Dissertation On Cyber Warfare

i
International Conflict MSc
Cyberspace: The New Battlefield
The Cyber Warfare on the Internet Infrastructure
of Estonia in 2007 and of Georgia in 2008
By
Alexia Kasparian
2013/2014
ii
Acknowledgments
This dissertation would not have been possible without the valuable opinions,
advice, and guidance from one of the best professors of Kingston University.
I would like to thank Dr. Steven Bastow for all his guidance, patience and
wonderful sense of humour. I would also like to thank Senior lecturer
Christopher Hamerton for introducing me to the world of cybercrime and
making me fall in love with the subject. Lastly I would like to thank my
partner and my close friend who stood by me and encouraged me that taking
this journey would be hard but worth it.
iii
List of Acronyms
BBC British Broadcasting Corporation
CCD COE Cooperative Cyber Defence Centre of Excellence
CERT Computer Emergency Response Team
CNN The Cable News Network
CYBERCOM United States Cyber Command
DDoS Distributed Denial of Service
DHS Department of Homeland Security
DNS Domain Name System
DoD United States Department of Defense
DoS Denial of Service
ENISA European Network and Information Security Agency
EU European Union
GII Global Information Infrastructure
IP Internet Protocol address
ISIS International Security Information Service
IT Information Technology
ITU International Telecommunication Union
MS Microsoft Windows
iv
NATO North Atlantic Treaty Organisation
NSA National Security Agency
OSCE Organization for Security and Co-operation in Europe
OSINT Open Source Intelligence
PLA People’s Liberation Army (of China)
RBN Russian Business Network
SCADA Supervisory Control and Data Acquisition
SQL Structured Query Language
UN United Nations
US United States
USSR Union of Soviet Socialist Republics
v
Contents Page
Page
Acknowledgments.....................................................................................................i
List of
Acronyms.......................................................................................................ii-iii
List of Figures & Tables.........................................................................................vii
Abstract..................................................................................................................viii
Introduction.........................................................................................................1-5
Chapter 1
How did Cyber Warfare Emerge and why is it so Important to National and
International Security?...........................................................................................6
Defining Cyber Warfare and

Cyberspace.............................................................................................................7-9
Hackers and their Cyber

Weapons..............................................................................................................9-13
vi
The Threat and Importance of Cyber Warfare and Cyber
Terrorism...........................................................................................................13-20
Chapter Conclusion...........................................................................................21-22
Chapter 2
What Are the Superpowers’ Strategies and Viewpoints regarding

Information and Cyber
Warfare?.............................................................................................23
What Is the US Military Approach to Cyber
Warfare?...........................................................................................................25-28
What Is the Chinese Approach to Cyber
Warfare?............................................................................................................29-30
What Is the Russian Approach to Cyber
Warfare?............................................................................................................31-35
Chapter Conclusion...........................................................................................36-37
Chapter 3
Government use of Cyber Warfare as a tool to Attack the Computer Systems
of Foreign Nations..............................................................................................38
What were the Political Aims behind the Cyber Warfare against Estonia in 2007
and Georgia in
2008?.................................................................................................................39-52
What were the actual Cost of Damages inflicted on Estonia and
Georgia?............................................................................................................52-53
vii
How did the Estonian Government, NATO and EU Respond to the Cyber Warfare
against Estonia and Georgia?............................................................................53-55
Was the Russian Government Behind the Cyber Warfare of both Estonia and
Georgia?.............................................................................................................55-60
Chapter
Conclusion.........................................................................................................61-62
Main Conclusion &
Recommendations............................................................................................63-66
Appendices.......................................................................................................67-68
Glossary............................................................................................................69-72
Bibliography...................................................................................................73-106
viii
List of Figures & Tables
Figure 1 Over a decade of DDoS...................................................................12
Figure 2 The bronze soldier statue................................................................40
Figure 3 The batch file.....................................................................................42
Table 1 DDoS attacks on Estonian websites...................................................44
Figure 4 The Georgian Parliament websites under DDoS and cyber
attack.......................................................................................................................48
Figure 5 Georgian President’s website under attack with website defacements, a
slideshow was inserted comparing him to Adolf Hitler..........................................49
ix
Abstract
The dissertation examines how cyber warfare is an increasing tool of
governments to attack the computer systems of foreign states and thus
threatening national and international security. The importance of cyber
warfare will be critically assessed by examining powerful cyber warfare
illustrations like the Estonian and Georgian case studies. Both Estonia
and Georgia happen to have a common hypothetical perpetrator behind
their nations’ cyber warfare: Russia. The problematic nature of the
identity of the ‘attacker’ started when both nations started having
political tensions with Russia. In Estonia, the political tensions between
the Russian government and Estonia started after a relocation of a Soviet-
era statue from the capital city to a nearby military cemetery. While in
Georgia, the political tensions started during the armed conflict between
the Russian Federation and Georgia over South Ossetia. Even though
both of the attacks could not be directly linked to the Russian
government, the overarching implications and lessons are evident and
warrant careful consideration since the future has cyber conflicts in store.
x
Introduction
The dissertation’s topic is important because cyber security is an
ongoing hot topic as cyber attacks in recent years have become one of the
most extensively debated challenges to the security of modern states
(Kozłowski, Rękawek and Terlikowski, 2014, p.1). It can be argued that the
invisible threat of cyber warfare has emerged as an outcome of the
information revolution, which can be complex, multidimensional and hard
to monitor and control. Some people argue that the information revolution
has imposed a “very risky electronic Achilles’ heel” on society (Heickeroe
and Peterson, 2012, p.60). This can be explained by the fact that more and
more systems are interrelated and are becoming reliant on computer
networks. Thus cyber attacks and cyber wars have become a frequent
escalating threat to national and international security (Heickeroe and
Peterson, 2012, p.60).
In the spring of 2007, the unforeseen cyber attack on the Estonian
Internet (IT) infrastructure demonstrated how cyberspace could be used as a
battlefield in political warfare to retaliate against governmental decisions
(cited in Heickeroe and Peterson, 2012, p.135; Kozłowski, Rękawek and
Terlikowski, 2014, pp.1-5). Thus indicating how cyber weaponry has
become an extended device of a nation’s foreign policy (Iasiello, 2013).
Another major incident was the cyber warfare against Georgia in the
summer of 2008 where it provoked a wake-up call for national as well as
international authorities in charge of information security. The cyber attack
episodes highlighted the risks, threats and vulnerabilities caused by
1
information warfare worldwide (Brenner, 2007; cited in Heickeroe and
Peterson, 2012, p.135; Shakarian, Shakarian and Ruef, 2013, p.31).
The aim of the dissertation is to explore how cyber warfare has
become an increasing tool of governments to attack the computer systems of
foreign states and thus threatening national and international security. This
will provide a discussion on the primary question of the dissertation, which
is are governments using cyber warfare as a tool to attack the computer
systems of foreign nations? The primary question will be answered by
examining powerful illustrations of fairly recent cyber warfare case studies,
such as the attacks against Estonia and Georgia (Bryman, 2012, pp.8-9).
The dissertation will be laid out as a comparative case study of the
cyber warfare against Estonia in 2007 and Georgia in 2008 (Kothari, 2004,
p.113). The endorsed approach will be that of the: “descriptive or ‘case-
study’ research...in which a particular situation is studied either to see if it
gives escalation to any general theories, or to see if existing general theories
are borne out by the specific situation” (Goddard and Melville, 2004, p.9).
This chosen methodology will compare and analyse the two case
studies juxtaposing primary and secondary sources such as: books, journals,
news articles, speeches, interviews, government documents, testimonies,
photographs and reports. The usage of internet sources will be mainly
English-language websites, and occasionally Russian and Estonian which
will be translated into English with the aid of a professional translating
website. These sources will augment the critical analysis of the two case
studies by drawing together similarities and contrasts (Bryman, 2012, pp.8-
9).
2
One of the most important strengths of using the comparative
method comes from the deliberate selection of cases. The deliberate
selection of cases that share similar features means that the testing of the
hypothesis is easier (Lijphart, 1971). Collier (1993) in The Comparative
Method accentuates the fact that the comparative methodology allows for an
intensive analysis of a few cases with limited financial resources and time.
This intensive analysis of few case studies can be richer than the outward
statistical analysis of many cases that can be long-lasting and difficult to
effectively complete (Collier, 1993). However, the major weakness found in
the comparative case study is due to the eclectic selection of cases where
there are often many variables connecting the cases that are not essential to
the study, thus: “too many variables, not enough cases” (Landman, 2006,
p.67).
Additionally, the comparative case study of the Estonian and
Georgian cyber warfare will also be analysed through the lens of critical
realism (Witham, 2013, p.2). This theoretical framework is a social sciences
philosophy which is based on an in depth ontology affirming that reality
consists of different layers such as: the Real (the enabling causal laws,
tendencies and mechanisms which are undetectable), the Actual (that which
actually takes place and can be experienced) and the Empirical (that which
is experienced by individual people); within which we deduce
corresponding social practices and events (things taking place but not
essentially seen) and observable social events (things we can detect and
study taking place in the social world) (Bhaskar,1978, p.23; Jeppesen, 2005,
pp.4-5; Witham, 2013, p.2).
3
For instance, the very notion of cyber warfare cannot be detected
with the naked eye, it cannot be physically touched, but we are very much
aware of its existence because it is affecting our experiences in the virtual
space. It disrupts our highly wired mode of life. Cyber attacks then become
a type of escalating threat influencing society as whole: civilians locally and
globally since we all network and connect through computers (Nicholson et
al., 2012, p.421).
The structure will consist of three main chapters. The introduction
being the summary of the order and relevance of what is to follow as well as
describing the academic topic, theoretical premises and methodology. To
begin with, chapter one will examine the emergence of cyber warfare and its
importance to national and international security. This chapter will be
organised into three main sub-sections: firstly, it will define cyber warfare
and cyberspace; secondly, it will investigate the emergence of hackers and
their use of cyber weapons; and thirdly, it will outline and critically assess
the threat and importance of cyber warfare and cyber terrorism to national
and international security.
Chapter two will assess and outline the superpowers’ viewpoints,
strategies and counter-measures, specifically of United States’ (US),
Russia’s, and China’s towards cyber warfare and cyber security. Alongside
independent cyber security experts’ outlook on this matter, in order to take
into consideration the wider dialectics involved directly and indirectly.
Chapter three will investigate how cyber warfare has become an
increasing tool of governments to attack the computer systems of foreign
states by examining and comparing the selected case studies of Estonia and
4
Georgia. These case studies will be used to explore and to give powerful
illustrations of recent cyber warfare mobilisations against nations. It will
critically assess the political aims behind the cyber warfare assailing the
nations’ IT infrastructure and to be able to identify whether or not it was the
work of the Russian government. In addition, it will also scrutinize the
actual cost of damages inflicted on both nations throughout the attacks.
The chapter will also explore how the Estonian government,
European Union (EU) and the North Atlantic Treaty Organisation (NATO)
responded to the cyber warfare against Estonia and Georgia after the
attacks; and the level of paralysis on the targeted nations’ digital
infrastructure during the attacks. Lastly, the main conclusion will provide a
brief summary about what the dissertation has demonstrated, along with
collecting relevant recommendations on cyber security, as informed by the
incidents taking place in Estonia and Georgia which could also be
applicable to the rest of the first world nations. The main conclusion will
also point out a couple of issues which surfaced in the research process
which should be addressed in future research, along with the need for
further research in cyber security.
5
Chapter 1
How did Cyber Warfare Emerge and why is it
so Important to National and International
Security?
“We must protect our critical infrastructure at all costs ...It’s an

understatement to say that cybersecurity is one of the most important issues
we face; the increasingly connected nature of our lives only amplifies our
vulnerability to cyber attacks and we must act now” (The Chairman of the
Senate Commerce, Science and Transportation Committee, Senator
Rockefeller IV, 2009).
September 11th, 2001 (also infamously known as “9/11”) has
frequently been labelled as the date that altered everything (NATO Review,
2011). This may not be true for our everyday life, but it certainly marked a
new epoch regarding regional security. The utilisation of civil airplanes as
devices for a terrorist attack illustrated that nearly everything could be
transformed into a weapon. This is virtually an identical portrayal of cyber
threats (NATO Review, 2011).
Information technology has had a number of positive results for
most people in the information age. It has helped us to connect with the rest
of the world with just a few clicks on the keyboard; however, information
technology is also a double-edged sword given that harmful conducts and
activities have also surfaced in parallel with these positive results. The
connected nature of our lives only magnifies our weakness to cyber attacks.
New threats are surfacing as cyberspace is expanding; this is partially
because society is becoming more and more dependent on the World Wide
6
Web in its day to day social-networking activities (Heickeroe and Peterson,
2012, p.10; Singer and Friedman, 2014, pp.37-39; Stytz and Banks, 2010,
p.1).
Both cyber aggressors and cyber terrorists are taking advantage of
technological devices to attack computer systems and governments in order
to deliver their political messages and views and thus threatening national
and international security. Threats exist due to the fact that the World Wide
Web offers little regulation, has a fast flow of information, and most
importantly, is anonymous (Curran, Concannon and McKeever, 2008, as
cited in Janczewski and Colarik, 2008, p.5; Yar, 2013, p.13; Kozłowski,
2014, p.237).
This chapter will explore the emergence of cyber warfare and
explain why this new form of warfare in cyberspace is important to national
and international security. The chapter will be organised into three main
sub-sections: firstly, it will define cyber warfare and cyberspace; secondly,
it will investigate the emergence of hackers and their use of cyber weapons;
and thirdly, it will outline and assess the threat and importance of cyber
warfare and cyber terrorism to national and international security.
1.1: Defining Cyber Warfare & Cyberspace
Nye (2011, p.21) describes cyber warfare as: “hostile actions in
cyberspace that have effects that amplify or are equivalent to major kinetic
violence”. Similarly many others echo almost identical beliefs in their
descriptions. For instance, Hersh (2010) classifies cyber warfare as the
penetration of unknown networks for the intention of disturbing or
dismantling those networks, and consequently ruining them.

