Post on 08-Apr-2018
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
1/33
Cyber Warfare: its increasing role in modern
conflicts
Ana Sulakvelidze
Analyst in Intelligence and Military issues
At Information Security Studies and Analysis Center
INFORMATION SECURITY
STUDIES AND ANALYSIS CENTER
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
2/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
2
*******
Current document represents educational material and it is based on non-classified sources
and on personal observations. In case of any other kind use of this publication, author is not
responsible. The opinions and recommendations represented by this document should not be
considered as official position of INFORMATION SECUIRTY STUDIES AND ANALYSIS
CENTER, which by itself represents this document.
Ana Sulakvelidze
All Rights Reserved.
It is strictly forbidden copying and redistribution of this document, without authors
agreement.
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
3/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
3
* * *
The research concerns the main trends of cyber warfare, and the challenges related to
cybersecurity. The cyber standards of the United States and several international legal
frameworks along with the practical measures are discussed in the paper. Moreover, the most
massive and popular cases of cyber warfare are mentioned in a chronological way. Country
specifics, particularly, divergent approaches to cybersecurity, are demonstrated through the
examples of the United States, Russia, and Georgia. Significance of cyber tools in intelligence
activities, and the increasing role of cyber terrorism are also discussed in the research. Finally,
the relevant conclusion is outlined which includes the main recommendations from the author.
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
4/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
4
Table of Contents
Introduction . 3
I Local Standards
United States 4
II International Standards
International Organizations ... 6
United Nations .. 7
International Telecommunication Union (ITU) .. 8
North Atlantic Treaty Organization (NATO) .. 9
Council of Europe C3
.. 10
III Country Specifics
Russia .. 11
United States 12
Georgia 13
IV Cases of Cyber War .. 14
V Cyber Tools in Intelligence and Terrorism
Intelligence . 17
Cyber terrorism ... 18
VI Technical Stuff
Models of Cyber defense . 20
Conclusion .. 22
Appendix
References 24
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
5/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
5
Introduction
The modern world has become entirely technological. Scientific progress which mirrored in
technological novelties created a whole new domain cyberspace. Cyberspace, from the day
of its creation, plays an unimaginably colossal role in humans lives. Even though individualsare not physically present in the cyber domain, their basic activities and needs, are
significantly performed through it. Communication, logistics, financial and cultural activities,
education, social issues, international connectivity and cooperation, security, and several other
fields of human endeavor are now tightly connected to cyberspace, and strongly depend on its
proper functioning. If cyberspace is disrupted in some way, each of these above-mentioned
and several other areas of human life may easily appear at a serious stake.
Cyberspace has several definitions, and they are divergent. There is no one common definition
for cyberspace, however the majority of individuals clearly understand what it is. The word
"cyberspace" is credited to William Gibson, who used it in his book, Neuromancer, written in1984. Gibson defines cyberspace as "a consensual hallucination experienced daily by billions
of legitimate operators, in every nation, by children being taught mathematical concepts... A
graphical representation of data abstracted from the banks of every computer in the human
system. Unthinkable complexity. Lines of light ranged in the non-space of the mind, clusters
and constellations of data". 1
It is interesting to examine why the cyberspace has intruded into humans lives so profoundly.
The answer is not difficult: the process of computerization and intense data migration made
individuals and the whole world entirely dependent on it. Even though computers entered our
lives not long ago, they became indivisible parts of our daily lives. Not only individuals, butalso states and their governments significantly rely on the cyber domain. The process of
computerization appeared so sharp and instant, that the world was engaged in a continual race
with technological progress. While the progress was moving forward, and the world was
becoming entirely digital, individuals envisioned total insecurity in the newly created digital
world. We have a deluge of information and possibility to share it, but we are unaware how to
protect our information from damage. This question became the main problem and challenge
for the whole world.
Furthermore, it is essential not to ignore the role of politics while talking about the cyberspace
insecurity and the related problems. Cyber technologies became perfect tools for political use.In many ways cyberspace was effectively exploited in order to inspire political escalations;
several of these cases can easily be described as cyberwarfare. 2 Furthermore, modern
1 The Tech Terms computer dictionary. http://www.techterms.com/definition/cyberspace 2 The cases will be discussed later in the paper
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
6/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
6
conflicts are frequently accompanied by the cases of cyberwarfare. Cyber attacks are widely
used by terrorists as well, what makes them more and more dangerous for societies.
The International Community is considerably concerned with cyber challenges, as they
appreciate the potential risks that lurk in cyberspace and cyber related problems. While the
international community is trying to handle current cyber threats and challenges, newproblems and dangers emerge continuously. This fact stems from the reality that, people have
understood how powerful cyber tools are , and how effectively they could be used in order
to pursue ones aims. This is what can be called an increasing role in modern conflicts of
interests.
Local Standards
The United States
Technological development always required from government officials to harmonize state
policies with emerging technological improvements. In the 20th century the American Federal
government authorized several laws and organizations in order to adapt the national security
needs to the emerging technologies. In the 21 st century the need of adaptation is even greater
and more demanding, because the massive emergence of internet as a communication tool
requires from Federal officials an increased attention to the cyberspace security.
Throughout the past two decades the US Federal government have initiated a number of
important projects aimed at securing the US cyberspace. In 2003 The National Strategy to
Secure Cyberspacewas outlined in order to minimize US critical infrastructure vulnerability
to cyber attacks. Furthermore, United States Computer Emergency Readiness Team (US-
CERT) was created at the Department of Homeland Security, which became responsible for
implementing the National Strategy to Secure Cyberspace. Additionally, a number of
Einstein Programs, an automated process for gathering and sharing security information
through DHS, was also created by US-CERT.
In January 2008, president George W. Bush launched the Comprehensive National
Cybersecurity Initiative (CNCI), which became the key document in the process of cyberspace
standardization for that time. CNCI consists of 12 sub-initiatives that correspond to the major
needs for securing the US cyberspace.3
3 White House. Comprehensive National Cybersecurity Initiative, January 2008.http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
7/33
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
8/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
8
businesses to share information and experiences in cyber crime detection and remediation
techniques with other businesses and the Federal government in order to ensure cyberspace
safety. 7
The Cybersecurity Policy Review strongly recommends the United States to engage into
international cooperation on cyber-related issues. Divergent national law standards and
practices hinder the process of creating a secure global digital environment. Consequently,
tight partnership with the international community is urgently needed. Several international
organizations are concerned with the cyber issues, for instance: United Nations, the Group of
Eight, NATO, the Council of Europe, the Asia-Pacific Economic Cooperation forum, the
Organization of American States, the Organization for Economic Cooperation and
Development, the International Telecommunication Union (ITU), the International
Organization for Standardization (ISO) and several others. Even though the efforts of these
organizations are considerable, new multi-lateral and bilateral agreements, and new ways of
cooperation between states and their governments should be established. Moreover, theUnited States should support other countries in the process of cyberspace legal standardization
on the national levels, and should buttress them to improve their capacity to fight
cybercrime. 8 Increased international cooperation, information and experience interchange will
certainly mirror in an increased ability to track cybercrime and to manage global challenges in
cyberspace.
