OFFENSIVE CYBER WARFARE_roughdraft_3
-
Upload
alyssa-nielsen -
Category
Documents
-
view
221 -
download
0
Transcript of OFFENSIVE CYBER WARFARE_roughdraft_3
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
1/21
OFFENSIVE CYBER WARFARE: INVOLVEMENT IN CYBER SECURITY
Alyssa M. Nielsen
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
2/21
2
OFFENSIVE CYBER WARFARE: INVOLVEMENT IN CYBER SECURITY
Introduction
In recent years, offensive cyber attacks are increasingly becoming a conventional
means of warfare. For example, during the recent conflict between Russia and Georgia,
which broke out over the autonomous demilitarized Georgian region of South Ossetia,
offensive cyber attacks were launched against a large number of Georgian governmental
websites. As a result of these cyber attacks, Georgia declared a state of war due to a
perceived threat to its security (Korns, 2009; Tikk & et. al, 2008).
Similarly, in December 2008, there were cyber attacks in Mumbai, India. The
cyber attackers used cable television, BlackBerry phones, Google Earth imagery, and
global positioning system information to gain access to government intelligence (Korns,
2009). Also in 2008, the U.S. Department of Defense suffered a compromise of its
classified military computer networks after an infected flash drive was inserted into a
U.S. military laptop. The flash drives computer code uploaded itself onto a networkrun
by the U.S. Central Command. The code spread undetected for a number of days
allowing both classified and unclassified data to be transferred to servers under foreign
control (Lynn, 2010). Once again in 2010, a new type of malicious softwarea cyber
guided missile called Stuxnetmade its way into Irans nuclear-fuel centrifuge facilities
causing damage (Clayton, 2010). These four examples show how offensive cyber attacks
are increasingly becoming a new conventional means of warfare. They represent only a
few of the accumulating examples of current offensive cyber warfare incidences. Amidst
an information revolution the likelihood of cyber based attacks have increased. It is the
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
3/21
3
increased use of the new conventional means of offensive cyber warfare, which leads us
to questionhow do we explain the likelihood of offensive cyber warfare?
Offensive cyber warfare will be understood to mean unlawful attacks and threats
of attack against computers, networks, and the information stored therein to intimidate or
coerce a government or its people in furtherance of political or social objectives
(Denning, 2000). I will focus on cyber warfare in the international system over the past
three years. Ideally, I would like to focus on more than just the past three years, but due
to a lack of open source data the scope of the research has to be scaled down to only three
years.
Cyber warfare has emerged as a new threat with the capability to immobilize
critical intelligence infrastructure. It has become a topic of interest in many governmental
organizations, to include CYBERCOM, Department of Defense, National Security
Agency, National Security Institute, Internet engineering Task Force, International
Organization for Standardization, Organization for Economic Cooperation and
Development, Asia-Pacific Economic Cooperation Forum and NATO. These
organizations seek to learn, inform, and deter cyber warfare. Knowing the causal factors
of offensive cyber warfare could help to explain why some states are more likely to
encounter cyber attacks than others. Understanding the likelihood of offensive cyber
attacks will help these organizations to create policies tailored to the reduction of cyber
attacks.
I hypothesize that a state is more likely to be involved in offensive cyber warfare
as the degree of international cyber security involvement decreases in a state. States that
do not participate in international cyber security treaties or in international organizations
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
4/21
4
in which a cyber security committee has been created have fewer costs imposed on them
as a consequence of their participating in cyber warfare. A state that is involved in cyber
security polices and committees has invested time, interest, effort, and money creating
cyber security based policies. By initiating cyber attacks a state jeopardizes its previous
invested effort by going against established cyber security policies. If a state is faced with
fewer costssuch as not feeling obligated to uphold cyber security policies of which it
had no part in creatingthen it will be less likely to be deterred from initiating cyber
attacks. Therefore, deterrence created from high international cyber security involvement
decreases the likelihood of cyber warfare among states (Beeker, 2009; Deibert, 2010;
Hamilton, 2004; Luman, 2009; National Security Institute, 2009).