7
The term cyberspace was initially coined in William Gibson’s 1982
novel, Burning Chrome, and it was his use of the term as an indicative
metaphor of a collective virtual hallucination in his 1984 novel,
Neuromancer that brought the phrase cyberspace to eminence and
ultimately into everyday vocabulary (Colarik, 2006, p.34; Heickeroe and
Peterson, 2012, p.9; Barnard-Wills and Ashenden, 2012, p.111).
Cyberspace has physical aspects as it has definite boundaries of
hard drives, cables, mainframes and networks. Hence, the battlefield where
cyber warfare is carried out is defined along specific limitations (Valeriano
and Maness, 2014, p.348; Singer and Friedman, 2014, pp.13-14). Libicki
(2007, p.24) confirms this by noting that cyberspace is not an abstract
concept that has mysterious boundaries but is separated between the
physical layer and syntactic layer.
A conflict in the virtual battlefield usually has its origins in the
actual world where it is used as an ingenious device to convey messages and
illustrate one’s power or national sovereignty to the opponent (Heickeroe
and Peterson, 2012, p.117). From Fitzgerald’s (1996) perspective future
conflicts will have no apparent battle lines and the combat will take place in
a number of platforms, dimensions and space. Warfare is to a lesser extent a
contest between weapons systems and more a contest between information
systems (Fitzgerald, 1996).
An indicative example is the cyber warfare against Estonia in 2007
and Georgia in 2008. Using the World Wide Web to convey this message is
very useful since it is anonymous and relatively inexpensive compared to
conventional forms of warfare (Heickeroe and Peterson, 2012, p.117). Bill
8
Woodcock, the research director of the Packet Clearing House (a non profit
establishment that follows Internet traffic), states that cyber attacks are so
low-cost and easy to escalate, with a few “fingerprints” that they will almost
surely remain an aspect of conventional warfare (Markoff, 2008).
1.2: Hackers & their Cyber Weapons
As previously examined, the origins of cyber warfare can be traced
back to hacking; hence in order to understand cyber warfare one must first
understand the roots and nature of hacking. Cyber warfare can be simply
described as politically motivated hacking; the cyber attacks against Estonia
indicated the beginning of politically motivated cyber warfare (Shakarian,
Shakarian and Ruef, 2013, p.21).
There are several historical examples which indicate the arrival of
the computer hacker in the online world. For instance in 1982, a group of
hackers managed to successfully break into sixty computer systems (Jones,
2014, p.352). This cyber attack led to the very first concerns about the
“technological monstrosities” and significance of cyber security and also to
new regulations against the offence of cybercrime 1 (Tudor, 1989; Jones,
2014, p.352). In the early 1980s hackers started producing their own
magazines and started to hold hacker conferences, an indicative example
would be the famous black hat conference. This social phenomenon led to a
1
The Convention on Cybercrime is the first international treaty seeking to address internet and
computer crime. It was signed in 2001 and became effective in 2004 (Convention on Cybercrime,
2001). The International Telecommunication Union (ITU) is also the key organisation that is
responsible for cyber security within the United Nations (UN) configuration (Ashmore, 2009,
p.17).
9
significant progress in different forms of virus and threat technologies, such
as polymorphic worms and botnets2 (Jones, 2014, p.352).3
The main cyber weaponry being used against victims are the
following: website defacements or vandalism, distributed denial of service
(DDoS) and cyber intrusions. These digital weapons are used by states to
damage their adversaries (Andress and Winterfield, 2011, p.4). They are
also a method to protect national sovereignty and to project national power
(Geers et al., 2013, p.3).
Firstly, in website defacements hackers use structured query
language (SQL) “injection”4 to vandalize or to destroy the intended targets’
websites (Clarke and Knake, 2010). This form of hacking takes over the
website for a short period of time and shows texts or pictures that degrade or
cause offence to the victim’s website. This applies to the cyber warfare
against Georgia in 2008, where the website of the Parliament of Georgia
was changed by images comparing the Georgian president to Adolf Hitler.
Usually, these types of cyber attacks have a propaganda ‘ingredient’. They
are also a type of control, signifying to the victim that they lack the ability
to control their own cyberspace operations (Portilho-Shrimpton, 2008;
Wentworth, 2008; Keating, 2012; Valeriano and Maness, 2014, p.353).
2
See glossary.
3
As hacking started becoming more popular, numerous types of hacking were defined by using hat
colours to signify the levels of threat, ethics and criminality. For instance, a white hat hacker is one
who uses hacking for benevolent purposes such as informing companies of security vulnerabilities,
whereas a black hat hacker is one who hacks for malevolent reasons such as disturbing computer
and network operations. Most black hat hacks are criminal offenses in most nations and when their
Internet Protocol (IP) addresses are detected they are liable to arrests (Jones, 2014, p.352).
Hacking was strongly emphasised and portrayed in the film Goldeneye (1995), where Russian
hackers are introduced in the hacking world, where they intend to cause havoc and threats to
international security.
4
See glossary.
10
The second, slightly more sophisticated form of cyber weaponry,
DDoS methods of attacking in cyberspace are actually operations which
‘flood’5 specific targeted websites, servers, or routers with more data needs
than the website can process (Reveron, 2012). DDoS methods are a well-
known type of aggression on the World Wide Web (Shakarian, Shakarian
and Ruef, 2013, pp.12-13).
The DDoS method efficiently closes down the website, thus making
it inaccessible or nonoperational. These cyber attacks are synchronized
through ‘botnets’, or, ‘zombies’, a network of computers infected with a
virus that permits the invader to remotely control the victims’ machines
without the awareness of their owners (Clarke and Knake, 2010, p.191).
DDoS methods were effectively used in both of the cyber attacks against
Estonia in 2007 and Georgia in 2008 (Heickeroe and Peterson, 2012,
pp.131-139).
5
See glossary.
11
Figure 1: Over a Decade of DDoS6
6
See Appendix 1.
12
The third-level of techniques in cyber warfare are intrusions which
consist of ‘Trojans’7 (or Trojan horses) and ‘trapdoors’ 8 (Reveron, 2012).
Arguably intrusions can be considered more severe than defacements and
vandalism and the damage they create can be more long-term. Trojans or
trapdoors are illicit software added to a program to permit access into a
target’s software program or network, so as to allow future access to a
website once it has been initially attacked (Reveron, 2012).
These intrusions can be inactive for a long period of time and then
generate themselves without detection (Clarke and Knake, 2010, p.200).
The function of trapdoors is to take sensitive information from protected
websites. This technique can have damaging consequences for a state’s
national interests. In contrast with Trojans, trapdoors do not require a human
hacker to start the operation. Trapdoors can be given predated instructions
as to when to turn on without the need for a human hacker (Valeriano and
Maness, 2014, p.354).
1.3: The Threat and Importance of Cyber Warfare & Cyber
Terrorism
It stands to reason that to a great number of people who are not
particularly cyber-savvy, terms like cyber threats, information warfare,
cyber terrorism, and cyber warfare, are charged with an “aura of mysticism
and secrecy” (Heickeroe and Peterson, 2012, p.9). The rapid evolution of
informatization which creates a platform for international politics is
accelerating the growth of the global information infrastructure (GII), and
changes drastically the context of international security. The nature and
7
See glossary.
8
See glossary.
13
means of warfare have been greatly altered by the explosive growth of
information and communications technologies; hence information security
has surfaced as an essential concern of national strategy. The online world
now has more of an impact on our daily reality (Huh, Lee and Chang, 2007,
p.216).
Information has become an essential aspect of the 21st century.
Access to and the availability of the World Wide Web in today’s GII is vital
for a number of world services such as banking, personal communications
and logistical management. A cyber attack could effectively block access to
the communications infrastructure, paralysing business communications and
data transfers (Shakarian, Shakarian and Ruef, 2013, p.12).
Critical information infrastructure networks are the main targets for
cyber attacks because they have developed to the point where they manage
the command and control systems, operate the logistics, facilitate the staff
operations and planning. In simple words they are “the backbone” of the
intelligence abilities. Thus, this makes them even more vulnerable and
attractive targets to cyber aggressors and cyber terrorists (Andress and
Winterfield, 2011, p.5).
Denning (2000) states that cyber terrorism is a generic phrase for a
range of illegal activities involving a range of different organisations,
groups and individuals in cyberspace. For an attack to be labelled as cyber
terrorism the intentional effect of it has to be serious human or economic
damage (Denning, 2000). Cyber terrorism is about imposing fear through
wide scale disruption. Eradicating a supporting infrastructure even
temporarily, in a physical crisis can become paralytic which exposes the
14
inbuilt weakness in our reliance on that infrastructure and effectively
produces fear and panic (Colarik, 2006, p.34).
There is a lot of concern about possible attacks by cyber terrorists in
regards to Supervisory Control and Data Acquisition systems (SCADA).
These systems are utilized to examine and manage utility equipment such as
grid and water supply systems. The loss of statewide power systems, the
disturbance or contamination of water supply, or the intentional opening of
a dam’s flood waters are further targets that have been infiltrated in the past
and could in the future be employed by cyber terrorists to create destruction
(Verton, 2003, pp.241-242; Colarik, 2006, p.52; Nicholson et al., 2012,
p.419).
For example, in 1998, a juvenile hacker succeeded breaking into the
computer system that directs Arizona's Roosevelt Dam. It was reported by
the federal authorities that he had full control of the SCADA system
managing the dam's massive floodgates (Gellman, 2002). The concern of
defending SCADA systems from cyber attacks made international headlines
in 2010 after the Stuxnet virus9 attacked a centrifuge at a uranium
fortification facility in Iran (Finkle, 2011).
Denning (2010, p.198) further stresses that although cyber terrorism
has up to present not resulted in fatality, the potential of such cannot be
ignored. For instance, a cyber attack against the electric power system,
could possibly demolish equipment and shut down power for an extended
period of time, leading to fatality and serious economic instability (Denning,
2010, p.198).
9
See glossary.
15
Without electric power, hospitals and their equipment could become
inoperable if energy is not quickly recovered by default generators. In
addition, many suppliers would be forced to shut down and this would make
purchasing food or fuel unfeasible (Jones, 2014, p.372). In addition to fuel
shortages, air and rail travel would be disrupted in the sense that most
bookings are now mostly available online minimising human servicing
costs, which could mean that airports and train stations could become
dysfunctional and even close (Jones, 2014, p.372). The following areas are
crucial to national health and to a great degree are dependent on the World
Wide Web:
“Agriculture and Food; Banking and Finance; Chemical;

Commercial Facilities; Communications; Critical Manufacturing;
Department of Defense; Dams; Defense Industrial Base; Emergency
Services; Energy; Government Facilities; Healthcare and Public Health;
Information Technology...Nuclear Reactors...” (Andress and Winterfield,
2011, p.15).
These areas are all part of the US Department of Homeland
Security’s (DHS) Critical Infrastructures and Key Resources (CIKR)
protection arrangement. They all work to aid measuring vulnerabilities,
executing protective programs, recuperating security protocols, executing
real-time information sharing, and supporting with emergency planning and
recuperation. These critical infrastructure categories apply to every nation in
the world including the US (Andress and Winterfield, 2011, pp.15-16).
A cyber attack against the aforementioned GII can create real world
disturbance to public and private infrastructure, namely, the functions of
businesses and governmental entities. As a result it can also raise feelings of
vulnerability in the victims because their systems and the fibre of their
16
everyday lives can be disturbed in this way (Shakarian, Shakarian and Ruef,
2013, p.12). Hence, the network infrastructures that facilitate most of what
we do in our digitalised age are both a strength and a weakness (Andress
and Winterfield, 2011, pp.15-16).
The utilisation of technology can improve personal, business, and
government communications but as such it still remains vulnerable to
attacks and disruptions (Ashmore, 2009, p.8). Landler and Markoff (2007)
state that after Estonia was cyber attacked in 2007, the Estonian government
officials started comparing the failure of access to the GII to closing a
country’s sea ports.
It is not surprising that the world’s population might be considering
that cyber warfare is no longer only a remote preoccupation but a major
issue, the invisible threat. It could be for the reason that civilian targets have
been at the centre of malevolent attacks and national security preparation
and economic recovery have been lacking since defences were found weak
or unsophisticated against threats (Jones, 2014, pp.371-372).
For instance in the US, the telephone systems, electric power
generations, transmission systems, air and rail transportation systems are
vital mechanisms of military vigilance (Jones, 2014, pp.371-372).
Nonetheless, there are other irregular targets which are not defended against
cyber attacks because they evade categorization. The financial system is
also a vital element of the national economy and is prey to irregular cyber
attacks by foreign states and terrorists. Recent web security reports point out
that US banks and financial systems are key targets for hacking by other
17
national governments such as China, North Korea and Iran (Jones, 2014,
pp.371-372).
A good metaphor which can give context to this new danger is the
risk of an “electronic Pearl Harbor” or a “cyber 9/11” and a potential
“cybergeddon”, a consequential cataclysm from an extensive disruption of
all programmed systems, networks and activities (Morozov, 2009; Aziz,
2011; Heickeroe and Peterson, 2012, p.60). Shawn Henry, the assistant
director of the Federal Bureau of Investigation’s cyber division, points out
that the threat to the computer network is one of the most serious threats the
US is currently facing (Schott, 2009). With computer systems becoming
more complex and connected to real world, bigger shocks such as
“cybergeddon” might be possibly inescapable (Pempel, 2014).
Jones (2014, p.351) points out that cyber warfare has been
incorporated into the armed forces of every developed state. Furthermore,
he observes that all of the armed forces now have cyber warfare units that
try to steal information and meddle with armed tools and command and
control structures (Jones, 2014, pp.351-352; Valeriano and Maness, 2014,
p.348). Allegedly by 2001, more than thirty countries had information
warfare programs, including Russia, China, Taiwan, France, Israel, Iran,
Brazil and India (Adams, 2001, as cited in Knapp and Boulton, 2008, p.20).
Some propound that cyber technology is being misused as a device to
orchestrate terror, crime and warfare (Andress and Winterfield, 2011, p.2).
10
An arms race is entering into the cyber field of software and algorithms
(Fitzgerald, 1996; Deibert and Rohozinski, 2011).
10
See glossary.
18
Iasiello (2013) emphasises how cyber attacks have become this
century’s pronounced non-nuclear threat. For instance, General Keith
Alexander, the head of the US Cyber Command (CYBERCOM) and
National Security Agency (NSA), when testifying before Congress argued
that all conflicts which will take place in the near future will involve cyber
warfare tactics, and that the US is too weak to defend itself against this type
of warfare. The General stated: “We are finding that we do not have the
capacity to do everything we need to accomplish. To put it bluntly, we are
very thin, and a crisis would quickly stress our cyber forces...This is not a
hypothetical danger” (General Alexander, 2011, as cited in Rothkopf, 2011).
Cyber attacks and nuclear threats have a common denominator: they
are both invisible. Not only are cyber attacks invisible, it is hard to detect
the correct source of the attack, due to the complex and anonymous nature
of the Internet and because IP addresses of the attacking computers can be
spoofed11. Regardless, governments can presuppose the source of the attacks
because most cyber attacks have a political message, they are not carried out
aimlessly (Rothkopf, 2011; Sridhar, 2011).
The invisible threat of cyber warfare and cyber terrorism might be
undetectable, but the damage which might be caused is neither invisible nor
impalpable (Heickeroe and Peterson, 2012, p.9). There might have been
apocalyptic millennium havoc about the millennium bug (Y2K bug 12) in the
year 1999, but the persistent existence of cyber warfare has proved to be
very real on numerous incidents where cyberspace was indeed used as a
11
See glossary.
12
See glossary.
19
battlefield to attack critical information infrastructures (Clarke and Knake,
2010, pp.109-111).
The cyber attacks against Estonia in 2007 were significant enough
to garner international attention since cyber warfare became the means to
debate national politics under the scrutiny of the global community
(Shakarian, Shakarian and Ruef, 2013, p.12). Moreover, the cyber warfare
against Georgia in 2008 marked the first time where a cyber operation was
distinctly combined with a military offensive (Melikishvili, 2009, as cited in
Ashmore, 2009, p.10; Heickeroe and Peterson, 2012, p.135).
According to Brenner (2007) some people describe the cyber attack
against Estonia in 2007 as the first official and publicly illustrated cyber
warfare against a nation. Brenner (2007) also remarked that not everyone
agrees that this cyber attack should be labelled as cyber warfare; instead
some prefer to refer to it as a “cyber riot”. Regardless of how society would
like to label the incident, the incident has been a wake-up call for authorities
in charge of information security in many nations.
20
Chapter Conclusion
About a decade ago cyber warfare and especially cyber terrorism
were partially talked down and depreciated by some experts as
exaggerations as to them being serious threats to international security. In
2002, James Lewis, the Director and Senior Fellow of the Technology and
Public Policy Program of the Center of Strategic and International Studies
(CSIS) referred to the very notion of cyber warfare as “weapons of mass
annoyance” (Lewis, 2002, p.4).13
The notion of cyber warfare was further devalued in 2004 by a
security expert, Marcus Ranum, who referred to it as nothing more than
“hype”. Nonetheless, a decade since the terms “weapons of mass
annoyance” and “hype” were used, there have been notable incidents of
cyber warfare that posed real threats to national security such as the cyber
attacks against Estonia in 2007 and Georgia in 2008 (Shakarian, Shakarian
and Ruef, 2013, p.3).
Chapter one has shown that cyberspace has physical aspects as it
has definite boundaries of cables, hard drives, mainframes and networks
(Valeriano and Maness, 2014; Singer and Friedman, 2014). A conflict in
cyberspace has its origins in the real world where it is used as a vehicle to
convey messages and illustrate one’s power to the adversary (Heickeroe and
Peterson, 2012). The chapter also explored the emergence of computer
hackers and the three main cyber weapons used to attack opponents such as,
DDoS, website defacements, and cyber intrusions (Clarke and Knake, 2010;
Valeriano and Maness, 2014).
13
“Weapons of mass annoyance”: a phrase originated by Stewart Baker (Lewis, 2002, p.11).
21
The chapter also highlights that critical infrastructure networks are
the main targets for cyber attacks by cyber aggressors and cyber terrorists
because they are the “backbone” of the intelligence capabilities. A cyber
attack against the GII can create real world disturbance to the functions of
governments and businesses (Andress and Winterfield, 2011; Shakarian,
Shakarian and Ruef, 2013).
The chapter has also shown the potential danger to society posed by
cyber warfare, a threat which might even extend to the risk of an “electronic
Pearl Harbor”, a potential “cybergeddon” (Aziz, 2011; Heickeroe and
Peterson, 2012, p.60). With the constant growth of the information
revolution it would almost be safe to assert that cyber warfare might also
evolve, hence this would mean that society will need stronger defenses and
cyber security (Rothkopf, 2011).
22
Chapter 2
What are the Superpowers’ Strategies &
Viewpoints regarding Information and Cyber
Warfare?
Information warfare is not a new phenomenon; it is as old as the
human race. History indicates that information has always been a key
weapon in warfare (Goble, 2009, p.182; Heickeroe and Peterson, 2012,
p.31). Detention, extortion, manipulation and destruction of information for
a particular reason are all traits of human behavior. The introduction of
information technology is opening the route for the growth of new means
and methods aiming either at manipulating third parties or defending
information and information systems (Goble, 2009, p.189; Heickeroe and
Peterson, 2012, p.31).
Although there is no collective theory defining information warfare,
a great number of scholars and analysts from dominant nations, primarily
from the US, Russia and China are formulating their own ideas and
concepts. A common perception that all three superpowers share is that
information warfare has a continually escalating significance, and in some
cases might hold an influential role in contemporary and future conflicts
(Heickeroe and Peterson, 2012, p.31).
Every great military and political conflict of the 21 st century includes
some kind of cyber element (Heickeroe and Peterson, 2012, p.31). For
instance, DDoS type of cyber weaponry might have a huge role in future
23
conflicts that employ a computerised element since the technology is
currently not only a well-known cyber weaponry, but also used largely as
means of intimidation (Morozov, 2009; Shakarian, Shakarian and Ruef,
2013, p.21).
O. Sami Saydjari (2008, p.10), the President and founder of Cyber
Defense Agency, notes that the alarming events in cyberspace such as the
cyber attacks against Estonia and Georgia as well as China’s evident
espionage14 conducts are likely examples to confirm the strategic concern.
Saydjari (2008, p.10) states that one thing for certain which must be
prioritised and dealt without delay, is to sanction the significant strategic
risk which cyber threats pose to the developed nations’ information
infrastructure.
First world nations are standing on the edge of an information age
whose infrastructure is an: “untamed territory with much promise” but
whose threats and risks must be brought under control (Saydjari, 2008,
p.10). This chapter will assess and outline the superpowers’ strategies and
viewpoints, specifically US’s, Russia’s, and China’s towards cyber warfare
and cyber security so as to take into consideration the wider dialectics
directly and indirectly involved. The different cyber security experts’
outlook on this matter will also be examined.
14
See glossary.
24
What is the US Military Approach to Cyber Warfare?
Saydjari (2002, p.125) claims in the Annual Computer Security
Applications Conference (ACSAC) that it was particularly in 2002, when
security experts started observing that the US’s critical infrastructure was
extremely defenceless to cyber attacks. This is because like most developed
nations, the US’s real-world critical resources are controlled via this virtual
space termed as cyberspace which in contrast to normal physical space, is
engineered and artificial (Saydjari, 2008, p.10).
Libicki (2007, p.6) agrees that cyberspace is indeed structured and
its rules are largely structured as well. Economic enticements in existing
markets have driven cyberspace to be exceedingly practical, however they
are poorly guaranteed from a national strategic threat outlook (Saydjari,
2008, p.10). Consequently, this automatically turns it into a great
opportunity as much as a serious problem (Libicki, 2007, p.6; Saydjari,
2008, p.10).
Heickeroe and Peterson (2012, p.40) also confirm that the US have
become a vulnerable target to hostile information attacks, specifically in the

