Policy Papers

Cyber Threats in the Space Domain

March 30, 2016 Richard M. Harrison

The ability to access and exploit space has long been woven into the fabric of American national power. It is a critical component of global political leadership, the economy, and military power. Unfortunately, those pillars are increasingly at risk. The spread of space technology to new international actors and the increasing sophistication of those capabilities have made it possible to threaten American space systems directly. The national security community is accustomed to analyzing these threats and vulnerabilities and is pursuing a reasonable mix of policies and programs to address them. (Whether those actions are sufficient is subject to debate). However, over the last decade space and cyberspace have grown increasingly integrated. This opens up new vulnerabilities in American space systems, and gives a greater number of actors the potential to exploit those vulnerabilities...

Understanding Cybersecurity - Part 5 | Military Cyber Operations

November 9, 2015 Richard M. Harrison

What is the role of cybersecurity in the conduct of war and ongoing security operations? Policymakers, academics, and journalists often think of cybersecurity as a single domain problem. That is to say, they view cyber operations as taking place solely within its own domain—one that is separate from land, sea, air or space. This perspective, however, overlooks the fact that computer systems and networks pervade society and the physical environment, and are present to some degree in all physical environs and across the three levels of war (strategic, operational, and tactical). Modern militaries employ forces in a “joint” manner, combining the specific platforms and technologies of different services to achieve a more effective force. National security policymakers should similarly see both kinetic and cyber capabilities as part of a broad set of tools available to achieve their objectives. Thinking of cybersecurity as a limited or separate space, wholly distinct from the other domains of conflict, limits the potential for understanding its strategic utility...

Understanding Cybersecurity - Part 4 | Internet Security Governance

October 1, 2015 Richard M. Harrison

Internet Security Governance covers the policy challenges that arise from building and governing security in the Internet’s architecture and key protocols. It is not a description of security for computers and networks (Information Assurance), how to manage the negotiated structure and key functions of the Internet (Internet Governance), or the pursuit of criminal groups and other threat actors (Cyber Crime). Internet Security Governance is the discussion of defensively oriented technical and legal topics that cross national boundaries and/or involve security of the underlying protocols and hardware which make up the Internet...

The War Against ISIS Through Social Media

July 6, 2015 Richard M. Harrison

On July 7, the American Foreign Policy Council (AFPC) held the fourth installment of its Defense Technology Program’s Understanding Cybersecurity lunch briefing series for Congressional Staffers. This event, entitled, “How the Caliphate is Communicating:” Understanding and Countering the Islamic State’s Messaging outlined how and why the Islamic State has been winning the “war of ideas” through the use of social media, and how the group is using social media to further its operations...

Understanding Cybersecurity - Part 3 | Cyber Crime

June 29, 2015 Richard M. Harrison

Cyber crime covers a wide range of activities that includes theft, fraud and harassment; stealing valuable intellectual property as part of industrial espionage; committing financial fraud and credit card theft; and disrupting internet services for ideological goals (“hacktivism”). The crimes target both firms and consumers, and while they rarely result in physical harm or property damage, there can still be severe consequences...

Iran Strategy Brief No. 7: Iran’s Various Voices

June 16, 2015 Ilan I. Berman

Is the Islamic Republic of Iran a country or a cause? For decades, the question is one that has bedeviled Western observers. Foreign politicians and diplomats long have struggled to reconcile the Iranian regime’s radical rhetoric and destructive international behavior with its pragmatic participation in numerous treaty arrangements, and its prominent role in various multilateral forums.

Understanding Cybersecurity - Part 2 | Information Assurance

April 14, 2015 Richard M. Harrison

Information Assurance is the art and science of securing computer systems and networks against efforts by third parties to disable, intrude, or otherwise impede operations. It is the focus of most “cybersecurity” professionals in the technical community. The principal goals are to maintain an information system’s Confidentiality (the secrecy of information as it is used and stored), Integrity, reliability of data and equipment, and Availability, that a computer system is ready and able to function as needed. Information Assurance includes writing secure software, deploying it safely, and managing it to minimize the risk of compromise.

