The 8th International Conference on Cyber Conflict focused on the theme of Cyber Power. CyCon 2016 asked how the traditional concept of power applies to cyberspace. The issues covered included international cooperation, technical challenges and requirements, conflict in cyberspace, legal framework, regulations and standards.
CyCon serves as an interdisciplinary platform for networking and sharing knowledge, bringing together the cyber security community’s technical experts, strategic thinkers, political scientists and lawyers. The conference analysed how new digital technologies are affecting the traditional social, political, and technical foundations of defence and security.
This publication, comprising 18 articles, spans a wide spectrum of topics. It starts by focusing on the conceptual issues and asks how the phenomenon of cyber power can be defined and assessed. This is first done by Jelle van Haaster who, based on a comparative analysis of traditional approaches to power in international relations, presents a comprehensive methodology for measuring the different dimensions of cyber power. The nature of computer network attacks (CNAs) is then analysed by Ragnhild Endresen Siedler as she explores the difference between CNA as a means of pure destruction and CNA as a means of forcible accomplishment. In the following article, Jason Healeyuses case studies to re-shape our understanding of the often overlooked long-term strategic implications of known cyber operations. The section ends with an article by Lior Tabansky, who uses the case of Israel to conceptualise a framework for cyber power on a national level.
Moving away from the more conceptual questions related to cyber power, Sean T. Lawson et al. analyse, based on research on fear-appeals, how the public discourse on cyber-doom scenarios affects the development of appropriate cyber security policy measures. Next, Steve S. Sin et al. look at the issue of cyber terrorism by estimating the possible cyber capabilities of extremist organisations. The discussion then turns to the ‘soft’ elements of cyber power. Drew Herrick addresses the link between social media and military cyber operations and identifies this connection as a variable for analysing an actor’s cyber capabilities. Pascal Brangetto and Matthijs A. Veenendaal analyse the growing role of cyber operations as an element of influence operations and introduce the term ‘Influence Cyber Operations’.
In the context of the global drive to develop cyber capabilities, the next section of the book focuses mainly on how to limit cyber power, discussing issues of international law and the different options and problems related to developing cyber arms control regimes. Kubo Mačák starts by arguing that there is a power vacuum resulting from the reluctance of states to engage in international law-making in the context of cyber security. A theoretical basis for the concept of a cyber arms race dynamic is provided by Anthony Craig and Brandon Valeriano who examine the rapid cyber weapons build-up by comparing the relations between US-Iran and North Korea-South Korea. Markus Maybaum and Jens Tölle then look at the lessons that can be learned from the traditional arms control regimes and propose a unique technical solution to bypass the usual issues that are associated with limiting the proliferation of cyber weapons. Possible counter-proliferation methods are further proposed by Trey Herr who, in analysing the nature of the malware market and cyber security research, questions the value of the Wassenaar Arrangement.
Robert Koch and Mario Golling focus on the cyber security risks associated with the integration of outdated and state of the art military weapon systems. Kim Hartmann and Keir Giles address a new ‘domain’ of cyber power as they highlight the growing relevance of unmanned aerial vehicles and present many possible ways in which these can be used in different conflict scenarios. Aviation security is also tackled by Martin Strohmeier et al., as they define and discuss a threat model describing the up-to-date capabilities of different types of threat agents and their impact on the new digitalised aviation communication systems.
The book ends with articles that aim to provide practical solutions to several specific cyber security issues related to privacy and advanced persistent threats (APTs). First, Mirco Marchetti et al. focus on mitigating the threat from APTs by proposing a framework that incorporates techniques based on big data analytics and security intelligence. Second, Paolo Palmieri analyses the protection of anonymity networks as he presents the structural weaknesses of Tor and proposes a number of modifications to improve its resilience against DDoS attacks. Finally, Siddharth Prakash Rao et al. draw attention to the vulnerabilities in the existing cellular networks used for location tracking and surveillance and highlight the existing countermeasures to solve the issue.
All of the articles in this book have been through a double-blind peer review by the Academic Review Committee. The Institute of Electrical and Electronic Engineers (IEEE) served as a technical co-sponsor for this publication.