SCHOOL THESIS

More documents

Recommendations

Info

Finally, North Korea has expended enormous resources to develop its cyber warfare cell called “Bureau 121” under the General Bureau of Reconnaissance, a spy agency run by the North Korean military. 32 South Korean intelligence contends Bureau 121 has repeatedly conducted cyber attacks against numerous South Korea businesses, to include incidents in 2010 and 2012 targeting banks and media organizations. Pyongyang rejects these charges. 33 Thus, we clearly see the Intelligence Community’s rising concern about the cyberspace threat posed by several potentially hostile nations, and the general consensus that these global threats are indeed serious and not abating. 2. Typical Cyber Weapons In their article “Cyber-Weapons,” Thomas Rid and Peter McBurney state there is no internationally agreed-upon definition of a cyber weapon. Therefore, they proposed the following definition: “A cyber weapon is seen as a subset of weapons, more generally as computer code that is used, or designed to be used, with the aim of threatening or causing physical, functional, or mental harm to structures, systems, or living beings.” (Emphasis added.) 34 Expanding upon this proposed definition, in his book Cyberattack, Paul Day proposed four levels of cyber weapons: 35 Level 1. “Dual use” software tools provided with a computer’s organic operating system, such as network monitoring tools, which can be converted into hacking tools and exploit security vulnerabilities. 32 Ju-Min Park and James Pearson, “In North Korea, Hackers Are a Handpicked, Pampered Elite,” Reuters, 5 Dec 2014, http://www.reuters.com/article/2014/12/05/us-sony-cybersecurity-northkoreaidUSKCN0JJ08B20141205. 33 Kyung Lah and Greg Botelho, “Watch Out World: North Korea Deep Into Cyber Warfare, Defector Says,”Cable News Network, 18 Dec 2014, http://www.cnn.com/2014/12/18/world/asia/north-korea-hackernetwork/index.html. 34 Thomas Rid and Peter McBurney”Cyber-Weapons,” The Rusi Journal, Feb/Mar 2012, 6–13, accessed 21 Apr 2015, https://www.rusi.org/downloads/assets/201202_Rid_and_McBurney.pdf. 35 Paul Day, Cyberattack (London, UK: Carlton Publishing Group, 2013), 120–122. 18
Level 2. Software tools that can be downloaded for computer security purposes that are then abused to compromise networks and computers. This software is specifically designed to allow skilled operators to test and penetrate system security, but in the wrong hands can subvert a network. Level 3. Malware designed only to exploit and infect other computers. Examples include RAT, spyware, and botnet clients. Again, these programs are widely available on the Internet. Level 4. Purposely built cyber weapons covertly developed by nation states with the expressed intention of waging cyber warfare. The most famous example is the “Stuxnet” worm discovered in 2010. (This level would match cyber weapon attacks as outlined by Rid and McBurney.) 3. Concept of “Cyber Attack” In order to discuss the merits of any proposed cyber attack warning policy, it would be helpful to have a clear definition of what specifically defines a “cyber attack.” Media Definitions. While the news media repeatedly warns us about “cyber attacks,” 36 there currently are no uniformly agreed-upon terms to describe cybersecurity activities. Typical cyber actions are often publically described as: 37 “Cyber-vandalism” or “hacktivism” (defacing or otherwise temporarily interfering with public access websites.) “Cyber-crime” or “cyber-theft” (defrauding individuals to obtain their personal identification data, or actual theft of funds from financial accounts.) “Cyber-espionage” (covertly stealing sensitive or proprietary information.) “Cyber-warfare” (conducting military operations using cyber means.) 36 “Cyber Attacks on South Korean Nuclear Power Operator Continue,” The Guardian, 28 Dec 2014, accessed 21 Apr 2015, http://www.theguardian.com/world/2014/dec/28/cyber attacks-south-koreannuclear-power-operator. 37 “At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues,” National Academy of Science, 2014, vii, accessed 17 Dec 2014, http://www.nap.edu/openbook.php?record_id=18749. 19
Page 1 and 2: NAVAL POSTGRADUATE SCHOOL MONTEREY,
Page 3 and 4: REPORT DOCUMENTATION PAGE Form Appr
Page 5 and 6: Approved for public release; distri
Page 7 and 8: ABSTRACT For more than fifty years,
Page 9 and 10: TABLE OF CONTENTS I. INTRODUCTION..
Page 11 and 12: 1. Advantages, Disadvantages and We
Page 13 and 14: LIST OF FIGURES Figure 1. North Ame
Page 15 and 16: LIST OF TABLES Table 1. Cyberspace
Page 17 and 18: LIST OF ACRONYMS AND ABBREVIATIONS
Page 19 and 20: EXECUTIVE SUMMARY Since 1958, North
Page 21 and 22: ACKNOWLEDGMENTS I feel very fortuna
Page 23 and 24: I. INTRODUCTION A. PROBLEM STATEMEN
Page 25 and 26: This thesis then developed three co
Page 27 and 28: II. OPERATIONAL OVERVIEW A. INTRODU
Page 29 and 30: Based upon the remarkable success o
Page 31 and 32: Later, because of growing concerns
Page 33 and 34: 3. Cruise Missile Warning While ICB
Page 35 and 36: C. NORAD’S NEW MARITIME WARNING M
Page 37 and 38: When asked about the pending NORAD
Page 39: Director Clapper then identified to
Page 43 and 44: First, the Tallinn group developed
Page 45 and 46: More importantly, the NATO definiti
Page 47 and 48: DODIN Operations. “Operations to
Page 49 and 50: As can be seen, the topic of “cyb
Page 51 and 52: 3. U.S. Northern Command Created in
Page 53 and 54: 5. U.S. Cyber Command Created in 20
Page 55 and 56: Figure 16. DND and SJS Crests. 2. S
Page 57 and 58: 4. Canadian Forces Information Oper
Page 59 and 60: Figure 19. Cyber Event Conferences.
Page 61 and 62: Finally, the NORAD and USNORTHCOM C
Page 63 and 64: III. LITERATURE REVIEW A. INTRODUCT
Page 65 and 66: Maritime warning consists of proces
Page 67 and 68: Initiative #10. Define and develop
Page 69 and 70: of peace and crisis, and develop th
Page 71 and 72: c. National Military Strategy (2011
Page 73 and 74: This publication discusses cyberspa
Page 75 and 76: MINDFUL that in the years since the
Page 77 and 78: IV. COURSES OF ACTION DEVELOPMENT A
Page 79 and 80: 4. Disadvantages and Proposed Solut
Page 81 and 82: Requires negotiating new cyberspace
Page 83 and 84: E. SUMMARY This chapter identified
Page 85 and 86: V. COURSES OF ACTION ANALYSIS A. ME
Page 87 and 88: 2. COA #1 Synopsis COA #1 is a prom
Page 89 and 90: Requires negotiating new cyberspace
Page 91 and 92:
DISADVANTAGES SOLUTIONS WEIGHT Modi
Page 93 and 94:
Under this COA, existing classified
Page 95 and 96:
Change DOD conference procedures to
Page 97 and 98:
VI. FINDINGS AND RECOMMENDATIONS A.
Page 99 and 100:
Finally, COA #3 proposes a joint NO
Page 101 and 102:
LIST OF REFERENCES “2014: Piracy,
Page 103 and 104:
Lawson,Sean. “DOD’s ‘First’
Page 105 and 106:
———. Joint Publication 3-12R
Page 107:
INITIAL DISTRIBUTION LIST 1. Defens
show all

SCHOOL THESIS

Create successful ePaper yourself

Delete template?

Save as template?