If the U.S. Department of Defense were an economy unto itself, it would be the 20th largest in the world. Like any other advanced modern economy, it is deeply integrated with the entire globe, its supply chains often stretching into countries with whom the United States has adversarial relations. The ...

Beset by disruptive digital attacks, espionage, and cyber-enabled influence campaigns intended to sway public opinion, the United States and its allies are looking for ways to stop the onslaught of computer breaches into their systems. Many nations’ security services are bolstering their offensive military cyber capabilities and response frameworks to ...

Time and time again companies, organizations, and government agencies have proven that they can’t completely secure their computer networks from hackers – particularly nation-states with the resources to pursue access persistently. Instead of focusing solely on network defense, the United States can adopt a deterrence strategy that dissuades foreign governments ...

Disruptive and intrusive cyber activity pervades much of modern international relations. The trend towards the jockeying for global influence and geopolitical positioning through cyber means is only going to grow as more countries and non-state actors play out conflicts in the virtual domain. The responsibility for defending U.S. interests from ...

Despite the many logistical and operational challenges of a transition, many acknowledge that U.S. Cyber Command must eventually separate from the National Security Agency. According to news reports, the Trump Administration is now finalizing plans to separate Cyber Command from its parent organization, the National Security Agency. While the details ...

With a barrage of attacks regularly hammering the private sector and nearly every U.S. federal agency, there is a strong need for government policies within an overarching cyber deterrence strategy. The impacts of network intrusions go well beyond the immediate loss of data, but ripple into malicious influence over public ...

In 2010, then-Deputy Secretary of Defense William J. Lynn III made a pivotal decision for the future of cyberspace and the U.S. military: He saw to it that the U.S. Department of Defense declared cyberspace a “domain” of warfare. This decision created the organizational impetus for the DoD to organize ...

The two separate worlds of electronic warfare and cybersecurity are beginning to overlap, if not collide. In the U.S. military, electronic warfare and cyber capabilities live in different military domains, delivered by operators who exist in different military units and who largely grew up in different career fields. The National ...

The isolation of cyber as an entirely independent domain of warfare is both inaccurate and dangerous. Today, the Pentagon faces an essential task, to integrate cyber capabilities with warfighting in the physical world. Cyber capabilities cannot be detached from other domains of warfare, such as electromagnetic, air, land, sea, and ...

China is a burgeoning great power. It is continually figuring out the various dimensions of power – not least of which is power in cyberspace – and putting them to use. Like other great powers dealing in an unknown medium, it is, to quote Deng Xiaoping, crossing the river by ...

European countries are becoming increasingly wary of foreign disinformation and subversion operations in their own internal politics following Russian interference in last year’s U.S. elections. The small Baltic states of Estonia, Latvia, and Lithuania, however, understand the threat of Russian hybrid warfare – a coordinated mix of conventional military action, ...

Where will Russian President Vladimir Putin strike next? With the 2018 Russian election around the corner, former Soviet states are nervous. Foreign adventures are the quickest way for a politician to get a bump in the polls. What does this mean for cybersecurity? In the internet era, one thing is ...

Russian offensive cyber capabilities are as sophisticated as those of other major cyber powers, such as the United States and China, and they likely exceed Baltic states’ ability to defend critical infrastructures. A successful large-scale cyberattack during peace time, or prior to or in concert with a conventional attack – ...

In 2013, former President Barack Obama was close to ending the “dual-hat” leadership of both the National Security Agency and U.S. Cyber Command, only to be dissuaded by senior officials arguing the close integration with the NSA continued to be necessary for the maturation of the then only 4-year-old Cyber ...

There as been discussion of a separation between the National Security Agency and U.S. Cyber Command for a while, only for the change in administrations to cause brief hesitation. Now that the Trump administration is in full swing, it is time to revisit the prospect of a split between the ...

A group of international law experts met in Tallinn, Estonia, after the 2007 onslaught of cyber attacks against sites in the country, to create the Tallinn Manual in order to clarify what constitutes an act of war in cyberspace and how countries could lawfully respond. The vast majority of everyday ...

Cyberspace is often portrayed as a new domain of international relations – a Wild West where there are no rules or guiding principles to govern the behavior of states. Such perceptions of anarchism have bred uncertainty over what is or is not acceptable activity among governments. This often leads to ...

