Assessing the Application of a Cold War Strategic Framework to Establish Norms in the Cyber Threat Environment

Jason Atwell is an officer in the U.S. Army Reserve and a Senior Manager with FireEye, Inc. Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.


Title:  Assessing the Application of a Cold War Strategic Framework to Establish Norms in the Cyber Threat Environment

Date Originally Written:  December 28, 2020.

Date Originally Published:  March 29, 2021.

Author and / or Article Point of View:  The article is written from the point of view of the United States and its Western allies as they seek to impose order on the increasingly fluid and frequently volatile cyber threat environment.

Summary:  The continued growth and maturity of cyber operations as a means of state sponsored espionage and, more recently, as a potential weapon of war, has generated a need for an “accepted” strategic framework governing its usage. To date, this framework remains unestablished. Cold War strategic frameworks could help govern the future conduct of cyber operations between nation states and bring some semblance of order to this chaotic battlespace.

Text:  The cyber threat environment continues to evolve and expand. Threat vectors like ransomware, a type of malicious software designed to block access to a computer system until a sum of money is paid, are now daily subjects for discussion among leaders in the public and private sectors alike. It is against this backdrop that high-level initiatives like the Cyberspace Solarium Commission have sought to formulate comprehensive, whole-of-government strategies for dealing with cyber threats and developing capabilities. The U.S. Department of Commerce’s National Institute for Standards in Technology issues a steady stream of best practices for cyber risk management and hygiene. Yet, no comprehensive framework to govern cyber operations at the macro, nation-to-nation level, has emerged and been able to achieve buy-in from all the affected parties. In fact, there are not even useful norms limiting the risk in many of these cyber interactions[1]. Industry leaders as well have lamented the lack of a coherent doctrine that governs relations in cyberspace and discourages the violating of doctrinal norms[2]. In some ways the Cold War norms governing armed conflict, espionage, and economic competition can be used to provide much needed stability to cyber and cyber-enabled operations. In other ways, the framing of current problems in Cold War vocabulary and rhetoric has proved unworkable at best and counterproductive at worst. 

Applying the accepted framework of great power interactions that was established during the Cold War presents both opportunities and challenges when it comes to the cyber threat environment. The rules which governed espionage especially, however informal in nature, helped to ensure both sides knew the red lines for conduct and could expect a standard response to common activities. On the individual level, frameworks like the informal “Moscow Rules” governed conduct and helped avoid physical confrontations[3]. When those rules were violated, and espionage came into the open, clear consequences were proscribed via precedent. These consequences made the use of persona-non-grata expulsions, facility closures, the use of neutral territories, exchanges and arrests were predictable and useful controls on behavior and means to avoid escalation. The application of these consequences to cyber, such as the closure of Russian facilities and expulsion of their diplomats has been used[4], however to little or no apparent effect as administrations have changed their approach over time. This uneven application of norms as cyber capabilities have advanced may in fact be leading the Russians in particular to abandon the old rules altogether[5]. In other areas, Cold War methods have been specifically avoided, such as the manner in which Chinese cyber operators have been indicted for the theft of intellectual property. Lowering this confrontation from high-level diplomatic brinkmanship to the criminal courts both prevents a serious confrontation while effectively rendering any consequences moot due to issues with extradition and prosecution. The dynamics between the U.S. and China have attracted a lot of discussion framed in Cold War terminology[6]. Indeed, the competition with China has many of the same hallmarks as the previous U.S.-Soviet Union dynamic[7]. What is missing is a knowledge of where the limits to each side’s patience lie when it comes to cyber activity. 

Another important component of Cold War planning and strategy was an emphasis on continuity of operations and government authority and survivability in a crisis. This continuity was pursued as part of a deterrence model where both sides sought to either convince the other that they would endure a confrontation and / or decisively destroy their opposition. Current cyber planning tends to place an emphasis on the ability to achieve overmatch without placing a similar emphasis on resilience on the friendly side. Additionally, deterrence through denial of access or geophysical control cannot ever work in cyberspace due to its inherently accessible and evolving nature[8]. Adopting a mindset and strategic framework based on ensuring the ability of command and control networks to survive and retaliate in this environment will help to impose stability in the face of potentially devastating attacks involving critical infrastructure[9]. It is difficult to have mutually assured destruction in cyberspace at this phase, because “destruction” is still nebulous and potentially impossible in cyberspace, meaning that any eventual conflict that begins in that domain may still have to turn kinetic before Cold War models begin to function.

