-
The insurance industry and offensive cyber operations: Slow and steady wins the race?
By Daniel Woods The insurance industry is far from a “usual suspect” when it comes to offensive cyber operations. Insurers are neither belligerents, targets nor suppliers of offensive cyber capabilities. Yet they often find themselves footing the bill for the resulting damages. For example, the NotPetya attack—attributed to the Russian military—was estimated to have caused…
-
We Buy and Sell: The Public Advertisement of Zero-Day Exploits
By Max Smeets Zero-day exploits expose a previously unknown vulnerability. They can be especially powerful for gaining access to computer systems or escalating privileges within the system. Zero-day exploit brokers often publicly advertise what they pay out to developers for their new vulnerability discoveries. You can find detailed price lists online that tell you exactly…
-
Offensive Cyber Beyond the Usual Suspects
The world’s attention remains focused on Russia’s invasion of Ukraine. Since the start of the conflict, cybersecurity experts and scholars have engaged in a heated debate over the perceived success and failure of cyber operations. Major crises such as this have also resurfaced questions around the role, form, tactics, and narratives that configure what offensive…
-
Subversion over Offense: Why the Practice of Cyber Conflict looks nothing like its Theory and what this means for Strategy and Scholarship
Cyber attacks are both exciting and terrifying, but the ongoing obsession with ‘cyber warfare’ clouds analysis and hampers strategy development. Much commentary and analysis of cyber conflict continues to use the language of war, where actors use ‘offensive cyber operations’ to meet adversaries in ‘engagements’ striving for victory on the ‘battlefield’ in the ‘cyber domain’.…
-
Does the Cyber Offense Have the Advantage?
There is a simple conjecture that is quite common in all aspects of society: “the best defense is a good offense.” This idea persists and leads to the belief that action can trump protection in cyber security because of its simplicity and the general failure to evaluate claims with evidence. The complexity of computers can…
Offensive Cyber Working Group 