Research Portfolio Post #5: Research Puzzle Proposal

I am proposing to research cyberwarfare in the context of the actor because I hope to explain the variation in cybertactics between the Islamic Republic of Iran and the United States of America. The goal of this is to help my reader understand the decision making process behind a nation’s selection of a cyberstrategy.

This topic is a puzzle because the United States is a proponent of the theory of forward defense when it comes to cybersecurity, while the Iranian Republic views the cyber world in the context of misinformation and the rooting of cyber nodes via online attacks; the United States sees the battlefield as a fight over connectivity. These are diametrically opposite viewpoints which require different infrastructures and unique methodologies in order to be successful on the cyber battlefield. Cyberwarfare itself is an emerging non-kinetic battlefield which has real world ramifications and brings up questions of supremacy and resiliency.

In 2018, the United States Cyber Command released a report detailing the threats, as well as the way forward for dealing with these threats, posed against the United States. Within this debate, they promote the theory of resiliency and connectivity as the means to achieve supremacy in a cyber war. To achieve this, Cyber Command believes the United States should be “defending forward as possible to the origin of adversary” and maintain “constant engagement to impose imposes tactical friction and strategic costs on adversaries, compelling them to shift resources to defense and reduce attacks.”[1] Furthermore, targets should be selected based on the node’s proximity to an intelligence sink in order to maximize connectivity damage. By outlasting the enemy, as well as targeting their infrastructure, US Cybercommand believes internet supremacy can be achieved.[2]

Paul Nakasone, the current head of the National Security Association and US Cybercommand, detailed, in both an interview and an article submission, to Joint Force Quarterly on why he believes this strategy will be the most successful in pursuing American interests. Nakasone promotes the theory of Persistent Engagement by explaining that not only does targeting of CIKR (Critical Infrastructure and Key Resources) lead to cyber supremacy, it also leads to greater battlefield resiliency as “strategic effects in cyberspace come from the use—not the mere possession—of cyber capabilities to gain the initiative over those who mean [the United States] harm.”[3] This, in brief, is the concept of habitual learning.

Contrary to the cyberwarfare philosophy represented in US Cyber Command briefing, James Lewis of the Center for Strategic and International Studies claims that Iran is following a different path when it comes to cyberwarfare. He claims that Iran is using “its extensive experience in covert activities to help guide its strategy and operations using cyber as a tool for coercion and force.”[4] The Iranian strategy has been described as “a delicate game of chicken” where they are constantly probing for weaknesses as well as potential data for exploitation.[5] The Islamic Republic does not have a comparable expenditure base to the United States when it comes to cyberwarfare methods. However, Iran has proved particularly adept at skewed force projection comparable to funding; “Iran’s trajectory shows how a medium-sized opponent willing to allocate resources can build cyber power.”[6]

Frank Cilliffo, director of the Homeland Security Policy Institute, presents the puzzle of Iranian cyberwarfare methods through the context of potential damages to the United States. He reported to Congress on how the Basij, an Iranian voluntary paramilitary group, and a hacker-for-hire group called the Ashiyane have been employed by Iran to target high-visibility targets “which could provide Iran an avenue for psychological operations directed against the U.S. public.”[7] This, he explains, paired with the tendency of Iranian Quds forces to utilize rooting software and trojan horses, represents the emerging threat of the Iranian cyber force. The threat of Iranian cyberwarfare methods are perhaps greater than their actual capabilities, but Iran does utilize their cyber forces as a preventative and, oftentimes, reactionary tool which aims to dissuade cyber aggression.[8]

In the context of the United States interest in cyberwarfare, the question of when, why, and how a state utilizes the cyber tools at its disposal is incredibly important. Nakasone himself repeats the infamous Sun Tzu quote, “if you know the enemy and know yourself, you need not fear the result of a hundred battles,” to explain this concept.[9] Furthermore, understanding and exploring the variables which determine an actors role on the cyber battlefield could lead to greater success in both preventative and offensive action.

Further questions include, but are not limited to, questions of exploring more broad patterns across the board as well as individual case studies. For example, the question “what explains the variances in cyberwarfare tactics utilized by international actors,” would cover many bases and variable. Conversely, asking “why does the United States rely on Hackleburg and resiliency-based cyberwarfare tactics” would allow for an interpretivist exploration of a single case study.


[1]“Command Vision for US Cyber Command: Achieve and Maintain Cyberspace Superiority,” United States Cyber Command, 23 March 2018.


[3]William Eliason, “An Interview with Paul Nakasone,” Joint Force Quarterly Vol. 92(1), January 2019, 4-10.

