On Cyberwarfare

DCAF HORIZON 2015 WORKING PAPER No.
7
On Cyberwarfare
Fred Schreier
DCAF HORIZON 2015 WORKING PAPER No. 7
On Cyberwarfare
Fred Schreier
DCAF HORIZON 2015 WORKING PAPER 5
Table of Contents
On Cyberwarfare 7
1. The Basic Building Blocks: Cyberspace, Cyberpower,
Cyberwarfare, and Cyberstrategy 10
2. The Difference between Information Warfare
and Cyberwarfare 19
3. Understanding the Threats in Cyberspace 31
4. Cyber Vulnerabilities and how Cyber Attacks
are Enabled 48

5. Major Issues, Ambiguities, and Problems of Cyberwar 68
Annex 1: In which Ways is Cyberwar different from
the other Warfighting Domains? 93
Annex 2: Summary of major Incidents of Cyber Conflict 107
Glossary 116
Select Bibliography 121

6 DCAF HORIZON 2015 WORKING PAPER
On Cyberwarfare
The digilaI voiId has lioughl aloul a nev lype of cIeai and piesenl dangei:
cyleivai. Since infoinalion lechnoIogy and lhe inleinel have deveIoped lo such an
exlenl lhal lhey have lecone a najoi eIenenl of nalionaI povei, cyleivai has lecone
lhe diunleal of lhe day as nalion-slales aie aining lhenseIves foi lhe cylei lallIespace.
Many slales aie nol onIy conducling cylei espionage, cylei ieconnaissance and pioling
nissions, lhey aie ciealing offensive cyleivai capaliIilies, deveIoping nalionaI
slialegies, and engaging in cylei allacks vilh aIaining fiequency. IncieasingIy, lheie
aie iepoils of cylei allacks and nelvoik inhIlialions lhal can le Iinked lo nalion-slales
and poIilicaI goaIs. Whal is lIalanlIy appaienl is lhal noie hnanciaI and inleIIecluaI
capilaI is leing spenl hguiing oul hov lo conducl cyleivaifaie lhan foi endeavois
aining al hov lo pievenl il.
1
In facl, lheie is a slunning Iack of inleinalionaI diaIogue
and aclivily vilh iespecl lo lhe conlainnenl of cyleivai. This is unfoilunale, lecause
lhe cylei donain is an aiea in vhich lechnoIogicaI innovalion and opeialionaI ail
have fai oulsliipped poIicy and slialegy, and lecause in piincipIe, cyleivaifaie is a
phenonenon vhich in lhe end nusl le poIilicaIIy consliained.
Many pioninenl aulhois see a vai leing vaged in cyleispace loday - a facl
nol undispuled ly lhose vho lhink lhal lhe lhieal of cyleivai has leen giossIy
exaggeialed.
2
Cyleispace is incieasingIy used as a lhealei of conicl as poIilicaI,
econonic, and niIilaiy conicls aie evei noie oflen niiioied ly a paiaIIeI canpaign
of hosliIe aclions on lhe inleinel. Allacks can iapidIy go gIolaI as coveilIy acquiied
oi hacked conpuleis and seiveis lhioughoul lhe voiId aie kicked inlo seivice, vilh
lhe iesuIl lhal nany nalions aie quickIy diavn in. And il is in lhis conlexl lhal lhe
lein 'cyleivai has lecone a fiequenlIy used luzzvoid lo iefei lo any kind of
conicl in cyleispace vilh an inleinalionaI dinension. Such a lioad use of lhe lein,
hovevei, is nol heIpfuI, pailicuIaiIy nol in viev of lhe facl lhal lhe difhcuIlies in
deleinining lhe oiigin and naluie of lhe allack, and assessing lhe danage incuiied,
aie lhiee of lhe najoi piolIens encounleied vilh cylei allacks. Whal is iequiied
inslead is a concepluaI calegoiizalion of lhe vaiious foins of conicl in cyleispace as
a piecondilion foi assessing lhe dangei lhey pose and lhe polenliaI danage lhey can
cause.
This is vhal lhis conliilulion viII liy lo do. The ain is lo exanine lioad
cyleivaifaie issues: vhal cyleivai neans, vhal il enlaiIs, and vhelhei lhieals
1 Lxacl hguies aie haid lo pin dovn. WhiIe ludgels foi cyleisecuiily aie ieadiIy avaiIalIe, foi lhe UK, foi exanpIe, il viII
giov ly sone 65O niIIion ovei lhe nexl foui yeais, lhose foi offensive aclivilies aie aII cIassihed and, in lhe case of lhe UK,
conlained in lhe SingIe InleIIigence Accounl, vhich piovides foi 2O11-12 2.1 liIIion funding foi lhe Secuiily Seivice, lhe
Seciel InleIIigence Seivice and lhe CCHQ. The US DoD piovided Congiess vilh lhiee diffeienl vievs of ils cyleisecuiily
ludgel eslinales foi hscaI yeai 2O12 ($2.3 liIIion, $2.8 liIIion, and $3.2 liIIion iespecliveIy). These do nol incIude cosls foi
offensive opeialions, vhich aie funded fion lhe nalionaI inleIIigence and niIilaiy inleIIigence piogian ludgels.
2 See: Maic Rolhenleig & iuce Schneiei, The cylei vai lhieal has leen giossIy exaggeialed, AiIinglon, InleIIigence Squaied
U.S., 8 }une 2O1O.

can delei il oi defense can niligale ils effecls. Ils focus is on cyleivaifaie aclivilies
sponsoied ly nalion-slales. (1) The lasic luiIding lIocks of lhe suljecl aie piesenled:
cyleispace, cyleipovei, cyleivaifaie, and cyleislialegy. (2) The dislinclion viII
le nade lelveen cyleivai and infoinalion vaifaie, lhe Iallei a concepl of nuch
videi scope, foIIoved ly lhe piesenlalion of lhe eIenenls lhal seen lo nake cyleivai
alliaclive. (3) The najoi piolIens aie Iisled lhal deiive fion lhe naluie of cyleispace
- undeislanding lhe cylei lhieal. (4) The cylei vuIneialiIilies aie addiessed lhal
shov hov cylei allacks aie enalIed. (5) Sone of lhe najoi issues, anliguilies, and
piolIens of cyleivai viII le discussed, shoving lhe use and Iinils of povei in
cyleispace. In Annex 1, ve viII shov in vhich vays cyleivaifaie is diffeienl fion
lhe olhei vaihghling donains, and in Annex 2 ve piesenl a sunnaiy of sone of lhe
najoi inslances of cylei conicl.
Il is inpoilanl lo poinl oul lhal olhei kinds of cylei allacks lake pIace ieguIaiIy,
vhich aie nuch noie fiequenl lhan slale-sponsoied aclivilies.
3
These aie connilled
ly hackeis lhal have expeilise in soflvaie piogianning and nanipuIalion. They
concenliale lheii aclions on expIoiling lhe inliicacies of conpulei nelvoiks. Sone
hackeis aie slale-sponsoied and peifoin IavfuI aclivilies, lul sone aie nol. olh kinds
can le insliunenlaI in lhe conducl of cyleivaifaie. When cyleivaifaie opeialois
conducl cylei allacks foi aulhoiized slale-sponsoied allacks and use IegaI neans,
lhey aie consideied lo le IegaI hackeis. LegaI hackeis conducl cyleispace opeialions
undei IegaI aulhoiily foi IegaI puiposes vilh no adveisaiiaI inlenl. Ioi exanpIe,
cylei secuiily expeils deIileialeIy hack inlo conpulei nelvoiks lo hnd inheienl
veaknesses. Menleis of lhe ained foices and goveinnenl inleIIigence seivices aIso
deIileialeIy hack inlo niIilaiy conpulei nelvoiks lo hnd vuIneialiIilies, and lo lesl
defensive and offensive aliIilies. These hackeis aie eilhei indusliy oi goveinnenl-
sponsoied and aie nol hacking foi peisonaI gain. If hackeis aie allenpling lo gain
access inlo conpulei nelvoiks foi lhe sake of poIilicaI gain, il can le pail of a slale-
sponsoied canpaign. Whal deleinines lhe IegaIily of lhese opeialions is inlenl.
Olhei kinds of cylei allacks lhal lake pIace ieguIaiIy and vhich aie nuch
noie fiequenl lhan slale-sponsoied aclivilies aie unaulhoiized allenpls lo access
conpuleis, conpulei conlioIIed syslens, oi nelvoiks. Hovevei, lhese viII nol le
addiessed in lhis essay. Such aclivilies can iange fion sinpIy penelialing a syslen
and exanining il foi lhe chaIIenge, lhiiII, oi inleiesl, lo enleiing a syslen foi ievenge,
lo sleaI infoinalion, cause enlaiiassnenl, exloil noney, oi cause deIileiale IocaIized
hain lo conpuleis oi danage lo Iaigei ciilicaI infiasliucluies. Anong lhese cylei
allacks lhiee foins can le dislinguished: cylei vandaIisn, cylei ciine, and cylei
espionage. The ieaIn foi lhe iesoIulion of lhese allacks noinaIIy Iies in Iav enfoicenenl
and judiciaI syslens, and IegisIalive ienedy vheie necessaiy.
Cylei vandaIisn is 'cylei hacklivisn, vhich is a connon lein foi hackeis
vho use iIIegaI digilaI looIs in puisuil of poIilicaI ends.
4
Hacklivisls cause danage
3 See: Cylei Secuiily: The Road Ahead, DCAI Hoiizon 2O15 Woiking Iapei Seiies (4), Ceneva, Ceneva Cenlie foi lhe
Denocialic ConlioI of Ained Ioices, 2O11.
4 These looIs incIude velsile defacenenls, iediiecls, deniaI of seivice allacks, naIvaie, infoinalion lhefl, velsile paiodies,
lhiough viiluaI nodihcalion oi desliuclion of conlenl ly hacking velsiles and
disiupling oi disalIing seiveis ly dala oveiIoad. Sone conducl cylei opeialions on
lehaIf of peisonaI poIilicaI causes such as lhe enviionnenl, hunan iighls, and aninaI
iighls. Cylei vandaIisn, sonelines aIso caIIed 'cylei hooIiganisn, is lhe nosl
videspiead foin of cylei conicl and gaineis a gieal deaI of pulIic allenlion. The
effecls of such incidenls aie, hovevei, geneiaIIy Iiniled in line and noie oflen jusl a
ieIaliveIy hainIess annoyance.
Cylei ciine oi Inleinel ciine, undeilaken foi ciininaI gain, is laking pIace
ieguIaiIy and independenlIy of conicls. Cyleiciine piovides an enviionnenl in
vhich allack lechniques can le iehned: Il is lhe Ialoialoiy vheie lhe naIicious
payIoads and expIoils used in cyleivaifaie aie deveIoped, lesled, and iehned.
5

Diiecled piinaiiIy againsl lhe hnanciaI syslen, lhese iIIegaI acls seek lo exloil oi
exliacl noney. The nain viclins aie lhe lanking secloi, hnanciaI inslilulions, and
lhe coipoiale secloi. Coveinnenl nelvoiks vilh cIassihed dala aie aIso affecled,
lul aie laigeled Iess oflen. Though il is difhcuIl lo gel undispuled dala, lhe gIolaI
cosls of cyleiciine aie enoinous and eslinaled lo Iie in lhe iange of US$ 1 liiIIion
annuaIIy,
6
lhus noie lhan lhe gains fion diug liafhcking. A sludy ly lhe UK Calinel
Ofhce suggesls lhal cyleiciine cosls lhe UK aIone 27 liIIion annuaIIy, 2.2 liIIion
lo goveinnenl, 3.1 liIIion lo individuaIs, and ly fai lhe Iaigesl poilion, 21 liIIion,
lo indusliy, in lhe foin of lhefl of inleIIecluaI piopeily, cuslonei dala and piice-
sensilive infoinalion.
7
Cylei espionage is a iouline occuiience and an expansion of liadilionaI effoils
lo coIIecl infoinalion on an opponenls seciels, inlenlions, and capaliIilies. Il consisls
of lhe seaich foi access lo cIassihed, peisonaI oi coipoiale dala, inleIIecluaI piopeily,
piopiielaiy infoinalion and palenls, oi iesuIls fion ieseaich and deveIopnenl
piojecls, foi ieconnaissance, pioling, and lesling of infoinalion and connunicalions
lechnoIogy (ICT) defenses, and cIandesline nanipuIalion of dala, infoinalion and
ciilicaI infiasliucluie foi vai piepaialion. The ieluin on inveslnenl foi laigeling
sensilive infoinalion can le exlieneIy high conpaied lo lhe skiIIs and lechnoIogy
iequiied lo peneliale lhe syslens, vhich aie ieIaliveIy Iov.
8
And acls of cylei espionage
can le as nuch oi noie peivasive lhan acls of cyleivaifaie, as lhe pulIicalion of
25O,OOO cIassihed US enlassy calIes in Novenlei 2O1O ly WikiLeaks leslihed.
viiluaI sil-ins, viiluaI salolage, and soflvaie deveIopnenl.
5 }effiey Caii, Inside Cylei Waifaie, Ciavenslein Highvay Noilh, SelaslopoI, CA, OReiIIy Media, Inc., 2O1O, p. 5.
6 Seynoui M. Heish, The OnIine Thieal, The Nev Yoikei, 1 Novenlei 2O1O, p. 51, ciling Iiesidenl Olana vho, iefeiiing
lo coipoiale cylei espionage, said in a speech in May, 2OO9, Ils leen eslinaled lhal Iasl yeai aIone cylei ciininaIs sloIe
inleIIecluaI piopeily fion lusinesses voiIdvide voilh up lo one liiIIion doIIais. Accoiding lo lhe UKs NalionaI Secuiily
Slialegy 2O1O, cyleiciine has leen eslinaled lo cosl as nuch as $1 liiIIion pei yeai gIolaIIy, vilh unloId hunan cosl. UK
Calinel Ofhce, A Sliong iilain in an Age of Unceilainly, p. 29.
7 Delica and Ofhce of Cylei Secuiily and Infoinalion Assuiance, The Cosl of Cyleiciine, London, Ieliuaiy 2O11.
8 LIeanoi Keynei, The cylei-vai, }anes Defence WeekIy, No. 39, 29 Seplenlei 2O1O, p. 24.

1. The Basic Building Blocks:
Cyberspace, Cyberpower,
Cyberwarfare, and
Cyberstrategy
A synoplic viev and conpiehension of lhe suljecl of cyleivai iequiie
faniIiaiizalion vilh lhe foui !"#$% !'$()$*+ !(,%-#: %.!/0#1"%/2 %.!/01,3/02 %.!/03"04"0/,
and %.!/0#50"5/+..
Cyberspace
Cyleispace, lhe noveI 5
lh
space of vaifaie aflei Iand, sea, aii, and space, is
aII of lhe conpulei nelvoiks in lhe voiId and eveiylhing lhey connecl and conlioI
via calIe, hlei-oplics oi viieIess. Il is nol jusl lhe Inleinel - lhe open nelvoik of
nelvoiks.
!
Iion any nelvoik on lhe Inleinel, one shouId le alIe lo connunicale
vilh any conpulei connecled lo any of lhe Inleinels nelvoiks. Thus, cyleispace
incIudes lhe Inleinel 1('# Iols of olhei nelvoiks of conpuleis,
"#
incIuding lhose lhal
aie nol supposed lo le accessilIe fion lhe Inleinel. Sone of lhose piivale nelvoiks
Iook jusl Iike lhe Inleinel, lul lhey aie, lheoielicaIIy al Ieasl, sepaiale. Olhei pails of
cyleispace aie liansaclionaI nelvoiks lhal do lhings Iike sending dala aloul noney
ovs, slock naikel liades, and ciedil caid liansaclions. In addilion, lheie aie lhe
nelvoiks vhich aie Supeivisoiy ConlioI and Dala Acquisilion (SCADA) syslens
lhal jusl aIIov nachines lo speak lo olhei nachines: conlioI paneIs laIking lo punps,
eIevalois, geneialois, elc. Thus, cyleispace is conposed of lhe nov lvo liIIion
conpuleis exisling, pIus seiveis, iouleis, svilches, hlei-oplic calIes, and viieIess
connunicalions lhal aIIov ciilicaI infiasliucluies lo voik.
Nuneious dehnilions of cyleispace exisl. Accoiding lo one such dehnilion
cyleispace is nol a physicaI pIace - il dehes neasuienenl in any physicaI dinension
oi line space conlinuun. Il is a shoilhand lein lhal iefeis lo lhe enviionnenl
ciealed ly lhe conuence of coopeialive nelvoiks of conpuleis, IT syslens, and
leIeconnunicalion infiasliucluies connonIy iefeiied lo as lhe WoiId Wide Wel.
""

9 The Inleinel is an open nelvoik of end poinls, devices, and conpulei nelvoiks lhal connunicale vilh each
olhei using lhe TCI oi II connunicalions piolocoI. Il is luiIl in an open, decenliaIized nannei, and fion
any end poinl in il il is possilIe lo connunicale vilh any olhei end poinl. CounlIess appIicalions have leen
ciealed on lop of lhis lasic design, and anong lhen aie lhose lhal aie inlended lo Iinil access, veiify idenlify,
enciypl infoinalion liansfeiied ovei lhe vel, veiify ieceipl of infoinalion, and so on.
1O Many nelvoiks have leen designed and luiIl in oidei lo caiiy oul dehned lasks. Ioi exanpIe: CIS, ACARS,
SWIIT, CSM CeIIuIai, and lhousands of olhei nission-specihc conpulei nelvoiks.
11 Thonas C. WingheId, The Lav of Infoinalion Conicl: NalionaI Secuiily Lav in Cyleispace, Aegis Reseaich
Coip., 2OOO, p. 17.
Ioi lhe US Depailnenl of Defense: cyleispace is a donain chaiacleiized ly lhe use
of conpuleis and olhei eIeclionic devices lo sloie, nodify and exchange dala via
nelvoiked syslens and associaled physicaI infiasliucluies.
"$
Ioi one veII infoined
expeil, cyleispace is an opeialionaI donain vhose dislinclive and unique chaiaclei
is fianed ly lhe use of eIeclionics and lhe eIeclionagnelic specliun lo cieale, sloie,
nodify, exchange, and expIoil infoinalion via inlei-connecled infoinalion and
connunicalion lechnoIogy-lased syslens and lheii associaled infia-sliucluies.
"%

AIieady lhese fev exanpIes iIIusliale lhe difhcuIly in dehning lhe lein, vhich nay
le one of lhe difhcuIlies in ciealing any lype of connon agieenenl anong slales as lo
hov inleinalionaI Iav shouId le appIied lo vaifaie conducled in cyleispace.
These nelvoiked and inleiconnecled infoinalion syslens ieside sinuIlaneousIy
in lolh physicaI and viiluaI space, and vilhin and oulside of geogiaphicaI loundaiies.
Theii useis iange fion nalion-slales and lheii conponenl oiganizalionaI eIenenls and
connunilies dovn lo individuaIs and anoiphous lians-nalionaI gioups vho nay nol
piofess aIIegiance lo any liadilionaI oiganizalion oi nalionaI enlily. They ieIy on lhiee
dislincl yel inleiieIaled effecls of lhiee dinensions: lhe 16.#$%"(2 lhe $*4,07"5$,*"(, and
lhe %,+*$5$8/. In lhe aggiegale, lhese conpiise lhe gIolaI infoinalion enviionnenl as
oulIined in lhe docliine foi Infoinalion Opeialions: lhe physicaI pIalfoins, syslens
and infiasliucluies lhal piovide +(,!"( %,**/%5$8$5. lo inleiconnecl infoinalion
syslens, nelvoiks, and hunan useis, lhe nassive anounls of $*4,07"5$,*"( %,*5/*5
lhal can le digilaIIy and eIeclionicaIIy senl anyvheie anyline lo viiluaIIy anyone,
and lhe 6'7"* %,+*$5$,* lhal iesuIls fion giealIy incieased access lo conlenl, vhich
can have a dianalic inpacl on hunan lehavioi and decision naking.
"&
Waifaie of lhe 21
sl
Cenluiy invoIving opponenls possessing even a nodicun
of nodein lechnoIogy is nol possilIe vilhoul access lo cyleispace. Nev opeialionaI
concepls such as 'Nelvoik Cenliic Waifaie
"'
in an 'infoinalionaIized lallIespace
vouId le inpossilIe vilhoul cylei-lased syslens and capaliIilies. The aliIily lo
iepiogian lhe laigeling dala vilhin a veapon on ils vay lo lhe laigel, lhen ieIy on
ieaI-line updales fion a CIS saleIIile lo pieciseIy sliike lhal laigel, is possilIe onIy
lhiough lhe use of cyleispace. Cyleispace exisls acioss lhe olhei donains of Iand, sea,
aii, and space and connecls lhese physicaI donains vilh lhe cognilive piocesses lhal
use lhe dala lhal is sloied, nodihed, oi exchanged. Hovevei, il is lhe use of /(/%50,*$%
5/%6*,(,+$/# lo cieale and 'enlei cyleispace, and use lhe eneigies and piopeilies of lhe
/(/%50,7"+*/5$% #1/%50'7 (LMS)
"(
lhal sels cyleispace apail fion lhe olhei donains,
and vhal nakes cyleispace unique.
")
12 }oinl Chiefs of Slaff, ]cin| Puo|ica|icn 1-02, Washinglon D.C., US Depailnenl of Defense, 12 ApiiI 2OO1.
13 DanieI T. KuehI, Iion Cyleispace lo Cyleipovei: Dehning lhe IiolIen, in IiankIin D. Kianei, Sluail
Slaii & Laiiy K. Wenlz, eds., Cqocrpcucr and Na|icna| Sccuri|q, Washinglon D.C., NalionaI Defense Univeisily
Iiess, Iolonac ooks, 2OO9.
14 Ilid.
15 The concepl of 'nelvoik cenliic vaifaie dales lo 1998. See: Ailhui K. Celiovski & }ohn }. Caislka, Nelvoik-
Cenliic Waifaie: Ils Oiigin and Iuluie, Uni|cd S|a|cs Nata| |ns|i|u|c Prccccdings, }anuaiy 1998.
16 Dehnilion of eIeclionagnelic specliun (LMS): The iange of fiequencies of eIeclionagnelic iadialion fion
zeio lo inhnily. Il is divided inlo 26 aIphalelicaIIy designaled lands, }I 1-O2.
17 KuehI, Iion Cyleispace lo Cyleipovei: Dehning lhe IiolIen, op. cil.

One chaiacleiislic of cyleispace is lhal $5 %"**,5 /9$#5 3$56,'5 !/$*+ "!(/ 5, /91(,$5
56/ *"5'0"((. /9$#5$*+ :;<. Wilhoul lhe LMS, nol onIy vouId niIIions of infoinalion
and connunicalions lechnoIogies (ICT) le unalIe lo connunicale vilh each olhei,
lul lhe ICTs lhenseIves vouId le unalIe lo funclion. Inlegialed ciicuils and olhei
nicioeIeclionic devices depend on eIeclions lo funclion. Iilei-oplic calIes aie nolhing
if lhey aie unalIe lo piopagale Iighl. Moieovei, ICT nelvoiks aie aIso dependenl upon
lhe nyiiad piopeilies of lhe LMS foi lheii essenliaI conneclivily via 0")$, 40/='/*%.
and 7$%0,3"8/#.
"*

A second chaiacleiislic is lhal %.!/0#1"%/ 0/='$0/# 7"*>7")/ ,!?/%5# 5, /9$#5,
vhich again nakes cylei-space unique vhen conpaied lo lhe Iand, sea, aii, and space
donain. Cyleispace vouId nol exisl veie il nol foi lhe aliIily of hunan leings lo
innovale and nanufacluie lechnoIogies capalIe of expIoiling lhe vaiious piopeilies
of lhe LMS.
A lhiid chaiacleiislic is lhal %.!/0#1"%/ %"* !/ %,*#5"*5(. 0/1($%"5/). Theie can le
as nany cyleispaces as one can possilIy geneiale. ul lheie is one poilion of lhe aii,
sea, oi Iand donain lhal is inpoilanl: lhe poilion lhal is conlesled. Wilh cyleispace,
hovevei, lheie can le nany in exislence al any one line - sone conlesled, sone nol.
In addilion, foi lhe nosl pail, notbinq is jinol in cyberspoce.
"!
And due lo ieIaliveIy
inexpensive and ieadiIy avaiIalIe haidvaie, @A #.#5/7# "*) */53,0-#2 $4 )"7"+/)2 %"*
!/ ='$%-(. 0/1"$0/) "*) 0/%,*#5$5'5/)B
$#

A foilh chaiacleiislic is lhal 56/ %,#5 ,4 /*50. $*5, %.!/0#1"%/ $# 0/("5$8/(. %6/"1.
The iesouices and expeilise iequiied lo enlei, exisl in, and expIoil cyleispace aie
nodesl conpaied lo lhose iequiied foi expIoiling lhe Iand, sea, aii, and space donains.
Ceneialing slialegic effecls in cyleispace does nol iequiie a ludgel of liIIions, Iaige
nunleis of nanpovei and veapons. Ralhei, nodesl hnanciaI oulIays, a snaII gioup
of nolivaled individuaIs, and access lo nelvoiked conpuleis can piovide enliy inlo
cyleispace. The chaiaclei of cyleispace, hovevei, is such lhal lhe nunlei of aclois
alIe lo opeiale in lhe donain and polenliaIIy geneiale slialegic effecl is /91,*/*5$"(
36/* %,71"0/) 5, 56/ ,56/0 ),7"$*#.
A fuilhei chaiacleiislic is lhal, foi lhe line leing, 56/ ,44/*#/ 0"56/0 56"*
56/ )/4/*#/ $# ),7$*"*5 $* %.!/0#1"%/, foi a nunlei of ieasons. Iiisl, defenses of IT
syslens and nelvoiks ieIy on vuIneialIe piolocoIs and open aichilecluies, and lhe
pievaiIing defense phiIosophy enphasizes lhieal deleclion, nol eIininalion of lhe
vuIneialiIilies.
$"
Second, allacks in cyleispace occui al gieal speed, pulling defenses
undei gieal piessuie, as an allackei has lo le successfuI onIy once, vheieas lhe defendei
18 David }. LonsdaIe, The Naluie of Wai in lhe Infoinalion Age: CIausevilzian Iuluie, London, Iiank Cass,
2OO5, pp. 179-2OO.
19 Mailin C. Lilicki, Ccnqucs| in Cqocrspacc. Na|icna| Sccuri|q and |nfcrna|icn larfarc, Nev Yoik, Canliidge
Univeisily Iiess, 2OO7, pp. 5-6.
2O Ilid., pp. 84-85.
21 See: Richaid A. CIaike & Roleil K. Knake, Cqocr lar. Tnc Ncx| Tnrca| |c Na|icna| Sccuri|q and lna| |c dc Aocu|
i|, Nev Yoik, Lcco, 2O1O, pp. 1O3-149.
has lo le successfuI aII lhe line. Thiid, iange is no Iongei an issue in cyleispace since
allacks can occui fion anyvheie in lhe voiId.
$$
Iouilh, lhe alliilulion of allacks is
pailicuIaiIy difhcuIl, vhich is conpIicaling possilIe iesponses.
$%
And hflh, nodein
socielys oveivheIning ieIiance on cyleispace is pioviding any allackei " 5"0+/5>
0$%6 /*8$0,*7/*5, iesuIling in gieal sliain on lhe defendei lo successfuIIy defend lhe
donain.
$&

Many considei cyleispace as lhe nevesl and nosl inpoilanl addilion lo lhe
+(,!"( %,77,*#, vhich conpiise foui donains: naiiline, aii, space, and nov cylei.
Maiiline and aii aie lhe inleinalionaI oceans and skies lhal do nol faII undei lhe
juiisdiclion of any nalion. Oulei space legins al a poinl alove lhe eailh vheie oljecls
ienain in oilil. And cyleispace is lhe LMS lhal enalIes digilaI piocessing and
connunicalions. The naiiline donain has leen used ly hunans foi niIIennia, aii foi
a cenluiy, and space foi six decades. Cyleispace as lhe nevesl and nosl inpoilanl of
lhe gIolaI connons has leen videIy avaiIalIe foi Iess lhan lhiily yeais, yel noie lhan
a quailei of lhe voiIds popuIalion nov uses il eveiy day, and lhal nunlei conlinues
lo expand. Thus, cyleispace has lecone lhe %/*5/0 ,4 +0"8$5. foi lhe gIolaIized voiId,
and foi nalions lhe cenlei of giavily nol onIy foi niIilaiy opeialions lul foi aII aspecls
of nalionaI aclivily, lo incIude econonic, hnanciaI, dipIonalic, and olhei liansaclions.
Cyleispace can aIso le seen as lhe C5/00"$*D ,4 5/%6*,(,+. 7/)$"5/) %,77'*$%"5$,*.
Reduced lo lasics, cyleispace is lhe pioveiliaI elhei vilhin and lhiough vhich
eIeclionagnelic iadialion is piopagaled in conneclion vilh lhe opeialion and conlioI
of nechanicaI and eIeclionic liansnission syslens. Moieovei, il is a nediun in vhich
infoinalion can le ciealed and acled on anyline, anyvheie, and ly essenliaIIy anyone.
Cyleispace is quaIilaliveIy diffeienl fion lhe sea, aii, and space donains,
./5 $5 !,56 ,8/0("1# "*) %,*5$*','#(. ,1/0"5/# 3$56$* "(( ,4 56/7. Moie inpoilanlIy,
il is lhe onIy donain in vhich aII insliunenls of nalionaI povei - dipIonalic,
infoinalionaI, niIilaiy, and econonic - can le concuiienlIy exeicised lhiough lhe
nanipuIalion of dala and galevays. }usl Iike lhe olhei connons, il is one in vhich
conlinued uninhililed access can nevei le laken foi gianled as a naluiaI and assuied
iighl. Weie uninpeded access lo lhe LMS denied lhiough hosliIe aclions, saleIIile
aided nunilions vouId lecone useIess, connand and conlioI nechanisns vouId
le disiupled, and lhe ensuing effecls couId le paiaIyzing. AccoidingIy, cyleispace
has lecone an eneiging lhealei of opeialions lhal undoulledIy viII le conlesled
in fuluie conicls. SuccessfuI expIoilalion of lhis donain lhiough nelvoik vaifaie
opeialions can aIIov an opponenl lo doninale oi hoId al iisk any oi aII of lhe gIolaI
connons. Yel uniqueIy anong lhe olhei lhiee, cyleispace is a donain in vhich lhe
22 Ciegoiy }. Ralliay, An LnviionnenlaI Appioach lo Undeislanding Cyleipovei, in Cqocrpcucr and Na|icna|
Sccuri|q, IiankIin D. Kianei. Sluail H. Slaii & Laiiy K. Wenlz, eds., DuIIas, VA, Iolonac ooks, 2OO9, 255-
256.
23 Susan W. iennei, Cqocr|nrca|s. Tnc |ncrging |au|| |incs cf |nc Na|icn S|a|c, Nev Yoik, Oxfoid Univeisily
Iiess, 2OO9.
24 Richaid A. CIaike & Roleil K. Knake, Cqocr lar, op. cil., 17O-175.

cIassic consliainls of dislance, space, line, and inveslnenl aie ieduced, sonelines
dianalicaIIy, lolh foi us and foi polenliaI enenies.
Cyberpower
Iovei lased on infoinalion iesouices is nol nev, cyleipovei is.
$'
WhiIe
cyleispace is lhe donain in vhich cylei opeialions lake pIace, cyleipovei is lhe sun
of slialegic effecls geneialed ly cylei opeialions in and fion cyleispace. Accoiding
lo one videIy used dehnilion, cyleipovei is lhe aliIily lo use cyleispace lo cieale
advanlages and inuence evenls in olhei opeialionaI enviionnenls and acioss lhe
insliunenls of povei.
$(
Ils slialegic puipose ievoIves aiound lhe aliIily in peace
and vai lo nanipuIale peiceplions of lhe slialegic enviionnenl lo ones advanlage
vhiIe al lhe sane line degiading lhe aliIily of an adveisaiy lo conpiehend lhal
sane enviionnenl. Tiansfoining lhe effecls of cyleipovei inlo poIicy oljeclives is
lhe ail and science of slialegy, dehned as nanaging conlexl foi %,*5$*'$*+ ")8"*5"+/
"%%,0)$*+ 5, 1,($%..
$)
asicaIIy, cyleipovei is lhe capaliIily lo conlioI IT syslens
and nelvoiks in and lhiough cyleispace. Cyleipovei is lhe use, lhiealened use, oi
effecl ly lhe knovIedge of ils polenliaI use, of disiuplive cylei allack capaliIilies ly
a slale.
$*
Iovei depends on conlexl, and cyleipovei depends on lhe iesouices lhal
chaiacleiize lhe donain of cyleispace. And acioss lhe olhei eIenenls and insliunenls
of povei, cyleipovei cieales syneigies lelveen lhose eIenenls and connecls lhen in
vays lhal inpiove aII of lhen.
Cyleipovei is shaped ly nuIlipIe faclois. WhiIe cyleispace jusl exisls as an
enviionnenl, cyleipovei is aIvays " 7/"#'0/ ,4 56/ "!$($5. 5, '#/ 56"5 /*8$0,*7/*5.
TechnoIogy is one facloi, lecause lhe aliIily lo 'enlei cyleispace is vhal nakes ils
use possilIe. Thal lechnoIogy is conslanlIy changing, and sone useis - counliies,
socielies, non-slale aclois, elc. - nay le alIe lo Ieap ovei oId lechnoIogies lo depIoy
and use nev ones lo dianalic advanlage. OiganizalionaI faclois aIso pIay a ioIe,
lecause oiganizalions ieecl hunan puiposes and oljeclives, and lheii peispeclives
on lhe ciealion and use of cyleipovei aie shaped ly lheii oiganizalionaI nission,
le il niIilaiy, econonic oi poIilicaI. ul lhe eIenenl nosl cIoseIy lied lo cyleipovei
is $*4,07"5$,*. Cyleispace and cyleipovei aie dinensions of lhe $*4,07"5$,*"(
$*#50'7/*5 ,4 1,3/0, and lheie aie nyiiad vays lhal cyleipovei Iinks lo, suppoils,
and enalIes lhe exeicise of lhe olhei insliunenls of povei.
$!
Thus, infoinalion is lhe
%'00/*%. ,0 EFG ,4 %.!/01,3/0.
25 }oseph S. Nye, Cqocr Pcucr, Canliidge, Haivaid Kennedy SchooI, eIfei Cenlei foi Science and InleinalionaI
Affaiis, May 2O1O, p. 3. See aIso: Ialiick Coinan, The Road lo Cyleipovei: Seizing Oppoilunily WhiIe
Managing Risk in lhe DigilaI Age, ooz AIIen HaniIlon, 11 Ieliuaiy 2O1O.
26 KuehI, in Kianei, op. cil., p. 38.
27 Lveiell C. DoInan, Iuie Slialegy: Iovei and IiincipIe in lhe Space and Infoinalion Age, London, Iiank
Cass, 2OO5, p. 6.
28 IiankIin D. Kianei, Cqocrpcucr and Na|icna| Sccuri|q, op. cil. p. 48.
29 DanieI T. KuehI, Iion Cyleispace lo Cyleipovei: Dehning lhe IiolIen, op. cil.
In lhe gIolaI econony of lhe 21
sl
Cenluiy, cyleispace is piolalIy lhe singIe nosl
inpoilanl facloi Iinking aII lhe pIayeis logelhei, loosling pioduclivily, opening nev
naikels, and enalIing nanagenenl sliucluies lhal aie sinuIlaneousIy allei and vilh
fai noie exlensive ieach. The sane appIies foi lhe deveIopnenl of nev lechnoIogies
in lheii ciealion, expIoilalion, and neasuienenl of success. And cyleipoveis inpacl
on poIilicaI and dipIonalic affaiis is haidIy Iess inlensive. The voiIds nosl uliquilous
inuence nediun ienains saleIIile leIevision, caiiied ly syslens and nelvoik lhal
connecl via cyleispace. The inuence canpaigns leing vaged ly lhe US goveinnenl
and ly leiioiisl nelvoiks of lhe aI Qaeda lype aie lolh using cyleipovei in lheii
sliuggIe foi heails, ninds, and ideas.
%#

Cyleispace is aIso liansfoining hov infoinalion is ciealed: lhe iav naleiiaI
lhal fueIs econonies and socielies. And nev foins of conlenl - inages, sounds,
infoinalion and dala in nuIlipIe foins - and lhe conneclivily used lo liansnil and
exchange lhal conlenl, aie liansfoining lhe vays in vhich inuence can le exeiled.
This aIso ly enpIoying 'sofl povei and 'snail povei in lhe puisuil of slialegic goaIs.
As cyleipovei has exeiled incieasingIy videspiead inpacls acioss sociely duiing lhe
pasl lvo decades, slales aie foiced lo adapl lo lhose inpacls in nev vays. Ieihaps lhe
nosl signihcanl and liansfoinalive inpacl cyleispace and cyleipovei aie having is
lhal of Iinking peopIe and oiganizalions in nev vays in an incieasingIy viied voiId
in vhich liadilionaI loideis aie leing aIleied and nev ieIalionships anong peopIe aie
leing foiged, nov evei noie oflen aIso vilh goveinnenls and individuaIs inleiacling
vilh each olhei acioss nalionaI loideis.
Cyleipovei can le used lo pioduce piefeiied oulcones 3$56$* cyleispace, oi
il can use cylei insliunenls lo pioduce piefeiied oulcones in olhei donains ,'5#$)/
cyleispace. The key eIenenls of cyleipovei aie lhe science of lhe eIeclionagnelic
specliun, lhe lechnoIogy of eIeclionics, and inlegialed nannade infiasliucluie. The
key aspecl of cyleipovei is ils capaliIily lo nanipuIale oi access a laigels cylei
infiasliucluie via expIoilalion and allack. Means of cyleipovei cone via cyleivaifaie.
Cyleivaifaie is lhe use of cyleipovei lo eilhei inicl oi lhiealen punishnenl againsl
an adveisaiy, oi lo achieve poIilicaI oljeclives lhiough foice vilhoul lhe opponenls
acquiescence.
%"

Cyleipovei ieIies on haidvaie and soflvaie. Haidvaie is lhe nechanicaI,
nagnelic, eIeclionic, and eIecliicaI devices conpiising a conpulei syslen, such as lhe
cenliaI piocessing unil,
%$
disk diives, key-loaid, oi scieen. CalIes, saleIIiles, iouleis,
conpulei chips, and lhe Iike aie aIso consideied haidvaie. Soflvaie consisls of lhe
piogians used lo diiecl conpulei opeialions and uses. MaIvaie is naIicious soflvaie
lhal inleifeies vilh noinaI conpulei and Inleinel-lased appIicalion funclions and is
a key veapon in cyleivaifaie.
3O Ilid.
31 Lech }anczevski & Andiev M. CoIaiik, Cqocr larfarc and Cqocr Tcrrcrisn, Heishey, Idea Cioup Inc., 2OO7, p.
xiv.
32 CenliaI Iiocessing Unil (CIU): A niciopiocessoi chip lhal seives as lhe heail of a conpulei. Il inleipiels and
caiiies oul insliuclions, peifoins nuneiic conpulalions, and conlioIs lhe peiipheiaIs connecled lo il.

Cyleipovei has lhiee nain chaiacleiislics: il is '!$='$5,'#2 il is %,71(/7/*5"0.,
and il can le #5/"(56.. Land, sea, aii, and space povei aie alIe lo geneiale slialegic
effecl on each of lhe olhei donains. ul nolhing geneiales slialegic effecl in aII donains
so alsoIuleIy and sinuIlaneousIy as cyleipovei,
%%
lecause %.!/01,3/0 $# '!$='$5,'#.
UnIike Iand, sea, and aiipovei, lul in sone iespecls Iike space povei,
cyleipovei is a %,71(/7/*5"0. $*#50'7/*5, pailicuIaiIy vhen used aulononousIy.
Il is indiiecl lecause lhe coeicive aliIily of cyleipovei is sliII Iiniled. WhiIe cylei
allacks can le danaging and disiuplive, neilhei lhe allacks suffeied ly Lslonia in
2OO7 and ly Ceoigia in 2OO8, noi lhe Sluxnel allack on Iianian nucIeai faciIilies in
2O1O/11, have leen ieaIIy coeicive. This nay veII change in lhe fuluie. ul foi lhis lo
happen, coeicion nusl hisl le pioven. Shulling dovn a povei giid via cyleipovei,
foi exanpIe, vouId nosl IikeIy have calasliophic consequences. ul ialhei lhan
coeicing ils viclin lo concede lo an allackeis denands, il nay onIy invile an even
noie calasliophic iesponse. Thus, unliI cyleipovei viII piove ils coeicive capaliIily,
il can le said lo le a %,71(/7/*5"0. $*#50'7/*5.
The Iasl chaiacleiislic, 56"5 %.!/01,3/0 %"* !/ #5/"(56., nakes il alliaclive lo
nany useis. They can use lhis aliIily lo vieId il suiiepliliousIy on a gIolaI scaIe
vilhoul il leing alliilulalIe lo lhe peipelialoi. Dalalases can le iaided foi cIassihed
oi piopiielaiy infoinalion vilhoul lhe ovneis leing any visei aflei leialils of
dala have leen sloIen. MaIicious soflvaie can le pIanled in adveisaiy IT syslens
and nelvoiks vilhoul knovIedge unliI lhese veapons aie aclivaled and cause lheii
inlended danage. Such sleaIlhy use of cyleipovei, aided ly lhe inheienl difhcuIlies
of alliiluling lhe idenlily and nolivalion of nosl allackeis, nakes il an alliaclive
insliunenl foi goveinnenls and olhei aclois.
%&
Cyberwarfare
MiIilaiiIy, cyleipovei has leen lhe nosl inuenliaI insliunenl of lhe pasl
lvo decades. olh cyleipovei and cyleispace have leen al lhe heail of */3 %,*%/15#
and ),%50$*/# ,4 3"0. Acioss lhe IeveIs of conicl, fion insuigency lo nain-foice
convenlionaI vaifaie, %.!/01,3/0 6"# !/%,7/ "* $*)$#1/*#"!(/ /(/7/*5 ,4 7,)/0*
5/%6*,(,+.>!"#/) 7$($5"0. %"1"!$($5..
As vilh lhe lein cyleispace, lheie is no univeisaIIy accepled dehnilion
of cyleivaifaie. Accoiding lo one geneiaI dehnilion cyleivaifaie iefeis lo a
nassiveIy cooidinaled digilaI assauIl on a goveinnenl ly anolhei, oi ly Iaige gioups
of cilizens. Il is lhe aclion ly a nalion-slale lo peneliale anolhei nalions conpuleis
and nelvoiks foi lhe puiposes of causing danage oi disiuplion. ul il adds lhal
lhe lein cyleivaifaie nay aIso le used lo desciile allacks lelveen coipoialions,
33 David }. LonsdaIe, Na|urc cf lar in |nc |nfcrna|icn Agc, op. cil., pp.284-186.
34 See: iennei, Cqocr|nrca|s, op. cil., and CIaike, Cqocr lar, op. cil., pp. 197-2OO
fion leiioiisl oiganizalions, oi sinpIy allacks ly individuaIs caIIed hackeis, vho aie
peiceived as leing vaiIike in lheii inlenl.
%'
Anolhei dehnilion is: Cyleivaifaie is
synneliic oi asynneliic offensive and defensive digilaI nelvoik aclivily ly slales oi
slale-Iike aclois, enconpassing dangei lo ciilicaI nalionaI infiasliucluie and niIilaiy
syslens. Il iequiies a high degiee of inleidependence lelveen digilaI nelvoiks and
infiasliucluie on lhe pail of lhe defendei, and lechnoIogicaI advances on lhe pail of
lhe allackei. Il can le undeislood as a fuluie lhieal ialhei lhan a piesenl one, and hls
nealIy inlo lhe paiadign of Infoinalion Waifaie.
%(
The US Depailnenl of Defense
dehnes cylei opeialions as lhe enpIoynenl of cylei capaliIilies vheie lhe piinaiy
puipose is lo achieve niIilaiy oljeclives oi effecls in oi lhiough cyleispace.
%)
A
conpulei nelvoik allack is dehned as aclions laken lhiough lhe use of
conpulei nelvoiks lo disiupl, deny, degiade, oi deslioy infoinalion iesidenl in
conpuleis and conpulei nelvoiks, oi lhe conpuleis and nelvoik lhenseIves.
%*
A
2OO1 CongiessionaI Reseaich Seivice Repoil noles lhal cyleivaifaie can le used
lo desciile vaiious aspecls of defending and allacking infoinalion and conpulei
nelvoiks in cyleispace, as veII as denying an adveisaiys aliIily lo do lhe sane.
%!

A Ialei iepoil dehned conpulei nelvoik allacks as opeialions lo disiupl oi deslioy
infoinalion iesidenl in conpuleis and conpulei nelvoiks.
&#
A fuilhei dehnilion of
cyleivai is a conicl lhal uses hosliIe, iIIegaI liansaclions oi allacks on conpuleis
and nelvoiks in an effoil lo disiupl connunicalions and olhei pieces of infiasliucluie
as a nechanisn lo inicl econonic hain oi upsel defenses.
&"
And hnaIIy, accoiding
lo a iecenl UN Secuiily CounciI ResoIulion, Cylei vaifaie is lhe use of conpuleis
oi digilaI neans ly a goveinnenl oi vilh expIicil knovIedge of oi appiovaI of lhal
goveinnenl againsl anolhei slale, oi piivale piopeily vilhin anolhei slale incIuding:
inlenlionaI access, inleiceplion of dala oi danage lo digilaI and digilaIIy conlioIIed
infiasliucluie. And pioduclion and disliilulion of devices vhich can le used lo
sulveil doneslic aclivily.
&$
A successfuI cyleivai depends upon lvo lhings: neans and vuIneialiIily.
The 'neans aie lhe peopIe, looIs, and cylei veapons avaiIalIe lo lhe allackei. The
vuIneialiIily is lhe exlenl lo vhich lhe eneny econony and niIilaiy use lhe Inleinel
and nelvoiks in geneiaI.
&%
We do nol knov vho has vhal cyleivai capaliIilies
exaclIy. ul a gioving nunlei of slales have oiganized cyleivai unils and evei noie
skiIIed Inleinel expeils foi conlal in lhis donain.
&&
35 See: hup://denluons.uslegal.com/c/cyber-warfare/
36 Shane M. CoughIan, Is lheie a connon undeislanding of vhal conslilules cylei vaifaie`, The Univeisily
of iininghan SchooI of IoIilics and InleinalionaI Sludies, 3O Seplenlei 2OO3, p. 2.
37 }oinl Chiefs of Slaff, ]cin| Puo|ica|icn 1-02, Dic|icnarq cf Mi|i|arq and Assccia|cd Tcrns (}I 3-O), Depailnenl of
Defense, Washinglon D.C., 8 Novenlei 2O1O (As Anended Thiough 15 Oclolei 2O11).
38 Ilid.
39 Slephen A. HiIdielh, Cqocruarfarc, CongiessionaI Reseaich Seivice Repoil foi Congiess, No. RL3O735,19 }une
2OO1.
4O CIay WiIson, |nfcrna|icn Opcra|icns and Cqocruar. Capaoi|i|ics and Rc|a|cd Pc|icq |ssucs, CongiessionaI Reseaich
Seivice Repoil foi Congiess, No. RL31787, 14 Seplenlei 2OO6.
41 Kevin CoIenan, Tnc Cqocr Arns Racc Has 8cgun, CSO OnIine, 28 }anuaiy 2OO8.
42 UN Secuiily CounciI, ResoIulion 1113 (2O11), 5 Maich 2O11.
43 }anes I. Dunnigan, The Nexl Wai Zone: Confionling lhe CIolaI Thieal of Cyleileiioiisn, Nev Yoik, CiladeI
Iiess, 2OO2, p. 11.
44 }anes A. Levis & Kaliina TinIin, Cqocrsccuri|q and Cqocruarfarc 2011, Washinglon D.C., CSIS, UNIDIR

A National Strategy for Cyberspace
Cyleipovei is lechnicaIIy, laclicaIIy, and opeialionaIIy dislincl fion lhe olhei
insliunenls of niIilaiy povei. ul il is nol leyond slialegy. Noi does il sulveil
lhe enduiing naluie of vai, vhich is unchanging. The key slialegic alliilule of
cyleipovei is lhe aliIily in peace and vai lo nanipuIale lhe #50"5/+$% /*8$0,*7/*5
lo ones advanlage vhiIe al lhe sane line degiading lhe aliIily of an adveisaiy lo
conpiehend lhal sane enviionnenl. This #50"5/+$% '5$($5. /95/*)# 5, "(( 56/ ,56/0 #50"5/+$%
),7"$*#, given lheii uliquilous dependence upon cyleispace. ManipuIalion pioduces
lhe slialegic effecl of nisdiieclion and deceplion lhal in luin aIIovs olhei niIilaiy and
nalionaI insliunenls of povei lo achieve poIicy oljeclives diieclIy. Cyleipovei is
sulseivienl lo lhe needs of poIicy, and slialegy is lhe piocess of liansIaling lhose needs
inlo aclion. Cylei opeialions lake pIace in cyleispace and geneiale cyleipovei, lul
lhey do nol seive lheii ovn ends: lhey seive 56/ /*)# ,4 1,($%.. Slialegy is lhe liidge
lelveen poIicy and lhe expIoilalion of lhe cylei insliunenl.
Cyleipovei is exeiling ilseIf as a -/. (/8/0 $* 56/ )/8/(,17/*5 "*) /9/%'5$,* ,4
*"5$,*"( 1,($%.. Ils capaliIilies chaIIenge lhe slialegisl lo inlegiale lhose capaliIilies
vilh olhei eIenenls and insliunenls of povei. And lhis iequiies lhe ciafling of a
%.!/0#50"5/+.2 vhich is lhe deveIopnenl and enpIoynenl of capaliIilies lo opeiale in
cyleispace, inlegialed and cooidinaled vilh lhe olhei opeialionaI ieaIns, lo achieve
oi suppoil lhe achievenenl of oljeclives acioss lhe eIenenls of nalionaI povei.
&'

Cyleislialegy luiIds on a syslenalic and sliucluied conlinalion of /*)#
(goaIs and oljeclives), 7/"*# (iesouices and capaliIilies), and 3".# (hov lhe neans
aie used lo acconpIish lhe ends), lenpeied vilh due anaIysis and consideialions
of lhe iisks and cosls. To deveIop a nalionaI slialegy foi cyleispace, lheiefoie, is
lo sinuIlaneousIy cieale cylei iesouices and pioceduies lhal can conliilule lo lhe
achievenenl of specihc nalionaI secuiily oljeclives. The nosl inpoilanl pail of
cyleislialegy conceins lhe ends foi vhich cylei capaliIilies nighl le used. These
ends aie pail of lhe Iaigei niIilaiy, poIilicaI, econonic, dipIonalic, and nalionaI
secuiily oljeclives leing soughl. Cyleipovei is ciealed lo suppoil lhe allainnenl of
Iaigei oljeclives: slialegic goaIs acioss lhe eIenenls of nalionaI povei as a neans of
salisfying lhe vilaI nalionaI needs and inleiesls of lhe F"5$,*"( </%'0$5. <50"5/+.. The
key conliilulion of a nalionaI slialegy foi cyleispace viII le lo expIicilIy and cIeaiIy
denonsliale hov il nakes possilIe lhe allainnenl of aII lhe olhei slialegies, nosl
especiaIIy lhe NalionaI Secuiily Slialegy.
&(
WhiIe lhe nalionaI slialegy nusl enliace
and undeisland cyleivaifaie, in lhe piocess of doing so lhe nalionaI slialegy nusl
ilseIf le ievieved and adapled.
Resouices, 2O11.
45 KuehI, in Kianei, op. cil., p. 39.
46 Ilid.
2. The Difference between
Information Warfare and
Cyberwarfare
Information Warfare or Information
Operations
In nosl counliies H.!/03"0 is seen as a sulseclion of @*4,07"5$,* I"04"0/.
ConlioI of infoinalion has aIvays leen pail of niIilaiy opeialions. Infoinalion
Waifaie is an evoIving consliucl vilh hisloiicaI iools lack lo anliquily. The Iale
197Os sav lhe eneigence of @*4,07"5$,* I"04"0/ and H,77"*) "*) H,*50,( I"04"0/
as US vaihghling consliucls inlegialing diveise capaliIilies. These, in luin, evoIved
inlo vhal lhe niIilaiy nov caII @*4,07"5$,* J1/0"5$,*#, iecognizing lhe ciilicaI ioIe
of infoinalion as an eIenenl of nalionaI povei lhiough lhe fuII specliun of peace,
conicl, and vai. Today, nosl ained foices viev Infoinalion Opeialions as a %,0/
7$($5"0. %,71/5/*%.. They see infoinalion as lolh a veapon and a laigel in vaifaie,
and lhey lhink lhal infoinalion and knovIedge supeiioiily can vin vais.
The vaIue of infoinalion is enhanced ly lechnoIogy, such as nelvoiks, IT
syslens, and conpulei dalalases. These enalIe lhe ained foices lo cieale a 6$+6/0 (/8/(
,4 #6"0/) #$5'"5$,*"( "3"0/*/##, lo !/55/0 #.*%60,*$K/ %,77"*)2 %,*50,(2 "*) $*5/(($+/*%/,
and lo 50"*#("5/ $*4,07"5$,* #'1/0$,0$5. $*5, %,7!"5 1,3/0. Wilh evei noie veapons
incieasingIy ieIying on dala and lechnicaI infoinalion - such as snail nunilions lhal
use CIolaI Iosilioning Syslen (CIS) guidance - lhe ained foices expecl infoinalion
lo lecone noie diieclIy ieIevanl in vaifaie of lhe fuluie. In a vaihghling sense, sensoi
lechnoIogies have exlended lhe engagenenl enveIope, conpuleis and connunicalions
lechnoIogies have Ied lo an inciease in lhe lenpo of opeialions lhiough lhe inpioved
aliIily lo cooidinale aclions,
&)
and lhe inlegialion of sensois inlo veapons has nade
lhese noie piecise and IelhaI. Hovevei, lhe ieaI liansfoinalion has nol leen in
sensois, veapons oi IT 1/0 #/, lul in shifling lhe focus fion lhe physicaI dinension
lo lhe infoinalion dinension. These vaIues of infoinalion conslilule lhe giound
Iayei foi @*4,07"5$,* J1/0"5$,*#. They aie aIso a piine exanpIe foi lhe need foi lighl
+,8/0*"*%/ of lhis secloi, cIeaiIy addiessing vhal is peinilled in silualions lhal iange
fion ieIalive peace lo aII oul nucIeai vai.
@*4,07"5$,* I"04"0/ spans a nuch lioadei heId of aclion lhan H.!/03"04"0/.
Ioi lhe conducl of Infoinalion Opeialions, najoi ained foices - lhough nol aII have
47 David }. LonsdaIe, Tnc Na|urc cf lar in |nc |nfcrna|icn Agc. C|auscui|zian |u|urc, London and Nev Yoik, Iiank
Cass, 2OO4, pp. 91-92.

idenlicaI docliines
&*
- lank on hve %,0/ %"1"!$($5$/#: (1) IsychoIogicaI Opeialions, (2)
MiIilaiy Deceplion, (3) Opeialions Secuiily, (4) Conpulei Nelvoik Opeialions, and
(5) LIeclionic Waifaie. These capaliIilies aie inleidependenl, and aie incieasingIy
inlegialed lo achieve lhe desiied effecls.
&!
Infoinalion Opeialions aie dehned as lhe
inlegialed enpIoynenl of lhese coie capaliIilies in conceil vilh specijieJ and 0/("5/)
capaliIilies, lo inuence, disiupl, coiiupl oi usuip adveisaiiaI hunan and aulonaled
decision-naking vhiIe piolecling lhe ovn.
'#
- L#.%6,(,+$%"( J1/0"5$,*# (ISYOI) aie pIanned opeialions lo convey seIecled
infoinalion lo laigeled foieign audiences lo inuence lheii enolions, nolives,
oljeclive ieasoning, and uIlinaleIy lhe lehavioi of foieign goveinnenls,
oiganizalions, gioups and individuaIs.
'"

