Four things I'm reading this week:
Russia Takes its Act to Europe: As much as we have all been focused on the 2016 election influence operations–that was far from the first, and will not be the last time that a nation-state looks to meddle in the elections of another state. Next on the agenda: France in April and May, and Germany in fall 2017. There’s little doubt that Russia will be looking to replicate its success, and many of the same opportunities exist in both of those elections.
Take Germany: the Russian intrusion into the Bundestag back in May of 2015 means they may already have their German DNC-hack. Given that risk, there is increasing focus on public debate in Germany and how that country will deal with a rising media hacking problem. Will we see a repeat of previous events, or will security responses evolve in time?
I’m reading: “Germany's Plan to Fight Fake News.”
Longread: Managing the Challenges of Ambiguity in Cyberspace: We are getting better and better at attribution – it’s no longer true that anyone can rely on acting with perfect anonymity online. But ambiguity (not just who did something, but also why, and how) continues to pose challenges. Back in May of 2015, Benjamin Brake published a memo through the Council on Foreign Relations on how to deal with this challenge. It’s interesting to look back at the piece today, and realize that, for all the ways that things have changed in the past eighteen months, many of the challenges that we face remain the same.
Ambiguity limits the effectiveness of deterrence, and emphasizes how essential it is that we improve our security so that intrusions are more difficult in the first place. It also means that when we do engage in deterrence, we need to be very careful what effect we aim for and how we intend to make it happen.
There’s plenty of uncertainty in how to deal with the expanding threat environment, but many of Brake’s recommendations are worth a re-read today.
I’m reading: “Strategic Risks of Ambiguity in Cyberspace.”
A Few Thoughts on the Russia Sanctions: What They Mean, and What More Needs to be Done: Earlier this week, I published a piece in TechCrunch on the Russia sanctions. In it, I identified four lessons for security going forward: how to innovate in deterrence; the importance of focusing away from cyber-responses to cyber threats; moving beyond deterrence to security; and how to reshape our cybersecurity approach to get at the root of the problem.
I'm reading: "Will U.S. Sanctions Against Russia Fix Cybersecurity?"