Total Pageviews

Wednesday, August 23, 2017

Accidents de navires de guerre américains: l'hypothèse de cyberattaques

Un article publié par l'AFP le 23 août et reprise par plusieurs sites (ici par exemple) soulève la question suivante: les navires de guerre américains ont subi quelques accidents graves ces derniers mois (plusieurs dizaines de victimes). Peuvent-ils être attribués à des cyberattaques? La piste est explorée.

Monday, July 10, 2017

France Culture - Du grain à moudre - Les cyberattaques atteignent-elles leurs objectifs?

France Culture - Du grain à moudre - "Les cyberattaques atteignent-elles leurs objectifs?" Emission du 7 juillet 2017. Avec la participation de: Daniel ventre, Jean-Marc Manach, Nathalie Devillier. Ecouter l'enregistrement: Podcast

Monday, July 3, 2017

MISC 92 - Villes intelligentes et questions de droit

Daniel Ventre, "Villes intelligentes et questions de droit", revue MISC 92, juillet 2017, pp.72-75. Lire extrait

MISC 92 - Reverse Engineering; ce que le droit autorise et interdit

Daniel Ventre, "Reverse Engineering; ce que le droit autorise et interdit", MISC n°92, Juillet 2017, pp.52-54. Lire extrait 

MISC Hors Série n° 15 - L'internet des objets et le droit

Daniel Ventre, "L'internet des objets et le droit", MISC Hors Série n°15, juin 2017, pp.36-40. Lire extrait

MISC 91 - Les messageries sécurisées: enjeux sociétaux

Daniel Ventre, "Les messageries sécurisées: enjeux sociétaux", revue MISC n° 91, mai 2017, pp.74-77. Lire Extrait 

Journal of Cyber Warfare and Terrorism (IJCWT)

Abstract Announcement for International Journal of Cyber Warfare and Terrorism (IJCWT) Volume 7, Issue 3, July - September 2017
- Cyberspace: The New Battlefield - An Approach via the Analytics Hierarchy ProcessJohn S. Hurley (National Defense University, College of Information and Cyberspace (CIC), Washington, DC, USA)
- Formulating the Building Blocks for National Cyberpower. JC Jansen van Vuuren (University of Venda, Thohoyandou, South Africa & CSR Defence, Peace, Safety and Security, Pretoria, South Africa), Louise Leenen (CSIR Defence, Peace, Safety and Security, Pretoria, South Africa), Graeme Plint (Department of Defense, Pretoria, South Africa), Jannie Zaaiman (Belgium Campus, Pretoria, South Africa), Jackie Phahlamohlaka (CSIR Defence, Peace, Safety and Security: CSIR, Pretoria, South Africa)
- Optimization of Operational Large-Scale (Cyber) Attacks by a Combinational ApproachÉric Filiol (Operational Cryptology and Virology Laboratory, ESIEA, Laval, France), Cécilia Gallais (Operational Cryptology and Virology Laboratory, ESIEA, Laval, France)
- Advanced Network Data Analytics for Large-Scale DDoS Attack Detection. Konstantinos F. Xylogiannopoulos (University of Calgary, Calgary, Canada), Panagiotis Karampelas (Hellenic Air Force Academy, Dekelia, Greece), Reda Alhajj (University of Calgary, Calgary, Canada)

Tuesday, June 27, 2017

The words to tell the current Petya ransomware cyberattack

What are the words used  by the media to tell the current Petya ransomware cyberattack that is hitting several countries in the world?

Describing the attack:
- "Chaos"
- "massive"
- "global"
- "Unprecedented"
- "major"
- "powerful"
- "huge"
- "une attaque industrialisée"
- "scary"

The advises provided by some cybersecurity"experts":
- "to turn off and disconnect all machines using Windows"

The usual comments on attribution of the attack:
- "the perpetrator - and even the type of attack - aren't entirely clear yet"

Perspectives for the near future:

The long list of victims/targets:
- Countries: Russia, Ukraine, France, UK, Poland, The United Sates...
- Organizations, firms: WPP, Maersk, Rosneft, Saint Gobain...

Friday, June 23, 2017

Russian Interference in the 2016 U.S. Elections. Expert Testimony by J. Alex Halderman

"Russian Interference in the 2016 U.S. Elections", Expert Testimony by J. Alex Halderman, Professor of Computer Science, University of Michigan, June 21, 2017, U.S. Senate Select Committee on Intelligence. 

Here are the mains conclusions of the testimony: 

"U.S. Voting Machines Are Vulnerable... Today, the vast majority of 3 votes are cast using one of two computerized methods. Most states and most voters use the first type, called optical scan ballots... The other widely used approach has voters interact directly with a computer, rather than marking a choice on paper. It’s called DRE, or direct-recording electronic, voting.Both optical scanners and DRE voting machines are computers. Under the hood, they’re not so different from your laptop or smartphone, although they tend to use much older technology—sometimes decades out of date..
Some say the decentralized nature of the U.S. voting system and the fact that voting machines aren’t directly connected to the Internet make changing a state or national election outcome impossible. Unfortunately, that is not true...
This month, we’ve seen reports detailing Russian efforts to target voter registration systems in up to 39 states...
We must start preparing now to better defend our election infrastructure... we know how to accomplish this. Paper ballots, audits, and other straightforward steps can make elections much harder to attack."

My comment: Is Russia the only threat to voting systems and election infrastructures? Probably not. The "insider threat" is another option. Other foreign countries, politically motivated hackers, organized crime... might try to hack national or any other election process. 



Thursday, June 15, 2017

Key Trends across a Maturing Cyberspace affecting U.S. and China Future Influences in a Rising deeply Cybered, Conflictual, and Post-Western World

Key Trends across a Maturing Cyberspace affecting U.S. and China Future Influences ina Rising deeply Cybered, Conflictual, and Post-Western World, Dr. Chris C. Demchak, Testimony before Hearing on China’s Information Controls, Global Media Influence, and Cyber Warfare Strategy, Panel 3: Beijing’s Views on Norms in Cyberspace and China’s Cyber Warfare Strategy, Washington, DC, 4 May 2017. 

