Volume 21, Issue 3

Volume 21, Issue 3

Book Review by W Hutchinson

Amy B. Zegart (2022) Spies, Lies, and Algorithms, Princeton University Press, Princeton NJ, US.

Book Review

The subtitle to this book is ‘The History and Future of American Intelligence’. This is exactly the theme of this book but, unlike the real title, it does not reflect the novel approach taken by the author. The coverage is obviously U.S.-centric but is relevant to those interested in intelligence, and information operations/warfare. The author defines ‘intelligence’ as “information that gives policymakers an advantage over their adversaries” (p.79). However, this book provides an understanding at all levels in the process of information usage and protection. It is clearly written and full of examples from the past and contemporary situations as well as potential scenarios. I found this latter element and the precision of the descriptions both absorbing and stimulating. Zegart emphasizes new technologies, such as artificial intelligence (AI), Internet connectivity, quantum computing, and synthetic biology that will disrupt the political and economic worlds. However, I was surprised nanotechnology was not mentioned.

The book has ten chapters covering such topics as educating for intelligence and its history. A chapter on ‘Intelligence Basics’ cleverly uses Rumsfeld’s famous “knowns and unknowns” speech as a basis of explanation. Chapters on analysis, counterintelligence, and covert action give concise and very interesting insights. The need for oversight and also the expansion of the intelligence function to non-traditional actors brings us to into the changing contemporary world of non-government actors in the field, and their impact. The final chapter on cyber threats with insightful topics such as cyber-deception and the increasing power of actors such as social media owners brings the book to a fitting end.

I gained a lot from this well-written text, authored by this knowledgeable and influential person. I would recommend this to those in, or interested in, the fields of intelligence and information warfare/operations.

The main text is 276 pages plus 96 pages of reference notes, 12 pages of selected readings, and a substantial index. It is available as an electronic or hard copy book and an audiobook. It can be found in good bookshops, and online. The audiobook is available at Amazon.

VOLUME 21, ISSUE 3 EDITORIAL

Summer 2022

This latest edition of the JIW, brings an exciting number of papers from esteemed academics who address a wide and varied series of research efforts across the Information Warfare and Cyber Security spectrum. We begin with the paper from Bodström writing about “Strategic Cyber Environment Management with Zero-Trust and Cyber Counterintelligence”, which is directly related to many of the current issues that the Department of Defense (U.S.) and other organizations are dealing with. This is followed by Shen, Chen, and Tseng, who collaborated on a paper focusing on “Relating Credibility to Writing Style, Emotion and Scope of Spread of Disinformation”, which is very interesting on what works, and does not, for these types of campaigns. Next is Huskaj and Blix, with their research on “Validating a Framework for Offensive Cyberspace Operations”, and how these types of mission could be conducted in the future.

Strategic Cyber Environment Management with Zero Trust and Cyber Counterintelligence

Abstract:

Organisations need to improve their information security practices, given the volume of successful cyberattacks and crimes. To enhance security in an organisation, information security must be considered a business issue, instead of a technical problem. Hence, organisations must change the security protocol from reactive action to proactive operation; must develop information security strategies that support the business; should implement better controls, systems, and services; and must create a process to proactively gather information about the possible threats and adversaries. This study proposes a novel method for combining a zero-trust strategy with cyber counterintelligence to gain the required security level and situational awareness to encounter modern threats.

Published In

Volume 21, Issue 3

Written By

Tero Bodström

Keywords

Information Security Strategy

Zero Trust

Cyber Counterintelligence

Read more about Strategic Cyber Environment Management with Zero Trust and Cyber Counterintelligence

Relating Credibility to Writing Style, Emotion, and Scope of Spread of Disinformation

Abstract:

This study focuses on Taiwan, a Chinese-speaking country suffering from disinformation attacks. To fully explore the situation in Taiwan, this study adopts the victim-oriented approach and focuses on the following question: what are some factors regarding the credibility of disinformation in Taiwan? The result of an exit poll survey (n=892) and a series of behavior experiments (n=86) indicate that, when countering disinformation, regulations that only focus on transparency of the source may have little impact since the source is not the main variable in terms of credibility.

Published In

Volume 21, Issue 3

Written By

Puma Shen

Yun Ju Chen

Poyu Tseng

Keywords

Disinformation

Credibility

Source

Political Orientation

Scope of Spread

Emotion

Read more about Relating Credibility to Writing Style, Emotion, and Scope of Spread of Disinformation

Validating a Framework for Offensive Cyberspace Operations

Abstract:

The Ambidextrous Framework for Offensive Cyberspace Operations is validated using a simulated cyber conflict emulating a cyber operation against critical infrastructure of a fictitious country. The purpose is to assess how well the framework supports planning and execution of cyber operations. Data collection is done through self-reporting by a team in the cyber range training facility, supported by a follow-up unstructured interview. The results show that the framework works well in supporting planning, preparation, and order giving to execute offensive cyberspace operations. However, the framework is less suited to supporting operator actions during ongoing offensive operations, due to its current lack of capability to utilise real-time data from battle stations.

