PAPERS
+++Back to Basics: Beyond Network Hygiene by Felix 'FX' Lindner and Sandro Gaycken
Abstract:
In the past, Computer Network Defense (CND) intended to be minimally intrusive to the other requirements of IT development, business, and operations. This paper outlines how different security paradigms have failed to become effective defense approaches, and what the root cause of the current situation is. Based on these observations, a different point of view is proposed: acknowledging the inherent composite nature of computer systems and software. Considering the problem space from the composite point of view, the paper offers ways to leverage composition for security, and concludes with a list of recommendations.
paper[PDF] +++
+++Cyber Electromagnetic Activities - FM3-38
FM 3-38, Cyber Electromagnetic Activities, provides overarching doctrinal guidance and direction for conducting cyber electromagnetic activities (CEMA). This manual describes the importance of cyberspace and the electromagnetic spectrum (EMS) to Army forces and provides the tactics and procedures commanders and staffs use in planning, integrating, and synchronizing CEMA
paper[PDF]+++
+++Department of Defense NetOps Strategic Vision
Purpose The purpose of the NetOps Strategic Vision is to communicate the DoD CIO's vision and goals for migrating to new NetOps capabilities which will enable the Department's Net-Centric vision. It builds on the DoD Information Management/Information Technology (IM/IT) Strategic Plan, the GIG Architectural Vision, and supporting Net-Centric strategies. This document is intended to do the following: guide the Department’s NetOps activities, initiatives, and investments; foster unity of effort throughout DoD and its mission partners; serve as a framework for governing the evolution of NetOps capabilities; and provide the foundation for planning the coherent implementation of NetOps across the DoD. paper +++
+++Final Report of the Defense Science Board (DSB) Task Force on Resilient Military Systems
Executive Summary: The United States cannot be confident that our critical Information Technology (IT) systems will work under attack from a sophisticated and well-resourced opponent utilizing cyber capabilities in combination with all of their military and intelligence capabilities (a "full spectrum" adversary). While this is also true for others (e.g. Allies, rivals, and public/private networks), this Task Force strongly believes the DoD needs to take the lead and build an effective response to measurably increase confidence in the IT systems we depend on (public and private) and at the same time decrease a would-be attacker's confidence in the effectiveness of their capabilities to compromise DoD systems. We have recommended an approach to do so, and we need to start now! paper(PDF) +++
+++Future Warfare and the Decline of Human Decisionmaking by Thomas K. Adams
To date, most warfare has taken place within what Robert J. Bunker terms "human space," meaning the traditional four-dimensional battlespace that is discernible to the human senses.[1] In essence, war has always consisted of human beings running, dodging, and hurling things at each other, lately with the help of machinery. Even such revolutionary developments as gunpowder only enhanced our ability to throw things at enemies we could see and hear. Text Online +++
+++"Krieg und Frieden im Netz - Cyberwar und seine Folgen"
Autor und Sprecher: Kai Laufen
Redaktion: Sonja Striegl
Sendung: Mittwoch, 13. März 2013, 08.30 Uhr, SWR2
PDF-DOWNLOAD +++
+++Cyber war Methods and Practice Version 6.0 - 2 Jan 2013 by Prof. Dr. Dr. Saalbach
Summary:
Computer and internet security is under discussion due to the increasing relevance of the Internet and of the information and communication technology (ICT). The cyberspace is meanwhile regarded as separate military dimension. This paper gives an overview on the methods and practice of cyber war and presents the cyber war activities since 1998 and the security architecture of the cyberspace. Finally, the cyber war strategies of the United States, China and Russia and the cyber policies of the European and African Union are discussed. paper(PDF)+++
+++Cyber Warfare and Deterrence: Trends and Challenges in Research by Amir Lupovici
In recent years a growing number of researchers have expanded the discussion of deterrence strategy to a host of new threats. Unlike the Cold War era in which the study of deterrence focused primarily on deterrence among nations and superpowers and on nuclear deterrence, recent years – particularly since 9/11 – have seen much research on deterrence strategy in relation to other threats, such as terrorism, rogue states, and ethnic conflicts. These studies share several elements: they are based primarily on an effort to examine the relevance of conditions necessary for successful deterrence, formulated in the context of the Cold War, and to a large degree are policy oriented, particularly regarding the challenges confronting the United States.1 These same elements dominate the evolving debate on the connection between deterrence and cyber warfare.2 Much of the research on deterrence strategy and cyber warfare is based on an American perspective. It examines the possibility of successfully implementing the strategy of deterrence in order to prevent cyber attacks, or analyzes the way the US can use cyber warfare in order to deter other threats it faces. paper(PDF)+++
+++The Myth of Cyberwar Bringing War on the Internet Back Down to Earth by Erik Gartzke
Abstract:
Cyberwar has been described as a revolution in military affairs, a transformation of technology and doctrine capable potentially of even overturning the prevailing world order. Yet, such conceptions of change reflect a common tendency to conflate means and ends; studying what could happen in cyberspace (or anywhere else) makes little sense without considering how internet conflict is going to accomplish the tasks commonly addressed by terrestrial warfare. To supplant existing modes of conflict, cyberwar must be capable of realizing the political objectives to which force or threats of force are commonly applied, something that in important respects cyberwar fails to do. Cyberwar is much more likely to serve as an adjunct to, rather than a substitute for, existing forms of political violence. Indeed, rather than threatening existing hierarchies, cyberwar appears much more likely to augment the military advantages of status quo powers. paper(PDF) +++
+++We Came In Peace they dont Hackers vs. Cyberwar FX of Phenoelit - DeepSec 2012 slides(PDF)+++
+++Wargames in the Fifth Domain by Karin Kosina
"Cyberwar is more than just a media catchphrase though. Decision makers on the highest levels have identified it as a major priority. US President Barack Obama has laid out military guidelines for the use of cyber attacks.11 The Pentagon has estab- lished a special command the US Cyber Command – whose mission includes to conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries" Masterthesis Download+++
+++Huawei Routers presentation of Felix Lindner and Gregor Kopf @ Hack in the Box slides(PDF)+++
+++Combatant Status and Computer Network Attack by Sean Watts
Abstract: The national security implications of computer network attacks (CNA) have become far-reaching and have prompted major adjustments to our nation’s defense structure and strategy. One of the current President’s early executive acts created a national Cyberczar to coordinate U.S. defenses against CNA. Meanwhile, the Department of Defense has recognized cyberspace as a realm of combat operations equivalent in importance to land, sea and space, creating a new Cyber Command believed to be capable of launching offensive CNA. This Article examines the critical question of combatant status in such CNA – specifically, who, under the existing law of war, may lawfully participate in CNA? Existing accounts evaluate combatant status in CNA under traditional criteria applicable to kinetic and line-of-sight warfare. This Article argues such approaches are outmoded and induce states to engage in practices that amount to no more than empty formalism. With historical, textual, and normative analysis, this Article argues that state sanction or imprimatur is an appropriate standard for evaluating combatant status in CNA. The analytical framework proposed not only aligns with existing law and emerging state practice, but may also resolve the question of status in other remote combat engagements.
