Army Cyber Institute
Permanent URI for this collection
Browse
Browsing Army Cyber Institute by Issue Date
Now showing 1 - 20 of 269
Results Per Page
Sort Options
Item Redefining the Role of Information Warfare in Chinese Strategy(USMA, 2003) Sobiesk, EdwardInformation warfare is generally understood as “actions taken to affect adversary information and information systems, while defending one’s own information and information systems.” In this paper, a theory is introduced that China is currently executing a patient and deceptive form of information warfare that redefines the boundaries of Western definitions of the concept. China’s efforts are designed to advance its economic state, maintain its national unity, significantly improve its technological and military capabilities, and increase its regional and global influence -- all with minimal or no fighting and without alarming the West. This theory is supported by diverse sources that relate directly to China’s grand strategy and strategic heritage. China is emerging as the United States’ primary rival in the 21st Century. In spite of this formidable competitor, American comprehension of China’s strategic heritage, grand strategy, and the role of information warfare in support of that strategy is gravely insufficient. This work presents summaries of China’s strategic heritage and grand strategy, and then proposes how China is currently using information warfare based on its strategic heritage to achieve its national interests. China’s view of America as an adversary and appropriate comparisons to America’s strategic heritage and America’s information warfare doctrine are also included. It is stressed throughout the paper that American analysis does not fully comprehend the strong impact that Eastern strategic heritage is having on China’s actions.Item Systematic government access to private-sector data in the United States(International Data Privacy Law, 2012) Pell, Stephanie K.After the September 11 (9/11) attacks, law enforcement's mission expanded to include, at times even prioritize, the general ‘prevention, deterrence and disruption’ of terrorist attacks, which presumed a new emphasis upon threat detection and identification by analyzing patterns in larger, less specific bodies of information. Moreover, after 9/11, law enforcement was integrated into a much larger intelligence gathering operation directed at ‘connecting the dots’ proactively, in order to avert the next terrorist attack. This new focus, spread across a broad range of federal and state agencies, has created a voracious appetite for information—data found most often in the possession of industry, given consumer use of new technologies to facilitate personal, social, business, and economic transactions. Indeed, the unprecedented level of ‘third-party’ possession of information inevitably makes the private sector the most reliable and comprehensive source of information available to law enforcement and intelligence agencies alike. Notwithstanding the impacts on business costs or innovation—whether for a criminal or intelligence terrorism matter or more traditional crimes where perpetrators leave electronic fingerprints with a host of third parties—there is an expectation by law enforcement, intelligence agencies, and even legislators that industry third parties will facilitate real time government access to data when needed, and that these data will be in possession of the relevant private entities if and when a government agency realizes their potential investigative value. This paper will explore the potential applications of systematic government access to data held by third-party private-sector intermediaries that would not be considered public information sources but, rather, data generated based on the role these intermediaries play in facilitating economic and business transactions (including personal business, such as buying groceries or staying at a hotel on vacation).Item Can You See Me Now?: Toward Reasonable Standards for Law Enforcement Access to Location Data that Congress Could Enact(SSRN Electronic Journal, 2012) Pell, Stephanie K.; Soghoian, ChristopherThe use of location information by law enforcement agencies is common and becoming more so as technological improvements enable collection of more accurate, precise location data. The legal mystery surrounding the proper law enforcement access standard for prospective location data remains unsolved. This mystery, along with conflicting rulings over the appropriate law enforcement access standards for both prospective and historical location data, has created a messy, inconsistent legal landscape where even judges in the same district may require law enforcement to meet different standards to compel location data. As courts struggle with these intertwined technology, privacy, and legal issues, some judges are expressing concern over the scope of the harms, from specific and personal to general and social, presented by unfettered government collection and use of location data and how to respond to them. Judges have sought to communicate the scope and gravity of these concerns through direct references to Orwell’s dystopia in 1984, as well as suggestive allusions to the “panoptic effect” observed by Jeremy Bentham and his later interpreters like Michel Foucault. Some have gone on to suggest that privacy issues raised by law enforcement access to location data might be addressed more effectively by the legislature. This Article proposes a legislative model for law enforcement access standards and downstream privacy protections for location information. This