NATO’s Cooperative Cyber Defence Centre of Excellence last month published the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations, a follow-on project to the first, 2013, edition of the manual, which focused on cyber operations in peacetime. The work of a distinguished and geographically diverse group of ...

Cyber operations remain at the forefront of confrontations between the West and Moscow as relations continue to deteriorate. Russia asserted itself in 2007 with “patriotic hackers” launching a volley of distributed denial of service (DDoS) attacks on Estonian systems. Then in 2008, cyber attacks preceded the Russo-Georgian war, and again ...

Understanding the Russian criminal underground is essential when discussing Russian proxies in cyberspace. How do cybercriminal entities interact with each other and what is their relationship with the Russian government? The Cipher Brief spoke with Ed Cabrera, the Chief Cybersecurity Officer at Trend Micro and the former Chief Information Security ...

What if network defenders knew that a cyber operation occurred during Moscow business hours, that it involved a Russian IP address, and that the cyber actors used a Cyrillic keyboard? Would those indicators by themselves be enough for attribution?  Given the Russian cyber environment, the answer is clearly “no.” Those ...

For many, cybersecurity is a technical problem and therefore requires technical solutions. But for policymakers and the national security community, a key takeaway from this year’s RSA Conference is that cybersecurity is simply a digital extension of many of the threats that have been around for a long time: organized ...

If you missed our previous dispatch, I am attending the annual RSA Conference in San Francisco, a global event where private and public sectors come together to hash out the most pressing concerns in cybersecurity today. Prior discussions hit on technical approaches to privacy, the role of government in laying ...

This week I’m attending the annual RSA Conference in San Francisco, where government and industry leaders have come together to discuss the looming challenges and newest tools in cybersecurity. Throughout the week, I’ll be speaking with experts, bringing you insights on the threats emanating from cyberspace, ranging from ransomware and ...

We live in an age where what used to be the figment of science fiction is now a reality, changing the way people go about their daily lives. Advances in artificial intelligence and machine learning are the new frontier, and their inception creates just as many risks as opportunities. In ...

Many view cybersecurity as passively blocking attempts to breach networks, but security experts have long advocated more active measures in defense of sensitive networks. Advances in artificial intelligence and machine learning could make such efforts scalable to the vast connectivity of the modern age. The Cipher Brief spoke with David ...

The cybersecurity industry is currently enamored with concepts of autonomous defense, including elements of machine learning, behavioral analytics, and artificial intelligence—and rightly so. Programed to be able to study all vulnerabilities in the public domain, autonomous bots (autbots)—not to be confused with bots simply conducting repetitive tasks like guessing default ...

Cyber is emerging as Iran’s weapon of choice for dealing with both domestic and foreign opponents. For more than a decade, the Islamic Republic has waged a relentless cyber­spying campaign against Iranian dissidents. Following its discovery of the Stuxnet cyberattacks on its nuclear program in 2010 and the imposition of ...

Cybersecurity is often discussed in relation to the major global powers: China’s economic espionage, Russian influence operations, and U.S. dragnet global surveillance to thwart terrorism. However, as other countries move to digitize their economies, cybercriminals are zeroing in on these new and lucrative targets while regional players are quickly incorporating ...

When the Russian intelligence operation designed to influence our 2016 election is used as a case study to train new Russian intelligence officers, it will be considered the most successful covert action operation in the history of Mother Russia. This operation, known as “Grizzly Steppe,” will be in the annals ...

With news of nation-states allegedly attacking companies, political institutions, and world governments, it is important to know how attribution works in cybersecurity. For the unfamiliar, attribution is the process investigators and intelligence workers use to tie responsibility of an event or action to a person, group, or country. Unless there ...

Let’s agree on one thing, when it comes to Russia’s recent interference with the U.S. presidential election, no one yet has found a way to deter President Vladimir Putin from doing it again – here in this country or elsewhere. At Thursday’s Senate Armed Services Committee hearing on foreign cyber ...

Pundits will pick over the lessons of 2016 for a long time, and as they do, cyber experts are looking at the past year and finding lessons as well, with far-reaching implications for our nation’s security. For most Americans, the 2016 election was the year cybersecurity moved from being an ...

Leaders of three top Senate national security committees are to meet Wednesday to discuss alleged Russian hacking of last month’s elections, and the Senate Foreign Relations committee has set a closed-door briefing on the Obama administration’s response for Thursday, a committee aide told The Cipher Brief late Tuesday. According to ...

