Shameless Self-Promotion, part 2: Cyber War Edition

Like my co-blogger Matt Fay, I too have been absent from this blog for far too long. Work and grad school applications (I’ll be attending the LBJ School at UT Austin starting this fall) became a veritable time vortex, but I am hoping to (albeit slowly) get back to blogging now. I will probably post more quick hits rather than lengthy analyses, since I am in fact going to grad school, but hopefully the blog will pick up pace over the summer. Since this is a comeback post of sorts it is only appropriate that it involves my work . . .
read more

Making the Case for Ambiguity in Cyberstrategy

Cyberspace is a whole new game. We have to start from scratch and build brand-new concepts, doctrines and strategy. Or so it goes. The inherent ‘newness’ of cyberspace has lead most countries to start a painstaking process to define cyberspace, in particular the security aspect of it. The novelty of cyberspace can be quite overstated, but in some ways old rules do not apply—or, at least, they are not as well served in this new domain. One particularly fascinating and important example of this is the role of ambiguity in policy. How to define cyberincidents and determine thresholds for . . .
read more

The Implications of Attribution in Cybersecurity

It has been well-known for a while that China is prodding and poking at U.S. computer networks looking for sensitive information. Some of the most serious security breaches in U.S. government agencies and private companies over the past few years originated in China, but because of the unique characteristics of cyberspace it has been difficult to attribute these incursions to specific groups or individuals. In other words, we have not known if the incursions came from some Chinese teenage hacker or a government official working on orders from the higher-ups. That seems to have changed, according to U.S. State . . .
read more