Collective Countermeasures in Cyberspace

The president of Estonia, Kersti Kaljulaid, has supported the use of collective countermeasures in response to cyberspace crimes. Collective countermeasures would allow an uninjured state to provide guidance or carry out countermeasures on behalf of another state. This Article advocates for collective countermeasures in cyberspace so long as the operations are carefully executed and subject to the same restrictions as individual countermeasures. This Article further finds for the following in favor of limited forms of collective countermeasures: (1) the highly interconnected nature of threats in cyberspace; (2) states with more sophisticated cyber capabilities can leverage for comparative advantages; (3) states would be able to better address the persistent nature of the threats they face in cyberspace; (4) the prospect of collective countermeasures could have a deterrent effect; and (5) collective countermeasures could reduce the likelihood of escalation in cyber aggression. Subjecting collective countermeasures to the same limitations as countermeasures generally, and imposing additional limits on third parties seeking to engage in collective countermeasures, would eliminate the potential for substantial escalation and abuse. Accordingly, this Article concludes that collective countermeasures are the correct normative approach to cyber threats

AppCon: Mitigating evasion attacks to ML cyber detectors

Adversarial attacks represent a critical issue that prevents the reliable integration of machine learning methods into cyber defense systems. Past work has shown that even proficient detectors are highly affected just by small perturbations to malicious samples, and that existing countermeasures are immature. We address this problem by presenting AppCon, an original approach to harden intrusion detectors against adversarial evasion attacks. Our proposal leverages the integration of ensemble learning to realistic network environments, by combining layers of detectors devoted to monitor the behavior of the applications employed by the organization. Our proposal is validated through extensive experiments performed in heterogeneous network settings simulating botnet detection scenarios, and consider detectors based on distinct machine-and deep-learning algorithms. The results demonstrate the effectiveness of AppCon in mitigating the dangerous threat of adversarial attacks in over 75% of the considered evasion attempts, while not being affected by the limitations of existing countermeasures, such as performance degradation in non-adversarial settings. For these reasons, our proposal represents a valuable contribution to the development of more secure cyber defense platforms

Artificial intelligence and international conflict in cyberspace: Exploring three sets of issues

What is at stake with the use of automation in international conflict in cyberspace through AI? This introductory chapter outlines the main themes, objectives, and rationale of the volume with the ambition of delineating a comprehensive perspective on the relationship between AI and international conflict in cyberspace. It does so by introducing the three sets of issues around which the volume has been organised: (1) technical and operational, (2) strategic and geopolitical, and (3) normative and legal. By highlighting the main debates for each of these issues, this chapter also contextualises the volume’s contributions into broader debates about challenges and opportunities brought by AI technology. In so doing, the chapter argues that only by understanding the relationship between AI and conflict in cyberspace as a comprehensive phenomenon and embedded in broader geopolitical conflicts, can the international community truly move forward with meaningful regulation. In its concluding part, this chapter also draws a state-of-the-art account of how the debate on emerging technologies, and AI specifically, has (not) evolved in the context of the recent multilateral processes at the United Nations (GGE and OEWG)

Positioning diplomacy within a strategic response to the cyber conflict threat

Background. Nation states unleash cyber attacks targeting other nation states (e.g. WannaCry, SolarWinds), termed “offensive cyber operations”. When such aggressions are deemed, according to the UN Charter, to constitute a threat to the peace, breach of the peace, or act of aggression towards a nation state, governments might choose to respond. Responses can range from silence all the way to retaliation, at the other end of the scale. The emergence of cyber diplomacy suggests a less militant and potentially powerful response option. Barrinha and Renard [5] explain that the rise of cyber diplomacy has coincided with “a growing contestation of the values, institutions and power dynamics of the liberal-created cyberspace”. (p.3). The question is: how could cyber diplomacy fit into a strategic threat management plan?Aim. To position cyber diplomacy within a strategic response to nation state offensive cyber operations.Method. To help us to position cyber diplomacy’s role in this domain, we first examine historical cyber conflicts, and governments’ responses to these, as well as testing the factors that might explain response choice. We then review a number of proposed options for managing cyber conflicts.Results. We propose a comprehensive “Five D’s” strategic framework to manage the threat of offensive cyber operations. Cyber diplomacy is included, acknowledging its emerging and potentially powerful role in managing cyber conflicts in the future.Conclusions. Cyber diplomacy has recently emerged and it has not yet been widely deployed. We show how it can be positioned within a strategic framework for managing the threat of offensive cyber operations from other nation states

