Cyber Visualizations

A visualization based on the book "Cyber Persistence Theory: Redefining National Security in Cyberspace," Chapter 1 by authors: Michael P. Fischerkeller, Emily O. Goldman and Richard J. Harknett, Oxford University Press, 2022.

In history, defense has been the primary strategy to create a country’s security.  Once nuclear weapons were introduced, defense was overwhelmed.  Nuclear security became a game of deterrence and avoiding war.  Now, cyberspace has linked countries together and has the potential as an alternative to war for strategic gain. Cyberspace has become a fluid game of persistent engagement.

Cyberspace is filled with opportunities and vulnerabilities that must be anticipated in order to set security conditions in their favor.  If one can gain the cyber initiative, then one can become more secure in the short-term and hopefully in the long term.  Gains are obtained when the target is unaware of the loss, or unable or unwilling to respond. The immediate gain in and through cyberspace is the reconfiguring of cyberspace technically, tactically, operationally, and strategically. Cyber campaigns show how sustaining the cyber initiative is the key to security in a world of cyber persistence.  

Cyber Persistent Theory expects cyber actors to seek the initiative in exploitation of vulnerabilities through cyber operations and cyber campaigns. A persistent engagement and a defend forward posture can enable states to secure themselves by limiting, frustrating, and disrupting malicious cyber activity. While the cyber empirical record tends to be opaque, shrouded by national security secrecy or corporate proprietary information, there were initial attempts by states experimenting with gaining the initiative through disrupting the cyber activities of malicious actors. These experiences helped lead toward the adoption of new cyber persistent thinking. 

Individual data breaches may appear to be separate attacks in isolation.  But, if these significant data breaches are viewed together as a campaign, one can see the strategic gain. 

Targeted ATM cyber heists, ransomware on financial websites, and cryptocurrency could all be seen as isolated cyberattacks. However, viewed together, one can see this is a strategic campaign to raise money in order to circumnavigate international sanctions.

In December 2020, FireEye was hacked, and a supply chain cyber campaign was exploited via a SolarWinds software security update to over 300,000 clients -- a regular software update penetrated hundreds of companies and many US government agencies. A prior cyber campaign points to Russia.  This cyber strategic campaign was both sophisticated and precise.

In cyberspace, scope and scale change the nature of international spying.  The amount of data passed and observed exceeds any traditional espionage operations.   With SolarWinds, interconnectedness allowed for data to be leaked from hundreds of systems and companies over many months.  This was a two-level game with sustained knock-on effects.  

We need to stop thinking about episodic hacks and think in broader campaign terms that seek strategic gain over time.  Primarily, states can set and maintain cyber security in their favor through strategic competition.