the former, to the detriment of the latter.
How the Pentagon Should Deter Cyber Attacks
The most important lesson from Russia’s involvement in the 2016 presidential election may be this: foreign hackers and propagandists are not afraid to launch attacks against the United States in and through cyberspace that they would not dare risk in a real theater of war. So as cyber aggression gets worse and more brazen every year, it’s crucial that the Department of Defense figures out how to deter foreign actors in cyberspace as effectively as in nuclear and conventional warfare. The Pentagon can take five steps to better deter foreign cyber attacks.
Lombardi’s War: Formation Play-Calling and the Intellectual Property Ecology
The information age, a phrase famously coined by Berkeley Professor Manuel Castells in the 1990s, described a tectonic shift in our culture and economy which we generally take for granted at present. From our current vantage point, replete with ubiquitous pocket-sized personal computing and communications devices, it is hard to imagine a world where we cannot convert our data or social networks into physical resources and access. We keep our data in the cloud and call upon it when we need it, regardless of where we are. We log into AirBnB, and somehow money we have never seen transfers to someone else who will never see the money, and that becomes a room for an evening. The idea of a brick-and-mortar video store, such as the 1990s-staple Blockbuster Video, is hopelessly anachronistic in the era of Netflix.
Chinese State Sponsored Hacking: It’s Time To Reach an Effective and Lasting Bilateral Agreement on Cyberwarfare
It remains to be seen whether or not the current administration’s approach to China will bring further progress in terms of limiting cyber attacks. Ultimately, extending the terms of the 2015 agreement to explicitly ban attacks, to encourage co-operation in hardening financial institutions against them, and perhaps even mandate bi-lateral responses should they occur, would be in the mutual interest of both the U.S. and China.
Deviation From The Norm: Cyberattacks on the Rise
In a year when the breadth, extent, and impact of cyber attacks continues to expand as geopolitical tensions escalate, the creation of norms remains essential to shape behavior in cyberspace and identify which targets are off limits. However, as these latest attacks may demonstrate, absent any coherent cybersecurity strategy and response framework, adversaries will disregard norms as long as they can attack with impunity.
Creating a Safe and Prosperous Cyberspace: The Path to Ise-Shima Cybersecurity Norms
Over the last 30 years the international security environment has been characterized by several security deficits, which are defined as a government’s inability to meet its national security obligations without external support. Intra-state, transnational, and regional actors challenge a sovereign government’s ability to provide a secure environment for their citizens. While evident in countries like Syria and Afghanistan, it is also true in the cyber world.