Published In

Volume 21, Issue 3

Written By

Gazmend Huskaj

Fredrik Blix

Keywords

Ambidextrous Framework

Cyber Range and Training Environment (CRATE)

Model

Offensive Cyberspace Operations

ValidatingIntroductionModels

Read more about Validating a Framework for Offensive Cyberspace Operations

Ambiguous Self-Induced Disinformation (ASID) Attacks: Weaponizing a Cognitive Deficiency

Abstract:

Humans quickly and effortlessly impose context onto ambiguous stimuli, as demonstrated through psychological projective testing and ambiguous figures. This feature of human cognition may be weaponized as part of an information operation. Such Ambiguous Self-Induced Disinformation (ASID) attacks would employ the following elements: the introduction of a culturally consistent narrative, the presence of ambiguous stimuli, the motivation for hypervigilance, and a social network. ASID attacks represent a low-risk, low-investment tactic for adversaries with the potential for significant reward, making this an attractive option for information operations within the context of grey-zone conflicts.

Published In

Volume 21, Issue 3

Written By

Keywords

Disinformation

Cognitive Malware

Grey Zone Conflict

Ambiguous Self-Induced Disinformation Attacks

Read more about Ambiguous Self-Induced Disinformation (ASID) Attacks: Weaponizing a Cognitive Deficiency

Cyber Pirates Ahoy! An Analysis of Cybersecurity Challenges in the Shipping Industry

Abstract:

Maritime shipping has become a trillion-dollar industry that now impacts the economy of virtually every country around the world. It is therefore no surprise that countries and companies have spent billions of dollars to modernize shipping vessels and ports with various technologies. However, the implementation of these technologies has also caught the attention of cybercriminals. For example, a cyberattack on one shipping company resulted in nearly $300 million in financial losses. Hence, this paper describes cybersecurity vulnerabilities present in the international shipping business. The contribution of this paper is the identification and dissection of cyber vulnerabilities specific to the shipping industry, along with how and why these potential vulnerabilities exist.

Published In

Volume 21, Issue 3

Written By

George Grispos

William R Mahoney

Keywords

Cybersecurity

Transportation Systems

Shipping

Maritime Security

Critical Infrastructure

Maritime Incidents

Read more about Cyber Pirates Ahoy! An Analysis of Cybersecurity Challenges in the Shipping Industry

Strategic Cognition War

Abstract:

Whilst the major strategic objectives of war have not changed for centuries, this paper posits that the physical aspects of them—such as resources, territory and influence, or coercion of populations—have been superseded by the control of social cognition in the target. This paper examines the development of Information War to a deeper level. The ‘Information Age’, spurred on by technological advances in persuasive and cognitive control, has led to strategic aims becoming the control of cognitive processes in the target’s population, where the target can be a domestic population as well as a foreign one. Also, this paper has been expanded to include systems controlled by artificial intelligence (AI), big data, and networks.

Published In

Volume 21, Issue 3

Written By

William (Bill) Hutchinson

Keywords

Read more about Strategic Cognition War

Information Warfare: Leveraging the DMMI Matrix Cube for Risk Assessment

Abstract:

This paper presents the DMMI Matrix Cube and demonstrates its use in assessing risk in the context of information warfare. By delineating and ordinating the concepts of disinformation, misinformation, malinformation, and information, its purpose is to gauge a communication’s intention to cause harm, and its likelihood of success; these, together, define the severity of weaponised information, such as those employed within sophisticated information operations. The chance or probability of the (information) risk is determined by the intention to harm, the apparent veracity of the information, and the probability of its occurrence. As an exemplar, COVID-19 anti-vaccine campaigns are mapped to the DMMI Matrix Cube, and recommendations are offered based on stakeholder needs, interests, and objectives.

Published In

Volume 21, Issue 3

Written By

Hadley Newman

Keywords

Information Operations

Read more about Information Warfare: Leveraging the DMMI Matrix Cube for Risk Assessment

Space Systems Security: A Definition and Knowledge Domain for the Contemporary Context

Abstract:

A second space race has taken off and it is driving the rapid deployment of modernised satellites and other space systems that each introduce new security risks to an aged and already vulnerable ecosystem. The engineering, science, and technology aspects of space security are currently understudied and disjointed, leading to fragmented research and inconsistent terminology. This paper details the results of a global survey of space security experts to define Space Systems Security and the scope of its interdisciplinary knowledge domain. It also provides a review of current space security literature and examines the contemporary space systems context from a security perspective.