Cyberwar- The Battle of a New Frontier - Edward Forde_b

8/6/2019 Cyberwar- The Battle of a New Frontier - Edward Forde_b

1/28

CYBERWAR: THE BATTLE OF A NEW FRONTIER 1

Cyberwar: The Battle of a New Frontier

Edward S. FordeJune 4, 2011

Email: [email protected]


2/28


Cyberwar - The battle of a new frontier

Table of Contents .....................................................................................P. 2

Abstract ....................................................................................................P. 3

Cyber Terms ............................................................................................P. 4

Introduction................................................................................................P. 8

Can Cybersecurity protect us in the cyberwar through cyberspace? ...........P. 9

Potential benefits and obstacles to overcome...........................................P. 10

Who should be in charge of cyber security? .............................................P. 11

Who are the likely cyber criminals? ..........................................................P. 12

What methods or tactics are they using? .....................................................P. 14

What impact does Cyberterrorism have on government, commercial and private

companies? ............................................................................................. P. 16

Can Cyber Weapons be considered Weapons of Mass Disruption?.............P. 17

How can we fix our cyber defense? .......................................................... P. 18

Conclusion ................................................................................................ P. 23

References................................................................................................. P. 24


3/28


Abstract

This research is a review of cyberwar and the Cybersecurity of cyberspace.

Physical War has been around forever but our new enemy lurks out on the frontier of

cyberspace. There is an overwhelming amount of articles pertaining to cyberspace and

the cyberwar, but where do we mount our research for our Cybersecurity? Even though

Cybersecurity is not only being fought by governments, it is being fought by universities,

corporations, private businesses all the way down to the home users. Protecting our

network defenses regardless if they are military or commercial, are vital to our daily

growth and protection as a nation. As IT professionals, are we doing enough to protect

our commercial businesses, government networks, private homes and employees from

social networking, cyberattacks and cyber thugs? Providing our organizations with

information assurance polices against this cyber war gives the Information Technology

professional the availability, integrity, authentication, confidentiality, and non-repudiation

to protect us in the battle of a new frontier.

Keywords: cyber, war, Information Assurance, Defense in Depth, security, hacker


4/28


Cyber Terms:

Cyber - A prefix used in a growing number of terms to describe new things that are

being made possible by the spread of computers (Webopedia, 2011).

Cyber Operator - working on behalf of a government wants to acquire a high priority

technology or carry out a mission that serves his government's interests(Ruiz, 2011).

Cyberpunk - a term loosely describing an antisocial individual conforming to a peculiar

lifestyle characterized by an obsession with both computers and the dark side of the

Internet (Steed, 2001).

Cyberspace - the abstract, non-physical world made up of networked computers where

people communicate, shop, study, research, play, socialize and other-wise interact

(Steed, 2001).

Cybertown - a virtual community set in the latter half of the 21st Century that may be

accessed through the Netscape Web browser, Netscape Navigator (Steed, 2001).

Cyber crime - encompasses any criminal act dealing with computers and networks(called hacking) (Webopedia, 2011).

Cyber operator - working on behalf of a government wants to acquire a high priority

technology or carry out a mission that serves his government's interests (Ruiz, 2011).

Cyber Security - enables an organization to practice safe security techniques required

to minimize the number of successful cyber security attacks (Techni Core, 2011).

Cyber Terrorist - A cyber terrorist (which we haven't seen too many of yet) wants to

cause chaos (Ruiz, 2011).

Cyber Warrior - a Network Warfare and Ops Squadron fights battles 24/7 from a

building in a nondescript office park here at Lackland Air Force Base (Munro, 2007).


5/28


Denial of service attacks (DoS) - are designed to lock out legitimate users from web

sites or networks. Hackers run programs that repeatedly request information from the

victim's computer until that computer is unable to answer any other requests. Hackers

can run programs of automated scripts that barrage the victim computer or network so

that it becomes unusable by legitimate users, or even has to be shut down.

Distributed denial of service attacks (DDoS) - are automated attacks that run

simultaneously from multiple computers. Hackers can plant Trojan horse programs on

the computers of unsuspecting accomplices throughout the network or internet. At a

given hour, all involved computers coordinate requests for information from theoverloaded victim computer.

