Prof. John E. Savage
Updated
|
This curated website provides links to cybersecurity sources, broadly
defined. It was created to support two Brown University courses, CSCI 1800,
Cybersecurity and International Relations, that I taught for eleven years and
EMC 2600, The Future of Cybersecurity: Technology and Policy, that I taught
for two years. I have continued to expand it as new sources
have been published or discovered. Items highlighted in
red are particularly important or interesting.
Some of these references are used in the book
Security in the Cyber
Age: An Introduction to Policy and Technology by Derek S. Reveron and John
E. Savage published by Cambridge University Press in November, 2023.
Go here to replace the
following Table of Contents with one that has links to both sections and subsections.
This curated website provides links to cybersecurity sources, broadly
defined. It was created to support two Brown University courses, CSCI 1800,
Cybersecurity and International Relations, that I taught for eleven years and
EMC 2600, The Future of Cybersecurity: Technology and Policy, that I taught
for two years. I have continued to expand it as new sources
have been published or discovered. Items highlighted in
red are particularly important or interesting.
Some of this material is used in the book Security in the Cyber
Age: An Introduction to Policy and Technology by Derek S. Reveron and John
E. Savage to be published by Cambridge University Press in 2023.
Go here to replace the
following Table of Contents with one that has links to both sections and subsections.
October 29 2019 marks 50 years to the day since Leonard Kleinrock's team sent the first message over the Arpanet, transforming his mathematical theory of packet switching into what would become the modern Internet.To celebrate the anniversary, the UCLA Samueli School of Engineering hosted a one-day conference. The program for the conference can be found here.
While these internet geopolitical struggles rarely get the media attention that political/military or even economic/financial struggles do, they are no less important and can have a great impact on the daily lives of people everywhere.
[It] is concerning that a proposal has been made to ITU_T ... to start a further long-term research now and in the next study period to develop a 'top-down design for the future network.'"
An Analysis of the 'New IP' proposal to the ITU-Tby Dr. Richard Li, Futurewei Technologies and Chairman of ITU Focus Group NET2020, June 2, 2020
The power relations, values, and institutions that governed cyberspace since its initial development in the 1960s are being challenged by those that did not have a say in how it was structured. As conflicting visions for the future of the global internet inevitably collide, cyber diplomats will have to negotiate these difficult choices.
Humanity continues to face two simultaneous existential dangers—nuclear war and climate change—that are compounded by a threat multiplier, cyber-enabled information warfare, that undercuts society's ability to respond.
The international security situation is now more dangerous than it has ever been, even at the height of the Cold War.
The bigger concern today is that Americans have reached a point where ignorance — at least regarding what is generally considered established knowledge in public policy — is seen as an actual virtue. To reject the advice of experts is to assert autonomy, a way for Americans to demonstrate their independence from nefarious elites — and insulate their increasingly fragile egos from ever being told they're wrong.
the future is uncharted, ... we can't map it till we get there. But that's OK, because we have so much [human] imagination — if we use it.
[It] costs America over $3 trillion in lost economic output every year, Gary Hamel and Michele Zanini estimated in 2016 in The Harvard Business Review. … The Massachusetts Institute of Technology now has almost eight times as many nonfaculty employees as faculty employees.
Under Article 19 of the Universal Declaration of Human Rights, everyone has the right to seek and receive news and express opinions. These 10 countries flout the international standard by banning or severely restricting independent media and intimidating journalists into silence with imprisonment, digital and physical surveillance, and other forms of harassment. Self-censorship is pervasive.
The Universal Declaration of Human Rights (UDHR) is a milestone document... . [It was d]rafted by representatives with different legal and cultural backgrounds from all regions of the world ... [and] was proclaimed by the United Nations General Assembly in Paris on 10 December 1948. ... It sets out, for the first time, fundamental human rights to be universally protected.
Developer productivity is complex and nuanced, with important implications for software development teams. A clear understanding of defining, measuring, and predicting developer productivity could provide organizations, managers, and developers with the ability to make higher-quality softwarbeand make it more efficiently.
[C]hallenges presenting themselves today are increasingly fast-moving and complex: they involve concurrent interactions among events across multiple dimensions of governance; they have no regard for our customary jurisdictional and bureaucratic boundaries; they cannot be broken apart and solved piece by piece; and rather than stabilizing into permanent solutions, they morph into new problems that have to be continually managed. This pattern profoundly challenges the adaptive capacity of our legacy systems of government, which are essentially modeled on the early industrial period: vertical, hierarchical, segmented, mechanical, and sluggish. Our 19th-century government is simply not built for the nature of 21st-century challenges.
the illegitimate takeover of groups of IP addresses by corrupting Internet routing tables maintained using the Border Gateway Protocol (BGP).
Coralogix estimates that developers create 70 bugs per 1,000 lines of code and that fixing a bug takes 30 times longer than writing a line of code; in the U.S., $113 billion is spent annually on identifying and fixing product defects.
Unsigned firmware in WiFi adapters, USB hubs, trackpads, laptop cameras and network interface cards provides multiple pathways for malicious attackers to compromise laptops and servers.
Dyn, the victim of last week's denial of service attack, said it was orchestrated using a weapon called the Mirai botnet as the 'primary source of malicious attack.' ... [T]here had been reports of an extraordinary attack strength of 1.2Tbps.
[It] isn't the first time that Internet addresses were hijacked. But if it spurs interest in better security, it may be the last.
'Exploring how hacked internet of things devices [IoTs] could bring a small country or groups of websites offline ... comports with Russia's previous cyber behavior,' said Justin Sherman, fellow at the Atlantic Council's Cyber Statecraft Initiative.
Although the concept of cyber deterrence has fallen out of fashion in academic literature in recent years, it is being remolded in emerging approaches to national security.
While cyber hygiene isn't ironclad protection, it's important for everyone in contact with your network, from the CEO to the lowly intern, to act securely with these ten tips.
Restraints for AI need to occur before AI is built into the security structure of each societbythat is, before machines begin to set their own objectives, which some experts now say is likely to occur in the next five years.
The advent of cyber warfare exacerbates the risk of inadvertent nuclear escalation in a conventional conflict.
The damage level could be sufficient to be catastrophic to the Nation, and our current vulnerability invites attack.
Most worrisome is the prospect of a major solar storm, such as the Carrington Event of 1859. During that storm, the sun ejected billions of tons of charged particles, causing aurorae as far south as the Caribbean and generating currents in telegraph lines powerful enough to shock operators. Today, the effect of such an event on computers and communications would be dire. Financial transaction systems could collapse. Power and water could easily go out. 'It probably would be The Hunger Games pretty soon,' McIntosh says.
The NSF's new, cutting-edge solar observatory shows us the Sun as never before. Here's why we need to know.
Scientists have known for decades that an extreme solar storm, or coronal mass ejection, could damage electrical grids and potentially cause prolonged blackouts. ... New research shows that the failures could be catastrophic, particularly for the undersea cables that underpin the global internet.