15
form of cyber warfare from looming superpowers like China and Russia.
Hence, in order to defend its national and information sovereignty in the
new cyber domain, a US Cyber Command was established in 2010
(Heickeroe and Peterson, 2012, p.40; Singer and Friedman, 2014, p.133).
Singer and Friedman (2014, p.133) claim that CYBERCOM unites
all mechanisms of the US military which focus on and deal exclusively with
15
In 2011, US intelligence officials openly charged Russia and China of continuously stealing
high-tech data from the US for their own national economic advantage (Bodeen, Meghani and
Robertson, 2011).
25
cyber issues from the Army’s Ninth Signal Command to the Navy’s Tenth
Fleet (The Fleet Cyber Command).16 The Pentagon’s 2013 budget plan
referred to the term ‘cyber’ 53 times and the 2014 budget plan referred to
‘cyber’ 147 times and along with it CYBERCOM’s headquarters budget has
accordingly increased multifold. Their goal is to improve their cyber
security efforts (Knott et al., 2013, p.399). According to Harris (2014), the
Defense Secretary Chuck Hagel, states that the US military is expending
billions of dollars to incorporate cyber warfare into military warfare and is
planning to train a force of 6,000 cyber warriors by the end of the year 2015.
This indicates that the Pentagon is becoming fully ‘geared up’ for cyber
warfare (Rothkopf, 2011; Maurer, 2012; Singer and Friedman, 2014,
pp.133-135).
CYBERCOM concentrates on five objectives: to treat cyberspace as
a functioning sphere as the rest of the military does on the ground, sea and
air; to apply new security theories to succeed there; to associate with other
agencies and the private sector; to form relationships with international
associates; and lastly to build up new talent to prompt new innovation in
ways in which the military might combat and win in cyber warfare (Singer
and Friedman, 2014, p.135). Cyberspace is now clearly acknowledged in the
US’s strategic doctrine just as vital as land, air, sea and space (US
Department of Defense, 2006).
As part of this important mission CYBERCOM is to form and direct
three categories of cyber forces: firstly, cyber defence forces that will
protect the military’s own computer networks, regionally associated;
16
CYBERCROM is rumoured to have a cyber warrior force of just under 60,000 staff, with
headquarters located at Fort Meade, Maryland (Singer and Friedman, 2014, p.135).
26
secondly, to fight mission forces that will aid the operation of troops in the
field; and thirdly, direct national operation forces that will support the
defence of vital infrastructure (Singer and Friedman, 2014, p.135). Schneier
(2014, p.93), a computer security and privacy expert, argues that it is vital
for the US to improve their cyber security strategy because of the power
struggle taking place for control.
CYBERCOM was created in order to carry out cyber attacks against
foreign nations, and at the same time to minimise cyber aggression from
foreign governments (Singer and Friedman, 2014, pp.134-135). Lieutenant
General Jon Davis, the Deputy Commander of CYBERCOM, explains that
the US military is treating issues related to cyberspace with a whole new
level of importance. The Lieutenant’s preoccupation almost echoes General
Keith Alexander’s concerns about the importance of cyber warfare to
national security (Singer and Friedman, 2014, p.135).
In Bruce Schneier’s book Carry on: Sound Advice from Schneier on
Security (2014, p.93), the author points out that there is strong evidence of a
power struggle taking place in the US government over the importance of
cyber warfare and cyber security strategy and that the NSA17 and the United
States Department of Defense (DoD) are winning. General Keith Alexander
is continuously accentuating the significance and increasing threat of cyber
warfare to the US’s national security (Schneier, 2014, p.93).
Nonetheless, according to Schneier’s argument (2014, p.92) the
General along with Amit Yoran, a former National Cyber Security Division
director, are said to be continuously hyping up the entire concept of cyber

17
Some people see the pairing of the NSA and of CYBERCOM as natural, because of the entities’
similar responsibilities. However, many people worry about the unclear lines between a military
command and a civilian spy agency (Singer and Friedman, 2014, p.134).
27
warfare and the threat it poses to national security. According to Schneier,
Yoran states that cyber 9/11 has been taking place over the past decade but
it is happening so gradually that it is hard to detect it (Schneier, 2014, p.92).
Nevertheless, Schneier later contradicts his argument when he
himself emphasises the importance of cyber warfare. Schneier (2014, p.95)
states that although it is legitimate for nations to construct offensive and
defensive cyber warfare capacities it is also essential to consider and to plan
how to limit the escalation of cyber warfare paranoia. He states that an
essential initial step would be a hotline connecting the world’s cyber
commands formed after similar hotlines for nuclear commands. This would
at least permit governments to communicate with each other, rather than to
speculate where an attack originated from (Schneier, 2014, p.95). In my
opinion and in Aid’s (2013) understanding, governments are selling fear to
the population so that the latter gives up more and more of their privacy and
autonomy. The US commitment and increasing support to the NSA and
CYBERCOM unit is also a way of justifying spying on their own citizens
and on other nations (Aid, 2013).
28
What is the Chinese Approach to Cyber Warfare?
On the 20th of August 2000, Major General Dai Qingmin stated in
the journal China Military Science, that cyber warfare consists of
information operations which are a creation of conditions, goals and know-
how of a: “…series of operations, where the information environment is the
battle ground and military information and information systems are the
operational targets. Electronic warfare and computer warfare are basically
directed against the adversary’s strength and knowledge” (Qingmin, 2000,
as cited in Thomas, 2004).
According to Singer and Friedman (2014, p.138) the Pentagon’s
2011 Strategy for Operating in Cyberspace, intended to guide Cyber
Command, evidently placed China among the most serious threats in this
sphere. Singer and Friedman (2014, p.138) also interpolated, that many are
now portraying the US-Chinese relationship in cyberspace as a cyber echo
of the US and the former Soviet Union’s (USSR) relationship throughout
the Cold War. Interestingly, Chinese officials declared in 2011, that China
was the victim of some 34,000 cyber attacks which originated from the US,
while in 2012 the numbers rose to the point that Chinese military websites
alone were cyber attacked by US sources nearly 90,000 times (Singer and
Friedman, 2014, p.139).
Singer and Friedman (2014, p.140) state that Edward Snowden in
2013 revealed that the NSA had hacked the high-status Tsinghua University
in Beijing, which happens to be the quarters to one of six “network
backbones” which direct all of mainland China’s World Wide Web traffic,
29
as well as the Hong Kong centre of operations of Pacnet, which controls one
of the Asia-Pacific zone’s largest optical-fiber networks.
According to government sources, Chinese expenditure on cyber
warfare has become a “top funding priority” and a multitude of new units
have been formed to counter and launch cyber attacks on the adversary’s
computer networks (Singer and Friedman, 2014, pp.140-141). Although the
Chinese military organization in charge for cyber operations is not as
transparent about its organization as the US military, many believe it falls
under the People’s Liberation Army (PLA) General Staff Department’s
Third Department. Irrespectively, this unit which is based in Beijing
happens to be very similar to the NSA and to equally focus on breaking-
codes and signals, “making it a natural fit” for cyber conducts (Singer and
Friedman, 2014, pp.140-141).
Singer and Friedman (2014, p.144) claim that China is not just an
intimidating superpower; it is also home to the world’s largest amount of
World Wide Web users. General Keith Alexander claims that China is
combating in cyberspace and winning cyber wars (Singer and Friedman,
2014, p.144). In my view, and according to Sanger, Barboza and Perlroth
(2013), China seems to have meticulously planned to build itself in every
way and in every area so as to compete for supremacy by numbers and
industrious advancements in cyberspace.
30
What is the Russian Approach to Cyber Warfare?
Mshvidobadze (2011) stated in Radio Free Europe that Russia views
its cyber abilities as devices of information warfare, which unify
“intelligence, counterintelligence, maskirovka [camouflage], disinformation,
electronic warfare, debilitation of communications, degradation of
navigation support, psychological pressure, and destruction of enemy
computer capabilities” (Mshvidobadze, 2011). Thus, numerous leading
analysts argue that information technology will be a frightening weapon in
our information age, fully similar to weapons of mass destruction
(Fitzgerald, 1994; Collier, 2007). The many and various implications of
information warfare were highlighted by the Russian Chief of the General
Staff, Viktor Samsonov in the year 1996:
“The effectiveness of ‘information warfare’ systems in combination