Several important steps should be undertaken in order to elaborate the framework on incident
response. According to the Policy Review, information sharing framework should be outlined
in cooperation by the Federal, State, Local, and Tribal governments. Moreover, data owners,
network operators, and experts on privacy and civil liberties should be engaged in the process.
The recommended steps include creation of a non-profit, non-governmental organization to
serve as a trusted third-party host, where government and private sector can share information
data. In addition, the Review suggests that voluntary information sharing between the
Federal government and individual firms, or groups of firms is highly recommended in order
to achieve a stronger structure of incident response.9 Incident report from private sector is
priceless, because private sector is the most important stakeholder of cyber space and cyber
market. Civil liberties and privacy experts should be engaged in the discussion how to
increase the information interchange in order to ensure that civil privacy is protected; on the
other hand, it is vital to protect sensitive data in the process of intense data migration. What is
more, research community should be allowed to gain access to the information, which may
potentially be useful for future research in the field.
7 Ibid8 White House. Cyberspace Policy Review. 2009http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf 9 Ibid
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
9/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
9
For the final analysis, the Cybersecurity Policy Review with the Comprehensive National
Cybersecurity Initiative form the major guidelines for future steps and actions that should be
undertaken in the United States in order to create more resilient and secure cyberspace.
International Standards
International Organizations
As time passes, the world becomes more and more interdependent. Globalization in all realms
of human endeavor creates a global space for different countries and for their representatives.
As a result, we are captured by an irrefutable fact that, without international cooperation no
country, and no society can exist. This idea is especially flagrant when it comes to cyberspace.
Internet is a global tool, and consequently, its security also appears to be a global matter. Evenif a country has adopted an outstanding cybersecurity policy inside its borders, without an
intense international cooperation the cyberspace of this particular country would hardly be
protected. International standards on cybersecurity issues are vital in the global process of
cyberspace normalization.
Nowadays several international legal frameworks have already been adopted. International
cooperation in this process was active and comprehensive, however, the international level of
consensus have not yet been achieved. Several reasons could be suggested for the lack of
consensus, but I strongly believe that two reasons are at the top of this list: 1) cybersecurity is
quite a new field for lawmakers, no established experience and precedents are available tothem; and 2) nations are sensitive in terms of international cybersecurity policy, because they
appreciate a number of potential risks and threats that may the international cybersecurity
policy encompass in several ways. Unfamiliar topic and deterrence from open cooperation
became the major hindrances for achieving an international consensus on cyber-related issues
among states.
Even though the consensus has not yet been achieved, several international and multi-lateral
agreements have been established.
United Nations
To start with the International resolutions and policies, the General Assembly of the United
Nations has adopted a number of resolutions on information security. In December 2000, the
General Assembly adopted the resolution on Combating the Criminal Misuse of Information
Technologies. The document stressed the following topics: importance of cooperation among
concerned states; practice and experience sharing; workforce trainings; quick and effective
incident response; increased public awareness on the cases of cyber crime and its possible
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
10/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
10
outcomes; new design of the information technologies in order to facilitate crime detection
and prevention; civil liberties and privacy protection. 10 The resolution called all participant
states to take into account the above-mentioned recommendations in their efforts to combat
the criminal misuse of information technologies. Later on, in January 2003, the General
Assembly has adopted a further resolution on cyberspace security. Several elements for
creating a global culture of cybersecurity are emphasized in the document, in particular:
shared responsibility among involved parties; consistence of the cybersecurity policies with
the basic values of democracy; stronger emphasis on cyber education; risk assessment and
reassessment by the cybersecurity experts; and cybersecurity policy design and management.11
United Nations has adopted a number of other resolutions on cyberspace security and cyber
culture that create a good deal of basis for the international cooperation on the cyber-related
issues.
UN is not the sole organization which is concerned with the cyber matters. The International
Telecommunication Union (ITU) has published the Global Security Agenda (GCA)12
, which
addresses all major aspects of the cybersecurity policy.
International Telecommunication Union
GCA is based on international cooperation and involves all participant groups of cyberspace
in the process of building confident and safe cyber world. The document consists of five
major pillars/ work areas: 1) Legal Measures; 2) Technical and Procedural Measures; 3)Organizational Structures; 4) Capacity Building; 5) International Cooperation.
To start with the Legal Measures, the document emphasizes importance of creation the
national legislatures that will respond to the increasing number of cyber threats. GCA Legal
Measures consist of two major recourses: ITU Toolkit for Cybercrime, and Understanding
Cybercrime: Guide for Developing Countries.
The next chapter is about the Technical and Procedural Measures. These measures mainly
address the process of cyberspace standardization. ITUs Standardization Sector holds a vital
role in this process, because it brings together the private sector and governments in order to
ensure complete cooperation between the parties. A number of particular tools and bodies are
10 United Nations. 55/63. Combating the criminal misuse of Information Technologies. http://daccess-dds-ny.un.org/doc/UNDOC/GEN/N00/563/17/PDF/N0056317.pdf?OpenElement 11 United Nations. 57/239. Creation of a global culture of cybersecurityhttp://daccess-dds-ny.un.org/doc/UNDOC/GEN/N02/555/22/PDF/N0255522.pdf?OpenElement 12 ITU. Global Cybersecurity Agenda (GCA). http://www.itu.int/osg/csd/cybersecurity/gca/new-gca-brochure.pdf
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
11/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
11
involved in the process of standardization: the Study Group 17, which deals with the identity
management processes; ICT (Information and Communication Technologies) Security
Standards Roadmap promoting collaboration between international standards bodies; ITU
Radiocommunication Sector, and several others.13
The Chapter on Organizational Structure stresses importance of collaboration at every level:
governments, private sector, academia, regional and international organizations. A broad
collaboration is a key instrument for raised awareness about potential cyber threats. An
effective incident management is also emphasized in the chapter as a vital factor for handling
cybercrime. In order to build an effective incident management capacity, effective
coordination of funding and human recourses is indubitably needed.
The process of capacity building is always tightly correlated with the several problems and
challenges. Similarly, in cybersecurity the most pressing challenge is to build capacity in the
involved parties, especially in end-users. ITU has designed several activities in order to boostthe process of capacity building. The ITU National Cybersecurity/CIIP Self- Assessment Tool
is a practical initiative which is designed to assist ITU member states to create national legal
frameworks on cybersecurity, and to improve cyber protection infrastructures. Moreover, ITU
has designed a special Toolkit to promote a Culture of Cybersecurity, which provides
guidelines for SME (small and medium enterprises), consumers, and end-users in order to
improve their cyber awareness. ITU has also addressed the Botnet problem, especially
frequent in developing countries. The International Multilateral Partnership Against Cyber
Threats (IMPACT)14 Research Division, in collaboration with ITU, refers to academia
attention and encourages academic research in both, the newly emerged and specialized areas.
15
ITU Global Cybersecurity Initiative gives a considerable emphasis to the international
cooperation in cybersecurity issues. ITU Secretary General established a High Level Expert
Group (HLEG) which comprised high-level experts from governments, industry, relevant
regional/international organizations, research institutes, academic institutions and individual
experts from every part of the world. The main goal of HLEG was to analyze and refine the
developments of GCA.
