Understanding Cyberwarfare - Modern War Institute, Lecture notes of Russian

Download Understanding Cyberwarfare - Modern War Institute and more Lecture notes Russian in PDF only on Docsity! Understanding Cyberwarfare Lessons from the Russia-Georgia War Sarah P. White March 20, 2018 Understanding Cyberwarfare: Lessons from the Russia-Georgia War 1 Cyberattacks had become an established tool of statecraft by the time they were used against the Republic of Georgia in the summer of 2008, albeit one without a legal framework and whose long-term implications remained poorly understood. 1 Nevertheless, the war between Russia and Georgia that took place in August of that year was remarkable for its inclusion of a series of large-scale, overt cyberspace attacks that were relatively well synchronized with conventional military operations. Conducted by an army of patriotic citizen hackers, the cyber campaign consisted of distributed denial of service (DDoS) attacks and website defacements that were similar in nature but different in method to what had occurred in Estonia the year prior. In total, fifty-four news, government, and financial websites were defaced or denied, with the average denial of service lasting two hours and fifteen minutes and the longest lasting six hours.2 Thirty-five percent of Georgia’s Internet networks suffered decreased functionality during the 1 Examples of the state-sponsored use of cyberattacks prior to 2008 include espionage (e.g., Titan Rain, Moonlight Maze), support to precision military raids (e.g., Operation Orchard), sabotage (e.g., Stuxnet, the planning for which is estimated to have begun in 2007), and coercion (e.g., Estonia). Several books provide an accounting of these and other events, to include Segal, Hacked World Order; Kaplan, Dark Territory; and Healy, Fierce Domain. 2 Tikk et al., Cyber Attacks against Georgia. 3 Russell, “Georgia-Russia War.” 4 Ibid. 5 Interviews conducted with members of the Georgian military, government, and defense ministry, June 2017, in the Republic of Georgia, reinforced the point that while the cyberattacks added a layer of chaos to the Georgian response, they did not affect military decision making about the crisis in a significant way. attacks, with the highest levels of online activity coinciding with the Russian invasion of South Ossetia on August 8, 9, and 10.3 Even the National Bank of Georgia had to suspend all electronic services from August 8–19.4 While there is strong political and circumstantial evidence that the attacks were encouraged by the Russian state, definitive technical attribution—and thus definitive legal culpability—have remained elusive. The cyberattacks had little effect on conventional forces and were not decisive to the outcome of the conflict,5 but they nevertheless offer significant lessons on the character of modern warfare for scholars of conflict and military studies. This paper will offer a brief analysis of several of those lessons. First, the attacks reinforced the Russian interpretation of cyberspace as a tool for holistic psychological manipulation and information warfare. By impeding the Georgian government’s ability to react, respond, and communicate, the cyberattacks Understanding Cyberwarfare: Lessons from the Russia-Georgia War 2 created the time and space for Russia to shape the international narrative in the critical early days of the conflict. Second, the attacks highlighted the role of third forces on the modern battlefield. These forces ranged from the citizen hackers who perpetrated the attacks to the private companies who were relied on to defend against them. And third, the attacks provide a useful demonstration of how the technical concepts of cyberspace can be understood through conventional operational concepts in order to more effectively integrate them with military operations. Cyberattacks in the Russia-Georgia War Reaffirm the Russian View of Cyberspace as a Tool for Psychological Manipulation and Information Warfare In analyzing Russian cyber doctrine, one must understand that neither the word “cyber” nor the term “hybrid warfare” exist independently in the Russian conceptual framework; instead, 6 Giles, “Russia’s ‘New’ Tools for Confronting the West.” 7 Medvedev, “Military Doctrine of the Russian Federation”; Giles, “Military Doctrine of the Russian Federation 2010.” 8 Connell and Vogler, “Russia’s Approach to Cyber Warfare.” 