International Cyber Terrorism

Page 2 of 174

Walk by Faith; Serve with Abandon
Expect to Win!
Page 3 of 174

Page 4 of 174

The Advocacy Foundation, Inc.
Helping Individuals, Organizations & Communities
Achieve Their Full Potential
Since its founding in 2003, The Advocacy Foundation has become recognized as an effective
provider of support to those who receive our services, having real impact within the communities
we serve. We are currently engaged in community and faith-based collaborative initiatives,
having the overall objective of eradicating all forms of youth violence and correcting injustices
everywhere. In carrying-out these initiatives, we have adopted the evidence-based strategic
framework developed and implemented by the Office of Juvenile Justice & Delinquency
Prevention (OJJDP).
The stated objectives are:
1. Community Mobilization;
2. Social Intervention;
3. Provision of Opportunities;
4. Organizational Change and Development;
5. Suppression [of illegal activities].
Moreover, it is our most fundamental belief that in order to be effective, prevention and
intervention strategies must be Community Specific, Culturally Relevant, Evidence-Based, and
Collaborative. The Violence Prevention and Intervention programming we employ in
implementing this community-enhancing framework include the programs further described
throughout our publications, programs and special projects both domestically and
internationally.
www.Advocacy.Foundation
ISBN: ......... ../2017
......... Printed in the USA
Advocacy Foundation Publishers
Philadelphia, PA
(878) 222-0450 | Voice | Data | SMS
Page 5 of 174

Page 6 of 174

Dedication
______
Every publication in our many series’ is dedicated to everyone, absolutely everyone, who by
virtue of their calling and by Divine inspiration, direction and guidance, is on the battlefield dayafter-day
striving to follow God’s will and purpose for their lives. And this is with particular affinity
for those Spiritual warriors who are being transformed into excellence through daily academic,
professional, familial, and other challenges.
We pray that you will bear in mind:
Matthew 19:26 (NLT)
Jesus looked at them intently and said, “Humanly speaking, it is impossible.
But with God everything is possible.” (Emphasis added)
To all of us who daily look past our circumstances, and naysayers, to what the Lord says we will
accomplish:
Blessings!!
- The Advocacy Foundation, Inc.
Page 7 of 174

Page 8 of 174

The Transformative Justice Project
Eradicating Juvenile Delinquency Requires a Multi-Disciplinary Approach
The Juvenile Justice system is incredibly
overloaded, and Solutions-Based programs are
woefully underfunded. Our precious children,
therefore, particularly young people of color, often
get the “swift” version of justice whenever they
come into contact with the law.
Decisions to build prison facilities are often based
on elementary school test results, and our country
incarcerates more of its young than any other
nation on earth. So we at The Foundation labor to
pull our young people out of the “school to prison”
pipeline, and we then coordinate the efforts of the
legal, psychological, governmental and
educational professionals needed to bring an end
to delinquency.
We also educate families, police, local businesses,
elected officials, clergy, schools and other
stakeholders about transforming whole communities, and we labor to change their
thinking about the causes of delinquency with the goal of helping them embrace the
idea of restoration for the young people in our care who demonstrate repentance for
their mistakes.
The way we accomplish all this is a follows:
1. We vigorously advocate for charges reductions, wherever possible, in the
adjudicatory (court) process, with the ultimate goal of expungement or pardon, in
order to maximize the chances for our clients to graduate high school and
progress into college, military service or the workforce without the stigma of a
criminal record;
2. We then endeavor to enroll each young person into an Evidence-Based, Data-
Driven Transformative Justice program designed to facilitate their rehabilitation
and subsequent reintegration back into the community;
3. While those projects are operating, we conduct a wide variety of ComeUnity-
ReEngineering seminars and workshops on topics ranging from Juvenile Justice
to Parental Rights, to Domestic issues to Police friendly contacts, to Mental
Health intervention, to CBO and FBO accountability and compliance;
Page 9 of 174

4. Throughout the process, we encourage and maintain frequent personal contact
between all parties;
5 Throughout the process we conduct a continuum of events and fundraisers
designed to facilitate collaboration among professionals and community
stakeholders; and finally
6. 1 We disseminate Monthly and Quarterly publications, like our e-Advocate series
Newsletter and our e-Advocate Monthly and Quarterly Electronic Compilations to
all regular donors in order to facilitate a lifelong learning process on the everevolving
developments in both the Adult and Juvenile Justice systems.
And in addition to the help we provide for our young clients and their families, we also
facilitate Community Engagement through the Transformative Justice process,
thereby balancing the interests of local businesses, schools, clergy, social
organizations, elected officials, law enforcement entities, and other interested
stakeholders. Through these efforts, relationships are built, rebuilt and strengthened,
local businesses and communities are enhanced & protected from victimization, young
careers are developed, and our precious young people are kept out of the prison
pipeline.
Additionally, we develop Transformative “Void Resistance” (TVR) initiatives to elevate
concerns of our successes resulting in economic hardship for those employed by the
penal system.
TVR is an innovative-comprehensive process that works in conjunction with our
Transformative Justice initiatives to transition the original use and purpose of current
systems into positive social impact operations, which systematically retrains current
staff, renovates facilities, creates new employment opportunities, increases salaries and
is data-proven to enhance employee’s mental wellbeing and overall quality of life – an
exponential Transformative Social Impact benefit for ALL community stakeholders.
This is a massive undertaking, and we need all the help and financial support you can
give! We plan to help 75 young persons per quarter-year (aggregating to a total of 250
per year) in each jurisdiction we serve) at an average cost of under $2,500 per client,
per year. *
Thank you in advance for your support!
* FYI:
1
In addition to supporting our world-class programming and support services, all regular donors receive our Quarterly e-Newsletter
(The e-Advocate), as well as The e-Advocate Quarterly Magazine.
Page 10 of 174

1. The national average cost to taxpayers for minimum-security youth incarceration,
is around $43,000.00 per child, per year.
2. The average annual cost to taxpayers for maximum-security youth incarceration
is well over $148,000.00 per child, per year.
- (US News and World Report, December 9, 2014);
3. In every jurisdiction in the nation, the Plea Bargaining rate is above 99%.
The Judicial system engages in a tri-partite balancing task in every single one of these
matters, seeking to balance Rehabilitative Justice with Community Protection and
Judicial Economy, and, although the practitioners work very hard to achieve positive
outcomes, the scales are nowhere near balanced where people of color are involved.
We must reverse this trend, which is right now working very much against the best
interests of our young.
Our young people do not belong behind bars.
- Jack Johnson
Page 11 of 174

Page 12 of 174

The Advocacy Foundation, Inc.
Helping Individuals, Organizations & Communities
Achieve Their Full Potential
…a compendium of works on
International Incidents Series
International Cyber Terrorism
“Turning the Improbable Into the Exceptional”
Atlanta
Philadelphia
______
John C Johnson III
Founder & CEO
(878) 222-0450
Voice | Data | SMS
www.Advocacy.Foundation
Page 13 of 174

Page 14 of 174

Biblical Authority
Deuteronomy 20:1-4 (NIV)
Going to War
1
When you go to war against your enemies and see horses and chariots and an army
greater than yours, do not be afraid of them, because the Lord your God, who brought
you up out of Egypt, will be with you. 2 When you are about to go into battle, the priest
shall come forward and address the army. 3 He shall say: “Hear, Israel: Today you are
going into battle against your enemies. Do not be fainthearted or afraid; do not panic or
be terrified by them. 4 For the Lord your God is the one who goes with you to fight for
you against your enemies to give you victory.”
Isaiah 2:4
4
He will judge between the nations and will settle disputes for many peoples. They will
beat their swords into plowshares and their spears into pruning hooks. Nation will not
take up sword against nation, nor will they train for war anymore.
Isaiah 19:2
2
“I will stir up Egyptian against Egyptian—brother will fight against brother, neighbor
against neighbor, city against city, kingdom against kingdom.
Jeremiah 46:16
16
They will stumble repeatedly; they will fall over each other. They will say, ‘Get up, let
us go back to our own people and our native lands, away from the sword of the
oppressor.’
Jeremiah 51:20
20
“You are my war club, my weapon for battle—with you I shatter nations, with you I
destroy kingdoms,
Micah 7:8
Israel Will Rise
8
Do not gloat over me, my enemy! Though I have fallen, I will rise.
Though I sit in darkness, the Lord will be my light.
Page 15 of 174

Zechariah 10:5
5
Together they will be like warriors in battle trampling their enemy into the mud of the
streets. They will fight because the Lord is with them, and they will put the enemy
horsemen to shame.
Zechariah 14:2
2
I will gather all the nations to Jerusalem to fight against it; the city will be captured, the
houses ransacked, and the women raped. Half of the city will go into exile, but the rest
of the people will not be taken from the city.
________
Matthew 24:6
6
You will hear of wars and rumors of wars, but see to it that you are not alarmed. Such
things must happen, but the end is still to come.
Romans 8:37
37
No, in all these things we are more than conquerors through him who loved us.
Romans 12:19
19
Do not take revenge, my dear friends, but leave room for God’s wrath, for it is written:
“It is mine to avenge; I will repay,” says the Lord.
Romans 13:4
4
For the one in authority is God’s servant for your good. But if you do wrong, be afraid,
for rulers do not bear the sword for no reason. They are God’s servants, agents of wrath
to bring punishment on the wrongdoer.
2 Corinthians 10:4
4
The weapons we fight with are not the weapons of the world. On the contrary, they
have divine power to demolish strongholds.
Page 16 of 174

Ephesians 6:10-17
The [Whole] Armor of God
10
Finally, be strong in the Lord and in his mighty power. 11 Put on the full armor of
God, so that you can take your stand against the devil’s schemes. 12 For our struggle is
not against flesh and blood, but against the rulers, against the authorities, against the
powers of this dark world and against the spiritual forces of evil in the heavenly
realms. 13 Therefore put on the full armor of God, so that when the day of evil comes,
you may be able to stand your ground, and after you have done everything, to
stand. 14 Stand firm then, with the belt of truth buckled around your waist, with the
breastplate of righteousness in place, 15 and with your feet fitted with the readiness that
comes from the gospel of peace. 16 In addition to all this, take up the shield of faith, with
which you can extinguish all the flaming arrows of the evil one. 17 Take the helmet of
salvation and the sword of the Spirit, which is the word of God.
James 4:1-2
Submit Yourselves to God
1
What causes fights and quarrels among you? Don’t they come from your desires that
battle within you? 2 You desire but do not have, so you kill. You covet but you cannot get
what you want, so you quarrel and fight. You do not have because you do not ask God.
Page 17 of 174

Page 18 of 174

Table of Contents
…a compilation of works on
International Incidents Series
International Cyber Terrorism
Biblical Authority
I. Introduction: Cyberterrorism…………………………………………… 21
II. Cyberwarfare.……………………………………………………………. 41
III. Cyber Data-Collection.………………………………………………… 67
IV. Proactive Cyber-Defense…….………………………………….......... 73
V. Cyber Security Regulation….…………………………………………. 81
VI. United States Cyber Command…………………………………….… 91
VII. Cyber Attack Threat Trends and Cyber Attacks.............................. 99
VIII. References……………………………………………………............. 105
________
Attachments
A. Cyberwarfare and Cyberterrorism: In Brief
B. Cyberterrorism: Definition Patterns and Mitigation Strategies
C. Cyberterrorism: Its Effect on Psychological Well-Being,
Public Confidence, and Political Attitudes
Copyright © 2003 – 2019 The Advocacy Foundation, Inc. All Rights Reserved.
Page 19 of 174

This work is not meant to be a piece of original academic
analysis, but rather draws very heavily on the work of
scholars in a diverse range of fields. All material drawn upon
is referenced appropriately.
Page 20 of 174

I. Introduction
CyberTerrorism
Cyberterrorism is the use of the Internet to conduct violent acts that result in, or
threaten, loss of life or significant bodily harm, in order to achieve political or ideological
gains through threat or intimidation. It is also sometimes considered an act of Internet
terrorism where terrorist activities, including acts of deliberate, large-scale disruption of
computer networks, especially of personal computers attached to the Internet by means
of tools such as computer viruses, computer worms, phishing, and other malicious
software and hardware methods and programming scripts.
Cyberterrorism is a controversial term. Some authors opt for a very narrow definition,
relating to deployment by known terrorist organizations of disruption attacks against
information systems for the primary purpose of creating alarm, panic, or physical
disruption. Other authors prefer a broader definition, which includes cybercrime.
Participating in a cyberattack affects the terror threat perception, even if it isn't done with
a violent approach. By some definitions, it might be difficult to distinguish which
instances of online activities are cyberterrorism or cybercrime.
Page 21 of 174

Cyberterrorism can be also defined as the intentional use of computers, networks, and
public internet to cause destruction and harm for personal objectives. Experienced
cyberterrorists, who are very skilled in terms of hacking can cause massive damage to
government systems, hospital records, and national security programs, which might
leave a country, community or organization in turmoil and in fear of further attacks. The
objectives of such terrorists may be political or ideological since this can be considered
a form of terror.
There is much concern from government and media sources about potential damage
that could be caused by cyberterrorism, and this has prompted efforts by government
agencies such as the Federal Bureau of Investigations (FBI) and the Central
Intelligence Agency (CIA) to put an end to cyber attacks and cyberterrorism.
There have been several major and minor instances of cyberterrorism. Al-
Qaeda utilized the internet to communicate with supporters and even to recruit new
members. Estonia, a Baltic country which is constantly evolving in terms of technology,
became a battleground for cyberterror in April, 2007 after disputes regarding the
removal of a WWII soviet statue located in Estonia's capital Tallinn.
Overview
There is debate over the basic definition of the scope of cyberterrorism. These
definitions can be narrow such as the use of Internet to attack other systems in the
Internet that result to violence against persons or property. They can also be broad,
those that include any form of Internet usage by terrorists ro conventional attacks on
information technology infrastructures. There is variation in qualification by motivation,
targets, methods, and centrality of computer use in the act. U.S. government agencies
also use varying definitions and that none of these have so far attempted to introduce a
standard that is binding outside of their sphere of influence.
Depending on context, cyberterrorism may overlap considerably
with cybercrime, cyberwar or ordinary terrorism. Eugene Kaspersky, founder
of Kaspersky Lab, now feels that "cyberterrorism" is a more accurate term than
"cyberwar". He states that "with today's attacks, you are clueless about who did it or
when they will strike again. It's not cyber-war, but cyberterrorism." He also equates
large-scale cyber weapons, such as the Flame Virus and NetTraveler Virus which his
company discovered, to biological weapons, claiming that in an interconnected world,
they have the potential to be equally destructive.
If cyberterrorism is treated similarly to traditional terrorism, then it only includes attacks
that threaten property or lives, and can be defined as the leveraging of a target's
computers and information, particularly via the Internet, to cause physical, real-world
harm or severe disruption of infrastructure.
Many academics and researchers who specialize in terrorism studies suggest that
cyberterrorism does not exist and is really a matter of hacking or information
Page 22 of 174

