Those things are 16 infrastructure sectors, ranging from concert venues to federal buildings to wastewater plants & pipelines (& thousands of other things in between). Fundamentally, I think what we want is for state-sponsored cyber attacks against civilians to be off limits.
But it becomes more complicated when these "civilian" infrastructures are entangled w/military or regime--shared power grids, commercial data services, transportation, finance. This makes norms about state sponsored cyber attacks against civilian tgts difficult to implement.
As it stands, we are both asking too much (restraint against 16 critical infrastructures) and not expecting enough (seriously, do we think its ever ok for a state to launch campaigns targeting civilians for foreign policy objectives?).
The devil is in the details--we need to speak more concretely about what state sponsorship is in cyber, broader categories of targets and effects, and how we entangle our own civilian and military resources that incentivize cyber attacks against civilian infrastructure in crises.
And, finally, this is where the US can make strides by declaring what it will restrain ITSELF from attacking in cyberspace. This is bigger than the relationship w/Russia because it can help the international community hold Russia responsible. tandfonline.com/doi/abs/10.108…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
My first thoughts on the strategic impact of Solar Winds: this is appears to be a large infiltration of networks that contain important information about US government operations. This could be a huge intelligence loss for the US with long term implications for national security
As of yet, no released evidence that hack led to disruptions, deletions, or manipulations of data (still waiting here). Unclear whether this was restraint by (presumable) Russian actors, lack of opportunity, or a combination of both, i.e. intel benefit outweighed attack benefit.
Lessons learned: 1) there is a proliferation of private & public US actors that have the capability and willingness to attribute. Attribution may become less of a political decision as these private attribution actors become more influential & capable.
I've been seeing a bunch of "its the end of an era" in response to this article. This is indeed a technical achievement, but its a distraction from where we really need to focus our AI efforts in the DoD (haters stay for the thread).👇 defenseone.com/technology/202…
On the experiment: y'all it was a pilot w/a VR headset & a fake stick. AI beat a human pilot at a video game. It isn't surprising that AI performs well in a simulated environment & that human advantages (the warm fuzzy) are less important. quantamagazine.org/why-alphazeros…
The transition from this kind of AI to an unmanned platform with integrated sensors, weapons, & combat controls is expensive & vulnerable to both cyber/EM threats. Check out my work w/@jumacdo on the importance of cost in optimizing unmanned strategies.
I'm about to join a panel on wargaming in 2020 with @becca_wasser@elliebartels. I'm discussing developments on wargaming w/in academia and I've decided to tweet my thoughts for those not attending. Thread below . . .
Why wargaming & academia? Academic wargaming was a large part of early nuclear research. Games led by Bloomfield and Schelling at MIT were fundamental to how we think about modern nuclear strategy. Check out @reidpauly's work in @Journal_IS
How is wargaming different in academia? 1) No sponsor (Pro: freedom, Con: money) 2) No logistics tail (Pro: less onerous, Con: hard to run games at scale) 3) Different communities (Pro: less guild/more science, Con: Too positivist?)
Recent firing of Teddy Roosevelt CO highlighted issues that have been simmering for the Navy/DoD: 1) civ-mil relations in Trump administration, 2) Navy leadership/accountability, & 3) should we sacrifice the health of the fleet for presence missions (FONOPS, etc.)?
1) Culture. Microsoft has been a stalwart DoD partner since the the dawn of the Information Age. Almost every DoD mission runs on Microsoft applications. PowerPoint, excel, and outlook are probably the most prolific tech applications in modern combat.
2). Culture (continued). Because of Microsoft’s long history working w/DoD, it also means less potential of employee protests and more vetted personnel than other companies. That’s huge for insider threats- arguably the greatest threat of a cloud strategy this centralized.
I've seen some twitter threads floating around w/ suggestions for "canonical" cyber/international security works. While it might be premature to canonize these, here are some works I recommend for anyone teaching an international security/cyber course (added bonus: w/women too!)