U.S. lawmakers and security experts are voicing concern that foreign governments are staging cyberattacks using servers in the U.S., in an apparent effort to avoid detection by America's principal cyberintelligence organization, the National Security Agency.
roamed around American computer networks for nine months. ... The SolarWinds attackers ran a master class in novel hacking techniques..
A group of security researchers at Emsisoft, Avast, and elsewhere are developing free tools that can (sometimes) reverse ransomware infections. Here's why they pursue this occasionally dangerous hobby, and how you can get your hands on their tools.
There is a new ransomware Trojan on the loose that is reportedly capable of disabling industrial control systems.
[T]wo security firms have identified a new form of ransomware, known as Snake or Ekans, that appears to be focused on freezing the software responsible for industrial processes at big oil and petroleum companies.
For two weeks, there was nothing being done. Merck is huge. It seemed crazy that something like this could happen.
Disruptionware is an emerging form of malware, with a greater adverse impact than more traditional, standalone ransomware attacks, in that it is designed to actually suspend physical operations within a victim organization.
Active measures, a Russian term, involve the following seven steps:
Conventional wisdom suggests that universal lapses in media connectivity — for example, disruption of Internet and cell phone access — have a negative effect on political mobilization. On the contrary, I argue that sudden and ubiquitous interruption of mass communication can facilitate revolutionary mobilization and proliferate decentralized contention.
According to the ClearSky report, the purpose of these attacks is to breach enterprise networks, move laterally throughout their internal systems, and plant backdoors to exploit at a later date.
U.S. officials said Huawei has built equipment that secretly preserves its ability to access networks through these interfaces, without the carriers' knowledge.
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America's technology supply chain, according to extensive interviews with government and corporate sources.
When it comes to 5G technology, we have to build a trustworthy system out of untrustworthy parts.
The Log4j vulnerability affects everything from the cloud to developer tools and security devices. Here's what to look for, according to the latest information.
You need a balanced approach that looks at the burden on companies, ... the needs of safety and security ... and that avoids ... technology specifics as much as possible.
The United States Navy recently recognized modern vulnerabilities by bringing back an old method for navigating at sea:celestial navigation.
[A] deliberate attack may not even be necessary ... [to take out GPS]. A space debris chain reaction known as an ablation cascade could knock out our GPS capability, or a strong Earth-directed solar storm such as the 1859 Carrington super-flare event could do the job just as well.
[The] executive order ... directs federal agencies to take steps to reduce the disruption of critical infrastructure that relies on positioning, navigation and timing (PNT) services like GPS.
The Office of Science and Technology Policy will also coordinate a national plan within one year of the executive order that provides for research and development into secure PNT services that will not be dependent on global navigation satellite systems.
The US Department of Defense is responding to the PNT threat with its
own plans,
summarized.
here.
The Global Navigation Satellite System (GNSS) includes the US Global
Positioning System (GPS), the Russian GLONASS system, the European
Union's Galileo system and China's Beidou system.
Subject to the availability of appropriations, the Secretary of Transportation shall provide for the establishment, sustainment, and operation of a land-based, resilient, and reliable alternative timing system.
It's called BeiDou, and it's key for the military, tech industry, and more.
The U.S. Air Force is preparing to test a new pod-based positioning system that should be able to replace satellite-based GPS in an emergency. The system would look down — not up — for positioning data using Earth's own magnetic field. If successful, the tech could provide an effective backup in the event space satellites aren't available.
According to analysis conducted by conservation technology nonprofit SkyTruth and Global Fishing Watch,over 100 warships from at least 14 European countries, Russia, and the US appear to have had their locations faked, sometimes for days at a time, since August 2020.
According to analysis conducted by conservation technology nonprofit SkyTruth and Global Fishing Watch,over 100 warships from at least 14 European countries, Russia, and the US appear to have had their locations faked, sometimes for days at a time, since August 2020.
Back to Critical Infrastructure
Back to The Cybersecurity Threat
Back to Top
[T]he secure and reliable delivery of electricity is a vital cornerstone of modern American society. For those who would seek to do our Nation significant physical, economic, and psychological harm, the electrical grid is an obvious target. ... This project has sought to address these challenges and begin a new conversation about the security of a changing grid. ... [it] has examined the threats of cyberattack, physical attack, electromagnetic pulse, and severe weather. ... [W]e have assembled .. twelve key recommendations ... on the security of the grid and its future.
In the 2001 action movie Ocean's Eleven, criminals use an electromagnetic weapon to black out a portion of Las Vegas. Very futuristic, you may say, but the threat is real and growing.
The Non-Smart Power Grid is Vulnerable to Cyber Attacks As Well.
Hackers likely working for a nation-state recently breached safety systems at a critical infrastructure facility, in a watershed attack that halted plant operations[.]
Plum Island ... serve[d] as a guinea pig ... for a decidedly 21st-century threat: cyberattacks that could hamstring a power grid.
A fresh look at the 2016 blackout in Ukraine suggests that the cyberattack behind it was intended to cause far more damage ... for weeks or even months. ... [This] malware [is] one of only three pieces of code ever spotted in the wild aimed at not just disrupting physical equipment but destroying it, as Stuxnet did in Iran in 2009 and 2010 and the malware Triton was designed to do in a Saudi Arabian oil refinery in 2017.
The cybersecurity incident is the first confirmed to have caused 'interruptions of electrical system operations,' based on DOE records.
The U.S. power grid has long been considered a logical target for a major cyberattack. ... An attack on the power grid could be part of a coordinated military action, intended as a signaling mechanism during a crisis, or as a punitive measure in response to U.S. actions in some other arena. ... [A]ttackers would need to conduct extensive research, gain initial access to utility business networks, ... work to move through the business networks to gain access to control systems, and then identify targeted systems and develop the capability to disable them. Such sophisticated actions would require extensive planning.
Back to Critical Infrastructure
Back to The Cybersecurity Threat
Back to Top
The recent shift away from IT networks raises the possibility that Iran's APT33 is exploring physically disruptive cyberattacks on critical infrastructure.
There is a new ransomware Trojan on the loose that is reportedly capable of disabling industrial control systems.
Back to Critical Infrastructure
Back to The Cybersecurity Threat
Back to Top
Sheltered Harbor was created to protect customers, financial institutions, and public confidence in the financial system if a catastrophic event like a cyberattack causes critical systems – including backups – to fail.
[T]he attacks that could damage or destroy the very foundation of what makes our economy — and our lives — run must concentrate the minds of U.S. policymakers.
The authors say if a cyberattack were to compromise banks'systems, there could be severe implications for the broader financial system.The report is available here.
Back to Critical Infrastructure
Back to The Cybersecurity Threat
Back to Top
Technical experts explain that using smartphone technology in cars, technology that was never designed to protect safety-critical systems, is a recipe for disaster. A plausible scenario involving a fleet-wide hack during rush hour in major U.S. metropolitan areas could result in approximately 3,000 fatalities, the same death toll as the 9/11-attack.
