CCSA Blog

Wednesday
Jul032013

Event Summary: "The Chinese Cyber Challenge" at Atlantic Council

On June 24, CCSA's James Mulvenon and Gregory Rattray, along with Dmitri Alperovitch, co-founder and CTO of CrowdStrike Inc., took part in a discussion addressing the status of Chinese cyber espionage.  The event was hosted by the Atlantic Council and focused on solutions to resolve US-Chinese tension on cyber security and espionage.

As part of the discussion, each expert provided advice for US policy makers to consider when approaching these challenges.  Mr. Alperovitch began by categorizing the Chinese cyber threat into three sections: economic espionage dealing with intrusions into the private sector, national security espionage dealing with strategies to collect foreign intelligence, and computer attacks addressing the damage China could do to the US should such an attack occur.  Next, Dr. Mulvenon spoke about the value of offensive reactions to China's cyber threats and attacks, considering how on defense you have to prepare for any number of factors, while on offense, you only need one solution to be successful.  He suggested two approaches, first scaring China into a truce by stealing some of their information and enlightening them to the ramifications of attacking the US.  Second would be to "poison the well" by feeding China false information and getting them to doubt any data they may acquire.  Finally, Dr. Rattray spoke about the opportunity this new Chinese president has to steer hackers away from cyber attacks on the US and further risk alienating American businesses that used to look forward to Chinese business partnerships.  He also mentioned that despite this, the private sector should make better efforts to protect themselves rather than leaning on the government for help.

For more information on what took place during the discussion, please click here

Friday
Dec212012

Full "Addressing Cyber Instability" Monograph Available Online

The Cyber Conflict Studies Association released its full Addressing Cyber Instability monograph today. It is available for download at the CCSA website and will be coming out in paperback, hardback, and ePub in the upcoming weeks. 

The monograph fully delves into the issues articulated in the Executive Summary that was released earlier this year. Concluding over two years of research and analysis, the chapters focus on specific concerns in cyberspace: strategy, military doctrine and organization, non-state actors, and alternative approaches. The monograph is concluded with a primer on criticial infrastructure and cyber aimed at policymakers. 

Comments and questions can be sent to Hannah at hannah (at) cyberconflict (dot) org.

Monday
Jul092012

CCSA Releases "Addressing Cyber Instability" Executive Summary

The Cyber Conflict Studies Association is pleased to release its Executive Summary for Addressing Cyber Instability, the precursor to the forthcoming monograph surveying the field of cyber conflict and focusing on key recommendations across policy, strategy, military doctrine, and law. The report focuses on alternative approaches and the role of non-state actors on defensive collaboration, in addition to examining the sources and consequences of an unstable cyber environment and its effects on strategy and deterrence. The main conclusions of the longer monograph are contained in this volume. The PDF copy is available for download here.

As the CCSA report discusses, cyberspace is an inherently unstable national security domain. Its fundamental characteristics—such as the low cost of entry, abundant access points, and the difficulty of attribution—alter traditional power calculations. This enables non-state actors to wage proxy warfare on cyber battlefields, beyond national accountability or control. The vulnerability of national critical infrastructure endangers whole civilian populations, and places private enterprises on the front lines. Additionally, the absence of international norms and comparatively low costs of cyber attacks create incentives for nations to launch preemptive strikes in a coercive attempt to forestall more traditional kinetic conflict. In such an unstable environment, the consequences of misinterpreted signals between nations may be catastrophic.

CCSA launched the executive summary today in partnership with the Atlantic Council's Cyber Statecraft Initiative, with sponsorship from Intelligent Decisions and Cisco. Please visit the Atlantic Council website for video of the launch event.

Contact Executive Director, Hannah Pitts at hannah (at) cyberconflict (dot) org, with questions or feedback. The longer monograph will be released in late summer 2012.

Wednesday
Sep142011

Strategic Instability is Inherent in Cyber Conflict

***Cross-posted at Atlantic Council's New Atlanticist Blog***

By: Jason Healey and Hannah Pitts

Strategic instability will be an inherent factor in cyber conflict for the foreseeable future, according to preliminary findings of a research effort by the Cyber Conflict Studies Association (CCSA), led by Greg Rattray and James Mulvenon. This inherent cyber instability was the topic of a recent conference co-sponsored by the Atlantic Council, Council on Foreign Relations and CCSA. The full findings will be to be published by CCSA in December at an event cosponsored with the Atlantic Council's Cyber Statecraft Initiative.

As noted in a panel discussion – moderated by CCSA chairman James Mulvenon with Barry Pavel (Atlantic Council) and Chris Demchak (Naval War College) – on the causes and concerns of strategic cyber instability, many of the reasons for this instability have been recognized for a decade or more: the advantage of offense over defense, low barriers to entry, strategic and asymmetric vulnerability of critical infrastructure in developed nations, possibility for cascading effects and less-than-kinetic effects, difficulty of attribution, lack of norms, and the possibility for and relative ease of crossing international borders over intercontinental ranges.

However, what has not been fully appreciated by researchers or policymakers is that these factors combine to make cyber conflict far more unstable than conflict in other domains: 

  1. Nations are more likely to be tempted into launching pre-emptive attacks either in advance of, or to coercively attempt to forestall, more traditional kinetic conflict. 
  2. Non-state groups have been used as proxies by nations and will be less accountable and controllable than government forces. 
  3. As the issue is not well understood, there is a greater chance that nations will misunderstand signals being given by other nations in cyberspace, especially if in the midst of attacks by non-state actors. 
  4. Worse, in a cyber conflict nations have established or are prepared to use few of the traditional methods for risk reduction, such as hotlines between military operations centers (thinkFailsafe).

Accordingly more effort needs to be made, as will be noted in the forthcoming CCSA research, on addressing  this instability head on. More security will not, by itself, resolve this instability. Rather, nations

  • Must be prepared to work through disruptions (as DoD has already resolved to do),
  • Invest more in incident response to deal with the inevitable catastrophes,
  • Agree to norms and regimes, and
  • Establish mechanisms to ensure clear communications for conflict prevention and termination.

The highlight of the discussions on the conference was a lunch keynote on the relationship of Internet governance and cyber instability, by Paul Twomey, Atlantic Council board member, moderated by Stewart Baker.

Jason Healey (Atlantic Council) moderated a panel discussion on new approaches to deal with these issues, with Micah Zenko (Council on Foreign Relations) and Scott Charney (Microsoft) detailing other models. In addition, Jody Westby (Global Cyber Risk LLC) discussed establishing norms and legal regimes with Catherine Lotrionte (Georgetown University) and Martha Finnemore (George Washington University). 

In partnership with CCSA, the Atlantic Council will continue to be involved in this work and bring the results to this audience. 

Jason Healey is the Director of the Cyber Statecraft Initiative at the Atlantic Council of the United States. You can follow his comments on cyber cooperation, conflict and competition on Twitter, @Jason_Healey. This blog is the first of a periodic series on cyber conflict history. Hannah Pitts is the Executive Director of the Cyber Conflict Studies Association.

Hannah Pitts is the Executive Director of the Cyber Conflict Studies Association. Follow CCSA on Twitter: @CCSAORG. Jason Healey is the Director of the Cyber Statecraft Initiative at the Atlantic Council and a CCSA Board Member. You can follow him on Twitter, @Jason_Healey.

Page 1 2