Publications

Results:
Category: Cybersecurity

Dec. 30, 2014

A Theater-Level Perspective on Cyber

Most U.S. military cyber professionals will tell you that “defense is the main effort” and that providing secure and reliable communication is job one. In practice, however, most cyber discussions focus on sophisticated computer hackers conducting exploitation (espionage) or attack (sabotage) operations. The reasons for this seeming contradiction include cyber espionage intrusions, industrial-scale intellectual property theft, and denial-of-service attacks that cost millions of dollars and naturally capture headlines and the imagination. Likewise, the potential for cyber attacks to disrupt infrastructure with kineticlike consequences provides fodder for books and articles that bridge reality and science fiction, empowering armchair theorists to contemplate a new and different type of war and warrior.

Sept. 30, 2014

The Limits of Cyberspace Deterrence

As a concept, deterrence has been part of the military vernacular since antiquity. In his History of the Peloponnesian War, Thucydides quotes Hermocrates as stating, “Nobody is driven into war by ignorance, and no one who thinks that he will gain anything from it is deterred by fear.”2 In the 2,400 years since then, the domains for the conduct of military affairs have expanded from the original land and maritime domains to air, space, and now cyberspace. As warfighting expanded its scope, strategic theory did as well. Today, U.S. doctrine declares that the fundamental purpose of the military is to deter or wage war in support of national policy.3 Therefore, military strategists and planners have a responsibility to assess how adversaries may be deterred in any warfighting domain. Through the joint planning process, planners, working through the interagency process, consider deterrent options for every instrument of national power—diplomatic, informational, military, and economic—across all phases of military operations.4 However, most of the thought and analysis in deterrence has revolved around the use of conventional and nuclear weapons.

Sept. 30, 2014

Cyber Security as a Field of Military Education and Study

Information and communication technologies are acknowledged as enablers and the core arsenal of military capabilities, functions, and operations. An increasing number of nations pursue improved fluency and agility of armed forces personnel in information and communication technology, its contemporary uses, and relevant defense and security implications. Underdeveloped terminology and concepts, combined with recognized functional needs and national ambitions to control the relatively new battlespace and domain, create ambiguity and even anxiety among the current generation of planners and leaders. Particularly challenging is the balance between technical in-depth knowledge requirements and strategic understanding of the cyber domain desirable for joint planners, field commanders, and senior decisionmakers.

Sept. 30, 2014

Determining Hostile Intent in Cyberspace

According to the Joint Chiefs of Staff, hostile intent is defined as the threat of imminent use of force against the United States, U.S. forces, or other designated persons or property. It is the indication, the belief, a commander has that an adversary is about to attack. That belief provides the groundwork for “anticipatory self-defense,” an American legal concept that allows a commander to attack before being attacked.

July 1, 2014

Cyber Power in 21st-Century Joint Warfare

Used militarily, cyberspace superiority should ensure the capability to conduct cyber interdiction, thus assisting in kinetic operations, especially air. It could also defeat enemy cyber attacks and neutralize enemy surveillance and finally suppress enemy cyber defense measures and data fusion centers, forcing adversary miscalculation and obtaining a decisionmaking advantage.

April 1, 2014

The Joint Force Commander’s Guide to Cyberspace Operations

Cyberspace can be leveraged by first, finding a theory to express and teach the constantly changing vagaries of that domain, including a suitable lexicon, and second, overcoming assorted turf wars and adequately resourcing the study, manning, equipping, and training of the cyberspace force so it can integrate with other domains.

April 1, 2014

Achieving Accountability in Cyberspace: Revolution or Evolution?

Cyberspace considerations are irreversibly proliferating, and five core ideas will help commanders fight a perpetual cyberwar: education and training, a clear chain of custody, explicit processes and procedures and guidance, advanced methods of controlling access to networks and information, and a formal cyberspace mishap investigation process throughout the Defense Department.

April 1, 2014

Information-Sharing with the Private Sector

The Obama administration’s Executive Order 13636 and Presidential Policy Directive 21 are a beginning, but establishing public-private information sharing requires matching cyber security legislation to fill in the gaps found in the 2003 National Strategy to Secure Cyberspace, address a multitude of contentious issues, and achieve a unified cyberspace focus.

Aug. 1, 2012

Preparing the Pipeline: The U.S. Cyber Workforce for the Future

In 2008, the Comprehensive National Cybersecurity Initiative listed “expanded cyber education” as one of its key recommendations. In 2009, the Partnership for Public Service produced a report stating that the current pipeline of cybersecurity workers into the government was inadequate. In the same year, Secretary of Defense Robert Gates stated that the military was “desperately short of people who have the capabilities [to operate in cyberspace].” And in 2011, the Inspector General of the Federal Bureau of Investigation reported that 35 percent of the special agents investigating national security cyber-intrusion cases lacked necessary training and technical skills. Nonetheless, the U.S. Government and private sector still seek to increase their online operations and dependency in spite of these shortcomings. An expert at the Atlantic Council of the United States sums up this problem: “cyber workforce management efforts resemble a Ferris wheel: the wheel turns on and on . . . we move, but around and around, never forward.”

Jan. 1, 2012

Sino-American Strategic Restraint in an Age of Vulnerability

For all their power, both the United States and China are increasingly vulnerable. Each faces a range of strategic dangers, from nuclear weapons to disruption of critical computer networks and space links.1 Because their relationship is at once interdependent and potentially adversarial, the United States and China are especially vulnerable to each other: interdependence exposes each to the other, while the potential for conflict impels each to improve strategic capabilities against which defenses can be futile. Strategic vulnerability cannot be eliminated, only mitigated.