Keywords: International Humanitarian Law, Law of War, computer network attack, combatant status working papers serie paper(2009) +++
+++The Militarisation of Cyberspace: Why Less May Be Better by Dr. Myriam Dunn Cavelty
Abstract: Cyber security is seen as one of the most pressing national security issues of our time.Due to sophisticated and highly publicised cyber attacks, it is increasingly framed as a strategic-military concern and many states have or at least want to acquire offensive cyber weapons. The aim of this paper is to show that particular ways of framing threats are not only a matter of choice but also come with political and social effects. Focusing on the strategic-military aspects of cyber security means subjecting it to the rules of an antagonistic zero-sum game, in which one partys gain is another partys loss. This invokes enemy images even though there is no identifiable enemy, centres too strongly on national security measures instead of economic and business solutions, and wrongly suggests that states can establish control over cyberspace. This creates an unnecessary atmosphere of insecurity and tension in the international system - one that is based on misperceptions of the nature and level of cyber risk and on the feasibility of different protection measures in a world characterised by complex, interdependent risk. While it is undisputed that the cyber dimension will play a substantial role in future conflicts of all grades and shades, threat-representations must remain well informed and well balanced at all times in order to rule out policy (over-) reactions with unnecessary costs and uncertain benefits. paper(2012) +++
+++Five years after Estonia's cyber attacks: lessons learned for NATO? by Vincent Joubert In April 2007 a series of cyber attacks targeted Estonian information systems and telecommunication networks shortly after the relocation of a controversial World Contents War II memorial, known as the Bronze Soldier, from Tallinn city centre to a nearby military cemetery. Lasting twenty-two days, the attacks were directed at a range of servers (web, e-mail, DNS) and routers. The most visible targets...
paper(2012) +++
+++Cyberwar -- Aufrüstung im Cyberspace als Herausforderung für die Friedensarbeit des FI von Sylvia Johnigk und Kai Nothdurft
Für das potentielle Schlachtfeld im Cyberspace wurde eine neue gefährliche Rüstungsspirale in Gang gesetzt. Sie zieht ihre Motivation aus dem Auf- und Ausbau von militärischen Cyberwar-Einheiten, der hohen Verletzlichkeit der digitalen Gesellschaften mit ihren global vernetzten IT-Systemen und dem vermeintlich geringen Risiko für den Angreifer, identifiziert und für sein Tun sanktioniert zu werden. Es ist höchste Zeit, dass die in Gang gesetzte Rüstungsmaschinerie wieder gestoppt wird. Das FIfF als Teil der Friedensbewegung ist in besonderer Weise gefordert, seine fachliche Expertise dafür zu nutzen. Die folgenden Forderungen sollen zu einer Deeskalation und Vermeidung von Cyberkriegen beitragen:... paper(2012) +++
+++Designer Satellite Collisions from Covert Cyber War -- Jan Kallberg
Outer space has enjoyed two decades of fairly peaceful development since the Cold War, but once again it is becoming more competitive and contested, with increased militarization. Therefore, it is important the United States maintain its space superiority to ensure it has the capabilities required by modern warfare for successful operations. Today is different from earlier periods of space development,1 because there is not a blatantly overt arms race in space,2 but instead a covert challenge to US interests in maintaining superiority, resilience, and capability. paper(2012) +++
+++NATOs Cyber Capabilities: Yesterday, Today, and Tomorrow -- by Jason Healey and Leendert van Bochoven
This issue brief is part of the Atlantic Councils Smarter Alliance Initiative in partnership with IBM. The Atlantic Council and IBM established the Smarter Alliance Initiative in response to the NATO Secretary Generals call for NATO members to adopt a smart defense approach to leveraging scarce defense resources to develop and sustain capabilities necessary to meet current and future security challenges in an age of austerity. Working with recognized experts and formersenior officials from Europe and the United States, the Atlantic Council and IBM have produced a set of policy-oriented briefs focused on NATO reform and cyber security, with the aim to provide thought leadership and innovative policy-relevant solutions for NATOs continued organizational reform and role in cyber security. paper(2012) +++
+++CYBER-WEAPONS -- Thomas Rid and Peter MCBurney
What are cyber-weapons? Instruments of code-borne attack span a wide spectrum, from generic but low-potential tools to specific but high-potential weaponry. This distinction brings into relief a two-pronged hypothesis that stands in stark contrast to some of the received wisdom on cyber-security. Maximising the destructive potential of a cyber-weapon is likely to come with a double effect: it will significantly increase the resources,intelligence and time required for development and deployment -- and more destructive potential is likely to decrease the number of targets, the risk of collateral damage and the political utility of cyber-weapons. paper(2012) +++
+++Getting down to business Realistic goals for the promotion of peace in cyberspace by ICT for peace foundation
In addition to environmental concerns, financial instability, conflict, poverty and natural disasters, nations around the world a recurrently facing another challenge that is here to stay: an invasive, multipronged and multilayered threat, a modern day arms race without visible weapons or attributable actors,characterized by an escalating number of attacks both on and off the radar. The stability of our networked global system and the proper functioning of our countries, cities and daily activities, rely on the Internet. Critical infrastructure including transport, transport security, nuclear power plants, electricity, communication networks, oil pipelines, and financial institutions has become a clear target for cyber attacks, with potentially devastating consequences for humankind. The international community is not doing enough to prevent an ongoing escalation of cyberconflict. paper(2011) +++
+++The state of Cyberwar in the U.S. -- As part of its ongoing efforts to deliver timely analysis to its clients, DiploNews recently reviewed the state of the United States' trajectory towards recognizing cyberwar as a space for the Defense Department to operate in both in policy and law. paper(2012) +++
+++The 3rd International Conference on Cyber Conflict focused on defensive and offensive aspects of Cyber Forces, combining different views on cyber defence and operations in current threat environment. The proceedings were published by CCD COE Publications and IEEE. You can download the full book from paper book(2012) +++
+++Ein Bericht über die Handelsblatt-KonferenzCybersecurity 2011 in Berlin paper(2012) +++
+++Cyber-security: The Vexed Question of Global Rules: Introduction: This report is made up of a survey of some 250 leading authorities worldwide and of interviews carried out in late 2011 and early 2012 with over 80 cyber-security experts in government, companies, international organisations and academia. It offers a global snapshot of current thinking about the cyber-threat and the measures that should be taken to defend against it, and assesses the way ahead. It is aimed at the influential layperson, and deliberately avoids specialised language. paper(2012) +++
+++Can It Really Work? Problems with Extending EINSTEIN 3 to Critical Infrastructure by Steven M. Bellovin, Scott O. Bradner, Whitfield Diffie, Susan Landau, and Jennifer Rexford
Abstract
