Cyber conflict seems to have become necessary, and normal. Nearly every day cyber attacks occupy the headlines of mainstream media. A diverse group of governments across the world state that they are exploring options to (further) develop a capacity to conduct offensive cyber operations. Non-state actors also continue to rely on cyber means whilst pursuing a diverse set of motives.
Yet, the dynamics of cyber conflict are complex, understudied, and constantly changing. In 2012, when Gen. Keith Alexander was still heading the NSA and US Cyber Command, he stated that there is “much uncharted territory in the world of cyber-policy, law and doctrine”. Gen. Alexander’s statement still holds today. There is still much uncertainty about a broad set of related issues, such as the potential normative restraints on cyber conflict, fourth party intelligence collection, the strategic value of offensive cyber operations, and how state and non-state actors (can) work together in cyberspace – both from offensive and defensive perspective. Researchers have tried to answer these questions whilst the conceptual and empirical underpinnings of the field are fluid. New ‘data points’, like the cyber-enabled information operations during the US Presidential Elections, have (re)shifted the focus of the field and changed our understanding of what cyber conflict entails. New interpretations of old ‘data points’, like the re-study on the 1990s Moonlight Maze campaign, have equally altered our understanding of the field.
So where to get started if you’re a political science student (or diplomat, congressional staffer, etc.) new to the field of cyber conflict? Below you can find a very, very short reading list. It’s based on my teaching at Stanford University for the Master in International Policy (MIP), analysis of 25+ cyber conflict syllabi, and review of cyber conflict articles in top 50 Poli Sci journals.
- Conceptualizing Cyberspace and Cyber Conflict
- Monte, Matthew, Network Attacks and Network Exploitation: A Framework, (2015) https://www.amazon.co.uk/Network-Attacks-Exploitation-Matthew-Monte/dp/1118987128
- Betz, D. J. ; Stevens, T., Analogical reasoning and cyber security, Security Dialogue, 2013, Vol.44(2), pp.147-16
- Committee on Offensive Information Warfare, National Research Council. Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities.Washington, DC: National Academies Press, 2009, available from: https://www.nap.edu/catalog/12651/technology-policy-law-and-ethics-regarding-us-acquisition-and-use-of-cyberattack-capabilities
- Joint Publication 3-12, Cyberspace Operations, 8 June 2018 (for US students)
- Dunn Cavelty, Myriam “From cyber‐bombs to political fallout: Threat representations with an impact in the cyber‐security discourse,” International Studies Review, 15:1, 2013/3, 105-122; https://academic.oup.com/isr/article-abstract/15/1/105/1791182
- Giles, Keir & William Hagestad II, “Divided by a Common Language: Cyber Definitions in Chinese, Russian and English,” in Proceedings of the 5th International Conference on Cyber Conflict, K. Podins, J. Stinissen, M. Maybaum (eds.) (2013). https://ccdcoe.org/publications/2013proceedings/d3r1s1_giles.pdf
2. Types of Threat Actors and forms of Activity
- APT Groups and Operations, https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit#gid=361554658 (avoid using maps & lists confusing operation, actor & malware, etc.)
- Bruce Schneier, Secrets and Lies: Digital Security in a Networked World,Wiley, 2000
- Zetter, Kim, Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon (2014)
- Thomas Rid, Cyber War Will Not Take Place, Journal of Strategic Studies, 35:1 (2012)
3. Policy Dilemmas
- Rid, Thomas & Ben Buchanan, ‘Attributing Cyber Attacks’, Journal of Strategic Studies, 38:1-2 2015, http://www.tandfonline.com/doi/abs/10.1080/01402390.2014.977382
- Florian Egloff, “Public Attribution of Cyber Incidents,” (2019, May), CSS Analyses in Security Policy, http://www.css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/CSSAnalyse244-EN.pdf
VEP / Capability Build up
- Ablon, Lillian and Timothy Bogart, “Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits,” RAND Corporation, (2017), retrieved from: https://www.rand.org/pubs/research_reports/RR1751.html
- Smeets, Max A Matter of Time: On the Transitory Nature of Cyber Weapons, Journal of Strategic Studies, (2017)1-28, http://www.tandfonline.com/doi/abs/10.1080/01402390.2017.1288107 (ignore framework)
- Can’t find a link to Healey’s DEFCON presentation. But if you’re better at googling, have a look at his slides.
- Michael Hayden, Playing the Edge: American Intelligence in the Age of Terror
- Michael Sulmeyer, “Much Ado About Nothing? Cyber Command and the NSA,” WarontheRocks, (2017, July 19) https://warontherocks.com/2017/07/much-ado-about-nothing-cyber-command-and-the-nsa/
- Smeets, Max, “Organisational Integration of Offensive Cyber Capabilities: A Primer on the Benefits and Risks,” NATO CCD COE Publications, 2017, http://maxsmeets.com/wp-content/uploads/2018/09/Art-02-Organisational-Integration-of-Offensive-Cyber-Capabilities-2.pdf
- Buchanan, Ben, Cybersecurity Dilemma, 2017, Oxford University Press
- David Raymond, Gregory Conti, Tom Cross, Robert Fanelli, “A Control Measure Framework to Limit Collateral Damage and Propagation of Cyber Weapons,” 5th International Conference on Cyber Conflict (NATO CCD COE Publications: Tallinn: 2013), retrieved from: http://www.gregconti.com/publications/130324_CyCon_Malware_Full.pdf
4th Party Collection
- Juan Andres Guerrero-Saade & Costing Raiu, “Waling in our enemy’s shadow: When Fourth-Party Collection Becomes Attribution Hell”, Virus Bulletin Conference, (2017, October): https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170728/Guerrero-Saade-Raiu-VB2017.pdf
- GReAT, Animals in the APT Farm, Kaspersky Lab (2015, March 6): https://securelist.com/animals-in-the-apt-farm/69114/
Dealing and Responding to Proxy Activity
- Healey, Jason. “The Spectrum of National Responsibility for Cyberattacks.” Brown Journal of World Affairs 18.1 (2011): 57–69.