[4]James Lewis, “Iran and Cyber Power,” Center for Strategic and International Studies, 25 June 2019.



[7] Frank Cilluffo, “The Iranian Cyber Threat to the United States,” The George Washington

University Homeland Security and Policy Institute, 26 April 2012.


[9]Paul Nakasone, “A Cyber Force for Persistent Operations,” Joint Force Quarterly Vol. 92(1), January 2019, 10-15.

Research Portfolio Post #4: Article Comparison

Cyberwarfare Supremacy Theories

Within cybertheory, two of the popularized arguments on how to gain supremacy are broken into the fields of connectivity and denial of service, and the field of misinformation and data analyzation.[1]

The first source that I chose to explore is Nef Abuzainab and Walid Saad’s wargame, “Dynamic Connectivity Game for Adversarial Internet of Battlefield Things Systems,” which explores cyberwarfare through the strategy of resiliency. Through their simulation, they hope to explain how a cyberwar can be won and be offered as a military edge to troops on the ground. It shows, with resiliency being the goal, that cyber military institutions should attempt to maintain connectivity between data nodes and sinks at all times. This creates a scenario where one’s adversary is consistently destroying nodes which are simultaneously replaced by redundant ones. A potential downside to this strategy is the potential for a back and forth, but the authors were able to employ a Stackleberg method to predict responsive roles. The connectivity scenario saw a 46% increase wargame simulation victory.[2]

The second source I explored is Nef Abuzainab and Walid Saad’s wargame, “A Multiclass Mean-Field Game for Thwarting Misinformation Spread in the Internet of Battlefield Things,” which explores cyberwarfare through the strategy of information filtration. The authors identify the spread of misinformation and data infection as hurdles to cyber supremacy that also add a weight to an actor’s resiliency matrix.  Their solution to this problem is “a distributed approach in which each IoBT node decides whether or not to accept the received information at each time instant, in order to limit the propagation of misinformation,” through the utilization a of mean-field equation. This tactic of data filtration and node acceptance of information found a 120% increase in the targeting and quarantining of infected nodes.[3]

The normative sources utilize game theory and various equalizing methods to create simulations that reflect a cyberwarfare scenario. I will utilize these sources in concert with other sources that I have collected to show how the various military forces employ differing cyber tactics with the end goal of supremacy gain or retention.

[1]Paul Nakasone, “Command Vision for United States Cyber Command: Achieve and Maintain Cyberspace Superiority,” United States of America Cyber Command, 2018.

[2]Nef Abuzainab and Walid Saad, “Dynamic Connectivity Game for Adversarial Internet of Battlefield Things Systems,” Institute of Electronic and Electrical Engineers, 2017

[3]Nef Abuzainab and Walid Saad, “A Multiclass Mean-Field Game for Thwarting Misinformation Spread in the Internet of Battlefield Things,” Virginia Polytechnic Institute,  2018.


Research Portfolio Post #3: Philosophical Wagers

In my eyes, ontology is the study of what is through the lens of a research model. This pairs well with the writings of sociologist Andrew Abbott, where he describes social ontology through the various lenses which he proposes can be used to study his field.[1]For example, in the positivist realm of thought, the world is a vast array of empirical values which can be made into predictive patterns. However, without positivist ontology, this array could not be organized and made sense of. The way that this is achieved is through a research methodology. A methodology is an organized research plan which is employed to find either an answer or greater understanding of a research area. Every academic discipline value a different methodology, or even sub methods within the overall umbrella of that discipline, and it is the job of the researcher to match their own methodology with that of their discipline in order to convey credibility.


As much as one strives to unbiased or downright apathetic toward their field of research, total objectivity remains impossible. Be it from societal influences or ethnic background, there will always be some form of bias present in one’s research. That being said, I believe empirical data points can be derived from many different sources without a normative influence. Of course, this depends entirely on the subject area under question. Cultural and historical relativism must come into play when asking comprehensive research questions. Abbott himself brings up this debate while discussing the divide between Behavioralist and Culturalist realms of thought. He states that there is no real answer to this debate, and one will simply agree on their own research practices based on whether or not they lean toward positivism or interpretivism.[2]In my own opinion, as long as a researcher attempts to be objective as possible, explores other avenues of thought, and explains their methodology coherently, then they have successfully checked all of their metaphorical boxes.


