DOCSLIB.ORG

Cyberspace and National Security

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cyberspace and National Security Cyberspace and National Security Selected Articles II Edited by Gabi Siboni המכון למחקרי ביטחון לאומי THE INSTITUTE FOR NATIONAL SECURITYc STUDIES INCORPORATING THE JAFFEE b d CENTER FOR STRATEGIC STUDIES Cyberspace and National Security Selected Articles II Edited by Gabi Siboni THE INSTITUTE FOR NATIONAL SECURcITY STUDIES INCORPORATING THE JAFFEE b d CENTER FOR STRATEGIC STUDIES Institute for National Security Studies THE INSTITUTE FOR NATIONAL SECURcITY STUDIES INCORPORATING THE JAFFEE b d CENTER FOR STRATEGIC STUDIES Graphic design: Michal Semo-Kovetz The Institute for National Security Studies (INSS), incorporating Printing: Elinir the Jaffee Center for Strategic Studies, was founded in 2006. The purpose of the Institute for National Security Studies Institute for National Security Studies is first, to conduct basic research that meets the highest (a public benefit company) academic standards on matters related to Israel’s national 40 Haim Levanon Street security as well as Middle East regional and international POB 39950 security affairs. Second, the Institute aims to contribute to Ramat Aviv the public debate and governmental deliberation of issues Tel Aviv 6997556 that are – or should be – at the top of Israel’s national security agenda. Tel. +972-3-640-0400 INSS seeks to address Israeli decision makers and Fax. +972-3-744-7590 policymakers, the defense establishment, public opinion makers, the academic community in Israel and abroad, and E-mail: [email protected] the general public. http://www.inss.org.il INSS publishes research that it deems worthy of public attention, while it maintains a strict policy of non-partisanship. © All rights reserved. The opinions expressed in this publication are the author’s March 2014 alone, and do not necessarily reflect the views of the Institute, its trustees, boards, research staff, or the organization and ISBN: 978-965-7425-59-6 individuals that support its research. Contents Foreword | 5 A Blueprint for Cyber Deterrence: Building Stability through Strength | 7 Frank J. Cilluffo, Sharon L. Cardash, and George C. Salmoiraghi Duqu’s Dilemma: The Ambiguity Assertion and the Futility of Sanitized Cyberwar | 29 Matthew Crosston The Strategic Uses of Ambiguity in Cyberspace | 43 Martin C. Libicki An Interdisciplinary Look at Security Challenges in the Information Age | 51 Isaac Ben-Israel and Lior Tabansky Cyber Warfare and Deterrence: Trends and Challenges in Research | 69 Amir Lupovici In Defense of Stuxnet | 83 James A. Lewis Unraveling the Stuxnet Effect: Of Much Persistence and Little Change in the Cyber Threats Debate | 95 Myriam Dunn Cavelty The Threat of Terrorist Organizations in Cyberspace | 105 Gabi Siboni, Daniel Cohen, and Aviv Rotbart The INSS Cyber Program | 133 Foreword Israel’s rapid development as a leading player in the cyber realm is one of several factors that have spurred research in Israel in general, and at the Institute for National Security Studies (INSS) in particular, on cyber-related issues. In order to broaden the scope of the research underway at INSS, the INSS Cyber Program has long promoted international cooperation in the field, reflected, for example, in the INSS conference on defensive operations and intelligence in cyberspace, held with the Cyber Security Forum Initiative (CSFI), a large and important organization in the United States cyber community. This year’s conference is also held in collaboration with various entities in Israel, including the Ministry of Intelligence, the National Cyber Staff, the IDF Computer Service Directorate, and the chief scientist in the Ministry of the Economy. The conference’s focus on defensive operations and intelligence allows INSS to highlight its work in this field, which complements a variety of related professional activities underway in Israel and around the world. This year’s conference has several important objectives, among them: to deepen cooperation among government agencies and organizations in the cyber field in Israel and the United States; to enhance exposure of the Israeli cyber market among American technology companies that seek to develop business in Israel or to lend exposure to Israeli capabilities and technologies abroad; and to expand international cooperation in the cyber field with other countries. As with previous conferences, we have compiled several articles written by researchers at INSS and institutions elsewhere around the world. These articles were prepared within the framework of the Institute’s Cyber Program, and were first published in the INSS journalMilitary and Strategic Affairs. Gabi Siboni Director, Cyber Program, INSS 5 Cilluffo, Cardash, and Salmoiraghi A Blueprint for Cyber Deterrence: Building Stability through Strength Frank J. Cilluffo, Sharon L. Cardash, and George C. Salmoiraghi “In many ways, deterrence in cyberspace is eminently more complicated than deterrence in the Cold War. The