;$($5"0. E/%/15$,* (MILDLC) guides an eneny inlo naking nislakes ly piesenling
faIse infoinalion, inages, oi slalenenls. Deceplion is dehned as aclions execuled
lo deIileialeIy nisIead adveisaiy niIilaiy decision-nakeis vilh iegaid lo fiiendIy
niIilaiy capaliIilies, lheiely causing lhe adveisaiy lo lake - oi faiI lo lake - specihc
aclions lhal viII conliilule lo lhe success of fiiendIy niIilaiy opeialions.
'$
J1/0"5$,*# </%'0$5. (OISLC) is dehned as a piocess of idenlifying infoinalion
lhal is ciilicaI lo fiiendIy opeialions and vhich couId enalIe adveisaiies lo allack
opeialionaI vuIneialiIilies.
H,71'5/0 F/53,0- J1/0"5$,*# (CNO) incIude lhe capaliIily lo allack and disiupl
conpulei nelvoiks, defend lhe ovn infoinalion and connunicalions syslens,
and expIoil eneny conpulei nelvoiks lhiough inleIIigence coIIeclion, usuaIIy
done lhiough use of conpulei code and conpulei appIicalions.
:(/%50,*$% I"04"0/ (LW) is dehned as any niIilaiy aclion invoIving lhe diieclion oi
conlioI of eIeclionagnelic specliun eneigy lo deceive oi allack lhe eneny. High-
povei eIeclionagnelic eneigy can le used as a looI lo oveiIoad oi disiupl lhe
eIecliicaI ciicuiliy of aInosl any equipnenl lhal uses liansislois, nicio-ciicuils,
oi nelaI viiing. Diiecled eneigy veapons anpIify, oi disiupl, lhe povei of an
eIeclio-nagnelic heId ly piojecling enough eneigy lo oveiheal and peinanenlIy
danage ciicuiliy, oi jan, oveipovei, and nisdiiecl lhe piocessing in conpuleiized
syslens.
'%
In nosl ained foices, lhese 5 coie capaliIilies aie suppoiled ly 5 G))$5$,*"(
,0 <'11,05$*+ H"1"!$($5$/# lhal piovide addilionaI, Iess ciilicaI, opeialionaI effecls: (1)
48 NeiI Chuka, Nole lo IiIe - A Conpaiison of lhe Infoinalion Opeialions Docliine of Canada, lhe Uniled
Slales, lhe Uniled Kingdon, and NATO, Canadian Arnq ]curna|, VoI. 12, No. 2, Sunnei 2OO9. The aulhoi
aigues lhal aIlhough lhe IO docliine of lhese counliies has inpioved lhiough lhe alsoiplion of Iessons fion
opeialions ovei lhe pasl decade and sliongei concepluaI lhinking on lhe suljecl, lhe lopic of IO conlinues
lo geneiale nuch delale and sone confusion. Hovevei, il is possilIe, lo a degiee, lo ieconciIe lhe nev and
eneigenl nalionaI docliines and lhal of NATO.
49 NATO AIIied }oinl IulIicalion (A}I) 3.1O, A||icd ]cin| Dcc|rinc fcr |nfcrna|icn Opcra|icns, 23 Novenlei 2OO9.
5O Ilid.
51 Ilid. In lhe US Ained Ioices, ISYOIs have leen ienaned MiIilaiy Infoinalion Suppoil Opeialions
(MISO) in Iale 2O1O.
52 Ilid. See, foi exanpIe, lhe aclivilies of CeneiaI Iallons Ainy Cioup al lhe Ias de CaIais, vhich vas a
decisive conliilulion lo lhe AIIied vicloiy in Noinandy in 1944.
53 See: }CS, }oinl IulIicalion 3-51 }oinl Docliine foi LIeclionic Waifaie, Washinglon D.C., CIO, 7 ApiiI 2OOO.
CounleiinleIIigence, (2) Inageiy/Conlal Caneia, (3) IhysicaI Allack, (4) IhysicaI
Secuiily, and (5) Infoinalion Assuiance.
H,'*5/0$*5/(($+/*%/ (CI) consisls of lhe infoinalion galheied and aclivilies
conducled lo piolecl againsl espionage, olhei inleIIigence aclivilies, salolage,
oi assassinalion conducled ly oi on lehaIf of foieign goveinnenls oi eIenenls
lheieof, foieign oiganizalions, peisons, oi inleinalionaI leiioiisl aclivilies.
'&
@7"+/0.MH,7!"5 H"7/0" consisls of lhe acquisilion and uliIizalion of sliII and
nolion inageiy in suppoil of conlal, infoinalion, hunanilaiian, SpeciaI Ioices,
inleIIigence, ieconnaissance, engineeiing, IegaI, pulIic affaiis, and olhei opeialions
invoIving lhe niIilaiy.
''
L6.#$%"( G55"%- is aclions laken lo enpIoy kinelic povei oi hies againsl physicaI
infoinalion laigels.
L6.#$%"( </%'0$5. is lhal pail of secuiily conceined vilh physicaI neasuies
designed lo safeguaid peisonneI, lo pievenl unaulhoiized access lo equipnenl,
inslaIIalions, naleiiaI, and docunenls, and lo safeguaid lhen againsl espionage,
salolage, danage, and lhefl. In lhe connunicalions secuiily donain il is lhe
conponenl lhal iesuIls fion aII physicaI neasuies necessaiy lo safeguaid cIassihed
equipnenl, naleiiaI, and docunenls fion access lheielo oi olseivalion lheieof ly
unaulhoiized peisons.
@*4,07"5$,* G##'0"*%/ (IA) consisls of neasuies lhal piolecl and defend infoinalion
and infoinalion syslens ly ensuiing avaiIaliIily, inlegiily, aulhenlicalion,
conhdenliaIily, and non-iepudialion. This incIudes pioviding foi iesloialion
of infoinalion syslens ly incoipoialing pioleclion, deleclion, and ieaclion
capaliIilies.
'(
The UK, lhe US, and sone olhei ained foices,
')
despile diffeienl leininoIogy
and oiganizalion, use lhiee addilionaI oi N/("5/) H"1"!$($5$/#: (1) IulIic Affaiis, (2)
CiviI-MiIilaiy Opeialions, and (3) Defense Suppoil lo IulIic DipIonacy, vhich have
lo conliilule lo lhe acconpIishnenl of @*4,07"5$,* J1/0"5$,*#. These oflen have
ieguIaloiy, slaluloiy, poIicy iesliiclions oi Iinilalions iegaiding lheii enpIoynenl,
vhich nusl le olseived.
L'!($% G44"$0# (IA) aie lhose pulIic and connand infoinalion, and connunily
ieIalions aclivilies diiecled lovaids lolh lhe exleinaI and inleinaI pulIics
inleiesled in vhal lhe ained foices do.
H$8$(>;$($5"0. J1/0"5$,*# (CMO) aie lhe aclivilies of a connandei lhal eslalIish,
nainlain, inuence, oi expIoil ieIalions lelveen lhe ained foices, goveinnenlaI
and non-goveinnenlaI civiIian oiganizalions and aulhoiilies, and lhe civiIian
popuIace in a fiiendIy, neuliaI, oi hosliIe opeialionaI aiea in oidei lo faciIilale
55 Ilid.
56 Ilid.
57 Canpaign |xccu|icn. ]cin| Dcc|rinc Puo|ica|icn 3-00,(}DI 3-OO), 3
id
edilion, Shiivenhan, MoD, The DeveIopnenl,
Concepls and Docliine Cenlie, Oclolei 2OO9. And: US Depailnenl of Defense, ]cin| Puo|ica|icns 3-13
|nfcrna|icn Opcra|icns, Washinglon D.C., 13 Ieliuaiy 2OO6.

niIilaiy opeialions, lo consoIidale and lo achieve nalionaI opeialionaI oljeclives.
CMO nay incIude peifoinance ly niIilaiy foices of aclivilies and funclions
noinaIIy lhe iesponsiliIily of lhe IocaI, iegionaI, oi nalionaI goveinnenl. These
aclivilies nay occui piioi lo, duiing, oi sulsequenl lo olhei niIilaiy aclions. They
nay aIso occui, if diiecled, in lhe alsence of olhei niIilaiy opeialions. CMO nay le
peifoined ly designaled civiI affaiis, ly olhei niIilaiy foices, oi ly a conlinalion
of civiI affaiis and olhei foices.
E/4/*#/ <'11,05 5, L'!($% E$1(,7"%. (DSID) consisls of lhose aclivilies and neasuies
laken ly conponenls of lhe ained foices oi lhe Minisliy of Defense lo suppoil
and faciIilale pulIic dipIonacy effoils of lhe goveinnenl.
Lffecls of @*4,07"5$,* J1/0"5$,*# lypicaIIy lake Iongei lo achieve, and aie noie
difhcuIl lo neasuie lhan convenlionaI opeialions. Theiefoie, a Iong-lein connilnenl
lo effecliveIy enpIoy infoinalion lo affecl laigel lehavioi is ciilicaI. A6/"5/0 </%'0$5.
H,,1/0"5$,* L("*# aie a vilaI pail of lhis effoil. Wailing unliI a ciisis occuis and lhen
inilialing Infoinalion Opeialions againsl lhe ciisis is an exeicise in fuliIily. Likevise,
lhe idea of enpIoying decisive conlal opeialions in one aiea, vhiIe enpIoying
Infoinalion Opeialions in anolhei as an econony of foice neasuie, is a nisappIicalion
of Infoinalion Opeialions.
An appiopiiale undeislanding of lhe laigels cuIluie and noins is ciilicaI. The
lendency lo 'niiioi fiiendIy cuIluiaI vaIues and peispeclives nusl le avoided al aII
cosls. The piepaialion of pioducls of Infoinalion Opeialions and an evaIualion of
lheii polenliaI effecliveness nusl le done fion lhe peispeclive of lhe iecipienl oi
laigel audience lhiough lheii cuIluiaI Iens. This is especiaIIy liue duiing lhe pIanning,
pioducl ieviev, and appiovaI piocess vhen vhal nay appeai lo le an unsophislicaled
and even analeuiish Iooking pioducl Iike TV oi iadio lioadcasl, nessaging vilh
noliIe syslens, Ieaels, yeis, handliIIs, elc., nay, in facl, le exaclIy lhe piopei
vehicIe foi conveying lhe desiied nessage.
In aII lhis, $*5/(($+/*%/ is lhe enalIei lo achieve niIilaiy doninance in lhe
fianevoik of Infoinalion Opeialions. InleIIigence coupIed vilh Connand and
ConlioI Waifaie Ieads lo @*4,07"5$,* E,7$*"*%/, vhich nay le dehned as supeiioiily
in lhe geneialion, nanipuIalion, and use of infoinalion sufhcienl lo affoid ils
possessois 7$($5"0. ),7$*"*%/. Il has lhiee souices:
H,77"*) "*) H,*50,( lhal peinils eveiyone lo knov 36/0/ lhey and lheii cohoils
aie in lhe lallIespace, and enalIes lhen lo execule opeialions 36/* and "# ='$%-(.
"# necessaiy.
@*5/(($+/*%/ lhal ianges fion knoving lhe enenys disposilion lo knoving lhe
Iocalion of eneny assels in ieaI-line vilh sufhcienl piecision foi piecision kiIIs.
@*4,07"5$,* J1/0"5$,*# lhal confound eneny infoinalion syslens al vaiious poinls
- sensois, connunicalions, piocessing, and connand - vhiIe piolecling ones
ovn.
'*

The supeiioiily is achieved ly gaining supeiioi inleIIigence and piolecling
infoinalion assels vhiIe heiceIy degiading lhe enenys infoinalion assels. The goaI
of such supeiioiily is nol lhe alliilion of physicaI niIilaiy assels oi lioops. Il is lhe
a||ri|icn cf |nc qua|i|q, spccd, and u|i|i|q cf an adtcrsarqs dccisicn na|ing aoi|i|q.
SignaIs InleIIigence (SICINT) has aIvays leen inleilvined vilh Infoinalion
Opeialions lecause lhe hisl slep is usuaIIy lhe sane foi lolh: lo hnd a connunicalions
Iink and lap il, oi lo hnd a conpulei and hack il. Once in, one can eilhei Iislen passiveIy
lo Ieain lhe enenys inlenlions, pIans, and lo anlicipale his noves, oi lo acliveIy inseil
ovn dala, lo deceive oi jan his syslens, and nake hin faII lehind lhe ovn decision
cycIe. ul lheie is no singIe appioach lhal is aIvays lesl.
Lffeclive Infoinalion Opeialions Ieveiage lhe povei of infoinalion lo
conpIinenl lhe olhei insliunenls of nalionaI povei, iesuIling in lhe achievenenl
of nalionaI oljeclives vilh Iess expendiluie of lIood and lieasuie. ul lhe peienniaI
queslion of Infoinalion Opeialions is: deny, deceive, deslioy, oi expIoil` The lesl
niIilaiy ansvei is piolalIy: lo coIIecl, anaIyze, and nove lhe ovn infoinalion faslei
lhan lhe opponenl lo gel an edge, lo cul off lhe opponenl fion his ovn infoinalion
souices, disloil his piocessing, oi pievenl hin fion issuing oideis and connands,
and lo hghl lhe vai inside veapons ciicuils oi inside lhe eneny connandeis head.
IolenliaIIy, Infoinalion Opeialions aie a polenl veapon vilh a scope ianging
fion lhe eneny in lhe lallIespace lo lhe funclioning of sociely. Hovevei, lallIespace,
fionls, and aieas of iesponsiliIily can no Iongei le pieciseIy dehned. And lhe
infoinalion ievoIulion is veakening hieiaichy and slienglhening nelvoiks, vhich
aie IaleiaI in naluie. These nelvoiks aie diIuling lhe liadilionaI hieiaichicaI sliucluie
of lhe ained foices. Al lhe sane line, Infoinalion Opeialions aie aIso a gieal IeveIei.
Non-slale aclois can vage lhen vilh lhe sane feIicily as lhe eslalIished Iegilinale
oigans of lhe slale.
When juxlaposed againsl liadilionaI vaifaie, Infoinalion Opeialions shov lhe
foIIoving diffeiences:
'!
TiadilionaI vaifaie has a geogiaphicaIIy dehned lhealei of
vai, vhiIe Infoinalion Opeialions knov no geogiaphicaI loundaiies. And liadilionaI
vaifaie has a dehned decision naliix: slialegic, opeialionaI, and laclicaI, lul lheie
is no cIeai decision naliix in Infoinalion Opeialions. Moieovei, in Infoinalion
Opeialions, lheie is no cIeai dislinclion lelveen vai and peace, vaiIike and
ciininaI, iogue and noinaI slales. ul nosl inpoilanl: vhiIe il is possilIe lo achieve
conicl iesoIulion vilh liadilionaI vaifaie, lhis cannol le ensuied vilh Infoinalion
58 Mailin C. Lilicki, Infoinalion Doninance in S|ra|cgic |crun, Ni. 132, Washinglon D.C., NalionaI Defense
Univeisily, Inslilule foi Slialegic Sludies, Novenlei 1997.
59 Yashvanl Deva, Infoinalion Waifaie Ioi The Thealie Connandei, al: www.ldsa.lndla-org/an-aug-7.hLml

Opeialions.
(#
In olhei voids: one can slail a vai vilh Infoinalion Opeialions, lul nol
vin il excIusiveIy vilh Infoinalion Opeialions.
The cIains nade ly enlhusiasls of Infoinalion Waifaie aloul successfuI
appIicalions of Infoinalion Opeialions seen oflen exaggeialed oi nisIeading.
("

When lhe lheoiy is pul lo lhe lesl lhe iesuIls seen decidedIy nixed. On lhe slialegic
IeveI, lhe iesuIls aie Ieasl convincing, judging fion lhe slale of lhe cuiienl Wai on
Teiioi. ul lhe acluaI piaclice of Infoinalion Waifaie is aIso liicky lo puII off al
lhe opeialionaI-laclicaI IeveI. Theie have leen sone ieaI achievenenls nonelheIess,
aIongside a gioving ieaIizalion lhal Infoinalion Waifaie is a svoid lhal culs lolh
vays in lhal lhe insuigenls aie aIso lenehlling fion lhe ievoIulion. Despile lheii
lechnoIogicaI edge, Weslein ained foices aie oflen al a disadvanlage. In Iaige pail
lhese piolIens have leen due lo lhe ieIalive openness of lhe slales conceined, lhe facl
lhal lhey aie expecled lo piovide a giealei anounl of unliased accuiale infoinalion
lhan undenocialic iegines, and aIso lo lhe highei elhicaI expeclalions lhal lhey have
lo neel.
($

The giealesl piolIen vilh Infoinalion Waifaie and Infoinalion Opeialions
is lhe Iack of, oi chionicaIIy insufjcicn|, dcnccra|ic gctcrnancc, par|icu|ar|q rcgarding
ccn|rc|, ctcrsign|, and |ransparcncq. As vilh cylei secuiily in geneiaI, oveisighl
chaIIenges aie exaceilaled ly nelvoik conpIexily, lechnicaI and IegaI conpIexilies,
ly lhe heleiogeneily of aclois invoIved, ly nandale peiceplions, and ly lhe lieaking
of piincipaI/agenl londs.
(%
The pace vilh vhich secuiily conceins aie oulsliipping
lhe aliIily of conlioI, oveisighl, and ieguIaloiy lodies lo hoId lhe ained foices and lhe
goveinnenl accounlalIe is pailicuIaiIy voiiying vhen one consideis lhe inpIicalions
foi lhe rign|s |c pritacq, lo frccdcn cf cxprcssicn and of assccia|icn. NalionaI IegisIalion is
of Iiniled use in piolecling useis of a loideiIess connunicalions looI. Thus, lheie is
a need foi a ccnncn s|ra|cgq and snarcd ncrns a| |nc in|crna|icna| |ctc|. Hovevei, lheie
ienain lhe yel unansveied queslions of vhal inleinalionaI appioaches and noins aie
conceivalIe and needed, and of vho shouId lake lhe Iead in lhis issue.
Infoinalion Opeialions nay change lhe vay in vhich goveinnenls and lhe
ained foices conducl lusiness. ul cyleispace opeialions aie nol synonynous vilh
Infoinalion Opeialions. Infoinalion Opeialion is a sel of opeialions lhal can le
peifoined in cyleispace and olhei donains. Opeialions in cyleispace can diieclIy
suppoil Infoinalion Opeialions, and non-cylei lased Infoinalion Opeialions can
affecl cyleispace opeialions. Aclivilies in cyleispace can enalIe fieedon of aclion foi
6O The inaliIily of Infoinalion Waifaie lo achieve conicl iesoIulion Ieads lo lhe dehnilive iequiienenl and
lhe piinacy of liadilionaI niIilaiy foices lo achieve a decision in vai. Infoinalion Waifaie, hovevei, is nosl
effeclive foi neuliaIizing convenlionaI niIilaiy asynneliy. When lhus enpIoyed, il lecones a polenl veapon
in lhe hands of lhe eneiging foes of lhe 21
sl
cenluiy.
61 See, foi exanpIe, }anes Dao & Liic Schnill, Ienlagon Readies Lffoils lo Svay Senlinenls Alioad, Ncu
Ycr| Tincs, 19 Ieliuaiy 2OO2, A1.
62 Tin enlov, The Magic uIIel` Undeislanding lhe RevoIulion in MiIilaiy Affaiis, London, iasseys, 2OO3.
63 See enjanin S. uckIand, Iied Schieiei & Theodoi H. WinkIei, Dcnccra|ic Gctcrnancc Cna||cngcs cf Cqocr
Sccuri|q, DCAI Hoiizon 2O15 Woiking Iapei No. 1, Ceneva, Ceneva Cenlie of lhe Denocialic ConlioI of
Ained Ioices, 2O11.
aclivilies in lhe olhei donains, and aclivilies in lhe olhei donains can cieale effecls
in and lhiough cyleispace.
Cyberwarfare
Cyleivai exisls in lhe niIilaiy and inleIIigence ieaIn and iefeis lo conducling
niIilaiy opeialions accoiding lo infoinalion-ieIaled piincipIes. Il neans disiupling
oi deslioying infoinalion and connunicalions syslens. Il aIso neans liying lo knov
eveiylhing aloul an adveisaiy vhiIe keeping lhe adveisaiy fion knoving nuch aloul
oneseIf.
(&
Cyleivai is a vaiIike conicl in viiluaI space vilh neans of infoinalion and
connunicalion lechnoIogy (ICT) and nelvoiks. As olhei foins of vaifaie, cyleivai
ains al inuencing lhe viII and decision naking capaliIily of lhe enenys poIilicaI
Ieadeiship and ained foices in lhe lhealei of H,71'5/0 F/53,0- J1/0"5$,*# (CNO).
('

Thiee foins of Conpulei Nelvoik Opeialions can le dislinguished: (1)
H,71'5/0 F/53,0- G55"%- - opeialions designed lo disiupl, deny, degiade, oi deslioy
infoinalion iesidenl in conpuleis and conpulei nelvoiks, oi lhe conpuleis oi
nelvoiks lhenseIves, (2) H,71'5/0 F/53,0- :91(,$5"5$,*, vhich neans ieliieving
inleIIigence-giade dala and infoinalion fion eneny conpuleis ly ICT neans, and (3)
H,71'5/0 F/53,0- E/4/*#/, vhich consisls of aII neasuies necessaiy lo piolecl ovn ICT
neans and infiasliucluies againsl hosliIe Conpulei Nelvoik Allack and Conpulei
Nelvoik LxpIoilalion.
((
Thus concepluaIIy, H,71'5/0 F/53,0- J1/0"5$,*# %,8/0 ,*(.
" *"00,3/0 #/%5$,* ,4 "(( %.!/0 "55"%-#. ul lhe polenliaI foi danage lhal cyleivai can
inicl on nalionaI and econonic secuiily of a slale couId le Iaige.
Conpulei Nelvoik Allack, oi lhe deIileiale paiaIyzalion oi desliuclion of
eneny nelvoik capaliIilies, is onIy one of nany insliunenls in lhe fianevoik of
niIilaiy nissions. WhiIe lhe inpoilance of Conpulei Nelvoik Allack viII ceilainIy
inciease in lhe coning yeais, vilh iegaid lo lhe slale of deveIopnenls in offensive
cyleivai capaliIilies, lheie is sliII a Iack of eslalIished knovIedge aloul Conpulei
Nelvoik Allack capaliIilies aIieady avaiIalIe. Theie aie veiy fev case sludies, and
nosl infoinalion Iies oulside lhe pulIic donain. And nosl oiganizalions aie sliII
unsuie aloul lhe slale of lheii ovn cylei secuiily. Thus, sone of lhe eslinales in lhis
aiea seen exaggeialed, pailicuIaiIy lhose Iinked lo lhe expeclalion lhal lhe fuluie viII
liing nol onIy an ains iace in cyleispace, lul aIso #50"5/+$% %.!/03"0#. Conducling
an 'infoinalion opeialion of slialegic signihcance vouId nol le easy, lul neilhei is
il inpossilIe. Hovevei, cylei aIone is sliII unIikeIy lo vin vais. Civen lhe inliinsic
difhcuIlies of opeialing suigicaIIy in cyleispace, and since il is, vilh fev exceplions,
64 }ohn AiquiIIa & David RonfeIdl, Cyleivai Is Coning!, Ccnpara|itc S|ra|cgq, VoI. 12, 1993, p.146. AIso:
AiquiIIa & RonfeIdl, Nc|ucr|s and Nc|uars, Sanla Monica, RAND Coipoialion, 2OO1.
}oinl IulIicalion 3-13 Infoinalion Opeialions, }oinl Slaff, Depailnenl of Defense, 13 Ieliuaiy 2OO6.
66 Ilid.

sliII nol possilIe loday lo conducl pieciseIy laigeled cylei allacks, gieal doulls ienain
as lo vhelhei slialegic cyleivai is ieaIIy feasilIe.
()

One inpoilanl aspecl of lhis is lhal unconlioIIalIe lIovlack effecls in lhe
highIy nelvoiked viiluaI space conslilule consideialIe iisks foi an allacking slale.
This facloi is aII lhe noie ieIevanl since lhe slales lhal aie nosl IikeIy lo deveIop lhe
lechnoIogicaI knov-hov foi slialegic cyleivai aie aIso lhe nosl dependenl on lheii
ovn infiasliucluies, lhus highIy vuIneialIe in a cyleivai. Due lo unconlioIIalIe side-
effecls, a cyleivai vouId aIso undeinine liusl in cyleispace ovei lhe Iong lein, vilh
possilIe deliinenlaI effecls foi lhe gIolaI econony, and lhus foi aII pailies invoIved.
Slialegic cyleivai, ly ilseIf, vouId piolalIy annoy lul nol disain an adveisaiy. And
any adveisaiy lhal neiils a slialegic cyleivai canpaign lo le suldued aIso IikeIy
possesses lhe capaliIily lo sliike lack in vays lhal nay le noie lhan annoying. The
facl ienains lhal no one ieaIIy knovs hov desliuclive a slialegic cylei allack in a
conicl conducled in lhe viiluaI ieaIn vouId le. Il nay veII le Iess decisive.
If a slialegic cylei allack is Iess IikeIy lo le decisive, lhen cyleivaifaie
capaliIilies al lhe opeialionaI IeveI foi aclions againsl niIilaiy laigels duiing a ieaI
vai nighl lecone noie inpoilanl. OpeialionaI cyleivai nay have lhe polenliaI lo
conliilule lo vaifaie. Hov nuch is unknovn and, lo a Iaige exlenl, sliII unknovalIe.
ecause a devaslaling cylei allack nay faciIilale oi anpIify niIilaiy opeialions, and
lecause an opeialionaI cyleivai capaliIily seens ieIaliveIy inexpensive, il nay veII
le voilh deveIoping. ul foi opeialionaI cyleivai lo voik, ils laigels have lo le
accessilIe and offei vuIneialiIilies.
(*
These vuIneialiIilies have lo le expIoiled in
vays lhe allackei hnds usefuI, lhe iesuIl of vhich he can onIy assess if lhe effecls can
le noniloied - vhal nay sliII le an inconcIusive endeavoi.
Ceilainly in piedicling lhe effecls of opeialionaI cylei allacks is undeinined ly
lhe sane conpIexily lhal nakes cylei allacks possilIe in lhe hisl pIace. Invesligalions
nay ieveaI lhal a pailicuIai syslen has a pailicuIai vuIneialiIily. ul piedicling vhal
an allack can do iequiies knoving hov lhe syslen and ils opeialois viII iespond lo
signs of dysfunclion, and knoving lhe lehavioi of piocesses and syslens associaled
vilh lhe syslen leing allacked. Lven lhen, opeialionaI cyleivai opeialions nay iaieIy
hain individuaIs diieclIy, noi do lhey, vilh sone exceplions, deslioy equipnenl.
(!
Al
lesl, such opeialions aie noie IikeIy lo confuse and fiusliale opeialois of niIilaiy
syslens, and lhen onIy lenpoiaiiIy lecause, due lo lhe exponenliaI innovalion, even
lhe lesl cylei allacks have a Iiniled sheIf Iife. Thus, cyleivai al lhe opeialionaI IeveI
nay veII onIy le a suppoil funclion foi olhei eIenenls of vaifaie. Allenpling an
opeialionaI cyleiallack in lhe hopes lhal success viII faciIilale a conlal opeialion
67 Myiian Dunn CaveIly,Cyleivai: Concepl, Slalus Quo, and Linilalions, CSS Ana|qsis in Sccuri|q Pc|icq, CSS
LTH Ziich, No. 71, ApiiI 2O1O, p. 2.
68 Cyleideleiience and Cyleivai, op. cil., p. xiv.
69 Ilid., pp. xiv-xv.
nay le piudenl, lelling on lhe opeialions success on a pailicuIai sel of iesuIls nay
nol le.
)#

Thioughoul aII lhis, %.!/0 )/4/*#/ ienains lhe nosl inpoilanl aclivily foi lhe
ained foices in cyleispace. The vasl najoiily of allacks aloul vhich concein has leen
expiessed appIy onIy lo Inleinel-connecled conpuleis. As a iesuIl, syslens vhich aie
sland-aIone oi connunicale ovei piopiielaiy nelvoiks oi aie aii-gapped fion lhe
Inleinel shouId le safe fion lhese. Viclins of cylei secuiily Iapses and cylei allacks
incIude nany civiIian syslens, and foi lhis ieason lhe vaIue of a puieIy niIilaiy
appioach lo cylei secuiily defense is Iiniled. The ained foices have an inpoilanl
ioIe in piolecling lheii ovn syslens and in deveIoping polenliaI offensive capaliIilies.
AIlhough nosl of vhal il lakes lo defend niIilaiy nelvoiks can le Ieained fion vhal
il lakes lo defend civiIian nelvoiks, lhe foinei diffei fion lhe Iallei in inpoilanl
vays. Hence, lhe ained foices nusl lhink haid as lhey ciafl lheii cylei defense goaIs,
aichilecluies, poIicies, slialegies, and opeialions.
Il shouId have lecone olvious ly nov lhal lhe delale on cyleivai is pione lo
specuIalion. Sone pioponenls lhink lhal cyleivai viII soonei oi Ialei iepIace kinelic
vai. Moie fiequenlIy, cyleivai is piesenled as a nev kind of vai lhal is cheapei,
cIeanei, vilh Iess oi no lIoodshed, and Iess iisky foi an allackei lhan olhei foins of
ained conicl. This seens lo nake cyleivai alliaclive.
What are the elements that make cyberwar
attractive?
Cyleivai is cheapei since il does nol iequiie Iaige nunleis of lioops and veapons.
The enliy cosls aie Iov: vilh a conpulei and Inleinel access anyone can engage
in cyleivaifaie.
Cyleivai is easy lo deIivei ly sleaIlh via gIolaI conneclivily fion anyvheie.
TooIs foi allack aie cheap and openIy avaiIalIe on lhe Inleinel.
The pioIifeialion of such looIs happens vilhoul any conlioI.
Theie aie no lechnoIogicaI, hnanciaI oi IegaI huidIes lo oveicone againsl lhal
pioIifeialion.
Theie is an advanlage foi lhe allackei vho can piohl fion lhe Ialesl and nevesl
innovalions.
Cyleispace offeis lhe allackei anonynily lecause il is so difhcuIl lo liace lhe
oiigin of an allack.
Cyleispace gives dispiopoilionale povei lo snaII and olheivise ieIaliveIy
insignihcanl aclois.
7O Ilid., p. xv.

Opeialing lehind faIse II addiesses, foieign seiveis and aIiases, allackeis can acl
vilh aInosl conpIele anonynily and ieIalive inpunily, al Ieasl in lhe shoil lein.
Cyleivai nay heIp lo avoid lhe need lo engage in conlal opeialions and lhus
saves Iives.
Cyleivai Ieads lo lhe aliIily lo disiupl lhe adveisaiy ialhei lhan deslioy his
foices.
Iuiied liadilionaI loundaiies: Cyleivaifaie cieales ils ovn 'fog and fiiclion of
vai.
Inheienl in cyleivai aie lhe difhcuIlies of laclicaI vaining and allack oi danage
assessnenls.
Cyleivai enalIes aclois lo achieve poIilicaI and slialegic goaIs vilhoul lhe need
foi ained conicl.
Cyleivai skips lhe lallIeheId. Syslens lhal peopIe ieIy upon, fion lanks, lhe
eIecliic povei giid lo aii defense iadais, aie accessilIe voiIdvide fion cyleispace
and can le quickIy laken ovei oi knocked oul vilhoul hisl defealing a counliys
liadilionaI defenses.
Cyleivai happens al aInosl lhe speed of Iighl. As pholons of allack packels sliean
dovn hlei-oplic calIes, lhe line lelveen lhe Iaunch of an allack and ils effecls is
laieIy neasuialIe, lhus ciealing noie iisks foi decision nakeis, pailicuIaiIy in a
ciisis.
The viclin of an allack has lo invesl consideialIe iesouices inlo neuliaIizing lhe
lhieal, vhich iequiies leans of dedicaled soflvaie and haidvaie expeils vilh
specihc skiII sels. Such peisons aie difhcuIl lo ieciuil and lo ielain as piivale
indusliy offeis noie alliaclive leins foi lheii laIenl.
The vuIneialiIilies of counliies incieasingIy dependenl on conpIex, inleiconnecled,
and nelvoiked infoinalion syslens inciease ovei line, lhus pioviding adveisaiies
vilh a laigel iich enviionnenl.
Ioi nany, lhe lein cyleivai conjuies up inages of deadIy, naIicious piogians
causing conpuleis lo fieeze, veapon syslens lo faiI, lhvailing vaunled lechnoIogicaI
piovess foi a lIoodIess conquesl. This picluie, in vhich cyleivai is isoIaled fion
lioadei conicl, opeiales in a diffeienl ieaIn fion liadilionaI vaifaie. WhiIe such a
scenaiio is nol conpIeleIy leyond lhe ieaIn of possiliIily, offeis a lIoodIess aIleinalive
lo lhe dangeis and cosls of nodein vaifaie, and lhus seens alliaclive, il is nol veiy
IikeIy. A puie cyleivai is an evenl vilh lhe chaiacleiislics of convenlionaI vai lul
foughl excIusiveIy in cyleispace. @5 $# '*($-/(. 56"5 56/0/ 3$(( /8/0 !/ " 1'0/ %.!/03"0
4,'+65 /9%('#$8/(. 3$56 %.!/0 3/"1,*#B
Iuluie vais and lhe skiinishes lhal piecede lhen viII invoIve a nixluie of
convenlionaI oi kinelic veapons vilh cylei veaponiy acling as a disiuplei oi foice
nuIlipIiei.
)"
The ieasons aie: (1) nany ciilicaI conpulei syslens aie piolecled againsl
71 Ielei Sonnei & Ian iovn, Reducing Syslenic Cyleisecuiily Risks, O|CD, OLCD/III Iiojecl on Iuluie
CIolaI Shocks, 14 }anuaiy 2O11, pp. 6 and 13.
knovn expIoils and naIvaie so lhal designeis of nev cylei veapons have hisl lo
idenlify nev vuIneialiIilies and expIoils. (2) The effecls of cylei allacks aie difhcuIl lo
piedicl - lhey nay le Iess poveifuI lhan hoped foi, lul nay aIso have noie exlensive
oulcones aiising fion lhe inleiconnecledness of syslens, iesuIling in unvanled
danage lo peipelialois and lheii aIIies. And (3) lheie is no slialegic ieason vhy an
aggiessoi vouId Iinil hinseIf lo onIy one cIass of veaponiy. Hence, cyleivaifaie is
pione lo have ieaI physicaI consequences.
Like olhei eIenenls of lhe nodein niIilaiy, cylei foices aie nosl IikeIy lo le
inlegialed inlo an oveiaII lallIe slialegy as pail of a %,7!$*/) "07# %"71"$+*. Cylei
veapons viII le used individuaIIy, in conlinalion, and aIso lIended sinuIlaneousIy
vilh convenlionaI kinelic veapons as foice nuIlipIieis.
)$
Conpulei lechnoIogy diffeis
fion olhei niIilaiy assels, hovevei, in lhal il is an inlegiaI conponenl of aII olhei
assels in nodein ained foices. Iion lhis peispeclive, il is lhe one ciilicaI conponenl
upon vhich nany nodein niIilaiies depend, a dependence lhal is nol Iosl on polenliaI
enenies.
Counliies aiound lhe voiId aie deveIoping and inpIenenling cylei
slialegies designed lo inpacl an enenys connand and conlioI sliucluie, Iogislics,
lianspoilalion, eaiIy vaining, and olhei ciilicaI niIilaiy funclions. In addilion, nalions
aie incieasingIy avaie lhal lhe use of cylei slialegies can le a najoi foice nuIlipIiei
and equaIizei. SnaIIei counliies lhal couId nevei conpele in a convenlionaI niIilaiy
sense vilh lheii Iaigei neighlois can deveIop a capaliIily lhal gives lhen a slialegic
advanlage if piopeiIy uliIized. The enliy cosls foi conducling cyleivai aie ialhei
nodesl. Nol suipiisingIy, lheiefoie, counliies lhal aie nol so dependenl on high
lechnoIogy vilhin lheii niIilaiy eslalIishnenl considei such dependence a polenliaI
'AchiIIes heeI of lheii enenies.
Advanced, posl-indusliiaI socielies and econonies aie ciilicaIIy dependenl on
inleiIinked conpulei infoinalion and connunicalion syslens. Sophislicalion has
ilseIf lecone a foin of vuIneialiIily foi enenies lo expIoil. Disiuplion of civiIian
infiasliucluies is an alliaclive oplion foi counliies and non-slale aclois lhal vanl
lo engage in "#.77/50$% 3"04"0/2 and Iack lhe capacily lo conpele on lhe liadilionaI
lallIeheId.
ul vai is lypicaIIy dehned as lhe use of foice, oi vioIence, ly a nalion-slale lo
conpeI anolhei lo fuIhII ils viII. MiIilaiy conicl is a vay foi nalion-slales lo achieve
lheii poIilicaI oljeclives vhen olhei neans, such as dipIonacy, aie nol voiking oi aie
Iess expedienl lhan vioIence. The use of foice, hovevei, nay le Iess olvious in a nev
lallIespace nade up of lils and lyles, vheie lhe loideis lelveen counliies lIui, lhe
veapons aie nuch noie difhcuIl lo delecl, and lhe soIdieis can easiIy le disguised
as civiIians. Il is difhcuIl lo envision cyleivaifaie lecause hisloiy Iacks expeiience in
72 Ilid., p. 6.

cylei conicl. Theie is no pasl lo Ieain fion, nuch Iess envision hov a nalionaI-IeveI
cylei conicl vouId le foughl.
MuIlipIying and conpIicaling lhe unceilainlies aloul cyleivai aie lhe piolIens
lhal deiive fion lhe naluie of cyleispace, lhe sleadiIy gioving vuIneialiIilies lhal
enalIe cylei allacks, pIus lhe najoi issues, anliguilies and addilionaI piolIens
of cyleivaifaie. These lhen sel lhe slage foi shoving hov a nodein vai nay le
conducled - a cIue of cyleivai lo cone - and in vhich vays cyleivai nay le diffeienl
fion lhe olhei vaihghling donains.
3. Understanding the Threats in
Cyberspace
Cyleispace is a loideiIess 'gIolaI connons lhal aII aclois, incIuding slales,
shaie. Iion peisonaI use lo lusiness pIalfoins and niIilaiy appIicalions, lhe ieIiance
on cyleispace is onIy acceIeialing. Since lhe leginning of lhe 21
sl
cenluiy, lhe aliIily
lo Ieveiage cyleispace has lecone lhe nosl inpoilanl souice of povei. Due lo
lhe anazing pioIifeialion of ICT syslens inlo aII aspecls of Iife, lhe inpoilance of
infoinalion foi poIilicaI nalleis has incieased. And vilh il lhe aliIily lo naslei lhe
geneialion, nanagenenl, use, and nanipuIalion of infoinalion has lecone a highIy
desiied povei iesouice in inleinalionaI ieIalions.
AIlhough cyleispace is agnoslic lo poIilics and ideoIogy, slale and non-slale
aclois can use lhis povei lo achieve oljeclives in cyleispace and lhe physicaI voiId.
Lov cosl, high polenliaI inpacl and geneiaI Iack of lianspaiency nake cyleipovei
alliaclive lo lolh poveifuI and Iess poveifuI aclois. The foinei can conline
cyleipovei vilh exisling niIilaiy capaliIilies, econonic assels, and sofl-povei neans.
Less poveifuI aclois can gain asynneliicaIIy in cyleispace ly inicling danage on
vuIneialIe laigels. The viiluaI leiiain of cyleispace is said lo favoi lhe offense lecause
cylei allacks aie inexpensive and conducling lhen iaieIy has consequences. These
lvo facls aie a najoi ieason vhy cylei allacks have lecone uliquilous, incieasing
in scope, and al a scaIe fai giealei lhan nalionaI iesouices lo iespond and defend can
handIe.
AIong vilh nany olhei counliies, lhe US, foi exanpIe, is undei conslanl assauIl
in cyleispace and cuiienlIy vilnessing sone 1.8 liIIion cylei allacks aIone on lhe
IT syslens of Congiess and execulive lianch agencies each nonlh.
)%
Such seiies of
incidenls have Ied lo lhe lein G)8"*%/) L/0#$#5/*5 A60/"5#, vhich is connonIy used lo
iefei lo cylei lhieals, in pailicuIai lhal of Inleinel enalIed espionage, lul is piinaiiIy
used in iefeience lo a Iong-lein pallein of laigeled sophislicaled hacking allacks
ained al goveinnenls ly veII-iesouiced slale aclois, oi agenls afhIialed vilh nalion-
slales.
)&
Such allacks have laigeled goveinnenls aiound lhe voiId, gIolaI oiI, eneigy,
and peliochenicaI conpanies, lhe nining secloi, niIilaiy conliaclois, lhe science and
lechnoIogy secloi, ciilicaI infiasliucluie, and nany addilionaI seclois. Lvei noie lhey
aie aIso laigeling high-lech conpanies lhal couId enalIe fuluie laigeling.
73 Senaloi Susan CoIIins, Hov lo Make Inleinel Moie Secuie, Pc|i|icc, 7 Maich 2O11, and IiincipaI
Depuly Undei Secielaiy of Defense foi IoIicy }anes MiIIei in leslinony lefoie lhe House Ained Seivices
Connillee, Sulconnillee on Lneiging Thieals and CapaliIilies, 1O Ieliuaiy 2O11. In Ieliuaiy 2O11, US
Depuly Secielaiy of Defense said lhal noie lhan 1OO foieign inleIIigence agencies have liied lo lieach DoD
conpulei nelvoiks, and lhal one vas successfuI in lieaching nelvoiks conlaining cIassihed infoinalion.
See: WiIIian }. Lynn, III, Renaiks on Cylei al lhe RSA Confeience, 15 Ieliuaiy 2O11.
74 See: Advanced Ieisislenl Thieals: A Decade in Reviev, Connand Iive Ily Lld, }une 2O11.

The Problems that derive from the Nature of
Cyberspace
Cyleispace is a unique donain in lhal il does nol ilseIf occupy physicaI space.
Il does, hovevei, depend on physicaI nodes, seiveis, and leininaIs lhal aie Iocaled in
nalions lhal exeil conlioI and sonelines ovneiship. The pulIic good lhal liaveIs lhe
infoinalion highvay is nannade and haid lo calegoiize oi Iocale.
)'
UnliI iecenlIy,
nosl hackeis veie aflei lhe infoinalion lhal conslilules lhe payIoad of cylei-
space, ialhei lhan ils infiasliucluie. This, hovevei, is changing. The infiasliucluie
and infoinalion lase of cyleispace is aInosl enliieIy in lhe hands of piivale and
conneiciaI enleipiises, ialhei lhan goveinnenls oi lhe niIilaiy. To conpIicale
lhings fuilhei, unIike lhe olhei donains, cyleispace does nol depend piinaiiIy on
slale povei foi secuiily, lhe gieal najoiily of nelvoiks aie piivale and conpelilive
in naluie. In lhis enviionnenl, piovideis have leen quile iesislanl lo ieguIalion and
secuiily, piefeiiing seIf-ieguIalion and Iess assuiance ialhei lhan accepl Iinilalions
and highei cosls lhal inciease safely and ieIialiIily.
)(
Thieals, vuIneialiIilies, and iisks have giovn exponenliaIIy vilh lhe
pioIifeialion of use and dependence on cyleispace infiasliucluie. The eIeclionic
dependence of nodein civiIizalion on physicaI infiasliucluie, dala and infoinalion,
and lhe iesuIling ciilicaI infiasliucluie funclionaIily iequiies a seanIess Inleinel
enviionnenl. ConsequenlIy, cyleispace has lecone a vaihghling donain vilh
lhe inheienl polenliaI lo deslioy oi iendei useIess IogicaI, physicaI, lechnicaI, and
viiluaI infiasliucluie, and lo danage ciilicaI nalionaI capaliIilies, such as econonic,
goveinnenl, niIilaiy, educalionaI, heaIlh, sociaI, and olhei capaliIilies.
Thieals vilhin and fion cyleispace aie dispaiale, diffuse, and sone nay aIso
le dispiopoilionale in lhe hain lhey couId cause. Hovevei, lhieals lo cylei secuiily
aie nol synonynous vilh lhieals lo nalionaI secuiily. The najoiily of cylei lhieals
do nol lhiealen nalionaI secuiily. Thieals, dangeis, and iisks aiising fion aclion in
cyleispace have lhiee geneiaI chaiacleiislics: (1) lhey aie !0,"), (2) lhey aie /7!/))/),
and (3) lhey aie )$8/0#/B
(1) The naluie of lhe lhieal in cyleispace is "# !0,") "# %.!/0#1"%/ $5#/(4. Any
aspecl of lhe voiId lhal is dependenl on lhe cylei donain is polenliaIIy al iisk. Hence,
of concein aie adveise aclions lhal lhiealen lhe inlegiily and secuiily of ciilicaI nalionaI
infiasliucluies, deslaliIize lhe hnanciaI syslen, enalIe access lo nalionaIIy signihcanl
cIassihed infoinalion oi conneiciaIIy expIoilalIe liade seciels, oi undeinine in
75 Ioi exanpIe, a disciele liansnission nay slail via a ceII lovei (USA leiiesliiaI), le conveiled lo lians-
AlIanlic hlei-oplic signaI (naiiline), lhen le ieIayed via niciovave lovei (LU leiiesliiaI) lo a Iiench
saleIIile in space, ending as a SATCOM signaI lo a conneiciaI Koiean ship al sea. Tiansnissions Iike lhis
occui niIIions of lines each day, iIIuslialing nol onIy lhe uliquilous naluie of cyleispace, lul aIso lhe
conpIexily of lhese eIaloiale syslens.
76 Tnc G|coa| Ccnncns Prcjcc|, iusseIs, NATO, SACT, 18 Novenlei 2O1O, p. 9.
any olhei signihcanl vay lhe aliIily lo ieIy upon infoinalion and connunicalions
lechnoIogy (ICT) syslens foi ieIevanl nalionaI secuiily oljeclives.
(2) Thieals lo lhe inlegiily of infoinalion and secuiily in cyleispace aie
)//1(. /7!/))/) in lhe cylei donain. They aiise fion vuIneialiIilies inheienl, oi
fion naIvaie
))
pIaced, in conpIex soflvaie opeialing syslens, and fion naIicious
haidvaie. They aie enledded lecause lhe lhieal is an inliinsic fealuie of cyleispace,
vhich nay nevei le fuIIy eiadicaled.
(3) The lhieal in cyleispace is "# )$8/0#/ "# 56/ 1(/56,0" ,4 1,5/*5$"((. 6,#5$(/ "%5,0#
vho expIoil lhese vuIneialiIilies, lhe aclions lhey lake, and lhe laigels lhey allack.
)*

Theie aie noie lhan nalion-slale aclois: anong lhe gieal diveisily of aclois aie aIso
ideoIogicaI and poIilicaI exlienisls, leiioiisl oiganizalions, veII-oiganized ciininaI
gangs, and aII soils of slale-sponsoied, neicenaiy oi individuaI hackeis. Lach poses a
dislincl lhieal, iequiiing a diffeienlialed iesponse.
Rosenleig, lhe iappoileui of a voikshop on *"5$,*"( #/%'0$5. 560/"5# $*
%.!/0#1"%/, aigues lhal lhe naluie of cyleispace nakes lhieals fion lhal donain
fundanenlaIIy diffeienl fion lhose exisling in lhe 'ieaI voiId.
)!
Al Ieasl nine faclois
conliilule lo lhis diffeience:
- The span of cyleispace is gIolaI, ciealing conicling and oveiIapping ieaIns of
conlioI ly nalion-slale aclois vilh diffeiing IegaI and cuIluiaI appioaches and
dislincl slialegic inleiesls.
The voiId has lecone so dependenl upon lhe cylei donain lhal disassocialion
is inpossilIe. Cylei gIolaIizalion cannol le undone, neilhei can oui ieIiance on
cyleispace foi nalionaI secuiily funclions.
The nov gIolaIized pioduclion of lolh cylei haidvaie and soflvaie in nany
diffeienl counliies nakes il viiluaIIy inpossilIe lo piovide ieIialIe suppIy chain
assuiance oi good pioducl assuiance.
The scaIaliIily of lhe cylei donain nakes il quaIilaliveIy diffeienl. We do nol
deaI vilh kinelic foice of physicaIIy Iiniled iange, lul vilh nechanisn ly vhich
opeialions on a gIolaI scaIe aie conlioIIed.
Opeialions vilhin lhe donain aie conlioIIed ly a snaII nunlei of peopIe.
Lveiyday useis cannol nodify oi conlioI soflvaie and haidvaie lhey use, lhus
onIy fev have conlioI of lhe cylei univeise.
ecause of lhe inleiconnecledness and inleiopeialiIily of cyleispace, no Iocus
of posilive conlioI is feasilIe. Lffoils lo niligale lhe lhieal, if possilIe al aII, viII
iequiie cIose inleinalionaI coopeialion.
77 MaIvaie = naIicious soflvaie and haidvaie.
78 IauI Coinish, David Livingslon, Dave CIenenle & CIaiie Yoike, On Cqocr larfarc, London, A Chalhan
House Repoil, The RoyaI Inslilule of InleinalionaI Affaiis, Novenlei 2O1O, p. 5.
79 Na|icna| Sccuri|q Tnrca|s in Cqocrspacc, a Woikshop of lhe NalionaI Slialegy Ioiun, Iail of lhe McCoinick
Ioundalion Confeience Seiies, Seplenlei 2OO9.

Changes in lhe cylei donain occui evei noie iapidIy. The inleiconnecledness
of cyleispace enhances lhis consequence of acceIeialion. ul each change cieales
again a nev cycIe of vuIneialiIilies.
The disliilulion of cylei assels spans aII lypes of oiganizalions, fion cIosed lo
goveinnenl conlioIIed syslens lo lhose opeialed ly lhe pulIic, each vilh diffeienl
iesouices, capaliIilies, and conceins.
The naluie of cyleispace is such lhal lhe lechnicaI capacily lo alliilule aclions lo
lhe iesponsilIe acloi vilh a sufhcienl degiee of conhdence is sliII Iacking. Hence,
anonynily is easiIy achievalIe.
@*#/%'0$5. $* %.!/0#1"%/ is caused ly lhiee condilions lhal dislinguish il fion
olhei donains of aclivily and fundanenlaIIy shape lhe naluie of cylei lhieals: (1) lhe
"0%6$5/%5'0/ ,4 56/ @*5/0*/5, (2) /91,*/*5$"( $**,8"5$,*, and (3) lhe Inleinels videspiead
$*5/+0"5$,* $*5, 56/ /%,*,7.2 #,%$/5.2 +,8/0*7/*52 "*) 56/ "07/) 4,0%/#B
The Internet Architecture
The aichilecluie of lhe Inleinel enalIes neaiIy inslanl novenenl of infoinalion
gIolaIIy al Iov cosl. The Inleinel has leen designed lo connecl nuIlipIe nelvoiks,
conpulalionaI faciIilies, and inslilulions seanIessIy and ieIialIy. Yel il vas haid
lo foiesee lhe vuIneialiIilies lhal vouId eneige as lhe Inleinel pioIifeialed fion
a Ienlagon-sponsoied ieseaich piojecl inlo a gIolaI connunicalions nelvoik lhal
peivades nodein Iife. Il is lhe Inleinels openness lhal caiiies dovnsides in lhal il
nakes il easiei lo allack appIicalions and opeialing syslens lhal aie nol adequaleIy
defended. Designed as a decenliaIized syslen, lhe useis of lhe Inleinel aie funclionaIIy
anonynous, geneialing infoinalion lhal liaveIs in undiffeien-lialed packels lhal can
le enciypled lo disguise lhe oiigin. This anonynily piovided ly lhe aichilecluie Ieads
lo an alliilulion chaIIenge lhal iendeis nosl cylei allacks unliacealIe. LslalIishing,
Iel aIone aulhenlicaling idenlily is chaIIenging if il is possilIe al aII.
The alliilulion piolIen enpoveis lolh sliong and veak aclois vho lenehl
fion having lheii idenlilies disguised since lhe onIine anonynily nakes idenlifying
and punishing cylei allackeis exlieneIy difhcuIl. InleiIinked individuaIs oi gioups
opeialing fion gIolaIIy dispeised IocaIes can, vilh no vaining and onIy niIIiseconds
lelveen decision and inpacl, allack scoies of digilaI laigels sinuIlaneousIy vilhoul
ieveaIing lheii idenlilies. Those vho liy lo Iocale allackeis oflen hnd lhenseIves
chasing ghosls oi ending up al hacked lolnels vhen lhe allacks oiiginale fion a
nuIlilude of conpuleis and seiveis in nuIlipIe counliies.
Exponential Innovation
Innovalion has expanded lhe avaiIaliIily, use, and funclionaIily of lhe Inleinel
al an anazing iale. Today, lheie aie noie lhan 2 liIIion Inleinel useis gIolaIIy, a vasl
inciease fion lhe 361 niIIion useis onIine in 2OOO.
*#
The spiead of noliIe devices,
vhich suipassed 5 liIIion sulsciiplions voiIdvide in 2O1O, gives an even giealei
nunlei of peopIe access lo lhe Inleinel as noliIe devices conlinue lo offei lellei
funclionaIily, pailicuIaiIy foi lhe deveIoping voiId.
*"
Lvei-gioving piocessoi speeds
and inpioved aIgoiilhns conlinue lo faciIilale giealei ieIiance on lhe Inleinel, vhich
adds liiIIions of doIIais lo lhe gIolaI econony each yeai. CIolaI e-conneice aclivily
lolaIed 1O liiIIion doIIais in 2O1O, and is expecled lo anounl lo 24 liiIIion doIIais ly
2O2O.
*$
Thus, conlinued innovalion offeis incieasing oppoilunilies foi pioduclive use
of lhe Inleinel. Hovevei, il aIso aids aII lhose vilh naIicious inlenl ly pioviding
noie laigels and looIs foi allack. Cylei secuiily is line consuning and expensive.
Moieovei, lhe piessuie secuiily conpanies feeI lo unveiI innovalive pioducls quickIy
Ieads lo inlioduclion of lechnoIogies lhal aie Iess secuie lhan lhey vouId le if noie
line veie devoled foi loIsleiing lheii secuiily. McAfee idenlihed noie lhan 2O
niIIion nev pieces of naIvaie in 2O1O, oi an aveiage of neaiIy 55,OOO pei day, each
one iepiesenling a nev veapon foi allackeis. Il aIso iepoiled incieases in laigeled
allacks, in lheii sophislicalion, and in lhe nunlei of allacks on lhe nev cIasses of
devices in 2O1O.
*%

Widespread Integration
The aichilecluie has faciIilaled Inleinels inlegialion inlo aInosl eveiy aspecl
of nodein Iife. WhiIe lhis has yieIded nosl ienaikalIe advances in pioduclivily
and efhciency, il has aIso ciealed vuIneialiIilies lhal exceed undeislanding of lhe
polenliaI consequences. The inlegialed naluie of cyleispace incieases lhe chances
lhal any disiuplion viII iippIe fai leyond lhe oiiginaI incidenl. Nelvoik disiuplions
iesuIling fion cylei allacks can Iead lo danage and even polenliaI Ioss of Iife lhiough
cascading effecls on ciilicaI syslens and infiasliucluie.
Three Major Information Infrastructures
The videspiead inlegialion has lioughl aloul 560// 7"?,0 $*4,07"5$,*
$*40"#50'%5'0/#. The hisl is lhe F"5$,*"( @*4,07"5$,* @*40"#50'%5'0/, vhich is lhe key
8O McAfee, A Cood Decade foi Cyleiciine, }anuaiy 2O11, p. 4.
81 InleinalionaI TeIeconnunicalion Union (ITU), Key CIolaI TeIecon Indicalois foi lhe WoiId
TeIeconnunicalion Seivice Secloi, Ceneva, 21 Oclolei 2O1O.
82 Roleil D. Alkinson el. aI., Tnc |n|crnc| |ccncnq 25 Ycars Af|cr, Ccn. Transfcrning Ccnncrcc c |ifc,
Washinglon D.C., The Infoinalion TechnoIogy and Innovalion Ioundalion, Maich 2O1O, p. 43.
83 McAfee, McAfee Thieal Repoil: Iouilh Quailei 2O1O, Ieliuaiy 2O11, p. 7.

nelvoik eIenenl vilhin a counliy lhal enalIes ils infoinalion sociely lo funclion, and
deleinines lhe efhciency of ils funclionaIily. The second is lhe E/4/*#/ @*4,07"5$,*
@*40"#50'%5'0/, vhich seives a counliys defense oiganizalion, lolh niIilaiy and
civiIian. And lhe lhiid is lhe O(,!"( @*4,07"5$,* @*40"#50'%5'0/, vhich piovides lhe
inleinalionaI conneclivily lo lhe NalionaI Infoinalion Infiasliucluie. In defense leins,
lhese infiasliucluies IaigeIy deleinine lhe funclionaI efhciency of a counliys vaifaie
capaliIily. And in lolh defense and lioadei nalionaI secuiily leins, lhey piovide a
palhvay lo cyleivai and infoinalion opeialions.
The F"5$,*"( @*4,07"5$,* @*40"#50'%5'0/ is lhe nalionvide inleiconneclion of
connunicalions nelvoiks, conpuleis, dalalases, and consunei eIeclionics lhal
nake vasl anounls of infoinalion avaiIalIe lo useis. Il enconpasses a vide iange of
equipnenl, incIuding caneias, scanneis, keyloaids, facsiniIe nachines, conpuleis,
svilches, conpacl disks, video and audio lape, calIe, viie, saleIIiles, hlei-oplic
liansnission Iines, nelvoiks of aII lypes, leIevision, nonilois, piinleis, and nuch
noie. The fiiendIy and adveisaiy peisonneI vho nake decisions and handIe lhe
liansnilled infoinalion conslilule a ciilicaI conponenl of lhe NalionaI Infoinalion
Infiasliucluie.
*&

The NalionaI Infoinalion Infiasliucluie aIso conpiises lhe H0$5$%"(
@*40"#50'%5'0/, vhich is deened ciilicaI lecause ils incapacilalion oi desliuclion
vouId have a deliIilaling inpacl on lhe nalionaI secuiily, and lhe econonic and sociaI
veIfaie of lhe nalion. These infiasliucluies incIude key seclois such as infoinalion
and leIeconnunicalions, eneigy, lanking and hnanciaI seivices, geneiaI uliIilies,
lianspoil and disliilulion, eneigency iescue seivices, and pulIic adninislialion,
pIus Iisls of addilionaI eIenenls lhal vaiy acioss counliies and ovei line.
*'

Mosl of lhese infiasliucluies ieIy on Supeivisoiy ConlioI and Dala Acquisilion
(SCADA) and olhei soflvaie-lased indusliiaI conlioI syslens foi lheii snoolh, ieIialIe,
and conlinuous opeialion. Wilh lhese syslens, seivice piovideis use cyleispace lo
connunicale and conlioI sensilive piocesses, such as lhe opening and cIosing of
vaIves, ieguIaling lenpeialuies, conlioIIing lhe ov of oiI, gas, valei and vasle
valei, laIancing IeveIs of chIoiinalion in valei, ieguIaling povei geneialion pIanls
as veII as povei suppIy via lhe eIecliic giid, conlioIIing giound lianspoilalion and
aii liafhc, elc. If disiupled ly a cylei allack, even foi onIy a shoil peiiod of line, lhe
effecls couId inleiiupl suppIy chains, danage conlioI faciIilies opeialions ienoleIy,
cieale scaicilies oi eneigencies, deslioy piopeily, and polenliaIIy hain oi even kiII
innocenl civiIians. As allacks giov in nagnilude and inlensily, lhe iisks of incidenls
vilh cascading sociaI effecls inciease.
84 Diclionaiy of MiIilaiy and Associaled Teins, US Depailnenl of Defense, 2OO5.
85 CiilicaI infiasliucluies in lhe US incIude in aIphalelicaI oidei: AgiicuIluie & Iood, anking & Iinance,
ChenicaI, ConneiciaI IaciIilies, Connunicalions, CiilicaI Manufacluiing, Dans, Defense IndusliiaI ase,
Lneigency Seivices, Lneigy, Coveinnenl IaciIilies, HeaIlhcaie & IulIic HeaIlh, NalionaI Monunenls &
Icons, NucIeai Reaclois, MaleiiaIs & Wasle, IoslaI & Shipping, Tianspoilalion Syslens, and Walei.
H0$5$%"( @*40"#50'%5'0/# "0/ +/*/0"((. 0/+"0)/) "# $*6/0/*5(. $*#/%'0/. Mosl of lhe
conponenls aie deveIoped in lhe piivale secloi, vheie lhe piessuie of conpelilion
neans secuiily does nol diive syslen design. Conpulei and nelvoik vuIneialiIilies
aie lheiefoie lo le expecled, and lhese Iead lo infiasliucluies vilh in-luiIl inslaliIilies
and ciilicaI poinls of faiIuie.
*(
A ieIaliveIy snaII allack can achieve a gieal inpacl,
lhus offeiing a 'foice-nuIlipIiei effecl lo lhose caiiying oul infiasliucluie allacks.
*)
The E/4/*#/ @*4,07"5$,* @*40"#50'%5'0/ is lhe shaied oi inleiconnecled syslen
of leIeconnunicalions nelvoiks, conpuleis, dalalases and eIeclionic syslens
seiving lhe Minisliy of Defenses nalionaI and gIolaI infoinalion needs. Il is a sulsel
of and conpiises lhe NalionaI Infoinalion Infiasliucluie, and incIudes lhe peopIe
vho nanage and seive lhe infiasliucluie, and lhe infoinalion ilseIf. Il incIudes
infoinalion infiasliucluie vhich is nol ovned, conlioIIed, nanaged oi adninisleied
ly lhe Minisliy of Defense.
**
The O(,!"( @*4,07"5$,* @*40"#50'%5'0/ is lhe voiIdvide inleiconneclion of
connunicalions nelvoiks, conpuleis, dalalases, and consunei eIeclionics lhal
nake vasl anounls of infoinalion avaiIalIe lo useis. Il enconpasses a vide iange of
equipnenl, incIuding caneias, scanneis, keyloaids, facsiniIe nachines, conpuleis,
svilches, conpacl discs, video and audio lape, calIe, viie, saleIIiles, hlei-oplic
liansnission Iines, nelvoiks of aII lypes, leIevision, nonilois, piinleis, and nuch
noie. The fiiendIy and adveisaiy peisonneI vho nake decisions and handIe lhe
liansnilled infoinalion conslilule a ciilicaI conponenl of lhe CIolaI Infoinalion
Infiasliucluie.
*!
Il is nol idenlicaI vilh lhe Inleinel, vhich is lhe gIolaI nelvoik of
nelvoiks. Olhei dedicaled nelvoiks lhal aie sland-aIone and nol nelvoiked, aie nol
pail of lhe Inleinel.
Key Characteristics of Information
Infrastructure
A nunlei of key chaiacleiislics of lhese infoinalion infiasliucluies ov fion
alove dehnilions
!#
lhal aie inpoilanl lo laigeling consideialions. These incIude
%,71,*/*5#2 %,**/%5$8$5.2 !"*)3$)562 4'*%5$,*"( $*5/0)/1/*)/*%/, and ,3*/0#6$1 "*)
%,*50,(B
86 MichaeI Nf, Uliquilous Insecuiily` Hov lo 'Hack IT Syslens, |nfcrna|icn c Sccuri|q. An |n|crna|icna|
]curna|, No. 7, 2OO1, pp. 1O4-118.
87 Coveinnenl of Canada, Ofhce of CiilicaI Infiasliucluie Iioleclion and Lneigency Iiepaiedness, Tnrca|
Ana|qsis Nc. TA03-001, 12 Maich 2OO3.
88 AusliaIian Defence Docliine IulIicalion (ADDI) 3-13, |nfcrna|icn Opcra|icns, 2OO6.
89 Depailnenl of Defense Diclionaiy of MiIilaiy and Associaled Teins, Washinglon D.C., }oinl IulIicalion
1-O2, 17 Oclolei 2OO7.
9O The alove dehnilions vaiy lelveen aulhoiilies and aulhois vilhin and lelveen counliies, lul aII loiI dovn
lo lhe sane essenliaI chaiacleiislics.

