The New York Times published a major story last week, drawing on research from the cybersecurity company Symantec. The story revealed how a group of elite Chinese hackers known as APT3 had apparently gained access to powerful American hacking tools and used them to penetrate governments and companies of American allies.
Ben Buchanan is an Assistant Teaching Professor at Georgetown University’s School of Foreign Service, where he conducts research on the intersection of cybersecurity, artificial intelligence and statecraft. His first book, "The Cybersecurity Dilemma," was published by Oxford University Press in 2017. Previously, he has written journal articles and peer-reviewed papers on artificial intelligence, attributing cyber attacks, deterrence in cyber operations, cryptography, election cybersecurity, and the spread of malicious code between nations and non-state actors. He is also a regular contributor to Lawfare and War on the Rocks, and has published op-eds in the Washington Post and other outlets. Ben received his Ph.D. in War Studies from King’s College London, where he was a Marshall Scholar. He earned master’s and undergraduate degrees from Georgetown University.
Subscribe to this Lawfare contributor via RSS.
On February 26, Ellen Nakashima of the Washington Post reported what had been speculated for some weeks: that U.S. Cyber Command undertook an offensive cyber campaign to protect the 2018 midterm elections.
In Lawfare on Oct. 19, Chinese cybersecurity analyst Lyu Jinghua (吕晶华) offered a thoughtful critique of the 2018 Department of Defense Cyber Strategy, an unclassified seven-page summary of which was released publicly on Sept. 18.
Lawfare and others have spent an enormous amount of time discussing the intricacies of the Vulnerabilities Equities Process (VEP). Many policy conferences have been dedicated to the matter, and an even greater number of Twitter debates. The topic, in its own way, serves as a proxy for what one thinks of broader issues in information security and signals intelligence.
Today’s so-called WannaCry ransomware attack reveals the stakes, but more importantly the limits, of that debate.
My colleague Ben Buchanan and I have written a paper on cybersecurity threats to American elections. While we examine operations that try to influence American voters—like the much-publicized hack of various Democratic Party entities—we also examine threats to voting infrastructure itself. We consider the motivations of hackers for targeting elections, the plausible threats to election security, and the effects of real and perceived manipulation.