SlideShare uma empresa Scribd logo

Raduenzel_Mark_ResearchPaper_NSEC506_Fall2015

M
Mark Raduenzel
1 de 15
Baixar para ler offline
U.S. CYBER STRATEGY AND OFFENSIVE CYBER OPERATIONS Mark Raduenzel
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 1 of 14 Introduction Computer Network Operations (CNO), or “cyber operations”, have become an important element of modern warfare. As part of cyber warfare, offensive cyber operations may be executed by a nation to disrupt, deny, degrade or destroy the information which resides in computers or the networks in which the computers are members of. These actions can be taken either as a prelude to conventional, kinetic war or even in lieu of war if the actions are taken to further a national security policy objective. In May of 2011, the Obama administration published its “International Strategy for Cyberspace” which aims to “build and sustain an environment in which norms of responsible behavior guide states’ actions, sustain partnerships, and support the rule of law in cyberspace” (White House 2011). In April of 2015, the Department of Defense (DoD) released its own cyber-strategy document which is intended to act as a guide for developing DoD’s own cyber forces while also strengthening cyber defense and improving cyber deterrence (DoD 2015, 2). It is widely recognized that all cyber strategies published to date necessarily include elements of defense. However, a well-defined cyber-strategy should also explicitly contain a blueprint for offensive cyber operations which could be used in support of military operations or to achieve national security objectives. Purpose of the Study The purpose of this study is to examine the United States’ existing cyber-strategy in order to determine if offensive computer network operations are supported or if current strategy should be revised to incorporate offensive operations. Offensive cyber operations, if supported, could be invaluable in helping the United States achieve its national security objectives.
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 2 of 14 Research Question and Hypothesis The primary research question this study will attempt to answer is: what elements of the United States' current cyber-strategy support offensive computer network attacks? A secondary question which the research will hope to answer is: why would the United States or any nation conduct offensive computer network attacks? The tentative hypothesis to answer the primary question is that while current cyber-strategy provides an adequate defensive approach for United States’ military and non-military computer networks, the strategy does not explicitly support the use of computer network attacks to further national security. Research Strategy This study will utilize a qualitative research strategy to identify the parameters, if any, for conducting offensive cyber operations. Current elements of national cyber-strategy will be examined to determine the strategy’s objectives paying special attention to the concept of offensive operations. The study will also explore the doctrine of conducting pre-emptive strikes and their appropriateness within the context of cyber operations. Lastly, the current national cyber-strategy will be compared to existing international cyber-strategy in order to highlight gaps in United States’ strategy and identify areas for improvement. Literature Review Dr. Andrew M. Colarik is an independent consultant, researcher and author of multiple security books and publications covering cyber terrorism, information warfare and cyber security. Dr. Lech Janczewski has over thirty-five years of experience in information technology with extensive research in cyber terrorism. Their co-authored article in the Journal of Strategic Security, “Establishing Cyber Warfare Doctrine”, examines the theoretical foundation of current cyber warfare research, what has been learned to date about its application and some of the
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 3 of 14 emerging themes to be considered including the development of a national cyber warfare doctrine. Considered in the article by Colarik and Janczewski is why computer systems and the infrastructures which support them should be included as valid military targets and further highlights several recent events to support this assertion. The authors postulate that “modern nations lack a grand strategy for handling cyber-attacks, one that gathers and coordinates their national resources for shared security and prosperity” (Colarik and Janczewski 2012, 32). As mentioned above, this perspective places the focus of cyber-strategy solely on defense and ignores the benefits an offensive strategy could have for the United States. Recent examples of cyber-attacks are reviewed by Colarik and Janczewski which is applicable to this research because they serve as examples where offensive computer network attacks were conducted by states or their proxies in order to further their own national strategy. For example, a series of Distributed Denial of Service (DDoS) attacks against Estonia in 2007 forced the country to isolate itself digitally in order to prevent the nation from being crippled. Also examined are the attacks against the former Soviet-bloc state of Georgia which utilized similar methods to the Estonian attacks, and the Stuxnet worm which targeted Iran’s Bushehr nuclear power plant and set Iran’s nuclear program back by several years (Colarik and Janczewski 2012, 34). While these events demonstrate previous incidents of offensive computer network attacks, the authors do not indicate if this approach is permitted within the context of United States’ current cyber-strategy. Mark D. Young is a Special Counsel for Defense Intelligence, House Permanent Select Committee on Intelligence. In the Journal of National Security Law & Policy, Young also takes a look at the implementation of United States’ cyber-strategy in his article titled “National cyber
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 4 of 14 doctrine: The missing link in the application of American cyber power”. Unfortunately, the article is slightly dated since it was written a year before the Obama administration published its “International Strategy for Cyberspace” in 2011. In his article, Young makes the argument that a national cyber doctrine is necessary but shows there is no doctrine which guides the application of the nation’s cyber-power, at least at the time the article was written (Young 2010, 174). The author suggests that a national cyber doctrine would encourage the integration between the commercial, academic and government sectors and focus the application of the United States’ cyber-power (Young 2010, 176). Once again, however, this integration is for the application of cyber-power from a defensive mind-set instead of offensive. Like Colarik and Janczewski, Young details recent cyber-attack events to show that offensive operations are not unprecedented, at least by nations other than the United States (Young 2010, 173). And also like Colarik and Janczewski, Young fails to indicate if these operations are part of current United States’ cyber-strategy. The author elaborates on existing cyber operations documents by reviewing the Joint Chiefs of Staff’s “Joint Publication 3-13”, which defines information operations, electronic warfare, computer network operations, psychological operations, military deception and operations security (Young 2010, 178). These definitions certainly allow for, or at least imply, the capabilities of offensive attacks. Also examined by Young are the United States Army and Air Force cyber doctrines which demonstrate that offensive attacks could be taken by military units if deemed within the national interest, even if the strategy does not explicitly call for them (Young 2010, 182). Policy adviser at the French Ministry of Defence (Directorate for Strategic Affairs) and adjunct lecturer in international security at the French Institute for Political Sciences, Jean-Loup Samaan writes in The RUSI Journal regarding the US efforts to develop a coherent cyber-strategy and the
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 5 of 14 divide in the interpretation of the conduct of cyber-warfare. The challenges with developing a coherent cyber-strategy have been expounded on by Samaan in his article “Cyber Command: The Rift in US Military Cyber-Strategy”. In the article, a background on the newly created Cyber Command is given along with the supposition the United States government would place more focus on cyber defense with the creation of this unit (Samaan 2010, 16). Samaan also touches on the concept of cyber-warfare and the fact that any cyber-war could have economic and psychological effects which should call for a robust doctrine of cyber-deterrence (Samaan 2010, 17). This would seem to support the implementation of offensive computer network attacks and warrant their inclusion as part of the national cyber-strategy. However, the author is silent on whether or not offensive operations are supported by current cyber-strategy. Unlike the previous authors mentioned above, Samaan points out some parties involved in cyber- strategy have complained that cyber-deterrence is misleading and irrelevant (Samaan 2010, 18). Part of the reason for this is the challenges with attribution which prevents retaliation since the attacker often cannot be determined. Without the ability to accurately prove the attacker’s identity, there is no way of knowing if the attacks originated from a state or an individual non- state actor. What Samaan fails to acknowledge though, is that the lack of ability to attribute attacks is also a good reason for the United States to include offensive cyber operations as part of its national cyber-strategy. The author of “Rewired warfare: rethinking the law of cyber attack”, Michael N. Schmitt is the Director of the Stockton Center for the Study of International Law, United States Naval War College; Professor of Public International Law at Exeter University; and Senior Fellow at the NATO Cyber Defence Centre of Excellence with extensive experience working with multiple international expert working groups on cyber-strategy. In his article published in the
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 6 of 14 International Review of the Red Cross, Schmitt discusses the relation of international humanitarian law to cyber operations. The author analyzes the debate between the permissive approach which allows for a more extensive use of cyber-attacks even to the point of targeting non-military targets during an attack, and a restrictive approach which holds to a more narrow view of when cyber-attacks may be used and that targets must be confined to those of a military nature (Schmitt 2014, 196). While these comparisons are interesting from an academic viewpoint, they hold little value with regards to the topic of this study beyond what may be targeted if an offensive cyber-strategy is implemented. This debate becomes more relevant if the research concludes current cyber-strategy already incorporates offensive computer network attacks. Dr. Kenneth Geers is the Senior Executive in the U.S. Naval Criminal Investigative Service (NCIS) as a cyber Subject Matter Expert and was the first U.S. Representative to the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. Geers describes four nation-state approaches to mitigating cyber-attacks in “Strategic Cyber Defense: Which Way Forward?” published in the Journal of Homeland Security and Emergency Management. These various approaches make use of new and improved technology, doctrine, deterrence and arms control in order to limit the threat from cyber-attacks (Geers 2012, 1). These defense mechanisms are necessary because the Internet can easily increase the speed, scale and power of any cyber-attack. Because of these factors, Geers emphasizes the need for military strategists to include cyber-attacks as well as defense into military doctrine (Geers 2012, 3). It is increasingly more likely that cyber-attacks will play a prominent role in future wars with fighting taking place over the entire length and breadth of cyberspace. This may not necessarily be negative since conflicts could be shorter and incur minimal loss of life. While this advances support for
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 7 of 14 offensive cyber operations, the author does not indicate that such operations are part of current cyber-strategy. Geers’ article is unique to this research in that the author touches upon the revolutionary aspects of cyber conflict such as the fact that cyberspace is an artificial environment, cyber conflict favors the attacker and physical proximity between the attacker and the target is not required (Geers 2012, 4). But Geers’ article suffers from the same gaps as the previous authors in that it does not approach computer network operations from an offensive standpoint, but treats the strategy as purely a defensive one. Even the revolutionary aspects should be treated as positive conditions which could be used to benefit the United States if offensive cyber-attacks are included in the national cyber-strategy. Current literature primarily focuses on the defensive aspect of current cyber-strategy. Recent history contains examples of offensive computer network attacks used to further states’ national interests and current definitions of information operations, and electronic warfare which certainly imply the capabilities of the United States to use offensive cyber operations. The same pitfalls which signify the importance of defending against cyber-attacks can also be shown in a positive light if viewed from an offensive perspective. If research confirms the absence of a national offensive cyber-strategy, steps may be taken to rectify those gaps and advocate the inclusion of an offensive strategy. Methodology This qualitative research project was undertaken by examining current United States' cyber- strategy. Elements of the strategy were reviewed to determine if any aspects support the concept of offensive cyber operations. The variables identified during this research are offensive cyber