nature of the domain makes it so. Even the most sophisticated theo- ries behind nuclear deterrence will prove inadequate for dealing with the complexities of a man-made domain with a virtually infinite number of constantly changing actors, mo- tivations, and capabilities.”1 Cyber threats pose a real and growing problem, and to date, United States efforts to counter them have lagged. While the ability to defend against an attack or intrusion must be maintained, the US, like any country, would be well served by deterring its adversaries from acting in the first place – at least when it comes to the most serious of actions, namely cyber warfare. Clearly not all hostile behavior can be deterred, but it is important to identify priorities in this regard and determine how best to address those that lead the list. Despite animated discussions, development of a grand unified solution has remained elusive, in part because the complexity and crosscutting nature of cyber deterrence requires a comprehensive and cohesive solution that encompasses stakeholders in both the private and public sectors. In order to help structure the debate and advance toward the goal, we propose a framework that examines the issue critically and looks to Frank J. Cilluffo is director of the George Washington University Homeland Security Policy Institute (HSPI) and co-director of GW’s Cyber Center for National & Economic Security (CCNES). Sharon L. Cardash is associate director of HSPI and a member of CCNES. George C. Salmoiraghi is an attorney and advisor to HSPI in Washington, D.C. This article was first published in Military and Strategic Affairs 4, no. 3 (2012): 3-23. 7 Cilluffo, CardasH, AND SalmoiragHI | A BLUEPRINT FOR CYBER DETERRENCE dissuade, deter, and compel both state and non-state hostile actors. Placing potential threats into conceptual relief this way helps clarify the sources of danger and serves as a starting point for determining and attaching responsibility for hostile action(s) against a country or its allies. This then allows the relevant players who have been targeted by hostile actors to proceed with necessary discussions and action as both a precursor to, and actual execution of, appropriate and effective response measures. The rubric thus yields a further corollary benefit by aiding to identify areas that would benefit from or even require cooperation among affected/targeted entities. In short, this framework provides a starting point to explore ways to deter hostile actors, and as such offers a conceptual lens that can be of value to the US and its allies alike. Neither the range of actors nor their potential activities detailed below is meant to be exhaustive. It is instead a snapshot, and a rough one at that, intended to help convey a sense of who, what, how, why, and so on, as a prelude to a more in-depth discussion of strategy and policy in the area of cyber deterrence. State Actors Foreign militaries may engage in computer network attack/computer network exploitation (CNA/CNE) to limit, degrade, or destroy another country’s abilities, in furtherance of a political agenda. Foreign militaries are increasingly integrating CNA and CNE capabilities into their war fighting and military planning and doctrine.2 Such efforts have conventional battlefield applications (i.e., enhancing one’s own weapon systems and platforms, and/or stymieing those of others); and unconventional applications, as cyberspace extends the battlefield to incorporate broader civilian and societal elements. Cyber domain activity may cover intelligence preparation of the battlefield, to include the mapping of critical infrastructures of perceived adversaries.3 Foreign intelligence and security services: Exploits may include political, military, economic, and industrial espionage; theft of information from or about another government; or theft of intellectual property, technology, trade secrets, and so on in the hands of private corporations and universities. Many foreign intelligence services are engaged in industrial espionage in support of private companies.4 Ultimate aims of activities by this actor category include the desire to influence decisions, and affect the balance of power (regionally, internationally, and so on). Convergence of human and 8 Cilluffo, CardasH, AND SalmoiragHI | A BLUEPRINT FOR CYBER DETERRENCE technical intelligence is especially notable in this category, and includes the “insider” threat.5 Hybrid aspects: Elements of state capability may be integrated to achieve a whole that is greater than the sum of its parts. Alliances (state-to-state) may be invoked for a similar effect. Joint activity in
Load more

Recommended publications
  • The Security Lexicon from Westphalia to the Present a Cautionary Tale