Approaches to Explaining Offensive Cyber Warfare
There are two theoretical frameworks in the literature on the likelihood of
offensive cyber warfare. The first argues that the openness and increased connectivity of
the Internet has increased the frequency of offensive cyber warfare attacks. The second
contends that the lack of international agreements on cyber security has increased the
frequency of offensive cyber warfare attacks.
The first approach in cyber literature argues that the Internet has created open
standard procedures for regulating data transmission between computers giving easy
access to global communities for individuals, groups, and states. This easy access or
increased connectivity to global communities has created a sense of equality among users
in the vast network. This sense of equality has in turn created a protective shield for those
who wish to use cyber warfare as a means of aggression. The protective shield has
created a low risk of getting caught and a high payoff for those partaking in cyber
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
5/21
5
warfare. In essence, the Internet has created an opportunity for asymmetric conflict in
which both small, poorly funded groups and powerful states can gain the same payoff
from attacks targeted at organizations and governments. The low risk of getting caught
and the potential for a high payoff for the adversary has created the likelihood of cyber
warfare to become more frequent (Alexander, 2007; Anderson, 2008; Blank, 2009;
Bohannon, 2008; Carr, 2009; Haeni, 1997; Jancczewski & Colarik, 2008; Kramer & et.
al, 2007; Thomas, 2002).
Two hypotheses can be derived from this approach. The first hypothesis suggests
that a high Internet usage in a state increases the states connectivity to the global
community. The second hypothesis is that as the number of Internet users increases in a
state, a potential adversary is more likely to resort to cyber warfare. The increase in
Internet users gives the adversary more confidence that there will be a lower risk of being
discovered. For example, the recent expansion of broadband and connectivity in South
Korea has created a noticeable increase in a variety of cyber attacks originating from that
country (Anderson, 2008).
The problem with these two hypotheses is that they do not take into account the
lack of deterrent measures such as international treaties regarding cyber security. While,
the increased global connectivity has affected cyber warfare; it is the lack of deterrent
measures and costs imposed on a potential adversary that has had a greater affect on the
likelihood of cyber warfare.
The second approach argues that states that do not participate in international
cyber security treaties or in international organizations in which a cyber security
committee has been created have fewer costs imposed on them as a result of participating
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
6/21
6
in cyber warfare. A state that is involved in cyber security polices and committees has
invested time, interest, effort, and money creating cyber security based policies. By
initiating cyber attacks a state would then be jeopardizing its previous invested effort by
going against established cyber security policies. So, if a state is faced with fewer costs
such as not feeling obligated to uphold cyber security policies of which it had no part in
creatingthen it will be less likely to be deterred from initiating cyber attacks.
Therefore, deterrence created from high international cyber security involvement
decreases the likelihood of cyber warfare among states (Beeker, 2009; Deibert, 2010;
Hamilton, 2004; Luman, 2009; National Security Institute, 2009).
Two hypotheses can be derived from this argument. The first is that if a state has
signed an international treaty on cyber security then that state is more likely to be
deterred from initiating a cyber attack. The second hypothesis is that if a state is a
member of an international organization in which a cyber security committee has been
created then that state is more likely to be deterred from initiating a cyber attack. For
example, Russia has declined to sign an international treaty on cyber security with the
United States and various other countries through the Cooperative Cyber Defense Centre
of Excellence. It has been confirmed that there have been many cyber attacks based out
of Russia such as attacks on Georgia, Estonia, and Kyrgyzstan in the past two years
(Ashmore, 2009; Beeker, 2009; Tikk, 2008; Walker, 2008; Zoller, 2010).
Russias continued participation in cyber-based incidences suggests that by not
signing the treaty it has less cost in cyber warfare. It has fewer costs because Russia has
no allegiance to uphold any cyber security treaties.