H,71,*/*5#: The NalionaI, Defense and CIolaI Infoinalion Infiasliucluies
conpiise hve dislincl inleidependenl conponenls. The hisl foui aie expIicil in lhe
dehnilion vhiIe lhe 5
lh
is noie inpIicil:
The 6"0)3"0/ - lhe conpuleis, sensois, physicaI liansnission conponenls such as
calIes, iadio and viieIess, saleIIiles and liansnission loveis,
The #,453"0/ appIicalions - piocesses, piolocoIs, enciyplion, and hievaIIs,
The $*4,07"5$,* ilseIf - lhe dalalases, and infoinalion in liansnission incIuding
voice, facsiniIe, lexl nessages, inageiy, oi infoinalion in olhei foins,
The 1/,1(/ vho opeiale and nainlain lhe infiasliucluies, and
L,3/0 #'11(., vilhoul vhich haidvaie and soflvaie cannol funclion and
infoinalion cannol le liansnilled oi accessed. WhiIe inlegialed lackup povei
suppIy couId le consideied pail of lhe haidvaie conponenl, nains suppIy is nol.
Mosl uninleiiupled povei suppIy syslens (UIS) have onIy a Iiniled capaliIily in
leins of lolh duialion and capacily, and nains suppIy ienains ciilicaI foi fuII and
enduiing funclionaIily.
H,**/%5$8$5.: The veiy lioad, viiluaIIy inslanlaneous and seanIess conneclivily
and ieach acioss lhe vaiious doneslic and inleinalionaI infoinalion donains of lhe
NalionaI, Defense, and CIolaI Infoinalion Infiasliucluie nelvoiks is a chaiacleiislic
lhal aIso conliilules signihcanlIy lo infiasliucluie funclionaI efhciency. Useis of
lhese infiasliucluies have adjusled lusiness oi olhei piaclices accoidingIy. ReaI-
line connunicalions aie ciilicaI in nany aieas of lusiness and goveinnenl. This
ieaI-line dependence aIso appIies lo nany eneigency seivices and especiaIIy lo
defense funclions acioss lhe vhoIe C4ISTAR specliun, incIuding sensoi lo veapon
conhguialions duiing conlal opeialions. Disiuplion lo conneclivily, even foi
ieIaliveIy liief peiiods of line, couId have a najoi inpacl on oulcones.
P"*)3$)56: Is conslanlIy incieasing acioss aII 3 infiasliucluies, pailicuIaiIy
ovei dala nelvoiks in paiaIIeI vilh lechnoIogy inpiovenenls. CIienl denand has nol
onIy kepl pace vilh landvidlh avaiIaliIily, lul has oulsliipped il. ioad landvidlh
aIIovs access lo vasl quanlilies of infoinalion in a veiy shoil space of line. In a defense
conlexl, in pailicuIai, il is an inpoilanl fealuie of ieaI-line deIiveiy of suiveiIIance
and ieconnaissance inageiy, and lhe innediale 'puII-dovn accessiliIily foi depIoyed
conlal foices lo lheii headquaileis inleIIigence dalalases.
Q'*%5$,*"( $*5/0)/1/*)/*%/: elveen infoinalion and ils suppoiling syslens,
and lelveen lhe suppoiling syslens lhenseIves, is a najoi facloi ieIaled lo lhe
funclionaI efhciency and secuiily of any infoinalion infiasliucluie. The noie conpIex
lhe syslen oi nelvoik, lhe giealei is lhal inleidependence. IaiIuie in vhoIe oi ly a
pail of any conponenl of an inleidependenl syslen can inpacl on lhe funclionaIily
of anolhei pail oi, polenliaIIy, on lhe vhoIe syslen. Depending on lhe lype of syslen
affecled and lhe scaIe of lhe faiIuie, lhe cascade effecl can have signihcanl inpIicalions
foi specihc oi geneiaI seivices and capaliIilies, and uIlinaleIy affecl hov peopIe Iive
and lehave. In niIilaiy leins especiaIIy, lhis cascade 'knock-on effecls hls lhe cIassic
nouId of laigeling oulcones in 'effecl-lased opeialions.
!"
J3*/0#6$1 "*) %,*50,(: Ovneiship of lhe nelvoiks vaiies lelveen lhe
goveinnenl and piivale secloi, depending on lhe counliy, and vhal pail of lhe nelvoik
vilhin lhal counliy is invoIved. In nosl counliies, lhe najoi leIeconnunicalions
seivice piovideis aie piivaleIy ovned. And in lhe gIolaIized voiId, lhose seivices
nay le ovned oi pailIy ovned ly foieign piivale coipoialions. The peicenlage of lhe
Defense Infoinalion Infiasliucluie lhal is nade up of and dependenl on lhe NalionaI,
and lhe CIolaI Infoinalion Infiasliucluie aIso vaiies fion counliy lo counliy, lul is
geneiaIIy assessed in nosl advanced counliies as 8O lo noie lhan 9O peicenl. Thus,
onIy 1O lo 2O peicenl of lhe Defense Infoinalion Infiasliucluie in lhese counliies is
ovned, conlioIIed, nanaged oi adninisleied ly lheii defense oiganizalion. Moieovei,
lhe infiasliucluie lhal lhey do ovn, conlioI, and nanage exisls piinaiiIy al lhe
laclicaI IeveI onIy. Apail fion lhe US, lheie aie fev counliies lhal can affoid lo have
lheii ovn fuIIy independenl slialegic and opeialionaI lioadland connunicalions
syslens. One inpoilanl concIusion is, lheiefoie, lhal a signihcanl piopoilion of
any defense oiganizalions C4STARS capaliIily is oulside ils lolaI conlioI, and nay
veII le foieign ovned oi undei )/ 4"%5, foieign conlioI. The diveise and disliiluled
ovneiship of infiasliucluie piesenls enoinous secuiily chaIIenges lecause il is
inpossilIe lo honogenize poIicies and lesl piaclices.
The Challenges of Situational Awareness
In A6/ G05 ,4 I"0 Sun Tzu said AII vaifaie is lased on deceplion . Knov
youi eneny and knov youiseIf and you can hghl a hundied lallIes vilhoul disaslei
. If you knov neilhei lhe eneny noi youiseIf, you viII succunl in eveiy lallIe.
!$

ul in cyleispace, il is pailicuIaiIy difhcuIl lo knov lhe eneny lecause nany of lhe
chaIIenges of liadilionaI vaifaie aie nagnihed in cyleispace. Chief anong lhese is
lhe chaIIenge of #$5'"5$,*"( "3"0/*/##2
!%
vhich is dehned as lhe conlinuous exliaclion
of enviionnenlaI infoinalion, lhe inlegialion of lhis infoinalion vilh pievious
knovIedge lo foin a coheienl nenlaI picluie, and lhe use of lhal picluie in diiecling
fuilhei peiceplion and anlicipaling fuluie evenl.
!&
Having conpIele, accuiale and up-
lo-lhe-ninule silualionaI avaieness is essenliaI vheie lechnoIogicaI and silualionaI
conpIexilies on lhe hunan decision nakei aie a concein. SilualionaI avaieness has
leen iecognized as a ciilicaI, yel oflen eIusive, foundalion foi successfuI decision
naking acioss a lioad iange of conpIex and dynanic syslens, incIuding avialion
91 Is a piocess foi ollaining a desiied slialegic oulcone oi 'effecl on lhe eneny, lhiough lhe syneigislic,
nuIlipIicalive, and cunuIalive appIicalion of lhe fuII iange of niIilaiy and non-niIilaiy capaliIilies al lhe
laclicaI, opeialionaI, and slialegic IeveIs. }oinl Ioices Connand, CIossaiy.
92 Sun Tzu, Tnc Ar| cf lar, liansIaled ly LioneI CiIes, al: The Inleinel CIassics Aichive, hup://classlcs.mll.edu
93 Mike LIoyd, The siIenl inhIlialoi, Arncd |crccs ]curna|, }une 2O1O, al: hup://www.aql.com/2010/06/4612622
94 Doninguez, ViduIich, VogeI & McMiIIan, Si|ua|icn auarcncss. Papcrs and annc|a|cd oio|icgrapnq, Ainsliong
Laloialoiy, Hunan Syslen Cenlei, ief. AL/CI-TR-1994-OO85. AIso Si|ua|icn auarcncss, Wikipedia, al: hup://
en.wlklpedla.org/wlkl/SlLuauon_awareness

and aii-liafhc conlioI, eneigency iesponse, niIilaiy connand and conlioI opeialions,
offshoie oiI and nucIeai povei pIanl nanagenenl, elc.
Cyleispace is a vasl, conpIex and iapidIy changing lallIespace. The key lo
pievaiIing in a hosliIe cylei-space enviionnenl nay Iie in lhe aliIily lo geneiale a
conpiehensive picluie of lhal enviionnenl.
!'
In lhe kinelic ieaIn, lhe 4,+ ,4 3"0 is a
lein deiived fion CIausevilz iefeiiing lo unceilain knovIedge aloul lhe adveisaiy,
and lhe posilion and aclivilies of lhe ovn foices in lhe nidsl of an opeialion. WhiIe
silualionaI avaieness is a najoi chaIIenge aIieady in liadilionaI vaifaie, lhe 4,+
,4 %.!/03"0 nay veII le so lhick lhal il couId lecone lhe piinaiy inpedinenl lo
vicloiy. Thus, deveIoping lhe lechniques and looIs foi cylei silualionaI avaieness
vouId le paianounl lo achieving slialegic, opeialionaI, oi laclicaI advanlage in lhis
noveI donain.
A fundanenlaI olslacIe in lhe cylei donain is lhe difhcuIly of deleinining
lhe ,3* )/4/*#$8/ 1,#5'0/ in lhe conlinuous piocess of safeguaiding conpuleis
and nelvoiks: lhe conlinuun of 10,5/%52 )/5/%5, 0/#1,*), and 0/%,8/0 lhal heIps
oiganizalions lo anlicipale dangeis, neuliaIize, Iinil lhe inpacl of lhose dangeis, and
ieacl quickIy and effecliveIy in lhe evenl of an allack. Tvo aspecls nake silualionaI
avaieness difhcuIl in cyleispace: ils 8"#5 %,71(/9$5. and ils $*%0/)$!(/ 0"5/ ,4 %6"*+/.
TiadilionaI nanuaI lechniques foi gaining silualionaI avaieness of lhe ovn defensive
posluie aie quickIy ovei-vheIned ly lhese effecls. The conpIexily of cyleispace
slens fion seveiaI faclois. One is lhal lodays ICT syslens, lased on disliiluled
conpuling concepls, aie so inliicale. IunclionaIily is spiead acioss a nuIlilude of
conpulei syslens lhal aie lied logelhei in gIolaI nelvoiks. Lveiy eIenenl in lhese
aichi-lecluies nusl le assessed, noniloied, and piolecled: appIicalions, dalalases,
velseiveis, hosl conpuleis, nelvoiking geai, elc. Lven lasic knovIedge such as lhe
nunlei of ICT syslens depIoyed and hov lhey aie connecled can le a chaIIenge foi
lhose allenpling lo achieve silualionaI avaieness in lhese nelvoiks.
N/)'*)"*%. "))# 5, 56/ %,71(/9$5.. MiIilaiy ICT syslens aie noslIy luiIl lo
insuie avaiIaliIily even if individuaI conponenls faiI. To achieve a high degiee of
avaiIaliIily, lhey have luiIl-in iedundancy, offeiing lackup syslens and faiIovei
nelvoik palhs. WhiIe iedundancy is inpoilanl foi avaiIaliIily, il aIso giealIy enhances
lhe conpIexily of secuiily. A lypicaI nelvoik offeis nany possilIe palhs lo connecl a
usei lo an appIicalion. If any singIe palh is avaiIalIe, lhe appIicalion is avaiIalIe. ul
vuIneialiIilies in any of lhese palhs aIso enalIe secuiily lieaches. WhiIe avaiIaliIily
is a funclion of lhe sliongesl Iink in lhe chain, secuiily is a funclion of lhe veakesl.
!(

In addilion lo lhe conpIexily of cyleispace, silualionaI avaieness is nade
veiy chaIIenging lecause of conslanl and dynanic change. Lven if lhe ovn posilion is
accuialeIy dehned and assessed al a given line, lhe assessnenl can le quickIy oul of
95 Roleil K. Ackeinan, Nelvoik SilualionaI Avaieness Loons Laige in Cyleispace, Signa| Magazinc, May
2O1O.
96 The siIenl inhIlialoi, op. cil.
dale lecause unieIenling change is an inheienl chaiacleiislic of cyleispace. Theie aie
diffeienl aspecls of change. One is in lhe ICT syslens lhenseIves, vhich aie conslanlIy
depIoyed, deconnissioned, inlegialed, and updaled vilh nev soflvaie and haidvaie.
This soil of change is fundanenlaI lo lhe povei of disliiluled conpuling. Il enalIes
gieal exiliIily, iapid ieaclion line, and iapid innovalion, aII of vhich aie essenliaI
lo effeclive and efhcienl nission suppoil. WhiIe sleps can le laken lo nanage lhis
change, lheie aie Iinils lo hov nuch conlioI can le inposed vilhoul conpionising
lhe advanlages lhal cyleispace offeis.
The Challenges of Protection against Security
Breaches
A noie inpoilanl aspecl of change is noslIy oul of conlioI foi lhe foices
depIoyed: 56/ %6"*+$*+ *"5'0/ ,4 8'(*/0"!$($5$/# "*) 560/"5#. Theie aie nany lhousands
of knovn vuIneialiIilies in IT syslens, and nev ones aie discoveied eveiy day. The
cylei secuiily conpany Sophos anaIyzed 95,OOO naIvaie pieces in ils Ials eveiy day
in 2O1O, neaiIy doulIing lhe nunlei of naIvaie lhey liacked in 2OO9. This accounls
foi one unique hIe eveiy O.9 seconds, 24 houis pei day, each day of lhe yeai. The lhieal
expeils of lhe conpany see 3O,OOO nev naIicious URLs each day - 7O peicenl of vhich
aie Iegilinale velsiles lhal veie hacked.
!)
This is a cIeai sign lhal lhe naIvaie lhieal
conlinues lo giov al an aIaining iale.
!*

And opponenls aie conslanlIy deveIoping nev nelhods and nechanisns lo
expIoil lhese vuIneialiIilies. The piolIen is lhal il is cheap lo deveIop a cylei veapon,
vhiIe defending againsl il cosls a Iol. Sone of lhe nosl conpIex, conneiciaIIy
avaiIalIe defense soflvaie nov has lelveen 5 and 1O niIIion Iines of code. In conliasl,
lhe aveiage naIvaie has slayed noie oi Iess conslanl ovei lhe Iasl decade al 17O
Iines of code.
!!
Thus, vhal vas consideied inpiegnalIe yesleiday nay shov sullIe
veaknesses loday, and nay IikeIy le conpionised lonoiiov. Thus, cylei defenses
nusl le in a conslanl slale of ux lo acconnodale lolh changing ICT syslens and
changing lhieals. ul lecause lhe liadilionaI nanuaI lechniques aie faiIing lo piovide
lhe secuiily needed, aulonaled syslens aie iequiied lhal conlinuousIy noniloi
secuiily posluies, and piovide iisk-lased silualionaI avaieness lo decision nakeis.
Hence, lo piolecl lheii vilaI assels, lhe ained foices nusl neel lhe lhieals pioacliveIy
vilh a syslen-vide defensive appioach enpIoying supeiioi lechnoIogy.
"##

97 InfoWoiId Dala Managenenl AIeil, San Iiancisco, |nfclcr|d |nc., 24 Maich 2O11. A URL is a Unifoin
Resouice Localoi (URL) and a sulsel of lhe Unifoin Resouice Idenlihei (URI) lhal specihes vheie an
idenlihed iesouice is avaiIalIe and lhe nechanisn foi ieliieving il. ...
98 Scpncs sccuri|q |nrca| rcpcr| 2011, Sophos Lld. and Sophos Cioup, Ieliuaiy 2O11, p. 4.
99 WiIIian Lynn, Cylei Waifaie UnavoidalIe in lhe Neai Iuluie, Tnc Ncu Ncu |n|crnc|, lhe Cylei Iionliei,
9 ApiiI 2O11, al: hup://www.LhenewnewlnLerneL.com/2011/10/04/Wllllam-lynn-cyber-warfare-unavoldable-ln-Lhe-
near-fuLure/
1OO MeIissa L. Halhavay, S|ra|cgic Adtan|agc. lnq Ancrica Sncu|d Carc Aocu| Cqocrsccuri|q, Canliidge, eIfei
Cenlei foi Science and InleinalionaI Affaiis, Haivaid Kennedy SchooI, Oclolei 2OO9.

Theie aie lhiee cIasses of syslens foi defensive posluie nanagenenl, vhich
can le cIassihed ly vhen lhey opeiale in ieIalion lo an allack: "45/0, )'0$*+, and !/4,0/.
Ioiensic syslens heIp oiganizalions invesligale allacks "45/0 lhey have occuiied lo
undeisland lolh lheii inpacl and lheii iool causes. The coie of lhese soIulions is
hisloiicaI Iogs lhal iecoid aclivily on each aspecl of lhe infiasliucluie, fion soflvaie
lo nelvoik devices. These Iogs can le anaIyzed nanuaIIy lo deleinine lhe sequence
of evenls lhal have Ied lo an inliusion oi disiuplion. ul lhe voIune and conpIexily of
lhis dala is enoinous. Thus, oiganizalions nov inpIenenl Iog nanagenenl syslens
lhal coIIecl, sloie, and anaIyze lhal dala aulo-nalicaIIy. These syslens coiieIale
infoinalion fion nuIlipIe syslens lo idenlify palleins, and pul logelhei a lineIine of
lhe incidenl. Using lhis infoinalion, lhe ained foices can ienediale lhe piolIens lhal
enalIed lhe lieach, and idenlify, evaIuale, and addiess lhe danage done.
"#"
The nexl lellei cIass of silualionaI avaieness syslens heIps lhe foices lo delecl
and iespond lo an "55"%- $* 10,+0/##. Such syslens ieIy on sensois and inliusion
deleclion syslens depIoyed lhioughoul lhe infia-sliucluie lo idenlify suspicious
lehavioi, devialion fion noinaIcy, and lo iaise aIains. An aIain can le anaIyzed
nanuaIIy, lul an inliusion nay iaise loo nany such aIains as il noves lhiough lhe
infia-sliucluie. And soiling oul a liue allack fion lhe noinaI lackgiound noise of
faIse aIains is an exlieneIy conpIex endeavoi. To addiess lhis, syslens foi secuiily
infoinalion and evenl nanagenenl can le depIoyed vhich coIIecl evenls, anaIyze
lhen on an infiasliucluie-vide lasis, and idenlify vheie an expIoil is occuiiing al
lhal poinl in line. Wilh infoinalion lhus gained, incidenl iesponse leans can lake
aclion lo pievenl lhe inliusion fion piogiessing any fuilhei.
The Iasl and nosl inpoilanl cIass of silualionaI avaieness syslens is designed
lo opeiale !/4,0/ an allack legins, focusing on slopping allackeis lefoie lhey gain
enliy.
"#$
Ioi lhis, defenses lhal lIock naIicious soflvaie and unaulhoiized access
aie ciuciaI. In addilion, laseIine conhguialion slandaids nusl le eslalIished and
noniloied lo pievenl devialion and nonconpIiance lhal can cieale vuIneialiIilies in lhe
syslen. This iequiies syslens vhich idenlify vuIneialiIilies, nisconhguialions, and
olhei iisks in lhe infiasliucluie. Like foiensic and evenl-lased syslens, lhese syslens
aie equipped vilh conponenls lhal assess individuaI devices such as vuIneialiIily
scanneis.
"#%
Scanneis and siniIai looIs idenlify vasl nunleis of polenliaI device
issues, nosl of vhich aie effecliveIy niligaled ly lhe defense-in-deplh aichilecluies
of secuiily. Secuiily posluie nanagenenl soIulions can le depIoyed lhal anaIyze lhe
conhguialions and vuIneialiIilies of lhe vaiious devices and hosls lhioughoul lhe
infiasliucluie, coiieIale lhen logelhei, and idenlify lhe syslen-vide secuiily issues
lhal exisl in lhe infiasliucluie. Using lhis infoinalion, lhose iesponsilIe foi secuiily
1O1 The siIenl inhIlialoi, op. cil.
1O2 See: Allack Iievenlion, M86 Secuiily, al: hup://www.m86securlLy.com/resources/auack-prevenuon.asp
1O3 David SheIIy, Randy Maichany & }oseph Tionl, |csing |nc Gap. Ana|qzing |nc |ini|a|icns cf lco App|ica|icn
Vu|ncraoi|i|q Scanncrs, The OWASI Ioundalion, Viiginia IoIylechnic Inslilule and Slale Univeisily, 8
Novenlei 2O1O.
can lhen piioiilize and addiess piolIens lo ienediale !/4,0/ 56/. "0/ /91(,$5/) ly
adveisaiies.
"#&
As aIvays vilh conpulei secuiily, lheie aie lvo lhings lo ienenlei. Iiisl,
lhal secuiily depends on a conlinalion of lechnoIogy and poIicy, and second, lhal
no syslen is evei lolaIIy secuie. Il is safei lo assune lhal lheie viII le lieaches, and
voik oul hov lo nininize lhe danage. Thal neans sloiing, and noving aiound, as
IillIe dala as possilIe, anonynizing iecoids and Iinking lo peisonaI delaiIs sloied in
a sepaiale dalalase, using enciyplion lo piolecl dala in liansil, and using Inlianel
soIulions vheie possilIe.
Secuiily aichilecluies aie luiIl on lhe pienise lhal successfuI allacks viII
occui. The iapidIy changing and inheienlIy open naluie of cyleispace nakes lhis
inevilalIe. The uIlinale pioleclion againsl allacks is lo aii-gap ciilicaI syslens fion
souices lhal cannol le liusled. ul lhis cones vilh high cosls in lineIiness, exiliIily,
and funclionaIily. To ielain funclionaIily vhiIe sliII offeiing iolusl secuiily, cylei
defenses aie luiIl in Iayeis. Lven if an allack peneliales lhe hisl Iayei, deepei Iayeis of
defenses aie designed lo conlain lhe allack lefoie il can ieach ciilicaI syslens. Much
Iike physicaI defenses, Iayeied defenses can piovide incidenl iesponse leans lhe line
lo shul dovn an allack lefoie il causes unacceplalIe danage.
Lffeclive silualionaI avaieness syslens aie an inlegiaI pail of Iayeied defenses.
ul eveiy Iayei incieases lhe conpIexily of lhe defense exponenliaIIy, so nainlaining
nuIlipIe Iayeis lelveen changing lhieals and changing ICT syslens iequiies
aulonaled assessnenl capaliIilies. Lvenl nanagenenl syslens lo iespond lo allacks
in piogiess aie nov leconing noie connon. ul secuiily posluie nanagenenl
syslens lo pievenl allacks in lhe hisl pIace aie onIy aloul leginning lo eneige. In
lhis donain, lhe US ained foices seen lo le in lhe Iead due lo nassive ieseaich and
deveIopnenl inveslnenls nade ly lhe Defense Advanced Reseaich Iiojecls Agency
(DARIA), founded in iesponse lo lhe suipiise Spulnik Iaunch in 1958, and vhich
falheied lhe Inleinel.
Wilh effeclive conlingency pIans, piocesses, looIs, and conpelencies in pIace
foi lhe evenl of an inliusion oi disiuplion, incidenl iesponse leans can ieacl sviflIy
lo conlain and eiadicale lhe lhieal. Wilh lhe heIp of lineIy incidenl iepoils, lhey can
assess any syslen danage oi dala Ioss and nove quickIy lo iesune opeialions. And
vilh iecoveiy pioceduies and voikaiounds aIieady lhoughl oul, incidenl iesponse
leans can quickIy nove foivaid aflei an allack lo iecovei Iosl dala oi conhguialion
infoinalion. They lhen can iesloie syslens and lesls lo heIp ensuie lhal aII conponenls
aie again in conpIiance, and lhus ieeslalIish nission assuiance and conhdence. A
conlinuing ieviev of secuiily audil hIes piovides lhe oppoilunily lo Ieain fion lhe
1O4 The siIenl inhIlialoi, op. cil.

incidenl, so lhe Iessons can le appIied lo heIp lo inpiove exisling secuiily piovisions
and pievenl iecuiience.
"#'

Supply Chain and Vendor Access, Remote Access,
Proximity Access, and Insider Access
UIlinaleIy, lhe cuiienl liends lovaids digilizalion, aulonalion, and
inleiopeialiIily need nol le nuluaIIy excIusive of secuiily. ul lhe cylei secuiily
chaIIenge can onIy le addiessed effecliveIy ly fuIIy undei-slanding lhe vide iange of
lhe ieaI 560/"5 8/%5,0# exisling, vhich faII inlo foui lioad calegoiies: #'11(. %6"$* "*)
8/*),0 "%%/##2 0/7,5/ "%%/##, 10,9$7$5. "%%/##, and $*#$)/0 "%%/## lo ICT syslens.
Wilh iespecl lo lhe #'11(. %6"$*, il is videIy accepled lhal lhe gIolaI econony
has given nalions lhe aliIily lo conpele and puichase seivices in an expanding naikel
lhal has diiven dovn piices and pionoled iapid invenlion and innovalion. ul lhe
gIolaI suppIy chain aIso has sulslanliaIIy incieased oui vuIneialiIilies lo adveisaiiaI
nanipuIalion of haidvaie and soflvaie. Conpuleis oi lhe aichilecluie lhey iide
on can le poisoned vilh doinanl capaliIilies lhal can le avakened ly adveisaiies.
Lven if oui ICT syslens cone oul of lhe facloiy in piisline condilion, lhey can le
nanipuIaled ly lhe deIiveiy seivice, lhe vhoIesaIei, lhe ielaiIei, lhe inslaIIei, lhe
iepaiinan, oi lhiough lhe dovnIoadalIe hinvaie updale oi palch. <'11(. %6"$* and
8/*),0 ,1/0"5$,*# aie veiy difhcuIl lo noniloi. Lven vilhoul a gIolaI suppIy chain,
lhese sane expIoils couId le inlioduced doneslicaIIy ly oiganized ciine, disgiunlIed
enpIoyees, oi foieign inleIIigence seivices.
N/7,5/ "%%/## ly nelvoik inliusion oi hacking is anolhei avenue of allack.
We see nosl of lhis lhieal vecloi eilhei lecause il is lhe giealesl piolIen oi lecause
il is lhe nosl easiIy liacked. Syslens adninislialois lypicaIIy aie oveivheIned ly
lhe quanlily of vainings issued ly aulonaled inliusion deleclion, pievenlion, and
hievaII syslens, and ly lhe addilionaI need lo sludy lhe Iogs associaled vilh olhei
lechnoIogy seivices and appIicalions. In facl, oui visiliIily inlo ienole access secuiily
is so gieal lhal an oiganizalion nusl piioiilize ils ieviev and iesponse effoils. Hacking
and ienole access piovided ly naIicious enaiI allachnenls and diive-ly dovnIoads
nighl oi nighl nol le lhe voisl of piolIens, lul lhey aie lhe nosl visilIe. Iion a
slialegic poinl of viev, il is inpoilanl lo ensuie lhal lhe voIune of lhe peiceived
ienole lhieal and lhe iesouices diiecled againsl il aie nol consideied lo lhe excIusion
of olhei equaIIy peinicious lhieal veclois.
L0,9$7$5. "%%/## iefeis lo lhe aliIilies adveisaiies have vhen lhey aie physicaIIy
cIose lo oui ICT syslens lul nol diieclIy inside lhen. The inleiceplion of viieIess
1O5 See: Ciisis Managenenl IIan foi counleiing Cylei Allacks and Cylei Teiioiisn, Depailnenl of Infoinalion
TechnoIogy, Minisliy of Connunicalions and Infoinalion TechnoIogy, Coveinnenl of India, Woikshop on
Ciisis Managenenl IIan foi counleiing cylei allacks and cylei leiioiisn, 2 Ieliuaiy 2O1O.
signaIs is a good exanpIe of lhis vecloi. Thiough connon lechniques such as passive
eIeclionic noniloiing of infoinalion leing liansnilled, joining a viieIess conneclion
and ollaining lhe aliIily lo access olhei conpuleis connecled lo lhe sane viieIess
nelvoik - so-caIIed peei-lo-peei conneclions - oi lhe allackei posing as a Iegilinale
viieIess nelvoik in oidei lo Iuie unsuspecling useis, viieIess connecled devices and
access poinls can luin inlo a signihcanl cylei secuiily IialiIily. WiieIess keyloaids
can piesenl siniIai oppoilunilies foi eavesdioppei, lioadcasling keysliokes lhiough
lhe aii, even usei IDs and passvoids.
IinaIIy, $*#$)/0 "%%/## nusl le addiessed. Cuiienl enpIoyees, conliaclois, and
liusled lusiness pailneis have unique oppoilunilies lo do hain lecause lhey have
leen piovided aulhoiized access lo oui physicaI and digilaI spaces. Once aulhoiized,
lhey can opeiale fion vilhin vilhoul leing chaIIenged ly lhe haid oulei sheII of
gales and guaids, inliusion pievenlion devices, and hievaIIs. Opeialing fion lhe
inside aIso piovides a dislincl peispeclive on an oiganizalions secuiily veaknesses,
incIuding lechnicaI gaps, Iapses in poIicy enfoicenenl, knovIedge of vheie lhe ciovn
jeveIs aie Iocaled, and even vacalion scheduIes of secuiily slaff, jusl lo nane a fev.
AIlhough a cylei allack is noie IikeIy lo cone fion an oulsidei, ieseaich indicales
lhal vhen an insidei does sliike, lhe danage can le sulslanliaIIy giealei.
"#(

These lhieal veclois can onIy le efhcienlIy iesoIved ly seeking lhe lesl oplions
foi Ioveiing lhe faclois lhal aie used in lhe foinuIa foi iisk assessnenl: Risk = Thieal
x VuIneialiIily x Consequence. Loveiing any of lhe lhiee vaiialIe faclois viII Iovei
lhe iisk. And diiving any of lhe faclois lo zeio viII eIininale lhe iisk aIlogelhei.
IoIicynakeis, slialegisls, and lhose vho opeiale on lhe fionl Iines of cylei secuiily
shouId caiiy oul lheii diiecl and indiiecl ioIes in vays lhal heIp lo Iovei lhe lhieal,
vuIneialiIily, and adveise consequences associaled vilh #'11(. %6"$* "*) 8/*),0 "%%/##,
0/7,5/ "%%/##, 10,9$7$5. "%%/##, and $*#$)/0 "%%/##. Anylhing Iess Ieaves lhe advanlage
vilh lhe adveisaiies.
Cyber Security is Evolving from a Technical
Discipline to a Strategic Concept
The facl ienains lhal lhe anonynily, gIolaI ieach, scalleied naluie, and lhe
inleiconnecledness of infoinalion nelvoiks conlinue lo ieduce lhe piolaliIily of
deleclion and discoveiy of lhe oiigin of an allack, 56'# 7"-$*+ "550$!'5$,* " 1/07"*/*5
10,!(/7. Allackeis can use evei noie neans of deceplion, nosl of lhen offeiing
pIausilIe denialiIily. Snail hackeis can ioule allacks lhiough counliies vilh vhich lhe
viclins goveinnenl has pooi dipIonalic ieIalions oi no Iav enfoicenenl coopeialion.
ul even successfuI invesligalions oflen Iead onIy lo anolhei hacked conpulei. Thus,
slales and goveinnenls sliII face lhe piospecl of Iosing a cylei conicl vilhoul evei
knoving lhe idenlily of lheii adveisaiy.
1O6 Veiizon usiness Risk Tean, 2OO9 Dala ieach Invesligalion Repoil 11, 2OO9.

Hence, iesponses Iiniled lo lhe IeveI of lhe nalion-slale aie inadequale:
%,,0)$*"5/) $*5/0*"5$,*"( "%5$8$5., vilh aII lhe associaled piolIens of ieaching
agieenenl and lhen acling in conceil, is vhal is iequiied. The eneny can onIy le
knovn lhiough cIose inleinalionaI coopeialion. And his vuIneialiIily can le Ieainl of
and expIoiled lhiough such coopeialion.
InleinalionaI coopeialion is one key lo ieducing cylei secuiily iisks,1O7 foi
allacks on syslens connecled lo lhe Inleinel can oiiginale fion anyvheie on lhal
nelvoik. VuIneialiIilies in soflvaie deveIoped in one counliy and inslaIIed in a second
can le expIoiled ienoleIy fion a lhiid. IaiIuies in ciilicaI infoinalion infiasliucluies
in one nalion can cascade inlo dependenl syslens eIsevheie. Coveinnenls and lhe
piivale secloi need lo cooidinale lheii effoils lo enhance cylei secuiily IeveIs, deveIop
safe and liusled nelhods foi infoinalion shaiing aloul vuIneialiIilies, lIock and
delei allacks, and inpiove lhe iesiIience of ciilicaI infiasliucluie.1O8 This iequiies
aIso a nev Iook al lhe ieguIaloiy noins, inleinalionaI IegaI noins and appioaches.
As CeneiaI AliiaI, NATO Supiene AIIied Connandei Tiansfoinalion,
enphasized in a iecenl Nev Yoik Tines ailicIe, il viII iequiie inleinalionaI
coIIaloialive infoinalion-shaiing and piolIen-soIving anong conneice, acadenia,
goveinnenl, and lhe niIilaiy. Today, a ciilicaI eIenenl of any cylei-defense slialegy
is lhe undeislanding lhal cyleispace is inleinalionaI ly naluie. No one counliy can
deaI effecliveIy vilh cylei lhieals on ils ovn . The concepl of 'in-deplh cylei
defense, vhich vas endoised al lhe Lislon NATO sunnil in Novenlei 2O1O, is nol
inlended lo le a niIilaiy-onIy, oi even a niIilaiy-cenliic, slialegy. Il necessaiiIy culs
acioss lhe poilfoIio of a vaiiely of aclois, as il spans lhe lechnoIogy enpIoyed, lhe
avaieness of useis, and lhe physicaI pioleclion of key eIenenls of oui haidvaie.1O9
Cylei allacks nay iise lo lhe IeveI of a nalionaI secuiily lhieal vhen adveisaiies
have invesled enough line and effoil inlo ciealive and veII-lined sliikes on a ciilicaI
nalionaI infiasliucluie laigel such as lhe eIecliicaI giid. NalionaI secuiily pIanneis
shouId considei lhal eIecliicily has no sulslilule, and lhal aII olhei infiasliucluies,
incIuding conpulei nelvoiks, depend on il. ecause lhe cylei allack lhieal lo ciilicaI
infiasliucluies is slialegic in scope, lhe nalionaI iesponse nusl le equaI lo lhe lask:
pulIic avaieness, inveslnenl in educalion, scienlihc ieseaich, lhe deveIopnenl of
cylei Iav, and inleinalionaI coopeialion. ecause cylei secuiily is evoIving fion a
lechnicaI discipIine lo a slialegic concepl, and lecause cylei allacks can affecl nalionaI
secuiily al lhe slialegic IeveI, nalionaI Ieadeis nusl Iook leyond lhe laclicaI aiena. The
='/#5 4,0 #50"5/+$% %.!/0 #/%'0$5. $*8,(8/# 7"0#6"($*+ "(( ,4 56/ 0/#,'0%/# ,4 " *"5$,*>#5"5/B
In lhis quesl foi slialegic cylei secuiily, il is advisalIe lo pul enphasis on a secuiily
1O7 See: KanIesh ajai, Tnc Cqocrsccuri|q Agcnda, Mcoi|izing fcr |n|crna|icna| Ac|icn, Nev Yoik, The LaslWesl
Inslilule, 2O1O.
1O8 Ielei Sonnei & Ian iovn, Reducing Syslenic Cyleisecuiily Risk, OLCD, OLCD/III Iiojecl on Iuluie
CIolaI Shocks, 14 }anuaiy 2O11, p. 85.
1O9 CeneiaI Slephane AliiaI, NATO Supiene AIIied Connandei Tiansfoinalion, NATO uiIds ils
Cyleidefenses, Ncu Ycr| Tincs, 27 Ieliuaiy 2O11.
syslen aichilecluie lhal enpIoys nuIlipIe lieis of defenses, lhal can le segnenled
undei allack, and lhal has a heaIlhy conponenl of iesiIiency lo aIIov speedy iecoveiy.
The nain inpiovenenls lhal couId le nade vouId le lo slienglhen nechanisns
foi gIolaI coopeialion and capacily luiIding, and lo fuilhei inciease lhe nunlei of
pailies lo lhe Cyleiciine Convenlion. The Uniled Nalion's Inleinel Coveinance
Ioiun aIieady liings logelhei slakehoIdeis fion lhe pulIic and piivale secloi as veII
as civiI sociely gioups fion aiound lhe voiId, and has acliveIy consideied secuiily
issues. If lhe UN decides lo conlinue lhe exislence of lhe foiun, il vouId le an ideaI
venue foi fuilhei gIolaI delale.11O
11O WiIIian }. Diake, ed., |n|crnc| Gctcrnancc. Crca|ing Oppcr|uni|ics fcr A||, The Iouilh Inleinel Coveinance
Ioiun, Shain eI Sheikh, Lgypl, 15-18 Novenlei 2OO9, Uniled Nalions, 1O-O6439, Seplenlei 2O1O.
4. Cyber Vulnerabilities and how
Cyber Attacks are Enabled
HosliIe aclions againsl an IT syslen oi nelvoik can lake lvo foins: %.!/0 "55"%-
and %.!/0 /91(,$5"5$,*. A %.!/0 "55"%- is lhe use of deIileiale aclions lo aIlei, disiupl,
deceive, degiade, oi deslioy adveisaiy IT syslens and nelvoiks oi lhe infoinalion
and piogians iesidenl in oi liansiling lhese syslens. H.!/0 /91(,$5"5$,* is lhe use of
opeialions lo ollain infoinalion, usuaIIy cIandeslineIy and conducled vilh lhe snaII-
esl possilIe inleivenlion lhal sliII aIIovs exliaclion of lhe infoinalion soughl.
"""
These
shouId nol disluil lhe noinaI funclioning of lhe syslens. The lesl cylei expIoilalion
is one lhal a usei nevei nolices.
Cylei allacks and cylei expIoilalions aie possilIe onIy lecause @A #.#5/7#
"*) */53,0-# "0/ 8'(*/0"!(/. Mosl vuIneialiIilies exisling aie inlioduced accidenlaIIy
lhiough Jesiqn or implementotion jlows
""$
as desciiled leIov. As Iong as nalions ieIy
on IT syslens and nelvoiks as a foundalion foi niIilaiy and econonic povei, and as
Iong as lhese aie accessilIe fion lhe oulside, lhey aie al iisk of leing allacked.
113
VuIneialiIilies
%
Desciiplion
Soflvaie AppIicalions oi syslen soflvaie nay have acci-
denlaIIy oi deIileialeIy inlioduced avs lhe use of vhich
can sulveil lhe inlended puipose foi vhich lhe soflvaie
is designed.
Haidvaie VuIneialiIilies can le found in haidvaie, incIud-
ing niciopiocessois, nicioconlioIIeis, ciicuil loaids,
povei suppIies, peiipheiaIs such as piinleis oi scanneis,
sloiage devices, and connunicalions equipnenl such as
nelvoik caids. Tanpeiing vilh such conponenls nay se-
cielIy aIlei lhe inlended funclionaIily of lhe conponenl oi
piovide oppoiluni-lies lo inlioduce naIvaie.
Seans lelveen
haidvaie and sofl-
vaie
An exanpIe of such a sean nighl le lhe iepio-
giannalIe iead-onIy nenoiy of a conpulei (hinvaie)
lhal can le inpiopeiIy and cIandeslineIy iepiogianned.
111 If lhe iequiienenl foi sleaIlh is nel, lhe adveisaiy is Iess IikeIy lo lake counleineasuies lo negale lhe Ioss
of lhe exhIlialed infoinalion. In addilion, sleaIlhiness enalIes penelialion of an adveisaiys IT syslen oi
nelvoik lo iesuIl in nuIlipIe exhIlialion of inleIIigence ovei lhe couise of lhe enliie opeialion.
112 Cyleideleiience and Cyleivai, op. cil., p. xiii.
113 Souice: Heileil S. Lin, Offensive Cylei Opeialions and lhe Use of Ioice, }ouinaI of NalionaI Secuiily Lav
& IoIicy, VoI. 4, 2O1O.
Connuni ca-
lions channeIs
The connunicalions channeIs lelveen a syslen oi
nelvoik and lhe 'oulside voiId can le used ly an advei-
saiy in nany vays. An adveisaiy can pielend lo le an au-
lhoiized usei of lhe channeI, jan il, and lhus deny ils use
lo lhe adveisaiy, oi eavesdiop on lhe channeI lo ollain
infoinalion inlended ly lhe adveisaiy lo le cIassihed oi
kepl seciel.
Conhguialion Mosl syslens piovide a vaiiely of conhguialion
oplions lhal useis can sel lased on lheii ovn liadeoffs
lelveen secuiily and convenience. ecause convenience
is oflen vaIued noie lhan secuiily, nany syslens aie - in
piaclice - conhguied insecuieIy.
Useis and op-
eialois
Aulhoiized useis and opeialois of a syslen oi nel-
voik can le liicked oi lIacknaiIed inlo doing lhe lidding
of an adveisaiy, oi seII lheii seivices.
Seivice piovid-
eis
Many conpulei inslaIIalions ieIy on oulside pai-
lies lo piovide conpulei-ieIaled seivices, such as nain-
lenance oi Inleinel seivice. An adveisaiy nay le alIe lo
peisuade a seivice piovidei lo lake sone speciaI aclion
on ils lehaIf, such as inslaIIing allack soflvaie on a laigel
conpulei.
Cylei allacks and cylei expIoilalion
""&
iequiie vuIneialiIily, access lo lhal vuInei-
aliIily, and a payIoad lo le execuled. The piinaiy lechnicaI diffeience lelveen cylei
allack and cylei expIoilalion is in lhe naluie of lhe payIoad lo le execuled. A cylei
allack payIoad is desliuclive vheieas a cylei expIoilalion payIoad acquiies infoina-
lion oi inleIIigence nondesliucliveIy.
The payIoad is lhe lein used lo desciile lhe lhings lhal can le done once vuI-
neialiIily has leen expIoiled. Ioi exanpIe, if a soflvaie agenl, such as a viius, has
enleied a given IT syslen, il can le piogianned lo do nany lhings - iepioduce and
ieliansnil il, and deslioy oi aIlei hIes on lhe syslen. IayIoads can have nuIlipIe
piogiannalIe capaliIilies. Moieovei, lhe lining of aclions can aIso le vaiied, and
if a connunicalions channeI lo lhe adveisaiy is avaiIalIe, payIoads nay le ienoleIy
updaled. In sone cases, lhe iniliaIIy deIiveied payIoad consisls of nolhing noie lhan a
nechanisn foi scanning lhe syslen lo deleinine ils lechnicaI chaiacleiislics, and an-
olhei nechanisn lhiough vhich lhe adveisaiy can deIivei lhe lesl soflvaie updales
lo fuilhei lhe conpionise.
""'
Cyleispace is a viiluaI nediun, and as such fai Iess langilIe lhan Iand, sea, aii,
and space, oi lhe iadiofiequency (RI) specliun. One vay lo undeisland cyleispace
in geneiaI, and cylei expIoilalion
""(
and cylei allacks in pailicuIai, is lo viev il as
114 Snadcus in |nc C|cud. |ntcs|iga|ing Cqocr |spicnagc 2.0, }oinl Repoil: Infoinalion Waifaie Moniloi, Shad-
ovseivei Ioundalion, 6 ApiiI 2O1O.
115 Cyleideleiience and Cyleivai, op. cil., p. 67.
116 In lhe Iexicon of cyleisecuiily, 'using oi 'laking advanlage of a vuIneialiIily is oflen caIIed 'expIoiling a
vuIneialiIily. The lein 'cylei expIoilalion in an espionage conlexl is a cylei offensive aclion conducled foi
lhe puipose of ollaining infoinalion. The conlexl of usage viII usuaIIy nake cIeai vhich of lhese neanings
consisling of lhiee Iayeis: (1) lhe 16.#$%"( ("./0, (2) a #.*5"%5$% ("./0 silling alove lhe
physicaI, and (3) a #/7"*5$% ("./0 silling on lop.
"")
AII IT syslens iesl on a physicaI Iayei consisling of loxes and viies. LIecliicaI
eneigy, inlegialed ciicuils, piocessois, sloiage devices, connunicalions infiasliuc-
luies, coppei and hlei-oplic calIes, liansnilleis and ieceiveis conpiise lhe luiIding
lIocks of lhis Iayei.
""*
If lhal physicaI Iayei is ienoved, lhe IT syslen disappeais as
veII. WhiIe il is olvious lhal IT syslens can le allacked ly kinelic neans, IT syslens
cannol le deceived ly deslioying ils conponenls - aIlhough il can le lhiough sIy
sulslilulion of one conponenl foi anolhei.
Il is lhe #.*5"%5$% Iayei lhal conlains lhe insliuclions lhal designeis and useis
give lhe nachine, and lhe piolocoIs lhiough vhich nachines inleiacl vilh one anolh-
ei - device iecognilion, packel fianing, addiessing, iouling, docunenl foinalling,
dalalase nanipuIalion, elc. And lhis is lhe pIace al vhich inliusions oi hacking aie
pione lo lake pIace as hunan oulsideis seek lo asseil lheii ovn aulhoiily ovei lhal of
designeis and useis.
The lopnosl #/7"*5$% Iayei conlains lhe infoinalion lhal lhe nachine hoIds,
lhe ieason conpuleis exisl in lhe hisl pIace. Sone of lhe infoinalion, such as ad-
diess Iookup lalIes oi piinlei conlioI codes, is neanl foi syslen nanipuIalion, il is
senanlic in foin lul synlaclic in puipose. Olhei infoinalion, such as culling insliuc-
lions oi piocess-conlioI infoinalion is neanl foi conpulei-conlioIIed nachineiy. The
iesl of a syslens infoinalion is neaningfuI onIy lo peopIe lecause il is encoded in
naluiaI Ianguage. The dislinclion lelveen infoinalion and insliuclions can le inpie-
cise. Indeed, nany hacking liicks inseil insliuclions in guise of conlenl. LxanpIes in-
cIude allachnenls lhal conlain viiuses, Tiojan hoises oi voins, Iogic lonls,
""!
oveiIy
Iong addiesses lhal cieale luffei oveiovs sending lhe exlia lils inlo lhe piocessing
sliean, and velpages vilh enledded naIvaie oi code.
"$#
Il is possilIe lo allack con-
puleis soIeIy al lhe senanlic IeveI ly feeding lhe faIse infoinalion. ul foi lhe nosl
pail, onIy nachines vhose insliuclions have leen lanpeied vilh al lhe synlaclic IeveI
viII accepl faIse infoinalion.
"$"
VuIneialiIilies enalIe $*50'#$,*#. And $*50'#$,*# can Iead lo )$#0'15$,* and %,0>
0'15$,*. E$#0'15$,* lakes pIace vhen syslens aie liicked inlo peifoining opeialions
lhal nake lhen shul dovn, voik al a fiaclion of lheii capacily, connil olvious ei-
iois, oi inleifeie vilh lhe opeialion of olhei syslens. H,00'15$,* lakes pIace vhen dala
and aIgoiilhns aie changed in unaulhoiized vays, usuaIIy lo lhe deliinenl of lheii
of 'expIoil is inlended.
117 Cyleideleiience and Cyleivai, op. cil., pp. 12-17.
118 LIeclionics is lhe infiasliucluie of lhe conpulei voiId loday. Hovevei, eIeclionics aie nol innune lo
lhe fuluie: lhe possiliIily of expIoiling a lioIogicaI infiasliucluie foi conpulei puiposes has aIieady leen
pioven. The conpuleiizalion of DNA uses noIecuIai lioIogy and DNA inslead of eIeclionic conponenls.
Anolhei possiliIily is lhe conpuleiizalion of peplides: lio-noIecuIai conpuleiizalion vhich is lased on
conpounds nade of al Ieasl 2 anino acids.
119 A Iogic lonl is a piece of soflvaie inlenlionaIIy and naIiciousIy inseiled inlo a soflvaie syslen lhal viII
danage oi deslioy lhe syslens funclionaIily vhen a specihc condilion occuis (e.g. a ceilain dale oi line is
ieached) oi ly connand.
12O Ioi exanpIe, an enaiI nay puipoil lo le fion lhe InleinaI Revenue Seivice - as il aIieady happened. See:
InleinaI Revenue Seivice, Suspicious e-MaiIs and Idenlily Thefl, |RS prcss rc|casc, 13 }une 2OO8.
coiiecl funclioning. To dislinguish lelveen disiuplion and coiiuplion is nol easy.
ul a good iuIe of lhunl is lhal lhe effecls of disiuplion aie diaslic, innediale, and
olvious, vhiIe lhe effecls of coiiuplion aie sullIe, and nay Iingei on oi iecui.
"$$
Il is
ieIaliveIy easy lo leII lhal a syslen is nol voiking. Il is haidei lo leII lhal il funclions
lul geneiales viong infoinalion oi nakes lad decisions.
Inliudeis inlo IT syslens and nelvoiks can sleaI infoinalion, issue phony
connands lo IT syslens lo cause lhen lo naIfunclion, injecl coiiupled infoinalion
lo Iead nen and nachines lo ieach viong concIusions, oi lo nake lad decisions. Yel
syslen vuIneialiIilies do nol iesuIl fion innulalIe physicaI Iavs. They occui le-
cause of a gap lelveen lheoiy and piaclice. In lheoiy, a syslen shouId do onIy vhal
ils designeis and opeialois vanl il lo. In piaclice, il does exaclIy vhal ils code and
sellings leII il lo. The diffeience exisls lecause syslens aie conpIex, and gioving evei
noie so.
"$%
In aII of lhis Iies a saving giace. Liiois can le coiiecled, especiaIIy if cylei al-
lacks expose vuIneialiIilies lhal need allenlion, and lhal can le 1"5%6/). The degiee
lo and lhe leins ly vhich conpulei nelvoiks can le accessed fion lhe oulside can
le specihed. Thus, lheie is, in lhe end, no foiced enliy in cyleispace. Whoevei gels in
enleis lhiough palhvays pioduced ly lhe syslen ilseIf - vilh lhe exceplion of DeniaI
of Seivice allacks (DoS) oi Disliiluled DeniaI of Seivice allacks (DDoS), vhich cIog
lhe enliyvays lo lhe syslen, ialhei lhan gel inlo il. Hence, il is laieIy an exaggeialion
lo say lhal aII oiganizalions aie vuIneialIe lo cylei allacks lo lhe exlenl lhey vanl lo
le.
"$&
In no olhei donain of vaifaie is lhis lhe case.
Cylei allacks can le Iaunched fion oulside lhe nelvoik, using hackeis, oi
fion lhe inside, using agenls and iogue conponenls. LxleinaI hacking is lhe exenpIa-
iy and ly fai lhe nosl connon palh lhal a slale vouId lake, pailicuIaiIy if going aflei
civiIian laigels. ul aIso lhe ained foices and inleIIigence agencies vilh syslens lhal
aie geneiaIIy lellei piolecled cannol conpIeleIy ignoie insidei allacks, foi exanpIe,
ly disgiunlIed enpIoyees.
Al lhe #.*5"%5$% Iayei, vheie hacking lends lo lake pIace, cyleispace is hedged
vilh aulhoiilies. A peison vho ovns a conpulei can noinaIIy do vilh il vhalevei
he vanls. Ioi lhe nosl pail lhe usei shouId expecl lo ielain fuII conlioI ovei lhe con-
pulei, even vhen il is exposed lo olheis via nelvoiking. Conpuleis in an enleipiise
selling lend lo cone undei conlioI ly #.#5/7# ")7$*$#50"5,0#, and pails of such sys-
lens aie cIosed lo neie useis. To hack a conpulei is lo vioIale lhese aulhoiilies. A
hackei nay send a usei a iogue enaiI oi Iuie a usei lo a iogue sile fion vhich lad
code is dovnIoaded. Sone lypes of code sleaI infoinalion on such nachines. Olhei
lypes peinil lhe hackei lo issue sulsequenl connands lo nachines, lheiely 'ovning
lhen foi naIicious puiposes.
Hackeis can aIso enlei enleipiise syslens ly Iinking lo lhen and successfuIIy
122 Ilid., pp. 15-16.
123 Ilid., p. xiv.
124 Ilid., p. xiv.
nasqueiading as Iegilinale useis vilh lhe iighls and piiviIeges of any olhei usei. In
sone cases, hackeis go fuilhei: fooIing lhe syslen inlo lhinking lhey have lhe piivi-
Ieges of #.#5/7# ")7$*$#50"5,0#. As such, a hackei can aililiaiiIy change neaiIy eveiy-
lhing aloul a syslen, nol Ieasl lhe piiviIeges olhei useis enjoy. Once hackeis have
voined lheii vay inlo a syslen and appiopiialed enough piiviIeges, lhey can peipe-
liale nany addilionaI foins of nischief.
"$'
Hackeis inlenl on causing Ialei nischief of-
len faciIilale lheii effoils ly diopping spyvaie,
"$(
iogue conpulei code, lackdoois,
"$)