- Maurer, Tim “‘Proxies’ and Cyberspace,” Journal of Conflict and Security Law, (December 17, 2016)
- Bejtlich, R. ‘What Does “Responsibility” Mean for Attribution?’ (TaoSecurity, 22 December 2014) http://taosecurity.blogspot.com/ 2014/12/what-does-responsibility-mean-for.html4
4. History US Cyber Conflict
- Warner, Michael (2012) Cybersecurity: A Pre-history’, Intelligence and National Security, 27:5, 781-799 http://www.tandfonline.com/doi/full/10.1080/02684527.2012.708530
- Healey, Jason, and Karl Grindal. 2013. A Fierce Domain: Conflict in Cyberspace, 1986 to 2012. Cyber Conflict Studies Association.
- Sanger, David E., 2012. Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power (NY: Crown), pp. 188-209
5. US(CYBERCOM) Cyber Strategy
- Lynn, William J. III, “Defending a New Domain,” Foreign Affairs 89.5 (2010), 97-108.
- United States Cyber Command, “Achieve and Maintain Cyberspace Superiority”, (March 23, 2018), retrieved from: https://assets.documentcloud.org/documents/4419681/Command-Vision-for-USCYBERCOM-23-Mar-18.pdf
- Smeets, Max and Herbert S. Lin, Chapter 4: A Strategic Assessment of the U.S Cyber Command Vision, 2018, Bytes, Bombs & Spies, Brookings Institution Press: https://medium.com/freeman-spogli-institute-for-international-studies/bytes-bombs-and-spies-261564d51157
6. The Strategic Value of Cyber – Deterrence, Compellence, Persistence and more
- Gartzke, Erik. “The Myth of Cyberwar: Bringing War in Cyberspace Back Down to Earth.” International Security 38, no. 2 (October 2013): 41–73. doi:10.1162/ISEC_a_00136.
- Harknett, Richard J. and Michael P. Fischerkeller, “Deterrence is Not a Credible Strategy for Cyberspace,” (2017), Orbis Summer 2017, Vol. 61, No. 3
- Gartzke, Erik and Jon R. Lindsay. “Weaving Tangled Webs: Offense, Defense, and Deception in Cyberspace.” Security Studies 24, no. 2 (April 3, 2015): 316–48. doi:10.1080/09636412.2015.1038188.
- Aaron F. Brantly, Cyber Actions by State Actors: Motivation and Utility, International Journal of Intelligence and CounterIntelligence, 27:3 (2014)465-484
7. Cyber Norms
- Finnemore, Martha “Cultivating International Cyber Norms.” America’s Cyber Future: Security and Prosperity in the Information Age 2 (2011).
- Farrell, Henry and Charles L. Glaser, The role of effects, saliencies and norms in US Cyberwar doctrine, Journal of Cybersecurity, 3, 1, 1 March 2017, 7–17, https://doi.org/10.1093/cybsec/tyw015
- Finnemore, Martha and Duncan B. Hollis, “Constructing Norms for Global Cybersecurity,” 110 American Journal of International Law, Temple University Legal Studies Research Paper No. 2016-52
8. International Law
- Koh, Harold Hongju. “International Law in Cyberspace.” Harvard International Law Journal Online 54 (2012): 1–12.
- Schmitt, Michael N. “International Law in Cyberspace: The Koh Speech and the Tallinn Manual Juxtaposed,” Harvard International Law Journal, 54 (2012) http://www.harvardilj.org/wp-content/uploads/2012/12/HILJ-Online_54_Schmitt.pdf
- Waxman, Matthew C., “Cyber-Attacks and the Use of Force: Back to the Future of Article 2(4),” Yale Journal of International Law, vol. 36, no. 421 (2011): pp. 421-459.
- For primary resources check out National Security Archive CyberVault: https://nsarchive.gwu.edu/project/cyber-vault-project
- More comprehensive reading list can be found here: http://maxsmeets.com/cyber-references-project/
- Citizen Lab Reports: https://citizenlab.ca/publications/ (see APT notes for other threat intel reports)
- Blog: Lawfare: https://www.lawfareblog.com/topic/cybersecurity-and-deterrence
- Blog: War on the Rocks: https://warontherocks.com/tag/cyber/
- Blog: Council on Foreign Relations: Net Politics: https://www.cfr.org/blog/net-politics
- State of the Field on Cyber Conflict reports: http://www.cyberconflict.org/state-of-the-field/