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
7/21
7
One reason the lack of international treaties on cyber security is important is
because it leads to a lack of deterrent threats on potential adversaries. Within the
literature there is a heavy concentration on the creation of deterrence measures against
potential cyber adversaries. While some of these deterrence measures do focus on
safeguarding against cyber attacks, much more of the literature focuses on how to prevent
an adversary from attacking in the first place which is, leading me to believe that the
likelihood of cyber warfare among states is based upon the lack of deterrent threats,
which stems from the lack of international treaties on cyber security (Alexander, 2007;
Beeker, 2009; Biedlman, 2009; Cilluffo, 2006; Cochran, 2008; Department of Defense,
2006; Gale, 2009; Goodman, 2010; Hildreth, 2001; Knapp, 2004; Libicki, 2009; Meri,
1999; Presidents Information Technology Advisory Committee, 2005; Quadrennial
Defense Review Report, 2010; Shimeall & et al, 2001; Simcox, 2009; Thomas, 2002).
Hypothesis and Theory
I hypothesize that a state is more likely to be involved in offensive cyber warfare
as the degree of international cyber security involvement decreases in a state. The number
of international organizations with cyber security policies and committees of which a
state is involved measures the degree of international cyber security.
States that do not participate in international cyber security policies or in
international committees in which a cyber security committee has been created have
fewer costs imposed on them as a result of participating in cyber warfare. A state that is
involved in cyber security polices and committees has invested time, interest, effort, and
money creating cyber security based policies. By initiating cyber attacks a state would
then be jeopardizing its previous invested effort by going against established cyber
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
8/21
8
security policies. So, if a state is faced with fewer costssuch as not feeling obligated to
uphold cyber security policies of which it had no part in creatingthen it will be less
likely to be deterred from initiating cyber attacks. Therefore, deterrence created from
high international cyber security involvement decreases the likelihood of cyber warfare
among states (Beeker, 2009; Deibert, 2010; Hamilton, 2004; Luman, 2009; National
Security Institute, 2009).
Data and Methods
I regress the percentage of offensive cyber attack traffic on the degree of cyber
security involvement. I control for degree of military power, military expenditures (% of
GDP), Internet users (per 100 people), and information technology (% of GDP).
The dependent variable is the percentage of offensive cyber attack traffic by
origin country. The data is from Akamais Internet ofthe State report from 2008-2010.
The data looks at the percent of cyber attacks, such as viruses, that are detected by
Akamai software by origin country. In essence, it measures the percent cyber attacks
originating from each state.
Table 1 shows all of the detailed statistics for all of the variables. There are 597
percent attack traffic observations used in the model. The mean, .49, gives the average
percent of offensive cyber attack traffic for all countries. It tells us that the average
percent of attack traffic for all countries is .49. The median, 0, indicates the middle value
of percent attack traffic for all countries. So, half of the observations will be above the
median and half of the observations will be below the median. The median of 0 indicates
that more than half of all the countries have not initiated a cyber attack. Finally, the
range, 21.4 describes the extremes of the percent of attack traffic for all countries. The
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
9/21
9
range describes the spread of the data; if the range is a high number it suggests that the
data is spread out and if the range is a low number it suggests that the data is closer
together. The range here suggests that the data points should be relatively close together.
