Army Cyber Institute

Permanent URI for this collection


Recent Submissions

Now showing 1 - 20 of 202
  • Item
    Strategic Cyber Maneuver
    (Small Wars Journal, 2015) Brantly, Aaron F.
    Maneuver warfare is an integral part of the strategy, tactics and operations of the United States military, but what does it mean to maneuver in cyberspace? Maneuver warfare dates back millennia and yet the fundamental goal of maneuver, to provide military advantage in tactical situations, has not changed. There are concrete and identifiable military tactics associated with maneuver each refined through conflict and war and each tailored to the needs of the situation faced by commanders on the frontline. The modern era has seen joint forces maneuvers in which Air, Land, Sea work in tandem to accomplish a mission. The state of maneuver warfare changes as weapons and technology evolve. No longer is it reasonable to maneuver in column in two opposing battle lines as in the Napoleonic Wars, modern weapons have changed the concepts of maneuver and made them increasingly more complex, nuanced and challenging. Five years after the establishment of U.S. Cyber Command the United States is confronted with yet another advance in technology that requires a re-evaluation of the concepts of maneuver in a cyberized world with smart bombs, laser guided field munitions, blue force trackers, digital logistic networks, and network command and control centers. The department of defense has a new domain that must be examined, poked and prodded to ascertain the means and mechanisms to achieve advantage. This paper examines the concept of maneuver within cyberspace and attempts to develop an initial framework for maneuver operations to achieve both within and cross-domain effects.
  • Item
    Strategic Amnesia and Isis
    (The National Interest, 2016) Gioe, David V.
    MARK TWAIN observed, “history doesn’t repeat itself, but it does rhyme.” The study of military history teaches us valuable lessons that are applicable to today’s most intractable strategic problems; yet, these lessons are underappreciated in current American strategy formulation. Throughout the history of American armed conflict, the United States has discerned, at great cost, four critical lessons applicable to containing and combating the Islamic State. First, as war theorist Carl von Clausewitz noted, war is a continuation of politics by other means; but resorting to war rarely yields the ideal political solution envisioned at the start of hostilities. Second, the use of proxy forces to pursue American geopolitical goals is rarely an investment worth making because proxies tend to have goals misaligned with those of their American sponsors. True control is an illusion. The corollary to this axiom is that supporting inept and corrupt leaders with American power only invites further dependency, does not solve political problems and usually prolongs an inevitable defeat. Third, conflating the security of a foreign power with that of America leads to disproportionate resource allocation and an apparent inability at the political level to pursue policies of peace and successful war termination. Fourth, alliance formation through lofty rhetorical positions imperils rational analysis of geopolitical and military realities. Publicly staking out inviable political end states invites a strategic mismatch between military capabilities and political wishes, endangering the current enterprise as well as future national credibility. America has paid for these lessons in blood; our leaders ought to heed them.
  • Item
    Information Warfare isn’t Russian – It’s American as Apple Pie
    (The Strategy Bridge, 2017) Waage, Erick; Gioe, David V.
    Both pundits and the American public are still seeking to understand the information-related events that occurred during 2016 Presidential Election and probably will be for some time. However, the US Intelligence Community and many other expert organizations such as the cybersecurity firm Crowdstrike have indicted Information Warfare elements subordinate to Russian President Vladimir Putin as working to both undermine American confidence in its democratic institutions and tilt the scales in favor of one candidate. Though the impact of an effective information warfare campaign may be visible more rapidly in the information age, the principles of information warfare and the political psychology and weaponized narratives that underpin it are timeless. Information warfare is not new, but developments in information technology have enabled it to deliver its payloads vaster and over a much wider network. Looking to Putin’s intelligence apparatus is not to witness the genesis of political information warfare. In fact, the United States was birthed in a stew of information, misinformation, disinformation, and propaganda projected by competing entities both internally and externally. Thus, instead of looking at the apparent success of Russian intelligence in the recent election as the perfected form of information warfare, it is worth considering colonial and revolutionary America to appreciate the historical precedent and perspective. Indeed, at one point in its history, Americans were actually quite effective at information warfare, and we can look to one artisan in particular to understand this lost art.
