in installing, testing, and measuring on campus the robust solutions for cyber resilience described in this book.
In addition, I would like to thank numerous industry experts for discussing and demonstrating their cybersecurity products. I want also to recognize the pertinent guidance from Don Jacobs and Hanna Greco in the organization and construction of this book. Finally, I want to thank my wife, Annie, who provided the inspiration to take on this field of study.
Abbreviations
| A2/AD | antiaccess/area-denial |
| APT | advanced persistent threat |
| CIA | Central Intelligence Agency |
| CIS | Center for Internet Security |
| CNSSP | Committee on National Security Systems Policy |
| DDoS | distributed denial of service |
| DHS | Department of Homeland Security |
| DLL | dynamic link library |
| DNC | Democratic National Committee |
| DCCC | Democratic Congressional Campaign Committee |
| DOD | Department of Defense |
| EDR | endpoint detection and response |
| EU | European Union |
| FBI | Federal Bureau of Investigation |
| FSB | Federal Security Service |
| GDP | gross domestic product |
| GGE | Government Group of Experts on Information Security |
| GRU | Main Intelligence Directorate |
| G7 | Group of Seven |
| G20 | Group of Twenty |
| HTTP | Hypertext Transfer Protocol |
| ICS | industrial control system |
| ICS-CERT | Industrial Control System–Computer Emergency Response Team |
| ICT | information and communication technology |
| IHL | international humanitarian law |
| IO | information operations |
| IoT | Internet of Things |
| IP | internet protocol |
| IRA | Internet Research Agency |
| IT | information technology |
| IW | information warfare |
| MMS | multimedia messaging service |
| NATO | North Atlantic Treaty Organization |
| NIST | National Institute of Standards and Technology |
| NSA | National Security Agency |
| Portable Document Format | |
| PPD | presidential policy directive |
| RMF | Risk Management Framework |
| RT | Russia Today |
| SAP | State Armament Program |
| SCADA | supervisory control and data acquisition |
| SIEM | security information and event management |
| SMB | Server Message Block |
| SMS | short message service |
| SOAR | security orchestration, automation, and response |
| SOC | security operations center |
| SSH | Secure Shell |
| UK | United Kingdom |
| UN | United Nations |
| URL | Uniform Resource Locator |
| US-CERT | United States Computer Emergency Response Team |
| VPN | virtual private network |
| WMI | Windows Management Instrumentation |
Introduction
Below the Threshold
Cyber operations possess the means to achieve really mischievous, subversive, and potentially destructive effects, but how is an injured state supposed to respond? The United States, its allies, and its partners face this dilemma in responding to Russian cyber operations. In March 2017, US senator John McCain said on Ukrainian television that the alleged Russian-sponsored breach of the computer systems of the Democratic National Committee (DNC) was “an act of war.”1 Michael Schmitt, a professor of international law applicable to cyber operations, cringed at the comment and argued that while Russian interference in the 2016 US presidential election was alarming, it did not amount to an act of war. Schmitt said the hacking and dumping of emails by Moscow to WikiLeaks was not “an initiation of armed conflict.”2 A few months earlier at a congressional hearing, Senator McCain had taken issue with a similar assessment reached by Adm. Michael Rogers, director of the National Security Agency (NSA). Admiral Rogers stated that “Russian cyberattacks on the electoral system would have to have produced more significant impact or physical destruction to constitute an armed attack.”3 The challenge today, as succinctly outlined by Schmitt, is that “the Kremlin is adept at carrying out operations that fall short of breaching undisputed legal red lines that would invite robust responses.”4 Russian cyber operations sow discord in societies and threaten critical infrastructure in the United States and across Europe. The United States in particular is now engaged in day-to-day competition with Russia in cyberspace below the level of armed conflict.
In reply to Russian cyber operations that adeptly avoid crossing perceived thresholds for war, this book will examine methods to counter them through cost imposition