Cybersecurity in the EU Common Security and Defence Policy (CSDP)

Cybersecurity inthe EU CommonSecurity andDefence Policy(CSDP), Challenges and risks for the EU, EPRS | European Parliamentary Research Service, Scientific Foresight Unit (STOA), PE 603.175, 94 pages, May 2017. 
Abstract This report is the result of a study conducted by the European Union Agency for Network and Information Security (ENISA) for the European Parliament’s Science and Technology Options Assessment (STOA) Panel with the aim of identifying risks, challenges and opportunities for cyber-defence in the context of the EU Common Security and Defence Policy (CSDP). Acceptance of cyber as an independent domain calls for the investigation of its integration with the EU’s current and future policies and capabilities. ENISA analysed the related literature and work on cybersecurity, including its own publications, to form the basis for this study. In addition, a number of stakeholders, experts and practitioners, from academia, EU institutions and international organisations, were consulted in order to ensure the study is well-founded and comprehensive.... 

Wednesday, June 7, 2017

Threat Intelligence for Dummies - by Norse

Threat Intelligence for Dummies - by Norse. 52 pages, 2015. Available online.

ANSSI Rapport d'activité 2016 - dossier de presse

ANSSI Rapport d'activité 2016 - dossier de presse, 6 juin 2017, 20 pages. Télécharger le document. 

"War by other Means", Max Bergmann and Carolyn Kenney

"War by other Means", Max Bergmann and Carolyn Kenney, Report from the Center for American Progress, June 2017, 45 pages. Download the report

Tuesday, June 6, 2017

Daniel Ventre, Cyberguerre et Communication

Daniel Ventre, Cyberguerre et Communication, pp. 147-166, in "Guerre, Armées et Communication", sous la direction d’Eric Letonturier, Les Essentiels d’Hermès, CNRS Editions, 230 pages, Mai 2017


Présentation de l'ouvrage: Propagande, censure et désinformation d’un côté ; devoir de réserve, secret défense et silence dans les rangs de la « grande muette » d’un autre. Faire la guerre semble condamner la communication des armées à de tels extrêmes. Mais qu’en est-il aujourd’hui, avec l’internet et les réseaux sociaux, l’information continue et les lanceurs d’alerte, et une opinion publique de plus en plus sondée et souveraine ? Parallèlement, la surveillance géopolitique électronique, la numérisation du champ de bataille, l’arrivée des drones, robots et soldats augmentés sur les théâtres d’opérations changent aussi la donne.
Reste que la guerre engage toujours et avant tout des relations entre des hommes sur le terrain. Elle est aussi profondément un acte de communication pour être d’abord un dialogue rompu, un affrontement avec l’altérité. Avec, comme horizon, à l’heure de la montée des nationalismes et la multiplication des revendications identitaires, un risque croissant d’incommunication.


Sommaire

  • Présentation générale
  • Guerre et paix : la communication s’engage - Éric Letonturier
  • Phénomènes de communication en zone de combat - André Thiéblemont
  • Les « soldats de l’image » au cœur des enjeux de communication de la Défense française - Bénédicte Chéron
  • L’opinion des Français sur leurs armées - Barbara Jankowski
  • Guerre et information : l’exemple des lanceurs d’alerte - Sébastien Schehr
  • Les militaires dans l’espace public numérique - Michel Sage
  • Le « Killer Robot » est-il l’avenir de l’« Homo Militaris » ? - Didier Danet
  • Cyberguerre et communication - Daniel Ventre
  • L’arme de l’information à l’ère du jihad numérique - FrançoisBernard Huyghe
  • La guerre mise au musée et le tourisme de mémoire - JeanYves Boursier

Tuesday, May 30, 2017

Friday, May 26, 2017

Conférence-débat sur "L'évolution de la criminalité au XXIe siècle". 10 mai 2017

Le 10 mai 2017 a eu lieu à l'EFB (Ecole de formation du barreau de Paris) une conférence-débat sur le thème de "l'évolution de la criminalité au XXI° siècle". J'y ai traité de la dimension "cyber". Maître Joseph Cohen-Sabban, avocat au barreau de Paris, a quant à lui partagé son analyse, tirée de son expérience professionnelle, de ce qui caractérise l'évolution de la criminalité au cours de ces dernières années.  

Tuesday, May 23, 2017

Congrès de la SQSP - Montréal - 17 au 19 mai 2017

Lors du Congrès de la Société Québécoise de Science Politique qui se tenait à Montréal du 17 au 19 mai 2017, s'est tenue une table-ronde intitulée "La géopolitique du cyberespace et de l'Internet: vers un monde plus (in)stable?". La table-ronde était présidée par Hugo Loiseau, Professeur, Université de Sherbrooke et réunissait : 
- Daniel Ventre, CNRS, Laboratoire CESDIP Université Versailles 
- Meryem Marzouki, Lab. LIP6 - CNRS & UPMC Sorbonne Universités 
- Destiny Tchéhouali, Chercheur CEIM-UQÀM, Président ISOC-Québec

Wednesday, May 10, 2017

Statement of Admiral Michael S. Rogers

"Statement of Admiral Michael S. Rogers", Commander, United States Cyber Command, Before the Senate Committee on Armed Services, 9 May 2017, 11 pages. 

Big Data Analytics Techniques for Credit Card Fraud Detection: A Review

"Big Data Analytics Techniques for CreditCard Fraud Detection: A Review", M. Sathyapriya, Dr. V. Thiagarasu, International Journal of Science and Research (IJSR), ISSN (Online): 2319-7064, Index Copernicus Value (2015): 78.96 | Impact Factor (2015): 6.391. 

Review of the Current State of UAV Regulations

"Review of the Current State of UAV Regulations", Claudia Stöcker & alt., Remote Sens. 2017, 9, 459; doi:10.3390/rs9050459, 
"UAVs—unmanned aerial vehicles—facilitate data acquisition at temporal and spatial scales that still remain unachievable for traditional remote sensing platforms. However, current legal frameworks that regulate UAVs present significant barriers to research and development. To highlight the importance, impact, and diversity of UAV regulations, this paper provides an exploratory investigation of UAV regulations on the global scale....http://www.mdpi.com/2072-4292/9/5/459/pdf"

17th Annual Conference of the ESC


  • Submission period opens March 17, 2017
  • Submission closes: 15 June, 2017

Tuesday, May 9, 2017

Gender Policy - Ministry of Defence - Republic of Kenya

Le Ministère de la Défense de la République du Kenya vient de publier un rapport (mai 2017) intitulé "Gender Policy" dans lequel  peut lire : "Technology has enhanced habitability and survivability in combat making it easier for both men and women to engage in operations. The emerging trends in conflict call for complementary roles of men and women for example in cyber warfare, terrorism inter alia. This type of warfare presents opportunities for women through the entire war spectrum". 
Mais le document ne revenant plus par la suite sur les enjeux "cyber", nous ne comprenons pas en quoi hommes et femmes peuvent être complémentaires dans le cyberconflit, ni en quoi ce dernier offre des opportunités particulières aux femmes. 

