I am studying the ever-changing cyberstrategy of the United States from 1990 to present because I want to find out what explains the changing public discourses regarding the usage of cyber weaponry and tactics. The goal is to explain to my reader how the modern iteration of cyberwarfare being conducted by the United States has come to fruition.
The discourse surrounding cyberwarfare has always been directly tied to that of the conversation surrounding the rights of man and the just war doctrine. The NSA’s General Counsel, Glenn Gerstell, revealed that the United States relies on the fact that an offensive action must connotate imminent danger, and Cyber Command can only respond if this condition is met. Within the military apparatus, this theory is unpopular as it permanently places the United States on the defensive which Paul Nakasone, Commander of US Cyber Command, says is a route to defeat. By ignoring the Just War Doctrine, Nakasone argues that the United States must defend forward through offensive cyber action in order to maintain supremacy. These interviews directly tie into each other and show the discourse existing within the military and United States cyber infrastructure.
This same discourse exists in the political realm with Representative Mike Rogers arguing that the cyber infrastructure of the United States is too separated and focused on defensive action. He argues that while the role of independent cybersecurity departments are critical, they need to all be branched under the United States Cybercommand in order to triangulate targets for elimination. Conversely, Representative Jim Langevin argues that the power of the United States Cyber infrastructure should be split across multiple institutions in order to promote stability and oversight. Similarly, the United States must not resort to offensive action in cyberspace as that will create a precedence of instability.
Wayne C. Booth, Gregory G. Colomb, Joseph M. Williams, Joseph Bizup, and William T. Fitzgerald, The Craft of Research (4th ed.), Chicago: University of Chicago Press, (2016): 54.
Colonel James Cook, “‘Cyberation’ and Just War Doctrine: A Response to Randall Dipert,” Journal of Military Ethics 9, no. 4 (December 2010): 413.
Glenn Gerstell, “Confronting the Cybersecurity Challenge” Duke Law School: Law, Ethics and National Security Conference 2017, (2017): 2-3.
Col William T Eliason, “An Interview with Paul Nakasone,” Joint Force Quarterly 92, no. 1 (January 2019): 6.
Representative Mike Rogers, “Stovepiped Cybersecurity,” Keynote at Scoops News Group Cybersecurity Conference, (2017): 1-5.
Representative Jim Langevin, “Langevin Statement on Trump Administration’s Refusal to Provide Congress with Cyberspace Operations Directive,” Media Office of Jim Langevin, (July 2017).
The small-n research question which I aim to research is, “What explains the variances in cyber strategy utilized by the China, Iran, North Korea, Russia, and the United States?”
The dependent variable for this question is ultimate selection of a cyberstrategy as outlined by Brandon Valeriano. Similarly, Valeriano’s work will be used to operationalize the variable by classifying state cyber actions as espionage, disruption, or degradation-based attacks. This itself reveals the other qualitative sources in the form of past and ongoing cyber-attacks which will need to be explored in order to create an index for consultation which draws variables such as the target, type of target, immediate and lasting effects, for example.
These case studies were selected due to their relatively high rankings on the Global Cybersecurity Index (GCI) as well as the fact that they represent the origins for the vast majority of cyber events. These states are constant competitors on the internet battlefield and have been recognized as such with their servers representing the naissance point for malware. That being said, these cases only spread across international state actors and do not take into account hacktivist groups like Anonymous and terror organizations like Al-Qaeda, which have equally proved adept on the cyber battlefield.
While the dependent variable itself may be answered with only one of the independent variables (effect), the independent variables themselves are influenced by a wide array of cyber indicators inside a state from the GCI to the ICT Development Index (IDI). Similarly, the Kaspersky Lab has helped to digest the actual malware by explaining their origins, makeup, sourcing, and effects. An example of this, is their detailed report on the Stuxnet worm, with whom they credited to the United States’ National Security Association, which targeted Iranian centrifuges with an information gathering and self-destructing kill-switch.
Finally, the concept of national interest comes into play when viewing the dependent variable value of the separate case studies. For example, Iran certainly has the ability to conduct extra-territorial infrastructure attacks, showing that it could be claimed they follow a disruption-based strategy . However, such an attack would merit a response in which they potentially could not whether, pointing toward the fact that they might prefer an espionage-based strategy.
These qualitative sources approach the dependent variable from their own case studies but reveal through their data how an international state can employ their cyber forces. What remains to be seen, through a greater collection of sources, is if the national interest of a country paired with their actual malware creates a scale or independent strategies as shown through the operationalization of the dependent variable.
Brandon Valeriano and Benjamin Jensen, “How Rival States Employ Cyber Strategy,” Oxford University Press, (2018).
“Global Cyber Strategies Index,” Center for Strategic and International Studies: Technology Policy Program, pp. 1-6.
Aleks Gostev and Costin G. Raiu, “Unravelling Stuxnet,” Kaspersky Lab, (29 September 2010).
David Bieda and Leila Halawi, “Cyberspace: A Venue for Terrorism,” Embry-Riddle Aeronautical University 16, no. 3 (2015): 33–42.
ICT Data and Statistics Division, “ICT Development Index,” International Telecommunication Union Publications,” (February 2019), pp. 3-204.
Aleks Gostev and Costin G. Raiu, “Unravelling Stuxnet,” Kaspersky Lab, (29 September 2010).
James Lewis, “Iran and Cyber Power,”Center for Strategic and International Studies, (25 June 2019), https://www.csis.org/analysis/iran-and-cyber-power.
Frank Cilluffo, “The Iranian Cyber Threat to the United States” (United States House of Representatives: The George Washington University Homeland Security Policy Institute, 2012).
I hope to explain the variances in cyberwarfare tactics utilized by international actors.
By finding empirical data and creating a matrix of the differing cyber tactics, and then applying them to international actors involved in the cyberwarfare landscape, I will be able to see how actors employ differing methods to achieve their cybersecurity goals. To achieve this, my research question needs meet the large-n standards of framing:
“What explains the variances in cyberwarfare tactics utilized by international actors?”
Data that has been collected to meet this question comes primarily from government and business sources. There is, however, historical difficulty in collecting empirical data points of this type as both state and business actors are often reluctant to release information proving that their cyber landscape has been penetrated. The first database chosen for extrapolation comes from the Home Office of United Kingdom and presents cybercrime committed against businesses based in England and Wales. The second database comes from IPSOS Mori Social Research Institute and presents information through survey format by asking businesses the type of incursions which occurred as well as the damages that resulted from the hack.
Managing this data in a meaningful way is where the answer to my research question will be able to be derived. These sources only provide information based around the United Kingdom so databases from other locales would also be needed to create a comprehensive large-n analysis. However, these databases alone present many of the independent variables which can be explored to answer the dependent variable presented in the research question.
This dataset presents a possible example of how a statistical analysis can be presented. While variables such as cost incurred, target, monetary cost, and number of incursions are important, the source variable is the most important as once an analysis is done of other targets, the perpetrators and their tactics can start to be drawn out. As presented by Ryan Maness’ codebook, all of these variables can be presented via numbers as at this moment, there are a finite number of incursion methods which can be given a numerical value. While this dataset is restricted to the United Kingdom, it can be expanded to other actors using the same methodology. However, as said previously, a weakness in these databases are the lack of proper reporting by international actors who are reluctant to show they were penetrated.
“Crime Against Business,” Home Office of the United Kingdom, (2017), doi: https://www.gov.uk/government/collections/crime-against-businesses
“Commercial Victimisation Survey,” IPSOS Mori Social Research Institute, (2017), pp. 229-237. Doi: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/704095/commercial-victimisation-survey-technical-report-2017.pdf.
Ryan C. Maness, Brandon Valeriano, and Benjamin Jensen, “Codebook for the Dyadic Cyber Incident and Dispute Dataset Version 1.1,” available at: https://drryanmaness.wixsite.com/cyberconflcit/cyber-conflict-dataset
I am proposing to research cyberwarfare in the context of the actor because I hope to explain the variation in cybertactics between the Islamic Republic of Iran and the United States of America. The goal of this is to help my reader understand the decision making process behind a nation’s selection of a cyberstrategy.
This topic is a puzzle because the United States is a proponent of the theory of forward defense when it comes to cybersecurity, while the Iranian Republic views the cyber world in the context of misinformation and the rooting of cyber nodes via online attacks; the United States sees the battlefield as a fight over connectivity. These are diametrically opposite viewpoints which require different infrastructures and unique methodologies in order to be successful on the cyber battlefield. Cyberwarfare itself is an emerging non-kinetic battlefield which has real world ramifications and brings up questions of supremacy and resiliency.
In 2018, the United States Cyber Command released a report detailing the threats, as well as the way forward for dealing with these threats, posed against the United States. Within this debate, they promote the theory of resiliency and connectivity as the means to achieve supremacy in a cyber war. To achieve this, Cyber Command believes the United States should be “defending forward as possible to the origin of adversary” and maintain “constant engagement to impose imposes tactical friction and strategic costs on adversaries, compelling them to shift resources to defense and reduce attacks.” Furthermore, targets should be selected based on the node’s proximity to an intelligence sink in order to maximize connectivity damage. By outlasting the enemy, as well as targeting their infrastructure, US Cybercommand believes internet supremacy can be achieved.
Paul Nakasone, the current head of the National Security Association and US Cybercommand, detailed, in both an interview and an article submission, to Joint Force Quarterly on why he believes this strategy will be the most successful in pursuing American interests. Nakasone promotes the theory of Persistent Engagement by explaining that not only does targeting of CIKR (Critical Infrastructure and Key Resources) lead to cyber supremacy, it also leads to greater battlefield resiliency as “strategic effects in cyberspace come from the use—not the mere possession—of cyber capabilities to gain the initiative over those who mean [the United States] harm.” This, in brief, is the concept of habitual learning.
Contrary to the cyberwarfare philosophy represented in US Cyber Command briefing, James Lewis of the Center for Strategic and International Studies claims that Iran is following a different path when it comes to cyberwarfare. He claims that Iran is using “its extensive experience in covert activities to help guide its strategy and operations using cyber as a tool for coercion and force.” The Iranian strategy has been described as “a delicate game of chicken” where they are constantly probing for weaknesses as well as potential data for exploitation. The Islamic Republic does not have a comparable expenditure base to the United States when it comes to cyberwarfare methods. However, Iran has proved particularly adept at skewed force projection comparable to funding; “Iran’s trajectory shows how a medium-sized opponent willing to allocate resources can build cyber power.”
Frank Cilliffo, director of the Homeland Security Policy Institute, presents the puzzle of Iranian cyberwarfare methods through the context of potential damages to the United States. He reported to Congress on how the Basij, an Iranian voluntary paramilitary group, and a hacker-for-hire group called the Ashiyane have been employed by Iran to target high-visibility targets “which could provide Iran an avenue for psychological operations directed against the U.S. public.” This, he explains, paired with the tendency of Iranian Quds forces to utilize rooting software and trojan horses, represents the emerging threat of the Iranian cyber force. The threat of Iranian cyberwarfare methods are perhaps greater than their actual capabilities, but Iran does utilize their cyber forces as a preventative and, oftentimes, reactionary tool which aims to dissuade cyber aggression.
In the context of the United States interest in cyberwarfare, the question of when, why, and how a state utilizes the cyber tools at its disposal is incredibly important. Nakasone himself repeats the infamous Sun Tzu quote, “if you know the enemy and know yourself, you need not fear the result of a hundred battles,” to explain this concept. Furthermore, understanding and exploring the variables which determine an actors role on the cyber battlefield could lead to greater success in both preventative and offensive action.
Further questions include, but are not limited to, questions of exploring more broad patterns across the board as well as individual case studies. For example, the question “what explains the variances in cyberwarfare tactics utilized by international actors,” would cover many bases and variable. Conversely, asking “why does the United States rely on Hackleburg and resiliency-based cyberwarfare tactics” would allow for an interpretivist exploration of a single case study.
“Command Vision for US Cyber Command: Achieve and Maintain Cyberspace Superiority,” United States Cyber Command, 23 March 2018.
William Eliason, “An Interview with Paul Nakasone,” Joint Force Quarterly Vol. 92(1), January 2019, 4-10.
James Lewis, “Iran and Cyber Power,” Center for Strategic and International Studies, 25 June 2019.
 Frank Cilluffo, “The Iranian Cyber Threat to the United States,” The George Washington
University Homeland Security and Policy Institute, 26 April 2012.
Paul Nakasone, “A Cyber Force for Persistent Operations,” Joint Force Quarterly Vol. 92(1), January 2019, 10-15.
Cyberwarfare Supremacy Theories
Within cybertheory, two of the popularized arguments on how to gain supremacy are broken into the fields of connectivity and denial of service, and the field of misinformation and data analyzation.
The first source that I chose to explore is Nef Abuzainab and Walid Saad’s wargame, “Dynamic Connectivity Game for Adversarial Internet of Battlefield Things Systems,” which explores cyberwarfare through the strategy of resiliency. Through their simulation, they hope to explain how a cyberwar can be won and be offered as a military edge to troops on the ground. It shows, with resiliency being the goal, that cyber military institutions should attempt to maintain connectivity between data nodes and sinks at all times. This creates a scenario where one’s adversary is consistently destroying nodes which are simultaneously replaced by redundant ones. A potential downside to this strategy is the potential for a back and forth, but the authors were able to employ a Stackleberg method to predict responsive roles. The connectivity scenario saw a 46% increase wargame simulation victory.
The second source I explored is Nef Abuzainab and Walid Saad’s wargame, “A Multiclass Mean-Field Game for Thwarting Misinformation Spread in the Internet of Battlefield Things,” which explores cyberwarfare through the strategy of information filtration. The authors identify the spread of misinformation and data infection as hurdles to cyber supremacy that also add a weight to an actor’s resiliency matrix. Their solution to this problem is “a distributed approach in which each IoBT node decides whether or not to accept the received information at each time instant, in order to limit the propagation of misinformation,” through the utilization a of mean-field equation. This tactic of data filtration and node acceptance of information found a 120% increase in the targeting and quarantining of infected nodes.
The normative sources utilize game theory and various equalizing methods to create simulations that reflect a cyberwarfare scenario. I will utilize these sources in concert with other sources that I have collected to show how the various military forces employ differing cyber tactics with the end goal of supremacy gain or retention.
Paul Nakasone, “Command Vision for United States Cyber Command: Achieve and Maintain Cyberspace Superiority,” United States of America Cyber Command, 2018.
Nef Abuzainab and Walid Saad, “Dynamic Connectivity Game for Adversarial Internet of Battlefield Things Systems,” Institute of Electronic and Electrical Engineers, 2017
Nef Abuzainab and Walid Saad, “A Multiclass Mean-Field Game for Thwarting Misinformation Spread in the Internet of Battlefield Things,” Virginia Polytechnic Institute, 2018.
In my eyes, ontology is the study of what is through the lens of a research model. This pairs well with the writings of sociologist Andrew Abbott, where he describes social ontology through the various lenses which he proposes can be used to study his field.For example, in the positivist realm of thought, the world is a vast array of empirical values which can be made into predictive patterns. However, without positivist ontology, this array could not be organized and made sense of. The way that this is achieved is through a research methodology. A methodology is an organized research plan which is employed to find either an answer or greater understanding of a research area. Every academic discipline value a different methodology, or even sub methods within the overall umbrella of that discipline, and it is the job of the researcher to match their own methodology with that of their discipline in order to convey credibility.
As much as one strives to unbiased or downright apathetic toward their field of research, total objectivity remains impossible. Be it from societal influences or ethnic background, there will always be some form of bias present in one’s research. That being said, I believe empirical data points can be derived from many different sources without a normative influence. Of course, this depends entirely on the subject area under question. Cultural and historical relativism must come into play when asking comprehensive research questions. Abbott himself brings up this debate while discussing the divide between Behavioralist and Culturalist realms of thought. He states that there is no real answer to this debate, and one will simply agree on their own research practices based on whether or not they lean toward positivism or interpretivism.In my own opinion, as long as a researcher attempts to be objective as possible, explores other avenues of thought, and explains their methodology coherently, then they have successfully checked all of their metaphorical boxes.
I would make the claim that there is little to no subject which cannot be researched and be explained through a positivist lens. Furthermore, a researcher does not necessarily have to be in the field to have expert knowledge. This does not exempt positivist researchers from having first person knowledge though, as this can be collected through primary sources. As it relates to my own research project, I would make the claim that the world is a puzzle that simply needs to be put together in order to create predictive models. Certain facts of life, such as power, are constant and in the context of the cyberwarfare debate, it is the goal of a nation state to have a comprehensive defense plan with power projection capabilities. As shown by the nuclear arms race, people like to be the most powerful and this same constant can be applied to cyberwarfare. However, there are also social forces at play in this debate, in the form of differing standards of privacy and practices that are determined at the cultural level. All-in-all, I believe that positivism shows the clearest example of what comprehensive research should be. This statement is not meant to belittle other research styles, but in this debate, the winning candidate is front and center.
Abbott, Andrew, “Methods of Discovery: Heuristics for the Social Sciences,” (New York: W.W. Norton & Company, Inc, 2004), 52.
Abbott, Andrew, “Methods of Discovery: Heuristics for the Social Sciences,” (New York: W.W. Norton & Company, Inc, 2004), 44.
The Internet of Things is the popularized theory that as technology progresses, the internet will become even more pervasive as a form of communication between, quite frankly, everything. This theory is already becoming actualized with the introduction of smart home technology, which connects every aspect of a person’s domestic life, and the utilization of cloud databanks to store personal information.
American University Professor Laura DeNardis notes as much, claiming that the “Internet of Things represents a new policy frontier for global technological policy makers as well as a significant risk for global consumers.”The risk comes in the form of privacy breaches and cyberterrorism which potential for catastrophic damage has scaled exponentially in concert with the growth of the internet.
To that end, I will be focusing my research toward global policy frameworks which will help limit the potential for disaster via cyber-attacks. This work is akin to non-proliferation treaties (NPT) such as the Nuclear NPT of 1970 and the chemical weapons convention of 1997 which continued the ban on chemical weapon in warfare. Because of the topic, there are a plethora of potential rabbit holes in which my research could take me. However, with the insights of my academic mentor, Dr Josh Rovner, I am confident we will be able to whittle this topic down to a manageable size.
Similarly, I had the opportunity to work with American University Professor Nanette Levinson who was able to direct my project towards the International Studies theory of global governance. Dr Levinson is a proponent of the theory that international change can only be achieved through a multistakeholder approach which shows clear benefits for all parties involved. I plan to use the models provided by Dr Levinson to establish the potential actors involved in this project, as well as possible paths towards legislation.
DeNardis, Laura and Mark Raymond. “The Internet of Things as a Global Policy Frontier.” University of California, Davis Law Review 475. (2017). DOI: https://lawreview.law. ucdavis.edu/issues/51/2/Symposium/51-2_DeNardis_Raymond.pdf
Levinson, Nanette and Meryem Marzouki. “International Organizations and Global Internet Governance: Interorganizational Architecture.” Information Technology and Global Governance. (2016). doi: https://doi.org/10.1057/9781137483591_3.