Pukhraj Singh – Writings of Pukhraj Singh

8th April 20218th April 2021

General Rawat’s comment on the India-China “capability differential” in cyber operations

General Bipin Rawat, India’s first Chief of Defence Staff, made a sort of unusual confession that we may never be able to bridge India’s “capability differential” on cyber operations, when compared to China. And that we “may not be able to fully catch up.” More in this Twitter thread by a journalist.

My hot take on it in three tweets:

Keeping in mind that a lot could get lost in translation from hacker-speak to general-speak, capability differential could become a self-defeating way to think about cyber. It’s fine to have a totally non-overlapping Venn diagram of cyber capabilites, vis-à-vis India & China. https://t.co/QnCeXWgv6K

— Pukhraj Singh (@RungRage) April 7, 2021

Gen. Rawat also endorses the general misassumption of cyber: imagining operations from the conventional precept of “contact.” Both the adversary & you only battle with ambiguity & uncertainty. Non-contact warfare understands that to some extent https://t.co/Ie9ujouB0m

— Pukhraj Singh (@RungRage) April 8, 2021

3/3 More here: “The Competition Continuum and noncontact operations in cyberspace” https://t.co/vvYGqO5tM7 The best articulation of this competition comes from @halvarflake as explained in the post.

— Pukhraj Singh (@RungRage) April 8, 2021

2nd February 20212nd February 2021

My litany on the Cyberspace Solarium Commission

I wrote this very long email to a senior member of the Cyberspace Solarium Commission. It was well received and the person agreed with many of my assertions. Sharing is caring.

30th December 20203rd January 2021

The Competition Continuum and noncontact operations in cyberspace

The SolarWinds hack has triggered deep introspection within the policy circles.

One realisation which I am having is that military strategies in cyberspace seem to be wanting to define “contact” in more conventional terms rather than how it’s really applicable to cyber operations.

28th December 202028th December 2020

SolarWinds: Cyber strategists are back to the drawing board – Hindustan Times

My geo-strategic take on the SolarWinds hack, published by the Hindustan Times: https://www.hindustantimes.com/analysis/solarwinds-cyber-strategists-are-back-to-the-drawing-board/story-L5QunVMY7vRa04isQlT1QL.html.

The SolarWinds hack – a cyber espionage campaign compromising critical organisations of the United States (US) – has fundamentally disrupted the power dynamics of cyberspace.

It is not only a major setback to the cyber statecraft initiatives of the US which took years to mature, but also challenges the basic assumptions upon which the West’s strategy for cyber dominance rests.

21st December 202021st December 2020

MITRE ATT&CK has always been a risk management framework, and now it’s official

A couple of months ago, someone asked me what’s the best risk management strategy that I have come across. Pat came my reply: MITRE ATT&CK.

The person on the other end was surprised.

20th December 202020th December 2020

(Telemetry & toolchains) vs. tradecraft: The SolarWinds hack from a strategic lens

To me, the SolarWinds hack is remarkable because it (momentarily) managed to upend one kind of strategy with the other. A broader strategic calculus is palpable from the operational choices made in this intrusion — from the Concept of Operations which underpins it.

13th November 202013th November 2020

Deconstructing Ciaran Martin’s speech in 18 tweets

Ciaran Martin was the founder of the UK’s National Cyber Security Center and the former head of cyber operations at GCHQ. He gave a thought-provoking speech busting many myths around cyber power and cyber operations (text and video ).

I try to deconstruct it in 18 tweets. Click on the tweet to follow the thread:

1. Deconstructing @ciaranmartinoxf‘s speech from a cyber policy perspective in 18 tweets. Here, he alludes to the technical ambiguity which plagues policy work, i.e. reliance on effects-based frameworks. Operators only control effects to a certain degree for complex intrusions pic.twitter.com/HHUyIo07uI

— Pukhraj Singh (@RungRage) November 12, 2020