warfare. They disagree with labeling it as terrorism because of the unlikelihood of the
creation of fear, significant physical harm, or death in a population using electronic
means, considering current attack and protective technologies.
If death or physical damage that could cause human harm is considered a necessary
part of the cyberterrorism definition, then there have been few identifiable incidents of
cyberterrorism, although there has been much policy research and public concern.
Modern terrorism and political violence is not easily defined, however, and some
scholars assert that it is now "unbounded" and not exclusively concerned with physical
damage
There is an old saying that death or loss of property are the side products of terrorism,
the main purpose of such incidents is to create terror in peoples' minds and harm
bystanders. If any incident in cyberspace can create terror, it may be rightly called
cyberterrorism. For those affected by such acts, the fears of cyberterrorism are quite
real.
As with cybercrime in general, the threshold of required knowledge and skills to
perpetrate acts of cyberterror has been steadily diminishing thanks to freely available
hacking suites and online courses. Additionally, the physical and virtual worlds are
Page 23 of 174

merging at an accelerated rate, making for many more targets of opportunity which is
evidenced by such notable cyber attacks as Stuxnet, the Saudi petrochemical sabotage
attempt in 2018 and others.
Defining Cyberterrorism
Assigning a concrete definition to cyberterrorism can be hard, due to the difficulty of
defining the term terrorism itself. Multiple organizations have created their own
definitions, most of which are overly broad. There is also controversy concerning
overuse of the term, hyperbole in the media and by security vendors trying to sell
"solutions".
One way of understanding cyberterrorism involves the idea that terrorists could cause
massive loss of life, worldwide economic chaos and environmental damage by hacking
into critical infrastructure systems. The nature of cyberterrorism covers conduct
involving computer or Internet technology that:
1. is motivated by a political, religious or ideological cause
2. is intended to intimidate a government or a section of the public to varying
degrees
3. seriously interferes with infrastructure
The term "cyberterrorism" can be used in a variety of different ways, but there are limits
to its use. An attack on an Internet business can be labeled cyberterrorism, however
when it is done for economic motivations rather than ideological it is typically regarded
as cybercrime. Convention also limits the label "cyberterrorism" to actions by
individuals, independent groups, or organizations. Any form of cyberwarfare conducted
by governments and states would be regulated and punishable under international law.
The Technolytics Institute defines cyberterrorism as
"[t]he premeditated use of disruptive activities, or the threat thereof, against computers
and/or networks, with the intention to cause harm or further social, ideological, religious,
political or similar objectives. Or to intimidate any person in furtherance of such
objectives."
The term appears first in defense literature, surfacing (as "cyber-terrorism") in reports by
the U.S. Army War College as early as 1998.
The National Conference of State Legislatures, an organization of legislators created to
help policymakers in the United States of America with issues such as economy
and homeland security defines cyberterrorism as:
[T]he use of information technology by terrorist groups and individuals to further their
agenda. This can include use of information technology to organize and execute attacks
against networks, computer systems and telecommunications infrastructures, or for
Page 24 of 174

exchanging information or making threats electronically. Examples are hacking into
computer systems, introducing viruses to vulnerable networks, web site defacing, Denialof-service
attacks, or terroristic threats made via electronic communication.
NATO defines cyberterrorism as "[a] cyberattack using or exploiting computer or
communication networks to cause sufficient destruction or disruption to generate fear or
to intimidate a society into an ideological goal".
ideological agenda.
The United States National
Infrastructure Protection Center defined
cyberterrorism as:
"A criminal act perpetrated by the use
of computers and telecommunications
capabilities resulting in violence,
destruction, and/or disruption of
services to create fear by causing
confusion and uncertainty within a
given population, with the goal of
influencing a government or population
to conform to a political, social, or
The FBI, another United States agency, defines "cyber terrorism" as “premeditated,
politically motivated attack against information, computer systems, computer programs,
and data which results in violence against non-combatant targets by subnational groups
or clandestine agents”.
These definitions tend to share the view of cyberterrorism as politically and/or
ideologically inclined. One area of debate is the difference between cyberterrorism
and hacktivism. Hacktivism is ”the marriage of hacking with political activism”. Both
actions are politically driven and involve using computers, however cyberterrorism is
primarily used to cause harm. It becomes an issue because acts of violence on the
computer can be labeled either cyberterrorism or hacktivism.
Types of Cyberterror Capability
The following three levels of cyberterror capability are defined by Monterey group
• Simple-Unstructured: The capability to conduct basic hacks against individual
systems using tools created by someone else. The organization possesses little
target analysis, command, and control, or learning capability.
• Advanced-Structured: The capability to conduct more sophisticated attacks
against multiple systems or networks and possibly, to modify or create basic
hacking tools. The organization possesses an elementary target analysis,
command and control, and learning capability.
Page 25 of 174

• Complex-Coordinated: The capability for a coordinated attack capable of causing
mass-disruption against integrated, heterogeneous defenses (including
cryptography). Ability to create sophisticated hacking tools. Highly capable target
analysis, command, and control, and organization learning capability.
Concerns
Cyberterrorism is becoming more and more prominent on social media today. As the
Internet becomes more pervasive in all areas of human endeavor, individuals or groups
can use the anonymity afforded by cyberspace to threaten citizens, specific groups (i.e.
with membership based on ethnicity or belief), communities and entire countries,
without the inherent threat of capture, injury, or death to the attacker that being
physically present would bring. Many groups such as Anonymous, use tools such
as denial-of-service attack to attack and censor groups who oppose them, creating
many concerns for freedom and respect for differences of thought.
Many believe that cyberterrorism is an extreme threat to countries' economies, and fear
an attack could potentially lead to another Great Depression. Several leaders agree that
cyberterrorism has the highest percentage of threat over other possible attacks on U.S.
territory. Although natural disasters are considered a top threat and have proven to be
devastating to people and land, there is ultimately little that can be done to prevent such
events from happening. Thus, the expectation is to focus more on preventative
measures that will make Internet attacks impossible for execution.
As the Internet continues to expand, and computer systems continue to be assigned
increased responsibility while becoming more complex and interdependent, sabotage or
terrorism via the Internet may become a more serious threat and is possibly one of the
top 10 events to "end the human race." People have much easier access to illegal
involvement within the cyberspace by the ability to access a part of the internet known
as the Dark Web. The Internet of Things promises to further merge the virtual and
physical worlds, which some experts see as a powerful incentive for states to use
terrorist proxies in furtherance of objectives.
Dependence on the internet is rapidly increasing on a worldwide scale, creating a
platform for international cyber terror plots to be formulated and executed as a direct
threat to national security. For terrorists, cyber-based attacks have distinct advantages
over physical attacks. They can be conducted remotely, anonymously, and relatively
cheaply, and they do not require significant investment in weapons, explosive and
personnel. The effects can be widespread and profound. Incidents of cyberterrorism are
likely to increase. They will be conducted through denial of service attacks, malware,
and other methods that are difficult to envision today. One example involves the deaths
involving the Islamic State and the online social networks Twitter, Google, and
Facebook lead to legal action being taken against them, that ultimately resulted in them
being sued.
Page 26 of 174

In an article about cyber attacks by Iran and North Korea, The New York
Times observes, "The appeal of digital weapons is similar to that of nuclear capability: it
is a way for an outgunned, out financed nation to even the playing field. 'These
countries are pursuing cyberweapons the same way they are pursuing nuclear
weapons,' said James A. Lewis, a computer security expert at the Center for Strategic
and International Studies in Washington. 'It's primitive; it's not top of the line, but it's
good enough and they are committed to getting it.'"
History
Public interest in cyberterrorism began in the late 1990s, when the term was coined by
Barry C. Collin. As 2000 approached, the fear and uncertainty about the millennium bug
heightened, as did the potential for attacks by cyber terrorists. Although the millennium
bug was by no means a terrorist attack or plot against the world or the United States, it
Page 27 of 174

did act as a catalyst in sparking the fears of a possibly large-scale devastating cyberattack.
Commentators noted that many of the facts of such incidents seemed to change,
often with exaggerated media reports.
The high-profile terrorist attacks in the United States on September 11, 2001 and the
ensuing War on Terror by the US led to further media coverage of the potential threats
of cyberterrorism in the years following. Mainstream media coverage often discusses
the possibility of a large attack making use of computer networks to sabotage critical
infrastructures with the aim of putting human lives in jeopardy or causing disruption on a
national scale either directly or by disruption of the national economy.
Authors such as Winn Schwartau and John Arquilla are reported to have had
considerable financial success selling books which described what were purported to be
plausible scenarios of mayhem caused by cyberterrorism. Many critics claim that these
books were unrealistic in their assessments of whether the attacks described (such as
nuclear meltdowns and chemical plant explosions) were possible. A common thread
throughout what critics perceive as cyberterror-hype is that of non-falsifiability; that is,
when the predicted disasters fail to occur, it only goes to show how lucky we've been so
far, rather than impugning the theory.
In 2016, for the first time ever, the Department of Justice charged Ardit Ferizi with
cyberterrorism. He is accused of allegedly hacking into a military website and stealing
the names, addresses, and other personal information of government and military
personnel and selling it to ISIS
On the other hand, it is also argued that, despite substantial studies on cyberterrorism,
the body of literature is still unable to present a realistic estimate of the actual
threat. For instance, in the case of a cyberterrorist attack on a public infrastructure such
as a power plant or air traffic control through hacking, there is uncertainty as to its
success because data concerning such phenomena are limited.
Conventions
International Attacks and Responses
As of 2016 there have been seventeen conventions and major legal instruments that
specifically deal with terrorist activities and can also be applied to cyber terrorism.
• 1963: Convention on Offences and Certain Other Acts Committed on Board
Aircraft
• 1970: Convention for the Suppression of Unlawful Seizure of Aircraft
• 1971: Convention for the Suppression of Unlawful Acts Against the Safety of Civil
Aviation
• 1973: Convention on the Prevention and Punishment of Crimes against
Internationally Protected Persons
• 1979: International Convention against the Taking of Hostages
Page 28 of 174

• 1980: Convention on the Physical Protection of Nuclear Material
• 1988: Protocol for the Suppression of Unlawful Acts of Violence at Airports
Serving International Civil Aviation
• 1988: Protocol for the Suppression of Unlawful Acts against the Safety of Fixed
Platforms Located on the Continental Shelf
• 1988: Convention for the Suppression of Unlawful Acts against the Safety of
Maritime Navigation
• 1989: Supplementary to the Convention for the Suppression of Unlawful Acts
against the Safety of Civil Aviation
• 1991: Convention on the Marking of Plastic Explosives for the Purpose of
Detection
• 1997: International Convention for the Suppression of Terrorist Bombings
• 1999: International Convention for the Suppression of the Financing of Terrorism
• 2005: Protocol to the Convention for the Suppression of Unlawful Acts against
the Safety of Maritime Navigation
• 2005: International Convention for the Suppression of Acts of Nuclear Terrorism
• 2010: Protocol Supplementary to the Convention for the Suppression of Unlawful
Seizure of Aircraft
• 2010: Convention on the Suppression of Unlawful Acts Relating to International
Civil Aviation
Motivations for Cyberattacks
There are many different motives for cyberattacks, with the majority being for financial
reasons. However, there is increasing evidence that hackers are becoming more
Page 29 of 174

politically motivated. Cyberterrorists are aware that governments are reliant on the
internet and have exploited this as a result. For example, Mohammad Bin Ahmad As-
Sālim's piece '39 Ways to Serve and Participate in Jihad' discusses how an electronic
jihad could disrupt the West through targeted hacks of American websites, and other
resources seen as anti-Jihad, modernist, or secular in orientation (Denning, 2010;
Leyden, 2007).
International Institutions
As of 2016 the United Nations only has one agency that specializes in cyberterrorism,
the International Telecommunications Union.
U.S. Military/Protections Against Cyberterrorism
The US Department of Defense (DoD) charged the United States Strategic
Command with the duty of combating cyberterrorism. This is accomplished through
the Joint Task Force-Global Network Operations, which is the operational component
supporting USSTRATCOM in defense of the DoD's Global Information Grid. This is
done by integrating GNOcapabilities into the operations of all DoD computers, networks,
and systems used by DoD combatant commands, services and agencies.
On November 2, 2006, the Secretary of the Air Force announced the creation of the Air
Force's newest MAJCOM, the Air Force Cyber Command, which would be tasked to
monitor and defend American interest in cyberspace. The plan was however replaced
by the creation of Twenty-Fourth Air Force which became active in August 2009 and
would be a component of the planned United States Cyber Command.
On December 22, 2009, the White House named its head of computer
security as Howard Schmidt to coordinate U.S Government, military and intelligence
efforts to repel hackers. He left the position in May, 2012. Michael Daniel was appointed
to the position of White House Coordinator of Cyber Security the same week and
continues in the position during the second term of the Obama administration.
More recently, Obama signed an executive order to enable the US to impose sanctions
on either individuals or entities that are suspected to be participating in cyber related
acts. These acts were assessed to be possible threats to US national security, financial
issues or foreign policy issues. U.S. authorities indicted a man over 92 cyberterrorism
hacks attacks on computers used by the Department of Defense. A Nebraska-based
consortium apprehended four million hacking attempts in the course of eight weeks. In
2011 cyberterrorism attacks grew 20%.
Estonia and NATO
The Baltic state of Estonia was the target of a massive denial-of-service attack that
ultimately rendered the country offline and shut out from services dependent on Internet
connectivity in April 2007. The infrastructure of Estonia including everything from online
Page 30 of 174

anking and mobile phone networks to government services and access to health care
information was disabled for a time. The tech-dependent state experienced severe
turmoil and there was a great deal of concern over the nature and intent of the attack.
The cyber attack was a result of an Estonian-Russian dispute over the removal of a
bronze statue depicting a World War II-era Soviet soldier from the center of the capital,
Tallinn. In the midst of the armed conflict with Russia, Georgia likewise was subject to
sustained and coordinated attacks on its electronic infrastructure in August 2008. In
both of these cases, circumstantial evidence point to coordinated Russian attacks, but
attribution of the attacks is difficult; though both the countries blame Moscow for
contributing to the cyber attacks, proof establishing legal culpability is lacking.
Estonia joined NATO in 2004, which prompted NATO to carefully monitor its member
state's response to the attack. NATO also feared escalation and the possibility of
cascading effects beyond Estonia's border to other NATO members. In 2008, directly as
a result of the attacks, NATO opened a new center of excellence on cyber-defense to
conduct research and training on cyber warfare in Tallinn.
Page 31 of 174

The chaos resulting from the attacks in Estonia illustrated to the world the dependence
countries had on information technology. This dependence then makes countries
vulnerable to future cyber attacks and terrorism.
Republic of Korea
According to 2016 Deloitte Asia-Pacific Defense Outlook, South Korea's 'Cyber Risk
Score' was 884 out of 1,000 and South Korea is found to be the most vulnerable country
to cyber attacks in the Asia-Pacific region. Considering South Korea's high speed
internet and cutting edge technology, its cyber security infrastructure is relatively weak.
The 2013 South Korea cyberattack significantly damaged the Korean economy. In
2017, a ransomware attack harassed private companies and users, who experienced
personal information leakage. Additionally, there were North Korea's cyber attacks
which risked national security of South Korea.
In response to this, South Korean government's countermeasure is to protect the
information security centers the National Intelligence Agency. Currently, 'cyber security'
is one of the major goals of NIS Korea. Since 2013, South Korea had established
policies related to National cyber security and trying to prevent cyber crises via
sophisticated investigation on potential threats. Meanwhile, scholars emphasize on
improving the national consciousness towards cyber attacks as South Korea had
already entered the so-called 'hyper connected society'.
China
The Chinese Defense Ministry confirmed the existence of an online defense unit in May
2011. Composed of about thirty elite internet specialists, the so-called "Cyber Blue
Team", or "Blue Army", is officially claimed to be engaged in cyber-defense operations,
though there are fears the unit has been used to penetrate secure online systems of
foreign governments.
Pakistan
Pakistani Government has also taken steps to curb the menace of cyberterrorism and
extremist propaganda. National Counter Terrorism Authority (Nacta) is working on joint
programs with different NGOs and other cyber security organizations in Pakistan to
combat this problem.
Surf Safe Pakistan is one such example. Now people in Pakistan can report extremist
and terrorist related content online on Surf Safe Pakistan portal. The National Counter
Terrorism Authority (NACTA) provides the Federal Government's leadership for the Surf
Safe Campaign. In March 2008 an al Qaeda forum posted a training website with six
training modules to learn cyberterrorism techniques.
Page 32 of 174

