Tag Archives: Persistent Engagement

Workshop Report: The Transatlantic Dialogue on Military Cyber Operations-Amsterdam

In Aug. 2019, Bobby Chesney (from Strauss Center at the University of Texas at Austin) and Max Smeets (from ETH Zurich and also Stanford University’s Center for International Security and Cooperation (CISAC)) convened a workshop in Amsterdam focusing on military operations in the cyber domain, from a transatlantic perspective. The “Transatlantic Dialogue on Military Cyber Operations—Amsterdam” gathered experts from military, civilian, and academic institutions hailing from a range of countries, including the United States, United Kingdom, Germany, the Netherlands, Denmark, Estonia, and France. It was made possible by generous support from the Hewlett Foundation, for which we are most grateful.

Though the event was conducted subject to the Chatham House Rule, we did produce a workshop report capturing the substance of the dialogue. For this we are indebted to the workshop rapporteur, Monica Kaminska (Oxford).

The full report is posted here. It tracks the sequence of panels at the workshop, covering the following subjects:

  • The European Policy Landscape
  • Key U.S. Concepts: Persistent Engagement and Defending Forward
  • Assessing the Risks
  • Procedures and Implications of Out-of-Network Operations in Allied Networks
  • Avenues for Coordination and Cooperation amongst Allied Countries

This article was first published by Lawfare

Cyber Conflict and International Relations: Where to get started

Cyber conflict seems to have become necessary and normal. Nearly every day cyber attacks occupy the headlines of mainstream media. A diverse group of governments across the world state that they are exploring options to (further) develop a capacity to conduct offensive cyber operations. Non-state actors also continue to rely on cyber means whilst pursuing a diverse set of motives.  

Yet, the dynamics of cyber conflict are complex, understudied, and constantly changing.  In 2012, when Gen. Keith Alexander was still heading the NSA and US Cyber Command, he stated that there is “much uncharted territory in the world of cyber-policy, law and doctrine”. Gen. Alexander’s statement still holds today. There is still much uncertainty about a broad set of related issues, such as the potential normative restraints on cyber conflict, fourth party intelligence collection, the strategic value of offensive cyber operations, and how state and non-state actors (can) work together in cyberspace – both from offensive and defensive perspective. Researchers have tried to answer these questions whilst the conceptual and empirical underpinnings of the field are fluid. New ‘data points’, like the cyber-enabled information operations during the US Presidential Elections, have (re)shifted the focus of the field and changed our understanding of what cyber conflict entails. New interpretations of old ‘data points’, like the re-study on the 1990s Moonlight Maze campaign, have equally altered our understanding of the field.

So where to get started if you’re a political science student (or diplomat, congressional staffer, etc.) new to the field of cyber conflict? Below you can find a very, very short reading list. It’s based on my teaching at Stanford University for the Master in International Policy (MIP), analysis of 25+ cyber conflict syllabi, and review of cyber conflict articles in top 50 Poli Sci journals. 

  1. Conceptualizing Cyberspace and Cyber Conflict

2. Types of Threat Actors and forms of Activity

3. Policy Dilemmas

(Public) Attribution

  • Rid, Thomas & Ben Buchanan, ‘Attributing Cyber Attacks’, Journal of Strategic Studies, 38:1-2 2015, http://www.tandfonline.com/doi/abs/10.1080/01402390.2014.977382
  • Florian Egloff, “Public Attribution of Cyber Incidents,” (2019, May),  CSS Analyses in Security Policy, http://www.css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/CSSAnalyse244-EN.pdf

VEP / Capability Build up

Organizational Integration

  • Michael Hayden, Playing the Edge: American Intelligence in the Age of Terror 
  • Michael Sulmeyer, “Much Ado About Nothing? Cyber Command and the NSA,” WarontheRocks, (2017, July 19) https://warontherocks.com/2017/07/much-ado-about-nothing-cyber-command-and-the-nsa/ 
  • Smeets, Max, “Organisational Integration of Offensive Cyber Capabilities: A Primer on the Benefits and Risks,” NATO CCD COE Publications, 2017, http://maxsmeets.com/wp-content/uploads/2018/09/Art-02-Organisational-Integration-of-Offensive-Cyber-Capabilities-2.pdf