  • Item
    Information Warfare and Its 18th and 19th Century Roots
    (Cyber Defense Review, 2019) Bastian, Nathaniel D.
    For Joint Force leaders to visualize and describe how the operational environment shapes the range of military operations, they must have a deep understanding of the capabilities comprising the multi-domain battlefield. The information environment, which Joint Publication (JP) 3-13 defines as the “aggregate of individuals, organizations, and systems that collect, process, disseminate, or act on information,” is intrinsically linked to the traditional land, air, maritime and space domains. Moreover, the rapid advancement and application of technologies has directly facilitated the use of information-related capabilities in Joint Force operations. The orchestrated use of these information activities, commonly known as “information operations”, aims to gain strategic and operational advantages in the information environment. These advantages are often gained through the manipulation of the information environment using information operations (IO), which, according to JP 3-13, are the “integrated employment, during military operations, of information-related capabilities in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision making of adversaries and potential adversaries while protecting our own.”
  • Item
    Indiana Exercising Plans to Combat Cyber Threats: Preparing for CRIT-EX 2016
    (Cyber Defense Review, 2016) McDonald, Mike; Rapp, Doug; Wong, Ernest
    On the 21st and 22nd of March, 2016, Indiana hosted its inaugural Defense Cyber Summit (DCS), which aimed to advance the state’s cyber readiness and preparations against a cyberwarfare attack. Spurred on by Admiral Michael Rogers, the Commander of the U.S. Cyber Command, who in 2014 called cybersecurity “the ultimate team sport,” Indiana has purposefully adopted a culture of collaboration between government organizations, private firms, non-profits, and academia to improve the state’s response and resiliency to a significant cyber incident. This team approach will counter cyberattacks intent on degrading Indiana’s economic capacity and threating the critical services of its citizens. Under the umbrella of the Applied Research Institute (ARI), organizations such as Purdue University, Indiana University, Crane Naval Surface Warfare Center, the Cyber Leadership Alliance, the Indiana National Guard, and the Indiana Department of Homeland Security have partnered together to address and propose solutions to Indiana’s cyber security challenges. This effort is boosted by the Indianapolis-based Lilly Endowment support of nearly $16.3 million that is funded through a grant from the Central Indiana Corporate Partnership Foundation. The ARI is working to foster collaboration, research, and problem solving on cyber threats to Indiana’s critical infrastructure.
  • Item
    In an evaporating OODA loop, time is of the essence
    (C4ISRNET, 2020) Kallberg, Jan
    Both the accelerated execution of cyberattacks and an increased ability to, at machine speed, identify vulnerabilities for exploitation compress the time window that cybersecurity management has to address unfolding events. In reality, we assume there will be time to lead, assess and analyze, but that window might be closing rapidly. It is time to face the issue of accelerated cyber engagements. If there is limited time to lead, how do you ensure that you can execute a defensive strategy? How do we launch countermeasures at speed beyond human ability and comprehension? If you don’t have time to lead, the alternative would be to pre-authorize.
  • Item
    Implications of Quantum Information Processing On Military Operations
    (Cyber Defense Review, 2015) Morris, Jeffrey D.
    This paper discusses the benefits and drawbacks of quantum computing and quantum cryptography, subsets of the field of Quantum Information Processing (QIP). This field uses quantum mechanics for information processing rather than classical mechanics and portends game-changing implications to technologies long-relied on by military organizations, including computing, communication, and cryptographic systems. QIP is an emerging area of research whose complexity and often counterintuitive nature makes it difficult to separate fact from fiction. This paper provides an overview of QIP from the perspective of military operations and proposes estimates when major breakthroughs might occur. As with any attempt at predicting the future, these estimates are just that, estimates, but included to provide a rough approximation. Quantum mechanics allows a single quantum computer to compute as dozens or even hundreds of classical computers, known as ‘quantum parallelism.’ This is leading to a new paradigm in computing [1] as these computers undermine current public key infrastructure (PKI) encryption systems, including the Department of Defense (DOD) Common Access Card (CAC) system, as breaking this form of encryption would be a trivial effort [2]. Continuing work in lattice-, code-, hash- and multivariate-based cryptographic systems shows promise for being ‘quantum resistant’ [3-6], as they do not use the same basis for encryption as PKI.
