Cyber Conflict

Cyber conflict #

Nation-state-level hacking #

Motivations #

  • Financial gain (IP theft, economic development)
  • Information collection (espionage)
  • Covert action (information operations, sabotage)
  • Armed conflict (if there is one already, or to start one)
  • “Prepare the battlefield” - gain access to targeted system now to take action on it later
  • “Hold at risk” - deterrence measures; let other side know you can damage their asset

Retaliation options #

  • Ignore it
  • Make threatening noises, but don’t do anything (i.e., send ships to the area)
  • Indict individual state-affiliated hackers
    • ex: APT 38 (NK), APT 40 (CN), Sandworm (RU)
  • Restrict exports to foreign entities involved in hack
    • Makes it harder for foreign countries to attract investment
  • Sanctions (e.g., Biden’s Russia sanctions in April 2021)
    • Economic sanctions: impede economic growth
      • Freeze individual assets, add travel restrictions
      • Cut off business to entities
    • Diplomatic sanctions
      • Kick out individual diplomats: Russian diplomats expelled in 2018 and 2021
      • Close an entire embassy/consulate: China consulate closure (Houston, 2020); Russia consulate closures (San Francisco, 2017; Seattle, 2018)
  • Cyber counterstrike

Computer Network Operations #

  • Computer Network Defense (CND)
    • Includes actions taken via computer networks to protect, monitor, analyze, detect and respond to network attacks, intrusions, disruptions, or unauthorized actions that would compromise or cripple defense information systems and networks
  • Computer Network Explotation (CNE)
    • Includes enabling actions and intelligence collection via computer networks that exploit data gathered from target
  • Computer Network Attack (CNA)

Threat reduction strategies #

  • Defense: minimize harm you would suffer if undesriable action occurs by maximizing relevant defenses and establishing resiliency
  • Deterrence: Convince them not to take undesirable action by maximizing their expected costs and minimizing their expected benefits
  • Disruption: Prevent the other state from becoming capable of taking the undesirable action, or if it has capability already, destroy or degrade it

US cyber agencies and policies #

Cybersecurity and Infrastructure Security Agency #

  • Since 2018, CISA has been a standalone agency under DHS oversight
  • In charge of physical and cyber security of federal networks and critical infrastructure
    • Protecting civilian federal agencies: ordering federal agencies to fix known exploited vulns
    • Expanding role of collaboration with private sector to increase security of critical networks
      • Conducts vuln assessments, provides tools and training, provides info on emerging threats and hazards so appropriate action can be taken
    • Last year, got subpoena power to warn critical infrastructure systems of vulns via their ISPs

Cyberspace Solarium Commission report (March 2020) #

  • Bicameral, bipartisan, intergovernmental body created by NDAA 2019
  • Develops comprehensive strategic approach to defend US in cyberspace
  • Report’s overal vision: “layered cyber deterrence”
    • Less offense-focused, more defense-focused
    • Protective layers to limit adversary options for using cyberspace against US:
      • Shape behavior: work with allies and partners to promote responsible behavior in cyberspace and isolate bad actors via non-military mechanisms
      • Deny benefits: private/public collaboration to secure critical networks and build resilience
      • Impose costs: Build capacity to “defend forward” and retain US offensive capabilities
    • Goal: change would-be attackers’ cost-benefit calculus to reduce attack frequency/severity

Previously-secret U.S. authorities for cyber operations #

  • National Security Presidential Memorandum (NSPM) 13 (2018)
    • Finally disclosed to Congress in early 2020, since mandated in NDAA 2020
  • 2018 Presidential finding authorized CIA covert cyber operations against CN/RU/IR/NK
    • CIA no longer has to seek review by NSC for covert cyber ops
    • Easier for CIA to damage adversaries’ critical infrastructure (cut off electricity, for example)
    • Previously off-limits targets (e.g., banks) are now in-bounds
    • Lower evidentiary burden to attack media orgs, charities, religious groups, etc believed to operate on behalf of foreign intelligence services
    • By 2020, CIA already carried out operations, including against Iran

Domestic law relevant to cyber conflict #

  • Executive: very active in this area
    • NSPM-13 (2018)
    • Executive order 14024 (2021)
  • Congress: has powers to declare war, regulate, terminate uses of force, and appropriate money
  • Courts: less active in this area, since actions are occurring abroad