proposal attempts to (1) articulate clear rules for courts to apply and law enforcement agents and industry to follow; and (2) strike a reasonable balance among the interests of law enforcement, privacy, and industry with the ultimate goal of improving the position of all concerned when measured against the current state of the law.Item The Case for Cyber(Small Wars Journal, 2012) Conti, Gregory; Nelson, John; Cox, Jacob; Brickey, JonCyber warfare isn’t hype; it’s real. America’s decisive technological advantage now contains the seed of our undoing. Our technological dependence is woven into the fabric of our way of life and our national defense. GPS satellites guide troops and weapon systems, algorithms fly aircraft and allocate supplies, websites drive personnel assignments and promotion boards, and official and personal data and voice communications almost exclusively transit computer networks. If these critical networks begin to fail, we aren’t a twenty-first century fighting force; we are a 1980-era military. This estimate is generous. In 1980, we knew how to fight using face-to-face communications, manual land navigation, analog radios, and acetate overlays. Today is different. Information technology has largely kept its allure of dramatically increased efficiency at low cost. Thus, we no longer have “stubby pencil” warfighting skills or the extra personnel to handle these myriad manual tasks.Item WHY YOUR INTUITION ABOUT CYBER WARFARE IS PROBABLY WRONG(Small Wars Journal, 2012) Conti, Gregory; Brickey, Jon; Miller, Matthew LouisSince the dawn of time, when one caveman first struck another, humans have relied on a natural understanding of their physical environment to conduct warfare. We have an inborn ability to understand the laws of the physical world. In order to shoot an artillery round farther, just add more powder; to provide cover for protection against bullets, hide behind a rock. A private might accidentally shoot the wrong target, but the potential damage is limited by the maximum range of his or her rifle. The laws of physics, however, are counterintuitive in cyberspace. In cyberspace, our understanding of the “laws of physics” is turned on its head. Weapons can be reproduced instantly, “bullets” travel at near the speed of light, destroyed targets can be brought back from the dead, and a seventeen year old can command an army. As human beings we are at a distinct disadvantage when thinking intuitively about cyber warfare. In this article we study where our intuition fails us in cyber warfare and suggest alternate ways to think about the conduct of cyber war that account for the vast differences between the kinetic and the non-kinetic fight. A correct understanding and appreciation of these differences and common misconceptions is absolutely necessary to conduct cyber warfare and to integrate cyber effects into the kinetic battlefield. To ground this work we need to define the term “cyber.” There is significant and evolving debate regarding the precise definition of cyber. For purposes of this article we define cyber as a spectrum of cyberspace operations including Computer Network Attack (CNA), Computer Network Exploitation (CNE), and Computer Network Defense (CND).Item Unintended, malicious and evil applications of augmented reality(Insecure Magazine, 2012) Conti, Gregory; Sobiesk, Edward; Anderson, Paul; Billington, Steven; Farmer, Alexander; Kirk, Cory; Shaffer, Patrick; Stammer, KyleMost new products begin life with a marketing pitch that extols the product's cultures. A Similarly optimistic property holds in user-centered design, where most books and classes take for granted that interface designers are out to help the user. Users themselves are assumed to be good natured, upstanding citizens somewhere out of the Leave it to Beaver universe.Item Preventing a Digital Pearl Harbor(USMA, 2012) Conti, Gregory; Raymond, DavidIt is 11 p.m. on a Saturday in April 2011, and Thayer Hall is dark except for a well-lit computer lab in a corner of the second floor. While most of their classmates are on pass, a handful of firsties toil into the night putting finishing touches on a computer network that, in a little over 48 hours, will be put to the test by some of the National Security Agency's (NSA) top computer network attack specialists.Item When Good Ninjas Turn Bad: Preventing Your Students from Becoming the Threat(Proceedings of the 16th Colloquium for Information Systems Security Education, 2012) Cook, Thomas; Conti, Gregory; Raymond, DavidInformation security programs teach dangerous skills to their students. Despite our best efforts as instructors and mentors, some students will use these skills in inappropriate, and sometimes illegal, ways. As a result, students jeopardize their careers, hurt others, and put their institution’s entire information security program at risk. In this article, we present results from interviews with information security instructors from academic and government information security education programs. This article includes analysis of real-world incidents where students crossed the line in using their skills, and suggests best practices for deterring student misbehavior as well as techniques for mitigating damage and maximizing learning when an incident does occur.Item A Lot More than a Pen Register, and Less than a Wiretap: What the Stingray Teaches Us About How Congress Should Approach the Reform of Law Enforcement Surveillance Authorities(Yale J.L. & Tech, 2013) Pell, Stephanie K.; Soghoian, ChristopherIn June 2013, through an unauthorized disclosure to the media by ex-NSA