A primer on the proliferation of offensive cyber capabilitie

A primer on the proliferation of offensive cyber capabilities
Issue Brief
by
Winnona DeSombre, Michele Campobasso, Dr. Luca Allodi, Dr. James Shires, JD Work, Robert Morgus, Patrick Howell O’Neill, and Dr. Trey Herr
Executive summary
Offensive cyber capabilities run the gamut from sophisticated, long-term disruptions of physical infrastructure to malware used to target human rights journalists. As these capabilities continue to proliferate with increasing complexity and to new types of actors, the imperative to slow and counter their spread only strengthens. But to confront this growing menace, practitioners and policy makers must understand the processes and incentives behind it. The issue of cyber capability proliferation has often been presented as attempted export controls on intrusion software, creating a singular emphasis on malware components. This primer reframes the narrative of cyber capability proliferation to be more in line with the life cycle of cyber operations as a whole, presenting five pillars of offensive cyber capability:

Related Keywords

New York , United States , Texas , Iran , White House , District Of Columbia , Beijing , China , Natanz , Esfahan , United Arab Emirates , Washington , Russia , Seattle , Shubina , Permskiy Kray , Fletcher School , Israel , Dinei , Fujian , North Korea , Cambridge , Cambridgeshire , United Kingdom , South Korea , Iranian , Chinese , Russian , Israeli , Russians , South Korean , American , Bahr Abdul Razzak , Robert Chesney , David Kushner , Richard Clarke , Mara Tam , Andrey Turchin , Cormac Herley , Sergio Caltagirone , Luca Allodi , Dale Gardner , Gozde Berkil , Christopher Bing , Kathleen Metrick , Winnona Desombre , Ionut Arghire , Lorenzo Franceschi Bicchierai , Priscilla Moriuchi , Sarah Mckune , Wade Baker , Kapersky Securelist , Boris Larin , John Scott Railton , Michele Campobasso , Bill Gertz , Chris Betz , Robert Morgus , Nicole Perloth , Trey Herr , Scott Shane , Damien Wilde , Dustin Fraze , Jay Jacobs , Sean Gallagher , Patrick Howell Oneill , Andy Greenberg , Catalin Cimpanu , James Shires , Brian Krebs , Briefbywinnona Desombre , Charlie Osborne , Eduard Kovacs , Adam Segal , Joel Schectman , Dan Byrnes , Nate Anderson , Dorothy Denning , Peter Beardmore , Jared Semrau , Ralph Langner , Google , Dartmouth College , Etexas National Security , Task Force , Us Scholarship For Service , International Conference On Cyber , Us Department Of Justice , Research Projects Agency , Scowcroft Center , Group Pegasus Spyware To Operations , Hacking Team , Us Treasury Department , Espionage Group , Program Overview , Us Department Of Commerce , Enrichment Program , China Ministry Of State Security , Defense Language Institute , Certification Authority , Central Intelligence Agency , Ministry Of State Security , Source Code Review Lab , Harvard Belfer Center National Cyber Power Index , Communications Security , Computer Sciences , Office Of Public Affairs , Gartner Research , Atlantic Council Cyber Statecraft Initiative , United State National Security Agency , Why Wassenaar Arrangement Definitions Of Intrusion Software , New York Times , Security Group Of Eindhoven University Technology , How Kaspersky Lab Tracked Down The Malware , United States District Court , China National Vulnerability Database , Association For Computing Machinery , Electronic Frontier Foundation , Microsoft Research , University Of Cambridge , International Governance , Institute For Security , Iranian Hackers Exploit Recent Office , Us Department Of The Treasury , Mcafee , University Of Oxford , Analysis Department , Reuters , University Of London , Trend Micro , Technology Analysis , Offsec Services , Research Advisory Group , Atlantic Council , Harvard Kennedy School , Treasury Sanctions Russian Government Research Institution , Insikt Group , Birkbeck College , Global Affairs , Us Office Of Personnel Management , University Of Leiden , National Vulnerability Database , Huawei , Service As Attack Platform , National Security Agency Cryptologic School , Us Cyberspace Solarium Commission , Iran Nuclear , European Union , Development Research Exploitation , Citizen Lab , Hacking Team Of American Mercenaries , Marine Corps University , Us Defense Advanced Research Projects Agency , International Affairs , School Of Hacks , Google Threat Analysis Group , Cyber Statecraft Initiative , Bureau Of Industry , Youtube , Items Put Security Research , International Relations , Patrick Howello Neill , Countering Cyber Proliferation , Code Not Taken , Cyber Espionage , Atomic Scientists , Intelligence Contests , Strategic Competition , Policy Roundtable , Cyber Conflict , Intelligence Contest , Texas National Security Review , Wassenaar Arrangement , International Conference , Vulnerability Lifecycle , Cyber Security Project , Offensive Cyber Techniques , Cold War , Export Controls , Cyberweapons Controls , Computer Security Journal , Frontier Foundation , Intrusion Software , Controlled Items Put Security Research , Intent Fallacy , Wassenaar Arrangement Licensing , Enforcement Officers Meeting , Zero Day Vulnerabilities , Real Story , How Kaspersky Lab Tracked Down , Stymied Iran , Nuclear Fuel Enrichment Program , Israel Created Stuxnet , Lost Control , Technical Analysis , What Stuxnet , Creators Tried , Operation Olympic Games , Bill Marczak , Pegasus Spyware , Russians So Set ,