Table 1
Variable Summary
Variables Obs. Mean Median Range
% Attack Traffic 597 .499 0 21.4
Degree of Cyber 635 1.89 1 5
Security Involvement
Degree of Military Power 471 2.72 4 5
Military Expenditures 378 2.07 1.56 11.2(% of GDP)
Internet Users 378 27.5 20.71 90.0
(Per 100 people)
Information Technology 215 5.79 5.41 13.5
Expenditure (% of GDP)
The variable of interest for this study is the degree of cyber security involvement
by a country. This variable is coded on a scale from one to five, in which five is the most
involved in cyber security and 1 is the least involved in cyber security. In order to assign
a ranking to each country, their degree of cyber security involvement is determined. The
degree of cyber security involvement is based on the number of certain international
governmental organizations each country is involved. The international governmental
organizations used in this measure all have cyber security policies and councils. The
IGOs used are the United Nations, NATO, Cooperative Cyber Defense Centre of
Excellence, and the ITU Council. In order to rank the countries, each country is given a
point for each degree of involvement; for example points are given to a country for
having UN membership, UN Security Council membershippermanent, UN Security
Council membershipnon-permanent, NATO membership, Cooperative Cyber Defense
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
10/21
10
Centre of Excellence membership, and ITU Council membership. Countries with a
membership in zero to one of the IGOs mentioned previously received a one. Countries
with memberships in two received a two. Countries with a membership in three received
a three. Countries with memberships in four to five received a four. Finally, a country
with memberships in all six of the IGOs received a five. The degree of involvement was
measured for 2008, 2009, and 2010.
The number of observations for the degree of cyber security involvement by a
country is 635. The mean is 1.89, meaning that the average number of IGO memberships
each country is involved in is about 2 organizations. The median is one and the range is
six.
The second variable is the degree of military power. I use military power as a
proxy for the degree of military power. There are six generations of fighter jets currently
in use around the world, generations 1 through 5 and generation 4. 5. Countries that use
no fighter jets receive a zero and for the rest of the countries the military power rank is
given on the basis of on the highest generation fighter jet that is in current use or
currently owned. The generation of fighter jets explains military power because newer
generations are more expensive, have newer technology, and require more expertise in
operating the equipment. A military using a generation five fighter jet has a stronger
military based on the fact that they have the resources to fund generation five fighters and
they have the resources to train military personnel to operate the equipment. This variable
is coded on a scale from 0 to 5; in which 5 is the highest amount of military power and 0
is the lowest amount of military power. The degree of military power was measured for
2007, 2008, and 2010. The variable was created using data from militaryperiscope.com
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
11/21
11
that summarized the types of fighter jets being used in every country. The number of
observations for the degree of military power is 471. The mean is 2.72 meaning that the
average country uses a generation three fighter jet. The median is four and the range is
five.
The control variables are military expenditures (% of GDP)1, Internet users (per
100 people), and information technology expenditures (% of GDP). The data for all three
of these variables comes from the World Bank dataset and includes the year 2007 until
2009. The number of observations for military expenditures and Internet users is 378.
The mean for military expenditures is 2.07 percent. This means that the average amount
of money spent on military expenditures is about two percent of a countrys GDP. The
median is 1.56 and the range is 11.2. The mean for Internet users is 27.5 user per 100
people. This means the average amount of Internet users a country has is about twenty-
eight per one hundred people. The median is 20.71 the range is 90.0. The number of
observations for information technology expenditure is 215. The mean is 5.79 percent.
This means that the average percent of GDP spent by each country on information
technology is about six percent. The median is 5.41 and the range is 13.5.
I test the model using ordinary least squares regression. I expect the model to be
statistically significant below the .05 level and I expect to have an r-squared above .25,
indicating that the independent and control variables account for at least twenty-five
percent of the variance explained in percent attack traffic per country. I also, expect that
my variables of interest, degree of cyber security involvement and degree of military
1A test for multi co-linearity was run between military expenditures and the degree ofmilitary power, which suggested that there was no multi co-linearity present.
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
12/21
12
power, are statistically significant below the .05 level with a t-score greater than the
absolute values of 1.96.
Results
Table 2 reports the results of the models independent and control variables with
their coefficients and standard errors, which correspond to the equation below. The
equation is statistically significant at less than a .01 level.
The regression equation is
% Attack traffic = degree of cyber security involvement (.636) + degree of military power
(.367) + military expenditures (.042) + Internet users (.008) + information technology
expenditures (.077) + (-2.69).
