Stanley Kubrick’s iconic black comedy Dr. Strangelove remains one of the most insightful works on deterrence. The film revolves around the Doomsday Machine…
Iran has conducted several highly damaging cyberattacks and become a major threat that will only get worse
Lucas Kello, The Virtual Weapon and International Order (Yale University Press, 2017) Why do all hackers wear hoodies?
Source: Do Trees Fall in Cyberspace?
Former Secretary of Defense Ashton Carter recently published a report on the campaign to destroy ISIL. Particularly notable was what Carter said about the
How information-related capabilities – especially through the cyber domain – manifest themselves from a joint command construct, is murky.
There are morsels of truth in the article, but overall, it’s half-connections and semi-conclusions are ad hoc and incoherent. While it takes a nation-state to create a Stuxnet, the implied conclusion that everything else critical (electrical grid, health/hospital/medical systems, infrastructure, military, even air-gapped, life critical data, financial data, design and manufacturing data, …) are adequately protected and immune to non-state actors has no factual basis. The risk is that impact and probability are both non-quantifiable and uncertain. We do not know what we do not know. Not to consider the worst case is irresponsible.
There is no imminent crisis to force change in cybersecurity, but it would be better if change is not forced upon us.
When the government discovers a bug in any computer hardware or software system, should it immediately inform the device or software manufacturer, so the company can create a patch and protect its customers’ cybersecurity? When should the government be permitted to keep the information to itself, and exploit the vulnerability to hack into devices in support of law enforcement and intelligence agency operations?