As cyber capabilities have expanded and matured over time, there has been an apparent failure to achieve consensus on what the red lines of cyber confrontation are. Some actors appear to abide by general rules, while others make it a point of exploring new ways to raise or lower the bar on acceptable actions in cyberspace. Meanwhile, criminals and non-aligned groups are just as aggressive with their operations as many terrorist groups were during the height of the Cold War, and they are similarly frequently used or discarded by nation states depending on the situation and the need. However, nation states on the two sides were useful bulwarks against overzealous actions, as they could exert influence over the actions of groups operating from their territory or abusing their patronage. Espionage in cyberspace will not stop, nor can a framework anticipate every possible scenario that my unfold. Despite these imperfections, in the future an issue like the SolarWinds breach could lead to a series of escalatory actions a la the Cuban Missile Crisis, or the cyber threat environment could be governed by a Strategic Arms Limitation Talk-like treaty which bans cyber intrusions into global supply chains[10]. Applying aspects of the Cold War strategic framework can begin to bring order to the chaos of the cyber threat environment, while also helping highlight areas where this framework falls short and new ways of thinking are needed.


Endnotes:

[1] Bremmer, I., & Kupchan, C. (2021, January 4). Risk 6: Cyber Tipping Point. Retrieved February 12, 2021, from https://www.eurasiagroup.net/live-post/top-risks-2021-risk-6-cyber-tipping-point 

[2] Brennan, M., & Mandia, K. (2020, December 20). Transcript: Kevin MANDIA on “Face the Nation,” December 20, 2020. Retrieved February 12, 2021, from https://www.cbsnews.com/news/transcript-kevin-mandia-on-face-the-nation-december-20-2020/ 

[3] Sanger, D. (2016, December 29). Obama Strikes Back at Russia for Election Hacking. Retrieved February 13, 2021, from https://www.nytimes.com/2016/12/29/us/politics/russia-election-hacking-sanctions.html 

[4] Zegart, A. (2021, January 04). Everybody Spies in Cyberspace. The US Must Plan Accordingly. Retrieved February 13, 2021, from https://www.defenseone.com/ideas/2021/01/everybody-spies-cyberspace-us-must-plan-accordingly/171112/

[5] Devine, J., & Masters, J. (2018, March 15). Has Russia Abandoned the Rules of Spy-Craft? Retrieved February 13, 2021, from https://www.cfr.org/interview/are-cold-war-spy-craft-norms-fading 

[6] Buchanan, B., & Cunningham, F. (2020, December 18). Preparing the Cyber Battlefield: Assessing a Novel Escalation risk in A Sino-American Crisis. Retrieved February 13, 2021, from https://tnsr.org/2020/10/preparing-the-cyber-battlefield-assessing-a-novel-escalation-risk-in-a-sino-american-crisis/ 

[7] Sayers, E. (2021, February 9). Thoughts on the Unfolding U.S.-Chinese Competition: Washington’s Policy Towards Beijing Enters its Next Phase. Retrieved February 13, 2021, from https://warontherocks.com/2021/02/thoughts-on-the-unfolding-u-s-chinese-competition-washingtons-policy-towards-beijing-enters-its-next-phase/ 

[8] Borghard, E., Jensen, B., & Montgomery, M. (2021, February 05). Elevating ‘Deterrence By Denial’ in U.S. Defense Strategy. Retrieved February 13, 2021, from https://www.realcleardefense.com/articles/2021/02/05/elevating_deterrence_by_denial_in_us_defense_strategy_659300.html 

[9] Borghard, E. (2021, January 04). A Grand Strategy Based on Resilience. Retrieved February 13, 2021, from https://warontherocks.com/2021/01/a-grand-strategy-based-on-resilience/ 

[10] Lubin, A. (2020, December 23). SolarWinds as a Constitutive Moment: A New Agenda for International Law of Intelligence. Retrieved February 13, 2021, from https://www.justsecurity.org/73989/solarwinds-as-a-constitutive-moment-a-new-agenda-for-the-international-law-of-intelligence/

Arms Control Assessment Papers Below Established Threshold Activities (BETA) Cold War Cyberspace Governing Documents and Ideas Jason Atwell Soviet Union Treaties and Agreements United States

Trump Administration Options Towards Iran

Ted Martin has a keen interest in Iranian affairs and has spent time in Iraq and Afghanistan.  Divergent Options content does not contain information of an official nature nor does the content represent the official position of  any government, any organization, or any group.


National Security Situation:  Iran, sanctions, and the Joint Comprehensive Plan of Action (JCPOA) / United Nations (UN) Resolution 2231(2015)[1].

Date Originally Written:  March 27, 2017.

Date Originally Published:  May 8, 2017.