Notons par ailleurs que le même ministère vient de publier son Livre Blanc (23 pages, 2017) accordant en tout et pour tout 6 lignes au domaine "cyber": "Information technology, web based communication and use of electronic devices for storage predisposes sensitive Government information to organized cyber attacks which can undermine state security. The Ministry of Defence in collaboration with other stakeholders must develop appropriate capacity and institute measures to safeguard Information systems infrastructure." C'est donc le Ministère de la Défense qui, au Kenya, aura la charge de la cybersécurité de l'infrastructure des systèmes d'information (le texte est imprécis sur ce point: s'agit-il des seules infrastructures de communication militaires, ou bien de celles du pays en général?). 

Tuesday, May 2, 2017

Trump–Modi Agenda for Next Steps in U.S.–India Cybersecurity Cooperation

"Trump–Modi Agenda for Next Steps in U.S.–India Cybersecurity Cooperation", James Jay Carafano & alt., The Heritage Foundation, Issue Brief, No. 4697 | May 1, 2017. Download

Monday, May 1, 2017

Is There a Common Understanding of Dual-Use?: The Case of Cryptography

"Is There a CommonUnderstanding of Dual-Use?:The Case of Cryptography", Veronica Vella, STR Review, Volume 3, Issue 4, Spring 2017, pp. 103-122

The Proliferation of CyberSurveillance Technologies: Challenges and Prospects for Strengthened Export Controls

"The Proliferation of Cyber Surveillance Technologies: Challenges and Prospects for Strengthened Export Controls", Fabian Bohnenberger, STR Review, Volume 3, Issue 4, Spring 2017, pp.81-102

Vacance de poste - OTAN - Cyberdéfense

Concours ouvert: Administrateur/Administratrice (politique de cyberdéfense), Division Défis de sécurité émergents, Section Cyberdéfense, Section Cyberdéfense. Détails du poste

Promoting cyber security: Estonia and Latvia as norm-setters

"Promoting cyber security: Estonia and Latvia as norm-setters", Anna Gromilova, Analele UniversităŃii din Craiova. Istorie, Anul XXII, Nr. 1(31)/2017, Abstract

Friday, April 28, 2017

Hearing on China’s Technological Rise: Challenges to U.S. Innovation and Security

Testimony of Robert D. Atkinson President Information Technology and Innovation Foundation Before the House Committee on Foreign Affairs Subcommittee on Asia and the Pacific, Hearing onChina’s Technological Rise:Challenges to U.S. Innovation and Security, April 26, 2017 Washington, DC, 28 pages

Governing the “Digital Shadows”

"Governing the “Digital Shadows”: Public Policy and Information Communication Technology (ICT) Acquisition and Utilization in Africa. Article by Ebenezer Olatunji Olugbenga, Open Access Library Journal, https://doi.org/10.4236/oalib.1103564, 23 pages

Remarks by OSCE Secretary General Lamberto Zannier

Remarks by OSCE Secretary General Lamberto Zannier, 6th Moscow Conference on International Security, 26 April 2017, 4 pages. 
"The norms and principles that underpinned the international order for decades are being contested. Some tools have become obsolete, and we are struggling to develop policies to address new challenges like cyber-threats. In this regard, we have some measures in place to prevent conflict stemming from cyber-threats, but implementation is lacking."

Thursday, April 27, 2017

Attacks with Exploits: from everyday threats to targeted campaigns - Kaspersky Lab Report

"Attacks with Exploits: from everyday threats to targeted campaigns" - Kaspersky Lab Report, April 2017, 28 pages.
"An ‘exploit’ is a computer program created to take advantage of a security vulnerability in another software program. Exploits provide malicious actors with a way of installing additional malware on a system". According to the conclusions of the report, "in 2016 the number of attacks with exploits increased 24.54%, to 702,026,084 attempts to launch an exploit." but "4,347,966 users were attacked with exploits in 2016 which is 20.85% less than in the previous year."  

The "Smart" Fourth Amendment - by Andrew Guthrie Ferguson

"The "Smart" Fourth Amendment", article by Andrew Guthrie Ferguson, Cornell Law Review, Vol.102, pp.547-632, 2017. "This Article addresses the question of how the Fourth Amendment should protect “smart data.” It exposes the growing danger of sensor surveillance and the weakness of current Fourth Amendment doctrine. The Article then suggests a new theory of “informational curtilage” to protect the data trails emerging from smart devices and reclaims the principle of “informational security” as the organizing framework for a digital Fourth Amendment."  

Cybersecurity: Critical Infrastructure Authoritative Reports and Resources - CRS Report

"Cybersecurity: Critical Infrastructure Authoritative Reports and Resources", by Rita Tehan - CRS Report. April 21, 2017, 43 pages. This document provides a lot of information about critical infrastructures in the U.S (through a sectorial presentation: energy, financial industry, health, telecommunications, transports), and their vulnerabilities to cyber operations (for instance, let's notice that "U.S. critical infrastructure systems experienced a 20% increase in attempted cybersecurity breaches in FY2015, ICS-CERT responded to 295 cybersecurity incidents involving critical infrastructure, compared with 245 in fiscal 2014"). 

Symantec - Internet Security Threat Report. Vol. 22

Symantec - Internet Security Threat Report. Vol. 22, April 2017, 77 pages. 
"The Symantec Global Intelligence Network tracks over 700,000 global adversaries and records events from 98 million attack sensors worldwide. This network monitors threat activities in over 157 countries and territories through a combination of Symantec products, technologies, and services, including Symantec Endpoint Protection™, Symantec DeepSight™ Intelligence, Symantec Managed Security Services™, Norton™ consumer products, and other third-party data sources, generating more than nine trillion rows of security data... "    Download the report. 

Hacking Back – Offense/Defense in Enterprise IT Security

"Hacking Back – Offense/Defense in Enterprise IT Security", by Edgar Hurtado Jr, East Carolina University ICTN-4040: Enterprise Information Security, April 2017, 9 pages. 