9 Thomas, “Information Security Thinking.” they are used almost exclusively in reference to Western activities.6 While the US military has established an understanding of cyberspace as a discrete domain of warfare that deserves its own doctrine, its own troops, and its own unique menu of lethal and nonlethal effects, Russia treats cyberspace as a subordinate component to its holistic doctrine of information warfare.7 Cyber operations, to the Russian mind, are regarded more broadly “as a mechanism for enabling the state to dominate the information landscape,” rather than as a narrow mechanism for the achievement of discrete effects on communication systems.8 This distinction is evident in the Russian use of the phrase “information security” rather than the more narrowly technical notion of “cybersecurity” that prevails in US discussion.9 Furthermore, the Russian conception of information warfare is also more holistic in character than the typical Western understanding. Whereas the West tends to view information as data that is transmitted and stored on networks—a data- and system- centric perspective that arose out of the information theory movement of the mid- Understanding Cyberwarfare: Lessons from the Russia-Georgia War 3 twentieth century—other conceptions see information as a platform for shaping individual and collective perception, to alter how people make decisions and how societies see the world.10 The Russian conception of information warfare reflects this second, more psychological tone. Shaped by a history of confrontation with adversaries who were technologically and economically superior, the Russian military tradition depended on achieving victory through a qualitative, near- spiritual sense of moral superiority.11 This moral superiority required the deliberate cultivation of a sense of psychological and cultural integrity that was strong enough to withstand the effects of outside influence. Furthermore, the imperatives of Soviet authoritarianism depended on the tight control of information flows to prevent the population from mobilizing against state power.12 The Russian approach to the Internet today is in many ways a natural evolution of this cultural legacy. Unlike the US cybersecurity framework, which has been overwhelmingly 10 Lawson, “Russia Gets a New Information Security Doctrine.” 11 Adamsky, Culture of Military Innovation. 12 Soldatov and Borogan, Red Web. 13 Thomas, “Information Security Thinking.” 14 Galperovich, “Putin Signs New Information Security Doctrine.” The new information security doctrine is of the same spirit as both the 2000 and 2010 versions, the former of which includes as threats, “the devaluation of spiritual values, the propaganda of examples of mass culture which are based on the cult of violence, and on spiritual and moral values which run counter to the values accepted in Russian society.” Quote taken from Giles, “Information Troops.” concerned with threats to the hardware and software of the Internet rather than threats to the psyche of users, the Russian information security doctrine treats information- psychological and information-technical threats with equal severity.13 The 2016 version of this doctrine, for example, describes the threat of an “informational pressure” that has “the aim of diluting traditional Russian spiritual-moral values.”14 The consistent language of the past three iterations of this doctrine suggest that Russia is just as concerned with maintaining psychological, perceptual, and cultural integrity as it is with the physical state of networks or their resident data. Noticeably absent from these discussions on cyber conflict is any mention of the role of the offense in cyberspace, something that US and British governments have far more openly discussed. There are several possible motivations for this absence, not the least of which concerns the legitimate desire to keep offensive capabilities secret. An Understanding Cyberwarfare: Lessons from the Russia-Georgia War 6 but are not, strictly speaking, combatants.”22 The Russia-Georgia War provides several examples of how third forces can exert influence on the battlefield both inside and outside state control. The first such example is the Russian hackers themselves. Russia has a well-documented history of employing civilians, criminal syndicates, and armies of social media bots23 to rapidly increase the depth and breadth of its offensive cyber footprint with minimal levels of state attribution.24 In this tradition, the cyberattacks in Georgia were not perpetrated by a uniformed arm of the Russian state, but by patriotic citizens who were engaged and recruited through social media. The primary hacker forums for coordination and tool dissemination were xaker.ru and StopGeorgia.ru. The hacker communities within them followed a distinct hierarchy in which the more technically skilled forum leaders provided the tools, vulnerabilities, and target lists for the less tech-savvy followers to action.25 22 US Army War College Key Strategic Issues List 2016–2017. 23 Chen, “Agency.” 24 Klimburg, “Mobilising Cyber Power.” See also Soldatov and Borogan, Red Web, for examples of domestic use. 25 Russia-Georgia Cyber War—Findings and Analysis. 26 Klimburg, “Mobilising Cyber Power.” 27 Ibid. 28 Deibert, “Cyclones in Cyberspace.” 