Tag: cyberwars

What Should You Read on Cyber Security?

https://www.duckwranglers.com/wordpress/wp-content/uploads/2010/09/duck_pc.jpgEditor’s Note: This is a guest post by Brandon Valeriano of the University of Glasgow and Ryan C. Manes of the University of Chicago, Illinois. Brandon asked if we could run a bibliography on Cyber Security, and we happily agreed. If anyone else is interested in submitting bibliographies to be archived at the Duck of Minerva, drop us an email.

It is that time of the year again – that time when everyone considers updating their syllabus. So you have an interest in cyber security but have not taken the time to develop a reading list. Well here it is, I have, unfortunately, dived into the topic. The following includes a one day-version and then a more detailed list to can be used to develop a class, graduate seminar day, or to prep for a debate.

(Thanks to Hans-Inge Langø for asking the original question that promoted this post and suggesting a few things I was missing)

Of course I may have left some things out. This is a developing literature so we will update as time goes on. Feel free to  tweet suggestions to @drbvaler. We attach many of our own writings here, mainly because we are a glutton like that but also because our book on Cyber Conflict is not out yet. The premium here, at least for us, is on social-scientific and peer-reviewed articles and books rather than popular speculation. Our goal is to present the entire range of the field, from the cyber threat hype folks, to the more measured reactions, to the cyber skeptics. Continue reading


Cyber Events Data and Foreign Policy Reactions

Editor’s Note: This is a guest post by Ryan C. Maness of the University of Illinois at Chicago and Brandon Valeriano of the University of Glasgow.

In the rush to note the changing face of the battlefield, few scholars have actually examined the impact of cyber conflict on foreign policy dynamics. Instead most studies are of a hyperbolic nature that suggests the wide ranging impact of cyber conflict on daily social and military life. Here we attempt to cut through the bluff and bluster to examine exactly what happens between countries when cyber conflict is utilized as a foreign policy choice using week events data.

In our previous work we noted that while cyber conflict is proliferating, the level of attacks remains minimal when compared to actual state capabilities and general expectations. Using our dataset of cyber incidents and disputes, we measure the level of conflict and cooperation observed after a cyber incident and dispute to understand the true impact of this new tactic on foreign policy dynamics.

Our work on cyber conflict focuses on rivals which are basically active and historic enemies. It would be thought that during a rivalry, a situation of constant and historic animosity exists, a state will do all it can to harm the other side. If a rival uses a cyber operation to harm its enemy, the likely response should be characterized by further conflictual relations. We therefore expect that cyber incidents and disputes will lead to an escalation of hostility between rivals. Continue reading


Perceptions and Opinions of the Cyber Threat

This is a guest post by Brandon Valeriano and Ryan Maness.

Cyberwar is a pressing international security problem. The news media breathlessly covers any potential attack before the facts are in. Policy briefs and reports are produced on all levels of government and private industry. It would then behoove us to take a step back and examine opinions about the cyber security threat according to perceptions among policymakers, academics, and cyber security experts in order to understand how the threat emanating from the cyber security realm is constructed in the public discourse. Each constituency has its own view on the issue and how these views manifest is critical to perceptions about the wider societal threat coming from cyberspace.

Continue reading


Skyfall and Cyberwar: James Bond Enters the Digital Era

This is a guest post by Brandon Valeriano of the University of Glasgow. The post contains mild spoilers, so considered yourself forewarned.

Cyberwar is everywhere. I am sure there is some selection bias in my perspective, but I canít read the news without finding another ‘cyberwar will be the new 9/11‘article. The narrative? Our digital futures are in a precarious balance and threatened by the great cyber powers itching to destroy our lives, finances, and prevent access to the Playstation network through cyber attacks.

Now James Bond is getting in on the fun with Skyfall. In the disastrous first act (at least for me, although the overall movie might be a top five Bond film ever), the villain turns out to be a skilled cyber warrior. He is capable of blowing up buildings with a simple virus and his entire criminal enterprise seems build on his cyber abilities.
Continue reading


Cyber warfare and legal responsibility: drifting further apart?

Two cyber warfare trends are catching the eye, but both raise the same major question. First, cyber attacks have been democratised in recent years because of social media and easy to use denial of service attack (DDoS) tools. Popular armies have returned, made up not of a mass of bodies charging, a Clausewitzian centre of gravity on a field, but constituted by curious and enthusiastic citizens on the internet. As William Merrin argued at a keynote in 2009, security has been crowdsourced. US officials set up webcams along the Mexico border so that citizens can sit at leisure and watch for shadowy figures moving through the desert (and they do watch). Other national leaders have encouraged citizens to launch DDoS attacks against strategic targets. Sometimes, ordinary people just feel the urge to participate without any guidance, for instance the ‘Help Israel win’ group of students who targeted Hamas in the 2008-09 Gaza conflict. If thousands or even millions of people act collectively this way, where does legal responsibility lie for any harm caused? Is there legal responsibility for encouraging people to participate? Are people using digital media today out of patriotic gusto in ways that will later incriminate them?

Second, news media have reported a new super-cyber-weapon this week, the first digital nuke, apparently capable of destroying real-world objects. Previous malware just shut down systems or stole data. Once this new piece of malware touches a digital system (e.g. through a USB stick) the malware itself secretly takes control of the system, and can make it destroy whatever it is managing – a bank, a nuclear plant, whatever you can imagine. The designer can tell it what to target, but thereafter the software does its own thing. In terms of responsibility, whoever funds, designs and delivers such a weapon would seem the locus of responsibility. But not many nations have the expertise to detect such software. Successful attacks would just seem like industrial mishaps. Expect reports of mystery explosions near you (especially if you live in Iran).

