Cyberspace, where information—and hence serious value—is stored and manipulated, is a tempting target. An attacker could be a person, group, or state and may disrupt or corrupt the systems from which cyberspace is built. When states are involved, it is tempting to compare fights to warfare, but there are important differences. The author addresses these differences and ways the United States protect itself in the face of attack.
A Comprehensive Strategy for Preventing Foreign Cyberattacks
Author: Robert Mandel
Publisher: Georgetown University Press
Category: Political Science
Cyberattacks are one of the greatest fears for governments and the private sector. The attacks come without warning and can be extremely costly and embarrassing. Robert Mandel offers a unique and comprehensive strategic vision for how governments, in partnership with the private sector, can deter cyberattacks from both nonstate and state actors. Cyberdeterrence must be different from conventional military or nuclear deterrence, which are mainly based on dissuading an attack by forcing the aggressor to face unacceptable costs. In the cyber realm, where attributing a specific attack to a specific actor is extremely difficult, conventional deterrence principles are not enough. Mandel argues that cyberdeterrence must alter a potential attacker’s decision calculus by not only raising costs for the attacker but also by limiting the prospects for gain. Cyberdeterrence must also involve indirect unorthodox restraints, such as exposure to negative blowback and deceptive diversionary measures, and cross-domain measures rather than just retaliation in kind. The book includes twelve twenty-first-century cyberattack case studies to draw insights into cyberdeterrence and determine the conditions under which it works most effectively. Mandel concludes by making recommendations for implementing cyberdeterrence and integrating it into broader national security policy. Cyber policy practitioners and scholars will gain valuable and current knowledge from this excellent study.
Cyberspace, where information--and hence serious value--is stored and manipulated, is a tempting target. An attacker could be a person, group, or state and may disrupt or corrupt the systems from which cyberspace is built. When states are involved, it is tempting to compare fights to warfare, but there are important differences. The author addresses these differences and ways the United States protect itself in the face of attack.
is a tempting target. An attacker could be a person, group, or state and may disrupt or corrupt the systems from which cyberspace is built. When states are involved, it is tempting to compare fights to warfare, but there are important differences. The author addresses these differences and ways the United States protect itself in the face of attack.
Informing Strategies and Developing Options for U.S. Policy
Author: National Research Council
Publisher: National Academies Press
Category: Political Science
In a world of increasing dependence on information technology, the prevention of cyberattacks on a nation's important computer and communications systems and networks is a problem that looms large. Given the demonstrated limitations of passive cybersecurity defense measures, it is natural to consider the possibility that deterrence might play a useful role in preventing cyberattacks against the United States and its vital interests. At the request of the Office of the Director of National Intelligence, the National Research Council undertook a two-phase project aimed to foster a broad, multidisciplinary examination of strategies for deterring cyberattacks on the United States and of the possible utility of these strategies for the U.S. government. The first phase produced a letter report providing basic information needed to understand the nature of the problem and to articulate important questions that can drive research regarding ways of more effectively preventing, discouraging, and inhibiting hostile activity against important U.S. information systems and networks. The second phase of the project entailed selecting appropriate experts to write papers on questions raised in the letter report. A number of experts, identified by the committee, were commissioned to write these papers under contract with the National Academy of Sciences. Commissioned papers were discussed at a public workshop held June 10-11, 2010, in Washington, D.C., and authors revised their papers after the workshop. Although the authors were selected and the papers reviewed and discussed by the committee, the individually authored papers do not reflect consensus views of the committee, and the reader should view these papers as offering points of departure that can stimulate further work on the topics discussed. The papers presented in this volume are published essentially as received from the authors, with some proofreading corrections made as limited time allowed.
Working Toward a Framework to Integrate Cyber Deterrence
Author: Steve Wieland
"The goal of deterrence is not to deter the use of a particular weapon. Rather, a nation deters undesirable behavior. Cyber warfare can produce three basic effects-- SCADA attacks that cause physical destruction, loss of confidence in one's information, and disruption. These effects and their associated limitations will not produce a strategically decisive result. Cyber warfare must be used in conjunction with other instruments of power to successfully coerce another nation to accede to political demands. However, denying a potential adversary the benefits of cyber coercion or raising the costs of attempting it comprise important components a deterrence strategy. To deny benefits, defensive measures will prevent attacks from being successful. Alternatively, resiliency of critical systems will allow mitigate the value of attacks. The costs of attack consist of words and deeds. Clear, culturally appropriate communication of response measures helps dissuade actions. The actual retaliation after a cyber attack deters future attacks. Looking toward the future, a deterrence posture must include resiliency, organizational changes across the board, use of technology, and appropriate, integrated response measures"--Abstract.
