A Death Knell for the International Norms of Cyber Conflict – US Military Academy

My essay for the Modern War Institute, US Military Academy at West Point: https://mwi.usma.edu/death-knell-international-norms-cyber-conflict/.

On July 8, Michael Schmitt, a law professor and former judge advocate in the US Air Force, posted a perplexing tweet about changing his mind on the “status of cyber capabilities as ‘weapons.’” He followed it up with the link to a recent paper he coauthored for the International Law Studies journal of the US Naval War College.

Continue reading “A Death Knell for the International Norms of Cyber Conflict – US Military Academy”

The SolarWinds hack pokes holes in Defend Forward – Observer Research Foundation

My article for the Observer Research Foundation: https://www.orfonline.org/expert-speak/the-solarwinds-hack-pokes-holes-in-defend-forward/

In December 2020, the cybersecurity company FireEye discovered a cyber espionage campaign, compromising dozens of government and private organisations in the US.

Orchestrated by subverting the supply-chain of the popular IT administration software-maker SolarWinds, the operation showcased remarkable ingenuity and precise tradecraft at every step of the “kill chain” to skirt around the phenomenal counterintelligence capabilities of the US. They had no plans to outmatch the strategic cyber offensive might of the US, so the spies tactically blended-in with the environment, exploited “transitive trust” of the computers, and used deception to look like routine processes.

Yet, beyond all the technical details, it was the palpable strategic calculus which strikes at the heart of US cyber policy. The SolarWinds hack could potentially upset many of the US’ cyber statecraft initiatives—bolstering national cyber defence in the aftermath of the 2016 electoral interference—which took years to mature.

Continue reading “The SolarWinds hack pokes holes in Defend Forward – Observer Research Foundation”

General Rawat’s comment on the India-China “capability differential” in cyber operations

General Bipin Rawat, India’s first Chief of Defence Staff, made a sort of unusual confession that we may never be able to bridge India’s “capability differential” on cyber operations, when compared to China. And that we “may not be able to fully catch up.” More in this Twitter thread by a journalist.

My hot take on it in three tweets:

SolarWinds: Cyber strategists are back to the drawing board – Hindustan Times

My geo-strategic take on the SolarWinds hack, published by the Hindustan Times: https://www.hindustantimes.com/analysis/solarwinds-cyber-strategists-are-back-to-the-drawing-board/story-L5QunVMY7vRa04isQlT1QL.html.

The SolarWinds hack – a cyber espionage campaign compromising critical organisations of the United States (US) – has fundamentally disrupted the power dynamics of cyberspace.

It is not only a major setback to the cyber statecraft initiatives of the US which took years to mature, but also challenges the basic assumptions upon which the West’s strategy for cyber dominance rests.

Continue reading “SolarWinds: Cyber strategists are back to the drawing board – Hindustan Times”

(Telemetry & toolchains) vs. tradecraft: The SolarWinds hack from a strategic lens

To me, the SolarWinds hack is remarkable because it (momentarily) managed to upend one kind of strategy with the other. A broader strategic calculus is palpable from the operational choices made in this intrusion — from the Concept of Operations which underpins it.

Continue reading “(Telemetry & toolchains) vs. tradecraft: The SolarWinds hack from a strategic lens”