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 8 of 14 operations, currently published national cyber-strategy, preemptive strikes in accordance with Bush Doctrine, international cyber-strategy and international humanitarian law. Neo-conservatism theory, also known as the “Bush Doctrine", supports the use of preemptive strikes to achieve national security objectives. This doctrine was first announced by President George W. Bush in a 2002 speech to West Point cadets and was a significant shift in U.S. military policy. As Kellner notes, this new policy replaced "the Cold War doctrine of containment and deterrence with a new policy of preemptive strikes" (Kellner 2004, 417). Neo-conservatives operate under the belief that the United States has the most powerful military in the world and that same military should be used to shape the world according to U.S. interests. Due to this military might, the rest of the world should fear the United States and hesitate to openly and even in some cases, covertly stand against the U.S. This is a form of deterrence which also directly applies to the cyber domain. The faith of neo-conservatives to deter actions by other nations is in large part based on the modern revolution of military affairs (RMA). This faith causes policy-makers and military strategists to believe that instead of relying on large armies, "the United States could rely on stealth technology, air-delivered precision-guided weapons, and small but highly mobile ground forces to win quick and decisive victories" (Mearsheimer 2005, 2). Cyber operations are a natural extension of RMA given the low cost of entry to perform operations, attackers and targets do not need to be within the same physical proximity and the relative size, speed and scale of cyber-attacks. These factors mean that cyber operations can be used as a projection of military power which fits nicely into the neo-conservatism theory.
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 9 of 14 Findings and Analysis Computers and their networks have become an integral part of modern societies. In ways never seen before, information technology is fostering the flow of goods and services around the globe as well as facilitating the exchange of information and ideas. This infrastructure also supports safely controlling air traffic, delivering water and electricity to communities and maintaining a robust financial system. States have come to the realization that targeting the infrastructure of other nations during conflicts could result in fewer lives lost as well as facilitate economic recovery after the cessation of hostilities. Deterring these cyber operations has often been futile which points to deterrence in general as a misleading and irrelevant idea. Attribution, which identifies the attacker in cyber space, is a key limitation to deterrence since the attacker often cannot be positively identified. This makes it clear that cyber conflict always favors the attacker. In light of this revelation, if it were in the national security interests of the United States to disrupt, deny, degrade or destroy key infrastructure or military systems of an adversary, would the current national cyber-strategy support these offensive operations? In determining if current United States' cyber strategy supports the use of offensive cyber- attacks, it is necessary to begin by examining the Obama administration's "International Strategy for Cyberspace" published in 2011. This strategy outlines the principles the United States will adhere to when confronting the challenges of operating in cyberspace. The principles reflect a commitment to the free flow of information and exchange and uninhibited communication which are considered fundamental freedoms. Along with these freedoms is the obligation to protect individual privacy through oversight and judicial review balanced with investigative authorities for law enforcement (White House 2011, 5).
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 10 of 14 Another important concept included in "International Strategy for Cyberspace" is the establishment of norms of behavior. It is the Obama administration's standpoint that already existing international norms which guide the behavior of states still apply in the domain of cyberspace (White House 2001, 9). In addition to the principles previously reviewed, additional principles which support norms may include protection from crime, right of self-defense, global interoperability, network stability and governance. While the principles outlined here are important to ensuring national security, it is apparent they are most applicable to defending against cyber-attacks instead of conducting them. Several of these factors, such as network stability and protecting privacy, also enable and encourage computer network operations against the United States. Still other principles, for example uninhibited communication and network stability, should discourage the United States from using computer network operations against targets since such operations run counter to the principles defined. Either way, the published strategy neither supports nor forbids the use of offensive cyber operations. The cyber strategy as laid out by the Department of Defense (DoD) and published in April 2015 contains an admission of the advantages which offensive computer network operations contain for a state. In fact, the DoD begins with the assumption that potential adversaries would attempt to target United States infrastructure and military systems in order to gain the upper hand in a conflict. To neutralize those threats, the DoD "has developed capabilities for cyber operations and is integrating those capabilities into a full array of tools that the United States government uses to defend U. S. National interests, including diplomatic, informational, military, economic, financial, and law enforcement tools" (DoD 2015, 2). If the US government is aware of the need to defend against these threats, it is plausible to assume the government understands the advantage to be gained by targeting these sectors offensively.
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 11 of 14 The DoD's cyberspace strategy outlines three primary cyber missions. First and foremost is the mission to defend the networks, systems and information which are part of the DoD's domain. DoD's closely related second mission is to ensure its agencies are prepared to defend its interests as well against cyber-attacks. Under this mission, the United States military may be directed by the President or Secretary of Defense to conduct cyber operations which would attempt to thwart an on-going or imminent attack in cyberspace, thus preventing the destruction of property or loss of life (DoD 2015, 5). However, neither counter-attacks nor offensive operations are explicitly supported under this mission. The DoD's third mission is the most relevant for this research which states that the DoD must be able to integrate cyber operations in support of military operations and contingency plans if so directed by the President or the Secretary of Defense (DoD 2015, 5). The addition of this mission recognizes the possibility the President or Secretary of Defense could make a determination that it would be advantageous for the military to conduct cyber operations which are intended to disrupt, deny, degrade or destroy an adversary's military networks or infrastructure. The support of this mission would allow the United States military to protect and further U.S. interests in whatever area of operations the military finds itself. While the DoD's third mission does explicitly support the use of offensive cyber operations, the strategy also dictates the United States "will always conduct cyber operations under a doctrine of restraint as required to protect human lives and to prevent the destruction of property" (DoD 2015, 6). Presumably, any decision which is made to conduct cyber operations on networks which fall outside of the DoD's network domain would be made with serious deliberation and with strict oversight which conforms to the law of armed conflict (LOAC). Does adherence to
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 12 of 14 this international law, also sometimes referred to as International Humanitarian Law (IHL), hamper the ability of the U.S. to effectively conduct offensive cyber operations? One of the principles of LOAC is that the attacking party should do everything which is feasible in order to ensure the target is military in nature. This does not mean that proof must be absolutely conclusive, however, any commander should be able to reasonably conclude the target is a military objective (Dunlap 2011, 91). Finding targets of a military nature in cyberspace can be a great challenge, especially when viewed from the standpoint that billions of machines may be connected to the Internet at any one time. It becomes necessary, therefore, to determine that the potential target computer or network first belongs to the adversary and then identify if the target is also a viable military target in order to conform to LOAC. Some strategists dispute this restrictive approach and argue that cyber operations which are directed towards civilian infrastructure but do not cause damage are indeed permissible because operations without damage do not qualify as an attack (Schmitt 2014, 191). This approach can be considered "effects based" and would appear to allow for the "neutralization" of computer systems and networks as long as there is no loss of life which could be directly associated with the attack and any resulting damage is not permanent. These opposing viewpoints are still open for debate and should be evaluated by commanders before undertaking any offensive cyber operations. An additional challenge is that by applying LOAC to cyber operations, only members of the states’ armed forces are allowed to conduct cyber-warfare and offensive computer network operations. As Dunlap indicates, "This means so long as LOAC is otherwise observed, military personnel are legally permitted to engage in killing and destruction in war without fear of prosecution for doing so" (Dunlap 2011, 91). Therefore, when conducting offensive cyber
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 13 of 14 operations which are lethal or as destructive when compared to kinetic attacks, the operations must be performed by uniformed military personnel. This is a significant limitation to engaging in offensive cyber operations since cyber agencies like the NSA are not uniformed members of the United States military and could theoretically face international prosecution for engaging in offensive cyber operations. Conclusion As the research shows, the International Strategy for Cyberspace which the Obama administration published in 2011 outlines the principles the United States will adhere to when confronting the challenges of cyberspace. While the principles outlined in the strategy are critical for ensuring national security, close examination shows they strictly relate to defending against cyber-attacks. The Department of Defense’s Cyber Strategy publication expands on the Obama administration’s international strategy and defines three primary cyber missions. Two of the missions are associated with defending military networks and the United States’ national interests. The third mission, however, explicitly supports the use of offensive cyber operations if directed by the President or the Secretary of Defense and refutes the hypothesis of the primary research question. Although permissible according to current strategy, any offensive cyber operations conducted should operate within the previously defined law of armed conflict (LOAC) whenever possible. Unfortunately, operating under this international paradigm leaves significant gaps, such as which targets are permissible to attack, the amount of damage allowable and which agencies are legally permitted to mount an attack. These gaps should be further explored and the national cyber strategy continue to be refined in accordance with international norms.
U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 14 of 14 References Colarik, Andrew M. and Lech Janczewski. 2012. "Establishing Cyber Warfare Doctrine." Journal of Strategic Security 5, no. 1: 31-48. Department of Defense. 2015. “The Department of Defense Cyber Strategy.” April. Dunlap, Charles J. 2011. "Perspectives for Cyber Strategists on Law for Cyberwar." Strategic Studies Quarterly. Spring: 81-99. Farnsworth, Timothy. 2011. "Pentagon Issues Cyber Strategy." Arms Control Today 41, no. 7: 37-38. Geers, Kenneth. 2012. "Strategic Cyber Defense: Which Way Forward?" Journal of Homeland Security and Emergency Management 9, no. 1: 1-10. Kellner, Douglas. 2004. "Preemptive strikes and the war on Iraq: a critique of Bush administration unilateralism and militarism." New Political Science 26, no. 3: 417-440. Mearsheimer, John. 2005. "Hans Morgenthau and the Iraq war: realism versus neo- conservatism." opendemocracy.com, posted May 19. Samaan, Jean-Loup. 2010. "Cyber Command: The Rift in US Military Cyber-Strategy." The RUSI Journal vol. 155, no. 6: 16-21. Schmitt, Michael N. 2014. "Rewired warfare: rethinking the law of cyber attack." International Review of the Red Cross 96, no. 893: 189-206. Young, Mark D. 2010. "National cyber doctrine: the missing link in the application of American cyber power." Journal of National Security Law & Policy vol. 4, no. 1: 173-196. White House. 2011. “International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World.” May.