In an effort to protect its computer systems from malevolent actors, the U.S. government has developed a series of intrusion-detection and intrusion- prevention systems aimed at monitoring and screening traffic between the internet and government systems. With EINSTEIN 3, the government now may seek to do the same for private critical infrastructure networks. paper(2011) +++
+++Cyber War Will Not Take Place by Thomas Rid
Abstract
For almost two decades, experts and defense establishments the world over have been predicting that cyber war is coming. But is it? This article argues in three steps that cyber war has never happened in the past, that cyber war does not take place in the present, and that it is unlikely that cyber war will occur in the future. It first outlines what would constitute cyber war: a potentially lethal, instrumental, and political act of force conducted through malicious code. The second part shows what cyber war is not, case-by-case. Not one single cyber offense on record constitutes an act of war on its own. The final part offers a more nuanced terminology to come to terms with cyber attacks. All politically motivated cyber attacks are merely sophisticated versions of three activities that are as old as warfare itself: sabotage, espionage, and subversion. paper(2011)+++
+++First Battles in Cyberspace: New Paradigm for 21st Century Warfare? by Dr. Dan Kuehl
Powerpoint as PDF +++
+++Cognitive Cyber Weapon Selection Tool Empirical Evaluation Preethi Vinayak Ponangi(MSEgr) Keeping in pace with the latest technological innovations in the cyber world, the misuse of this powerful infrastructure has also increased proportionally. Although a lot of recent attacks have been documented in the mainstream media, counter measures for cyber defense mechanism have only received some attention in the recent research literature. Most of the global attacks in the cyber space have proved to be carefully planned premeditated attacks. Considering that most of these attacks are co-coordinated by humans, a new area of psychological weaponry is being investigated by the research community. This study aims to empirically evaluate the effectiveness of the cyber weapon suite of tools to deploy cognitive cyber weapons onto an adversary's computer. The user behavior was assessed based on their performance during the experiment pertaining to each task and measures such as number of repetitions, total time taken to complete each task, total number of emails exchanged by a group and user confidence were considered to evaluate CCWST effectiveness. The results showed that the hypotheses were supported thereby reinforcing the effectiveness of CCWST as a powerful tool to induce cognitive changes in an adversary's thought process. paper(2011) +++
+++How Stuxnet Spreads A Study of Infection Paths in Best Practice Systems
Executive Summary:
The Stuxnet worm is a sophisticated piece of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 control systems. The worm used both known and previously unknown vulnerabilities to install, infect and propagate, and was powerful enough to evade state-of-the-practice security technologies and procedures. Since its discovery, there has been extensive analysis of Stuxnet’s internal workings. What has not been discussed is how the worm might have migrated from the outside world to supposedly isolated and secure industrial control systems (ICS). Understanding the routes that a directed worm takes as it targets an ICS is critical if these vulnerable pathways are to be closed for future worms. paper(2011) +++
+++The Quest for cyberpeace -- International Telecommunication Union -- By Dr Hamadoun I. Touré Secretary-General of the International Telecommunication Union and the Permanent Monitoring Panel on Information Security World Federation of Scientists
Foreword In the world of 2011, we enjoy the benefits of a boundless global information society, but with these benefits comes the threat of cyber attacks. They can arise anywhere, at anytime, and cause immense damage in the blink of an eye. This potential damage is increased exponentially by the linking of information and communication technologies (ICTs) with vital national infrastructures. paper(2011) +++
+++World Gone Cyber MAD -- How "Mutually Assured Debilitation" Is the Best Hope for Cyber Deterrence -- By Matthew D. Crosston Many cyber experts say the United States is woefully ill prepared for a sophisticated cyber attack and that each passing day brings it one step closer to a potential virtual Armageddon. While the problems hindering the development of an effective and comprehensive cyber deterrence policy are clear (threat measurement, attribution, information-sharing, legal codex development, and poor infrastructure, to name several), this article focuses on one aspect of the debate that heretofore has been relatively ignored: that the futility of governmental innovation in terms of defensive efficacy is a relatively constant and shared weakness across all modern great powers, whether the United States, China, Russia, or others. paper(2011) +++
+++Nuclear Crisis Management and "Cyberwar" -- Phishing for Trouble? -- By Stephen J. Cimbala If the ultimate weapons of mass destruction, nuclear weapons, and the supreme weapons of soft power, information warfare, are commingled during a crisis, the product of the two may be an entirely unforeseen and unwelcome hybrid. Crises by definition are exceptional events. No Cold War crisis took place between states armed with advanced information weapons and with nuclear weapons. But given the durability of the two trends-interest in infowar and in nuclear weapons-the potential for overlap and its implications for nuclear crisis management deserve further study and policy consideration. paper(2011) +++
+++Cyberdeterrence between Nation-States -- Plausible Strategy or a Pipe Dream? -- Jonathan Solomon Can deterrence strategies which have helped avert great-power war since the late 1940s similarly prevent attempts at corrupting, disrupting, or destroying a nation-state's vital information infrastructure? Is it even possible to deter state-executed or state-sponsored computer network at- tacks against the governmental, military, financial, industrial, and civil information systems upon which modern society relies so heavily? It seems intuitive that one nation-state could plausibly threaten another with de- bilitating punishment should the latter conduct a major "cyber attack" against the former. Examining computer network warfare characteristics, however, reduces one's optimism that even the most powerful states can deter strategic-level cyber attacks using the same methods that deter nuclear and conventional adventurism. paper(2011) +++
+++BEYOND CYBER-DOOM: Cyberattack Scenarios and the Evidence of History -- By Sean Lawson Introduction Recently, news media and policy makers in the United States have turned their attention to prospective threats to and through an ethereal and ubiquitous technological domain referred to as "cyberspace." "Cybersecurity" threats include attacks on critical infrastructures like power, water, transportation, and communication systems launched via cyberspace, but also terrorist use of the Internet, mobile phones, and other information and communication technologies (ICTs) for fundraising, recruiting, organizing, and carrying out attacks (Deibert & Rohozinski, 2010). Frustration over a perceived lack of public and policy maker attention to these threats, combined with a belief that "exaggeration" and "appeals to emotions like fear can be more compelling than a rational discussion of strategy" papert(2011) +++
+++Deciphering Cyberpower -- Strategic Purpose in Peace and War -- John B. Sheldon What is the strategic purpose of cyberpower? All too many works on cyberspace and cyberpower are focused on the technical, tactical, and operational aspects of operating in the cyber domain. These are undoubtedly important topics, but very few address the strategic purpose of cyberpower for the ends of policy. Understanding its strategic purpose is important if policy makers, senior commanders, and strategists are to make informed judgments about its use. Cyberpower does indeed have strategic purpose relevant to achieving policy objectives. paper(2011) +++
