My first thoughts on the strategic impact of Solar Winds: this is appears to be a large infiltration of networks that contain important information about US government operations. This could be a huge intelligence loss for the US with long term implications for national security
As of yet, no released evidence that hack led to disruptions, deletions, or manipulations of data (still waiting here). Unclear whether this was restraint by (presumable) Russian actors, lack of opportunity, or a combination of both, i.e. intel benefit outweighed attack benefit.
Lessons learned: 1) there is a proliferation of private & public US actors that have the capability and willingness to attribute. Attribution may become less of a political decision as these private attribution actors become more influential & capable.
Lessons learned: 2) these kinds of cyber exploits for intelligence will continue. Recommend reading @JoshRovner1 & @jonrlindsay on cyber as an intelligence framework. tandfonline.com/doi/abs/10.108…
warontherocks.com/2019/09/cyber-…
Lesson learned: 3) I largely agree w/folks that point to these exploits as evidence that deterrence of intelligence-motivated cyber exploits is a flawed strategy. I still believe that defense, counter-cyber ops, & info sharing is the best response to these kinds of hacks.
@jacklgoldsmith has important ?s about whether US would conduct similar hacks & if so whether the US' current toolbox is appropriate for dissuading (or degrading) adversaries from these hacks. Are we on the losing side of this competition? @lawfareblog
lawfareblog.com/quick-thoughts…
The US can better shape rules of the road, but I'm pessimistic we can dissuade adversaries from attempting these cyber hacks. I do believe declaratory restraint can help build norms about not using accesses for cyber attacks that cause civilian violence. tandfonline.com/doi/abs/10.108…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jacquelyn Schneider

Jacquelyn Schneider Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @JackieGSchneid

21 Aug
I've been seeing a bunch of "its the end of an era" in response to this article. This is indeed a technical achievement, but its a distraction from where we really need to focus our AI efforts in the DoD (haters stay for the thread).👇
defenseone.com/technology/202…
On the experiment: y'all it was a pilot w/a VR headset & a fake stick. AI beat a human pilot at a video game. It isn't surprising that AI performs well in a simulated environment & that human advantages (the warm fuzzy) are less important. quantamagazine.org/why-alphazeros…
The transition from this kind of AI to an unmanned platform with integrated sensors, weapons, & combat controls is expensive & vulnerable to both cyber/EM threats. Check out my work w/@jumacdo on the importance of cost in optimizing unmanned strategies.

papers.ssrn.com/sol3/papers.cf…
Read 5 tweets
10 Aug
I'm about to join a panel on wargaming in 2020 with @becca_wasser @elliebartels. I'm discussing developments on wargaming w/in academia and I've decided to tweet my thoughts for those not attending. Thread below . . .
Why wargaming & academia? Academic wargaming was a large part of early nuclear research. Games led by Bloomfield and Schelling at MIT were fundamental to how we think about modern nuclear strategy. Check out @reidpauly's work in @Journal_IS

belfercenter.org/publication/wo…
How is wargaming different in academia?
1) No sponsor (Pro: freedom, Con: money)
2) No logistics tail (Pro: less onerous, Con: hard to run games at scale)
3) Different communities (Pro: less guild/more science, Con: Too positivist?)
Read 7 tweets
6 Apr
Recent firing of Teddy Roosevelt CO highlighted issues that have been simmering for the Navy/DoD: 1) civ-mil relations in Trump administration, 2) Navy leadership/accountability, & 3) should we sacrifice the health of the fleet for presence missions (FONOPS, etc.)?
1) On civl-mil: Follow @jimgolby @ahfdc @lindsaypcohn and check out their recent piece in @monkeycageblog:

washingtonpost.com/politics/2020/…
2) On navy leadership/accountability: Follow @DoyleKHodges and check out his piece today in @WarOnTheRocks

warontherocks.com/2020/04/the-na…
Read 13 tweets
26 Oct 19
A few thoughts on why the recent award to Microsoft is less surprising than it may seem at first.
1) Culture. Microsoft has been a stalwart DoD partner since the the dawn of the Information Age. Almost every DoD mission runs on Microsoft applications. PowerPoint, excel, and outlook are probably the most prolific tech applications in modern combat.
2). Culture (continued). Because of Microsoft’s long history working w/DoD, it also means less potential of employee protests and more vetted personnel than other companies. That’s huge for insider threats- arguably the greatest threat of a cloud strategy this centralized.
Read 5 tweets
20 Oct 19
I've seen some twitter threads floating around w/ suggestions for "canonical" cyber/international security works. While it might be premature to canonize these, here are some works I recommend for anyone teaching an international security/cyber course (added bonus: w/women too!)
Read 9 tweets
4 Jun 18
Lots of posts today about how to do policy-relevant work. My list:
1.Do good social science
2.Understand policy timelines
3.Spend time w/those in policy
4.Work in government
5.Go into the weeds when necessary
6.Publish/talk outside academia
1. Do good social science. The proliferation of info means that policy-makers may reach for academic work that supports their own conscious & unconscious biases. That means your work may be ignored or adopted with little evaluation of methodology; the onus for rigor is on us.
2. Understand policy timelines. A recent piece with @jumacdo was just accepted for publication after the project began in 2014. Either ask questions whose relevance can survive that time lag, or be creative about publicizing your work prior to pub (but keep in mind rule #1).
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!