ITU, in collaboration with IMPACT and several other international organizations, has
established the Centre for Policy and International Cooperation, which is responsible for
13 ITU. GCA. http://www.itu.int/osg/csd/cybersecurity/gca/new-gca-brochure.pdf 14International Multilateral Partnership Against Cyber Threats (IMPACT), international public-private initiative dedicated toenhancing the global communitys capacity to prevent, defend and respond to cyber threats. In May 2008, the ITU wasinvitedto become a member of the IMPACT Advisory Board.15 ITU. GCA. Building Capacity. http://www.itu.int/osg/csd/cybersecurity/gca/new-gca-brochure.pdf
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
12/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
12
formulation new cybersecurity policies, and should provide ITU member states basic
necessary guidelines for the harmonization of national laws around a variety of cyber-related
issues. 16
ITU is the author of Child Online Protection (COP) initiative. COP initiative was established
as an international collaborative network, which was designed to provide children and young
people online protection policy guidelines. 17
NATO
The North Atlantic Treaty Organization (NATO) gave a special emphasis to cybersecurity
challenges in its latest strategic concept NATO 2020. Cyber crime and cyber attacks are
indentified in the document as a new type of threat, called Unconventional Danger. Indeed,
the new concept calls for all state members to identify cyber threat as a growing threat to the
security of the Alliance and its members.18
The new security strategy provides particularrecommendations for the NATO member states on how to manage cyber-related threats and
challenges. But before turning to these recommendations, I would like to talk about NATOs
Cybersecurity Policy which was launched in 2007. NATO Cyber Defense Policy is
implemented by NATOs military, political, technical authorities, and by individual Allies.
The policy established a NATO Cyber Defense Management Authority (CDMA), which
became a sole responsible body for coordinating cyber issues throughout the Alliance.
Moreover, NATO established the Cooperative Cyber Defense Centre of Excellence
(CCDCOE) in order to boost research and trainings in the field. International cooperation is
highly stressed in the policy as a major tool for success in tackling cyber threats. The
document also outlined three phases of practical activity that were designed to mitigate NATO
cyber vulnerability. 19
Now, to turn to the NATO 2020 recommendations on cybersecurity issues. The New Concept
recommends the member states to undertake considerable efforts in monitoring NATOs
critical network in order to assess and remedy existing problems and vulnerabilities; the
Allies should also work on expanding the early warning capabilities in the form of NATO-
wide network. Moreover, Cooperative Cyber Defense Centre of Excellence (CCDCOE)
should increase its work on assisting member states and individual Allies, through training, to
16 ITU. GCA. International Cooperation. http://www.itu.int/osg/csd/cybersecurity/gca/new-gca-brochure.pdf 17 Ibid18 NATO 2020: Assured Security; Dynamic Engagement.http://www.nato.int/cps/en/natolive/official_texts_63654.htm?selectedLocale=en 19NATOs cyber defense policy and activities. http://www.nato.int/cps/en/natolive/topics_49193.htm ?
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
13/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
13
create strong and effective cyber defense programs. The Alliance should be prepared to send
an expert group to any member state which is at an immediate cyber stake. 20
Several other international and regional organizations, for instance G8 High Tech Group with
its Recommendations and Best Practices, Organization for Economic Co-operation and
Development (OECD) 21 with a number of reports and publications, INTERPOL, and several
others have contributed considerable efforts to the process of cyberspace standardization
which is currently underway. All these efforts, if brought together, represent a serious force
for managing cyber threats on international and national levels.
Council of Europe C3
For further analysis, I would pay my attention to the Council of Europes Convention on
Cybercrime (C3). It is worthy to mention that, C3 is the only binding international treaty on
the subject to have been adopted to date, and which enjoys a broad international support. Thetreaty was opened for signature in 2001, and entered into force in 2004. The treaty is open for
the member states and for non-member states as well. The total number of signatory states is
46, signatures not followed by ratification - 16, and signatures followed by ratification and
entry into force 30. 22 Conventions content consists of several directions of cyber
regulations on the national and international levels. First and foremost, general terms and
definitions are provided in the document. The steps and legal measures to secure cyberspace
that should be undertaken by the signatory parties on the national levels are also outlined.
Offences against confidentiality and integrity, content-related and computer offences,
additionally, offences related to the infringements of copyright and related rights are specified
separately as different articles, and sanctions for the prevention of these offences are also
depicted. Furthermore, the document outlines procedural measures for C3 implementation on
national levels, and places responsibilities on signatories to establish jurisdiction over any
offence considered in the Convention. The paper delineates the standards for the international
cooperation, extradition, and mutual assistance among signatory states with the specific
provisions. In addition, the document emphasizes establishment of 24/7 network point in order
to ensure immediate data and assistance interchange among parties.
C3
, as I already have mentioned, is the only binding international treaty to date which enjoys
an estimable support. Nevertheless, this document is far from sufficient to boost the process of
cyberspace standardization. Why? Several reasons could be provided to answer the question,
but the most important is that, there are divergent viewpoints and backgrounds among
20NATO 2020: Assured Security; Dynamic Engagement.
http://www.nato.int/cps/en/natolive/official_texts_63654.htm?selectedLocale=en 21 Organization for Economic Co-operation and Development (OECD).http://www.oecd.org/home/0,2987,en_2649_201185_1_1_1_1_1,00.html 22 Council of Europe. Convention on Cybercrime. 2001http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=8&DF=&CL=ENG
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
14/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
14
involved parties about cyberspace and its legal aspects, that explain why no consensus has
yet been achieved. The difficulty of achieving consensus stems from country specifics. Each
state, especially the pioneers of cyber technologies, has its approach to the issue, what makes
difficult, and even impossible to date, to create a resilient and secure global cyberspace. In
order to make the situation more lucid, I will concentrate on three particular examples of
developed and developing countries: Russia, the United States, and Georgia.
Country Specifics
Russia
Russias approach to cybersecurity issues is outlined in the following documents: the
Information Security Doctrine of 2000, and the Strategy for Development of InformationSociety in Russia of 2008. According to the documents, it is clearly noticeable that Russia
approaches cybersecurity as a political and psychological matter; moreover, Russia tends to
use the terms information security and information technologies rather than cybersecurity,
and cyber technologies. Russia officials explain that, cybersecurity and cyberspace are
primarily technological terms, while information security and information space have more
political and philosophical contexts. 23 Even though Russias Information Security Doctrine is
mainly designed as a political tool focused on Russian society, it is also intended to influence
international audience. 24 Russia is considerably concerned with the creation of international
cyber regimes. Furthermore, Russia strongly supports the idea of international convention
which will ban development or use of military and civilian information as weapons in orderto prevent digital arm race.
