A wide range of actors have publicly identified cyber stability as a key policy goal but the meaning of stability in the context of cyber policy remains vague and contested. Vague because most ...policymakers and experts do not define cyber stability when they use the concept. Contested because they propose measures that rely – often implicitly – on divergent understandings of cyber stability. This volume is a thorough investigation of instability within cyberspace and of cyberspace itself. Its purpose is to reconceptualise stability and instability for cyberspace, highlight their various dimensions and thereby identify relevant policy measures. This book critically examines both ‘classic’ notions associated with stability – for example, whether cyber operations can lead to unwanted escalation – as well as topics that have so far not been addressed in the existing cyber literature, such as the application of a decolonial lens to investigate Euro-American conceptualisations of stability in cyberspace.
What are the motivations and opportunities for arms transfer in the cyber realm? Although scholarship has failed to systematically address this question, having an accurate answer is crucial for ...understanding the operationalization of cyber commands and intelligence alliances, the functioning of the North Atlantic Treaty Organization in the twenty-first century, and the viability of cyber arms controls. First, this article introduces a new conceptual framework-the people-exploits-tools-infrastructure-organization (PETIO) framework-to understand the elements of an offensive cyber capability. Second, I explain how the incentives of cyber arms transfer differ across the different elements of the PETIO framework. Though exploits and tools can be effortlessly replicated, their transitory nature and potential for operational tracking means there is little incentive to actually transfer these assets. If any incentives exist for state-to-state transfer, it would be in facilitating other state actors to develop their own offensive capabilities-that is, by providing expertise, infrastructure, and organizational capacity to adapt and innovate-as this does not reduce the effectiveness of one's own arsenal. Third, I argue that the incentives for transferring cyber effect capabilities are weaker compared to cyber espionage capabilities, and attribution dynamics add an additional layer of complexity to these transfer dynamics.
This article examines the transitory nature of cyberweapons. Shedding light on this highly understudied facet is important both for grasping how cyberspace affects international security and ...policymakers' efforts to make accurate decisions regarding the deployment of cyberweapons. First, laying out the life cycle of a cyberweapon, I argue that these offensive capabilities are both different in 'degree' and in 'kind' compared with other regarding their temporary ability to cause harm or damage. Second, I develop six propositions which indicate that not only technical features, inherent to the different types of cyber capabilities - that is, the type of exploited vulnerability, access and payload - but also offender and defender characteristics explain differences in transitoriness between cyberweapons. Finally, drawing out the implications, I reveal that the transitory nature of cyberweapons benefits great powers, changes the incentive structure for offensive cyber cooperation and induces a different funding structure for (military) cyber programs compared with conventional weapon programs. I also note that the time-dependent dynamic underlying cyberweapons potentially explains the limited deployment of cyberweapons compared to espionage capabilities.
Whilst NATO speaks increasingly publicly about the military use of cyber operations, adaptation to the cyber domain has reportedly been challenging for most militaries. Little research has sought to ...understand the nature of these challenges. This study seeks to address this gap through a case study of the Netherlands. By utilizing a range of primary and secondary sources, this article reveals that the Dutch Defense Cyber Command has faced significant constraints in its adaptation to the cyber domain, primarily due to issues related to organizational structure, operational mandate, and the availability of skills and resources. A cyber command that lacks regular opportunities for day-to-day operations and where personnel may not have continuous learning opportunities to acquire and refine their skills will encounter difficulties in recruiting, training, and retaining a proficient workforce. These findings highlight the tendency of observers to mistakenly equate the mere establishment of a cyber command with the existence of a robust military cyber capability - namely, the ability to effectively carry out and sustain a range of cyber operations for tactical or strategic purposes.
This article evaluates the implications of U.S. cyber strategy of persistent engagement for the alliance and intelligence collection. Whilst the strategy may have benefits for certain alliance ...relationships, I identify four potential negative consequences; loss of allied trust, disruption allied intelligence operations and capabilities, exploitability of the strategy by adversaries, and the implementation (and justification) of persistent engagement by other countries. This paper concludes suggesting several ways forward, including the creation of a new NATO-memorandum of understanding on cyber operations.
There were numerous occasions when the US military considered conducting cyber attacks but refrained from doing so, but these have been largely overlooked as sources of insight. Six cases that we do ...know about - mostly from journalistic reporting - reveal much about US strategic thinking, posturing, and assessment of the limits of cyberspace.
Celotno besedilo
Dostopno za:
BFBNIB, DOBA, IZUM, KILJ, NUK, PILJ, PNG, SAZU, SIK, UILJ, UKNU, UL, UM, UPUK
Across the world, states are establishing military cyber commands or similar units to develop offensive cyber capabilities. One of the key dilemmas faced by these states is whether (and how) to ...integrate their intelligence and military capabilities to develop a meaningful offensive cyber capacity. This topic, however, has received little theoretical treatment. The purpose of this paper is therefore to address the following question: What are the benefits and risks of organizational integration of offensive cyber capabilities (OIOCC)? I argue that organizational integration may lead to three benefits: enhanced interaction efficiency of intelligence and military activities, better(and more diverse) knowledge transfer and reduced mission overlap. Yet, there are also several negative effects attached to OIOCC. It may lead to 'cyber mission creep' and an intensification of the cyber security dilemma. It could also result in arsenal cost ineffectiveness in the long run. Although the benefits of OIOCC are seen to outweighs the risks, failing to grasp the negative effects may lead to unnecessary cycles of provocation, with potentially disastrous consequences.
Celotno besedilo
Dostopno za:
BFBNIB, DOBA, IZUM, KILJ, NUK, ODKLJ, PILJ, PNG, SAZU, UILJ, UKNU, UL, UM, UPUK
While much focus has remained on the concept of cyberwar, what we have been observing in actual cyber behaviour are campaigns comprised of linked cyber operations, with the specific objective of ...achieving strategic outcomes without the need of armed attack. These campaigns are not simply transitory clever tactics, but strategic in intent. This article examines strategic cyber competition and reveals how the adoption of a different construct can pivot both explanation and policy prescription. Strategy must be unshackled from the presumption that it deals only with the realm of coercion, militarised crisis, and war in cyberspace.
Over the last decades, cybersecurity has become a top priority for the European Union (EU). As a contribution to scholarship on the 'regulatory security state', we analyze how the European Union ...Agency for Cybersecurity (ENISA), emerged and stabilized as the EU's key agency for cybersecurity. We use data from policy documents, secondary sources, and semi-structured interviews to show how ENISA struggled to become a relevant actor by carving out a specific role for itself. In particular, we show how challenging it was for the agency to acquire epistemic authority. Although the trajectory of ENISA supports attempts to govern through regulation, it also shows that its role was never a given, only functions as part of a larger whole, and continues to be subject to change. Our article indicates that the study of security governance must remain ontologically flexible to capture hybrid forms and political struggles.
Het vermogen om de werkelijkheid te verdraaien maakt grote sprongen. Dit vermogen hoeft niet altijd voor goede doeleinden te worden gebruikt. De last om oplossingen te bedenken ligt niet alleen bij ...de technologiebedrijven. Nederlandse politici moeten de verleiding weerstaan om ‘deepfake’-materiaal te produceren of bewust te verspreiden.
PDF