contractor Edward Snowden, the public learned that the NSA, since 2006, had been collecting nearly all domestic phone call detail records and other telephony metadata pursuant to a controversial, classified interpretation of Section 215 of the USA PATRIOT Act. Prior to the Snowden disclosure, the existence of this intelligence program had been kept secret from the general public, though some members of Congress knew both of its existence and of the statutory interpretation the government was using to justify the bulk collection. Unfortunately, the classified nature of the Section 215 metadata program prevented them from alerting the public directly, so they were left to convey their criticisms of the program directly to certain federal agencies as part of a non-public oversight process. The efficacy of an oversight regime burdened by such strict secrecy is now the subject of justifiably intense debate. In the context of that debate, this Article examines a very different surveillance technology — one that has been used by federal, state and local law enforcement agencies for more than two decades without invoking even the muted scrutiny Congress applied to the Section 215 metadata program. During that time, this technology has steadily and significantly expanded the government’s surveillance capabilities in a manner and to a degree to date largely unnoticed and unregulated. Indeed, it has never been explicitly authorized by Congress for law enforcement use. This technology, commonly called the StingRay, the most well-known brand name of a family of surveillance devices, enables the government, directly and in real-time, to intercept communications data and detailed location information of cellular phones — data that it would otherwise be unable to obtain without the assistance of a wireless carrier. Drawing from the lessons of the StingRay, this Article argues that if statutory authorities regulating law enforcement surveillance technologies and methods are to have any hope of keeping pace with technology, some formalized mechanism must be established through which complete, reliable and timely information about new government surveillance methods and technologies can be brought to the attention of Congress.Item 'Salam, Vlad': The Silver Lining in Increasing Russian Involvement in the Middle East(The Journal of Political Studies, 2013) Gioe, David V.Russian involvement-- diplomatic, military, and covert-- in the Middle East is nothing new. Indeed, the Soviet Union was extremely active Egypt, Syria, Yemen and other during the Cold War....Item Professionalizing the Army's Cyber Officer Force(Army Cyber Institute, 2013) Arnold, Todd; Harrison, Rob; Conti, GregoryThe emergence of cyberspace as an operational domain, accompanied by the Army’s realization that cyber operations are both a critical vulnerability and a massive opportunity, drives the need for an integrated and fully qualified Army cyber officer workforce to meet these challenges and opportunities. In this paper, we argue for a revolutionary step forward: the creation of a unified cyber branch that brings together the best from each of the stakeholder communities, fills critical gaps not currently provided by the current stakeholders, and discards vestigial remnants from cold-war era organizations, personnel structures, and human resource management approaches. We seek to design a cyber career path that is best for the Army while setting aside near-term parochial concerns for preservation of the status quo. This objective directly supports other transformational Army initiatives including the proposed formation of a Training and Doctrine Command (TRADOC) Cyber Center of Excellence (CCoE), the Army Cyber Center at West Point, Cyber Mission Forces, and Army Cyber Command (ARCYBER).2 We propose an actionable way forward to realize a professional cyber force by describing current obstacles, exploring multiple options for the creation of such a force, and finally proposing an accession-based branch and officer career progression which covers the entire career of a cyber leader from college undergraduate to post-retirement.Item Towards a Cyber Common Operating Picture(IEEE, 2013) Conti, Gregory; Nelson, John; Raymond, DavidCommanders enjoy a refined common operating picture of the kinetic battlespace. While still imperfect, today's military command posts represent centuries of refinement and maturation enhanced by cutting-edge technology. Cyberspace's emergence as an operational domain, however, presents unresolved challenges to this status quo. Techniques for maintaining situational awareness and command and control of cyber operations, particularly joint cyber/kinetic operations, are ill-defined, and no current solutions provide military decision-makers with a comprehensive cyber common operating picture, or CCOP. This paper provides a framework for designing such systems. We focus on the problem of cyber-only operations as well as joint cyber-kinetic operations. Our analysis indicates that the CCOP problem is tractable, but non-trivial, requiring substantial effort realized through evolutionary and revolutionary research approaches.Item Defining the Role of Intelligence in Cyber: A Hybrid Push and Pull(Understanding the Intelligence Cycle, 2013) Brantly, Aaron F.This book critically analyses the concept of the intelligence cycle, highlighting the nature and extent of its limitations and proposing alternative ways of conceptualizing the intelligence process. The concept of the intelligence cycle has been central to the study of intelligence. As Intelligence Studies has established