  • Item
    How the Pentagon can get more innovation from universities
    (C4ISRNET, 2019) Kallberg, Jan
    There is no alternative way to ensure victory in the future fight than to innovate, implement the advances, and scale innovation. To use Henry Kissinger’s words: “The absence of alternatives clears the mind marvelously.” Innovative environments are not created overnight. The establishment of the right culture is based on mutual trust, a trust that allows members to be vulnerable and take chances. Failure is a milestone to success.
  • Item
    How the Founding Fathers helped make the US cyber-resilient
    (C4ISRNET, 2019) Kallberg, Jan
    The Founding Fathers have done more for U.S. strategic cyber resiliency than other modern initiatives. Their contribution is a stable society, that can absorb attacks without falling into chaos, mayhem, and entropy. Stable countries have a significant advantage in future nation-state cyber-information conflicts. If nation states seek to conduct decisive cyberwar, victory will not come from anecdotal exploits, but instead by launching systematic, destabilizing attacks on the targeted society that bring them down to the point that they are subject to foreign will. Societal stability is not created overnight, it is the product of decades and even centuries of good government, civil liberties, fairness, and trust building.
  • Item
    For ethical artificial intelligence, security is pivotal
    (C4ISRNET, 2020) Kallberg, Jan
    The market for artificial intelligence is growing at an unprecedented speed, not seen since the introduction of the commercial Internet. The estimates vary, but the global AI market is assumed to grow 30 to 60 percent per year. Defense spending on AI projects is increasing at even a higher rate when we add wearable AI and systems that are dependent on AI. The defense investments, such as augmented reality, automated target recognition, and tactical robotics, would not advance at today’s rate without the presence of AI to support the realization of these concepts.
  • Item
    Extremist Forums Provide Digital OpSec Training
    (Combating Terrorism Center at West Point, 2015) Brantly, Aaron F.; al-`Ubaydi, Muhammad
    The average netizen has terrible digital hygiene. We click on random links, open emails from unknown individuals, use public WiFi hotspots, leave computers and devices unsecured, and often do not even use basic anti-virus packages. Most Chief Information Systems Officers’ largest problem is not a talented nation state, but rather lazy or ignorant employees, oblivious to the risk they are exposing themselves, their networks, and their systems to through simple careless acts.
  • Item
    FBI Cyber: Preventing Tomorrow’s Threats Today
    (Cyber Defense Review, 2016) Kress, Conrad; Wresch, Keenan; Celfo, Nicholas; Schorr, Zoe; Wong, Ernest
    During the early 20th century, as the country began to widely adopt innovations such as automobiles and radios, which were science fiction just decades before, many American workers began moving into cities to capitalize on this increasing need to develop and maintain new technologies. The drastic influx of people into urban areas created cities with a multitude of citizens, packed into relatively small areas. As these cities began to grow, a new phenomenon began to develop as well: organized crime. Organized crime began to plague local authorities in unforeseen ways, and it became such an issue that the U.S. Attorney General was forced to intervene.
  • Item
    How Smartphones Will Reshape The Modern Battlefield
    (Modern War Institute, 2016) Wong, Ernest
    Military theorists have researched the evolution of technology throughout history and analyzed the importance of new weapons developments that have dramatically altered the face of war. From the introduction of the chariot during Antiquity, which offered armies the power of mounted combat, to the development of the nuclear weapon during the Industrial Age, which provided nations the power to destroy whole cities with a single bomb, innovations have played a critical role in military success. In today’s Information Age, our knowledge-based society operates on the promise of improved efficiency and personalization, and our news is constantly filled with announcements touting the latest technological advancements that will yield radical change for future armies. From power suits that turn soldiers into supermen, to swarm technology that will make autonomous drones a reality, a countless number of military innovations are being developed that seek to take advantage of the digital revolution. However, the single innovation that will truly reshape the modern battlefield in our lifetime is one that nearly every teenager in the U.S. already has in his or her possession—the portable smartphone.