DNS Spoofing - When you point your browser to randomsite.com, your computer will

look up that entry in a massive directory called the Domain Name Service (DNS)

database, and then send you to the appropriate site.

Hacker - someone involved in computer security/insecurity, specializing in the discovery

of exploits in systems (for exploitation or prevention), or in obtaining or preventing

unauthorized access to systems through skills, tactics and detailed knowledge (Pursuit

Magazine, 2010).

Malware - software designed to infiltrate or damage a computer system without the

owners informed consent. The term is a portmanteau of the words malicious and

software (Pursuit Magazine, 2010).

Packet Sniffers - were initially designed as a tool for system administrators to help

debug networking problems. Essentially, they are devices which allow the user to

intercept and interpret "packets" of information traversing a network. Any information


6/28


shared among a network of computers--username/password pairs, email, files being

transferred--gets translated into "packets," which are sent out across the network.

Phishing - is an attempt to criminally and fraudulently acquire sensitive information,

such as usernames, passwords and credit card details, by masquerading as a

trustworthy entity in an electronic communication. PayPal, eBay and online banks are

common targets (Pursuit Magazine, 2010).

Rootkit - a program (or combination of several programs) designed to take fundamental

control (in UNIX terms root access, in Windows terms Administrator access) of a

computer system, without authorization by the systems owners and legitimatemanagers. Access to the hardware (i.e., the reset switch) is rarely required as a rootkit

is intended to seize control of the operating system running on the hardware (Pursuit

Magazine, 2010).

Social engineering - is a hacker term for deceiving or manipulating unwitting people

into giving out information about a network or how to access it.

Trojans horse programs - Trojans horse programs are "back doors" into a computer

system. A hacker may disguise a Trojan as another program, video, or game, in order to

trick a user into installing it on their system. Once a Trojan is installed, a hacker could

have access to all the files on a hard drive, a system's email, or even to create

messages that pop up on the screen. Trojans are often used to enable even more

serious attacks.

Web Defacements - hacker gains access to these files, he or she can replace or alter

them in any way. The Republican National Committee, the CIA, and The New York


7/28


Times are just three of the highly publicized web page defacements over the past few

years.


8/28


Cyberwar: The Battle of a New Frontier

Introduction

The battle of a new frontier is where you find most IT professionals fighting this

cyberwar. Cybersecurity are measures taken to protect a computer or computer system

(as on the Internet) against unauthorized access or attack (Merriam-Webster, 2011).

Protecting our businesses, employees, network defenses regardless if they are military

or commercial, are vital to our daily growth and protection as a nation. All of our

personal information is just sitting on commercial servers, databases and storage

arrays. Even government defense information that could cripple our infrastructure is

vulnerable to attacks.

Cybersecurity requires everyone in the world to fight these emerging new threats.

Cybersecurity is not only being fought by governments, it is being fought by universities,corporations, private businesses all the way down to the home users. Protecting our

network defenses regardless if they are military or commercial, are vital to our daily

growth and protection as a nation. All of our personal information is just sitting on

commercial servers, databases and storage arrays. Even government defense

information that could cripple our infrastructure is vulnerable to attacks.

Organizations have a choice to protect themselves against cyberthreats. At one

end of the continuum is the choice to do nothing: take your chances and hope for the

best. At the other end is the company that locks down everything (Plfeeger and Ciszek

2008).


9/28


Can Cybersecurity protect us in the cyberwar through cyberspace?

In this cyberwar, cyberspace is unlimited and our enemies have no faces that we

can see at first glance. Policy, procedures and standards must be adhered to in order

to combat these cyberpunks from penetrating our interior walls. Without standards, we

have chaos. According to Techni Core (2011), "Cyber Security standards have been

created due to the amount of sensitive information now stored on systems attached to

the Internet (Cyber Security, para. 1). Techni Core (2011) also states that, Tasks that

were once completed by hand are carried out by Information Systems; therefore, there

is a need for Cyber Security and Information Assurance (IA) (Cyber Security, para. 1).

According to the Headquarters Department of the Army (2007) Information

Assurance policy mandates roles, responsibilities, and procedures for implementing the

Army Information Assurance Program" (p. 1). Having these Information Assurance

principles and polices in place, also ensures that private businesses, banks, electric and

gas companies are protected from these cyber criminals, cyber terrorists and cyber

operators. The National Information Systems Security (INFOSEC) (2000) states,

Information Assurance is achieved when information and information systems are

protected against such attacks through the application of security services such as:

Availability, Integrity, Authentication, Confidentiality, and Non-Repudiation.

