• U.S. Offensive Cyber Operations against Economic Cyber Intrusions: An International Law Analysis

    The United States is likely to struggle to make a convincing argument that economic cyber intrusions carried out against it breach international law. Consequently, in most cases the United States would not be able to resort to countermeasures in response. It must therefore show that its offensive cyber operations do not themselves breach international law.

  • Trump Is Rattling Sabers in Cyberspace — but Is the U.S. Ready?

    While U.S. cyber defenses are improving, some experts worry about how the nation would recover from an even larger strike — such as one on the scale of the suspected Russian cyber-assault that blacked out power to more than 200,000 Ukrainians in 2015. The worst-case scenario, say experts, is that the U.S. gets into an escalating round of hacking attacks with some hostile power that spins out of control — with no plan for what to do next.

  • Cyberattack Attribution and the Virtues of Decentralization

    In the midst of rising tensions between the United States and Iran over tanker attacks and Iran’s downing of a U.S. drone, reports emerged that U.S. Cyber Command had launched a responsive cyber operation against a group linked to the Iranian Revolutionary Guard Corps. As cyber operations by both states heat up, non-governmental actors may play pivotal roles, not just as potential victims and collateral damage from states’ actions, but also as accusers of states.

  • What a U.S. operation in Russia shows about the limits of coercion in cyber space

    The New York Times recently reported that the United States planted computer code in the Russian energy grid last year. The operation was part of a broader campaign to signal to Moscow the risks of interfering in the 2018 midterm elections as it did in 2016.  According to unnamed officials, the effort to hold Russian power plants at risk accompanied disruption operations targeting the Internet Research Agency, the “troll farm” behind some of the 2016 election disinformation efforts. The operations made use of new authorities U.S. Cyber Command received to support its persistent engagement strategy, a concept for using preemptive actions to compel adversaries and, over time, establish new norms in cyberspace. Benjamin Jensen writes in War on the Rocks that the character of cyber competition appears to be shifting from political warfare waged in the shadows to active military disruption campaigns. Yet, the recently disclosed Russia case raises question about the logic of cyber strategy. Will escalatory actions such as targeting adversaries’ critical infrastructure actually achieve the desired strategic effect?

  • U.S. Cyber Command, Russia and critical infrastructure: What norms and laws apply?

    According to the New York Times, the United States is “stepping up digital incursions into Russia’s electric power grid.” The operations involve the “deployment of American computer code inside Russia’s grid and other targets,” supposedly to warn Russia against conducting further hostile cyber operations against U.S. critical infrastructure, and to build the capability to mount its own robust cyber operations against Russia in the event of a conflict.Michael Schmitt writes in Just Security that damaging critical infrastructure is clearly be out of bounds as responsible peacetime state behavior and would likely violate international law. But do these types of intrusions – seemingly intended to prepare for future operations or deter them, or both, without causing any actual harm – also run counter to applicable non-binding norms or violate international law during peacetime?

  • How not to prevent a cyberwar with Russia

    In the short span of years that the threat of cyberwar has loomed, no one has quite figured out how to prevent one. As state-sponsored hackers find new ways to inflict disruption and paralysis on one another, that arms race has proven far easier to accelerate than to slow down. But security wonks tend to agree, at least, that there’s one way not to prevent a cyberwar: launching a pre-emptive or disproportionate cyberattack on an opponent’s civilian infrastructure. Andy Greenberg writes in Wired that as the Trump administration increasingly beats its cyberwar drum, some former national security officials and analysts warn that even threatening that sort of attack could do far more to escalate a coming cyberwar than to deter it.

  • Entering the third decade of cyber threats: Toward greater clarity in cyberspace

    Over the course of just a few decades, the world has entered into a digital age in which powerful evolving cyber capabilities provide access to everyone connected online from any place on the planet. Those capabilities could be harnessed for the benefit of humanity; they might also be abused, leading to enormous harms and posing serious risks to the safety and stability of the entire world. Dan Efrony writes in Lawfare that a strategy of international cooperation is crucial to mitigate the threats of abuse of cyberspace, primarily by clarifying the “red lines” in the field of cybersecurity and determining how to verify and enforce states’ compliance with their legal obligations in the field.