Ukraine
A series of powerful cyber attacks began 27 June 2017 that swamped websites of
Ukrainian organizations, including banks, ministries, newspapers and electricity firms.
Examples
An operation can be done by anyone anywhere in the world, for it can be performed
thousands of miles away from a target. An attack can cause serious damage to a critical
infrastructure which may result in casualties.
Some attacks are conducted in furtherance of political and social objectives, as the
following examples illustrate:
• In 1996, a computer hacker allegedly associated with the White Supremacist
movement temporarily disabled a Massachusetts ISP and damaged part of the
ISP's record keeping system. The ISP had attempted to stop the hacker from
sending out worldwide racist messages under the ISP's name. The hacker
Page 33 of 174

signed off with the threat: "you have yet to see true electronic terrorism. This is a
promise."
• In 1998, Spanish protesters bombarded the Institute for Global Communications
(IGC) with thousands of bogus e-mail messages. E-mail was tied up and
undeliverable to the ISP's users, and support lines were tied up with people who
couldn't get their mail. The protestors also spammed IGC staff and member
accounts, clogged their Web page with bogus credit card orders, and threatened
to employ the same tactics against organizations using IGC services. They
demanded that IGC stop hosting the Web site for the Euskal Herria Journal, a
New York-based publication supporting Basque independence. Protestors said
IGC supported terrorism because a section on the Web pages contained
materials on the terrorist group ETA, which claimed responsibility for
assassinations of Spanish political and security officials, and attacks on military
installations. IGC finally relented and pulled the site because of the "mail
bombings."
• In 1998, ethnic Tamil guerrillas attempted to disrupt Sri Lankan embassies by
sending large volumes of e-mail. The embassies received 800 e-mails a day over
a two-week period. The messages read "We are the Internet Black Tigers and
we're doing this to disrupt your communications." Intelligence authorities
characterized it as the first known attack by terrorists against a country's
computer systems.
• During the Kosovo conflict in 1999, NATO computers were blasted with e-mail
bombs and hit with denial-of-service attacks by hacktivists protesting the NATO
bombings. In addition, businesses, public organizations and academic institutes
received highly politicized virus-laden e-mails from a range of Eastern European
countries, according to reports. Web defacements were also common. After the
Chinese Embassy was accidentally bombed in Belgrade, Chinese hacktivists
posted messages such as "We won't stop attacking until the war stops!" on U.S.
government Web sites.
• Since December 1997, the Electronic Disturbance Theater (EDT) has been
conducting Web sit-ins against various sites in support of
the Mexican Zapatistas. At a designated time, thousands of protestors point their
browsers to a target site using software that floods the target with rapid and
repeated download requests. EDT's software has also been used by animal
rights groups against organizations said to abuse animals. Electro-hippies,
another group of hacktivists, conducted Web sit-ins against the WTO when they
met in Seattle in late 1999. These sit-ins all require mass participation to have
much effect, and thus are more suited to use by activists than by terrorists.
• In 2000, a Japanese investigation revealed that the government was using
software developed by computer companies affiliated with Aum Shinrikyo, the
doomsday sect responsible for the sarin gas attack on the Tokyo subway system
Page 34 of 174

in 1995. "The government found 100 types of software programs used by at least
10 Japanese government agencies, including the Defense Ministry, and more
than 80 major Japanese companies, including Nippon Telegraph and
Telephone." Following the discovery, the Japanese government suspended use
of Aum-developed programs out of concern that Aum-related companies may
have compromised security by breaching firewalls. gaining access to sensitive
systems or information, allowing invasion by outsiders, planting viruses that could
be set off later, or planting malicious code that could cripple computer systems
and key data system.
• In March 2013, The New York Times reported on a pattern of cyber attacks
against U.S. financial institutions believed to be instigated by Iran as well as
incidents affecting South Korean financial institutions that originate with the North
Korean government.
• In August 2013, media companies including The New York Times, Twitter and
the Huffington Post lost control of some of their websites after hackers supporting
the Syrian government breached the Australian Internet company that manages
many major site addresses. The Syrian Electronic Army, a hacker group that has
Page 35 of 174

previously attacked media organizations that it considers hostile to the regime of
Syrian president Bashar al-Assad, claimed credit for the Twitter and Huffington
Post hacks in a series of Twitter messages. Electronic records showed that
NYTimes.com, the only site with an hours-long outage, redirected visitors to a
server controlled by the Syrian group before it went dark.
• Pakistani Cyber Army is the name taken by a group of hackers who are known
for their defacement of websites, particularly Indian, Chinese,
and Israeli companies and governmental organizations, claiming to
represent Pakistani nationalist and Islamic interests. The group is thought to
have been active since at least 2008, and maintains an active presence on social
media, especially Facebook. Its members have claimed responsibility for the
hijacking of websites belonging to Acer, BSNL, India's CBI, Central Bank, and the
State Government of Kerala.
• British hacker Kane Gamble, sentenced to 2 years in youth detention, posed
as CIA chief to access highly sensitive information. He also "cyber-terrorized"
high-profile U.S. intelligence officials such as then CIA chief John Brennan or
Director of National Intelligence James Clapper. The judge said Gamble engaged
in "politically motivated cyber terrorism."
Sabotage
Non-political acts of sabotage have caused financial and other damage. In 2000,
disgruntled employee Vitek Boden caused the release of 800,000 liters of untreated
sewage into waterways in Maroochy Shire, Australia.
More recently, in May 2007 Estonia was subjected to a mass cyber-attack in the wake
of the removal of a Russian World War II war memorial from downtown Tallinn. The
attack was a distributed denial-of-service attack in which selected sites were
bombarded with traffic to force them offline; nearly all Estonian government ministry
networks as well as two major Estonian bank networks were knocked offline; in addition,
the political party website of Estonia's Prime Minister Andrus Ansip featured a
counterfeit letter of apology from Ansip for removing the memorial statue. Despite
speculation that the attack had been coordinated by the Russian government, Estonia's
defense minister admitted he had no conclusive evidence linking cyber attacks to
Russian authorities. Russia called accusations of its involvement "unfounded", and
neither NATO nor European Commission experts were able to find any conclusive proof
of official Russian government participation. In January 2008 a man from Estonia was
convicted for launching the attacks against the Estonian Reform Party website and
fined.
During the Russia-Georgia War, on 5 August 2008, three days before Georgia launched
its invasion of South Ossetia, the websites for OSInform News
Agency and OSRadio were hacked. The OSinform website at osinform.ru kept its
header and logo, but its content was replaced by a feed to the Alania TV website
Page 36 of 174

content. Alania TV, a Georgian government-supported television station aimed at
audiences in South Ossetia, denied any involvement in the hacking of the
websites. Dmitry Medoyev, at the time the South Ossetian envoy to Moscow, claimed
that Georgia was attempting to cover up information on events which occurred in the
lead-up to the war. One such cyber attack caused the Parliament of
Georgiaand Georgian Ministry of Foreign Affairs websites to be replaced by images
comparing Georgian president Mikheil Saakashvili to Adolf Hitler. Other attacks
involved denials of service to numerous Georgian and Azerbaijani websites, such as
when Russian hackers allegedly disabled the servers of the Azerbaijani Day.Az news
agency.
In June 2019, Russia has conceded that it is "possible" its electrical grid is under cyberattack
by the United States. The New York Times reported that American hackers from
the United States Cyber Command planted malware potentially capable of disrupting
the Russian electrical grid.
Website Defacement and Denial of Service
Even more recently, in October 2007, the website of Ukrainian president Viktor
Yushchenko was attacked by hackers. A radical Russian nationalist youth group,
the Eurasian Youth Movement, claimed responsibility.
In 1999 hackers attacked NATO computers. The computers flooded them with email
and hit them with a denial-of-service attack. The hackers were protesting against
Page 37 of 174

the NATO bombings of the Chinese embassy in Belgrade. Businesses, public
organizations and academic institutions were bombarded with highly politicized emails
containing viruses from other European countries.
In December 2018, Twitter warned of "unusual activity" from China and Saudi Arabia. A
bug was detected in November that could have revealed the country code of users'
phone numbers. Twitter said the bug could have had ties to "state-sponsored actors".
In fiction
• The Japanese cyberpunk manga, Ghost in the Shell (as well as its popular movie
and TV adaptations) centers around an anti-cyberterrorism and cybercrime unit.
In its mid-21st century Japan setting such attacks are made all the more
threatening by an even more widespread use of technology including cybernetic
enhancements to the human body allowing people themselves to be direct
targets of cyberterrorist attacks.
• Dan Brown's Digital Fortress.
• Amy Eastlake's Private Lies.
• In the movie Live Free or Die Hard, John McClane (Bruce Willis) takes on a
group of cyberterrorists intent on shutting down the entire computer network of
the United States.
• The movie Eagle Eye involves a super computer controlling everything electrical
and networked to accomplish the goal.
• The plots of 24 Day 4 and Day 7 include plans to breach the nation's nuclear
plant grid and then to seize control of the entire critical infrastructure protocol.
• The Tom Clancy created series Netforce was about a FBI/Military team
dedicated to combating cyberterrorists.
• Much of the plot of Mega Man Battle Network is centered around cyberterrorism.
• In the 2009 Japanese animated film Summer Wars, an artificial intelligence
cyber-terrorist attempts to take control over the world's missiles in order to "win"
against the main characters that attempted to keep it from manipulating the
world's electronic devices.
• In the 2012 film Skyfall, part of the James Bond franchise, main villain Raoul
Silva (Javier Bardem) is an expert cyberterrorist who is responsible for various
cyberterrorist incidents in the past.
Page 38 of 174

• Cyberterrorism plays a role in the 2012 video game Call of Duty: Black Ops II,
first when main antagonist Raul Menendez cripples the Chinese economy with a
cyberattack and frames the United States for it, starting a new Cold War between
the two powers. Later, another cyberattack with a computer worm leads to
Menendez seizing control of the entire U.S drone fleet.
• Finally, one of the game's endings leads to another attack similar to the latter,
this time crippling the U.S' electrical and water distribution grids. An alternate
ending depicts the cyberattack failing after it is stopped by one of the game's
characters pivotal to the storyline.
• The plot of the 2013 video game Watch Dogs is heavily influenced by cyberterrorism.
In which players take control of the game's protagonist, Aiden Pierce,
an accused murder suspect, who hacks into a ctOS (Central Operating System),
giving him complete control of Chicago's mainframe in order to hunt down his
accusers.
• The video game Metal Slug 4 focuses on Marco and Fio, joined by newcomers
Nadia and Trevor, to battle a terrorist organization known as Amadeus that is
threatening the world with a computer virus.
• The visual novel Baldr Force has the main character Tooru Souma joining a
military organization to fight cyberterrorism to avenge the death of his friend.
• The Japanese manga and live action Bloody Monday is highly influenced by
hacking and cracking. The main character Takagi Fujimaru is a Super Elite
hacker which use his hacking knowledge to fight against his enemies.
• In the 2016 movie Death Note: Light Up the New World society is afflicted with
cyber-terrorism.
Page 39 of 174

• In Mr Robot the main plot line follows groups of hackers who engage in cyber
terrorism as well as other events.
• In "The President is Missing," a novel by Bill Clinton and James Patterson.
Page 40 of 174

II. Cyberwarfare
Cyberwarfare is a broad term describing the use of technological force
within cyberspace. ‘Cyberwarfare’ does not imply scale, protraction or violence which
are typically associated with the term ‘war’. There is significant debate among experts
regarding the definition of cyberwarfare, and even if such a thing exists. The term
‘Cyberwarfare’ is a misnomer, to date no offensive cyber actions could be described as
‘war’. Offensive cyber actions, such as those in Estonia in 2007, Georgia in 2008, Iran in
2010, North Korea have occurred in the context of international relations, only resulting
in condemnation and denial by sides.
Cyberwarfare may not meet the typical definition of the term war, however, many states
including the United States, United Kingdom, Russia, India, China, Israel, Iran, North
Korea and Vietnam have active cyber operations for offensive and defensive
operations. As states explore the
use of cyber operations and
combine capabilities the
likelihood of physical
confrontation and violence playing out
as a result of, or
part of, a cyber
operation is increased.
However, meeting the scale and
protracted nature of war is unlikely,
thus ambiguity remains.
The first instance of kinetic force
used in response
to a cyber-attack
resulting in the loss
of human life was
observed on May 5, 2019, when
the Israel Defense
Forces targeted
and destroyed a building associated with an on-going cyber-attack.
Definition
A number of definitions of cyberwarfare have been proposed, with no single definition
being widely adopted internationally. Richard A. Clarke defines it as "actions by a
nation-state to penetrate another nation's computers or networks for the purposes of
causing damage or disruption." Martin Libicki defines two types of cyberwarfare:
Strategic and operational, with strategic being "a campaign of cyberattacks one entity
carries out on another", whilst operational cyberwarfare "involves the use of
cyberattacks on the other side’s military in the context of a physical war."
Other definitions include non-state actors, such as terrorist groups, companies, political
or ideological extremist groups, terrorist hacktivists, and transnational criminal
organizations.
Page 41 of 174

Some governments have made it an integral part of their overall military strategy, with
some having invested heavily in cyberwarfare capability. One kind of cyberwarfare
involves the kind of hacking that is the concern of penetration testing; in such cases, a
government entity has established it as a warfighting capability, or a non-governmental
entity has used it as a weapon against a state or its concerns.
This capability uses the same set of penetration testing methodologies but applies
them, in the case of United States doctrine, in a strategic way to:
• Prevent cyber attacks against critical infrastructure.
• Reduce national vulnerability to cyber attacks.
• Minimize damage and recovery time from cyber attacks.
Offensive operations are also part of these national level strategies for officially declared
wars as well as undeclared secretive operations.
Types of Threat
Cyber warfare can present a multitude of threats towards a nation. At the most basic
level, cyber attacks can be used to support traditional warfare. For example, tampering
with the operation of air defenses via cyber means in order to facilitate an air
attack. Aside from these "hard" threats, cyber warfare can also contribute towards "soft"
threats such as espionage and propaganda.
Espionage
Traditional espionage is not an act of war, nor is cyber-espionage, and both are
generally assumed to be ongoing between major powers. Despite this assumption,
some incidents can cause serious tensions between nations, and are often described as
"attacks". For example:
• Massive spying by the US on many countries, revealed by Edward Snowden.
• After the NSA's spying on Germany's Chancellor Angela Merkel was revealed,
the Chancellor compared the NSA with the Stasi.
• The NSA recording nearly every cell phone conversation in the Bahamas, without
the Bahamian government's permission, and similar programs in Kenya,
the Philippines, Mexico and Afghanistan.
• The "Titan Rain" probes of American defense contractors computer systems
since 2003.
• The Office of Personnel Management data breach, in the US, widely attributed to
China.
Page 42 of 174

