Cyber Warfare

The Cipher Brief hosted its second annual threat conference at beautiful Cloister Resort on Sea Island, Ga., this month. While there, Dmitri Alperovitch and I ran cyber exercises that pushed participants, many of whom are former senior government leaders, to step into the shoes of U.S. national security decision-makers to ...

The United States is in the midst of the most resounding policy shift on cyber conflict, one with profound implications for national security and the future of the internet. The just-released U.S. Cyber Command “vision” accurately diagnoses the current state of cyber conflict and outlines an appropriate new operational model ...

History suggests that applying the wrong operational framework to an emerging strategic environment is a recipe for failure. During the World War I, both sides failed to realize that large scale artillery barrages followed by massed infantry assaults were hopeless on a battlefield that strongly favored well-entrenched defense supported by ...

The Trump administration has accused Russia of a coordinated “multi-stage intrusion campaign” to hack into critical U.S. infrastructure networks and conduct “network reconnaissance” while attempting to delete evidence of their intrusions.  Homeland Security officials say they have helped the affected companies remove the Russian hackers from their compromised networks, but ...

Bottom Line: In the digital age, determining the origins of cyberattacks is already difficult, but cyber actors can further muddy attribution by diverting blame for attacks to others. The intention is not necessarily to trick intelligence services – who are able to access information beyond technical forensics of the hack ...

Jason Healey recently posted an interesting piece on The Cipher Brief, US Cyber Command: “When faced with a bully…hit him harder.” Healey writes: “Cyber Command’s new strategy demands that, ‘We must not cede cyberspace superiority.’ The goal is ‘superiority’ through ‘persistent, integrated operations [to] demonstrate our resolve” even at “below the ...

In Washington, there may be division and confusion about how to deal with Russian cyber-based interference. But 25 miles north, at Fort Meade, home of U.S. Cyber Command, they are angry and ready. Cyber Command’s new strategy demands that, “We must not cede cyberspace superiority.” The goal is “superiority” through ...

During times when the country expresses passionate opinions over the politics of the day, I wonder what U.S. adversaries focus on. One thing always in the back of my mind, as a former intelligence correspondent and now publisher of a national-security focused website, is the U.S. power grid. U.S. critical ...

Bottom Line: Maturing under Tehran’s tutelage, Hezbollah’s hackers are quickly learning the art of cyber warfare. The formidable militant organization is increasingly turning its attention to the digital realm to engage in espionage, psychological operations, disruption of critical services and criminal activity to fund its activities on the ground. Background: ...

The range of ferocious offensive cyber attacks by revisionist and rogue powers in recent years makes clear that the U.S. and its allies are fully enmeshed in the third generation of cyber conflict. Both the public and private sectors must elevate their responses accordingly. The first generation of cyber conflict kicked ...

Bottom Line: Cyber vigilantes and “hacktivists” increasingly fill the void left by governments in combating terrorist activity online. While such politically motivated non-state hackers are relatively effective at removing the presence of terrorist content, their continued operations could damage overall counterterrorism efforts by undermining intelligence operations –  say by taking ...

For this last week of 2017, we asked our experts to look ahead at key national security issues. NSA veteran Rick Ledgett offers some cybersecurity lessons learned, and a warning of what's to come. On Iranian and North Korean cyber activity: Those two actors are very different in their motivations and ...

Tehran poses an increasing cyber threat to the U.S., in light of the Trump administration’s allegations that Iran is violating United Nations Security Council resolutions tied to the nuclear agreement. Iran-sponsored hackers—dismissively referred to as “kittens” for their original lack of sophistication—are bolstering their cyber warfare capabilities as part of ...

Earlier this month, two members of the House of Representatives Tom Graves (R-GA) and Kyrsten Sinema (D-AZ) introduced a bill called Active Cyber Defense Certainty Act, dubbed the “hack back” bill, which would allow companies to hack the hackers who infiltrate their computer networks to retrieve or delete stolen data ...

Deterrence is based on the elements of denial (denying an adversary’s attempt to attack our interests) and punishment (inflicting unacceptable costs to the attacker in reply for having conducted the attack). At present, most U.S. cyber deterrence efforts have been defensive. And, so far, the United States has yet to ...

The Cipher Brief Cyber Advisory Board convenes meetings with some of the most innovative thinkers across government and the private sector, tackling a range of cyber threats. Meetings are bi-monthly and are moderated by General Michael Hayden, former Director of the NSA and CIA, as well as a rotating list ...