+++Defending the networks -- The NATO Policy on Cyber Defence The Cyber Defence Policy at a glance • Integrate cyber defence considerations into NATO structures and planning processes in order to perform NATO's core tasks of collective defence and crisis management. • Focus on prevention, resilience and defence of critical cyber assets to NATO and Allies. • Develop robust cyber defence capabilities and centralise protection of NATO's own networks. • Develop minimum requirements for cyber defence of national networks critical to NATO's core tasks. • Provide assistance to the Allies to achieve a minimum level of cyber defence and reduce vulnerabilities of national critical infrastructures. • Engage with partners, international organisations, the private sector and academia. paper(2011) +++
+++INSA Report: Cyber Intelligence… Setting the landscape for an emerging disciple -- The Intelligence and National Security Alliance (INSA) is a group of professionals bound by a common desire to enhance the national security of the United States. Members include experts who have seen the brutal realities of international affairs and have also seen the impact of sound policy on our nation's well being. INSA is a not-for-profit, nonpartisan, private sector organization which seeks to provide a forum for thought leadership. paper(2011) +++
+++DEPARTMENT OF DEFENSE STRATEGY FOR OPERATING IN CYBERSPACE-- Conclusion: Most vulnerabilities of and malicious acts against DoD systems can be addressed through good cyber hygiene. Cyber hygiene must be practiced by everyone at all times; it is just as important for individuals to be focused on protecting themselves as it is to keep security software and operating systems up to date. DoD will integrate the private sector's continuous renewal method to harden its own computing devices and sustain its cyber hygiene best practices. Further, good cyber hygiene extends to the maintenance of information security, the promotion of good cybersecurity practices for users and administrators alike, secure network design and implementation, and the employment of smart and effective network and configuration management. This holistic effort will provide protection, monitoring, maintenance, design, and care for DoD networks and systems to assure their security and integrity. ... paper(2011) +++
+++Computers as weapons of war by John Bumgarner --Most warfare throughout the two centuries of the industrial era centered on one principal strategic objective: the physical occupation of territory. The possibility of occupying ter- ritory, or the threat of becoming occupied, forced many nations to amass large standing armies, to maintain navies, and to build aircraft in hopes of achieving battlefield superiority against their adversaries. Several pivotal events over the last three decades have been gradually changing that paradigm, shifting nation-states from the industrial era of warfare into the cyber defense era of war- fare. paper(2010) +++
+++Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon Some notes from the talk notes | RELATED: Enumerating Stuxnet's exploits article(2011) +++
+++Abstract This book argues that computer security has evolved from a technical discipline to a strategic concept. The world's growing dependence on a powerful but vulnerable Internet - combined with the disruptive capabilities of cyber attackers - now threat- ens national and international security. Strategic challenges require strategic solutions. The author examines four nation- state approaches to cyber attack mitigation. • Internet Protocol version 6 (IPv6) • Sun Tzu's Art of War • Cyber attack deterrence • Cyber arms control paper(2011) +++
+++Mitigative Counterstriking: Self-Defense and Deterrence in Cyberspace BY Jay P. Kesan and Carol M. Hayes | ABSTRACT Cyberwar has become a reality. The question is no longer "if" the United States will experience a major cyberattack aimed at disrupting critical infrastructure, but "when." In July of 2010, Iranian uranium enrichment activities were severely hindered by the Stuxnet worm, which used a number of zero-day exploits and damaged the Iranian nuclear infrastructure. In early 2011, documents leaked from the files of a computer security company provide evidence that there are "cyber contractors" in the United States that provide subscriptions to lists of exploitable vulnerabilities in popular software. Additionally, there exists the threat of Distributed Denial of Service (DDoS) attacks that could be used to knock a system‟s defenses ... paper(2011) +++
+++The CIP Program: Are We on the Right Path or at a Precipice? BY Stephen Flanagan | Conclusion Let me conclude by summarizing the three risks that the CIP program faces and what needs to be done. And in so doing I will amend my initial points to reflect the emphasis on the performance to achieve the goals perspective. Is the entity concerned about CIP? How has the entity demonstrated its concern in a tangible manner? Senior Management Needs to be Committed/Engaged/Involved Sufficient Budgeting Must be Available To Achieve the Goal-Oriented Tasks Staffing Must be Directed Towards Achieving Program Goals, Not Disconnected Compliance Activities The Saturation Level of Security Awareness Must be High ..... paper(2011) +++
+++Ten Rules for Cyber Security: Before the Estonian incident, organisations tended to treat their risks and arrangements in isolation. Cyber security was merely the sum of individual contingency plans having little to do with more temic risks. The spectrum of cyber conflict ranges from breaches of internal policy or regulations (not patching software, for example) to breaches of legal obligations (such as not reporting illegal activity) to crime to national-security threats to outright cyber warfare ("cyber armed attack"). Ten rules focused on issues and working solutions arising from discussions among experts or in the course of cyber-incident handling can be identified: paper(2011) +++
+++STRATEGIC INSIGHTS: Volume 10, Issue 1 • Spring 2011 Strategic Insights is a quarterly online journal published by the Center on Contemporary Conflict, Department of National Security Affairs, Naval Postgraduate School in Monterey, California. We publish scholarly articles as well as viewpoints that address issues of current interest to the makers and executors of US national security policy. paper(2011) More information HERE +++
+++SIEMENS-SSA-625789: Security Vulnerabilities in Siemens SIMATIC S7-1200 CPU
Summary:
Operating under laboratory conditions and without any IT security measures in place, security experts have investigated Programmable Logic Controllers (PLC). This research has revealed some weaknesses in the SIMATIC S71200 CPU ' communication and authentication functions. Once the automation network is compromised it is possible to trigger certain CPU functions using a remote exploit. A remote exploit is a type of attack that can be launched from one computer against another computer across a network. A PC for example, with access to the automation network, could be used to launch a remote exploit against a PLC. paper(2011) +++
+++CS-CERT ALERT ICS-ALERT-11-161-01-SIEMENS SIMATIC S7-1200 PLC VULNERABILITIES
SUMMARY
In May of 2011, security researcher Dillon Beresford of NSS Labs a reported multiple vulnerabilities to ICS-CERT that affect the Siemens Simatic S7-1200 micro programmable logic controller (PLC). ICS-CERT and Siemens have confirmed that these vulnerabilities could allow an attacker with automation network access to execute various unauthorized commands against the S7-1200 PLC. On June 10, 2011, Siemens released a Security Advisory and patch to address a portion of the reported vulnerabilities. ICS-CERT has confirmed the effectiveness of this patch and continues to work with Siemens and Mr. Beresford on the other reported problems. ICS-CERT is releasing this Alert to inform users of the available patch for the Siemens S7-1200 PLCs. paper(2011) +++