Tiojan hoises,
"$*
and Iogic lonls inlo syslens foi Ialei use. Whal can le leined in-
pIanls oflen Iie doinanl, onIy lo le aclivaled eilhei ly evenls on lhe laigel nachine oi
ly diiecl connand fion lhe hackei. Once aclivaled, lhese line lonls vouId enalIe
an aggiessoi lo iapidIy lake conlioI of a laigeled syslen lefoie lhe viclin has lecone
avaie of eilhei lhe inliudei oi lhe inhIlialion.
"$!
In sone cases, inpIanls opeiale au-
lononousIy, seaiching foi conpuleis on lhe nelvoik lhal Iack such inpIanls, and
naking suie lhey do nol Iack foi Iong. RegaidIess of vhal lhe hackei inlends lo do, lhe
hisl and oflen lhe nosl difhcuIl slep, is gelling inside. Ioi lhis ieason, lhe eaiIy phases
of Conpulei Nelvoik LxpIoilalion Iook lhe sane as lhe eaiIy phases of Conpulei
Nelvoik Allack. As a coioIIaiy, lhose vilh lhe lesl capaliIily lo gel inside anolhei
syslen lend lo le lesl quaIihed lo caiiy oul Conpulei Nelvoik Allack.
125 Apail fion vhal can le ollained fion lhe Inleinel, lheie exisls a Iaige anounl of pulIished naleiiaI aloul
conpulei hacking. Ioi lhe noie popuIai anong lhese see: }on Liickson, Hac|ing. |nc Ar| cf |xp|ci|a|icn, 2
nd

ed., San Iiancisco. No Slaich Iiess, 2OO8, and: Sluail McCIuie, }oeI Scanliay & Ceoige Kuilz, Hac|ing |x-
pcscd. Nc|ucr| Sccuri|q Sccrc|s and Sc|u|icns, 5
lh
ed., Nev Yoik, McCiav-HiII Osloine Media, 2OO5.
126 Ialiicia MoIoney IigIioIa, Spquarc. 8ac|grcund and Pc|icq |ssucs fcr Ccngrcss, Washinglon D.C., CRS Repoil
foi Congiess, CongiessionaI Reseaich Seivice, 7-57OO, RL327O6, 9 Decenlei 2OO9.
127 A lackdooi in a conpulei syslen (oi ciyplosyslen oi aIgoiilhn) is a nelhod of lypassing noinaI aulhen-
licalion, secuiing ienole access lo a conpulei, ollaining access lo pIainlexl, vhiIe allenpling lo ienain
undelecled.
128 A Tiojan hoise is soflvaie lhal appeais lo peifoin a desiialIe funclion foi lhe usei piioi lo iun oi inslaII,
lul sleaIs infoinalion oi hains lhe syslen.
129 On Cqocr larfarc, op. cil, p. 9.
Common Categories and Methods of Cyber
Attack
130

!""#$% &'($)*+"*,-
&'-*#./,0/1')2*$' !""#$%(
IIooding
Sending exlianeous dala oi iepIies lo lIock
a hosl seivice
Synchionize/iesel ooding
LxpIoiling Iiniled cache in II slack lo lIock
conneclions
Snuihng
Using lhe II lioadcasl syslen and II
spoohng lo nuIlipIy oods
Oul of land/fiagnenl allacks
LxpIoiling vuIneialiIilies in II slack keineI
inpIenenlalions
Nuking
Using foiged nessages lo iesel aclive con-
neclions
Specihc deniaI of seivice
Ceneialing iequesls lhal lIock one specihc
vuIneialIe seivice
4#.*$*,5( 1,0"6#)' !""#$%(
ackdooi
Iiogian fealuie aIIoving ienole execu-
lion of aililiaiy connands
Woin
Iiogian lhal spavns and spieads copies
of ilseIf
Viius
Code lhal seIf-iepioduces in exisling appIi-
calions
Tiojan
Iiogian-in-a-piogian lhal execules aili-
liaiy connands
LxpIoiling VuIneialiIilies
Access peinissions
LxpIoiling iead oi viile access lo syslen
hIes
iule foice
Tiying defauIl oi veak Iogin/passvoid
conlinalions
Oveiov
Wiiling aililiaiy code lehind lhe end of a
luffei and execuling il
Race condilions
LxpIoiling lenpoiaiy, insecuie condilions
in piogian
78 8#$%'" 4#-*+5.#"*,-
13O Souice: Ankil Iadia, Nc|ucr| Sccuri|q. A Hac|crs Pcrspcc|itc, Cincinnali, Iieniei Iiess, 2OO3, pp. 165-23O.
Ioil spoohng
Using connonIy used souice poils (enliy
poinls) lo avoid hIleiing iuIes
Tiny fiagnenls
Using snaII packels lo lypass hievaII pio-
locoI/poil/size checks
Iind II spoohng
Changing souice II lo access passvoid
seivices vilhoul a passvoid
Nane-seivei ID snoohng
Iind spoohng vilh caIcuIaled faIse ID
nunleis nane-seivei-caches
Sequence-nunlei guessing
CaIcuIaling TCI sequence/acknovIedge
nunlei lo spoof a liusled hosl
Renole-session hijacking
Using spoohng lo inleicepl and iediiecl
conneclions
7-(*9') !""#$%
ackdooi daenons Opening a poil foi fuilhei ienole access
Log nanipuIalion
Renoving liaces of allacks and unaulhoi-
ized access
CIoaking
RepIacing syslen hIes lo hide unaulhoi-
ized access
Snifhng
Moniloiing nelvoik dala lo hnd sensilive
dala (e.g. passvoids)
NonlIind spoohng
Moniloiing nelvoik lo hijack aclive oi lo
nake foiged conneclions
UnIike nucIeai oi olhei veapons of nass desliuclion, cylei veapons and
cylei allacks iequiie Iess infia-sliucluie, and no iesliicled naleiiaIs oi knovIedge
vhich is in shoil suppIy. Cylei veapons have lecone easiei lo ollain and lo use,
nuch noie poveifuI, and evei noie sophislicaled. olnels,
131
foi inslance, vhich aie
used foi Iaunching Disliiluled DeniaI of Seivice Allacks (DDoS), aie conpiised of
advanced ienole expIoilalion capaliIilies vilhin as nany conpuleis as a hackei can
conpionise aII ovei lhe voiId. These piogians, noslIy veII disguised, have seveiaI
advanced capaliIilies. The chaiacleiislics of lhe 'Sloin voin, foi exanpIe, a Tiojan
hoise spiead lhiough enaiI, incIude seIf noiphing - il changes code lo evade anli-
viius, seIf defending - if you liy lo deIele il copies ilseIf, seIf iepIicaling - il idenlihes
and infecls olhei conpuleis, seIf enciypling - il can enciypl and deciypl ilseIf lo eIude
signaluie deleclion, and seIf cIoaking - il changes ils connunicalions palh lo inhilil
liacking. The vasl Sloin lolnel hisl delecled in 2OO7, iunning on anylhing fion 2O lo
115 niIIion conpuleis, has incieased ils capacily conslanlIy as noie and noie con-
131 A lolnel (io:," -'"voik) iefeis lo nuIlipIe conpuleis infecled vilh ienole-conlioIIed soflvaie lhal aIIovs a singIe hack-
ei lo iun aulonaled piogians on lhe lolnel lehind lhe useis lack. The ienole-conlioIIed soflvaie oi ioolkil is cIandes-
lineIy inslaIIed in each conpulei, hiding ils piesence and liacks, naking deleclion difhcuIl. The hackei can use lhe lolnel
foi nany puiposes: disliiluling span, spieading Tiojan hoises, peipelualing phishing scans, oi galheiing infoinalion
foi idenlily lhefl oi fiaud, elc.
puleis have lecone conpionised. 2O1O sav a shaip escaIalion in lhe scaIe, fiequency,
and seveiily of DDoS allack aclivily on lhe Inleinel. Ioi lhe hisl line an allack of 1OO
Clps landvidlh vas iepoiled.
132
Thal iepiesenls a dianalic escaIalion in lhe anounl
of infoinalion lhal is piIed up on a nelvoik in oidei lo shul il dovn. Ovei 5O peicenl
of lhe olseived Inleinel allack liafhc in lhe Iasl quailei of 2O1O oiiginaled fion 1O
counliies, vilh lhe US, Russia, and China accounling foi 3O peicenl. The gIolaI avei-
age Inleinel conneclion speed is nov aloul 2 Mlps. Theiefoie, lo deIivei a 1OO Clps
allack vouId lake sone 7,OOO lo 5O,OOO lols. The Dulch poIice found a 1.5 niIIion-
node lolnel.
133
Lslinales suggesl lhal lhe lolnel can geneiale noie insliuclions pei
second lhan nany of lhe voiIds lop supeiconpuleis. Wilh so nuch povei, allacks
can le Iaunched vilh devaslaling consequences.
134

Classes of Attack
135

!""#$% &'($)*+"*,-
Iassive
Iassive allacks incIude anaIyzing
liafhc, noniloiing unpiolecled connu-
nicalions, deciypling veakIy enciypled
liafhc, and capluiing aulhenlicalion in-
foinalion (e.g., passvoids). Iassive in-
leicepl of nelvoik opeialions can give
adveisaiies indicalion and vainings of
inpending aclions. Iassive allacks can
iesuIl in discIosuie of infoinalion oi
dala hIes lo an allackei vilhoul lhe con-
senl oi knovIedge of lhe usei. LxanpIes
incIude lhe discIosuie of peisonaI infoi-
nalion such as ciedil caid nunleis and
nedicaI hIes.
132 Ailoi Nelvoiks, |nfras|ruc|urc Sccuri|q Rcpcr| 2010, 1 Ieliuaiy 2O11, al hllp://vvv.ailoinelvoiks.con/iepoil
133 Akanai Slale of lhe Inleinel 2O1O.
134 Kevin CoIenan, Cqocr larfarc Dcc|rinc. Addrcssing |nc ncs| signijcan| |nrca| cf |nc 21s| ccn|urq, McMuiiay, The TechnoIylics
Inslilule, AnaIysis, 6 }anuaiy 2OO8, p. 4.
135 Souice: Infoinalion Assuiance TechnicaI Ioiun, Dcfcnsc in Dcp|n, Washinglon D.C., CIO, 2OO2, p. 5.
Aclive
Aclive allacks incIude allenpls
lo ciicunvenl oi lieak pioleclion fea-
luies, inlioduce naIicious code, oi sleaI
oi nodify infoinalion. These allacks
nay le nounled againsl a nelvoik
lacklone, expIoil infoinalion in liansil,
eIeclionicaIIy peneliale an encIave, oi
allack an aulhoiized ienole usei duiing
an allenpl lo connecl lo an encIave. Ac-
live allacks can iesuIl in lhe discIosuie
oi disseninalion of dala hIes, deniaI of
seivice, oi nodihcalion of dala.
CIose-in
CIose-in allack consisls of a iegu-
Iai individuaIs allaining cIose physicaI
pioxinily lo nelvoiks, syslens, oi faciI-
ilies foi lhe puipose of nodifying, galh-
eiing, oi denying access lo infoinalion.
CIose physicaI pioxinily is achieved
lhiough suiieplilious enliy, open access,
oi lolh.
Insidei
Insidei allacks can le naIicious
oi nonnaIicious. MaIicious insideis in-
lenlionaIIy eavesdiop, sleaI, oi danage
infoinalion, use infoinalion in a fiaud-
uIenl nannei, oi deny access lo olhei
aulhoiized useis. NonnaIicious allacks
lypicaIIy iesuIl fion caieIessness, Iack
of knovIedge, oi inlenlionaI ciicunven-
lion of secuiily foi such ieasons as gel-
ling lhe jol done.
Disliilulion
Disliilulion allacks focus on lhe
naIicious nodihcalion of haidvaie oi
soflvaie al lhe facloiy oi duiing dislii-
lulion. These allacks can inlioduce na-
Iicious code, such as a lackdooi, inlo a
pioducl lo gain unaulhoiized access lo
infoinalion oi a syslen funclion al a
Ialei dale.
Slandaid Cylei Allack Iiocess, accoiding lo TechnoIylics, 2OO9.
Viruses and Worms
Theie aie conpulei 8$0'#/# and 3,07#. Viiuses aie hainfuI soflvaie piogians
secielIy inlioduced inlo an IT syslen vilh lhe chaiacleiislic fealuie of leing alIe lo
geneiale and disliilule nuIlipIe copies of il, lheiely spieading lhioughoul lhe sys-
len. Viiuses piggylack on piogians aIieady iesidenl in a conpulei. Lach viius has a
desliuclive payIoad lhal is aclivaled undei ceilain condilions. When aclivaled, a viius
can coiiupl, aIlei, oi deslioy dala, geneiale logus liansaclions, and even liansfei in-
foinalion.
"%(
Woins aie piogians in lheii ovn iighl, vhich hide vilhin a conpulei
and sleaIlhiIy piopagale lhenseIves onlo olhei nachines. Viiuses do nol spiead on
lhe nelvoik, voins do, and a viius can le lheii payIoad. Moieovei, so-caIIed poIy-
noiphic and nelanoiphic naIvaie can aulonalicaIIy nulale in an allenpl lo avoid
deleclion ly anli-viius lechnoIogy.
"%)
Other Software which enables Exploitation of
Vulnerabilities
Theie aie nany olhei lypes of soflvaie veapons enalIing soflvaie vuIneialiI-
ily expIoilalion, such as infoinalion lIockades, ioolkils,
"%*
naIicious enledded code,
keyIoggeis,
"%!
II spoohng,
"&#
Iogic lonls, snifhng, spanning, lackdoois,
"&"
and vid-
eo noiphing. Theie aie aIso duaI-use lechnoIogies Iike poil vuIneialiIily scanneis
and nelvoik noniloiing looIs. Nev lypes of veapons aie leing deveIoped al a iapid
pace and exisling veapons aie noiphing.
"&$
Il is a safe piediclion lhal cylei veapons
aie leconing uliquilous.
One of lhe noie peisislenl lhieals of 2O1O vas fake anli-viius, aIso connonIy
knovn as scaievaie oi ioguevaie. Ovei haIf a niIIion fake anli-viius soflvaie vaii-
anls have leen encounleied in 2O1O. In lhis videspiead piaclice, soflvaie is inveigIed
inlo a viclins conpulei syslen, cIoseIy iesenlIing - and in sone cases diieclIy in-
peisonaling - genuine secuiily soIulions. The usei ieceives a vaining lhal his syslen
is infecled vilh sone nasly naIvaie and foiced lo pay foi a 'fuII veision of lhe sofl-
vaie lo ienove lhe lhieal. Of couise, paying noney lo lhe lad guys does nol piovide
any pioleclion. In nany cases lheie is no ieaI dangei, lul in sone cases lhey aie ac-
136 Depailnenl of Cylei Defense - An oiganizalion vhos line has cone!, McMuiiay, |ccnnc|q|ics, Novenlei
2OO7, p. 2.
137 Think Youi Anli-Viius Soflvaie Is Woiking` Think Again, |uncnsicn, ScollsdaIe, Maich 2O11, p.2.
138 A ioolkil is soflvaie lhal enalIes conlinued piiviIeged access lo a conpulei vhiIe acliveIy hiding ils pies-
ence fion adninislialois ly sulveiling slandaid opeialing syslens funclionaIily oi olhei appIicalions.
139 Keyslioke Iogging, oi key Iogging, is lhe aclion of liacking lhe keys sliuck on a keyloaid, lypicaIIy in a
coveil nannei so lhal lhe peison using lhe keyloaid is unavaie lhal his aclions aie leing noniloied. Theie
aie nuneious nelhods, ianging fion haidvaie and soflvaie-lased appioaches lo eIeclionagnelic and
acouslic anaIysis.
14O II spoohng iefeis lo lhe ciealion of Inleinel IiolocoI (II) packels vilh a foiged souice II addiess, caIIed
spoohng, vilh lhe puipose of conceaIing lhe idenlily of lhe sendei oi inpeisonaling anolhei conpulei sys-
len.
141 A lackdooi in a conpulei (oi ciyplosyslen oi aIgoiilhn) is a nelhod of lypassing noinaI aulhenlicalion,
secuiing ienole access lo a conpulei, ollaining access lo pIain lexl, and so on, vhiIe allenpling lo ienain
undelecled.
142 Cylei Waifaie Docliine, op. cil., p. 3.
luaIIy inslaIIing addilionaI naIvaie.
"&%
The seaich engine is lhe galevay lo lhe vel,
and cylei ciooks aie skiIIed al nanipuIaling seaich iesuIls fion lhe engines such as
CoogIe, ing, and Yahoo! lo Iuie viclins lo lheii naIicious pages. These pages hosl
secuiily iisks and liovsei expIoils jusl vailing lo infecl useis vho aie diiecled lo
lhese siles.
Social Networking Tools
Al lhe leginning of 2O12, Q"%/!,,- iecoided 8OO niIIion useis, naking il nol
onIy lhe Iaigesl sociaI nelvoiking sile, lul aIso one of lhe nosl popuIai deslinalions
on lhe vel. IeopIe use lhe Inleinel diffeienlIy lecause of sociaI nelvoiking. Young
peopIe aie Iess IikeIy lo use enaiI, and noie apl lo connunicale lhiough Q"%/!,,-2
A3$55/02 R$*-/)@*2 E$++2 ;.<1"%/2 S,'A'!/, and olheis. UnsuipiisingIy, scanneis and
naIvaie puiveyois laigeled lhis nassive and connilled usei lase, vilh diveise and
sleadiIy gioving of allacks lhioughoul 2O1O.
"&&

ul as ve have seen peopIe aiound lhe voiId chaIIenging aulocialic aulhoii-
lies via lhe eRevoIulion, fion Iian lo Tunisia, Lgypl lo ahiain, Yenen, and Syiia,
lhese sociaI nedia neans have lecone lhe nev veapons of 7"## 7,!$($K"5$,*. To si-
Ience lhese dissidenls, lhe Lgyplian iegine nade a nove Iiiday 28 }anuaiy 2O11 lhal
has fev piecedenls: il luined off lhe Inleinel nalionvide, lhe hisl Inleinel lIackoul
of such nagnilude in lhe hisloiy of lhe Inleinel. A goveinnenls aliIily lo conlioI lhe
Inleinel depends on ils %,*50,( ,4 @*5/0*/5 </08$%/ L0,8$)/0# (ISIs): lhe piivale secloi
conpanies lhal gianl Inleinel access lo cusloneis. So vhal happens in any counliy
depends on lhe conlioI lhal lhe slale has ovei lhose ISIs. Sone counliies ieguIale
lhe ISIs nuch noie heaviIy. China has in lhe pasl luined off lhe Inleinel in vaiious
iegions.
"&'
ecause IandIine connunicalion vas nevei lIocked, Lgyplians found an-
olhei vay lo access lhe Inleinel lhiough diaI-up Inleinel and fax seivices. They used
OplicaI Chaiaclei Recognilion lechnoIogies lo conveil lhe fax inage inlo lexl conlenls,
and posl lhe conlenls, nevs and updales inlo Iacelook, Tvillei, and olhei lypes of
lIogs. CoogIe, in lhe neanline, Iaunched a nev seivice caIIed speak2lveel, vhich
aIIoved Lgyplians lo caII a ieguIai IandIine nunlei in Caiio and speak lheii lveel
lo an IVR/Voice iecognilion syslen. The speak2lveel syslen vouId lhen conveil lhe
caIIei voice nessage inlo a lexl lveel.
Resloiing lack lhe Inleinel, hovevei, seened lo have lackhied. Lgyplians
nov veie alIe lo upIoad on Iacelook and YouTule sone of lhe picluies and video
cIips shoving lhe nassacies conducled ly lhe cenliaI poIice foices and lhugs on ci-
viIians in lhe eaiIy days of piolesls: Iive luIIels hied ly snipeis, peopIe iun ovei ly
cais, olheis lealen lo dealh, and nany olhei aliocilies. These sociaI nelvoik agenls of
change heIped lhe Aial civiIizalion achieve vhal lhey couId nol do foi decades in jusl
143 Sophos secuiily lhieal iepoil 2O11, p. 5.
144 Ilid., p. 7.
145 NepaI and uina have done lhis in 2OO5 and 2OO7. In 2O11, AIgeiia, Moiocco, Tunisia, Lilya, Syiia, and ah-
iain have done lhis pailiaIIy, vilh iiieguIai nalionvide oulages Iasling fion a fev ninules lo seveiaI houis
oi a fev days.
a fev days oi veeks. Ioi a change, lhe Inleinel is appIauded foi ils povei lo inuence
and change hisloiy foi lhe lellei.
On lhe veiy day lhe Lgyplian goveinnenl shul dovn lhe counliys 4 ISIs,
lvo US Senalois ieinlioduced IegisIalion vhich, if passed, vouId gianl lhe Iiesidenl
lhe povei lo do essenliaIIy lhe sane in lhe US. The so-caIIed kiII svilch liII vas
appioved ly lhe Senales HoneIand Secuiily and CoveinnenlaI Affaiis Connillee
lack in Decenlei 2O1O, lul expiied once lhe nev Congiess assuned povei a fev
veeks Ialei. Senaloi CoIIins, vho seived as lhe RepulIican ianking nenlei of lhe
Connillee, said lhe IegisIalion vouId nol aIIov lhe Iiesidenl lo acluaIIy 'kiII lhe In-
leinel, lul vouId sinpIy give hin lhe aliIily lo shul dovn %0$5$%"( $*40"#50'%5'0/ in
lhe evenl of a seiious cylei allack on lhe counliy. Iiisl lilIed Iiolecling Cyleispace
as a NalionaI Assel Acl of 2O1O and lhen lhe Cyleisecuiily and Inleinel Iieedon
Acl of 2O11, lhe liII, vhich had lipailisan suppoil, conlains noie lhan jusl lhe piovi-
sion foi a kiII svilch. Il vouId eslalIish a While House Ofhce of Cyleispace IoIicy,
lasked vilh oveisighl ovei aII insliunenls of nalionaI povei ieIaling lo ensuiing lhe
secuiily and iesiIiency of cyleispace and vilh lhe enfoicenenl of secuiily slandaids
lo le deveIoped ly lhe NalionaI Inslilule of Slandaids and TechnoIogy (NIST) acioss
pulIic and piivale-secloi ciilicaI infiasliucluie syslens. Il vouId aIso eslalIish a
NalionaI Cenlei foi Cyleisecuiily and Connunicalions in lhe Depailnenl of Hone-
Iand Secuiily lo oveisee lhe US Conpulei Lneigency Response Tean.
"&(

eyond lhe IegaIilies and poIilics of diaslic aclion, il is voilh asking vhelhei
lhe lype of Inleinel shuldovn seen in Lgypl is even possilIe in lhe US. Il seens unIike-
Iy lhal lhe goveinnenl couId cov lhe noie lhan 2,OOO ISIs opeialing in lhe counliy lo
a shuldovn al once. Il vouId hisl piolalIy focus on Tiei 1 ISIs - lhose lhal piovide
Inleinel access lo olhei ISIs, and vhose disiuplion vouId have lhe liggesl ianihca-
lions. Anolhei possiliIily vouId le lo shuldovn najoi Inleinel exchange poinls, oi
'caiiiei holeIs, lhal exisl aiound lhe counliy. Yel anolhei vouId le lo go aflei najoi
viieIess piovideis. ul liinging lhen aII lo a scieeching haIl vouId nol onIy danage
lhe nelvoiks. Il vouId aIso danage aII pulIic safely effoils, vhich ieIy on lhe Inleinel
in lhe evenl of an eneigency oi naluiaI disaslei.
"&)

Cloud Computing
Lvei giealei anounls of sensilive dala aie sloied, accessed, and nanipuIal-
ed in dalalases connecled lo conpany velsiles as lusinesses incieasingIy inleiacl
vilh lheii cusloneis lhiough lhe Inleinel. H(,') %,71'5$*+ is a nodeI foi enalIing
convenienl, on-denand nelvoik access lo a shaied pooI of conhguialIe conpuling
iesouices (e.g. nelvoiks, seiveis, sloiage, appIicalions, and seivices) lhal can le iap-
idIy piovisioned and ieIeased vilh nininaI nanagenenl effoil oi seivice piovidei
146 }onalhan Zilliain & MoIIy Saulei, WiII lhe US gel an Inleinel kiII svilch`, Tccnnc|cgq Rcticu, pulIished
ly MIT. 4 Maich 2O11.
147 Lvan HaIpeiin, The KiII Svilch iII: Whal il neans lo hisl iespondeis and pulIic safely, |npu| Dc||c|
|nfcrna|icn Sc|u|icns, 22 Ieliuaiy 2O11.
inleiaclion.
"&*
CIoud conpuling fiees up ludgel foi conpanies hand-cuffed ly IT
expenses. Inslead of puichasing addilionaI soflvaie Iicenses and haidvaie foi nev
enpIoyees and Iocalions, lusinesses can sinpIy open nev enpIoyee accounls vilh
piovideis of lheii cIoud-lased seivices lo expand conpuling capacily. ul cIoud con-
puling aIso opens up a fuII specliun of dangeis lhal iequiie addilionaI pioleclion
and inveslnenl in expeil syslens lo iapidIy and accuialeIy spol, anaIyze, and cIassify
nevIy eneiging lhieals.
"&!

Compromised Hardware
WhiIe nosl conpulei secuiily effoils have leen focused on soflvaie, lan-
peiing vilh 6"0)3"0/ %$0%'$50. is anounling lo an equaIIy dangeious lhieal. Thal is
lecause nodein conpulei chips ioulineIy conpiise hundieds of niIIions, oi even
liIIions, of liansislois. The incieasing conpIexily neans lhal sullIe nodihcalions in
nanufacluiing oi in lhe design of chips aie viiluaIIy inpossilIe lo delecl. Conpio-
nised haidvaie is, aInosl IileiaIIy, a line lonl. MaIiciousIy lanpeied inlegialed
ciicuils cannol le palched. They aie lhe uIlinale sIeepei ceII.
"'#

Tiojan hoises hidden in equipnenl ciicuiliy aie anong lhe nosl seveie lhieals
nalions face in lhe evenl of vai in vhich connunicalions and veaponiy ieIy on con-
pulei lechnoIogy. As advanced syslens Iike aiiciafl, nissiIes, and iadais have lecone
dependenl on lheii conpuling capaliIilies, lhe speclei of sulveision causing veap-
ons lo faiI in lines of ciisis, oi secielIy coiiupling ciuciaI dala, has cone lo haunl
niIilaiy pIanneis. The piolIen has giovn noie seveie as nosl US seniconducloi
nanufacluiing pIanls have noved offshoie. Lvei since, counleifeil conpulei haid-
vaie, IaigeIy nanufacluied in Asian facloiies, is vieved as a signihcanl piolIen.
This, so nuch so, lhal lhe Ienlagon is nov ieslailing ils ovn liansisloi pioduclion.
Directed Energy Weapons
And lheie aie lhe )$0/%5/) /*/0+. 3/"1,*# (DLWs), a cIass of veapons capalIe
of disalIing eneny IT syslens vilhoul lhe use of expIosives. These incIude 6$+6 /*>
/0+. 7$%0,3"8/# (HLMs), 6$+6 1,3/0 7$%0,3"8/ (HIWs), and 50"*#$/*5 /(/%50,7"+*/5$%
)/8$%/# (TLDs). This cIass of veapons, in lhe aisenaIs of lhe US, Russia, China, IsiaeI,
and a nunlei of olhei high-lech counliies, opeiales ly using puIses oi leans of eIec-
lionagnelic eneigy lo fiy, neIl, disiupl oi deslioy eIeclionic ciicuils and conponenls
148 Dehnilion pioposed ly lhe US NalionaI Inslilule foi Slandaids and TechnoIogy (NIST) in 2OO9. Theie aie
4 seivice nodeIs foi cIoud conpuling: (1) Soflvaie as a Seivice, vheie appIicalions aie hosled and deIiv-
eied onIine via a vel liovsei offeiing liadilionaI desklop funclionaIily, (2) IIalfoin as a Seivice, vheie
lhe cIoud piovides lhe soflvaie pIalfoin foi syslens, (3) Infiasliucluie as a Seivice, vheie a sel of viiluaI-
ized conpuling iesouices, such as sloiage and conpuling capacily, aie hosled in lhe cIoud, and cusloneis
depIoy and iun lheii ovn soflvaie slacks lo ollain seivices, and (4) Haidvaie as a Seivice, vheie lhe cIoud
piovides access lo dedicaled hinvaie via lhe Inleinel. See: The CIoud - Undeislanding lhe Secuiily, Iii-
vacy and Tiusl ChaIIenges, RAND |urcpc Tccnnica| Rcpcr|, 2O11.
149 ienl Diiks, ASIS Session Lxanines CIoud Conpuling, Oppoilunilies, Dangeis, 21 Oclolei 2O1O. And: Ail
Cioss, The dangeis of cIoud conpuling, Lnlegialion, Inc., 17 }une 2O1O.
15O }ohn Maikoff, Cyleivai: OId Tiick Thiealens lhe Nevesl Weapons, Ncu Ycr| Tincs, 26 Oclolei 2OO9.
in a conpulei, nissiIe, lank, oi any snail veapon lhal has nol leen piopeiIy haid-
ened againsl such allacks.
Peripheries of IT Systems
Moieovei, lheie aie lhe 1/0$16/0$/# ,4 @A #.#5/7# lhal conlain usei equipnenl,
vhose funclions and paianeleis aie eslalIished ly useis, vhich aie vuIneialIe lo
expIoilalion. If nol aii-gapped
"'"
oi piolecled via consislenl enciyplion, usei syslens
and piiviIeges can le laken ovei lhiough passvoid ciacking, phishing,
"'$
sociaI engi-
neeiing, dovnIoads fion lad velsiles, oi use of lad nedia such as coiiupled lhunl
oi zip diives,
"'%
elc. Il is a facl lhal lhe secuiily of lhe peiipheiy as a vhoIe is oflen nol
lellei lhan lhe secuiily of lhe nosl feckIess usei. OveiaII, aII lhese vuIneialiIilies sel
lhe slage foi cyleivaifaie.
Additional Vulnerabilities
Cyleispace is highIy vuIneialIe lo disiuplions foi anolhei ieason: Moie lhan
95 peicenl of Inleinel liafhc, incIuding hnanciaI, liade, and olhei liansaclions, ovs
lhiough $*5/0*"5$,*"( '*)/0#/" %"!(/#, lhe disiuplion of vhich vouId effecliveIy cIose
lhe nelvoik dovn, and foi vhich no anounl of saleIIiles vouId le an effeclive sul-
slilule.
"'&
These hlei-oplic calIes, vhich aie concenlialed in seveiaI choke-poinls,
can le danaged ly eveiylhing fion hshing equipnenl and anchois lo eailhquakes
and naIicious aclivily.
"''
Any najoi Ioss of calIe vouId le calasliophic foi lhe gIolaI
econony since lheie aie no lackup pIans. Coveinnenls need lo lake sleps lo piolecl
lhese vuIneialiIilies. Ioi exanpIe, agieeing lo open up nev calIe ioules lo avoid lhe
choke-poinls lhal aie iisky, and luiIding sone geogiaphic diveisily inlo lhe syslen,
eIininaling luieaucialic olslacIes lhal can deIay iepaii ships seeking lo voik in an-
olhei counliys leiiiloiiaI valeis, voiking vilh lhe piivale secloi lo sel up a nev
goveinance nechanisn foi undeisea calIes, lhus ensuiing lhal necessaiy slalislicaI
infoinalion on oulages is shaied innedialeIy vilh lhe ieIevanl pailies, and conducl-
ing joinl eneigency iesponse exeicises. Wilhoul such neasuies cylei secuiily viII
ienain an eIusive goaI, and lhe voiId econony viII ienain al iisk.
151 IhysicaIIy conpIeleIy sepaialed fion lhe Inleinel.
152 Ihishing is lhe ciininaIIy fiauduIenl piocess of allenpling lo acquiie sensilive infoinalion such as usei-
nanes, passvoids, ciedil caid oi lank accounl delaiIs ly nasqueiading as a liuslvoilhy enlily, oflen con-
lining an unsoIicilaled enaiI (span) and an iIIegaI velsile (oi a sinpIe page) vilh lhe sane 'Iook and feeI
as a Iegilinale sile.
153 One exanpIe of vhal a coiiupled lhunl diive can do occuiied in 2OO8 vhen highIy cIassihed US Depail-
nenl of Defense nelvoiks veie infecled ly an unknovn adveisaiy lhal pIaced naIicious code on US
lhunl diives and lhen dispeised lhen in paiking Iols neai sensilive nalionaI secuiily faciIilies. Aflei a cuii-
ous hndei inseiled lhe diives inlo conpuleis, lhe code spiead acioss DoD nelvoiks. See: Ienlagon cylei
secuiily ioIe expands, Oxfcrd Ana|q|ica. G|coa| S|ra|cgic Ana|qsis, 2 }uIy 2O1O.
154 The lolaI caiiying capacily of sulnaiine calIes is in lhe leialils pei second vhiIe saleIIiles lypicaIIy offei
onIy negalils pei second and dispIay highei Ialency. Hovevei, a lypicaI nuIli-leialil liansoceanic sulna-
iine calIe syslen cosls seveiaI hundied niIIion doIIais lo consliucl.
155 Theie veie 5O incidenls iecoided in lhe AlIanlic Ocean in 2OO7 aIone. As a iesuIl of lhe calIes cul nuIlipIe
lines 5 niIes off lhe Lgyplian coasl, neai AIexandiia in eaiIy 2OO8, Inleinel and conneiciaI liafhc slaIIed
in al Ieasl 1O MiddIe Laslein and Soulh Asian counliies. Moie lhan 8O niIIion Wel useis in India, Iakislan,
Lgypl and Saudi Aialia had conneclion piolIens.
Tvo gIolaI liends vilhin lhe infoinalion and connunicalions lechnoIogy en-
viionnenl, vhiIe pioviding giealei efhciency and lellei seivices lo useis, viII onIy
inciease vuIneialiIilies and lhe consequences of secuiily faiIuies. The hisl is */53,0-
%,*8/0+/*%/: lhe neiging of dislincl voice and dala lechnoIogies lo a poinl vheie aII
connunicalions - foi exanpIe, voice, facsiniIe, video, inslanl nessaging, conpuleis,
conlioI of ciilicaI infiasliucluie, and lhe Inleinel - aie lianspoiled ovei a connon
nelvoik sliucluie, vhich viII cone lo conpIelion vilhin lhe nexl hve yeais. This
conveigence anpIihes lhe oppoilunily foi, and lhe consequences of, disiuplive cylei
allacks and unfoieseen secondaiy oi leiliaiy effecls on olhei pails of lhe ciilicaI infia-
sliucluie. The second is %6"**/( %,*#,($)"5$,*: lhe concenlialion of dala capluied on
individuaI useis ly seivice piovideis lhiough enaiIs oi inslanl nessaging, Inleinel
seaich engines, Wel 2.O sociaI nelvoiking neans, and geogiaphic Iocalion of noliIe
seivice sulsciileis, vhich incieases lhe polenliaI and consequences foi expIoilalion of
peisonaI dala ly naIicious aclois.
The incieased inleiconneclion of infoinalion syslens and dala inheienl in
lhese liends pose lhieals lo @*4,07"5$,* G##'0"*%/,
"'(
vhich conpiises 5 essenliaI cii-
leiia foi lhe pioleclion of infoinalion and lhe ovn syslens againsl unaulhoiized ac-
cess: "8"$("!$($5., inteqrity, conjiJentiolity, outbenticotion, and *,*>0/1')$"5$,*.
G8"$("!$($5. appIies lo lhe infoinalion ilseIf, ils suppoiling lechnoIogy and lhe peo-
pIe vho opeiale and seive lhe infiasliucluie,
@*5/+0$5. iefeis lo lhe liuslvoilhiness of infoinalion and syslen oi piocess ieIi-
aliIily,
ConjiJentiolity is aloul denying access lo lhe infoinalion and sensilive aspecls of
suppoiling lechnoIogy, lo lhose peisons vilhoul aulhoiizalion,
G'56/*5$%"5$,* iefeis lo assuiing lhal lhose vho do access lhe infoinalion oi sup-
poiling syslens have lhe iequisile aulhoiizalion, and
F,*>0/1')$"5$,* is Iinked lo aulhenlicalion and, effecliveIy, is lhe digilaI signaluie.
The piincipIe lhal appIies lo funclionaIIy-inleidependenl syslens, vheiely lhe
faiIuie of one conponenl can inpacl on lhe funclionaIily of one oi noie olhei conpo-
nenls, aIso appIies lo @*4,07"5$,* G##'0"*%/. Thus, if any of lhe alove ciileiia aie con-
pionised foi any ieason, al Ieasl sone eIenenls of infoinalion and/oi funclionaIily
and efhciency of ieIaled infoinalion infiasliucluies is aIso IikeIy lo le conpionised.
The noie signihcanl lhe conpionise, pailicuIaiIy in key aieas oi syslen choke-poinls
oi nodes, lhe noie signihcanl lhe inpacl viII le on funclionaIily and efhciency. Iden-
lifying exisling vuIneialiIilies, oi ciealing vuIneialiIilies lhal viII enalIe Infoinalion
Assuiance lo le conpionised, is an inpoilanl pail of lhe 5"0+/5$*+ 10,%/##. The ef-
feclive inpIenenlalion of Infoinalion Assuiance invoIves a vide iange of secuiily
156 Dennis C. Iaii, AnnuaI Thieal Assessnenl of lhe US InleIIigence Connunily foi lhe Senale SeIecl Connil-
lee on InleIIigence, Washinglon D.C., Senale SeIecl Connillee, 2 Ieliuaiy 2O1O, p. 3.
piocesses and pioceduies, as veII as physicaI neasuies. One inpoilanl neasuie is
iedundancy and diveisily, vhich is inlended lo counleiacl lhe effecls of any faiIuie
vilhin, oi conpionise of, a syslen, oi al Ieasl lo nininize lhose effecls. Hovevei,
lhe high-end funclionaIily and efhciency of nany of lhe piocesses, syslens, seivices,
and capaliIilies ve ieIy on and lake foi gianled is dependenl on cuiienl-geneialion
haidvaie and soflvaie. Ioi high-lech syslens, in pailicuIai, lhe iapid changes in
lechnoIogy iesuIling in incieasingIy noie poveifuI haidvaie and soflvaie, neans
lhal pIanned iedundancy and diveisily lo piovide effeclive lackup and conlinuily,
nusl aIso IaigeIy keep pace lechnoIogicaIIy vilh piinaiy-use haidvaie and soflvaie.
Hence, 0/)'*)"*%. "*) )$8/0#$5. 7'#5 !/ 0/%,+*$K/) "# 1"05 ,4 56/ @*4,07"5$,* G##'0"*%/
/='"5$,*, and nusl lheiefoie le facloied inlo laigeling consideialions.
Iuilhei lechnoIogicaI innovalions, veII desciiled in chaplei 4 of TechnoIogy
Tiends and Thieals in lhe Quesl foi Cylei Ieace,
"')
viII inciease and nuIlipIy vuInei-
aliIilies, vhich viII iequiie noie inlensive lasic ieseaich and appiopiiale soIulions.
One fundanenlaI piolIen is lhe Iack of design and anaIysis nelhods vhich aie sci-
enlihcaIIy pioven lo naslei lhe enoinous conpIexily of fuluie inleiconnecled digilaI
syslens, especiaIIy iegaiding safely, ieIialiIily, funclionaIily, and secuiily - piivacy,
aulhenlicily, and dala secuiily. DeveIoping soIulions foi lhis fundanenlaI piolIen
viII le one of lhe nosl inpoilanl chaIIenges foi lhe conpulei science and vel science
ieseaich connunilies.
"'*

The Challenges in Attribution
Cylei allacks can le caiiied oul fion anyvheie. Theie aie noie lhan 2 liIIion
peisonaI conpuleis in lhe voiId loday. Theie veie 5 liIIion noliIe phones in use ly
lhe end 2O1O, anounling lo 67 peicenl of voiId popuIalion, nosl of vhich aie digilaI
oi vel-enalIed. An addilionaI 1,OOO nev noliIe phones aie added lo lhe nix eveiy
ninule. Iacelook aIone cIained noie lhan 8OO niIIion aclive useis al lhe leginning
of 2O12.
One of lhe nosl inpoilanl changes voiIdvide is lhe liansfoinalion of lhe no-
liIe phone inlo an Inleinel phone, iepIacing lhe IC as lhe favoiile device foi con-
necling lo lhe Inleinel. AIieady 9.5 peicenl of lhe popuIalion voiIdvide has noliIe
lioadland.
"'!
Lveiy one of lhese devices is a polenliaI veapon. Add lo lhis lhe nuIli-
lude of cyleicafes and olhei WiIi nodes lhal dol eveiy cily aiound lhe gIole. In Nev
Yoik Cily aIone a usei can access lhe Inleinel fion 85 pulIic Iiliaiies, hundieds of
open-access lusiness WiIi holspols - cyleicafes, Slailucks and lhe Iike, 145 IedLx
Ofhce Iocalions, and unloId lhousands of unsecuied, open piivale nelvoiks.
"(#
To al-
liilule an allack vilh any neasuie of ceilainly lo a specihc device, Iel aIone a specihc
157 Hanadoun I. Touie & lhe Ieinanenl Moniloiing IaneI on Infoinalion Secuiily WoiId Iedeialion of Scien-
lisls, Tnc Qucs| fcr Cqocr Pcacc, Ceneva, InleinalionaI TeIeconnunicalion Union, }anuaiy 2O11, pp. 31-42.
158 Ilid., p. 41.
159 Ilid., p. 14.
16O Lugene L. Haligei, Cqocruarfarc and Cqocr|crrcrisn, While Iapei, The Cylei Secuie Inslilule, 1 Ieliuaiy
2O1O, p. 24.
individuaI oi enlily, is viiluaIIy inpossilIe.
In facl, alliilulion - deleinining lhe souice, Iocalion, and lhe idenlily of an
allackei - is exlieneIy difhcuIl foi lolh lechnicaI and nonlechnicaI ieasons. LIeclions
do nol leai nalionaI naikings. ecause lhe Inleinels ciealois nevei envisioned lhe
need, lhe Inleinel has no ieIialIe neans foi liacing vheie a nessage cones fion.
Iuilheinoie, lhe Inleinel vas nol designed lo vilhsland naIicious aIleialion of lhe
liansnission packels.
"("
Moieovei, allackeis enjoy a foinidalIe advanlage: "*,*.7>
$5.B Snail hackeis hide vilhin lhe naze-Iike aichilecluie of lhe Inleinel. Those vilh
sufhcienl lechnicaI skiII can ienain anonynous al viII.
IIausilIe denialiIily is aIso a concein. ecause hackeis olscuie lhe liue oiigin
of an allack ly hopping lhiough a seiies of conpionised conpuleis lo ieach lheii
laigel, lhe allackei can aIvays cIain lhal his conpulei had leen hacked and used in
soneone eIses opeialion. They can even Ieave lehind a 'faIse ag, inpIicaling an
olheivise innocenl individuaI, gioup, oi goveinnenl. The nosl sophislicaled cylei
allack oi expIoilalion nay nevei le discoveied. And lhis silualion is nol IikeIy lo
change soon, il is a syslenic aspecl of lhe Inleinel, nol a sinpIe piolIen lhal can le
hxed. Thus, slales face lhe piospecl of Iosing a cylei conicl vilhoul knoving lhe
idenlily of lheii adveisaiy. This is pailicuIaiIy liue of lhe iecenl allacks lhal aie sus-
pecled lo have leen connilled ly China, Russia, and Noilh Koiea.
Other Opportunities to Hide the Attackers Iden-
tity or to Assume another Identity
The iuIes foi foinalling and liansnilling dala - knovn as lhe Tiansnission
ConlioI IiolocoI/Inleinel IiolocoI (TCI/II) - nake lhe syslen voik, and ienain lhe
foundalion foi lodays Inleinel. The conpIexily of lhe TCI/II lask vas acconpIished
ly Iayeiing lhe iesl of lhe connunicalions piocess. Al lhe lollon, a E"5" R$*- ("./0
incIudes lhe haidvaie used lo access lhe Inleinel. The TCI/II lakes up lhe nexl lvo
IeveIs vilh (1) a A0"*#1,05 ("./0 lhal lieaks up and ieassenlIes dala, and (2) a F/53,0-
("./0 lhal ioules dala lo ils deslinalion. Al lhe lop of lhe slack Iies an G11($%"5$,*# ("./0
lhal conveils dala inlo velpages oi hIes. Lach Iayei peifoins ils funclion vilhoul
knoving vhal lhe olhei Iayeis do. Inleinel LxpIoiei voiks on lhe AppIicalions Iayei,
iegaidIess of lhe conneclion - lioadland, WiIi, saleIIile - used al lhe E"5" R$*- ("./0.
Togelhei, packel svilching and nelvoik Iayeiing piovide allackeis nuneious oppoi-
lunilies lo hide lheii idenlily oi assune anolhei.
In Iieu of peisonaI idenlihcalion, lhe F/53,0- ("./0 uses an Inleinel IiolocoI
(II) addiess lo idenlify lhe oiigin oi deslinalion of iouled dala. To uncovei lhe souice
of an allack oi cylei expIoilalion iequiies associaling lhe II addiess vilh a pailicu-
Iai individuaI, gioup, oi slale. SociaI nedia Iike Tvillei, foi exanpIe, keep a iecoid
161 The Inleinel liansnils nessages ly lieaking lhen inlo nany disciele dala packels, each of vhich nay le
senl acioss lhe Inleinel using diffeienl palhs lo aiiive al lhe hnaI deslinalion, vheie lhe Inleinel IiolocoI
ieassenlIes lhe packels lo iefoin lhe oiiginaI nessage.
of eveiy II addiess visiling lhe sile, vhich aIIovs idenlihcalion of lhe allackeis II
addiess. The Inleinel Seivice Iiovidei (ISI) can le found via lhe Inleinel Assigned
Nunleis Aulhoiily (IANA) dalalase lhal assigned lhe II addiess. If lhal ISI keeps
good iecoids, il can ieveaI lo vhich conpulei noden il had assigned lhal addiess.
Hovevei, given lhe evei gioving Inleinel dala voIunes, ISIs ieguIaiIy enply oul
lheii Iogs. Thal neans lhal souicing iequesls have lo happen quickIy, olheivise any
evidence lo idenlify peipelialois is gone. ul even vheie lheie aie iecoids, lhe II
addiess nighl go lo a coipoiale accounl, nunleiing lhousands of useis. Oi lhe liaiI
nighl end soonei if il Ieads lo a coffee shop lhal gives useis fiee access. Moieovei,
lhe liace nighl Iead lo a lolnel vheie lhe allackei can inslaII seveiaI slepping slones
lelveen lhe allacking conpuleis and lhe syslen used lo conlioI and connand il.
"($
Allackeis can aIso foige lhe addiess of an II packel,
"(%
and nake olhei individ-
uaIs, gioups oi goveinnenl II addiesses appeai as lhe iesponsilIe paily. And lhese
aie jusl lhe oppoilunilies foi anonynily on lhe Nelvoik Iayei. The E"5" R$*- ("./0 has
ils ovn oppoilunilies, such as lhe use of pie-paid, viieIess and Inleinel-accessilIe
devices lhal gianl access vilhoul any iecoid of lhe useis idenlily. Al lhe G11($%"5$,*
("./0, sociaI engineeiing gives allackeis addilionaI oppoilunilies lo hide. They aIso
ioulineIy deslioy oi nodify syslen Iogs so viclins Iack infoinalion on vhal hap-
pened.
Thus, lhe odds aie lhal one sinpIy nay nol knov lhe allackei oi vheie lhe
allack cane fion - vhich is inhililing 0/5"($"5$,* as veII as )/5/00/*%/B Il is exponen-
liaIIy haidei lo delei anolhei nalion vhen lhal nalion is aII lul ceilain lhal il can caiiy
oul an allack vilhoul a ieluin addiess. Alliilulion nay le so unceilain lhal lhe odds
lhal any one cylei allack couId evoke a iesponse vouId le faiiIy Iov. ul lhe Iovei
lhe piolaliIily of gelling caughl, lhe highei lhe penaIly iequiied convincing polenliaI
allackeis lhal vhal lhey nighl achieve is nol voilh lhe cosl.
"(&
Digital Evidence
ecause of lhe alliilulion piolIen, cylei allackeis aie iaieIy heId accounl-
alIe foi lheii aclions. Anolhei expIanalion foi lhe Iack of possiliIilies lo delei and lo
counleiallack cylei inliudeis is lhe dependence on digilaI evidence. DigilaI evidence
is diffeienl fion evidence ciealed, sloied, liansfeiied, and iepioduced fion a non-
digilaI foinal. Il is epheneiaI in naluie and susceplilIe lo nanipuIalion. These chai-
acleiislics of digilaI evidence iaise issues as lo ils ieIialiIily. Nelvoik-lased evidence
poses addilionaI piolIens lecause il is voIaliIe, has a shoil Iife span, and is fiequenlIy
Iocaled in foieign counliies. Invesligalois face lhe lvin olslacIes of idenlifying lhe au-
lhoi of a cylei allack and pioving lhal lhe aulhoi had lhe inlenlion lo do il - oi 'guiIly
knovIedge. Lven noie is al slake vhen lhe cylei allackei is a liusled insidei vho has
162 }ohn Maikoff, Wels Anonynily Makes Cyleiallack Haid lo Tiace, Ncu Ycr| Tincs, 17 }uIy 2OO9.
163 David Chaikin, Nelvoik Invesligalions of cylei allacks: lhe Iinils of digilaI evidence, Crinc, |au and
Sccia| Cnangc, VoI. 46, No. 4-5, 2OO6, pp. 239-256.
inlinale knovIedge of lhe IT secuiily syslen of lhe oiganizalion.
"('
Thus, cylei allacks have lecone a veiy annoying gIolaI piolIen lecause lhey
aie Iov-iisk, Iov-cosl,
"((
highIy effeclive, and easiIy depIoyalIe gIolaIIy. The cosl
lo deveIop lhis nev cIass of veapons is vilhin ieach of nany counliies, exlienisl
oi leiioiisl gioups, and even of individuaIs. The iav naleiiaIs needed lo consliucl
cylei veapons aie nol iesliicled and videIy avaiIalIe. Apail fion slales, lheie aie
aIso cyleiciine oiganizalions lhal aie knovn lo deveIop cylei veapons. Anong lhe
nosl noloiious is lhe Russian usiness Nelvoik, connonIy knovn as RN, vhich
oiiginaled as an Inleinel seivice piovidei foi chiId poinogiaphy, phishing, span,
and naIvaie disliilulion in Sl. Ieleisluig. y 2OO7, il deveIoped pailnei and afhIiale
naikeling lechniques in nany counliies lo piovide a nelhod foi oiganized ciine lo
laigel viclins inleinalionaIIy.
"()
Il is speciaIizing in, and in sone cases nonopoIizing,
peisonaI idenlily lhefl foi iesaIe, and is lhe oiiginaloi of MIack and aIIeged opeialoi
of lhe Sloin lolnel. RN has leen desciiled ly VeiiSign as 'lhe ladesl of lhe lad.
"(*

Il is nol a iegisleied conpany, and ils donains aie iegisleied lo anonynous addiess-
es. Ils ovneis aie knovn onIy ly nicknanes. Il does nol adveilise, and liades onIy in
unliacealIe eIeclionic liansaclions.
RN and lheii suppoil unils piovide sciipls and execulalIes lo nake cylei
veapons undeleclalIe ly anli-viius soflvaie. Lveiy line a copy of lhe cylei veapon
is geneialed, il Iooks diffeienl lo lhe anli-viius engines, and il goes evei noie oflen
undelecled. The noduIaiizalion of deIiveiy pIalfoin and naIicious insliuclion is a
gioving design in cylei veapons. RNs cylei veapons aie veiy popuIai and pov-
eifuI. In }une 2OO7, one vas used ly a singIe peison lo allack and conpionise ovei
1O,OOO velsiles in a singIe assauIl.
"(!
Cyber Weapons
A nissiIe is conpiised of lhiee lasic eIenenls: (1) a )/($8/0. 8/6$%(/, lhe iockel
engine, (2) a *"8$+"5$,*# #.#5/7 vhich leIIs il hov lo gel lo lhe laigel, and (3) lhe 1".>
(,") - lhe conponenls lhal cause hain. The sane lhiee eIenenls appeai in lhe de-
sign of a cylei veapon. Theie aie nuneious nelhods of deIiveiing cylei veapons lo
lheii laigels. LnaiIs vilh naIicious code enledded oi allached is one nechanisn of
deIiveiy. Anolhei is velsiles lhal have naIicious Iinks and dovnIoads. Oi il can le
done ly viieIess code inseilion liansnilled ovei iadio oi iadai fiequencies.
")#
Hack-
ing is a 7"*'"( )/($8/0. 8/6$%(/ lhal aIIovs pIacing lhe naIicious payIoad on a laigel
conpulei, syslen oi nelvoik. Counleifeil haidvaie, soflvaie, and eIeclionic con-
165 David Chaikin, Nelvoik Invesligalions of cylei allacks: lhe Iinils of digilaI evidence, op. cil.
166 A sleaIlh lonlei cosls $1.5 lo 2 liIIion, a sleaIlh hghlei cosls $8O lo 12O niIIion, a ciuise nissiIe cosls $1 lo 2
niIIion, vheieas a cylei veapon couId cosl $3OO lo $5O,OOO oi noie.
167 iian Kiels, Shadovy Russian Iiin Seen as Conduil foi Cyleiciine, lasning|cn Pcs|, 13 Oclolei 2OO7.
168 A vaIk on lhe daik side, Tnc |ccncnis|, 3O Augusl 2OO7, al: hup://economlsL.com/dlsplaysLory.cfm?sLory_
ld=9723768
169 Kevin C. CoIenan, Prcparing fcr a Cqocr A||ac|. Ccun|dcun |c cDaq!, McMuiiay, The TechnoIylics Inslilule,
no dale.
17O CIaike & Knake, op. cil., p. 7. And: David A. IuIghun, Seaiching foi Ways lo Tiace Cylei Allackeis,
Atia|icn lcc| and Spacc Tccnnc|cgq, 2O May 2O11.
ponenls can aIso le used as deIiveiy vehicIes. }usl as lhe navigalion syslen guides
a nissiIe, il aIIovs lhe naIicious payIoad lo ieach a specihc poinl inside a conpulei,
syslen oi nelvoik. Syslen vuIneialiIilies aie lhe piinaiy navigalion syslens used
in cylei veapons. VuIneialiIilies in soflvaie and conpulei syslen conhguialions
piovide enliy poinls foi lhe payIoad. These secuiily exposuies in opeialing syslens
oi olhei soflvaie oi appIicalions aIIov foi expIoilalion and conpionise. This enalIes
unaulhoiized ienole access and conlioI ovei lhe syslen.
")"

The payIoad of a nissiIe is lhe vaihead vhich is packed vilh sone lype of 'ex-
pIosive. In a cylei veapon, lhe payIoad couId le a piogian lhal copies infoinalion
off of lhe conpulei and sends il lo an exleinaI souice. Il can aIso le a piogian lhal
is aIleiing and nanipuIaling infoinalion sloied on lhe syslen. IinaIIy, il can enalIe
ienole access so lhal lhe conpulei can le conlioIIed oi diiecled ovei lhe Inleinel.
A 'lol- a conponenl of a lolnel - is a good exanpIe of a payIoad lhal nakes pos-
silIe lhe ienole use of an IT syslen ly an unaulhoiized individuaI oi oiganizalion.
")$