with precision weapons and ‘non-military means of influence’ makes it
possible to disorganise the system of state administration, hit strategically
important installations and groups of forces and affect the mentality and
moral spirit of the population. In other words...is comparable with the
damage resulting from the effect of weapons of mass destruction”
(Samsonov, 1996, as cited in Heickeroe and Peterson, 2012, p.44).
The 2001 Congress report on cyber warfare emphasises that Russian
cyber warfare military strategy is to acquire information and withhold such
vital advantage over an adversary (CRS Report for Congress, 2001, as cited
in Heickeroe and Peterson, 2012, p.45). Their strategic objectives could be
achieved through changing an adversary’s information systems, command
and control systems and decision-making processes which can have an
encompassing effect over the populace. In other words they use cyber
weapons like viruses, worms, logic bombs18 and trojans as force multipliers
18
See glossary.
31
so as to maximise the impact of a cyber attack (Tsymbal, 1995, as cited in
Heickeroe and Peterson, 2012, p.45).
Russia’s key deterrence is to demonstrate to a possible adversary the
cost of carrying out a cyber attack against their nation. Regardless of the
existence of the threat or not, these measures affirm the seriousness of the
Russians’ commitment to information warfare (Corbin, 2009; Heickeroe and
Peterson, 2012, p.58). The Russian outlook on information warfare is
carried out in stages: in peace time, in the preface to war, and in time of war
as strategical, operational and tactical (Limno and Krysanov, 2003). In time
of war, information warfare refers to obtaining information supremacy over
the adversary in order to hold information advantages but also to defend
their nation’s own information systems (Pirumov, 1996, as cited in
Information warfare also engages in the physical damage of armed
forces own information systems, electronic countermeasures, uniquely
programmed hardware and software (also known as malware), the
alteration, disinformation and manipulation of information (Rastorguev,
1998, as cited in Heickeroe and Peterson, 2012, p.47). Quoting Burutin:
“Information weapons...do not require specialised manufacturing facilities
and a complex infrastructure. A small group or even one expert can develop
and carry out an act of destruction...and expose human lives to risk”
(Burutin, 2008, as cited in Heickeroe and Peterson, 2012, p.47).
Giles (2011, p.47) implies that even though Russia now views the
actions of NATO and the US with less apprehension than during peaks of
tension in the first decade of the 21 st century, their information operations
32
military agenda is set on the manipulation, disruption, destruction or seizure
of adversarial human and artificial decision making capabilities while
defending their own (US Joint Publication 3-13.1, as cited in Giles, 2011,
p.47). Despite the US’s attempt not to antagonise Russia in cyberspace, the
Information Security Doctrine of the Russian Federation is very antagonistic
in language (Giles, 2011, p.47).
The aforementioned document highlights the growth of ‘Information
Warfare’ concepts that involve ways of rendering vulnerable other nations’
information systems, of intercepting information and telecommunications
systems and computer data storage systems, and of gaining unlawful entry
to them (Security Council of the Russian Federation, as cited in Giles, 2011,
p.47). Hence, their stance is imbalanced since it consists mainly of
aggressive cyber operations and less of counter measures of protection
against them (Giles, 2011, pp.47-48).
In particular, Schneier (2014, pp.92-93) argues that the cyber
warfare waged against Estonia in 2007, were hacking attacks launched by
angry ethnic Russians protesting at anti-Russian policies. Moreover,
Schneier (2014, p.93) also points out that parallel cyber attacks against
Georgia in 2008, which preceded an actual physical Russian attack, were
also possibly the responsibility of national activists or organised crime.
This indicates that even a small number of capable and committed
hackers can impose immeasurable harm on an adversary’s information
systems via cyberspace (Heickeroe and Peterson, 2012, p.47; Libicki, 2007,
p.1). Different forms of viruses and malevolent codes can be utilised on
information systems to cause harm. Other means can include illegal
33
information gathering and cyber espionage (Heickeroe and Peterson, 2012,
p.47).
It is noteworthy to state that distress about information warfare and
cyber vulnerability was a subject discussed well before the cyber attacks and
the armed conflict in Georgia in 2008. The then Deputy Chief of the
General Staff, Lieutenant General Alexander Burutin, stated in January
2008, that Russia ought to be prepared for an international information war.
He remarked that leading nations are now vigorously inventing and building
devices as means of struggle in the information arena. The growth of
information technology has altered the idea of a nation’s military strength
and political potential, and alters the traditional forms of power struggle
(ITAR TASS News Agency, 2008, as cited in Giles, 2011, p.50). Those
with the fastest and more sophisticated computer capacities will have an
advantage over their opponents (Heickeroe and Peterson, 2012, p.45).
Burutin went on to note that it is highly likely that the ultimate
means of ascertainable future warfare and armed conflicts will be solely
attained: “by suppressing its state and military command, navigation and
communication systems, influencing other information facilities in which
the stable government of a state depends” (ITAR TASS News Agency,
2008, as cited in Giles, 2011, p.50). In accordance to Smith (2014) and in
my understanding that is why Russia is fully prepared to be on the offensive
because cyberspace intimidation and espionage is half the victory in the
eyes of the adversaries.
34
Chapter Conclusion
The second chapter has critically assessed how the US is fortifying
itself in cyber warfare since it is giving the notion that they have become
vulnerable to hostile cyber attacks from superpowers such as China and
35
Russia. Thus, is order to defend its information and cyber sovereignty a US
CYBERCOM was established (Heickeroe and Peterson, 2012; Singer and
Friedman, 2014).
Schneier’s book was selected in this chapter because his argument is
structured as a debate regarding cyber warfare. In the beginning the author
pointed out that General Keith Alexander and Amit Yoran were
continuously exaggerating the nature and the very existence of cyber
warfare. He later on emphasises the importance of cyber warfare and he
suggests solutions on how the escalation of cyber warfare can be monitored
(Schneier, 2014).
CYBERCOM has enabled China to be counted among the most
formidable threats in the sphere of cyberspace; however, authors like Singer
and Friedman (2014) argue that China has also become a victim of cyber
attacks in cyberspace from the US. Unlike the US, the Chinese military
organization’s cyber agenda remains covert yet many speculate that it falls
under the PLA General Staff Department’s Third Department.
Controversially, this unit is very similar with the NSA (Singer and
Friedman, 2014). The chapter has identified how Russian cyber warfare
objectives consist of obtaining and holding information advantage over an
adversary. Russia’s key deterrence strategy is to demonstrate to a possible
adversary the cost of commencing a cyber attack against their country
(Heickeroe and Peterson, 2012).
In January 2008, the then Deputy Chief of the General Staff,
Lieutenant General Alexander Burutin stated that Russia should be prepared
for a global information war. He noted that leading nations are now
36
vigorously building forms and means of struggle in the information arena
(Giles, 2011). The chapter has investigated the viewpoints and strategies of
the three superpowers’ towards cyber warfare so as to take into
consideration the wider dialectics directly and indirectly involved. All three
of the superpowers are spending a significant amount of funds to improve
their cyber security efforts and to vigorously invent and build devices as
means of struggle in the information arena, as mentioned. This is done for
offensive and defensive motives (Giles, 2011; Heickeroe and Peterson,
2012, pp.31-40; Knott et al., 2013).
Chapter 3
37
Government use of Cyber Warfare as a tool to
Attack the Computer Systems of Foreign
Nations
Whilst the language of cyber warfare is often believed to be “hyped
up” by military and cyber security professionals like General Keith
Alexander and Amit Yoran, there actually have been recent cases of
significant international conflict in cyberspace (Deibert, Rohozinski and
Crete-Nishihata, 2012, p.4; Schneier, 2014, p.92). The main aim in this
chapter is to examine and critically assess cyber attacks which featured in
world news which present the nature and scale of such incidents taking
place in our shared virtual space. This will allow us to better identify the
target reasoning and the affect on the targeted nations, but to also examine
how the targeted nations are dealing with cyber threats socially, politically
and especially legally, to study “the strengths and challenges in national
law” that the cases present (Tikk, Kaska and Vihul, 2010, p.11).
The cyber warfare against Estonia and Georgia illustrate the risks of
nationalist and politically motivated hacking using programmed codes to
launch conflicts and escalate them (Heickeroe and Peterson, 2012, p.131).
For instance, the Estonian cyber warfare is a case where a nation is
considered to be one of the most wired nations in the world and had wide-
ranging laws applicable to cyber incidents, but had inadequate legal
stipulation to examine and act against politically motivated attacks that had
no profit incentive (Kaeo, 2007; Tikk, Kaska and Vihul, 2010, p.8).
38
In order to comprehend cyber warfare it is important to select and
examine in detail case studies such as the cyber attacks against Estonia and
Georgia that illustrate fully its complexity and mutability. Both of these
nations happen to be former Soviet satellite states and both have a common
hypothetical perpetrator behind their nations’ cyber warfare: Russia. The
problematic nature of the identity of the ‘attacker’ started when both nations
started having political tensions with Russia Thus these case studies will be
scrutinised and compared in order to help the reader to develop a deeper
understanding of current international cyber conflicts that are characterised
by a strong political undertone (Tikk, Kaska and Vihul, 2010, p.9;
What were the Political Aims behind the Cyber Warfare against
Estonia in 2007 and Georgia in 2008?
The cyber warfare against Estonia in the summer of 2007 markedly
drew attention to the fact that the world faced the escalating problem of
cyber threats to public security and state stability. The three-week cyber
storm indicated that NATO members were equally vulnerable to cyber
attacks, along with other first world nations (NATO Review, 2011). In
particular, political and social relations between Russia and Estonia hit a
“low point” in 2007 because of the popular belief that the Russians were
behind the attacks (Keating, 2011; Schneier, 2014, p.41).
On the 27th of April, 2007, the Estonian government effected the
relocation of a national monument from the Soviet-era to a nearby Tallinn
military cemetery. This monument (a bronze statue) was originally placed
by the USSR in 1944 to honour Soviet soldiers who lost their lives in World
39
War II. However, the government’s ultimate plan to relocate the monument
was strongly opposed by the Russian government and by the ethnic Russian
population19 who lived in Estonia, therefore, unintentionally opened a digital
“Pandora’s Box” against its IT infrastructure. As a result, a series of protests
started taking place in Tallinn and in Moscow against the Estonian embassy.
Most importantly the dissent between the two fractions culminated in the
cyber attack of the IT infrastructure of Estonia; it would last until 18 May
2007 (Davis, 2009; Shakarian, Shakarian and Ruef, 2013, p.16; Iasiello,
2013).
Figure 2: The bronze soldier statue.20
From one side, to the ethnic Estonians, the bronze soldier was
symbolic of Soviet tyranny. But from the other side, to the ethnic Russian
minorities living in Estonia, its repositioning symbolized more remote
marginalisation of their ethnic identity (Herzog, 2011, p.51). Kaldor (2004)
and Szakonyi (2007) argue that an apparent “attack” on the identity of a
19
“Ethnic Russians make up about a quarter of Estonia's population of 1.3 million” (The BBC,
2008).
20
See Appendix 2.
40
minority group is likely to encourage a nationalist counter-attack as
consequently occurred in Estonia.
The ethnic Russian inhabitants of Estonia, who viewed the bronze
statue as an emblem of Russian sacrifice and triumph against the Third
Reich, took to the streets to show their grievance against the government’s
decision to relocate the statue. There were violent disputes between security
forces and rioters that continued for days (Franklin et al., 2007; Shakarian,
It was reported that 1,300 people were arrested during the street
disputes in Estonia, 100 people were injured and one person was reported
dead (Traynor, 2007). The street riots in Tallinn were transferred into
cyberspace when in the late hours of Friday on April 27 th, the websites of
the Estonian government institutions and news portals were targeted. The
cyber attacks against both public and private sector websites lasted in stages
of varying intensity, for three weeks (Landler and Markoff, 2007). The
episode has since been labelled the world’s first cyber war, or “Cyber War
I”, as it marked the first time that a persistent, extensive, and politically
motivated cyber-assault was carried out to wreak mayhem on one of the
most wired nation’s entire IT infrastructure (Ruus, 2008).
Initially, the first stage of the cyber war against Estonia’s IT
infrastructure was carried out by somewhat simple means, thus earning the
cyber “riots” title. Meanwhile, in a number of Russian-language internet
forums, summons and instructions were issued to commence ‘ping’21
commands which are to verify the availability of the targeted computers
21
See glossary.
41
with certain restrictions on the Microsoft (MS) Windows command line
(Finn, 2007). Shortly afterwards, users were able to copy available
executable.bat files22 onto their computers and then started to carry out
computerised ping requests (Randel, 2008, as cited in Tikk, Kaska and
Vihul, 2010, p.19). The unexpected attacks were so organised that they were
immediately successful in distressing their victims (Tikk, Kaska and Vihul,
2010, p.19).
The main means of attack utilised in the three week cyber warfare
against Estonia were as mentioned in chapter one: denial of service (DoS) 23,
DDoS, website defacements and large amounts of comment and email
spam. For instance, the DDoS attacks were directed against leading
governmental and private sector websites (Tikk, Kaska and Vihul, 2010,
p.20; Nazario, 2007; Vamosi, 2007; Rhoads, 2007).
Figure 3: Batch Files (Lesniak, 2011).24
An indicative example of website defacement was when (a)
hacker(s) successfully broke into the Estonian Reform Party’s website and
22
See glossary.
23
See glossary.
24
See Appendix 3.
42
posted a forged ‘formal’ apology signed by the Estonian Prime Minister,
Andrus Ansip, regarding the relocation of the bronze statue. In an attempt at
verisimilitude the forged apology was in Estonian which was not
interestingly the Russian language which was the chosen language used for
the rest of the hacked website (Ruus, 2008; Shakarian, Shakarian and Ruef,
2013, p.18).
The forged apology was possibly a backlash since in the early days
of the cyber war, the Estonian Foreign Minister, Urmas Paet, claimed that
cyber terrorist attacks: “have been made from IP addresses of concrete
computers...from Russian government organs including the administration
of the President of the Russian Federation” (cited in Ruus, 2008). In
addition, there was a flood of spam e-mails against government servers and
individual e-mail accounts (RT News, 2007; Tikk, Kaska and Vihul, 2010,
p.21). By the 30th of April, the Estonian government began blocking all
Internet traffic from the adversary, Russia, by filtering out web addresses
that finished in .ru (Finn, 2007).
The second phase of the cyber warfare against Estonia consisted of
more sophisticated and meticulous attacks compared to the first phase.
During the night of May 4rth, DDoS attacks continued against websites
whilst domain name system (DNS) services were temporarily disrupted in
parts of Estonia and were distinctly more intensified due to the use of
botnets. The attackers also cleverly covered their tracks through the use of
proxy servers and possibly by spoofing their IP addresses (Tikk, Kaska and
Vihul, 2010, p.19; Sridhar, 2011). The Estonian banks were continuously
assailed by DDoS attacks from May 9th to 11th and succeeded in taking down
43
Estonia’s major banks such as Hansapank25 and SEB Eesti Ühispank along
with government websites and news portals (Tikk, Kaska and Vihul, 2010,
p.22; Keating, 2012).
Table 1: DDoS attacks on Estonian websites (Nazario, 2007)26
Attack Destination Address or owner

s
35 “195.80.105.107/3 www.pol.ee
2″
7 “195.80.106.72/32″ www.riigikogu.ee
36 “195.80.109.158/3 www.riik.ee
2″ www.peaminister.e
e
www.valitsus.ee
2 “195.80.124.53/32″ www.m53.envir.ee
n
2 “213.184.49.171/3 www.sm.ee
2″
6 “213.184.49.194/3 www.agri.ee
2″
4 “213.184.50.6/32″
35 “213.184.50.69/32″ www.fin.ee
(Ministry of
Finance)
1 “62.65.192.24/32″
Table 2: DDoS attacks on Estonian websites
Attacks Date
21 2007-05-03
17 2007-05-04
31 2007-05-08
58 2007-05-09
1 2007-05-11
25
Hansapank has had losses of at least $1 million (Landler and Markoff, 2007).
26
See Appendix 4 for table 1, 2 and 3.
44
Table 3: DDoS attacks on Estonian websites
Attacks Date
17 Less than 1
minute
78 1min- 1 hour
16 1 hour- 5
hours
8 5 hours to 9
hours
7 10 hours or
more
Moreover at the peak of the
cyber warfare, bank cards and cellular phones were not operable within the
nation (Tikk, Kaska and Vihul, 2010, p.22; Keating, 2012). By making a
banking website for clients unavailable, the cyber aggressors divest the
clients of the means to carry out some critical actions or receive some
critical information, as indicated in chapter one (Shakarian, Shakarian and
Ruef, 2013, p.19).
Given the high volumes of Internet access users, and the
accompanying digital services in Estonia, cyber reliance became a weakness
since it made the country a more vulnerable target to cyber aggressors
(Tikk, Kaska and Vihul, 2010, p.18). As a result, the cyber attacks were
temporarily successful in paralysing the national IT infrastructure because
as aforementioned, Estonia is one of the most wired nations in the world
(Keating, 2010; Keating, 2012; Shakarian, Shakarian and Ruef, 2013, p.16).
In an interview, James Lewis of the CSIS, stated that like most other
Western states Estonia is dependent on the World Wide Web for its entire
information infrastructure since it supports the execution of government
45
operations, electric power grids, financial services and even Tallinn’s water
supply (Lewis, 2009). Mihkel Tammet, the IT director at the Estonian
Defense Ministry, emphasised that the government’s holistic dependency on
the World Wide Web since 2001 has effectively transformed it into a
“paperless government” (Tammet, 2007, as cited in BBC News, 2007). For
this reason, the Estonian President referred to e-Estonia as “a proverbial
canary in a minefield” (President Ilves, 2013, as cited in Harati, 2013).
According to Estonia’s Computer Emergency Response Team
(CERT), 98% of banking transactions in Estonia are completed digitally,
66% of the populace uses the World Wide Web, 55% of households have a
computer at home, and 91% of the computers are connected to the internet
(Republic of Estonia Information System Authority, 2006). For a smaller
country equally heavily wired like Lichtenstein the cyber attacks on the
banks could potentially be detrimental since the nation’s economy, politics,
and even some emergency services “being offline” could lead to a national
disaster (Morozov, 2009).
As indicated in chapter one, the cyber attacks were mainly targeting
information infrastructure networks which are “the backbone” of all
operations both for the public and private domain. Thus, the Estonian
incident clearly reveals that high dependency on their IT infrastructure had
consequently made them more vulnerable and turned them into prey for
cyber aggressors (Andress and Winterfield, 2011, p.5).
By contrast to the Estonian cyber warfare, the three-week cyber
warfare against Georgia occurred within the timeline and in the context of a
wider armed conflict that took place in August 2008 between the Russian
46
Federation and Georgia over South Ossetia. South Ossetia is considered an
independent and de jure demilitarised province of Georgia but shares
borders with Russia (Tikk, Kaska and Vihul, 2010, p.67). Additionally,
South Ossetia became de facto autonomous from Georgia during the
Georgian-Ossetian conflict in the year 1991; however, it was widely
accepted as an essential part of Georgia by the international community
(Bremer, 2008).
Interestingly in order to preserve stability in South Ossetia after the
conflict of 1991, a peacekeeping force was created in 1992 under
Organization for Security and Co-operation in Europe (OSCE) command
which comprised Georgian, Russian and South Ossetian troops lead by a
Russian Commander. In practice, these troops were not successful in
working together and tensions were gradually building up between the
Georgian side and the Russian side (Päevaleht, 2008; Council for Europe
Parliamentary Assembly Resolution 1633, 2008).
On August 7th 2008, Georgian forces instigated an attack against the
separatist forces which took the Russian fraction off guard. Nevertheless, on
August 8th the Russian Federation retaliated with counter-military operations
on Georgia as a response to Georgia’s actions in the South Ossetian region,
and advanced to the area protected under the peacekeeping command
(Ministry of Foreign Affairs of Georgia, 2008). In consequence, this was
essentially an invasion of Georgian territory by the Russian Army with the
mission of forcing out the Georgian Army from South Ossetia (Shakarian,
47
Most importantly, the armed conflict was accompanied with cyber
attacks just like the Estonian incident. The major difference nonetheless was
that Georgia’s case represented the first incident of an attack on two fronts,
the physical and cyberspace, specifically carried out as a territorial invasion
and a large scale cyber invasion (Shakarian, Shakarian and Ruef, 2013,
p.24).
In the meantime, the then President of Georgia Mikheil Saakashvili,
informed the international community about the state of warfare as the
armed conflict and cyber attacks were seriously threatening national security
and state sovereignty (Press release of the President of Georgia, 2008). Even
though the military conflict ended on the 12th of August, the cyber warfare
against Georgia lasted throughout August (The BBC, 2008). “And last year
we had a glimpse of the future face of war...As Russian tanks rolled into
Georgia, cyber attacks crippled Georgian government websites...” (President
Obama, 2009).
Figure 4: The Georgian Parliament websites under DDoS and cyber
48
attack.27
The cyber weaponry against Georgia mainly consisted of: website
defacements of public sites and the carrying out of DDoS attacks against
several public and private (financial and media) targets. The BBC and CNN
were also attacked, possibly because they were distributing fruitful
information about the conflict, instead of ideological reasons. Similar
methods were used in the cyber warfare against Estonia in 2007 (Bumgarner
and Borg, 2009, pp.5-6; Tikk, Kaska and Vihul, 2010, p.71).
Some examples of website defacements were directed at: the
Georgian President’s website (https://www.president.gov.ge), the website of
the National Bank of the Republic of Georgia (www.nbg.gov.ge) and the
website of the Ministry of Foreign Affairs of the Republic of Georgia
(www.mfa.gov.ge). The Georgian Parliament website was also defaced by
slideshows of pictures of the Georgian President alongside Adolf Hitler as