[T]he attacks that could damage or destroy the very foundation of what makes our economy — and our lives — run must concentrate the minds of U.S. policymakers.
[W]e aim to highlight the need to mitigate the risks to patient safety created by the growing integration of information technology and operational technology into healthcare, and to propose ways to mitigate that risk.
A growing number of policymakers now appreciate how health security risks undermine the social, economic, and political security of nations.Epidemics can produce Black Swan events.
Intelligence services have a long history of manipulating information on health issues, and an epidemic is especially tempting for interference. Why aren't we better prepared?
Disruptionware is an emerging form of malware, with a greater adverse impact than more traditional, standalone ransomware attacks, in that it is designed to actually suspend physical operations within a victim organization.
[The] Cascadia subduction zone ... runs for seven hundred miles off the coast of the Pacific Northwest. ... When the next full-margin rupture happens, that region will suffer the worst natural disaster in the history of North America, outside of the 2010 Haiti earthquake, which killed upward of a hundred thousand people.
Back to Critical Infrastructure
Back to The Cybersecurity Threat
Back to Top
American military officials urged Congress to put more money into programs they obliquely hailed in open testimony as 'left of launch' techniques — so called because they rely on sabotaging launchers before they are fired.
NATO's missions and operations are conducted in the air, land, cyber and maritime domains. Space-based architecture is fundamental to the provision of data and services in each of these contexts. The critical dependency on space has resulted in new cyber risks that disproportionately affect mission assurance. Investing in mitigation measures and in the resilience of space systems for the military is key to achieving protection in all domains.
Technical experts explain that using smartphone technology in cars, technology that was never designed to protect safety-critical systems, is a recipe for disaster. A plausible scenario involving a fleet-wide hack during rush hour in major U.S. metropolitan areas could result in approximately 3,000 fatalities, the same death toll as the 9/11-attack.
Santamarta claims that leaked code has led him to something unprecedented: security flaws in one of the 787 Dreamliner's components, deep in the plane's multi-tiered network. He suggests that for a hacker, exploiting those bugs could represent one step in a multi-stage attack that starts in the plane's in-flight entertainment system and extends to highly protected, safety-critical systems like flight controls and sensors.
[T]he National Highway Traffic Safety Administration has fielded more than 400 individual complaints in the last three years from drivers of vehicles made by Nissan Motor Co. , Volkswagen AG , Honda Motor Co. and other major car manufacturers flagging auto-braking problems, according to a Wall Street Journal analysis of the agency's public database.
The National Transportation Safety Board says the design of Tesla's Autopilot contributed to a crash in which the driver did not actively steer for 13 minutes.
GOP Sen. Ben Sasse warned of a doomsday scenario in which China wipes out US satellites to cripple the military's GPS and communications systems in a cyber war that takes place in outer space.
Without stronger cybersecurity standards, satellites remain vulnerable to hackers, who could corrupt or weaponize them.
A team of hackers in early August 2019 gained access to an F-15 fighter in an eye-opening U.S. military test.
A new 'transport layer' constellation will help distribute tactical data — but won't have defenses to anti-statellite weapons.
Unfortunately in the case of the Russians, their increasing penchant for unsafe and what I would consider unacceptable behavior in space has not slowed down,Lt. Gen. David Thompson, the U.S. Space Force vice commander.
JADC2 intends to enable commanders to make better decisions by collecting data from numerous sensors (across all military sources), processing the data using artificial intelligence algorithms to identify targets, then recommending the optimal weapon — both kinetic and nonkinetic (e.g., cyber or electronic weapons) — to engage the target.
The security and resilience of undersea cables and the data and services that move across them are an often understudied and underappreciated element of modern Internet geopolitics.
Technology to hide a ship's location previously available only to the world's militaries is spreading fast through the global maritime industry as governments from Iran to Venezuela — and the rogue shipping companies they depend on to move their petroleum products — look for stealthier ways to circumvent U.S. sanctions.
[T]he cyber-attack against the KA-SAT network ... resulted in a partial interruption of KA-SAT's consumer-oriented satellite broadband service.
'The goals of an offensive information-warfare campaign are to deny, corrupt, degrade, or destroy the enemy's sources of information on the battlefield. Doing so successfully, while maintaining the operational security of your own information sources, is the key to ... the ability to see the battlefield while your opponent cannot. ... This [was said] best by Sun Tzhu ... 'To subdue the enemy without fighting is the acme of skill.' ... [T]he Russian operations in Crimea provide a modern case study where the outcome of operations was directly attributed to IW principles and capability.
Russia has started using the West's own reporting against it. Here's how to respond.
The web analysis firm Graphika has linked posts to a known Russian operation.
Democratic countries view information as an empowering force in the hands of people: the free and open flow of ideas, news, and opinion fuels deliberative democracy. Authoritarian systems see this model as a threat, viewing information as a danger to their regimes and something the state must control and shape. Using surveillance, censorship, and the manipulation of information, authoritarian regimes shore up their power at home while weakening democratic competitors abroad. ... The United States and its democratic allies have not adjusted to this reality. ... The typically hands-off approach that many democratic governments take to information will make it hard for them to compete. .... Democracies face a dilemma. If they don't take an active role in the information contest, they will leave themselves vulnerable at home and lose ground abroad. But if they are more proactive and aggressive in the wrong ways, they will risk mimicking the heavy-handed behavior of autocracies and creating the kind of rigidly controlled environment autocrats seek.
Our finding — that cyber attacks are not (yet) effective as tools of coercion in war — has potentially significant implications for other armed conflicts with a digital front.
An intelligence contest has five elements. First, it is a race among adversaries to collect more and better information. Second, it is a race to exploit that information to improve one's relative position. Third, it is a reciprocal effort to covertly undermine adversary morale, institutions, and alliances. Fourth, it is a contest to disable adversary capabilities through sabotage. Fifth, it is a campaign to preposition assets for intelligence collection in the event of a conflict. Note that none of these elements are directly related to military posturing or war, and only the last one hints at the prospect of combat. Instead, an intelligence contest is a part of an open-ended competition among rival states.
[A] new report from Deloitte has found the cost of committing cyber crime is incredibly low. ... [The] disparity between the profit criminals make versus the cost of repairing the damage is huge, says Oliver Rochford, director of research at Tenable. ... While estimated global revenue of cybercrime is around $1.5 trillion, Rochford says the cost of damage is thought to be upwards of $6 trillion.
Microsegmentation is a way to create secure zones in data centers and cloud deployments that allow you to isolate workloads and protect them individually. ... Microsegmentation gives companies greater control over the growing amount of east-west or lateral communication that occurs between servers, bypassing perimeter-focused security tools. If breaches occur, microsegmentation limits potential lateral exploration of networks by hackers. ... Microsegmentation is typically done in software, which makes it easier to define fine-grained segments. And with microsegmentation, IT can work to centralize network segmentation policy and reduce the number of firewall rules needed.