In order to apply defense in depth techniques and put cyber security polices in

place, you must have buy in from senior management. Without buy in from senior

management, you will have a harder time guarding against cyber terrorism. Once you

have the go ahead, these polices and techniques should include: security policy,


10/28


Information Assurance principles, system level Information Assurance architectures and

standards, criteria for needed Information Assurance products, acquisition of products

that have been validated by a reputable third party, configuration guidance, and

processes for assessing the risk of the integrated systems (The National Information

Systems Security (INFOSEC), 2000). Information technology professionals are their

own worst enemies. They too should apply to their own standards maintain policies

such as: Analog/ISDN/VoIP Line Policy, DMZ Lab Security Policy, Remote Access

Policy, Router Security Policy, The Third Party Network Connection Agreements and a

VPN Security Policy.

Potential benefits and obstacles to overcome.

From this research, it seems clear that keeping up with todays cyberwar is a

hard task. Cyber crime grows faster than weeds and their tactics changes like the wind.

Cyber warriors are even harder to come by because of the lack of training and skills.

Since the Information Technology field is so vast, IT Specialists require a continuous

updates to their education, certifications and knowledge. Without the updates, they will

be obsolete to their duties at hand. To combat these cyber thugs, governments are

training their cyber operators (a.k.a. cyber spooks) to use the Internet for espionage

purposes (Pfanner, 2011).

According to Lynn (2010), cyberwarfare is asymmetric. The low cost of

computing devices means that U.S. adversaries do not have to build expensive

weapons, such as stealth fighters or aircraft carriers, to pose a significant threat to U.S.

military capabilities. A dozen determined computer programmers can, if they find a


11/28


vulnerability to exploit, threaten the United States' global logistics network, steal its

operational plans, blind its intelligence capabilities, or hinder its ability to deliver

weapons on target (Lynn, 2010, p.98).

Cyber defense is just a piece of the pie for Cybersecurity. According to

Saydiari (2004) we can define cyber defense from its component words. Cyber, short

for cyberspace, refers to both networked infrastructure (computers, routers, hubs,

switches, and firewalls) and the information assets (critical data on which an

organization depends to carry out its mission) (p. 52). Defense is the act of making safe

from attack. Therefore, cyber defense refers to an active process of dependably makingcritical function safe from attack (SAYDIARI, 2004).

Who should be in charge of cyber security?

Since all of these networks, computers, internet protocols, software and

networking hardware are used by everyone; cybersecurity should not fall to one person,

company or government agency, cyber security should on all parties and combat the

issues together. But, this is an even harder task. Sharing of information is not a

common practice between government and commercial entities. We do have software

companies that release fixes that produced vulnerabilities, but what happens to those

government agencies that find these vulnerabilities and choose to keep it from the

public because they are now able to exploit their enemies defenses. That still leaves

us and them vulnerable to other cyber criminals for exploitation.

According to Zetter's (2009) article titled, NSA DOMINANCE OF

CYBERSECURITY WOULD LEAD TO GRAVE PERIL, EX-CYBER CHIEF TELLS


12/28


CONGRESS , the intelligence community has always and will always prioritize its own

collection efforts over the defensive and protection mission of our governments and

nations digital systems. High levels of classification prevent the sharing of information

necessary to adequately defend our systems and creates insurmountable hurdles when

working with a broad range of government that lack appropriate clearances, no

communication and partnership with the private sectors (Zetter, 2009).

Sharing the responsibility of cyber initiatives with the cyber town is just like

sharing the responsibility with the open source software community. It gives everyone

an opportunity to communicate, find and repair the holes in our networks, computers ansoftware packages, so we can mount a proper cyber defense. According to Wheeler

(2003) The advantages of having source code open extends not just to software that is

being attacked, but also extends to vulnerability assessment scanners and they should

intentionally look for vulnerabilities in configured systems (p. 12). These same

principles can apply to the sharing of resources and initiatives when it comes to fighting

cyber crimes.

Who are the likely cyber criminals?