Recomendados

UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGUNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
Lillian Ekwosi-Egbulem
 
Cybersecurity under the Trump Administration
Cybersecurity under the Trump AdministrationCybersecurity under the Trump Administration
Cybersecurity under the Trump Administration
Brunswick Group
 
Resourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyResourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber Strategy
Scott Dickson
 
Crossing the Line: The Law of War and Cyber Engagement - A Symposium
Crossing the Line: The Law of War and Cyber Engagement - A SymposiumCrossing the Line: The Law of War and Cyber Engagement - A Symposium
Crossing the Line: The Law of War and Cyber Engagement - A Symposium
Jonathan Meyer
 
Katherine Neal_Written Brief 1
Katherine Neal_Written Brief 1Katherine Neal_Written Brief 1
Katherine Neal_Written Brief 1
Kate Neal
 
International Strategy for Cyberspace_ Kinetic Solutions to Virtual Challenges
International Strategy for Cyberspace_ Kinetic Solutions to Virtual ChallengesInternational Strategy for Cyberspace_ Kinetic Solutions to Virtual Challenges
International Strategy for Cyberspace_ Kinetic Solutions to Virtual Challenges
Chikere Uchegbu
 
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Mark Raduenzel
 
Multi-Organizational Confluence Sample
Multi-Organizational Confluence SampleMulti-Organizational Confluence Sample
Multi-Organizational Confluence Sample
G R
 

