• The SolarWinds Hack Was All but Inevitable – Why National Cyber Defense Is a “Wicked” Problem and What Can Be Done about It

    Software supply chains are vulnerable to hackers: Many U.S. companies outsource software development because of a talent shortage, and some of that outsourcing goes to companies in Eastern Europe that are vulnerable to Russian operatives. One problem is that U.S. national cyber defense is split between the Department of Defense and the Department of Homeland Security, which leaves gaps in authority. There are no easy solutions to shoring up U.S. national cyber defenses.

  • Punitive Response to SolarWinds Would Be Misplaced, But Cyber Deterrence Still Matters

    Some analysts argue that the United States should respond to the SolarWinds breach by focusing on improving defenses, rather than on conducting a retaliatory response such as some government officials have been advocating. Apunitive response to SolarWinds may be unwise because the available evidence indicates that the objective of the operation was national security espionage. However, this does not mean that the pursuit of deterrence strategies to address other types of malicious behavior in cyberspace, beyond espionage, is a fool’s errand. Deterrence is not a one-size-fits-all concept in cyberspace—or in any other domain.

  • In the Wake of SolarWinds: Making and Breaking a Rules-Based Global Cyber Order

    We should recognize that the need to make careful distinctions between different categories of cyber operations, and shun the use of emotive and misleading language about “attacks,” should also be extended to the field of political influence via the internet. Using cyberspace to spread propaganda, influence political outcomes and reveal or invent damaging information is an extension of tactics that have been used in different ways for millennia—including by the U.S. Actually trying to rig U.S. elections by tampering with the count online would be completely different and vastly more serious.

  • Coup Plots, Poison, Hacking, Sabotage: What Is the GRU’s Unit 29155?

    In 2012, the salaries of service members of three Russian intelligence units within the GRU were increased significantly. One of these units, Unit 29155, has grabbed outsized attention, having been linked by 2018 to an alleged coup plot in Montenegro and the near-fatal poisonings of a former Russian military intelligence officer in England and an arms dealer in Bulgaria. Now, Czech government allegations that the unit’s members were behind a 2014 explosion at a Czech ammunition depot. “These are the guys you send in because you want to break stuff,” said an expert on Russian security services.

  • The Sino-American Race for Technology Leadership

    The reaction in Washington – one of alarm and outrage — to reports that China trawls America’s open innovation ecosystem stealing prized technologies got that much right. AI and quantum computing, to name just two of them, could change the balance of global power. In identifying economic competitiveness, innovation, and democratic principles as core pillars of national security, the Trump team was on the right track, but instead of offering a coherent strategic response, the Trump administration opted for export and foreign investment control laws with broad and vague reach. “This approach was counterproductive to American innovation leadership. It also failed to address the reality that acquisition of U.S. technology is not the only challenge from China or even, arguably, the most important,” Ferial Ara Saeed writes.

  • Mathematics Professor and University Researcher Indicted for Grant Fraud

    A federal grand jury in Carbondale, Ill. On Wednesday returned an indictment charging a mathematics professor and researcher at Southern Illinois University – Carbondale (SIUC) with two counts of wire fraud and one count of making a false statement. The prosecution is part of the Justice Department’s ongoing China Initiative. Led by the Department’s National Security Division, the China Initiative is a broad, multi-faceted effort to counter Chinese national security threats and safeguard American intellectual property.

  • Legislation Introduced to Ban TikTok from Government Devices

    U.S. Senators Marco Rubio (R-FL), Josh Hawley (R-MO), and Rick Scott (R-FL) have introduced legislation that would ban all federal employees from using TikTok on government devices. The U.S. State Department, the Department of Homeland Security, the Department of Defense, and TSA have already banned TikTok on federal devices due to cybersecurity concerns and the potential for spying by the Chinese government.