29 Bumgarner and Borg, Overview by the US-CCU. Russian political culture has two attributes that make it particularly adept at marshaling these non-state cyber resources in the service of its strategic goals, a process that Alexander Klimburg calls “mobilizing cyber power.”26 The first is a historically cozy relationship between the state and organized crime. In cyberspace this relationship is most evident in the nefarious online activity of the Russian Business Network (RBN), which is the only criminal organization identified by NATO as a major strategic threat.27 ShadowServer Foundation identified at least six different C2 servers used in the conflict, all of which had a preexisting record of DDoS activity.28 Some of the zombie computers involved even conducted attacks on unrelated e-commerce websites amidst the Georgia campaign.29 The second attribute that enables Russian recruitment of its patriotic hacker community is a long-standing political tradition of propaganda, agitation, and narrative control designed to shape the collective psyche and mobilize the popular consciousness in service of the state. This Understanding Cyberwarfare: Lessons from the Russia-Georgia War 7 tradition led to the creation of several Kremlin- sponsored youth movements in the mid-2000s, which have since been implicated in both trolling and DDoS operations against Kremlin opponents.30 Accordingly, the first step of the kill chain for the Georgia cyberattacks entailed an encouragement of novices “through patriotic imagery and rhetoric to get involved in the cyber war against Georgia.”31 While Russia claims that it neither supports nor encourages these cyber privateers, internal military discourse indicates that the Russian state is well aware of the strategic advantages they provide. Following the 2008 campaign, discussion within the Russian military cited a poor performance in the information domain as evidence of the need for “Information Troops” within the Russian armed forces who were capable of conducting full-spectrum information operations.32 Criticisms of this proposal stemmed from a reluctance to cede the many benefits of the existing arrangement. First, the use of citizen hackers allows Russia to circumvent one of the greatest challenges in cyberspace: recruiting and retaining talent. The execution of effective cyberspace operations 30 Soldatov and Borogan identify two groups in particular: Nashi (“Ours”) and Molodaya Gvardiya (“Young Guard”), the latter of which created its own media wing in 2013 to help with domestic Internet censorship. 31 Russia-Georgia Cyber War. 32 Giles, “Information Troops.” 33 Evans and Reeder, Human Capital Crisis in Cyber Security; “US Army Introduces Cyber Fast Track for Civilians”; Borderless Battle. requires a level of creativity and innovation that disciplined, hierarchical, and process-oriented militaries find difficult to accommodate. Recognizing that military organizations are ill situated to cultivating talent, the best coders often head to the private sector, leaving militaries with a crisis in manpower even as the requirements for effective cyber defense and offense increase.33 A reliance on third-party actors allows a state to capitalize on the richest talent pools without having to significantly overhaul their entrenched military processes. These private-sector actors, unburdened by the rigid hierarchies of authority that rightfully safeguard the military application of lethal violence, are far more proficient in the type of operational agility that cyberspace requires. This agility was evident in the chronology of the Russia-Georgia War, as the Russian hackers were able to effectively counter each successive Georgian response, through rapidly executed actions of increasing technical sophistication. Furthermore, the use of non-state hackers allows the Russian state to elude formal attribution from the hackers’ cyber activities. Since attribution is a precondition for Understanding Cyberwarfare: Lessons from the Russia-Georgia War 8 retaliation, the use of non-state hackers enables a state to inhabit an operational gray space that complicates the pursuit of a response and obfuscates the applicability of international law.34 To this day, there exists no forensic evidence that definitively connects the Russian government to cyber actions against Georgia. Referencing the effectiveness of the citizen-led Georgian campaign, one report stated outright that “there is no need for the state machine in modern cyber warfare.”35 In the Russian calculus, the use of non-state hackers offers a set of utilitarian advantages that outweighs any associated reputational costs: citizen hackers are anonymous, they can be mobilized quickly, they require no additional state training, and they are operationally agile. While Russia has recently signaled an intention to bolster the cyber capability of its armed forces, the aforementioned advantages suggest that its reliance on third-party actors to execute the state’s cyber operational dirty work is unlikely to go away as an auxiliary tactic any time soon.36 Acknowledging the role of unregulated 34 Tikk et al., Cyber Attacks against Georgia. 