itself as a distinctive branch of Political Science, it has generated its own foundational literature, within which the intelligence cycle has constituted a vital thread - one running through all social-science approaches to the study of intelligence and constituting a staple of professional training courses. However, there is a growing acceptance that the concept neither accurately reflects the intelligence process nor accommodates important elements of it, such as covert action, counter-intelligence and oversight. Bringing together key authors in the field, the book considers these questions across a number of contexts: in relation to intelligence as a general concept, military intelligence, corporate/private sector intelligence and policing and criminal intelligence. A number of the contributions also go beyond discussion of the limitations of the cycle concept to propose alternative conceptualisations of the intelligence process. What emerges is a plurality of approaches that seek to advance the debate and, as a consequence, Intelligence Studies itself. This book will be of great interest to students of intelligence studies, strategic studies, criminology and policing, security studies and IR in general, as well as to practitioners in the field.Item Jonesing for a Privacy Mandate, Getting a Technology Fix -- Doctrine to Follow(SSRN Electronic Journal, 2013) Pell, Stephanie K.While the Jones Court held unanimously that the government’s use of a GPS device to track Antoine Jones’ vehicle for 28 days was a Fourth Amendment search, the Justices disagreed on the facts and rationale supporting the holding. Beyond the very narrow trespassed-based search theory regulating the government’s attachment of a GPS device to Jones’ vehicle with the intent to gather information, the majority opinion does nothing to constrain government use of other tracking technologies, including cell phones, which merely involve the transmission of electronic signals without physical trespass. While the concurring opinions endorse application of the Katz reasonable expectation of privacy test to instances of government use of tracking technologies that do not depend on physical trespass, they offer little in the way of clear, concrete guidance to lower courts that would seek to apply Katz in such cases. Taken as a whole, then, the Jones opinions leave us still jonesing for a privacy mandate. As of the writing of this Article, Congress has not been successful in passing legislation that would regulate government use of tracking technologies. A third regulator of government power has emerged, however, in the form of technology itself, specifically in new(ish) methods an individual or group of individuals can use to make it more difficult, in some cases perhaps impossible, for law enforcement to obtain the information it seeks. While waiting for more definitive action from the courts and Congress, such “privacy enhancing” anonymization and encryption technologies can provide a temporary “fix” to the problem of ever-expanding police powers in the digital age, insofar as they make law enforcement investigations more difficult and expensive, thereby forcing law enforcement to prioritize some investigations and, perhaps, de-emphasize or drop others. Moreover, at a time when cybersecurity is a national security priority and recommended “best practices” include the use of encryption technologies to protect, among other things, US intellectual property, law enforcement is likely to face continued instances of “Going Dark” as it attempts to intercept communications in the face of the increasing availability and use of encryption technologies. As Congress considers possibilities for expanding law enforcement interception capabilities, it will be forced to accommodate the complex dualistic properties of technologies that, on one hand, bolster our national security against certain kind of threats while, on the other, they limit or thwart law enforcement’s ability to fulfill its traditional public safety function of investigating crimes.Item Using Virtual Machines to Improve Learning and Save Resources in an Introductory IT Course(ACM SIGITE conference on Information technology education (SIGITE '13), 2013) Stoker, Geoff; Arnold, Todd; Maxwell, PaulInformation technology courses often require the use of software and hardware to support classroom learning. These systems can assist in achieving the learning objectives for a course through classroom problems and laboratory exercises. The procurement and maintenance of these systems can be a challenge even for well resourced organizations. In this paper we discuss how virtual machines can relieve organizations of some of their resource burdens while effectively achieving course learning objectives and provide examples of how that is currently done at the United States Military Academy.Item A control measure framework to limit collateral damage and propagation of cyber weapons(IEEE, 2013) Raymond, David; Conti, Gregory; Cross, Tom; Fanelli, RobertWith the recognition of cyberspace as a warfighting domain by the U.S. Department of Defense, we anticipate increased use of malicious software as weapons during hostilities between nation-states. Such conflict could occur solely on computer networks, but increasingly will be used in conjunction with traditional kinetic attack, or even to eliminate the need for kinetic attack. In either context, precise targeting and effective limiting of collateral damage from cyber weaponry are desired goals of any nation seeking to comply with the law of war. Since at least the Morris Worm, malicious