 Cyber Conflict Module 4, Understanding the Cyber Threat Once you have completed the readings, lecture, activity, and assessment, you will be able to articulate the major findings of the Marsh Commission, describe the purpose and results of exercise eligible receiver, articulate how John Stone's conceptualization of acts of war differs from Thomas Ritz. Welcome to Cyber Conflict Module 4. In previous lectures, you learned how concerns about computer system vulnerabilities have existed since the 1980s with President Reagan's NSDD-145 and how the Stuxnet computer worm in 2009 marked a turning point in the history of warfare. This lecture discusses years in between those two events, as the focus on cybersecurity dissipated but then rose again. Reagan's NSDD-145 was the first high-level policy document to address cyber warfare. Even so, maintaining focus on the vulnerability of computer technologies was difficult at that time, as the United States was in the midst of the Cold War and experiencing other international crises. The 1990s saw cybersecurity return to the forefront of national security policy, following various terrorist attacks such as the 1995 Oklahoma City Federal Building bombing. As computers were becoming ubiquitous in nearly every type of critical infrastructure system, policymakers were realizing the degree of damage that terrorists might wreak if they could access computers controlling those infrastructure systems. In June 1995, President Bill Clinton signed Presidential Decision Directive 39, the U.S. policy on counterterrorism. PDD 39 led to the creation of a panel to review how vulnerable the country's critical infrastructure was to terrorism. This panel eventually led to the creation of the President's Commission on Critical Infrastructure Protection, tasked to explore both the physical and cyber threats to our critical infrastructure systems. In October 1997, the Commission released its findings in a sobering 154-page report that noted, the capability to do harm particularly through information networks is real. It is growing at an alarming rate and we have little defense against it. As this Presidential Commission was finalizing its findings, the U.S. military was also discovering the vulnerabilities of its own computer systems. Lieutenant General Kenneth Minahan, an Air Force Information Operations pioneer and National Security Agency director, was frustrated at the refusal of the military's leadership to give cybersecurity serious thought. To highlight the problem, he planned and executed a major command and control event, Exercise Eligible Receiver in June 1997. The exercise initially planned for two weeks was over in four days as General Minahan's small NSA hacking group penetrated and shut down some of the most critical of the military's computer systems, including the phone system and a classified intelligence system used by the Joint Chiefs of Staff. This course in part seeks to illustrate how cyber threats came to be taken seriously by military and corporate leaders. As you have read and heard, this was a slow process. The course also seeks to highlight the evolution of how military theorists incorporate cyber capabilities into their strategic frameworks. In the last module, you read about Thomas Ridd's skepticism regarding cyber capabilities and cyber warfare. In this module, you were introduced to John Stone, who argues that cyber attacks could, in fact, constitute acts of war. The cyber domain of war is new and much like the dawn of the nuclear age, debates about how these capabilities should be taking place are not unusual. Exercise Eligible Receiver rapidly changed the mindset of the military and set in motion a new focus on computer operational security, although it wasn't enough to fully secure all the military's computer systems, as we'll soon find out. In fact, at about the same time that Exercise Eligible Receiver was being conducted, Russia was hacking into multiple U.S. military and university computer systems via the moonlight maze intrusions. We will discuss that event shortly, but the next module will provide some background on Russia, including how the Russians have traditionally approached cyber warfare. Quiz question one, true or false? The Marsh Commission was instrumental in solidifying public support for nuclear weapons research. The answer is false. Quiz question two, which of the following was a result of Exercise Eligible Receiver? A, it highlighted the importance of improving cybersecurity within the U.S. armed forces. B, it highlighted the importance of electronic warfare weaponry to the U.S. Navy. C, it prepared the U.S. military for war with Haiti. D, it gave the president responsibility for coordinating the nation's response to cyber attack. Answer A is correct. It highlighted the importance of improving cybersecurity within the U.S. armed forces. The activity for this module asks that you reflect on John Stones and Thomas Rids, conceptualizations of cyber war, by considering the following. With which theorist do you most align in terms of thinking about cyber war? Why? Do you feel the violence unleashed by cyber attacks lacks the emotional resonance that RID believes it does? Will this change as technology becomes more present in the future? How do you think wars will be fought in the future? And to what extent do you believe they will revolve around cyber technologies?