• PerspectiveWhen to use the “nuclear option”? Why knocking Russia offline is a bad idea

    On Nov. 6, 2018, the notorious Russian troll farm—the Internet Research Agency or IRA—was silent. In an effort to “prevent the Russians from mounting a disinformation campaign” that would “cast doubt on the results” of the 2018 U.S. midterm elections, U.S. Cyber Command conducted a mysterious cyber operation to knock the organization offline. The news about the Cyber Command operation prompted suggestions that America should respond to cyberattacks with more drastic measures. Robert Morgus and Justin Sherman write in Just Security that even putting the important issues associated with offensive cyber operations, “we write to address a fundamental policy question about this type of cyber operation. Would it even serve the deterrent effect some claim it would?”

  • PerspectiveCyberattacks are rewriting the "rules" of modern warfare – and we aren’t prepared for the consequences

    Governments are becoming ever more reliant on digital technology, making them more vulnerable to cyber attacks. Politically-motivated cyber attacks are becoming increasingly commonplace but unlike traditional warfare between two or more states, cyberwarfare can be launched by groups of individuals. On occasion, the state is actually caught in the crosshairs of competing hacking groups. Vasileios Karagiannopoulos and Mark Leiser write in the Conversation that this doesn’t mean that states don’t actively prepare for such attacks. In most cases, cyberwarfare operations have been conducted in the background, designed as scare tactics or displays of power. But the blending of traditional warfare and cyberwarfare seems inevitable and a recent incident added a new dimension.

  • PerspectiveCrossing a cyber Rubicon?

    Amid a massive exchange of rocket fire and airstrikes between Israel and both Hamas and Islamic Jihad this weekend, Hamas attempted a cyber operation against an unspecified civilian target in Israel. The operation failed, and in its aftermath the Israel Defense Forces carried out an airstrike that destroyed the building housing Hamas’s cyber capability. Some observers are citing the incident as an important—and perhaps dangerous—precedent. Others are questioning the legality of the strike itself. Robert Chesney writes in Lawfare that both these views are misplaced.

  • CyberwarfareU.S. military steps up cyberwarfare effort

    By Benjamin Jensen and Brandon Valeriano

    The U.S. military has the capability, the willingness and, perhaps for the first time, the official permission to preemptively engage in active cyberwarfare against foreign targets. The first known action happened as the 2018 midterm elections approached: U.S. Cyber Command, the part of the military that oversees cyber operations, waged a covert campaign to deter Russian interference in the democratic process.

  • The Russia connectionU.S. Cyber Command cut Russian troll factory’s access to the internet

    The U.S. Cyber Command blocked the internet access of the St. Petersburg’s-based Internet Research Agency (IRA), a Russian disinformation and propaganda outfit which was contracted by the Kremlin to orchestrate the social media disinformation campaign to help Donald Trump win the 2016 presidential election. The IRA’s access to the internet was blocked on midterms Election Day, and for a few days following the election.

  • Cyber operationsQuestioning the effectiveness of offensive cyber operations

    Great-power competition in the twenty-first century increasingly involves the use of cyber operations between rival states. But do cyber operations achieve their stated objectives? What are the escalation risks? Under what conditions could increasingly frequent and sophisticated cyber operations result in inadvertent escalation and the use of military force? The answers to these questions should inform U.S. cybersecurity policy and strategy.

  • Cyber operationsWhy it’s unwise for the U.K. to boast about its cyberattack capability

    By Joe Devanny

    The U.K. government is very publicly investing more money in its ability to conduct cyberattacks and, at the same time, it is becoming increasingly open in talking about the attacks it has conducted in the past – and those it might conduct in future. There are risks involved in publicly signaling the imminence of cyber and other attacks, especially against capable adversaries with a demonstrable appetite for taking risks and a cavalier attitude about collateral damage. The U.K. needs to think more carefully about how it integrates cyber operations, and communication about them, into its wider approach – not only towards Russia but across the whole spectrum of national security operations.

  • Cyber strategyU.S. prepared to strike in cyberspace

    The United States is prepared to go on the offensive in cyberspace to ensure adversaries know there is a price to pay for hacks, network intrusions and other types of attacks. President Donald Trump signed a new National Cyber Strategy on Thursday, calling for a more aggressive response to the growing online threat posed by other countries, terrorist groups and criminal organizations.

  • CybersecurityU.S. military’s cybersecurity’s capacity and capabilities

    The military service chiefs of cybersecurity see an upward trend in the capacity, capabilities, sophistication and persistence of cyber threats against military networks, Navy Vice Adm. Michael M. Gilday, the commander of U.S. Fleet Cyber Command and U.S. 10th Fleet said on Capitol Hill Tuesday.