IISS Cyber Report: 13 to 19 April, 2017

"IISS Cyber Report: 13 to 19 April", 2017. This online report is a weekly digest of the world's cyber security news.

A Tech Accord to protect people in cyberspace

"A Tech Accord to protect people in cyberspace", Microsoft Policy Papers, April 2017. 
"People need to trust technology, the makers of technology, and cyberspace itself" [...] "The government and the technology industry must partner on cybersecurity". 
Microsoft suggests to share responsibilities in the governance of cybersecurity between private and state actors. 

A Digital Geneva Convention to protect cyberspace

"A Digital Geneva Convention to protect cyberspace", Microsoft Policy Papers, April 2017. 
"Governments continue to invest in greater offensive capabilities in cyberspace, and nation-state attacks on civilians are on the rise" [...] "A Digital Geneva Convention would create a legally binding framework to govern states’ behavior in cyberspace". 

An attribution organization to strengthen trust online

"An attribution organization to strengthen trust online", Microsoft Policy Papers, April 2017. 
"The world needs a new form of cyber defense. An organization that could receive and analyze the evidence related to a suspected state-backed cyberattack, and that could then credibly and publicly identify perpetrators, would make a major difference to the trust in the digital world." [...] "The expertise of private sector technology firms should be the basis of this non-political, technicallyfocused attribution organization."

But should the privatization of such attribution function guarantee transparency, efficiency, and politically-neutral analysis and interpretation of facts and data? 

Wednesday, April 26, 2017

Cybersecurity in the Defense Acquisition System

"Cybersecurity in the Defense Acquisition System", DAU, USA, April 2017, 27 pages. Download

UK - Cyber security breaches survey 2017

"Cyber security breaches survey 2017", Main Report, April 2017, 66 pages, UK. 
"This report details the findings from a quantitative and qualitative survey with UK businesses on cyber security. The Department for Culture, Media and Sport (DCMS) commissioned the survey as part of the National Cyber Security Programme, following a previous comparable study by the Department published in 2016. 1 It was carried out by Ipsos MORI, in partnership with the Institute for Criminal Justice Studies at the University of Portsmouth, and comprised: ▪ a telephone survey of 1,523 UK businesses from 24 October 2016 to 11 January 20172 ▪ 30 in-depth interviews undertaken in January and February 2017 to follow up businesses that participated in the survey...."

Telstra Cyber Security Report 2017

"Telstra Cyber Security Report 2017", 2017, 52 pages. Download. "Telstra engaged a research firm, Frost & Sullivan, to interview professionals responsible for making IT security decisions within their organisation to obtain a number of key insights on a range of security topics. The report also draws on analysis of security information and data gathered from Telstra infrastructure, security products and our third-party security partners. The research firm’s online surveys obtained 360 responses. 58 per cent of these responses were from Asia and the remaining 42 per cent were from respondents based in Australia...."

Cyber Security in Canada

"Cyber Security in Canada: Practical Solutions to a Growing Problem", The Canadian Chamber of Commerce, April 2017, 44 pages. 

UNODA - Developments in the field of information and telecommunications in the context of international security

G7 Declaration on responsible states behavior in cyberspace

"G7 Declaration on responsible states behavior in cyberspace". Lucca, 11 April 2017. 5 pages. Download the document

Getting beyond Norms When Violating the Agreement Becomes Customary Practice

"Getting beyond Norms When Violating the Agreement Becomes Customary Practice", Melissa Hathaway, CIGI Papers No. 127 — April 2017, 16 pages. 

About Cyber-Routine Activities Theory

"Capable Guardianship and CRISIS of IdentityTheft in the United States: ExpandingCyber-Routine Activities Theory", Back Sinchul, Sung Yongeun, Cruz Erik, International journal of crisis & safety, 2017 2(1) 16-24. 

Fair Use and IP Infringement on Instagram, Pinterest and Other Social Media

"Fair Use and IP Infringement on Instagram, Pinterest and Other Social Media. Policing and Protecting Licenses, Copyright and Trademark Rights ", April 26, 2017, Strafford. Presenting a live 90-minute webinar with interactive Q&A. The online program provides a copy of "Copyright Fair Use", Excerpted from Chapter 4 (Copyright Protection in Cyberspace) of E-Commerce and Internet Law: A Legal Treatise With Forms, Second Edition, a 5-volume legal treatise by Ian C. Ballon (Thomson/West Publishing 2017). 

Cybercrime Coordination and Partnership Exercise

"Cybercrime Coordination and Partnership Exercise", 24-28 April 2017, Tbilisi, Georgia, Provided under iPROCEEDS and Cybercrime@EAP III projects. More information... 

Tuesday, April 25, 2017

Summer School on Cybercrime

"Summer School on Cybercrime", Milan, Italy, 3 – 6 July 2017. More information...

Monday, April 24, 2017

Theorizing cyber coercion: The 2014 North Korean operation against Sony

"Theorizing cyber coercion: The 2014 North Korean operation against Sony" by Trevis Sharp, Journal of Strategic Studies, Pages 1-29 | Published online: 11 April 2017.  Abstract...

Thursday, April 20, 2017

Cyber Security: strategies, policies...


  • "Cyber Security: Collaboration. Antigua and Barbuda". ITU, 23 March 2017, 30 pages. Download
  • "The UK’s National Cyber Security Strategy 2016 – 2021", UK Government, April 2017. Download
  • "CyberSecurity Strategy 2017-2019. State of Illinois", Department of Innovation and Technology, State of Illinois, 24 pages. Download
  • "National Security and Emergency Preparedness Department 2017 Cybersecurity Policy Priorities (Select Examples) ". US Chamber of Commerce. March 2017. 4 pages. Download.  

Safety of data - The risks of cyber security in the maritime sector

"Safety of data - The risks of cyber security in the maritime sector", Netherlands Maritime Technology, April 2017, 22 pages. Download the document. 

Ce type de documents est le produit d'une tendance de plus en plus affirmée dans le monde: des lectures sectorielles de la cybersécurité. Une lecture comparative de ces multiples approches sectorielles permettra (peut-être) de mettre en lumière des particularités. 

