All posts by Herbert S. Lin

Dr. Herbert Lin is chief scientist at the Computer Science and Telecommunications Board, National Research Council of the National Academies, where he has been study director of major projects on public policy and information technology.

A Proposal to Reduce Government Overclassification of Information Related to National Security

Lin explores the phenomenon of overclassification in American society and proposes a classification cost metric in order to create serious economic incentives to reduce classification. The metric would provide decision makers with a way to judge the relative importance of different classified documents and allow officials to classify documents on a more objective scale. The author relates a number of questions and answers relating to the underlying approach, the mechanics, budget and finance, and law and policy, thereby parsing out the strengths and weaknesses of his proposal.

Offensive Cyber Operations and the Use of Force

Hostile actions against a computer system or network can take two forms.1 One form – a cyber attack – is destructive in nature. An example of such a hostile action is erasure by a computer virus resident on the hard disk of any infected computer. In this article, “cyber attack” refers to the use of deliberate actions and operations – perhaps over an extended period of time – to alter, disrupt, deceive, degrade, or destroy adversary computer systems or networks or the information and (or) programs resident in or transiting these systems or networks.2 Such effects on adversary systems and networks may also have indirect effects on entities coupled to or reliant on them. A cyber attack seeks to cause the adversary’s computer systems and networks to be unavailable or untrustworthy and therefore less useful to the adversary.

The second form – cyberexploitation – is nondestructive. An example is a computer virus that searches the hard disk of any infected computer and emails to the hostile party all files containing a credit card number. “Cyberexploitation” refers to the use of actions and operations – perhaps over an extended period of time – to obtain information that would otherwise be kept confidential and is resident on or transiting through an adversary’s computer systems or networks. Cyberexploitations are usually clandestine and conducted with the smallest possible intervention that still allows extraction of the information sought.3 They do not seek to disturb…