Categories
Cyber

Bias and Misperception in Cyberspace

Image courtesy of DVIDS/Alexis Flores

This article was originally published by the Real Elcano Institute on 17 March 2020.

Theme

With cyber operations serving as an instrument of foreign policy, it is fair to posit that cognitive factors that account for behavior in the physical domain are equally applicable to cyberspace.

Categories
Cyber

The Future of Values in Cyber Security Strategies

Image courtesy of Ecole polytechnique/Flickr. (CC BY-SA 2.0)

This article was originally published by the Elcano Royal Institute on 27 February 2020.

Theme

While national cyber security strategies have proliferated worldwide in the past decade, most have been overwhelmingly focused on resilience at the expense of political values. This paper addresses the challenges that have arisen from an overly technical focus on cyber security that has failed to consider the application of value sets in strategy creation.

Categories
Cyber

Cyber Deterrence Is Dead: Long Live Cyber Deterrence!

Image courtesy of Jacob Osborne/DVIDS.

This article was originally published by the Council on Foreign Relations on 18 February 2020.

Born in the 1990s, the thinking on cyber deterrence was nurtured by the U.S. Department of Defense in numerous war-gaming exercises. Hitting puberty in the aftermath of the distributed denial-of-service campaign against Estonia in 2007, cyber deterrence matured after Stuxnet and received peak attention from policymakers and academics from 2013 to 2016 during the golden age of ‘cyberwar’ scholarship. From 2016 onward, the interest in cyber deterrence started to fade to the extent that it is now intentionally neglected. The figure below captures this short life cycle by quantitatively visualizing the number of articles, book chapters, and research reports written on ‘cyber deterrence’ and ‘cyberdeterrence’ between January 1990 and January 2020.

Categories
Cyber

Expanding Disclosure Policy to Drive Better Cybersecurity

Image courtesy of Joffi/Pixabay

This article was originally published by the Council on Foreign Relations (CFR) on 16 October 2019.

Introduction

Threats to national and economic security emanating from cyberspace are all too real, but public disclosure of incidents of the theft of intellectual property (IP) is exceedingly rare. Former National Security Agency Director and the first Commander of Cyber Command Keith Alexander has labeled China’s theft of U.S. intellectual property through cyber means “the greatest transfer of wealth in history.” Few experts in the field dispute that conclusion. In November 2015, National Counterintelligence Executive William Evanina estimated that cyber-enabled economic espionage cost the U.S. economy $400 billion per year, with 90 percent of the theft originating in China.

Categories
Cyber

Contested Public Attributions of Cyber Incidents and the Role of Academia

Image courtesy of Saksham Gangwar/Unsplash

In a recent article in Contemporary Security Policy, Florian J. Egloff reflects on the contested nature of public attributions of cyber incidents and what role academia could take up.

In the last five years, public attribution of cyber incidents has gone from an incredibly rare event to a regular occurrence. Just in October 2018, the UK’s National Cyber Security Centre publicized its assessment of cyber activities conducted by the Russian military intelligence service (also known by its old acronym, the GRU). Clearly, publicizing activities that other political actors like to keep secret is a political act – but what kind of political act is it and what happens when a government publicly attributes?