Evaluation of the 2015 DoD Cyber Strategy: Mild Progress in a Complex and Dynamic Military Domain

In 2011, the Department of Defense (DoD) released its Strategy for Operating in Cyberspace, which officially recognized cyberspace as an operational domain akin to the traditional military domains of land, sea, air, and space. This monograph examines the 2015 DoD Cyber Strategy to evaluate how well its five strategic goals and associated implementation objectives define an actionable strategy to achieve three primary missions in cyberspace: defend the DoD network, defend the United States and its interests, and develop cyber capabilities to support military operations. This monograph focuses on events and documents from the period of about 1 year before and 1 year after the 2015 strategy was released. This allows sufficient time to examine the key policies and guidance that influenced the development of the strategy as well as follow-on activities for the impacts from the strategy. This inquiry has five major sections that utilize different frameworks of analysis to assess the strategy: 1. Prima Facie Analysis: What is its stated purpose and key messages? 2. Historical Context Analysis: What unique contributions does it introduce into the evolution of national security cyberspace activities? 3. Traditional Strategy Analysis: Does it properly address specific DoD needs as well as broader U.S. ends in a way that is appropriate and actionable? 4. Analysis of Subsequent DoD Action: How are major military cyberspace components—joint and Service—planning to implement these goals and objectives? 5. Whole of U.S. Government Analysis: Does it integrate with the cyberspace-related activities of other U.S. Government departments and agencies? The monograph concludes with a section that integrates the individual section findings and offers recommendations to improve future cyberspace strategic planning documents.https://press.armywarcollege.edu/monographs/1401/thumbnail.jp

Cyber Mutually Assured Destruction & Counterproliferation for the 21st Century: “How I stopped worrying and learned to love the software exploit.”

The growth of cyberspace has challenged existing frameworks for strategic competition. As a result, government, private, and academic planners seek to develop a novel framework for integrating cyberspace into diplomatic, military, and intelligence planning. This has been a difficult proposition and continues to be an area of vulnerability for the United States. To date, the United States has threatened nuclear retaliation for large scale cyber-attacks, but a comprehensive strategy has not been made publicly clear. However, this integration challenge has been encountered and solved previously. Nuclear weapons changed warfare in the twentieth century, but the United States used Mutual Assured Destruction (MAD) and Counterproliferation to adapt to the new warfront. This paper seeks to dissect the nuclear strategy, apply the extracted fundamental principles in creating a loose integration framework, and propose policy measures to implement that framework. The advent of nuclear and cyberweapons shares intrinsic similarity, making such a comparison viable. As proposed in this paper, the cyber strategy would treat near-peer actors differently from non-peer and non-state actors. Against near-peers, it would emphasize survivability and deterrence with implanted exploits or survivable data center infrastructure. For non-peers and non-states, it calls for development of military mission areas to prevent cyberweapon proliferation. Such a dualistic approach may provide a reasonable framework for integrating the cyberspace into international competition and allow the United States to adapt in the technology age

Book Review: Aaron F. Brantly, The Cyber Deterrence Problem (Rowman & Littlefield International, Ltd. 2020), 202pp.

The usage of cyberwarfare has become increasingly prevalent in the global landscape, but there remains a lack of cohesive strategies and policies surrounding cyber deterrence. Aaron Brantly and a team of scholars specializing in different disciplines team up to develop the outline for a robust deterrence strategy concerning cyberspace. Brantly is an Assistant Professor of Political Science at Virginia Tech. He is also a Senior Research Scientist at the Army Cyber Institute at the United States Military Academy, West Point. In his book, he proposes different approaches that can and should be utilized to enhance deterrence in cyberspace

Between Hype and Understatement: Reassessing Cyber Risks as a Security Strategy

Most of the actions that fall under the trilogy of cyber crime, terrorism,and war exploit pre-existing weaknesses in the underlying technology.Because these vulnerabilities that exist in the network are not themselvesillegal, they tend to be overlooked in the debate on cyber security. A UKreport on the cost of cyber crime illustrates this approach. Its authors chose to exclude from their analysis the costs in anticipation of cyber crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal day-to-day expenditures for the Government, businesses, and individuals. This article contends if these costs had been quantified and integrated into the cost of cyber crime, then the analysis would have revealed that what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to exploit them. By downplaying the vulnerabilities, the threats represented by cyber war, cyber terrorism, and cyber crime are conversely inflated. Therefore, reassessing risk as a strategy for security in cyberspace must include acknowledgment of understated vulnerabilities, as well as a better distributed knowledge about the nature and character of the overhyped threats of cyber crime, cyber terrorism, and cyber war

Warfighting for cyber deterrence: a strategic and moral imperative

Theories of cyber deterrence are developing rapidly. However, the literature is missing an important ingredient—warfighting for deterrence. This controversial idea, most commonly associated with nuclear strategy during the later stages of the Cold War, affords a number of advantages. It provides enhanced credibility for deterrence, offers means to deal with deterrence failure (including intrawar deterrence and damage limitation), improves compliance with the requirements of just war and ultimately ensures that strategy continues to function in the post-deterrence environment. This paper assesses whether a warfighting for deterrence approach is suitable for the cyber domain. In doing so, it challenges the notion that warfighting concepts are unsuitable for operations in cyberspace. To do this, the work constructs a conceptual framework that is then applied to cyber deterrence. It is found that all of the advantages of taking a warfighting stance apply to cyber operations. The paper concludes by constructing a warfighting model for cyber deterrence. This model includes passive and active defences and cross-domain offensive capabilities. The central message of the paper is that a theory of victory (strategy) must guide the development of cyber deterrence

China's Use of Cyber Warfare: Espionage Meets Strategic Deterrence

This article presents three reasons for states to use cyber warfare and shows that cyberspace is—and will continue to be—a decisive element in China's strategy to ascend in the international system. The three reasons are: deterrence through infiltration of critical infrastructure; military technological espionage to gain military knowledge; and industrial espionage to gain economic advantage. China has a greater interest in using cyberspace offensively than other actors, such as the United States, since it has more to gain from spying on and deterring the United States than the other way around. The article also documents China's progress in cyber warfare and shows how it works as an extension of its traditional strategic thinking and the current debate within the country. Several examples of cyber attacks traceable to China are also presented. This includes cyber intrusions on a nuclear arms laboratory, attacks on defense ministries (including the Joint Strike Fighter and an airbase) and the U.S. electric grid, as well as the current Google affair, which has proved to be a small part of a broader attack that also targeted the U.S. Government. There are, however, certain constraints that qualify the image of China as an aggressive actor in cyberspace. Some believe that China itself is the victim of just as many attacks from other states. Furthermore, certain actors in the United States and the West have an interest in overestimating China's capabilities in cyberspace in order to maintain their budgets

Cyber maturity in the Asia-Pacific Region 2014

Summary: To make considered, evidence-based cyber policy judgements in the Asia-Pacific there’s a need for better tools to assess the existing ‘cyber maturity’ of nations in the region. Over the past twelve months the Australian Strategic Policy Institute’s International Cyber Policy Centre has developed a Maturity Metric which provides an assessment of the regional cyber landscape. This measurement encompasses an evaluation of whole-of-government policy and legislative structures, military organisation, business and digital economic strength and levels of cyber social awareness. This information is distilled into an accessible format, using metrics to provide a snapshot by which government, business, and the public alike can garner an understanding of the cyber profile of regional actors