This handbook ... provides a list of [six] steps that local election officials can implement at relatively little cost to fortify their elections systems before the 2020 presidential election.
[W]e have intelligence capabilities that are vital to the defense of cyberspace. Industry owns and operates most of the digital landscape, and if we can't figure out how to take the things we understand from that foreign intelligence mission, reaching into adversary space, and pulling down threats, tools, tradecraft, and information about those operations, and get them to the people who could do something about it, were not very effective, right? So its no good if we know something, if we don't do something about it.
[W]e're seeking mid-career people looking to come to, one, the stability, but two, also the opportunity to come into the intel community.
Former Windows Division chief Steven Sinofsky has offered some context and a defense for Microsoft's war on open source in the 1990s and early 2000s.
The National Security Agency (NSA), the Office of the Director of National Intelligence (ODNI), and the Cybersecurity and Infrastructure Security Agency (CISA) developed this document in furtherance of their respective cybersecurity missions, including their responsibility to develop and issue cybersecurity recommendations and mitigation strategies. This information may be shared broadly to reach all appropriate stakeholders.
Our focus will be on the States that can pose strategic threats to U.S. prosperity and security, particularly China and Russia. We will conduct cyberspace operations to collect intelligence and prepare military cyber capabilities to be used in the event of crisis or conflict. We will defend forward to disrupt or halt malicious cyber activity at its source, including activity that falls below the level of armed conflict. We will strengthen the security and resilience of networks and systems that contribute to current and future U.S. military advantages.
[W]e have a chance to see what our adversaries are doing in cyberspace because we now have the authority under the National Defense Authorization Act 2019 to operate outside the DoD networks to help our allies defend ... inside their networks. ... This is what [DoD] calls 'defending forward.'
On January 6, throngs of supporters of U.S. President Donald Trump rampaged through the U.S. Capitol in an attempt to derail Congress's certification of the 2020 presidential election results. ... It was the first attack on the Capitol since the War of 1812 and the first violent transfer of presidential power in American history. ... Only a handful of the rioters were arrested immediately. Most simply left the Capitol complex and disappeared into the streets of Washington. But they did not get away for long. ... Amateur sleuths immediately took to Twitter, self-organizing to help law enforcement agencies identify and charge the rioters. Their investigation was impromptu, not orchestrated, and open to anyone, not just experts. Participants didn't need a badge or a security clearancbejust an Internet connection. Within hours, this crowd-sourcing effort had collected hundreds of videos and photographs before rioters could delete them or social media platforms started taking them down. ...By March, the volunteer community of amateur investigators had sent some 270,000 digital tips to the FBI; hundreds of suspects have now been arrested and charged.
U.S. Cyber Command ... has evolved from a 'response force' to a 'persistence force' ... A persistence force has a much higher chance of disrupting adversary plots and protecting Americans, compared with a force that is confined to sporadic reconnaissance. ... Activities and operations in, through, and from cyberspace now offer states the means to augment their power, degrade or usurp the power of others, and gain strategic advantage through competition without triggering armed conflict ... We must 'defend forward' in cyberspace, as we do in the physical domains. ... Strategic effects in cyberspace come from the use — not the mere possession — of cyber capabilities to gain the initiative over those who mean us harm. ... Its purpose is to limit the terrain over which the enemy can gain influence or control. We cannot afford to let adversaries breach our networks, systems, and data (intellectual property and personally identifiable information).
GOP Sen. Ben Sasse warned of a doomsday scenario in which China wipes out US satellites to cripple the military's GPS and communications systems in a cyber war that takes place in outer space.
A new 'transport layer' constellation will help distribute tactical data — but won't have defenses to anti-statellite weapons.
[Jessica] Brandt [of the Brookings Institution] added that`calling out possible sabotage operations [in advance] — such as the alleged false flag operation and 'pro-Russian' government plot — can make 'it impossible for, or at least considerably harder, for the Kremlin to carry out that plot with a straight face.'
The Electricity Information Sharing and Analysis Center (E-ISAC) gathers and analyzes security data, shares appropriate data with stakeholders, coordinates incident management, and communicates mitigation strategies with stakeholders.
the impact of cyberattacks, b) work
to develop rules for proper conduct in cyberspace, and c) to help
the most vulnerable victims of cyberattacks become more resilient.
DreamPort is a combination of state-of-the-art facilities, innovative programs, and imaginative people charged with finding that spark that leads to unparalleled capability for USCYBERCOM and the warfighters at large.
This memo prescribes enhanced corporate disclosures related to risk controls, cyber breaches, and vulnerabilities to improve the quality of information available to regulators and investors. Market forces can then incentivize corporate stakeholders to improve their company's resilience and security. The goal is to minimize the likelihood of cyber breaches on the scale of SolarWinds — or worse — in the future.
Intelligence services have a long history of manipulating information on health issues, and an epidemic is especially tempting for interference. Why aren't we better prepared?
[C]hallenges presenting themselves today are increasingly fast-moving and complex: they involve concurrent interactions among events across multiple dimensions of governance; they have no regard for our customary jurisdictional and bureaucratic boundaries; they cannot be broken apart and solved piece by piece; and rather than stabilizing into permanent solutions, they morph into new problems that have to be continually managed. This pattern profoundly challenges the adaptive capacity of our legacy systems of government, which are essentially modeled on the early industrial period: vertical, hierarchical, segmented, mechanical, and sluggish. Our 19th-century government is simply not built for the nature of 21st-century challenges.
In light of growing concern about malicious cyber disruption during the COVID-19 outbreak, the United Nations' Open-Ended Working Group should play a leading role in further developing a global framework to ensure responsible behavior in cyberspace.
It has been a good decade for dictatorship ... [and] a terrible decade for democracy. ...
In 2014, I suggested in these pages that a rising tide
of populist parties and candidates could inflict serious damage on
democratic institutions. At the time, my argument was widely
contested. ... Today, that old consensus is dead. ... The controversial
argument I made five years ago has become the conventional wisdom. But
this new consensus is now in danger of hardening into an equally misguided
orthodoxy. ... [T]his narrative overlooks a crucial factor: the
legitimacy of populist dictators depends on their ability to maintain the
illusion that they speak for 'the people.' And the more power these
leaders concentrate in their own hands, the less plausible that pretense
appears. ...
Recently, a series of writers have suggested
that the rise of digital technology will skew this competition in favor
of popular discontent. ... This argument, however, fails to take
into account the differences in how dictatorships and democracies wield
power. Whereas dictatorships are capable of using all the resources of a
modern state to quash a popular insurgency, democracies are committed to
fighting their opponents with one hand tied behind their back. ... This
imbalance raises the prospect of a dark future in which digital
technology allows extremist networks to vanquish moderate
hierarchies. ... It is too early to conclude that the populist
dictatorships that have arisen in many parts of the world in recent
years will be able to sustain themselves in power forever. ...