25On the national level, Russia appreciates cybersecurity as a
stability factor for the state. Russia maintains the position that, a government should retain the
right to constrain or ban the information transmitted from outside the country borders should it
be regarded disruptive politically, socially, and culturally.26
It is interesting that this approach
of controlling the flow of information is designed not only for securing state interests, but also
for the stability of the existing regime. 27 What is more, Russia approaches the information
warfare as an everlasting phenomenon. Russia believes that information warfare is conducted
23
Russia, The United States, and Cyber Diplomacy. EastWest Institute. Franz-Stefan Gady, Greg Austin. 2010http://issuu.com/ewipublications/docs/usrussiacyber?mode=embed&layout=http%3A%2F%2Fskin.issuu.com%2Fv%2Fcolor%2Flayout.xml&backgroundColor=FFFFFF&showFlipBtn=true 24 FOI. Emerging Cyber Threats and Russian Views on Information Warfare and Information Operations.http://www2.foi.se/rapp/foir2970.pdf2525 Russia, The United States, and Cyber Diplomacy. EastWest Institute. Franz-Stefan Gady, Greg Austin. 2010http://issuu.com/ewipublications/docs/usrussiacyber?mode=embed&layout=http%3A%2F%2Fskin.issuu.com%2Fv%2Fcolor%2Flayout.xml&backgroundColor=FFFFFF&showFlipBtn=true 26 Ibid.27 FOI. Emerging Cyber Threats and Russian Views on Information Warfare and Information Operations. 2010http://www2.foi.se/rapp/foir2970.pdf
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
15/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
15
in peacetime, and in wartime as well. In peacetime, according to Russias approach,
information warfare is mainly conducted by the means of intelligence, politics and
psychological actors. Diplomatic, economic, and political measures (shaping public opinion)
are widely used in the information warfare in peacetime. When it comes to IW (Internet
World), computer viruses, other malware, and information gathering on adversarys cyber
technologies play a key role in cyber warfare in peacetime. Information warfare is conducted
by almost the same means in wartime as in peacetime, but some aspects are added or
accelerated. Particularly, the information warfare strategy in wartime includes special
operations to disrupt enemys command, control, and cyber system, particularly: information
blockade using DDoS, spamming, and electronic saturation tactics, and several others. 28
Finally, Russias main trends in cybersecurity consist of the emphasis on creating an
international cyber regime, maintaining by a government the right to control the information
flow from abroad, assessing cyber warfare as a permanent process conducted in peacetime and
also in wartime, and considering cyber warfare as a psychological and political tool. Russias
assessments and approaches to cyber warfare considerably differ from those of the United
States in several ways.
The United States
The United States approach to cyber warfare and cybersecurity is rather technological.
According to the US Defense officials, cyberspace is one of the domains which should be
protected from inside or outside attacks; no specifically political, psychological, or
philosophical backgrounds are attributed to cyber warfare. US doesnt favor the Russianapproach of international cyber regime, because of the difficulty to identify the origin of a
cyber attack, was it from government or individual hacker/hacker group. Nevertheless, the
United States buttress the international cooperation on cyber-related issues. Moreover,
according to the US policy, the main goal of cybersecurity can best be achieved by the
international cooperation. But what makes the US approach considerably different from the
Russian one is that, US believes cybersecurity is a particularly national issue, which should be
addressed by a state-centric approach. 29 As I have described earlier, the US gives more
emphasis to increased cyber education and public awareness, and to the establishment of the
national systems for ensuring countrys cybersecurity. Furthermore, US officials see as a
direct challenge to democratic principles to allow and justify governments control on freeflow of information. In addition, the United States has a more specific understanding of cyber
28 Ibid29Russia, The United States, and Cyber Diplomacy. EastWest Institute. Franz-Stefan Gady, Greg Austin.
http://issuu.com/ewipublications/docs/usrussiacyber?mode=embed&layout=http%3A%2F%2Fskin.issuu.com%2Fv%2Fcolor%2Flayout.xml&backgroundColor=FFFFFF&showFlipBtn=true
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
16/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
16
warfare which is strictly related to crisis or conflict, while in Russia cyber warfare is
emphasized in both, peace and wartimes.
In sum, it is clear that the United States is less extreme in the assessment of cyber warfare
phenomenon, and tends to more moderate ways of handling cyber threats.
Georgia
Georgia is a new-comer in the digital world. Georgia is a post-Soviet country; but while being
a post-Soviet country, Georgia strikingly seeks to become a part of the developed world. The
process of Georgias democratization is underway, and each field of the countrys societal life
is currently under reconstruction. Similarly, Georgias information infrastructure demonstrates
an urgent need to be transformed. This immediate need was clearly demonstrated in August2008 during the Russo-Georgian War. Georgian cyberspace was repeatedly attacked and,
consequently, disrupted for several days. Georgia appeared in an information vacuum during
the war. This fact demonstrated that Georgias cyberspace is easily penetrable and damageable
for foreign forces. Moreover, at the time of war, Georgia was dependent on Russia and Turkey
connections to the global internet30, which logically made its cyberspace more vulnerable.
The process of cyberspace standardization in Georgia was started several years before the
August War. In December 2004, the ICT (Information and Communication Technologies)
Development Framework for Georgia was elaborated by the UN Development Program, and
NCT Team, in cooperation with the Georgian Government, Georgian NationalCommunications Commission, and the World Bank.
The document represents an action plan for Georgian government in the process of creation a
stable and safe cyber infrastructure in the country. First and foremost, the document
recommends to identify the main priorities and capacities of information infrastructure
building, because Georgia is a developing country and existing socio-economic situation
should be surely considered while adopting a particular policy. Moreover, the document
mentions several problems that should be solved before the process of information
infrastructure building is started, particularly: the problems related to energetic (an energy
supply was considerably unstable in Georgia for that time), technical problems,administrative problems (lack of field experts in a state sector), and several others. The
document provides the key recommendations primarily for the government entities, because
the main responsibility of encouraging the cyberspace standardization process in Georgia
was placed on the government. These recommendations are as follows: to create a work
30 New York Times, August 2008. John Markoff. Georgia takes a beating in the cyberwar with Russia.http://bits.blogs.nytimes.com/2008/08/11/georgia-takes-a-beating-in-the-cyberwar-with-russia/
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
17/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
17
group which will be responsible for outlining the countrys cyber policy, and will coordinate
all cyber-related governmental activities according to the adopted policy; information
availability, confidentiality, and unity should be supported by the relevant state entities in
order to ensure secure and fair data migration process; private sector, as a main economic
force in a country, should entirely be engaged in the process of cyberspace standardization;
cyber laws should be elaborated, adopted, and harmonized with the international cyber trends
by the legislative officials; intelligence agencies and critical state entities should be provided
with the special and entirely secure communication tools (servers, hardware, and software) in
order to ensure critical data protection, and secure data flaw. A number of other specific
recommendations are also included in the document, however, the aforementioned ones
represent the most crucial provisions that are delineated in the paper.
Even though these recommendations were introduced several years ago, their implementation
was considerably delayed. Even today, few of these requirements are brought to fruition,
particularly: several legal frameworks were outlined, and Georgia signed the C3 European
Councils Convention on Cyber Crime (only signed, no ratification). The other
recommendations still remain as recommendations.
The particular reasons why Georgian cyberspace remains insecure, and no relevant actions
and steps are undertaken in order to improve the situation, are difficult to identify; absence of
a political will, lack of funds and human resources, socio-economic problems, territorial
conflicts, and several others may represent the potential reasons, or a group of reasons that
hinder the process of Georgian cyberspace standardization. Consequently, the information
infrastructure of Georgia remains underdeveloped, and considerably vulnerable to the
potential attacks, as it was in August 2008.
Cases of Cyber War
Cyber warfare, regardless its short history, counts an estimable number of precedents. In order
to create a better image about the chronology and essence of recent cases of cyberwarfare, I
would like to cite some of them that, in my opinion, were the most popular and massive.
