Concerns about changes to the U.S. policy on offensive cyber operations raise an interesting and important question about the balance of power between the White House and the Department of Defense. But this is a poor framing of the problem.
Latest in Offensive cyber operations
The Commerce Department’s addition of four entities to the export control Entity List highlights accelerated efforts to target companies providing cyber services to certain foreign governments—especially when human rights are at stake.
France, Cyber Operations and Sovereignty: The ‘Purist’ Approach to Sovereignty and Contradictory State Practice
The rule of sovereignty that France asserts applies to cyberspace is incompatible with several of its own operations. The “purist” approach to a rule of sovereignty for cyber operations is at odds with the state practice of cyber-capable states.
On February 26, Ellen Nakashima of the Washington Post reported what had been speculated for some weeks: that U.S. Cyber Command undertook an offensive cyber campaign to protect the 2018 midterm elections.
Since its November 2018 announcement of the Paris Call, a code of conduct for cyber space, France has turned to the offensive. On Jan. 18, French armed forces minister Florence Parly unveiled the country’s first doctrine for offensive cyber operations.
In my first post on this subject, I quoted a news story in fedscoop saying that
The development of “loud” offensive cyber tools, [that could be definitively traced to the United States and thus] able to possibly deter future intrusions, represent a “different paradigm shift” from what the agency has used to in the past.
In a previous post, I commented on the apparent desire of U.S. Cyber Command to develop "loud" cyber weapons, that is, weapons whose use could be easily attributable. But further conversation with various people suggest one additional wrinkle important enough to warrant a separate posting here (rather than just updating the original article).