Author and / or Article Point of View:  Author has spent time in Iraq and Afghanistan as a member of the U.S. Military.  He has also studied Iran and Hezbollah since 2000.  This article is written as advice to a U.S. decision maker.

Background:  Despite the negotiation of the JCPOA, Iran is still a U.S. foreign policy concern.  Iran occupies a strategic position, able to block the export of oil through the Persian Gulf at the narrow Strait of Hormuz, and able to strike the Arab countries that produce that oil.  Iran has long had aspirations of regional hegemony and employed destabilizing proxy forces to further its ends in the region.  Iran’s continued belligerent behavior and the recent U.S. election of President Donald Trump beg a re-assessment of U.S. options.

Significance:  The JCPOA was negotiated by the previous administration under President Barack Obama and has been subject to harsh criticism by the new administration under President Trump.  Iran has recently engaged in provocative behavior by conducting new ballistic missile tests[2].  Although these new ballistic missile tests do not violate the JCPOA, these actions suggest Iran may test the limits of the JCPOA and the Trump administration[2].  As a counter-point to any hard-line the Trump administration may take against Iran, many European companies are already renewing business and banking contacts with the regime[3].  There is little interest in canceling the JCPOA in Europe, and without European support, it would be nearly impossible to re-impose effective sanctions[8].

Option #1:  The U.S. treats Iran as a pariah and continues to work to isolate Iran from the international system.  This assumes that isolation, as a punishment that negatively impacts the Iranian people, will serve to pull Iran back into the fold of acceptable behavior.

Risk:  Iran developed ties with other states on the margins such as Russia and the People’s Republic of China that helped to sustain it during 30 years of sanctions[4][5].  Iran has become proficient at working behind the scenes and using proxies and can mitigate some of the impacts of sanctions and continue its attempts to influence its neighbors[6].  It is unlikely that Europe will willingly join in another round of sanctions if the U.S. decides to renew them[8].  The U.S.’s likely only remaining option would be military action with few international partners.

Gain:  With Option #1, the U.S. will continue to keep local allies in the region who despise Iran such as Saudi Arabia and other Arab states happy[7].  The enduring threat of sanctions and the forced isolation of Iran by the U.S. will maintain the balance of power in the region cultivated over the last twenty years and is an important consideration.  A shunned Iran may make U.S. allies in the region stronger.

Option #2:  The U.S. allows Iran to continue to integrate into the international system.  This assumes that the closer Iran comes to the rest of the world, the less likely it will be to lash out and the more vulnerable it will be to economic or diplomatic pressure.

Risk:  Iran gains legitimacy by being allowed to rejoin the economic and political systems of the world.  Iran would also gain the ability to access items needed for its nuclear program on the international market.  Iran has blustered about closing the Gulf to oil transit before.  However, Iran has never done so, even during its war with Iraq, as such a move would hurt its own oil exports[7].  Closing the Persian Gulf at the straits of Hormuz is still a risk, even if mitigated by Iran’s increased dependence on the world.  Saudi Arabia would oppose Option #2 in the strongest possible terms, and it may seriously damage U.S. formal relations with them[9].

Gain:  Iran in the international community would find itself the beneficiary of access to the international banking system to enable oil exports and other civil export and import rules that would benefit its civil and military population.  As a member of the international community, Iran may find it harder to justify proxies such as Hezbollah.  The U.S. has long hoped to influence Iran to become more moderate and this may further that goal.

Other Comments:  The proxy war between Iran and the allies of Saudi Arabia has involved the U.S and is currently raging in Syria, Lebanon, Iraq, and Yemen[6][9].  Both the U.S. and Iran are likely to continue to fight using proxies in other countries, and the potential to involve the U.S. in more regional conflicts is high.  Iran’s nuclear ambitions are a central part of this problem and finding a solution is important.  Iran may also consider keeping the region chaotic to distract the U.S. and Europe to benefit its purposes.

Recommendation:  None.


Endnotes:

[1]  United Nations. (2015) Retrieved from: http://www.un.org/en/sc/2231/

[2]  Kenyon, P. (2017 February 3). Did Iran’s ballistic missile test violate a U.N. resolution? National Public Radio. Retrieved from: http://www.npr.org/sections/parallels/2017/02/03/ 513229839/did-irans-ballistic-missile-test-violate-a-u-n-resolution

[3]  Arnold, M. (2016 April 3). Europe’s banks begin tentative return to Iran. Financial Times. Retrieved from: https://www.ft.com/content/75dc8d7e-f830-11e5-803c-d27c7117d132

[4]  Katz, M.N. (2010). Iran primer: Iran and Russia. Public Broadcasting System. Retrieved from: http://www.pbs.org/wgbh/pages/frontline/tehranbureau/2010/10/iran-primer-iran-and-russia.html