Lagging Colossus Or A Mature Cyber-Alliance? 20 Years of Cyber Defence in NATO

The article presents NATO as aself-aware and confident organisation that takes measured steps to enhance the cyber security of the Alliance as awhole. Ireassert the notion that in spite of cyberdefence not featuring on the top of the agenda in the early 2000s due to the effects of 9/11, the subsequent wars in Afghanistan and Iraq, and the 2004 NATO enlargement process, after the 2007 attacks on Estonia and their post-mortem analysis the Alliancehas been able to define priorities for this particular area and to significantly decrease the deficit by taking substantialbutmeasured steps to rectify the situation it found itself in.The summits of 2014, 2016 and 2018 are identified as the most important in terms of NATO’s development in this area.Článek představuje současné NATO jako uvědomělou asebevědomou organizaci, která postupuje na cestě kzabezpečení kybernetické bezpečnosti celé Aliance. Zdůrazněna je teze, že přestože vprvní dekádě po válce vKosovu byla problematika kybernetické obrany vrámci Aliance upozaděna, vnávaznosti na útoky na Estonsko vroce 2007 ajejich analýzu post mortemdokázala Aliance definovat priority pro tuto oblast avposledních deseti letech mílovými kroky deficit dohnala.Jakonejdůležitější jsou identifikovány summity zlet 2014, 2016 a2018 ajejich přínos

The Diffusion of Cyber Forces: Military Innovation and the Dynamic Implementation of Cyber Force Structure

What explains the variation in implementation dynamics for cyber forces across militaries? In other words, as cyber forces emerge in states across the international system, why do some militaries undertake wide-ranging implementation efforts with few alterations to cyber force structure, while implementation in other militaries is characterized by a drawn-out, incremental process entailing several changes in cyber force structure? Militaries have been building cyber capabilities since the late 1980s; however, formalized military cyber organizations for these capabilities have only recently emerged. These cyber forces—active-duty military organizations that possess the capability and authority to direct and control computer network operations (CNOs) for strategic ends—have received little attention from scholars. Despite the potential impacts cyber forces might hold for international security dynamics, there exists no comprehensive overview of cyber forces and no analysis on the various ways they have been implemented across militaries. Moreover, current explanations drawn from the diffusion of military innovations remain incomplete in explaining the ways in which cyber force structure change over the course of the implementation process. In this dissertation, I examine the diffusion and implementation of cyber forces and advance a theory of organizational size to account for the varying implementation dynamics across militaries. My dissertation makes two important contributions to the growing literature on cyber conflict. First, I offer a novel typology for categorizing cyber forces and the respective force structures. By classifying cyber forces according to organizational model and scale of command, I identify nine distinct cyber force structures: Subordinated Branch, Subordinated Service, Subordinated Joint, Sub-Unified Branch, Sub-Unified Service, Sub-Unified Joint, Unified Branch, Unified Service, and Unified Joint. The second contribution is empirical: I create the first comprehensive database to catalogue the diffusion of cyber forces and evolution of cyber force structures across state—the Dataset on Cyber Force Structures. This dissertation also makes three broader contributions to the study of the diffusion of military innovations. First, I show how organizational characteristics mitigate diffusion pressures by constraining or enabling innovation and implementation. This dissertation moves past debates that portray militaries as either change-resistant or innovation-seeking organizations by providing a more nuanced claim: organizational characteristics—such as size—can predispose militaries to pursue certain types of changes while creating resistance to others. As such, this dissertation sheds important light on the ways in which the military organizational factors can shape the agency and decisions of those implementing an innovation principle. Second, I advance a stage-based conception of implementation for diffusion frameworks comprised of five stages: pre-adoption, introduction, modification, expansion, and full implementation. This framework can account for both partial and full adoption and provides a way to assess intermediate changes to an innovation prior to its full institutionalization. As a result, I use this framework to showcase the value of stage-based theorizing. Third, this dissertation introduces new methodological tools for testing stage-based hypotheses about adoption and implementation. In conjunction with qualitative analysis, this dissertation utilizes multistate survival modeling to assess variable effects at each stage of the implementation process. Traditional modeling techniques in the military diffusion literature—such as logistic regressions and basic survival modeling—prove both cumbersome and inadequate for assessing stage-based processes. In using multistate survival modeling, I emphasize the importance of matching methods to conceptual and theoretical assumptions

