Gluing cybersecurity with geopolitics
The SolarWinds hack has triggered deep introspection within the policy circles.
One realisation which I am having is that military strategies in cyberspace seem to be wanting to define “contact” in more conventional terms rather than how it’s really applicable to cyber operations.
Continue reading “The Competition Continuum and noncontact operations in cyberspace”My geo-strategic take on the SolarWinds hack, published by the Hindustan Times: https://www.hindustantimes.com/analysis/solarwinds-cyber-strategists-are-back-to-the-drawing-board/story-L5QunVMY7vRa04isQlT1QL.html.
The SolarWinds hack – a cyber espionage campaign compromising critical organisations of the United States (US) – has fundamentally disrupted the power dynamics of cyberspace.
It is not only a major setback to the cyber statecraft initiatives of the US which took years to mature, but also challenges the basic assumptions upon which the West’s strategy for cyber dominance rests.
Continue reading “SolarWinds: Cyber strategists are back to the drawing board – Hindustan Times”A couple of months ago, someone asked me what’s the best risk management strategy that I have come across. Pat came my reply: MITRE ATT&CK.
The person on the other end was surprised.
Continue reading “MITRE ATT&CK has always been a risk management framework, and now it’s official”To me, the SolarWinds hack is remarkable because it (momentarily) managed to upend one kind of strategy with the other. A broader strategic calculus is palpable from the operational choices made in this intrusion — from the Concept of Operations which underpins it.
Continue reading “(Telemetry & toolchains) vs. tradecraft: The SolarWinds hack from a strategic lens”Ciaran Martin was the founder of the UK’s National Cyber Security Center and the former head of cyber operations at GCHQ. He gave a thought-provoking speech busting many myths around cyber power and cyber operations (text and video ).
I try to deconstruct it in 18 tweets. Click on the tweet to follow the thread:
1. Deconstructing @ciaranmartinoxf‘s speech from a cyber policy perspective in 18 tweets. Here, he alludes to the technical ambiguity which plagues policy work, i.e. reliance on effects-based frameworks. Operators only control effects to a certain degree for complex intrusions pic.twitter.com/HHUyIo07uI
— Pukhraj Singh (@RungRage) November 12, 2020
Go through the Russian doctrinal thought on information sovereignty, and you’ll know that the TikTok ban in the US just enabled a normative framework that has been in the shadows since a decade. Cyber norms 101: it’s a process, from norm-violation to norm-setting. pic.twitter.com/SONUuNzfln
— Pukhraj Singh (@RungRage) October 10, 2020
“Russia creates conditions in which liberal democracies are forced to debate about the introduction of censorship for the sake of national security and sovereignty (Barandiy, 2018).”
Due to the biases which emerge from legal determinism influenced by analogical reasoning, the cyber policy community often ends up ignoring the actual cases of normative behavior in cyberspace. Okay, if not normative behavior then at least a semblance of some kind of customary law.
Continue reading “Congratulations, it’s a cyber norm!”A very contrarian piece for The Quint: https://www.thequint.com/voices/opinion/facebook-politics-hate-speech-controversy-indian-government-modi-freedom-of-speech-activism.
The recent investigative reports by TIME and the Wall Street Journal on Facebook’s content handling and lobbying activities have triggered an intense political debate in India.
On the one hand, Facebook’s moderation of hateful content in India seems to have been influenced by business and political imperatives; on the other, it appears as if the relationship between its public policy team and the ruling political dispensation was too close for comfort.
Continue reading “It has nothing to do with Facebook – The Quint”