Maturing International Cooperation to Address the Cyberspace Attack Attribution Problem

One of the most significant challenges to deterring attacks in cyberspace is the difficulty of identifying and attributing attacks to specific state or non-state actors. The lack of technical detection capability moves the problem into the legal realm; however, the lack of domestic and international cyberspace legislation makes the problem one of international cooperation. Past assessments have led to collective paralysis pending improved technical and legal advancements. This paper demonstrates, however, that any plausible path to meaningful defense in cyberspace must include a significant element of international cooperation and regime formation. The analytical approach diverges from past utilitarian-based assessments to understand the emerging regime, or implicit and explicit principles, norms, rules, and decision-making procedures, around which actor expectations are beginning to converge in the area of cyberspace attack attribution. The analysis applies a social-practice perspective of regime formation to identify meaningful normative and political recommendations. Various hypotheses of regime formation further tailor the recommendations to the current maturity level of international cooperation in this issue area. Examining international cooperation in cyberspace and methods for maturing international cooperation to establish attribution in other domains inform political mitigations to the problem of cyberspace attack attribution. Potential solutions are analyzed with respect to four recent cyberspace attacks to illustrate how improved international cooperation might address the problem. Finally, a counterfactual analysis, or thought experiment, of how these recommendations might have been applied in the case of rampant Chinese cyber espionage inform specific current and future opportunities for implementation. Although timing is difficult to predict, the growing frequency and scope of cyber attacks indicate the window of opportunity to address the problem before some form of cataclysmic event is closing

Confidence Building in Cyberspace: A Comparison of Territorial and Weapons-Based Regimes

View the Executive SummaryAn analysis of weapons-based confidence-building measures shows how academics can work together to self-police their research for national security implications, socialize new members of the academic community into the importance of considering security issues, and develop and disseminate norms regarding what is and is not a moral and ethical use of these technologies. It may be possible for academics and policymakers to come together to work for a ban or build-down on cyber weapons patterned on international efforts to ban chemical and biological weapons and implement export regimes to control the export of code which may form the components of cyber weapons. If we conceptualize cyberspace as territory, we can also learn from the example of territorially-based confidence-building measures such as those implemented along the Indo-Pakistan border. This approach stresses the importance of developing notification procedures to prevent misperceptions and the escalation spiral, as well as communicating regularly to establish trust between all parties. The case studies presented here illustrate the promises and pitfalls of each approach and offer valuable warnings to policymakers seeking to implement such measures in cyberspace. They show what happens when not everyone in a regime is equally committed to a specific outcome by illustrating the difficulties of monitoring compliance in confidence-building regimes, and show the ways in which doctrines and confidence-building measures may not be perfectly aligned.https://press.armywarcollege.edu/monographs/1455/thumbnail.jp

Cyber Threats and NATO 2030: Horizon Scanning and Analysis

The book includes 13 chapters that look ahead to how NATO can best address the cyber threats, as well as opportunities and challenges from emerging and disruptive technologies in the cyber domain over the next decade. The present volume addresses these conceptual and practical requirements and contributes constructively to the NATO 2030 discussions. The book is arranged in five short parts...All the chapters in this book have undergone double-blind peer review by at least two external experts.https://scholarworks.wm.edu/asbook/1038/thumbnail.jp

Unconventional cyber warfare: cyber opportunities in unconventional warfare

Given the current evolution of warfare, the rise of non-state actors and rogue states, in conjunction with the wide availability and relative parity of information technology, the U.S. will need to examine new and innovative ways to modernize its irregular warfare fighting capabilities. Within its irregular warfare capabilities, the U.S. will need to identify effective doctrine and strategies to leverage its tactical and technical advantages in the conduct of unconventional warfare. Rather than take a traditional approach to achieve unconventional warfare objectives via conventional means, this thesis proposes that unconventional warfare can evolve to achieve greater successes using the process of unconventional cyber warfare.http://archive.org/details/unconventionalcy1094542615Major, United States Army;Major, United States ArmyApproved for public release; distribution is unlimited

Distinguishing Acts of War in Cyberspace: Assessment Criteria, Policy Considerations, and Response Implications