[5]  Takeyh, R., & Maloney, S. (2011). The self-limiting success of Iran sanctions. International affairs 87 (6) pp. 1297-1312. doi: 10.1111/j.1468-2346.2011.01037.x

[6]  Fisher, M. (2016, November 19). How the Iranian-Saudi proxy struggle tore apart the Middle East. The New York Times. Retrieved from: https://www.nytimes.com/2016/11/20/world/middleeast/iran-saudi-proxy-war.html

[7]  Glaser, C.L. & Kelanic, R.A. (2017 January/February). Getting out of the gulf. Foreign Affairs 96(1).

[8]  Alkhalisi, Z. (2016, November 10). Trump could hit Iran with sanctions — but Europe would scream. CNN Money. Retrieved from: http://money.cnn.com/2016/11/10/news/economy/trump-iran-sanctions/

[9]  Morris, L. & Naylor, H. (2015 July 14). Arab states fear nuclear deal with give Iran a bigger regional role. The Washington Post. Retrieved from: https://www.washingtonpost.com/world/middle_east/arab-states-fear-dangerous-iranian-nuclear-deal-will-shake-up-region/2015/07/14/96d68ff3-7fce-4bf5-9170-6bcc9dfe46aa_story.html

Arms Control Economic Factors Iran Option Papers Ted Martin Treaties and Agreements

South China Sea: Continuous U.S. Presence or a new Law of the Sea Treaty 

David Mattingly serves on the board of directors for the Naval Intelligence Professionals and is also a member of the Military Writers Guild.  The views reflected are his own and do not represents the United States Government of any of its agencies.  Divergent Options’ content does not contain information of an official nature nor does the content represent the official position of any government, any organization, or any group.


National Security Situation:  The United Nations Convention for the Law of Sea (UNCLOS III) has failed to adequately define a nation’s territorial waters and to create a body which can enforce its judgements on nations involved in arbitration.

Date Originally Written:  February 7, 2017.

Date Originally Published:  March 6, 2017.

Author and / or Article Point of View:  David Mattingly is retired from the U.S. Navy and has sailed with U.S. Navy Carrier Task Groups in the South China Sea (SCS).  He holds a Masters of Arts in National Security Studies where he studied the geopolitics of the SCS and authored “The South China Sea Geopolitics: Controversy and Confrontation.”

Background:  Over the centuries, a few countries with strong navies controlled the world’s oceans.  The outcome of many conflicts fought on land often had a strong maritime element.  Dutch jurist Hugo Grotius first addressed the Law of Sea in his 1609 treatise Mare Liberum in which he established the idea of the freedom of the seas[1].  After  World War II and the emergence of the United Nations, the first Convention of the Law of the Sea (UNCLOS) concluded with four treaties being signed: Convention on the Territorial Sea and the Contiguous Zone (CTS); Convention on the High Seas (CHS); Convention on Fishing and Conservation of the Living Resources of the High Seas (CFCLR); and Convention on the Continental Shelf (CCS); as well as the Optional Protocol of Signature concerning the Compulsory Settlement of Disputes (OPSD)[2].  UNCLOS II convened in Malta to discuss territorial seas and fishery limits, however, the convention ended without agreeing upon a new treaty[3].  Today, UNCLOS III has been accepted by 167 nations and the European Union, however, although the U.S. has agreed in principle to the convention, it has not been ratified by the U.S.[4].  In the last attempt for ratification in 2012, it failed due to the “breadth and ambiguity” of the treaty and because it was not in the “national interest of the United States” to give sovereignty to an international body.  Ratification was overwhelmingly supported by the Department of Defense and the U.S. shipping industry[5][6].

Traditionally, a nation’s territorial boundary was established as a three-mile belt along its coastline based on the distance that a cannon could shoot a projectile.  All waters beyond the three-mile limit were considered international territory.

Today, the SCS is a possible flash point for confrontation over unresolved issues of the UNCLOS III between the Peoples Republic of China (PRC), its neighboring states which have joined to form the Association of Southeast Asian Nations (ASEAN), and the U.S.  The islands in the SCS remained largely uninhabited until the mid-1970s when the PRC began to lay claim to a number islands and shoals which were claimed during the reign of Emperor Yongle of the Ming Dynasty in 1405 and later claimed by the PRC in what has come to be known as the “Nine-dash line[7].”  A map which was produced after World War II extended the PRC’s territorial waters claim deep into the SCS.  France challenged the PRC’s claim in 1931 by claiming the Parcel Islands and the Spratley Islands as territory of French-Indo China which then passed to the government of Vietnam after the Franco-Indo China War ended in 1954[8].