Out of all cyber attacks, 25% of them are espionage based.
Sabotage
Computers and satellites that coordinate other activities are vulnerable components of a
system and could lead to the disruption of equipment. Compromise of military systems,
such as C4ISTAR components that are responsible for orders and communications
could lead to their interception or malicious replacement. Power, water, fuel,
communications, and transportation infrastructure all may be vulnerable to disruption.
According to Clarke, the civilian realm is also at risk, noting that the security breaches
have already gone beyond stolen credit card numbers, and that potential targets can
also include the electric power grid, trains, or the stock market.
In mid-July 2010, security experts discovered a
malicious software program called Stuxnet that
had infiltrated factory computers and had spread to
plants around the world. It is considered "the first
attack on critical industrial infrastructure that sits at
the foundation of modern economies," notes The
New York Times.
Stuxnet, while extremely effective in delaying Iran's
nuclear program for the development of nuclear
weaponry, came at a high cost. For the first time, it
became clear that not only could cyber weapons be defensive but they could be
offensive. The large decentralization and scale of cyberspace makes it extremely
difficult to direct from a policy perspective. Non-state actors can play as large a part in
the cyberwar space as state actors, which leads to dangerous, sometimes disastrous,
consequences. Small groups of highly skilled malware developers are able to as
effectively impact global politics and cyber warfare as large governmental agencies. A
major aspect of this ability lies in the willingness of these groups to share their exploits
and developments on the web as a form of arms proliferation. This allows lesser
hackers to become more proficient in creating the large scale attacks that once only a
small handful were skillful enough to manage. In addition, thriving black markets for
these kinds of cyber weapons are buying and selling these cyber capabilities to the
highest bidder without regard for consequences.
Denial-of-Service Attack
In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service
attack (DoS attack) is an attempt to make a machine or network resource unavailable to
its intended users. Perpetrators of DoS attacks typically target sites or services hosted
on high-profile web servers such as banks, credit card payment gateways, and even
root name servers. DoS attacks may not be limited to computer-based methods, as
strategic physical attacks against infrastructure can be just as devastating. For example,
Page 43 of 174

cutting undersea communication cables may severely cripple some regions and
countries with regards to their information warfare ability.
Electrical Power Grid
The federal government of the United States admits that the electric power grid is
susceptible to cyberwarfare. The United States Department of Homeland Security works
with industries to identify vulnerabilities and to help industries enhance the security of
control system networks. The federal government is also working to ensure that security
is built in as the next generation of "smart grid" networks are developed. In April 2009,
reports surfaced that China and Russia had infiltrated the U.S. electrical grid and left
behind software programs that could be used to disrupt the system, according to current
and former national security officials. The North American Electric Reliability
Corporation (NERC) has issued a public notice that warns that the electrical grid is not
adequately protected from cyber attack. China denies intruding into the U.S. electrical
grid. One countermeasure would be to disconnect the power grid from the Internet and
run the net with droop speed control only. Massive power outages caused by a cyber
attack could disrupt the economy, distract from a simultaneous military attack, or create
a national trauma.
Iranian hackers, possibly Iranian Cyber Army pushed a massive power outage for 12
hours in 44 of 81 provinces of Turkey, holding 40 million
people. Istanbul and Ankara were among the places suffering blackout.
Howard Schmidt, former Cyber-Security Coordinator of the US, commented on those
possibilities:
It's possible that hackers have gotten into administrative computer systems of utility
companies, but says those aren't linked to the equipment controlling the grid, at least not
in developed countries. [Schmidt] has never heard that the grid itself has been hacked.
In June 2019, Russia said that its electrical grid has been under cyber-attack by the
United States. The New York Times reported that American hackers from the United
States Cyber Command planted malware potentially capable of disrupting the Russian
electrical grid.
Propaganda
Cyber propaganda is an effort to control information in whatever form it takes, and
influence public opinion. [47] It is a form of psychological warfare, except it uses social
media, fake news websites and other digital means. In 2018, Sir Nicholas Carter, Chief
of the General Staff of the British Army stated that this kind of attack from actors such
as Russia "is a form of system warfare that seeks to de-legitimize the political and social
system on which our military strength is based".
Jowell and O'Donnell (2006) state that "propaganda is the deliberate, systematic
attempt to shape perceptions, manipulate cognitions, and direct behavior to achieve a
Page 44 of 174

esponse that furthers the desired intent of the propagandist" (p. 7). The internet is a
phenomenal means of communication. People can get their message across to a huge
audience, and with this opens a window for evil. Terrorist organizations can use this
medium to brainwash people. It has been suggested that restricted media coverage of
terrorist attacks would in turn decrease the number of terrorist attacks that occur
afterwards (Cowen 2006).
Economic Disruption
In 2017, the WannaCry and Petya (NotPetya) cyber attacks, masquerading as
ransomware, caused large-scale disruptions in Ukraine as well as to the U.K.’s National
Health Service, pharmaceutical giant Merck, Maersk shipping company and other
organizations around the world. These attacks are also categorized as cybercrimes,
specifically financial crime because they negatively affects a company or group.
Military
Motivations
In the U.S., General Keith B. Alexander, first head of USCYBERCOM, told the Senate
Armed Services Committee that computer network warfare is evolving so rapidly that
there is a "mismatch between our technical capabilities to conduct operations and the
governing laws and policies. Cyber Command is the newest global combatant and its
sole mission is cyberspace, outside the traditional battlefields of land, sea, air and
space." It will attempt to find and, when necessary, neutralize cyberattacks and to
defend military computer networks.
Alexander sketched out the broad battlefield envisioned for the computer warfare
command, listing the kind of targets that his new headquarters could be ordered to
attack, including "traditional battlefield prizes – command-and-control systems at military
headquarters, air defense networks and weapons systems that require computers to
operate."
Page 45 of 174

One cyber warfare scenario, Cyber ShockWave, which was wargamed on the cabinet
level by former administration officials, raised issues ranging from the National Guard to
the power grid to the limits of statutory authority.
The distributed nature of internet based attacks means that it is difficult to determine
motivation and attacking party, meaning that it is unclear when a specific act should be
considered an act of war.
Examples of cyberwarfare driven by political motivations can be found worldwide. In
2008, Russia began a cyber attack on the Georgian government website, which was
carried out along with Georgian military operations in South Ossetia. In 2008, Chinese
'nationalist hackers' attacked CNN as it reported on Chinese repression on Tibet.
Jobs in cyberwarfare have become increasingly popular in the military. All four branches
of the United States military actively recruit for cyber warfare positions.
Civil
Potential targets in internet sabotage include all aspects of the Internet from
the backbones of the web, to the internet service providers, to the varying types of data
communication mediums and network equipment. This would include: web servers,
enterprise information systems, client server systems, communication links, network
equipment, and the desktops and laptops in businesses and homes. Electrical grids,
financial networks, and telecommunication systems are also deemed vulnerable,
especially due to current trends in computerization and automation.
Hacktivism
Politically motivated hacktivism involves the subversive use of computers and computer
networks to promote an agenda, and can potentially extend to attacks, theft and virtual
sabotage that could be seen as cyberwarfare – or mistaken for it. Hacktivists use their
knowledge and software tools to gain unauthorized access to computer systems they
seek to manipulate or damage not for material gain or to cause widespread destruction,
but to draw attention to their cause through well-publicized disruptions of select targets.
Anonymous and other hacktivist groups are often portrayed in the media as cyberterrorists,
wreaking havoc by hacking websites, posting sensitive information about their
victims, and threatening further attacks if their demands are not met. However,
hacktivism is more than that. They are politically motivated to change the world, through
the use of fundamentalism. Groups like Anonymous have divided opinion with their
methods.
Private Sector
Computer hacking represents a modern threat in ongoing global conflicts and industrial
espionage and as such is presumed to widely occur. It is typical that this type of crime is
underreported to the extent they are known. According to McAfee's George Kurtz,
Page 46 of 174

corporations around the world face millions of cyberattacks a day. "Most of
these attacks don't gain any media attention or lead to strong political statements by
victims." This type of crime is usually financially motivated.
Non-Profit Research
But not all examinations with the issue of cyberwarfare are achieving profit or personal
gain. There are still institutes and companies like the University of Cincinnati or
the Kaspersky Security Lab which are trying to increase the sensibility of this topic by
researching and publishing of new security threats.
By Region
Approximately 120 countries have been
developing ways to use the Internet as
a weapon and target financial markets,
government computer systems and
utilities.
Asia
China
Foreign Policy magazine puts the size of China's "hacker army" at anywhere from
50,000 to 100,000 individuals.
Diplomatic cables highlight US concerns that China is using access to Microsoft source
code and 'harvesting the talents of its private sector' to boost its offensive and defensive
capabilities.
The 2018 cyberattack on the Marriott hotel chain that collected personal details of
roughly 500 million guests is now known to be a part of a Chinese intelligence-gathering
effort that also hacked health insurers and the security clearance files of millions more
Americans, The hackers, are suspected of working on behalf of the Ministry of State
Security, the country's Communist-controlled civilian spy agency. "The information is
exactly what the Chinese use to root out spies, recruit intelligence agents and build a
rich repository of Americans’ personal data for future targeting."
A 2008 article in the Culture Mandala: The Bulletin of the Centre for East-West Cultural
and Economic Studies by Jason Fritz alleges that the Chinese government from 1995 to
2008 was involved in a number of high-profile cases of espionage, primarily through the
use of a "decentralized network of students, business people, scientists, diplomats, and
engineers from within the Chinese Diaspora". A defector in Belgium, purportedly an
agent, claimed that there were hundreds of spies in industries throughout Europe, and
on his defection to Australia Chinese diplomat Chen Yonglin said there were over 1,000
such in that country. In 2007, a Russian executive was sentenced to 11 years for
Page 47 of 174

passing information about the rocket and space technology organization to China.
Targets in the United States have included 'aerospace engineering programs, space
shuttle design, C4ISR data, high-performance computers, Nuclear weapon
design, cruise missile data, semiconductors, integrated circuit design, and details of US
arms sales to Taiwan'.
While China continues to be held responsible for a string of cyber-attacks on a number
of public and private institutions in the United States, India, Russia, Canada, and
France, the Chinese government denies any involvement in cyber-spying campaigns.
The administration maintains the position that China is not the threat but rather the
victim of an increasing number of cyber-attacks. Most reports about China's cyber
warfare capabilities have yet to be confirmed by the Chinese government.
According to Fritz, China has expanded its cyber capabilities and military technology by
acquiring foreign military technology. Fritz states that the Chinese government uses
"new space-based surveillance and intelligence gathering systems, Anti-satellite
weapon, anti-radar, infrared decoys, and false target generators" to assist in this quest,
and that they support their "informationization" of their military through "increased
education of soldiers in cyber warfare; improving the information network for military
training, and has built more virtual laboratories, digital libraries and digital
campuses." Through this informationization, they hope to prepare their forces to engage
in a different kind of warfare, against technically capable adversaries. Many recent news
reports link China's technological capabilities to the beginning of a new 'cyber cold war.'
In response to reports of cyberattacks by China against the United States, Amitai
Etzioni of the Institute for Communitarian Policy Studies has suggested that China and
the United States agree to a policy of mutually assured restraint with respect to
cyberspace. This would involve allowing both states to take the measures they deem
necessary for their self-defense while simultaneously agreeing to refrain from taking
offensive steps; it would also entail vetting these commitments.
Operation Shady RAT is an ongoing series of cyber attacks starting mid-2006, reported
by Internet security company McAfee in August 2011. China is widely believed to be the
state actor behind these attacks which hit at least 72 organizations including
governments and defense contractors.
India
The Department of Information Technology created the Indian Computer Emergency
Response Team (CERT-In) in 2004 to thwart cyber attacks in India. That year, there
were 23 reported cyber security breaches. In 2011, there were 13,301. That year, the
government created a new subdivision, the National Critical Information Infrastructure
Protection Centre(NCIIPC) to thwart attacks against energy, transport, banking,
telecom, defense, space and other sensitive areas.
Page 48 of 174

The Executive Director of the Nuclear Power Corporation of India (NPCIL) stated in
February 2013 that his company alone was forced to block up to ten targeted attacks a
day. CERT-In was left to protect less critical sectors.
A high-profile cyber attack on 12 July 2012 breached the email accounts of about
12,000 people, including those of officials from the Ministry of External Affairs, Ministry
of Home Affairs, Defense Research and Development Organisation (DRDO), and
the Indo-Tibetan Border Police (ITBP). A government-private sector plan being
overseen by National Security Advisor (NSA) Shivshankar Menon began in October
2012, and intends to beef up India's cyber security capabilities in the light of a group of
experts findings that India faces a 470,000 shortfall of such experts despite the
country's reputation of being an IT and software powerhouse.
In February 2013, Information Technology Secretary J. Satyanarayana stated that
the NCIIPC was finalizing policies related to national cyber security that would focus on
domestic security solutions, reducing exposure through foreign technology. Other steps
include the isolation of various security agencies to ensure that a synchronized attack
could not succeed on all fronts and the planned appointment of a National Cyber
Security Coordinator. As of that month, there had been no significant economic or
physical damage to India related to cyber attacks.
On 26 November 2010, a group calling itself the Indian Cyber Army hacked the
websites belonging to the Pakistan Army and the others belong to different ministries,
including the Ministry of Foreign Affairs, Ministry of Education, Ministry of Finance,
Page 49 of 174

Pakistan Computer Bureau, Council of Islamic Ideology, etc. The attack was done as a
revenge for the Mumbai terrorist attacks.
On 4 December 2010, a group calling itself the Pakistan Cyber Army hacked the
website of India's top investigating agency, the Central Bureau of Investigation (CBI).
The National Informatics Center (NIC) has begun an inquiry.
In July 2016, Cymmetria researchers discovered and revealed the cyber attack dubbed
'Patchwork', which compromised an estimated 2500 corporate and government
agencies using code stolen from GitHub and the dark web. Examples of weapons used
are an exploit for the Sandworm vulnerability (CVE-2014-4114), a compiled AutoIt
script, and UAC bypass code dubbed UACME. Targets are believed to be mainly
military and political assignments around Southeast Asia and the South China Sea and
the attackers are believed to be of Indian origin and gathering intelligence from
influential parties.
The Defense Cyber Agency, which is the Indian Military agency responsible for
Cyberwarfare, is expected to become operational by November 2019.
Philippines
The Chinese are being blamed after a cyber security company, F-Secure Labs, found a
malware, NanHaiShu, which targeted the Philippines Department of Justice. It sent
information in an infected machine to a server with a Chinese IP address. The malware
which is considered particularly sophisticated in nature was introduced by phishing
emails that were designed to look like they were coming from an authentic sources. The
information sent is believed to be relating to the South China Sea legal case.
Russia
When Russia was still a part of the Soviet Union in 1982, a portion of its Trans-Siberia
pipeline within its territory exploded, allegedly due to computer malware implanted in the
pirated Canadian software by the Central Intelligence Agency. The malware caused the
SCADA system running the pipeline to malfunction.
The "Farewell Dossier" provided information on this attack, and wrote that compromised
computer chips would become a part of Soviet military equipment, flawed turbines
would be placed in the gas pipeline, and defective plans would disrupt the output of
chemical plants and a tractor factor. This caused the "most monumental nonnuclear
explosion and fire ever seen from space." However, the Soviet Union did not blame the
United States for the attack.
Russian, South Ossetian, Georgian and Azerbaijani sites were attacked by hackers
during the 2008 South Ossetia War.
Page 50 of 174