Recomendados

UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKINGUNITED STATES AND CHINA 2001: PATRIOTIC HACKING
UNITED STATES AND CHINA 2001: PATRIOTIC HACKING
Lillian Ekwosi-Egbulem
 
Cybersecurity under the Trump Administration
Cybersecurity under the Trump AdministrationCybersecurity under the Trump Administration
Cybersecurity under the Trump Administration
Brunswick Group
 
Resourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber StrategyResourcing the US 2030 Cyber Strategy
Resourcing the US 2030 Cyber Strategy
Scott Dickson
 
Crossing the Line: The Law of War and Cyber Engagement - A Symposium
Crossing the Line: The Law of War and Cyber Engagement - A SymposiumCrossing the Line: The Law of War and Cyber Engagement - A Symposium
Crossing the Line: The Law of War and Cyber Engagement - A Symposium
Jonathan Meyer
 
Katherine Neal_Written Brief 1
Katherine Neal_Written Brief 1Katherine Neal_Written Brief 1
Katherine Neal_Written Brief 1
Kate Neal
 
International Strategy for Cyberspace_ Kinetic Solutions to Virtual Challenges
International Strategy for Cyberspace_ Kinetic Solutions to Virtual ChallengesInternational Strategy for Cyberspace_ Kinetic Solutions to Virtual Challenges
International Strategy for Cyberspace_ Kinetic Solutions to Virtual Challenges
Chikere Uchegbu
 
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Mark Raduenzel
 
Multi-Organizational Confluence Sample
Multi-Organizational Confluence SampleMulti-Organizational Confluence Sample
Multi-Organizational Confluence Sample
G R
 
Has the Cyber War Begun?
Has the Cyber War Begun?Has the Cyber War Begun?
Has the Cyber War Begun?
Melissa Andrews
 
ITE516 A3
ITE516 A3ITE516 A3
ITE516 A3
Jon Newson
 
Chapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplinesChapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplines
Doing What I Do
 
Chapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whomChapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whom
Doing What I Do
 
Chapter 9 the role of the policy maker
Chapter 9 the role of the policy makerChapter 9 the role of the policy maker
Chapter 9 the role of the policy maker
Doing What I Do
 
Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...
Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...
Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...
James Creamer III
 
Is 2014 the year for Cyber Militias ?
Is 2014 the year for Cyber Militias ?Is 2014 the year for Cyber Militias ?
Is 2014 the year for Cyber Militias ?
David Sweigert
 
Pa862
Pa862Pa862
Pa862
Francesco Pompili
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operations
Clifford Stone
 
Prof E Hewitt
Prof E HewittProf E Hewitt
Prof E Hewitt
Errol Hewitt. MSCP, BA
 
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
Pukhraj Singh
 
Vol7no2 ball
Vol7no2 ballVol7no2 ball
Vol7no2 ball
MarioEliseo3
 
Kenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-war
MarioEliseo3
 
MASINT and Global War on Terror
MASINT and Global War on TerrorMASINT and Global War on Terror
MASINT and Global War on Terror
Tpeisi Nesby
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
Cyber Security Alliance
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
Love Steven
 
Chapter 6 analysis
Chapter 6 analysisChapter 6 analysis
Chapter 6 analysis
Doing What I Do
 
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
Pukhraj Singh
 
Katherine Neal_Written Brief 2
Katherine Neal_Written Brief 2Katherine Neal_Written Brief 2
Katherine Neal_Written Brief 2
Kate Neal
 
TOTEM: Threat Observation, Tracking, and Evaluation Model
TOTEM: Threat Observation, Tracking, and Evaluation ModelTOTEM: Threat Observation, Tracking, and Evaluation Model
TOTEM: Threat Observation, Tracking, and Evaluation Model
John Gerber
 
Autobiografia katheryn barrera
Autobiografia katheryn barreraAutobiografia katheryn barrera
Autobiografia katheryn barrera
Katheryn Barrera
 
Christian2
Christian2Christian2
Christian2
shyam kumar
 

Mais conteúdo relacionado

Mais procurados

Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...
Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...
Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...
James Creamer III
 
Is 2014 the year for Cyber Militias ?
Is 2014 the year for Cyber Militias ?Is 2014 the year for Cyber Militias ?
Is 2014 the year for Cyber Militias ?
David Sweigert
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operations
Clifford Stone
 
Kenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-war
MarioEliseo3
 
Katherine Neal_Written Brief 2
Katherine Neal_Written Brief 2Katherine Neal_Written Brief 2
Katherine Neal_Written Brief 2
Kate Neal
 

Mais procurados (20)

Has the Cyber War Begun?
Has the Cyber War Begun?Has the Cyber War Begun?
Has the Cyber War Begun?
 
ITE516 A3
ITE516 A3ITE516 A3
ITE516 A3
 
Chapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplinesChapter 5 collection and the collection disciplines
Chapter 5 collection and the collection disciplines
 
Chapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whomChapter 4 the intelligence process a macro look who does what for whom
Chapter 4 the intelligence process a macro look who does what for whom
 
Chapter 9 the role of the policy maker
Chapter 9 the role of the policy makerChapter 9 the role of the policy maker
Chapter 9 the role of the policy maker
 
Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...
Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...
Capstone Final Draft Rev 2 - The Cyber-Security Dilemma_ The ’Cyber-Army’ Bui...
 
Is 2014 the year for Cyber Militias ?
Is 2014 the year for Cyber Militias ?Is 2014 the year for Cyber Militias ?
Is 2014 the year for Cyber Militias ?
 
Pa862
Pa862Pa862
Pa862
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operations
 
Prof E Hewitt
Prof E HewittProf E Hewitt
Prof E Hewitt
 
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
 
Vol7no2 ball
Vol7no2 ballVol7no2 ball
Vol7no2 ball
 
Kenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-war
 
MASINT and Global War on Terror
MASINT and Global War on TerrorMASINT and Global War on Terror
MASINT and Global War on Terror
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
Chapter 6 analysis
Chapter 6 analysisChapter 6 analysis
Chapter 6 analysis
 
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
 
Katherine Neal_Written Brief 2
Katherine Neal_Written Brief 2Katherine Neal_Written Brief 2
Katherine Neal_Written Brief 2
 
TOTEM: Threat Observation, Tracking, and Evaluation Model
TOTEM: Threat Observation, Tracking, and Evaluation ModelTOTEM: Threat Observation, Tracking, and Evaluation Model
TOTEM: Threat Observation, Tracking, and Evaluation Model
 

Destaque

Autobiografia katheryn barrera
Autobiografia katheryn barreraAutobiografia katheryn barrera
Autobiografia katheryn barrera
Katheryn Barrera
 
Domestic Violence Educator
Domestic Violence EducatorDomestic Violence Educator
Domestic Violence Educator
Ken Schaefer
 
CV_HuynhThien_Update_Jan2016
CV_HuynhThien_Update_Jan2016CV_HuynhThien_Update_Jan2016
CV_HuynhThien_Update_Jan2016
huynh thien
 
Контроль качества телефонного обслуживания / продаж 2015__Ольга Шестопалова /...
Контроль качества телефонного обслуживания / продаж 2015__Ольга Шестопалова /...Контроль качества телефонного обслуживания / продаж 2015__Ольга Шестопалова /...
Контроль качества телефонного обслуживания / продаж 2015__Ольга Шестопалова /...
Olga Shestopalova / Шестопалова
 

Destaque (14)

Autobiografia katheryn barrera
Autobiografia katheryn barreraAutobiografia katheryn barrera
Autobiografia katheryn barrera
 
Christian2
Christian2Christian2
Christian2
 
Rehabilitacion despues del derrame cerebral.
Rehabilitacion despues del derrame cerebral.Rehabilitacion despues del derrame cerebral.
Rehabilitacion despues del derrame cerebral.
 