To understand UNCLOS III, it is important to first understand the definitions of terms such as the differences between an island and a rock.  The PRC began an aggressive land reclamation program where soil was dredged from the ocean bottom to create islands, which have standing under UNCLOS III, unlike rocks and shoals which are not recognized.  The islands created by the PRC can support military garrisons, home porting of both military and fishing ships, and extend the PRC’s territorial limits under the “archipelagos concept[9].”  Within UNCLOS III, this concept furthers a nation’s territorial rights by considering the seas between the mainland and the islands claimed by a nation as a connecting, rather than separating, element.  The PRC could therefore declare an emergency and suspend the “right of innocent passage” for its self-protection.

Significance:  Merchant shipping between Asia, the Middle East, and the Americas transverse the SCS and a PRC declaration of emergency which suspended the “right of innocent passage” would have major impact in global shipping.

Option #1:  The U.S. and coalition naval forces create a continuous presence in the SCS and actively challenge PRC naval activities and construction of and on islands and rocks in dispute.

Risk:  The PRC has openly harassed and attacked ships and aircraft of the U.S. and ASEAN member nations.  The PRC has established the SCS as its home waters and had several years to construct military garrisons on the islands which it created.  It is possible that the Peoples Liberation Army Navy (PLAN) has placed surface to air missiles on the larger islands.  Additionally, the PLAN has aggressively modernized its ships and aircraft to include launching its first aircraft carrier.  As such, Option #1 may increase the possibility of a naval confrontation between the U.S. and the PRC.

Gain:  A naval coalition could provide protection for fishing and merchant shipping in the SCS and shape the narrative that the international community will not idly allow the PRC to control one of the most important sea lines of commerce.

Option #2   The U.S. and other nations could call for UNCLOS IV.  As evidenced by recent events in the SCS, UNCLOS III left many gray areas that are open for arbitration and the decisions lack the power of enforcement.  UNCLOS IV would address these gray areas and establish an enforcement framework.

Risk:  Major powers agreeing to a new UNCLOS could perceive that they have lost sovereign rights.  The UN lacks the ability to enforce treaties unless the major powers are onboard thus the text of a new UNCLOS would have to be carefully worded.

Gain:  In creating an agreement that is recognized by the international community, confrontation between the U.S., the PRC, and ASEAN may be avoided.

Other Comments:  None.

Recommendation:  None.


Endnotes:

[1]  Harrison, James. July 5, 2007. Evolution of the law of the sea: developments in law -making in the wake of the 1982 Law of the Sea Convention.

[2]  Treves, Tullio. 1958 Geneva Conventions on the Law of the Sea. United Nations.  http://legal.un.org/avl/ha/gclos/gclos.html

[3]  Second United Nations Convention on the Law of the Sea 17 March – 26 April 1960 Geneva, Switzerland. , January 8, 2017. Washington School of Law, American University. http://wcl.american.libguides.com/c.php?

[4]  The Convention of the Law of Sea. U.S. Navy Judge Advocate Corps. http://www.jag.navy.mil/organization/code_10_law_of_the_sea.htm

[5]  Patrick, Stewart M, June 10, 2012. (Almost) Everyone Agrees: The U.S. Should Ratify the Law of the Sea Treaty. The Atlantic. https://www.theatlantic.com/international/archive/2012/06/-almost-everyone-agrees-the-us-should-ratify-the-law-of-the-sea-treaty/258301/

[6]  Senators Portman and Ayotte Sink Law of the Sea. July 16, 2012. Portman Senate Office, Washington, DC.

[7]  Tsirbas, Marina. , June 2, 2016. What Does the Nine-Dash Line Actually Mean? The Diplomat. http://thediplomat.com/2016/06/what-does-the-nine-dash-line-actually-mean/

[8]  Bautista, Lowell B. 2011.  Philippine Territorial Boundaries: Internal tensions, colonial baggage, ambivalent conformity.  University of Wollongong. New South Wales, http://jati-dseas.um.edu.my/filebank/published_article/3162/035 053%20Lowell%20B.%20Bautista-
 Philippine%20Territorial,%20JATI%20VOL16,%202011-%20new.pdf

[9]  Katchen, Martin H. 1976. The Spratly Islands and the Law of the Sea: “Dangerous ground” for Asian Peace. Presented at the Association of Asian Studies, Pacific Area Conference.  June.  Revised and published in the Asian Survey. 

China (People's Republic of China) David Mattingly Maritime Option Papers South China Sea Treaties and Agreements United States