The Journal Online

Cyberspace in Multi-Domain Battle

and For months, a nation state has covertly infiltrated a neighboring state’s critical networks while massing armored forces along its common border with a US ally. While the adversary prepares to launch a massive cyber-attack on its neighbor state, its tanks are readied to roll over the border. Nearby, a U.S. Division, engaged in an allied training exercise prepares to become the first line of defense against aggression. Unknown to the adversary, Allied and US forces have hardened their networks and at the first indication of aggression, have temporarily cut power to a nearby city to deceive the enemy. Simultaneously, a U.S. Navy warship fires an Electro Magnetic Pulse (EMP) missile at the adversary, disabling their electronic systems. Facing a numerically superior enemy, Allied forces, take advantage of the window of opportunity created by the EMP weapon to engage the crippled and confused enemy forces across multiple domains. Read the whole article below...

Cyber (In)Security: Decision-Making Dynamics When Moving Out of Your Comfort Zone

  “Every assumption we hold, every claim, every assertion, every single one of them must be challenged.” — General Mark A. Milley, 39th Chief of Staff of the U.S. Army This paper focuses on how the dynamic speed of change and the compression of time in cybersecurity move individuals and organizations out of their comfort zones. This often results in forcing faulty decision-making generated by an enhanced dependence on untested assumptions. The counterbalance to this behavior begins by recognizing a key truism: within every decision lies an assumption. Equipping your cyber team with the mechanisms and tools to identify and properly challenge these assumptions drives better decision-making and new opportunities to successfully defend, attack, and adapt in the cyber battleground. Read the whole article below...

Joint Interagency Coordination: How Can the Reserve Component Be Better Utilized to Defend Our Nation in the Cyber Arena? 

Introduction In a time of constrained and reduced resources and to fortify the protection against the ever-increasing global cyber threats, the United States (US) must do more with less and better utilize its existing resources. The Reserve Components (RC) of the US military are filled with cyber expertise gained through civilian and military training as well as job experience. If the Department of Defense (DoD) can develop a program to better utilize the experience and skills resident in the Reserves, the US military can improve the nation’s cyber capabilities and better protect its networks. Based on the current DoD CYBER Strategy[i], the Guard and Reserve has a significant role to play in the cyber realm. Specifically, the DoD CYBER Strategy calls on the Guard and Reserve to provide a “resource for expertise and to foster creative solutions to cybersecurity problems” and to provide “critical surge capacity” when needed. To provide the resources required to defend the nation, the Reserve Forces need to be better utilized. This paper proposes the establishment of a full-time support program manned by the RC and augmented by traditional Selected Reservists and Guardsmen on weekend duty. This program will capitalize on existing expertise and further develop the in-depth technical skills required to tackle the enormous cybersecurity challenges that exist today, and in the future. Also, the creation of such a program will result in an available, fully trained surge capacity when needed. USCYBERCOM’S Cyber Mission Force In December 2012, the U.S. Secretary of Defense (SecDef) authorized the creation of the Cyber Mission Force (CMF). According to the DoD CYBER Strategy and the 2014 Quadrennial Defense Review (QDR),...

Blogs

After Twenty Years of Cyber – Still Unchartered Territory Ahead

The general notion is that much of the core understanding of cyber is in place. I would like to challenge that perception. There are still vast territories of the cyber domain that need to be researched, structured and understood. I would like to use Winston Churchill’s words: “it is not the beginning of the end; it is maybe the end of the beginning.” In my opinion, the cyber journey is still in a very early stage. The cyber field has yet to mature, and the big building blocks for the future cyber environment are not yet in place. The Internet and networks that support it have increased dramatically over the last decade. Even if the growth of cyber might be stunning, the actual advances are not as impressive. In the last 20 years cyber defense and cyber as a research discipline has grown from almost nothing to a major global enterprise and the recipient of considerable resources. In the winter of 1996-1997, there were four references to cyber defense in the search engine of that day (AltaVista). Today, there are about 1.3 million references in Google. Cyber knowledge has not developed at the same rapid rate as the interest of, concern and resources for cyber. The cyber realm is still struggling with elemental challenges such as attribution. Traditional topics in political science and international relations such as deterrence, sovereignty, borders, the threshold for war and norms in cyberspace are still under and discussion. From a military standpoint, there is still a debate about what cyber deterrence would look like, what the actual terrain and maneuverability are like in cyberspace,...