Australia's Cyber Security Strategy - 2017

"Australia's Cyber Security Strategy - Enabling innovation, growth & prosperity".First ANnual Update, 2017. 29 pages, Download the document

Saturday, April 15, 2017

Big Data Analytics

CSI Communications (India) published a special issue on "Big Data Analysis". Volume No. 41 | Issue No. 1 | April 2017, 52 pages. Among the topics covered in this issue: Role of Hadoop in Big Data Analytics, Data Lake: A Next Generation Data Storage System in Big Data Analytics, Sentiment and Emotion Analysis of Tweets Regarding Demonetisation, Enhanced Protection for Big Data using Intrusion Kill Chain and Data Science. Let's mention the more military-focused paper on "MiDeSH: Missile Decision Support System".  Download the issue

China Publishes Draft Measures Restricting Outbound Data Transfers

"China Publishes Draft Measures Restricting Outbound Data Transfers"', Latham & Watkins Data Privacy, Security & Cybercrime Practice, 14 April 2017 | Number 2119, "The Cyberspace Administration of China (CAC) has published a draft law that places wide-ranging restrictions on companies seeking to transfer personal information and critical data, as defined below, (collectively, Relevant Data) out of China..." Download the document. 

Friday, April 14, 2017

Chinese Political and Military Thinking Regarding Taiwan and East and South China Seas

"Chinese Political and Military Thinking Regarding Taiwan and East and South China Seas", Testimony presented before the U.S.-China Economic and Security Review Commission on April 13, 2017. Download the report

Tuesday, April 11, 2017

APCERT 2016 Report


"The Asia Pacific Computer Emergency Response Team (APCERT) is a coalition of Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs) within the Asia Pacific region. The organisation was established in February 2003 with the objective of encouraging and supporting the activities of CERTs/CSIRTs in the region". 

Thursday, April 6, 2017

2016 Payment Threats Trends Report

"2016 Payment Threats Trends Report", Report by the European Payments Council, 20 March 2017, 41 pages. "The present document aims to provide an insight in the latest developments during the last years on threats affecting payments, including cybercrime".

Note de recherche IRSEM sur les Global Commons

"Les Global Commons: retour sur l'itinéraire d'un concept stratégique américain (2009-2011)" par J.L. Samaan, IRSEM, Note de recherche n°35, mars 2017, 7 pages. 

US DOD - Request for additional FY 2017 Appropriations

US DOD - Request for additional FY 2017 Appropriations - Budget request - March 16, 2017, 36 pages. In this document, the Department of Defense (DoD) is submitting a request for additional Fiscal Year (FY) 2017 appropriations. Among several lines, complementary funding is requested for cyber investments: information warfare, cyber security, new C4I (at Naval Computer and Telecommunications Area Master Station Atlantic building in Norfolk, Virginia),  ISR and cyber infrastructure at the Air Force, Weapons system cyber resiliency, Cyber operations technology, etc. 

Chinese Efforts in Quantum Information Science: Drivers, Milestones, and Strategic Implications

"Chinese Efforts in Quantum Information Science: Drivers, Milestones, and Strategic Implications", Testimony for the U.S.-China Economic and Security Review Commission, March 16th, 2017, John Costello. 

Matinée nationale d'information Horizon 2020 sur les infrastructures critiques et la sécurité

Matinée nationale d'information Horizon 2020 sur les infrastructures critiques et la sécurité. Paris, 10 mai 2017. Cadre: défi 7 "sociétés sûres", programme Horizon 2020. Programme, inscription... 

Séminaire "communication en milieu désorganisé" - ISCC

Le prochain séminaire "communication en milieu désorganisé" aura lieu le mardi 25 avril 2017 (et non le 11 avril comme il avait été initialement annoncé). Il se tiendra de 16 h-18 h à l'ISCC-CNRS / Paris-Sorbonne / UPMC - 20 rue Berbier-du-Mets, 75013 Paris. Le thème de cette séance sera : Risques et catastrophes : enjeux culturels et interculturels. 

Le séminaire accueillera Benjamin Pelletier, formateur en management interculturel, maître de conférences honorifique à l'Ecole des Ponts et Chaussées. Auteur de plusieurs récits littéraires, dont le dernier, Toujours plus à l'est, est paru en 2016 aux éditions Picquier.

"Iran Sanctions" by Kenneth Katzman

"Iran Sanctions" by Kenneth Katzman, March 31, 2017, Congressional Research Service, RS20871, 89 pages, Washington. "This report analyzes U.S. and international sanctions against Iran and provides some examples, based on open sources, of companies and countries that conduct business with Iran". 

Concerning "cyber" issues, read: 
- "Expanding Internet and Communications Freedoms" (p.30-31)
- "Iranians Sanctioned Under September 29, 2010, Executive Order 13553 on Human Rights Abusers"  (p.81)
- "Iranian Entities Sanctioned Under Executive Order 13606 (GHRAVITY)" (p.82)
- "Entities Designated as Human Rights Abusers or Limiting Free Expression Under Executive Order 13628 (Executive Order pursuant to Iran Threat Reduction and Syria Human Rights Act)" (p.83).  

3 rd French-Japanese meeting on Cybersecurity

"3 rd French-Japanese meeting on Cybersecurity", 24th - 26th April 2017, Tōkyō. 

Cyber-Social-Physical Features for Mood Prediction over Online Social Networks

"Cyber-Social-Physical Features for Mood Prediction over Online Social Networks", article by Chaima Dhahri, Kazunori Matsumoto, Keiichiro Hoashi, DEIM Forum 2017, 6 pages. 

Abstract : Context-Aware Recommendation Systems (CARS) are more effective when adapting their recommendations to a specific user preference. Since modal context (mood) has a direct impact on user preferences, we aim at having an accurate mood prediction to improve recommendation performance. Online social networks (OSNs) have grown rapidly over the last decade. These social platforms provide the opportunity to gather the distributed online activities for each user. Tracking and aggregating these data could result in useful insights for user modeling and understanding. In this paper, we built a personalized system that can predict the upcoming user mood even in days without text-type tweets. We, first, studied the correlation of three types of features (cyber, social and physical) with a user mood. Then, used these features to train a predictive system. The results suggest a statistically significant correlation between user mood and his cyber, social and physical activities distributed among different OSNs which leads to a low RMSE in our predictive system.  

Attack Classification Schema for Smart City WSNs

"Attack Classification Schema for Smart City WSNs", article by Victor Garcia-Font, Carles Garrigues and Helena Rifà-Pous, Sensors 2017, 17, 771; doi:10.3390/s17040771, 

In this article, the authors propose a schema to classify the evidence left by attacks against smart city WSNs into seven different attack models. 

