• CyberwarU.S. Cyber-Attacked Iran after Iran’s Attack on Saudi Oil: Report

    The United States carried out a cyberattack against Iran after Iran attacked Saudi oil facilities in September. Reuters, citing unnamed U.S. officials, reports that the cyberattacks targeted physical hardware which Iran uses to spread propaganda.

  • PerspectiveArmy Cyber Lobbies for Name Change This Year, as Information Warfare Grows in Importance

    Army Cyber Command has been lobbying for a name change to better reflect its growing mission, one in which its cyber professionals are increasingly focused on operating below the threshold of armed conflict every day. Lt. Gen. Stephen Fogarty, Army Cyber commander, says his staff is providing a proposal to change their command’s name to Army Information Warfare Command.

  • Perspective: CyberwarBritain Is “At War Every Day” Due to Constant Cyberattacks, Chief of the Defense Staff says

    The Chief of the U.K. Defense Staff has said that Britain is “at war every day” due to constant cyberattacks from Russia and elsewhere. Russia and China’s “interpretation” of the rules governing international engagement threatened “the ethical and legal basis on which we apply the rule of armed conflict,” General Carter said. “Russia is much more of a threat today than it was five years ago.” He added: “There is still clearly going to be human interaction – warfare is essentially a political function - but it will be a much more sophisticated and will include the new domains [alongside land, sea and air] of space and cyber.”

  • Perspective: Cyberattacking IranThe Urgent Search for a Cyber Silver Bullet Against Iran

    After spending billions of dollars to assemble the world’s most potent arsenal of cyberweapons and plant them in networks around the world, United States Cyber Command — and the new era of warfighting it has come to represent — may face a critical test in the coming weeks. To punish Iran for its last month’s attack on Saudi oil facilities, a second U.S. cyberstrike — after one launched against Iran just three months ago — has emerged as the most appealing course of action for President Donald Trump. “The question circulating now through the White House, the Pentagon and Cyber Command’s operations room is whether it is possible to send a strong message of deterrence with a cyberattack without doing so much damage that it would prompt an even larger Iranian counterstrike,” David Sanger and Julian Barnes write, noting that in the past decade, the United States has launched at least three major cyberattacks against Iran. “In each case, the damage to Iranian systems could be repaired over time. And in each case, the effort to deter Iran was at best only partly successful,” they write.

  • Cyber coercionCountering Coercion in Cyberspace

    What is cyber coercion, and how have states used cyber operations to coerce others? Based on unclassified, open-source material, the authors of a new RAND report explore how four states — Russia, China, Iran, and North Korea — have used cyber operations, and whether that use constitutes cyber coercion.

  • PerspectiveCorporate Defenses Against Information Warfare

    When asked about Russian election interference during his congressional testimony last month, Robert Mueller said: “They’re doing it as we sit here.” To defend the nation against information warfare, the U.S. government has adopted a policy—by default, not by design—of relying on the private sector to police itself, with limited behind-the-scenes government assistance. Facebook’s website says: “Our detection technology helps us block millions of attempts to create fake accounts every day and detect millions more often within minutes after creation.” These numbers sound impressive, but they do not tell the whole story. To assess the effectiveness of company defenses, we must distinguish among three types of fake accounts: bots, fictitious user accounts, and impostor accounts. Russian agents have created and operated all three types of accounts.

     

  • Perspective: Cyber warsSounding the Alarm about Another Kind of 9/11

    Richard Clarke knows some things about clear and present dangers. As the first U.S. counterterrorism czar, he tried to alert important White House decision-makers before September 11 about the threat of a terrorist attack on U.S. soil, but those warnings were largely ignored; afterwards, he famously apologized publicly for the government’s failures. These days, Clarke is trying to get people to think hard about the next big attack—the cyber version—and all the ones that have already happened.

  • PerspectiveHow Cyber Weapons Are Changing the Landscape of Modern Warfare

    In the weeks before two Japanese and Norwegian oil tankers were attacked, on 13 June, in the Gulf of Oman—acts which the United States attributes to Iran—American military strategists were planning a cyberattack on critical parts of that country’s digital infrastructure. On 20 June, the United States launched a cyberattack aimed at disabling Iran’s maritime operations. Then, in a notable departure from previous Administrations’ policies, U.S. government officials, through leaks that appear to have been strategic, alerted the world, in broad terms, to what the Americans had done.