+++INTERNATIONAL STRATEGY FOR CYBER SPACE (USA)
Digital infrastructure is increasingly the backbone of prosperous economies, vigorous research com- munities, strong militaries, transparent governments, and free societies. paper(2011) +++
+++Summary Report Cybersecurity, Foreign Policy, and Business --
In early 2011, the Council on Foreign Relations held a workshop focused on the intersection of cybersecurity, foreign policy, and global business. The program, which included a keynote address by Philip Reitinger, Deputy Undersecretary of the National Protection and Programs Directorate at the U.S. Department of Homeland Security, consisted of three panels: supply chain security; balkanization of digital markets; and cyber exploits, private business, and national security. Participants included officials from the Departments of Commerce and Homeland Security as well as Senate and House staffers, industry representatives, and academic and policy analysts. paper(2011) +++
+++Over the past two years there has been a steady drumbeat of alarmist rhetoric coming out of Washington about potential catastrophic cyber threats. For example, at a Senate Armed Services Committee hearing last year, Chairman Carl Levin said that "cyberweapons and cyberattacks potentially can be devastating, approaching weapons of mass destruction in their effects."1 Proposed responses include increased federal spending on cybersecurity and the regulation of private network security practices. The rhetoric of "cyber doom"2 employed by proponents of increased federal intervention, however, lacks clear evidence of a serious threat that can be verified by the public. As a result, the United States may be witnessing a bout of threat inflation similar to that seen in the run-up to the Iraq War. Additionally, a cyber-industrial complex is emerging, much like the military-industrial complex of the Cold War. This complex may serve to not only supply cybersecurity solutions to the federal government, but to drum up demand for them as well. paper(2011) +++
+++Introduction and Summary: A year ago, the McAfee report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwar," showed just how vulnerable critical infrastructure around the world is to cyberattack. In the year since that report, Stuxnet has trans- formed the threat landscape. It was a sophisticated, successful, weapon with a single purpose - sabotaging an industrial control system. paper(2011) +++
+++Executive summary The first pan-European exercise on Critical Information Infrastructure Protection (CIIP) CYBER EUROPE 2010 was organised by EU Member States (MS), facilitated by the European Network and Information Security Agency (ENISA) and supported by the Joint Research Centre (JRC). The objective of the exercise was to trigger communication and collaboration between countries in Europe to try to respond to large-scale attacks. During the CYBER EUROPE 2010 exercise, experts from the participating public bodies of European countries worked together to counter simulated attempts by hackers to paralyse the Internet and critical online services across Europe. paper(2011) +++
+++Die Arbeit beschäftigt sich mit dem Informationskrieg im 21.Jahrhundert und untersucht seinen Einfluss auf die Militärdoktrinen der USA. Zunächst wird das theoretische Grundwissen geschaffen und konkrete Konzepte zum Informationskrieg wie die Network Centric Warfare vorgestellt. Die Analye beschäftigt sich dann mit den Entwicklungen der Kriegsführung der letzten 30 Jahre, und geht hier insbesondere auf die US Army als Referenzbeispiel ein und arbeitet zusätzlich den Zusammenhang zwischen den Elementen Führung, Technologie und Doktrin heraus. Dank gilt dem Autor Christian Meurers für diese Arbeit und die Erlaubnis diese auf der Webseite zu verlinken. Diplomarbeit als PDF +++
+++Information Insecurity is an attempt to create greater awareness about the growing dangers of cyber-hooliganism, cyber-crime, cyber-terrorism and cyber-war, in an environment that offers considerable opportunities for each of these activities. The book is divided into four parts, a first which sets out the parameters of the Problem, a second which describes the obvious Solutions, a third which highlights the missing elements in any Action Plan for the future, and a fourth which makes specific Recommendations in a do-able time frame. The accompanying Presentations are PowerPoint slides which relate to each of the four parts of the book. The book is targeted towards decision makers in both the public and the private sectors, in the hope that they will be motivated to sit together in a joint effort to draft and adopt a comprehensive Law of Cyber-Space. papers(2011) +++
+++Adam Segal testifies before the House Foreign Affairs Subcommittee on Oversight and Investigations about Chinese cyber espionage and China's desire to reduce its dependence on the West for advanced technologies. paper(2011) +++
+++Cyberspace Policy Review -- DOCUMENTS -- papers(2011) +++
+++Botnets: 10 Tough Questions by Editor: Dr. Giles Hogben, Authors: Daniel Plohmann, Elmar Gerhards-Padilla, Felix Leder
As part of the project "Botnets: Detection, Measurement, Mitigation & Defence" a series of questions was discussed by internationally renowned experts in the field of botnets between September and November 2010. This document presents a selection of the most interesting results. The document distills the major issues which need to be understood and addressed by decision-makers in all groups of stakeholders.
paper(2011) +++
+++The Trouble with Cyber Arms Control -- Christopher A. Ford
These are early days in the age of cyberwar. In the developed world, nearly every sphere of life now depends upon computers and networks, a fact that has introduced great vulnerabilities. The United States in particular - with a modern infrastructure, a plugged-in population, numerous enemies and competitors around the world, and a military whose overawing conventional prowess is heavily reliant on computer networks - has reason to feel exposed to cyber attack
paper(2011) +++
+++Cyberwar-Netwar: security in the information age Von Fernando Duarte Carvalho,Eduardo Mateus da Silva paper(2011) +++
+++Blown to Bits -- China's War in Cyberspace, August-September 2020 paper(2011) +++
+++Rise of a Cybered Westphalian Age -- Chris C. Demchak and Peter Dombrowski paper(2011) +++
+++Cyberdeterrence and Cyberwar by Dr. Martin Libicki Senior Management Scientist --The RAND Corporation paper(2011) +++
+++The National Cyber Security Strategy: Success Through Cooperation -NL
IntroductionThe Netherlands stands for safe and reliable ICT1 and the protection of the openness and freedomof the Internet. The increasing dependence on ICT makes society increasingly vulnerable to abuseand (large-scale) disruption. This is why the cabinet presents the National Cyber Security Strategywhich has been prepared with contributions from a broad range of public and private parties,knowledge institutes and social organisations. paper(2011) +++
+++Cyber-Sicherheitsstrategie für Deutschland --
Der Cyber-Raum umfasst alle durch das Internet über territoriale Grenzen hinweg Cyber-Sicherheit wird damit zur zentralen gemeinsamen Herausforderung für weltweit erreichbaren Informationsinfrastrukturen. In Deutschland nutzen alle Staat, Wirtschaft und Gesellschaft im nationalen und internationalen Kontext. Bereiche des gesellschaftlichen und wirtschaftlichen Lebens die vom Cyber-Raum Die Cyber-Sicherheitsstrategie wird die Rahmenbedingungen hierfür verbessern. paper(2011) +++
+++Martin C. Libicki1 -- The RAND Corporation -- Chinese Use of Cyberwar as an Anti-Access Strategy -- Two Scenarios -- Before the U.S. China Economic and Security Review Commission paper(2011) +++
Common Sense Guide to Prevention and Detection of Insider Threats 3rd Edition - Version 3.1 --