27
See Appendix 5.
49
mentioned in chapter one (Moses, 2008; Wentworth, 2008; Keating, 2012).
DDoS attacks were also directed at the Georgian hackers’ community
website (Adair, 2008, as cited in Tikk, Kaska and Vihul, 2010, p.71).
Figure 5: Georgian President’s website under attack with website
defacements, a slideshow was inserted comparing him to Adolf Hitler
(Danchev, 2008).28
An MS Windows batch script was found in several Russian forums,
websites and blogs which could only be created with the intention to attack
Georgian websites (Adair, 2008, as cited in Tikk, Kaska and Vihul, 2010,
p.73). Comparably, a similar method was used in the first phase of the cyber
warfare against Estonia a year earlier, where a downloadable script to ‘ping’
and thereby ‘flood’ Estonian websites both by DNS and IP was displayed on
a number of Russian language message boards (Danchev, 2008).
Information and directions on how to ‘ping’ ‘flood’ Georgian government
websites were similarly circulated on Russian language sites, online bulletin
28
See Appendix 6.
50
boards along with lists of Georgian websites defenceless to remote SQL
“injections” easing their pre-programmed defacements (Danchev, 2008).
The most infamous Russian website StopGeorgia.ru clearly
manifests the intention to at least temporarily paralyse Georgia’s IT
infrastructure (Shakarian, Shakarian and Ruef, 2013, p.25). This again can
be compared to the Estonian incident, where instructions on launching cyber
attacks were circulated almost entirely on Russian language websites (CIA,
The World Factbook, 2014).29
The cyber aggressors also circulated a list of Georgian politicians’
email addresses for spamming and targeted malevolent attacks (Danchev,
2008). This technique of overloading with comment and spam was used in
the same way against Estonian private and governmental websites and email
servers (Department of Economic and Social Affairs of the UN Secretariat,
2008, as cited in Tikk, Kaska and Vihul, 2010, p.74).
Many believe that the primary goal of the cyber warfare on Georgia
was to prevent the Georgian media from “telling their side of the story”
(Corbin, 2009). As such Corbin argues that the goals of the Russian cyber
warfare against Georgia were to “isolate and silence” them (Corbin, 2009).
This seems to align with the delineated Russian prominence on information
warfare, as mentioned in chapter two (Thomas, 1997). It can be argued
equally that the cyber attacks on Georgia were successful in limiting the
government’s ability to spread its message online and to connect with
sympathisers around the world during the attacks (Markoff, 2008).
29
Russian is a minority language in both Estonia and Georgia (CIA, The World Factbook, 2014).
51
Notably, a major dissimilarity is that Georgia unlike Estonia is
neither a NATO nor an EU member. In addition, Georgia’s cyber warfare
was a two-fold attack (Melikishvili, 2009, as cited in Ashmore, 2009, p.10).
Specifically at the time of the cyber attacks, Georgia’s IT infrastructure was
not very sophisticated so the service disruption was not as complex as in the
case of Estonia. Media, government and banking services websites jamming
was easily achieved resulting in the severing of information flow throughout
Georgia and with the outside world (Melikishvili, 2009, as cited in
Ashmore, 2009, p.10).
The three-week cyber attacks on Georgia were different from those
on Estonia, since these attacks combined DDoS using botnets and SQL
“injections” that are more difficult to detect because they require less
computers than botnets. The SQL “injection” also requires a cyber aggressor
of a superior calibre and sophistication than the ones observed in the cyber
warfare on Estonia’s IT infrastructure (Secure Works Press Release, 2008).
The Estonian and Georgian cyber warfare case studies are frequently
discussed together by cyber security professionals, possibly because of the
“suspected instruments of the Russian government” in both cases; however,
they are still comparably very different (Iasiello, 2013). One major
difference is in the degree of technological complexity of the two nations.
For instance, attacking the IT infrastructure of Estonia, which upheld
Internet accessibility as a basic human right from the year 2000 does not
have the same implications (Morozov, 2009).
According to Stapleton-Gray and Woodcock (2011, p.53) Georgia
has a rather modest infrastructure and its e-commerce is comparatively
52
minimal. Contrary to Estonia, Georgia happens to be a technological
“laggard”. For instance, the Foreign Ministry was not able to immediately
find a provisional homepage on a blog when the nation’s key government
websites became remote during the cyber attacks. In 2006, the UN gathered
Internet statistics which indicated that Georgia had approximately 7 World
Wide Web users per 100 compared to 55 in Estonia (Morozov, 2009; Tikk,
Kaska and Vihul, 2010, p.68; UN Data, 2006).
What were the actual Cost of Damages inflicted on Estonia and
Georgia?
The actual amount of damage to Estonia has not been openly
released. Although, seeing that a single hour of interrupted service made one
of Estonia’s major bank, Hansapank, suffer resulting losses of at least $1
million, it would logically make sense that the cost of the three-week cyber
storm could have been considerable (Landler and Markoff, 2007). Iasiello
(2013) highlights that the cyber operations can also be viewed as a digital
‘smack’ to put Estonia “back in the line”. The fact that the cyber attacks’
duration was only three weeks indicates that the attacks were trying to make
a statement and not a permanent damage (Iasiello, 2013).
Georgia’s banking system was inoperable for ten days in the three-
week cyber warfare, this led to a shutdown of cellular-phone services in the
nation, further disconnecting Georgia from the outside world (Bumgarner
and Borg, 2009; Corbin, 2009). The cyber aggressors evaded inflicting
permanent damage to Georgian networks and to SCADA targets
(Bumgarner and Borg, 2009). The cyber aggressors possibly did not intend
to inflict permanent damage on Georgia’s IT infrastructure, but rather to
53
briefly “isolate and silence” them (Shakarian, 2011, p.66). Nonetheless, the
cyber attacks against Georgia were successful in disrupting communication
early in the conflict (Gorman and Barnes, 2011).
How did the Estonian Government, NATO and EU Respond to
the Cyber Warfare against Estonia and Georgia?
The attacks on the Estonian cyberspace produced a rapid worldwide
reaction. Estonia already had cyber-defense measures against conventional
acts of terrorism (Sieber and Brunst, 2007, pp.161-166, as cited in Herzog,
2011, p.54). The government CERT of Estonia was established from 2006.
Yet Estonia’s CERT called on fellow CERT countries for support, namely
from Germany, Israel, Slovenia and Finland in order to reinstate its standard
network operations. NATO CERTs went to the aid of the Estonian
government, while the EU’s European Network and Information Security
Agency (ENISA) conducted professional technical evaluation of the
growing problem of cyber attacks spreading in Europe and especially
amongst NATO country members (Ruus, 2008; Herzog, 2011, p.54).
The cyber attacks on Estonia were also a “wake-up-call” to the US,
even if there was no direct impact on their nation; Estonia was still
considered an important ally and most importantly a fellow NATO member.
Thus, during Estonia’s cyber war, the US as a gesture of goodwill sent a
group of cyber security professionals to assist in improving their cyber
defences (Collier, 2007).
It took the DDoS attacks on Estonia for NATO and EU member
states to realise and address the severity of the attacks by formally
discussing new directions regarding cyber security, and to impose

54
appropriate punishments for nations found guilty of cyber warfare.
Sanctions were one of the few punishment options that received overall
support. Furthermore, a representative of Germany also suggested that
NATO consider extending its Article V security guarantees to the sphere of
cyberspace, in order to defend future cyber attacks against NATO countries’
SCADA system (Landler and Markoff, 2007; Lewis, 2009, p.8). Article V
states that all actions taken by alliance must be immediately reported to the
UN Security Council and that: “such measures shall be terminated when the
Security Council has taken the measures necessary to restore and maintain
international peace and security” (NATO, 1949).
The 2008 NATO Bucharest Summit acquired a collective Policy on
Cyber Defence and formed the Brussels-based Cyber-Defence Management
Authority (CDMA) to: “centralise cyber defence operational capabilities
across the Alliance” (Hughes, 2008). Finally, in August 2008, Tallinn
became the headquarters of the NATO Cooperative Cyber Defence Centre
of Excellence (CCD CoE), the Atlantic Alliance’s cyber-security head
office (Hughes, 2008; Keating, 2008; European Commission, 2010)30.
At this point it is important to point out the involvement that
Estonia’s CERT had after the cyber attacks on Georgia’s IT infrastructure
where its CERT specialists joined the Georgian efforts to counter the attacks
(DPA, 2008, as cited in Ashmore, 2009, p.9; Taimre, 2008). This example
demonstrates how Estonia as the NATO CCD CoE headquarters was adept
and quick to respond to the emergency of a fellow country compromised by
a cyber security breach. Estonia was justly considered as an expert in cyber
security and cyber warfare in Europe and among NATO members