  • Item
    Geospatial Big Data Analytics for Quality Control of Surveys
    (Proceedings of the Annual General Donald R. Keith Memorial Conference, 2022) Leehan, Benjamin; Bastian, Nathaniel D.
    Geospatial big data analytics allows survey quality control analysts to draw important conclusions about survey data quality that otherwise would take excessive time and resources. In this work, we explored two algorithmic methods that can help ensure reliability of survey interviews by detecting geospatial outliers. Focusing on geospatial data collected from surveys, we implemented outlier detection techniques with two different distance metrics to identify statistical anomalies in real-world datasets that may have qualitative interpretations. We found that one algorithm, which considers the local distribution of points in a dataset, identifies a different set of outliers when compared to another method, which considers the global distribution of points. Since there was a small overlap (10-19%) of flagged points between the two algorithms implemented, it may be helpful for analysts to focus on the fewer “outlier” points that are flagged by both methods rather than all the “outlier” points that are flagged by each algorithm. Finally, analysts should consider the computational costs, as the algorithms differ significantly.
  • Item
    Gaining Competitive Advantages in Cyberspace through the Integration of Breakthrough Technologies in Autonomy, Artificial Intelligence, and Machine Learning
    (Cyber Defense Review, 2023) Bastian, Nathaniel D.
    Cyberspace has characteristics that differ from air, land, maritime, and space domains, which affect how the Joint Force operates and defends it. Fast-moving innovations are transforming the character of warfare in cyberspace, requiring novel technology integration. Effective integration of breakthrough technologies in autonomy, artificial intelligence, and machine learning into cyberspace can enable competitive advantages to be gained that enhance the combat power of joint forces conducting multi-domain operations. These technologies help shorten the sensor-to-shooter pathway to accelerate and optimize decision-making processes. These technologies also permit the enhancement of cyber situational understanding from the ingest, fusion, synthesis, analysis, and visualization of big data from varied cyber data sources to enable decisive, warfighting information advantage via the display of key cyber terrain with relevance in the commander’s area of operations at the tactical edge. These technologies engender actionable information and recommendations to optimize human-machine decision-making via autonomous active cyber defense to effectively execute command and control while informing resourcing decisions. Competitive advantages gained allow key actions to be taken to generate, preserve, and apply informational power against a relevant actor while also permitting maneuver through the information environment.
  • Item
    Ethical Frameworks for Cybersecurity: Applications for Human and Artificial Agents
    (Routledge, 2022) Thomson, Robert; Schoenherr, F. Jordan Richard
    This foundational text examines the intersection of AI, psychology, and ethics, laying the groundwork for the importance of ethical considerations in the design and implementation of technologically supported education, decision support, and leadership training. AI already affects our lives profoundly, in ways both mundane and sensational, obvious and opaque. Much academic and industrial effort has considered the implications of this AI revolution from technical and economic perspectives, but the more personal, humanistic impact of these changes has often been relegated to anecdotal evidence in service to a broader frame of reference. Offering a unique perspective on the emerging social relationships between people and AI agents and systems, Hampton and DeFalco present cutting-edge research from leading academics, professionals, and policy standards advocates on the psychological impact of the AI revolution. Structured into three parts, the book explores the history of data science, technology in education, and combatting machine learning bias, as well as future directions for the emerging field, bringing the research into the active consideration of those in positions of authority. Exploring how AI can support expert, creative, and ethical decision making in both people and virtual human agents, this is essential reading for students, researchers, and professionals in AI, psychology, ethics, engineering education, and leadership, particularly military leadership.
  • Item
    Give Them an Inch, They’ll Take a Terabyte: How States May Interpret Tallinn Manual 2.0’s International Human Rights Law Chapter
    (Texas Law Review, 2017) Barnsby, Robert E.; Reeves, Shane R.