    THE SECURITY LEXICON FROM WESTPHALIA TO THE PRESENT A CAUTIONARY TALE MAX G. MANWARING, PH.D. A new and dangerous dynamic is at work around the world today. That new dynamic involves the migration of some of the monopoly of political power (i.e., the authoritative allocation of values in a society) from the traditional nation-state to unconventional actors such as the Islamic State (ISIS), transnational criminal organizations, Leninist-Maoist insurgents, tribal militias, pri- vate armies, enforcer gangs and other modern mercenaries. These actors conduct their own political-psychological type of war against various state and other non-state adversaries. These violent politicized non-state actors are being ignored; or, alternatively, are being considered too hard to deal with. That misunderstanding must inevitably result in an epochal transition from traditional Western nation-state systems and their liberal democratic values to something else dependent on the values—good, bad, or non-existent—of the winner.1 To help civilian and military leaders, policy-makers, opinion-makers, and anyone else who might have the responsibility for dealing with modern conflict come to grips analytically with the security dilemma and other realities of the 21st century political-psychological environment, this paper seeks to do three things. In Part One, we outline a bit of essential history that takes us from the Westphalian Peace Treaty of 1648 to the present. In that context, we briefly consider a con- temporary example of the traditional military-centric approach to national and international security that is still alive and well. That is, Chinese military activity in the South China Sea.
    [Show full text]
  • National Security and Constitutional Rights in Korea
    National Security and Constitutional Rights in Korea - National Security Law, Past and Present Park Won Soon, Human Rights Lawyer Chair, Executive Committee, PSPD Director, Beautiful Foundation As of 25 August, of the 99 political prisoners in detention, 54 were detained on charges under the National Security Law. Of these, the majority were arrested under Article 7, which punishes membership of organizations deemed to "benefit the enemy", improving relations with North Korea prompted debate on reform of the National Security Law. President Kim Dae-Jung apparently encouraged by his award of the Nobel Peace Prize, announced his support for revisions to the National Security Law, but opposition to reform in the National Assembly from both the GNP and the ULD prevented significant revisions. (Amnesty International Report 2001) 1. Introduction De Facto Constitution - The National Security Law The National Security Law (NSL) in Korea has been called as a de facto constitution. It meas the NSL was under no other laws including the Constitution. Even though it is inferior to the Constitution namely, no legal enforcement agencies and the court could not challenge unconstitutionality of the law in reality. Korean peninsula has been one of the powder magazine where small incident could lead to big armed conflict. As a matter of fact, in 1950, there broke out Korean war in which over 3 million people were killed. Since then, national security has been regarded as the most important and senstive agenda among Korean people. Basic freedom and human rights enshrined in the Constitution has been sacrificed in the name of national security.
    [Show full text]
  • ICS Portugal
    Integrated Country Strategy PORTUGAL FOR PUBLIC RELEASE FOR PUBLIC RELEASE Table of Contents I. Chief of Mission Priorities .......................................................................................................... 2 II. Mission Goals and Framework ................................................................................................... 5 III. Mission Objectives ..................................................................................................................... 6 IV. Management Objectives .......................................................................................................... 11 FOR PUBLIC RELEASE Approved: August 6, 2018 1 FOR PUBLIC RELEASE I. Chief of Mission Priorities As we adopt this new Integrated Country Strategy, Portugal is reaping the benefits of a hard- won economic recovery while raising its international profile. The economy has returned to growth, while rating agencies’ elevation of Portuguese debt to investment grade will cut the cost of capital to finance further economic expansion. Effective Portuguese diplomacy has enabled Lisbon to punch above its weight in EU and global affairs. Portugal’s highly professional armed forces are looking forward to gaining new capabilities and to making a greater contribution to European, African, and Asian security through more deployments as Portugal makes the investments necessary to fulfill its Wales pledge to NATO. Coupled with Portugal’s avowed Atlantic orientation, all of these factors paint a picture of opportunity for
    [Show full text]
  • APPENDIX D Common Abbreviations