Russian-Led Cyberattacks
It has been claimed that Russian security services organized a number of denial of
service attacks as a part of their cyber-warfare against other countries, most notably
the 2007 cyberattacks on Estonia and the 2008 cyberattacks on Russia, South Ossetia,
Georgia, and Azerbaijan. One identified young Russian hacker said that he was paid
by Russian state security services to lead hacking attacks on NATO computers. He was
studying computer sciences at the Department of the Defense of Information. His tuition
was paid for by the FSB.
South Korea
In July 2009, there were a series of coordinated denial of service attacks against major
government, news media, and financial websites in South Korea and the United States.
While many thought the attack was directed by North Korea, one researcher traced the
attacks to the United Kingdom. Security researcher Chris Kubecka presented evidence
multiple European Union and United Kingdom companies unwittingly helped attack
South Korea due to a W32.Dozer infections, malware used in part of the attack. Some
of the companies used in the attack were partially owned by several governments,
further complicating attribution.
In July 2011, the South Korean company SK Communications was hacked, resulting in
the theft of the personal details (including names, phone numbers, home and email
addresses and resident registration numbers) of up to 35 million people. A trojaned
software update was used to gain access to the SK Communications network. Links
exist between this hack and other malicious activity and it is believed to be part of a
broader, concerted hacking effort.
Page 51 of 174

With ongoing tensions on the Korean Peninsula, South Korea's defense ministry stated
that South Korea was going to improve cyber-defense strategies in hopes of preparing
itself from possible cyber attacks. In March 2013, South Korea's major banks – Shinhan
Bank, Woori Bank and NongHyup Bank – as well as many broadcasting stations – KBS,
YTN and MBC – were hacked and more than 30,000 computers were affected; it is one
of the biggest attacks South Korea has faced in years. Although it remains uncertain as
to who was involved in this incident, there has been immediate assertions that North
Korea is connected, as it threatened to attack South Korea's government institutions,
major national banks and traditional newspapers numerous times – in reaction to the
sanctions it received from nuclear testing and to the continuation of Foal Eagle, South
Korea's annual joint military exercise with the United States.
North Korea's cyber warfare capabilities raise the alarm for South Korea, as North
Korea is increasing its manpower through military academies specializing in hacking.
Current figures state that South Korea only has 400 units of specialized personnel,
while North Korea has more than 3,000 highly trained hackers; this portrays a huge gap
in cyber warfare capabilities and sends a message to South Korea that it has to step up
and strengthen its Cyber Warfare Command forces. Therefore, in order to be prepared
from future attacks, South Korea and the United States will discuss further about
deterrence plans at the Security Consultative Meeting (SCM). At SCM, they plan on
developing strategies that focuses on accelerating the deployment of ballistic missiles
as well as fostering its defense shield program, known as the Korean Air and Missile
Defense.
Estonia
In April 2007, Estonia came under cyber attack in the wake of relocation of the Bronze
Soldier of Tallinn. The largest part of the attacks were coming from Russia and from
official servers of the authorities of Russia. In the attack, ministries, banks, and media
were targeted. This attack on Estonia, a seemingly small Baltic nation, was so effective
because of how most of the nation is run online. Estonia has implemented an e-
government, where bank services, political elections and taxes are all done online. This
attack really hurt Estonia's economy and the people of Estonia. At least 150 people
were injured on the first day due to riots in the streets.
France
In 2013, the French Minister of Defense, Mr Jean-Yves Le Drian, ordered the creation of
a cyber-army, representing its 4th national army corp (along with ground, naval and air
forces) under the French Ministry of Defense, to protect French and European interests
on its soil and abroad. A contract was made with French firm EADS (Airbus) to identify
and secure its main elements susceptible to cyber threats. In 2016 France had thus built
the largest cyber-army in Europe, with a planned 2600 "cyber-soldiers" and a 440
million euros investment for cyber-security products for this new army corp. An
additional 4400 reservists constitute the heart of this army from 2019.
Page 52 of 174

Germany
In 2013, Germany revealed the existence of their 60-person Computer Network
Operation unit. The German intelligence agency, BND, announced it was seeking to
hire 130 "hackers" for a new "cyber-defense station" unit. In March 2013, BND
president Gerhard Schindler announced that his agency had observed up to five attacks
a day on government authorities, thought mainly to originate in China. He confirmed the
attackers had so far only accessed data and expressed concern that the stolen
information could be used as the basis of future sabotage attacks against arms
manufacturers, telecommunications companies and government and military
agencies. Shortly after Edward Snowden leaked details of the U.S. National Security
Agency's cyber surveillance system, German Interior Minister Hans-Peter
Friedrich announced that the BND would be given an additional budget of 100 million
Euros to increase their cyber surveillance capability from 5% of total internet traffic in
Germany to 20% of total traffic, the maximum amount allowed by German law.
Netherlands
In the Netherlands, Cyber Defense is nationally
coordinated by the National Cyber Security
Centrum [nl] (NCSC). The Dutch Ministry of
Defense laid out a cyber strategy in 2011. The
first focus is to improve the cyber defense
handled by the Joint IT branch (JIVC). To
improve intel operations the intel community in
the Netherlands (including the military intel
organization MIVD) has set up the Joint Sigint Cyber Unit (JSCU). The ministry of
Defense is furthermore setting up an offensive cyber force, called Defensie Cyber
Command (DCC), which will be operational in the end of 2014.
Sweden
In January 2017, Sweden's armed forces were subjected to a cyber-attack that caused
them to shutdown a so-called Caxcis IT system used in military exercises.
Ukraine
According to Crowd-Strike from 2014 to 2016, the Russian APT Fancy Bear used
Android malware to target the Ukrainian Army's Rocket Forces and Artillery. They
distributed an infected version of an Android app whose original purpose was to control
targeting data for the D-30 Howitzer artillery. The app, used by Ukrainian officers, was
loaded with the X-Agent spyware and posted online on military forums. The attack was
claimed by Crowd-Strike to be successful, with more than 80% of Ukrainian D-30
Howitzers destroyed, the highest percentage loss of any artillery pieces in the army (a
percentage that had never been previously reported and would mean the loss of nearly
Page 53 of 174

the entire arsenal of the biggest artillery piece of the Ukrainian Armed
Forces). According to the Ukrainian army this number is incorrect and that losses in
artillery weapons "were way below those reported" and that these losses "have nothing
to do with the stated cause".
In 2014, the Russians were suspected to use a cyber weapon called "Snake", or
"Ouroboros," to conduct a cyber attack on Ukraine during a period of political turmoil.
The Snake tool kit began spreading into Ukrainian computer systems in 2010. It
performed Computer Network Exploitation (CNE), as well as highly sophisticated
Computer Network Attacks (CNA).
On December 23, 2015 the BlackEnergy malware was used in a cyberattack on
Ukraine's power grid that left more than 200,000 people temporarily without power. A
mining company and a large railway operator were also victims of the attack.
United Kingdom
MI6 reportedly infiltrated an Al Qaeda website and replaced the instructions for making
a pipe bomb with the recipe for making cupcakes.
In October 2010, Iain Lobban, the director of the Government Communications
Headquarters (GCHQ), said the UK faces a "real and credible" threat from cyber attacks
by hostile states and criminals and government systems are targeted 1,000 times each
month, such attacks threatened the UK's economic future, and some countries were
already using cyber assaults to put pressure on other nations.
On 12 November 2013, financial organizations in London conducted cyber war games
dubbed 'Waking Shark 2' to simulate massive internet-based attacks against bank and
other financial organizations. The Waking Shark 2 cyber war games followed a similar
exercise in Wall Street.
Iran
Middle East
Iran has been both victim and predator of several cyberwarfare operations. Iran is
considered an emerging military power in the field.
In September 2010, Iran was attacked by the Stuxnet worm, thought to specifically
target its Natanz nuclear enrichment facility. It was a 500-kilobyte computer worm that
infected at least 14 industrial sites in Iran, including the Natanz uranium-enrichment
plant. Although the official authors of Stuxnet haven’t been officially identified, Stuxnet is
believed to be developed and deployed by the United States and Israel. The worm is
said to be the most advanced piece of malware ever discovered and significantly
increases the profile of cyberwarfare.
Page 54 of 174

Israel
In the 2006 war against Hezbollah, Israel alleges that cyber-warfare was part of the
conflict, where the Israel Defense Forces (IDF) intelligence estimates several countries
in the Middle East used Russian hackers and scientists to operate on their behalf. As a
result, Israel attached growing importance to cyber-tactics, and became, along with the
U.S., France and a couple of other nations, involved in cyber-war planning.
Many international high-tech companies are now locating research and development
operations in Israel, where local hires are often veterans of the IDF's elite computer
units. Richard A. Clarke adds that "our Israeli friends have learned a thing or two from
the programs we have been working on for more than two decades."
In September 2007, Israel carried out an airstrike on Syria dubbed Operation Orchard.
U.S. industry and military sources speculated that the Israelis may have used
cyberwarfare to allow their planes to pass undetected by radar into Syria.
Following US President Donald Trump's decision to pull out of the Iran nuclear deal in
May 2018, cyber warfare units in the United States and Israel monitoring internet traffic
out of Iran noted a surge in retaliatory cyber attacks from Iran. Security firms warned
that Iranian hackers were sending emails containing malware to diplomats who work in
the foreign affairs offices of US allies and employees at telecommunications companies,
trying to infiltrate their computer systems.
Page 55 of 174

Saudi Arabia
On August 15, 2012 at 11:08 am local time, the Shamoon virus began destroying over
35,000 computer systems, rendering them inoperable. The virus used to target
the Saudi government by causing destruction to the state owned national oil
company Saudi Aramco. The attackers posted a pastie on PasteBin.com hours prior to
the wiper logic bomb occurring, citing oppression and the Al-Saud regime as a reason
behind the attack.
The attack was well staged according to Christina Kubecka, a former security advisor to
Saudi Aramco after the attack and group leader of security for Aramco Overseas. It was
an unnamed Saudi Aramco employee on the Information Technology team which
opened a malicious phishing email, allowing initial entry into the computer network
around mid-2012.
Kubecka also detailed in her Black Hat USA talk Saudi Aramco placed the majority of
their security budget on the ICS control network, leaving the business network at risk for
a major incident. "When you realize most of your security budget was spent on ICS & IT
gets Pwnd".
The virus has been noted to have behavior differing from other malware attacks, due to
the destructive nature and the cost of the attack and recovery. US Defense
Secretary Leon Panetta called the attack a "Cyber Pearl Harbor" Known years later as
the "Biggest hack in history" and intended for cyber warfare. Shamoon can spread from
an infected machine to other computers on the network. Once a system is infected, the
virus continues to compile a list of files from specific locations on the system, upload
them to the attacker, and erase them. Finally the virus overwrites the master boot
record of the infected computer, making it unusable. The virus has been used for cyber
warfare against the national oil companies Saudi Aramco and Qatar's RasGas.
Saudi Aramco announced the attack on their Facebook page and went offline again
until a company statement was issued on 25 August 2012. The statement falsely
reported normal business was resumed on 25 August 2012. However a Middle Eastern
journalist leaked photographs taken on 1 September 2012 showing kilometers of petrol
trucks unable to be loaded due to backed business systems still inoperable.
On August 29, 2012 the same attackers behind Shamoon posted another pastie on
PasteBin.com, taunting Saudi Aramco with proof they still retained access to the
company network. The post contained the username and password on security and
network equipment and the new password for the CEO Khalid Al- Falih The attackers
also referenced a portion of the Shamoon malware as further proof in the pastie.
According to Kubecka, in order to restore operations. Saudi Aramco used its large
private fleet of aircraft and available funds to purchase much of the world's hard drives,
driving the price up. New hard drives were required as quickly as possible so oil prices
Page 56 of 174

were not affected by speculation. By September 1, 2012 gasoline resources were
dwindling for the public of Saudi Arabia 17 days after the August 15th
attack. RasGas was also affected by a different variant, crippling them in a similar
manner.
Qatar
In March 2018 American Republican fundraiser Elliott Broidy filed a lawsuit against
Qatar, alleging that Qatar's government stole and leaked his emails in order to discredit
him because he was viewed "as an impediment to their plan to improve the country's
standing in Washington." In May 2018, the lawsuit named Mohammed bin Hamad bin
Khalifa Al Thani, brother of the Emir of Qatar, and his associate Ahmed Al-Rumaihi, as
allegedly orchestrating Qatar's cyber warfare campaign against Broidy. Further litigation
revealed that the same cybercriminals who targeted Broidy had targeted as many as
1,200 other individuals, some of whom are also "well-known enemies of Qatar" such as
senior officials of the U.A.E., Egypt, Saudi Arabia, and Bahrain. While these hackers
almost always obscured their location, some of their activity was traced to a
telecommunication network in Qatar.
United States
North America
Cyberwarfare in the United States is a part of the American military strategy of proactive
cyber defense and the use of cyberwarfare as a platform for attack. The new United
States military strategy makes explicit that a cyberattack is casus belli just as a
traditional act of war.
Page 57 of 174

In 2013 Cyberwarfare was, for the first time, considered a larger threat than Al Qaeda or
terrorism, by many U.S. intelligence officials. In 2017, Representative Mike Rogers,
chairman of the U.S. House Permanent Select Committee on Intelligence, for instance,
said that "We are in a cyber war in this country, and most Americans don't know it. And
we are not necessarily winning. We have got huge challenges when it comes to cybersecurity."
U.S. government security expert Richard A. Clarke, in his book Cyber War (May 2010),
defines "cyberwarfare" as "actions by a nation-state to penetrate another nation's
computers or networks for the purposes of causing damage or disruption." The
Economist describes cyberspace as "the fifth domain of warfare," and William J. Lynn,
U.S. Deputy Secretary of Defense, states that "as a doctrinal matter, the Pentagon has
formally recognized cyberspace as a new domain in warfare . . . [which] has become
just as critical to military operations as land, sea, air, and space."
In 2009, president Barack Obama declared America's digital infrastructure to be a
"strategic national asset," and in May 2010 the Pentagon set up its new U.S. Cyber
Command (USCYBERCOM), headed by General Keith B. Alexander, director of
the National Security Agency (NSA), to defend American military networks and attack
other countries' systems. The EU has set up ENISA (European Union Agency for
Network and Information Security) which is headed by Prof. Udo Helmbrecht and there
are now further plans to significantly expand ENISA's capabilities. The United Kingdom
has also set up a cyber-security and "operations centre" based in Government
Communications Headquarters (GCHQ), the British equivalent of the NSA. In the U.S.
however, Cyber Command is only set up to protect the military, whereas the
government and corporate infrastructures are primarily the responsibility respectively of
the Department of Homeland Security and private companies.
In February 2010, top American lawmakers warned that the "threat of a crippling attack
on telecommunications and computer networks was sharply on the rise." According to
The Lipman Report, numerous key sectors of the U.S. economy along with that of other
nations, are currently at risk, including cyber threats to public and private facilities,
banking and finance, transportation, manufacturing, medical, education and
government, all of which are now dependent on computers for daily operations. In 2009,
president Obama stated that "cyber intruders have probed our electrical grids."
The Economist writes that China has plans of "winning informationized wars by the mid-
21st century". They note that other countries are likewise organizing for cyber-war,
among them Russia, Israel and North Korea. Iran boasts of having the world's secondlargest
cyber-army. James Gosler, a government cyber-security specialist, worries that
the U.S. has a severe shortage of computer-security specialists, estimating that there
are only about 1,000 qualified people in the country today, but needs a force of 20,000
to 30,000 skilled experts. At the July 2010 Black Hat computer security
conference, Michael Hayden, former deputy director of national intelligence, challenged
thousands of attendees to help devise ways to "reshape the Internet's security
Page 58 of 174