To start with, in February 2006 more than 1000 Danish websites were attacked by the Islamic
hacker groups and individuals who were protesting controversial cartoons mocking Prophet
Mohammed. The attacks mainly defaced the homepages of Danish websites. More than 900
Danish and 1600 western websites were defaced during the protest. Many protester messages
condemned the publication of the cartoons in Danish newspaper Jyllands-Posten on 30
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
18/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
18
September 2005. Some messages called for boycotts of Danish goods. 31 The administrator of
the Hack attack monitoring group Zone-H Mr. Preatoni said in the interview with BBC, that
the hacker groups were mobilized from the different Islamic countries: Turkey, Saudi Arabia,
Oman and Indonesia. Even though, the defacements were cleared up quickly, in the case of
secondary defacement the results could be far more damaging. The list of damaged websites
are available on the Zone-H web page. 32
Estonian precedent of cyberattack in May 2007 was quite alarming and served as a wake-up
call for developed nations. 33 In April/May Estonian cyberspace experienced massive DDoS
(Distributed denial-of service) cyber attack. The attack was arranged according to the Botnet
scheme.In one case, the attackers sent a single huge burst of data to measure the capacity of
the network. Then, hours later, data from multiple sources flowed into the system, rapidly
reaching the upper limit of the routers and switches.34 A considerable number of
governments and countrys main banks servers were clogged. The Hansabank lost not less
than 1 million dollars as a result of the attack. Moreover, it was extremely difficult to trackthe attack origin, because the hackers infiltrated computers around the world with software
known as bots, and banded them together in networks to perform these incursions. The
computers become unwitting foot soldiers, or zombies, in the cyberattack.35
It is worth mentioning that, Estonia was particularly vulnerable to the attack as an internet
infrastructure is highly developed in the country (Estonia was the first country which held on-
line elections); many critical services were disrupted, for example: healthcare and e-bank
services. During the attack Estonia had to close off its networks for the outside-country users.
It is really a shame that an Estonian businessman traveling abroad does not have access to his
bank account, said Linnar Viik, a computer science professor and a leader in Estonias high-tech industry. This fact demonstrated that a massive cyberattack on one country automatically
involves and damages other countries as well. Estonian incident made clear for developed
countries that internet has become one of the most dangerous tools against states proper
functioning, and the fact was alarming indeed.
Estonian cyber attack was followed by the attack on Lithuanian cyberspace. In June 2008
hundreds of Lithuanian government and corporate websites were defaced with the Soviet
symbols and graffiti. The attacks shut down the websites of the national ethics body, the
securities and exchange commission, the Lithuanian Social Democratic Party and many
31 BBC News. Mark Ward. 2006. Anti-cartoon protests go on. http://news.bbc.co.uk/2/hi/technology/4692518.stm 32 Zone-H. http://www.zone-h.org/news/id/4275 33 NATO PA Assembly. NATO and Cyber Defense. http://www.nato-pa.int/default.asp?SHORTCUT=1782 34 The New York Times. Mark Landler and John Markoff.. 2007. Digital Fears Emerge After Data Siege in Estonia.
http://www.nytimes.com/2007/05/29/technology/29estonia.html?pagewanted=1&_r=1
35Ibid
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
19/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
19
others. 36 Even though the government websites problems were fixed more or less quickly,
the commercial and corporate ones were not lucky to manage the problem immediately, and
consequently, their financial losses were estimable.
Very soon after the Lithuanian precedent, Georgia was engaged in war with Russian
Federation started on August 7, 2008. The war was entirely conventional. The Russian troops
invaded Georgia and moved toward capital Tbilisi. Georgian borders were not the only
subject of invasion, Georgian cyberspace was also attacked massively. According to Internet
technical experts, it was the first time a known cyberattack had coincided with a shooting war.37
Almost all Georgian government and media web-sites were disrupted by the well-known
Botnet scheme. In the case of Georgia, it was not easy to remedy the attacked web pages
shortly because of poor preparedness. This fact was particularly damaging for Georgia at that
moment as the country faced conventional war at a time. Created information vacuum was
extremely harmful and dangerous. Georgian government was incapable to spread its
messages online and to connect with sympathizers around the world during the fighting withRussia. 38
Cyber warfare is omnipresent, western cyberspace is not the sole domain which is attacked,
but eastern cyberspace is similarly vulnerable to cyberattacks. The most glaring example of
the above-mentioned observation was Iran in June 2009 and February 2010. In June 2009
several websites belonging to Iranian news agencies, president Mahmud Ahmadinejad, Irans
supreme leader Ayatollah Ali Khamenei, the Ministry of Foreign Affairs, Ministry of Justice,
National Police, Ministry of the Interior, and others, about twelve, were disrupted by hackers.39 In February 2010 Iran cyberspace was attacked over again. This time the target was Irans
nuclear program: about 60 computers were infected by the Stuxnet worm40
.
The above-mentioned cases of cyber warfare all over the world represent the tiny piece of the
long list of cyberattack precedents, however, they clearly demonstrate that cyberattack is a
considerably harmful and dangerous tool against a target victim.
Cyberwarfare, as any type of attack or war, has its background and context, which is
frequently determined by a political plot. In order to be more specific, I would overlook
political backgrounds for each aforementioned cyberwarfare case.
To start with, consider Denmark. Cyber attack in Denmark had a clearly political background.
Danish websites were attacked after Danish newspaper Politiken printed Prophet
36 The Washington Post. Brian Krebs. 2008. Lithuania Weathers Cyber Attack, Braces for Round 2.http://voices.washingtonpost.com/securityfix/2008/07/lithuania_weathers_cyber_attac_1.html 37 The New York Times. John Markoff. 2008. Before the Gunfire, Cyberattacks.htthep://www.nytimes.com/2008/08/13/technology/13cyber.html 38 Ibid39 Pakalert Press. Cyberwarfare begins in Iran. 2009. http://pakalert.wordpress.com/2009/06/17/cyberwarfare-begins-in-iran/ 40 Stuxnet Worm. Computer Virus. http://en.wikipedia.org/wiki/Stuxnet
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
20/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
20
Mohammeds mocking cartoons. Islamic hackers from different Islamic countries united to
revenge. Many hackers used website attacks and defacements to make their contribution to
political protests, said Roberto Preatoni, the administrator of Zone-H. 41 Indeed, attack on
Danish cyberspace turned an effective, cheap, and rapid political tool for Islamic hackers.
Estonian case was quite similar to the Danish one with its political context, however, severaldetails should be considered for this precedent. In April 2007 Estonian government decided
to remove a bronze statue of a World War II era soldier from the park of Tallinn. The
Estonian authorities expected street protests from Russian descent Estonians, and also
expected the cyber protests; however, what happened was not simply a cyber protest, but a
cyber war. It was entirely difficult to accuse Russian government in triggering the cyberwar
against Estonia, however, Estonian cyber authorities asserted that an Internet address
involved in the attacks belonged to an official who worked in the administration of Russias
former president, Vladimir V. Putin. 42 Estonias presidents web-page was similarly attacked
from the I.P. address in Russian administration. Even though some particular facts that
demonstrate Russias involvement in the attack exist and can be accepted as plausible, certain
accusations are extremely difficult to make because of the murky character of cyberspace.
