TESTING DECEPTION WITH A COMMERCIAL TOOL SIMULATING CYBERSPACE

Deception methods have been applied to the traditional domains of war (air, land, sea, and space). In the newest domain of cyber, deception can be studied to see how it can be best used. Cyberspace operations are an essential warfighting domain within the Department of Defense (DOD). Many training exercises and courses have been developed to aid leadership with planning and to execute cyberspace effects that support operations. However, only a few simulations train cyber operators about how to respond to cyberspace threats. This work tested a commercial product from Soar Technologies (Soar Tech) that simulates conflict in cyberspace. The Cyberspace Course of Action Tool (CCAT) is a decision-support tool that evaluates defensive deception in a wargame simulating a local-area network being attacked. Results showed that defensive deception methods of decoys and bait could be effective in cyberspace. This could help military cyber defenses since their digital infrastructure is threatened daily with cyberattacks.Marine Forces Cyberspace CommandChief Petty Officer, United States NavyChief Petty Officer, United States NavyApproved for public release. Distribution is unlimited

Army Support of Military Cyberspace Operations: Joint Contexts and Global Escalation Implications

View the Executive SummaryMilitary cyberspace operations have evolved significantly over the past 2 decades and are now emerging into the realm of military operations in the traditional domains of land, sea, and air. The goal of this monograph is to provide senior policymakers, decisionmakers, military leaders, and their respective staffs with a better understanding of Army cyberspace operations within the context of overall U.S. military cyberspace operations. It examines the development of such operations in three major sections. First, it looks at the evolution of Department of Defense cyberspace operations over the past decade to include the founding of U.S. Cyber Command from its roots in various military units focused on defensive and offensive cyberspace operations. Second, it examines the evolution of the Army implementation of cyberspace operations toward the initial establishment of Army Cyber Command as well as recent efforts to establish Fort Gordon, Georgia as the center of gravity for Army cyberspace activities. Third, it explores the role of cyberspace operations in the escalation of international conflict, focusing on the sufficiency of the current cyberspace force structure to address an international environment of multiple actors interacting with varying degrees of tension.https://press.armywarcollege.edu/monographs/1470/thumbnail.jp

Cyberspace Sovereignty: Is Territorializing Cyberspace Opposed to Having a Globally Compatible Internet?

The internet is at a crossroads today. Whence once viewed as a borderless domain, today it is spoken of in alarmist terms that warn against its demise in the context of growing government censorship programs and powerful commercial interests. This essay reviews the literature on cyberspace and sovereignty, showing the emergence of pro-sovereigntist perspectives and predictions of cyberspace Balkanization in recent decades. It further links the conceptual debate over cyber-sovereignty to real-world geopolitical conflicts and struggles over the future of Internet governance, showing how different conceptions of cyberspace are functions of the geopolitical interests of different powers. Drawing on recent literature on cyber espionage, this essay provides a review of the defensive and offensive practices of state powers in and through cyberspace to argue that while impulses towards re-territorialization of cyberspace are undeniable, such attempts are ultimately frustrated by operations aiming to use common protocols for external security and internal surveillance. Such practices illustrate a more nuanced depiction of sovereignty in cyberspace that goes beyond the borderless versus Balkanized dichotomy

AUTOMATED CYBER OPERATIONS MISSION DATA REPLAY

The Persistent Cyber Training Environment (PCTE) has been developed as the joint force solution to provide a single training environment for cyberspace operations. PCTE offers a closed network for Joint Cyberspace Operations Forces, which provides a range of training solutions from individual sustainment training to mission rehearsal and post-operation analysis. Currently, PCTE does not have the ability to replay previously executed training scenarios or external scenarios. Replaying cyber mission data on a digital twin virtual network within PCTE would support operator training as well as enable development and testing of new strategies for offensive and defensive cyberspace operations. A necessary first step in developing such a tool is to acquire network specifications for a target network, or to extract network specifications from a cyber mission data set. This research developed a program design and proof-of-concept tool, Automated Cyber Operations Mission Data Replay (ACOMDR), to extract a portion of the network specifications necessary to instantiate a digital twin network within PCTE from cyber mission data. From this research, we were able to identify key areas for future work to increase the fidelity of the network specification and replay cyber events within PCTE.Captain, United States Marine CorpsApproved for public release. Distribution is unlimited

Warfighting for cyber deterrence: a strategic and moral imperative

Theories of cyber deterrence are developing rapidly. However, the literature is missing an important ingredient—warfighting for deterrence. This controversial idea, most commonly associated with nuclear strategy during the later stages of the Cold War, affords a number of advantages. It provides enhanced credibility for deterrence, offers means to deal with deterrence failure (including intrawar deterrence and damage limitation), improves compliance with the requirements of just war and ultimately ensures that strategy continues to function in the post-deterrence environment. This paper assesses whether a warfighting for deterrence approach is suitable for the cyber domain. In doing so, it challenges the notion that warfighting concepts are unsuitable for operations in cyberspace. To do this, the work constructs a conceptual framework that is then applied to cyber deterrence. It is found that all of the advantages of taking a warfighting stance apply to cyber operations. The paper concludes by constructing a warfighting model for cyber deterrence. This model includes passive and active defences and cross-domain offensive capabilities. The central message of the paper is that a theory of victory (strategy) must guide the development of cyber deterrence

Cyber maturity in the Asia-Pacific Region 2014

Summary: To make considered, evidence-based cyber policy judgements in the Asia-Pacific there’s a need for better tools to assess the existing ‘cyber maturity’ of nations in the region. Over the past twelve months the Australian Strategic Policy Institute’s International Cyber Policy Centre has developed a Maturity Metric which provides an assessment of the regional cyber landscape. This measurement encompasses an evaluation of whole-of-government policy and legislative structures, military organisation, business and digital economic strength and levels of cyber social awareness. This information is distilled into an accessible format, using metrics to provide a snapshot by which government, business, and the public alike can garner an understanding of the cyber profile of regional actors

The nature of international law cyber norms

The special expanded issue of the NATO Cooperative Cyber Defence Centre of Excellence's Tallinn Papers examines the nature, formation and evolution of international legal norms governing cyber activities. The inquiry’s foundational premise is that the rules of international law governing cyber activities are identical to those applicable to other types of conduct. Any differences in their explication and application are the product of the unique nature of cyber activities, not a variation in the legal strictures that shape their content and usage. It conducts the examination by genre of legal norm: treaty, customary law and general principles

Proportionality and its Applicability in the Realm of Cyber Attacks

With an ever-increasing reliance on State cyber-attacks, the need for an international treaty governing the actions of Nation-States in the realm of cyberwarfare has never been greater. States now have the ability to cause unprecedented civilian loss with their cyber actions. States can destroy financial records, disrupt stock markets, manipulate cryptocurrency, shut off nuclear reactors, turn off power grids, open dams, and even shut down air traffic control systems with the click of a mouse. This article argues that any cyber-attack launched with a reasonable expectation to inflict “incidental loss of civilian life, injury to civilians, or damage to civilian objects,” must be subject to the existing laws of proportionality. This article further examines the broader concept of proportionality, and the difficulties associated with applying a proportionality analysis to an offensive cyber-strike. This paper asserts that the ambiguities and complexities associated with applying the law of proportionality—in its current state and within a cyber context—will leave civilian populations vulnerable to the aggressive cyber actions of the world’s cyber powers. Consequently, this article stresses the necessity of developing a proportionality standard within a unified international cyberwarfare convention and asserts that such a standard is required in order to prevent the creation of a pathway towards lethal cyber aggressions unrestrained by the laws of war