35 Giles, “Information Troops.” 36 Connell and Vogler, “Russia’s Approach to Cyber Warfare.” 37 Tikk et al., Cyber Attacks against Georgia. 38 Other noteworthy examples of patriotic hacking wars include Kosovo in 1999, the Second Intifada in 1999, digital skirmishes between India and Pakistan in 2000, and the Hainan Island Incident in 2001. third-party actors in cyber conflict also requires us to contend with the patriotic amateur hacking wars that such actors will inevitably incite. Because amateur hackers are not bound by the same considerations of collateral damage that restrict military cyberspace operations, their potential involvement in future conflict is a concerning development. One of the first elements of Georgian society that was deliberately attacked was a hacking forum called www.hacking.ge, an effort to forestall a Georgian counterattack by neutralizing its citizen hacking community.37 This action precipitated limited Georgian attacks against Russian websites, thereby resulting in an independent cyber conflict between non-state actors under the cover of officially declared state hostilities.38 Furthermore, while the nationality of the hackers remained relatively evenly distributed among pro-Russian and pro-Georgian sympathizers, the infrastructure that they fought with touched over sixty different sovereign countries, suggesting that the digital repercussions of future conflict will extend far beyond the physical boundaries of the military Understanding Cyberwarfare: Lessons from the Russia-Georgia War 11 Cyberattacks in the Russia-Georgia War Show That Cyberspace Can Be Understood through, and Employed with, Existing Operational Principles A significant obstacle to planning for and integrating cyber effects into conventional military operations is the inability of the technical and nontechnical communities to understand one another, a phenomenon that Jason Healy describes as a “mutual misunderstanding between the ‘geeks’ and the ‘wonks.’”46 Those with the operational insight to recognize effective requirements for a campaign plan usually lack the specific technical knowledge to articulate how those requirements might be supported, while those with the technical knowledge to create solutions often lack adequate access to the planning process or adequate understanding 46 Healy, Fierce Domain, 16. 47 Electronic warfare, signals intelligence, and information operations all possess similarities to the cyberspace operations of today. As Michael Warner argues in his “Cybersecurity: A Prehistory,” current cyberspace doctrine bears a strong resemblance to concepts of information warfare in the early 1990s. 48 While the analogy that the US military is “building an airplane while in flight” in respect to cyberspace operations is woefully overused, there are important parallels to be drawn between the creation of air doctrine in the interwar years and the creation of cyber doctrine today. The Germans, the Americans, and the Brits all came to different conclusions as to how air power should be used, each of which failed to prove holistically effective when the motivating strategic circumstances were upturned. Several of the factors that went into these conclusions are present in some degree today: interservice rivalries and the consequent jostling for resources; the influence of technologies developed (or not) in the civilian sector; the multiple perspectives on the nature of the threat and of future war; the influence of personnel background on the thinking of each country’s new air organizations; and most importantly, the set of assumptions that underpinned each service’s estimation of the validity of their doctrinal projections. See Murray and Millett, Military Innovation in the Interwar Period, for a more detailed account of this and other examples of differing approaches to the same technology. of the larger strategic picture. Both sides are often stifled by poor communication channels and unaccommodating legal authorities. The resultant lack of demonstrated cyberspace effectiveness only further disinclines the supported community from requesting cyber effects in the future, thus perpetuating a cycle of missed opportunities for successful cyberspace integration that inhibits further capability development. Integration efforts are further stifled by the perception that cyberspace is new and different, when one could argue that there are clear historical analogues both for its effects47 and its integration.48 This gap in understanding is based in large part on the erroneous notion that