In lieu of an abstract, here is a brief excerpt of the content:

  • Letter from the EditorsConflict in The Fifth Domain
  • The SAIS Review Editorial Board

"The fifth domain," the Pentagonʼs term for cyberspace, is the primary frontier of technological competition. Beginning with the Stuxnet attacks against Iranian nuclear facilities in 2010, the US government has acquired cutting-edge cyber operation capabilities. However, over the past several years, other state, state-nexus, and non-state actors have also learned to harness increasingly sophisticated cyber capabilities, harming public and private sector interests worldwide. In 2015, the US government discovered that Chinese state-sponsored hacking groups had breached its Office of Personnel Management records, stealing sensitive personal information of millions of federal employees. In 2017, the Russian malware NotPetya infected servers in multiple countries, causing $10 billion in damage, according to US claims. In 2018, Cambridge Analytica came under investigation for illegally acquiring user data to influence election outcomes globally. And just last year, the ransomware attack against Colonial Pipeline disrupted the oil supply across the United States. Such cyber actions have become part of the status quo, taking place with increasing frequency and intensity.

This issue of The SAIS Review intends to call attention to the dynamic field of cybersecurity. It is a body of work for policy experts, aspiring professionals, and cyber beginners alike. Conflict in The Fifth Domain indulges in the debate about US cybersecurity strategies, investigates how states utilize cyber operations in support of foreign policy and national security strategies, explores the foreign and domestic policy actions to best confront constant adversarial cyber threats, and envisions pathways to effective global cyber governance.

The contributors to this issue come from both US public and private sectors, and their research reflects their professional experience and expertise. The first two articles contend with conventional US frameworks of cybersecurity and present thoughtful alternatives. Former Director of Cybersecurity Policy at the National Security Council Daniel B. Prieto traces in three phases the evolution of American cybersecurity strategy, in the context of the global threat environment, since the late 1990s and advocates for a new vision of US cyber policy that is compatible with US grand strategy in the "post-post-9/11 world." In this opening piece, Prieto takes time to define several technical cybersecurity terms, ensuring that readers with varying degrees of cyber knowledge are all on the same page. After analyzing why the US government has had a laissez-faire, market-driven approach to cybersecurity, Prieto critiques how such a strategy focuses too much on preventing an all-out cyber war while neglecting to offer [End Page 1] robust countermeasures against constant cyberattacks. Prietoʼs piece closes by providing recommendations on better alignment between US cyber policy and grand strategy, de-risking of critical infrastructure, and government regulations against foreign disinformation campaigns. On the private sector side, FireEye senior intelligence advisor Jason P. Atwell also calls on the US government to re-frame its assessment of the cyber threat environment. Atwell laments that in the pursuit of a free internet with speedy connections, the US government and companies have all failed to consider how malicious actors can exploit the dark side of rapidly advancing information technologies. He urges policymakers to approach cybersecurity not as a field insulated from other policy issues, but as an interconnected one that is present in "everything we do." To confront everpresent cyber threats, Atwell suggests an alternative concept of what a perfect system is—not an unhackable fortress, but a flexible and resilient system that can survive cyberattacks.

The next three articles explore the role of deterrence in US cybersecurity strategy. Emily Goldman from the US Cyber Command and Department of Defense historian Michael Warner posit that while deterrence might have been effective in the Cold War to keep the Soviet Union at bay, it alone is insufficient to prevent present-day malicious cyber operations below the threshold of war. They present an alternative three-pronged strategy of "integrated cybersecurity," which complements deterrence with "persistence and anticipatory resilience." In this strategic vision, Goldman and Warner recommend that the US government be more willing to leverage its military cyber operations in force posturing and reducing strategic loss. Erica Lonergan and Mark Montgomery from the Cyberspace Solarium Commission venture...

pdf

Share