Cybersecurity Dilemma

  • Buchanan, Ben, Cybersecurity Dilemma, 2017, Oxford University Press

Collateral Damage

4th Party Collection

  • Juan Andres Guerrero-Saade & Costing Raiu, “Waling in our enemy’s shadow: When Fourth-Party Collection Becomes Attribution Hell”, Virus Bulletin Conference, (2017, October): https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170728/Guerrero-Saade-Raiu-VB2017.pdf
  • GReAT, Animals in the APT Farm, Kaspersky Lab (2015, March 6): https://securelist.com/animals-in-the-apt-farm/69114/

Dealing and Responding to Proxy Activity

  • Healey, Jason. “The Spectrum of National Responsibility for Cyberattacks.” Brown Journal of World Affairs 18.1 (2011): 57–69.
  • Maurer, Tim “‘Proxies’ and Cyberspace,” Journal of Conflict and Security Law, (December 17, 2016)
  • Bejtlich, R. ‘What Does “Responsibility” Mean for Attribution?’ (TaoSecurity, 22 December 2014) http://taosecurity.blogspot.com/ 2014/12/what-does-responsibility-mean-for.html4

4. History US Cyber Conflict

  • Warner, Michael (2012) Cybersecurity: A Pre-history’, Intelligence and National Security, 27:5, 781-799 http://www.tandfonline.com/doi/full/10.1080/02684527.2012.708530
  • Healey, Jason, and Karl Grindal. 2013. A Fierce Domain: Conflict in Cyberspace, 1986 to 2012. Cyber Conflict Studies Association.
  • Sanger, David E., 2012. Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power (NY: Crown), pp. 188-209

5. US(CYBERCOM) Cyber Strategy

  • Lynn, William J. III, “Defending a New Domain,” Foreign Affairs 89.5 (2010), 97-108.
  • United States Cyber Command, “Achieve and Maintain Cyberspace Superiority”, (March 23, 2018), retrieved from: https://assets.documentcloud.org/documents/4419681/Command-Vision-for-USCYBERCOM-23-Mar-18.pdf
  • Smeets, Max and Herbert S.  Lin, Chapter 4: A Strategic Assessment of the U.S Cyber Command Vision, 2018, Bytes, Bombs & Spies, Brookings Institution Press: https://medium.com/freeman-spogli-institute-for-international-studies/bytes-bombs-and-spies-261564d51157

6. The Strategic Value of Cyber – Deterrence, Compellence, Persistence and more

  • Gartzke, Erik. “The Myth of Cyberwar: Bringing War in Cyberspace Back Down to Earth.” International Security 38, no. 2 (October 2013): 41–73. doi:10.1162/ISEC_a_00136.
  • Harknett, Richard J. and Michael P. Fischerkeller, “Deterrence is Not a Credible Strategy for Cyberspace,” (2017), Orbis Summer 2017, Vol. 61, No. 3
  • Gartzke, Erik and Jon R. Lindsay. “Weaving Tangled Webs: Offense, Defense, and Deception in Cyberspace.” Security Studies 24, no. 2 (April 3, 2015): 316–48. doi:10.1080/09636412.2015.1038188.
  • Aaron F. Brantly, Cyber Actions by State Actors: Motivation and Utility, International Journal of Intelligence and CounterIntelligence, 27:3 (2014)465-484

7. Cyber Norms

  • Finnemore, Martha “Cultivating International Cyber Norms.” America’s Cyber Future: Security and Prosperity in the Information Age 2 (2011).
  • Farrell, Henry and Charles L. Glaser, The role of effects, saliencies and norms in US Cyberwar doctrine, Journal of Cybersecurity, 3, 1, 1 March 2017, 7–17, https://doi.org/10.1093/cybsec/tyw015
  • Finnemore, Martha and Duncan B. Hollis, “Constructing Norms for Global Cybersecurity,”  110 American Journal of International Law, Temple University Legal Studies Research Paper No. 2016-52

8. International Law

  • Koh, Harold Hongju. “International Law in Cyberspace.” Harvard International Law Journal Online 54 (2012): 1–12.
  • Schmitt, Michael N. “International Law in Cyberspace: The Koh Speech and the Tallinn Manual Juxtaposed,” Harvard International Law Journal, 54 (2012) http://www.harvardilj.org/wp-content/uploads/2012/12/HILJ-Online_54_Schmitt.pdf
  • Waxman, Matthew C., “Cyber-Attacks and the Use of Force: Back to the Future of Article 2(4),” Yale Journal of International Law, vol. 36, no. 421 (2011): pp. 421-459.

Links