In the nearly seven years since the U.S. Department of Defense declared cyberspace a “domain” of warfare – alongside land, air, sea, and space – the Pentagon has developed an overarching Cyber Strategy to guide their efforts in the new domain and raised a Cyber Command that has grown from ...

While maritime accidents are bound to occur, the consistency and regional concentration of the U.S. Navy mishaps in the Asia-Pacific beg for explanation. Cyber vulnerabilities have long been acknowledged against commercial maritime vessels, but the targeting of new naval systems – whether for navigation, engine and steering control, or commanding ...

Recent fatal accidents involving two vessels in the U.S. Seventh Fleet led to a spate of speculation about whether somehow the navigation in these ships was compromised by a cyber intrusion. Global Positioning System (GPS) spoofing has been highlighted as a possible contributing factor. While investigations are still underway to ...

There has been a recent wave of high-sea collisions in the Asia-Pacific involving U.S. naval vessels – most notably the USS Fitzgerald and USS John S. McCain, which together have resulted in the loss of more U.S. military personnel then in Afghanistan so far this year. The incidents, both involving ...

ISIS recruitment messaging online is a current threat and growing concern, and as the group continues to lose physical territory in Iraq and Syria, it is feared that they will seek to inspire individuals around the world to wage war on the West. To combat the anticipated increase in ISIS ...

ISIS propagates its ideology and promises of a jihadi utopia through slick social media campaigns, seeking to inspire a global audience to take up arms against its enemies and the societies they represent. Perhaps less visible has been ISIS’ operational use of digital communications as a command and control platform ...

No terrorist group has capitalized on networked technology more than ISIS, both for recruitment messaging and commanding their fighters on the ground. The internet is their response to asymmetric disadvantage. Where they lack in infrastructure and resources of a state, they use the web to plan attacks, solicit money and ...

Although cyberspace may have been declared the fifth domain of warfare by the U.S. Department of Defense, many wonder if the concepts of warfare applies to this domain. Is the domain somehow different from the others? Can states achieve new political outcomes by the clever use of cyberspace alone? Can ...

The reality of modern times is that nations are in a constant state of cyber engagement – either for espionage, influence, or disruption purposes. While there is a tacit acknowledgement that cyber espionage for political and military purposes is is fair game, some actions such as the disruption of critical ...

It’s likely only a matter of time before a major cyber attack hits U.S. civilian infrastructure, but the nature of that digital violation and the means to respond remain uncertain, as many of the most sensitive systems operate under private sector control. There is a “narrow and fleeting window of ...

The taxonomy of cybersecurity often includes alarming declarations on par with acts of war. But cyber campaigns outside of active conflict hardly meet such a coercive threshold. While there are major concerns over the cybersecurity of the nation’s critical infrastructure – the power grid, water treatment plants, transportation hubs, energy ...

By now, you’ve probably heard the news that the U.S. State Department is losing its top diplomat on issues relating to cybersecurity, Chris Painter. In addition, the rumors are that those associated with Painter’s Office of the Cyber Coordinator will be reassigned to the Bureau of Economic and Business Affairs. ...

If the U.S. Department of Defense were an economy unto itself, it would be the 20th largest in the world. Like any other advanced modern economy, it is deeply integrated with the entire globe, its supply chains often stretching into countries with whom the United States has adversarial relations. The ...

Beset by disruptive digital attacks, espionage, and cyber-enabled influence campaigns intended to sway public opinion, the United States and its allies are looking for ways to stop the onslaught of computer breaches into their systems. Many nations’ security services are bolstering their offensive military cyber capabilities and response frameworks to ...

Time and time again companies, organizations, and government agencies have proven that they can’t completely secure their computer networks from hackers – particularly nation-states with the resources to pursue access persistently. Instead of focusing solely on network defense, the United States can adopt a deterrence strategy that dissuades foreign governments ...

Disruptive and intrusive cyber activity pervades much of modern international relations. The trend towards the jockeying for global influence and geopolitical positioning through cyber means is only going to grow as more countries and non-state actors play out conflicts in the virtual domain. The responsibility for defending U.S. interests from ...

Despite the many logistical and operational challenges of a transition, many acknowledge that U.S. Cyber Command must eventually separate from the National Security Agency. According to news reports, the Trump Administration is now finalizing plans to separate Cyber Command from its parent organization, the National Security Agency. While the details ...