Sara Al Ageel
Sara Al AgeelSara Al Ageel
Sara Al Ageel
 
Grant-CHMC-$30k
Grant-CHMC-$30kGrant-CHMC-$30k
Grant-CHMC-$30k
 
Impress mobles antics. Pilar alfaro
Impress mobles antics. Pilar alfaroImpress mobles antics. Pilar alfaro
Impress mobles antics. Pilar alfaro
 
You adulterous people
You adulterous peopleYou adulterous people
You adulterous people
 
Impress mobles antics
Impress mobles anticsImpress mobles antics
Impress mobles antics
 
Domestic Violence Educator
Domestic Violence EducatorDomestic Violence Educator
Domestic Violence Educator
 
Aventura matemática
Aventura matemáticaAventura matemática
Aventura matemática
 
Value stream mapping
Value stream mappingValue stream mapping
Value stream mapping
 
怎麼看電影Day2 筆記整理 230116
怎麼看電影Day2 筆記整理 230116怎麼看電影Day2 筆記整理 230116
怎麼看電影Day2 筆記整理 230116
 
CV_HuynhThien_Update_Jan2016
CV_HuynhThien_Update_Jan2016CV_HuynhThien_Update_Jan2016
CV_HuynhThien_Update_Jan2016
 
Контроль качества телефонного обслуживания / продаж 2015__Ольга Шестопалова /...
Контроль качества телефонного обслуживания / продаж 2015__Ольга Шестопалова /...Контроль качества телефонного обслуживания / продаж 2015__Ольга Шестопалова /...
Контроль качества телефонного обслуживания / продаж 2015__Ольга Шестопалова /...
 

Semelhante a Raduenzel_Mark_ResearchPaper_NSEC506_Fall2015

1Running head CYBERWARCYBER WAR9Outstanding title.docx
1Running head CYBERWARCYBER WAR9Outstanding title.docx1Running head CYBERWARCYBER WAR9Outstanding title.docx
1Running head CYBERWARCYBER WAR9Outstanding title.docx
felicidaddinwoodie
 
College of Doctoral StudiesRES-845 Module 2 Problem.docx
College of Doctoral StudiesRES-845 Module 2 Problem.docx College of Doctoral StudiesRES-845 Module 2 Problem.docx
College of Doctoral StudiesRES-845 Module 2 Problem.docx
ShiraPrater50
 
College of Doctoral StudiesRES-845 Module 2 Problem.docx
College of Doctoral StudiesRES-845 Module 2 Problem.docxCollege of Doctoral StudiesRES-845 Module 2 Problem.docx
College of Doctoral StudiesRES-845 Module 2 Problem.docx
adkinspaige22
 
Why Great Powers Launch Destructive Cyber Operations and What to Do About It ...
Why Great Powers Launch Destructive Cyber Operations and What to Do About It ...Why Great Powers Launch Destructive Cyber Operations and What to Do About It ...
Why Great Powers Launch Destructive Cyber Operations and What to Do About It ...
Snarky Security
 
Brian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docxBrian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docx
hartrobert670
 
VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016
Cameron Brown
 
International Standards to Regulate Aggressive Cyber-behavior from a Foreign ...
International Standards to Regulate Aggressive Cyber-behavior from a Foreign ...International Standards to Regulate Aggressive Cyber-behavior from a Foreign ...
International Standards to Regulate Aggressive Cyber-behavior from a Foreign ...
Mansoor Faridi, CISA
 
Understanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber TerrorismUnderstanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber Terrorism
Maurice Dawson
 
The Future of National and International Security on the Internet
The Future of National and International Security on the InternetThe Future of National and International Security on the Internet
The Future of National and International Security on the Internet
Maurice Dawson
 
61Shackelford & Bohm - Securing North American Critical Infra
61Shackelford & Bohm - Securing North American Critical Infra61Shackelford & Bohm - Securing North American Critical Infra
61Shackelford & Bohm - Securing North American Critical Infra
simisterchristen
 
HM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailed
HM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailedHM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailed
HM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailed
SusanaFurman449
 
Research in Information Security and Information Warfare- The economics, warf...
Research in Information Security and Information Warfare- The economics, warf...Research in Information Security and Information Warfare- The economics, warf...
Research in Information Security and Information Warfare- The economics, warf...
Quinnipiac University
 
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of ThingsBattlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Maurice Dawson
 
Cyber Security and Terrorism Research Article2Cybe.docx
Cyber Security and Terrorism Research Article2Cybe.docxCyber Security and Terrorism Research Article2Cybe.docx
Cyber Security and Terrorism Research Article2Cybe.docx
randyburney60861
 

Semelhante a Raduenzel_Mark_ResearchPaper_NSEC506_Fall2015 (20)

1Running head CYBERWARCYBER WAR9Outstanding title.docx
1Running head CYBERWARCYBER WAR9Outstanding title.docx1Running head CYBERWARCYBER WAR9Outstanding title.docx
1Running head CYBERWARCYBER WAR9Outstanding title.docx
 
College of Doctoral StudiesRES-845 Module 2 Problem.docx
College of Doctoral StudiesRES-845 Module 2 Problem.docx College of Doctoral StudiesRES-845 Module 2 Problem.docx
College of Doctoral StudiesRES-845 Module 2 Problem.docx
 
College of Doctoral StudiesRES-845 Module 2 Problem.docx
College of Doctoral StudiesRES-845 Module 2 Problem.docxCollege of Doctoral StudiesRES-845 Module 2 Problem.docx
College of Doctoral StudiesRES-845 Module 2 Problem.docx
 
Order 325914012
Order 325914012Order 325914012
Order 325914012
 
Why Great Powers Launch Destructive Cyber Operations and What to Do About It ...
Why Great Powers Launch Destructive Cyber Operations and What to Do About It ...Why Great Powers Launch Destructive Cyber Operations and What to Do About It ...
Why Great Powers Launch Destructive Cyber Operations and What to Do About It ...
 
Brian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docxBrian Wrote There is a wide range of cybersecurity initiatives .docx
Brian Wrote There is a wide range of cybersecurity initiatives .docx
 
VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016
 
International Standards to Regulate Aggressive Cyber-behavior from a Foreign ...
International Standards to Regulate Aggressive Cyber-behavior from a Foreign ...International Standards to Regulate Aggressive Cyber-behavior from a Foreign ...
International Standards to Regulate Aggressive Cyber-behavior from a Foreign ...
 
Understanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber TerrorismUnderstanding the Methods behind Cyber Terrorism
Understanding the Methods behind Cyber Terrorism
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
The Future of National and International Security on the Internet
The Future of National and International Security on the InternetThe Future of National and International Security on the Internet
The Future of National and International Security on the Internet
 
61Shackelford & Bohm - Securing North American Critical Infra
61Shackelford & Bohm - Securing North American Critical Infra61Shackelford & Bohm - Securing North American Critical Infra
61Shackelford & Bohm - Securing North American Critical Infra
 
HM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailed
HM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailedHM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailed
HM502Unit 5 DQTopic 1 Infrastructure ProtectionA detailed
 
Dondi West Defcon 18 Slides
Dondi West Defcon 18 SlidesDondi West Defcon 18 Slides
Dondi West Defcon 18 Slides
 
Research in Information Security and Information Warfare- The economics, warf...
Research in Information Security and Information Warfare- The economics, warf...Research in Information Security and Information Warfare- The economics, warf...
Research in Information Security and Information Warfare- The economics, warf...
 