Asia for the Asians

In recent months, Xi Jinping’s China has rolled out a large number of new foreign policy initiatives. Some of these have been economic proposals such as the BRICS Bank; the Asian Infrastructure Investment Bank; the China-Korea and China-Australia free trade agreements; the land and maritime silk road proposals; a massive, albeit not entirely transparent, energy deal with Russia; an increasingly effective effort to promote international trade denominated in the yuan or Renminbi; and an attempt to push ahead with either the Regional Comprehensive Economic Partnership Agreement or the Free Trade Agreement of the Asia-Pacific.

Understanding Cybersecurity - Part 1 | Redefining Cybersecurity

January 21, 2015 Richard M. Harrison

Cybersecurity is an often abused and much misused term that was once intended to describe and now serves better to confuse. While originally intended to cover security related issues associated with “cyberspace,” a phrase coined by author William Gibson in the short story “Burning Chrome,” it has become the byword for a staggeringly diverse array of topics. While this is frustrating, the term is popular as shorthand, so we offer this paper to identify and explain four clusters of related topics under the larger umbrella of “cybersecurity.” Each is a distinct issue area with unique technical and policy challenges, while retaining some association to the others...

American Deterrence and Future Conflicts

December 21, 2014 Richard M. Harrison

On the centennial of the start of World War I—a war that began largely as a result of crisis miscalculations and escalations—we are entering a new era with important implications for deterrence, escalation control, and coalition management. Today, like at the time of World War I, we confront a large number of actors who have the potential to misread cues and red lines while relying on treaty relationships if they miscalculate. Then, as now, military technologies were widely diffused. Prevailing assumptions about how an adversary (or potential adversary) would react in a crisis or confrontation were based on imperfect intelligence and inadequate understanding of red lines...

U. S. & European Perspectives of Current and Evolving Security Challenges

October 30, 2014 Richard M. Harrison

As we think through the role that the United States might play in addressing future security challenges in the European and Eurasian arenas in coming years, it would seem appropriate to have some indication of the thinking, thoughts, and ideas of our partners and allies—especially those in NATO. Americans may feel strongly about issues such as missile defense, countering terrorism and stopping Iran from developing a nuclear capability, but do European and Eurasian allies feel the same?...

Protecting the Warfighter in an Austere Budget Environment

September 23, 2014 Richard M. Harrison

Winston Churchill is often quoted as saying, “Gentlemen, we have run out of money. Now we have to think.” A similar statement is attributed to Ernest Rutherford, a New Zealand physicist often cited as the “father” of nuclear physics. Regardless of who uttered this quote, many believe it appropriately summarizes the state of America’s defense establishment today. “Fiscal austerity” is the environment in which national security decisions are made...

Security and Defense Dimensions of the Asia Pivot

May 13, 2014 Richard M. Harrison

There is no question that the United States faces significant and increasing security challenges in the Asia-Pacific region, including the growing threat posed by ballistic missiles and their payloads. It is fair to argue that China is increasingly confident and assertive in addressing its perceived national interests, supported by its expanding military might and power projection capabilities. From appearances, it is also reasonable to assert that North Korea is not on a path to openness, reform, and reconciliation with its neighbors. As such, it is critical that the United States provide for its national defense in the Pacific...

Is the Classified Information Paradigm Beyond Repair?

April 30, 2014

The problem. The U.S. government is demonstrably unable to protect the classified information on which much of national security is based. In the Manning and Snowden era when possibly two million classified documents are made public and the press is awarded prizes for publishing much of the stolen material, it is fair to ask whether the government is capable of protecting the information required for effective intelligence, military, and diplomatic results. As internet‐age leakers are outpacing spies as insider threats, it would appear that the paradigm to protect classified information is fundamentally broken, and it is time to consider what it might take to fix it. Or if the paradigm is truly beyond repair, what should replace it?