For every unit increase in the percent of attack traffic the degree of cyber security
involvement increases by .637 if other variables are held constant. For every unit increase
in the percent of attack traffic the degree of military power increase by .367 if other
variables are constant. For every unit increase in the percent of attack traffic military
expenditures increase by .042 percent if other variables are constant. For every unit
increase in the percent of attack traffic Internet users increase by .008 if other variables
are constant. For every unit increase in the percent of attack traffic information
technology expenditure increases by .077 percent if other variables are constant.
The r2= .1185 means that 11.85% of the variance on the degree of cyber security
involvement is explained by the independent and control variables. Also as reported in
Table 2, the degree of cyber security involvement is statistically significant at less than
the .01 level and the constant is statistically significant at the .01 level. Degree of military
power, military expenditure, Internet users, and information technology expenditures are
not statistically significant.
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
13/21
13
Table 2Offensive Cyber Warfare Likelihood Indicators
Variable Model 1
Degree of Cyber .637**Security Involvement (.244)
Degree of Military Power .367(.226)
Military Expenditures .042(% of GDP) (.186)
Internet Users .008
(Per 100 people) (.011)
Information Technology .077
Expenditure (% of GDP) (.146)
Constant -2.69**
(1.22)
N= 140p= 3.60r2= .1185
* Statistically significant at less than a .05 level** Statistically significant at less than a .001 level
Implications and Conclusions
The results of the model are surprising. While the main variable of interestthe
degree of cyber security involvementis statistically significant; it is affected in the
opposite of that hypothesized. The model explains that as the percent of attack traffic
increases by one unit then the degree of cyber security involvement increases by .637. So
this is saying that if a country is more involved in cyber security policies and committees
then that country has a higher percent of cyber attack traffic originating within it.
The problem could be both related to the data problem and the theory. The
percent offensive cyber attack traffic data only accounts for data from Akamais Internet
of the State report from 2008-2010. So, it only accounts for some offensive cyber attacks
and not all. The problem could also be that those states that are participating in cyber
security policies and committees are doing so because they are a prominent military actor
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
14/21
14
in the international system. Being a prominent military actor sets a state up as a cyber
attack target, but it also gives them the resources to implement offensive cyber attacks. I
tried to control for this with the degree of military power per country variable. But it did
not yield the expected results.
The reason for the unexpected results could be due to the way I coded the degree
of military power variable. I looked at which generation fighter jet each country currently
has to explain military technology, military expenditure, and military expertise resources.
Coding fighter jet generations could be the wrong method of measurement for the degree
of military power variable. The reason for this could be because this variable does not
truly measure technology, expertise, and military spending for each country. This is
because some countries fly generation four jets when theoretically they should not be
able to afford generation four jets. After further research it turns out that the only reason
some countries are able to have higher generations is because they get them from their
allies. So they do not necessarily have the funds to own higher generation fighters, the
expertise to create the technology to use in the jets.
Perhaps I should have coded degree of military power by the type of radio system
a military uses. I think that radio systems would be a better measurement of military
power because in general militaries do not trade radio system technology. Since militaries
do not get radio systems from allies it would better represent funding, technology, and
expertise available to a military.
Another interesting result is that none of the other variables are statistically
significant. The only explanation I have for this is that the data used looks at cyber
warfare at the state level. This could be excluding many more cyber attacks that are being
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
15/21
15
implemented by non-state actors. Other variables that could be looked at to possibly
include the non-state actor cyber warfare could be factors such as level of terrorism in a
country or whether or not a state is currently involved in conflictinterstate or intrastate.
The topic of offensive cyber attacks as the new conventional warfare is an
interesting topic and the study should not stop at answering the question of how do we
explain the likelihood of offensive cyber warfare? Other possible future research ideas
could beUnder what conditions is cyber warfare deterred? Or Under what conditions is
a country more likely to be a target of cyber warfare? Because cyber warfare is such a
new concept in terms of warfare there are many unanswered questions leaving the door
open for extensive future study.
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
16/21
16
References
Alexander, K. B. (2007). Warfighting in cyberspace.Joint Force Quarterly, 46(3),
58-61.
Air Force Command (2009). Cyberspace. High Frontier: The Journal for Space and
Missile Professionals, 5(3), 1-52.