software found in the wild has frequently contained mechanisms to target effectively, limit propagation, allow self-destruction, and minimize consumption of host resources to prevent detection and damage. This paper surveys major variants of malicious software from 1982 to present and synthesizes the control measures they contain that might limit collateral damage in future cyber weapons. As part of this work, we provide a framework for critical analysis of such measures. Our results indicate that a compelling framework for critical analysis emerges by studying these measures allowing classification of new forms of malware and providing insight into future novel technical mechanisms for limiting collateral damage.Item Comment on West Point Defense & Strategic Studies “War Council” Series(Small Wars Journal, 2013) Betson, Andrew; Cavanaugh, MatthewIran is in the headlines every day. The new Iranian President, Hassan Rouhani, has raised the possibility of diplomacy with the United States, providing hope for a deal on the nuclear front. At West Point, in class, instructors find cadets asking pointed questions about what American military intervention might look like. Many of these teachers, in turn, are talking about the issue. In this context, the Defense & Strategic Studies Program at West Point organized a multi-disciplinary, academic and professional forum on 4 October 2013, to discuss the many perspectives on potential American military intervention in Iran. The panelists each commented on Iran within their area of expertise, and what follows is the set of edited, written remarks from the event (provided by each panelist). Each view is important, particularly to cadets personally grappling with these real world issues for the first time.Item Towards a Cyber Leader Course Modeled on Army Ranger School(Small Wars Journal, 2014) Conti, Gregory; Weigand, Michael; Skoudis, Ed; Raymond, David; Cook, Thomas; Arnold, ToddSince 1950, the U.S. Army Ranger School has garnered a well-earned reputation as one of the most demanding military schools in the world. Graduates have served with distinction in special operations units including the Ranger Regiment and Special Operations Command as well as line units throughout the Army. With the emergence of cyberspace as an operational domain and the critical shortage of technically and operationally competent cyber[i] leaders, the time has come to create a U.S. Army Cyber Leader Course of equal intensity, reputation, and similar duration,[ii] but focused on cyber operations (see Figure 1). This article presents a model for the creation of such a school, one that goes far beyond just a tough classroom experience by using tactical close-access missions as a core component. What we propose is unique, demanding, immersive, and fills a necessary gap in Army cyber leader development. This article is a condensed form of a more detailed analysis and description of the proposed Army Cyber Leader Course.[iii]Item Cyber Actions by State Actors: Motivation and Utility(International Journal of Intelligence and CounterIntelligence, 2014) Brantly, Aaron F.Covert action is as old as political man. The subversive manipulation of others is nothing new. It has been written about since Sun Tzu and Kautilya. People and nations have always sought the use of shadowy means to influence situations and events. Covert action is and has been a staple of the state system. A dark and nefarious tool often banished to philosophical and intellectual exile, covert action is in truth an oft-used method of achieving utility that is frequently overlooked by academics. Modern scholars contend that, for utility to be achieved, activities such as war and diplomacy must be conducted transparently. Examined here is the construction of utility for a subset of covert action: cyber attacks.Item Key terrain in cyberspace: Seeking the high ground(IEEE, 2014) Raymond, David; Cross, Tom; Conti, Gregory; Nowatkowski, MichaelIn military doctrine, key terrain refers to areas which, if seized, afford an advantage to an attacker or defender. When applied to geographic terrain, this definition is clear. Key terrain might include a hill that overlooks a valley an enemy wants to control or a crossing point over a river that must be traversed before launching an attack. By definition, dominance of key terrain is likely to decide the overall outcome of a battle. While cyber key terrain is similar to geographic key terrain in some ways, there are also significant and often counterintuitive differences. Some consider cyber terrain to be tied to a physical location and to be represented in cyberspace by routers, switches, cables, and other devices. We will argue that key terrain in cyberspace exists at all of the cyberspace planes, which include the geographic, physical, logical, cyber persona, and supervisory planes [1]. In many cases, features of cyber terrain will not be tied to a specific location, or the geographic location will be irrelevant. In this paper we deconstruct and analyze cyber key terrain, provide a generalized framework for critical analysis, and draw parallels between cyber and physical key terrain while providing examples of key terrain in cyber operations. During a cyber operation, an analysis of key terrain will aid in the strategy and tactics of both the offense and the defense. During peacetime, an understanding of cyber key terrain can be employed broadly, ranging from helping a system administrator focus scarce resources to defend his network all the way to allowing nation-state militaries to develop long-lasting and effective doctrine.