    ABBREVIATIONS APPENDIX D Common Abbreviations BIS Bureau of Industry and Security (Department of Commerce) BW Biological Weapons or Biological Warfare CBP Customs and Border Protection (Department of Homeland Security) CBRN Chemical, Biological, Radiological and Nuclear Weapons CCDC Collection Concepts Development Center CDC Centers for Disease Control and Prevention CIA Central Intelligence Agency CIFA Counterintelligence Field Activity (Department of Defense) CPD Counterproliferation Division (CIA) CTC Counterterrorist Center CW Chemical Weapons or Chemical Warfare D&D Denial and Deception DCI Director of Central Intelligence DCIA Director of Central Intelligence Agency DHS Department of Homeland Security DIA Defense Intelligence Agency DNI Director of National Intelligence DO Directorate of Operations (CIA) DOD Department of Defense DOE Department of Energy DOJ Department of Justice DS&T Directorate of Science and Technology (CIA) FBI Federal Bureau of Investigation FBIS Foreign Broadcast Information Service FIG Field Intelligence Group (FBI) FISA Foreign Intelligence Surveillance Act HPSCI House Permanent Select Committee on Intelligence HUMINT Human Intelligence IAEA International Atomic Energy Agency IAEC Iraqi Atomic Energy Commission 591 APPENDIX D ICE Immigration and Customs Enforcement (Department of Homeland Security) INC Iraqi National Congress INR Bureau of Intelligence and Research (Department of State) INS Immigration and Naturalization Services IRTPA Intelligence Reform and Terrorism Prevention Act of 2004 ISB Intelligence
    [Show full text]
  • The Interim National Security Strategic Guidance
    March 29, 2021 The Interim National Security Strategic Guidance On March 3, 2021, the White House released an Interim and what the right emphasis - in terms of budgets, priorities, National Security Strategic Guidance (INSSG). This is the and activities—ought to be between the different kinds of first time an administration has issued interim guidance; security challenges. The 2017 Trump Administration NSS previous administrations refrained from issuing formal framed the key U.S. national security challenge as one of guidance that articulated strategic intent until producing the strategic competition with other great powers, notably congressionally mandated National Security Strategy (NSS) China and Russia. While there were economic dimensions (originating in the Goldwater-Nichols Department of to this strategic competition, the 2017 NSS emphasized Defense Reorganization Act of 1986 P.L. 99-433, §603/50 American military power as a key part of its response to the U.S.C §3043). The full NSS is likely to be released later in challenge. 2021 or early 2022. By contrast, the Biden INSSG appears to invert traditional The INSSG states the Biden Administration’s conceptual national security strategy formulations, focusing on approach to national security matters as well as signaling its perceived shortcomings in domestic social and economic key priorities, particularly as executive branch departments policy rather than external threats as its analytic starting and agencies prepare their Fiscal Year (FY) 2022 budget point. The Biden Administration contends that the lines submissions. With respect to the latter, FY2022 will be the between foreign and domestic policy have been blurred to first budget prepared after the expiration of the budget caps the point of near nonexistence.
    [Show full text]
  • 2019 National Intelligence Strategy of the United State
    The National Intelligence Strategy of the United States of America IC Vision A Nation made more secure by a fully integrated, agile, resilient, and innovative Intelligence Community that exemplifies America’s values. IC Mission Provide timely, insightful, objective, and relevant intelligence and support to inform national security decisions and to protect our Nation and its interests. This National Intelligence Strategy (NIS) provides the Intelligence Community (IC) with strategic direction from the Director of National Intelligence (DNI) for the next four years. It supports the national security priorities outlined in the National Security Strategy as well as other national strategies. In executing the NIS, all IC activities must be responsive to national security priorities and must comply with the Constitution, applicable laws and statutes, and Congressional oversight requirements. All our activities will be conducted consistent with our guiding principles: We advance our national security, economic strength, and technological superiority by delivering distinctive, timely insights with clarity, objectivity, and independence; we achieve unparalleled access to protected information and exquisite understanding of our adversaries’ intentions and capabilities; we maintain global awareness for strategic warning; and we leverage what others do well, adding unique value for the Nation. IAL-INTE AT LL SP IG O E E N G C E L A A G N E O I N T C A Y N U N A I IC T R E E D S M TATES OF A From the Director of National Intelligence As the Director of National Intelligence, I am fortunate to lead an Intelligence Community (IC) composed of the best and brightest professionals who have committed their careers and their lives to protecting our national security.