I would make the claim that there is little to no subject which cannot be researched and be explained through a positivist lens. Furthermore, a researcher does not necessarily have to be in the field to have expert knowledge. This does not exempt positivist researchers from having first person knowledge though, as this can be collected through primary sources. As it relates to my own research project, I would make the claim that the world is a puzzle that simply needs to be put together in order to create predictive models. Certain facts of life, such as power, are constant and in the context of the cyberwarfare debate, it is the goal of a nation state to have a comprehensive defense plan with power projection capabilities. As shown by the nuclear arms race, people like to be the most powerful and this same constant can be applied to cyberwarfare. However, there are also social forces at play in this debate, in the form of differing standards of privacy and practices that are determined at the cultural level. All-in-all, I believe that positivism shows the clearest example of what comprehensive research should be. This statement is not meant to belittle other research styles, but in this debate, the winning candidate is front and center.

[1]Abbott, Andrew, “Methods of Discovery: Heuristics for the Social Sciences,” (New York: W.W. Norton & Company, Inc, 2004), 52.

[2]Abbott, Andrew, “Methods of Discovery: Heuristics for the Social Sciences,” (New York: W.W. Norton & Company, Inc, 2004), 44.

Research Portfolio Post #2: Mentor Meeting

I met with Dr Rovner on September 5thfor 30 minutes to talk about my research project and the puzzles involved with it and, honestly, the conversation was extremely helpful. Overall, the conversation can be broken down into for main parts: the militarization of the internet, intelligence services and the internet, global projection vs national interest, and alarmist sources.

With the militarization aspect, we realized that perhaps developing a framework for legislation was too ambitious and the question that should instead be asked is how the military utilizes the internet in the modern age. The main utilization is communications but there exists a reluctance to completely use internet communiques instead of radio and direct line due to a variety of factors from false signals to data interception. For this question, I think I would employ a small-n or a large-n research practice to get empirical data on different services and sub-groups.

The Intelligence services and global projection vs national interest sections fall into relatively the same category in my opinion. For example, the United States, since the early nineties, has been a proponent of a free and fair internet that is universally accessible and safe. The question which can then be asked is how the United States intelligence services utilizes the internet vs foreign intelligence services in the context of global power projection vs national interest. For example, China has no qualms employing malware and trojan horses as it is in their national interest to do so, but the United States is attempting to remain the internet hegemon without sacrificing their normative values.

Finally, we talked about how many of the sources on cyberterrorism could be classified as alarmist as they present the worst possible scenario to their audience. This reminded me of the normative vs positivist research styles, and it has also pushed me toward thinking in a more positivist style in order to avoid, or at least give context to, sources which lean toward alarmism.

Moving forward with my project, I am either going to refocus it on how the military or intelligence services employ the internet to further their goals. Dr Rovner also showed me a source for US CyberCom which outlines the practices and methodologies of the Unites States as of 2019. I think I am going to employ positivist and small-n/ large-n research models as I think they will work best too.

Research Portfolio Post #1: Research Interests

The Internet of Things is the popularized theory that as technology progresses, the internet will become even more pervasive as a form of communication between, quite frankly, everything. This theory is already becoming actualized with the introduction of smart home technology, which connects every aspect of a person’s domestic life, and the utilization of cloud databanks to store personal information.

American University Professor Laura DeNardis notes as much, claiming that the “Internet of Things represents a new policy frontier for global technological policy makers as well as a significant risk for global consumers.”[1]The risk comes in the form of privacy breaches and cyberterrorism which potential for catastrophic damage has scaled exponentially in concert with the growth of the internet.

To that end, I will be focusing my research toward global policy frameworks which will help limit the potential for disaster via cyber-attacks. This work is akin to non-proliferation treaties (NPT) such as the Nuclear NPT of 1970 and the chemical weapons convention of 1997 which continued the ban on chemical weapon in warfare. Because of the topic, there are a plethora of potential rabbit holes in which my research could take me. However, with the insights of my academic mentor, Dr Josh Rovner, I am confident we will be able to whittle this topic down to a manageable size.

Similarly, I had the opportunity to work with American University Professor Nanette Levinson who was able to direct my project towards the International Studies theory of global governance. Dr Levinson is a proponent of the theory that international change can only be achieved through a multistakeholder approach which shows clear benefits for all parties involved[2]. I plan to use the models provided by Dr Levinson to establish the potential actors involved in this project, as well as possible paths towards legislation.

[1]DeNardis, Laura and Mark Raymond. “The Internet of Things as a Global Policy Frontier.” University of California, Davis Law Review 475. (2017). DOI:

[2]Levinson, Nanette and Meryem Marzouki. “International Organizations and Global Internet Governance: Interorganizational Architecture.” Information Technology and Global Governance. (2016). doi: