Addressing Cyber Instability

The emergence of cyber space has introduced new capabilities, vulnerabilities, and threats in the realms of politics, economics, social interaction and national security. Core issue of cyberspace is that its architecture was never designed with security in mind because malicious actors were never considered. Initial cyber priorities were openness, interconnection, and technical innovation. Technological evolution of cyberspace has outpaced conceptual, doctrinal, organizational, and legal structures. Defines cyber conflict as “the conduct of large scale, politically motivated conflict based on the use of offensive and defensive capabilities to disrupt digital systems, networks, and infrastructures, including the use of cyber-based weapons or tools by non-state/transnational actors in conjunction with other forces for political ends.” Explores concepts like deterrence, compellence, escalation control, command and control, and war termination. Compares cyber strategies with a nuclear analogy. Highlights technical and policy-related problems. Explores operational level cyber conflicts related to military and intelligence strategy. Highlights strains between military's cyber-related activities and the intelligence community. Argues bureaucracies and military and intelligence organizations must develop modern capabilities to respond to new threats in a fast and agile way. Military cyber defense must collaborate with non-governmental organizations, researchers, corporations, and other non-state actors. Focuses on developing new thinking about cyber conflict management and mitigation. Explores domestic and international legal framework for cyber operations through a positivist approach. Finds that immaturity of applying legal constructs to cybercrime has caused hesitancy in governmental and private sector actors to reduce malicious activity and cyber instability. Finds norms and customs related to cyber behavior must develop over time. Assesses potential contributions of international, regional, and bilateral treaties in governing cyber conflict. Proposes three approaches for effectively managing cyber conflict challenges: public health model to limit the spread of disease, the “environmental model” focusing on cyber clean-up, and the irregular warfare approach leveraging an existing military mindset. Appendix includes a Critical Infrastructure Primer.