And so the best way to fight demagogues with authoritarian ambitions
remains what it has always been: to defeat them at the ballot box before
they ever step foot in the halls of power.
foreign technology ... provided by American companies operating in China [and] U.S. universities educating Chinese students [as well as] China's aggressive pursuit of intellectual property and cyber theft.
Could China and the US be stumbling down the path Germany and the United Kingdom took at the beginning of the last century? ... My answer to the question of whether we are sleepwalking toward war is 'yes.'
The United States needs to prepare for a major war, not because its rival is rising but because of the opposite.(Because it's power has peaked.)
The world is facing a new era of technological ubiquity. ... Unfortunately, U.S. politics, laws and national security policy have not kept up with both the risks and the opportunities stemming from the dynamism of technological change. ... This new Cyberspace Solarium Commission, which we are co-chairing, draws inspiration from Eisenhower's historical legacy, [the Solarium Project]. ... [T]his bipartisan, intergovernmental and multisector body is charged with evaluating divergent approaches to defending the United States in cyberspace and driving consensus toward a comprehensive strategy.
The U.S. government needs to adopt structural changes not seen since the aftermath of the 2001 terrorist attacks to confront proliferating cyber threats that increasingly endanger national and economic security, a government commission has concluded.
The U.S. government needs to adopt structural changes not seen since the aftermath of the 2001 terrorist attacks to confront proliferating cyber threats that increasingly endanger national and economic security, a government commission has concluded.
To be effective, deterrence by denial must make the cost of aggression 'unprofitable by rendering the target harder to take, harder to keep, or both.'
After a year's worth of intensive work, the Cyberspace Solarium Commission today issues its full report. Lawfare is hosting a series of posts exploring the commission's highlights ... .
'Defend Forward' is frequently misunderstood to be purely offensive in nature. However, U.S. Cyber Command's malware inoculation initiative illustrates how the strategy also serves defensive objectives.
Cyber vulnerabilities in major weapons platforms pose a significant threat to U.S. national security. Developing a comprehensive evaluation process is essential to ensuring the security and resilience of the technologies that underpin U.S. deterrence and warfighting.
Throughout history, technology has transformed armed conflict. The carnage of First World War battlefields is a stark example of what happens when advances in weaponry outpace the normative frameworks around its use. ... Today, we are experiencing a technological revolution that holds incredible promise for human development and welfare. From genome editing to quantum computing and artificial intelligence, emerging technologies offer us powerful new ways to achieve our shared commitments, including the Sustainable Development Goals.
[M]ilitary officials detail their ... efforts to link up jets, tanks, ships, and soldiers.
This anthology of cyber analogies will resonate with readers whose duties call for them to set strategies to protect the virtual domain and determine the policies that govern it. Our belief is that learning is most effective when the concepts under consideration can be aligned with already-existing understanding or knowledge.
[R]ecent history has shown that states have more often availed themselves of their offensive cyber arsenals to achieve surprisingly de-escalatory effects.
Policymakers should seek to maximize the benefits of Internet openness while maintaining carefully designed guardrails that reduce the Internet's most clearly harmful uses.
If anything, cyber operations proved to be a de-escalation mechanism. It was a way that players opted to try to manage complex interactions underneath the threat of escalation.
The power relations, values, and institutions that governed cyberspace since its initial development in the 1960s are being challenged by those that did not have a say in how it was structured. As conflicting visions for the future of the global internet inevitably collide, cyber diplomats will have to negotiate these difficult choices.
There is a clear global trend toward techno-nationalism (as opposed to techno-globalism), a set of industrial policies aimed at self-sufficiency, cultivating 'national champions' in tech sectors while curbing foreign competition just as a new era of advanced technology is unfolding.
The technologies of the Fourth Industrial Revolution, namely, big data, machine learning, robotics, autonomous vehicles, biotech, additive manufacturing, quantum computing, 5G wireless, and others, are driving disruptive growth. Beijing's Made in China 2025 plan and recent US trade and investment policies threaten to turn nations toward autarchy.
We are at a pivotal moment not only for sustaining the world economic order, but for updating it, because there is a large deficit of rules/norms/standards for the suite of emerging technologies ... that will drive economic growth in the 2020s and 2030s.
High-end technologies are increasingly embedded within complex transnational supply chains, in which multiple countries contribute value toward the manufacturing of a final good. If the two major powers seek to exclude the other from participating in the physical manufacture of goods and services employing sensitive technologies ... the result will be the formation of parallel trade and investment networks. Physical separation could also beget social separation, through restrictions on educational exchanges, foreign PhD student enrollments, worker secondments and other forms of cross-national collaboration in research and development.
Washington lacks defined peacetime competitive strategies that use latent national power to shape China's strategic behavior.
Addressing the challenge from China and other rising science powers requires an ambitious plan of national investment in science and technology.
The following recommendations aim to balance openness with the need to protect national security and prioritize the need to invest in innovative capacity at home. ...
[T]he next two years are going to be absolutely fundamental to the future development of cyberspace. ... At the United Nations ... there are now two different groups[, the Government Group of Experts (GGE) and the Open Ended Working Group (OEWG),] that are vying for control over who gets to make the rules for cyberspace, and by extension, the rules for international peace and security.
27 countries signed an agreement on Advancing Responsible State Behavior in Cyberspace. The statement can be found here.
At the UN First Committee, two processes—the UN Group of Governmental Experts (GGE) and the Open-ended Working Group (OEWG)—are currently exploring the same question: responsible state behaviour in cyberspace.
Last month, a Russian-led resolution on cybercrime that could pose challenges for countries that support a free and open model for the internet passed in the United Nations.
[70] [c]ountry representatives gathered ... at the United Nations for the second formal meeting of the Open-Ended Working Group (OEWG) on international cybersecurity. ... [T]wo particularly contentious issues stood out. Russia, Iran, Syria, Cuba, and Egypt—with some support from China—argued that the existing set of voluntary, non-binding norms ... endorsed ... in the UN General Assembly (UNGA) in 2015, are insufficient to ensure peace and security in cyberspace. [They said a] new treaty, convention, or ... 'legally-binding instrument,' is needed to hold wrongdoers accountable, and new norms are necessary to cover security issues that have been overlooked. ... Russia's representative ruefully asked the floor, 'if international law applies in cyberspace, why are foreign hackers electing the president of the United States?'
The second much-discussed point of contention concerned offensive cyber operations and the (poorly defined) 'militarization' of cyberspace. Here, a number of states called for a ban on military cyber operations and offensive cyber capabilities—also in the form of a binding treaty. This again included Iran, Cuba, Russia, and China.
[C]yber norms are at a crossroads where each process's potential (and problems) looms large.
international law is alive and well in cyberspace. What's more, aggressive efforts to mature the global communityb s understanding of how international law applies to cyberspace are underway in multinational, national, multi-stakeholder, academic, and private sector fora.