With a barrage of attacks regularly hammering the private sector and nearly every U.S. federal agency, there is a strong need for government policies within an overarching cyber deterrence strategy. The impacts of network intrusions go well beyond the immediate loss of data, but ripple into malicious influence over public ...

In 2010, then-Deputy Secretary of Defense William J. Lynn III made a pivotal decision for the future of cyberspace and the U.S. military: He saw to it that the U.S. Department of Defense declared cyberspace a “domain” of warfare. This decision created the organizational impetus for the DoD to organize ...

The two separate worlds of electronic warfare and cybersecurity are beginning to overlap, if not collide. In the U.S. military, electronic warfare and cyber capabilities live in different military domains, delivered by operators who exist in different military units and who largely grew up in different career fields. The National ...

The isolation of cyber as an entirely independent domain of warfare is both inaccurate and dangerous. Today, the Pentagon faces an essential task, to integrate cyber capabilities with warfighting in the physical world. Cyber capabilities cannot be detached from other domains of warfare, such as electromagnetic, air, land, sea, and ...

China is a burgeoning great power. It is continually figuring out the various dimensions of power – not least of which is power in cyberspace – and putting them to use. Like other great powers dealing in an unknown medium, it is, to quote Deng Xiaoping, crossing the river by ...

European countries are becoming increasingly wary of foreign disinformation and subversion operations in their own internal politics following Russian interference in last year’s U.S. elections. The small Baltic states of Estonia, Latvia, and Lithuania, however, understand the threat of Russian hybrid warfare – a coordinated mix of conventional military action, ...

Where will Russian President Vladimir Putin strike next? With the 2018 Russian election around the corner, former Soviet states are nervous. Foreign adventures are the quickest way for a politician to get a bump in the polls. What does this mean for cybersecurity? In the internet era, one thing is ...

Russian offensive cyber capabilities are as sophisticated as those of other major cyber powers, such as the United States and China, and they likely exceed Baltic states’ ability to defend critical infrastructures. A successful large-scale cyberattack during peace time, or prior to or in concert with a conventional attack – ...

In 2013, former President Barack Obama was close to ending the “dual-hat” leadership of both the National Security Agency and U.S. Cyber Command, only to be dissuaded by senior officials arguing the close integration with the NSA continued to be necessary for the maturation of the then only 4-year-old Cyber ...

There as been discussion of a separation between the National Security Agency and U.S. Cyber Command for a while, only for the change in administrations to cause brief hesitation. Now that the Trump administration is in full swing, it is time to revisit the prospect of a split between the ...

A group of international law experts met in Tallinn, Estonia, after the 2007 onslaught of cyber attacks against sites in the country, to create the Tallinn Manual in order to clarify what constitutes an act of war in cyberspace and how countries could lawfully respond. The vast majority of everyday ...

Cyberspace is often portrayed as a new domain of international relations – a Wild West where there are no rules or guiding principles to govern the behavior of states. Such perceptions of anarchism have bred uncertainty over what is or is not acceptable activity among governments. This often leads to ...

NATO’s Cooperative Cyber Defence Centre of Excellence last month published the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, a follow-on project to the first, 2013, edition of the manual, which focused on cyber operations in peacetime. The work of a distinguished and geographically diverse group of ...

Cyber operations remain at the forefront of confrontations between the West and Moscow as relations continue to deteriorate. Russia asserted itself in 2007 with “patriotic hackers” launching a volley of distributed denial of service (DDoS) attacks on Estonian systems. Then in 2008, cyber attacks preceded the Russo-Georgian war, and again ...

Understanding the Russian criminal underground is essential when discussing Russian proxies in cyberspace. How do cybercriminal entities interact with each other and what is their relationship with the Russian government? The Cipher Brief spoke with Ed Cabrera, the Chief Cybersecurity Officer at Trend Micro and the former Chief Information Security ...

What if network defenders knew that a cyber operation occurred during Moscow business hours, that it involved a Russian IP address, and that the cyber actors used a Cyrillic keyboard? Would those indicators by themselves be enough for attribution?  Given the Russian cyber environment, the answer is clearly “no.” Those ...

For many, cybersecurity is a technical problem and therefore requires technical solutions. But for policymakers and the national security community, a key takeaway from this year’s RSA Conference is that cybersecurity is simply a digital extension of many of the threats that have been around for a long time: organized ...