Russian President Vladimir Putin said in a statement Friday that he will not expel U.S. diplomats in response to U.S. sanctions imposed on Russia yesterday by President Barack Obama, a move Russian foreign minister Sergey Lavrov had advocated for. Putin called the “recent unfriendly steps” taken by the outgoing Obama ...

In July, Rob Dannenberg, the former head of security at Goldman Sachs and a 24-year veteran of the CIA, discussed Russia’s cyber strategy of information warfare and the role of proxies in undermining attribution efforts, consequentially stemming victims' political will to respond to provocations. Moving from the disruptive attack on ...

Editor’s Note: Over the coming days, The Cipher Brief presents some of our most incisive coverage on key issues of 2016 and a look ahead at what is yet to come in 2017. From disruptive distributed denial of service (DDoS) attacks rendering entire swathes of the Internet including Netflix, Twitter, ...

Back in August, The Cipher Brief sat down with Leo Taddeo, Chief Security Officer for Cryptzone, to discuss the cyber threats posed by Russia and China. While China primarily uses its cyber collection capabilities “to compete on an economic level,” Russia places a greater “emphasis on collecting military and diplomatic ...

President Barack Obama says the U.S. will respond to the Russia’s interference in the 2016 campaign. In an interview with NPR on Friday, Obama said, "I think there is no doubt that when any foreign government tries to impact the integrity of our elections ... we need to take action. ...

When it comes to attribution—especially when foreign intelligence agencies are involved—plausible deniability is easy. However, the public has come to expect courtroom-quality evidence before believing attribution for cyber operations—a difficult task when the kind of cross-border cooperation you need to get to the bottom of the case is not likely ...

Now that the Obama administration has publicly attributed the hacking of the Democratic National Committee and other political entities to “Russia’s senior-most officials,” the question remains, how will the U.S. respond to Russia’s meddling in the coming elections? After all, as James Lewis, Senior Vice President and Director of the ...

After much hand-wringing, the U.S. publicly admitted that the Russian government is interfering with the Presidential election. This was an open secret for weeks, but pious hopes for the bilateral relationship postponed any confirmation. The Russians calculate that they can manipulate the U.S. and take advantage of its spectacularly messy ...

Most political leaders understand that governments that fail to respond to public provocations by foreign states do so at their own risk. In recent years, the U.S. and some of its allies (such as Australia, Estonia, Germany, Lithuania, and the U.K.) have been subjected to repeated, sophisticated, and costly cyber-attacks, emanating ...

The White House is looking to take a “proportional” response to Russia’s alleged hacking of U.S. political party organizations and effort to interfere in the election campaign. "We obviously will ensure that a U.S. response is proportional. It is unlikely that our response would be announced in advance. It’s certainly ...

As U.S.-Russia tensions escalate, the sharply deteriorating bilateral relationship between the former Cold War foes may be at an inflection point. Experts say that in the wake of a flurry of public statements, accusations, and nixed arms control agreements last week, the United States and Russia have hit another low ...

The Cipher Brief spoke with Justin Harvey, CSO of Fidelis Cybersecurity, about the cyber threats posed by both China and Russia. According to Harvey, although last year’s agreement between U.S. President Barack Obama and China’s President Xi Jinping has resulted in a decrease in China’s cyber espionage, “The fight is ...

When it comes to cyber attacks, one of the biggest problems is correctly determining who, exactly, is attacking you. This is called attribution, and it is extremely difficult, since many sophisticated actors are capable of obscuring or destroying evidence as to who they are. The difficulty of attribution is compounded ...

Most analysts have been impressed, and increasingly concerned, with the rapid improvement of Iran’s cyber capabilities. Tehran undoubtedly focuses the bulk of its cyber investment in defending itself from cyberattack, as well as being able to better monitor and manage its own people. That mission is a clear priority in ...

Amid the continuing leitmotif of missile tests, nuclear weapons development, and unwavering anti-South Korean and anti-U.S. rhetoric, North Korea’s cyber activities have once again risen in the order of importance among security and political circles. The latest North Korean cyber-episode was the revelation made by South Korean authorities that North ...

North Korea’s army of 6,000 hackers have been implicated in a multimillion dollar bank heist, the theft of intelligence from finance and defense firms, and the infiltration of infrastructure networks—all in the first six months of 2016. This only adds to the numerous attacks against South Korea – one of ...