The United Nations hosted the first intersessional consultation session between UN member states and non-governmental actors interested in peace and security in cyberspace.
[This was] the first time that UN deliberations on cyberspace governance and state behavior have been held in a multistakeholder format, whereby businesses and civil society groups could submit their views to UN member states.
The United States is at an inflection point: simultaneously faced with a progressively worsening cybersecurity threat environment and an ever-increasing dependence on Internet technologies fundamental to public safety, economic prosperity, and overall way of life. Our national security is now inexorably linked to cybersecurity. Therefore, the Nation must build on past efforts and current strategies to seize the opportunity to strategically reorient from a largely reactive, incremental cybersecurity posture to a proactive approach that boldly assures digital trust, safety, and resilience for all Americans. Achieving this audacious outcome will require strong national leadership, political will, and a sustained whole-of-nation investment over an extended period. The U.S. Government can take immediate actions that lay the foundation for this long-term shared cybersecurity vision for the Nation, while simultaneously yielding near-term benefits that ensure continued technological global leadership.
This is a disturbing report. Among its conclusions are a) the US would lose a war with Russia or China, b) "US missile defenses offer only uncertain" protection against an ICBM attack from North Korea, and c) "The United States is particularly at risk of being overwhelmed should its military be forced to fight on two or more fronts simultaneously." But, see this commentary on this report.
If U.S. authorities can get access to encrypted data, so will the Chinese and Russians.
For decades, the CIA read the encrypted communications of allies and adversaries.
A little-known [facial-recognition] start-up helps law enforcement match photos of unknown people to their online images—and 'might lead to a dystopian future or something,' a backer says.
Mere creation of such a database, especially in secret, profoundly changed the balance of power between government and governed.
Google, Facebook, Microsoft, and the other tech titans have had to fight for their lives against their own government. An exclusive look inside their year from hell—and why the Internet will never be the same.
With China promoting a model of state-led capitalism and political illiberalism, and digital technology playing an increasingly central role in all aspects of society, the United States should work with its allies to promote core liberal values and provide a positive model of technological development and digital connectivity.
Situational awareness before GPS and computers was a serious challenge.
Application of AI methods can lead to devices and systems that are untrustworthy and sometimes dangerous.
[W]e discuss different issues associated with governance of AI systems, and introduce a conceptual framework for thinking about governance for AI, autonomous systems, and algorithmic decision-making processes.
Democracy's on the ropes. Social media may be to blame. And artificial intelligence could be the ultimate authoritarian tool. But one thing's for sure: Charging into an AI arms race against China is a huge mistake.
By taking strings from an online gaming program and appending them to malicious files, researchers were able to trick Cylance's AI-based antivirus engine into thinking programs like WannaCry and other malware are benign.
I have suddently switched my views on whether these things are going to more intelligent that us.
LeCun is a polarizing figure in the world of AI, unafraid to speak his mind on Twitter and in public. The scientist — who has previously predicted that AI will make possible 'a new renaissance for humanity' — has also called the idea that AI poses an existential risk to humankind 'preposterous,' and dismissed AI ethicists who flagged harmful outputs from one of Meta's models as a 'ravenous Twitter mob.'
January [2024] that a new goal for his company was the creation of 'artificial general intelligence'.
Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raises serious concerns of trust. This work studies possible abuses of power by untrusted learners. We show how a malicious learner can plant an undetectable backdoor into a classifier.
Restraints for AI need to occur before AI is built into the security structure of each societbythat is, before machines begin to set their own objectives, which some experts now say is likely to occur in the next five years.
U.S. intelligence officials have warned in recent months that Chinese hacking groups are increasingly targeting power generation systems, ports and other critical infrastructure entities by using methods that analysts refer to as 'living off the land' — the use of tools, software and privileges already present on networks to achieve various objectives. Malware that would normally trip detection software or tools is never employed, making it much harder to detect.
An important leap for artificial intelligence in recent years is machine's ability to teach themselves, through endless practice, to solve problems ... [b]ut a few subtle tweaks in the training regime can poison this "reinforcement learning," — like a sleeper agent — to a specified trigger by misbehaving in strange or harmful ways.
The city, stepping into a debate over privacy, says it will use real-time facial recognition technology 'to tackle serious crime.'
Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raises serious concerns of trust. This work studies possible abuses of power by untrusted learners. We show how a malicious learner can plant an undetectable backdoor into a classifier.
Researchers are now starting to analyze the security of machine learning models in a more rigorous way. In a paper presented at last year's Foundations of Computer Science conference, a team of computer scientists demonstrated how to plant undetectable backdoors whose invisibility is as certain as the security of state-of-the-art encryption methods.
Language models have become more capable and more widely deployed, but we do not understand how they work.
Recent work has made progress on understanding a small number of circuits and narrow behaviors, but to fully understand a language model, we'll need to analyze millions of neurons. This paper applies automation to the problem of scaling an interpretability technique to all the neurons in a large language model. Our hope is that building on this approach of automating interpretability will enable us to comprehensively audit the safety of models before deployment.
Purveyors of disinformation can be caught out by the particular words they use, according to new research.
Deepfakes are improving. The contest, which will include deepfakes created by Facebook, is designed to help researchers keep up.
The National Security Agency (NSA) has authorities for both foreign intelligence and cyber security. This unique position gives NSA insights into the ways networks are exploited and the methods that are effective in defending against threats. Over time, NSA has adapted the focus of its security efforts and continues to evolve with technologies and the adversaries we face. The talk will look back at some of the inflection points that have influenced NSA and US Government cybersecurity efforts and look at what is necessary to stay safe in the new environment.
[W]e have intelligence capabilities that are vital to the defense of cyberspace. Industry owns and operates most of the digital landscape, and if we can't figure out how to take the things we understand from that foreign intelligence mission, reaching into adversary space, and pulling down threats, tools, tradecraft, and information about those operations, and get them to the people who could do something about it, were not very effective, right? So its no good if we know something, if we don't do something about it.
[W]e're seeking mid-career people looking to come to, one, the stability, but two, also the opportunity to come into the intel community.
A sophisticated new electronic warfare system is being used at the world's busiest port. But is it sand thieves or the Chinese state behind it?
U.S. ground forces have become incredibly dependent on electronic communications without taking adequate steps to protect them from sabotage.
It's called BeiDou, and it's key for the military, tech industry, and more.
A lie can travel half way around the world while the truth is putting on its shoes,Mark Twain.
[T]he business model upon which social media is built is a personal data surveillance economy.
[W]e have consented to it, but not entirely wittingly.
The last and most frightening uncomfortable truth is that the social media propels authoritarian practices.
Language models (LMs) are pretrained on diverse data sources, including news, discussion forums, books, and online encyclopedias. A significant portion of this data includes opinions and perspectives which, on one hand, celebrate democracy and diversity of ideas, and on the other hand are inherently socially biased.
'People You May Know' (PYMK) helped the social media giant grow exponentially. One man made it happen.
'The goals of an offensive information-warfare campaign are to deny, corrupt, degrade, or destroy the enemy's sources of information on the battlefield. Doing so successfully, while maintaining the operational security of your own information sources, is the key to ... the ability to see the battlefield while your opponent cannot. ... This [was said] best by Sun Tzhu ... 'To subdue the enemy without fighting is the acme of skill.' ... [T]he Russian operations in Crimea provide a modern case study where the outcome of operations was directly attributed to IW principles and capability.
Russia has started using the West's own reporting against it. Here's how to respond.
The web analysis firm Graphika has linked posts to a known Russian operation.
Active measures involve the following seven steps:
Misinformation is not a new problem. Nor is the exploitation of the media
ecosystem. Whenever a new medium gains power, there are people who will
exploit it for personal or organizational gain, whether for profit,
ideology, or politics. ... I would love for us to get better at building the
structures and processes to proactively think about how things might go
wrong ... in order to make them better.
[T]he differences between how people build knowledge about the world are
fracturing the very social fabric of our country. ... The thing about tech
is that it fundamentally focuses on abstraction. ... When you think in terms
of abstraction, you lose all the local value, all of the structure
there. ... The more everything becomes abstracted and generalized, the more
fragmented society will get[.]
Many of us who built social media imagined that we would do it just by
creating the networks. We were wrong. This won't be done by social media. Or
by better information. It will only be done when communities focus on
building programs and projects that bring people together.
With election meddling inevitable in 2020, the United States needs a powerful kill chain.
This infographic is an ILLUSTRATION of how information operations have been carried out in the past to exploit divisions in the United States.
Section 230 of the Act has been interpreted to say that operators of Internet services are not to be construed as publishers (and thus not legally liable for the words of third parties who use their services).
The Institute ]oversees the creation, promulgation and use of thousands of norms and guidelines that directly impact businesses in nearly every sector: from acoustical devices to construction equipment, from dairy and livestock production to energy distribution, and many more.
Students in Beijing and Moscow want to keep their neighbor at arm's length. They also admire the U.S.
But I want to leave you all with the conviction that I think this is solvable, and I do not think it is inevitable, and I think it should be achieved without war. Those are the basic principles."
Immediately after Xi was installed as CCP general secretary in 2012, he led the newly appointed Politburo Standing Committee on a tour of an exhibition at the National Museum of China in Beijing titled 'The Road to Rejnuvenation,' which chronicled the perfidy of the Western imperial powers and Japan and the party's heroic response to China's '100 years of national humiliation.'- Challenging the U.S. Is a Historic Mistake by Robert Kagan, The Wall Street Journal, February 3, 2023.
Like Nazi Germany and Imperial Japan, today's China is a rising power determined to dominate its region and convinced that American strength is waning. It runs the risk of experiencing a similar fate if it attacks Taiwan.- China's Leader, With Rare Bluntness, Blames U.S. Containment for Troubles: Xi Jinping criticized what he called a U.S.-led campaign of "encirclement and suppression." His new foreign minister said it was impossible for China not to fight back, by Keith Bradsher, The New York Times, March 7, 2023.
- China's foreign minister predicts impending clash with United States by Christian Shepherd, The Washington Post, March 7, 2023
- Will China overtake the U.S. on AI? Probably not. Here's why. by Meaghan Tobin, The Washington Post, July 9, 2023
We make much ado of 'building bridges' and 'deepening understanding' between China and the West. But this is easier said than done. Increasingly, we are being reminded that it's not different values that clash, but different realities.
[O]n balance, the Chinese Communist Party's goals run counter to American ideals and American interests.
No matter what strategies the two sides pursue or what events unfold, the tension between the United States and China will grow, and competition will intensify; it is inevitable. War, however, is not.
A good relationship between free societies and China is not something that the CPC bestows. It is something that China must earn by respecting the rules and norms of international behavior and recognizing other countries' sovereignty instead of just asserting its own.
Xi, ... in his bid to end crony capitalism, ... is reviving the command system, the very approach that failed miserably under Mao.
Until recently, the United States was the undisputed leader in the development of breakthrough technologies, and in the innovation and commercial scaling of emerging and existing technologies, while China was a laggard in both categories. That script has changed dramatically. China is now the greatest single challenger to US preeminence in this space.
[T]he party's increasingly repressive actions inside China, such as the crackdown in the Xinjiang region and the growing use of surveillance technology, 'reflect heightened fear and insecurity, not a self-confident China aspiring to enhanced leadership in global and regional affairs,' Jonathan D. Pollack and Jeffrey A. Bader of the Brookings Institution wrote in a recent paper. ... As the trade negotiations rumble on, more people in China are subscribing to the view that the dispute is about geopolitics rather than economics, scholars say. That it's all about keeping China down.
President Xi is returning the party to the fore by rebuilding a centralized, hierarchical system around himself as core leader.
[T]he party leads on everything. ... [T]he core leadership's policy programs ... guide priorities throughout the entire system.
Law-based governance is now a key term in China's political discourse, where it is seen as an important source of legitimacy, along with more efficient governance.
With China mired in a trade war, economic slowdown and Hong Kong unrest, Xi Jinping will use an elite meeting to focus more on increasing his control over the Communist Party.
A new book lays out the Chinese leader's stark worldview.
Xi is impatient with the status quo, possesses a high tolerance for risk, and seems to feel a pronounced sense of urgency in challenging the international order. ... Why is he in such a rush? ... Xi has consolidated so much power and upset the status quo with such force because he sees a narrow window of ten to 15 years during which Beijing can take advantage of a set of important technological and geopolitical transformations, which will also help it overcome significant internal challenges.
Xi Jinping, the ruler of China, suffers from several internal inconsistencies which greatly reduce the cohesion and effectiveness of his leadership.
Chinese AI tools from tech giants like Alibaba make it easier to scrub online content — and anyone can buy them.
Slowing growth and the ongoing trade and technology war with the United States have forced China's leaders to address a fundamental dilemma at the core of the Chinese political economy. Can the Communist Party of China both deliver on the 'Chinese Dream' and maintain absolute control over the country?
'It's going to be incredibly invasive,' said Adam Segal, director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations.
PLA thinkers are concerned about the intense cognitive challenges that future commanders will encounter, particularly considering the importance of optimizing human-machine coordination and fusion or integration ... the 'human brain will become a new combat space'.
Biological interdisciplinary technology will make future combat platforms move toward human-computer integration and intelligentization. In the future, human-like brain information processing systems will achieve revolutionary breakthroughs, such as high-performance low-power computing, highly intelligent autonomous decision-making, active learning, and continuous increases in intelligentization, promoting the emergence of highly intelligentized and autonomous combat forces.
Back to China Related Issues
China's ... content-moderation tools are becoming a big business ... to filter political content ... [such as] mentions of President Xi Jinping or other Chinese leaders, and to manage debate on sensitive topics such as recent Hong Kong protests or the 1989 massacre in Tiananmen Square.
The new charges accuse Huawei and its subsidiaries of a decades-long effort to steal intellectual property from six U.S. tech companies, including by offering Huawei employees bonuses for obtaining confidential information.
On January 1, [2020] China's Cryptography Law becomes effective. ... [B]usinesses will be required to turn over encryption keys. ... Chinese officials will be permitted ... to share seized information with state enterprises.
A new DOJ indictment outlines how Chinese hackers allegedly compromised data from companies in a dozen countries in a single intrusion.
U.S. indictments against individual Chinese soldiers accused of hacking various American targets have deterred those military personnel from conducting the same kinds of hacks again, according to[Dmitri Alperovitch, co-founder of CrowdStrike.]
While they aren't censored, images and documents they send through the app are analyzed for taboo content.
PRC-sponsored cyber actor, Volt Typhoon, [is] targeting IT networks of communications, energy, transportation, water, and wastewater organizations in the U.S. and its territories.
The South China Sea has ... become a tense, volatile, and potentially explosive theater at a time when accumulated grievances have driven the underlying bilateral political relationship to its lowest point in half a century. ... The question for both U.S. and Chinese leaders is, what happens now in the event of a significant collision? ... In a real-world scenario, beyond the clinical environment of a desktop exercise, the prevailing domestic political circumstances in Beijing and Washington could all too easily drive both sides to escalate.
Hackers affiliated with China's People's Liberation Army [Volt Typhoon] have burrowed into the computer systems of about two dozen critical [sector] entities over the past year, these experts said. The intrusions are part of a broader effort to develop ways to sow panic and chaos or snarl logistics in the event of a U.S.-China conflict in the Pacific, they said. Among the victims are a water utility in Hawaii, a major West Coast port and at least one oil and gas pipeline, people familiar with the incidents told The Washington Post. The hackers also attempted to break into the operator of Texas's power grid.
Thank you for the opportunity to appear before you today and discuss what I consider the most significant cybersecurity issue faced by the United States.
There are many reasons why the West misunderestimated Putin, as Bush might have put it, but one stands out with the clarity of hindsight: Westerners simply had no framework for a world in which autocracy, not democracy, would be on the rise, for a post–Cold War geopolotics in which revisionist powers such as Russia and China would compete on more equal terms again with the United States.
Kremlin's claim to be under threat from NATO.
Putin is trying to take down the entire world order, the veteran Russia watcher said in an interview. But there are ways even ordinary Americans can fight back.
It has become clear that what exists inside the Kremlin is no longer aregime—a system of government where multiple figures can affect and feed into decision-making, from security chiefs to billionaires—as many believed. Instead, it has transformed into what political scientists call a personalist dictatorship, where the whims of one man, and one man only, determine policy, a fact that has terrifying implications for Russia and the world.
Today the Russian government is rewriting some of the darkest chapters of its Soviet past.
The eyewitnesses of Soviet authoritarianism have a different story for us and a message for our era.
[T]o understand the war in Ukraine, we must go beyond the political projects of Western leaders and Mr. Putin's pysche.
Hybrid Warfare: And What Can Be Done About It by Christopher S. Chivvis, RAND, March 22, 2017
A handbook for U.S. Army formations to increase awareness of Russian tactics, near-peer capabilities, and current U.S. non-material solutions to mitigate the threat posed by Russian proxies.
Operating as public-private partnerships, the firms offer Russia a cheap, low-risk front to carry out its activist foreign policy.
Why, finally, has Putin invaded Ukraine? ... [He] has invaded because of the Maidan Revolution of 2014. ... [It] was ... dynamic, passionate, capable of arousing the sympathies of vast numbers of people. ... It was a moderate revolution in favor of a moderate Ukraine — a revolution that offered a viable future for Ukraine and, in doing so, offered new possibilities to Ukraine's neighbors too. ... So Putin was terrified. He responded by annexing Crimea and stirring up his wars in the breakaway provinces of eastern Ukraine, in the hope that he could inflict a few dents on the revolutionary success. ... He saw the popularity in Russia of Boris Nemtsov, his own opponent. He found it terrifying. Nemtsov was duly assassinated in 2015 on a bridge in Moscow. Putin saw Alexei Navalny step forward to offer still more opposition. He saw that Navalny, too, turned out to be popular, quite as if there was no end to these reforming zealots and their popular appeal. Putin poisoned Navalny and imprisoned him. ... And Putin was terrified by the emergence of Zelensky. ... He concluded that Maidan's revolution was destined to spread to Moscow and St. Petersburg, if not this year, then next year. ... So he consulted with the ghosts of Brezhnev, Khrushchev, and Stalin, who referred him to the master thinker, who is Nicholas I. And Nicholas I told Putin that if he failed to invade Ukraine, the Russian state would collapse. It was life or death. ... The calamity that has taken place has been, then, ... is a monstrous failure of the Russian imagination. And the monstrous failure has brought about the very collapse into barbarism and the danger to the ever-fragile Russian state that Putin thought he was trying to avoid.
In February 2022, Russia launched a satellite known as Cosmos 2553, its purpose the subject of anxious speculation amid a period of intensifying global tension. Just weeks after it settled into orbit, Russian troops invaded Ukraineb blasting Kyiv and other cities with missiles and bombs. As NATO rushed to back the overmatched Ukrainians, the world worried that the conflict could spiral into nuclear war. In February of this year, a cryptic statement by an American congressman about a "serious national security threat" ignited a media firestorm. U.S. officials pointed to Cosmos 2553, revealing their concern that the satellite is conducting tests that could lead to a nuclear weapon orbiting in space. To be clear, officials said no such weapon has been deployed but it's not science fiction anymore. And no one, besides Moscow, knows what Cosmos 2553 is up to.
The legislation is intended to protect the Russian public from misinformation, according to its authors. Yet many worry that it will simply be used as a pretext to further limit freedom of expression online.
Kremlin resorts to prisoner swaps and coercion to keep potential cyber operatives out of U.S. hands, experts say.
Putin's apparent victories in spreading Russian influence are mirages, some of which have come at a great cost.
Expect more network-enabled spying and possibly destructive cyber attacks in the wake of the killing of one of Iran's most important military commanders, experts said.
'Iran has the capability and the tendency to launch destructive attacks,' said Christopher C. Krebs, the director of Cybersecurity and Infrastructure Agency, the Department of Homeland Security's computer security arm
In the early years of the Obama administration, the United States developed an elaborate plan for a cyberattack on Iran in case the diplomatic effort to limit its nuclear program failed and led to a military conflict ... code-named Nitro Zeus ... [that was] devised to disable Iran's air defenses, communications systems and crucial parts of its power grid[.]
Last Modified: