Cyber Visualizations

The Center for Cyber Strategy and Policy (CCSP) creates educational visualizations that illustrate complex cyber theories and strategic activities occurring in cyberspace. 

The motion graphics are produced through collaboration with the University of Cincinnati's College of Design, Architecture, Art, and Planning (DAAP) co-op students and CCSP faculty and graduate students.

Educators can request CCSP cyber visualizations for use in their classrooms.  To gain access to the videos, please email CCSP your name, position, institutional affiliation, an indication of intended use, and the name of the videos you require.

Cyber Persistence Theory- Chapter 1: The Misapplied Nexus of Theory and Policy

A visualization based on the book "Cyber Persistence Theory: Redefining National Security in Cyberspace," Chapter 1 by authors: Michael P. Fischerkeller, Emily O. Goldman and Richard J. Harknett, Oxford University Press, 2022.

Cyber Persistence Theory - Chapter 2: The Structure of Strategic Environments

In history, defense has been the primary strategy to create a country’s security.  Once nuclear weapons were introduced, defense was overwhelmed.  Nuclear security became a game of deterrence and avoiding war.  Now, cyberspace has linked countries together and has the potential as an alternative to war for strategic gain. Cyberspace has become a fluid game of persistent engagement.

Cyber Persistence Theory - Chapter 3: Cyber Behavior and Dynamics

Cyberspace is filled with opportunities and vulnerabilities that must be anticipated in order to set security conditions in their favor.  If one can gain the cyber initiative, then one can become more secure in the short-term and hopefully in the long term.  Gains are obtained when the target is unaware of the loss, or unable or unwilling to respond. The immediate gain in and through cyberspace is the reconfiguring of cyberspace technically, tactically, operationally, and strategically. Cyber campaigns show how sustaining the cyber initiative is the key to security in a world of cyber persistence.  

Cyber Persistence Theory - Chapter 4: Theory and the Empirical Record

Cyber Persistent Theory expects cyber actors to seek the initiative in exploitation of vulnerabilities through cyber operations and cyber campaigns. A persistent engagement and a defend forward posture can enable states to secure themselves by limitingfrustrating, and disrupting malicious cyber activity. While the cyber empirical record tends to be opaque, shrouded by national security secrecy or corporate proprietary information, there were initial attempts by states experimenting with gaining the initiative through disrupting the cyber activities of malicious actors. These experiences helped lead toward the adoption of new cyber persistent thinking. 

Data Breach: A Campaign in the Cyber Strategic Environment

Individual data breaches may appear to be separate attacks in isolation.  But, if these significant data breaches are viewed together as a campaign, one can see the strategic gain. 

Cyber Heist: A Campaign in the Cyber Strategic Environment

Targeted ATM cyber heists, ransomware on financial websites, and cryptocurrency could all be seen as isolated cyberattacks. However, viewed together, one can see this is a strategic campaign to raise money in order to circumnavigate international sanctions.

SolarWinds: Background to a Cyber Campaign

In December 2020, FireEye was hacked, and a supply chain cyber campaign was exploited via a SolarWinds software security update to over 300,000 clients -- a regular software update penetrated hundreds of companies and many US government agencies. A prior cyber campaign points to Russia.  This cyber strategic campaign was both sophisticated and precise.

Cyber Campaigns v Espionage: The SolarWinds Example

In cyberspace, scope and scale change the nature of international spying.  The amount of data passed and observed exceeds any traditional espionage operations.   With SolarWinds, interconnectedness allowed for data to be leaked from hundreds of systems and companies over many months.  This was a two-level game with sustained knock-on effects.  

Cyber Campaigns v Hacking

We need to stop thinking about episodic hacks and think in broader campaign terms that seek strategic gain over time.  Primarily, states can set and maintain cyber security in their favor through strategic competition.