Cyberspace in Peace and War, 2nd Edition

https://townofosceola.com/3ii4tqy8 Cover Title Page Copyright Contents List of Illustrations List of Acronyms and Abbreviations Introduction Part I. Foundations Chapter 1. Emblematic Attacks Prototypical Events Cybercrime and Other System Intrusions Advanced Persistent Threat Distributed Denial-of-Service Attacks Disruptive and Destructive Attacks Doxing Attacks Conclusions Chapter 2. Some Basic Principles Cyberwar and Cyberspace Layers How Hacks Work Agoras and Castles Most Cyberattacks Have Transitory Effects Chapter 3. How to Compromise a Computer Abuses by Random External Users Abuses by Authorized Internal Users Altered Instructions via Supply-Chain Attack Malware Conclusions Chapter 4. Cybersecurity as a Systems Problem Applications Are Often the Weak Links in the Security Chain The Role of Input Filtering The Role of Browsers and Operating Systems The Role of People The Role of Cryptography A Role for Firewalls? The Role of Air-Gapping Relationships among Machines, Systems, and Engineering Cybersecurity as a Business Process Problem Measures and Countermeasures Lessons from the OPM Hack Chapter 5. Defending against Deep and Wide Attacks Deep Attacks Identifying Near-Catastrophes to Get Ahead of Catastrophes Hedging to Deal with Exceptions to the Power-Law Rule Attacks of Broad Consequence Scalability Influences How Well a Near-Catastrophe Predicts a Catastrophe Implications for Learning Is Information Sharing a Panacea? Chapter 6. Deterrence by Denial What Is Being Discouraged? Complicating Psychological Factors Dissuading Cyberattack by Defeating Its Strategy Is Deterrence by Denial Transferable? Part II. Operations Chapter 7. Tactical Cyberwar Possible Effects Timing Cyberattacks The Role of Surprise A Tactical Cyberwar Scenario Would China Use Tactical Cyberwar the Same Way? Why Supremacy Is Meaningless and Superiority Unnecessary Conclusions Chapter 8. Organizing a Cyberwar Campaign Why a Campaign? Whose Campaign? The Challenge of Skepticism over the Potential of Tactical Cyberwar The Insertion of Tactical Cyberwar into Kinetic Operations Escalation and Tactical Cyberwar Chapter 9. Professionalizing Cyberwar Battle Damage Assessment Collateral Damage Other Weaponization Parameters Should Cyberwar Authority Be Predelegated? A Hacker Way of Warfare Programming and Budgeting for Cyberwar Chapter 10. Is Cyberspace a Warfighting Domain? Cyberwar Operations Are about Usurping Command and Control Cyberspace as Multiple Media Defend the Domain or Ensure Missions? Offensive Operations Cyberspace as a Warfighting Domain and DDOS Attacks Other Errors from Calling Cyberspace a Warfighting Domain No Domain, No Cyber Equivalent of Billy Mitchell Conclusions Chapter 11. Strategic Implications of Tactical Cyberwar Influencing Others against Digitization Cyberattacks and the Correlation of Forces The Challenge of Alliance Defense in Cyberspace Chapter 12. Stability Implications of Tactical Cyberwar Attack Wins Getting the Jump Wins The Risks of Acting Are Reduced The Risks of Not Acting Are Increased A Missing Element of Caution A Quick Comparison to Nuclear Weapons Do Cyberattack Options Reduce Violence? Conclusions Part III. Strategies Chapter 13. Strategic Cyberwar Strategic Cyberwar May Focus on Power Grids and Banks How Coercive Can a Strategic Cyberwar Campaign Be? The Conduct of Strategic Cyberwar Indications and Warnings A Cyber SIOP? Keeping Targets in Reserve Terminating Cyberwar Conclusions Chapter 14. Cyberwar Threats as Deterrence and Compulsion The Anger/Fear Balance The Difficulty of Evaluating a Coercive Campaign A Stalling Strategy for Compulsion A Deterrence Response Window Chapter 15. The Unexpected Asymmetry of Cyberwar The Third World Disadvantage The Particular U.S. Advantage Was This All an Exercise in Nostalgia? A Silver Lining Arising from Kerckhoffs’s Principle The Influence of Third Parties on the Balance of Power in Cyberspace Chapter 16. Responding to Cyberattack First-Strike Cyberattacks May Have a Variety of Motives What Looks like an Unprovoked Cyberattack May Not Be Should the Target Reveal the Cyberattack—and When? A Delayed Response Responding without Force Economic Responses Sanctions until the Behavior Ends The Perils of an Easy Response Sub-Rosa Cyberwar A Drawback to Any Response How Will the Attacker Respond to Retaliation? Conclusions Chapter 17. Deterrence Fundamentals Cyberdeterrence Differs from Nuclear and Criminal Deterrence The Rationale for Deterrence What Makes Deterrence Work? The Core Message of Deterrence Tailored Deterrence The Problematic Nature of Cyberdeterrence Chapter 18. The Will to Retaliate The Risks of Reprisals Third-Party Cyberattacks Retaliation May Be Stymied by Bigger Issues on the Table Credibility May Not Be Easy to Establish The Signals Associated with Carrying Out Reprisals May Get Lost in the Noise The Impact of Good Defenses on Credibility Is Mixed Can Extended Deterrence Work in Cyberspace? A Baltic Cyberspace Alliance? Conclusions Chapter 19. Attribution What Will Convince Others of Your Attribution? How Good Would Attribution Be? What Could Make Attribution So Hard? When Attribution Seems to Work When Can Countries Be Blamed for What Starts within Their Borders? Why Credibility Makes Attribution an Issue Will the Attacker Always Avoid Attribution? Why an Attacker May Favor Ambiguous Attribution over None at All What Should Be Revealed about Attribution? Attribution in a Post-Truth World Conclusion Chapter 20. What Threshold for Response? A Zero-Tolerance Policy? Non-Zero Thresholds Did NotPetya Cross What Would Be a Reasonable Threshold? Should Pulled or Failed Punches Merit Retaliation? Compulsion versus Deterrence Threshold Issues Complicate Retaliating against Cyberespionage Chapter 21. A Deterministic Posture Advantages of Determinism Advantages of a Probabilistic Deterrence Posture The Choice to Retaliate under Uncertainty Chapter 22. Punishment and Holding Targets at Risk The Lack of Good Targets for Intradomain Deterrence The Temptations of Cross-Domain Deterrence Will Targets Actually Hit Back at All? Can Secondary Deterrence Address the Problems of Primary Deterrence? Persistent Engagement qua Deterrence Summary Observations on Cyberdeterrence Chapter 23. Cyberwar Escalation The Purpose and Risks of Escalation Escalation in Strategic Cyberwar The Difficulties of Tit-for-Tat Management Escalation into Kinetic Warfare Escalation Risks from Proxy Cyberwar Proxy Cyberattacks Conclusions Chapter 24. Brandishing Cyberattack Capabilities What Brandishing Is Your Power or Their Powerlessness? How to Brandish Cyberattack Capabilities Brandishing Implants Escalation Dominance and Brandishing Counter-Brandishing Caveats and Cautions Chapter 25. Narratives and Signals Narratives to Facilitate Crisis Control A Narrative Framework for Cyberspace Narratives as Morality Plays Narratives to Walk Back a Crisis Narrative, Attribution, and Response Signaling What Can We Say with Signals That Would Come as News to Others? Ambiguity in Signaling Why Narratives Matter to Signals Chapter 26. Cyberattack Inferences from Cyberespionage Inferring Cyberattacks from Cyberespionage Inferences from the Fact of Cyberespionage Alone How to Continue with Cyberespionage with Less Risk Stick with Attacks on Offensive Systems? The Defender’s Options Deliberate Signaling, Both Friendly and Hostile Conclusions Chapter 27. Strategic Stability Would Nuclear Dilemmas Echo in Cyberspace? Misperception as a Source of Crisis Excessive Confidence in Attribution or Preemption Can There Be a Cuban Missile Crisis in Cyberspace? Conclusions Part IV. Norms Chapter 28. Norms for Cyberspace Unilateral Red Lines and Multilateral Norms Red Lines versus Norms The Criminalization of Hacking Norms on Attribution Arms Control Normalization Law of Armed Conflict: Jus in bello Law of Armed Conflict: Jus ad bellum From the Tallinn Manual to Las Vegas Rules What the Tallinn Manual Says Viva Las Vegas But Not So Fast Why Not Las Vegas Rules for Outer Space as Well? Conclusions Chapter 29. The Rocky Road to Cyberespionage Norms Norms against Economically Motivated Cyberespionage The Cybercrime Markets Norm The No-Political-Doxing Norm Prohibiting Certain Targets to Prohibit Unwelcome Uses of Purloined Information Cyberespionage against Critical Infrastructure Getting to Norms Chapter 30. Sino-American Relations and Norms in Cyberspace The United States Advocates Its Norms Can We Trade? The Deal That Was Struck Chapter 31. The Enigma of Russian Behavior in Cyberspace The Early Years After Maidan What Happened to Cyberwar in the Russo–Ukraine Conflict? Cyberattacks to Support Narratives Conclusions Chapter 32. Cybersecurity Futures Better Offense A Larger Attack Surface Better Defense Artificial Intelligence A Three Mile Island in Cyberspace Chapter 33. Cyberwar: What Is It Good For? Notes Bibliography Index About the Author