Nearly a half century ago in October 1969, computer programmers at the University of California, Los Angeles used a primitive Department of Defense computer network called ARPANET to send the first messages to computers at Stanford Research Institute. This quiet event, considered by some to be the birth of the internet, ignited a technological movement within the computer and information industries that eventually transformed the world into a globally connected society utterly dependent on instant access to information, yet increasingly vulnerable to network intrusions by those who seek to steal sensitive data or disrupt cyber infrastructure.

Today’s information sharing tools let adversaries interfere more directly than ever with a targeted nation’s political processes and the minds of its citizens. Operating effectively in such “cognitive-emotional conflict” requires that information-based capabilities be employed and countered in agile, integrated ways across the military, government, and society. Coherent narratives tied to strategy and backed by actions are important. Technical cyberspace activities need to be well-coordinated with content-based approaches like military information operations, government-wide messaging, and intelligence gathering (including all forms of security). Even more important is to build a society’s resilience against persistent, disruptive, or disinformation campaigns that aim to undermine citizen confidence and core beliefs.

Historians of international relations are familiar with the hinge-year concept when trends that previously had been largely subterranean suddenly crystallize into a clear and immediate danger, forcing policymakers to wake up and take action. When it comes to cyberspace, the past year has certainly smashed any complacency about our ability to anticipate and counter the growing sophistication of cyberattacks. As fast as we have tried to catch up, the speed and global impact of these attacks continue to outrun us. 2016 witnessed the first major attack via the Internet of Things when a DynCorp server in the United States was hacked through video surveillance cameras. We also saw the first attacks driven by artificial intelligence, and increasing evidence of collusion between state intelligence services and organized crime networks.

Logistics is the lifeblood of the Joint Force. It requires an effective distribution network as its heart, moving and sustaining the force at the right place and at the right time—all the time. U.S. Transportation Command (USTRANSCOM) delivers that decisive force, projecting American power globally through the robust Joint Deployment and Distribution Enterprise (JDDE) and leveraging the expertise of more than 140,000 professionals. No other nation in the world can compete with the United States in conventional warfare because we plan, secure, and distribute combat capability so well. As a result, many military planners are now value-programmed to believe that a soldier or bullet will always be where it needs to be, when it needs to be there—on demand.

The digital dimension is simultaneously enhancing and disrupting the fabric of life in every society where modern, informatized technology is present. The slow-motion collapse of parts of the 20th century’s legacy is now accelerating in ways that likely will usher in a monumental realignment of societal institutions, methods of business, and fundamental ideas about national security. This realignment will, of necessity, change the frameworks within which America provides for its security, including how it acquires the goods and services it uses in that effort.

Of the emerging man-made risks affecting U.S. national security, cyber threats have enjoyed the most attention and resources from national security leaders and policymakers. And yet, cyber threats remain one of the most complex risks to address given their amorphous, highly fluid, and extra-territorial nature. This makes it difficult if not impossible to quantify the national state of readiness and, in these fiscally constrained times, the return on investment from the billions spent each year on cybersecurity. Five gaps conspire to make achieving a state of enhanced cyber resilience complex if not impossible. These include a yawning talent gap to the tune of millions of people; a technological gap predicated on managing a risk that evolves according to Moore’s law; a financial and economic gap leaving trillions in value at risk with no generally accepted way to measure this value; an alignment gap in terms of policy harmonization and cooperation inside the United States and around the world; and, finally, a gap in patience and the speed of markets. This article delves into the evolving cyber threat landscape and outlines ways of understanding and bridging these critical gaps.

One of the defining characteristics of the cyber domain is the dominance of the private sector. The majority of critical networks are privately owned and operated; more than 90 percent of American military and intelligence communications travel over privately owned backbone telecommunications networks. Many of the most talented hackers are in the private sector, and private security firms such as CrowdStrike, FireEye, and Cylance have taken an increasingly large public role in tracing cyberattacks to nation-states and other perpetrators. In addition, Alphabet, Amazon, Apple, Cisco, Facebook, IBM, Intel, and other companies drive innovation and the deployment of new technologies, especially in cutting-edge areas like artificial intelligence. For these reasons, strong ties to the technology sector are central to the U.S. Government’s (USG) pursuit of its economic, diplomatic, and military strategic interests in cyberspace.

