Research

Austen D. Givens, Max Gorbachevsky, and Anita C. Biernat, “How Putin’s cyberwar failed in Ukraine,” Journal of Strategic Security 16, no. 2 (Summer 2023), pp. 96-121

Abstract: As Russian military forces surged across the Ukrainian border in February 2022,
cybersecurity analysts shared predictions about the ways in which the Russian government
would use cyberattacks to thwart Ukrainian defenses. Some government agencies and
private sector organizations forecast that the Russians would launch a blitz of devastating
electronic attacks against Ukrainian critical infrastructure targets, such as electrical power
plants and air traffic control networks, crippling the country. While Russian cyberattacks
have played a role in the conflict, their effects to date have been significantly less than
what some analysts anticipated. But why? This article examines how analysts’ most
extreme predictions about Russia’s use of cyberattacks in Ukraine missed the mark, links
these findings to the literatures on military and intelligence forecasting, and offers
recommendations for additional research.

Download as PDF

Austen Givens, Nikki Sanders, and Corye J. Douglas, “Forecasting Iranian Government Responses to Cyberattacks,” Journal of Advanced Military Studies 13, no. 1 (Spring 2022), pp. 219-237

Abstract: Extant scholarship on Iranian cyber warfare emphasizes the ways in which Tehran’s cyber capabilities might be employed offensively to achieve its foreign policy objectives. Comparatively little attention, however, has been given to the ways in which Iran might leverage these same cyber assets in retaliatory strikes. This article argues that because of the unique combination of endogenous and exogenous variables affecting contemporary Iran, including diplomatic isolation and economic sanctions, as well as Iran’s historical track record of carrying out its foreign policy through proxies, Iranian cyber retaliation is likely to be executed through third parties, mostly symbolic in nature, and proportionate in scale.

Download as PDF

Austen D. Givens, Nathan E. Busch, and Alan D. Bersin, “Going Global: The International Dimensions of U.S. Homeland Security Policy,” Journal of Strategic Security 11, no. 3 (2018), pp. 1-34

Abstract: Scholarship examining U.S. homeland security policy proceeds from the assumption that homeland security policy-making is a largely domestic—that is, United States-centric—endeavor. This article challenges that assumption. The mission of the Homeland Security Enterprise is domestic security but achieving a satisfactory state of preparation, prevention, response, recovery and resilience requires efforts that extend beyond our boundaries. We argue that advances in technology and globalization have accelerated the degree to which global events directly and indirectly influence U.S. homeland security. Contemporary threats do not recognize national boundaries; efforts to counter them, accordingly, must transcend border lines as well. In this article, we present evidence from the homeland security sub-fields of border security, counterterrorism, cybersecurity, public health, and disaster management to show that U.S. homeland security policy is now inherently transnational in nature and therefore best analyzed and understood by taking a broader, global perspective.

Download as PDF

Austen D. Givens, “Strengthening Cyber Incident Response Capabilities through Education and Training in the Incident Command System,” National Cybersecurity Institute Journal, 2, no. 3 (December 2015), pp. 65-75.

Abstract: Supervisory Control and Data Acquisition (SCADA) systems control innumerable industrial processes that affect large segments of U.S. critical infrastructure, from regulating the flow of water through dams to calibrating the electrical currents in power substations located in residential neighborhoods. Historical evidence demonstrates that electronic attacks on SCADA systems can physically damage them. This can trigger consequences that must be simultane-ously addressed by Computer Security Incident Response Teams (CSIRTs) and traditional first responders. This article advances a two-part argument: first, that the Incident Command System (ICS) offers a compelling means to strengthen cyber incident responses by integrating CSIRTs and first responders involved in SCADA incidents into a cohesive organizational structure; and second, that cybersecurity curricula in academic and professional training settings should therefore incorporate ICS education in order to increase the probability of effective incident responses involving CSIRTs and first responders in the future.

Download as PDF

Austen D. Givens and Nathan E. Busch, “Integrating Federal Approaches to Post-Cyber Incident Mitigation,” Journal of Homeland Security and Emergency Management 10, no. 1 (July 2013), pp. 1–28.

Abstract: This article argues that the federal government lacks a cohesive approach to post-cyber incident mitigation – that is, the closing of vulnerabilities that become apparent during and after a cyber incident. To begin addressing this gap in cybersecurity capabilities, greater legal, cultural, and technological integration among the Department of Defense, Department of Homeland Security, and US Intelligence Community would be helpful in achieving a more unified strategy in post-cyber incident mitigation.