Friday, March 31, 2017

Donald Trump intends to extend by one year the Executive Order 13694

Interpol - "Cybercriminalité"

Interpol - "Cybercriminalité" - 2017 - Brochure de 12 pages. 
Dans ce document Interpol distingue deux catégories de criminalité liées aux TIC: la cybercriminalité et la criminalité facilitée par Internet. 
On peut y lire également que "jusqu’à présent, la cybercriminalité était principalement le fait d’individus ou de petits groupes. Aujourd’hui, INTERPOL constate l’apparition de réseaux de cybercriminalité d’une grande complexité qui réunissent, en temps réel, des individus de tous pays pour perpétrer des infractions d’une ampleur sans précédent."  Vraiment? Le cybercrime n'est-il pas organisé en gros réseaux d'assez longue date? Ne parlait-on pas du cybercrime organisé russe et chinois il y a dix ans déjà? Les hackers n'ont-ils pas une tradition de coopération internationale depuis bien des années?  

Sajda Qureshi "The forgotten awaken: ICT’s evolving role in the roots of mass discontent"

Sajda Qureshi, "The forgotten awaken: ICT’s evolving role in the roots of mass discontent", Information Technology for Development, 2017, Vol.23, n°1, pp.1-17. Full text...

About "key terrain" in cyberspace

Applegate, Scott Douglas, Christopher L. Carpenter, and David C. West. “Searching for Digital Hilltops: A Doctrinal Approach to Identifying Key Terrain in Cyberspace.” Joint Force Quarterly, no. 84 (1st Quarter 2017): 18-23. 

The proposed definition of "key terrain'" is : "Any locality, or area, the seizure or retention of which affords a marked advantage to either combatant". According to the author of this article, the "key terrain" is different from the notion of "critical asset", defined as "a spacific entity that is of such extraordinary importance that its incapacitation or destruction would have a very serious, debilitating effect on the ability of a nation to continue to function effectively". 

Thomas Rid, Hearing on Disinformation: A Primer in Russian Active Measures and Influence Campaigns"

Thomas Rid, Hearing on "Disinformation: A Primer in Russian Active Measures and Influence Campaigns", US Senate, March 30th, 2017.

Prepared Statement of GEN (Ret) Keith B. Alexander on Disinformation: A Primer in Russian Active Measures and Influence Campaigns

Opening speach.

Thursday, March 30, 2017

Disinformation: A Primer in Russian Active Measures and Influence Campaigns


Witnesses:
Panel I
Eugene Rumer, Director of Russia and Eurasia Program, Carnegie Endowment for International Peace. He previously served as the National Intelligence Officer for Russia and Eurasia from 2010-2014.
Roy Godson, Professor of Government Emeritus at Georgetown University. From 1993-2015, he also served as President of the National Strategy Information Center.
Clint Watts, Senior Fellow, Foreign Policy Research Institute Program on National Security
*Other witnesses may be added
Panel II:
Kevin Mandia, Chief Executive Officer, FireEye
General (Ret.) Keith Alexander, Chief Executive Officer and President, IronNet Cybersecurity.  He previously served as Director of the National Security Agency and Chief of the Central Security Service.

Wednesday, March 29, 2017

Hearing on The Promises and Perils of Emerging Technologies for Cybersecurity

Hearing on The Promises and Perils of Emerging Technologies for Cybersecurity, EPIC Letter to US Senate, March 22, 2017

A Borderless Battle: Defending Against Cyber Threats - by GEN (Ret) Keith B. Alexander

"A Borderless Battle: Defending Against Cyber Threats" - by GEN (Ret) Keith B. Alexander, Statement before the United States House of Representatives Committee on Homeland Security,  March 22, 2017, 8 pages. 

Saturday, March 25, 2017

Cyber Security : job opportunities

* PRI is seeking an individual with expertise in corporate cyber security policies and practices to undertake data analysis and a summary report of findings and recommendations for engagement on behalf of the Principles for Responsible Investment. Detailed Information. Deadline for application: April 7, 2017

* NATO Cooperative Cyber Defence Centre of Excellence, Internship opportunity in Public Relations in Spring 2017. Detailed Information. Deadline for application: April 3, 2017

Thursday, March 23, 2017

Etats-Unis: projet de budget 2018 et place de la cybersécurité

Le 16 mars 2017 l'administration Trump a publié un budget prévisionnel 2018, qui donne déjà une idée des grandes lignes de dépenses (et d'économies) pour les mois à venir. 
Le projet procède par réductions, coupes dans le financement de quantité de programmes et organismes jugés trop peu efficaces ou comme ne devant pas relever des budgets de l'administration. Pratiquement tous les ministères sont touchés par ces mesures, sauf le Département de la Défense. La cybersécurité est l'un des axes qui bénéficiera de budgets conséquents, mais elle n'apparaît pas spécifiquement mise en avant, du moins à la lecture de ce seul document. 

Understanding Russian "Hybrid Warfare" - RAND Corporation

Understanding Russian "Hybrid Warfare", by Christopher S. Chivvis, RAND Corporation, Testimony presented before the House Armed Services Committee on March 22, 2017, 12 pages. According to the author, Russia's hybrid warfare is a mix of information operations, cyber, proxies, economic influence, clandestine measures, and political influence. 

Monday, March 20, 2017

Des cyber-opérations pour contrer le programme de missiles nord-coréen?

Le New York Times a publié le 6 mars dernier un article soulevant la question suivante: les Etats-Unis sont-ils en mesure de paralyser le programme de missiles nord-coréen, en ayant recours à des cyberopérations agressives?  Certains observateurs virent dans les quelques échecs rencontrés par le programme coréen au cours de ces derniers mois (missiles qui explosent en vol) l'efficacité de l'action américaine. Mais d'autres tests coréens ont été menés à bien, et ont remis en cause la croyance en l'efficacité de la stratégie cyberoffensive américaine. Existe-t-elle seulement? Les Etats-Unis sont-ils capables d'enrayer le programme de missiles à l'aide de cyberattaques ? Utilisent-ils les mêmes méthodes que celles déployés contre le programme nucléaire iranien il y a de cela quelques années? 

The Australia–US Cyber Security Dialogue

Tobias Feakin, Liam Nevill and Zoe Hawkins, "The Australia–US Cyber SecurityDialogue", ASPI Special Report, 20 pages, March 2017. 
Contents: cyber cooperation in the Asia-Pacific, fighting cybercrime in the Asia-Pacific, Australia-US cyber cooperation... 

