Cyber Visualizations

A visualization based on the book "Cyber Persistence Theory: Redefining National Security in Cyberspace," Chapter 1 by authors: Michael P. Fischerkeller, Emily O. Goldman and Richard J. Harknett, Oxford University Press, 2022.

In history, defense has been the primary strategy to create a country’s security.  Once nuclear weapons were introduced, defense was overwhelmed.  Nuclear security became a game of deterrence and avoiding war.  Now, cyberspace has linked countries together and has the potential as an alternative to war for strategic gain. Cyberspace has become a fluid game of persistent engagement.

Cyberspace is filled with opportunities and vulnerabilities that must be anticipated in order to set security conditions in their favor.  If one can gain the cyber initiative, then one can become more secure in the short-term and hopefully in the long term.  Gains are obtained when the target is unaware of the loss, or unable or unwilling to respond. The immediate gain in and through cyberspace is the reconfiguring of cyberspace technically, tactically, operationally, and strategically. Cyber campaigns show how sustaining the cyber initiative is the key to security in a world of cyber persistence.  

Cyber Persistent Theory expects cyber actors to seek the initiative in exploitation of vulnerabilities through cyber operations and cyber campaigns. A persistent engagement and a defend forward posture can enable states to secure themselves by limiting, frustrating, and disrupting malicious cyber activity. While the cyber empirical record tends to be opaque, shrouded by national security secrecy or corporate proprietary information, there were initial attempts by states experimenting with gaining the initiative through disrupting the cyber activities of malicious actors. These experiences helped lead toward the adoption of new cyber persistent thinking. 

Cyber operations trying to exploit vulnerabilities to gain advantages, be they financial, military, or political, are happening daily throughout cyberspace.  And yet, these operations and those linked into campaigns, seemed to have settled into a pattern - they are avoiding outcomes that might be associated with traditional war.  While code can be used to destroy things, this rarely happens. Gaining opportunity below the threshold of war has emerged as cyber agreed competition. 

Cyberspace is an environment of continuous action around exploiting computer vulnerabilities and thus requires persistence in anticipating exploitation—security requires proactive initiative, not reactive threats. It is not about coercion, but rather anticipating exploitation.

If Cyber Persistence Theory (CPT) is correct, we should see it play out in real world national security. Those states that seek initiative persistence should make gains in cyberspace and those that do not should see their security slip.

Individual data breaches may appear to be separate attacks in isolation.  But, if these significant data breaches are viewed together as a campaign, one can see the strategic gain. 

Targeted ATM cyber heists, ransomware on financial websites, and cryptocurrency could all be seen as isolated cyberattacks. However, viewed together, one can see this is a strategic campaign to raise money in order to circumnavigate international sanctions.

In December 2020, FireEye was hacked, and a supply chain cyber campaign was exploited via a SolarWinds software security update to over 300,000 clients -- a regular software update penetrated hundreds of companies and many US government agencies. A prior cyber campaign points to Russia.  This cyber strategic campaign was both sophisticated and precise.

In cyberspace, scope and scale change the nature of international spying.  The amount of data passed and observed exceeds any traditional espionage operations.   With SolarWinds, interconnectedness allowed for data to be leaked from hundreds of systems and companies over many months.  This was a two-level game with sustained knock-on effects.  

We need to stop thinking about episodic hacks and think in broader campaign terms that seek strategic gain over time.  Primarily, states can set and maintain cyber security in their favor through strategic competition.