Bashar H. Malkawi, The Forum on National Security Law
Bashar H. Malkawi, The Forum on National Security LawBashar H. Malkawi, The Forum on National Security Law
Bashar H. Malkawi, The Forum on National Security Law
 
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of ThingsBattlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
Battlefield Cyberspace: Exploitation of Hyperconnectivity and Internet of Things
 
Cyber Security and Terrorism Research Article2Cybe.docx
Cyber Security and Terrorism Research Article2Cybe.docxCyber Security and Terrorism Research Article2Cybe.docx
Cyber Security and Terrorism Research Article2Cybe.docx
 
R41674
R41674R41674
R41674
 
R41674
R41674R41674
R41674
 

Raduenzel_Mark_ResearchPaper_NSEC506_Fall2015

  • 1. U.S. CYBER STRATEGY AND OFFENSIVE CYBER OPERATIONS Mark Raduenzel
  • 2. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 1 of 14 Introduction Computer Network Operations (CNO), or “cyber operations”, have become an important element of modern warfare. As part of cyber warfare, offensive cyber operations may be executed by a nation to disrupt, deny, degrade or destroy the information which resides in computers or the networks in which the computers are members of. These actions can be taken either as a prelude to conventional, kinetic war or even in lieu of war if the actions are taken to further a national security policy objective. In May of 2011, the Obama administration published its “International Strategy for Cyberspace” which aims to “build and sustain an environment in which norms of responsible behavior guide states’ actions, sustain partnerships, and support the rule of law in cyberspace” (White House 2011). In April of 2015, the Department of Defense (DoD) released its own cyber-strategy document which is intended to act as a guide for developing DoD’s own cyber forces while also strengthening cyber defense and improving cyber deterrence (DoD 2015, 2). It is widely recognized that all cyber strategies published to date necessarily include elements of defense. However, a well-defined cyber-strategy should also explicitly contain a blueprint for offensive cyber operations which could be used in support of military operations or to achieve national security objectives. Purpose of the Study The purpose of this study is to examine the United States’ existing cyber-strategy in order to determine if offensive computer network operations are supported or if current strategy should be revised to incorporate offensive operations. Offensive cyber operations, if supported, could be invaluable in helping the United States achieve its national security objectives.
  • 3. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 2 of 14 Research Question and Hypothesis The primary research question this study will attempt to answer is: what elements of the United States' current cyber-strategy support offensive computer network attacks? A secondary question which the research will hope to answer is: why would the United States or any nation conduct offensive computer network attacks? The tentative hypothesis to answer the primary question is that while current cyber-strategy provides an adequate defensive approach for United States’ military and non-military computer networks, the strategy does not explicitly support the use of computer network attacks to further national security. Research Strategy This study will utilize a qualitative research strategy to identify the parameters, if any, for conducting offensive cyber operations. Current elements of national cyber-strategy will be examined to determine the strategy’s objectives paying special attention to the concept of offensive operations. The study will also explore the doctrine of conducting pre-emptive strikes and their appropriateness within the context of cyber operations. Lastly, the current national cyber-strategy will be compared to existing international cyber-strategy in order to highlight gaps in United States’ strategy and identify areas for improvement. Literature Review Dr. Andrew M. Colarik is an independent consultant, researcher and author of multiple security books and publications covering cyber terrorism, information warfare and cyber security. Dr. Lech Janczewski has over thirty-five years of experience in information technology with extensive research in cyber terrorism. Their co-authored article in the Journal of Strategic Security, “Establishing Cyber Warfare Doctrine”, examines the theoretical foundation of current cyber warfare research, what has been learned to date about its application and some of the
  • 4. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 3 of 14 emerging themes to be considered including the development of a national cyber warfare doctrine. Considered in the article by Colarik and Janczewski is why computer systems and the infrastructures which support them should be included as valid military targets and further highlights several recent events to support this assertion. The authors postulate that “modern nations lack a grand strategy for handling cyber-attacks, one that gathers and coordinates their national resources for shared security and prosperity” (Colarik and Janczewski 2012, 32). As mentioned above, this perspective places the focus of cyber-strategy solely on defense and ignores the benefits an offensive strategy could have for the United States. Recent examples of cyber-attacks are reviewed by Colarik and Janczewski which is applicable to this research because they serve as examples where offensive computer network attacks were conducted by states or their proxies in order to further their own national strategy. For example, a series of Distributed Denial of Service (DDoS) attacks against Estonia in 2007 forced the country to isolate itself digitally in order to prevent the nation from being crippled. Also examined are the attacks against the former Soviet-bloc state of Georgia which utilized similar methods to the Estonian attacks, and the Stuxnet worm which targeted Iran’s Bushehr nuclear power plant and set Iran’s nuclear program back by several years (Colarik and Janczewski 2012, 34). While these events demonstrate previous incidents of offensive computer network attacks, the authors do not indicate if this approach is permitted within the context of United States’ current cyber-strategy. Mark D. Young is a Special Counsel for Defense Intelligence, House Permanent Select Committee on Intelligence. In the Journal of National Security Law & Policy, Young also takes a look at the implementation of United States’ cyber-strategy in his article titled “National cyber
  • 5. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 4 of 14 doctrine: The missing link in the application of American cyber power”. Unfortunately, the article is slightly dated since it was written a year before the Obama administration published its “International Strategy for Cyberspace” in 2011. In his article, Young makes the argument that a national cyber doctrine is necessary but shows there is no doctrine which guides the application of the nation’s cyber-power, at least at the time the article was written (Young 2010, 174). The author suggests that a national cyber doctrine would encourage the integration between the commercial, academic and government sectors and focus the application of the United States’ cyber-power (Young 2010, 176). Once again, however, this integration is for the application of cyber-power from a defensive mind-set instead of offensive. Like Colarik and Janczewski, Young details recent cyber-attack events to show that offensive operations are not unprecedented, at least by nations other than the United States (Young 2010, 173). And also like Colarik and Janczewski, Young fails to indicate if these operations are part of current United States’ cyber-strategy. The author elaborates on existing cyber operations documents by reviewing the Joint Chiefs of Staff’s “Joint Publication 3-13”, which defines information operations, electronic warfare, computer network operations, psychological operations, military deception and operations security (Young 2010, 178). These definitions certainly allow for, or at least imply, the capabilities of offensive attacks. Also examined by Young are the United States Army and Air Force cyber doctrines which demonstrate that offensive attacks could be taken by military units if deemed within the national interest, even if the strategy does not explicitly call for them (Young 2010, 182). Policy adviser at the French Ministry of Defence (Directorate for Strategic Affairs) and adjunct lecturer in international security at the French Institute for Political Sciences, Jean-Loup Samaan writes in The RUSI Journal regarding the US efforts to develop a coherent cyber-strategy and the