In order to understand who the cyber criminals are, you must also understand the

differences in the various types of hackers. In Charles (2008) article, The type of

hackers: Black Hat, White Hat or Grey Hat Hacker, Which Type are you?, states:

a) A white hat hacker is a computer and network expert who attacks a

security system on behalf of its owners or as a hobby, seeking vulnerabilities that a

malicious hacker could exploit. Instead of taking malicious advantage of exploits, a


13/28


white hat hacker notifies the system's owners to fix the breach before it is can be taken

advantage of.

b) A black hat is a person who compromises the security of a computer

system without permission from an authorized party, typically with malicious intent. A

black hat will maintain knowledge of the vulnerabilities and exploits they find for a

private advantage, not revealing them to the public or the manufacturer for correction.

c) A grey hat is a skilled hacker who sometimes will act legally and other

times may not. They are a cross between white hat and black hat hackers. They usuallydo not hack for personal gain or have malicious intentions, but may or may not

occasionally commit crimes during the course of their technological exploits (Charles,

2008).

The type of cyber criminals we have been focusing on in this research are known

as black hats, crackers and hackers. In the world of cyberspace we will not seeairplanes crashing into buildings or bombs exploding on trains but we could see human

and economic consequences that are very much on par with traditional acts of terrorism

(Chertoff, 2008). In the world of cyberspace, we will see the cyber criminals, hackers,

cyber operators from other governments that wish to infiltrate, steal and cause chaos.

Computers at the Pentagon, since 9/11 attacks, have been attacked by attempted

intrusions estimated at 100,000 times a year (Marshall, 2010). Google announced in

January of this year, that they were pulling out of China because of a highly

sophisticated and targeted attack on their corporate infrastructure originating from China

that resulted in the theft of intellectual property from Google (Marshall, 2010).


14/28


All criminals pursue the path of least resistance More than half of all computer

breaches occur in the retail and food and beverage industries, which have fewer

Cybersecurity safeguards than, for example, the financial services sector, which

handles vast amounts of money and generally has sophisticated safeguards (see figure

1) (Marshall, 2010). By hacking these computer systems enables the hackers to use

those computers as zombies to penetrate other computers.

Figure 1 (Marshall, 2010).

What methods or tactics are cyber criminals using?

Some network security attacks are listed below (Weng and Qin, 2007):

a) Email Based Network Security Attacks

b) Logon Abuse Attacks

c) Spoofing Attacks


15/28


d) Intrusion Attacks (Vlachos, Androutsellis-Theotokis and Spinellis).

e) Denial of Service (DoS) Network Security Attacks

f) Worms & Trojans

g) Web page defacing

These cyber criminals have been known to use malware, launching of phishing

attacks, rootkits and viruses to penetrate our defenses. They don't always have to use a

computer's front or back door in order to get in; they use deceit like social engineering to

obtain personnel information that allows them sometimes faster and deeper access on

our networks. One of the most notorious hacker of all time that used a lot of socialengineering was Kevin Mitnick. He was considered the most famous hackers of all

time. He has over twenty years of experience circumventing information security

measures and has successfully breached information security at the IRS and the Social

Security Administration using social engineering techniques (Frontline, 2001).

In 2008, the U.S. Department of Defense suffered a significant compromise of its

classified military computer networks. It began when an infected flash drive was

inserted into a U.S. military laptop at a base in the Middle East (Lynn, 2010, p.98).

Gen. Keith Alexander, director, National Security Agency Commander, U.S. Cyber

Command was quoted saying, "that the U.S. military is responsible for protecting more

than 7 million machines, linked through 15,000 networks with 21 satellite gateways and

20,000 commercial circuits composed of countless devices and components"

(McCluney, 2010, para. 10). Further evidence is provided in the same article which also

stated, "National and military information infrastructures are heavily intertwined and as a


16/28


result, Defense Department (DoD) systems are probed by unauthorized users 250,000

times an hour, over 6 million times a day"(McCluney, 2010, para. 10).

What impact does Cyberterrorism have on government, commercial and private

companies?

Cyberterrorism has a huge impact government, businesses and home users.

According to the National Research Council (2002), cyberattacks could compromise

systems and networks in ways that could render communications and electric power

distribution difficult or impossible, disrupt transportation and shipping, disable financial

transactions, and result in the theft of large amounts of money. A successful attack maylay a foundation for later attacks, be set to cause damage well after the initial

penetration, or enable the clandestine transmission of sensitive information stored on

the attacked system (National Research Council, 2002, p. 5).