    [Show full text]
  • South Korea's National Security: Concepts, Threat Perceptions and Strategies
    9thBerlin Conference on Asian Security (BCAS) International Dimensions of National (In)Security Concepts, Challenges and Ways Forward Berlin, June 14-16, 2015 A conference jointly organized by Stiftung Wissenschaft und Politik (SWP), Berlin and Konrad-Adenauer -Stiftung (KAS), Berlin Discussion Paper Do Not Cite or Quote without Author’s Permission Session I: National Security – Concepts and Threat Perceptions Seok-soo Lee Research Institute for National Security Affairs Seoul South Korea’s National Security: Concepts, Threat Perceptions and Strategies Seok-soo Lee Introduction The concept of national security began to capture attention since the World War II. Under the Cold war structure, which is defined by the acute military confrontation between the Western and Eastern Block1, security had been understood as military- related. Security is referred to as military security. During the period, strategic studies constituted a mainstream in security discussions. Here, strategic studies mean military security studies. Security was about the survival of sovereign states. State took center stage in security studies as a referent object and an actor to achieve security.’ In the Cold War era, the concept of ‘national security’ was dominantly built on the two elements: state and military threat. With the Cold War over, military threats became diluted and new threats loomed. Against this backdrop, broadening and deepening of security studies gained ground. Broadening has to do with diversification of security threats. The emergence of various
    [Show full text]
  • Intelligence Community Classification Guidance Findings and Recommendations Report
    UNCLASSIFIED The Office of the Director of National Intelligence Associate Director of National Intelligence and Chief Information Officer INTELLIGENCE COMMUNITY CLASSIFICATION GUIDANCE FINDINGS AND RECOMMENDATIONS REPORT January 2008 Prepared by The Director of National Intelligence and Chief Information Officer, Intelligence Community Technology Governance UNCLASSIFIED UNCLASSIFIED Table of Contents FOREWORD...............................................................................................................................IV EXECUTIVE SUMMARY..........................................................................................................V PURPOSE...................................................................................................................................... 6 BACKGROUND ........................................................................................................................... 6 Basis for Classifying Information.................................................................................................6 Levels of Classification ..................................................................................................................7 Relationship of Information Classification to Information Sharing .........................................8 Déjà Vu: Call for Change in Classification Practices................................................................9 METHODOLOGY ....................................................................................................................
    [Show full text]
  • Security of the Korean Peninsula: U.S
    Security of the Korean Peninsula: U.S. Continuing Commitment Richard S. Jackson Major, United States Air Force Director of Operations 5th Reconnaissance Squadron Osan AB, Republic of Korea As the world transitions into the 21st century , changes in the international environment require U.S. strategists to re-examine America's vital national interests in East Asia. In particular, what form of security arrangement for the Korean Peninsula best suits the United States Security Strategy of "enlarging the community of market democracies while deterring and containing a range of threats to our nation, our allies and our interests?"(1) America's political and security interests spring from economic interests. Growing international interdependence with the economies of the Asia-Pacific region will gain momentum and alter the international security environment. The United States and Pacific rim nations will become even more interdependent in the coming decades. Trade between the two sides of the Pacific is vital to the stability of the world economy and a stable Asia-Pacific region is of vital strategic interest to the United States. In his May 3, 1994 remarks to the Asia Society, U.S. Secretary of Defense William Perry stated that, "North Korea threatens the peace and stability of Northeast Asia, which holds the world's fastest-growing economies."(2) The current U.S. strategy in East Asia is based on a military presence to ensure broad regional stability and deter aggression in order to provide a foundation for economic growth, mutually benefiting Asians and Americans.(3) A stable Asia-Pacific region is a vital interest of the United States, but are the continuing tensions on the Korean Peninsula a real threat to U.S.