  • 6. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 5 of 14 divide in the interpretation of the conduct of cyber-warfare. The challenges with developing a coherent cyber-strategy have been expounded on by Samaan in his article “Cyber Command: The Rift in US Military Cyber-Strategy”. In the article, a background on the newly created Cyber Command is given along with the supposition the United States government would place more focus on cyber defense with the creation of this unit (Samaan 2010, 16). Samaan also touches on the concept of cyber-warfare and the fact that any cyber-war could have economic and psychological effects which should call for a robust doctrine of cyber-deterrence (Samaan 2010, 17). This would seem to support the implementation of offensive computer network attacks and warrant their inclusion as part of the national cyber-strategy. However, the author is silent on whether or not offensive operations are supported by current cyber-strategy. Unlike the previous authors mentioned above, Samaan points out some parties involved in cyber- strategy have complained that cyber-deterrence is misleading and irrelevant (Samaan 2010, 18). Part of the reason for this is the challenges with attribution which prevents retaliation since the attacker often cannot be determined. Without the ability to accurately prove the attacker’s identity, there is no way of knowing if the attacks originated from a state or an individual non- state actor. What Samaan fails to acknowledge though, is that the lack of ability to attribute attacks is also a good reason for the United States to include offensive cyber operations as part of its national cyber-strategy. The author of “Rewired warfare: rethinking the law of cyber attack”, Michael N. Schmitt is the Director of the Stockton Center for the Study of International Law, United States Naval War College; Professor of Public International Law at Exeter University; and Senior Fellow at the NATO Cyber Defence Centre of Excellence with extensive experience working with multiple international expert working groups on cyber-strategy. In his article published in the
  • 7. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 6 of 14 International Review of the Red Cross, Schmitt discusses the relation of international humanitarian law to cyber operations. The author analyzes the debate between the permissive approach which allows for a more extensive use of cyber-attacks even to the point of targeting non-military targets during an attack, and a restrictive approach which holds to a more narrow view of when cyber-attacks may be used and that targets must be confined to those of a military nature (Schmitt 2014, 196). While these comparisons are interesting from an academic viewpoint, they hold little value with regards to the topic of this study beyond what may be targeted if an offensive cyber-strategy is implemented. This debate becomes more relevant if the research concludes current cyber-strategy already incorporates offensive computer network attacks. Dr. Kenneth Geers is the Senior Executive in the U.S. Naval Criminal Investigative Service (NCIS) as a cyber Subject Matter Expert and was the first U.S. Representative to the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. Geers describes four nation-state approaches to mitigating cyber-attacks in “Strategic Cyber Defense: Which Way Forward?” published in the Journal of Homeland Security and Emergency Management. These various approaches make use of new and improved technology, doctrine, deterrence and arms control in order to limit the threat from cyber-attacks (Geers 2012, 1). These defense mechanisms are necessary because the Internet can easily increase the speed, scale and power of any cyber-attack. Because of these factors, Geers emphasizes the need for military strategists to include cyber-attacks as well as defense into military doctrine (Geers 2012, 3). It is increasingly more likely that cyber-attacks will play a prominent role in future wars with fighting taking place over the entire length and breadth of cyberspace. This may not necessarily be negative since conflicts could be shorter and incur minimal loss of life. While this advances support for
  • 8. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 7 of 14 offensive cyber operations, the author does not indicate that such operations are part of current cyber-strategy. Geers’ article is unique to this research in that the author touches upon the revolutionary aspects of cyber conflict such as the fact that cyberspace is an artificial environment, cyber conflict favors the attacker and physical proximity between the attacker and the target is not required (Geers 2012, 4). But Geers’ article suffers from the same gaps as the previous authors in that it does not approach computer network operations from an offensive standpoint, but treats the strategy as purely a defensive one. Even the revolutionary aspects should be treated as positive conditions which could be used to benefit the United States if offensive cyber-attacks are included in the national cyber-strategy. Current literature primarily focuses on the defensive aspect of current cyber-strategy. Recent history contains examples of offensive computer network attacks used to further states’ national interests and current definitions of information operations, and electronic warfare which certainly imply the capabilities of the United States to use offensive cyber operations. The same pitfalls which signify the importance of defending against cyber-attacks can also be shown in a positive light if viewed from an offensive perspective. If research confirms the absence of a national offensive cyber-strategy, steps may be taken to rectify those gaps and advocate the inclusion of an offensive strategy. Methodology This qualitative research project was undertaken by examining current United States' cyber- strategy. Elements of the strategy were reviewed to determine if any aspects support the concept of offensive cyber operations. The variables identified during this research are offensive cyber
  • 9. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 8 of 14 operations, currently published national cyber-strategy, preemptive strikes in accordance with Bush Doctrine, international cyber-strategy and international humanitarian law. Neo-conservatism theory, also known as the “Bush Doctrine", supports the use of preemptive strikes to achieve national security objectives. This doctrine was first announced by President George W. Bush in a 2002 speech to West Point cadets and was a significant shift in U.S. military policy. As Kellner notes, this new policy replaced "the Cold War doctrine of containment and deterrence with a new policy of preemptive strikes" (Kellner 2004, 417). Neo-conservatives operate under the belief that the United States has the most powerful military in the world and that same military should be used to shape the world according to U.S. interests. Due to this military might, the rest of the world should fear the United States and hesitate to openly and even in some cases, covertly stand against the U.S. This is a form of deterrence which also directly applies to the cyber domain. The faith of neo-conservatives to deter actions by other nations is in large part based on the modern revolution of military affairs (RMA). This faith causes policy-makers and military strategists to believe that instead of relying on large armies, "the United States could rely on stealth technology, air-delivered precision-guided weapons, and small but highly mobile ground forces to win quick and decisive victories" (Mearsheimer 2005, 2). Cyber operations are a natural extension of RMA given the low cost of entry to perform operations, attackers and targets do not need to be within the same physical proximity and the relative size, speed and scale of cyber-attacks. These factors mean that cyber operations can be used as a projection of military power which fits nicely into the neo-conservatism theory.
  • 10. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 9 of 14 Findings and Analysis Computers and their networks have become an integral part of modern societies. In ways never seen before, information technology is fostering the flow of goods and services around the globe as well as facilitating the exchange of information and ideas. This infrastructure also supports safely controlling air traffic, delivering water and electricity to communities and maintaining a robust financial system. States have come to the realization that targeting the infrastructure of other nations during conflicts could result in fewer lives lost as well as facilitate economic recovery after the cessation of hostilities. Deterring these cyber operations has often been futile which points to deterrence in general as a misleading and irrelevant idea. Attribution, which identifies the attacker in cyber space, is a key limitation to deterrence since the attacker often cannot be positively identified. This makes it clear that cyber conflict always favors the attacker. In light of this revelation, if it were in the national security interests of the United States to disrupt, deny, degrade or destroy key infrastructure or military systems of an adversary, would the current national cyber-strategy support these offensive operations? In determining if current United States' cyber strategy supports the use of offensive cyber- attacks, it is necessary to begin by examining the Obama administration's "International Strategy for Cyberspace" published in 2011. This strategy outlines the principles the United States will adhere to when confronting the challenges of operating in cyberspace. The principles reflect a commitment to the free flow of information and exchange and uninhibited communication which are considered fundamental freedoms. Along with these freedoms is the obligation to protect individual privacy through oversight and judicial review balanced with investigative authorities for law enforcement (White House 2011, 5).