The plea of necessity: an oft overlooked response option to hostile cyber operations

States are increasingly focused on the measures—cyber or otherwise—that they can take in response to hostile cyber operations. Although cyber operations are usually responded to with acts of “retorsion” (acts that are lawful, although unfriendly), international law recognizes other self-help mechanisms that allow for more robust responses. In the cyber context, most attention has focused on countermeasures and self-defense. Yet, both are subject to various limitations that constrain their availability. This article examines a further option, the so-called “plea of necessity.” It allows States to respond to a hostile cyber operation when the action taken would otherwise be unlawful but is the only way to safeguard an “essential interest” of the State from a “grave and imminent peril.” Although the plea has commanded comparatively little attention, it avoids some of the limitations and ambiguity besetting its counterparts. Indeed, necessity often provides a more defensible legal basis for responding to serious hostile cyber operations, although it is not without its own limitations and ambiguity

NATO Cyber Defence, 2000-2022

The emergence of more devastating and organized cyber attacks by non-attributable threat actors internationally raises questions about whether classical deterrence theory in its contemporary form has assisted important military defence alliances, like the North Atlantic Treaty Organization (NATO), to adapt to the changing threat landscape. The timeline of the NATO Alliance\u27s adaptation to external cyber threats is examined at critical historical junctures. Changes and adaptation within internal policy-making processes at NATO headquarters and its affiliated centres, think tanks, and military bases are analysed with input from informed decision-makers. The research project demonstrates that NATO policy substantively changed over the period 2000 to June 30, 2022 because the scale and measure of cyber capabilities among 30 NATO Allies (particularly during and after the COVID-19 pandemic) contributed to a two-decade pattern of increasing defensive preparations, including new technologies, extensive military exercises, and military planning intended to counter amplifying hybrid threats in the \u27gray zone\u27 of conventional warfare. NATO implemented different security solutions to cyber space challenges, demonstrating the application of contemporary deterrence theory to current policy. Critical junctures, like major international precedent-setting cyber attacks, influenced cyber defence policy developments at NATO and internal policymaking processes like NATO Summitry. Two conceptual lenses—historical institutionalism and social learning—illuminate understanding of the evolution of NATO\u27s policy development, military exercises, and the training initiatives of affiliated NATO organizations over the period 2000-2022

SERENITY: THE FUTURE OF COGNITIVE MODULATION FOR THE HYPER ENABLED OPERATOR

In the Special Operations community, cognitive enhancement and resilience is at the forefront of the 2035 Hyper Enabled Operator Program (HEO). The United States Special Operations Command’s vision is to combine cutting-edge communications and data capabilities into a next generation tactical system for the end user. Using algorithms and autonomous systems to enhance the ability to make rational decisions faster can ultimately determine life or death on the battlefield. Over the past several years, cognitive enhancement with the introduction of brain computer interface (BCI) technology has had major breakthroughs in the medical and science fields. This thesis looks to analyze BCI technology for future cognitive dominance and cognitive overmatch in the Hyper Enabled Operator. Machine-assisted cognitive enhancement is not beyond reach for special operations; throughout the research and after multiple interviews with subject matter experts, it has been concluded that interfaces using transcranial alternating current stimulation (tACS), median nerve stimulation (MNS), or several other exploratory procedures have been successful with enhancing cognition and reducing cognitive load. Special Operations should not shy away from transformational innovative technology or wait for commercial or lab-tested solutions. To start, Special Operations should foster avant-garde theories that provide solutions and evolve ideas into unsophisticated prototypes that can be fielded immediately.Major, United States ArmyApproved for public release. Distribution is unlimited