Each era brings with it new techniques and methods of waging a war. While military scholars and experts have mastered land, sea, air and space warfare, time has come that they studied the art of cyberwar too. Our neighbours have acquired the capabilities to undertake this new form of asymmetric form of warfare. India too therefore needs to acquire the capabilities to counter their threat. Cyber space seems to have invaded every aspect of our life. More and more systems whether public or private are getting automated and networked. This high dependence of our critical infrastructure on Information and Communication Technology exposes it to the vulnerabilities of cyberspace. Enemy now can target such infrastructure through the cyberspace and degrade/ destroy them. This implies that the critical information infrastructure of the country and military networks today are both equally vulnerable to enemy’s cyberattacks. India therefore must protect its critical information infrastructure as she would protect the military infrastructure in the battlefield. Public – Private Partnership model is the only model which would succeed in doing so. While the Government needs to lay down the policies and frame the right laws, private sector needs to invest into cyber security. Organisations at national level and at the level of armed forces need to be raised which can protect our assets and are also capable of undertaking offensive cyber operations. This book is an attempt to understand various nuances of cyber warfare and how it affects our national security. Based on the cyber threat environment, the books recommends a framework of cyber doctrine and cyber strategies as well as organisational structure of various organisations which a nation needs to invest in.
The book is divided into two parts. Part 1 deals with cyber warfare in general bringing out the unique characteristics of cyber space, the recent cyber attack on Estonia and the Stuxnet attack on Iranian Nuclear facilities, how the established Principles of War can be applied in cyberspace, cyber strategy of US and China, offensive and defensive aspects of cyber warfare cyber deterrence and the new challenge facing the militaries the world over- leadership in cyber domain. Part 2 is devoted to the Indian context. It discusses in detail the impact of ICT on the life of an ordinary Indian citizen, the cyber challenges facing the country and the implications for the Indian Armed Forces. A few recommendations have been summarised in the end.
There is warfare, and there is cyberwarfare. In today's technologically-driven world, governments, and even terrorist groups and hacktivists, engage in cyberwarfare to attack or disrupt the operations of other nations and organizations. Recent revelations about cyberattacks that threatened individual and national security have caused ripples of concern and outrage, but tend to die down quickly. How safe are we, and do we take security for granted? This resource offers a diverse selection of viewpoints from the top voices in the field to enlighten readers about warfare in the Information Age.
"The world has witnessed two cyber wars, the first between Estonia and Russia in 2007 and the second between Georgia and Russia in 2008. In both of these wars, the same problem existed and will continue to proliferate as without imposed costs and/or denied benefits, state and non-state actors will further develop and refine capabilities that have the ability to take advantage of cyber vulnerabilities. The scope of this study is to understand the nature of cyber war and its purpose in order to develop a theory of cyber deterrence. An initial challenge surfaced because of a lack of definitional consistency for terminology in the cyber domain. To address this challenge, I relied upon time-tested Clausewitzian ideals to define cyber war as the continuation of state policy by cyber means. ... Four hypotheses informed by basic deterrence, criminal justice deterrence, and nuclear deterrence theories were rooted in a critical question regarding the cyber domain: How is cyber deterrence possible if attribution, offensive capabilities, defensive capabilities, or cooperative relationships are either missing from or inadequate to deter a malicious actor?"--Proquest web site.
While the deterrence of cyber attacks is one of the most important issues facing the United States and other nations, the application of deterrence theory to the cyber realm is problematic. This study introduces cyber warfare and reviews the challenges associated with deterring cyber attacks, offering key recommendations to aid the deterrence of major cyber attacks.
Because cyberspace can affect core missions and capabilities, it seems obvious that the Air Force should take steps to establish an organization to address this medium. The details have been difficult to establish, however, because this medium is very different from air and space. The Air Force initially instituted a provisional major command and but has since instead replaced it with a numbered air force, the 24th Air Force, under Space Command. The authors have been involved in efforts to make the missions, tasks, and capabilities of such a command more concrete. Here, they offer observations originally intended for the major command but that apply equally well to the efforts of 24th Air Force: the needs to articulate objectives clearly; establish strategies, missions, and tasks; and develop people capable of ensuring that USAF-specific needs are met. The Air Force must also consider that cyber-related responsibilities spread across the military and other government agencies. But to expand its mission to [beta]fly and fight in cyberspace, [gamma] the Air Force should also advance the state of the art in creating effects using cyberspace.
Deterrence, Containment and Collective Cyberdefense
Author: Jeffrey W. Knopf
Category: Political Science
Once the foundations of U.S. national security strategy, deterrence, containment and collective security must all be adapted to new threats if they are to remain relevant in the 21st century. Deterrence has enjoyed a revival since 9/11, but while useful against asymmetric threats, it comes with inherent risks. Though the U.S. briefly embraced pre-emption in the past decade, containment has once again become an attractive, if complex, option for a frugal and war-weary superpower. And America's collective security arrangements with its allies must be extended to include cyberattacks, but the very nature of cyberwar makes implementation of collective cyberdefense problematic.