cyberspace is too technical and too unique for the traditional war-fighting community to grasp. While the Army has made an effort to Understanding Cyberwarfare: Lessons from the Russia-Georgia War 12 rectify this conceptual discrepancy through the integration of 131A targeting warrants into its cyber formations and through tactical outreach initiatives such as Cyber Support to Corps and Below (CSCB), developing a shared understanding of cyberspace operations remains an institutional challenge throughout the broader force. The author is intimately familiar with the American experience in this regard, but Russian military discourse suggests that they also face similar challenges.49 Generating an understanding of cyberspace outside the cyberspace community (and in some cases inside it as well) is therefore critical to the successful implementation of cyberspace capabilities on a large scale. The Russia-Georgia conflict offers several important lessons in this regard. In offering the first publicly available evidence that large-scale, overt cyberattacks can be effectively nested with and understood through the lens of a maneuver campaign, the Georgian war represents a critical opportunity to bridge the conceptual gap that currently stifles the art of the possible in planning for effective cyberspace operations. First, the war demonstrated that cyber effects must pursue the same strategic, operational, and tactical purpose as the maneuver campaign they support. One of Russia’s primary strategic 49 Giles, “Information Troops.” objectives in Georgia was to reassert its power in the former Soviet periphery. Russian strength had to be contrasted with Georgian impotence, and so the Georgian government itself became the center of gravity for both the cyber campaign and the physical campaign. Cyberattacks enabled this purpose by demonstrating the Georgian government’s tenuous authority in digital space while Russian conventional forces demonstrated the same in physical space. Furthermore, by targeting only those sites whose loss would pose an inconvenience rather than those that would cause chaos or injury, Russian hackers demonstrated a level of restraint in their target selection that nested with the strategic need to avoid overly provoking the international community. The Russia-Georgia War also helped to debunk the “speed of cyber” fallacy. This fallacy centers on a myth that everything in cyberspace happens instantaneously, creating a sense of temporal misunderstanding that complicates effective cyber planning. It is true that cyberattacks can unfold more rapidly than attacks in physical space, since the digital domain is unencumbered by the limitations of terrain, logistics, or human endurance. However, because cyberattacks are dependent on a long process of identifying vulnerabilities, Understanding Cyberwarfare: Lessons from the Russia-Georgia War 13 developing exploits against those vulnerabilities, and then maintaining access to the targets that have them, a successful cyber campaign still requires months, if not years, of preparation and planning. Furthermore, a trained cyber force requires human capital supported by doctrine, training, technology, command and control, and physical infrastructure. As Dave Hollis states, one “cannot engage in cyber war from a cold start.”50 In cyberspace, as in physical space, the speed of a campaign’s execution is often inversely related to the amount of time spent preparing to carry it out. That Russian hackers were able to immediately engage in website defacement and denial of service attacks at the outbreak of hostilities in Georgia reveals the extent to which they had prepared for such hostilities beforehand. As the US-CCU reports, one of the tools used for website defacement had been created over two years prior, specifically for a campaign against Georgia. Many of the subordinate domains to StopGeorgia.ru had been registered several months before the outbreak of hostilities, and the hosting company used to register the site had been reported by malware-monitoring sites nearly two months prior to the conflict.51 The 50 Hollis, “Cyberwar Case Study.” 