    An international group of scholars and practitioners with expertise in the legal regimes implicated by peacetime cyber activities authored Tallinn Manual 2.0 between 2013 and 2016 over the course of a series of formal meetings and workshops. Like the Manual itself, it is inevitable that the Manual's IHRL Chapter will be studied and debated endlessly. Less concerned with this overall debate than with the need for practitioners to understand specific assertions made with the human rights Chapter, this Article closely examines certain key terms in the text to ascertain their impact on daily cyber activities at the State (national) level. A granular view of the IHRL Chapter reveals these key terms to be often vague and ill-defined, resulting in definitional gaps capable of being used by States to undermine IHRL progress over time.
  • Item
    Cyber Education: A Multi-Level, Multi-Discipline Approach
    (ACM, 2015) Sobiesk, Edward; Blair, Jean R.S.; Conti, Gregory; Lanham, Michael J.; Taylor, Howard
    The purpose of this paper is to contribute to the emerging dialogue on the direction, content, and techniques involved in cyber education. The principle contributions of this work include a discussion on the definition of cyber and then a description of a multi-level, multi-discipline approach to cyber education with the goal of providing all educated individuals a level of cyber education appropriate for their role in society. Our work assumes cyber education includes technical and non-technical content at all levels. Our model formally integrates cyber throughout an institution's entire curriculum including within the required general education program, cyber-related electives, cyber threads, cyber minors, cyber-related majors, and cyber enrichment opportunities, collectively providing the foundational knowledge, skills, and abilities needed to succeed in the 21st Century Cyber Domain. To demonstrate one way of instantiating our multi-level, multi-discipline approach, we describe how it is implemented at our institution. Overall, this paper serves as a call for further discussion, debate, and effort on the topic of cyber education as well as describing our innovative model for cyber pedagogy.
  • Item
    Distributed Parallel Extreme Event Analysis in Next Generation Simulation Architectures
    (Johns Hopkins University, 2017) Hamilton, Stephen S.
    Numerical simulations present challenges as they reach exascale because they generate petabyte-scale data that cannot be saved without interrupting the simulation due to I/O constraints. Data scientists must be able to reduce, extract, and visualize the data while the simulation is running, which is essential for in transit and post analysis. Next generation architectures in supercomputing include a burst buffer technology composed of SSDs primarily for the use of checkpointing the simulation in case a restart is required. In the case of turbulence simulations, this checkpoint provides an opportunity to perform analysis on the data without interrupting the simulation. First, we present a method of extracting velocity data in high vorticity regions. This method requires calculating the vorticity of the entire dataset and identifying regions where the threshold is above a specified value. Next we create a 3D stencil from values above the threshold and dilate the stencil. Finally we use the stencil to extract velocity data from the original dataset. The result is a dataset that is over an order of magnitude smaller and contains all the data required to study extreme ii ABSTRACT events and visualization of vorticity. The next extraction utilizes the zfp lossy compressor to compress the entire velocity dataset. The compressed representation results in a dataset an order of magnitude smaller than the raw simulation data. This provides the researcher approximate data not captured by the velocity extraction. The error introduced is bounded, and results in a dataset that is visually indistinguishable from the original dataset. Finally we present a modular distributed parallel extraction system. This system allows a data scientist to run the previously mentioned extraction algorithms in a distributed parallel cluster of burst buffer nodes. The extraction algorithms are built as modules for the system and run in parallel on burst buffer nodes. A feature ex traction coordinator synchronizes the simulation with the extraction process. A data scientist only needs to write one module that performs the extraction or visualization on a single subset of data and the system will execute that module at scale on burst buffers, managing all the communication, synchronization, and parallelism required to perform the analysis.
  • Item
    Digging for Gold: Examining DNS Logs on Windows Clients
    (SANS, 2019) Draeger, Amanda
    Investigators can examine Domain Name Service (DNS) queries to find potentially compromised hosts by searching for queries that are unusual or to known malicious domains. Once the investigator identifies the compromised host, they must then locate the process that is generating the DNS queries. The problem is that Windows hosts do not log DNS client transactions by default, and there is little documentation on the structure of those logs. This paper examines how to configure several modern versions of Windows to log DNS client transactions to determine the originating process for any given DNS query. These configurations will allow investigators to determine not only what host is compromised, but what the malicious process is more quickly.