WarTV: A Future Vision for a Common Operating Picture

and 1 MAY 2011 – ABBOTTABAD, PAKISTAN – Abbottabad, Pakistan is less than a two-hour drive from the capital city of Islamabad and 3.1 miles from the Pakistan Military Academy to the southwest. In relative terms, Abbottabad is a much less busy place than Karachi, Pakistan, and is very attractive to tourists and those seeking higher education for their children. Despite Abbottabad’s relative inactivity compared to the bustling Karachi, there were signs of digital life in 2011.     Figure 1 @ReallyVirtual, AKA Sohaib Athar, a resident of Abbottabad accidentally live tweets the Navy SEAL raid on the Bin Laden Compound.  All timestamps from the tweets are US Eastern Time.   Unwittingly, Sohaib Athar, or @ReallyVirtual live-tweeted the Navy SEAL raid on the compound that housed Osama bin Laden and his family 0.8 miles southwest of the Pakistan Military Academy from the hours of 3:58 pm Eastern Standard Time through 6:39 pm Eastern Standard Time on 1 May 2011.[i] This is just months after The Arab Spring protesters began utilizing social media, Facebook and Twitter in particular, to influence large swaths of populations into a movement of collective activism, operating outside of the purview of state-owned media platforms. At this point, the Internet had begun to grow at an accelerated rate with massive impacts traversing the virtual sphere into the physical world. At the time, most members of the military did not understand the implications social media had on the geopolitical stage. However, the military should understand social media as a magnifying glass into the human domain, and should integrate these computer-mediated technologies into operations. Fast forward to today, where...

The Increasing Necessity for a United States Cyber Service

Conducting cyber warfare is cheap and easy.[1] It affords anyone from individual hackers to nation-state actors the ability to wage destructive acts against the United States.[2] In 2009, the Secretary of Defense directed the Commander of U.S. Strategic Command to establish a sub-unified command, U.S. Cyber Command (USCYBERCOM), to prepare the Department of Defense (DoD) for the integration of offensive and defensive cyberspace operations.[3] Due to the constant rate of change in cyberspace, USCYBERCOM has experienced challenges integrating joint force cyber components. A quick examination of the US cyber force organizational chart demonstrates how complex the relationships are between service components and outside agencies. These organizational intricacies have led Admiral Michael Rogers, National Security Agency (NSA) Director and Commander of USCYBERCOM, to ask “is cyber so different, so specialized, so unique, so not well understood that it requires a very centralized, focused, unique construct to how we generate capacity and knowledge?”[4] While still heavily debated, many US government officials believe the existing organizational structure best meets current DoD requirements. However, there is an increasing necessity to transform the joint cyber construct into a stand-alone military service branch or similar entity that is separate from, yet integrated into the other military service branches. This necessity is based on cyberspace operations occurring in a separate operational domain, requiring a different organizational composition than traditional service branches, and hampered by the current joint cyber construct. The most compelling reason for creating a separate, standalone cyber service is its distinct “global domain within the information environment consisting of the interdependent network of information technology infrastructures and resident data, including the Internet, telecommunication networks,...

Network Science Center

Cyber Domain: Getting Ourselves Ready for Future Readiness and Conflict

The issue.  DoD has been trying to establish its plans, structures, processes, and systems to deal with its cybersecurity and operational issues for several years. These efforts have slowly evolved as DoD has clarified and understood its cyber mission. Given the latest proclamation of the cyber roles assigned to government agencies (in the Presidential Policy Directive 41), it is probably time to put together more definitive plans for the DoD cyber forces and the cyber duties associated with all units, service members, and DoD employees. Another recent document that helps DoD sort out its cyber roles comes from the Joint Operating Environment 2035 (JOE2035), subtitled The Joint Force in a Contested and Disordered World, published in 14 July 2016. Essentially, the President’s document assigns DoD to take care of DoD-related contested military cyber issues. The JOE2035 predicts there will be plenty to do by the cyber forces, and identifies a high-probability, almost continuous, context for future conflict in cyberspace by outlining the struggle to define and protect sovereignty in cyberspace for our military. The cyber domain is a growth area with the specter of continuous, sometimes intense, conflict for a long time. With the US depending heavily on the interdependent networks of information technology (Internet, telecommunications networks, computer systems, embedded processors and controllers) and the data, information, and knowledge that is stored and flows through and between these systems, the cyber domain is the place where a high-stakes competition has, is and will be taking place.   DoD is concerned about:  Growth of state- and non-state-sponsored cyber forces and capabilities. These organizations will have more advanced cyber warfare capabilities....

The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography

and The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography Simon Singh New York: Random House, 1999, 432 pp. ISBN 978-0-307-78784-2   The Code Book is about the mathematics and science of codes and ciphers throughout history. Singh specifically lists two purposes for this book. The first is to show the evolution of codes and ciphers, and the second is to demonstrate their relevance in today’s society. Throughout the eight chapters, he discusses the elements of complex ciphers and simplifies the mathematical details for a general audience. He enthusiastically presents stories surrounding ciphers such as who created them, who sought to break them, and if and how the codebreakers were successful. We, as student and instructor in a course entitled Networks for Cyber Operations, used this book as one of our texts in the Spring semester of 2016. To illustrate his first point, Singh shares stories about well-known ciphers such as those involving Mary Queen of Scots, the Beale Papers, and the Enigma. He uses Mary Queen of Scots to show the evolution of secret writing and the development of cryptography. He discusses how secret writing evolved into steganography and cryptography, how cryptography developed into transposition and substitution, and lastly, how substitution evolved into codes and ciphers. Additionally, he discusses the story behind the Beale Papers to introduce how codemakers use keys to encrypt their messages. Sharing the story of the Enigma Machine in World War II, he shows the evolution from encryption by hand to encryption by machine. Singh also reveals how codebreakers accomplished their work to demonstrate that as long as codemakers develop new...