    [Show full text]
  • Critical Infrastructure Protection: Maintenance Is National Security
    Journal of Strategic Security Volume 8 Number 5 Volume 8, No. 3, Fall 2015 Supplement: Eleventh Annual IAFIE Article 3 Conference Critical Infrastructure Protection: Maintenance is National Security Kris Hemme University of Texas at El Paso Follow this and additional works at: https://scholarcommons.usf.edu/jss pp. 25-39 Recommended Citation Hemme, Kris. "Critical Infrastructure Protection: Maintenance is National Security." Journal of Strategic Security 8, no. 3 Suppl. (2015): 25-39. This Article is brought to you for free and open access by the Open Access Journals at Scholar Commons. It has been accepted for inclusion in Journal of Strategic Security by an authorized editor of Scholar Commons. For more information, please contact [email protected]. Critical Infrastructure Protection: Maintenance is National Security Abstract U.S. critical infrastructure protection (CIP) necessitates both the provision of security from internal and external threats and the repair of physically damaged critical infrastructure which may disrupt services. For years, the U.S. infrastructure has been deteriorating, triggering enough damage and loss of life to give cause for major concern. CIP is typically only addressed after a major disaster or catastrophe due to the extreme scrutiny that follows these events. In fact, CIP has been addressed repeatedly since Presidential Decision Directive Sixty-Three (PDD Sixty-Three) signed by President Bill Clinton on May Twenty- Second, 1998.[1] This directive highlighted critical infrastructure as “a growing potential vulnerability” and recognized that the United States has to view the U.S. national infrastructure from a security perspective due to its importance to national and economic security.
    [Show full text]
  • Standard Form 86, Questionnaire for National Security Positions
    Standard Form 86 Form approved: Revised November 2016 QUESTIONNAIRE FOR OMB No. 3206 0005 U.S. Office of Personnel Management 5 CFR Parts 731, 732, and 736 NATIONAL SECURITY POSITIONS Follow instructions completely or your form will be unable to be processed. If The Investigative Process you have any questions, contact the office that provided you the form. Background investigations for national security positions are conducted to All questions on this form must be answered completely and truthfully in gather information to determine whether you are reliable, trustworthy, of good order that the Government may make the determinations described below on conduct and character, and loyal to the U.S. The information that you provide a complete record. Penalties for inaccurate or false statements are discussed on this form may be confirmed during the investigation. The investigation may below. If you are a current civilian employee of the federal government: extend beyond the time covered by this form, when necessary to resolve failure to answer any questions completely and truthfully could result in an issues. Your current employer may be contacted as part of the investigation, adverse personnel action against you, including loss of employment; with although you may have previously indicated on applications or other forms respect to Sections 23, 27, and 29, however, neither your truthful responses that you do not want your current employer to be contacted. If you have a nor information derived from those responses will be used as evidence security freeze on your consumer or credit report file, then we may not be against you in a subsequent criminal proceeding.
    [Show full text]
  • Central Intelligence Agency 355
    CENTRAL INTELLIGENCE AGENCY 355 conflicts, and controlled media. A not- and Radio Sawa networks. Alhurra TV for-profit corporation, RFE/RL is funded broadcasts to 22 countries in the Middle by a Federal grant from the Broadcasting East via satellite. Its schedule includes Board of Governors. Internet, up-to-the-minute newscasts, www.rferl.org. documentaries, discussion programs, and Radio Free Asia Radio Free Asia (RFA) other programs on a variety of subjects. is an independent, nonprofit Radio Sawa broadcasts on FM and AM organization broadcasting and publishing to major Middle Eastern countries. It also information online in nine East Asian seeks to reach a significant portion of the languages, including Burmese, under 30 population with a combination Cantonese, Khmer, Korean, Lao, of news, opinion features, and a blend of Mandarin, Tibetan, Uyghur, and mainstream Western and Arabic music. Vietnamese. RFA provides news and Internet, www.radiosawa.com and information related specifically to the www.alhurra.com. people in East Asia who are censored from officially sanctioned domestic Office of Cuba Broadcasting The media. All language services are staffed Office of Cuba Broadcasting oversees and directed by native speakers and Radio Marti and TV Marti. These two maintain Web sites which offer Spanish language services provide news podcasting, syndication, and feedback about Cuba and the world, features, and options, while several services also offer entertainment programs aimed at Cuba. regular toll-free hotlines to callers in Based in Miami, these comprehensive Asia. RFA is funded by an annual grant and timely broadcasts offer Cubans the from the Broadcasting Board of opportunity to receive unfiltered and Governors.
    [Show full text]