  • When to use the “nuclear option”? Why knocking Russia offline is a bad idea

    On Nov. 6, 2018, the notorious Russian troll farm—the Internet Research Agency or IRA—was silent. In an effort to “prevent the Russians from mounting a disinformation campaign” that would “cast doubt on the results” of the 2018 U.S. midterm elections, U.S. Cyber Command conducted a mysterious cyber operation to knock the organization offline. The news about the Cyber Command operation prompted suggestions that America should respond to cyberattacks with more drastic measures. Robert Morgus and Justin Sherman write in Just Security that even putting the important issues associated with offensive cyber operations, “we write to address a fundamental policy question about this type of cyber operation. Would it even serve the deterrent effect some claim it would?”

  • Cyberattacks are rewriting the "rules" of modern warfare – and we aren’t prepared for the consequences

    Governments are becoming ever more reliant on digital technology, making them more vulnerable to cyber attacks. Politically-motivated cyber attacks are becoming increasingly commonplace but unlike traditional warfare between two or more states, cyberwarfare can be launched by groups of individuals. On occasion, the state is actually caught in the crosshairs of competing hacking groups. Vasileios Karagiannopoulos and Mark Leiser write in the Conversation that this doesn’t mean that states don’t actively prepare for such attacks. In most cases, cyberwarfare operations have been conducted in the background, designed as scare tactics or displays of power. But the blending of traditional warfare and cyberwarfare seems inevitable and a recent incident added a new dimension.

  • Crossing a cyber Rubicon?

    Amid a massive exchange of rocket fire and airstrikes between Israel and both Hamas and Islamic Jihad this weekend, Hamas attempted a cyber operation against an unspecified civilian target in Israel. The operation failed, and in its aftermath the Israel Defense Forces carried out an airstrike that destroyed the building housing Hamas’s cyber capability. Some observers are citing the incident as an important—and perhaps dangerous—precedent. Others are questioning the legality of the strike itself. Robert Chesney writes in Lawfare that both these views are misplaced.

  • U.S. military steps up cyberwarfare effort

    The U.S. military has the capability, the willingness and, perhaps for the first time, the official permission to preemptively engage in active cyberwarfare against foreign targets. The first known action happened as the 2018 midterm elections approached: U.S. Cyber Command, the part of the military that oversees cyber operations, waged a covert campaign to deter Russian interference in the democratic process.

  • U.S. Cyber Command cut Russian troll factory’s access to the internet

    The U.S. Cyber Command blocked the internet access of the St. Petersburg’s-based Internet Research Agency (IRA), a Russian disinformation and propaganda outfit which was contracted by the Kremlin to orchestrate the social media disinformation campaign to help Donald Trump win the 2016 presidential election. The IRA’s access to the internet was blocked on midterms Election Day, and for a few days following the election.

  • Questioning the effectiveness of offensive cyber operations

    Great-power competition in the twenty-first century increasingly involves the use of cyber operations between rival states. But do cyber operations achieve their stated objectives? What are the escalation risks? Under what conditions could increasingly frequent and sophisticated cyber operations result in inadvertent escalation and the use of military force? The answers to these questions should inform U.S. cybersecurity policy and strategy.

  • Why it’s unwise for the U.K. to boast about its cyberattack capability

    The U.K. government is very publicly investing more money in its ability to conduct cyberattacks and, at the same time, it is becoming increasingly open in talking about the attacks it has conducted in the past – and those it might conduct in future. There are risks involved in publicly signaling the imminence of cyber and other attacks, especially against capable adversaries with a demonstrable appetite for taking risks and a cavalier attitude about collateral damage. The U.K. needs to think more carefully about how it integrates cyber operations, and communication about them, into its wider approach – not only towards Russia but across the whole spectrum of national security operations.

  • U.S. prepared to strike in cyberspace

    The United States is prepared to go on the offensive in cyberspace to ensure adversaries know there is a price to pay for hacks, network intrusions and other types of attacks. President Donald Trump signed a new National Cyber Strategy on Thursday, calling for a more aggressive response to the growing online threat posed by other countries, terrorist groups and criminal organizations.