Into the Gray Zone

Recommendations

Info

58 | Notes 12. Robert Siciliano, “7 Types of Hackers and their Motivations,” McAfee blog (2011), https://blogs.mcafee.com/consumer/ family-safety/7-types-of-hacker-motivations/ 13. U.S. Department of Defense, “The Department of Defense Cyber Strategy.” 14. United States of America vs. Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar, and Nader Saedi, (Sealed Indictment) U.S. Attorney’s Office S.D.N.Y. (2016), https://www.justice.gov/opa/file/834996/ download. 15. Robert M. Lee, Michael J. Assante, and Tim Conway, “Analysis of the Cyber Attack on the Ukrainian Power Grid,” SANS Industrial Control System and the Electricity Information Sharing and Analysis Center (2016), https://ics.sans.org/media/E-ISAC_ SANS_Ukraine_DUC_5.pdf. 16. Josh Rogin, “NSA Chief: Cybercrime constitutes the ‘greatest transfer of wealth in history,’” Foreign Policy, July 9, 2012, http://foreignpolicy.com/2012/07/09/nsa-chief-cybercrime-constitutes-the-greatest-transfer-of-wealth-in-history. 17. https://www.justice.gov/opa/pr/russian-cyber-criminal-convicted-38-counts-related-hacking-businesses-and-stealingmore-two 18. “The World if Financial Systems were Hacked,” The Economist, June 16, 2016, http://worldif.economist.com/article/12136/ joker-pack. 19. Dennis Blair and John M. Huntsman Jr., “The IP Commission Report: The Report of the Commission on the Theft of American Intellectual Property,” The National Bureau of Asian Research (2013), http://www.ipcommission.org/report/ip_ commission_report_052213.pdf. 20. Roger C. Molander, Peter A. Wilson, and Robert H. Anderson, “U.S. Strategic Vulnerabilities: Threats Against Society,” Strategic Appraisal, RAND (1999), https://www.rand.org/content/dam/rand/pubs/monograph_reports/MR1016/MR1016. chap9.pdf. 21. Ross Anderson, Chris Barton, Rainer Böhme, Richard Clayton, Michel JG Van Eeten, Michael Levi, Tyler Moore, and Stefan Savage. “Measuring the cost of cybercrime.” The Economics of Information Security and Privacy, Springer Berlin Heidelberg (2013), 265-300, http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf. 22. Eric Cohen and Davide di Gennaro, “Cybersecurity and Payment Fraud: The Challenge for Treasury,” PricewaterhouseCoopers (2015), http://www.pwc.com/us/en/risk-management/publications/cybersecurity-and-payment-fraud-the-challenge-fortreasury.html. 23. “Operation Blockbuster Unraveling the Long Thread of the Sony Attack,” Novetta (2016) https://www.operationblockbuster.com/ wp-content/uploads/2016/02/Operation-Blockbuster-Report.pdf; Nicole Perlroth, “Yahoo Says Hackers Stole Data on 500 Million Users in 2014,” The New York Times, September 23, 2016, http://www.nytimes.com/2016/09/23/technology/yahoo-hackers.html; Ellen Nakashima, “Cyber Researchers Confirm Russian Government Hack of Democratic National Committee,” The Washington Post, June 20, 2016, https://www.washingtonpost.com/world/national-security/cyber-researchers-confirm-russian-governmenthack-of-democratic-national-committee/2016/06/20/e7375bc0-3719-11e6-9ccd-d6005beac8b3_story.html. 24. Torri Piper, “An Uneven Playing Field: The Advantages of the Cyber Criminal vs. Law Enforcement—and Some Practical Suggestions,” SANS Institute (2002), https://www.sans.org/reading-room/whitepapers/legal/uneven-playing-fieldadvantages-cyber-criminal-vs-law-enforcement-and-practica-115. 25. Eric M. Hutchins, Michael J. Cloppert, and Rohan M. Amin. “Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains.” Leading Issues in Information Warfare & Security Research 1 (2011): 80, http://www. lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf. 26. Dimitar Kostadinov, “The Cyber Exploitation Life Cycle,” Infosec Institute (2013), http://resources.infosecinstitute.com/thecyber-exploitation-life-cycle. 27. Giora Engel, “Deconstructing the Cyber Kill Chain,” Dark Reading (2014), http://www.darkreading.com/attacks-breaches/ deconstructing-the-cyber-kill-chain/a/d-id/1317542. 28. Amol Sarwate, “2016 State of Vulnerability Exploits,” Paper presented at the RSA Conference 2016, San Francisco, California, February 29-March 4, 2016, https://www.rsaconference.com/writable/presentations/file_upload/spo2-t09-2016-stateof-_vulnerability-exploits_v2.pdf. 29. Press Release, Joint Statement from the Department of Homeland Security and Office of the Director of National Intelligence
Into the Gray Zone | 59 on Election Security.” Office of the Director of National Intelligence, October 7, 2016. https://www.dni.gov/index.php/ newsroom/press-releases/215-press-releases-2016/1423-joint-dhs-odni-election-security-statement 30. Robert Gilpin, War and Change in World Politics. Cambridge University Press (1983). 31. While law enforcement organizations are also confronted with the challenges of limited resources when combating traditional crimes, they benefit from the ability to periodically and visibly “flex” their enforcement muscles in ways that remind threat actors that their actions will not go unnoticed or unchecked. Such visible deterrence can play a significant role in affecting the risk calculations of malicious actors. However, in the digital world, those who combat cybercrime have yet to develop or implement this type of enforcement model. When private actors report cyber incidents, they may or may not be investigated depending on enforcement priorities. Where investigations do take place, they often are completed in a less visible manner, or worse, lead to penalties on the victims. 