annapagnacco.com

on thesis #1

so. thesis 1 has been turned in, to be discussed soon.

i did, in fact, stray pretty far from the original idea (as discussed in the post below), mostly as i realised that this original insight was 1) not particularly relevant to the curriculum i would have graduated with and 2) closely associated with a more relevant line of inquiry, i.e. the one i ended up picking.

thesis proposal (approved!)

i haven’t put it all up yet, mostly because i harbour delusions of publishing a couple papers based on it. below is the final table of contents.

looking forward to getting absolutely skewered.

A Bomb under Every Bridge:
The Role of Persistence and Prepositioning in Cyber Deterrence

  1. INTRODUCTION
  2. METHODS: CASE STUDIES
    • Prepositioning and/or persistence through direct cyber means
    • Prepositioning and/or persistence through software supply chains
    • Prepositioning and/or persistence through kinetic means
    • Prepositioning and/or persistence in non-cyber, non-kinetic ways
  3. LITERATURE REVIEW
    • ESTABLISHING THE RELEVANCE OF PREPOSITIONING AND PERSISTENCE
    • TECHNICAL MODELS CONNECTED TO PREPOSITIONING AND PERSISTENCE
      • Lockheed Cyber Killchain
      • Diamond model
      • MITRE ATT&CK
      • OSI model
    • CYBER DETERRENCE LITERATURE
      • Cyber deterrence – first understanding
      • Cyber deterrence – second understanding
  4. HYPOTHESIS
    • DEFINING TERMS
      • Defining deterrence and deterrent
        • Choosing an understanding of cyber deterrence
        • Deterrence on a spectrum: deterrents rather than absolute deterrence
        • The role of uncertainty
        • State or nonstate actors?
      • Requirements for the definitions of prepositioning and persistence
      • Defining persistence
      • Defining prepositioning
    • HYPOTHESIS FORMULATION
      • On cyber deterrence
      • The relationship between persistence and deterrence
      • The relationship between prepositioning and deterrence
  5. CASE STUDIES
    • PREPOSITIONING AND/OR PERSISTENCE THROUGH DIRECT CYBER MEANS
      • Case study 1. Volt Typhoon
        • Brief overview
        • Analysis – I. On the role of prepositioning as a deterrent
        • Analysis – II. On the two conceptions of cyber deterrence
        • Analysis – III. Uncertainty and signalling in prepositioning as a deterrent
        • Summation
      • Case study 2. Salt Typhoon
        • Brief overview
        • Analysis – I. On the role of persistence as deterrent
        • Analysis – II. On the two conceptions of cyber deterrence
        • Summation
    • PREPOSITIONING AND/OR PERSISTENCE THROUGH SOFTWARE SUPPLY CHAINS
      • Case study 3. SUNBURST / Solarwinds
        • Brief overview
        • Analysis – I. On the role of persistence as deterrent
        • Analysis – II. On counterintelligence
        • Analysis – III. On the role of uncertainty
        • Analysis – IV. On an element of prepositioning
        • Summation
      • Case study 4. XZ Utils backdoor
        • Brief overview
        • Analysis – I. Prepositioning and social engineering
        • Analysis – II. Software dependencies, open source development, and SBOMs
        • Summation
      • Case study 5. Log4Shell
        • Brief overview
        • Analysis – I. On the potential gravity of persistence
        • Analysis – II. On the role of persistence and uncertainty in deterrence
        • Summation
    • PREPOSITIONING AND/OR PERSISTENCE THROUGH KINETIC MEANS
      • Case study 6. Supermicro
        • Brief overview
        • Analysis – I. Prepositioning and deterrence
        • Analysis – II. Persistence and deterrence
        • Analysis – III. Uncertainty and deterrence
        • Summation
      • Case study 7. Hezbollah’s exploding pagers
        • Brief overview
        • Analysis – I. On persistence, deterrence and uncertainty
        • Analysis – II. On prepositioning and deterrence
        • Summation
    • PREPOSITIONING AND/OR PERSISTENCE IN NON-CYBER, NON-KINETIC WAYS?
      • Case study 8. New IP and Internet Protocol standardisation
        • Brief overview
        • Analysis – On persistence
        • Analysis – On prepositioning
        • Summation
  6. DISCUSSION
    • HYPOTHESIS TESTING
      • On cyber deterrence
      • On cyber persistence
      • On cyber prepositioning
    • INTERPRETATION
      • A bomb under every bridge
      • The role of uncertainty
      • Clandestine activity
      • The view from the other side: Chinese cyber deterrence doctrine
  7. CONCLUSION
  8. BIBLIOGRAPHY

Posted

in

, , ,

by

anna

Tags:

, ,