INTRODUCTION In 2005, the first version of the Common Sense Guide to Prevention and Detection of Insider Threats was published by Carnegie Mellon University's CyLab. The document was based on the insider threat research performed by CERT paper(2011) +++
+++Sun Tzu and Cyber War -- Kenneth Geers
Abstract Cyberspace is a new warfare domain. Computers and the in- formation they contain are prizes to be won during any military conflict. But the intangible nature of cyberspace can make vic- tory, defeat, and battle damage difficult to calculate. Military leaders today are looking for a way to understand and manage this new threat to national security. The most influential mili- tary treatise in history is Sun Tzu‟s Art of War: its recommen- dations are flexible and have been adapted to new circumstanc- es for over 2,500 years. This article examines whether Art of War is flexible enough to encompass cyber warfare. It con- cludes that Sun Tzu provides a useful but far from perfect framework for the management of cyber war, and urges modern military strategists to consider the distinctive aspects of the cyber battlefield. What is Cyber Warfare? The Internet, in a technical sense, is merely a large collection of networked paper(2011) +++
+++Cyber war -- Methods and Practice Summary
Computer and internet security is under discussion due to the increasing relevance of the Internet and of the information and communication technology (ICT). The cyberspace is meanwhile regarded as separate military dimension. This paper gives an overview on the methods and practice of cyber war and presents the cyber war activities since 1998 and the security architecture of the cyberspace. Finally, the cyber war strategies of the US and China and the cyber policy of the European Union are discussed. [Version 3.0 - 12 Jan 2011 © PD Dr. Dr. K. Saalbach]
LV Internet policy Fachbereich 1 49069 Osnabrück
paper(2011) and German paper(2011)-Deutsch+Version mit NATO-Teil)
+++W32.Stuxnet Dossier -- Version 1.4 (February 2011) INTRO:
W32.Stuxnet has gained a lot of attention from researchers and media recently. There is good reason for this. Stuxnet is one of the most complex threats we have analyzed. In this paper we take a de- tailed look at Stuxnet and its various components and particularly focus on the final goal of Stuxnet, which is to reprogram industrial control systems. Stuxnet is a large, complex piece of malware with many different components and functionalities. paper(2011) +++
+++Global Energy Cyberattacks: "Night Dragon" By McAfee® Foundstone® Professional Services and McAfee LabsTM February 10, 2011 -- Executive Summary In 2010, we entered a new decade in the world of cybersecurity. The prior decade was stained with immaturity, reactive technical solutions, and a lack of security sophistication that promoted critical outbreaks, such as Code Red, Nimda, Blaster, Sasser, SQL Slammer, Conficker, and myDoom-to name a few. The security community has evolved and grown smarter about security, safe computing, and system hardening but so have our adversaries. This decade is setting up to be the exponential jumping off point. The adversaries are rapidly leveraging productized malware toolkits that let them develop more malware than in all prior years combined, and they have matured from the prior decade to release the most insidious and persistent cyberthreats ever known. paper(2011) +++
+++First Joint Russian-U.S. report on Cyber Conflict-- The EastWest Institute released the first joint Russian-American report aimed at defining the "rules of the road" for cyber conflict. Prepared by a team of Russian and U.S. experts convened by EWI, Working Towards Rules for Governing Cyber Conflict: Rendering the Geneva and Hague Conventions in Cyberspace explores how to extend the humanitarian principles that govern war to cyberspace. paper(2011) +++
. +++Chinese Use of Cyberwar as an Anti-Access Strategy-Two Scenarios MARTIN C. LIBICK: Good afternoon, and thank you for inviting me here. I am Martin Libicki, from the RAND Corporation. I've been thinking about how states might use cyberwar for strategic purposes for most of the last twenty years paper(2011) +++
+++ Computer Espionage, Titan Rain and China by James A. Lewis:
In 1998, computer networks in the Pentagon came under sustained 'attack' for several days. Solemn officials came to the conclusion that China was the attacker and they began to contemplate having the Department of Defense launching some kind of cyber counterstrike when a little more investigation showed that the attacker was not the Peoples Liberation Army but bored teenagers in Cupertino, California. paper(2005) +++
+++When CSIS published Securing Cyberspace for the 44th Presidency two years ago, cybersecurity was not a major issue for public policy. Along with the work of many others, our first report helped to change this. However, the new energy in the national dialogue on cybersecurity has not yet translated into sufficient progress. We thought then that securing cyberspace had become a critical challenge for national security, which our nation was not prepared to meet. In our view, we are still unprepared. paper(2011) +++
+++Online-Paper Cyberwar-methods-and-practice (English Version) paper(2011) +++
Online-Paper Cyberwar-Grundlagen-Geschichte-Methoden (deutsche Version) paper(2011) +++
+++Research Papers--The following page lists articles (co-)published by the CCD COE researchers. The papers are organised by year and alphabetically by title. papers +++
+++2010 Conference Proceedings CCDCOE 2010 papers(2010) +++
+++International Cyber Incidents: Legal Considerations- Summary: This book features four national-scale cyber incidents (Estonia, Georgia, Lithuania and Radio Free Liberty) which demonstrate unique dependencies resulting from the widespread use of information society. These incidents raise questions to policymakers, diplomats, the intelligence community, military, information technology managers, and economists, as well as the general citizenry. Some of those questions - and many of the answers - are legal in nature. With these four incidents, we have undertaken to highlight a variety of legal issues that re relevant for national and international cyber security preparedness. By distinguishing the common denominators and emerging trends of legal relevance, we suggest ways ahead in legal thinking. However, the lessons identified within these pages do not fully become lessons learned unless the readers continue them in deeper analysis and policy actions. book(2010) +++
+++Using Enrichment Capacity to Estimate Iran's Breakout Potential paper(2011) +++
+++Cyberwar Case Study: Georgia 2008 via smallwarsjournal paper(2011) +++
+++Cyberwar--Computernetze als Schlachtfelder der Zukunft? paper(2011) +++
+++"Reducing Systemic Cybersecurity Risk" OECD-REPORT paper(2011) +++
+++Cyberspace: Definition and Implications--Rain Ottis, Peeter Lorents -- Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia paper(2010) +++
+++Some papers about insider threats in critiacal infrastructures and security management paper(2010) +++
+++Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors paper(2010) +++
+++DRAGONS, TIGERS, PEARLS, AND YELLOWCAKE: FOUR STUXNET TARGETING SCENARIOS paper(2010) +++
+++Cyberwar--Das Internet als Kriegsschauplatz--von Sandro Gaycken "Der Cyberwar hat begonnen: Immer häufiger werden Hacker eingesetzt, um Geheimnisse zu stehlen, Wirtschaften zu schädigen, Militäroperationen zu stören oder politische Meinungen zu manipulieren. Ein globaler Trend, denn solche Computerangriffe sind meist risikofrei und kostengünstig. Kaum bemerkt von der Öffentlichkeit ist das Internet zu einem militärischen Operationsraum geworden." book(2010) at the moment in German +++
+++Science of Cyber-Security--Abstract from the book: JASON was requested by the DoD to examine the theory and practice of cyber-security, and evaluate whether there are underlying fundamental principles that would make it possible to adopt a more scientific approach, identify what is needed in creating a science of cyber-security, and recommend specific ways in which scientific methods can be applied. Our study identified several sub-fields of computer science that are specifically relevant and also provides some recommendations on further developing the science of cyber-security. paper(2010) +++
+++Cyber war and cyber power Issues for NATO doctrine paper(2010) +++
+++Critical briefing on attacks against Industrial Control Systems especially SCADA systems paper(2010) +++
+++Information Warfare and Cyber Terrorism by Roland Heickerö, Swedish Defence Research Agency paper(2008) +++
+++Exploring the Role of Virtual Camps by Jarret Brachman and James J.F. Forest paper(2010) +++
+++GRENA CERT Activities during cyberattacks against Georgia paper(2010) +++
+++"Strategic Concept For the Defence and Security of The Members of the North Atlantic Treaty Organisation" paper(2010) +++
+++Georgia 2008: Why We Need National and NATO Cyber Defense Policies paper(2010) +++
+++CELLS WARS:The Changing Landscape of Communications Intelligence paper(2010) +++
+++U.S.-China Economic and Security Review Commission 2010 report to Congress paper(2010) +++
+++On Cyber Warfare A Chatham House Report paper(2010) +++
+++This report argues that national strategy must be reviewed and adapted if it is to take proper account of cyber warfare. paper(2010) +++
+++Proactive Defense Tactics Against On-Line Cyber Militia by Rain Ottis (Cooperative Cyber Defence Centre of Excellence) paper(2010) +++
+++Planning for the Future of Cyber Attack Attribution: Hearing Before the H. Subcomm. on Technology and Innovation of the H. Comm. on Science and Technology paper(2010) +++
+++Countering Advanced Persistent Threats with Cyber Forensics paper(2009) +++
+++Capability of the People s Republic of China to Conduct Cyber Warfare paper(2010) +++
+++Offensive Cyber Operations and the Use of Force paper(2010) +++
+++Cyber Probing: The Politicisation of Virtual Attack book(2010) +++
+++Ethical Issues of Cyberwarfare book(2000) +++
+++The Microsoft Security Intelligence Report (SIR) is a comprehensive evaluation of the evolving threat landscape and trends. paper(2010) +++
+++Stuxnet - Infecting Industrial Control Systems by Liam O Murchu paper(2010) +++
+++Unravellling Stuxnet by Aleks Gostev and Costin G. Raiu paper(2010) +++
+++Securing Indian Cyberspace Shojan paper(2010) +++
+++The sisterhood of the traveling packets
From a cyber-security perspective, attribution is considered to be the ability to determine the originating location for an attack. However, should such an attribution system be developed and deployed, it would provide attribution for all traffic, not just attack traffic. This has several implications for both the senders and receivers of traffic, as well as the intervening organizations, Internet service providers and nation-states. In this paper we examine the requirements for an attribution system, identifying all of the actors, their potential interests, and the resulting policies they might therefore have. We provide a general framework that represents the attribution problem, and outline the technical and policy requirements for a solution. We discuss the inevitable policy conflicts due to the social, legal and cultural issues that would surround such a system. paper(2010) +++
+++Cyberspace Policy Review Conclusion
The history of electronic communications in the United States reflects steady, robust technological innovation punctuated by government efforts to regulate, manage, or otherwise respond to issues presented by these new media, including security concerns. The iterative nature of the statutory and policy developments over time has led to a mosaic of government laws and structures gov erning various parts of the landscape for information and communications security and resiliency. Effectively addressing the fragmentary and diverse nature of the technical, economic, legal, and policy challenges will require a leadership and coordination framework that can stitch this patchwork together into an integrated whole. paper(2009) +++
+++Canada's Cyber Security Strategy For a stronger and more prosperous Canada-- Educational Programs are important for cybersecurity. paper(2010) +++
+++W32.Stuxnet Dossier paper(2010) +++
+++From Information Operations to Cyberwarfare--Dr Dan Kuehl paper(2010) +++
+++Proactive Self-Defense in Cyberspace by Bruce D. Caulkins--Internet security is inherently flawed-the very make-up of the system that allows us to send information between computers also allows hackers to enter a network and wreak havoc on its content. paper(2009) +++
+++Cybersecurity Attacks on the Critical Infrastructure by Daniel G. Wolf paper(2009)
+++Cyberthreats, Vulnerabilities and Attacks on SCADA Networks--This work discusses the current state of today's Supervisory Control and Data Acquisition (SCADA) networks including information on recent attacks and incidents. [STUXNET] paper(2010) +++
+++Stuxnet Under the Microscope-- This report is devoted to the analysis of the notorious Stuxnet worm (Win32/Stuxnet) that suddenly attracted the attention of virus researchers this summer. This report is primarily intended to describe targeted and semi-targeted attacks, and how they are implemented, focusing mainly on the most recent, namely Stuxnet. This attack is, however, compared to the Aurora attack, outlining the similarities and differences between the two attacks. paper(2010) +++
+++Before the Terrorism and Unconventional Threats and Capabilities Subcommittee of the House Armed Services Committee paper(2010) +++
+++Cyber Security Threats Dr Paul Twomey--The Lowy Institute for International Policy -- Good visualization for beginners in this topic -- ppt(2010) +++
+++This paper(2010) and this paper(2010) are two analysis papers about the STUXNET Virus! The ICSA-10-238-01B-STUXNET MALWARE MITIGATION Update B paper is about: In July, ICS-CERT published an advisory and a series of updates regarding the Stuxnet malware entitled "ICSA-10-201⎯USB Malware Targeting Siemens Control Software."a Since then, ICS-CERT has continued analysis of the Stuxnet malware... --- the second paper from the Information-technology Promotion Agency in Japan says: "This is because a computer virus was confirmed that spreads through the exploitation... +++
+++Tracking GhostNet: Investigating a Cyber Espionage Network paper(2009) +++
+++Protecting Europe against large-scale cyber-attacks paper(2010) +++
+++CYBER WAR v. CYBER STABILITY By Jody R. Westby, Esq.1 paper(2009) +++
+++An Overview of the Cyber Warfare, Exploitation & Information Dominance (CWEID) Lab Presented to the CDCA Small Business & Industry Outreach Initiative Symposium paper(2010) +++
+++Kim Jon-Il and Me. How to build a Cyber Army to Attack the U.S.--by Charlie Miller Independent Security Evaluators paper(2010) +++
+++Cyber Threats Mike Cote Chairman and CEO--The beginnig of the PowerPoint is not so interesting but the end has some good slides ppt(2010) +++
+++Nice statement of Joe St Sauver-- "I'm not a cyber defense guy nor am I a cyber intelligence person, so some of you may wonder, "Hey, why should I trust what Joe tells me?" My answer would be "Please DON'T! Think carefully about what I say and verify it yourself!"--so read it and try to verify "Cyber War, Cyber Terrorism and Cyber Espionage" paper(2008) +++
+++The Chinese Cyber Attacks formerly known as Titan Rain-As prepared for 95-803 Information Warfare by Aaron Shelmire paper(2007) +++
+++Australia and Cyber-warfare by Gary Waters, Desmond Ball and Ian Dudgeon--The Australian National University-- paper(2008) +++
+++Author Mitchell has done a good overview of the cyber war situation till 2008 paper(2008) +++
+++War in the Information Age: A Primer for Cyberspace Operations in 21st Century Warfare paper(2010) +++
+++Cyber War, Cyber Terrorism and Cyber Espionage paper(2010) +++
+++"Cyber Security and Politically, Socially and Religiously Motivated Attacks This paper examines Cyber-Security and Politically, Socially and Religiously Motivated Cyber-Attacks, focusing on the European Union as an international organisation with a fragmented yet developing interest in cyber-security. The paper is presented in three parts. Part 1assesses the source and nature of cyber threats. Society's increasing dependence on Information and Communications Technology (ICT) infrastructure creates vulnerabilities and corresponding opportunities to be exploited by the unscrupulous, ranging from low-level, individual computer hacking to serious and organised crime, ideological and political extremism, and state-sponsored cyber attacks such as those perpetrated against Estonia in 2007…. Part 2 reviews current multilateral initiatives to address cyber-security, focusing on the work of the United Nations, the Organisation for Economic Co-operation and Development, the Organisation for Security and Co-operation in Europe, the Council of Europe, the North Atlantic Treaty Organisation, and the Group of Eight. In each case, the organisation in question has recognised the breadth and complexity of the cyber- security challenge and that its response to the cyber-security challenge can be but one part of the whole. Although national governments are the most important actors in cyber-security, others have a contribution to make, including industry and the private commercial sector…. Part 3 examines European Union's responses to the cyber-security challenge. The EU is very closely engaged in cyber-security but cannot be said to have a comprehensive approach to the problem: the EU's responses are diverse, lack coherence and could at times conflict."paper(2009) +++
+++"Project Grey Goose Phase II Report"--Project Grey Goose Attacks on Critical Infrastructure There are many reports in the public domain which discuss vulnerabilities in the power grid. This is not one of them. Instead, this report looks at the broader threat landscape, some (not all) of the key actors involved, and most importantly, how U.S. Energy companies as a self-regulating and predominantly privately owned industry contribute to making the U.S power grid less secure. paper(2009/II) +++
--Russia/Georgia Cyber War__Findings and Analysis--"Project Grey Goose is, in technology terms, a pure play Open Source Intelligence (OSINT) initiative launched on August 22, 2008 to examine how the Russian cyber war was conducted against Georgian Web sites and if the Russian government was involved or if it was entirely a grass roots movement by patriotic Russian hackers"paper(2008/I) +++
+++This paper(2010) is interesting because more and more private companies like McAfee and Sophos are try to focus their research in cyber national activity! We have to watch their notes in their studies! +++
+++"Leaving Deterrence Behind: War-Fighting and National Cybersecurity"-- What has worked in the nuclear realm, and remains relevant for homeland security against WMD terrorism, will not work in cyberspace.-- paper(2010) +++
+++A very detailed PP about Cyberattack as a Tool of U.S. Policy ppt(2010) +++
+++A PPT about some basic facts, problems and strategies in the cyberspace. How the armies could detect and prevent attacks? ppt(2010) +++
+++That is the Cyber Dilemma--Professor Richard J. Harknett--University of Cincinnati Center for Strategic and International Studies paper(2010) +++
+++Cross-Domain Deterrence and Credible Threats by James A. Lewis Center for Strategic and International Studies paper(2010) +++
+++A slideshow(2010) of the Cooperative Cyber Defence Centre of Excellence in Tallinn about cyber warfare +++
+++--Bullets Blogs New Media Warfighter--The explosive growth of new media within the Global Information Environment (GIE) presents sustained challenges and opportunities for the U.S. military. In recent years, adversaries - armed with new media capabilities and an information-led warfighting strategy - have proven themselves capable of challenging the most powerful militaries in the world."-- Should be interesting for Information War Strategy-- paper(2010) +++
+++Jonathan M. Smith made a 20 page PP with some useful information and lists presentation in pdf(2010) +++
+++CYBERSECURITY AND INTELLIGENCE: THE US APPROACH(2010) +++
+++The EastWest Institute published a paper(2010) which tries to show different views from China, USA, Russia, India and Norway. +++
+++"Honeybot, Your Man in the Middle for Automated Social Engineering"--Interesting for Agencies! paper(2010) +++
+++The Intelligencesquaredus made a debate about the topic cyber war. It was a debate with the motion "THE CYBER WAR THREAT HAS BEEN GROSSLY EXAGGERATED". There were two speakers for this motion and two against and the audience was asked before and after the debate about this motion. The debate and the results are written down in a transcript. It is very interesting how the US citizens handle this controversal topic. The speakers are experts in this area. The arguments are interesting and it should be logical that the speakers against this motion are the winners. paper(06/2010) +++
+++This White Paper of the Chinese Government shows how the Chinese Government wants to handle their great "free" Internet. Just read the paper and you will understand. They are not talking about Great Walls and other restrictions in the Internet, only about "Basic Principles and Practices of Internet Administration". For our studies part V is the most interesting part because the chinese declare their problems with hackers and other scurity issues. paper(2010) +++
+++Interesting paper written by Martin C. Libicki. This paper was published by the RAND CORPORATION. This paper is important because it makes some interesting conclusions which are underline the importance of Cyberdeterrence and Cyber warfare. The author Martin C. Libicki tries to focus the national interests in cyber space. paper(2009) +++
+++The National Intelligence Strategy is important for persons who are interested in the future of the US Intelligence Agencies. This paper shows the development of cyberspace protection and some other issues which are also important to know for Cyber warfare analysis. paper (2009) +++
+++The United States, the other sovereign members of the nuclear club, and a number of would-be proliferators have now entered what has been described as the "second nuclear age." This paper examines the deterrence and defense requirements presented by this new age, arguing for the value to be gained through their integration. Offense-defense integra- tion will provide to national decision-makers timely and informed choices of security options needed to address the spectrum of conflict likely to unfold within the second nuclear age. paper(2009) +++
+++Offical Statement on Cyberwarfare by Secretary of Defense Gates paper(06/2009)
+++Another interesting libary of cyber warfare papers, books and articles is the http://www.whitehouse .gov/cyberreview/documents/ There you could find a lot of interesting information which you could download via the internet. +++
+++The Cyber Security Strategy of the United Kingdom shows that nearly every bigger country in the world tries to focus their military power on the cyberspace. paper(2009) +++
+++The big security enterprises don't work with the governments because it is to dangerous for them. But they publish papers like McAfee which show that they are deeply interested in this topic. A paper(2009) from McAfee with some intersting conclusions about cyberwar and cold war. +++
+++Securing Cyberspace the for the 44 Presidency paper(2008) +++
+++"How China will use the Cyber warfare to learfrog in military competitiveness" This paper is written by Jason Fritz. paper(2008) +++
+++Wheeler, D. (2003, October). Techniques for Cyber Attack Attribution.--This paper will be one of my backround papers for my work-- paper(2003) +++