32. See for example John P. Carlin, “Detect, Disrupt, Deter: A Whole-of-Government Approach to National Security Cyber Threats,” Harvard National Security Journal Vol. 7 (2016), http://harvardnsj.org/wp-content/uploads/2016/06/Carlin-FINAL.pdf. 33. The United States Department of Defense defines passive defense as “measures taken to reduce the probability of and to minimize the effects of damage caused by hostile action without the intention of taking the initiative.” Joint Publication (JP) 1-02 Dictionary of Military and Associated Terms. U.S. Department of Defense, March 2015. Robert M. Lee, “The Sliding Scale of Cyber Security,” SANS Analyst White Paper, SANS Institute InfoSec Reading Room (2015), https://www.sans.org/readingroom/whitepapers/analyst/sliding-scale-cyber-security-36240. 34. Lee, “The Sliding Scale of Cyber Security,” 7. 35. Ibid. 36. General William E. DePuy, “Implications of the Middle East War on U.S. Army Tactics, Doctrine and Systems,” The William E. DePuy Papers, Command History Office, U.S. Army Training and Doctrine Command (1974), http://usacac.army.mil/cac2/cgsc/ carl/download/csipubs/SelectedPapersofGeneralWilliamDepuy.pdf quoted in Lee, “The Sliding Scale of Cyber Security,” 9. 37. General William E. DePuy, FM 100-5 Revisited, (1980), quoted in Lee, “The Sliding Scale of Cyber Security,” 9. 38. Lee, “The Sliding Scale of Cyber Security,” 10. 39. Ibid. 40. U.S. Department of Defense, Joint Publication (JP) 1-02 Dictionary of Military and Associated Terms, (2012) quoted in Lee, “The Sliding Scale of Cyber Security,” 10. 41. The Department of Defense’s Advanced Research Projects Agency first operated the predecessor to the Internet, known as ARPANET, based on packet switching technology developed in 1969. “Cyber” probably first began entering military lexicon in the 1980s and the early instances of cyber doctrine in warfare may have occurred in the mid-1990s during Operation Desert Storm. Edward M. Roche, Dark Territory: The Secret History of Cyber War, 2 Journal of Strategic Security 9 (2016), 122. 42. Lee, “The Sliding Scale of Cyber Security,” 8. 43. Ibid. 44. Lee, “The Sliding Scale of Cyber Security,” 10. 45. Ibid. 46. Timothy B. Lee, “How a grad student trying to build the first botnet brought the Internet to its knees,” Washington Post, November 1, 2013, https://www.washingtonpost.com/news/the-switch/wp/2013/11/01/how-a-grad-student-trying-tobuild-the-first-botnet-brought-the-internet-to-its-knees. 47. Ruperto P. Majuca & Jay P. Kesan, “Hacking Back: Optimal Use of Self-Defense in Cyberspace,” Illinois P.L. & Legal Theory Paper Series No.08-20, March 18, 2009, papers.ssrn.com/sol3/papers.cfn?abstract id=1363932. 48. “Press Release, Symbiot Security Announces World’s First Solution to Strike Back Against Network-Based Attackers.” Symbiot, Inc. (2004), https://web.archive.org/web/20080908021351/http://www.symbiot.com/pdf/pr.030404.pdf quoted in Majuca et al. “Hacking Back: Optimal Use of Self-Defense in Cyberspace,” 5. 49. Paco X. Nathan et al. “On the Rules of Engagement for Information Warfare” Symbiot, Inc. (2004), https://web.archive.org/ web/20120206030024/http://www.symbiot.com/pdf/iwROE.pdf quoted in Majuca et al. “Hacking Back: Optimal Use of Self-Defense in Cyberspace,” 5.
Page 3 and 4:
Into the Gray Zone The Private Sect
Page 5:
Table of Contents Foreword and Ackn
Page 8 and 9:
vi | Foreword and Acknowledgements
Page 11:
Participants Task Force Co-Chairs A
Page 14 and 15:
xii | Executive Summary to go “in
Page 16 and 17:
xiv | Executive Summary Actions for
Page 18 and 19:
2 | The Cyber Threat and Active Def
Page 20 and 21:
Page 22 and 23:
Page 24 and 25: 8 | The Cyber Threat and Active Def
Page 26 and 27: 10 | The Cyber Threat and Active De
Page 33 and 34: 2 The Current Policy, Legal and Tec
Page 35 and 36: Into the Gray Zone | 19 technology,
Page 37: 3 Genesis of the Framework TO GENER
Page 40 and 41: 24 | A Framework for Active Defense
Page 48 and 49: 32 | Implementing the Framework 6.
Page 51: 6 A Call To Action THE TIME FOR ACT
Page 54 and 55: 38 | Active Defense Considerations
Page 56 and 57: 40 | Appendix 1: Additional Views o
Page 58 and 59: 42 | Appendix II: Legal Analysis II
Page 60 and 61: 44 | Appendix II: Legal Analysis II
Page 62 and 63: 46 | Appendix III: Global Perspecti
Page 65 and 66: Appendix IV: Glossary of Terms Term
Page 67 and 68: Into the Gray Zone | 51 Term Comput
Page 69 and 70: Into the Gray Zone | 53 Term Dark N
Page 71 and 72: Into the Gray Zone | 55 Term Ransom
Page 73: Notes 1. Chase Gunter, “Cyberwar
Page 77 and 78: Into the Gray Zone | 61 arrested-an
Page 79 and 80: Into the Gray Zone | 63 110. Anthon
Page 81: Into the Gray Zone | 65 148. Daniel
Page 84 and 85: 68 | Selected Works Consulted Kesan
Page 86: Into the Gray Zone... This report
show all

Into the Gray Zone

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?