  • U.S. Expels Russian Diplomats, Imposes New Sanctions on Russia in Retaliation for Hacking, “harmful activities”

    The U.S. has imposed a new round of sanctions against Russia targeting what it calls the “harmful” foreign activities of Moscow. U.S. intelligence officials have pointed the finger at Russia for a massive hack known as SolarWinds that hit large swaths of the U.S. public and private sectors last year. Widely used software is believed to have been infected with malicious code, enabling hackers to access at least nine U.S. agencies, dozens of corporations.

  • U.S. Treasury Provides Missing Link: Manafort’s Partner Gave Campaign Polling Data to Kremlin in 2016

    The U.S. Treasury Department said Thursday that Konstantin Kilimnik, an associate and ex-employee of Paul Manafort, “provided the Russian Intelligence Services with sensitive information on polling and campaign strategy,” during the 2016 election. Justin Hendrix writes that this is an apparently definitive statement that neither Special Counsel Robert Mueller nor the Senate Intelligence Committee investigation made in their final reports.

  • Messaging Authoritarianism: China’s Four Messaging Pillars and How ‘Wolf Warrior’ Tactics Undermine Them

    A messaging strategy is only as good as the goal it serves; as Xi Jinping has made clear, China is seeking to make the world safer for its brand of authoritarianism by reshaping the world order. An analysis of messaging from China’s diplomats, state-backed media, and leaders of the Chinese Communist Party (CCP) demonstrates that Beijing repeatedly uses narratives, angles, and comparisons that serve to change perceptions about China’s autocracy and the United States’ democracy—to China’s advantage.

  • Global Security Trends

    The National Intelligence Council (NIC) on Thursday released the seventh edition of its quadrennial Global Trends report. Global Trends 2040: A More Contested World is an unclassified assessment of the forces and dynamics that the NIC anticipates are likely to shape the national security environment over the next twenty years. Global competition for influence will intensify. “During the next two decades, the intensity of competition for global influence is likely to reach its highest level since the Cold War,” the report notes.

  • Lawmakers Back 5G Alternatives to China-Made Equipment

    Senate Select Committee on Intelligence Chairman Sen. Mark R. Warner (D-VA) led a bipartisan group of Senators in urging President Joe Biden to request at least $3 billion as part of his budget request to Congress for the adoption of 5G alternatives to Chinese-made equipment. Specifically, the Senators urged Biden to request at least $1.5 billion each for two funds established by Congress to encourage the adoption of Open Radio Access Network (Open RAN) equipment, which would allow additional vendors to enter the 5G market and compete with manufacturers like Huawei, which is heavily subsidized by the Chinese government.

  • Shining Light on China’s Secretive International Lending Program

    A new study and dataset reveal previously unknown details about China—the world’s largest official creditor—and its lending practices to developing countries. A cache of documents shows that Chinese loan contracts have unusual secrecy provisions, collateral requirements, and debt renegotiation restrictions.

  • What Would Happen If States Started Looking at Cyber Operations as a “Threat” to Use Force?

    How are threats of force conveyed in cyberspace? Duncan B. Hollis and Tsvetelina van Benthem write that when, in the spring of 2020, hackers compromised the SolarWinds Orion software by “trojanizing” the so-called Sunburst backdoor, they raised a question: “If the presence of backdoors in a victim’s network allows for future exploits capable of causing functionality losses generating destruction (or even deaths), could their presence be seen as threatening such results? More broadly, when does a cyber operation that does not itself constitute a use of force threaten force?”

  • How Should the United States Compete with China’s Belt and Road Initiative?

    China’s Belt and Road Initiative (BRI) is the country’s most ambitious foreign policy undertaking in modern times and is central to Chinese President Xi Jinping’s legacy. BRI, which dwarfs the Marshall Plan in scale, has funded and built roads, power plants, ports, railways, fifth-generation (5G) networks, and fiber-optic cables around the world. While BRI initially sought to connect countries in Central, South, and Southeast Asia with China, it has since transformed into a globe-spanning enterprise encompassing 139 countries.