The impact of risk that cyberterrorism has on government, commercial and

private companies are enormous. According to McDowell (2004, 2009), among these

dangers are viruses erasing your entire system, someone breaking into your system

and altering files, someone using your computer to attack others, or someone stealing

your credit card information and making unauthorized purchases. In either case,

malicious acts against a network can cause systems to go down. Losses to production,

loss of revenue, loss of information could be crippling to organizational viability and

sustainment. According to Harreld and Fonseca (2001) Information security is a

business risk-management issue, and implementation is the responsibility of every

person at a company (p. 37).


17/28


Chertoff (2008) believes that this could happen in the event of a successful cyber

attack:

1. A successful cyber attack could shut down essential government services,

imperil business operations, erode public trust in financial transactions, and

disrupt electronic communications.

2. The impact of a cyber attack could be far-reaching indeed, threatening multiple

sectors of the economy at once and creating cascading effects across

interdependent systems and operations.

Can Cyber Weapons be considered Weapons of Mass Disruption?Weapons of Mass Destruction were once considered nuclear, radiological, and

biological weapons. Welcome to the World Wide Web, where one click of a mouse

could bring an entire corporation or government down to its knees. One slip of a

tongue, an individual leaves a password exposed, and you could lose your identity. In

cyberspace, these weapons of mass destruction can destroy everything if we are not

protected.

Most people to include the United States government consider cyber weapons to

be weapons of mass destruction. One such threat is that of malicious code being

embedded in firmware of computer or application software from foreign suppliers. The

government has found that foreign suppliers of software or computers have slip in

harmful code in amongst the tens of millions of lines of code that comes installed on the

hard disk. Many of times, they have added this harmful code to the BIOS (Basic

Instruction Operating Set). According to Technolytics Institute (2007) Every time you


18/28


turn on the computer or other device, the malicious code would initiate and wait to arm

itself and become a cyber weapon (p. 2).

How can we fix our cyber defense?

According to Techni Core (2011), "U.S. Government entities have an even higher

and more pressing urgency to implement the strictest form of Cyber Security practices

to secure its information up to the highest classified level. The need for Cyber Security

within the Government Information Systems is especially critical since many current

terrorist and espionage acts are organized and facilitated using the Internet(Cyber

Security, para. 3). Plfeeger and Ciszek (2008) propose a four-step process can help

organizations evaluate assets to be protected, potential assailants, and likely methods

and tactics:

Ranking and Risk Analysis

Methods of Protection

Gap Analysis and Ranking

Identify Course of Action

Commercial businesses have a need for cyber security to protect their trade

secrets, proprietary information, HIPAA-regulated medical and personal information,PCI compliance, and personally identifiable information (PII) of customers or employees

(Techni Core, para. 2). According to CERT Software Engineering Institute (2001),

"Security risks arise from the possibility of intentional misuse of your computer by


19/28


intruders via the Internet (III, para. A). Information security is concerned with three main

areas:

Confidentiality - information should be available only to those who rightfully have

access to it

Integrity -- information should be modified only by those who are authorized to do

so

Availability -- information should be accessible to those who need it when they

need it (CERT Software Engineering Institute, 2001).

The Department of Defense has been fighting back these cyber criminals with

their own cyber spooks from the National Security Agency called the Red Team. NSAs

Red Team according to Derene (2008), are sort of like the Special Forces units of the

security industryhighly skilled teams that clients pay to break into the clients' own

networks. For commercial and government agencies, these guys find the security

flaws so they can be patched before someone with more nefarious plans sneaks in

(Derene, 2008).

We can fix our cyber defense by using these nine objectives in our IT security:

1. Having a strong, effective information security program consisting of many

layers (Spontek, 2006).

2. Create what security professionals refer to as a "defense in

depth."(Spontek, 2006).


20/28


3. Create well-designed IT security program are to make any unauthorized,

unwanted access to your information systems extremely difficult, easily

detected and well-documented (Spontek, 2006).

4. Firewalls, virus filters, intrusion detection systems, monitoring programs

and usage policies are all essential components of a strong defense

(Spontek, 2006).