30
The US joined NATO’s cyber defence research centre in Estonia (Bosco, 2011).
55
(Nikiforov, 2008, as cited in Ashmore, 2009, p.9). Estonia has also received
NATO contingency plans to defend the nation in the case of a Russian
invasion (The Economist, 2010).
Was the Russian Government Behind the Cyber Warfare of both
Estonia and Georgia?
The Russian government denied the Estonian government’s charges
as to their involvement in the cyber warfare against Estonia, claiming that
the professed source of the attacks was Russia-based simply because the
computer codes had been written on Cyrillic-alphabet keyboards (Clarke
and Knake, 2010, pp.15-16). Additionally, the Russian government declined
Estonia’s official diplomatic request to assist in tracking down the attackers,
thereby blatantly disregarding the standing bilateral agreement of
collaboration which Moscow was obligated to follow. It comes as no
surprise that the Russian government in their defence added that both cyber
attack incidents on Georgia and Estonia might have been plausibly isolated
acts of Russian nationalists beyond the control of the Kremlin, deciding to
take matters into their own hands (EU-Russia Forum, 2008, p.27; Clarke
and Knake, 2010, pp.15-16).
However, even if that was admittedly the case it still leaves
unanswered the question of why the Russian government would not try to
stop the dissent from various fronts and the cyber onslaught carried out
against Estonia’s IT infrastructure (Clarke and Knake, 2010, pp.15-21;
Schneier, 2014, p.93). Russian officials also “turned a blind eye” as pro-
Kremlin protesters obstructed the Estonian embassy in Moscow for
numerous days during the cyber attacks (Ruus, 2008). Not to mention that
56
the Russian officials possibly encouraged the cyber aggressors by blaming
Tallinn for altering history, glorifying fascism and violating human rights.
They also insisted that the Prime Minister Andrus Ansip ought to apologise
and resign from office (Terlikowski, 2007).
The EU and NATO technical experts were not able to find any
incontestable proof that the culprit behind the Estonian cyber warfare was
indeed originating from Russia. Thus, there was no justification for any
more finger-pointing other than the assured understanding that these were
coordinated operations (Terlikowski, 2007). In the words of an unnamed
NATO official: “I won’t point fingers...but these were not things done by a
few individuals. This clearly bore the hallmarks of something concerted”
(cited in Traynor, 2007).
Rafal Rohozinski, an investigator and researcher with the SecDev
Group (a cyber-research think-tank based in Canada), suggests possible
indications of government sponsorship behind the malevolent traffic
(Greenberg, 2008). Specifically, the armies of hijacked computers that
commenced and stopped the attacks in exact coordination after one-week
periods indicate that they were rented. The level of organization displayed
in the cyber attacks against Estonia and the funding required to coordinate
them could not be achievable by patriotic cyber crusaders prompted by
vehemence (Greenberg, 2008).
Sergei Markov, a State Duma Deputy of the ruling United Russia
party, made a brusque remark to a journalist two years after the cyber
warfare, in 2009, stating that one of his staff members had been supposedly
involved in the cyber attacks on Estonia (Keating, 2012). Markov stated:
57
“About the cyber attack on Estonia...don’t worry, that attack was carried out
by my assistant. I won’t tell you his name, because then he might not be
able to get visas” (Markov, 2009, as cited in Coalson, 2009). This remark by
Markov can be interpreted as a provocation (Heickeroe and Peterson, 2012,
p.134).
It can also be interpreted as a message to the EU and NATO that
Russia can still exercise control over its former Soviet nations (Wilson,
2009). The cyber attacks might have been carried out to show that both
NATO and EU would not be able to defend Estonia from the Russians and
that the Russians did not need conventional military operations to inflict
damage on Estonia (Kozłowski, 2014, p.239).
Oddly enough, Markov’s young assistant, Konstantin Goloskokov,
did not deny his involvement. He was apparently a leader in Nashi, a
political anti-Fascist youth movement in Russia. Nashi while not officially
part of the Russian government, the Pro-Putin regime group’s agenda was to
take on “anti-Fatherland” forces (Singer and Friedman, 2014, p.111). A
person of such political faith and past would be disposed to lead to purely
political and vengeful acts since he is in a position that could afford him the
means and the power to execute cyber attacks (Singer and Friedman, 2014,
pp.110-111). However, according to Markov his assistant would have solely
cyber attacked Estonia: “as part of a reaction from civil society” (cited in
Coalson, 2008).
Nonetheless, the details of the cyber techniques as stated by Markov
would hardly be the feat of one man, namely the assistant, bearing in mind
the complexity and magnitude of the cyber attacks as reported on the news,
58
which raises questions over the possible involvement of the Russian
government (Tikk, Kaska and Vihul, 2010, p.24; Coalson, 2009).
Interestingly enough, the person who was convicted was not Konstantin
Goloskokov, but Dmitri Galushkevich (an IT student and ethnic Russian
living in Estonia); he was blamed and arrested for the cyber attacks against
the Reform Party’s website (Greenberg, 2008; Kass, 2008).
On the topic of Georgia, it is worth noting Project Grey Goose II; an
Open Source Intelligence (OSINT) conducted a cyber forensic 31 analysis led
by cyber analyst Jeffery Carr. He and his team of analysts undertook the
challenge of building up a case testing the following premises: whether the
Russian government or groups loosely linked to it, carried out the cyber
warfare against Georgia; or if it was the work of a major hacker movement
alone (Project Grey Goose Phase II Report, 2009, as cited in Heickeroe and
Peterson, 2012, p.136; Scanlon and Kechadi, 2010, pp.122-131).
Their methodology for deciphering the most likely premise was
based on semantic analysis of hacker blogs where the Grey Goose team
members would gather information on the “kill chain”. It was an attempt to
map out the process from preparation to execution: the recruitment and the
selection of amateur hackers who participated; the development of target
lists, the range of malicious software to be utilised and ultimately the
decision on how to carry out the attacks (Matthews, 2008).
The Grey Goose II project concluded with the identification of two
Russian hacker forums as the organizers of the attacks and the centres of
operation: StopGeorgia.ru and Xakep.ru. For example, StopGeorgia.ru was
31
See glossary.
59
set up within hours of the Russian military operations invading South
Ossetia. Information was regularly updated in the forum in order to apprise
prospective hackers on how to attack the different Georgian websites
(Heickeroe and Peterson, 2012, p.137). The StopGeorgia.ru website used
an IP address connected to a hosting firm named Steadyhost
(www.steadyhost.ru) which although registered in New York, worked out
of St. Petersburg (Heickeroe and Peterson, 2012, p.137).
The project also investigated the criminal group identified as the
Russian Business Network (RBN). The criminal group is located in St.
Petersburg and is notorious for their illegal cyber activities. Don Jackson,
the director of Threat Intelligence at Secure Works, states that the criminal
group was behind a few of the cyber attacks on Georgia (Markoff, 2008;
Shakarian, Shakarian and Ruef, 2013, p.29).
Besides the Grey Goose project, Gary Warner, a cybercrime expert,
stated that he was able to find the actual “copies of the attack script” which
were available under the reader comments section of every story of the
Georgian conflict which was covered by the Russian media. The script had
complete information and guidelines on how to attack a particular list of
websites (Wentworth, 2008).
The Russian involvement in the Estonian cyber warfare has never
been verified to the present day, but the certainty that they were involved
continues to increase tension between Russia and Estonia (The Baltic
Times, 2007, as cited in Ashmore, 2009, p.8). Iasiello (2013) states that if
the Russian government was indeed involved in the cyber operations against
Estonia, then the cyber weaponry was an extended instrument of its foreign
60
policy. Similarly as with the Estonian incident, even though the attacks on
Georgia cannot be directly linked to the Russian government such incidents
should be studied as cautionary tales and probably deserve careful
consideration to avoid future conflicts (Shakarian, Shakarian and Ruef,
2013, p.31).
Whether or not the Russian government was involved in the cyber
warfare against Estonia and Georgia, it certainly benefited from the overall
cyber attacks against the targetted nations (Shakarian, 2011, pp.67-68). In
my view and in Iasiello’s (2013) understanding, the evidence is mounting
yet justice chooses to be blind in the cyberspace playground since nobody
wants to provoke a looming superpower.
Chapter Conclusion
Shakarian, Shakarian and Ruef (2013, p.21), using the example of
Estonia, point out that computer-enabled demonstrations against
government resources of the 21st century is easily accessible. Their potency
lies in the fact that they can be made untraceable, and can disseminate
seamlessly across the World Wide Web. If anything, the effectiveness of
cyber warfare advances and evolves and cyberspace will in the future
continue being the battleground of DDoS conflicts (Shakarian, Shakarian
and Ruef, 2013, p.21).
The cyber warfare against Georgia in August 2008 illustrates the
first large-scale cyber warfare occurring concurrently with major traditional
combat operations. These cyber attacks had an important informational and
psychological impact on civilians, as not only the media and government
websites were offline, but Georgia as a nation was severed from worldwide
61
online communication. Even though the attacks cannot be directly linked to
the Russian government, the overarching implications and lessons are
evident and warrant careful consideration since the future has cyber
conflicts in store (Haddick, 2011; Shakarian, Shakarian and Ruef, 2013,
p.31).
The Estonian incident accentuated the nuisance of cyber warfare and
whose malware tools were then expertly applied in the Georgian incident
occurring about a year later. It encouraged attackers to evolve and adjust
their cyber warfare strategies employing their full potential with debilitating
results. To apply the old proverb: “Wise men learn from their mistakes, but
really wise men learn from the mistakes of others” (cited in Tikk, Kaska and
Vihul, 2010, p.32). In retrospect, the international community formed
general consensus and realised that cyber warfare could be dangerously
employed for political means and spread to a nation’s fibre, society with its
civilians one by one potentially ‘infected’ (Tikk, Kaska and Vihul, 2010,
p.32).
Ultimately, the cyber warfare against Estonia and Georgia might
have shocked the international community, but as indicated in chapter one,
they could have been significantly worse. If in the foreseeable future cyber
aggressors and cyber terrorists decide to target a state’s water supply, power
grids, traffic lights, air traffic controls and military weapon systems, there
will be a national disaster (Herzog, 2011, p.52).
62
Main Conclusion & Recommendations
The dissertation examined how cyber warfare is an increasing tool of
governments to attack the computer systems of foreign states, and thus
threatening national and international security. The importance of cyber
warfare was critically assessed by the investigation of powerful cyber
warfare illustrations like the Estonian and Georgian case studies. The
research paper has demonstrated that the more former Soviet bloc nations
and generally all nations become equipped with an advanced self-sufficient
IT infrastructure, the more vulnerable they will also be to cyber attacks
(Ashmore, 2009, p.33).
The cyber attacks against Estonia and Georgia were simply
demonstrations of the new 21st century state of the art weaponry employed
in the new battleground of cyberspace, with hackers as the new hi-tech
63
soldiers. Their expertise is to subvert, manipulate and disrupt in order to
control public domains and at will connect and disconnect nations
(Ashmore, 2009, p.33).
According to Morozov (2009) both Estonia and Georgia in varying
degrees were in a way “cyber-locked” with restricted points of
connection to the infinitely vast World Wide Web. This restricted
connectivity as well as the two nations’ reliance on the network's physical
infrastructure leaves the public and private domains exposed to
attacks. Other not so “cyber-locked” countries do not face similar perils
(Morozov, 2009). According to Scott Pinzon, a former Information Security
Analyst with Watch Guard Technologies: “If Georgia or Estonia were
enmeshed into the Internet as thoroughly as, say, the State of California, the
cyber-attacks against them would have been reduced to the level of
nuisance” (Pinzon, 2009, as cited in Morozov, 2009).
After careful consideration, the most logical following step would be
to make feasible recommendations of how business and governmental
entities can build stronger defences against the threat of cyber warfare.
Firstly, a reasonable approach would be to construct impenetrable physical
network infrastructures, such as setting extra cables and forming more
Internet exchange points. Therefore encouraging new Internet service
providers and renewing interest for companies to sell connectivity in places
that now have limited infrastructure (Morozov, 2009).
Businesses could also consider improving security tools and
processes not only to raise their defences against cyber attacks, but also to
prevent their systems from turning into unsuspecting ‘bots’ or ‘zombies’ in
64
large-scale DDoS attacks (Wilson, 2009). In order to evade becoming a prey
to cyber aggressors that exploit computer systems, individuals and
organisations are required: to cope with patches 32 and to update their anti-
malware and anti-virus software on a regular basis (HM Government, 2014,
p.12).
Greatly beneficial would be global-legislative anti-cyber warfare
policymaking by supranational independent institutions (like the EU and
NATO) alongside independent avant-garde think-tanks. In the words of
President Ilves, emphasis needs to be placed on the creation of more
international agreements such as the Convention on Cyber Crime and the
ITU, as mentioned in chapter one (President Ilves, 2013, as cited in Harati,
2013).
Specifically, according to the European Security Review of
International Security Information Service (ISIS) on Regulation of Cyber
warfare: Interpretation versus Creation: “A significant number of problems
could be overcome by creating a treaty consisting of relatively ambiguous
norms...which would...embrace the unique characteristics of cyber-warfare
thus it would be able to regulate both, new technological developments as
well as the cultural differences in perception of cyberspace” (Levarska,
2013, p.15).
Throughout the research process a couple of issues arose which
should be addressed in future research. In this case, an apparent pitfall of the
dissertation is that not all of the sources (both primary and secondary) which
were used were in the English-language. The fact that some sources were
32
See glossary.
65
translated from Russian and Estonian could mean that the translation
process could lead to misinterpretations and inaccuracies in meaning. In
addition, due to the language barrier it is unknown how much more
evidence is available but inaccessible as this thesis only dealt with English
language sources and sources translated into English. It is unclear how
much more evidence is available but has not been translated. Future research
can build on this fact by collaborating with academics that are familiar with
the regional languages and related journals.
Further research in the field of cyber security is important in order to
evade future cyber threats. There are practical problems of cyber threats that
are surfacing with multinational corporations like Microsoft. For instance,
Microsoft has reported updates to deal with vulnerabilities in MS Windows,
MS Office, Internet Explorer and MS Server Software (Abel, 2014, p.268).
These flaws could ease in increasing code execution (the cyber aggressor’s
ability to launch any commands against target computers), elevation of
privilege (the act of exploiting a computer virus) and DoS. Nonetheless,
these problems are giving solid motives for cyber security professionals to
carry out further research on finding solutions of threat detection (Abel,
2014, p.268).
66
Appendices
Appendix 1
Figure 1. Know Your Meme (2013) Over a Decade of DDoS [Image]
Available at: http://knowyourmeme.com/photos/476052-ddos
(Accessed: 1 August 2014).
Appendix 2
Figure 2. Daily Mail (2011) The ultimate geek squad: Estonia trains army of
computer experts to protect itself from cyber attacks [Image]
Available at: http://www.dailymail.co.uk/sciencetech/article-1344402/Estonia-
trains-army-experts-protect-cyber-attacks.html#ixzz3AphbPcMM
67
Appendix 3
Figure 3. Lesniak, J. (2011) Create a Text or Batch file from the Command line in
Windows [Image]
Available at: http://www.informationweek.com/create-a-text-or-batch-file-from-
the-command-line-in-windows/d/d-id/1098821?
Appendix 4
Tables 1, 2 and 3. Nazario, J. (2007) Estonian DDoS attacks- A summary to date
[Tables]
Available at: http://www.arbornetworks.com/asert/2007/05/estonian-ddos-attacks-
a-summary-to-date/
Appendix 5
Figure 4. The Jawa Report (2008) Update: Georgian Government Websites Under
DDoS & Cyber Attack [Image]
Available at: http://mypetjawa.mu.nu/archives/193591.php
Appendix 6
Figure 5. Danchev, D. (2008) Coordinated Russia vs Georgia cyber attack in
progress [Image]
68
Available at: http://www.zdnet.com/blog/security/coordinated-russia-vs-georgia-
cyber-attack-in-progress/1670
Glossary
Algorithm: Are the foundation for most computer programming. They are a set of
instructions for solving a computer problem.
Bot: “A ‘robot network’ of computers whose security defences have been
comprised by hacking, and which can be controlled by an external party” (Yar,
2013, p. 171).
Botnet: “a ‘robot network’ is a large group of infected computers who are under
direct control of an adversary through a ‘command and control’ server...”
(Shakarian, Shakarian and Ruef, 2013, p.307).
69
Computer forensics: “Specialism within forensic science that focuses upon the
acquisition of legal evidence derived from computer systems and their associated
media” (Jewkes and Yar, 2010, p.632).
DoS (Denial of Service): “An attack on a networked computer or computers that
disrupts normal operations to such an extent that legitimate users can no longer
access their services” (Jewkes and Yar, 2010, p.632).
DNS (Doman Name System): “...a protocol within the set of standards for how
computers exchange data on the Internet and on many private networks, known as
the TCP/IP protocol suite” (Brain and Crawford, 2000).
Espionage: Cyber espionage is the illegal entry by a nation-state onto the
networks, computers, or databases of another country for purposes of copying and
withdrawing sensitive information (Clarke and Knake, 2010, p.285).
Executive bat files (Batch files): “A batch file is a text file that contains a
sequence of commands for a computer operating system” (Rouse, 2007).
Flood: “Flooding is a Denial of Service (DoS) attack that is designed to bring
a network or service down by flooding it with large amounts of traffic...”
(Webopedia, 2014).
70
Internet: “The publicly accessible network of computers that emerged in the 1970s
and came to span the globe by the late 1990s” (Jewkes and Yar, 2010, p.634).
Logic Bombs: “A software application that cause a system or network to shut
down and/or to erase all data or software on the network” (Clarke and Knake,
2010, p.287).
Malware: Is malicious software.
Patch: “A software code update. Vendors are security patches to mitigate or fix
security vulnerabilities” (Singer and Friedman, 2014, p.298).
Ping: query (another computer on a network) to verify whether there is a
connection to it.
Spoofing: “The fraudulent practice of establishing facsimiles of legitimate
websites, to which victims can be directed and where they will unknowingly
surrender sensitive information...” (Yar, 2013, p.176).
SQL: A form of programming language utilised to manage data (Singer and
Friedman, 2014, p.298).
SQL (Structured Query Language) injection: “an attack where an invalid SQL
query is sent to a database with malicious executable code attached at the end. The
71
system then fails to execute the invalid query and crashes, leading to the system
executing the malicious executable code” (Shakarian, Shakarian and Ruef, 2013,
p.311).
Stuxnet virus: “Created by US and Israeli intelligence agencies, a computer worm
specifically designed to sabotage Iranian nuclear research facilities” (Singer and
Friedman, 2014, p.298).
Trapdoors: “Unauthorized software maliciously added to a program to allow
unauthorized entry into a network or into the software program...” (Clarke and
Knake, 2010, pp.289-290).
Trojans/ Trojan Horses: “Malicious software programs which are infiltrated into
computers disguised as benign applications or data” (Jewkes and Yar, 2010,
p.636).
Virus: “Pieces of computer code that can ‘infect’ computer systems causing
disruption to their normal operation” (Jewkes and Yar, 2010, p.636).
Worms: “A computer worm is a self-replicating program. It uses a network to send
copies of itself to other nodes...and may do so without any user intervention...”
(Jewkes and Yar, 2010, p.637).
72
Y2K bug (The Millennium bug): “A defect in the code of a computer program
caused when a year is represented by its last two digits only and the program
interprets that year as falling inclusively between 1900 and 1999 instead of
between 2000 and 2099” (The American Heritage Dictionary of the English
Language, 2003).
Bibliography
Abel, S. (2014) ‘Uncertainty Modeling: The Computational Economists’ View on
Cyberwarfare’, in Yager, R.R., Reformat, M.Z., and Alajlan, N. (eds.) Intelligent
Methods for Cyber Warfare. London: Springer International Publishing, pp.267-
278.
Aid, M. M. (2013) ‘Inside the NSA’S Ultra-Secret China Hacking Group’,
Foreign Policy, 10 June [Online]. Available at:
http://www.foreignpolicy.com/articles/2013/06/10/inside_the_nsa_s_ultra_secret_
china_hacking_group
(Accessed: 23 September 2014).
73
Andress, J., and Winterfield, S. (2011) Cyber Warfare: Techniques, Tactics and
Tools for Security Practitioners. 2nd edn. United States: Syngress.
Ashmore, W.C. (2009) ‘Impact of Alleged Russian Cyber Attacks’, Baltic
Security & Defence Review, 11 (1), pp.4-34 [Online]. Available at:
http://www.bdcol.ee/files/files/documents/Research/BSDR2009/1_%20Ashmore
%20-%20Impact%20of%20Alleged%20Russian%20Cyber%20Attacks%20.pdf
Aziz, A. (2011) ‘FireEye CEO Says “Cybergeddon” Is a Possibility’. Available at:
http://www.bloomberg.com/video/71431086-fireeye-ceo-says-cybergeddon-is-a-
possiblity.html
(Accessed: 27 May 2014).
Barnard-Wills, D., and Ashenden, D. (2012) ‘Securing Virtual Space: Cyber war,
Cyber Terror, and Risk’, Space and Culture, 15 (2), pp.110-123.
Bernard, D. (2012) ‘The Coming Cyberwar With Iran?’, Voice of America, 20
March [Online Image]. Available at: http://blogs.voanews.com/digital-
frontiers/2012/03/20/the-coming-cyberwar-with-iran/