Download as PDF

Austen D. Givens and Nathan E. Busch, “Information Sharing and Homeland Security: The Role of Public-Private Partnerships,” Homeland Security Review 7, no. 2 (Summer 2013), pp. 1–28.

Abstract: Since the terrorist attacks of September 11th, 2001 there is increasing recognition that businesses and government have important roles in sharing homeland security information. And today the public and private sectors are sharing information—lots of it. Countless daily reports, briefings, bulletins, and news items sound a steady drumbeat of threat information for homeland security analysts. But despite these positive steps, much important work remains. This article argues that efforts to correct the information sharing failures of 9/11 have not alleviated a trust deficit that exists between the public and private sector. Moreover, post-9/11 changes have also inadvertently created new information sharing problems, including information overload for homeland security analysts and a decline in information quality. The challenge for public-private partnerships in homeland security now is to build cross-sector trust, control the flow of information, and manage information quality for decision-makers in government and business.

Download as PDF

Nathan E. Busch and Austen D. Givens, “Achieving Resilience in Disaster Management: The Role of Public-Private Partnerships,” Journal of Strategic Security 6, no. 2 (June 2013), pp. 1–19.

Abstract: This article examines the current status of public-private partnerships in disaster management, as well as the emerging opportunities and challenges that need to be addressed for these partnerships to achieve their full potential. The article begins with a systematic overview of the strategic, operational, and tactical effects of public-private partnerships in disaster management today and describes how these effects can increase societal resilience. Next, the article discusses several of the emerging opportunities and challenges that these partnerships will have to work through in the coming years. The article concludes with a set of policy recommendations to enhance the efficiency and effectiveness of public-private partnerships in disaster management.

Download as PDF

Austen D. Givens and Nathan E. Busch, “Realizing the Promise of Public-Private Partnerships in US Critical Infrastructure Protection,” International Journal of Critical Infrastructure Protection 6, no. 1 (March 2013), pp. 39–50.

Abstract: To date, much attention has focused on the advantages of public-private partnerships for critical infrastructure protection in the United States. These include reducing the duplication of effort, enhancing cross-sector communication, increasing efficiency, and ultimately achieving the protection objectives better than government or business acting independently. The benefits suggest that public-private partnerships will be a significant and enduring part of critical infrastructure protection initiatives in the United States. However, we argue that a pattern is emerging that may lead to a fracture between the appearance and the reality of public-private partnerships in U.S. critical infrastructure protection. Although some research has focused on specific challenges in this domain of U.S. homeland security, comparatively little attention has been paid to thinking through the issues facing critical infrastructure protection as a whole. We maintain that unless concrete steps are taken to bolster public-private partnerships in critical infrastructure protection, they will be much less effective than hoped for by U.S. homeland security analysts.

Download as PDF

Nathan E. Busch and Austen D. Givens, “Public-Private Partnerships in Homeland Security: Opportunities and Challenges,” Homeland Security Affairs 8, Article 18 (October 2012), pp.1–23.

Abstract: Public-private partnerships are a major issue of discussion in businesses and government agencies concerned with homeland security. However, this issue has received a much less thorough treatment in scholarly literature on homeland security. This article begins to fill a gap in homeland security scholarship by identifying the essential role that public-private partnerships are now taking in homeland security and by examining opportunities and challenges for this transformative shift in the field. The article begins by contextualizing our argument within recent scholarship, and tracing the development of public-private partnerships in homeland security. The article then examines the growing role of public-private sector partnerships in homeland security. The article concludes by discussing ongoing challenges that will need to be considered and addressed for public-private partnerships to be successful over the long term.

Download as PDF

Austen Givens, “A Systems-Based Approach to Intelligence Reform,” Journal of Strategic Security 5, no. 12 (Spring 2012), pp. 63–84.

Abstract: The terrorist attacks of September 11, 2001 prompted the most comprehensive changes to the U.S. Intelligence Community (IC) since its creation via the National Security Act of 1947. Recent structural and organizational reforms, such as efforts to enhance information sharing and recruit speakers of hard-target languages, have also triggered new challenges to successful transformation. In light of the systemic problems facing the IC, this paper argues that systems engineering, a discipline increasingly useful in organizational change, offers a more efficient, holistic approach to the intelligence reform process than the status quo. Systems engineering views the IC as an integrated and interdependent system, whose value is primarily realized through the relationship among its components. The author makes the case that a systems-based approach to intelligence reform can enhance effectiveness while reducing the risk of unintended consequences.

Download as PDF