Cyber attack on Lithuania had considerably common characteristics with the Estonian and
Danish cases. Lithuanian government authorized the law banning the display of Soviet
emblems, including honors won during the World War II. Several cyber experts and cyber
officials reported that Russian hackers were the authors of the attack, and that their
propaganda was flagrant. iDefense said hacker groups used Internet forums and blasted spam
e-mails to spotlight a manifesto called "Hackers United Against External Threats to Russia,"
which called for an expansion of the targets to include Ukraine, the rest of the Baltic states,
and Western nations for supporting the expansion of NATO. 43 Soviet symbols are very
differently associated among ethnic Lithuanians and Russians: while Lithuanians view them
as a painful reminder of the Soviet Past, Russians are proud of this past, and become reluctant
to tolerate the law which bans soviet symbols.
Georgias case is extremely tied to the political context. Cyber attack on Georgia in August
2008 was the first cyber attack which coincided with the conventional war. Russo-Georgian
war started on August 7, and simultaneously started a massive cyber attack on Georgian and
pro-Georgian websites. As I mentioned earlier, by the cyber attack on Georgian cyberspace
Georgia was driven into an information deadlock. Even though, crime is hardly tracked and
detected in internet, the Georgian case is too obvious not to recognize Russias efforts in an
attempt to disconnect its victim during the war.
41 BBC News. Mark Ward. 2006. Anti-cartoon protests go on. http://news.bbc.co.uk/2/hi/technology/4692518.stm 42 The New York Times. Mark Landler and John Markoff.. 2007. Digital Fears Emerge After Data Siege in Estonia.http://www.nytimes.com/2007/05/29/technology/29estonia.html?pagewanted=1&_r=1 43 The Washington Post. Brian Krebs. 2008. Lithuania Weathers Cyber Attack, Braces for Round 2.http://voices.washingtonpost.com/securityfix/2008/07/lithuania_weathers_cyber_attac_1.html
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
21/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
21
When it comes to Iran, its cyberspace was attacked in June 2009 clearly on the political basis.
Discontent opposition supporters, as they believed their candidate had won the presidential
elections, decided to protest via internet. The second cyber attack on Iran in February 2010 is
yet under investigation, and the certain deductions about its political background cannot be
made; nevertheless, the fact that the target of the attack was Irans nuclear program will
probably help the investigators to observe the involvement of particular political interests in
the case.
Finally, it is easily discernible that cyberwarfare, as a conventional war, is mainly fomented
and inspired by political interests, and that each cyberwarfare case has its particular political
background, no matter who is the attacker: state, individual hacker, group of hackers,
terrorists, or other interested parties. All above-mentioned precedents in Denmark, Estonia,
Lithuania, Georgia, and Iran have clearly demonstrated that, cyberwarfare is an effective
political tool with a short history, though with massive availability and even universal use.
Cyber Tools in Intelligence Activities and
Terrorism
Intelligence
In the modern technological era cyberspace has become a domain which plays particularly
sensitive role in the process of ensuring national security of a country. Cyber tools become
particularly dangerous when it comes to the intelligence-related activities. Intelligence
agencies all over the world emphasize dramatic significance of cybersecurity. They devote
their efforts and energy to be entirely updated and prepared for the cyber threats, particularly
in existing political environment which is replete of anxiety. Furthermore, with ever growing
threats from terrorist groups that comfortably adapted their activities to the cyber weapons, the
need for efficient and resilient cybersecurity policy increases. The traditional ways and
techniques in terrorist, intelligence, and counterintelligence activities are much more
expensive, easily detectable, and precarious than cyber terrorism and cyber intelligence;
moreover, cyber terrorism can have much more massive and widespread results than aconventional terrorism. That is why terrorist groups and foreign intelligence agencies use
cyber tools more and more actively.
The US Intelligence Community is seriously concerned with the cyber-related problems, and
believes that cybersecurity issues should be immediately addressed and paid relevant
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
22/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
22
attention. It (cyber warfare) could paralyze our country, said CIA current director Leon
Panetta in the exclusive interview on This Week. 44
In the historical documents of the Central Intelligence Agency (CIA) importance of cyber
threats management is clearly emphasized. One of the documents describes the so-called
Solar Sunrise scenario which was used against the US military systems in 1998 by hackers.The hackers accessed unclassified logistics, administration, and accounting systems that
control the US ability to manage and deploy military forces. 45 This case appeared particularly
alarming for the US intelligence authorities, who identified the 21st century upcoming
security threats. Similarly in further documents and publications, cyber threats find a more and
more shining place for the attention. Computers are inexpensive, as compared to traditional
weapons, and require no large industrial base. They are globally available, and connectivity is
widespread and increasing. 46 There is a long list of reviews and publications on
cybersecurity issues by the US Intelligence Community, and needless to cite all of them,
because the main point is clear: intelligence community was concerned with the cybesecurity
issues in the past, and its disquiets on the topic grows at present.
Cyber Terrorism
Cyber terrorism is a new term for the security world. There are a number of definitions
provided by the different agencies and research centers; though, the main point in these
definitions is that, cyber terrorism is a premeditated, illegal political activity which is designed
to disrupt the national security of a state. Why do terrorist groups use cyber attacks? There
are several reasons for that: they are cheaper than traditional methods; the attacks are very
difficult to track, consequently personalities and locations are hidden by the attackers quite
efficiently; there are no barriers and check points to cross; attacks can be performed from theremote areas all over the world; a big number of targets can be attacked via cyberspace, which
means that an attack can be massive, affecting a large number of people. 47
Sixty three detected cyber crimes were committed from 2006 up-to-date; the targets were as
governmental entities also commercial and industrial ones.48 The number is indeed worthy of
attention, but the impact and consequences of cyber attacks are more alarming. Even though
44 Abc News. Jake Taper. 2010. CIA: Cyber Warfare Could 'Paralyze' U.S.http://blogs.abcnews.com/politicalpunch/2010/06/cia-cyber-warfare-could-paralyze-us.html 45 CIA. Cyber Threats and the US Economy. 2000. https://www.cia.gov/news-information/speeches-
testimony/2000/cyberthreats_022300.html 46 CIA. The Intelligence Community: 2001-2015. Daunting Challenges, Hard Decisions. https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi studies/studies/vol46no1/article05.html . also https://www.cia.gov/news-information/speeches-testimony/2001/gershwin_speech_06222001.html
47 Computer Crime Research Center. Dr. Mudawi Mukhtar Elmusharaf. 2004. Cyber Terrorism : The new kind of Terrorism.http://www.crime-research.org/articles/Cyber_Terrorism_new_kind_Terrorism/
48 Center for Strategic and International Studies. CSIS. Significant Cyber Incidents since 2006.http://csis.org/files/publication/101021_Significant%20Cyber%20Incidents%20Since%202006.pdf
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
23/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
23
cyber attacks are not generally associated with death and life distraction, as conventional war
and traditional terrorism, cyberwarfare devastates financial systems. Losses are huge. The US
industry estimates of losses from intellectual property to data theft in 2008 range as high as $1
trillion.49
Marathon Oil, ExxonMobil, and ConocoPhillips were hacked and lost the data
detailing the quantity, value, and location of oil discoveries around the world. Each company
estimated the losses of millions. 50 The 2001 Code Red Worm incident cost its victim US
companies about $2 billion in damage. The research organization Computer Economics
estimated that damages caused by The Love Bug, Melissa, Code Red, and other malware had
exceeded $54 billion of loss. A survey of 500 U.S. companies demonstrated that a reported
financial losses increased by 21 percent in 2002. In addition, those losses are increasingly the
result of organized, planned cyber-attacks. According to Ernst and Young, security
occurrences can cost companies between $17 and $28 million per incident, an average value.51
There are countless examples of huge financial losses caused by cyberwarfare, and no need tolist more of these examples, because aforementioned incidents obviously demonstrate how
damaging and devastating cyber tools actually are when used for crime. Additionally, cyber
warfare can cause even equivalent psychological panic among users, as a conventional war
among citizens; particularly, if the country is highly computerized as is Estonia, for instance,
where major social activities are undertaken via internet, cyberwarfare can cause a real shock
in a society. Consequently, its role and significance in modern conflicts should indubitably
paid qualified and comprehensive attention in order to make future cyber warfare more
manageable in the world societies. If current challenges of cyber warfare are not addressed
relevantly in time by the international community and national authorities, there is a
considerable risk that these challenges will probably drive us in a turmoil, which will be even
more difficult to disentangle.
