The overarching question imparting urgency to this exploration is: Can U.S.-Russian contention in cyberspace cause the two nuclear superpowers to stumble into war? In considering this question we were constantly reminded of recent comments by a prominent U.S. arms control expert: At least as dangerous as the risk of an actual cyberattack, he observed, is cyber operations’ “blurring of the line between peace and war.” Or, as Nye wrote, “in the cyber realm, the difference between a weapon and a non-weapon may come down to a single line of code, or simply the intent of a computer program’s user.”
JD Work serves as the Bren Chair for Cyber Conflict and Security at Marine Corps University, where he seeks to develop the theory, practice and operational art of the cyber warfighting function, and to
explore the wider role of the cyber instrument in national security strategy. He has over two decades experience working in cyber intelligence and operations roles for the private sector and US
government. Mr. Work's research provides insight into the emerging strategic issues, economic consequences, and technology implications created by hostilities in the virtual domain; and charts the engagements, follow on effects, capabilities, doctrine, and drivers behind the antagonistic action of potential combatants in the networked environment, in order to support early warning, crisis management and crisis prevention in and through cyberspace. Since 2001, he has developed and taught analytic tradecraft and other courses to advance the discipline of intelligence studies at a number
of academic institutions and US government agencies, and continues to teach with Columbia University, School of International and Public Affairs as well as George Washington University, Elliot School of International Affairs.
The transitory nature of offensive cyber capabilities fundamentally changes the character of investment in "weapons" for use against digital systems and network targets, and the decisionmaking around the optimum employment of scarce options to sustain access and deliver
effects at a time and place, and in a manner consistent with warfighting objectives intended to achieve the aims of "politics by other means". The considerations that flow from the unknown but inevitable time-sensitive decline in utility of even the most exquisite exploitation portfolios impose certain inexorable logic on tactical choices, and in turn the operational art that may be brought to bear in order to leverage cyber power in pursuit of term campaigns over the longer term.
While some aspects of such considerations have been discussed in the literature to date, international relations, military science and intelligence scholars have thus far lacked an overarching framework
for analysis of these factors. This gap poses serious challenges to understanding contemporary and future threats, as these drivers underpin much of the observed intrusion behavior of advanced
persistent threat groups, as well as hostile aspirants pursuing parity or innovation in acquisition of their own new OCO capabilities. Further, a framework for analysis of arsenal management decisionmaking must also account for the potentially radical changes to offensive
capabilities valuation that is introduced by emerging technologies that alter the business models, footprint, development and operations of mission relevant compute.
We will consider the elements that contribute to an integrated understanding of offensive cyber capabilities and an assessment of the strategic considerations involved in sourcing, preserving, and
sustaining offensive capacity over time. We will also explore the explanatory and estimative dynamics that this framework might offer for cyber threat intelligence, counter-cyber operations, vulnerabilities equities processes, and other policy decisions.