Dr. Richard B. Andres of the National War College has just published a new piece for Foreign Policy on cyber militias. Thought I would share:

(unfortunately, you'll have to log on to FP via Google/Facebook in order to read the whole thing, but here are some choice snippets)


This month, after nearly six months of persistent attacks, cybersecurity experts have largely concluded that al-Qassam is a front organization created to screen an Iranian cyberassault on the U.S. financial system...Whether or not the new NIE references the al-Qassam-Iran campaign, the attack is representative of a technique countries are increasingly using to strike at the United States and other countries -- one that has so far proven nearly impossible to defend against or deter. The stratagem involves surreptitiously building autonomous citizen hacker groups and using them to deflect responsibility for attacks originating directly or indirectly from the state sponsor.
In order to empower cyber-militias, states must facilitate their ability to obtain cyberweapons and create institutions that reduce evidence of state control. Because reducing evidence of state control generally requires reducing actual state control, militias usually have some real level of autonomy. In an earlier age, when the worst damage cyber-militias could do involved defacing webpages and conducting minor denial of service attacks, this had limited implications for international security. In the post-Stuxnet era, however, it is conceivable that organized and empowered non-state actors could damage nuclear power plants, air traffic control systems, gas pipelines, banking systems, or electric grids.