Are nuclear arsenals safe from cyber-attack? Could terrorists launch a nuclear weapon through hacking? Are we standing at the edge of a major technological challenge to global nuclear order? These are among the many pressing security questions addressed in Andrew Futter’s ground-breaking study of the cyber threat to nuclear weapons. Hacking the Bomb provides the first ever comprehensive assessment of this worrying and little-understood strategic development, and it explains how myriad new cyber challenges will impact the way that the world thinks about and manages the ultimate weapon. The book cuts through the hype surrounding the cyber phenomenon and provides a framework through which to understand and proactively address the implications of the emerging cyber-nuclear nexus. It does this by tracing the cyber challenge right across the nuclear weapons enterprise, explains the important differences between types of cyber threats, and unpacks how cyber capabilities will impact strategic thinking, nuclear balances, deterrence thinking, and crisis management. The book makes the case for restraint in the cyber realm when it comes to nuclear weapons given the considerable risks of commingling weapons of mass disruption with weapons of mass destruction, and argues against establishing a dangerous norm of “hacking the bomb.” This timely book provides a starting point for an essential discussion about the challenges associated with the cyber-nuclear nexus, and will be of great interest to scholars and students of security studies as well as defense practitioners and policy makers.
Publisher: Academic Conferences and publishing limited
These proceedings represent the work of researchers participating in the 13th International Conference on Cyber Warfare and Security (ICCWS 2018) which is being hosted this year by the National Defense University in Washington DC, USA on 8-9 March 2018.
Threats, Opportunities, and Power in a Virtual World
Author: Derek S. Reveron
Publisher: Georgetown University Press
Category: Political Science
In a very short time, individuals and companies have harnessed cyberspace to create new industries, a vibrant social space, and a new economic sphere that are intertwined with our everyday lives. At the same time, individuals, subnational groups, and governments are using cyberspace to advance interests through malicious activity. Terrorists recruit, train, and target through the Internet, hackers steal data, and intelligence services conduct espionage. Still, the vast majority of cyberspace is civilian space used by individuals, businesses, and governments for legitimate purposes. Cyberspace and National Security brings together scholars, policy analysts, and information technology executives to examine current and future threats to cyberspace. They discuss various approaches to advance and defend national interests, contrast the US approach with European, Russian, and Chinese approaches, and offer new ways and means to defend interests in cyberspace and develop offensive capabilities to compete there. Policymakers and strategists will find this book to be an invaluable resource in their efforts to ensure national security and answer concerns about future cyberwarfare.
Each spring, the Cyber Project at Georgetown University’s Institute for Law, Science, and Global Security convenes a conference of leading international experts from academia, the private sector, and government to address cutting-edge issues in cybersecurity. The 2014 annual conference is the starting point for this special issue of the Georgetown Journal of International Affairs, the fourth volume in the annual International Engagement on Cyber series. Key papers from the conference have been included in this issue along with new articles added to round out this collaboration between the Cyber Project and the journal. This issue begins with a group of articles under the theme “A Post-Snowden Cyberspace,” describing how Edward Snowden’s revelations directly or indirectly changed the way the global community understands cybersecurity and cyber law. Other topics covered include cyber weapons, cyber deterrence, Japan’s cybersecurity strategy, data protection in the private sector, executive accountability for data breaches, minimum security standards for connected devices, and the problem of underinvestment in cybersecurity. Please note, this special issue is not included in the subscription to the journal. The Georgetown Journal of International Affairs is the official publication of the Edmund A. Walsh School of Foreign Service at Georgetown University. Each issue of the journal provides readers with a diverse array of timely, peer-reviewed content penned by top policymakers, business leaders, and academic luminaries.
China's Cyber Incursions: A Theoretical Look at What They See and Why They Do It Based on a Different Strategic Method of Thought - This 2013 paper discusses the strategy behind China's cyber activities. The paper examines the Chinese concept of strategy and how it motivates China's cyber actions. These actions take the form of reconnaissance and system sabotage concepts that result in the fulfillment of strategy and in the development of a preemptive and offensive information deterrence disposition. The paper then examines China's response to the recent Mandiant security firm's report that accused the People's Liberation Army of compliance in attacking 115 US companies since 2006. China's next generation of quantum communications research is briefly discussed as well. The conclusions list the author's opinion regarding how to handle the Chinese in the future, through confrontation or dialogue, based on their thought process. This author argues for interceding into Chinese strategic concepts and changing the objective basis behind their cyber activities. China's invasive cyber activities make perfect sense--to them. Through extensive reconnaissance activities, China gains leverage in three areas: its ability to establish a cyber strategic advantageous posture over potential opponents; its ability to identify key nodes in an opponent's network and gain the potential ability to conduct system sabotage against them if necessary; and its ability to develop a cyber deterrence concept of Chinese-make through the construction of a new type of "show of force," such as the identification and revelation of a potential opponent's cyber geography that deters an opponent from acting. Cyber espionage activities are activated due to a specific strategic thought process and resulting paradigm that subsequently uncovers strategic opportunities.Chinese Information Warfare: A Phantom Menace or Emerging Threat? Mao Tse-tung counseled, "To achieve victory we must as far as possible make the enemy blind and deaf by sealing his eyes and ears, and drive his commanders to distraction by creating confusion in their minds." Few concepts mesh so contextually with Mao than the Chinese approach to Information Warfare (IW). As the People's Republic of China struggles with its national military strategy, IW offers opportunities to win wars without the traditional clash of arms.