51 Carr, Inside Cyber Warfare. extensive preparation required in advance of cyber conflict allows for the assessment of synchronized cyberspace actions as an intelligence indicator for follow-on military operations. In the case of Georgia, these indicators took several forms and appeared at several different stages of the operational cycle: chat rooms in which hackers were recruited during the force-mobilization process; reconnaissance of digital targets to identify exploitable vulnerabilities; attacks against rival hacker communities as a preemptive strike on the adversary’s rear; and the neutralization of news sites prior to physical attack could all be seen, retrospectively, as mounting evidence of an armed campaign. Systematically identifying when, why, and how each of these indicators appears in adversary behavioral patterns can help improve how we integrate both offensive and defensive cyber capabilities into conventional operational processes. Additionally, while the specific tactical language of cyberspace may differ from that of maneuver, the Georgian campaign demonstrated that many of the same general principles still apply. An acknowledgment of this fact is important in helping to reframe how we consider and communicate cyberspace Understanding Cyberwarfare: Lessons from the Russia-Georgia War 16 However, such a realization carries with it several cautions. First, while cultivating an understanding of cyberspace through the lens of maneuver principles serves the necessary purpose of demystifying an otherwise-abstruse domain, in itself this effort is insufficient for creating the type of detailed technical understanding that is necessary for cyberspace operations personnel. Second, this effort should not be pursued at the exclusion of the type of deep strategic thinking required to fully realize the domain’s military and grand strategic potential. For example, one of the more revolutionary aspects of cyberspace is the extent to which it promotes a near-constant state of low-level conflict, one that equally defies our traditional understandings of war and our traditional frameworks for strategy.57 As we attempt to integrate new technology into existing doctrine, we would be wise to embark on the critical venture of questioning which aspects of our doctrine deserve to be reconsidered. Historical experience offers ample evidence of the perils that befall those militaries that fail to adequately question their own doctrinal assumptions as they pursue the 57 For examples of the discussion over the extent to which cyberspace is unique, see Rid, “Cyber War Will Not Take Place”; Stone, “Cyber War Will Take Place!”; Gartzke, “Myth of Cyberwar; Lee and Rid, “OMG Cyber!”; Junio, “How Probably Is Cyber War?; Lawson, “Beyond Cyber Doom”; Lindsay, “Stuxnet and the Limits of Cyber Warfare”; Haggard and Lindsay, “North Korea and the Sony Hack.” Further discussions concern cyberspace’s role in deterrence, a framework that was inherited from the nuclear age and whose fundamental precepts only questionably apply to the cyber domain. See Glaser, Deterrence of Cyber Attacks and US National Security; Rid and Buchanan, “Attributing Cyber Attacks”; Lindsay and Gartzke, “Coercion through Cyberspace”; Buchanan, Cybersecurity Dilemma; Nye, “Deterrence and Dissuasion in Cyberspace.” development and implementation of new technologies of war. Conclusion Methods of cyberattack have evolved in sophistication and complexity since their first overt integration with large-scale ground maneuver in the 2008 Russia-Georgia War. However, while technologies have changed in the past decade, the underlying dynamics of cyber conflict have not. This paper has attempted to highlight three of the more enduring lessons learned from the conflict that remain applicable to scholarly and military pursuits. First, the 2008 cyber campaign reinforces the Russian conception of cyberspace as a tool for information warfare rather than as a discrete, effects-based war-fighting domain. This conception has inspired increasingly assertive efforts to pursue Russian strategic Understanding Cyberwarfare: Lessons from the Russia-Georgia War 17 objectives through digital means, to include the 2016 and 2017 targeting of US and European democratic elections. Turning our scholarly sights toward Russian information-warfare doctrine, as well as its Soviet doctrinal predecessors, will better prepare us to contend with those uses of cyberspace that do not fit neatly into our own doctrinal framework and that do not present as cleanly defined offensive acts. Second, the 2008 Georgian cyberattacks demonstrated the increasing influence of third forces to the modern battlefield. As such, they exemplify the diffusion of power phenomenon that takes the mechanisms of conflict beyond state control. The influence of these actors on the cyber battlefield both complicates the direct application of the laws of armed conflict and affects the range of state action available for response, since private actors own the majority of cyberspace infrastructure. Efforts are underway to more effectively harness the power of the private sector in pursuit of holistic cybersecurity,58 but a great deal of research remains in understanding the implications of these actors to modern conflict. Finally, the conflict demonstrated that cyberspace operations can be effectively leveraged with and understood through traditional operational principles—an insight of evolutionary utility that should not preclude the embrace of cyberspace’s revolutionary qualities. Military professionals must be as