architecture", explaining, "You guys made the cyber world look like the north German
plain."
In January 2012, Mike McConnell, the former director of national intelligence at
the National Security Agency under president George W. Bush told the Reuters news
agency that the U.S. has already launched attacks on computer networks in other
countries. McConnell did not name the country that the U.S. attacked but according to
other sources it may have been Iran. In June 2012 the New York Times reported that
president Obama had ordered the cyber attack on Iranian nuclear enrichment facilities.
In August
2010, the
U.S. for the
first time
warned
publicly
about the
Chinese
military's
use of
civilian
computer
experts in
clandestine
cyber
attacks
aimed at
American companies and government agencies. The Pentagon also pointed to an
alleged China-based computer spying network dubbed GhostNet that was revealed in a
research report last year. The Pentagon stated:
The People's Liberation Army is using "information warfare units" to develop viruses to
attack enemy computer systems and networks, and those units include civilian
computer professionals. Commander Bob Mehal, will monitor the PLA's buildup of its
cyberwarfare capabilities and will continue to develop capabilities to counter any
potential threat.
The United States Department of Defense sees the use of computers and the Internet
to conduct warfare in cyberspace as a threat to national security. The United States
Joint Forces Command describes some of its attributes:
Cyberspace technology is emerging as an "instrument of power" in societies, and is
becoming more available to a country's opponents, who may use it to attack, degrade,
and disrupt communications and the flow of information. With low barriers to entry,
coupled with the anonymous nature of activities in cyberspace, the list of potential
adversaries is broad. Furthermore, the globe-spanning range of cyberspace and its
Page 59 of 174

disregard for national borders will challenge legal systems and complicate a nation's
ability to deter threats and respond to contingencies.
In February 2010, the United States Joint Forces Command released a study which
included a summary of the threats posed by the internet:
With very little investment, and cloaked in a veil of anonymity, our adversaries will
inevitably attempt to harm our national interests. Cyberspace will become a main front in
both irregular and traditional conflicts. Enemies in cyberspace will include both states and
non-states and will range from the unsophisticated amateur to highly trained professional
hackers. Through cyberspace, enemies will target industry, academia, government, as
well as the military in the air, land, maritime, and space domains. In much the same way
that airpower transformed the battlefield of World War II, cyberspace has fractured the
physical barriers that shield a nation from attacks on its commerce and communication.
Indeed, adversaries have already taken advantage of computer networks and the power
of information technology not only to plan and execute savage acts of terrorism, but also
to influence directly the perceptions and will of the U.S. Government and the American
population.
On 6 October 2011, it was announced that Creech AFB's drone and
Predator fleet's command and control data stream had been key-logged, resisting all
attempts to reverse the exploit, for the past two weeks. The Air Force issued a
statement that the virus had "posed no threat to our operational mission".
On 21 November 2011, it was widely reported in the U.S. media that a hacker had
destroyed a water pump at the Curran-Gardner Township Public Water District in
Illinois. However, it later turned out that this information was not only false, but had been
inappropriately leaked from the Illinois Statewide Terrorism and Intelligence Center.
According to the Foreign Policy magazine, NSA's Tailored Access Operations (TAO)
unit "has successfully penetrated Chinese computer and telecommunications systems
for almost 15 years, generating some of the best and most reliable intelligence
information about what is going on inside the People's Republic of China."
On 24 November 2014. The Sony Pictures Entertainment hack was a release of
confidential data belonging to Sony Pictures Entertainment (SPE).
In June 2015, the United States Office of Personnel Management (OPM) announced
that it had been the target of a data breach targeting the records of as many as four
million people. Later, FBI Director James Comey put the number at 18
million. The Washington Post has reported that the attack originated in China, citing
unnamed government officials.
In 2016, Jeh Johnson the United States Secretary of Homeland Security and James
Clapper the U.S. Director of National Intelligence issued a joint statement accusing
Russia of interfering with the 2016 United States presidential election. The New York
Times reported the Obama administration has formally accused Russia of stealing and
disclosing Democratic National Committee emails. Under U.S. law (50 U.S.C.Title 50 –
Page 60 of 174

War and National Defense, Chapter 15 – National Security, Subchapter III
Accountability for Intelligence Activities ) there must be a formal Presidential
finding prior to authorizing a covert attack. U.S. vice president Joe Biden said on the
American news interview program Meet The Press that the United States will
respond. The New York Times noted that Biden's comment "seems to suggest that Mr.
Obama is prepared to order — or has already ordered — some kind of covert
action". On December 29 the United States imposed the most extensive sanctions
against Russia since the Cold War, expelling 35 Russian diplomats from the United
States.
The United States has used cyberattacks for tactical advantage in Afghanistan.
In 2014 Barack Obama ordered an intensification of cyberwarfare against North Korea's
missile program for sabotaging test launches in their opening seconds. In 2016
President Barack Obama authorized the planting of cyber weapons in Russian
infrastructure in the final weeks of his presidency in response to Moscow's alleged
interference in the 2016 presidential election.
In March 2017, WikiLeaks has published more than 8,000 documents on the CIA. The
confidential documents, codenamed Vault 7 and dated from 2013–2016, include details
on CIA's software capabilities, such as the ability to compromise cars, smart TVs, web
browsers (including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera
Software ASA), and the operating systems of
Page 61 of 174

most smartphones (including Apple's iOS and Google's Android), as well as
other operating systems such as Microsoft Windows, macOS, and Linux.
For a global perspective of countries and other actors engaged in cyber warfare, see
the George Washington University-based National Security Archive's CyberWar map.
"Kill Switch Bill"
On 19 June 2010, United States Senator Joe Lieberman (I-CT) introduced a bill called
"Protecting Cyberspace as a National Asset Act of 2010", which he co-wrote with
Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law,
this controversial bill, which the American media dubbed the "Kill switch bill", would
grant the president emergency powers over parts of the Internet. However, all three coauthors
of the bill issued a statement that instead, the bill "[narrowed] existing broad
presidential authority to take over telecommunications networks".
Cyberpeace
The rise of cyber as a war-fighting domain has led to efforts to determine how
cyberspace can be used to foster peace. For example, the German civil rights
panel FIfF runs a campaign for cyber-peace − for the control of cyberweapons and
surveillance technology and against the militarization of cyberspace and the
development and stockpiling of offensive exploits and malware. Measures for cyberpeace
include policymakers developing new rules and norms for warfare, individuals
and organizations building new tools and secure infrastructures, promoting open
source, the establishment of cyber security centers, auditing of critical infrastructure
cyber-security, obligations to disclose vulnerabilities, disarmament, defensive security
strategies, decentralization, education and widely applying relevant tools and
infrastructures, encryption and other cyber-defenses.
The topics of cyber peacekeeping and cyber peacemaking have also been studied by
researchers, as a way to restore and strengthen peace in the aftermath of both cyber
and traditional warfare.
Cyber Counter-Intelligence
Cyber counter-intelligence are measures to identify, penetrate, or neutralize foreign
operations that use cyber means as the primary tradecraft methodology, as well as
foreign intelligence service collection efforts that use traditional methods to gauge cyber
capabilities and intentions.
• On 7 April 2009, The Pentagon announced they spent more than $100 million in
the last six months responding to and repairing damage from cyber attacks and
other computer network problems.
Page 62 of 174

• On 1 April 2009, U.S. lawmakers pushed for the appointment of a White House
cyber security "czar" to dramatically escalate U.S. defenses against cyber
attacks, crafting proposals that would empower the government to set and
enforce security standards for private industry for the first time.
• On 9 February 2009, the White House announced that it will conduct a review of
the nation's cyber security to ensure that the Federal government of the United
States cyber security initiatives are appropriately integrated, resourced and
coordinated with the United States Congress and the private sector.
• In the wake of the 2007 cyberwar waged against Estonia, NATO established
the Cooperative Cyber Defense Centre of Excellence (CCD CoE) in Tallinn,
Estonia, in order to enhance the organization's cyber defense capability. The
center was formally established on 14 May 2008, and it received full accreditation
by NATO and attained the status of International Military Organization on 28
October 2008. Since Estonia has led international efforts to fight cybercrime, the
United States Federal Bureau of Investigation says it will permanently base a
computer crime expert in Estonia in 2009 to help fight international threats
against computer systems.
• In 2015, the Department of Defense released an updated cyber strategy
memorandum detailing the present and future tactics deployed in the service of
defense against cyberwarfare. In this memorandum, three cyber-missions are
laid out. The first cyber-mission seeks to arm and maintain existing capabilities in
Page 63 of 174

the area of cyberspace, the second cyber-mission focuses on prevention of
cyberwarfare, and the third cyber-mission includes strategies for retaliation and
preemption (as distinguished from prevention).
One of the hardest issues in cyber counterintelligence is the problem of attribution.
Unlike conventional warfare, figuring out who is behind an attack can be very
difficult. However Defense Secretary Leon Panetta has claimed that the United States
has the capability to trace attacks back to their sources and hold the attackers
"accountable".
Controversy Over Terms
There is debate on whether the term "cyberwarfare" is accurate.
Eugene Kaspersky, founder of Kaspersky Lab, concludes that "cyberterrorism" is a
more accurate term than "cyberwar". He states that "with today's attacks, you are
clueless about who did it or when they will strike again. It's not cyber-war, but
cyberterrorism." He also equates large-scale cyber weapons, such
as Flame and NetTraveler which his company discovered, to biological weapons,
claiming that in an interconnected world, they have the potential to be equally
destructive.
In October 2011 the Journal of Strategic Studies, a leading journal in that field,
published an article by Thomas Rid, "Cyber War Will Not Take Place" which argued that
all politically motivated cyber attacks are merely sophisticated versions of sabotage,
espionage, or subversion – and that it is unlikely that cyber war will occur in the future.
Howard Schmidt, an American cyber-security expert, argued in March 2010 that "there
is no cyber-war... I think that is a terrible metaphor and I think that is a terrible concept.
There are no winners in that environment."
Other experts, however, believe that this type of activity already constitutes a war. The
warfare analogy is often seen intended to motivate a militaristic response when that is
not necessarily appropriate. Ron Deibert, of Canada's Citizen Lab, has warned of a
"militarization of cyberspace".
The European cyber-security expert Sandro Gaycken [de] argued for a middle position.
He considers cyber-war from a legal perspective an unlikely scenario, due to the
reasons lined out by Rid (and, before him, Sommer), but the situation looks different
from a strategic point of view. States have to consider military-led cyber operations an
attractive activity, within and without war, as they offer a large variety of cheap and riskfree
options to weaken other countries and strengthen their own positions. Considered
from a long-term, geostrategic perspective, cyber offensive operations can cripple whole
economies, change political views, agitate conflicts within or among states, reduce their
military efficiency and equalize the capacities of high-tech nations to that of low-tech
nations, and use access to their critical infrastructures to blackmail them.
Page 64 of 174

Oxford academic Lucas Kello proposed a new term – "unpeace" – to denote highly
damaging cyber actions whose non-violent effects do not rise to the level of traditional
war. Such actions are neither warlike nor peace-like. Although they are non-violent, and
thus not acts of war, their damaging effects on the economy and society may be greater
than even some armed attacks.
The idea of a "cyber Pearl Harbor" has been debated by scholars, drawing an analogy
to the historical act of war. Others have used "cyber 9/11" to draw attention to the
nontraditional, asymmetric, or irregular aspect of cyber action against a state.
Legal Issues
Various parties have attempted to come up with
international legal frameworks to clarify what is
and is not acceptable, but none have yet been
widely accepted.
The Tallinn Manual, published in 2013, is an
academic, non-binding study on how
international law, in particular the jus ad
bellum and international humanitarian law, apply
to cyber conflicts and cyber warfare. It was written at the invitation of the Tallinnbased
NATO Cooperative Cyber Defense Centre of Excellence by an international
group of approximately twenty experts between 2009 and 2012.
The Shanghai Cooperation Organization (members of which include China and Russia)
defines cyber-war to include dissemination of information "harmful to the spiritual, moral
and cultural spheres of other states". In September 2011, these countries proposed to
the UN Secretary General a document called "International code of conduct for
information security".
In contrast, the United States' approach focuses on physical and economic damage and
injury, putting political concerns under freedom of speech. This difference of opinion has
led to reluctance in the West to pursue global cyber arms control agreements. However,
American General Keith B. Alexander did endorse talks with Russia over a proposal to
limit military attacks in cyberspace. In June 2013, Barack Obama and Vladimir
Putin agreed to install a secure Cyberwar-Hotline providing "a direct secure voice
communications line between the US cyber-security coordinator and the Russian
deputy secretary of the security council, should there be a need to directly manage a
crisis situation arising from an ICTsecurity incident" (White House quote).
A Ukrainian professor of International Law, Alexander Merezhko, has developed a
project called the International Convention on Prohibition of Cyber-war in Internet.
According to this project, cyber-war is defined as the use of Internet and related
technological means by one state against the political, economic, technological and
Page 65 of 174

information sovereignty and independence of another state. Professor Merezhko's
project suggests that the Internet ought to remain free from warfare tactics and be
treated as an international landmark. He states that the Internet (cyberspace) is a
"common heritage of mankind".
On the February 2017 RSA Conference Microsoft president Brad Smith suggested
global rules – a "Digital Geneva Convention" – for cyber attacks that "ban the nationstate
hacking of all the civilian aspects of our economic and political infrastructures". He
also stated that an independent organization could investigate and publicly disclose
evidence that attributes nation-state attacks to specific countries. Furthermore, he said
that the technology sector should collectively and neutrally work together to protect
Internet users and pledge to remain neutral in conflict and not aid governments in
offensive activity and to adopt a coordinated disclosure process for software and
hardware vulnerabilities.
Documentaries
In Films
• Hacking the Infrastructure: Cyber Warfare (2016) by Viceland
• Cyber War Threat (2015)
• Darknet, Hacker, Cyberwar (2017)
• Zero Days (2016)
Page 66 of 174