  • PerspectiveU.S. Offensive Cyber Operations against Economic Cyber Intrusions: An International Law Analysis

    The United States is likely to struggle to make a convincing argument that economic cyber intrusions carried out against it breach international law. Consequently, in most cases the United States would not be able to resort to countermeasures in response. It must therefore show that its offensive cyber operations do not themselves breach international law.

  • Perspective: CybersecurityTrump Is Rattling Sabers in Cyberspace — but Is the U.S. Ready?

    While U.S. cyber defenses are improving, some experts worry about how the nation would recover from an even larger strike — such as one on the scale of the suspected Russian cyber-assault that blacked out power to more than 200,000 Ukrainians in 2015. The worst-case scenario, say experts, is that the U.S. gets into an escalating round of hacking attacks with some hostile power that spins out of control — with no plan for what to do next.

  • Perspective: CybersecurityCyberattack Attribution and the Virtues of Decentralization

    In the midst of rising tensions between the United States and Iran over tanker attacks and Iran’s downing of a U.S. drone, reports emerged that U.S. Cyber Command had launched a responsive cyber operation against a group linked to the Iranian Revolutionary Guard Corps. As cyber operations by both states heat up, non-governmental actors may play pivotal roles, not just as potential victims and collateral damage from states’ actions, but also as accusers of states.

  • PerspectiveWhat a U.S. operation in Russia shows about the limits of coercion in cyber space

    The New York Times recently reported that the United States planted computer code in the Russian energy grid last year. The operation was part of a broader campaign to signal to Moscow the risks of interfering in the 2018 midterm elections as it did in 2016.  According to unnamed officials, the effort to hold Russian power plants at risk accompanied disruption operations targeting the Internet Research Agency, the “troll farm” behind some of the 2016 election disinformation efforts. The operations made use of new authorities U.S. Cyber Command received to support its persistent engagement strategy, a concept for using preemptive actions to compel adversaries and, over time, establish new norms in cyberspace. Benjamin Jensen writes in War on the Rocks that the character of cyber competition appears to be shifting from political warfare waged in the shadows to active military disruption campaigns. Yet, the recently disclosed Russia case raises question about the logic of cyber strategy. Will escalatory actions such as targeting adversaries’ critical infrastructure actually achieve the desired strategic effect?

  • PerspectiveU.S. Cyber Command, Russia and critical infrastructure: What norms and laws apply?

    According to the New York Times, the United States is “stepping up digital incursions into Russia’s electric power grid.” The operations involve the “deployment of American computer code inside Russia’s grid and other targets,” supposedly to warn Russia against conducting further hostile cyber operations against U.S. critical infrastructure, and to build the capability to mount its own robust cyber operations against Russia in the event of a conflict.Michael Schmitt writes in Just Security that damaging critical infrastructure is clearly be out of bounds as responsible peacetime state behavior and would likely violate international law. But do these types of intrusions – seemingly intended to prepare for future operations or deter them, or both, without causing any actual harm – also run counter to applicable non-binding norms or violate international law during peacetime?

  • PerspectiveHow not to prevent a cyberwar with Russia

    In the short span of years that the threat of cyberwar has loomed, no one has quite figured out how to prevent one. As state-sponsored hackers find new ways to inflict disruption and paralysis on one another, that arms race has proven far easier to accelerate than to slow down. But security wonks tend to agree, at least, that there’s one way not to prevent a cyberwar: launching a pre-emptive or disproportionate cyberattack on an opponent’s civilian infrastructure. Andy Greenberg writes in Wired that as the Trump administration increasingly beats its cyberwar drum, some former national security officials and analysts warn that even threatening that sort of attack could do far more to escalate a coming cyberwar than to deter it.

  • PerspectiveEntering the third decade of cyber threats: Toward greater clarity in cyberspace

    Over the course of just a few decades, the world has entered into a digital age in which powerful evolving cyber capabilities provide access to everyone connected online from any place on the planet. Those capabilities could be harnessed for the benefit of humanity; they might also be abused, leading to enormous harms and posing serious risks to the safety and stability of the entire world. Dan Efrony writes in Lawfare that a strategy of international cooperation is crucial to mitigate the threats of abuse of cyberspace, primarily by clarifying the “red lines” in the field of cybersecurity and determining how to verify and enforce states’ compliance with their legal obligations in the field.