Air Force Cyber Command (2008). Air Force Cyber Command Strategic Vision.Air
Force, 1-25.
Anderson, K.E. (2008),"Hacktivism & Politically Motivated Computer Crime",
Encurve, LLC.
Ashmore, W.C. (2009). Impact of alleged russian cyber attacks.Baltic Security and
Defence Review,11, 4-40.
Beeker, K.R. (2009). Strategic deterrence in cyberspace: practical application.Air
Force Institute of Technology, Graduate Research Project, 1-109.
Biedleman, S.W. Lt. Col. (2009). Defining and deterring cyber war. U.S. Army War
College, Strategy Research Project, 1-40.
Blank, S. (2009). Web war I: is europes first information war a new kind of war?
Comparative Strategy, 27, 227-247.
http://www.aracnet.com/~kea/Papers/Politically%20Motivated%20Computer%20Crime.pdfhttp://www.aracnet.com/~kea/Papers/Politically%20Motivated%20Computer%20Crime.pdfhttp://www.aracnet.com/~kea/Papers/Politically%20Motivated%20Computer%20Crime.pdfhttp://www.aracnet.com/~kea/Papers/Politically%20Motivated%20Computer%20Crime.pdf -
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
17/21
17
Bohannon, L. Maj. (2008). Cyberspace and the new age of influence. School of
Advanced Air and Space Studies, 1-95.
Carr, J. (2009). Inside Cyber Warfare. OReilly: Sebastopol, CA, 1-234.
Chaisson, K. (2007). China report looks at informationization.Journal of Electronic
Defense, 30(7), 20.
Cilluffo, F.J. & Nicholas, J.P. (2006). Cyberstrategy 2.0. The Journal of International
Security Affairs, Spring (10), 23-31.
Clayton, M. (2010). Stuxnet: ahmadinejad admits cyberweapon hit iran nuclear
Program. Christian Science Monitor, Nov. 30.
Cochran, J.T. Maj. (2008). Ten propositions regarding cyberpower. School of
Advanced Air and Space Studies, 1-66.
Deibert, R.J. (2010). Risking security: policies and paradoxes of cyberspace security.
International Political Sociology, 4, 15-52.
Denning, D. (2000). Cyberterrorism. Testimony before the special over sight panel on
Terrorism committee on armed services u.s. house of representatives.
Department of Defense (2006). National military strategy for cyberspace operations.
1-54.
Farmer, D.B. (2010). Do the principles of war apply to cyber war? School of Advanced
Military Studies, 1-66.
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
18/21
18
Gale, D.A. Maj. (2009). Cybermad: should the united states adopt a mutually assured
Destruction policy for cyberspace?Air Command and Staff College, Research
Report, 1-33.
Goodman, W. (2010). Cyber deterrence: tougher in theory than in practice. Strategic
Studies Quarterly, 102-135.
Grant, R. (2008). Rise of cyber war.A Mitchell Institute Special Report, 1-36.
Hamilton, B.P. Lt. Col. (2004). Our national information infrastructure: an immediate
Concern in national security policy. U.S. Army War College, 1-25.
Haeni, R.E. (1997). Information warfare: an introduction. The George Washington
University, Cyberspace Policy Institute, 1-16.
Hildreth, S.A. (2001). Cyberwarfare. CRS Report for Congress, 1-20.
Janczewski, L.J. & Colarik, A.M. (2008). Cyber Warfare and Cyber Terrorism.
Information Science Reference, Hershey, NY, 1-565.
Knapp, K.J. (2004). Cyber warfare: raising information security to a top priority.
Auburn University: The Department of the Air Force. 1-34.
Knapp, L.L. (2008). Interpreting chinese cyber attacks of 2007: indications of chinas
cyber warfare strategy.Air Command and Staff College, Research Report, 1-67.
Korns, S.W. (2009). Cyber operations: the new balance.Joint Force Quarterly, 54(3),
97-101.