Where does this leave international law? We’ve caught up with World War II and the regulation of mass armies and nukes. Who has the technical expertise, political will and diplomatic savvy to draw up laws for a world of crowdsourced armies and weaponized software?

(Cross posted from the New Political Communication Unit blog)

Preemption News

Search the current White House website for the phrase “Bush Doctrine” and “no results” are returned. However, as I’ve previously argued, that does not mean the Obama administration has abandoned the Bush view of “preemption” (which was really a rebranding of preventive war).

This week, the Pentagon has announced a new cyber-spin on “preemptive war”:

The Pentagon is contemplating an aggressive approach to defending its computer systems that includes pre-emptive actions such as knocking out parts of an adversary’s computer network overseas – but it is still wrestling with how to pursue the strategy legally.

The Washington Post reports that the Department is developing a range of weapons capabilities, including tools that would allow “attack and exploitation of adversary information systems” and that can “deceive, deny, disrupt, degrade and destroy” information and information systems, according to Defense Department budget documents.

General Keith Alexander, who leads the Pentagon’s new Cyber Command is quoted as saying “We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us.” These attacks are more than just hypothetical, as detailed in the September/October 2010 issue of Foreign Affairs.

The Post article mentions clearly legal defensive measures the Pentagon could employ when it anticipates attacks — firewalls, password protection, etc. Plus, the U.S. could try to resolve potential disputes without force, with diplomacy perhaps. And, of course, General Alexander implies a retaliatory attack, which would presumably be legal.

But the notion of striking first seems to have been engrained in the defense community’s culture over this past decade.

Luckily, at least some bureaucrats within the administration still recall the illegality of preventive attacks:

Government lawyers and some officials question whether the Pentagon could take such action without violating international law or other countries’ sovereignty.

Apparently, the U.S. has already engaged in questionable cyber-preemptive attack:

The military’s dismantling in 2008 of a Saudi Web site that U.S. officials suspected of facilitating suicide bombers in Iraq also inadvertently disrupted more than 300 servers in Saudi Arabia, Germany and Texas, for example, and the Obama administration put a moratorium on such network warfare actions until clear rules could be established.

The CIA, by the way, is apparently upset that the Pentagon’s strikes would bound to be covert — and that domain belongs to CIA. Turf war!


Cyber Developments: National Security Edition

The Wall Street Journal reported today that hackers have breached classified data on the United States’ Joint Strike Fighter (JSF) program (the F-35). (For those without a subscription, here is the Reuters story). The scale and nature of information the hackers were able to obtain appears quite significant–however, the most sensitive data did not reside on servers connected to the web, which is good news.

The default suspect is, of course, China (why you say? see here). However, given the value of the data for both potential adversaries and, frankly, countries that are not in some way privey to this program (for an overview of international participants and potential buyers, see here), there should be no shortgage of potential suspects. I’d like to float a specific one: North Korea

North Korea has both the motive and, potentially, the means for carrying out such an attack.


The DPRK has both a security and financial motive for stealing information regarding the JSF program. Security wise, the US is an obvious adversary. It isn’t beyond reason that the JSF could, at some point, be used against them in some sort of defensive or preventive strike. Devising ways to counter the advanced aircraft would certainly be useful. Financially speaking, it is no secret that the DPRK is a major arms trader and has no qualms about doing business with regmies that are hostile to the United States and its allies. One can imagine a healthy market for such intelligence.
It’s all well and good to have motive, but could the DPRK actually pull it off? Possibly. The North Koreans have already launched cyber attacks against South Korea and, interestingly enough, hacked into the US Department of Defense. While information on the regime is always foggy, it appears that this is an area of relative strength for the North and one where they are investing for the future (for a summary of capabilities, see here).

Admittedly, this is all conjecture on my part. Regardless of the identity of the perpetrator, this event does raise some interesting questions about Cyber security and assymetric warfare.


The Year’s Under-reported Stories

Foreign Policy has released its annual “Top Ten Stories You Missed in 2007.” Among the contenders:

1. The Cyberwars Have Begun. However, see Miriam Dunn Cavelty’s article “Cyberterrorism: Looming Threat or Phantom Menace” in the inaugural issue of the Journal of Information Technology and Politics.

2. US Navy is in Iraq for the Long Haul. And a good thing too, if trade in the Arabian Gulf is to be protected from the emerging threat of piracy, which is on the rise off the coast of Iraq and is already thriving in other areas of the world characterized by state failure. See the International Analyst Network for more.

3. Rifts Within Al-Qaeda Widening. But is this really news? The movement has always been less monolithic than it has been portrayed by the West.

4. And my favorite, we have evidently “entered” the era of robot warriors. According to FP:

“Although militaries have used robots for everything from minesweeping to defusing bombs, the new “special weapons observation remote reconnaissance direct action system”–or SWORDS–is different. For one, it’s packing heat: an M249 machine gun, to be exact. It can fire on a target from more than 3,000 feet away. So far, three of these $250,000 robots have been deployed to Iraq to conduct dangerous ground operations that would otherwise put soldiers’ lives at risk.”

Well, now we’re ready to crush the rebels! On to Planet Hoth!


© 2021 Duck of Minerva

Theme by Anders NorenUp ↑