This year has been tough for cybersecurity programs. Every month in the first six months of 2017, the world experienced a major cyber event. Open-source attacks included attacks on critical infrastructure, banks, intelligence services, and significant commercial and government entities. Indeed, reflecting on the scope and depth of most publically acknowledged compromises, uncovers the reality of the tremendous and growing risks the country faces nearly two decades into the 21st century. Everything seems to have changed. Virtually every organization within the Department of Defense (DOD) has, sometimes reluctantly, come to embrace digital age technology, to the point that they are completely dependent on it. The result is a shocking degree of paralysis when our access to the services we now rely upon is disrupted.

During the past few years, adversaries of the United States have begun to use their militaries to test U.S. resolve through innovative methods designed to bypass deterrent threats and avoid direct challenges. These “gray space campaigns” are specifically designed to allow adversaries to achieve their goals without triggering escalation by making retaliation difficult. China demonstrated this with its attempt to seize control of the South China Sea through its island building program, as did Russia with its effort to foment insurgency in eastern Ukraine through the use of “little green men.”

The conventional deterrence strategies of denial and punishment do not factor in the unique characteristics of the man-made cyber domain. This domain needs a new and holistic deterrence strategy that involves prompt and direct cyber responses that are sudden, dynamic, stealthy, and random so that adversaries can be defeated mentally and virtually. This article offers such an approach that I refer to as “deterrence by engagement and surprise.”

The cybercrime and cyber terrorism raging today are the most visible symptoms of a more pervasive problem concerning cyber security. How to establish a fair and just governance regime in cyberspace and establish international rules spark a storm of controversy. The controversy reflects the competing interests and demands of three distinct cyberspace actors: the state, the citizen, and the international community. By focusing only on one’s own interests, each actor ignores the interests of the other two, resulting in the current situation in which each sticks to its own argument and refuses to reconcile. The establishment of a new order in cyberspace requires a comprehensive review from the perspective of all three major actors. This article proposes a “three-perspectives” theory based on the three actors. It divides cyberspace into three levels; the base level, the application level, and the core level. Treating each level differently, it seeks to identify the largest common ground, and transcends the single perspective vulnerability of interpreting everything in terms of binary opposition. Three-perspective thinking makes it possible to deal with the binary opposition of exclusivity and transferability with respect to state sovereignty.

Those were the first explicitly political cyberattacks against an independent, sovereign state in history. If put into today’s context, the attacks were not very sophisticated—even primitive. But back then, they were very disturbing. By that time, Estonia already had widely established internet and e-services, and an e-lifestyle; when those services were interrupted—mainly in the banking sector—it was highly disruptive. As to the effects of the attacks? They did not kill anybody, they were not destructive. They were highly disruptive to our lives though.

Every day we hear warnings—from parents concerned about the personal safety and good health of their children, to government officials worried about protecting the citizenry from external adversaries and the forces of nature. Distinguishing serious warnings of impending catastrophe from those that are frivolous may mean the difference between life and death, success and failure, freedom and oppression.

Cyberspace Superiority is a compelling mix of advanced technological know-how and easy-to-understand writing. Bryant, a Lieutenant Colonel who is a career fighter pilot and earned his Ph.D. in military strategy, first examines whether cyberspace is a “global common”—i.e. a shared resource like the oceans, atmosphere, space, and Antarctica. The answer may well determine the future nature of cyber hostilities but, with the issue as yet unsettled, Bryant posits a far more pressing question—is superiority in cyberspace “a useful construct for thinking about and planning for nation-state conflict in cyberspace?”

Martin Libicki has been a prolific writer in the field of information warfare since the mid-1990s. In this newer work, published by the Naval Institute Press, he aggregates his thinking during the past several decades into a single book. Cyberspace in Peace and War draws from work performed at RAND, both solely and with colleagues, and from lecture interactions with his students at various universities, to present a streamlined and consolidated overview of activities within and enabled by information technologies.