Graded Cyber Policy Papers

A collection of studies about cyber security in military and civilian context.

  1. Home
  2. Google Sheet
  3. Graded Cyber Policy Papers

Graded Cyber Policy Papers

A collection of studies about cyber security in military and civilian context.

cyber, politics, security, infosec

Sanctioning Russia for SolarWinds: What Normative Line Did Russia Cross? Robert Chesney A He noticed some things nobody seems to want to point out, for example, the domestic political salience bit. :)

Current International Law Is Not an Adequate Regime for Cyberspace Michael P. Fischerkeller Michael P. Fischerkeller A Needs diagrams, otherwise great.

Pathologies of obfuscation: Nobody understands cyber operations or wargaming Nina Kollars and Benjamin Schechter A

The Cyber Paradigm Shift Emily Goldman A Essentially a prequel to the Fischerkeller paper

Rapid capabilities generation and prompt effects in offensive cyber operations JD Work Technology and The Cyber Domain: Implications for Intelligence. International Studies Association Annual Conference. Las Vegas. April 2021. A Explains the ops against bot networks from USCC

Successful counter-cyber operations secure US election JD Work Janes Intelligence Review | March 2021 A Points out a subtle area of PE in terms of judging success and failure...

Early intelligence assessments of COMBLOC computing JD Work JD Work (2021) Early intelligence assessments of COMBLOC computing, Journal of Intelligence History, DOI: 10.1080/16161262.2021.1884791 A Very much worth a read. Not just about the past.

From cold to cyber warriors: the origins and expansion of NSA’s Tailored Access Operations (TAO) to Shadow Brokers Steven Loleski A


Opportunity Seldom Knocks Twice: Influencing China’s Trajectory via Influencing China’s Trajectory via Defend Forward and Persistent Engagement Defend Forward and Persistent Engagement in Cyberspace Michael P. Fischerkeller asia policy, volume 15, number 4 (october 2020), 65–89 A

Cyber Competition to Cybered Conflict Chris Demchak A

China's Counter-Strategy to American Export Controls in Integrated Circuits Douglas B. Fuller A

Troubled vision: Understanding recent Israeli–Iranian offensive cyber exchanges JD Work, Richard Harknett A Best starter paper on PE

Zero Days, Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits Lillian Ablon, Andy Bogart A Only paper with any data on this subject

Public attribution of cyber intrusions Florian J Egloff doi: 10.1093/cybsec/tyaa012 A

Secrecy's End Oona A. Hathaway A Great paper on an important topic - I have some minor quibbles about the final section of suggestions, but the history section and legal analysis is a must read.

Who Hath Measured the (Proving) Ground: Variation in Offensive Capabilities Test and Evaluation JD Work A There was some stuff in here I didn't know about how history played out (i.e. this is a paper where public facts get reinterpreted in a way that surprises you).

Achieving Systemic Resilience in a Great Systems Conflict Era Chris Demchak B It has some good stuff in it, and an important recalibration, but I don't feel like it actually adapted its own recalibration or properly absorbed what the implications were. ,

Targeting Technology: Mapping Military Offensive Network Operations Daniel Moore B This is a taxonomy, mostly, which is a good overview but does not push too far into the wacky corners. I feel like it sets the ground for a future paper (which is probably already written and sitting in an email queue somewhere).

Cyber Threats and Vulnerabilities to Conventional and Strategic Deterrence Mark Montgomery and Erica Borghard B What would the US do, to help lower this risk? ( . Missing from this paper is NEGOTIATING WITH OUR ADVERSARIES. Other than that, it's a good TODO sheet of stuff we ought to do, but without the costs, or even a rough order of magnitude of the costs?

The Escalation Inversion and Other Oddities of Situational Cyber Stability Jason Healey, Robert Jervis C Also at: This paper has SO MANY ISSUES. I could go on and on, and I did, in a twitter thread, which I should make a video out of. It feels like a huge attempt to justify a push-back on the concept of persistent engagement in favor of some sort of vague theory of defensive alignment and restraint that is never going to gain any ground. Two major arguments against this paper: 1. Geopolitical differences between countries make it impossible to have a generic understanding of escalation in the way this model requires. 2. Nations use hybrid approachs to conflict (i.e. cyber+mil+econ) that make this model impossible to detangle.

Countering cyber proliferation: Zeroing in on Access-as-a-Service Winnona DeSombre, James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, Luca Allodi, and Trey Herr C Recommendations very bad, but ENFER bit and framing are great.

Persistent Engagement Neglects Secrecy at Its Peril Lennart Maschmeyer D Got docked points for " Cyber persistence posits that actors have the capacity to manage the degree of covertness of an operation. Yet a successful compromise always requires a clandestine approach. Covert operations obscure the origins of an operation but not the activity itself, while clandestine operations strive to obscure both the origins and the activity."

Virtual Territorial Integrity: The Next International Norm Michael J. Mazarr,traditional%20aggression%20toward%20other%20societies. D It's hard to see how this concept goes forward, to be honest.

Restraint under conditions of uncertainty: Why the United States tolerates cyberattacks Monica Kaminska F Extremely frustrating.

Taking Stock: Estimating Vulnerability Rediscovery Trey Herr, Bruce Schneier F Misunderstood data. Do not cite.

PrEP: A Framework for Malware & Cyber Weapons Trey Herr F Oversimplified model

Deterrence in the Cyber Realm: Public versus Private Cyber Capacity NADIYA KOSTYUK F It's good to point out from this paper an example of overbroad abstractions (nearly everything is a "PCI") here. Also, I find it funny she used the acronym PCI. But regardless, when trying to work on the model of deterrence in cyber this is the kind of horrible knots you will tie yourself into. Nearly everything in this paper is wrong but that itself is interesting, in a way. What would have improved this paper is a massive change of scope and focus. It needed to drill down into the weeds on some things. In particular, a rewrite of this paper JUST LOOKING AT TIANFU CUP/PWNTOOWN would potentially be useful.

Initiative Persistence as the Central Approach for U.S. Cyber Strategy Michael P. Fischerkeller, Richard J. Harknett B Makes a very good case that people should really stop attempting "Strategic Ambiguity". To be honest, does a GREAT job of hitting OTHER perspectives, but gets docked a point for not having enough time on its own initiative persistence work itself.

Deterrence by Denial in cyberspace Erica D. Borghard & Shawn W. Lonergan C A counterpoint to the Fischerkeller paper above.

Paper Author Link Grade DA Comments Review Links ADD YOURSELF HERE

Escalation Management in 21st Century Operations in the Information Environment Lawrence, K. (NSI, Inc.); Hunt

Graded Cyber Policy Papers
Tags Cyber, Politics, Security, Infosec
Type Google Sheet
Published 25/11/2021, 01:55:45


Cyberpunk 2077 Settings Optimization
APT Groups and Operations