III. Cyber Data-Collection
Cyber-Collection refers to the use of cyber-warfare techniques in order to
conduct espionage. Cyber-collection activities typically rely on the insertion
of malware into a targeted network or computer in order to scan for, collect and exfiltrate
sensitive information.
Cyber-collection started as far back as 1996, when widespread deployment of Internet
connectivity to government and corporate systems gained momentum. Since that time,
there have been numerous cases of such activity.
In addition to the state sponsored examples, cyber-collection has also been used by
organized crime for identity and e-banking theft and by corporate spies. Operation High
Roller used cyber-collection agents in order to collect PC and smart-phone information
that was used to electronically raid bank accounts. The Rocra, aka Red October,
collection system is an "espionage for hire" operation by organized criminals who sell
the collected information to the highest bidder.
Platforms and Functionality
Cyber-collection tools have been developed by governments and private interests for
nearly every computer and smart-phone operating system. Tools are known to exist for
Microsoft, Apple, and Linux computers and iPhone, Android, Blackberry, and Windows
phones. Major manufacturers of Commercial off-the-shelf (COTS) cyber collection
technology include Gamma Group from the UK and Hacking Team from Italy. Bespoke
cyber-collection tool companies, many offering COTS packages of zero-day exploits,
Page 67 of 174

include Endgame, Inc. and Netragard of the United States and Vupen from
France. State intelligence agencies often have their own teams to develop cybercollection
tools, such as Stuxnet, but require a constant source of zero-day exploits in
order to insert their tools into newly targeted systems. Specific technical details of these
attack methods often sells for six figure sums.
Common functionality of cyber-collection systems include:
• Data scan: local and network storage are scanned to find and copy files of
interest, these are often documents, spreadsheets, design files such as Autocad
files and system files such as the passwd file.
• Capture location: GPS, WiFi, network information and other attached sensors are
used to determine the location and movement of the infiltrated device
• Bug: the device microphone can be activated in order to record audio. Likewise,
audio streams intended for the local speakers can be intercepted at the device
level and recorded.
• Hidden Private Networks that bypass the corporate network security. A compute
that is being spied upon can be plugged into a legitimate corporate network that
is heavy monitored for malware activity and at same time belongs to a private wifi
network outside of the company network that is leaking confidential information
off of an employee's computer. A computer like this is easily set up by a doubleagent
working in the IT department by install a second Wireless card in a
computer and special software to remotely monitor an employee's computer
through this second interface card without them being aware of a side-band
communication channel pulling information off of his computer.
• Camera: the device cameras can be activated in order to covertly capture images
or video.
• Keylogger and Mouse Logger: the malware agent can capture each keystroke,
mouse movement and click that the target user makes. Combined with screen
grabs, this can be used to obtain passwords that are entered using a virtual onscreen
keyboard.
• Screen Grabber: the malware agent can take periodic screen capture images. In
addition to showing sensitive information that may not be stored on the machine,
such as e-banking balances and encrypted web mail, these can be used in
combination with the key and mouse logger data to determine access credentials
for other Internet resources.
• Encryption: Collected data is usually encrypted at the time of capture and may be
transmitted live or stored for later exfiltration. Likewise, it is common practice for
each specific operation to use specific encryption and poly-morphic capabilities
Page 68 of 174

of the cyber-collection agent in order to ensure that detection in one location will
not compromise others.
• Bypass Encryption: Because the malware agent operates on the target system
with all the access and rights of the user account of the target or system
administrator, encryption is bypassed. For example, interception of audio using
the microphone and audio output devices enables the malware to capture to both
sides of an encrypted Skype call.
• Exfiltration: Cyber-collection agents usually exfiltrate the captured data in a
discrete manner, often waiting for high web traffic and disguising the
transmission as secure web browsing. USB flash drives have been used to
exfiltrate information from air gap protected systems. Exfiltration systems often
involve the use of reverse proxy systems that anonymize the receiver of the data.
• Replicate: Agents may replicate themselves onto other media or systems, for
example an agent may infect files on a writable network share or install
themselves onto USB drives in order to infect computers protected by an air
gap or otherwise not on the same network.
• Manipulate Files and File Maintenance: Malware can be used to erase traces of
itself from log files. It can also download and install modules or updates as well
as data files. This function may also be used to place "evidence" on the target
Page 69 of 174

system, e.g. to insert child pornography onto the computer of a politician or to
manipulate votes on an electronic vote counting machine.
• Combination Rules: Some agents are very complex and are able to combine the
above features in order to provide very targeted intelligence collection
capabilities. For example, the use of GPS bounding boxes and microphone
activity can be used to turn a smart phone into a smart bug that intercepts
conversations only within the office of a target.
• Compromised cellphones. Since, modern cellphones are increasingly similar to
general purpose computer, these cellphones are vulnerable to the same cybercollect
attacks as computer systems, and are vulnerable to leak extremely
sensitive conversational and location information to an attackers. Leaking of
cellphone GPS location and conversational information to an attacker has been
reported in a number of recent cyber stalking cases where the attacker was able
to use the victim's GPS location to call nearby businesses and police authorities
to make false allegations against the victim depending on his location, this can
range from telling the restaurant staff information to tease the victim, or making
false witness against the victim. For instance if the victim were parked in large
parking lot the attackers may call and state that they saw drug or violence activity
going on with a description of the victim and directions to their GPS location.
Infiltration
There are several common ways to infect or access the target:
• An Injection Proxy is a system that is placed upstream from the target individual
or company, usually at the Internet service provider, that injects malware into the
targets system. For example, an innocent download made by the user can be
injected with the malware executable on the fly so that the target system then is
accessible to the government agents.
• Spear Phishing: A carefully crafted e-mail is sent to the target in order to entice
them to install the malware via a Trojan document or a drive by attack hosted on
a web server compromised or controlled by the malware owner.
• Surreptitious Entry may be used to infect a system. In other words, the spies
carefully break into the target's residence or office and install the malware on the
target's system.
• An Upstream monitor or sniffer is a device that can intercept and view the data
transmitted by a target system. Usually this device is placed at the Internet
service provider. The Carnivore system developed by the U.S. FBI is a famous
example of this type of system. Based on the same logic as a telephone
intercept, this type of system is of limited use today due to the widespread use of
encryption during data transmission.
Page 70 of 174

• A wireless infiltration system can be used in proximity of the target when the
target is using wireless technology. This is usually a laptop based system that
impersonates a WiFi or 3G base station to capture the target systems and relay
requests upstream to the Internet. Once the target systems are on the network,
the system then functions as an Injection Proxy or as an Upstream Monitor in
order to infiltrate or monitor the target system.
• A USB Key preloaded with the malware infector may be given to or dropped at
the target site.
• Stuxnet
• Flame
• Duqu
• Bundestrojaner
• Rocra
• Operation High Roller
Cyber-collection agents are usually
installed by payload delivery software
constructed using zero-day attacks and
delivered via infected USB drives, e-
mail attachments or malicious web
sites. State sponsored cyber-collections
efforts have used official operating
system certificates in place of relying on
security vulnerabilities. In the Flame
operation, Microsoft states that the
Microsoft certificate used to
impersonate a Windows Update was
forged; however, some experts believe
that it may have been acquired
through HUMINT efforts.
Examples of Operations
Page 71 of 174

Page 72 of 174

IV. Proactive Cyber-Defense
Strategically, cyber defense refers to operations that are conducted in the cyber domain
in support of mission objectives. To help understand the practical difference between
cyber security and cyber defense, is to recognize that cyber defense requires a shift
from network assurance (security) to mission assurance where cyber defense is fully
integrated into operational planning across the Joint Functions. Cyber defense focuses
on sensing, detecting, orienting, and engaging adversaries in order to assure mission
success and to out-maneuver that adversary. This shift from security to defense
requires a strong emphasis on intelligence, surveillance and reconnaissance, and the
integration of staff activities to include intelligence, operations, communications, and
planning. Defensive cyber operations refer to activities on or through the global
information infrastructure to help protect and institutions’ electronic information and
information infrastructures as a matter of mission assurance. Does not normally involve
direct engagement with the adversary.
The distinction between cyber defense, active cyber defense, proactive cyber defense
and offensive cyber operations has been influenced by doctrine, pragmatics of
technology or tradecraft and legal thresholds.
Page 73 of 174

Active cyber operations refers to activities on or through the global information
infrastructure to degrade, disrupt, influence, respond to or interfere with the capabilities,
intentions or activities of a foreign individual, state, organization or terrorist group as
they relate to international affairs, defense or security. Active cyber defense decisively
engages the adversary and includes hunt and adversarial pursuit activities.
Proactive Cyber Defense means acting in anticipation to oppose an attack involving
computers and networks. It represents the thermocline between purely offensive and
defensive action; interdicting and disrupting an attack or a threat’s preparation to attack,
either pre-emptively or in self-defense. The mission of the pre-emptive proactive
operations is to conduct aggressive interdiction and disruption activities against an
adversary using: Psychological operations, Managed Information Dissemination,
Precision Targeting, Information Warfare Operations and computer network exploitation
and other active threat reduction measures. The proactive defense strategy is meant to
improves information collection by stimulating reactions of the threat agents, provide
strike options and to enhance operational preparation of the real or virtual battlespace.
A measure for detecting or obtaining information as to a cyber attack, or impending
cyber operation or for determining the origin of an operation that involves launching a
pre-emptive, preventive, or cyber counter-operation against the source. Proactive cyber
defense operations pre-emptively engage the adversary
The offensive capacity includes the manipulation or disruption of networks and systems
with the purpose of limiting or eliminating the adversary's operational capability. This
capability can be required to guarantee one's freedom of action in the cyber domain.
Cyber-attacks can be launched to repel an attack (active defense) or to support the
operational action. The distinction between active cyber defense and offensive cyber
operations (OCO) is that the later requires legislative exceptions or executive
prerogative to undertake. Hence, offensive cyber capabilities may be developed in
collaboration with industry, or facilitated by private sector but operations are led by
nation states. There are some exceptions, notably in self-defense or with judicial
authority (civil warrants) or assisting law enforcement.
CyberISR (intelligence surveillance and reconnaissance) focuses a powerful lens onto
the Internet-of-Everything. The capability provides strategic listening, enhanced
situational understanding, precision and mission-confidence though a keen awareness
of both adversary dynamics and one’s attack surface, thus facilitating anticipatory threat
reduction, accelerated evidence-based decision support, contextualization, targeting,
the ability to mount an defense against.
Cyber threat hunting is the process of proactively and iteratively searching through
networks to detect and isolate advanced threats that evade existing security solutions.
Offensive, proactive cyber activities and active cyber defense facilitate anticipatory
threat reduction while informing protection, detection and incident response given its
ability to engage the adversary at distance and time.
Page 74 of 174

An active defense:
• Has greater efficacy than reactive systems.
• Drastically reduces the volume and severity of attacks leading to an order-ofmagnitude
fewer alerts, incidents, and costs. Thus, passing these savings to
cybersecurity.
• Provides early warning and indicators to model zero-day signatures to incident
response mechanisms and enumerate attack networks through cyber threat
intelligence.
• In not subject to scalability issues around performance and cost like reactive
systems.
• Uniquely has the capability to shape contested space.
History
In the fifth century, B.C., Sun Tzu advocated foreknowledge (predictive analysis) as part
of a winning strategy. He warned that planners must have a precise understanding of
the active threat and not "remain ignorant of the enemy's condition". The thread of
proactive defense is spun throughout his teachings.
Page 75 of 174

Psychiatrist Viktor Frankl was likely the first to use of the term proactive in his 1946
book Man's Search for Meaning to distinguish the act of taking responsibility for one's
own circumstances rather than attributing one's condition to external factors.
Later in 1982, the United States Department of Defense (DoD) used "proactive" as a
contrary concept to "reactive" in assessing risk. In the framework of risk management
"proactive" meant taking initiative by acting rather than reacting to threat events.
Conversely "reactive" measures respond to a stimulus or past events rather than
predicting the event. Military science then and now considers defense as the science-art
of thwarting an attack. Furthermore, doctrine poses that if a party attacks an enemy who
is about to attack this could be called active-defense. Defense is also a euphemism for
war but does not carry the negative connotation of an offensive war. Usage in this way
has broadened the term to include most military issues including offensive, which is
implicitly referred to as active-defense.
Politically, the concept of national self-defense to counter a war of aggression refers to
a defensive war involving pre-emptive offensive strikes and is one possible criterion in
the 'Just War Theory'. Proactive defense has moved beyond theory. It has been put into
practice in theatres of operation.
In 1989 Stephen Covey's The Seven Habits of Highly Effective People, published by
Free Press, transformed the meaning "to act before a situation becomes a source of
confrontation or crisis". Since then, "proactive" has been placed in opposition to the
words "reactive" or "passive".
Origins
Cyber is derived from "cybernetics", a word originally coined by a group of scientists led
by Norbert Wiener and made popular by Wiener's book of 1948, Cybernetics or Control
and Communication in the Animal and the Machine. Cyberspace typically refers to the
vast and growing logical domain composed of public and private networks;
independently managed networks linked together through the lingua franca of the
Internet, the Internet Protocol (IP). The definition of Cyberspace has been extended to
include all network-space which at some point, through some path, may have eventual
access to the public internet. Under this definition, cyberspace becomes virtually every
networked device in the world, which is not devoid of a network interface entirely. There
is no air-gap anymore between networks.
The origins of cyber defense undoubtedly evolved from the original purpose of the
Internet which was to harden military networks against the threat of a nuclear strike.
Later cyber defense was coveted by the tenets of information warfare and information
operations.
The rapid evolution of information warfare operations doctrine in the 1990s embraced a
proactive preemptive cyber defense strategy.
Page 76 of 174

Current Status
Information Warfare is an emergent reality that comes from a self-organization process
that has never seen before. The problem is that we talk about it using terms that have
well-known connotations. And it is difficult to talk about something completely new using
words that bring with them specific understanding and expectancies.
The early period of the automobile faced a similar situation. At one time it was called a
"horseless carriage" as this was the only way to define its essential quality. The car is
more than a carriage without a horse. This is the dilemma we face when we discuss
Information Warfare. The danger is that the uses of familiar words misrepresent and
mask the true extend of the revolution that will have to take place if we are to be able to
retain a military capacity in a new physical, social and cognitive space."
— Dr. Robert Garigue in Information Warfare, 1994.
The National Strategy to Secure Cyberspace was published in February 2003 to outline
an initial framework for both organizing and prioritizing efforts to secure the cyberspace.
It highlighted the necessity for public-private partnerships. Proactive threads include the
call to deter malicious activity and prevent cyber attacks against America's critical
infrastructures.
The notion of "proactive defense" has a rich history. The hype of "proactive cyber
defense" reached its zenith around 1994. This period was marked by intense "hype"
discussions under the auspices of Information Warfare. Much of the current doctrine
related to proactive cyber defense was fully developed by 1995. A number of programs
were initiated then, and advanced to full operation by 2005 including those of hostile
states. Meanwhile, the public discussions diminished until the most recent resurgence in
Page 77 of 174

proactive cyber defense 2004-2008. Now most of the discussions around proactive
defense in the literature are much less "proactive" than the earlier discussions in 1994
or existing operational programs. 'Proactive' is often used to hype marketing of security
products or programs, in much the same way that "extreme" or "quality" adjectives have
been misused. [1]
The hype-cycle of discussion reached its peak in 1994. Present-day proactive cyber
defense strategy was conceived within the context of the rich discussion that preceded
it, existing doctrine and real proactive cyber defense programs that have evolved
globally over the past decade. Dr. Robert John Garigue, a computational epistemologist
and father of information warfare in Canada, published Information Warfare, Developing
a Conceptual Framework. This was a landmark document in 1994 and genesis for
proactive cyber defensive theory in Canada.
Founding members of the interdepartmental committee on Information Warfare (Canada
1994), Dr. Robert Garigue and Dave McMahon wrote: Strategic listening, core
intelligence and a proactive defense provide time and precision. Conversely, reacting in
surprise is ineffective, costly and leaves few options. Strategic deterrence needs a
credible offensive, proactive defense and information peacekeeping capability in which
to project power and influence globally through Cyberspace in the defense of the nation.
Similarly, Deterrence and diplomacy are required in the right dosage to dissuade
purposeful interference with the national critical cyber infrastructures in influence in the
democratic process by foreign states.
Vulnerabilities Equities
Intelligence agencies such as the NSA were criticized for buying up and
stockpiling zero-day vulnerabilities, keeping them secret and developing
mainly offensive capabilities instead of defensive measures and helping patch
vulnerabilities.
This criticism was widely reiterated and recognized after the May 2017 WannaCry
ransomware attack.
In a March 9 press release on the Vault 7 documents WikiLeaks released 2 days
earlier, Julian Assange states that much of the leak's remainder included unpatched
vulnerabilities and that he was working with IT companies such
as Microsoft and Google to get these vulnerabilities patched as he would not release
information which would put the public at risk, and as fixes were released by
manufacturers he would release details of vulnerabilities.
Proactive Pre-Emptive Operations
Effective cyber defenses ideally prevent an incident from taking place. Any other
approach is simply reactive. FedCIRC, the NIPC, the NSIRC, the Department of
Page 78 of 174

