Category Archives: Cyberespionage

Active Cyber Measures: Reviving Cold War Debunking and Deterrence Strategy

By Nicolas Aalberg

Department of Justice and National Intelligence Center reports on active cyber measures (ACMs) carried out by U.S. adversaries on social media display a staggering manipulation of American conversations, journalism, and electoral processes. Unlike Cold War active measures conducted through human intelligence (HUMINT) operations, creating or manipulating an online intelligence asset requires exponentially fewer resources and yields results with far greater scale. However, the U.S. responded to Cold War active measures through defensive counterintelligence and misinformation-debunking programs and through offensive, active HUMINT deterrents, and that same strategy can be used to combat ACMs today.

The Intelligence Community (IC) must work defensively using signals intelligence (SIGINT) and open-source intelligence (OSINT) to detect and neutralize enemy social media accounts, and Congress must create a bipartisan committee (the “Committee”) to communicate declassified information to the American public to expose manipulation of online conversations. At the same time, USCYBERCOM and CIA must work in tandem offensively through a new blend of cyber warfare and HUMINT to deter ACM proliferation and respond in kind, and once again set global military and intelligence standards on U.S. terms.

I.   Defensive Posture: Congress Must Create a Bipartisan Committee to Counter Active Cyber Measures

Given that U.S. adversaries are successfully laying siege to the fabric of American political conversations, the U.S. needs to adopt a Cold War-era defensive posture consisting of counterintelligence efforts and increased transparency with the electorate about manipulated conversations. Historically, CIA has collaborated with FBI on counterintelligence efforts to remove compromised and planted HUMINT assets. NSA, CIA, and the Office of the Director of National Intelligence (ODNI) must similarly identify active personas and botnets through a combination of SIGINT and OSINT and collaborate with the social media industry to remove these accounts.

Continue reading Active Cyber Measures: Reviving Cold War Debunking and Deterrence Strategy

Cybercrime vs. Cyberwar: Paradigms for Addressing Malicious Cyber Activity

Although acts of cybercrime and cyberwar are different, the lines between the two have been become blurred over time. The nature of cyberspace has complicated the pre-existing doctrine for armed attacks, yet they are still being applied. Furthermore, the United States historically has responded to malicious cyber activity through a militarized lens.

This tendency to lean towards and emphasize a militarized approach has displaced the domestic law enforcement approach and left it inadequately trained, inadequately resourced, and inadequately supported to identify, deter, and punish offenders. Discussions currently neglect other existing frameworks and the development of new ones to address malicious cyber activity

Without a comprehensive international legal framework governing malicious cyber activity, Mieke Eoyang and Chimène Keitner seek to encourage greater awareness of the consequences of viewing malicious cyber activity through only an armed conflict lens.

Transnational Government Hacking

Cyber investigations often involve devices and data that cross or are located across international borders. This raises challenges for law enforcement which often finds itself limited by enforcement jurisdiction that stops at its territorial borders.

What happens when law enforcement is seeking to access data or a device and the location is unknown? What about situations in which law enforcement has its hands on a device, but the data being accessed via that device is located in another state’s jurisdiction? What if the device itself is located overseas—in a jurisdiction unwilling or unable to aid the investigation?