5. Ensure that adequate information security tools are available, everyone is

properly trained in their use, and that enough time is available to use themproperly. Then hold all personnel accountable for their information system

security practices.

6. Conduct frequent, unannounced red-team penetration testing of deployed

systems and report the results to responsible management (National

Research Council, 2002, p. 13).

7. Promptly fix problems and vulnerabilities that are known or that are

discovered to exist.

8. Mandate the organization-wide use of currently available

network/configuration management tools, and demand better tools from

vendors.


21/28


9. Use defense in depth - design systems under the assumption that they

could be connected to a compromised network or a network that is under

attack, and practice operating these systems under this assumption.

The three biggest reasons these cyber criminals are still getting into commercial

and government networks is because of the lack of end user training, lack of updated

protocols, lack of defense in depth techniques and security policies not being enforced.

If there is little to no training or security policies for employees then it will be easier for

these hackers to apply their techniques into your organizations.

The best way of guarding against Cyberterrorism (Harreld and Fonseca, 2001):

1) Protect what you consider most critical to business operations, assets, and

continuity.

2) Have intrusion detection so you'll know when intruders get around your defenses.

3) Have a response team and a response plan.

4) Tighten rules for inbound traffic.

5) If you don't do business with addresses in certain countries or regions, consider

denying those IP blocks at your gateways.

6) Ports are just as important in your defensive strategy as IP addresses.

7) Establish a good security and disaster-recovery posture for your networks.


22/28


8) Consider special insurance designed to cover Internet-and network-related

damage or loss.

9) Notify all users on your networks not to open suspicious e-mail attachments.

10)Force anti-virus updates throughout the network and direct all users, particularly

those with laptops, to power up and update their anti-virus before conducting any

business on the computer.


23/28


Conclusion

Apparently, some of the information technology professionals are not doing their

due diligence. Policy, procedures and security standards must be adhered to in order to

combat these cyberpunks from penetrating our interior walls. Without security

standards, we have chaos. Having a policy for everything is better than not having any

polices. As stated earlier, Information Assurance is achieved when information and

information systems are protected against such attacks through the application of

security services such as: Availability, Integrity, Authentication, Confidentiality, and Non-

Repudiation.

Training is another aspect in the battle of a new frontier we see as the cyberwar.

According to Mallery (2008) Security is a very specialized area and requires

appropriate training and knowledge. As IT professionals, we must be in a position to

both identify vulnerabilities on a network, but also be in a position to identify attack

patterns on the network (Mallery, 2008). Training is not only for Information Technology

professionals, but for the employees as well. IT professionals must obtain and possess

the knowledge; wisdom and understanding to pass on in layman terms so that their

employers are able to get a better understanding of the war they are fighting. Without

assistance or buy in from senior management, the IT professional will find resistance

and their battle in the cyberwar will be lost.


24/28


References

Biddick, M. (2010, August). GAP IN FEDERAL IT STRATEGY. InformationWeek,(1275),

36. Retrieved January 22, 2011, from ABI/INFORM Global. (Document ID:

2114712641).

Brandt, A. (2009). HIGH-RISK SECURITY THREATS (AND HOW TO FIX THEM).

(Cover story). PC World, 27(3), 62-70. Retrieved from EBSCOhost.

CERT SOFTWARE ENGINEERING INSTITUTE. (2001). CERT Coordination Center

Home Network Security. Retrieved from

http://www.cert.org/tech_tips/home_networks.html#III-A

Charles, K. (2008). THE TYPES OF HACKERS: BLACK HAT, WHITE HAT OR A

GREY HAT HACKER, WHICH TYPE ARE YOU?. Examiner.com, 2008( 8), 1.

Chertoff, M. (2008). THE CYBERSECURITY CHALLENGE. Regulation & Governance,2(4), 480-484. doi:10.1111/j.1748-5991.2008.00051.x

Clapper, D. (2011, January). STOLEN DATA AND FRAUD: THE HANNAFORD

BROTHERS DATA BREACH. Journal of the International Academy for Case

Studies: Special Issue Number 1,121-130. Retrieved January 22, 2011, from

ABI/INFORM Global. (Document ID: 2243561531).

Coleman, K. G. (2007). CYBER WARFARE. Technolytics, 2007(1), 1-7.
http://www.cert.org/tech_tips/home_networks.html#III-Ahttp://www.cert.org/tech_tips/home_networks.html#III-A


25/28


Denning, D. E., & Smith, G. (2003). TIGHTER CYBERSECURITY. Issues in Science &

Technology, 20(1), 7-8. Retrieved from EBSCOhost.

Frontline. (2001). THE TESTIMONY OF AN EX-HACKER. Retrieved from

http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/testimony.html

Fulghum, D. A. (2009). EMBRACING CYBERWAR. Aviation Week & Space

Technology, 170(25), 49. Retrieved from EBSCOhost.

Gregory Goth. 2009. U.S. UNVEILS CYBERSECURITY PLAN. Commun. ACM 52, 8

(August 2009), 23-23. DOI=10.1145/1536616.1536626

http://doi.acm.org.library.capella.edu/10.1145/1536616.1536626

Hansen, B. (2002, April 12). CYBER-CRIME. CQ Researcher, 12, 305-328. Retrieved

from http://library.cqpress.com/cqresearcher/

Harreld, H., & Fonseca, B. (2001, October). GUARDING AGAINSTCYBERTERRORISM. InfoWorld, 23(43), 34-37. Retrieved May 5, 2011, from


http://proquest.umi.com.library.capella.edu/pqdweb?

did=86023472&Fmt=7&clientId=62763&RQT=309&VName=PQD

Harris, S. (2009). THE CYBER DEFENSE PERIMETER. National Journal, 23.Retrieved from EBSCOhost.
http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/testimony.htmlhttp://doi.acm.org.library.capella.edu/10.1145/1536616.1536626http://library.cqpress.com/cqresearcher/http://proquest.umi.com.library.capella.edu/pqdweb?did=86023472&Fmt=7&clientId=62763&RQT=309&VName=PQDhttp://proquest.umi.com.library.capella.edu/pqdweb?did=86023472&Fmt=7&clientId=62763&RQT=309&VName=PQDhttp://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/testimony.htmlhttp://doi.acm.org.library.capella.edu/10.1145/1536616.1536626http://library.cqpress.com/cqresearcher/http://proquest.umi.com.library.capella.edu/pqdweb?did=86023472&Fmt=7&clientId=62763&RQT=309&VName=PQDhttp://proquest.umi.com.library.capella.edu/pqdweb?did=86023472&Fmt=7&clientId=62763&RQT=309&VName=PQD


26/28


Henrie,M. & Liddell, P. (2008, March). QUANTIFYING CYBER SECURITY RISK.

CONTROL ENGINEERING, 55(3), IP.12. Retrieved May 30, 2011, from


Headquarters Department of the Army, .(2007). ARMY REGULATION - INFORMATION

ASSURANCE. Information Management, 25(2), 1-103.

Kaplan, D. (2011, January). 2 MINUTES ON... THE DATA BREACH HEARD AROUND

THE WORLD. SC Magazine, 22(1), 16. Retrieved Mayy 22, 2011, from Criminal

Justice Periodicals. (Document ID: 2238914181).

Lawrence D. Bodin, Lawrence A. Gordon, and Martin P. Loeb. 2008. INFORMATION

SECURITY AND RISK MANAGEMENT. Commun. ACM 51, 4 (April

2008), 64-68. DOI=10.1145/1330311.1330325

http://doi.acm.org/10.1145/1330311.1330325

Lynn, W. (2010). DEFENDING A NEW DOMAIN. Foreign Affairs, 89(5), 97-108.

Retrieved May 30, 2011, from ABI/INFORM Global. (Document ID: 2129061161).

Mallery, J. (2008). Network Risk Management. Security Technology & Design, 18(5),

52.

Marshall, P. (2010, February 26). CYBERSECURITY. CQ Researcher, 20, 169-192.Retrieved from http://library.cqpress.com/cqresearcher/

McCluney, C. N. (2010, June 8). NEW CYBER CHIEF: CYBERSPACE MUST

BECOME A NATIONAL SECURITY PRIORITY. Armed with Science. Retrieved
http://doi.acm.org/10.1145/1330311.1330325http://library.cqpress.com/cqresearcher/http://doi.acm.org/10.1145/1330311.1330325http://library.cqpress.com/cqresearcher/