  • CyberwarfareCyberspace is the new battlespace

    “Cyberattacks on and within our nation occur daily, hourly, and by the minute. Scores of them have occurred since I walked into this building a few minutes ago. No one is immune. The cyber threat to our nation is going to get worse before it gets better,” former Secretary of Homeland Security Jeh Johnson said Wednesday, 7 March 2018, at the Boston Conference on Cybersecurity. “Bad cyber actors, ranging from nation-states, cybercriminals, hacktivists and those who engage in the growing Ransomware industry—are increasingly aggressive, ingenious, and tenacious. Those of us on defense struggle to keep up.”

  • Cloak & daggerGoodbye James Bond, hello big data

    By Christina Pazzanese

    Just as the technological revolution has transformed how people live and do business, it has upended the often hidebound field of intelligence gathering. Where once the focus might have been on the savvy agent clandestinely dashing around the world, like James Bond, now it’s on something far less sexy but no less vital: big data. “That [Bond] model, if it was ever true, is completely over,” said Sir John Sawers, chief of Britain’s Secret Intelligence Service (SIS), known to fans of spy novels as MI6, from 2009 to 2014. “Now, the most important person in any intelligence service is the data analyst, because it’s the data analyst who will tell you where the threats are coming from and where the opportunities are emerging that you as an intelligence agency can exploit.”

  • Considered opinionDeep Fakes: A looming crisis for national security, democracy and privacy?

    By Robert Chesney and Danielle Citron

    Events in the last few years, such as Russia’s broad disinformation campaign to undermine Western democracies, including the American democratic system, have offered a compelling demonstration of truth decay: how false claims — even preposterous ones — can be disseminated with unprecedented effectiveness today thanks to a combination of social media ubiquitous presence and virality, cognitive biases, filter bubbles, and group polarization. Robert Chesney and Danielle Citron write in Lawfare that the resulting harms are significant for individuals, businesses, and democracy – but that the problem may soon take a significant turn for the worse thanks to deep fakes. They urge us to get used to hearing that phrase. “It refers to digital manipulation of sound, images, or video to impersonate someone or make it appear that a person did something—and to do so in a manner that is increasingly realistic, to the point that the unaided observer cannot detect the fake. Think of it as a destructive variation of the Turing test: imitation designed to mislead and deceive rather than to emulate and iterate.”

  • Combatting truth decayMisinformation campaigns, social media, and science

    In some key domains of public life there appear to be coordinated efforts to undermine the reputation of science and innovation. Scientists now protest in the streets just to get governments to base policy on scientific evidence. Long-held scientific consensus on issues like the causes and consequences of climate change or the importance of vaccines for public health is increasingly contested. A new initiative will examine the interplay between systematic misinformation campaigns, news coverage, and increasingly important social media platforms for public understanding of science and technological innovation.

  • The Russia connectionArtificial intelligence is the weapon of the next Cold War

    By Jeremy Straub

    As during the Cold War after the Second World War, nations are developing and building weapons based on advanced technology. During the Cold War, the weapon of choice was nuclear missiles; today it’s software, whether it is used for attacking computer systems or targets in the real world. Russian rhetoric about the importance of artificial intelligence is picking up – and with good reason: As artificial intelligence software develops, it will be able to make decisions based on more data, and more quickly, than humans can handle. As someone who researches the use of AI for applications as diverse as drones, self-driving vehicles and cybersecurity, I worry that the world may be entering – or perhaps already in – another cold war, fueled by AI. In a recent meeting at the Strategic Missile Academy near Moscow, Russian President Vladimir Putin suggested that AI may be the way Russia can rebalance the power shift created by the U.S. outspending Russia nearly 10-to-1 on defense each year. Russia’s state-sponsored RT media reported AI was “key to Russia beating [the] U.S. in defense.” With Russia embracing AI, other nations that don’t or those that restrict AI development risk becoming unable to compete – economically or militarily – with countries wielding developed AIs. Advanced AIs can create advantage for a nation’s businesses, not just its military, and those without AI may be severely disadvantaged. Perhaps most importantly, though, having sophisticated AIs in many countries could provide a deterrent against attacks, as happened with nuclear weapons during the Cold War.

  • The Russian connectionRussia has been cyber-attacking “U.K. media, telecommunications, and energy sectors”: U.K. cybersecurity chief

    Ciaran Martin, CEO of the U.K. National Cyber Security Center (NCSC): “I can confirm that Russian interference, seen by the National Cyber Security Center, has included attacks on the U.K. media, telecommunications and energy sectors. That is clearly a cause for concern — Russia is seeking to undermine the international system.”