Shameless Self-Promotion, part 2: Cyber War Edition

Like my co-blogger Matt Fay, I too have been absent from this blog for far too long. Work and grad school applications (I’ll be attending the LBJ School at UT Austin starting this fall) became a veritable time vortex, but I am hoping to (albeit slowly) get back to blogging now. I will probably post more quick hits rather than lengthy analyses, since I am in fact going to grad school, but hopefully the blog will pick up pace over the summer. Since this is a comeback post of sorts it is only appropriate that it involves my work . . .
read more

Cyber Power and Poor Analogies Make Bad Analysis

The study of cyber security varies in approach, but I find that perhaps the most helpful is thinking about it in terms of power. Instead of analyzing cyber security based on very limited empirical data and from there inferring some operational utility, it is more useful to approach cyberspace holistically, examining the environment and the many ways actors can utilize it for political gains. People like Joseph Nye, Jr. and David Betz and Tim Stevens have made good contributions to the concept of cyber power, and Martin Libicki’s work on deterrence in cyberspace is also closely related and relevant. . . .
read more

Defining War and Warfare in Cyberspace

Every so often a new technology emerges that puts into question existing definitions of behavior. In international relations, this often happens as a result of new weapons being introduced that substantively affect the conduct of war. The advent of strategic air power gave great powers a new tool for coercion, namely the capability to inflict massive amounts of damage on the civilian population in the hopes of forcing political change—mainly surrender. Though strategic air power did not invent the notion of targeting civilians, a combination of accident and obsession with its hypothetical utility led strategic air power to substantively . . .
read more

Making the Case for Ambiguity in Cyberstrategy

Cyberspace is a whole new game. We have to start from scratch and build brand-new concepts, doctrines and strategy. Or so it goes. The inherent ‘newness’ of cyberspace has lead most countries to start a painstaking process to define cyberspace, in particular the security aspect of it. The novelty of cyberspace can be quite overstated, but in some ways old rules do not apply—or, at least, they are not as well served in this new domain. One particularly fascinating and important example of this is the role of ambiguity in policy. How to define cyberincidents and determine thresholds for . . .
read more

Should the United States Create a Cyber Militia?

Is a volunteer force of cyberwarriors the best available solution for a strong national cyberdefense? That is one of the questions raised at this year’s International Conference on Cyber Conflict (ICCC) in Tallinn, Estonia. The idea behind a volunteer force is that because most states do not have the resources to have a standing cyberforce capable of stopping large-scale attacks, states can rely on a large militia of volunteers in case of emergency. These volunteers would keep their day job, but should a large attack take place they could “take to arms” and protect private and government networks. It . . .
read more

Lowering the Attack Threshold in Cyberspace

Last week I criticized the new “International Strategy for Cyberspace” put out by the White House for not being specific enough about the military aspect of cybersecurity. There is a general lack of specificity in policy on this subject matter, and the international cyberstrategy perpetuated the trend of using big words to say very little. However, the Obama administration is seeking to address some of these shortcomings. The Pentagon is coming out with its own strategy document in June, and the Wall Street Journal got some inside information on it this week. The big news? The U.S. military is . . .
read more

The U.S. International Strategy for Cyberspace: Liberal Internationalism in a New Domain

Last week, the White House released its new strategy document for cyberspace, called “International Strategy for Cyberspace: Prosperity, Security and Openness in a Networked World.” Yes, I know. Another strategy document from the Obama administration. How exciting! For those skeptical about the utility (not to mention entertainment value) of a document that purports to sketch out a vague strategy for a rather vague topic, your fears are not entirely unwarranted. It has its fair share of platitudes and meaningless language; yet sifting through these weeds you find some interesting bits and pieces.

The first thing that struck me is . . .
read more

Thoughts on the Norwegian Defense Network Phishing Incident

There was a big news splash in Norway this week as word got out that the country had recently been the target of a significant cyber incident (from what I can tell, it was Norwegian news site VG Nett that broke the story). The day after Norwegian jetfighters started bombing targets in Libya, March 25th, official-looking emails were sent out to people in the Norwegian military. It was an attempt at phishing, tricking people to open the email attachment and thus exploiting holes in the network security (articles in Norwegian can be found here, here, here, here, here, and . . .
read more

The Implications of Attribution in Cybersecurity

It has been well-known for a while that China is prodding and poking at U.S. computer networks looking for sensitive information. Some of the most serious security breaches in U.S. government agencies and private companies over the past few years originated in China, but because of the unique characteristics of cyberspace it has been difficult to attribute these incursions to specific groups or individuals. In other words, we have not known if the incursions came from some Chinese teenage hacker or a government official working on orders from the higher-ups. That seems to have changed, according to U.S. State . . .
read more