27/28


May 30, 2011 from http://science.dodlive.mil/2010/06/08/new-cyber-chief-

cyberspace-must-become-a-national-security-priority/

McDowell, M. (2004, 2009). NATIONAL CYBER ALERT SYSTEM CYBER SECURITY

TIP ST04-001. US-CERT. Retrieved from http://www.us-cert.gov/cas/tips/ST04-

001.html

Merriam-Webster. (2011). Cybersecurity. Retrieved from http://www.merriam-

webster.com/dictionary/cybersecurity

Munro, N. (2007). CYBER WARRIORS. National Journal , 2007 (1007), 1-4., Retrieved

from http://www.govexec.com/dailyfed/1007/102907ol.htm

National Security Priority. Armed with Science. Retrieved November 6, 2010

from http://science.dodlive.mil/2010/06/08/new-cyber-chief-cyberspace-must-

become-a-national-security-priority/

Pfanner, E. (2011, January 17). WREAKING CYBERHAVOC ISN'T SO EASY; MEDIA

CACHE. The International Herald Tribune, pp. 18.

Pfleeger, S., & Ciszek, T.. (2008, September). CHOOSING A SECURITY OPTION:

THE INFOSECURE METHODOLOGY. IT Professional Magazine, 10(5), 46-52.

Retrieved May 30, 2011, from ABI/INFORM Global. (Document ID: 1557505111).

Pursuit Magazine. (2010). INTERNET & CYBER CRIME TERMS AND DEFINITIONS.

Retrieved from http://pursuitmag.com/cyber-crime-terms-and-definitions/
http://science.dodlive.mil/2010/06/08/new-cyber-chief-cyberspace-must-become-a-national-security-priority/http://science.dodlive.mil/2010/06/08/new-cyber-chief-cyberspace-must-become-a-national-security-priority/http://www.us-cert.gov/cas/tips/ST04-001.htmlhttp://www.us-cert.gov/cas/tips/ST04-001.htmlhttp://www.merriam-webster.com/dictionary/cybersecurityhttp://www.merriam-webster.com/dictionary/cybersecurityhttp://www.govexec.com/dailyfed/1007/102907ol.htmhttp://science.dodlive.mil/2010/06/08/new-cyber-chief-cyberspace-must-become-a-national-security-priority/http://science.dodlive.mil/2010/06/08/new-cyber-chief-cyberspace-must-become-a-national-security-priority/http://pursuitmag.com/cyber-crime-terms-and-definitions/http://science.dodlive.mil/2010/06/08/new-cyber-chief-cyberspace-must-become-a-national-security-priority/http://science.dodlive.mil/2010/06/08/new-cyber-chief-cyberspace-must-become-a-national-security-priority/http://www.us-cert.gov/cas/tips/ST04-001.htmlhttp://www.us-cert.gov/cas/tips/ST04-001.htmlhttp://www.merriam-webster.com/dictionary/cybersecurityhttp://www.merriam-webster.com/dictionary/cybersecurityhttp://www.govexec.com/dailyfed/1007/102907ol.htmhttp://science.dodlive.mil/2010/06/08/new-cyber-chief-cyberspace-must-become-a-national-security-priority/http://science.dodlive.mil/2010/06/08/new-cyber-chief-cyberspace-must-become-a-national-security-priority/http://pursuitmag.com/cyber-crime-terms-and-definitions/


28/28


Sharon Spontak. (2006, December). DEFENSE IN DEPTH: How Financial Executives

Can Boost IT Security. Financial Executive, 22(10), 51-53. Retrieved January 24,

2011, from ABI/INFORM Global. (Document ID: 1182662141).

Techni Core. (2011). WHAT IS CYBER SECURITY?. Retrieved from http://www.techni-

core.com/what-is-cyber-security.htm

Technolytics Institute, . (2007). Department of Cyber Defense An organization whos

time has come!. Technolytics Institute , 2007 (11), 1-7.

lWheeler, D. A. (2003). SECURE PROGRAMMING FOR LINUX AND UNIX HOW-TO.

David A. Wheeler Personal Home Page, 2003(3), 1-168.
http://www.techni-core.com/what-is-cyber-security.htmlhttp://www.techni-core.com/what-is-cyber-security.html

Cyberwar- The Battle of a New Frontier - Edward Forde_b

Documents

Transcript of Cyberwar- The Battle of a New Frontier - Edward Forde_b