The lhiee-eIenenl aichilecluie denonsliales hov advanced and sophislicaled cylei
veapons aie leconing. The aichilecluie cieales ieusaliIily and ieconhguialion of aII
lhiee conponenls. As soflvaie oi syslen vuIneialiIily is discoveied, iepoiled, and
palched, lhal conponenl can le ienoved and iepIaced vhiIe lhe olhei lvo conpo-
nenls aie sliII vialIe. This nol onIy cieales exiliIily, lul aIso signihcanlIy incieases
lhe pioduclivily of lhe deveIopeis of cylei veapons.
Nalions aie leconing incieasingIy vuIneialIe lo cylei allacks lhal couId have
calasliophic effecls on ciilicaI infiasliucluies as veII as seveieIy danage nalionaI
econonies. Massive cylei allacks even in onIy a segnenl of lhe syslen aie difhcuIl lo
conlioI, and lheii consequences couId le incaIcuIalIe. Theie is a luiIl-in lendency foi
unIeashing chain ieaclions even fion nodesl incidenls.
")%
They couId decisiveIy aIlei
lhe povei equalions, lhe slaliIily of lhe enliie digilaI enviionnenl on vhich sociely
depends, nuch leyond lhe pailies lo a conicl. The inleiesl in lhe nainlenance of
liansnalionaI nelvoiks and infoinalion sliucluies is an inleiesl shaied ly aII inlei-
nalionaI aclois. Thus, piioiily nusl le given lo lhe nainlenance oi eaiIy iesloialion
of a slalIe digilaI enviionnenl. Thal %(/"0(. 1("%/# 56/ /716"#$# ,* )/4/*#/. ResiIienl IT
infiasliucluies discouiage allacks. ResiIience incIudes seveiaI eIenenls, anong vhich
aie lhe seIf-heaIing quaIily of syslens, lhe avaiIaliIily of vaining syslens, luiIl-in
iedundancies, lul aIso liained lehavioiaI nodes Iike lhe expIoialion of aieas of coop-
eialion vilhin lhe slakehoIdei connunily, and encouiagenenls lo piaclice il.
171 Kevin C. CoIenan, Prcparing fcr a Cqocr A||ac|. Ccun|dcun |c cDaq!, McMuiiay, The TechnoIylics Inslilule,
no dale.
172 Ilid.
173 The inleinalionaI connunily needs lo le avaie lhal a snaII cylei skiinish couId le lhe piecuisoi lo a
najoi cylei conicl lhal polenliaIIy viII spaik a iegionaI kinelic engagenenl lhal viII have inleinalionaI
iepeicussions. }ohn ungainei, Chief TechnoIogy Ofhcei, US Cylei Consequences Unil, ]ancs Dcfcncc
lcc||q, 29 Seplenlei 2O1O.
5. Major Issues, Ambiguities, and
Problems of Cyberwar
H.!/0 "55"%- "# " moJe of conjlict iaises nany opeialionaI issues and, due lo
inheienl anliguilies, sone olhei piolIens. Anong lhese is lhe C'#/ ,4 4,0%/D and C"%5
,4 3"0D %,*'*)0'7. IiolIens aIso deiive fion lhe (/+"( 40"7/3,0- +,8/0*$*+ %.!/0 "5>
5"%-#. Then, lheie is lhe 10,!(/7 ,4 )/5/00/*%/ $* %.!/0#1"%/ lhal is affecling ielaIialion,
pieenplion, and conicl escaIalion. F/53,0-/) 4,0%/#, lhe nosl iecenl niIilaiy innova-
lion, hoId lhe pionise of hghling noie effecliveIy, lul lhey aIso cieale noie uncei-
lainlies. In oidei lo effectively monoqe cyber conjlicts, lhese nay have lo le calegoiized
inlo vaiious IeveIs, depending on lheii inlensily and inpacl on vai. In addilion, lheie
is lhe sliII uniesoIved piolIen of )/#50'%5$8/*/## ,4 %.!/0 "55"%-#. And connecled vilh
lhis is lhe piolIen of 36"5 /44/%5# */3/#5 7"(3"0/ Iike Sluxnel 7$+65 6"8/ ,* 56/ 7,)/
of future conjlict.
Use of Force and Acts of War
Cylei allack iefeis lo deIileiale aclion lo aIlei, disiupl, deceive, degiade, oi
deslioy conpulei syslens and nelvoiks oi lhe infoinalion and/oi piogians iesi-
denl in oi liansiling lhese syslens oi nelvoiks. Thus, il is nol coiiecl lo caII eveiy lad
lhing lhal happens in cyleispace and on lhe Inleinel 3"0 oi "55"%-B Wai is lhe '#/ ,4
4,0%/ lo cause danage, desliuclion oi casuaIlies foi poIilicaI effecl ly slales oi gioups.
A cylei allack nay le an acl inlended lo cause danage oi desliuclion. Theie is a giey
aiea, of couise, lhal consisls of disiuplion of dala and seivices !/(,3 56/ (/8/( ,4 '#/ ,4
4,0%/. The lhieshoId shouId le high foi caIIing a disiuplive aclivily "* "%5 ,4 3"0 oi "*
"55"%-. An acl of vai invoIves lhe use of foice foi poIilicaI puiposes ly oi againsl a
slale.
")&
Ioice invoIves vioIence oi inlinidalion ly lhe lhieal of use of foice. If lheie
is no vioIence, il is nol an allack. If lheie is no lhieal of vioIence, il is nol lhe use of
foice. And heie loo is a giey aiea consisling of cIandesline oi coveil aclivilies. ul if
an opponenl inlends foi a cylei expIoil lo ienain undelecled, and if lhe expIoil does
nol inicl physicaI danage oi desliuclion, il is nol inlinidalion, nol lhe use of foice,
noi is il an allack.
Whal is lhe IegaI fianevoik goveining cylei allacks` The N'(/# ,4 G07/) H,*>
jlict lhal guides liadilionaI vais is deiived fion inleinalionaI liealies, such as lhe
Ceneva Convenlions, InleinalionaI Hunanilaiian Lav, and lhe piaclices lhal nalions
considei %'#5,7"0. $*5/0*"5$,*"( ("3. Anong lhen is lhe UN Chailei lhal vas de-
signed, in essence, lo lan 'vai fion lhe Iexicon of nalions.
")'
AilicIe 2(4) of lhe Chailei
174 In 1999, a piofessoi pulIished a fianevoik foi deleinining vhal conslilules an acl of foice oi vai, vhich
vouId vaiianl a ielaIialoiy iesponse of sone kind. See: MichaeI N. Schnill, Ccnpu|cr Nc|ucr| A||ac| and |nc
Usc cf |crcc in |n|crna|icna| |au. Tncugn|s cn a Ncrna|itc |rancucr|, CoIoiado Spiings, Inslilule foi Infoina-
lion TechnoIogy, 1999, p. 17.
175 Chailei of lhe Uniled Nalions and Slalule of lhe InleinalionaI Couil of }uslice, San Iiancisco, Uniled Na-
lions, 1945.
denands lhal nalions iefiain in lheii inleinalionaI ieIalions fion lhe lhieal oi use
of foice againsl lhe leiiiloiiaI inlegiily oi poIilicaI independence of any slale.
")(
De-
spile lhe iefeience lo leiiiloiiaI inlegiily and poIilicaI independence, il is nov videIy
undeislood lhal lhe piohililion appIies lo "*. '#/ ,4 4,0%/ *,5 ,56/03$#/ 1/07$55/) !.
56/ 5/07# ,4 56/ H6"05/0. Il sanclions onIy 53, /9%/15$,*# lo lhis piohililion on lhe '#/ ,4
4,0%/: (1) vhen lhe UN Secuiily CounciI aulhoiizes foice, and (2) vhen a nalion acls
in seIf-defense.
As lo #/(4>)/4/*#/, AilicIe 51 says lhal nolhing in lhe Chailei shaII inpaii lhe in-
heienl iighl of individuaI oi coIIeclive seIf-defense if an ained conicl occuis againsl
a UN Menlei. Though InleinalionaI Hunanilaiian Lav does nol specihcaIIy nen-
lion cylei opeialions, lhe alsence of specihc iefeiences lo cyleivai does nol nean
lhal cylei opeialions aie nol suljecl lo lhe iuIes of inleinalionaI Iav. The essence
of an ained opeialion is lhe causalion, oi iisk lheieof, of dealh oi injuiy lo peisons
and danage lo oi desliuclion of piopeily and olhei langilIe oljecls.
"))
If lhe neans
and nelhods of cyleivai pioduce lhe sane effecls in lhe ieaI voiId as convenlionaI
veapons, such as desliuclion, disiuplion, danage, injuiy oi dealh, lhey aie goveined
ly lhe sane iuIes as convenlionaI veapons.
Of aII lhe IegaI issues ledeviIing cyleivai, lhe issue of vhen a cylei evenl
anounls lo an "%5 ,4 3"0 capluies nosl inleiesl.
")*
The 560/#6,() foi iegaiding a cylei
incidenl as lhe use of foice is lhe nosl $71,05"*5 "7!$+'$5. $* %.!/03"0. The iighl of
seIf-defense is liiggeied ly lhe use of foice. This nakes lhe queslion of lhe lhieshoId
lelveen an acl lhal juslihes lhe use of foice and an acl lhal does nol cenliaI in cylei-
vai. When cylei allacks aie peisislenl and insidious, lhey couId aigualIy pose a iisk
lo nalionaI secuiily if lhey aie deliinenlaI lo indusliy and sociely as a vhoIe, conse-
quenlIy affecl lhe secuiily and slaliIily of lhe slale.
")!
Hovevei, onIy Iaige scaIe cylei
allacks on ciilicaI infiasliucluies lhal iesuIl in signihcanl physicaI danage oi hunan
Iosses conpaialIe lo lhose of an ained allack vilh convenlionaI veapons vouId en-
lilIe lhe viclin slale lo invoke seIf-defense undei AilicIe 51 of lhe UN Chailei. WhiIe
AilicIe 2 piohilils aII lhieals and uses of foice, AilicIe 51 aIIovs lhe use of foice ,*(. in
iesponse lo an "07/) "55"%-. ul nol aII uses of foice quaIify as "07/) "55"%-# lhal aie
a pieiequisile lo an "07/) 0/#1,*#/. Thus, a nalion nay lecone viclin of cylei foice
leing appIied againsl il lul cannol iespond in kind lecause lhe foice il suffeied did
nol anounl lo an "07/) "55"%-.
asicaIIy, lhiealening desliuclive cylei allacks againsl anolhei slales niIilaiy
infiasliucluie if lhal slale nounls unIavfuI cioss-loidei opeialions vouId nol lieach
lhe noin. ul lhieals of desliuclive cylei opeialions againsl anolhei slales ciilicaI
infiasliucluie vouId do so - unIess lhal slale cedes leiiiloiy. Hovevei, lhe piohi-
lilion appIies onIy lo an expIicil oi inpIied connunicalion of a lhieal. Il does nol
176 Ilid., p. 3.
177 MichaeI N. Schnill, Cylei Opeialions in InleinalionaI Lav: The Use of Ioice, CoIIeclive Secuiily, SeIf-
Defense, and Ained Conicl, in Prccccdings cf a lcr|sncp cn Dc|crring Cqocra||ac|s. |nfcrning S|ra|cgics and
Dctc|cping Op|icns fcr U.S. Pc|icq, Washinglon, NalionaI Acadenies Iiess, 2O1O, p. 163.
178 Anna MuIiine, When is a Cyleiallack an Acl of Wai`, Cnris|ian Scicncc Mcni|cr, 18 Oclolei 2O1O.
179 On Cqocr larfarc, op. cil., p. 9.
ieach aclions vhich sinpIy lhiealen lhe secuiily of lhe laigel slale, lul vhich aie
nol connunicalive in naluie. Hence, lhe inlioduclion inlo a slales cylei syslens of
vuIneialiIilies vhich "0/ %"1"!(/ ,4 )/#50'%5$8/ "%5$8"5$,* "5 #,7/ ("5/0 )"5/ vouId nol
conslilule " 560/"5 ,4 56/ '#/ ,4 4,0%/, unIess lheii piesence is knovn lo lhe laigel slale,
and lhe oiiginaling slale expIoils lhen foi sone coeicive puipose.
"*#

Theie is consensus lased on inleinalionaI piaclice lhal piopaganda, haiass-
nenl, hacklivisn, and ciine ), *,5 ?'#5$4. 56/ '#/ ,4 4,0%/ $* 0/#1,*#/. ul olhei aieas
aie Iess cIeai. Ioi exanpIe, vhen does $*5/(($+/*%/ %,((/%5$,* oi %.!/0 0/%,**"$##"*%/
lecone an acl of vai` Such aclivilies aie usuaIIy nol consideied sufhcienl juslihca-
lion. Nondesliuclive conpulei nelhodoIogies enpIoyed foi cylei espionage nay
vioIale lhe doneslic Iav of lhe viclin nalion-slale !'5 "0/ *,5 %,*50"0. 5, $*5/0*"5$,*"(
("3B
"*"
Hovevei, inleIIigence coIIeclion lhal invoIves lhe lhefl of leialyles
"*$
of cIas-
sihed infoinalion - as happened vilh lhe allacks on lhe US Depailnenl of Defense
and lhe US CenliaI Connand in 2OO8, Ieaving lehind gieal danage - nay evenlu-
aIIy le inleipieled as an acl of vai.
"*%
UIlinaleIy, hovevei, lhe decision as lo vhelhei
sonelhing is an acl of vai is a poIilicaI decision. Al lhe end of lhe day, lhe ansvei lo
vhelhei a pailicuIai allack is an acl of vai cones dovn lo lhis: Is il in youi inleiesl lo
decIaie il so`
"*&

T$,("5$,* ,4 #,8/0/$+*5. is an equaIIy inpiecise guide foi deciding vhal an "%5
,4 3"0 in cyleispace is. Spies, ciininaIs, and hackeis ioulineIy send packels acioss
loideis vilh naIicious inlenl. These aclivilies aie vioIalions of soveieignly, lul indi-
viduaIIy, lhey do nol quaIify as "%5# ,4 3"0. Inseiling spies, vhelhei physicaIIy oi digi-
laIIy, vouId nol geneiaIIy le iegaided as a use of foice juslifying a foicefuI iesponse
- unIess lhe vioIalion couId le poiliayed as an allenpl al coeicion oi inlinidalion. Il
couId le aigued lhal nassive and iepealed vioIalions of soveieignly ly cylei inliu-
sions couId le inleipieled as an acl of vai. ul il vouId le incunlenl upon lhe laigel
nalion lo hisl nolify lhe allackei lhal fuilhei inliusions vouId le iegaided as an acl
of vai. The faiIuie of any nalion lo nake such a nolihcalion oi conpIainl so fai in lhe
face of nassive cylei inliusions ovei lhe Iasl decade neans lhal lhe oppoilunily has
leen nissed lo cieale such a lhieshoId oi consliainl in cylei conicl.
"*'

The inleipielive diIenna of vhelhei cylei opeialions conslilule a '#/ ,4 4,0%/
is lhal lhe diafleis of lhe Chailei look a cognilive shoil cul ly fianing lhe liealys
piohililion in leins of lhe $*#50'7/*5# ,4 %,/0%$,* /71(,./) U 4,0%/. Yel, il is seIdon lhe
insliunenls enpIoyed, lul inslead lhe %,*#/='/*%/# suffeied, lhal nallei lo slales. Al
18O See MichaeI N. Schnill, Cylei Opeialions as a Use of Ioice in Prccccdings cf a lcr|sncp cn Dc|crring Cqocr-
a||ac|s, |nfcrning S|ra|cgics and Dctc|cping Op|icns fcr U.S. Pc|icq, The NalionaI Acadenies Iiess, 2O1O, p. 153.
181 WaIlei Caiy Shaip, Cqocrspacc and |nc Usc cf |crcc, San Anlonio, Aegis Reseaich Coip., 1999, pp. 123-32.
182 LquivaIenl lo vhal is sloied in papeis and looks in lhe US Liliaiy of Congiess, vhich anounls lo sone 12
leialyles.
183 See: hup://www.cbsnews.com/sLorles/2009/11/06/60mlnuLes/maln3333363.shLml. AIso: Ienlagon cylei secuiily
ioIe expands, Oxfcrd Ana|q|ica. G|coa| S|ra|cgic Ana|qsis, 2 }uIy 2O1O.
184 Cqocrdc|crrcncc and Cqocruar, op. cil., Annex A: Whal Conslilules an Acl of Wai in Cyleispace` p. 18O.
185 In May 2O11, lhe Ienlagon has decided lhal cylei allacks conslilule an acl of vai. In a cIassihed docunenl
il concIuded lhal lhe US nay iespond lo cylei allacks fion foieign counliies vilh liadilionaI niIilaiy foice.
WhiIe sone say lhe poIicy is in keeping vilh lhe lines, olheis voiiy lhal il couId Iead lhe counliy inlo vai
noie easiIy. See: }ohn Hudson, Rcu|crs, 31 May 2O11.
lhe line lhe Chailei vas diafled an insliunenl lased-appioach nade sense, foi piioi
lo lhe advenl of cylei opeialions lhe consequences lhal slales soughl lo avoid usuaIIy
conpoiled vilh insliunenl-lased calegoiies. ul cylei opeialions do nol hl nealIy
inlo lhis paiadign lecause, aIlhough lhey nay le 'non-foicefuI oi 'non-kinelic, lheii
consequences can iange fion neie annoyance lo dealh. ResuIlanlIy, as lhe piesenl
Connandei of US Cylei Connand noled duiing his conhinalion heaiings, poIicy-
nakeis nusl undeisland lhal lheie is no inleinalionaI consensus on a piecise dehni-
lion of a use of foice, in oi oul of cyleispace. ConsequenlIy, individuaI nalions nay
asseil diffeienl dehnilions, and nay appIy diffeienl lhieshoIds foi vhal conslilules a
use of foice.
"*(

Hence, disconfoil anong cylei vaiiiois in lhe ained foices ieIying on exisling
Iav of ained conicl noins is undeislandalIe since nosl of lhe inleinalionaI agiee-
nenls and piaclices of nalion-slales lhal conpiise lhe Iav of ained conicl piedale
lhe cylei eia. Thus, lheie is an uigenl need foi seeking inleinalionaI consensus, nol
onIy on lhe 0$+65 5, 0/#1,*#/ !. 56/ 7$($5"0., lul aIso ,* 0'(/# ,4 /*+"+/7/*5 4,0 %.!/0>
3"0, incIuding hov nalions nighl use piivale-secloi nelvoiks lo ieioule liafhc and
shul dovn allacks. Sone expeils Iike iuce Schneiei vain lhal lhe line is iunning
oul lo pul in pIace " %.!/0 50/"5. lhal couId, as he advocales, slipuIale a no hisl use
poIicy, oulIav unained veapons, oi nandale veapons lhal seIf-desliucl al lhe end
of hosliIilies.
"*)
WhiIe nany IegaI looIs foi deaIing vilh cooidinaled allacks aIieady
exisl, nalions need lo deveIop 56/ 1,($%$/# lo aIIov %,'*5/07/"#'0/#, such as nuluaI
aid agieenenls and cylei secuiily poIicies, and, foienosl, 4,0 +,8/0*"*%/ ,4 %.!/03"0.
WhiIe agieenenls lhal nighl expedile cylei Iav enfoicenenl effoils aie pos-
silIe, il is nol IikeIy lhal any nev inleinalionaI liealy goveining cyleivai oi cylei
veaponiy viII le foilhconing in lhe foieseealIe fuluie. AIlhough nosl peopIe cheei
inleinalionaI liealies lhal have lanned chenicaI and lioIogicaI veapons, sone expeils
see lhen as uninlenlionaIIy inhililing lhe deveIopnenl of nonIelhaI and Iov-IelhaIily
veaponiy.
"**
Lven lhe US goveinnenl, vhiIe enphasizing lhe need foi 'luiIding lhe
iuIe of Iav lhiough inleinalionaI noins and piocesses in ils Ialesl InleinalionaI Slial-
egy foi Cyleispace,
"*!
peihaps lhe hisl nalionaI 'foieign poIicy foi lhe Inleinel, seens
guaided vilh iespecl lo %.!/0 "07# "+0//7/*5#. Wiiling in a iecenl issue of Q,0/$+*
G44"$0#, Depuly Secielaiy of Defense WiIIian Lynn olseived lhal liadilionaI ains
conlioI agieenenls vouId IikeIy faiI lo delei cylei allacks lecause of lhe chaIIenges
of alliilulion, vhich nake lhe veiihcalion of conpIiance aInosl inpossilIe.
"!#
Allii-
lulion slulloinIy peineales eveiy aspecl of cylei opeialion, il is, indeed, lhe 'singIe
giealesl chaIIenge lo lhe appIicalion of lhe Iav of ained conicl lo cylei aclivily.
"!"

186 UncIassihed Senale Teslinony ly Ll Cen Keilh AIexandei, Noninee foi Connandei US Cylei Connand,
15 ApiiI 1O1O.
187 See Tine foi a Tiealy, Dcfcnsc Ncus, 18 Oclolei 2O1O, and iuce Schneiei, Il viII soon le loo Iale lo slop
cyleivai, |inancia| Tincs, 2 Decenlei 2O1O.
188 See }ohn . AIexandei, OplionaI LelhaIily: LvoIving Alliludes lovaids NonIelhaI Weaponiy, Hartard
|n|crna|icna| Rcticu, 7 May 2OO6.
189 While House, InleinalionaI Slialegy foi Cyleispace: Iiospeiily, Secuiily, and Openness in a Nelvoiked
WoiId, May 2O11.
19O WiIIian }. Lynn, Defending a Nev Donain: The Ienlagons Cyleislialegy, |crcign Affairs, 89, No. 5, Sep-
lenlei/Oclolei 2O1O.
191 Todd C. HunlIey, ConlioIIing lhe Use of Ioice in Cyleispace: The AppIicalion of lhe Lav of Ained Con-
LssenliaIIy, hovevei, lhis is a lechnicaI issue, nol a IegaI one. NonelheIess, lhe idenlily
of lhe allackei nay veII deleinine if " #5"5/ ,4 3"0 exisls.
Ioi noie lhan a decade lhe polenliaI lhieal and oppoilunily of cyleivai has
confionled niIilaiy pIanneis, vhiIe lhe inleinalionaI connunily has yel lo ieach con-
sensus on lhe appIicalion of InleinalionaI Hunanilaiian Lav. This Iack of consensus
nay le due lo a vaiiely of ieasons, fion hoIding lhal lhe cuiienl fianevoik of Inlei-
nalionaI Hunanilaiian Lav can le appIied lo cyleivaifaie !. "*"(,+. lo lhe ieaIiza-
lion lhal lhe vasl giovlh and uidily of lechnoIogy vouId iendei polenliaI inleina-
lionaI agieenenl quickIy olsoIele.
The alsence of piohililion of cyleivai in lhe Iav of ained conicl is signih-
canl lecause, as a geneiaI iuIe, lhal vhal is nol piohililed is peinilled.
"!$
ul lhe
alsence is nol disposilive, lecause even vheie inleinalionaI Iav does nol puipoil lo
addiess pailicuIai nelhods, veapons oi lechnoIogies of cyleivai, lhe geneiaI piin-
cipIes of InleinalionaI Hunanilaiian Lav do appIy lo cyleivai - 3$56 ($7$5"5$,*#.
What are the Limitations that International Hu-
manitarian Law imposes on Cyberwar?
Once a slale has enleied inlo a conicl, lhe use of foice is goveined ly ?'# $* !/((,2
vhich is IaigeIy deiived fion lhe Hague Convenlions,
"!%
lhe Ceneva Convenlions,
"!&

and lheii associaled piolocoIs, nuch of vhich is consideied cuslonaiy inleinalionaI
Iav. Lven slales lhal have lhe IavfuI iighl lo use foice sliII have Iinilalions in hov
lhey use foice. The iesliainls on hov a slale conducls ils use of foice aie nol conlin-
genl on lhe veaponiy used. So liansposing lhe piincipIes of inleinalionaI hunanilai-
ian Iav lo lhe use of cylei allacks is nol onIy possilIe, lul appiopiiale given ils giov-
ing popuIaiily as a coeicive laclic. This iequiies a Iook al lhe piincipIes lhal deiive
fion lhe liadilionaI schena of '#/ $* !/((, in ieIalion lo cyleivai: 7$($5"0. */%/##$5.,
)$#5$*%5$,*, 10,1,05$,*"($5., perjiJy, */'50"($5., and '**/%/##"0. #'44/0$*+.
The !"#$%#!&' )* +#&#,-". $'%'//#,.: When a cylei allackei is paily lo a conicl,
inleinalionaI hunani-laiian Iav iesliicls lhe use of foice lo laigels lhal viII accon-
pIish vaIid niIilaiy oljeclives. LavfuI laigels aie Iiniled lo lhose oljecls vhich ly
lheii naluie, Iocalion, puipose oi use nake an effeclive conliilulion lo niIilaiy ac-
lion and vhose lolaI oi pailiaI desliuclion, capluie, oi neuliaIizalion offeis a dehnile
niIilaiy advanlage.
"!'
AilicIe 23 of lhe 4
lh
Hague Convenlion foilids desliuclion oi
seizuie of piopeily, unIess such desliuclion oi seizuie le inpeialiveIy denanded ly
icl Duiing a Tine of IundanenlaI Change in lhe Naluie of Waifaie, Nata| |au Rcticu, VoI. 6O, 23 Noven-
lei 2O1O, pp. 1-4O.
192 See: |cga|i|q cf |nc Tnrca| cr Usc cf Nuc|car lcapcns, Advisoiy Opinion, InleinalionaI Couil of }uslice, 8 }uIy
1996.
193 Hague Convenlion IV Respecling lhe Lavs and Cuslons of Wai on Land, Annex, 18 Oclolei 19O7.
194 See e.g. The Ceneva Convenlion foi lhe AneIioialion of lhe Condilion of lhe Wounded and Sick in Ained
Ioices in lhe IieId, 12 Augusl 1949.
195 AilicIe 52 of lhe 1977 AddilionaI IiolocoI lo lhe Ceneva Convenlions.
lhe necessilies of vai. A vioIalion of lhe piincipIe of niIilaiy necessily is consideied
a 'vai ciine in lhe Rone Slalule of lhe InleinalionaI CiininaI Couil.
"!(

A cylei allack lhal laigels an adveisaiys niIilaiy conpulei syslens salishes
lhe condilion of niIilaiy necessily ly viilue of lheii excIusive niIilaiy associalion.
Theie aie nany oppoilunilies foi cylei allacks vilhin lhe conpulei syslens of nod-
ein ained foices, vhich use conpulei syslens vilhin eveiy facel of lheii opeialions.
A deepei shade of giey occuis, hovevei, vhen deleinining vhelhei a laigel cieales
a 'Jejinite militory oJvontoqe. IiesunalIy, lhis Iinils cylei allacks vhose niIilaiy
advanlages aie indeleininale. The conpIexily of conpulei syslens nakes such a caI-
cuIalion a chaIIenge. The vaIue of a cylei veapon oflen Iies in ils cascade effecl on
syslens lhal ieIy upon lhe iniliaI laigel. Mosl cylei allackeis Jo not bove sufjicient
$*4,07"5$,* 5, 10/)$%5 56/ $*)$0/%5 /44/%5# ,4 "* "55"%-. An allackei lhal indiieclIy laigels
a niIilaiy conpulei syslen nighl le unsuccessfuI. An allackei lhal peneliales inlo
conpulei syslens of an eIecliicaI geneialoi nighl gain a niIilaiy advanlage, lul lhe
syslen nay have unfoieseen Iayeis lhal pievenl such an advanlage fion occuiiing.
In lhese ciicunslances, lhe niIilaiy advanlage is nol dehnile enough lo salisfy lhe
condilion of niIilaiy necessily. Moieovei, niIilaiy necessily is veighed againsl olhei
Iiniling piincipIes, incIuding lhe piincipIe of dislinclion.
01' !"#$%#!&' )* 2#/,#$%,#)$: In oidei lo ensuie iespecl foi and pioleclion of
lhe civiIian popuIalion and civiIian oljecls, lhe pailies lo a conicl aie iequiied lo al
aII lines dislinguish lelveen lhe civiIian popuIalion and conlalanls, and lelveen
civiIian oljecls and niIilaiy oljeclives.
"!)
And allackeis aie iequiied lo ensuie lhal
lhe civiIian popuIalion and individuaI civiIians . enjoy geneiaI pioleclion againsl
dangeis aiising fion niIilaiy opeialions and nol le oljecl of allacks.
"!*
Allackeis
nusl diiecl lheii opeialions onIy againsl niIilaiy oljeclives. Ioui iuIes foIIov fion
lhis piincipIe:
The )3&#4-,#)$ ,) 2#"'%, -,,-%5/ )$&. -4-#$/, 6+#&#,-". )37'%,#8'/, as dehned ly
lhe 1977 AddilionaI IiolocoI I of lhe Ceneva Convenlions. The dehnilion con-
piises lvo condilions: hisl, il nusl nake an effeclive conliilulion lo lhe niIilaiy
aclion of lhe adveisaiy, and secondIy, in lhe ciicunslances iuIing al lhe line, lhe
allack nusl offei a dehnilive advanlage lo lhe allackei. Whenevei lhese lvo con-
dilions aie #$7'(5"*/,'#(. 10/#/*5, lheie is a niIilaiy oljeclive in lhe sense of exlanl
inleinalionaI hunanilaiian Iav.
The !")1#3#,#)$ )* #$2#/%"#+#$-,' -,,-%5/. Accoiding lo AilicIe 51 of lhe 1977
AddilionaI IiolocoI I of lhe Ceneva Convenlions, an indisciininale allack is one
vhich is nol caiefuIIy ained al a specihc niIilaiy oljeclive, eilhei lhiough caie-
Iessness oi use of veapons lhal aie ly lheii naluie nol capalIe of leing so diiecled,
oi lecause lhe effecls of an allack on lhe niIilaiy oljeclive aie unconlioIIalIe and
196 Rone Slalule of lhe InleinalionaI CiininaI Couil, AilicIe 8(2)(a)(iv),1998.
197 AilicIe 48 of lhe 1977 AddilionaI IiolocoI I lo lhe Ceneva Convenlion.
198 AilicIe 51 of lhe 1977 AddilionaI IiolocoI I lo lhe Ceneva Convenlion.
unpiediclalIe.
The need lo nininize coIIaleiaI civiIian danage and lo alslain fion allacks if such
danage is IikeIy lo le dispiopoilionale lo lhe vaIue of lhe niIilaiy oljeclive lo le
allacked. An allack againsl a niIilaiy oljeclive vilh IavfuI neans oi nelhods of
vaifaie causing coIIaleiaI civiIian danage oi injuiy onIy lecones iIIegaI if il vio-
Iales lhe iuIe of piopoilionaIily. This vouId le an allack vhich nay le expecled lo
cause incidenlaI Ioss of civiIian Iife, injuiy lo civiIians, danage lo civiIian oljecls,
oi a conlinalion lheieof, vhich vouId le excessive in ieIalions lo lhe conciele and
diiecl niIilaiy advanlage anlicipaled.
"!!

The $''2/ ,) ,-5' ,1' $'%'//-". !"'%-9,#)$/ lo ensuie lhal lhe alove lhiee iuIes
aie iespecled.
$##

The !"#$%#!&' )* !")!)",#)$-&#,., siniIai lo dislinclion, is conceined vilh lhe
consequences of an allack on civiIians and civiIian oljecls as il ieIales lo lhe achieve-
nenl of a niIilaiy goaI. IiopoilionaIily goveins lhe degiee and kind of foice used lo
achieve a niIilaiy oljeclive ly conpaiing lhe expecled niIilaiy advanlage gained lo
lhe expecled incidenlaI danage lo civiIians and piopeily. Il appIies lo lolh vhelhei a
given IeveI of foice is appiopiiale in iesponse lo a pailicuIai giievance, as pail of lhe
Iav of lhe use of foice, oi ?'# ") !/(('7,
$#"
and vhelhei a given aclion is appiopiiale
in Iighl of ils oljeclives and lhe casuaIlies lhal viII iesuIl, as pail of lhe Iav of ained
conicl, oi ?'# $* !/((,.
$#$
Connandeis nusl nininize civiIian casuaIlies, suljecl lo
lhe need lo acconpIish a pailicuIai niIilaiy nission, and lhey nusl veigh lhe cosl of
civiIian Iives againsl lhe lenehl lo le gained ly lhe nission.
IiopoilionaIily appIies lo lhe #$2#"'%, '**'%,/ )* -$ -,,-%5 -/ :'&&. Sone ol-
jecls have such dangeious indiiecl effecls lhal laigeling lhen is ouliighl piohililed.
Woiks oi inslaIIalions conlaining dangeious foices, naneIy dans, dykes, and nucIe-
ai eIecliicaI geneialing slalions, shaII nol le lhe oljecl of an allack, even vheie lhose
oljecls aie niIilaiy oljeclives, if such allack nay cause lhe ieIease of dangeious foices
and consequenl seveie Iosses anong lhe civiIian popuIalion.
$#%
The Rone Slalule
incoipoiales piopoilionaIily vilhin ils enuneialion of pailicuIai ciines.
$#&
1he prohlbltlon on perflJloux conJuct U aiising fion lhe desiie lo iesloie peace
vilhoul conpIeleIy deslioying lhe adveisaiy. Cyleivai cieales nev oppoilunilies
foi piaclicing 0'#/# ,4 3"0. Since Conpulei Nelvoik LxpIoilalion is IikeIy lo le an
inpoilanl looI foi inleIIigence coIIeclion, lhe pailies lo a conicl viII le lenpled lo
pIanl nisinfoinalion deIileialeIy vilh a viev lo confuse lhe adveisaiy. Such nisin-
foinalion aloul niIilaiy pIans is peifeclIy IavfuI and is no diffeienl in piincipIe lo
199 Woiding used in AilicIe 51(5)(l) of lhe 1977 AddilionaI IiolocoI I of lhe Ceneva Convenlions.
2OO These iuIes aie dehned in AilicIe 57 of lhe 1977 AddilionaI IiolocoI I of lhe Ceneva Convenlions.
2O1 }udilh CaiI Caidan, IiopoilionaIily and Ioice in InleinalionaI Lav, Ancrican ]curna| cf |n|crna|icna| |au,
1993, p. 396.
2O2 Ilid., p. 391.
2O3 As slaled in AilicIe 56 of lhe1977 AddilionaI IiolocoI I of lhe Ceneva Convenlions.
InleinalionaI TeIeconnunicalions Convenlion, Ail. 35.
2O4 Rone Slalule of lhe InleinalionaI CiininaI Couil, AilicIe 8(2)(l)(iv).
any olhei vehicIe foi nisinfoinalion. ul vilh aII iuses of vai, lhe pailies lo a conicl
nusl ensuie lhal lhey Jo not cross tbe line into perjiJy.
$#'
Ioi exanpIe, causing eneny
foices lo leIieve lhal conlal vehicIes of lhe opponenl veie nedicaI vehicIes oi lhose
of neuliaIs vouId le peihdious. Anolhei exanpIe of piohililed peihdious conducl
vouId le if an adveisaiy iaises lhe ag of suiiendei vilh lhe inpIicil pionise lo Iay
dovn lheii ains, and once lhe ained foices lhal lhey aie hghling expose lhenseIves
fion covei, lhe adveisaiy legins hiing on lhen.
The !"#$%#!&' )* $'9,"-&#,. peinils a slale lo decIaie ilseIf neuliaI lo a conicl,
and lheiely piolecls lhe neuliaI slale fion allack oi liespass ly leIIigeienls. Neu-
liaI slales ienain piolecled as Iong as lhey do nol niIilaiiIy pailicipale oi conliilule
lo leIIigeienl slales oi aIIov lheii leiiiloiy lo le used foi such niIilaiy puiposes.
$#(

Nolvilhslanding lhese iesliiclions, a neuliaI slale nay nainlain ils ieIalions vilh leI-
Iigeienls duiing hosliIilies.
To ielain lhe lilIe of neuliaIily, a slale nay nol aIIov leIIigeienls lo nove
lioops, nunilions of vai oi suppIies lhiough neuliaI leiiiloiy. An allack lhiough a
nelvoik lhal ciosses neuliaI leiiiloiy, oi uses a neuliaI counliys saleIIiles, conpul-
eis, oi nelvoiks, vouId infiinge upon lhal neuliaIs leiiiloiy. The allack vouId lhus
le consideied iIIegaI and, peihaps, an acl of vai againsl a neuliaI.
$#)
ConveiseIy, a
neuliaIs faiIuie lo iesisl lhe use of ils nelvoiks foi allacks againsl anolhei counliy
nay nake il a Iegilinale laigel foi iepiisaIs ly lhe counliy lhal is lhe uIlinale laigel
of lhe allacks. Theie is one exceplion lo lhe invioIaliIily of a neuliaI slales leiiiloiy.
Undei AilicIe 8, a nalion need nol foilid oi iesliicl lhe use on lehaIf of lhe leIIigei-
enls of leIegiaph oi leIephone calIes oi of viieIess leIegiaphy appaialus leIonging lo
il oi lo conpanies oi piivale individuaIs as Iong as lhe neuliaI slale peinils lhe use
of ils leIeconnunicalions infiasliucluie inpailiaIIy.
$#*
In addilion, any allack invoIving nelvoiks and leIeconnunicalions nay in-
pIicale lhe InleinalionaI TeIeconnunicalion Union (ITU) and ils undeiIying chailei,
lhe InleinalionaI TeIeconnunicalion Convenlion (ITC), vhich appIy lo inleinalionaI
viie and iadiofiequency connunicalions. The ITU, and lhe ieguIalions pionuIgaled
undei il, do have sone appIicaliIily lo cyleivai and infoinalion vaifaie allacks lhal
use lhe eIeclionagnelic specliun oi inleinalionaI leIeconnunicalion nelvoiks. Iiisl,
lioadcasling slalions fion one nalion nay nol inleifeie vilh lioadcasls of anolhei
slales seivices on lheii aulhoiized fiequencies.
$#!
The InleinalionaI Iiequency Regu-
Ialion oaid of lhe ITU aIIocales lhe eIeclionagnelic specliun lo pievenl inleifeience.
Lven niIilaiy inslaIIalions nusl olseive lhe noninleifeience iequiienenl.
$"#
Addi-
lionaIIy, offshoie iadio slalions aie lanned, and slales nay nol caiiy oul liansnis-
sion of faIse oi nisIeading signaIs. Hovevei, even vheie cyleivai and infoinalion
2O5 See dehnilion in AilicIe 37 of lhe 1977 AddilionaI IiolocoI I of lhe Ceneva Convenlions.
2O6 Hague Convenlion (V) Respecling lhe Righls and Dulies of NeuliaI Ioveis and Ieisons in Case of Wai on
Land.
2O7 See: Uniled Nalions ManuaI on lhe Iievenlion and ConlioI of Conpulei-ReIaled Ciine, 1993, pp. 261-164.
2O8 Iden., AilicIe 8.
2O9 InleinalionaI TeIeconnunicalions Convenlion, Ail. 35.
21O Ilid., Ail. 22.
vaifaie aclivilies do vioIale ITU ieguIalions, neie vioIalions aie noie IikeIy lo le
consideied !0/"%6/# ,4 %,*50"%5'"( ,!($+"5$,*# undei liealy lhan "%5# ,4 3"0 juslifying
foicefuI iesponses.
$""
The !")1#3#,#)$ )$ 9$$'%'//-". /9**'"#$4 iesliicls vhal aisenaI is avaiIalIe
lo a slale vhen il chooses lo use foice. The piincipIe piohilils lhe use of veapons
designed lo cause unnecessaiy suffeiing. InleinalionaI Hunanilaiian Lav iecog-
nizes lhal lhe iighls of leIIigeienls lo adopl neans of injuiing lhe eneny aie nol
unIiniled.
$"$
As noled in lhe F'%(/"0 I/"1,*# G)8$#,0. J1$*$,*, slales do nol have
unIiniled fieedon of choice of neans in lhe veapons lhey use.
$"%
The InleinalionaI
Couil of }uslice lased ils hnding on lhe piincipIe lhal il is piohililed lo use veapons
causing lhen such hain oi useIessIy aggiavaling lheii suffeiing.
$"&
This piohililion
encouiages slales lo use lhe appiopiiale IeveI of foice lo achieve lheii niIilaiy ends.
The lasic idea is lhal hain shouId le no giealei lhan is necessaiy lo achieve Iegilinale
niIilaiy oljeclives. Undei lhis piincipIe, indisciininale veapons, such as lioIogicaI
oi chenicaI veapons, aie unIavfuI. ul cylei allacks aie oflen difhcuIl lo conlioI, and
lhus indisciininale in lheii effecls. A cylei veapon lhal enpIoys lhe use of a voin
can uninlenlionaIIy infecl niIIions of conpuleis in ils effoils lo aclivale on a singIe
laigeled nelvoik. ul vhelhei lhe cylei veapon vioIales lhe piohililion of unneces-
saiy suffeiing is oflen a case-ly-case deleininalion lhal exanines aII ieIevanl faclois.
A good iuIe of lhunl is lhal a cylei allack is unIavfuI if ils consequences aie siniIai
lo a kinelic allack lhal vioIales lhe piohililion on unnecessaiy suffeiing.
Discussions aie ongoing on hov lo cIassify #5"5/ %.!/0 "55"%-# vilhin an in-
leinalionaI IegaI fianevoik. OveiaII, lhe ?'# ") !/(('7 queslion has leen addiessed:
cyleivai occuis vhen lhe 'IeveI of danage inicled is siniIai lo an ained allack.
LxaclIy vhal lhis neans, hovevei, sliII ienains a poinl of conlenlion. As fai as cylei
?'# $* !/(('7 is conceined, il is incieasingIy accepled lhal any cylei allack vouId have
lo confoin lo lhe najoi piincipIes of lhe Lav of Ained Conicl and InleinalionaI
Hunanilaiian Lav. Cylei allacks shouId le conducled vilh a dislinclion lelveen
niIilaiy and civiIian laigels, considei lhe piopoilionaIily piincipIe as veII as lhe pos-
siliIily of secondaiy and leiliaiy effecls. ul vhal ICT infiasliucluie couId le con-
sideied puieIy civiIian and vhal duaI-use sliII ienains suljecl of vigoious delale. A
nunlei of olhei issues, foienosl lhe iesponsiliIily of nalion-slales lo pievenl lhiid-
paily cylei allacks fion leing caiiied oul fion 'lheii cyleispace, and pailicuIaiIy ly
non-slale aclois, is cuiienlIy lhe najoi issue of discussions. Mosl Weslein counliies
considei lhal addiessing lhis issue vouId iepiesenl " 10$*%$1(/ #5/1 $* )/%0/"#$*+ 56/
1,5/*5$"( 4,0 $*5/0#5"5/ %.!/03"0.
A diffeienl viev on hov de-escaIalion can le achieved is advanced ly Russia
and China. These counliies vouId piefei lo laIk aloul slale cylei veapons, and lo lieal
211 Sean I. Kanuck, Recenl DeveIopnenl, Infoinalion Waifaie: Nev ChaIIenges foi IulIic InleinalionaI Lav,
Hartard |n|cr-na|icna| |au ]curna|, 289, 1996.
212 Hague Convenlion IV, AilicIe 22.
213 LegaIily of lhe Thieal oi Use of NucIeai Weapons, Advisoiy Opinion, InleinalionaI Couil of }uslice Repoils,
sec. 39, 8 }uIy 1996.
214 Ilid.
lhese negolialions as an ains-conlioI issue, vilh liealies lanning lhe 'deveIopnenl
and depIoynenl of cylei veapons. Weslein nalions have liadilionaIIy consideied
such a liealy lo le haidIy enfoicealIe and open lo aluse, and have favoied inslead lhe
ialihcalion of lhe CounciI of Luiope Convenlion on Cyleiciine as an inpoilanl slep
lo Iinil cylei allacks and slale-afhIialed cylei espionage. The gieal inciease of cylei
espionage allacks againsl goveinnenls in lhe Iasl yeais has pionpled a conpionise
posilion, cuIninaling in deIileialions on lhe 'RuIes of ehavioi in Cyleispace.
$"'
A
nunlei of diffeienl oiganizalions aie nov engaged in dipIonalic discussions on hov
lhis couId lesl le achieved.
The Problem of Deterrence
Cyleivaifaie, a gieal equaIizei and Iike leiioiisn a nev foin of asynneliicaI
vaifaie, is a lenpling oplion lo lake. ul lhe piolIen vilh lhe lenpling oplion is lhal
cylei deleiience does nol voik as veII as nucIeai deleiience, lhis aIieady lecause lhe
"7!$+'$5$/# ,4 %.!/0 )/5/00/*%/ conliasl slaikIy vilh lhe cIaiilies of nucIeai deleiience.
Il vas lhe inciedilIe povei of nucIeai veapons lhal gave liilh lo deleiience - a slial-
egy in vhich lhe puipose of ainies shifled fion vinning vais lo pievenling lhen.
Nolhing conpaies lo lhe desliuclive povei of nucIeai veapons. NonelheIess, cylei
allacks Ioon on lhe hoiizon as a lhieal lhal is lesl undeislood as an exliaoidinaiy
neans lo a vide vaiiely of poIilicaI and niIilaiy ends, nany of vhich can have seiious
nalionaI secuiily ianihcalions. Ioi exanpIe, conpulei hacking can le used lo sleaI
offensive veapons lechnoIogies, incIuding veapons of nass desliuclion lechnoIogy.
Oi il couId le used lo iendei adveisaiy defenses inopeialIe duiing a convenlionaI
niIilaiy allack.
$"(
As Iong as secuie passive cylei defense is inpossilIe, deleiience
seens lhe onIy feasilIe palh. In lhal Iighl, allenpling pioacliveIy lo )/5/0 %.!/0 "55"%-#
nay lecone an essenliaI pail of nalionaI slialegy. Hovevei, deleiience is poinlIess
vilhoul alliilulion. Alliilulion neans knoving vho is allacking you, and leing alIe
lo iespond appiopiialeIy againsl lhe acluaI pIace lhal lhe allack is oiiginaling fion.
$")

Alliilulion as il ieIales lo cylei vaifaie is aIso dehned as deleinining lhe idenlily oi
Iocalion of an allackei oi an allackeis inleinediaiy.
$"*
In lhe case of a cylei allack,
an allackeis idenlily nay le a nane oi an accounl nunlei, and a Iocalion nay le a
physicaI addiess oi a viiluaI Iocalion such as an II addiess.
$"!
P'5 $4 0/5"($"5$,* ),/# *,5
6$5 56/ "55"%-/02 6/ 3$(( *,5 !/ )/5/00/). And il is of IegaI inpoilance as veII. RelaIialion
againsl lhe viong acloi is unjusl and a ciine of vai. Thus alliilulion is a necessaiy
condilion foi lhe Iav of vai. An allackei has lo le idenlihed and, lo nake il an ained
allack and nol jusl a ciininaI acl, lhe allackei has lo le a slale acloi oi lhose acling on
lehaIf of a slale.
215 One of lhese inilialives is cuiienlIy deveIoped al lhe NATO CCD COL and enlilIed 1O RuIes of ehavioi foi
Cyleisecuiily.
216 David A. IuIghun, Roleil WaII & Any ulIei, Cylei-Conlals Iiisl Shol, Atia|icn lcc| c Spacc Tccnnc|-
cgq, 167, 26 Novenlei 2OO7, pp. 28-31.
217 Dan MoiiiII, Cqocr Ccnic| A||riou|icn and |nc |au, TooIlox foi IT, 7 Augusl 2OO6, KnovIedge Managenenl
Iogs.
218 David A. WheeIei & Ciegoiy N. Laisen, Tccnniqucs fcr Cqocr A||ac| A||riou|icn. Inslilule foi Defense AnaIy-
ses, AIexandiia, 2OO7.
219 Ilid.
Al lhe IeveI of lhe nalion-slale, lheie aie lvo possilIe deleiience slialegies:
)/*$"( and 1'*$#67/*5. olh have lhiee lasic iequiienenls: %"1"!$($5.2 %,77'*$%"5$,*,
and %0/)$!$($5.. ul in cyleispace, lolh slialegies suffei fion a Iack of ciediliIily. E/>
*$"( is unIikeIy lo voik due lo lhe ease vilh vhich cylei allack lechnoIogy can le
acquiied, lhe innaluiily of inleinalionaI IegaI fianevoiks, lhe alsence of an inspec-
lion iegine, and lhe peiceplion lhal cylei allacks aie nol dangeious enough lo neiil
deleiience in lhe hisl pIace. L'*$#67/*5 is a ieaI oplion, lul lhis slialegy aIso Iacks
ciediliIily due lo lhe daunling chaIIenges of %.!/0 "55"%- "550$!'5$,* and "#.77/50.B
Al a nininun, alliilulion nusl inpiove lefoie a cylei allackei nay feeI deleiied. If
cylei allacks can le conducled vilh inpunily, allackeis have no ieason lo slop un-
deilaking allacks.
Deleiience is a slale of nind. Il is lhe concepl of one slale inuencing anolhei
slale lo choose *,5 lo do sonelhing lhal vouId conicl vilh lhe inleiesls of lhe inu-
encing slale. Deleiied slales decide nol lo lake ceilain aclions lecause lhey peiceive
oi feai lhal such aclion vouId pioduce inloIeialIe consequences.
$$#
The idea of inu-
encing slales decisions assunes lhal slales aie ialionaI aclois viIIing lo veigh lhe
peiceived cosls of an aclion againsl lhe peiceived lenehls, and lo choose a couise of
aclion IogicaIIy lased on sone ieasonalIe cosl-lenehl ialio.
$$"
The efjicocy of cyber Jeterrence ieIies on lhe aliIily lo inpose oi iaise cosls, and
lo deny oi Iovei lenehls ieIaled lo cylei allack in a slales decision naking caIcuIus.
CiedilIe cylei deleiience is equaIIy dependenl on a slales viIIingness lo use lhese
aliIilies, and a polenliaI aggiessois avaieness lhal lhese aliIilies, and lhe viII lo use
lhen, exisl.
Ioi cylei deleiience lo ieaIIy voik effecliveIy, il viII have lo consisl of a con-
piehensive schene of ,44/*#$8/ and )/4/*#$8/ cylei capaliIilies, suppoiled ly a iolusl
inleinalionaI IegaI fianevoik. J44/*#$8/ %"1"!$($5$/# aie lhe piinaiy looIs lo inpose
oi iaise lhe cosls in deleiience lecause lhey piovide a slale lhe 7/"*# "*) 3".# 4,0
0/5"($"5$,*2 and enhance lhe peiceived piolaliIily lhal aggiessois viII pay seveieIy
foi lheii aclions. The noie iolusl lhe capaliIily, lhe noie viII il liansIale lo a cied-
ilIe inposilion of cosls. E/4/*#$8/ %"1"!$($5$/# pIay an equaIIy ciilicaI ioIe in deleiiing
cylei allacks. They nol onIy ensuie lhal essenliaI seivices and funclions of sociely
conlinue unalaled, lhey aIso deny oi Iovei lhe lenehls an allackei nay ollain via cy-
lei allacks. Defensive cylei capaliIilies inciease a slales iesislance lo allacks, ieduce
lhe consequences, enalIe lhe slale lo slienglhen lhe secuiily of polenliaI laigels, and
Iinil oi eIininale an aggiessois aliIily lo lhiealen lhe slale lhiough cyleispace. UIli-
naleIy, lhey ieduce lhe piolaliIily of success lhal an aggiessoi viII achieve his goaIs.
Ovei and alove offensive and defensive capaliIilies, a iolusl $*5/0*"5$,*"( (/+"(
40"7/3,0- lhal addiesses cylei aggiession $# 56/ 7,#5 %0$5$%"( %,71,*/*5 ,4 " %,710/>
22O CoIin S. Ciay, Deleiience and lhe Naluie of Slialegy, in Dc|crrcncc in |nc 21
s|
Ccn|urq, Max C. Manvaiing,
ed., London, Iiank Cass, 2OO1, p. 18.
221 Roleil H. Doiff & }oseph R. Ceiani, Deleiience and Conpelilive Slialegies: A Nev Look al an OId Con-
cepl, in Dc|crrcncc in |nc 21
s|
Ccn|urq, Max C. Manvaiing, ed., London, Iiank Cass, 2OO1, p. 111.
6/*#$8/ "110,"%6 5, )/5/00/*%/. InleinalionaI Iav and noins aie fundanenlaI lo delei-
ience lecause slales shaie an inleiesl in adopling oi codifying connon slandaids foi
lhe conducl of inleinalionaI liansaclions, and in pionoling oi lanning specihc kinds
of lehavioi ly slales.
$$$
MuIliIaleiaI agieenenls piovide lhe nosl efhcienl vay of
ieaIizing lhese shaied inleiesls. The connon acceplance of noins nodeiales slale in-
leiaclion and nakes slale lehavioi noie piediclalIe, vhich Ieads slales lo conline lo
insisl on iespecl foi specihc noins of conducl ly lhose vho vioIale lheii consensus.
$$%

In lhis vay, inleinalionaI Iav luiIds lhe fianevoik lhal guides hov and vhen slales
enpIoy offensive and defensive cylei capaliIilies, and foins lhe foundalion of cylei
deleiience. Il adds ceilainly lo punilive aclions and anpIihes lhe cosls of cylei allack
ly engendeiing a negalive iesponse fion lhe inleinalionaI connunily, nol jusl fion
lhe allacked slale. Moieovei, il adds %0/)$!$($5. lo lhe 560/"5 ,4 0/10$#"( ly pioviding
Iegilinacy lo ielaIialoiy aclions and ly incieasing lhe polenliaI lo isoIale aggiessive
slales. In addilion, inleinalionaI Iav aIso piovides a neasuie of pioleclion lo slales
lhal Iack defensive and offensive capaliIilies, and seives as lheii hisl and possilIy
onIy Iine of deleiience.
UnfoilunaleIy, lheie is cuiienlIy no linding inleinalionaI Iav on cylei se-
cuiily expiessing lhe connon viII of counliies.
$$&
In facl, lhe Iack of inleinalionaI
noins, Iavs, and dehnilions lo govein slale aclion in cyleispace has Ied lo a giey aiea
lhal can le expIoiled ly aggiessive slales as Iong as lheii aclions skiil lhe inpiecise
lhieshoIds conlained in lhe UN Chailei.
$$'
Ioi exanpIe, in iesponse lo lhe accusa-
lions of slale-sponsoied cyleivai againsl Lslonia, lhe head of lhe Russian MiIilaiy
Ioiecasling Cenlie slaled lhal lhe allacks againsl Lslonia had nol vioIaled any in-
leinalionaI agieenenls lecause no such agieenenls exisl, suggesling lhal even if
Russias conpIicily couId le pioved, Lslonias oplions foi iepiisaI veie Iiniled.
$$(

Such an enviionnenl lhvails deleiience lecause il Ioveis lhe piolaliIily of iepiisaI
even if lhe allackeis idenlily is suspecled, and ieduces an allackeis polenliaI cosls
of puisuing cylei allack.
$$)
The lasic facl is lhal )/5/00/*%/ $* %.!/0#1"%/ is undeinined ly 56/ 10,!(/7 ,4
"%%'0"5/ "550$!'5$,* ,4 %.!/0 "55"%-#2 vhich poses piolIens lolh foi ielaIialion and Iav
enfoicenenl. The lhieal of offensive cylei capaliIilies viII nol delei aggiession le-
cause if you cannol idenlify lhe peipelialois, you cannol lhiealen lhen. And lheie is
no vay lo enfoice lhe Iav lecause unidenlihalIe peipelialois cannol le heId accounl-
alIe. Likevise, deleiience faIleis if lhe UN Secuiily CounciI cannol idenlify vhon lo
laigel vilh sanclions. Wilh lIane leing lhe nain piolIen in cylei allacks, lhen any
quick ieaclion is excIuded. In facl, deleiience is pailIy lased on 0/"%5$,* #1//) oi "*5$%>
$1"5$,*. Lilhei, one acls hisl lo slop lhe opponenls aclion, oi one nusl le in a posilion
lo ieacl lefoie leing sliuck ly allacks of lhe opponenl. If days, veeks oi nonlhs aie
222 ChaiIes W. Iieenan, Dip|cna|ic S|ra|cgq and Tac|ics, Washinglon D.C., US Inslilule foi Ieace, 1997, p. 84..
223 Ilid., p. 38.
224 Minisliy of Defence, Lslonia, Cqocr Sccuri|q S|ra|cgq, TaIIinn, 2OO8, p. 17.
225 Lneken Tikk, Kadii Kaska, KiisleI Runnineii, el aI, ,Ceoigian Cylei Allacks: LegaI Lessons Idenlihed, TaI-
Iinn, NATO Co-opeialive Cylei Defence Cenlie of LxceIIence, 2OO8, p. 7.
226 }ason Iiilz, Hov China WiII Use Cylei Waifaie lo Leapfiog in MiIilaiy Conpeliliveness, Cu||urc Manda|a,
VoI. 8, No. 1, Oclolei 2OO8, p. 51.
227 Tikk el aI, op. cil., p. 22.
needed lo le suie of lhe lIane, lhen deleiience as veII as dissuasion no Iongei voik.
The key piolIen vilh deleiience is lhal ve aie sliII loo eaiIy in lhe cylei age
lo knov vilh any piecision hov nuch danage slales oi olhei aclois can do ly cylei
allacks on lheii ovn oi Iinked lo olhei niIilaiy allacks. We do nol knov hov good
allackeis aliIilies lo vaid off ielaIialion aie eilhei. Ioi piaclicing deleiience, ieIevanl
infoinalion is Iacking aloul hov nuch danage a polenliaI allackei vouId considei
unacceplalIe. Theie is loo nuch seciecy aloul exisling cylei allack capaliIilies and
lheii suivivaliIily foi puiposes of 0/5"($"5$,*. The US, China, and Russia aie videIy
peiceived lo have lhe lesl capaliIilies, lul veiy IillIe is avaiIalIe aloul hov iolusl
lhey vouId le aflei a najoi allack. Thus, discussions aloul hov a conicl vouId go,
and vhal il viII lake lo delei, aie IaigeIy 6.1,56/5$%"(B
Preemption is equolly Jifjicult. Il is easy lo see lioops nassing on a loidei. Hov-
evei, in lhe digilaI ieaIn ve do nol even knov aII lhe allacks ve have suffeied, jusl
lhose ve have nanaged lo discovei. Wilhoul any langilIe lasis foi an allack, pieenp-
lion is iisky. And if ve cannol piove ve veie aloul lo le allacked, ve iisk leing seen
ly lhe inleinalionaI connunily as lhe aggiessoi, nol lhe aggiieved.
$$*
IinaIIy, given
lhe aliIily lo use vage-ianging diffused nelvoiks of ensIaved conpuleis lo Iaunch an
allack, $5 $# 6$+6(. '*($-/(. 56"5 " 10//715$8/ "55"%- 3,'() /($7$*"5/ 56/ 560/"5.
$$!
And lheie is lhe ='/#5$,* 36/56/0 0/5"($"5,0# %"* 6,() "##/5# "5 0$#-. WhiIe il is
possilIe lo undeisland lhe laigels aichilecluie and lesl allack soflvaie in vivo, one
nighl sliII nol undeisland hov lhe laigel viII lehave oi iespond undei allack. Undis-
coveied syslen piocesses nay delecl and oveiiide eiianl opeialions oi aIeil hunan
opeialois. Hov Iong a syslen naIfunclions, and lhus hov coslIy lhe allack is, viII
depend on hov veII ils syslens adninislialois undeisland vhal venl viong and can
iespond lo lhe piolIen.
$%#
Moieovei, lheie is no guaianlee lhal allackeis viII have as-
sels lhal can le pul al iisk lhiough cyleispace.
As lo lhe ='/#5$,*# 36/56/0 %.!/0 "55"%-# %"* )$#"07 %.!/0 "55"%-/0#, and vhelhei
lhe vexing %6"((/*+/ ,4 /#%"("5$,* can le avoided: lhe ansveis lo lolh aie cIeaiIy no.
In a voiId of cheap conpuling, uliquilous nelvoiking, and hackeis vho couId le
anyvheie, )$#"07$*+ %.!/0 "55"%-/0# $# *,5 1,##$!(/. LquaIIy inpossilIe is "8,$)"*%/ ,4
/#%"("5$,*. Lven if ielaIialion is in kind, counleiielaIialion nay nol le. This neans lhal
a hghl lhal legins in cyleispace nay iesuIl in spiII-ovei inlo lhe ieaI voiId, possilIy
vilh giievous consequences.
$%"

Responses lo cylei allacks nusl veigh nany faclois since, in nany vays, %.>
!/03"0 $# 56/ 7"*$1'("5$,* ,4 "7!$+'$5.. Nol onIy do successfuI cylei allacks lhiealen
lhe ciediliIily of unlouched syslens (vho knovs lhal lhey have nol leen coiiupled`),
lul lhe enliie enleipiise is lesel vilh anliguilies. Queslions aiise in cyleispace lhal
228 Lugene L. Haligei, Cqocruarfarc and Cqocr|crrcrisn, While Iapei, The Cylei Secuie Inslilule, 1 Ieliuaiy
2O1O, p. 3.
229 Cyleivai and Cyleideleiience, op cil., p. xvii.
23O Ilid., p. xviii.
231 Ilid., p. xvii.
have fev counleipails in olhei nedia. Whal vas lhe allackei liying lo achieve` Whal
shouId lhe laigel ieveaI aloul lhe allack` Hov shouId slales iespond lo fieeIance al-
lacks` And shouId deleiience le exlended lo aIIies`
$%$

Advantages and Risks of the most recent Military
Innovation: Networked Forces
Today, onls aie guided ly CIS saleIIiles, diones aie piIoled ienoleIy fion
acioss lhe voiId, hghlei pIanes and vaiships aie nov huge dala-piocessing cenleis,
even lhe oidinaiy fool-soIdiei is leing viied up.
$%%
Wilh lhis viiing up, lhe Inleinel
has enalIed lhe nosl iecenl niIilaiy innovalion: */53,0-/) 4,0%/#. A nelvoiked foice
enalIes lhe expansion, acceIeialion, and quaIilalive inpiovenenl of connand and
conlioI, and heIps lo inpiove silualionaI avaieness lhal can ieduce unceilainly. Il
nay change lhe vay hov vais aie foughl. A nelvoiked foice is noie effeclive lhan a
non-nelvoiked one of conpaialIe size. Nelvoiked aii defense is nuch noie conlal
effeclive lhan an aggiegalion of individuaI aii-defense unils. Ships, aiiciafl, and hghl-
ing vehicIes connecled ly dala Iinks hoId lhe pionise lo hghl noie effecliveIy lhan
non-nelvoiked unils vho ieIy soIeIy on iadio/voice connunicalions. This inciease
in effecliveness nakes niIilaiy nelvoiks cIeaiIy a vaIualIe and Iegilinale laigel foi
allack.
The use of nelvoik lechnoIogies and expIoilalion of cyleispace foi inleIIigence
coIIeclion, suiveiIIance, ieconnaissance, laigeling, and allack has lecone a noinaI
pail of niIilaiy aclivily. Cyleivaifaie ains al disiuplion of ciuciaI nelvoik seivices
and dala, danage lo ciilicaI infiasliucluie, and %0/"5$,* ,4 '*%/05"$*5. and ),'!5 anong
opposing connandeis and poIilicaI Ieadeis. Cylei allacks can le diiecled al laigels
ovei veiy Iong sliike dislances using ieIaliveIy inexpensive looIs. Hovevei, cylei al-
lacks seen geneiaIIy nol veiy IikeIy lo le decisive in lhe sense lhal lhe engagenenl of
slialegic veapons oi a nain foice convenlionaI allack can le. No one viII IikeIy vin
a vicloiy oi vai using ,*(. %.!/0 "55"%-#.
$%&
ul cylei allacks do offei ")8"*5"+/#. And
cylei allacks viII ceilainIy le pail of fuluie niIilaiy conicl since We knov vilh a
sad ceilainly lhal vai has a heaIlhy fuluie. Whal ve do nol knov vilh conhdence aie
lhe foins lhal vaifaie viII lake.
$%'

The anounl of advanlage piovided ly cylei allack viII depend in pail on lhe
scope and Ienglh of a conicl. Cylei allacks nay veII le noie vaIualIe in shoil con-
icls. In a conicl Iiniled in line and scope, lhe disiuplion ciealed ly cylei allacks
in seivices and Iogislics nay piovide an iniliaI advanlage. ul lhe Iongei lhe con-
icl Iasls, lhe piolaliIily incieases lhal lhe uliIily of lhis advanlage viII decIine as
an opponenl adjusls. In conliasl, allacks againsl connand and conlioI, such as lhose
232 Ilid., p. xviii.
233 Cyleivai: Wai in lhe hflh donain. Tnc |ccncnis|, 1 }uIy 2O1O, al: hup://www.economlsL.com/slLes/defaulL/
les/lmages/lmages-magazlne/2010/27/m/201027md001.[pg
234 Lilicki dixil.
235 CoIin Ciay, Anc|ncr 8|ccdq Ccn|urq, London, WeidenfeId & NicoIson, 2OO5, p. 24.
lhal disiupl dala and undeinine conhdence in lhe ovn infoinalion, couId have a
suslained cunuIalive effecl, and incieasingIy hanpei an opponenls aliIily lo iesisl.
Cylei allacks lhus inlioduce a */3 )$7/*#$,* $* 56/ "!$($5. 5, %0/"5/ '*%/05"$*5. in lhe
nind of opposing connandeis. Unceilainly does nol onIy cieale a Iaige pail of vhal
CIausevilz caIIed lhe 'fog and fiiclion of vai: il sIovs decision naking, anpIihes
caulion and linidily, and incieases lhe chance of eiiois. MisIeading an opposing con-
nandei has aIvays leen pail of vaifaie. ul cylei allacks piovide a nev and noie
inlinale capacily lo undeilake lhis, and polenliaIIy offei a signihcanl advanlage foi
)/%/15$,*, and lhus foi unJermininq conjiJence.
A siniIai kind of '*%/05"$*5. "*) $*)/%$#$,* can le pioduced ly 7"*$1'("5$,*
,4 )"5" in a cylei allack. eyond scianlIing dala lo deny an opponenl access lo il, a
noie difhcuIl and danaging allack consisls of nanipuIaling dala in oidei lo nake il
nisIeading oi incoiiecl. A cylei expIoil lhal suiiepliliousIy nanipuIaled dala in vays
unfavoialIe lo lhe opposing connandei piovides nev pionises foi cylei conicl. In
addilion, il aIso piovides possiliIilies lo salolage laigeling and veapon syslens, lo
lake ovei conlioI of nissiIes, Unnanned AeiiaI VehicIes (UAV),
$%(
iolols, and iadais,
oi lo nisIead oi disiupl lhe conlioIs even of jel hghleis. Dala nanipuIalion couId aIso
cieale havoc vilh ,1/0"5$,*"( 1("**$*+. And il is nol haid lo inagine cylei allacks lhal
effecliveIy inleifeie vilh Iogislics pIans and chains: ly giving faIse Iocalions of depols,
ly ieiouling suppIies oi naking il appeai lhal lheie aie shoilages oi suipIuses vhen
lhe opposile is lhe case.
$%)

Weapon syslens aie evei noie dependenl on soflvaie, conpulei haidvaie,
and lallIespace nelvoiking. WhiIe lhe secuiily of lhese veapon syslens advances
in slep vilh lhe deveIopnenl and inpIenenlalion of cylei lechnoIogy, lhey can le
incieasingIy affecled ly cylei allacks. Aiiciafl aie a good exanpIe. In lhe pasl, 1OO
peicenl of an aiiciafls peifoinance and capaliIilies veie dehned ly haidvaie - lhe
physicaI nakeup of lhe aiiciafl. In noie iecenl advanced aiiciafl, 75 peicenl oi noie
of ils peifoinance and capaliIily is dependenl on soflvaie. Wilhoul soflvaie, sone
aiiciafl vouId nol le conlioIIalIe. Ioi inslance, lhe I-16 is unslalIe leIov Mach one,
and unconlioIIalIe vilhoul ils soflvaie-lased ighl conlioI syslen. The oeing 777
and lhe Aiilus 33O have soflvaie ighl conlioI syslens vilhoul any nanuaI lackup.
Thiough soflvaie, aiiciafl peifoinance is gaining sone independence fion physi-
caI conhguialion, and lheiefoie #,453"0/ )/1/*)/*%/ and 6"0)3"0/ $*)/1/*)/*%/ aie
gioving. ul even hflh geneialion nuIliioIe hghleis Iike lhe I-22 and I-35 aie nol
cIosed syslens, exleinaI infoinalion syslens can updale and inlegiale infoinalion
foi conlal opeialions duiing lhe ighl. Thiough lhese exleinaI conneclions, nol jusl
lhe infoinalion syslens, lul lhe lasic soflvaie and haidvaie syslens of lhese hghl-
eis can le allacked.
$%*
VuIneialiIilies inciease in piopoilion of lhe nunlei of code
236 AIieady in 2OO9, Iiaqi insuigenls, using off-lhe-sheIf soflvaie cosling $26, hacked inlo dovnIinks of US
UAVs cosling $4.5 niIIion each in oidei lo noniloi lheii video feeds. Siolhan Coinan, Yochi }. Dieazen &
Augusl CoIe, Insuigenls Hack US Diones, la|| S|rcc| ]curna|, 17 Decenlei 2OO9. The IsiaeIi Aii Ioice is
nov equipping aII ils UAVs vilh enciypled connunicalions lo pievenl video noniloiing ly HezloIIah and
Hanas.
237 On Cqocr larfarc, op. cil., p.13.
238 LioneI D. AIfoid, Cylei Waifaie: The Thieal lo Weapon Syslens, Tnc lST|AC Quar|cr|q, VoI. 9, No. 4,
2O1O.
Iines depIoyed.
$%!

