Browse by

Dec. 21, 2017

A Cyber Federal Deposit Insurance Corporation: Achieving Enhanced National Security

Of the emerging man-made risks affecting U.S. national security, cyber threats have enjoyed the most attention and resources from national security leaders and policymakers. And yet, cyber threats remain one of the most complex risks to address given their amorphous, highly fluid, and extra-territorial nature. This makes it difficult if not impossible to quantify the national state of readiness and, in these fiscally constrained times, the return on investment from the billions spent each year on cybersecurity. Five gaps conspire to make achieving a state of enhanced cyber resilience complex if not impossible. These include a yawning talent gap to the tune of millions of people; a technological gap predicated on managing a risk that evolves according to Moore’s law; a financial and economic gap leaving trillions in value at risk with no generally accepted way to measure this value; an alignment gap in terms of policy harmonization and cooperation inside the United States and around the world; and, finally, a gap in patience and the speed of markets. This article delves into the evolving cyber threat landscape and outlines ways of understanding and bridging these critical gaps.

Dec. 21, 2017

Bridging the Cyberspace Gap - Washington and Silicon Valley

One of the defining characteristics of the cyber domain is the dominance of the private sector. The majority of critical networks are privately owned and operated; more than 90 percent of American military and intelligence communications travel over privately owned backbone telecommunications networks. Many of the most talented hackers are in the private sector, and private security firms such as CrowdStrike, FireEye, and Cylance have taken an increasingly large public role in tracing cyberattacks to nation-states and other perpetrators. In addition, Alphabet, Amazon, Apple, Cisco, Facebook, IBM, Intel, and other companies drive innovation and the deployment of new technologies, especially in cutting-edge areas like artificial intelligence. For these reasons, strong ties to the technology sector are central to the U.S. Government’s (USG) pursuit of its economic, diplomatic, and military strategic interests in cyberspace.

Dec. 21, 2017

Cyber Gray Space Deterrence

During the past few years, adversaries of the United States have begun to use their militaries to test U.S. resolve through innovative methods designed to bypass deterrent threats and avoid direct challenges. These “gray space campaigns” are specifically designed to allow adversaries to achieve their goals without triggering escalation by making retaliation difficult. China demonstrated this with its attempt to seize control of the South China Sea through its island building program, as did Russia with its effort to foment insurgency in eastern Ukraine through the use of “little green men.”

Dec. 21, 2017

Cyberdeterrence by Engagement and Surprise

The conventional deterrence strategies of denial and punishment do not factor in the unique characteristics of the man-made cyber domain. This domain needs a new and holistic deterrence strategy that involves prompt and direct cyber responses that are sudden, dynamic, stealthy, and random so that adversaries can be defeated mentally and virtually. This article offers such an approach that I refer to as “deterrence by engagement and surprise.”

Dec. 21, 2017

A Three-Perspective Theory of Cyber Sovereignty

The cybercrime and cyber terrorism raging today are the most visible symptoms of a more pervasive problem concerning cyber security. How to establish a fair and just governance regime in cyberspace and establish international rules spark a storm of controversy. The controversy reflects the competing interests and demands of three distinct cyberspace actors: the state, the citizen, and the international community. By focusing only on one’s own interests, each actor ignores the interests of the other two, resulting in the current situation in which each sticks to its own argument and refuses to reconcile. The establishment of a new order in cyberspace requires a comprehensive review from the perspective of all three major actors. This article proposes a “three-perspectives” theory based on the three actors. It divides cyberspace into three levels; the base level, the application level, and the core level. Treating each level differently, it seeks to identify the largest common ground, and transcends the single perspective vulnerability of interpreting everything in terms of binary opposition. Three-perspective thinking makes it possible to deal with the binary opposition of exclusivity and transferability with respect to state sovereignty.

Dec. 21, 2017

An Interview with Marina Kaljurand, former Minister of Foreign Affairs of Estonia

Those were the first explicitly political cyberattacks against an independent, sovereign state in history. If put into today’s context, the attacks were not very sophisticated—even primitive. But back then, they were very disturbing. By that time, Estonia already had widely established internet and e-services, and an e-lifestyle; when those services were interrupted—mainly in the banking sector—it was highly disruptive. As to the effects of the attacks? They did not kill anybody, they were not destructive. They were highly disruptive to our lives though.

Dec. 21, 2017

Warnings Finding Cassandras to Stop Catastrophes

Every day we hear warnings—from parents concerned about the personal safety and good health of their children, to government officials worried about protecting the citizenry from external adversaries and the forces of nature. Distinguishing serious warnings of impending catastrophe from those that are frivolous may mean the difference between life and death, success and failure, freedom and oppression.

Dec. 21, 2017

International Conflict and Cyberspace Superiority: Theory and Practice

Cyberspace Superiority is a compelling mix of advanced technological know-how and easy-to-understand writing. Bryant, a Lieutenant Colonel who is a career fighter pilot and earned his Ph.D. in military strategy, first examines whether cyberspace is a “global common”—i.e. a shared resource like the oceans, atmosphere, space, and Antarctica. The answer may well determine the future nature of cyber hostilities but, with the issue as yet unsettled, Bryant posits a far more pressing question—is superiority in cyberspace “a useful construct for thinking about and planning for nation-state conflict in cyberspace?”

Dec. 21, 2017

Cyberspace in Peace and War

Martin Libicki has been a prolific writer in the field of information warfare since the mid-1990s. In this newer work, published by the Naval Institute Press, he aggregates his thinking during the past several decades into a single book. Cyberspace in Peace and War draws from work performed at RAND, both solely and with colleagues, and from lecture interactions with his students at various universities, to present a streamlined and consolidated overview of activities within and enabled by information technologies.

Dec. 21, 2017

Prologue

Nearly a half century ago in October 1969, computer programmers at the University of California, Los Angeles used a primitive Department of Defense computer network called ARPANET to send the first messages to computers at Stanford Research Institute. This quiet event, considered by some to be the birth of the internet, ignited a technological movement within the computer and information industries that eventually transformed the world into a globally connected society utterly dependent on instant access to information, yet increasingly vulnerable to network intrusions by those who seek to steal sensitive data or disrupt cyber infrastructure.