49 White House. Cyberspace Policy Review.http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf 50 CSIS. Significant Cyber Incidents since 2006.http://csis.org/files/publication/101021_Significant%20Cyber%20Incidents%20Since%202006.pdf 51 All Businesses. Cyber warfare threatens corporations: expansion into commercial environments. 2006.http://www.allbusiness.com/finance/insurance-risk-management/889259-1.html
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
24/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
24
Technical Stuff
Models ofCyber Defense
Legal frameworks, initiatives, and policy analysis, if not accompanied by practical measures,remain simply hypothesis without relevant practical use and results. All theoretical cyber
frameworks are designed to support the establishment of effective and smart models of cyber
defense. Different government agencies, commercial organizations, and several other
entities have elaborated cyber defense models and technologies. Even though these models
and techniques generally are quite divergent, they have one important characteristic to share:
techniques are primarily designed to prevent malware penetration into a cyber system.
Generally speaking, the basic standards of cyber defense are elaborated by local Cyber
Emergency Response Teams (CERT) in different countries. For instance, US-CERT has
elaborated several tips and alerts for different computer programs, and made them available
for users on the US-CERT website. 52
Moreover, The US Department of Homeland Security and US-CERT established several
cyber defense programs for the state bodies and government entities in order to protect the
critical information of the state. The first such cyber defense program was the Einstein
1which was adopted in 2003. The program was an automated process for collecting,
correlating, analyzing, and sharing computer security information across the Federal
government, so that Federal agencies would be aware, in near real-time, of the threats to their
infrastructure and can act swiftly to take corrective measures.53
It was essential for theagencies to adopt the responding systems consistent with the OMB responding requirements54and FISMA expectations. 55
Einstein 2 was an updated version of its antecedent Einstein 1. The new programs main
advantage was that, it made possible by the incorporated network intrusion detection
technology to alert US-CERT to the presence of malware or potentially harmful software
activity in the federal network traffic. The network intrusion detection system used
predetermined signatures of malicious network traffic, and was not based upon personally
52 US-CERT. http://www.us-cert.gov/53 Privacy Impact Assessment Einstein Program I. 2004. http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_eisntein.pdf 54 Ibid55 FISMA. Federal Information Security Management Act 2002.http://www.marcorsyscom.usmc.mil/sites/pmia%20documents/documents/Federal%20Information%20Security%20Management%20Act%20(FISMA).htm
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
25/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
25
identifiable information (PII). Nevertheless, with time it became possible to identify new
malicious network traffics, and include them into the predetermined list. 56
Quite recently the Department of Homeland Security and US-CERT has launched a new
Initiative Three Exercise, which includes the assessment of the future cyber protection
program Einstein 3. Einstein 3 is the updated version of Einstein 1 and 2 with improved
capacities. Particularly, the new program will be able to detect, select and redirect malicious
internet traffic from a government agency, while its predecessors were able only to identify
and alert to the presence of malware. Moreover, Einstein 3 will be able to automatically
respond to the potential malware before the harm is done. Specifically, the exercise
technology will physically receive all redirected agency traffic and will apply predefined
signatures to that traffic to identify known or suspected cyber threats. What is more, Einstein 3
may even detect the personally identifiable information (PII) along with the predetermined
malicious signatures. 57
International Telecommunication Union (ITU), particularly its Standardization Sector,
provides specific and detailed technical recommendations and standards for secure
cyberspace. These standards are outlined in numerous documents and publications that are
widely available. Moreover, ITU Radiocommunication Sector provides the guidance for
proper radio communication: frequency raging, frequency sharing on the globe and so forth.
Several new cyber defense systems are also offered by the network security vendors. For
instance McAfee talks about the database of suspect URLs, IP addresses, and individuals; if
such a database is created, the vendor will provide its users with this information in order to
avoid malicious invasions into their cyber systems. The Microsoft proposed to build the
separate data center facilities protected by biometric controls that would be accessible only by
US citizens. 58 The most important trends appear to be awareness in real-time, and
continuous monitoring. Situational awareness becomes essential in the process of tackling
cyber threats. 59
As the old cyber defense approaches and models have demonstrated their weaknesses and
ineffectiveness in several ways a number of new approaches have emerged. These newly
outlined models are more complex and multilevel than their predecessors. Moreover, the
models are built on considerably heterogeneous concepts that logically make them quite
sophisticated for the future implementation.
56 Privacy Impact Assessment Einstein Program II. 2008.http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_einstein2.pdf 57 Privacy Impact Assessment for the Initiative Three Exercise. 2010.http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_nppd_initiative3exercise.pdf 58 Federal Times. Adam Stone. New tools power managers' defense against cyber attacks. 2010.http://www.federaltimes.com/article/20100521/IT01/5210303/ 59 Ibid.
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
26/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
26
One of the most sophisticated new models which attracted my attention is the Immuno-
Inspired Autonomic System for Cyber Defense. Biological immune system is an autonomic
self-protection system, which is characterized by an incredible flexibility and adaptability. The
new initiative focuses on building an autonomic defense system, using some immunological
metaphors for information gathering, analyzing, decision making and launching threat and
attack responses. Introduction of several new mechanisms potentially can provide a new
complex autonomic cyber defense system, in particular: immunity-based security agents with
multilateral functions, novel pattern recognizer which will effectively differentiate between
self and non self agents, also introduction of multi-layered defense system with several
mechanism in each layer for protection against pathogens, and multi-level data fusion and
correlation. The architecture of this potential cyber defense system is as follows: the system is
divided into three defense strategies; under each strategy several techniques and tools are
grouped according to their functions; nevertheless, these tools and techniques may be from
different strategy divisions they should use a common protocol, standard for communicationand information sharing.