Cybersécurité - Courrier du Département de l'Energie au Président Trump

Quand le Comité à l'Energie et aux Ressources Naturelles du Sénat s'inquiète des futurs projets d'executive order. Le Comité souhaite que lorsqu'il s'agit de la cybersécurité du Département de l'Energie, ce dernier assure lui-même sa cybersécurité, et que la tâche ne soit pas confiée au DHS ou à quelque autre agence. Voir la lettre adressée au Président, en date du 14 mars 2017.  

Saturday, March 18, 2017

Common challenges in combating cybercrime - Eurojust / Europol

"Common challenges in combating cybercrime"  - Eurojust / Europol,  13 March 2017, 14 pages. Document

Joint Meeting of the Horizontal Working Party on Cyber Issues (capital level) and the JHA Counsellors (COPEN)

Council of the European Union. Joint Meeting of the Horizontal Working Party on Cyber Issues (capital level) and the JHA Counsellors (COPEN). 22 March 2017. Topics: Cyber Threat Landscape - emerging trends, EU Cyber Security Strategy review - state-of-play and future steps, Common challenges to LEA and judiciary in combatting cybercrime, Carrier Grade NAT - exchange of good practices, Digital Object Architecture - cyber risks, Joint EU Diplomatic Response to Cyber Operations (Cyber Toolbox), Prevention and cyber awareness. 

Call for Papers - Cyber Risks and Insurance

Call for Papers - "Cyber Risks and Insurance", The Geneva Association is pleased to announce a special April 2018 issue of The Geneva Papers on Risk and Insurance - Issues and Practice. Submission deadline: 12 May 2017. More details...

Wednesday, March 15, 2017

Undermining Democratic Institutions and Splintering NATO: Russian Disinformation

Prepared Testimony and Statement for the Record of Toomas Hendrik Ilves, Bernard and Susan Liautaud Visiting Fellow, Center for International Security and Cooperation, Freeman-Spogli Institute for International Studies, President of Estonia 2006-2016, At the Hearing on “Undermining DemocraticInstitutions and Splintering NATO: Russian Disinformation”. Before the House Foreign Affairs Committee, March 9, 2017, 9 pages. 

Federal Information Security Modernization Act of 2014, Annual Report to Congress, Fiscal Year 2016


Publication par les autorités américaines du rapport annuel présentant l’état d’avancement de la mise en application de la loi FISMA de 2014 (Federal Information Security Modernization Act of 2014). Cette loi a pour objectif de moderniser l’administration et les agences gouvernementales sur le plan de la cybersécurité. 

Thursday, March 9, 2017

Wednesday, March 8, 2017

Maintaining U.S. Leadership on Internet Governance - Megan Stifel

Maintaining U.S. Leadership on Internet Governance - Megan Stifel, February 2017, 6 pages

China's Cybersecurity Law

KPMG propose un aperçu de la législation chinoise en matière de cybersécurité, dans un document très synthétique (16 pages) publié en février 2017, intitulé "Overview of China's Cybersecurity Law". L'utilité du document réside dans le travail de mise en lumière des quelques différences qu'offre la nouvelle version de la loi par rapport aux textes juridiques qui l'ont précédée. Mais le rapport ne propose aucune analyse, aucune lecture critique. Dommage. 

The ACM Turing 50th Celebration Conference - China

The ACM Turing 50th Celebration Conference. May12 - 14, 2016, Shanghai, China. 
Une liste de thèmes et de mots-clefs impressionnante pour cette conférence. Les organisateurs ne sauraient-ils cibler davantage leur objet d'étude? Cette pratique est désormais courante dans le monde, mais cela ne rend pas les programmes nécessairement plus attractifs. 

Sergey Lavrov and cybersecurity political issues

Lire la retranscription d'un récent discours (18 février 2017) de Sergey Lavrov, Ministre des Affaires Etrangères russe, où il est entre autres points, question de cybersécurité et cyberespionnage. Le Ministre russe renvoie les américains à leurs responsabilités: ils auraient ignoré les nombreuses demandes de dialogue lancées par Moscou, accuseraient sans preuves la Russie, etc. 

Vault 7

Le site WikiLeaks a mis en ligne un ensemble de documents, regroupés sous le titre "Vault 7: CIA hacking tools revealed". Accès aux documents

Plusieurs articles résument ce qu'il faut retenir des contenus exposés. En voici quelques uns, intéressants car synthétiques: 
- Sur le site Nextimpact
- Sur le site du Washington Post
- Article du New York Times
- Sur Security Affairs

Colloque - Le cadre juridique applicable aux traitements de données à caractère personnel

Colloque - Le cadre juridique applicable aux traitements de données à caractère personnel. Université Lille 2, 28 avril 2017. Programme, inscription. 

Colloque - Des logiciels à tout faire ? Les algorithmes d’aide à la décision en matières médicale et judiciaire

Colloque - Des logiciels à tout faire ? Les algorithmes d’aide à la décision en matières médicale et judiciaire. 29 mars 2017, Nantes, Maison de l'Avocat. Programme, inscription.  

Traitement algorithmique des activités humaines : le sempiternel face-à-face homme/machine

"Traitement algorithmique des activités humaines : le sempiternel face-à-face homme/machine", Céline Castets-Renard, Cahiers Droit, Sciences & Technologies, p.239-255, 2016

Cyber Strategy & Policy: International Law Dimensions

"Cyber Strategy & Policy: International Law Dimensions". Testimony Before the Senate Armed Services Committee, Matthew C. Waxman, Liviu Librescu Professor of Law, Columbia Law School Co-Chair, Columbia Data Science Institute Cybersecurity Center, March 2, 2017, 6 pages. 

Monday, March 6, 2017

Statement of GEN (Ret) Keith B. Alexander on Cyber Strategy and Policy

Prepared Statement of GEN (Ret) Keith B. Alexander on Cyber Strategy and Policy before the Senate Armed Services Committee, March 2, 2017, 5 pages. 

Cyber Deterrence - Statement Before the Armed Services Committee, United States Senate

Cyber Deterrence - Statement By Dr. Craig Fields Chairman, Defense Science Board And Dr. Jim Miller Member, Defense Science Board Former Under Secretary of Defense (Policy), March 2, 2017, 9 pages

Martin Libicki Testimony presented before the House Armed Services Committee on March 1, 2017.