comfortable speaking about cyberspace operations as they are those on land, in air, or at sea if we are to fight effectively moving forward. The Russia-Georgia conflict offers one possible interpretation of how to merge these different war-fighting vocabularies. Success in war depends not on simply discovering a new technology but on discovering the best way to use it. Thus, the effective operational integration of cyberspace with conventional military activity is contingent on the effective conceptual integration of cyberspace operations with how we envision future war. While a great deal of deep, doctrinal thinking remains to be accomplished in creating that holistic vision, our efforts would be well served by looking toward the lessons of past cyber conflicts to inform how we approach the future. 58 Borderless Battle. Understanding Cyberwarfare: Lessons from the Russia-Georgia War 21 Lawson, Sean. “Russia Gets a New Information Security Doctrine.” Forbes, December 9, 2016. https://www.forbes.com/sites/seanlawson/2016/12/09/russia-gets-a-new-information-security- doctrine/#503b640f3fc4. ———. “Beyond Cyber Doom: Assessing the Limits of Hypothetical Scenarios in the Framing of Cyber Threats.” Journal of Information Technology and Politics 10, no. 1 (2013): 86–103. Lee, Robert M., and Thomas Rid. “OMG Cyber!” RUSI Journal 159, no. 5 (2014): 4–12. Lindsay, Jon R. “Stuxnet and the Limits of Cyber Warfare.” Security Studies 22, no. 3 (2013): 365–404. Lindsay, Jon R., and Erik Gartzke. “Coercion through Cyberspace: The Stability-Instability Paradox Revisited.” In The Power to Hurt: Coercion in Theory and Practice, edited by Kelly M. Greenhill and Peter J. P. Krause, 179–203. New York: Oxford University Press, 2016. Medvedev, Dmetry. “Military Doctrine of the Russian Federation.” Originally published on the President of the Russian Federation website. February 5, 2010. Translated by Carnegie Endowment for International Peace. http://carnegieendowment.org/files/2010russia_military_doctrine.pdf. Murray, Williamson, and Allan R. Millett, eds. Military Innovation in the Interwar Period. New York: Cambridge University Press, 1996. Nye, Joseph S., Jr. “Deterrence and Dissuasion in Cyberspace.” International Security 41, no. 3 (2016): 44–71. Raymond, David, Tom Cross, Gregory Conti, and Michael Nowatkowski. “Key Terrain in Cyberspace: Seeking the High Ground.” In 2014 6th International Conference on Cyber Conflict: Proceedings, edited by P. Brangetto, M. Maybaum, and J. Stinissen, 287–302. Tallinn, Estonia: NATO CCD COE Publications, 2014. Rid, Thomas. “Cyber War Will Not Take Place.” Journal of Strategic Studies 35, no. 1 (2012): 5–32. Rid, Thomas, and Ben Buchanan. “Attributing Cyber Attacks.” Journal of Strategic Studies 38, nos. 1– 2 (2015): 4–37. Russell, Alison Lawlor. “The Georgia-Russia War.” In Cyber Blockades. Washington, DC: Georgetown University Press, 2014. Russia-Georgia Cyber War—Findings and Analysis. Phase I Report. Project Grey Goose, October 17, 2008. https://www.scribd.com/doc/6967393/Project-Grey-Goose-Phase-I-Report. Segal, Adam. Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age. New York: PublicAffairs, 2016. Soldatov, Andrei, and Irina Borogan. The Red Web. New York: PublicAffairs, 2015. Standish, Reid. “Why Is Finland Able to Fend Off Putin’s Information War?” Foreign Policy, March 1, 2017. http://foreignpolicy.com/2017/03/01/why-is-finland-able-to-fend-off-putins-information- war/. Understanding Cyberwarfare: Lessons from the Russia-Georgia War 22 Stone, John. “Cyber War Will Take Place!” Journal of Strategic Studies 36, no. 1 (2013): 101–8. Thomas, Timothy L. “Information Security Thinking: A Comparison of US, Russian, and Chinese Concepts.” In International Seminar on Nuclear War and Planetary Emergencies—26th Session, edited by R. Ragaini, 344–56. River Edge, NJ: World Scientific Publishing, 2002. Tikk, Eneken, Kadri Kaska, Kristel Rünnimeri, Mari Kert, Anna-Maria Taliharm, Liis Vihul. Cyber Attacks against Georgia: Legal Lessons Identified. Tallinn, Estonia: Cooperative Cyber Defense Center of Excellence, 2008. Tucker, Patrick. “The Sarin Gas Attack in Syria Ignited an Information Battle.” Defense One, April 6, 2017. http://www.defenseone.com/technology/2017/04/sarin-gas-attack-syria-ignited- information-battle/136819/?oref=defenseone_today_nl. “US Army Introduces Cyber Fast Track for Civilians.” Signal, February 13, 2017. http://www.afcea.org/content/?q=Blog-us-army-introduces-cyber-fast-track-civilians. US Army War College Key Strategic Issues List 2016–2017. Carlisle, PA: US Army War College Press, July 31, 2016. https://ssi.armywarcollege.edu/pdffiles/PUB1334.pdf. Warner, Michael. “Cybersecurity: A Prehistory.” Intelligence and National Security 27, no. 5 (2012): 781–99. Zetter, Kim. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon. New York: Broadway Books, 2016.