State of the Field of Cyber Conflict Workshop, June 2017

On June 8th and 9th, Columbia University SIPA and the Cyber Conflict Studies Association co-hosted the State of the Field of Cyber Conflict Workshop. The event provided an opportunity to bring together practitioners and academics exploring the dynamics of cyber conflict. The event bridged disciplines and sectors to establish the building blocks for a new generation of research questions. Participants discussed  cyber conflict as a field of research, agreed on primary topic areas of research, reviewed the core questions in each of those topics, created a shared understanding of existing research on those questions, and identified canonical works. Breakout sessions were scheduled around the following core topics:
  • Economic Impact of Cyber Threats
  • Tactical and Operational Level Dynamics of Cyber Conflict
  • Strategic Dynamics of International Security
  • Intelligence and Adversaries
  • Cyber Conflict History
  • Legal and Ethical Issues
Breakout sessions were led by a moderator who worked with rapporteurs to provide substance and structure the discussion which followed Chatham House rules. In additional to established researchers, PhD candidates played a particularly significant role in the event as both rapporteurs and participants. New scholars are frequently the ones most in need of this material and who can produce literature reviews and research which will fuel future conferences.

A link to the 2016 Workshop Report can be downloaded hereAs output materials from the Workshop are developed they'll be posted to this page. Please follow up so we can continue to expand the conversation and build on this years workshop.

Join the CCSA Mailing List

The CCSA Board uses a mailing list to notify the community about coming events, interesting publications and developments in the cyber conflict research world. 

You can find the signup form at the main CCSA website here, or visit this link:


What are the Costs of Cyber Crimes and Cyber Espionage?

Is cyber crime "the greatest transfer of wealth in human history," or just a "rounding error in a fourteen trillion dollar economy?"  First of all, it is very difficult to estimate how much is lost every year as a result of cyber crimes, from a few billion to hundreds of billions of dollars.  Some companies conceal their losses, sometimes they don't even realize they are suffering losses, and it is hard to put a value on intelectual property.  The large dollar amount is not the only measurement.  We must also consider the effects cyber crime has on trade, technology, and competitivenes, such as the pace of innovation, distortion of trade, and social costs from job loss.  High end estimates see loss of jobs at over 500,000 due to cyber crime.  Losses due to malicious cyber activity can be broken down into six parts: loss of intellectual property and confidential information, cybercrime, loss of sensitive business information including manipulation of stock market, opportunity costs, additional costs of defending networks, insurance, etc., and loss of reputation to hacked companies.  In the end, the larger effect may be on everything else affected by cyber crime than a specific dollar amount.  If more is not done to combat cyber attacks, there could be many short and long term effects in the coming years.  For more information on the costs of cyber crime, click here.


Iran: How a Third Tier Cyber Power Can Still Threaten the United States

On July 29, a conference was held by the Atlantic Council's Cyber Statecraft Initiative to discuss Iran's threat as a cyber power to the United States in the Cosmos Club in Washington, DC.  The panel included Atlantic Council's Barbara Slavin, Atlantic Council and CCSA's Jason Healey, CrowdStike's Dmitri Alperovitch, and George Washington University's Frank Cillufo.  The panel began by discussing the current state of Iran with its recent elections and a cautious optimism for change with the new minister.  They then shifted to discussing Iran's current cyber capabilities, such as while still being limited to destruction of data and disruption of services, within five years, could be on the same level as the US, China, and Russia, among others with a higher intent to do damage than all the others.  A main target for Iran has been the United State's financial sector, especially the banks.  This is likely due to the economic sanctions placed over Iran by the United States.  With current attacks not being overly damaging, such as attacks on the banks usually only lasting a day or two, with little actual damage to the bank, the US continues to add more infrastructure to the Internet.  It is a matter of time before Iran attacks a target that is very vulnerable, where they can keep it down for a long period of time and cause serious damage.


A Fierce Domain Launches

 On July 18, A Fierce Domain: Conflict in Cyberspace, 1986 to 2012, edited by CCSA's Jason Healey, successfully launched at George Washington University's Homeland Security Policy Institute.  This book is the first of its kind to provide a comprehensive history of cyber conflict, discussing a number of early attacks that served as wake up calls to the need for greater cyber security.  The book also goes on to identify important lessons for policymakers.  For more information on A Fierce Domain, click here.  For more coverage on Jason Healey and A Fierce Domain, check out these stories: Digital Doomsters and The Future of US Cyber Command.  To purchase the book from Amazon, click here.  Below are pictures from the launch event.