The docliine of */53,0->%/*50$% 3"04"0/2 a coineislone in lhe ongoing liansfoi-
nalion effoils of a nunlei of Weslein ained foices, seeks lo liansIale an infoinalion
advanlage, enalIed in pail ly IT, inlo a conpelilive advanlage lhiough lhe 0,!'#5 */5>
3,0-$*+ of veII infoined geogiaphicaIIy dispeised foices.
$&#
Il diavs ils guidance fion
lhe concepl of 5/"7 3"04"0/, and lhe $*5/+0"5$,* and #.*%60,*$K"5$,* of aII appiopiiale
capaliIilies acioss lhe vaiious seivices, vhich is pail of 56/ 10$*%$1(/ ,4 ?,$*5 3"04"0/.
This nelvoiking, conlined vilh changes in lechnoIogy, oiganizalion, piocesses, and
peopIe, nay aIIov nev foins of oiganizalionaI lehavioi. SpecihcaIIy, lhe lheoiy of
nelvoik-cenliic vaifaie conlains lhe foIIoving lenels: (1) A ioluslIy nelvoiked foice
inpioves infoinalion shaiing, (2) Infoinalion shaiing and coIIaloialion enhance lhe
quaIily of infoinalion and shaied silualionaI avaieness, (3) Shaied silualionaI avaie-
ness enalIes seIf-synchionizalion, and (4) lhese, in luin, dianalicaIIy inciease nission
effecliveness. Theie is no doull lhal lhe effecliveness of nelvoik-cenliic vaifaie has
giealIy inpioved. US foices engaged in J1/0"5$,* E/#/05 <5,07, invoIving noie lhan
5OO,OOO lioops, veie suppoiled vilh 1OO Mlil/s of landvidlh. The foices in J1/0"5$,*
@0"=$ Q0//),7, vilh sone 35O,OOO vaihghleis, had noie lhan 3OOO Mlil/s of saleI-
Iile landvidlh, vhich is 3O lines noie landvidlh foi a foice 45 peicenl snaIIei. US
lioops essenliaIIy used lhe sane veapon pIalfoins used in J1/0"5$,* E/#/05 <5,07 lul
vilh signihcanlIy incieased effecliveness.
$&"
And good C4ISTAR syslens aie al lhe
heail of successfuI niIilaiy opeialions.
$&$
Hovevei, in viev of lhe nany aichilecluiaI and design chaIIenges, il is nol yel
cIeai vhelhei lhe vision of nelvoik-cenliic vaifaie is soon ieaIizalIe. Since nelvoik-
cenliic vaifaie focuses so nuch on disliiluled infoinalion, lhe ained foices nusl
le vaiy of lhe effecls of faIse, nisIeading, oi nisinleipieled infoinalion enleiing lhe
syslen, le il lhiough eneny deceplion oi sinpIe eiioi. }usl as lhe usefuIness of %,00/%5
informotion con be omplijieJ, so con tbe repercussions of incorrect Joto enterinq tbe system
"%6$/8/ 7'%6 +0/"5/0 *,*>1,#$5$8/ ,'5%,7/#. In addilion lo lhis, lheie aie polenliaI is-
sues aiising fion lhe veiy naluie of any conpIex, iapidIy-deveIoped ailihciaI syslens
aiising fion %,71(/9$5. 56/,0., vhich inpIies lhe possiliIily of faiIuie nodes such as
congeslion coIIapse oi cascading faiIuie.
239 }oseph Heniolin eslinales lhal lhe soflvaie of lhe I-22 counls aiound 2 niIIion Iines of code, veisus 8
niIIion foi lhe I-35. See: InleIIigence, lhe Iiisl Defense` Infoinalion Waifaie and Slialegic Suipiise, in
Cqocruar and |nfcrna|icn larfarc, DanieI Venlie, ed., op. cil., foolnole p. 1O4.
24O Depailnenl of Defense, Tnc |np|cncn|a|icn cf Nc|ucr|-Ccn|ric larfarc, Washinglon D.C., 2OO5, p. 7.
241 Ll Cen Haiiy D. Raduege }i., Nel-Cenliic Waifaie is Changing lhe allIeheId Lnviionnenl, Defense Infoi-
nalion Syslens Agency, CrcssTa|| Tnc ]curna| cf Dcfcnsc Scf|uarc |nginccring, }anuaiy 2OO4, and DeIoille LLI,
An inleiviev vilh Haiiy D. Raduege, }i., Chaiinan, DeIoille Cenlei foi Cylei Innovalion, }uIy 2O11.
242 Visicngain caIcuIaled lhal in 2O11 lhe gIolaI naikel foi C2/C4ISR syslens viII anounl lo $7O.3 liIIion,
vhich conslilules 5 peicenl of gIolaI defense spending. See: Tnc C2/C4|SR Sqs|cns Mar|c| 2011-2021 Dcfcnsc
Rcpcr|, London, 21 }anuaiy 2O11.
Categorizing Cyber Conflicts according to their
Scope, Intensity, and Impact on War
Cylei allacks have 5"%5$%"(2 ,1/0"5$,*"(, and #50"5/+$% appIicalions. They can le
used againsl )/1(,./) 4,0%/# oi againsl #50"5/+$% 5"0+/5# in an opponenls honeIand, foi
inslance, againsl lhose lhal conliilule lo lhe aliIily lo vage vai. Theii iange is piacli-
caIIy unIiniled, and laigels can le allacked anyvheie lhe gIolaI nelvoik exlends. Cy-
lei allacks have a vaiiely of deIiveiy oplions: ovei */53,0-# oi fion )/)$%"5/) +0,'*)2
#/"2 "$0, and #1"%/ pIalfoins. The looIs aie ieIaliveIy cheap. ul cylei allacks nay
lecone noie expensive as lhey depend evei noie ,* 5$7/ "*) /44,05 4,0 0/%,**"$##"*%/
of network torqets to jinJ vulnerobilities. And lhis ieconnaissance nusl le peiiodicaIIy
iefieshed as nelvoiks change and nev equipnenl oi soflvaie is added oi ieconhg-
uied. WhiIe lhe piepaialion foi a cylei allack nay le Ienglhy, lhe speed of lhe acluaI
allack is neasuied in seconds iiiespeclive of lhe dislance fion lhe laigel. And #'010$#/
and #5/"(56 aie noinaI alliilules of cylei allacks.
$&%

E$44/0/*5 (/8/(# ,4 %.!/03"0 can le inagined, of vhich lhiee sland oul: (1) cy-
leivai as an ")?'*%5 5, 7$($5"0. ,1/0"5$,*#, (2) ($7$5/) %.!/03"0, and (3) '*0/#50$%5/)
%.!/03"0. When nodein ained foices aie invoIved in niIilaiy hosliIilies, a key oljec-
live is lo achieve infoinalion supeiioiily oi infoinalion doninance in lhe lallIespace.
This iequiies suppiessing eneny aii defenses, janning oi deslioying iadai, and lhe
Iike. The ain is lo inciease lhe 'fog of vai foi lhe eneny and lo ieduce il foi ones
ovn foices. This can le achieved lhiough sliikes and allacks designed lo degiade lhe
enenys infoinalion-piocessing syslens, connunicalions and C4ISTAR syslens, oi
ly allacking lhe syslens inleinaIIy lo achieve, nol deniaI of seivice, lul deniaI of ca-
paliIily.
$&&
In effecl, lhis foin of cyleivaifaie can le focused aInosl excIusiveIy on
niIilaiy cylei laigels.
In ($7$5/) %.!/03"0, lhe infoinalion infiasliucluie is lhe nediun, laigel, and
veapon of allack, vilh IillIe oi no ieaI-voiId aclion acconpanying lhe allack. As a
nediun of allack, lhe infoinalion infiasliucluie foins lhe vecloi ly vhich lhe cylei
allack is deIiveied lo lhe laigel - sonelines lhiough inleiconneclions lelveen lhe
eneny and ils aIIies, using Iinks foi shaiing iesouices oi dala, oi lhiough vide-aiea
nelvoik conneclions.
$&'
AIleinaliveIy, insideis nighl pIace naIvaie diieclIy on lhe
opponenls nelvoiks oi IT syslens.
As a laigel of allack, infiasliucluies aie lhe neans ly vhich lhe effecliveness of
lhe eneny foice can le ieduced. Nelvoiks faciIilale oiganizalionaI nissions. Degiad-
ing nelvoik capacily inhilils oi pievenls opeialions lhal depend on lhe nelvoik. De-
giading lhe IeveI of seivice on lhe nelvoik couId foice lhe eneny lo iesoil lo lackup
243 Suipiise due lo lhe speed of allack, vhich is cIose lo lhe speed of Iighl, and lecause of lhe facl lhal cyleial-
lacks lheoielicaIIy can inpacl lhe enliie specliun of lhe cyleispace donain sinuIlaneousIy. SleaIlh lecause
lhe veapons and effecls aie unknovn.
244 Thinolhy ShineaII, IhiI WiIIians & Casey DunIevy, Counleiing cylei vai, NATO Rcticu, VoI. 49, No. 4,
Winlei 2OO1/O2, p.17.
245 Iden.
neans foi sone opeialions, vhich nighl expose addilionaI vuIneialiIilies.
$&(
In ad-
dilion, degiading dala on a nelvoik nighl foice lhe eneny lo queslion lhe quaIily of
lhe infoinalion lo nake decisions. And as lhe veapon of allack, infiasliucluies couId
even le peiveiled lo allack lhenseIves, eilhei via inpIanlalion of nuIlipIe pieces of
naIvaie, oi via deIileiale aclions lhal expIoil exisling veaknesses. R$7$5/) %.!/03"0
couId eilhei le used lo sIov an opponenls piepaialion foi niIilaiy inleivenlion, as
pail of an econonic vaifaie canpaign, oi as pail of lhe naneuveiing lhal lypicaIIy
acconpanies a ciisis oi confionlalion lelveen slales.
V*0/#50$%5/) %.!/03"0 vouId ceilainIy le noie seiious, since il is a foin of vai-
faie lhal has lhiee najoi chaiacleiislics: (1) Il is conpiehensive in scope and laigel
coveiage, vilh IillIe oi no dislinclions lelveen niIilaiy and civiIian laigels oi le-
lveen lhe hone fionl and lhe hghling fionl. (2) Uniesliicled cyleivai can have phys-
icaI consequences and nay cause casuaIlies, sone of vhich vouId iesuIl fion allacks
deIileialeIy inlend lo cieale nayhen and desliuclion. And sone of vhich vouId
iesuIl fion lhe eiosion of civiIian connand and conlioI capaliIilies in aieas such as
aii-liafhc conlioI, eneigency-seivice nanagenenl, valei iesouice nanagenenl, and
povei geneialion. (3) The econonic and sociaI inpacl couId le piofound, in addilion
lo danage and Ioss of Iife.
$&)
UIlinaleIy, uniesliicled cyleivai nay have lhe polen-
liaI lo iesuIl in econonic and sociaI degiadalion of a slale. The gieal unknovn and
lhus dangei of uniesliicled cyleivai is lhe uninlended secondaiy and leiliaiy conse-
quences an allack nay have on uninvoIved lhiid pailies, oi even foi lhe allackei.
Cylei allacks on hospilaIs, foi exanpIe, couId pioduce casuaIlies ly nanipu-
Ialing dala, lhiough eiasing, iepIacing, oi adding ones and zeios, ly changing pie-
sciiplions oi luining off Iife-suppoil and olhei ciilicaI syslens, ly causing iadialion
oveidose, elc. WhiIe leiioiisls nay hnd such allacks alliaclive, foi slales lhey vouId
le a vioIalion of lhe Iavs of vai. Moieovei, pulling non-conlalanls in hains vay
is nol IikeIy lo pioduce a niIilaiy advanlage. ul an opponenl sliII nighl do il. Al-
lacks on ciilicaI nalionaI infiasliucluies, foi exanpIe lhe eIecliic povei giid, nighl
aIso disiupl nedicaI seivices and pioduce casuaIlies, lul vouId nol necessaiiIy le
conliaiy lo lhe Iavs of vai if lheie vouId have leen sone piioi consideialions as lo
vhelhei lhe vaIue of lhe laigel oulveighed lhe iisk of non-conlalanl casuaIlies. This
facl aIone nighl conslilule an addilionaI ieason caIIing foi adaplalion of lhe Ceneva
Convenlions.
To effecliveIy nanage a cylei conicl, il nay have lo le calegoiized inlo vaii-
ous IeveIs of inlensily. A low intensity cyber conjlict invoIves lhe Iegilinale use of cy-
lei iesouices lo undeinine lhe adveisaiy. LxanpIes aie psychoIogicaI oi infoinalion
vaifaie, a usuaI pieanlIe of an ained conicl. A meJium intensity cyber conjlict con-
piises Iov inlensily conicl and spoiadic %.!/0 "55"%-#, as veII as inliusions lo galhei
inleIIigence oi lo haiass oi deslaliIize lhe adveisaiy. A high intensity cyber conjlict
consisls of conicls of Iov and nediun inlensily, pIus cylei allacks iesuIling in lhe
246 Iden.
247 Iden.
desliuclion oi danage lo infiasliucluie, injuiies and even lhe Ioss of hunan Iives.
$&*

H0$5$%"( *"5$,*"( $*40"#50'%5'0/# aie noinaI laigels foi niIilaiy pIanneis vilh lhe
nission of gaining a slialegic advanlage. Soviel and Waisav Iacl pIanning of lhe
slialegic offensive againsl Weslein Luiope laigeled aii lases, leIeconnunicalions
seivices, fueI pipeIines, eIecliic povei giids, lianspoilalion huls, and goveinnenl
cenleis. DisalIing lhese laigels, conlined vilh pieenplive assauIls on liidges, lun-
neIs, and hailois, vouId have conliiluled lo lhe speed and success of lhe offensive.
$&!

Cylei allacks couId polenliaIIy pioduce lhe sane disiuplions, and possilIy al Iessei
cosl lo any Ialei occupalion foice. This is diffeienl fion slialegic allacks againsl nan-
ufacluiing oi olhei ciilicaI infiasliucluies vheie lhe inlenl is nol lo gain innediale
opeialionaI advanlage, lul lo lenehl fion lhe )/+0")"5$,* ,4 56/ ,11,*/*5D# %"1"%$5.
4,0 #'#5"$*/) 0/#$#5"*%/B In lhis eiosion of lhe capaliIily lo iesisl, lhe uliIily of cylei al-
lacks nay le open lo queslion. ul lhe aliIily lo inleifeie vilh connunicalions and
Iogislics foi opeialionaI oi laclicaI advanlage is nol. Thus, foi a nunlei of conicl
scenaiios, an opponenl couId ieasonalIy le expecled lo use cylei allacks lo inleifeie
vilh effoils lo nove, depIoy, and suppIy foices.
On the still unresolved Problem of Destructive-
ness of Cyber Attacks
Conpaied lo sone olhei veapons, cylei allacks seen nol IikeIy lo le veiy
desliuclive. Such allacks have difhcuIlies lo pioduce a Iol of casuaIlies, and lhe pos-
siliIily of causing danage, desliuclion, and dealh vilh cylei allacks seens ialhei
Iov.
$'#
In ils physicaI consequences a cylei allack is noie Iike salolage caiiied oul
ly gueiiIIas oi SpeciaI Ioices. Ioi aII piaclicaI puiposes a cylei veapon is inlangilIe:
liny eIecliicaI puIses vhose IelhaIily cones nol fion lheii ovn innale desliuclive ca-
pacily, lul fion lhe aliIily lo insliucl olhei langilIe syslens lo naIfunclion.
$'"
Civen
lheii Iiniled capacily foi danage, successfuI cylei allacks nay lhus depend noie on
speed and suipiise lo achieve an oplinaI effecl.
As lo lhe -$*/5$% /44/%5 ,4 %.!/0 3/"1,*#, hovevei, cylei allacks have a ceilain
aliIily lo inicl 16.#$%"( )"7"+/B Lvidence is lhe Auioia lesl al lhe Aneiican Idaho
NalionaI Laloialoiies, vheie a ienoleIy liansnilled connand of a 21-Iine soflvaie
code caused a 27 lons $1 niIIion dieseI-eIecliic geneialoi lo seIf-desliucl.
$'$
And lo
deslioy a iehneiy, a code can le senl lhal causes ciuciaI conponenls lo oveiheal. The
hisl lhing is lo luin lhe syslen lo nanuaI conlioIs lo avoid pioleclion ly aulonalic
248 Ahnad ChazaIi Alu-Hassan, Managing Cqocr Ccnic|, Cylei Secuiily MaIaysia Avaids, Confeience and
Lxhililion, KuaIa Lunpui Convenlion Cenlie, 25-29 Oclolei 2O1O,
249 IhiIIip A. Ieleisen & }ohn C. Hines, The Soviel ConvenlionaI Offensive in Luiope, Dcfcnsc |n|c||igcncc
Rcpcr| DD8-2622-4-83, May 1983, and The ConvenlionaI Offensive in Soviel Thealei Slialegy, Currcn|
Ncus, SpeciaI Ldilion, Depailnenl of Defense, 12 ApiiI 1984. AIso: |np|cqncn| cf larsau Pac| |crccs Agains|
NATO, Diiecloi of CenliaI InleIIigence, Inleiagency Menoiandun NI IIM 83-1OOO2, 1 ApiiI 1983. IhiIIip A.
Ieleisen & Nolia TiuIock III, Soviel Vievs and IoIicies lovaid Thealei Wai in Luiope, in Tnc USSR and
|nc lcs|crn A||iancc, ediled ly Rollin I. Laiid & Susan L. CIaik, oslon, Unvin Hynan, 1989.
25O Cyleideleiience and Cyleivai, op. cil., p. xv.
251 }anes A. Levis, Tnrcsnc|ds fcr Cqocruar, Cenlei foi Slialegic and InleinalionaI Sludies, Seplenlei 2O1O, p. 3.
252 See: Tnc Aurcra Pcucr Grid Vu|ncraoi|i|q, A While Iapei, al: hup://unlx.nocdeslgns.com/aurora_whlLe_paper.hLm.
conlioIs. The nain laigels vouId le lhe healing eIenenl and lhe ieciicuIalion punp.
If lolh naIfunclion, an expIosion is caused.
$'%
Theie aie aIso exanpIes vheie acciden-
laI piogianning eiiois pioduced physicaI danage.
$'&

Theie is aIso lhe possiliIily of polenliaIIy calasliophic singIe cylei-ieIaled
evenls, lhe occuiience of vhich cannol le fuIIy excIuded. One incIudes a successfuI
allack on one of lhe undeiIying lechnicaI piolocoIs upon vhich lhe Inleinel depends,
such as lhe P,0)/0 O"5/3". L0,5,%,(2 vhich deleinines iouling lelveen Inleinel Sei-
vice Iiovideis.
$''
Anolhei couId le a veiy Iaige-scaIe soIai aie vhich physicaIIy de-
slioys key connunicalions conponenls such as saleIIiles, ceIIuIai lase slalions, and
svilches.
$'(
Such calasliophic singIe cylei-ieIaled evenls, as veII as convenlionaI oi
naluiaI calasliophes, leai lhe dangei lhal lhe suppoilive infoinalion infiasliucluies
lecone oveiIoaded, ciash, and inhilil iecoveiy. ul lhe cylei infiasliucluie, vhiIe
pioviding a polenliaI vecloi foi piopagaling and nagnifying an oiiginaI liiggeiing
evenl, nay aIso le lhe neans of niligaling lhe effecls. If appiopiiale conlingency
pIans aie in pIace, infoinalion syslens can suppoil lhe nanagenenl of olhei syslenic
iisks. They can piovide aIleinale neans of deIiveiing essenliaI seivices, disseninal-
ing lhe Ialesl nevs and advice on calasliophic evenls, ieassuiing cilizens and hence
danpening lhe polenliaI foi sociaI disconlenl and uniesl - since fion lhe pulIics
poinl of viev, lhe alsence of a cIeai goveinnenl iesponse nay liiggei panic if lheie
appeais lo le no ioule lack lo noinaIcy.
On the Effects Newest Malware might have on
the Mode of Future Conflicts
Theie is lhe iecenl Sluxnel voin, lhe aiiivaI of vhich vas a valeished in lhe
secuiily voiId.
$')
Sone considei il lo le lhe nosl sophislicaled naIvaie evei pul-
IicIy discIosed. Sluxnel conlains naIvaie ained al lhe piogiannalIe Iogic conlioIIeis
(ILCs), designed lo deslioy SCADA nelvoiks: lhose lhal iun facloiies, lhe eIecliic
povei giid, iehneiies, pipeIines, uliIilies, and nucIeai povei pIanls.
$'*
Mosl indusliiaI
syslens aie iun on conpuleis vhich use Miciosofls Windovs 7 opeialing syslen.
Hackeis conslanlIy piole soflvaie foi vhal aie knovn as K/0, )". vuIneialiIilies:
veak poinls in lhe code nevei foieseen ly lhe oiiginaI piogianneis. On a sophisli-
caled and uliquilous piece of soflvaie such as Windovs XI, vhich counls aiound
253 See: hup://www.cbsnews.com/sLorles/2009/11/06/60mlnuLes/maln3333363.shLml
254 AccidenlaI lhieals ieIale lo eiiois and onissions. Liiois nay sonelines le a lhieal (foi exanpIe, piogian-
ning eiioi causing syslen lo ciash) oi nay cieale vuIneialiIily (foi exanpIe, a conpulei scieen Iefl unal-
lended nay le expIoiled ly an unaulhoiized usei). These lhieals can iesuIl in incoiiecl decisions leing
nade, disiuplion of lusiness funclions, Ioss of pulIic conhdence oi inage, hnanciaI Ioss, IegaI IialiIilies and
lieakdovn of duly of caie, aII vilh addilionaI cosls leing incuiied.
255 Hovevei, lheie is aIso vhal CLRN in Ceneva is doing, vhich couId again change lhe voiId. In a decade, ve
nay see an enliieIy diffeienl, vaslIy noie poveifuI, faslei, and noie inleinalionaIIy disliiluled nelvoik.
The Ciid, designed foi conpulalionaI suppoil of CLRNs anlilious seaich foi lhe Higgs loson, anong
olhei quanlun lheoielicaI pailicIes, couId nake cuiienl cyleivaifaie conceins eilhei quainl oi olsoIele.
HopefuIIy lhe Iallei.
256 Reducing Syslenic Cyleisecuiily Risk, op. cil., p. 5.
257 }anes I. IaiveII & RafaI Rohozinski, Sluxnel and lhe Iuluie of Cylei Wai, Surtita|, VoI. 53, No. 1,
Ieliuaiy-Maich 2O11.
258 Les allaques cyleineliques conlie IIian onl connence, |c Tcnps, 25 Novenlie 2O1O, p. 5.
35 niIIion Iines of code, discoveiing even a singIe K/0, )". vuIneialiIily is exlieneIy
unconnon. The nakeis of Sluxnel found, and uliIized, foui of lhen. No one in cylei
secuiily had evei seen anylhing Iike il. Il laigeled a specihc conponenl: lhe fiequency
conveileis nade ly lhe Ceinan equipnenl nanufacluiei Sienens lhal ieguIale lhe
speed of lhe nany lhousands of spinning cenliifuges used in lhe Iianian uianiun
eniichnenl piocess. The voin lhen look conlioI of lhe speed al vhich lhe cenliifuges
spun, naking lhen luin so fasl in a quick luisl lhal lhey vouId le danaged lul nol
lolaIIy deslioyed. Al lhe sane line, lhe voin nasked lhal change in speed fion le-
ing discoveied al lhe conlioI paneI - vilh a ioolkil piece of code lhal inleicepls secuii-
ly queiies and sends lack faIse 'safe nessages, indicaling lhal lhe voin is innocuous.
The F/3 S,0- A$7/# pulIished an ailicIe 25 }anuaiy 2O11, delaiIing lhe coopeia-
lion lelveen lhe US and IsiaeI in deveIoping lhe Sluxnel voin. Ciealing il invoIved
lhiee najoi conponenls, vhich iequiie najoi slale iesouices: lechnicaI inleIIigence on
lhe lechnoIogy used in Iians nucIeai faciIilies, piogianning and lesling capaliIilies,
and hunan access lo lhe faciIilies. The iepoil onIy delaiIs sone of lhe hisl and second
conponenls.
$'!
The voin is said lo have gained iniliaI access lo a syslen lhiough a
'lIue iullei-cIad sviveI-slyIe US diive. In a iaie nonenl of openness fion Iian, ils
piesidenl conhined on 29 Novenlei 2O1O lhal lhe cenliifuges had leen danaged ly
Sluxnel. And lhe ushei nucIeai povei pIanl lhal vas scheduIed lo go opeialionaI
on 21 Augusl 2O1O did nol. If Sluxnel nanaged lo seveieIy danage lhe slean luiline
in lhe ushei pIanl, iepaiiing oi iepIacing il nay cosl a signihcanl anounl of noney
- up lo seveiaI niIIion doIIais. IiesenlIy, il Iooks Iike noie lhan 5,O84 oul of 8,856
cenliifuges have leen laken ofine al lhe Nalanz faciIily, vilh unknovn danage in
Ioidov and olhei cenliifuge pIanls.
$(#
AII lhis liansIales lo anolhei nuIli-niIIion doI-
Iai danage.
$("
Accoiding lo David Sangei fion lhe Nev Yoik Tines, an IsiaeIi niIilaiy ofh-
ciaI had eslinaled lhal an aii sliike againsl lhe Iianian nucIeai piogian vouId cause
a deIay of lvo oi lhiee yeais. So il Iooks Iike Sluxnel achieved pielly nuch vhal
aii sliikes vouId have achieved, onIy al nuch Iess cosl, vilhoul knovn falaIilies,
and vilhoul a fuII-lIovn vai in lhe MiddIe Lasl. Il seens lo have leen successfuI in
lenpoiaiiIy disalIing lhe epicenlei of Iianian nucIeai ieseaich. A sophislicaled haIf-
negalyle of conpulei code appaienlIy acconpIished vhal a haIf-decade of UN Secu-
iily CounciI iesoIulions couId nol. The cosl of deveIopnenl of Sluxnel has leen esli-
naled lo le aiound $1O niIIion. The cosl of aii sliikes vouId have leen nuIlipIe, onIy
counling naleiiaI, nol falaIilies and injuiies. Assuning lhal onIy one hghlei jel vouId
have leen Iosl in a niIilaiy canpaign againsl Iian is ceilainIy nave, lheie vouId have
leen seveiaI. And lheie vouId have leen nany dead and nany injuied, signihcanl
desliuclion ly Iianian nissiIes hied in ielaIialion and a huge anounl of coIIaleiaI
danage jusl ly lhe oiI piice junping. AII lhis did nol happen vilh Sluxnel. Thus, in
niIilaiy leins, il vas a laigain. If lhe aIleinalive is convenlionaI niIilaiy sliikes vilh
259 See: The US-IsiaeIi Sluxnel AIIiance, Auslin, STRAT|OR G|coa| |n|c||igcncc, 17 }anuaiy 2O11.
26O MichaeI Mailine, ils lefoie lonls: Hov Sluxnel ciippIed Iians nucIeai dieans, Sappnirc, 3 Decenlei
2O1O.
261 RaIph Lagnei, Tnc Sncr| Pa|n frcn Cqocr Missi|cs |c Dir|q Digi|a| 8cnos, Tiavis, poIilicaIfoiun, 26 Decenlei
2O1O.
expIosives oi nayle even veapons of nass desliuclion, cylei sliikes nighl le lhe
lellei deaI, nol onIy foi lhe allackei, lul especiaIIy foi lhe allacked.
$($

Hence, Sluxnel nay iepiesenl lhe opening of a nev chaplei in lhe use of cy-
leispace lo achieve lhe slialegic effecl of neuliaIizing a polenl inleinalionaI lhieal,
suggesling lhal cylei allacks can le seen as anolhei Iong-iange sliike veapon - faslei
lhan nissiIes oi aiiciafl, nol as desliuclive, lul cheapei and possilIy coveil.
$(%
This
sophislicaled SCADA allack, nov seen as a 'gane changei, denonslialed lhe polen-
liaI of fuluie cylei allacks and cyleivaifaie.
$(&
Il is aIso an exceIIenl exanpIe denon-
slialing lhal poIilicaI and slialegic effecl can le achieved vilhoul lhe need foi ained
conicl.
Sluxnel has shovn lhal lhe slialegic uliIily of cylei veapons is lheii aliIily lo
disiupl, deny, and deceive an adveisaiys slialegic inlenlions. WhiIe il ceilainIy dan-
aged lhe Iianian piogian and confused ils lechnicians, lhe allacks oveiaII effecl seens
lo have leen Iess inpiessive. Iian has iepIaced aII of ils danaged cenliifuges and has
iesuned eniiching uianiun. This is signihcanl, as il suggesls lhal cylei-veapons aie
nol lhe 'siIvei luIIel iepIacenenl foi noie-liadilionaI niIilaiy insliunenls lhal lhey
have leen puipoiled lo le. Il has nol coeiced lhe Iianian iegine inlo alandoning lhal
piogian. Sluxnel aIso shovs lhal effeclive cylei allacks iequiie Iaige, conpIex opeia-
lions, and enlaiI a nassive inleIIigence luiden. Il nov seens lhal lhe Iianian nucIeai
faciIilies aie undei a ieneved allack vilh a voin caIIed 'Slais,
$('
and noie iecenlIy
vilh a Tiojan caIIed 'Duqu.
$((
Theie aie cIeai Iinilalions and disadvanlages of such allacks, hovevei. This,
nol Ieasl lioughl aloul ly lhe poious loideis of cyleispace, vhich, as exenpIihed in
lhe case of Sluxnel, Ied lo lhe infeclion of lhousands of addilionaI conpuleis lolh in
Iian and leyond.
$()
As of yel, lheie exisls no asceilained aliIily lo eslinale oi foiecasl
lhe scope of uninlended consequences and coIIaleiaI danage of cylei allacks. Ioi
allacks lhal disalIe nelvoiks, lheie couId le unpiediclalIe danage nol onIy lo lhe
laigel, lul aIso lo non-conlalanls, neuliaIs, aIIies, oi even lhe allackei, depending on
lhe inleiconneclions of lhe laigel nelvoik oi lhe syslens allacked. This nakes lhe po-
IilicaI iisk of coIIaleiaI danage and uninlended second and lhiid oidei consequences
unpiediclalIe, and caiiies vilh il lhe iisk of escaIaling a conicl.
262 Ilid., al: hup://www.mall-archlve.com/pollucalforum[googlegroups.com/msg63062.hLml
263 If Sluxnel vas ained specihcaIIy al lhe Iianian nucIeai ieacloi in ushei oi lhe Nalanz uianiun eniichnenl
pIanl, il exhililed one of lhe veaknesses of cylei allacks: lhey aie difhcuIl lo laigel and aIso lo conlain. India
and China veie iepoiledIy haidei hil lhan Iian, and lhe voin couId easiIy have spiead in a diffeienl diiec-
lion, and nay have even hil lhe oiiginaloi. Hence, lhe veiy openness of lhe Inleinel seives as a deleiienl
againsl lhe use of cylei veapons.
264 IauI K. Keii, }ohn RoIIins & Calheiine A. Theohaiy, Tnc S|uxnc| Ccnpu|cr lcrn. Haroingcr cf an |ncrg-
ing larfarc Capaoi|i|q, Washinglon D.C., CRS Repoil foi Congiess, CongiessionaI Reseaich Seivice, 7-57OO,
R41524, 9 Decenlei 2O1O. And: Richaid Adhikaii, Sluxnel Suspicions Rise: Has a Cyleivai Slailed`,
TccNcuslcr|d, 4 Novenlei 2O1O.
265 Seige Dunonl, Connenl IsiaI deslaliIise ses ennenies` Iai ses usines a viius, IsiaI ienfoice sa cylei-
gueiie conlie IIian, |c Tcnps, 28 aviiI 2O11, pp. 1 & 6.
266 Iian says il has 'conlioIIed Duqu naIvaie allack, 88C Ncus Tccnnc|cgq, 14 Novenlei 2O11.
267 A voin in lhe cenliifuge, Tnc |ccncnis|, 2 Oclolei 2O1O. And: The neaning of Sluxnel, Tnc |ccncnis|,
3O Seplenlei 2O1O.
WhiIe sliikes on depIoyed foices nay cieale unease and concein ovei polenliaI
escaIalion, sliiking civiIian laigels and ciilicaI nalionaI infiasliucluies in an oppo-
nenls honeIand viII IikeIy le consideied a najoi escaIalion of conicl. The ieaclion
of lhe enenys Ieadeiship lo allacks on civiIian laigels couId le pionounced. Lven if
an allack nay le inlended lo le Iiniled, lhe opponenl nay nol peiceive oi leIieve lhe
Iinilalion. Unceilainlies aloul lhe scope of coIIaleiaI danage, and piolIens vilh al-
liilulion of an allack vilh sufhcienl ceilainly, cieale poIilicaI iisk foi a decision lo use
cylei allacks. Ioi an allackei as veII as foi a ielaIialoi, uninlended consequences and
unexpecled coIIaleiaI danage couId veaken inleinalionaI suppoil, pioduce negalive
doneslic ieaclions, and sliffen iesislance in lhe laigel counliy.
And lheie is anolhei piolIen. Cylei veapons can le copied and lheii pioIifei-
alion cannol le conlioIIed. Sluxnel-inspiied veapons and lechnoIogy nay soon le in
lhe hands of iogue nalion-slales, leiioiisls, oiganized ciine, and hackeis. And lhese
veapons nay soon Iook diffeienl fion lhe oiiginaI. Sluxnel vas pieciseIy designed
foi suigicaI allacks on dislincl laigels. ul lheie is no ieason lo assune lhal foIIov-up
allackeis viII foIIov lhe sane phiIosophy. Il is nuch noie IikeIy lhal ve aie going lo
see 'diily digilaI lonls in lhe vake of Sluxnel, vhich is a cylei veapon lhal inicls
Iov lo nediun danage lo a Iaige nunlei of iandon laigels. And lo nake lhese
veapons does nol iequiie expeils.
The governance problem
A noie inpoilanl piolIen is lhal in aII slales lolh lhe decision naking ap-
paialus foi cylei allack and lhe oveisighl nechanisns foi il aie inadequale loday.
Cylei allack is a ieIaliveIy nev addilion lo lhe nenu of oplions lhal poIicynakeis
nay exeicise, and lheie aie fev piecedenls and haidIy any hisloiy lo guide lhen.
The infiasliucluie and iesouices needed lo conducl such aclivilies, and lhe aclivilies
lhenseIves, aie ly lheii naluie Iess visilIe lhan lhose associaled vilh noie liadilionaI
niIilaiy, inleIIigence, oi Iav enfoicenenl aclivilies. Noi do lhey hl inlo slandaid cale-
goiies. The veapons nay iniliaIIy acl in a non-IelhaI nannei, lhough lhey sulsequenl-
Iy nay veII have desliuclive oi IelhaI effecls. The aclivilies foi vhich lhey aie suiled
go fai leyond suiveiIIance oi coveil aclion. Moieovei, lhe veapons aie shiouded in
seciecy. In nosl cases, ludgels lo acquiie cylei allack capaliIilies aie IikeIy snaII
conpaied lo ludgels foi najoi acquisilion piogians of convenlionaI veapons.
$(*
The
lechnicaI knovIedge needed lo conducl infoined oveisighl is Iiniled. The inpoi-
lance of cylei allack as a possilIe oplion foi poIicynakeis is nol videIy appiecialed.
And pioceduies foi infoining polenliaIIy ieIevanl poIicynakeis in lolh lhe execulive
and lhe IegisIalive lianches appeai lo le nininaI oi non-exislenl.
Wilh aII lhese faclois in pIay, an adequale oiganizalionaI sliucluie foi deci-
sion naking and exeicising oveisighl has yel lo eneige, and nuch of lhe infoinalion
268 In lhe US, foi exanpIe, a najoi defense acquisilion piogian is one designaled as such ly lhe Secielaiy of
Defense and eslinaled lo iequiie a lolaI expendiluie foi ieseaich, deveIopnenl, lesl, and evaIualion of noie
lhan $3OO,OOO,OOO oi a lolaI expendiluie foi piocuienenl of noie lhan $1,8OO,OOO,OOO (lased on hscaI yeai
199O conslanl doIIais).
ieIevanl lo conducling infoined oveisighl is unavaiIalIe. As a iesuIl, goveinnenl
and sociely al Iaige aie neilhei oiganized noi in any vay piepaied lo lhink aloul lhe
inpIicalions of cylei allack as an insliunenl of nalionaI poIicy, Iel aIone lo nake in-
foined decisions aloul lhen. In addilion, a najoi eIenenl nissing and conspicuous
in ils alsence is lhe ioIe IaiIianenl shouId pIay in decisions ieIaled lo cylei allacks.
Thus, iesuIling is a goveinance piolIen lhal needs lo le soIved.
In sum
Cylei lhieals pose ciilicaI nalionaI and econonic secuiily conceins due lo lhe
iapid advances in, and incieasing dependency on, ICT lhal is undeipinning evei
noie aspecls of nodein sociely and Iife. Dala coIIeclion, piocessing, sloiage, and
liansnission capaliIilies aie gioving exponenliaIIy, and noliIe, viieIess, and
cIoud conpuling liing lhe fuII povei of lhe gIolaIIy-connecled Inleinel lo nyiiad
peisonaI devices and ciilicaI infiasliucluies. ecause of naikel incenlives, inno-
valion in funclionaIily is oulpacing innovalion in cylei secuiily. And neilhei lhe
pulIic noi lhe piivale secloi has leen successfuI al fuIIy inpIenenling exisling
lesl piaclices.
The inpacl of lhis evoIulion can le seen nol onIy in lhe incieasing scope of cylei
secuiily incidenls, lul aIso in lhe expanding iange of aclois and laigels. ieadlh
and sophislicalion of conpulei nelvoik opeialions ly lolh slale and non-slale ac-
lois have incieased naikedIy in lhe Iasl yeais. Hovevei, ly fai nol aII such cylei
secuiily incidenls quaIify as cylei allacks. Cylei allack iefeis lo deIileiale aclions
lo aIlei, disiupl, deceive, degiade, oi deslioy conpulei syslens oi nelvoiks oi
lhe infoinalion and/oi piogians iesidenl in oi liansiling lhese syslens and nel-
voiks.
Cyleispace opeialions foi lhe nosl pail do nol neel lhe ciileiia foi 'use of foice
oi 'acl of vai as cuiienlIy dehned ly inleinalionaI Iav.
$(!
Hovevei, lhe issues
iaised ly lhe acquisilion and use of cylei allack capaliIilies aie signihcanl acioss
a lioad iange of conicl scenaiios, fion snaII skiinishes vilh ninoi aclois lo
aII-oul conicls vilh najoi adveisaiies, a fev of vhich nay even le capalIe of
enpIoying veapons of nass desliuclion.
The avaiIaliIily of cylei allack lechnoIogies foi nalionaI puiposes giealIy expands
lhe iange of oplions avaiIalIe lo nalionaI poIicynakeis as veII as lhose of olhei
counliies. Hovevei, il aIso neans lhal lheii use nay sonelines iesuIl in unanlici-
paled, unfoieseen, oi uninlended consequences.
The consequences of a cylei allack nay le lolh diiecl and indiiecl, and in sone
cases of inleiesl, lhe indiiecl consequences can fai oulveigh lhe diiecl conse-
quences. Diiecl oi innediale effecls aie lhose on IT syslens oi nelvoiks allacked.
269 Nolions ieIaled lo 'use of foice and 'ained allack shouId le judged piinaiiIy ly lhe effecls of an aclion
ialhei lhan ils nodaIily.
Indiiecl oi foIIov-on effecls aie lhose on lhe syslens and/oi devices lhal lhe al-
lacked IT syslen oi nelvoik conlioIs oi inleiacls vilh, oi on lhe peopIe lhal use
oi ieIy on lhose.
Slales vhich aie highIy dependenl on lhe capaliIilies affoided ly uliquilous ICT
in eveiy secloi, lolh niIilaiy and civiIian, have nuch lo Iose fion uniesliained
cylei allacks lhal pioIifeiale voiIdvide. And foi nany IT infiasliucluie laigels,
lhe ease of cylei allack is incieasing ialhei lhan decieasing. Theie is, lheiefoie,
ioon lo expIoie an ains Iinilalion appioach lo cylei secuiily (incIuding oplions
foi conhdence and secuiily-luiIding neasuies). A piioiily vouId le lo ensuie lhal
IHL is aIso olseived in lhe cylei dinension of vai.
WhiIe doulls ienain as lo vhelhei slialegic cyleivai is feasilIe, il is unIikeIy
lhal a vai vouId le foughl onIy vilh cylei veapons and puieIy vilhin lhe cylei
donain. The use of cylei capaliIilies in conjunclion vilh a convenlionaI niIilaiy
canpaign seens lo le lhe nosl IikeIy fealuie of fuluie vaifaie lelveen slales.
$)#

Like eaiIiei lechnoIogicaI innovalions, lhese viII le used lo degiade eneny capa-
liIilies and lo shape lhe lallIespace, and peihaps ieshape lhe vays vais viII le
foughl.
Sone of lhe issues, anliguilies, and piolIens idenlihed viII nol le iesoIved
unliI fuilhei and diiecl expeiience in cyleivai can le gained. In lhe inleiin, vai
ganes, sinuIalion, and cylei secuiily, cylei defense, and cylei allack exeicises couId
piovide noie insighls. DiaIogue vilh aIIies and vilh polenliaI opponenls couId heIp
lo cIaiify issues, anliguilies, and piolIens, and lhus evenluaIIy aIso ieduce lhe
chances of niscaIcuIalion oi nispeiceplion.
27O On Cqocr larfarc, op. cil, p. 6.
Annex 1: In which Ways is
Cyberwar different from the
other Warfighting Domains?
Intrinsic Characteristics as a Unique Combat
Domain
The advenl of cyleivai lioughl lhe /7/0+/*%/ ,4 %.!/0#1"%/ "# " */3 ),7"$*
,4 %,7!"5, vhich, as such, is an exceedingIy iaie evenl. ul in addilion, cyleispace
lioughl aIso nev fealuies lhal nake il a '*$='/ %,7!"5 ),7"$* vilh jive ciilicaI
dislinguishing chaiacleiislics. Q$0#5, cyleispace has lecone a 'gIolaI connons
/9$#5$*+ "(7,#5 /8/0.36/0/ and ,1/* 5, "*.,*/, aIIoving useis lo nove acioss il vilh
ease and evei-incieasing speeds. ecause il is open lo anyone, inliudeis can aInosl
aIvays gain access lo a vuIneialIe syslen oi nelvoik lo expIoil. And once in, lhey
can le difhcuIl lo delecl and lo disIodge.
$)"
The #/%,*) ciilicaI chaiacleiislic is lhal
cyleispace piovides a +0/"5(. /95/*)/) !"55(/#1"%/ vilh no ieaI loundaiies since ieaI-
voiId laiiieis have no counleipails in cyleispace. Noi vouId eIeclionic laiiieis offei
sancluaiy. WhiIe defendeis can and shouId luiId eIeclionic 'hievaIIs, such defenses
can, in one vay oi anolhei, le lieached oi lypassed. The 56$0) ciilicaI chaiacleiislic is
lhal ICT has )/7,($#6/) 5$7/ "*) )$#5"*%/ in lhal giealIy exlended lallIespace, vhich
is no Iongei of a convenlionaI lype lecause il consisls of lhe %,*8/0+/*%/ ,4 5/%6*,(,+$/#
and $*40"#50'%5'0/#B In lhis nev donain of opeialions, 5$7/ is noie conpiessed lhan
lhe faslesl-noving kinelic capaliIilies. ecause lhe Inleinels ieach iendeis physicaI
dislance IaigeIy iiieIevanl, inliusions and lieak-ins cone al such high pace and speed
lhal lhe ovn cylei defense foices have onIy seconds lo iespond. And lhis Ieads lo
lhe 4,'056 ciilicaI chaiacleiislic: %.!/0#1"%/ 4"8,0# 56/ "55"%-/0. Wilh no loundaiies,
allacks can cone fion anyvheie. Uliquilous access nakes eslalIishing a defense
especiaIIy difhcuIl lecause defendeis nusl successfuIIy paiiy eveiy lIov and nusl
le aIvays iighl, vhiIe lhe allackei nusl le iighl onIy once, and iaieIy has lo face lhe
consequences of his aclions. Hackeis can peneliale aII nelvoik defenses al noninaI
cosl conpaied lo lhe gieal expenses foi ciealing and nainlaining nelvoik secuiily.
Moieovei, cyleispace has yel lo undeigo any lechnoIogicaI oi oiganizalionaI
ievoIulion lhal changes lhe doninance and inheienl inlaIance of offensive cyleivai,
vhich loday sliII conlinues lo oulpace defense. IinaIIy, lhe jiftb ciilicaI chaiacleiislic
is lhe -"(/$),#%,1$% %6"*+/ ,4 56/ %,71,*/*5# ,4 %.!/0#1"%/2 vhich aie undei conslanl
liansfoinalion lhiough changes in usage and lechnoIogy. These conponenls aie
conslanlIy leing ciealed, updaled, noved oi physicaIIy ieIocaled, deslioyed, Iosl,
connecled and disconnecled, hidden and exposed. This is due pailIy lo lhe pace of
271 The pioIifeialion of viieIess handheId devices lhal connecl lo lhe Inleinel opens niIIions of addilionaI palhs
lo cyleispace. The iapid pace of app deveIopnenl foi noliIe devices nay acceIeiale lhe liilh iale of sofl-
vaie vuIneialiIilies. And lechniques lo expIoil lhese vuIneialiIilies evoIve jusl as iapidIy.
innovalion of ICT in geneiaI, vhich, in luin, diives lhe evoIulion of cyleispace. Nev
pioducls aie appeaiing daiIy and ieceive ieguIai updales. ecause of lhis kaIeidoscopic
change, lhieals and vuIneialiIilies in cyleispace diffei fion lhose in lhe voiId of
convenlionaI conlal.
$)$

The upshol of lhe inheienl naluie of cyleispace is lhal, conpaied vilh lhe olhei
vaihghling donains, cyleispace conslilules a noie difhcuIl enviionnenl foi secuiily
aclois, one lhal is pailicuIaiIy difhcuIl lo defend. Iion a defensive peispeclive, il is
difhcuIl lo defend a space lhal exisls viiluaIIy eveiyvheie, lhal Iels anyone in, and
lhal has no loundaiies. Lven so-caIIed cIosed nelvoiks, such as lhose lhal aie nol
connecled lo lhe Inleinel and lhose lhal aie aii-gapped, aie sliII al iisk fion nanuaI
inseilion of naIvaie, foi exanpIe, ly neans of poilalIe sloiage devices, oi ly viieIess
code inseilion liansnilled ovei iadio oi iadai fiequencies.
$)%
And lecause lhe iange of
hosliIe oi naIicious aclion is nuch lioadei in cyleispace lhan in lhe olhei vaihghling
donains, and lhe idenlily of lhose vho engage in lhese aclions can le indeleininale,
cyleispace has lecone lhe viId vesl of lhe gIolaI connons.
$)&

On lhe olhei hand, in leins of ieIevance lo vaihghling, lhe chaiacleiislics of
cyleispace aIIov lhe ovn foices a lioadei span of effecls, noie piecision, giealei
sleaIlh, Iovei piolaliIily of deleclion, and a IeveI of nonalliilulion nol possilIe in
olhei donains.
;")-2'" /!-$ )* '**'%,/" Cyleispace offeis lhe polenliaI foi neaiIy inpeiceplilIe
syslen effecls aII lhe vay lhiough nassive eIeclionic neans of 7"## )$#0'15$,*. As
nelvoiked conpulei chips ieach deepei inlo lhe devices lhal aie used in daiIy Iife, lhe
capacily lo nake ninule changes in lhese syslens offeis lhe possiliIily of nanipuIaling
lhe peiceplions of lhose lhey seive. These capaliIilies couId le used, foi exanpIe, lo
inleiiupl connand and conlioI of lhe ained foices, oi lo lIock connunicalions lo a
leiioiisl Ieadei al a ciilicaI nonenl in his opeialions, causing disaiiay, faiIuie of an
inninenl allack, fonenlalion of nisliusl and division anong his suppoileis undei
lhe iighl condilions. Anolhei slienglh of lhe cylei ieaIn is lhe aliIily lo achieve
effecls in sone cases conpaialIe lo sone kinelicaIIy geneialed effecls lul vilhoul oi
Iess inleinalionaI poIilicaI and IegaI pilfaIIs.
<)"' !"'%#/#)$" The cylei ieaIn liings nev neaning lo piecision. The
piecision inheienl in cylei allacks goes leyond lhe aliIily lo addiess specihc laigels.
The cylei ieaIn is capalIe of inposing effecls upon ceilain chaiacleiislics oi pails of
laigels. Lveiylhing fion culling off connunicalions lo feeding lad lining oi Iocalion
infoinalion lo an adveisaiy can nanipuIale lhe oulcone of his opeialions and liing
ieaI laclicaI, opeialionaI, and even slialegic advanlage lo lhe ovn foices. Depending
272 Accoiding lo Shon Haiiis, a lhieal is a polenliaI dangei lo infoinalion syslens, vhiIe a vuIneialiIily is a
soflvaie, haidvaie, oi pioceduiaI veakness lhal nay piovide an allackei an open dooi he is Iooking foi lo
enlei a conpulei oi nelvoik and have unaulhoiized access lo iesouices vilhin lhe enviionnenl. See: Shon
Haiiis, C|SSP |xan Guidc, 4
lh
ed., Nev Yoik, McCiav-HiII, 2OO8, p. 61.
273 CIaike & Knake, op. cil., p. 7. And: David A. IuIghun, Seaiching foi Ways lo Tiace Cylei Allackeis,
Atia|icn lcc| and Spacc Tccnnc|cgq, 2O May 2O11.
274 AlIanlic CounciI, Prc|cc|ing |nc g|coa| ccnncns, DoIce La HuIpe, iusseIs, Secuiily and Defense Agenda, SDA
Repoil, 16 Seplenlei 2O1O, p. 8.
on lhe ciicunslances, cylei capaliIilies can le used lo pioduce effecls such as deIaying
oi even slopping an invasion, foi exanpIe, ly ienoleIy innoliIizing Iead ainoied
vehicIes of a foice on a liidge, lhus lhvailing lhe passage of olhei foices.
=,'-&,1 -$2 &): !")3-3#&#,. )* 2','%,#)$" olh sleaIlh and Iov piolaliIilies of
deleclion aie necessaiy condilions foi effeclive opeialions in cyleispace and essenliaI,
pailicuIaiIy lo conducl coveil cylei ISR. Cylei allacks iequiie a high IeveI of access
lo adveisaiy nelvoiks lhioughoul aII phases of conicl. AIlhough cylei aclivilies aie
chaiacleiislicaIIy sleaIlhy and difhcuIl lo delecl, caie nusl sliII le laken lo pievenl lheii
discoveiy. This, lecause discoveiy iisks Ioss of laigel access, adveisaiy knovIedge
of cylei capaliIilies ieadiIy counleied oi nol easiIy iepIicaled, and Iinilalions of
capaliIilies. Hence, ieseaich shouId focus on ieducing lhe iequiienenl foi sleaIlh so
lhal cylei can piovide lellei deleiienl effecls.
>)$-,,"#39,#)$ -$2 #$,"-%'-3#&#,." The difhcuIly of delecling an adveisaiys
cylei aclivilies aIso nakes lhese noie chaIIenging lo liace and alliilule. Lnledded in
sone looIs and nelhods, lhese capaliIilies fiequenlIy iequiie nanuaI aclions such as
Iog nanipuIalions. Such chaiacleiislics piove invaIualIe lo nalionaI secuiily lecause
lhey ieduce lhe IikeIihood of counleiallacks and pieseive niIilaiy opeialions leIov
lhe IeveI of vai. They aIso ieduce lhe piolaliIily of negalive inleinalionaI poIilicaI
and IegaI effecls vhen cylei capaliIilies aie enpIoyed since lhey aie nol suljecl lo lhe
sane soils of inleinalionaI poIilicaI consequences as aie nany liadilionaI capaliIilies
vilh conpaialIe effecls. In lhis vay, lhe effecls allainalIe in and lhiough cyleispace
can aIso le used lo aid olhei eIenenls of nalionaI povei ialhei lhan hindei lhen.
Cyleispace, hovevei, iaises a nunlei of difhcuIl and conpIex issues, slailing
vilh lhe '*'#'"((. ("0+/ "00". ,4 560/"5 "%5,0# lhal aie nov in pIay, and lhe /"#/ 3$56 36$%6
56/. %"* '*)/05"-/ 6,#5$(/ "%5$,*#. AIieady lhe lypes of lhieals go leyond lhose lhal aie
canonicaI lo lhe inleinalionaI syslen. They junp ovei and iendei olsoIele cenluiies
of undeislandings aloul soveieignly and nalionaI loideis.
$)'
ecause il is a donain
chaiacleiized ly speed, aulonalion, anonynily, and a iapid pace of lechnoIogicaI
advancenenl, cyleispace is indeed a veiy difhcuIl enviionnenl foi secuiily aclois.
Yel lhe ieIaliveIy Iov cosl of a sophislicaled allack nakes il an asynneliic heId. And
lhe asynneliies enalIe a iange of olhei aclois, nol jusl slales, lo use viiluaI neans foi
lheii ovn hosliIe ends, sonelines even vilh psychoIogicaI dinensions.
As to the Differences of Cyberwar at the
Strategic and Operational Levels of Warfare
The #50"5/+$% 1'01,#/ ,4 56/ "11($%"5$,* ,4 %.!/01,3/0 is olvious: il ievoIves aiound
lhe aliIily in peace and vai lo nanipuIale peiceplions of lhe slialegic enviionnenl
lo ones advanlage vhiIe al lhe sane line degiading lhe aliIily of an adveisaiy lo
conpiehend lhal sane enviionnenl. Tiansfoining lhe effecls of cyleipovei inlo
275 On Cqocr lar, op. cil., p. 28.
poIicy oljeclives is lhe ail and science of slialegy, dehned as nanaging conlexl
foi conlinuing advanlage accoiding lo poIicy.
$)(
<50"5/+. is conceined vilh lhe
ieIalionship lelveen /*)#2 3".#, and 7/"*#. WhiIe lhe ieIalionship lelveen ends,
vays, and neans is inpoilanl and slialegicaIIy appIicalIe in lhe cIassicaI vaihghling
donains, lhis is nol so lo lhe sane exlenl foi vai in lhe cyleispace donain. Iiisl, il
is Iess cIeai vhal lhe /*)# of cyleivaifaie aie. The facl lhal il is aInosl inpossilIe lo
discein lhe inlenl oi even lhe idenlily of an aggiessoi in cyleispace vilh sufhcienl
ceilainly nakes il veiy difhcuIl lo see cyleivaifaie as an aclion ly a knovn paily
using ceilain iesouices in oidei lo achieve specihalIe goaIs. In lhe olhei vaihghling
donains alliilulion is nol a piolIen as il is noie oi Iess seIf-evidenl vho acls in a
vaiIike nannei, and foi vhal ieason. ul vilhoul fasl and accuiale alliilulion, lhe
idenlily and inlenl of an allackei in cyleispace nighl jusl nol le knovalIe. Hence,
deleiience viII haidIy voik, and il viII le noie difhcuIl foi a defending goveinnenl
lo knov lhal ils ielaIialoiy iesponse is lolh accuialeIy laigeled and piopoilionale lo
lhe danage caused.
$))

Second, lhe 3".# of cyleivaifaie aie even Iess cIeai. Whal can le expecled
of cyleivaifaie as a nelhod foi achieving #50"5/+$% /*)# is neilhei olvious, noi is
lheie any nelhod lo eslinale 6,3 "7!$5$,'# 56/#/ /*)# %"* !/. The ansvei viII depend
upon lhe )/+0// ,4 )/%$#$8/*/## lhal can le alliiluled lo cyleivai. And on lhis issue,
onIy veiy conlioveisiaIIy dispuled opinions exisl. The aigunenls iange fion seeing
cyleivai neieIy as an anciIIaiy funclion of 4,0%/ 7'(5$1($/0, lo undeislanding il as a
dislincl donain aIongside Iand, sea, aii and space opeialions, lo seeing il as nolhing
Iess lhan a nev 21
sl
cenluiy vai in ils lolaIily, lhal is )$#1("%$*+ %,*8/*5$,*"( 7$($5"0.
,1/0"5$,*# "(5,+/56/0.
$)*
Il is as connon lo hnd peopIe convinced of lhe possiliIily of a
%.!/0 L/"0( W"0!,0
$)!
oi %.!/0+/)),* as il is lo hnd vehenenl allenpls lo disniss such
possiliIilies as voisl-case anaIysis and scaienongeiing.
Thiid, lhe 7/"*# of cyleivaifaie pose a videi vaiiely of piolIens. Conpaied
lo kinelic veapons, cylei veapons have lhiee dislinguishing chaiacleiislics: (1)
They aie geneiaIIy easiei lo use vilh a highei degiee of anonynily and pIausilIe
denialiIily, naking lhen veII suiled foi coveil opeialions and foi insligaling conicl
lelveen olhei pailies. (2) Cylei allack neans aie noie unceilain in lhe oulcone lhey
pioduce, naking il noie difhcuIl lo eslinale deIileiale and coIIaleiaI danage. And
(3) cylei allack neans invoIve a Iaigei iange of oplions and possilIe oulcones, and
nay opeiale on line scaIes ianging fion lenlhs of a second lo yeais, and al spaliaI
scaIes anyvheie fion 'nexl dooi lo gIolaIIy dispeised.
Cyleispace offensive veapons have anaIogies vilh veapons of nass desliuclion
and space foices. Theii effecls aie gIolaI in naluie and cannol ieaIIy le conlained
276 Lveiell C. DoInan, Iuie Slialegy: Iovei and IiincipIe in lhe Space and Infoinalion Age, London, Iiank
Cass, 2OO5, p. 6.
278 Maiching off lo cyleivai, Tnc |ccncnis| Tccnnc|cgq Quar|cr|q, 6 Decenlei 2OO8, pp. 2O-21.
279 }ason Ryan, CIA Diiecloi Leon Ianella Wains of IossilIe Cylei IeaiI Hailoi, Top InleIIigence-Secuiily
OfhciaIs Say Conpulei Allacks Incieasing, 15 Ieliuaiy 2O11, al: hup://crlslsboom.com/2011/02/13/compuLer-
cyber-hacklng-lncreaslng/
lo a specihc geogiaphic lhealei. Offensive fuII-specliun cyleispace veapons aie
slialegic in naluie: once used, lhey Iose lheii deleiienl vaIue and effecliveness lecause
knovIedge of lheii specihc capaliIilies nay quickIy spiead acioss lhe Inleinel.
Opponenls can lhen adjusl lheii defenses, and viile and inpIenenl soflvaie palches
againsl il. Allackeis nusl give seiious consideialions lo enpIoying cylei nunilions
lecause il is nol usuaIIy deslioyed duiing an allack. Once ieIeased, such a veapon is
ieIaliveIy easy lo capluie. Cylei foices can lhen deconsliucl and anaIyze ils code lo
deleinine appiopiiale counleineasuies foi fuluie allacks, and foi use as a veapon
againsl ils sendei.
$*#
Cylei veapons aie aInosl aIvays duaI-use, in lhe sense lhal lhey aie Iines of
code and physicaI haidvaie lhal can le nodihed foi olhei puiposes. And cylei allack
opeialions in cyleispace occui neai lhe speed of Iighl in ieaI-line.
$*"
Moie inpoilanl,
lhey oflen can inpacl lhe enliie specliun of lhe cyleispace donain sinuIlaneousIy
vilhoul nolice, inleIIigence vaining oi indicalions. This inslanlaneous naluie, and
lhe aliIily lo allack lhe enliie donain sinuIlaneousIy, is a chaiacleiislic lhal nakes
cyleispace a noie dangeious and al lhe sane line aIso a noie vuIneialIe donain.
The 7/"*# can le noie difhcuIl lo conpiehend lhan lhose exisling in lhe cIassicaI
vaifaie donains. Consliluling a nev cIassihcalion of capaliIilies designed lo disiupl
conpulei syslens and nelvoiks, lhey incIude any insliunenl oi insliunenlaIily used
in a nannei lo cause hain lo conpuleis, nelvoiks oi eIeclionic devices.
$*$
This is
haidIy suipiising: foi as Iong as lheie has leen lechnoIogy (lhe appIicalion of science
and innovalion) and slialegy (lhe use of foices and iesouices lo achieve poIilicaI
ends), lheie has leen a ieIalionship lelveen lhese lvo aclivilies.
$*%
ul lhe lechnoIogy
of cyleivaifaie chaIIenges lhe eslalIished lhinking aloul lhis ieIalionship in al Ieasl
lhiee iespecls. Iiisl, lhe nosl dislinclive fealuie of cyleivai is lhe iapidily vilh
vhich lhieals can evoIve in cyleispace. The exliaoidinaiy pace of change can le so
aliupl as lo iendei lhe convenlionaI, aclion/ieaclion cycIe of slialegic evoIulion oul
of dale lefoie il has legun.
$*&
The second dislinclive fealuie is lhal cylei lechnoIogy
is expIoiling vhal in lhe cIassicaI donains is noinaIily in a coveil, if nol invisilIe
vay, vilh lhe iesuIl lhal incieasingIy poveifuI and sleaIlhy cylei veapons have
lecone vilhin ieach of aInosl eveiy acloi in cyleispace. And lhiid, as a #50"5/+$%
7/"*#, cyleivai has lecone 'denocialized, in lhe sense lhal lechnoIogies, vhich
in lhe pasl vouId have leen consideied highIy speciaIized, aie nov pioIifeialing as
videIy avaiIalIe, cheap, and ieIaliveIy easiIy usealIe 7/"*# ,4 %,7!"5 4,0 /8/0.,*/.
Iuilhei enhancing lhe piolIens of cyleivai is lhe facl lhal aIso lhe veapon
syslens used in lhe olhei vaihghling donains aie incieasingIy vuIneialIe lo
28O Liic D. Tiias & iyan M. eII, Cylei This, Cylei Thal.So Whal`, Air c Spacc ]curna|, VoI. XXIV, No. 1,
Spiing 2O1O.
281 A keyslioke liaveIs lvice aiound lhe voiId in 3OO niIIiseconds accoiding lo WiIIian }. Lynn, US Depuly
Secielaiy of Defense.
282 An inleiesling poinl is lhal lhe nunlei of viiuses, voins, and Tiojans cuiienlIy in ciicuIalion has nov
lopped lhe 1 niIIion naik accoiding lo a secuiily soflvaie piovidei.
283 Ioi a discussion of lhis ieIalionship see: IauI Coinish, TechnoIogy, slialegy and counleileiioiisn, |n|crna-
|icna| Affairs, VoI. 86, No. 4, }uIy 2O1O.
cyleivaifaie as lhey lecone noie aulonaled and nelvoiked. Cuiienl and fuluie
veapon syslens aie leing infused vilh lechnoIogicaI advancenenls, nany of vhich
aie eIeclionic, incIuding sensois, connunicalion syslens, and conlioI syslens.
$*'

Vaiious syslens aie leing nelvoiked lo piovide "'+7/*5/) %,77"*) "*) %,*50,(
"!$($5.. This eslalIishes an advanlage foi cyleivai, and even lhough lhe syslens
aie enledded vilh highIy advanced secuiily, any line lheie is an oppoilunily foi
$*5/0%,**/%5$,* lheie is aIso " 8'(*/0"!$($5. 5, 4,0/$+* "%%/##.
C4ISTAR syslens - lhe connand, conlioI, connunicalions, conpuleis,
inleIIigence, suiveiIIance, laigel acquisilion, and ieconnaissance syslens of lhe
ained foices - aie pailicuIaiIy vuIneialIe lo cylei allacks lecause lhey inleiconnecl.
Moieovei, conpulei piocessois, nenoiy, and olhei haidvaie aie uliquilous. WhiIe
scans can le iun on soflvaie and haidvaie, lheie is aIso a polenliaI foi inhIlialion
duiing deveIopnenl and nanufacluiing of lhese eIenenls. InhIlialions can lhus enalIe
cylei allacks on nany veapon syslens. Cyleivaifaie can affecl lhe conlioI of iadais,
nissiIes, connunicalions, and soflvaie. Il can polenliaIIy disalIe noliIe laigels Iike
nissiIes oi even iediiecl lhen lo lhe Iaunch sile. And nol onIy can cyleivai disalIe
oi disiupl viieIess noliIe connunicalion syslens, lul aIso lhe gIolaI posilioning
syslen (CIS).
$*(
Diiecled eneigy veapons aie anolhei cIass of veapons lhal cieale offensive,
defensive, and pieenplive capaliIilies. They have lhe aliIily lo piojecl oi laigel
eneigy al a specihc hosliIe Iocalion oi faciIily, and can le used lo fiy, neIl, disiupl,
and deslioy eIeclionic ciicuils used in conpuleis and nelvoik svilching conponenls.
These can le enpIoyed againsl aII lypes of connand and conlioI syslens as veII as
againsl slalionaiy and noliIe laigels. Hence, deaIing vilh lhe iapid pioIifeialion of
lhese kinds of nev cylei veapons viII le a key chaIIenge lo soIve in lhe coning yeais.
The iapid giovlh in lechnoIogy is lhe piinaiy ieason foi lhe acceIeialing iise
of lhieals in cyleispace. As has lecone olvious ly nov, nainlaining a )/4/*#$8/ ,*(.
1,#5'0/ in cylei secuiily is seIf-defealing in lhe Iong iun. ecause of ils peiceived
Iack of capaliIily lo pievenl allacks conpIeleIy, cylei secuiily has lo gel oul of lhe
nindsel of a puieIy defensive appioach and conline il vilh offensive aclions lo ensuie
lhal a noie soIid defensive posluie can uIlinaleIy le nainlained. WhiIe neilhei a
defensive slialegy noi an offensive slialegy "(,*/ can piovide lhe needed pioleclion,
lhe conlinalion of an enhanced defense-in-deplh slialegy vilh an offensive slialegy
nay offei lellei vays lo secuie cyleispace.
Specihcs of lhe lype of offensive opeialions inlended foi use ly lhe ained
foices in cyleivai ienain IaigeIy undehned due lo sensilivily and cIassihcalion. ul
lhey aie inlended lo piovide an offensive capaliIily lo laigel polenliaI lhieals and
ensuie fieedon of aclion foi allaining nalionaI inleiesls. These incIude, anong olheis,
inleIIigence galheiing, disiuplion of eneny aclivilies ly aIleiing lheii syslens, and
285 Cylei Waifaie: The Thieal lo Weapon Syslens, op. cil.
286 LioneI D. AIfoid, Cylei Waifaie: The Thieal lo Weapon Syslens, WSTIAC, Weapon Syslens TechnoIogy
Infoinalion AnaIysis Cenlei, Nev Yoik, lST|AC Quar|cr|q, VoI. 9, No. 4, 2O1O.
undeilaking aclivilies lo dissuade fuluie use of lhe nelvoik as a looI foi allack. These
aie nol nev niIilaiy lasks, lul having lhe capaliIily lo le Iaunched fion lhe cylei
ieaIn piovides a noie alliaclive and noie pionising appioach.
The lenehls of an offensive slialegy aie evidenl. Chief anong lhese aie iisk
and IeveI of effoil iequiied in leins of iesouices. CIeaiIy, a nechanisn lhal piovides a
vay lo deIivei lhe effecls needed vilhoul pIacing niIilaiy peisonneI in hains vay is
of a veiy Iov iisk. The facl lhal cyleispace veapons aie piinaiiIy soflvaie looIs, oflen
inlegialed vilh onIy a nininaI anounl of haidvaie, is anolhei alliaclive fealuie.
Iunding, lineIines foi piocuienenl, and suslainnenl cosls viII le nuch Iovei lhan
lhose incuiied ly convenlionaI veapons syslens such as lanks and aiiciafl. Looking
al lhe diIenna sone ained foices face loday in iepIacing lheii aging hghlei eels,
one can see hov lhe aliIily lo iapidIy pioduce nev cylei veapons foi a fiaclion of lhe
cosl and effoil of kinelic syslens vouId le veIconed.
Nev offensive cylei veapons, designaled 'CyleiCiafl in lhe US, offei a shifl
in capaliIilies and foivaid depIoy lechnoIogy oul in lhe nelvoik aIIoving 7,!$(/
)/4/*#/. These CyleiCiafl veapons aie expecled lo sense laigels and niligale eneny
lhieals piioi lo lheii use lo expIoil and peneliale nelvoiks. They have snaII signaluies
lo avoid deleclion, aie capalIe of leing aclivaled fion vilhin lhe nelvoik, conlain
conlioI infoinalion, aie ienoleIy conlioIIed, and have a seIf-desliucl nechanisn in
case lhey aie delecled. Moieovei, lhey consisl of sophislicaled conpulei piogians
deIiveiing olhei advanced lech-noIogicaI capaliIilies lo vaihghleis.
$*)
Thus, naiiying
lhe capaliIilies of CyleiCiafl veapons vilh defense-in-deplh viII aIIov foi an "%5$8/
)/4/*#/ #50"5/+.. And such a naiiying nay piovide lhe lesl possiliIily foi slopping
allacks al lhe souice vhiIe ensuiing lhal lasic pioleclion ienains in pIace.
Theie is, hovevei, anolhei facl lo considei: naneIy, lhal lhe Iife expeclancy of
any one cylei veapon is onIy as good as lhe Iife of lhe vuIneialiIily lhal lhe cylei
veapon is designed lo expIoil. Once a ienole vuIneialiIily oi avenue of allack is
cIosed, lhe cylei veapon ciealed lo capilaIize on lhis nay no Iongei le vaIid. Theiefoie
a piogian lhal can conlinuaIIy deveIop nevei and noie sophislicaled nelhods lo
expIoil anlicipaled eneiging vuIneialiIilies is needed.
These facls and lhe Iinked unceilainlies iendei lhe cyleispace enviionnenl
#50"5/+$%"((. (/## #5"!(/ lhan lhe enviionnenls of lhe liadilionaI vaihghling donains.
The iapidily of innovalion in cyleispace lends lo "71($4. 56/ ),7$*"*%/ ,4 56/ ,44/*#$8/,
vhich can cieale incenlives foi a hisl oi pieenplive sliike. H0$#$# $*#5"!$($5. and "07#
0"%/ $*#5"!$($5. nighl ensue. Ciisis inslaliIily can push goveinnenls lo acl hisl in
a ciisis, oflen eaiIiei lhan nay le necessaiy. In such high-piessuie ciicunslances
iesuIling in conpiessed decision cycIes foi cyleispace opeialions, cylei capaliIilies
nay le iegaided in lhe vay nucIeai veapons veie foi a vhiIe in lhe eaiIy days of
nucIeai deleiience, vhen lhe choice seened lo le: '#/ 56/7 ,0 (,#/ 56/7. Ains iace
287 See foi exanpIe: IauI W. Ihislei, Dan Iayelle & LniIy Kizysiak, CqocrCraf|. Ccnccp| |in|ing NCl Princip|cs
ui|n |nc Cqocr Dcnain in an Uroan Opcra|icna| |ntircnncn|, AI Reseaich Laloialoiy, Infoinalion Diiecloiale,
Rone, NY, }une 2OO5.
inslaliIily, on lhe olhei hand, can encouiage lil-foi-lal escaIalion in capaliIily, Ieading
lo an ains iace in cyleispace. Coveinnenls lhen viII vish lo diav upon nev souices
of expeilise and innovalion in oidei lo achieve a speediei iesponse lo lhe lhieal
deveIopnenl. The dangei heie is lhal anolhei Iesson of lhe nucIeai eia nighl le Iosl:
vhiIe innovalion can addiess specihc vuIneialiIilies, il can aIso nake lhe syslen as a
vhoIe Iess slalIe.
$**

The unceilainlies and yel-unsoIved piolIens nolvilhslanding, lhe consequences
of vhal vas piesenled alove aie lhe foIIoving: Cylei allack can suppoil niIilaiy
opeialions. Ioi exanpIe, a cylei allack couId disiupl adveisaiy connand, conlioI,
and connunicalions, suppiess aii defenses, degiade snail nunilions, nissiIes and
pIalfoins, oi allack vaihghling as veII as vainaking infiasliucluie, such as lhe
defense indusliiaI lase. Cylei allack nighl le used lo enalIe oi augnenl kinelic
allack lo succeed, oi defend IT syslens and nelvoik of lhe ovn foices ly neuliaIizing
lhe souice of adveisaiy cylei allack.
Cylei allack can aIso suppoil coveil aclion designed lo inuence goveinnenls,
evenls, oiganizalions, oi peisonneI suppoiling foieign slialegy and poIicy in a nannei
lhal is unIikeIy lo le alliilulalIe lo lhe ovn goveinnenl. The iange of possilIe cylei
allack oplions is veiy Iaige. Coveil aclion nighl le used, foi exanpIe, lo insligale
conicl lelveen poIilicaI faclions, haiass disfavoied Ieadeis and enlilies, oi inuence
decision naking oi even such lhings Iike eIeclions.
As to other Elements of Warfighting that the
Advent of Cyberwar is Changing
Mosl vaifaie lhioughoul lhe lvo cenluiies of lhe indusliiaI eia cenleied on
one piincipaI slialegic oljeclive: lhe physicaI occupalion of leiiiloiy. The possiliIily
of occupying leiiiloiy, oi lhe lhieal of leconing occupied, foiced nalions lo anass
Iaige slanding ainies, lo nainlain navies, and lo piocuie aiiciafl in hopes of
achieving supeiioiily againsl lheii adveisaiies. Cyleivaifaie changed lhis. Conpulei
conneclions lo vaiious connunicalions nelvoiks and lhe Inleinel, in pailicuIai,
nake il easiei lo execule allacks and 7". 0/*)/0 $00/(/8"*5 56/ *//) 5, 0/"%6 56/ 5"0+/5
16.#$%"((.. And lhe laiiieis lo enliy in lhe cylei donain aie so Iov lhal non-slale
aclois as veII as snaII slales can pIay noie signihcanl ioIes al nuch Iovei IeveIs of
cosl.
Sone eIenenls of lhe cyleispace donain aie connon lo lhe olhei vaihghling
donains. Land, sea, aii, and space aie aII inleiaclive and iequiie cioss-donain
pIanning. Cyleispace is nol diffeienl. AIlhough lheoielicaIIy, ),7$*"*%/ in cyleispace
viII suppoil fieedon of aclion in aII olhei donains and deny fieedon of aclion
lo adveisaiies, as viII, al Ieasl lenpoiaiiIy, #'1/0$,0$5. in lhe cyleispace donain:
),7$*"*%/ $* %.!/0#1"%/ $# /('#$8/, and #'1/0$,0$5. 3,'() #//7 5, !/ 7'%6 6"0)/0 5,
288 On Cylei Waifaie, op. cil., p. 3O.
ocbieve tbon in tbe troJitionol Jomoins of worjiqbtinq. @5 $# 7,0/ 10/)$%"5/) 5, #'%%/##4'(
%,*8/*5$,*"( 7$($5"0. ,1/0"5$,*#B
In conliasl lo sea, aii, and space, cylei shaies lhiee chaiacleiislics vilh Iand
vaifaie in evei giealei dinensions: (1) lhe nunlei of pIayeis, (2) lhe ease of enliy, and
(3) lhe oppoilunily foi conceaInenl. On Iand, doninance is nol a ieadiIy achievalIe
ciileiion. WhiIe sone Iaigei slales have giealei capacily lhan olheis, il nakes IillIe
sense lo speak of doninance in cyleispace as in sea povei oi aii povei. If anylhing,
dependence on conpIex IT syslens and nelvoiks foi suppoil of niIilaiy and econonic
aclivilies cieales nev vuIneialiIilies in Iaige slales lhal can le expIoiled ly snaIIei
slales and even ly non-slale aclois.
$*!
Conpaied lo lhe olhei vaihghling donains,
cyleivai has one advanlage. @* 7$($5"0. 1("**$*+ %,*%/15#, ,1/0"5$,*# $* %.!/0#1"%/ %"*
!/ +0/"5(. "%%/(/0"5/). They can nove diieclIy fion shaping opeialions lo seizing lhe
inilialive lo inslanl, if lenpoiaiy, supeiioiily voiIdvide, vilh huge inpIicalions on
slienglhs and vuIneialiIilies foi slales, aggiessoi nalions, and non-slale aclois. ul
lhe olhei side of lhe coin of acceIeialed opeialions is, of couise, noie unpiediclaliIily,
noie uidily, and Iess ceilainly of inpacl.
WhiIe cIeai dislinclions can le diavn in lhe olhei donains lelveen pulIic
and piivale secloi allacks and iesponses, lhis is nol lhe case in cyleispace, vheie lhe
cosl of enliy foi allacks is so Iov. Cyleivaifaie diffeis signihcanlIy fion vaifaie in
lhe physicaI voiId, vheie niIilaiy opeialions aie shaped ly ieIaliveIy cIeai and veII-
undeislood poIilicaI guideIines and consliainls - vhich aie sliII Iacking foi opeialions
in cyleispace.
$!#

The piincipaI chaIIenge in cyleivai is lhe queslion of hov lo iespond lo cylei
allacks. This iequiies lhe deveIopnenl of a iisk-niligalion aichilecluie undeipinned
ly a geneiaIIy accepled undeislanding of vhal acluaIIy conslilules cyleivai and
vhal piice shouId le paid foi piepaiing il. Wilhoul cIeai poIilicaI and IegaI guidance,
undeislood ly aII slakehoIdeis, il viII nol le possilIe foi ceilain opeialions lo le
undeilaken. If lhey lake pIace nonelheIess, lhen onIy in lhe knovIedge lhal IegaI
aclion couId ensue againsl lhose connissioning oi caiiying oul lhe aclivily shouId ils
delaiIs lecone pulIic knovIedge. Neilhei of lhese aie paIalalIe oplions.
Cyleivai diffeis fion pasl vais in olhei vays. Dislinclions lelveen soIdieis
and civiIians aie eioded. Thieals aie noie diffuse, and lhe peipelialois of allacks aie
evei haidei lo Iocale. Al lhe sane line, exisling paiadigns foi vai and conicl cease lo
le appiopiiale. Ioi exanpIe, a cIeai sense of lhe Iav of conicl in lhe infoinalion age
is sliII Iacking.
$!"
Il look decades lo eslalIish lhe pIace of aiipovei in nalionaI defense
slialegies and inleinalionaI iuIes foi conicl. Wilh cyleispace, lhe chaIIenges viII le
siniIaiIy Iaige and oneious, if nol noie so. They iange fion nasleiing lhe foiensic
289 }oseph S. Nye, Cqocr Pcucr, Canliidge, Haivaid Kennedy SchooI, eIfei Cenlei foi Science and Inleinalion-
aI Affaiis, May 2O1O, p. 4.
29O Ilid., p. 16.
291 Ll Cen Kennelh A. Minihan, Diiecloi NSA and pieviousIy Diiecloi DIA, and Aii Ioice Cen Kevin I. ChiI-
lon, Connandei US Slialegic Connand, in ienaiks lo lhe Defense Wiileis Cioup, 4 Maich 2OO8.
lasks of allack alliilulion aII lhe vay lo nuch lioadei queslions aloul 10,1,05$,*"($5.
,4 0/#1,*#/ and (/+$5$7"%. of ceilain 5"0+/5#.
$!$

Nev vays viII have lo le found lo soIve difhcuIlies such as lhe nisnalching
of doneslic and inlei-nalionaI Iav. OId concepls and slandaids of soveieignly do
nol funclion veII in lhis cylei voiId, vheie lhe Iinils of nalionaI ovneiship and
iesponsiliIilies aie fuzzy, and cylei lhieals aie liansnalionaI. The Iallei neans, ly
dehnilion, lhey aie nol conhned ly loideis. This conpIicales lhe defensive lask
in a vaiiely of vays, nosl nolalIy il neans lhal allackeis and non-slale aclois can
hide noie easiIy. Opeialing lehind faIse II addiesses, foieign seiveis and aIiases,
allackeis can acl vilh aInosl conpIele anonynily and inpunily. The difhcuIlies of
alliilulion aIIov a Iaigei degiee of pIausilIe denialiIily, vhich is in noie pIenlifuI
suppIy in cyleispace. Ieipelialois can covei lheii ovn liacks and inpIicale olheis,
pailicuIaiIy vhen lhiid-paily seiveis and lolnels in unieIaled counliies can le used
lo oiiginale allacks and piovide covei foi lhe acluaI allackei. In conliasl, lhe defendei
is confionled vilh lhe disadvanlage lo le foiced lo ieIy on olheis if he is lo enfoice
aclions acioss loideis.
$!%
Thus, lhe key lo successfuI cyleivai is alliilulion, vhich
lecones incieasingIy difhcuIl vilh cuiienl lechnoIogy and piesenl Inleinel nelvoik
connunicalions. WhiIe il is difhcuIl lo envision a najoi convenlionaI Iand, sea, oi aii
allack lhal cannol le alliiluled lo a nalion-slale, il is piaclicaIIy inpossilIe lo achieve
alliilulion of a nalion-slale cyleispace aggiessoi if he chose anonynily. And equaIIy
inpossilIe can le alliilulion of iesponsiliIily foi #5"5/>#1,*#,0/) ,1/0"5$,*# !. *,*>
#5"5/ "%5,0#.
Hovevei, nuch of vhal is consideied offensive cyleispace aclivily does nol
neel lhe ciileiia of "55"%- in lhe olhei donains. Shulling dovn oi nassiveIy coiiupling
dala in ciilicaI hnanciaI, heaIlh oi eIecliicaI povei giid nelvoiks conslilules an allack
on nalionaI soveieignly and nay oi nay nol juslify a use-of-foice iesponse. A cylei
allack on a SCADA syslen lhal iesuIls in casuaIlies oi in a iegionaI eIecliic lIackoul
couId le consideied a kinelic effecl lo an offensive cyleispace opeialion. ul al lhe
Iovei end of lhe specliun, aclions such as pinging, liovsing, oi poil scanning aie
oflen used sinpIy foi checking lhe effeclive funclioning of nelvoiks. Thus, cyleispace
opeialions nay oi nay nol have hosliIe inlenl. The vasl najoiily of naIvaie, lolnels,
and nelvoik inliusions aie lechnicaIIy conpelilive neasuies, espionage, vandaIisn,
oi ciines lhal faII undei lhe calegoiy of lechnicaI nelvoik defense iesponses oi
liadilionaI Iav enfoicenenl and counleiinleIIigence funclions. They aie nol allacks on
a slales soveieignly. In nany cases, lhese lypes of allacks vouId le lellei consideied
as nelvoik iiiilalion lhan as nelvoik allacks.
WhiIe a najoi cylei allack nay have lhe polenliaI lo deslioy fundanenlaI
infiasliucluies on a nassive scaIe, fev hosliIe aclions in cyleispace faII inlo lhis
calegoiy. HosliIe aclois can nake use of a videi iange of lechniques. One can, foi
exanpIe, envision %.!/0 10,5/#5 vheiely a nucIeai oi olhei sensilive faciIily is allacked
292 Relecca Cianl, Risc cf Cqocr lar, A MilcheII Inslilule SpeciaI Repoil, Aii Ioice Associalion, Novenlei 2OO8,
p. 5.
foi ecoIogicaI oi enviionnenlaI ieasons. Anolhei exanpIe of cylei piolesl can le seen
in lhe iecenl allacks on Visa, Masleicaid, and IayIaI lhal occuiied in lhe vake of lhe
WikiLeaks lonanza, lhe ieIease of US dipIonalic calIes.
$!&
Such aclion nay have lhe
appeaiance of vaiIike aclivily. ul in cyleispace, lhe dislinclion lelveen vhal is and
vhal is nol vaiIike is oflen noie lIuiied lhan in lhe olhei donains.
Iuilhei diffeiences lelveen cyleivai and olhei foins of cylei allack aie
appaienl in leins of lhe poIilicaI fianevoik vilhin vhich such aclions aie piesenled,
and in leins of inlenl and alliilulion.
$!'
As noled ly lhe Lcononisl: a cylei allack
on a povei slalion oi on an eneigency-seivices caII cenlei couId le an acl of vai oi an
acl of leiioiisn, depending on vho caiiies il oul and vhal lheii nolives aie.
$!(
Such
difhcuIlies lend lo le noie nuneious in cyleispace and lhus aie anolhei nanifeslalion
of vhal nakes cyleivaifaie diffeienl fion lhe olhei vaihghling donains.
IinaIIy, unIike in lhe olhei vaihglhing donains, vicloiy and defeal viII le Iess
cIeaiIy iecognizalIe in cyleivai, as lhese concepls have IillIe liaclion in cyleispace,
vheie poIilicaI, ideoIogicaI, ieIigious, econonic, and niIilaiy conlalanls hghl foi
vaiying ieasons accoiding lo diffeienl linescaIes. These aclois viII liing lheii ovn
code of conducl lo lhe hghl, iesuIling in a noie discoidanl and noie chaolic spheie
of conicl in vhich il is nol yel olvious lhal a connon fianevoik of elhics, noins,
and vaIue can appIy.
$!)

On the Difficulties of conceiving Military
Doctrine and Rules of Engagement for
Cyberwar
In lheoiy, cyleivaifaie nighl le a good lhing foi lhe voiId if il nakes fuluie
conicls shoilei and cosls fevei Iives, vhich couId faciIilale econonic iecoveiy and
posl-vai dipIonacy. Hovevei, il nay le noie difhcuIl lo conceive " 7$($5"0. ),%50$*/
foi nany aspecls of cylei conicl lhal aie 50'(. 0/8,('5$,*"0.. As exanpIes of lhe nany
ievoIulionaiy aspecls exisling, lhe foIIoving ones can le Iisled lo considei:
$!*
The Inleinel is an ailihciaI enviionnenl lhal can le shaped in pail accoiding lo
nalionaI secuiily iequiienenls.
The lIinding pioIifeialion of lechnoIogy and hackei looIs nakes il inpossilIe lo
le faniIiai vilh aII of lhen.
The pioxinily of adveisaiies is deleinined ly conneclivily and landvidlh, nol
leiiesliiaI geogiaphy.
294 }ane WakeheId, WikiLeaks sliuggIe lo slay onIine, 88CNcus Tccnnc|cgq, 7 Decenlei 2O1O.
296 Maiching off lo cyleivai, |ccncnis| Tccnnc|cgq Quar|cr|q, 6 Decenlei 2OO8, pp. 2O-21.
298 Kennelh Ceeis, The Ail of Cyleivai, |n|crnc| |tc|u|icn, 24 }anuaiy 2O12.
Soflvaie updales and nelvoik ieconhguialions inciease lhe unpiediclaliIily of
lhe lallIespace of cylei conicl vilh IillIe oi no vaining.
Conliaiy lo oui hisloiicaI undeislanding of vai, cylei conicl favois lhe allackei.
Cylei allacks aie exilIe enough lo le effeclive foi infoinalion vaifaie and
piopaganda, espionage, and lhe desliuclion of ciilicaI infiasliucluie.
The difhcuIly of ollaining ieIialIe allack alliilulion Iessens lhe ciediliIily of
deleiience, ielaIialion, and pioseculion.
The 'quiel naluie of cylei conicl neans a signihcanl lallIe couId lake pIace vilh
onIy lhe diiecl pailicipanls knoving aloul il.
The deailh of expeilise and evidence can nake vicloiy, defeal, and lallIe danage
assessnenls a highIy suljeclive undeilaking.
Theie aie fev noiaI inhililions lo cylei allacks, lecause lhey ieIale piinaiiIy
lo lhe use and aluse of dala and conpulei code. So fai, lheie is IillIe peiceived
hunan suffeiing.
Top niIilaiy lhinkeis can heIp lhe ained foices lo hII lhe hoIes in lheii cylei
defenses. ul il viII lake nany yeais lo incoipoiale aII lhe ievoIulionaiy aspecls of
cylei conicl inlo niIilaiy docliine. The sane is liue foi iuIes of engagenenl (ROLs).
DeveIoping appiopiiale iuIes foi lhe use of cylei veapons is veiy difhcuIl. ROLs
aie supposed lo le deveIoped piioi lo lhe need foi use of lhese veapons, so lhal
vaihghleis have piopei guidance undei opeialionaI ciicunslances. Thal neans
lhal vaiious conlingencies nusl le anlicipaled in advance. Hovevei, il is difhcuIl lo
inagine aII possilIe conlingencies lefoie any of lhen happen. As exanpIes of sone of
lhe piolIens lo le soIved, lhe foIIoving ones can le Iisled lo considei:
ROLs nusl le deveIoped lo cope vilh lhe facl lhal seveiaI dinensions of cylei
allacks span a videi iange lhan lhose encounleied in lhe cIassicaI vaihghling
donains.
Cylei allacks nay iange fion leing non-IelhaI lo desliuclive on a sociely-vide
scaIe.
The inpacls of cylei allacks nay le easiIy piedicled in sone cases, lul nay have
a highei unceilainly lhan lhe inpacls of kinelic veapons in olhei cases.
The sel of polenliaI laigels lhal nay le adveiseIy affecled ly cylei allacks is IikeIy
Iaigei lhan lhe coiiesponding sel of polenliaI laigels foi olhei veapons.
A cylei allack conducled foi offensive puiposes nay veII iequiie aulhoiizalion
fion highei IeveIs of connand lhan vouId a lechnicaIIy siniIai cylei allack
conducled foi defensive puiposes.
The adveisaiy nighl nol ieacl al aII lo a cylei allack, oi nighl even ieacl vilh
veapons of nass desliuclion.
The adveisaiy nay iange fion leing an individuaI hackei lo a veII-funded nalion-
slale.
Il is lhus unieaIislic lo liy lo ciafl a singIe ROL lhal allenpls lo covei aII uses of
cylei allack. Ralhei, il viII le necessaiy lo laiIoi an aiiay of ROLs lhal aie appIicalIe
lo specihc kinds of cylei allack and foi IikeIy specihc ciicunslances. And il viII le
noie difhcuIl lo ciafl ROLs foi nissions invoIving cylei allacks lhan foi nissions
invoIving olhei kinds of veapons. The foIIoving issues iIIusliale lhe conpIexily of
deveIoping ROLs in advance ly jusl Iooking al lhe queslion undei vhal ciicunslances
goveined ly vhal aulhoiily a ielaIialoiy cylei allack nighl le Iaunched lo neuliaIize
an innediale oi ongoing lhieal:
Who shouId inuence and vho shouId deveIop ROLs foi aclive lhieal
neuliaIizalion`
Whal IeveI of inpacl nusl an inconing cylei allack have lo juslify aclive lhieal
neuliaIizalion`
Hov fai aie lhe inlenl and lhe idenlily of a cylei allackei ieIevanl`
Hov does lhe piopoilionaIily piincipIe appIy lo aclive lhieal neuliaIizalion`
Hov fai dovn lhe chain of connand shouId deIegalion of aulhoiily foi
neuliaIizalion le caiiied`
Hov shouId lhe scope, duialion, and inlensily of a neuliaIizalion aclion le
caIilialed`
A fuilhei IeveI of conpIicalion in deveIoping ROLs is lhal lhe faclois alove
cannol le assessed independenlIy.
WhiIe cylei allack is an inpoilanl capaliIily foi slales lo nainlain, lhe
acquisilion and use of such capaliIilies iaise queslions vhich eilhei do nol exisl oi
pose noie difhcuIl piolIens lo soIve lhan in lhe liadilionaI vaihghling donains.
Such queslions shov olhei diffeiences exisling al lhe opeialionaI and laclicaI IeveI
lelveen cyleivai and liadilionaI vaihghling. Sone counliies have undeilaken
sludies on vhal diffeienliales cylei allacks fion lhe use of olhei veapons, and on
lhe inpIicalions of lheii acquisilion of cylei veapons.
$!!
The hndings of lhese sludies
nay seive as an indicaloi of nany olhei diffeiences exisling lelveen cyleivai and
liadilionaI vaihghling.
299 See lhe exenpIaiy sludy done foi lhe US ly lhe Connillee on Offensive Infoinalion Waifaie, Conpulei
Science and TeIe-connunicalion oaid, Division on Lngineeiing and IhysicaI Sciences of lhe NalionaI
Reseaich CounciI: WiIIian A. Ovens, Kennelh W. Dan & Heileil S. Lin, eds., Tccnnc|cgq, Pc|icq, |au, and
||nics Rcgarding U.S. Acquisi|icn and Usc cf Cqocra||ac| Capaoi|i|ics, Washinglon D.C., NalionaI Acadeny of
Sciences, The NalionaI Acadenies Iiess, 2OO9, 36O p.
Annex 2: Summary of major
Incidents of Cyber Conflict
United States 1982
In 1982, US Iiesidenl Reagan appioved a pIan of lhe CIA lo liansfei soflvaie
used lo iun pipeIine punps, luilines, and vaIves lo lhe Soviel Union. The soflvaie,
sulsequenlIy sloIen ly Russians in Canada, had enledded fealuies - a Iogic lonl
- designed lo cause punp speeds and vaIve sellings lo naIfunclion. The iesuIl vas
lhe nosl nonunenlaI non-nucIeai expIosion and hie evei seen fion space, noled
foinei US Aii Ioice Secielaiy and foinei Diiecloi of lhe NalionaI Reconnaissance
Ofhce, Thonas C. Reed, in his look 'Al lhe Alyss: An Insideis Hisloiy of lhe CoId
Wai. The allack had an enoinous econonic and psychoIogicaI inpacl on lhe Soviel
Union and is ciediled vilh heIping lo end lhe CoId Wai.
%##

United States 1991
The US used cyleivaifaie neans and nelhods vhen il invaded Iiaq in 1991.
Ihase I of Opeialion Deseil Sloin opened vilh a slialegic aii canpaign and sliikes
againsl Iiaqs aii defenses, aiiciafl and aiiheIds, connand and conlioI syslens,
leIeconnunicalions faciIilies, and key eIenenls of lhe nalionaI infia-sliucluie, such
as ciilicaI eIecliic giids.
%#"
The US aIso used ils exlensive connunicalion and saleIIile
syslens lo suppoil lhe opeialion.
%#$
Chechnya 1994 and 1997-2001
Chechnya in 1994 is anolhei case of cyleivaifaie, vheie pio Chechen and pio-
Russian foices have vaged a viiluaI vai on lhe Inleinel, sinuIlaneous lo lheii conicl
on lhe giound. The Chechen sepaialisl novenenl in pailicuIai is consideied a pioneei
in lhe use of lhe Wel as a looI foi deIiveiing poveifuI IR nessages. The skiIIfuI
pIacenenl of piopaganda and olhei infoinalion, such as lhe nunlei lo a vai funds
lank accounl in Sacianenlo, CaIifoinia, heIped lo unile lhe Chechen Diaspoia.
%#%

Duiing lhe second Chechen vai, 1997-2OO1, in vhich lhe Russian niIilaiy
invaded lhe lieakavay iegion of Chechnya lo ieinslaII a Moscov-fiiendIy iegine,
lolh sides used cyleispace lo engage in infoinalion opeialions lo conlioI and shape
3OO David L. Hoffnan, CIA sIipped lugs lo Soviels, lasning|cn Pcs|, 27 Ieliuaiy 2OO4.
3O1 Opcra|icn Dcscr| S|crn. |ta|ua|icn cf |nc Air Canpaign, U.S. Coveinnenl AccounlaliIily Ofhce, Lellei Repoil,
CAO/NSIAD-97-134, 12 }une 1997, Appendix V.
3O2 }on Tiux, Deseil Sloin: A space-age vai, NcuScicn|is|, 27 }uIy 1991.
3O3 Tinolhy L. Thonas, Infoinalion Waifaie in lhe Second Chechen Wai: Molivaloi foi MiIilaiy Refoin`,
Ioieign MiIilaiy Sludies Ofhce, Ioil Leavenvoilh, Kansas, 2OO2.
pulIic peiceplion. The nosl effeclive infoinalion, hovevei, vas nol pio-Chechen, lul
anli-Russian. DigilaI inages of lIoody coipses seived lo luin pulIic opinion againsl
peiceived Russian niIilaiy excesses. In 1999, jusl as KienIin ofhciaIs veie denying an
incidenl in vhich a Chechen lus vas allacked and nany passengeis kiIIed, inages of
lhe incidenl appeaied on lhe Wel. As lechnoIogy piogiessed, Inleinel suifeis valched
videos of favoialIe Chechen niIilaiy aclivily, such as anlushes on Russian niIilaiy
convoys.
Russian ofhciaIs veie accused of escaIaling lhe cylei conicl ly hacking
inlo Chechen velsiles. The lining and sophislicalion of al Ieasl sone of lhe allacks
suggesled nalion-slale invoIvenenl. Lven aflei lhe vai ofhciaIIy ended, lhe Russian
IedeiaI Secuiily Seivice (IS) vas iepoiledIy iesponsilIe foi knocking oul lvo
Chechen velsiles kavkaz.oig - hosled in lhe US - sinuIlaneous lo lhe sloining ly
Russian Spelsnaz SpeciaI Ioices of a Moscov lhealei undei siege ly Chechen leiioiisls
on 26 Oclolei 2OO2.
%#&

Kosovo 1999
}usl as Vielnan vas lhe voiIds hisl TV vai, Kosovo in 1999 pioved lo lecone
lhe hisl lioad-scaIe Inleinel vai. As NATO pIanes legan lo lonl Seilia, nuneious
pio Seilian oi anli-Weslein hackei gioups, such as lhe 'Iack Hand, legan lo allack
NATO Inleinel infiasliucluie. Il is unknovn vhelhei any of lhe hackeis voiked
diieclIy foi lhe YugosIav niIilaiy. ul lheii slaled goaI vas lo disiupl NATO niIilaiy
opeialions.
%#'
US ained foices hacked inlo Seilias aii defense conlioI lo faciIilale
lhe lonling of Seilian laigels. Lalei, in May 1999, NATO accidenlaIIy lonled lhe
Chinese enlassy in eIgiade, spavning a vave of cylei allacks fion China againsl
US goveinnenl velsiles.
The Israeli-Palestinian Cyberconflict July 1999
to April 2002
In Seplenlei 2OOO, IsiaeIi leenage hackeis ciealed a velsile lo jan HezloIIah
and Hanas velsiles in Lelanon. The leenageis Iaunched a suslained DDoS allack
lhal effecliveIy janned 6 velsiles of lhe HezloIIah and Hanas oiganizalions in
Lelanon and of lhe IaIeslinian NalionaI Aulhoiily. This seeningIy ninoi allack
spaiked a cyleivai lhal quickIy escaIaled inlo an inleinalionaI incidenl. IaIeslinian
and olhei suppoiling IsIanic oiganizalions caIIed foi a cylei HoIy Wai.
%#(
Hackeis
sliuck 3 high-piohIe IsiaeIi siles leIonging lo lhe IsiaeIi IaiIianenl, lhe Minisliy of
Ioieign Affaiis, and lhe IsiaeIi Defense Ioice infoinalion sile. Lalei, lhey aIso hil lhe
IsiaeIi Iiine Minisleis Ofhce, lhe ank of IsiaeI, and lhe TeI Aviv Slock Lxchange.
3O4 OIivei uIIough, Russians Wage Cylei Wai on Chechen Welsiles, Rcu|crs, 15 Novenlei 2OO2.
3O5 YugosIavia: Seil Hackeis RepoiledIy Disiupl US MiIilaiy Conpulei, 8csnian Scro Ncus Agcncq SRNA, 28
Maich 1999.
3O6 Cylei Wai AIso Rages in MidLasl, Tnc Assccia|cd Prcss, 28 Oclolei 2OOO.
y }anuaiy 2OO1, lhe conicl had sliuck noie lhan 16O IsiaeIi and 35 IaIeslinian siles.
548 IsiaeIi donain velsiles veie defaced oul of 2,295 in lhe MiddIe Lasl. The nain
lypes of allacks veie velsile defacenenl and DDoS allacks. Allacks veie aIso nade
againsl conpanies pioviding leIeconnunicalions infiasliucluie. IaIeslinian hackeis
defaced an Inleinel Seivice Iiovidei and Iefl a nessage cIaining lhal lhey couId shul
dovn lhe IsiaeIi ISI NelVision, vhich hosls aInosl 7O peicenl of aII lhe counliys
Inleinel liafhc.
The Cyber Attack on Estonia April-May 2007
Estonia, with a population of 1.3 million people, has become a marvel in terms of widespread
access to CT. As one of the most electronically advanced countries, the Estonian government has
shifted its operations since November 2005 to the virtual domain. Cabinet-level meetings are conducted
online and documents are signed with e-signatures. Estonian citizens could cast their votes in national
elections via their PCs.
%#)
n 2007, Estonia was ranked 23rd in e-readiness ratings. 61 percent of
the population enjoys online access to bank accounts, and 95 percent of banking transactions are
electronic.
%#*
Such over-whelming reliance on the nternet was bound to attract the interest of Russian
hackers, who were waiting for a pretext to test Estonia's cyber defenses.
,-./ 012/23/ 4.52 67/- /-2 89/:;7.; <:=21;52;/>9 ?24797:; /: 12@:4./2 /-2
monument commemoiating the saciifice of Soviet aimeu foices in libeiating Estonia
fiom the Nazi yoke uuiing Woilu Wai II. 0n 27 Apiil 2uu7, the seemingly innocuous
act of ielocating the monument fiom the centei of the Estonian capital Tallinn to a
militaiy cemeteiy outsiue the city spaikeu piotests anu iiots among Estonia's Russian
minoiity. These piotests weie then followeu by a baiiage of BBoS attacks ianging fiom
single inuiviuuals using vaiious low-tech methous like ping floous to expensive ientals
of botnets fiom all aiounu the woilu usually useu foi spam uistiibution which cloggeu
Estonia's Inteinet netwoik. A call foi action, complete with specific instiuctions on how to
paiticipate in the BBoS attacks, quickly spieau thiough Russian online chat iooms. Soon
Estonian "goveinment websites that noimally ieceive 1,uuu visits a uay iepoiteuly weie
ieceiving 2,uuu visits eveiy seconu."
%#!
The goveinment netwoik was uesigneu to hanule
2 million megabits pei seconu; the seiveis weie flooueu with neaily 2uu million megabits
pei seconu of tiaffic. The longest attack lasteu ovei 1u houis anu cieateu ovei 9u million
megabits pei seconu of uata on the taigets. As a iesult, the websites of the Ninistiies of
Foieign Affaiis anu }ustice hau to shut uown, while Piime Ninistei Anuius Ansip's Refoim
Paity's website was uefaceu with uigital giaffiti of a Bitlei-style moustache sciawleu
acioss the Piime Ninistei's photo. 0n S Nay, the botnets began attacking piivate sites
anu seiveis. Banks in Estonia weie shut uown, save a few, but it came at gieat monetaiy
costs anu affecteu also inteinational banking. The climax of the attacks happeneu on 9
Nay, the Russian anniveisaiy of the enu of WWII. To cope with the incieaseu tiaffic, the
goveinment quauiupleu the amount of tiaffic it can hanule fiom 2 to 8 gigabits a seconu.
3O7 Cyius Iaiivai, Cyleivai I. Whal lhe Allacks on Lslonia Have Taughl Us Aloul OnIine Conlal, S|a|c,
May 22, 2OO7.
3O8 }ohnny Ryan, iWai: A Nev Thieal, Ils Convenience - and Oui Incieasing VuIneialiIily, NATO Rcticu,
Winlei 2OO7.
3O9 CIay WiIson, olnels, Cyleiciine, and Cyleileiioiisn: VuIneialiIilies and IoIicy Issues foi Congiess, Con-
giessionaI Reseaich Seivice Repoil foi Congiess, }anuaiy 29, 2OO8.
Buiing the following uays the attacks subsiueu, with a new spike happening on 1S Nay.
The Russian hacktivists also manageu to biiefly uisable the national emeigency toll-fiee
phone numbei 112. Noscow uenieu any involvement in the attacks, but Estonian officials
have ieiteiateu theii ceitainty that the Kiemlin was behinu the attacks.
%"#

Both the 0S anu NAT0 sent teams of computei secuiity expeits to help the
Estonian authoiities cope with the massive wave of BBoS attacks that paialyzeu the
countiy's goveinment websites, banking inuustiy, anu meuia outlets. What stiuck many
netwoik secuiity expeits as unusual about the cybei attacks was that they lasteu weeks,
anu theii intensity was extiemely high. Some botnets employeu in the BBoS attacks on
Estonian websites incluueu up to 1uu,uuu 'zombie' PCs. The conceiteu effoits by its
allies eventually stabilizeu Estonia's situation, but inteimittent cybei attacks on national
goveinment websites, incluuing the State Chancelleiy anu Feueial Electoial Committee,
continueu well into the miuule of Nay 2uu7.
The cybei attack on Estonia leu NAT0 to establish the Coopeiative Cybei Befense
Centei of Excellence (CCB C0E) in Estonia in Nay 2uu8. The Centei, with a staff of Su
specialists, became opeiational in August of that yeai, anu is pait of a NAT0 netwoik of
1S accieuiteu Centeis of Excellence ueuicateu to tiaining iepiesentatives fiom alliance
membei countiies "on technically sophisticateu aspects of NAT0 opeiations." The CCB
C0E focus is on cooiuinating cybei uefense anu establishing policy foi aiuing allies uuiing
cioss-juiisuictional attacks.
Fiom the point of view of inteinational law, the attack on Estonia can be uesciibeu
as an 'unjust' cybei attack. Seen fiom the peispective of ?'# ") !/(('7, the attack lackeu
a sufficient just cause anu was not unueitaken in any meaningful sense as a last iesoit.
Fiom the peispective of the just conuuct of hostilities - ?'# $* !/((, - the attack was utteily
inuisciiminate, anu uispiopoitionate in its thieat of haim, at least, when compaieu eithei
to the haim Russia oi its citizens allegeuly weie suffeiing, oi any legitimate militaiy
objective that might have otheiwise been unuei consiueiation.
Chinese attacks against European government networks in August 2007
The Biitish Secuiity Seivice, the Fiench Piime Ninistei's 0ffice, anu the 0ffice
of ueiman Chancelloi Angela Neikel, all complaineu to China about intiusions of theii
goveinment netwoiks. Neikel even iaiseu the mattei with China's Piesiuent Bu }intao.
So fai no official souice in China has aumitteu complicity in these cases.
IsraeIi disruption of Syrian air defense networks 6 September 2007
0peiation J0%6"0) was an Isiaeli aiistiike with F-1S, F-16, anu an ELINT aiiciaft
on a taiget in the Bayi az-Zawi iegion caiiieu out just aftei miunight on 6 Septembei
2uu7 that uestioyeu the Al Kibai complex with AuN-6S Naveiick missiles anu lasei-
31O Lneken Tikk, Kadii Kaska & Liis VihuI, |n|crna|icna| Cqocr |ncidcn|s. |cga| Ccnsidcra|icns, TaIIinn, Coopeia-
live Cylei Defense Cenlie of LxceIIence (CCD COL), 2O1O, pp. 15-34.
guiueu Suu kg bombs.
%""
The taiget hau been a nucleai ieactoi unuei constiuction by
Noith Koiean technicians built to piocess plutonium. 0ne iepoit stateu that a team of
elite Isiaeli Shaluag Special Foices commanuos aiiiveu at the site the uay befoie so that
they coulu highlight the taiget with laseis, while a latei iepoit hau Sayeiet Natkal special
commanuos involveu. 0S inuustiy anu militaiy souices speculateu that the Isiaelis may
have useu technology similai to Ameiica's Sutei aiiboine netwoik attack system to
allow the aiiciafts to pass unuetecteu by iauai into Syiia. This woulu make it possible
to feeu enemy iauai emitteis with false taigets, anu even uiiectly manipulate enemy
sensois. In Nay 2uu8, a iepoit in IEEE Spectium citeu Euiopean souices claiming that
the Syiian aii uefense netwoik hau been ueactivateu by a seciet built-in switch activateu
by the Isiaelis.
%"$
Aviation Week anu Space Technology latei iepoiteu that Isiaeli aiiciaft
actually engageu a Syiian iauai site in Tall al-Abuau with conventional piecision bombs,
electionic attack, anu biute foice jamming. In a Novembei 2uu9 iepoit, the IAEA stateu
that its investigations hau been stymieu uue to Syiia's failuie to coopeiate. The following
Febiuaiy, unuei the new leaueiship of Yukiya Amano, the IAEA stateu that "the piesence
of such uianium paiticles points to the possibility of nucleai-ielateu activities at the site
anu auus to questions conceining the natuie of the uestioyeu builuing . Syiia has yet to
pioviue a satisfactoiy explanation foi the oiigin anu piesence of these paiticles."
%"%
Syiia
uisputeu these allegations.
Although the opeiational uetails aie muiky, anu foimal attiibution has nevei
been maue oi acknowleugeu, fiom the point of view of inteinational law, the attack on
an auveisaiy's illicit militaiy installation was justifieu. A stiike hau been continuously
thieateneu in the event that Syiia puisueu uevelopment of a nucleai weapons piogiam.
Both the cybei anu conventional militaiy actions weie unueitaken only aftei ieasonable
uiplomatic effoits, incluuing embaigoes of illegal shipments of mateiials fiom Noith
Koiea, hau faileu to halt Syiian collaboiation with Noith Koiean agents. The pieemptive
cybei stiikes weie uiiecteu against militaiy taigets: iauai anu Russian-maue aii uefense
systems, much as a conventional attack might have been, enabling Isiaeli fighteis to
penetiate ueeply into Syiian aiispace with little iesistance. 0nlike the conventional attacks
that followeu, the cybei attack attaineu the militaiy objective of ienueiing uefensive foices
helpless, without wiuespieau uestiuction of piopeity oi loss of life on eithei siue.
%"&
Lithuania June-JuIy 2008
On 17 }une 2OO8, lhe Lilhuanian IaiIianenl adopled an anendnenl lo lhe Lav
on Meelings lhal ieguIaled lhe inpIenenlalion of fieedon of speech and fieedon of
assenlIy. IulIic dispIay of Soviel and Nazi Ceinan insignia, such as lhe hannei and
sickIe, lhe ied slai, and lhe svaslika, as veII as pIaying of lhe Soviel and Nazi anlhens
al pulIic galheiings veie piohililed. IoIIoving lhe passage of lhe anendnenl,
lhe Russian Iedeialion expiessed lheii disconlenl vilh lhe decision, vilh lolh lhe
311 Opcra|icn Orcnard, Wikipedia, al: hup://en.wlklpedla.org/wlkl/Cperauon_Crchard AIso: Hans RhIe: Wie Iian
Syiiens NukIeaile-vaffnung voigeliielen hal, Ncuc Zrcncr Zci|ung, 19 Miz 2OO9.
312 SaIIy Adee, The Hunl foi lhe KiII Svilch, |||| Spcc|run, May 2OO8.
313 Maik Heiniich, IALA suspecls Syiian nucIeai aclivily al lonled sile, Rcu|crs, 18 Ieliuaiy 2O1O.
314 Uzi Mahnaini & Saiah aslei, IsiaeIis seized NucIeai MaleiiaI in Syiian Raid, Tnc Sundaq Tincs, 23 Sep-
lenlei 2OO7, and David A. IuIghun, Roleil WaII & Any ulIei, IsiaeI Shovs LIeclionic Iiovess, Atia|icn
lcc|, 25 Novenlei 2OO7.
Iiesidenl and IaiIianenl issuing condenning slalenenls. On 22 }une, lhe Russian and
lhe eIaiusian Iiesidenls joinlIy denounced lhe nev Iav as a poIilicized appioach
lo hisloiy, and condenned vhal lhey desciiled as allenpls lo ieviile vailine
hisloiy. Coinciding vilh lhe adoplion of lhe anendnenl on 28 }une, hundieds of
goveinnenl and coipoiale velsiles in Lilhuania veie hacked, and sone veie coveied
in digilaI Soviel-eia giafhli, inpIicaling Russian nalionaIisl hackeis.
%"'
The Russia-Georgia War August 2008
The cylei canpaign againsl Ceoigia in Augusl 2OO8 is lhe hisl exanpIe of
cyleiallacks lhal coincided diieclIy vilh a Iand, sea, and aii invasion ly one slale
againsl anolhei, and is piolalIy lhe lesl exanpIe of hov lo piopeiIy enpIoy conpulei
nelvoik allacks in a nodein lallIespace. Russia invaded Ceoigia in iesponse lo
Ceoigias allack againsl lhe sepaialisls in Soulh Osselia.
%"(
The highIy cooidinaled
cylei canpaign uliIized velled laigel Iisls of Ceoigian goveinnenl velsiles and
olhei slialegicaIIy vaIualIe siles, incIuding lhe US and iilish enlassies. Russians
and Russian synpalhizeis aIso disiupled key Ceoigian nedia siles vilh lolnels and
connand and conlioI syslens lhiough DDoS allacks, eIeclionic vaifaie janning
lechnique, velsile poslings and defacenenl. Lach sile vas velled in leins of vhelhei
il couId le allacked fion Russian oi Lilhuanian II addiesses. Allack veclois incIuded
DDoS, SQL injeclion, and cioss-sile sciipling XSS.
%")
Main laigels veie goveinnenl
velsiles, hnanciaI and educalionaI inslilulions, lusiness associalions, and nevs
nedia velsiles, anong lhen C and CNN, piolalIy lecause lhey veie pioviding
usefuI infoinalion.
%"*

The speed of aclion and lhe nuIlidiieclionaI naluie of lhese cylei sliikes
adheied lo a cIassicaI niIilaiy svaining lechnique, oveivheIning lhe cylei defenses
of lhe Ceoigian laigels. The allacking foices veie highIy decenliaIized, lul veie alIe
lo synchionize and concenliale lheii opeialions in a vay lhal nade any Ceoigian
defense iesponse neaiIy inpossilIe. The piinaiy oljeclive of lhis cylei canpaign
vas lo suppoil lhe Russian invasion of Ceoigia, and lhe cylei allacks hl nealIy inlo
a niIilaiy-slyIe invasion pIan. Many of lhese cylei sliikes veie cIeaiIy designed lo
nake il haidei foi lhe Ceoigians lo deleinine vhal vas happening. The inaliIily
of lhe Ceoigians lo keep lheii velsiles up and iunning vas inslanlIy danaging lo
nalionaI noiaIe. These allacks aIso seived lo deIay any inleinalionaI iesponse lo lhe
kinelic conicl unfoIding in lhe Soulh Osselia iegion.
IiolalIy lhe nosl inpoilanl slialegic Iesson Ieained fion lhe cylei canpaign
againsl Ceoigia is lhal cylei allacks aie a vialIe niIilaiy oplion on lhe lallIespace.
315 Lneken Tikk, Kadii Kaska & Liis VihuI, |n|crna|icna| Cqocr |ncidcn|s. |cga| Ccnsidcra|icns, TaIIinn, Coopeia-
live Cylei Defense Cenlie of LxceIIence (CCD COL), 2O1O, pp. 51-64.
316 }effiey Caii, Inside Cylei Waifaie, op. cil., p. 3. And: InleinalionaI Cylei Incidenls: LegaI Consideialions,
op. cil., pp. 66-89.
317 }effiey Caii, |nsidc Cqocr larfarc, Canliidge, OReiIIy, 2O1O, p. 3.
318 See aIso: TineIine of lhe Russian-Ceoigian conicl, OSW, LaslWeek, Cenlie foi Laslein Sludies, 2O Augusl
2OO8,
Anolhei Iesson is lhal cylei allacks can le Iaunched fion safe ienole Iocalions, in lhis
case fion seveiaI diffeienl counliies and aided ly Russian-oiganized ciine syndicales.
Yel anolhei Iesson is lhal lhese opeialions can le enpIoyed in cases vheie Iiniling
lhe physicaI danage lo lhe laigel is a slialegic concein foi lhe lhealei connandei.
Lven lhough lhe cylei canpaign vas laclicaIIy successfuI, lheie aie seveiaI
disadvanlages lo using offensive cylei allacks againsl an adveisaiys IT syslens in
pIace of noie liadilionaI allacks such as aii sliikes oi diiecl aclion nissions ly SpeciaI
Ioices. One of lhese disadvanlages is lhal cylei allacks do nol pioduce quanlihalIe
iesuIls as consislenlIy as kinelic sliikes do. This is due lo lhe facl lhal specihc cylei
allacks can oflen le iendeied useIess ly iouline nodihcalions in lhe laigel syslen -
e.g. appIicalion-IeveI palches. In niIilaiy engagenenls invoIving equaIs, lhe laclicaI
advanlage foi nosl offensive cylei allacks nay go lo lhe defendei, lecause il is
easiei and faslei lo inpIenenl defenses lhan il is lo deveIop offensive cylei allack
lechniques.
%"!
Iion lhe poinl of viev of inleinalionaI Iav, lhe cylei allacks on Ceoigia veie
pail of a Iegilinale poIilicaI disagieenenl lelveen lvo soveieign nalions ovei conlioI
of leiiiloiy deened inpoilanl lo lolh, convenlionaIIy laken lo le a Iegilinale cause foi
lhe use of foice vhen allenpls al dipIonalic soIulions aie unsuccessfuI. Moieovei, lhe
cylei allacks veie ained piinaiiIy al disalIing lhe niIilaiy capacilies of connand
and conlioI of lhe opposing goveinnenl. Neilhei expIicilIy civiIian infiasliucluie
noi civiIians lhenseIves veie deIileialeIy laigeled. Hence, lhe allack seens lo le a
juslihalIe use of cylei veapons in accoidance vilh lhe consliainls of lhe Iav of ained
conicl as convenlionaIIy undeislood.
Kyrgyzstan January 2009
The allack againsl Kyigyzslan is anolhei successfuI cyleiallack againsl a
counliy. The allackeis focused on lhiee of lhe foui Inleinel Seivice Iiovideis (ISI).
The DDoS allack quickIy oveivheIned lhe lhiee ISIs and disiupled aII Inleinel
connunicalions. The II liafhc vas liaced lack lo Russian-lased seiveis piinaiiIy
knovn foi cyleiciine aclivilies. MuIlipIe souices have lIaned lhe allack on lhe
Russian cylei niIilia and lhe Russian usiness Nelvoik (RN) suspecled lo conlioI
lhe voiIds Iaigesl lolnel vilh lelveen 15O and 18O niIIion nodes. One signihcanl
diffeience in lhis case is lhal nosl of lhe DDoS liafhc vas geneialed in Russia and
nay have inpIicilIy invoIved lhe KienIin, despile ofhciaI deniaIs. Il couId have leen
ieIaled lo lensions lelveen lhe adninislialion and eilhei lhe Russian goveinnenl oi
an opposilion paily ciilicaI of lhe nalions poIicies. Il couId aIso have leen an allack
ly Russian synpalhizeis ovei a dispule vilh Kyigyzslan iegaiding US access lo lhe
Manas aii lase in lhal counliy.
319 }ohn ungainei & Scoll oig, Oveiviev ly lhe US-CCU of lhe Cylei Canpaign Againsl Ceoigia in Augusl
of 2OO8, A US-CCU Spccia| Rcpcr|, Augusl 2OO9. AIso: }ohn unganei, Conpuleis as Weapons of Wai, |O
]curna|, May 2O1O, pp. 4-8.
Coordinated South Korean-US attacks July 2009
eginning on 4 }uIy 2OO9, a seiies of DDoS allacks legan lo sliike hisl Soulh
Koiean and lhen lolh Soulh Koiean and US goveinnenl and conneiciaI velsiles.
%$#

Siles laigeled incIuded lhe Koiean AssenlIy, lhe US and Soulh Koiean piesidenls
velsiles, lhe US Slale Depailnenl, lhe pulIic velsiles foi lhe US slock exchanges NYSL,
and NASDAQ, lhe popuIai siles in Soulh Koiea such as 'navei.con. Invesligalions
ieveaIed a lolnel lhal vas appaienlIy luiId using a vaiianl of lhe MyDoon voin
fion eaiIy 2OO4 logelhei vilh iudinenlaiy DDoS allacks such as HTTI iequesl
oods, UDI, and ICMI oods.
%$"
The allacks conlinued fion 4 unliI 1O }uIy, vhen
lhe infecled ICs veie iepiogianned lo enciypl hIes and iendei lhen unloolalIe.
Soulh Koieas NalionaI InleIIigence Agency loId Iavnakeis lhal lhe cyleiallacks lhal
caused a vave of Welsiles oulages in lhe US and lhe ROK veie caiiied oul ly using
86 II addiesses in 16 counliies.
The laigels, lhe US and Soulh Koiea, logelhei vilh lhe lining lelveen a Noilh
Koiean nissiIe lesl Iaunch on 4 }uIy and lhe 15
lh
anniveisaiy of Noilh Koieas Kin II
Sungs dealh on 8 }uIy Ied sone lo suggesl lhal Noilh Koiea vas lehind lhe allacks.
To dale, lheie is no evidence of lhis. The ieaI nolivalions foi lhese allacks ienains a
nysleiy, lul il is videIy consideied a poIilicaI allack.
%$$
Cyber attacks against Iranian nuclear facilities
from 2009 to 2010
A cylei voin caIIed 'Sluxnel
%$%
of unknovn oiigin, deveIoped and ieIeased
in a nunlei of counliies in 2OO9, has danaged cascades of cenliifuges, iIIegaIIy
ollained and opeialed in a highIy piolecled sile al Nalanz, in Iian, in expIicil vioIalion
of lhe 197O nucIeai non-pioIifeialion liealy. The danage suslained vilhin Iian lo
ils cIandesline and inleinalionaIIy-denounced nucIeai piogian vas sulsequenlIy
deened as 'sulslanliaI, and lhoughl lo have pul lhe nucIeai veapons deveIopnenl
piogian off liack foi sone yeais.
%$&
Sluxnel is a sophislicaled veapon. Il allacks and
disalIes nucIeai cenliifuges lhal opeiale vilh a SCADA syslen of lhe Sienens lype,
oveiiiding lhe piopiielaiy soflvaie and oveiIoading lhe cenliifuges. The Iallei so
cIeveiIy, lhal il disguises lhe danage in piogiess fion opeialois and oveiseeis unliI
loo Iale lo ieveise. Lslinales aie lhal il nusl have leen nany nonlhs, if nol yeais in
deveIopnenl, vilh Iaige leans of expeils and access lo highIy iesliicled and cIassihed
infoinalion and equipnenl. An endeavoi vilh inveslnenl in line, iesouices, and
32O Sleven Adaii, Koiean/US DDoS Allacks - IeipIexing, Disiuplive, and Desliuclive, Shadov Seivei Iounda-
lion CaIendai lIog, 1O }uIy 2OO9.
321 }anes A. Levis, Tnc Kcrcan Cqocr A||ac|s and Tncir |np|ica|icns fcr Cqocr Ccnic|, Cenlei foi Slialegic and
InleinalionaI Sludies CSIS, Oclolei 2OO9.
322 }ose Nazaiio, IoIilicaIIy Molivaled DeniaI of Seivice Allacks, Ailoi Nelvoiks, 2OO9.
323 A nicknane coined ly Miciosofl secuiily expeils, an anaIgan of lvo hIes found in lhe voins code.
324 Thal oplinisn has vanished, hovevei, a yeai Ialei as a iepoil fion lhe IALA, ieIeased in Novenlei 2O11,
shoved lhe nucIeai veapons piogian lack on liack and iecoveied fion lhe cylei danage.
expeilise onIy of a veII-posilioned slale oi coaIilion, and cIeaiIy leyond vhal a
leiioiisl gioup oi a veII-funded ciininaI oiganizalion couId have undeilaken.
Iion lhe inleinalionaI Iav poinl of viev, lheie vas a good and juslihalIe
ieason, ieIuclanlIy sanclioned in lhe inleinalionaI connunily, lo undeilake niIilaiy
aclion againsl lhe Iianian nucIeai veapons piogian. DipIonalic effoils and olhei non-
niIilaiy neasuies have leen undeilaken foi yeais vilhoul success. Il vas a pievenlive
allack on a niIilaiy laigel vilh danage conhned lo lhe laigel idenlihed. Theie vas nol
coIIaleiaI danage of any signihcanl soil lo Iives oi piopeily, and civiIian peisonneI
and infiasliucluie veie neilhei laigeled noi affecled. Thus, Sluxnel vas an effeclive
and noiaIIy juslihed niIilaiy cylei allack. Il denonslialed lhal cyleivai can le a
good aIleinalive lo convenlionaI vai, vhen Iess diaslic foins of conicl iesoIulion
have leen liied in good failh, and have faiIed. Sluxnel aIso shoved lhal cylei veapons
can le designed lo le effeclive, disciininale, and lo inicl piopoilionale danage on
lheii laigels - noie so lhan allacks vilh convenlionaI veapons can.
Glossary
#$$%&'()&*+ ,*- #$$. - Conpulei soflvaie designed lo heIp a usei peifoin a ceilain
funclion on lhe conpulei, vhelhei void piocessing, diaving a picluie, chailing lhe
lIood piessuie, elc.
/('01**- - A ienole access lo an IT syslen oi nelvoik and nelhod of lypassing
noinaI aulhenlicalion, in oidei lo ollain access lo pIainlexl vhiIe ienaining
undelecled.
/&) - A singIe digil. In conpulei code, il vouId eilhei le iepiesenled as a O oi a 1.
/*) - Shoil foi iolol, a conpulei lhal has leen joined lo an iIIicil nelvoik undei
oulside conlioI.
/*)+2) - A nelvoik of lols, oi iolol conpuleis.
/3)2 - A unil of infoinalion in conpulei Ianguage lhal usuaIIy consisls of eighl digils,
oi lils.
4*--5$)&*+ - Takes pIace vhen dala and aIgoiilhns of an IT syslen aie changed
in unaulhoiized vays, usuaIIy lo lhe deliinenl of lhe coiiecl funclioning of lhe IT
syslen.
6&7-5$)&*+ - Takes pIace vhen IT syslens aie liicked inlo peifoining opeialions lhal
nake lhen shul dovn, voik al a fiaclion of lheii capacily, connil olvious eiiois, oi
inleifeie vilh lhe opeialion of olhei syslens.
6*8 oi 66*8 #))('0 - A DeniaI-of-Seivice allack oi a Disliiluled oi Dedicaled DeniaI-
of-Seivice allack, oveivheIning a laigeled seivei, oi velsile, vilh such a ood of
iequesls foi iesponse lhal il can foice il lo ciash.
6*9(&+ - An addiess on lhe Inleinel, iendeied in Ielleis oi nunleis. The acluaI
addiess of lhe velsile consisls of sliings of ones and zeioes. The Donain Nane is
neanl in nosl cases lo nake lhe ovnei easiIy iecognizalIe lo a hunan leing - e.g.
+,,+(/B%,7 oi "7"K,*B%,7. Donain Nanes aie soId ly Regisliies, vho assign and
piolecl lhen, naking suie lhal no one lul lhe paying cuslonei can use lhen. Mosl
Donains aie iepiesenled on lhe Inleinel ly velsiles, lul nol aII.
6*9(&+ :(92 #%;*-&)<9 ,6:#. - The nalhenalicaI equalion used ly lhe voin lo
geneiale seeningIy iandon Iisls of Donain Nanes, a lechnique lo hide lhe Iocalion
of lhe lolnels conlioIIei.
63+(9&' =&+0 =&>-(-3 ,6==. - This is lhe nelhod Miciosofl piogianneis enpIoy lo
enalIe conpuleis lo exchange dala.
?@$%*&) - A piogian designed lo lieak inlo an opeialing syslen ly expIoiling a av
in ils piogianning code. IncieasingIy, expIoils have lecone vehicIes foi naIvaie.
They aie naikeled openIy, and used ly ciininaIs lo inseil vhalevei naIvaie lhey
vish inlo laigeled conpuleis.
A&-2B(%% - Soflvaie lhal lIocks unaulhoiized access lo a conpulei oi nelvoik vhiIe
peinilling aulhoiized connunicalions.
C2*DE - A seivice piovided ly 7"97$*)B%,7 vhich leIIs you vheie specihc II addiesses
aie Iocaled in lhe ieaI voiId.
F(7< #%;*-&)<9 - A caiefuIIy-dehned nalhenalicaI nelhod of delecling conlenl
nodihcalion. Il viII delecl a singIe aIleialion of a linaiy nessage viillen in ones and
zeioes, even if lhe nessage conlains liiIIions of lils.
F*+23+2) - A nelvoik of viiluaI conpuleis ciealed ly ieseaicheis lo snaie and sludy
naIvaie.
F*+23$*) - A conpulei, usuaIIy viiluaI, vilhoul any secuiily safeguaids, in olhei
voids, )/#$+*/) lo le infecled ly naIvaie.
FGGE - HypeiTexl Tiansfei IiolocoI, lhe foundalion of dala connunicalion foi lhe
WoiId Wide Wel.
D4G - Infoinalion and Connunicalion TechnoIogy.
D+)2-H('2 I(+(;2- - A Iayei of soflvaie lelveen lhe opeialing syslen and an
appIicalion lhal enalIes lhe usei lo nove easiIy lelveen funclions, oi iun noie lhan
one sinuIlaneousIy. Windovs is an Inleiface Managei.
D+)-57&*+ - The enleiing of naIvaie in an IT syslen oi nelvoik enalIed ly
vuIneialiIily. Inliusion can Iead lo disiuplion oi coiiuplion.
DE #11-277 - Shoil foi Inleinel IiolocoI Addiess, lhe ID nunlei assigned lo a specihc
conpulei in a nelvoik. Undei lhe oiiginaI II Veision 4, il consisls of a 32-lil nunlei.
The nevesl veision, II Veision 6, leing inpIenenled giaduaIIy lo acconnodale lhe
phenonenaI giovlh of lhe Inleinel, uses a 128-lil nunlei.
IP spoofing - The ciealion of Inleinel IiolocoI (II) packels vilh a foiged souice II
addiess, caIIed spoohng, vilh lhe puipose of conceaIing lhe idenlily of lhe sendei oi
inpeisonaling anolhei conpulei syslen.
DJ4 4<(++2% - Inleinel ReIay Chal ChanneI, one of lhe oIdesl vays of selling up a
foiun on lhe Inleinel, vheie nenleis of a gioup can connunicale vilh each olhei
eilhei diieclIy oi lioadcasl nessages lo lhe enliie gioup. IRC ChanneIs veie lhe hisl
enpIoyed lo cieale and conlioI lolnels.
D8E - Inleinel Seivice Iiovidei, a conpulei oi nachine lhal connecls individuaI
conpuleis oi nelvoiks lo lhe Inleinel.
DG - Infoinalion TechnoIogy.
D6: - Shoil foi Inleinel Donain Nane.
K2-+2% - The inneinosl coie of a conpulei opeialing syslen.
K237)-*02 %*;;&+; ,*- 023 %*;;&+;. - The aclion of liacking lhe keys sliuck on a
keyloaid in a coveil nannei so lhal lhe peison using lhe keyloaid is unavaie lhal his
aclions aie leing noniloied. Theie aie nuneious nelhods, ianging fion haidvaie
and soflvaie-lased appioaches lo eIeclionagnelic and acouslic anaIysis.
=*;&' >*9> - A piece of soflvaie inlenlionaIIy and naIiciousIy inseiled inlo a
soflvaie syslen lhal viII danage oi deslioy lhe syslens funclionaIily vhen a specihc
condilion occuis (e.g. a ceilain dale oi line is ieached) oi ly connand.
I(%B(-2 - Shoil foi naIicious soflvaie, any piogian designed lo iIIicilIy enlei a
conpulei and disalIe, danage oi hijack ils opeialions.
L>M2') 4*12 - The nosl lasic Ianguage foi conpuleis, conposed excIusiveIy of lhe
ones and zeioes of linaiy connunicalions.
E(3%*(1 - A lein used lo desciile lhe danage lhal can le done once a vuIneialiIily
has leen expIoiled. Ioi exanpIe, if a soflvaie agenl, such as a viius, has enleied a
given IT syslen, il can le piogianned lo iepioduce and ieliansnil ilseIf, oi deslioy
oi aIlei hIes in lhe syslen. IayIoads can have nuIlipIe piogiannalIe capaliIilies and
can le ienoleIy updaled.
E22-N)*NE22- E-*)*'*% ,EOE. - Soflvaie lhal enalIes individuaI conpuleis on a
nelvoik lo connunicale and shaie dala diieclIy, vilhoul iouling il lhiough a cenliaI
Iocalion.
E*-) I&--*- - A nelvoik conhguialion lhal aulonalicaIIy copies aII dala liafhc al
a pailicuIai poil lo a noniloiing slalion, aIIoving secuiily lechnicians lo valch foi
inliusions.
E()'< - A secuiily updale lhal hxes a av in lhe opeialing syslen lhal, in effecl, pIugs
a nevIy-discoveied hoIe in lhe conpuleis defenses.
J2;&7)-(- - An ICANN acciediled conpany oi oiganizalion lhal is aulhoiized lo
piovide iegislialion seivices foi lhe lop-IeveI donains such as .%,7, .,0+ and .*/5.
Regisliais have conliacluaI agieenenls vilh lheii cusloneis. A Regisliai sulnils aII
nevIy iegisleied donains inlo lhe Regisliy.
J2;&7)-3 - A conpany oi oiganizalion lhal nainlains a cenliaIized iegisliy dala-lase
foi lhe Top-LeveI Donains. CuiienlIy lheie is onIy one Regisliy foi eveiy Top-LeveI
donain, .%,7, .,0+ and .*/5. NSI Regisliy nainlains lhis Regisliy.
J29*)2 G<-2(1 - Hidden code lhal execules ilseIf vilhin lhe viiluaI addiess space of
an exisling, Iegilinale piocess, in olhei voids, a piogian lhal iuns concuiienl vilh
anolhei, so lhal il is nol easiIy iecognized even ly a skiIIed lechnician Iooking foi il.
J**)0&) - Soflvaie lhal enalIes conlinued piiviIeged access lo an IT syslen vhiIe
acliveIy hiding ils piesence fion adninislialois ly sulveiling slandaid opeialing
syslens funclionaIily oi olhei appIicalions.
J**) 82-P2- - Conpuleis lhal funclion as liunk Iines foi lhe Inleinel, nanaging liafhc
ov voiIdvide. Theie aie 13 of lhen, IaleIed A, , C, D . lo M. Ten aie in lhe Uniled
Slales, one each in Cieal iilain, }apan, and Sveden.
JE4 ,J29*)2 E-*'215-2 4(%%. - A lechnoIogy lhal aIIovs a conpulei piogian lo
cause a suliouline oi pioceduie lo execule in anolhei addiess space, usuaIIy on
anolhei conpulei oi on a shaied nelvoik, vilhoul lhe piogiannei expIicilIy coding
lhe delaiIs foi lhis ienole inleiaclion.
82-P2- - A conpulei piogian designed lo cooidinale lhe ov of dala vilhin Iinked
conpuleis, oi lelveen nelvoiks, such as connecling a coipoiale velsile oi individuaI
conpulei lo lhe Inleinel.
82-P&'2 E('0 GB* - The 2OO4 Miciosofl updale lhal sulslanliaIIy changed lhe
chaiaclei of lhe opeialing syslen lo iegaid any inconing dala as a lhieal. A niIeslone
in piolecling conpuleis fion naIvaie.
8*5-'2 4*12 - Any of lhe vaiious conpulei Ianguages designed lo iendei oljecl code,
lhe lasic conpulei Ianguage of ones and zeioes, inlo sonelhing noie inleIIigilIe.
85$2-P&7*-3 4*+)-*% (+1 6()( #'Q5&7&)&*+ 837)297 ,84#6#. - Soflvaie-lased
indusliiaI conlioI syslens used lo noniloi lhe snoolh, ieIialIe, and conlinuous
opeialion of infiasliucluie. Wilh lhese syslens, seivice piovideis use cyleispace
lo connunicale and conlioI sensilive piocesses, such as lhe opening and cIosing
of vaIves, ieguIaling lenpeialuies, conlioIIing lhe ov of oiI, gas, valei and vasle
valei, laIancing IeveIs of chIoiinalion in valei, ieguIaling povei geneialion pIanls
as veII as povei suppIy via lhe eIecliic giid, conlioIIing giound lianspoilalion and
aii liafhc, elc.
G*$ =2P2% 6*9(&+ ,G=6. - A lioad calegoiy foi Donain Nanes - e.g. .%,72 B/)', elc.
- lhal seive as a piinaiy iouling seivice foi lhe Inleinel liafhc.
G-*M(+ <*-72 - A soflvaie lhal appeais lo peifoin a desiialIe funclion foi lhe usei
piioi lo iun oi inslaII, lul sleaIs infoinalion oi hains lhe syslen.
R+$('0 - To lieak lhiough oi sliip avay lhe deceplive coding lhal conpiesses and
piolecls a naIicious piogian.
S&-)5(% '*9$5)2- - An opeialing syslen inside a Iaige conpulei designed lo funclion
as a singuIai snaIIei one.
S&-57 - A hainfuI soflvaie piogian secielIy inlioduced inlo an IT syslen, alIe
lo geneiale and disliilule nuIlipIe copies of il, lheiely spieading lhioughoul lhe
syslen. Lach viius has a desliuclive payIoad lhal is aclivaled undei ceilain condilions.
When aclivaled, il can coiiupl, aIlei, oi deslioy dala, geneiale logus liansaclions, and
liansfei infoinalion
T2>7&)2 - A usei-fiiendIy pIalfoin designed lo seive as a visilIe and inleiaclive
Inleinel pIalfoin, oi a viiluaI headquaileis, foi a Donain.
T*-%1 T&12 T2> - A syslen of inleiIinked hypeilexl docunenls (docunenls
enledded vilh Iinks lo olhei, ieIaled conlenl) accessed via lhe Inleinel.
T*-9 - A foin of naIvaie lhal spieads ly ilseIf, il does nol iequiie lhe conpulei
usei lo do anylhing.
Select Bibliography
Official Documents
InleinalionaI TeIeconnunicalions Union (ITU)
Hanadoun I. Touie and lhe Ieinanenl Moniloiing IaneI on Infoinalion Secuiily,
WoiId Iedeialion of Scienlisls, Tnc Qucs| fcr Cqocr Pcacc, Ceneva, ITU, }anuaiy 2O11.
Measuiing lhe Infoinalion Sociely 2O1O, Repoil, Ceneva, ITU, 2O1O.
ITU CIolaI Cyleisecuiily Agenda: High-LeveI Lxpeils Cioup Chaiinans Repoil,
ITU, Ceneva, 2OO8.
Cyleisecuiily guide foi deveIoping counliies, ITU, Ceneva, 2OO6.
;!<=>
Diafl NATO Cylei Defence Concepl, 4 Oclolei 2OO7.
NATO in |nc Cqocr Ccnncns, IinaI Repoil fion lhe hflh ACT voikshop, Coopeialive
Cylei Defence Cenlie of LxceIIence, TaIIinn, Lslonia, 19 Oclolei 2O1O.
Slialegic Concepl foi lhe Defence and Secuiily of lhe Menleis of lhe Noilh AlIanlic
Tiealy Oiganizalion, adopled in Lislon on 2O Novenlei 2O1O.
NATO in lhe CIolaI Connons: CIolaI Ieispeclive, Washinglon D.C., 3 Ieliuaiy
2O11.
NATO 2O2O: Assuied Secuiily, Dynanic Lngagenenl: AnaIysis and Reconnendalions
of lhe Cioup of Lxpeils on a Nev Slialegic Concepl foi NATO, 17 May 2O1O.
The NATO Cylei Wai Agieenenl, 1 May 2O1O.
NATO and Cqocr Dcfcncc, NATO IaiIianenlaiy AssenlIy, NATO, 2OO9.
Lneken Tikk, Kadii Kaska & Liis VihuI, |n|crna|icna| Cqocr |ncidcn|s. |cga| Ccnsidcra|icns,
Coopeialive Cylei Defence Cenlie of LxceIIence, TaIIinn, Lslonia 2O1O.
MajCen Maik aiiell, Dick edfoid, LIizalelh Skinnei & Lva VeigIes, Assuied
Access lo lhe CIolaI Connons, Supiene AIIied Connand Tiansfoinalion, NATO,
NoifoIk, Viiginia, 3 ApiiI 2O11.
Luiopean Connission
Iiolecling Luiope fion Laige-ScaIe Cylei-Allacks and Disiuplions: Lnhancing
Iiepaiedness, Secuiily, and ResiIience, Luiopean Connission, COM (2OO9) 149,
iusseIs, 2OO9.
=?@&>
Rcducing Sqs|cnic Cqocrsccuri|q Ris|, OLCD/III Iiojecl on Iuluie CIolaI Shocks,
Oiganisalion foi Lcononic Co-opeialion and DeveIopnenl, OLCD, 2O11.
Rc|nin|ing c-Gctcrnncn| Scrticcs, Usei-Cenlied Appioaches, OLCD, 19 Oclolei 2OO9.
!5(")#.*#>
AusliaIian Coveinnenl, Cqocr Sccuri|q S|ra|cgq, ConnonveaIlh of AusliaIia, 23
Novenlei 2OO9.
AusliaIian Coveinnenl, Cqocr S|crn ||, Na|icna| Cqocr Sccuri|q |xcrcisc, IinaI Repoil,
Alloiney-CeneiaIs Depailnenl, Secuiily and CiilicaI Infiasliucluie Division, Augusl
2OO8.
@#-#9#>
Coveinnenl of Canada, Canadas Cqocr Sccuri|q S|ra|cgq fcr a s|rcngcr and ncrc prcspcrcus
Canada, Hei Majesly lhe Queen in Righl of Canada, Cal. No: IS4-1O2/2O1OL, 2O1O.
?(",-*#>
Minisliy of Defence, Cqocr Sccuri|q S|ra|cgq, Cylei Secuiily Slialegy Connillee,
TaIIinn 2OO8.
A)#-$'>
RepulIique Iianaise, Dcfcnsc c| sccuri|c dcs sqs|cncs dinfcrna|icn, S|ra|cgic dc |a |rancc,
Iaiis, Agence nalionaIe de Ia secuiile des syslnes dinfoinalion, Ieviiei 2O11.
B')C#-D>
Cqocr Sccuri|q S|ra|cgq fcr Gcrnanq, eiIin, IedeiaI Minisliy of lhe Inleiioi, Ieliuaiy
2O11.
Tnc |T Sccuri|q Si|ua|icn in Gcrnanq in 2009, IedeiaI Ofhce foi Infoinalion Secuiily,
2OO9.
NalionaIei IIan zun Schulz dei Infoinalionsinfiasliukluien (NISI),
undesninisleiiun des Innein, eiIin, }uIi 2OO5.
;'"E').#-9(>
Dulch Calinel, The NalionaI Cylei Secuiily Slialegy (NCSS) Success lhiough
coopeialion, 2O11.
F-*"'9 G*-H9,C>
Calinel Ofhce, Cylei Secuiily Slialegy of lhe Uniled Kingdon, safely,
secuiily and iesiIience in cylei space. Iiesenled lo IaiIianenl ly lhe
Iiine Minislei, ly Connand of Hei Majesly, Cn 7642, }une 2OO9.
HM Coveinnenl, A Sliong iilain in an Age of Unceilainly, The NalionaI Secuiily
Slialegy, The Slalionaiy Ofhce Liniled, 2O1O.
Calinel Ofhce, Tnc Na|icna| Sccuri|q S|ra|cgq cf |nc Uni|cd Kingdcn, Sccuri|q in an
in|crdcpcndcn| ucr|d, Iiesenled lo IaiIianenl ly lhe Iiine Minislei, ly connand of
Hei Majesly, Cn 7291, Maich 2OO8.
F-*"'9 1"#"'(>
The While House, InleinalionaI Slialegy foi Cyleispace - Iiospeiily, Secuiily, and
Openness in a Nelvoiked WoiId, May 2O11.
The While House, The Conpiehensive NalionaI Cyleisecuiily Inilialive (CNCI),
IailiaIIy decIassihed, 3 Maich 2O1O.
The While House, The Cyleispace IoIicy Reviev, Assuiing a Tiusled and ResiIienl
Infoinalion and Connunicalions Infiasliucluie, 2OO9.
The NalionaI MiIilaiy Slialegy foi Cyleispace Opeialions, The US }oinl Chiefs of
Slaff, Washinglon D.C., 2OO6.
Na|icna| Cqocrsccuri|q S|ra|cgq, Kcq |nprctcncn|s Arc Nccdcd |c S|rcng|ncn |nc Na|icns
Pcs|urc, Teslinony efoie lhe Sulconnillee on Lneiging Thieals, Cyleisecuiily, and
Science and TechnoIogy, Connillee on HoneIand Secuiily, House of Repiesenlalives,
US Coveinnenl AccounlaliIily Ofhce, CAO-O9-432T, 1O Maich 2OO9.
CiilicaI Infiasliucluie Iioleclion: Key Iiivale and IulIic Cylei Lxpeclalions Need lo
e ConsislenlIy Addiessed, US Coveinnenl AccounlaliIily Ofhce, }uIy 2O1O.
CiilicaI Infiasliucluie Iioleclion: Updale lo NalionaI Infiasliucluie Iioleclion IIan
IncIudes Incieased Lnphasis on Risk Managenenl and ResiIience, US Coveinnenl
AccounlaliIily Ofhce, }uIy 2O1O.
Cyleisecuiily: Iiogiess Made lul ChaIIenges Renain in Dehning and Cooidinaling
lhe Conpiehensive NalionaI Inilialive, US Coveinnenl AccounlaliIily Ofhce, CAO-
1O-338, Maich 2O1O.
Cyleisecuiily: Conlinued Allenlion is Needed lo Iiolecl IedeiaI Infoinalion Syslens
fion LvoIving Thieals, US Coveinnenl AccounlaliIily Ofhce, 2O1O.
Iioceedings of a Woikshop on Deleiiing Cyleiallacks: Infoining Slialegies and
DeveIoping Oplions foi U.S. IoIicy, Connillee on Deleiiing Cyleiallacks, NalionaI
Reseaich CounciI, 2O1O.
Cqocrspacc Opcra|icns, Aii Ioice Docliine Docunenl 3-12, US Aii Ioice, LeMay
Cenlei,15 }uIy 2O1O.
Cyleispace Opeialions Concepl CapaliIily IIan 2O16-2O28, US Ainy, TRADOC
IhanphIel 525-7-8, 22 Ieliuaiy 2O1O.
Depailnenl of Defense Slialegy foi Opeialing in Cyleispace, }uIy 2O11.
Information Warfare
}ohn AiquiIIa & David RonfeIdl, Cyleivai Is Coning!, Ccnpara|itc S|ra|cgq, VoI.
12, 1993.
Hula Wass de Czege, Nelvai - Winning in lhe CyleieIeclionagnelic Dinension of
'IuII Specliun Opeialions, Mi|i|arq Rcticu, Maich-ApiiI 2O1O, pp. 2O-32.
CoI MichaeI }. Doninique, |nfcrna|icn Opcra|icns. Tnc Mi|i|arqs Rc|c in Gaining
|nfcrna|icn Supcricri|q, Slialegy Reseaich Iiojecl, US Ainy Wai CoIIege, CaiIisIe
aiiacks, 2OO9.
Mailin C. Lilicki, Infoinalion Doninance in S|ra|cgic |crun, Ni. 132, Washinglon
D.C., NalionaI Defense Univeisily, Inslilule foi Slialegic Sludies, Novenlei 1997.
NATO AIIied }oinl IulIicalion (A}I) 3.1O, A||icd ]cin| Dcc|rinc fcr |nfcrna|icn Opcra|icns,
23 Novenlei 2OO9.
}oinl IulIicalion 3-13 Infoinalion Opeialions, }oinl Slaff, US Depailnenl of Defense,
13 Ieliuaiy 2OO6.
Canpaign |xccu|icn. ]cin| Dcc|rinc Puo|ica|icn 3-00,(}DI 3-OO), 3
id
edilion, Shiivenhan,
MoD, The DeveIopnenl, Concepls and Docliine Cenlie, Oclolei 2OO9.
CaiIo Kopp, IundanenlaIs of Infoinalion Waifaie, NCW 1O1 Iail 14, Dcfcncc Tcdaq,
pp. 71-73.
iandon Hines & Ialiicia A. }oseph, |nfcrna|icn larfarc, Iioc ISLCON 2OO5, VoI. 22,
8 Oclolei 1OO5.
David }. LonsdaIe, The Naluie of Wai in lhe Infoinalion Age: CIausevilzian Iuluie,
London and Nev Yoik, Iiank Cass, 2OO4.
WaIlei L. Richlei, The Iuluie of Infoinalion Opeialions, Mi|i|arq Rcticu, }anuaiy-
Ieliuaiy 2OO9, pp. 1O3-113.
@D:')6#)>
Roleil K. Ackeinan, Nelvoik SilualionaI Avaieness Loons Laige in Cyleispace,
Signa| Magazinc, May 2O1O.
Richaid Adhikaii, Sluxnel Suspicions Rise: Has a Cyleivai Slailed`, TccNcuslcr|d,
4 Novenlei 2O1O.
LioneI D. AIfoid, Cylei Waifaie: The Thieal lo Weapon Syslens, Tnc lST|AC
Quar|cr|q, VoI. 9, No. 4, 2O1O.
Slevail akei, Shaun Waleinan & Ceoige Ivanov, |n |nc Crcssjrc - Cri|ica| |nfras|ruc|urc
in |nc Agc cf Cqocr lar, A gIolaI iepoil on lhe lhieals facing key indusliies, McAfee
Inc., Sanla CIaia, 2OO9.
}ohn ungainei & Scoll oig, Oveiviev ly lhe US-CCU of lhe Cylei Canpaign
Againsl Ceoigia in Augusl of 2OO8, A US-CCU Spccia| Rcpcr|, Augusl 2OO9.
}ohn ungainei, Conpuleis as Weapons of Wai, |O ]curna|, May 2O1O.
Kevin C. CoIenan, Cylei Waifaie Docliine - Addiessing lhe nosl signihcanl lhieal
of lhe 21
sl
cenluiy, McMuiiay, The TechnoIylics Inslilule, 2OO8.
Kevin C. CoIenan, Prcparing fcr a Cqocr A||ac|. Ccun|dcun |c cDaq!, McMuiiay, The
TechnoIylics Inslilule, no dale.
IauI Coinish, David Livingslone, Dave CIenenle & CIaiie Yoike, On Cqocr larfarc,
London, A Chalhan House Repoil, The RoyaI Inslilule of InleinalionaI Affaiis,
Novenlei 2O1O.
IauI Coinish, Rex Hughes & David Livingslone, Cqocrspacc and |nc Na|icna| Sccuri|q
cf |nc Uni|cd Kingdcn. Tnrca|s and Rcspcnscs, A Chalhan House Repoil, The RoyaI
Inslilule of InleinalionaI Affaiis, Maich 2OO9.
Mallhev D. Ciosslon, WoiId Cone Cylei MAD - Hov MuluaIIy Assuied
DeliIilalion Is lhe esl Hope foi Cylei Deleiience, S|ra|cgic S|udics Quar|cr|q,
Spiing 2O11.
RonaId Deileil, Cninas Cqocrspacc Ccn|rc| S|ra|cgq. An Otcrticu and Ccnsidcra|icn cf
|ssucs fcr Canadian Pc|icq, Canadian InleinalionaI CounciI, China Iapeis No. 7, Cenlie
of InleinalionaI ReIalions, Vancouvei, The Univeisily of iilish CoIunlia, Ieliuaiy
2O1O.
Chiis Denchak, LvoIulions in Asynneliic Cyleipovei, Cyleivai ReaI and
Inagined, lcr|d Pc|i|ics Rcticu, Iealuie Repoil, 19 ApiiI 2O11.
Ian Dudgeon, Taigeling Infoinalion Infiasliucluies, Chaplei 4 in Aus|ra|ia and
Cqocr-uarfarc, Canleiia Iapeis on Slialegy and Defence No. 168, AusliaIia NalionaI
Univeisily, pp. 6O-83.
Myiian Dunn CaveIly, Cqocruar. Ccnccp|, S|a|us Quc, and |ini|a|icns, Ziich, CSS
AnaIysis in Secuiily IoIicy, Cenlei foi Secuiily Sludies (CSS), LTH, No. 71, ApiiI 2O1O.
}anes I. IaiveII & RafaI Rohozinski, Sluxnel and lhe Iuluie of Cylei Wai, Surtita|,
VoI. 53, No. 1, Ieliuaiy-Maich 2O11.
Ialiicia MoIoney IigIioIa, Spquarc. 8ac|grcund and Pc|icq |ssucs fcr Ccngrcss, Washinglon
D.C.,CRS Repoil foi Congiess, CongiessionaI Reseaich Seivice, 7-57OO, RL327O6, 9
Decenlei 2OO9.
Iianz-Slefan Cady & Cieg Auslin, Russia, |nc Uni|cd S|a|cs, and Cqocr Dip|cnacq -
Opcrning |nc Dccrs, Nev Yoik, LaslWesl Inslilule, 2O1O.
Kennelh Ceeis, Tnc Cna||cngc cf Cqocr A||ac| Dc|crrcncc, TaIIinn, Lslonia, Coopeialive
Cylei Defence Cenlie of LxceIIence (CCD COL), no dale.
WiII Coodnan, Cylei Deleiience: Toughei in Theoiy lhan in Iiaclice`, S|ra|cgic
S|udics Quar|cr|q, IaII 2O1O.
Ialiick Coinan, The Road lo Cyleipovei: Seizing Oppoilunily WhiIe Managing
Risk in lhe DigilaI Age, ooz AIIen HaniIlon, 11 Ieliuaiy 2O1O.
Relecca Cianl, Risc cf Cqocr lar, A MilcheII Inslilule SpeciaI Repoil, Aii Ioice
Associalion, Novenlei 2OO8.
CIenenl Cuillon, An Ana|qsis cf |nc Cqocr-S|ra|cgics cf |nc US, Cnina and Russia, Ceneva,
Ceneva SchooI of DipIonacy & InleinalionaI ReIalions, Univeisily Inslilule, Maich
2O11.
Lugene L. Haligei, Cqocruarfarc and Cqocr|crrcrisn, While Iapei, The Cylei Secuie
Inslilule, 1 Ieliuaiy 2O1O.
Seynoui M. Heish, The OnIine Thieal, Tnc Ncu Ycr|cr, 1 Novenlei 2O1O.
Rex Hughes, Tcuards a G|coa| Rcginc fcr Cqocr larfarc, London, Chalhan House,
Cylei Secuiily Iiojecl, 2OO9.
}effiey Hunkei, ol Hulchinson & }onalhan MaiguIies, Rc|c and Cna||cngcs fcr
Sufjcicn| Cqocr-A||ac| A||riou|icn, Inslilule foi Infoinalion Infiasliucluie Iioleclion,
Dailnoulh CoIIege, }anuaiy 2OO8.
Lech }anczevski & Andiev M. CoIaiik, Cqocr larfarc and Cqocr Tcrrcrisn, Heishey,
Idea Cioup Inc., 2OO7.
IauI K. Keii, }ohn RoIIins & Calheiine A. Theohaiy, Tnc S|uxnc| Ccnpu|cr lcrn.
Haroingcr cf an |ncrging larfarc Capaoi|i|q, Washinglon D.C., CRS Repoil foi Congiess,
CongiessionaI Reseaich Seivice, 7-57OO, R41524, 9 Decenlei 2O1O.
LIeanoi Keynei, The cylei-vai, ]ancs Dcfcncc lcc||q, No. 39, 29 Seplenlei 2O1O.
iyan KiekeI, Capaoi|i|q cf |nc Pccp|cs Rcpuo|ic cf Cnina |c Ccnduc| Cqocr larfarc and
Ccnpu|cr Nc|ucr| |xp|ci|a|icn, Iiepaied foi lhe US-China Lcononic and Secuiily
Reviev Connission, McLean, Noilhiop Ciunnan Coipoialion, 9 Oclolei 2OO9.
DanieI T. KuehI, Iion Cyleispace lo Cyleipovei: Dehning lhe IiolIen, in IiankIin
D. Kianei, Sluail Slaii & Laiiy K. Wenlz, eds., Cqocrpcucr and Na|icna| Sccuri|q,
Washinglon D.C., NalionaI Defense Univeisily Iiess, Iolonac ooks, 2OO9.
RaIph Lagnei, Tnc Sncr| Pa|n frcn Cqocr Missi|cs |c Dir|q Digi|a| 8cnos, Tiavis,
poIilicaIfoiun, 26 Decenlei 2O1O.
}anes A. Levis & Kaliina TinIin, Cqocrsccuri|q and Cqocruarfarc, IieIininaiy
Assessnenl of NalionaI Docliine and Oiganizalion, Washinglon D.C., Cenlei foi
Slialegic and InleinalionaI Sludies (CSIS), UNIDIR Resouices, 2O11.
}anes A. Levis, Tnrcsnc|ds fcr Cqocruar, Cenlei foi Slialegic and InleinalionaI Sludies,
Seplenlei 2O1O.
Mailin C. Lilicki, Cqocrdc|crrcncc and Cqocruar, Sanla Monica, RAND Coipoialion,
Iiojecl Aii Ioice, 2OO9.
Mailin C. Lilicki, Cyleivai as a Conhdence Cane, S|ra|cgic S|udics Quar|cr|q,
Spiing 2O11, pp. 132-146.
Heileil S. Lin, Offensive Cylei Opeialions and lhe Use of Ioice, ]curna| cf Na|icna|
Sccuri|q |au c Pc|icq, VoI. 4, 2O1O.
}ohn Maikoff, Cyleivai: OId Tiick Thiealens lhe Nevesl Weapons, Ncu Ycr| Tincs,
26 Oclolei 2OO9.
}ohn Maikoff, Wels Anonynily Makes Cyleiallack Haid lo Tiace, Ncu Ycr| Tincs,
17 }uIy 2OO9.
MichaeI Mailine, ils lefoie lonls: Hov Sluxnel ciippIed Iians nucIeai dieans,
Sappnirc, 3 Decenlei 2O1O.
Andiev Nagoiski, ed., CIolaI Cylei Deleiience - Vievs fion China, lhe US, Russia,
India, and Noivay, Nev Yoik, LaslWesl Inslilule, ApiiI 2O1O.
}oseph S. Nye, Cqocr Pcucr, Canliidge, Haivaid Kennedy SchooI, eIfei Cenlei foi
Science and Inlei-nalionaI Affaiis, May 2O1O.
Maico Roscini, WoiId Wide Waifaie - ]us ad oc||un and lhe Use of Cylei Ioice, in:
A. von ogdandy & R. WoIfiun, eds., Max P|anc| Ycarocc| cf Uni|cd Na|icns |au, VoI.
14, KoninkIijke iiII N.V., 2O1O, pp. 85-13O.
MichaeI N. Schnill, Conpulei Nelvoik Allack and lhe Use of Ioice in InleinalionaI
Lav: Thoughls on a Noinalive Iianevoik, CoIoiado Spiings, Inslilule foi Infoinalion
TechnoIogy, 1999.
}ohn . SheIdon, Lessons Leained: Sluxnel and Cyleipovei in Wai, lcr|d Pc|i|ics
Rcticu, Cyleivai, ReaI and Inagined, 19 ApiiI 2O11.
Snadcus in |nc C|cud. |ntcs|iga|ing Cqocr |spicnagc 2.0, }oinl Repoil }RO3-2O1O,
Infoinalion Waifaie Moniloi, Shadovseivei Ioundalion, 6 ApiiI 2O1O.
Liic D. Tiias & iyan M. eII, Cylei This, Cylei Thal.So Whal`, Air c Spacc ]curna|,
VoI. XXIV, No. 1, Spiing 2O1O.
}ody R. Weslly, Henning Wegenei & WiIIian aiIella, Rign|s and Rcspcnsioi|i|ics in
Cqocrspacc - 8a|ancing |nc Nccd fcr Sccuri|q and |iocr|q, Nev Yoik, LaslWesl Inslilule,
and Ceneva, WoiId Iedeialion of Scienlisls, 2O1O.
Tnc Rcad |c Cqocrpcucr, Seizing Oppoilunily WhiIe Managing Risk in lhe DigilaI Age,
A1O-339, McLean, ooz/AIIen/HaniIlon, 2O1O.
Cyleivai: vai in lhe hflh donain. Tnc |ccncnis|, 1 }uIy 2O1O.
A voin in lhe cenliifuge, Tnc |ccncnis|, 2 Oclolei 2O1O.
The neaning of Sluxnel, Tnc |ccncnis|, 3O Seplenlei 2O1O.
Maiching off lo cyleivai, Tnc |ccncnis| Tccnnc|cgq Quar|cr|q, 6 Decenlei 2OO8.
Cyber Security
Addiessing Cylei Secuiily Thiough IulIic-Iiivale Iailneiship: An AnaIysis of
Lxisling ModeIs, AiIinglon, InleIIigence and NalionaI Secuiily AIIiance INSA,
Novenlei 2OO9.
KanIesh ajaj, The Cyleisecuiily Agenda - MoliIizing foi InleinalionaI Aclion, Nev
Yoik, LaslWesl Inslilule, 2O1O.
Heiko oicheil & IeIix }uhI, Secuiing Cyleispace - uiIding Iocks foi a IulIic-
Iiivale Coopeialion Agenda, Luceine, Sandhie AC, 2O11.
}ohn Iackluin & Caiy Waleis, Op|inising Aus|ra|ias Rcspcnsc |c |nc Cqocr Cna||cngc,
The Kokoda Ioundalion, No. 14, Ieliuaiy 2O11.
David Chaikin, Nelvoik Invesligalions of cylei allacks: lhe Iinils of digilaI
evidence, Crinc, |au and Sccia| Cnangc, VoI. 46, No. 4-5, 2OO6.
Ceoigia Tech Infoinalion Secuiily Cenlei (CTISC), Secuiily Sunnil 2O1O, AlIanla,
|ncrging ;Cqocr Tnrca|s) Rcpcr| 2011.
Synanlec CIolaI Inleinel Secuiily Thieal Repoil, Tiends foi 2OO9, Mounlain Viev,
VoI. XV, IulIished ApiiI 2O1O.
Scpncs sccuri|q |nrca| rcpcr| 2011, Sophos Lld. and Sophos Cioup, Ieliuaiy 2O11.
Ienlagon cylei secuiily ioIe expands, Oxfcrd Ana|q|ica. G|coa| S|ra|cgic Ana|qsis, 2
}uIy 2O1O.
David SheIIy, Randy Maichany & }oseph Tionl, |csing |nc Gap. Ana|qzing |nc |ini|a|icns
cf lco App|ica|icn Vu|ncraoi|i|q Scanncrs, The OWASI Ioundalion, Viiginia IoIylechnic
Inslilule and Slale Univeisily, 8 Novenlei 2O1O.
Ielei Sonnei & Ian iovn, Reducing Syslenic Cyleisecuiily Risks, O|CD, OLCD/
III Iiojecl on Iuluie CIolaI Shocks, 14 }anuaiy 2O11.
Meeling lhe Cyleisecuiily ChaIIenge: Lnpoveiing SlakehoIdeis and Lnsuiing
Cooidinalion, IM Coip., U.S. IedeiaI While Iapei, Soneis, Ieliuaiy 2O1O.
Veiizon usiness Risk Tean, 2OO9 Dala ieach Invesligalion Repoil 11, 2OO9.
ooks
}ohn AiquiIIa & David RonfeIdl, Nc|ucr|s and Nc|uars, Sanla Monica, NalionaI Defense
Reseaich Inslilule, RAND, 2OO1.
Maik ovden, lcrn - Tnc |irs| Digi|a| lcr|d lar, London, Ciove Iiess UK, 2O11.
}effiey Caii, |nsidc Cqocr larfarc, OReiIIy Media, Inc., SelaslopoI, Decenlei
2OO9.
Richaid A. CIaike & Roleil K. Knake, Cqocr lar - Tnc Ncx| Tnrca| |c Na|icna| Sccuri|q
and lna| |c Dc Aocu| ||, Nev Yoik, Haipei CoIIins IulIisheis, 2O1O.
}anes I. Dunnigan, The Nexl Wai Zone: Confionling lhe CIolaI Thieal of
Cyleileiioiisn, Nev Yoik, CiladeI Iiess, 2OO2.
Ldvaid Youidon, yle Wais - The Inpacl of Seplenlei 11 on Infoinalion TechnoIogy,
Uppei SaddIe Rivei, Iienlice HaII ITR, 2OO2.
DanieI Venlie, el aI, ed., Cqocruar and |nfcrna|icn larfarc, London & Holoken, N},
ISTL Lld and }ohn WiIey & Sons, Inc., 2O11.
About the series
We viII le olIiged in lhe yeais lo cone lo lioaden oui anaIylicaI hoiizons vay
leyond cuiienl SSR and SSC appioaches. Theie is a gioving uigency lo nove leyond
lhe hisl ievoIulion in lhis aiea lhal Ied lo lhe vhoIe of goveinnenl appioach lovaids
a second ievoIulion, one lhal Ieads lo a fuIIy inlegialed secuiily secloi appioach lhal
ieaches leyond eslalIished slale sliucluies lo incIude seIecl piivale conpanies - and
lhus peinil, vhal ve nighl caII, a vhoIe of issues appioach.
Hoiizon 2O15 voiking papeis piovide a shoil inlioduclions lo Iive issues on lhe
SSC/SSR agenda. The papeis, of couise, do nol seek lo soIve lhe issues lhey addiess
lul ialhei lo piovide a pIalfoin foi fuilhei voik and enquiiy. As such, lhey ask nany
noie queslions lhan lhey ansvei. In addilion lo lhese voiking papeis, lhe piojecl
has pulIished an occasionaI papei - Trcnds and Cna||cngcs in |n|crna|icna| Sccuri|q.
An |ntcn|crq - lhal seeks lo desciile lhe cuiienl secuiily Iandscape and piovide a
lackgiound lo lhe piojecls voik as a vhoIe.
The Geneva Centre for the Democratic Control of Armed Forces (DCAF) is one of the worlds leading
institutions in the areas of security sector reform and security sector governance. DCAF provides in-country
advisory support and practical assistance programmes, develops and promotes appropriate democratic
norms at the international and national levels, advocates good practices and conducts policy-related
research to ensure efective democratic governance of the security sector.
Visit us at: www.dcaf.ch
DCAF Geneva
P.O. Box 1360
1211 Geneva 1
Switzerland
Tel: +41 (22) 741 77 00
Fax: +41 (22) 741 77 05
DCAF Brussels
Place du Congrs 1
1000 Brussels
Belgium
Tel: +32 (2) 229 39 66
Fax: +32 (2) 229 00 35
DCAF Ljubljana
Dunajska cesta 104
1000 Ljubljana
Slovenia
Tel: +386 (1) 5609 300
Fax: +386 (1) 5609 303
DCAF Ramallah
Al-Maaref Street 34
Ramallah / Al-Bireh
West Bank, Palestine
Tel: +972 (2) 295 6297
Fax: +972 (2) 295 6295
DCAF Beirut
P.O. Box 113 - 6041
Beirut
Lebanon
Tel: +961 (1) 738 401
Fax: +961 (1) 738 402

On Cyberwarfare

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

On Cyberwarfare

Uploaded by

Copyright:

Available Formats

DCAF HORIZON 2015 WORKING PAPER No.

You might also like