Kramer, F., Starr, S., Wentz, L., Zimet, E. (2007). Framworks and insights
characterizing trends in cyberspace and cyberpower. Information Resources
Management College, 1-35.
Krekel, B. (2009). Capability of the peoples republic of china to conduct cyber
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
19/21
19
warfare and computer network exploitation. The US-China Economic and
Security Review Coimmission, 1-89.
Lamb, M. W. (2002). Bytes: weapons of mass disruption.Air War College.
Libicki, M.C. (2009). Cyberdeterrence and cyberwar. Rand cooperation, 1-241.
Luman, R.R. (2009). Proceedings on compating the unrestricted warfare threat:
terrorism, resources, economics, and cyberspace. Unrestricted Warfare
Symposium 2009, 1-498.
Lynn III, W.J. (2010). Defending a new domain: the pentagons cyberstrategy.
Foreign Affairs.
Meri, H.E.L. (1999). Baltic Defence Review. Baltic Defence Review, 1(99).
Muniz, J. (2009). Declawing the dragon: why the u.s. must counter chinese cyber-
warriors. U.S. Army Command and General Staff College, Research Report,
1-85.
National defense strategy of the united states of America (2008)., 1-29.
National Security Institute (2009). Cyber security: keeping up with the threat.An
NSI Special Report, 1-10.
National Security Strategy (2010). 1-60.
Ortiz, O. Maj. (2009). Cyber: empowering the combatant commanders against the
no-borders threat.Joint Military Operations Department, 1-28.
Owens, W.A., Dam, K.W., & Lin, H.S. (2009). Technology, policy, law, ethics,
regarding u.s. acquisition and use of cyberattack capabilities. The National
Academies Press: Washington, D.C., 1-390.
Presidents Information Technology Advisory Committee. (2005). Report to the
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
20/21
20
president.Cyber security: a crisis of prioritization. 1-73.
Quadrennial Defense Review Report (2010).
Rawnsley, G.D. (2005). Old wine in new bottles: china-taiwan computer-based
information warfare. International Affairs, 81(5), 1061-1078.
Shimeall, T., Williams, P., Dunlevy, C. (2001). Countering cyber war. NATO Review,
49(4), 16-18.
Simcox, F.W. Lt Col. (2009). Flexible options for cyber deterrence.Air War College,
Research Report, 1-47.
Strategic Deterrence Joint Operating Concept, Version 2.0 (Offut Air Force Base,
Nebraska: US Strategic Command, February 2006).
Thomas, T. L. (2002). Information-age de-terror-ence.Military Review. 32-37.
Tikk, E., Kaska, K., Ruennimeri, K., Kert, M., Talihaerm, A., & Vihul, L. (2008).
Cyber attacks against georgia: legal lessons identified. NATO Unclassified,
Nov (1), 1-45.
Upton, O.K. (2003). Asserting national sovereignty in cyberspace: the case for
Internet border inspection. Naval Postgraduate School, Masters Thesis, 1-95.
Walker, A.D. Maj. (2008). Applying international law to the cyber attacks in estonia.
Air Command and Staff College, Research Report, 1-41.
Waters, G., Ball, D., Dudgeon, I. (2008). Australia and cyber-warfare.ANU E Press, 1-
-
8/3/2019 OFFENSIVE CYBER WARFARE_roughdraft_3
21/21
194.
Wentz, L.K., Barry, C.L., Starr, S.H. (2009). Military perspectives on cyberpower.
Center for Technology and National Security Policy, 1-129.
Wilson, C. (2007). Botnets, cybercrime, and cyberterrorism: vulnerabilities and
policy issues for congress. CRS Report for Congress, 1-44.
Wilson, C. (2005). Computer attack and cyberterrorism: vulnerabilities and policy
issues for congress. CRS Report for Congress, 1-46.
Zoller, R.G. Lt. Col. (2010). Russian cyberspace strategy and a proposed united states
response. U.S. Army War College, 1-32.