Even though this system is quite difficult and challenging to design, this model can be
considered as a potential cyber defense system which will be brought to fruition by scientists
in the future. 60
Conclusion
Cyberspace has penetrated human lives so profoundly that, it appears quite demanding and
challenging for the whole world to be protected from the increasing cyber threats. Each realm
of human endeavor is considerably dependant on cyber tools and their proper functioning.
State, private, and civil sectors have become equally vulnerable to cyber warfare. Moreover,
cyber tools acquired dramatic significance in political processes; intelligence agencies, and
other state bodies use cyber tools quite effectively in their activities. Furthermore, terrorist
groups and organizations favor cyber attack and cyber warfare in their pursuit. The main
reasons for the popularity of cyber warfare are that, cyber warfare is cheap, its tracking is
difficult, and it causes unimaginable psychological shock and financial losses.
Several countries all over the world have adopted particular cyber standards (legal
frameworks and practical measures) in order to regulate their cyberspaces. The international
organizations and unions are considerably concerned with the emerging cyber threats, and
undertake relevant steps for cyberspace standardization. Nevertheless, these efforts appear to
60 Dipankar Dasgupta. Intelligent Security Systems Research Lab. The University of Memphis. Immuno-Inspired AutonomicSystem for Cyber Defense.
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
27/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
27
be insufficient for achieving a stable consensus among involved parties. Furthermore,
involved political interests of different countries make it more difficult to reach a common
agreement on cyber issues.
Additionally, several technical problems such are lack of qualification, and system failures
are equally important along with the legal and policy challenges.
For the final analysis, as cyber threats become more and more demanding, challenging and
dangerous it is vital for the worlds safe future that the cooperation between involved parties
on the national and international levels extends and deepens. The chronology of cyber warfare
has demonstrated that no country, no region, and no society is protected from cyber threats.
The more a country is developed technologically, the stronger is a cyber vulnerability.
Consequently, the international community should take a responsibility to encourage all the
possible initiatives in order to ensure cybersecurity for the whole world. The need for
increased cooperation is entirely urgent, because our modern world is replete of anxiety andantagonism, and cyber warfare, as an effective and cheap weapon, becomes more and more
popular among people.
I strongly believe, that cyber needs should be addressed by nations and international
community in time and with relevant attention with legal and practical measures in order to
protect our already frustrated world from cyber chaos.
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
28/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
28
Appendix
References
CYBER REPORT 2008 2010 by Lasha PataraiaINFORMATION SECURITY STUDIES AND ANALYSIS CENTER http://www.issac.ge
www.techterms.com
White House Comprehensive National Cybersecurity Initiative January 2008
White House Cyberspace Policy Review 2009
United Nation General Assembly. 55/63 - Combating the criminal misuse ofInformation Technologies
United Nations General Assembly. 57/239 Creation of a global culture of cybersecurity
ITU General Cybersecurity Agenda
NATO 2020 Assured Security ; Dynamic Engagement.
NATOs cyber defense policy and activities
Council of Europe Convention on Cybercrime 2001
Russia, The United States, and Cyber Diplomacy EastWest InstituteFranz-Stefan Gady, Greg Austin 2010
FOI -Swedish Defense Research Agency Emerging Cyber Threats and Russian Views on
Information Warfare and Information Operations 2010
New York Times, August 2008 John MarkoffGeorgia takes a beating in the cyberwarwith Russia
BBC News,2006 Mark Ward Anti-cartoon protests go on
Zone-H News www.zone-h.org
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
29/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
29
NATO PA Assembly NATO and Cyber Defense
The New York Times, 2007 Mark Landler and John Markoff Digital Fears Emerge After DataSiege in Estonia
The Washington Post, 2008 Brian Krebs Lithuania Weathers Cyber Attack, Braces for Round2
The New York Times, 2008 John Markoff Before the Gunfire, Cyberattacks
Pakalert Press, 2009 Cyberwarfare begins in Iran
Abc News, 2010 Jake Taper CIA: Cyber Warfare Could 'Paralyze' U.S
Central Intelligence Agency, 2000 Cyber Threats and the US Economy
CIA The Intelligence Community: 2001-2015 Daunting Challenges, Hard Decisions
Computer Crime Research Center, 2004 Dr. Mudawi Mukhtar Elmusharaf Cyber Terrorism:The new kind of Terrorism
Center for Strategic and International Studies (CSIS) Significant Cyber Incidents since 2006
All Businesses, 2006 Cyber warfare threatens corporations: expansion into commercialenvironments
US-CERT www.us-cert.gov
Privacy Impact Assessment Einstein Program I, 2004
FISMA. Federal Information Security Management Act 2002
Privacy Impact Assessment Einstein Program II, 2008
Privacy Impact Assessment for the Initiative Three Exercise, 2010
Federal Times, 2010 Adam Stone New tools power managers' defense against cyber attacks
Dipankar Dasgupta Intelligent Security Systems Research Lab The University of Memphis
Immuno-Inspired Autonomic System for CyberDefense
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
30/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
30
ABOUT THE CENTER
Information Security Studies and Analysis Center is the first and only in the Caucasus region
oriented towards the field of Information Security.
Establishment of the organization was caused by the new reality to develop after 2008
Russian-Georgian conflict. The war in 2008 showed us that there were no systems developed
so far to provide protection against the means of informational warfare and cyber-terrorism,this equally is a challenge to both public and private sectors. Non-existence of respective law
basis, governmental institutions and appropriate means to fight against cyber-crime and cyber-
terrorism affects not only the homeland security but economy of the country also.
Currently in both private or governmental sectors there are modern technologies actively
implemented, the bigger is the process automation scale the more dificcult is its control. In the
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
31/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
31
conditions where there are espionage and other security challenges, that are of a technological
character, there are new threats to rise, consequently security of the information becomes vital
to not only governmental organizations, but private sector also.
Opposite to the named above threats and challenges our organization gathered a team of
experienced professionals, that gives us the opportunity for the first time in Georgia toestablish institutional mechanisms to fight cyber-terrorism, piracy, corporate espionage and so
on.
OUR SERVICES
We offer unique services to private and governmental sectors, such as:
y Training of specialists in the fields of Information Secuirty, intelligence and anti-terrorism;
y Staffing;y Training to different type of employees of private and governmental sectors;y Audit in terms of informational security aspects and preparation of respective
recommendations;
y Development of standards and SOPs;y Creation of organizational units for threat monitoring and incident reaction;y Consultancy in IT infrastructural issues, legal part of IT projects;y Development of software/hardware solutions, provision and implementation;y IT outsourcing, protected hosting on US servers, domain registration and etc.
The first priority to the center still remains study of the technological, geopolitical and
military challenges existing in the country, at the same time in-depth analysis of such, and
timely provision of the objective information to public. For this purpose analytical unit of
ISSAC periodically prepares and publishes analysis of modern threats and global trends. We
are maximally transparent in our activities and we help out those interested in these fields, we
give them knowledge base and encourage them to become part of the various projects
conducted by the center.
Our goal is to cooperate with as much governmental institution and educational units as
possible in order to ensure more effective fight against modern threats, create general/common
standards and means of implementation of these standards, increase the quality of
informationin this field to the society and provide our services to those who really needs it.
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
32/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY
32
This publication was downloaded from E-LIBRARY portal of
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER
http://www.issac.ge
8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS
33/33
INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY