Category Archives: Cyberespionage

Bubbles Over Barriers: Amending the Foreign Sovereign Immunities Act for Cyber Accountability

More and more often, the Foreign Sovereign Immunities Act (FSIA) has protected cyberattack-conducting state actors and their cybersecurity contractors from legal liability and suits brought by victims seeking redress in US courts.

Adam Silow argues that it is time for foreign sovereign immunity to receive an update for the digital era. State-sponsored cyberattacks and their use of cybersecurity contractors are increasing, particularly affecting human rights activists and large companies with key data and trade secrets. The US government’s responses, namely, diplomacy, sanctions, or issuing “speaking indictments” by prosecutors have been inadequate, and statutory language of the FSIA does not clearly allow liability for cyberattacks, even under the new terrorism amendments.

Some experts propose merely amending the language to include liability for all cyberattacks, which Silow argues may inadvertently allow liability for legitimate state action. Instead, Silow concludes that more targeted legislation should protect specific victims of cyberattacks, namely human rights activists and targets of trade secrets, and allow those victims to legally overcome foreign sovereign immunity in US courts.

Outsourcing the Cyber Kill Chain: Reinforcing the Cyber Mission Force and Allowing Increased Contractor Support of Cyber Operations

The United States is under a growing and constant threat of cyberattack. US cybersecurity strategy has evolved in response, adapting to the new threat climate by committing US Cyber Command to more aggressive and persistent peacetime cyber operations. However, the Department of Defense Cyber Mission Force (CMF) has been stretched thin attempting to carry out its new mission, requiring additional commitments to resourcing, force size, and capabilities.

Homer A. La Rue argues that increased participation of private contractors in US cyber operations is the best way to bolster the CMF’s capabilities, at least in the short term. Contractors may be particularly useful in “gray-zone” operations, that is, operation in the area that exists beyond the threshold of conventional diplomacy but falls short of conventional war.

Although there are challenges and risks to increased contractor participation in cyber operations—particularly related to command and control—La Rue argues that methods of managing these risks already exist and that the benefits of outsourcing cyber operations outweighs the risks.

Active Cyber Measures: Reviving Cold War Debunking and Deterrence Strategy

By Nicolas Aalberg

Department of Justice and National Intelligence Center reports on active cyber measures (ACMs) carried out by U.S. adversaries on social media display a staggering manipulation of American conversations, journalism, and electoral processes. Unlike Cold War active measures conducted through human intelligence (HUMINT) operations, creating or manipulating an online intelligence asset requires exponentially fewer resources and yields results with far greater scale. However, the U.S. responded to Cold War active measures through defensive counterintelligence and misinformation-debunking programs and through offensive, active HUMINT deterrents, and that same strategy can be used to combat ACMs today.

The Intelligence Community (IC) must work defensively using signals intelligence (SIGINT) and open-source intelligence (OSINT) to detect and neutralize enemy social media accounts, and Congress must create a bipartisan committee (the “Committee”) to communicate declassified information to the American public to expose manipulation of online conversations. At the same time, USCYBERCOM and CIA must work in tandem offensively through a new blend of cyber warfare and HUMINT to deter ACM proliferation and respond in kind, and once again set global military and intelligence standards on U.S. terms.

I.   Defensive Posture: Congress Must Create a Bipartisan Committee to Counter Active Cyber Measures

Given that U.S. adversaries are successfully laying siege to the fabric of American political conversations, the U.S. needs to adopt a Cold War-era defensive posture consisting of counterintelligence efforts and increased transparency with the electorate about manipulated conversations. Historically, CIA has collaborated with FBI on counterintelligence efforts to remove compromised and planted HUMINT assets. NSA, CIA, and the Office of the Director of National Intelligence (ODNI) must similarly identify active personas and botnets through a combination of SIGINT and OSINT and collaborate with the social media industry to remove these accounts.

Continue reading Active Cyber Measures: Reviving Cold War Debunking and Deterrence Strategy