74
Bhaskar, R. (1978) A Realist Theory of Science. Hemel Hempstead: Harvester.
Bodeen, C., Meghani, S., and Robertson, J. (2011) ‘U.S. report blasts China,
Russia for cyberattacks’, USA Today, 11 March [Online]. Available at:
http://usatoday30.usatoday.com/news/washington/story/2011-11-03/china-russia-
cybersecurity/51065010/1
Bosco, D. (2011) ‘NATO cybersecurity center gets a superpower boost’, Foreign
Policy, 16 November [Online]. Available at:
http://bosco.foreignpolicy.com/posts/2011/11/16/nato_cybersecurity_center_gets_
a_superpower_boost
Brain, M., and Crawford, S. (2000) ‘How Domain Name Servers Work’, How
Stuff Works, 1 April [Online]. Available at:
http://www.howstuffworks.com/dns.htm
75
Bremer, C. (2008) ‘Nicaragua recognises South Ossetia, Abkhazia’, Reuters, 3
September [Online]. Available at: http://www.reuters.com/article/2008/09/03/us-
georgia-ossetia-nicaragua-idUSN0330438620080903
Brenner, B. (2007) ‘Black Hat 2007: Estonian attacks were a cyber riot, not
warfare’, 3 August [Online]. Available at:
http://searchsecurity.techtarget.com/news/1266728/Black-Hat-2007-Estonian-
attacks-were-a-cyber-riot-not-warfare
(Accessed: 1 June 2014).
British Broadcasting Corporation (2007) The Cyber Raiders Hitting Estonia.
Available at: http://news.bbc.co.uk/1/hi/world/europe/6665195.stm
British Broadcasting Corporation (2008) Russia ‘ends Georgia operation’.
Available at: http://news.bbc.co.uk/1/hi/world/europe/7555858.stm
British Broadcasting Corporation (2008) Estonia fines man for ‘cyber war’.
Available at: http://news.bbc.co.uk/1/hi/technology/7208511.stm
76
Bryman, A. (2012) Social research methods. 4th edn: Oxford University Press.
Bumgarner, J., and Borg, S. (2009) ‘Overview by the US-CCU of the Cyber
Campaign against Georgia in August of 2008’ [Online]. Available at:
http://www.registan.net/wp-content/uploads/2009/08/US-CCU-Georgia-Cyber-
Campaign-Overview.pdf
Central Intelligence Agency (2014) ‘The World Factbook’ [Online]. Available at:
https://www.cia.gov/library/publications/the-world-factbook/fields/2098.html
Clarke, R. A., and Knake, R.K. (2010) Cyber War: The Next Threat to National
Security and What To Do About It. New York: Harper Collins.
Coalson, R. (2009) ‘Behind the Estonia Cyberattacks’, Radio Free Europe / Radio
Liberty, 6 March [Online]. Available at:
http://www.rferl.org/content/Behind_The_Estonia_Cyberattacks/1505613.html
77
Colarik, A.M. (2006) Cyber Terrorism: Political and Economic Implications.
Hershey, PA: Idea Group Pub.
Collier, D. (1993) ‘The Comparative Method’, in Finifter, A.W (ed.) Political
Science: The State of the Discipline II, Washington, D.C.: The American Political
Science Association, pp. 105-119.
Collier, M. (2007) ‘Estonia: Cyber Superpower’, Bloomberg Businessweek, 17
December [Online]. Available at: http://www.businessweek.com/stories/2007-12-
17/estonia-cyber-superpowerbusinessweek-business-news-stock-market-and-
financial-advice
Convention on Cybercrime (2001) Convention on Cybercrime [Online]. Available
at: http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm
Corbin, K. (2009) ‘Lessons From the Russia-Georgia Cyberwar’, Internet News,
12 March [Online]. Available at:
http://www.internetnews.com/government/article.php/3810011/Lessons+From+the
+RussiaGeorgia+Cyberwar.htm
78
Council of Europe Parliamentary Assembly Resolution 1633. (2008) ‘The
consequences of the war between Georgia and Russia’ [Online]. Available
at:http://assembly.coe.int/Main.asp?
link=/Documents/AdoptedText/ta08/ERES1633.htm
Curran, K., Concannon, K., and McKeever, S. (2008) ‘Ten Information Warfare
Trends’, in Janczewski, L., and Colarik, A.M. (eds.) Cyber Warfare and Cyber
Terrorism. London: IGI Global, pp.1-6.
Danchev, D. (2008) ‘Coordinated Russia vs. Georgia cyber attack in progress’, ZD
Net, 11 August [Online]. Available at:
http://www.zdnet.com/blog/security/coordinated-russia-vs-georgia-cyber-attack-
in-progress/1670
Davis, J. (2009) ‘Hackers Take Down the Most Wired Country in Europe’, Wired
Magazine, Issue 15.09 [Online]. Available at:
http://archive.wired.com/politics/security/magazine/15-09/ff_estonia?
currentPage=all
79
Deibert, R.J., and Rohozinski, R. (2011) ‘The new cyber military-industrial
complex’. Globe and Mail, 28 March.
Available at: http://www.theglobeandmail.com/globe-debate/the-new-cyber-
military-industrial-complex/article573990/
(Accessed: 18 July 2014).
Deibert, R.J, Rohozinski, R., and Crete-Nishihata, M. (2012) ‘Cyclones in
cyberspace: Information shaping and denial in the 2008 Russia- Georgia war’,
Security Dialogue, 43 (1), pp.3-24.
Denning, D. (2000) Cyberterrorism. Testimony before the Special Oversight Panel
on Terrorism Committee on Armed Services. U.S House of Representatives, 23
May [Online]. Available at:
http://www.stealth-iss.com/documents/pdf/CYBERTERRORISM.pdf
Denning, D.E. (2010) ‘Terror’s web: how the Internet is transforming terrorism’,
in Jewkes, Y., and Yar, M. (eds.) Handbook of Internet Crime. Uffculme: Willan,
pp.194-210.
80
EU Russia Forum (2008) ‘The Bilateral Relations of EU Member States with
Russia’ [Online]. Available at:
http://www.heraldofeurope.co.uk/Issues/5/European
%20Affairs/THE_BILATERAL_Relations/THE_BILATERAL_Relations.pdf
European Commission (2010) ‘Communication from the Commission to the
European Parliament and the Council. The EU Internal Security Strategy in
Action: Five steps towards a more secure Europe’, 22 November [Online].
Available at: http://ec.europa.eu/commission_2010-
2014/malmstrom/pdf/news/internal_security_strategy_in_action_en.pdf
Feakin, T., and Schreer, B. (2014) ‘Australia and “cyberwar”: time for a measured
debate’, The Strategist, 11 March [Online Image]. Available at:
http://www.aspistrategist.org.au/australia-and-cyberwar-time-for-a-measured-
debate/
Finn, P. (2007) ‘Cyber Assaults on Estonia Typify a New Battle Tactic’, The
Washington Post, 19 May [Online]. Available at:
81
http://www.washingtonpost.com/wp-
dyn/content/article/2007/05/18/AR2007051802122.html
Finkle, J. (2011) ‘U.S. probes cyber attack on water system’, Reuters, 21
November [Online]. Available at: http://www.reuters.com/article/2011/11/21/us-
cybersecurity-attack-idUSTRE7AH2C320111121
Fitzgerald, M. (1994) ‘Russian Views on Electronic Warfare. The growing role of
information technology is rapidly lowering the barrier between war and peace’.
PowerPoint. Krasnaya Zvezda, 17 February.
Fitzgerald, M. (1996) ‘Russian Views on Information Warfare’. Hudson Institute.
Washington DC. U.S.A. Available at:
http://www.agentura.co.uk/text/biblio/view.txt
Franklin, J., Perrig, A., Paxson, V., and Savage, S. (2007) ‘An inquiry into the
Nature and Causes of the Wealth of Internet Miscreants’ [Online]. Available at:
http://www.cs.cmu.edu/~jfrankli/acmccs07/ccs07_franklin_eCrime.pdf

82
Geers, K., Kindlund, D., Moran, N., and Rachwald, R. (2013) ‘World War C:
Understanding Nation-State Motives behind Today’s Advanced Cyber Attacks’
[Online]. Available at: http://www.fireeye.com/resources/pdfs/fireeye-wwc-
report.pdf
Gellman, B. (2002) ‘U.S. Fears Al Qaeda Cyber Attacks’, Security Focus, 26 June
[Online]. Available at: http://www.securityfocus.com/news/502
Giles, K. (2011) ‘Information Troops- a Russian Cyber Command?’, in Czosseck,
C., Tyugu, E., and Wingfield, T. (eds.) 3rd International Conference on Cyber
Conflict. Tallinn: Estonia, CCD COE Publications [Online]. Available at:
http://www.ccdcoe.org/publications/2011proceedings/InformationTroopsARussian
CyberCommand-Giles.pdf
Goble, P.A. (2009) ‘Defining Victory and Defeat: The Information War between Russia
and Georgia’, in Cornell, S. E., and Starr, F. (eds.) The Guns of August 2008: Russia’s
War in Georgia. USA: M.E Sharpe, pp.181-195.
83
Goddard, W., and Melville, S. (2004) Research Methodology: An Introduction. 2nd
edn. Lansdowne: Juta and Co.
Gorman, S., and Barnes, J.E. (2011) ‘Cyber Combat: Act of War- Pentagon Sets
Stage for U.S. to respond to Computer Sabotage with Military Force’, The Wall
Street Journal, 31 May [Online]. Available at:
http://online.wsj.com/news/articles/SB10001424052702304563104576355623135
782718
Greenberg, A. (2008) ‘When Cyber Terrorism Becomes State Censorship’, Forbes, 14
May [Online]. Available at: http://www.forbes.com/2008/05/14/cyberattacks-terrorism-
estonia-tech-security08-cx_ag_0514attacks.html
Goldeneye (1995) Directed by Martin Campbell [DVD].UK/USA: Eon
Productions, United Artists.
Haddick, R. (2011) ‘This Week at War: Lessons from Cyberwar I: How Russia
pioneered the use of cyberattacks as a military tactic’, Foreign Policy, 28 January
[Online]. Available at:
http://www.foreignpolicy.com/articles/2011/01/28/this_week_at_war_lessons_fro
m_cyberwar_i

84
Harati, E. (2013) Estonian President, Cyber Expert Toomas Hendrik Ilves
Addresses Tufts Community on IT’s “Paradigmatic transformation of Our World”
[Online]. Available at: http://fletcher.tufts.edu/News-and-
Media/2013/10/09/Estonian-President-Cyber-Expert-Toomas-Hendrik-Ilves-
Addresses-Tufts
Harris, S. (2014) ‘It’s Not Beijing’s Hackers You Should Be Worried About, It’s
Moscow’s’, Foreign Policy, 22 April [Online]. Available at:
http://complex.foreignpolicy.com/posts/2014/04/22/it_s_not_beijing_s_hackers_y
ou_should_be_worried_about_it_s_moscow_s
Heickeroe, R., and Peterson, M. (2012) The Dark Sides of the Internet: On Cyber
Threats and Information Warfare. E-book [Online]. Available at:
http://kingston.eblib.com/patron/FullRecord.aspx?p=1129082
Hersh, S.M. (2010) ‘The Online threat: Should we be worried about a cyber war’,
The New Yorker, 1 November, Issue 2010 [Online]. Available at:
85
http://www.newyorker.com/reporting/2010/11/01/101101fa_fact_hersh?
currentPage=all
Herzog, S. (2011) ‘Revisiting the Estonian Cyber Attacks: Digital Threats and
Multinational Responses’, Journal of Strategic Security in the Cyber Age, 4 (2),
pp.49-56 [Online]. Available at:
http://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1105&context=jss
HM Government (2014) ‘Cyber Essentials Scheme: Requirements for basic
technical protection from cyber attacks’ [Online]. Available at:
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/317
481/Cyber_Essentials_Requirements.pdf
Hughes, R.B. (2008) ‘NATO and Cyber Defence: Mission Accomplished?’
[Online]. Available at: http://www.atlcom.nl/site/english/nieuws/wp-
content/Hughes.pdf
Huh, T.H., Lee, S., and Chang, W.Y. (2007) ‘Contemporary Information Warfare
and National Strategy: Korea’s Military Cyber Security Issues and Tasks’,
International Area Studies Review, 10 (1), pp.215-238.

86
Iasiello, E. (2013) ‘Cyber Attack: A Dull Tool to Shape Foreign Policy’, in
Podins, K., Stinissen, J., and Maybaum, M. (eds.) 5th International Conference on
Cyber Conflict. Tallinn: NATO CCD COE Publications [Online]. Available at:
http://www.ccdcoe.org/publications/2013proceedings/d3r1s3_Iasiello.pdf
Jeppesen, S. (2005) ‘Critical Realism as an Approach to Unfolding Empirical
Findings: Thoughts on Fieldwork in South Africa on SMEs and Environment’,
The Journal of Transdisciplinary Environmental Studies, 4 (1), pp.1-8.
Jewkes, Y., and Yar, M. (2010) ‘Glossary’, in Jewkes, Y., and Yar, M. (eds.)
Handbook of Internet Crime. Uffculme: Willan, pp.631-637.
Jones, C. (2014) The Technical and Social History of Software Engineering.
Google eBook [Online]. Available at: http://books.google.co.uk/books?
id=_H8lAgAAQBAJ&printsec=frontcover#v=onepage&q&f=false
Kaeo, M. (2007) ‘Cyber Attacks on Estonia Short Synopsis’ [Online]. Available
at: http://www.doubleshotsecurity.com/pdf/NANOG-eesti.pdf

87
Kaldor, M. (2004) ‘Nationalism and Globalisation’, Nations and Nationalism, 10
(1), pp.161-177.
Kass, M. (2008) ‘Riots during the Reform Party’s website was attacked by a
young man in fine’, Postimees, 23 January [Online]. Available at:
http://www.postimees.ee/1751045/rahutuste-ajal-reformierakonna-kodulehte-
runnanud-noormees-sai-trahvi
Keating, J. (2008) ‘Estonia will host NATO cybercommand’, Foreign Policy, 14
May [Online]. Available at:
http://blog.foreignpolicy.com/posts/2008/05/14/estonia_will_host_nato_cybercom
mand
Keating, J. E. (2010) ‘Who was behind the Estonia cyber attacks?’, Foreign
Policy, 7 December [Online]. Available at:
http://wikileaks.foreignpolicy.com/posts/2010/12/07/who_was_behind_the_estoni
a_cyber_attacks
88
Keating, J. E. (2011) ‘WikiLeaks: Putin has a personal gripe with Estonia’,
Foreign Policy, 6 September [Online]. Available at:
http://blog.foreignpolicy.com/posts/2011/09/06/wikileaks_putin_has_a_personal_
gripe_with_estonia
Keating, J.E. (2012) ‘Shots Fired: The 10 worst cyberattacks’, Foreign Policy, 27
February [Online]. Available at:
http://www.foreignpolicy.com/articles/2012/02/24/shots_fired
Knapp, K.J., and Boulton, W.R. (2008) ‘Ten Information Warfare Trends’, in
Janczewski, L., and Colarik, A.M. (eds.) Cyber Warfare and Cyber Terrorism.
London: IGI Global, pp.17-25.
Knott, B.A., Mancuso, V.F., Bennett, K., Finomore, V., McNeese, M., McKneely,
J., and Beecher, M. (2013) ‘Human Factors in Cyber Warfare: Alternative
Perspectives’, Proceedings of the Human Factors and Ergonomics Society Annual
Meeting, 57 (1), pp.399-403.
Kothari, C.R. (2004) Research Methodology: Methods & Techniques [Online].
Available at: http://books.google.co.uk/books?id=8c6gkbKi-
89
F4C&printsec=frontcover&dq=research+methods&hl=en&sa=X&ei=ttIAVLXrBd
L07AalpoGYCQ&redir_esc=y#v=onepage&q=research%20methods&f=false
Kozłowski, A., Rękawek, K., and Terlikowski, M. (2014) ‘Cyberterrorism: The
Threat That Never Was’, The Polish Institute of International Affairs, 4 (40), pp.1-
6 [Online]. Available at: http://www.pism.pl/files/?id_plik=16470
Kozłowski, A. (2014) ‘Comparative Analysis of Cyberattacks on Estonia, Georgia
and Kyrgyzstan’, European Scientific Journal, 10 (7), pp.237-243.
Landler, M., and Markoff, J. (2007) ‘In Estonia, what may be the first war in
cyberspace’, The New York Times, 28 May [Online]. Available at:
http://www.nytimes.com/2007/05/28/business/worldbusiness/28iht-
cyberwar.4.5901141.html?pagewanted=all&_r=0
Landler, M., and Markoff, J. (2007) ‘Digital Fears Emerge After Data Siege in
Estonia’, The New York Times, 29 May. Available at:
http://www.nytimes.com/2007/05/29/technology/29estonia.html?
pagewanted=all&_r=0
90
Landman, T. (2006) Studying Human Rights [Online]. Available at:
http://books.google.co.uk/books/about/Studying_Human_Rights.html?
id=6s6YeF5oGAwC
Lesniak, J. (2011) ‘Create a Text or Batch File from the Command Line in
Windows’, Information Week, 7 September [Online]. Available at:
http://www.informationweek.com/create-a-text-or-batch-file-from-the-command-
line-in-windows/d/d-id/1098821?
Levarska, N. (2013) ‘European Security Review: Regulation of Cyber-Warfare:
Interpretation versus Creation ESR 70’ [Online]. Available at:
http://isis-europe.eu/wp-content/uploads/2014/08/ESR_70.pdf
Lewis, J.A. (2002) ‘Assessing the Risks of Cyber Terrorism, Cyber War and Other
Cyber Threats’ [Online]. Available at:
http://csis.org/files/media/csis/pubs/021101_risks_of_cyberterror.pdf
91
Lewis, J. A. (2009) ‘The “Korean” Cyber Attacks and Their Implications for
Cyber Conflict’ [Online]. Available at:
http://csis.org/files/publication/091023_Korean_Cyber_Attacks_and_Their_Implic
ations_for_Cyber_Conflict.pdf
Lewis, J. A. (2009) ‘Cyber War: Sabotaging the system’, CBS News, 6 November
[Online]. Available at: http://www.cbsnews.com/news/cyber-war-sabotaging-the-
system-06-11-2009/
Libicki, M. C. (2007) Conquest in Cyberspace. Cambridge: Cambridge University
Press.
Lijphart, A. (1971) ‘Comparative Politics and the Comparative
Method’, American Political Science Review, 65(3), pp. 682-693.
Limno, A.N., and Krysanov, M.F. (2003) ‘Information Warfare and Camouflage,
Concealment and Deception’, Military Thought, 12 (2).
Markoff, J. (2008) ‘Before the Gunfire, Cyberattacks’, The New York Times, 12
August [Online]. Available at:

92
http://www.nytimes.com/2008/08/13/technology/13cyber.html?
adxnnl=1&adxnnlx=1396788307-BZjRA58pi/Bn/Cf11G6Gng&_r=0
Matthews, W. (2008) ‘New Ways of War: Cyber attacks likely in any military
conflict’. Defence News Report, 26 October.
Maurer, T. (2011) ‘The Case for Cyberwarfare: Why the electronic wars of the
future will actually save lives’, Foreign Policy, 19 October [Online]. Available at:
http://www.foreignpolicy.com/articles/2011/10/19/the_case_for_cyberwar
Maurer, T. (2012) ‘Breaking Bad: How America’s biggest corporations became
cyber vigilantes’, Foreign Policy, 10 September [Online]. Available at:
http://www.foreignpolicy.com/articles/2012/09/10/breaking_bad
Ministry of Foreign Affairs of Georgia (2008) ‘Information for Press’, 8 August
[Online]. Available at: http://www.mfa.gov.ge/index.php?
lang_id=ENG&sec_id=461&info_id=7193&date=2008-08-
08&new_month=08&new_year=2008
93
Morozov, E. (2009) ‘Cyber-Scare: The exaggerated fears over digital warfare’,
Boston Review, 1 July [Online]. Available at:
http://www.bostonreview.net/us/cyber-scare-evgeny-morozov
Morozov, E. (2009) ‘Notes from NATO’s cyberwarfare conference in Tallinn’,
Foreign Policy, 18 June. Available at:
http://neteffect.foreignpolicy.com/posts/2009/06/18/notes_from_natos_cyberwarfa
re_conference_in_tallinn
Moses, A. (2008) ‘Georgian websites forced offline in “cyber war”’, The Sydney
Morning Herald, 12 August [Online]. Available at:
http://www.smh.com.au/news/technology/georgian-websites-forced-
offline/2008/08/12/1218306848654.html
Mshvidobadze, K. (2011) ‘The Battlefield on Your Laptop’. Radio Free Europe /
Radio Liberty, 21 March. Available at:
http://www.rferl.org/articleprintview/2345202.html
94
Murphy, M. (2010) ‘Cyberwar War in the fifth domain: Are the mouse and
keyboard the new weapons of conflict?’, The Economist, 1 July [Online].
Available at: http://www.economist.com/node/16478792
NATO Review (2011) ‘New threats: the cyber-dimension’, 11 September
[Online]. Available at: http://www.nato.int/docu/review/2011/11-
september/Cyber-Threads/EN/index.htm
NATO (1949) NATO - The North Atlantic Treaty [Online]. Available at:
http://www.nato.int/cps/en/natolive/official_texts_17120.htm
Nazario, J. (2007) ‘Estonian DDoS attacks- A summary to date’, Arbor Networks,
17 May [Online]. Available at:
http://www.arbornetworks.com/asert/2007/05/estonian-ddos-attacks-a-summary-
to-date/
95
Nicholson, A., Webber, S., Dyer, S., Patel, T., and Janicke, H. (2012) ‘SCADA
security in the light of Cyber-Warfare’, Computers & Security, 31 (4), pp.418-436.
Nye, J. (2011) ‘Nuclear lessons for cyber security?’, Strategic Studies Quarterly, 5
(4), pp.18–38.
Obama, B. (2009) ‘Remarks by the President on Securing Our Nation’s Cyber
Infrastructure’, The White House Office of the Press Secretary, 29 May [Online].
Available at: http://www.whitehouse.gov/the-press-office/remarks-president-
securing-our-nations-cyber-infrastructure
Päevaleht, E. (2008) ‘Road to War’, International Centre For Defence Studies, 11
August [Online]. Available at: http://www.icds.ee/index.php?
id=73&type=98&L=0&tx_ttnews[tt_news]=262&tx_ttnews[backPid]=214&cHash
=4de7396400
Pempel, K. (2014) ‘Cybergeddon? Survey Warns of Internet Disruption on Scale
of 2008 Crisis’, RT News, 23 April.
Available at: http://rt.com/news/154184-cyber-risks-2008-crisis/
96
Portilho-Shrimpton, T. (2008) ‘Battle for South Ossetia fought in cyberspace’, The
Independent, 17 August [Online]. Available at:
http://www.independent.co.uk/news/world/europe/battle-for-south-ossetia-fought-
in-cyberspace-899772.html
Republic of Estonia Information System Authority (2006) ‘Facts about e-Estonia’,
10 May [Online]. Available at: https://www.ria.ee/27525
Reveron, D. (2012) ‘An introduction to national security and cyberspace’, in
Reveron, D. (ed.) Cyberspace and National Security: Threats, Opportunities, and
Power in a Virtual World. Washington, DC: Georgetown University Press, pp. 3-
20.
Rhoades, C. (2007) ‘Cyber Attack Vexes Estonia, Poses Debate’, The Wall Street
Journal, 18 May [Online]. Available at:
http://online.wsj.com/news/articles/SB117944513189906904
Rockefeller, J. (2009) ‘Chairman Rockefeller and Senator Snowe Introduce
Comprehensive Cybersecurity Legislation’, 1 April [Online]. Available at:
http://www.rockefeller.senate.gov/public/index.cfm/press-releases?ID=71036a37-
e4d0-468c-8cc4-754671488c8f
97
Rouse, M. (2007) ‘batch file’ [Online]. Available at:
http://searchwindowsserver.techtarget.com/definition/batch-file
Rothkopf, D. (2011) ‘Where Fukushima meets Stuxnet: The growing threat of
cyber war’, Foreign Policy, 17 March. Available at:
http://www.foreignpolicy.com/posts/2011/03/17/where_fukushima_meets_stuxnet
_the_growing_threat_of_cyber_war
RT News (2007) ‘Estonia suffers cyberspace attacks’, 8 May [Online]. Available
at: http://on.rt.com/kedf04
Ruus, K. (2008) ‘Cyber War I: Estonia Attacked from Russia’, European Affairs,
9 (1-2) [Online]. Available at:
http://www.europeaninstitute.org/2007120267/Winter/Spring-2008/cyber-war-i-
estonia-attacked-from-russia.html
98
Sanger, D. E., Barboza, D., and Perlroth, N. (2013) ‘Chinese Army Unit Is Seen as
Tied To Hacking Against U.S.’, The New York Times, 18 February [Online].
Available at: http://www.nytimes.com/2013/02/19/technology/chinas-army-is-
seen-as-tied-to-hacking-against-us.html?pagewanted=all
Saydjari, S.O. (2002) ‘Defending Cyberspace’, Computer, 35 (12), pp.125-127
http://www.cyberdefenseagency.com/publications/Defending_Cyberspace.pdf
Saydjari, S.O. (2008) ‘Structuring for Strategic Cyber Defense: A Cyber
Manhattan Project Blueprint’ [Online]. Available at:
https://www.acsac.org/2008/program/keynotes/saydjari.pdf
Scanlon, M., and Kechadi, M.T. (2010) ‘Online Acquisition of Digital Forensic
Evidence’, in Goel, S. (ed.) Digital Forensics and Cyber Crime. Dordrecht:
Springer, pp.122-131.
Schneier, B. (2014) Carry On: Sound Advice from Schneier
on Security. United States: Wiley.
99
Schott, B. (2009) ‘Cybergeddon: The potentially catastrophic effect of a major
Internet attack’, The New York Times, 19 January. Available at:
http://schott.blogs.nytimes.com/2009/01/19/cybergeddon/?
_php=true&_type=blogs&_php=true&_type=blogs&_r=1
Secure Works Press Release (2008) ‘Compromised US and Chinese Computers
Launch Greatest Number of Cyber Attacks, according to SecureWorks’ Data’
http://www.secureworks.com/company/press_releases/13627/
Shakarian, P. (2011) ‘The 2008 Russian Cyber Campaign Against Georgia’
https://www.academia.edu/1110559/The_2008_Russian_Cyber_Campaign_Again
st_Georgia
Shakarian, P., Shakarian, J., and Ruef, A. (2013) Introduction to Cyber Warfare:
A Multidisciplinary Approach. Burlington: Elsevier Science.
100
Singer, P.W., and Friedman, A. (2014) Cybersecurity and Cyberwar: What
Everyone Needs to Know. U.S.A: Oxford University Press.
Smith, D. J. (2014) ‘Russian Cyber Capabilities, Policy and Practice’, inFocus
Quarterly, 8 (1) [Online]. Available at:
http://www.jewishpolicycenter.org/4924/russian-cyber-capabilities
Sridhar, S. (2011) Denial of Service attacks and mitigation techniques: Real time
implementation with detailed analysis [Online]. Available at:
http://www.sans.org/reading-room/whitepapers/detection/denial-service-attacks-
mitigation-techniques-real-time-implementation-detailed-analysi-33764
Stapleton-Gray, R., and Woodcock, W. (2011) ‘National Internet Defense-Small
States on the Skirmish Line’, Communications of the ACM, 54 (3), pp.50-55
[Online]. Available at: http://dl.acm.org/citation.cfm?doid=1897852.1897869
Stytz, M.R., and Banks, S.B. (2010) ‘Addressing Stimulation Issues Posed by
Cyber Warfare Technologies’ [Online]. Available at:
http://www.scs.org/magazines/2010-07/index_file/Files/Article_Stytz.pdf
101
Szakonyi, D. (2007) ‘The Rise of Economic Nationalism under Globalisation and
the Case of Post-Communist Russia’, The School of Russian and Asian Studies,
May 16 [Online]. Available at:
http://www.sras.org/economic_nationalism_under_globalization
Taimre, S. (2008) ‘Estonia sends experts to Georgia to help combat cyber attacks’,
Baltic Business News, 12 August [Online]. Available at:
http://www.balticbusinessnews.com/?PublicationId=4a7f1bf9-9f26-4066-b219-
2803bdacb11c
Terlikowski, M. (2007) ‘Cyber Attacks on Estonia: Implications for International
and Polish Security’, Polish Quarterly of International Affairs’, 16 (3), pp.68-87.
The Economist (2010) ‘NATO and Russia- Trust, but make military plans’, The
Economist, 29 July [Online]. Available at:
http://www.economist.com/node/16693761
102
The Security Council of the Russian Federation (2000) ‘Information Security
Doctrine of the Russian Federation’ [Online]. Available at:
http://www.scrf.gov.ru/documents/6/5.html
Thomas, T.L. (1997) ‘Russian Information-Psychological Actions: Implications
for U.S. PSYOP’, Special Warfare, 10 (1), pp.12-19.
Thomas, T.L. (2004) ‘Russian and Chinese Information Warfare: Theory and
Practice’ [Online]. Available at:
http://www.dtic.mil/dtic/tr/fulltext/u2/a467510.pdf
Tikk, E., Kaska, K., and Vihul, S. (2010) ‘International Cyber Incidents: Legal
Considerations [Online]. Available at:
http://www.ccdcoe.org/publications/books/legalconsiderations.pdf
Traynor, I. (2007) ‘Russia accused of unleashing cyberwar to disable Estonia-
Parliament, ministries, banks, media targeted- Nato experts sent in to strengthen
defences ’, The Guardian, 17 May [Online]. Available at:
http://www.theguardian.com/world/2007/may/17/topstories3.russia
103
Tudor, A. (1989) Monsters and Mad Scientists: A Cultural History of the Horror
film. Oxford: Blackwell.
UN Data (2006) ‘Internet users per 100 inhabitants’ [Online]. Available at:
http://data.un.org/Data.aspx?d=MDG&f=seriesRowID:605
US Department of Defense (2006) National Military Strategy for Cyberspace
Operations. Washington, DC: US Joint Chiefs of Staff.
Valeriano, B., and Maness, R.C. (2014) ‘The dynamics of cyber conflict between
rival antagonists, 2001-11’, Journal of Peace Research, 51 (3), pp.347-360
http://jpr.sagepub.com/content/early/2014/03/31/0022343313518940
Vamosi, R. (2007) ‘Cyberattack in Estonia—what it really means’, ZD Net, 29
May [Online]. Available at: http://www.zdnet.com/news/cyberattack-in-estonia-
what-it-really-means/152212
104
Verton, D. (2003) Black Ice: The Invisible Threat of Cyber-Terrorism. U.S.A:
McGraw-Hill/Osborne.
Webopedia (2014) ‘Flooding’ [Online]. Available at:
http://www.webopedia.com/TERM/F/Flooding.html
Wentworth, T. (2008) ‘How Russia May Have Attacked Georgia’s Internet’, News
Week, 22 August. Available at: http://www.newsweek.com/how-russia-may-have-
attacked-georgias-internet-88111
Wilson, C. (2009) ‘Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and
Policy Issues for Congress’, 29 January [Online]. Available at:
http://fas.org/sgp/crs/terror/RL32114.pdf
Wilson, T. (2009) ‘Study of Russia-Georgia Cyber Conflict Brings Warnings To
U.S. Businesses, Citizens’, Dark Reading, 18 August [Online]. Available at:
http://www.darkreading.com/government/cybersecurity/study-of-russia-georgia-
cyber-conflict-brings-warnings-to-us-businesses-citizens/d/d-id/1131759?

105
Witham, B. (2013) Critical Realism and International Relations: Causal
Explanations for Liberal War. Available at:
https://www.academia.edu/348746/Critical_Realism_and_International_Relations_
Causal_Explanations_for_Liberal_War
(Accessed 15 March 2014).
Yar, M. (2013) Cybercrime and Society. 2nd edn. London: Sage.
Y2K bug (2003) The American Heritage Dictionary of the English Language. 4th
edn. Houghton Mifflin Company [Online]. Available at:
http://www.thefreedictionary.com/Y2K+bug
106

Dissertation On Cyber Warfare

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Dissertation On Cyber Warfare

Uploaded by

Copyright:

Available Formats

i

International Conflict MSc

Cyberspace: The New Battlefield

The Cyber Warfare on the Internet Infrastructure

of Estonia in 2007 and of Georgia in 2008

wonderful sense of humour. I would also like to thank Senior lecturer

Christopher Hamerton for introducing me to the world of cybercrime and

this journey would be hard but worth it.

BBC British Broadcasting Corporation

CCD COE Cooperative Cyber Defence Centre of Excellence

CERT Computer Emergency Response Team

CNN The Cable News Network

CYBERCOM United States Cyber Command

DDoS Distributed Denial of Service

DHS Department of Homeland Security

DNS Domain Name System

DoD United States Department of Defense

DoS Denial of Service

ENISA European Network and Information Security Agency

GII Global Information Infrastructure

IP Internet Protocol address

ISIS International Security Information Service

ITU International Telecommunication Union

NSA National Security Agency

OSCE Organization for Security and Co-operation in Europe

OSINT Open Source Intelligence

PLA People’s Liberation Army (of China)

RBN Russian Business Network

SCADA Supervisory Control and Data Acquisition

SQL Structured Query Language

USSR Union of Soviet Socialist Republics

List of Figures & Tables.........................................................................................vii

Defining Cyber Warfare and

Hackers and their Cyber

What Are the Superpowers’ Strategies and Viewpoints regarding

What Is the US Military Approach to Cyber

What Is the Chinese Approach to Cyber

What Is the Russian Approach to Cyber

Government use of Cyber Warfare as a tool to Attack the Computer Systems

What were the actual Cost of Damages inflicted on Estonia and

against Estonia and Georgia?............................................................................53-55

Main Conclusion &

Figure 1 Over a decade of DDoS...................................................................12

Figure 2 The bronze soldier statue................................................................40

Figure 3 The batch file.....................................................................................42

Table 1 DDoS attacks on Estonian websites...................................................44

Table 2 DDoS attacks on Estonian websites...................................................44

Table 3 DDoS attacks on Estonian websites...................................................45

Figure 4 The Georgian Parliament websites under DDoS and cyber

Figure 5 Georgian President’s website under attack with website defacements, a

slideshow was inserted comparing him to Adolf Hitler..........................................49

The dissertation examines how cyber warfare is an increasing tool of

governments to attack the computer systems of foreign states and thus

threatening national and international security. The importance of cyber

warfare will be critically assessed by examining powerful cyber warfare

and Georgia happen to have a common hypothetical perpetrator behind

their nations’ cyber warfare: Russia. The problematic nature of the

identity of the ‘attacker’ started when both nations started having

political tensions with Russia. In Estonia, the political tensions between

the Russian government and Estonia started after a relocation of a Soviet-

both of the attacks could not be directly linked to the Russian

government, the overarching implications and lessons are evident and