  • 11. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 10 of 14 Another important concept included in "International Strategy for Cyberspace" is the establishment of norms of behavior. It is the Obama administration's standpoint that already existing international norms which guide the behavior of states still apply in the domain of cyberspace (White House 2001, 9). In addition to the principles previously reviewed, additional principles which support norms may include protection from crime, right of self-defense, global interoperability, network stability and governance. While the principles outlined here are important to ensuring national security, it is apparent they are most applicable to defending against cyber-attacks instead of conducting them. Several of these factors, such as network stability and protecting privacy, also enable and encourage computer network operations against the United States. Still other principles, for example uninhibited communication and network stability, should discourage the United States from using computer network operations against targets since such operations run counter to the principles defined. Either way, the published strategy neither supports nor forbids the use of offensive cyber operations. The cyber strategy as laid out by the Department of Defense (DoD) and published in April 2015 contains an admission of the advantages which offensive computer network operations contain for a state. In fact, the DoD begins with the assumption that potential adversaries would attempt to target United States infrastructure and military systems in order to gain the upper hand in a conflict. To neutralize those threats, the DoD "has developed capabilities for cyber operations and is integrating those capabilities into a full array of tools that the United States government uses to defend U. S. National interests, including diplomatic, informational, military, economic, financial, and law enforcement tools" (DoD 2015, 2). If the US government is aware of the need to defend against these threats, it is plausible to assume the government understands the advantage to be gained by targeting these sectors offensively.
  • 12. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 11 of 14 The DoD's cyberspace strategy outlines three primary cyber missions. First and foremost is the mission to defend the networks, systems and information which are part of the DoD's domain. DoD's closely related second mission is to ensure its agencies are prepared to defend its interests as well against cyber-attacks. Under this mission, the United States military may be directed by the President or Secretary of Defense to conduct cyber operations which would attempt to thwart an on-going or imminent attack in cyberspace, thus preventing the destruction of property or loss of life (DoD 2015, 5). However, neither counter-attacks nor offensive operations are explicitly supported under this mission. The DoD's third mission is the most relevant for this research which states that the DoD must be able to integrate cyber operations in support of military operations and contingency plans if so directed by the President or the Secretary of Defense (DoD 2015, 5). The addition of this mission recognizes the possibility the President or Secretary of Defense could make a determination that it would be advantageous for the military to conduct cyber operations which are intended to disrupt, deny, degrade or destroy an adversary's military networks or infrastructure. The support of this mission would allow the United States military to protect and further U.S. interests in whatever area of operations the military finds itself. While the DoD's third mission does explicitly support the use of offensive cyber operations, the strategy also dictates the United States "will always conduct cyber operations under a doctrine of restraint as required to protect human lives and to prevent the destruction of property" (DoD 2015, 6). Presumably, any decision which is made to conduct cyber operations on networks which fall outside of the DoD's network domain would be made with serious deliberation and with strict oversight which conforms to the law of armed conflict (LOAC). Does adherence to
  • 13. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 12 of 14 this international law, also sometimes referred to as International Humanitarian Law (IHL), hamper the ability of the U.S. to effectively conduct offensive cyber operations? One of the principles of LOAC is that the attacking party should do everything which is feasible in order to ensure the target is military in nature. This does not mean that proof must be absolutely conclusive, however, any commander should be able to reasonably conclude the target is a military objective (Dunlap 2011, 91). Finding targets of a military nature in cyberspace can be a great challenge, especially when viewed from the standpoint that billions of machines may be connected to the Internet at any one time. It becomes necessary, therefore, to determine that the potential target computer or network first belongs to the adversary and then identify if the target is also a viable military target in order to conform to LOAC. Some strategists dispute this restrictive approach and argue that cyber operations which are directed towards civilian infrastructure but do not cause damage are indeed permissible because operations without damage do not qualify as an attack (Schmitt 2014, 191). This approach can be considered "effects based" and would appear to allow for the "neutralization" of computer systems and networks as long as there is no loss of life which could be directly associated with the attack and any resulting damage is not permanent. These opposing viewpoints are still open for debate and should be evaluated by commanders before undertaking any offensive cyber operations. An additional challenge is that by applying LOAC to cyber operations, only members of the states’ armed forces are allowed to conduct cyber-warfare and offensive computer network operations. As Dunlap indicates, "This means so long as LOAC is otherwise observed, military personnel are legally permitted to engage in killing and destruction in war without fear of prosecution for doing so" (Dunlap 2011, 91). Therefore, when conducting offensive cyber
  • 14. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 13 of 14 operations which are lethal or as destructive when compared to kinetic attacks, the operations must be performed by uniformed military personnel. This is a significant limitation to engaging in offensive cyber operations since cyber agencies like the NSA are not uniformed members of the United States military and could theoretically face international prosecution for engaging in offensive cyber operations. Conclusion As the research shows, the International Strategy for Cyberspace which the Obama administration published in 2011 outlines the principles the United States will adhere to when confronting the challenges of cyberspace. While the principles outlined in the strategy are critical for ensuring national security, close examination shows they strictly relate to defending against cyber-attacks. The Department of Defense’s Cyber Strategy publication expands on the Obama administration’s international strategy and defines three primary cyber missions. Two of the missions are associated with defending military networks and the United States’ national interests. The third mission, however, explicitly supports the use of offensive cyber operations if directed by the President or the Secretary of Defense and refutes the hypothesis of the primary research question. Although permissible according to current strategy, any offensive cyber operations conducted should operate within the previously defined law of armed conflict (LOAC) whenever possible. Unfortunately, operating under this international paradigm leaves significant gaps, such as which targets are permissible to attack, the amount of damage allowable and which agencies are legally permitted to mount an attack. These gaps should be further explored and the national cyber strategy continue to be refined in accordance with international norms.
  • 15. U.S. Cyber Strategy and Offensive Cyber Operations NSEC506 – Nov/Dec 2015 Mark Raduenzel Page 14 of 14 References Colarik, Andrew M. and Lech Janczewski. 2012. "Establishing Cyber Warfare Doctrine." Journal of Strategic Security 5, no. 1: 31-48. Department of Defense. 2015. “The Department of Defense Cyber Strategy.” April. Dunlap, Charles J. 2011. "Perspectives for Cyber Strategists on Law for Cyberwar." Strategic Studies Quarterly. Spring: 81-99. Farnsworth, Timothy. 2011. "Pentagon Issues Cyber Strategy." Arms Control Today 41, no. 7: 37-38. Geers, Kenneth. 2012. "Strategic Cyber Defense: Which Way Forward?" Journal of Homeland Security and Emergency Management 9, no. 1: 1-10. Kellner, Douglas. 2004. "Preemptive strikes and the war on Iraq: a critique of Bush administration unilateralism and militarism." New Political Science 26, no. 3: 417-440. Mearsheimer, John. 2005. "Hans Morgenthau and the Iraq war: realism versus neo- conservatism." opendemocracy.com, posted May 19. Samaan, Jean-Loup. 2010. "Cyber Command: The Rift in US Military Cyber-Strategy." The RUSI Journal vol. 155, no. 6: 16-21. Schmitt, Michael N. 2014. "Rewired warfare: rethinking the law of cyber attack." International Review of the Red Cross 96, no. 893: 189-206. Young, Mark D. 2010. "National cyber doctrine: the missing link in the application of American cyber power." Journal of National Security Law & Policy vol. 4, no. 1: 173-196. White House. 2011. “International Strategy for Cyberspace: Prosperity, Security, and Openness in a Networked World.” May.