View the Executive SummaryDetermining an act of war in the traditional domains of land, sea, and air often involves sophisticated interactions of many factors that may be outside the control of the parties involved. This monograph seeks to provide senior policymakers, decisionmakers, military leaders, and their respective staffs with essential background on this topic as well as introduce an analytical framework for them to utilize according to their needs. It develops this theme in four major sections. First, it presents the characterization of cyberspace to establish terms for broader dialogue as well as to identify unique technical challenges that the cyberspace domain may introduce into the process of distinguishing acts of war. Second, it explores assessment criteria involved with assaying cyber incidents to determine if they represent aggression and possible use of force; and if so, to what degree? Third, it looks at the policy considerations associated with applying such criteria by examining relevant U.S. strategies as well as the strategies of other key countries and international organizations, and considers how nonstate actors may affect U.S. deliberations. Fourth, it examines the influences that course of action development and implementation may have on the assessment of cyberspace incidents, such as reliable situational awareness, global and domestic environment considerations, and options and their related risks and potential consequences. It argues that the United States must also expect and accept that other nations may reasonably apply the criteria we develop to our own actions in cyberspace.https://press.armywarcollege.edu/monographs/1481/thumbnail.jp

NATO Cyberspace Capability: A Strategic and Operational Evolution

The development of cyberspace defense capabilities for the North Atlantic Treaty Organization (NATO) has been making steady progress since its formal introduction at the North Atlantic Council Prague Summit in 2002. Bolstered by numerous cyber attacks, such as those in Estonia (2007), Alliance priorities were formalized in subsequent NATO cyber defense policies adopted in 2008, 2011, and 2014. This monograph examines the past and current state of cyberspace defense efforts in NATO to assess the appropriateness and sufficiency to address anticipated threats to member countries, including the United States. The analysis focuses on the recent history of cyberspace defense efforts in NATO and how changes in strategy and policy of NATO writ large embrace the emerging nature of cyberspace for military forces as well as other elements of power. It first examines the recent evolution of strategic foundations of NATO cyber activities, policies, and governance as they evolved over the past 13 years. Next, it outlines the major NATO cyber defense mission areas, which include NATO network protection, shared situational awareness in cyberspace, critical infrastructure protection, counter-terrorism, support to member country cyber capability development, and response to crises related to cyberspace. Finally, it discusses several key issues for the new Enhanced Cyber Defence Policy that affirms the role that NATO cyber defense contributes to the mission of collective defense and embraces the notion that a cyber attack may lead to the invocation of Article 5 actions for the Alliance. This monograph concludes with a summary of the main findings from the discussion of NATO cyberspace capabilities and a brief examination of the implications for Department of Defense and Army forces in Europe. Topics include the roles and evolution of doctrine, deterrence, training, and exercise programs, cooperation with industry, and legal standards.https://press.armywarcollege.edu/monographs/1422/thumbnail.jp

The Army Role in Achieving Deterrence in Cyberspace

In 2015, the Department of Defense (DoD) released the DoD Cyber Strategy which explicitly calls for a comprehensive strategy to provide credible deterrence in cyberspace against threats from key state and nonstate actors. To be effective, such activities must be coordinated with ongoing deterrence efforts in the physical realm, especially those of near-peers impacting critical global regions such as China in the Asia-Pacific region and Russia in Europe. It is important for the U.S. Army to identify and plan for any unique roles that they may provide to these endeavors. This study explores the evolving concept of deterrence in cyberspace in three major areas: • First, the monograph addresses the question: What is the current U.S. deterrence posture for cyberspace? The discussion includes an assessment of relevant current national and DoD policies and concepts as well as an examination of key issues for cyber deterrence found in professional literature. • Second, it examines the question: What are the Army’s roles in cyberspace deterrence? This section provides background information on how Army cyber forces operate and examines the potential contributions of these forces to the deterrence efforts in cyberspace as well as in the broader context of strategic deterrence. The section also addresses how the priority of these contributions may change with escalating levels of conflict. • Third, the monograph provides recommendations for changing or adapting the DoD and Army responsibilities to better define and implement the evolving concepts and actions supporting deterrence in the dynamic domain of cyberspace.https://press.armywarcollege.edu/monographs/1379/thumbnail.jp