Singapour - nouvelle organisation de cyber défense

Singapour annonce la création d'une nouvelle entité de cyberdéfense au sein de ses forces armées (DCO - Defence Cyber Organization), venant compléter l'organisation actuelle (Cyber Security Operations Centre 2.0 initiative; Cyber Defence Operations Hub...) Le DCO comptera 2600 hommes, et sera organisé en 4 composantes: la Cyber Security Division (opérationnel), le Policy and Plans Directorate (développer les capacités), le Cyber Security Inspectorate (évaluer les vulnérabilités), le Cyber Defence Group.  Plus d'information... 

Horizon 2020 Sécurité et SHS: journée d'information 27 mars 2017

Horizon 2020 Sécurité. Matinée d'information. Lundi 27 mars 2017. Paris. "Appels d'Horizon 2020 Sécurité avec SHS prépondérantes".  Interventions sur les thèmes: cybercriminalité, criminalité financière, frontières, vie privée, identité numérique, etc. 

Avant-programme et inscriptions.

Scénarios pour un monde d'objets connectés: mieux vaut en rire?

"I think we all find it comfortable if our refrigerators re-order milk in the future, … but it might be disturbing of the milk starts ordering refrigerators after a hack attack.” (source de la citation, page 7).

Les compteurs électriques "intelligents" surestiment largement la consommation réelle des foyers. Selon une étude menée par l'Université de Twente (Pays-Bas). 

Saturday, March 4, 2017

ICCWS 2018 - Call for Papers

ICCWS 2018 - Call for Papers. Abstracts submission deadline: 17 August 2017. Topics: cyber warfare, cyber crime, cyber defence, etc. The conference will be held in Washington DC, USA. 

UCLAN Conference on cybercrime

UCLAN Conference on cybercrime, 3-4 July 2017, Lancashire, UK. Abstract submission deadline: 30th April 2017. 

ICCCIS 2017 - Call for Contributions

ICCCIS 2017: 19th International Conference on Cyber Crime and Information Security. May 25-26, 2017, London. Call for contributions: deadline March 20, 2017. 

Cyber Security Summer School - Estonia - July 10-14, 2017

Cyber Security Summer School - Tallinn, Estonia - July 10-14, 2017. 

A main focus on this year's Cyber Security Summer School will be social engineering. With experts from all faculties, including computer science, law, criminology, forensics and psychology, the Summer School tries to give an impression on how and why social engineering works, how to prevent social engineering and how to find evidence for social engineering attacks. 
Cyber Security Summer School 2017 is organised by Information Technology Foundation for Education (Estonia), Tallinn University of Technology (Estonia), Ravensburg-Weingarten University of Applied Sciences (Germany), the University of Adelaide (Australia), the University of Tartu (Estonia), and supported by Estonian Ministry of Education and Research. 

Ecole d'été Defence Security Cyber (DSC) 26-29 juin 2017

Ecole d'été Defence Security Cyber 26-29 juin 2017. L’Initiative d’Excellence (IdEx Bordeaux) et le Forum Montesquieu de l’université de Bordeaux organisent en juin 2017 la troisième session de l’International Summer School « Defence Security Cyber » (DSC). Programme, inscriptions...

Thursday, March 2, 2017

AJIC Call for Submissions: 2017 Thematic Section on Cyber Security

AJIC Call for Submissions: 2017 Thematic Section on Cyber Security. The African Journal of Information and Communication (AJIC) is seeking submissions for a 2017 Thematic Section on Interdisciplinary Cyber Security Studies. 

Submission deadline: 30 April 2017

Submissions: Submit to Dr Kiru Pillay: kiru2010@gmail.com

Text of the call

Peter W. Singer Hearing on “Cyber Warfare in the 21st Century: Threats, Challenges, and Opportunities”

Peter W. Singer Hearing on “Cyber Warfare in the 21st Century: Threats, Challenges, and Opportunities”, Before the House Armed Services Committee March 1, 2017, 13 pages

Stratégie nationale de cybersécurité 2017-2022 - Pologne

La Pologne a publié sa nouvelle stratégie nationale de cybersécurité, pour la période 2017-2022. Le document est disponible ici (Strategia Cyberbezpieczeństwa Rzeczypospolitej Polskiej na lata 2017 - 2022) 

«Section 702 of the Foreign Intelligence Surveillance Act», Testimony of Jeff Kosseff

« Section 702 of the Foreign Intelligence Surveillance Act », Testimony of Jeff Kosseff, The United States House of Representatives Judiciary Committee, March 1, 2017, 12 pages. 

Cyber-Resilience: Seven Steps for Institutional Survival

"Cyber-Resilience: Seven Steps for Institutional Survival", by William Arthur Conklin et Dan Shoemaker, EDPACS Journal, pp.14-22, March 2017.  
Le thème de la résilience est d'actualité, à la mode dirons-nous, venant ainsi ajouter aux longs débats sur la dissuasion ou l'attribution. 

An Uneven Playing Field: The Advantages of the Cyber Criminal vs. Law Enforcement-and Some Practical

"An Uneven Playing Field: The Advantages of the Cyber Criminal vs. Law Enforcement-and Some Practical", SANS Institute, 2002, 17 pages. Cet article qui date de 2002 évaluait la nature du déséquilibre existant entre cybercriminels et forces de police et justice, à l'avantage des premiers. Le texte pourra être relu à la lumière de 15 années d'expérience. Force est de constater que les quelques recettes formulées alors, et toujours d'actualité, pour limiter la puissance de la cybercriminalité, n'ont guère porté leurs fruits (les statistiques font chaque année état d'une hausse exponentielle du crime): former les personnels de la justice, de la sécurité, des directions; adapter la loi; coopération (public-privé, mais aussi au sein des institutions et divers niveaux de l'organisation des Etats, du pouvoir central aux régions; sensibilisation du public...) 

Wednesday, March 1, 2017

Speech TALLINN MANUAL 2.0 – Minister Koenders

Discours du Ministre Koenders (13 février 2017) à l'occasion de la parution du Manuel de Tallinn version 2.0 (publié par Cambridge University Press). " ... cyberspace is not simply a jungle, where the strong do what they want and the weak suffer what they must. The law applies there just as it does elsewhere. Especially in times of tension and conflict, the law should not be silent."

"Cyberspace in Peace and War" by Martin Libicki

"Cyberspace in Peace and War" by Martin Libicki, Naval Institute Press, 2016, 496 pp. Reviewedby: David Benson