Defense and industry components realize that the best [action] is a pre-emptive and
proactive approach."
— Sallie McDonald, the Assistant Commissioner for the Office of Information Assurance
and Critical Infrastructure Protection, Federal Technology Service and General Services
Administration; in offering testimony about the National Infrastructure Protection
Center (NIPC) and the Federal Computer Incident Response Center or FedCIRC; before
the Subcommittee on Terrorism Technology and Government Information Committee on
Judiciary and the United States Senate on July 25, 2001.
The notion of a proactive pre-emptive operations group (P2OG) emerged from a report
of the Defense Science Board (DSB), 2002 briefing. The briefing was reported by Dan
Dupont in Inside the Pentagon on September 26, 2002, and was also discussed by
William M. Arkin in the Los Angeles Times on October 27, 2002. The Los Angeles
Times has subsequently quoted U.S. Secretary of Defense Donald Rumsfeld revealing
the creation of the "Proactive, Pre-emptive Operations Group". The mission of the
P2OG is reportedly to conduct Aggressive, Proactive, Pre-emptive Operations to
interdiction and disruption the threat using: Psychological operations, Managed
Information Dissemination, Precision Targeting, Information Warfare Operations,
and SIGINT... The proactive defense strategy is meant to improves information
collection by stimulating reactions of the threat agents, provide strike options and to
enhance operational preparation of the real or virtual battle space. The P2OG has been
recommended to be constituted of "one hundred 'highly specialized people with unique
technical and intelligence skills such as information operations, PSYOPS, network
attack, covert activities, SIGINT, HUMINT, SOF, influence warfare/deception operations
and to report to the National Security Council with an annual budget of $100 million".
The group would be overseen by the White House's deputy national security adviser
and would carry out missions coordinated by the secretary of defense or
the CIA director. "The proposal is the latest sign of a new assertiveness by the Defense
Department in intelligence matters, and an indication that the cutting edge of
intelligence reform is not to be found in Congress but behind closed doors in the
Pentagon." - Steven Aftergood of the Federation of American Scientists. DoD doctrinally
would initiate a 'pre-emptive' attack on the basis of evidence that an enemy attack is
Page 79 of 174

imminent. Proactive measures, according to DoD are those actions taken directly
against the preventive stage of an attack by the enemy.
Page 80 of 174

V. Cyber Security Regulation
A Cybersecurity Regulation comprises directives that safeguard information
technology and computer systems with the purpose of forcing companies and
organizations to protect their systems and information
from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS)
attacks, unauthorized access (stealing intellectual property or confidential
information) and control system attacks. There are numerous measures available to
prevent cyberattacks.
Cybersecurity measures include firewalls, antivirus
software, intrusion
detection and prevention systems, encryption,
and login passwords. There have been
attempts to improve cybersecurity through
regulation and collaborative efforts between
the government and the private sector to
encourage voluntary improvements to
cybersecurity. [1] Industry
regulators,
including banking regulators, have taken notice
of the risk from cybersecurity and have either begun or planned to begin to include
cybersecurity as an aspect of regulatory examinations.
Background
In 2011 the DoD released a guidance called the Department of Defense Strategy for
Operating in Cyberspace which articulated five goals: to treat cyberspace as an
operational domain, to employ new defensive concepts to protect DoD networks and
systems, to partner with other agencies and the private sector in pursuit of a "whole-ofgovernment
cybersecurity Strategy", to work with international allies in support of
collective cybersecurity and to support the development of a cyber workforce capable of
rapid technological innovation. A March 2011 GAO report "identified protecting the
federal government's information systems and the nation's cyber critical infrastructure
as a governmentwide high-risk area" noting that federal information security had been
designated a high-risk area since 1997. As of 2003 systems protecting critical
infrastructure, called cyber critical infrastructure protection of cyber CIP have also been
included.
In November 2013, the DoD put forward the new cybersecurity rule (78 Fed. Reg.
69373), which imposed certain requirements on contractors: compliance with
certain NIST IT standards, mandatory reporting of cybersecurity incidents to the DoD,
and a "flow-down" clause that applies the same requirements to subcontractors.
Page 81 of 174

A June 2013 Congressional report found there were over 50 statutes relevant to
cybersecurity compliance. The Federal Information Security Management Act of
2002 (FISMA) is one of the key statutes governing federal cybersecurity regulations.
Federal Government
United States
There are few federal cybersecurity regulations, and the ones that exist focus on
specific industries. The three main cybersecurity regulations are the 1996 Health
Insurance Portability and Accountability Act (HIPAA), the 1999 Gramm-Leach-Bliley Act,
and the 2002 Homeland Security Act, which included the Federal Information Security
Management Act (FISMA). The three regulations mandate that healthcare
organizations, financial institutions and federal agencies should protect their systems
and information. For example, FISMA, which applies to every government agency,
"requires the development and implementation of mandatory policies, principles,
standards, and guidelines on information security." However, the regulations do not
address numerous computer related industries, such as Internet Service
Providers (ISPs) and software companies. Furthermore, the regulations do not specify
what cybersecurity measures must be implemented and require only a "reasonable"
level of security. The vague language of these regulations leaves much room for
interpretation. Bruce Schneier, the founder of Cupertino's Counterpane Internet
Security, argues that companies will not make sufficient investments in cybersecurity
unless government forces them to do so. He also states that successful cyberattacks on
government systems still occur despite government efforts.
It has been suggested that the Data Quality Act already provides the Office of
Management and Budget the statutory authority to implement critical infrastructure
protection regulations by the Administrative Procedure Act rulemaking process. The
idea has not been fully vetted and would require additional legal analysis before
a rulemaking could begin.
State Governments
State governments have attempted to improve cybersecurity by increasing public
visibility of firms with weak security. In 2003, California passed the Notice of Security
Breach Act, which requires that any company that maintains personal information of
California citizens and has a security breach must disclose the details of the event.
Personal information includes name, social security number, driver's license
number, credit card number or financial information. Several other states have followed
California's example and passed similar security breach notification regulations. Such
security breach notification regulations punish firms for their cybersecurity failures while
giving them the freedom to choose how to secure their systems. Also, the regulation
creates an incentive for companies to voluntarily invest in cybersecurity to avoid the
potential loss of reputation and the resulting economic loss that can come from a
successful cyber attack.
Page 82 of 174

In 2004, the California State Legislature passed California Assembly Bill 1950, which
also applies to businesses that own or maintain personal information for California
residents. The regulation dictates for businesses to maintain a reasonable level of
security and that they required security practices also extend to business partners. The
regulation is an improvement on the federal standard because it expands the number of
firms required to maintain an acceptable standard of cybersecurity. However, like the
federal legislation, it requires a "reasonable" level of cybersecurity, which leaves much
room for interpretation until case law is established.
Proposed Regulation
The US Congress has proposed numerous bills that expand upon cybersecurity
regulation. The Consumer Data Security and Notification Act amends the Gramm-
Leach-Bliley Act to require disclosure of security breaches by financial institutions.
Congressmen have also proposed "expanding Gramm-Leach-Bliley to all industries that
touch consumer financial information, including any firm that accepts payment by a
credit card." Congress has proposed cybersecurity regulations similar to California's
Notice of Security Breach Act for companies that maintain personal information. The
Information Protection and Security Act requires that data brokers "ensure data
accuracy and confidentiality, authenticate and track users, detect and prevent
unauthorized activity, and mitigate potential harm to individuals."
In addition to requiring companies to improve cybersecurity, Congress is also
considering bills that criminalize cyberattacks. The Securely Protect Yourself Against
Cyber Trespass Act (SPY ACT) was a bill of this type. It focused on phishing
Page 83 of 174

and spyware bill and was passed on May 23, 2005 in the US House of
Representatives but died in the US Senate. The bill "makes unlawful the unauthorized
usage of a computer to take control of it, modify its setting, collect or induce the owner
to disclose personally identifiable information, install unsolicited software, and tamper
with security, anti-spyware, or anti-virus software."
On May 12, 2011, US Barack Obama proposed a package of cybersecurity legislative
reforms to improve the security of US persons, the federal government, and critical
infrastructure. A year of public debate and Congress hearings followed, resulting in the
House of Representative passing an information sharing bill and the Senate developing
a compromise bill seeking to balance national security, privacy, and business interests.
In July 2012, the Cybersecurity Act of 2012 was proposed by Senators Joseph
Lieberman and Susan Collins. The bill would have required creating voluntary "best
practice standards" for protection of key infrastructure from cyber attacks, which
businesses would be encouraged to adopt through incentives such as liability
protection. The bill was put to a vote in the Senate but failed to pass. Obama had voiced
his support for the Act in a Wall Street Journal op-ed, and it also received support from
officials in the military and national security including John O. Brennan, the chief
counterterrorism adviser to the White House. According to The Washington Post,
experts said that the failure to pass the act may leave the United States "vulnerable to
widespread hacking or a serious cyberattack." The act was opposed by Republican
senators like John McCain who was concerned that the act would introduce regulations
that would not be effective and could be a "burden" for businesses. After the Senate
vote, Republican Senator Kay Bailey Hutchison stated that the opposition to the bill was
not a partisan issue but it not take the right approach to cybersecurity. The senate vote
was not strictly along partisan lines, as six Democrats voted against it, and five
Republicans voted for it. Critics of the bill included the US Chamber of
Commerce, advocacy groups like the American Civil Liberties Union and the Electronic
Frontier Foundation, cybersecurity expert Jody Westby, and The Heritage Foundation,
both of whom argued that although the government must act on cybersecurity, the bill
was flawed in its approach and represented "too intrusive a federal role."
In February 2013, Obama proposed the Executive Order Improving Critical
Infrastructure Cybersecurity. It represents the latest iteration of policy but is not
considered to be law as it has not been addressed by Congress yet. It seeks to improve
existing public-private partnerships by enhancing timeliness of information flow between
DHS and critical infrastructure companies. It directs federal agencies to share cyber
threat intelligence warnings to any private sector entity identified as a target. It also
tasks DHS with improving the process to expedite security clearance processes for
applicable public and private sector entities to enable the federal government to share
this information at the appropriate sensitive and classified levels. It directs the
development of a framework to reduce cyber risks, incorporating current industry best
practices and voluntary standards. Lastly, it tasks the federal agencies involved with
incorporating privacy and civil liberties protections in line with Fair Information Practice
Principles.
Page 84 of 174

In January 2015, Obama announced a new cybersecurity legislative proposal. The
proposal was made in an effort to prepare the US from the expanding number of cyber
crimes. In the proposal, Obama outlined three main efforts to work towards a more
secure cyberspace for the US. The first main effort emphasized the importance of
enabling cybersecurity information sharing. By enabling that, the proposal encouraged
information sharing between the government and the private sector. That would allow
the government to know what main cyber threats private firms are facing and would
then allow the government to provide liability protection to those firms that shared their
information. Furthermore, that would give the government a better idea of what the US
needs to be protected against. Another main effort that was emphasized in this proposal
was to modernize the law enforcement authorities to make them more equipped to
properly deal with cyber crimes by giving them the tools they need in order to do so. It
would also update classifications of cyber crimes and consequences. One way this
would be done would be by making it a crime for overseas selling of financial
information. Another goal of the effort is to place cyber crimes prosecutable. The last
major effort of the legislative proposal was to require businesses to report data
breaching to consumers if their personal information had been sacrificed. By requiring
companies to do so, consumers are aware of when they are in danger of identity theft.
In February 2016, Obama developed a Cybersecurity National Security Action Plan
(CNAP). The plan was made to create long-term actions and strategies in an effort to
protect the US against cyber threats. The focus of the plan was to inform the public
about the growing threat of cyber crimes, improve cybersecurity protections, protects
personal information of Americans, and to inform Americans on how to control digital
security. One of the highlights of this plan include creating a "Commission on Enhancing
National Cybersecurity." The goal of this is to create a Commission that consists of a
diverse group of thinkers with perspectives that can contribute to make
recommendations on how to create a stronger cybersecurity for the public and private
Page 85 of 174

sector. The second highlight of the plan is to change Government IT. The new
Government IT will make it so that a more secure IT can be put in place. The third
highlight of the plan is to give Americans knowledge on how they can secure their online
accounts and avoid theft of their personal information through multi-factor
authentication. The fourth highlight of the plan is to invest 35% more money that was
invested in 2016 into cybersecurity.
Other Government Efforts
In addition to regulation, the federal government has tried to improve cybersecurity by
allocating more resources to research and collaborating with the private sector to write
standards. In 2003, the President's National Strategy to Secure Cyberspace made
the Department of Homeland Security (DHS) responsible for security recommendations
and researching national solutions. The plan calls for cooperative efforts between
government and industry "to create an emergency response system to cyber-attacks
and to reduce the nation's vulnerability to such threats " In 2004, the US Congress
allocated $4.7 billion toward cybersecurity and achieving many of the goals stated in the
President's National Strategy to Secure Cyberspace. Some industry security experts
state that the President's National Strategy to Secure Cyberspace is a good first step
but is insufficient. Bruce Schneier stated, "The National Strategy to Secure Cyberspace
hasn't secured anything yet." However, the President's National Strategy clearly states
that the purpose is to provide a framework for the owners of computer systems to
improve their security rather than the government taking over and solving the
problem. However, companies that participate in the collaborative efforts outlined in the
strategy are not required to adopt the discovered security solutions.
In the United States, the US Congress is trying to make information more transparent
after the Cyber Security Act of 2012, which would have created voluntary standards for
protecting vital infrastructure, failed to pass through the Senate. In February 2013,
the White House issued an executive order, titled "Improving Critical Infrastructure
Cybersecurity," which allows the executive branch to share information about threats
with more companies and individuals. In April 2013, the House of Representatives
passed the Cyber Intelligence Sharing and Protection Act (CISPA), which calls for
protecting against lawsuits aimed at companies that disclose breach
information. The Obama administration said that it might veto the bill.
India
In the light of the hacking of the website of the Indian Space Agency's commercial arm
in 2015, Antrix Corporation and government's Digital India program, a cyberlaw expert
and advocate at the Supreme Court of India, Pavan Duggal, stated that "a dedicated
cyber security legislation as a key requirement for India. It is not sufficient to merely put
cyber security as a part of the IT Act. We have to see cyber security not only from the
sectoral perspective, but also from the national perspective."
European Union
Page 86 of 174

Cybersecurity standards have been of great prominence in today's technology driven
businesses. To maximize their profits, corporations leverage technology by running
most of their operations by the internet. Since there are a large number of risks that
entail internetwork operations, such operations must be protected by comprehensive
and extensive regulations. Existing cybersecurity regulations all cover different aspects
of business operations and often vary by region or country in which a business
operates. Because of the differences in a country's society, infrastructure, and values,
one overarching cyber security standard is not optimal for decreasing risks. While US
standards provide a basis for operations, the European Union has created a more
tailored regulation for businesses operating specifically within the EU. Also, in light
of Brexit, it is important to consider how the UK has chosen to adhere to such security
regulations.
Three major regulations within the EU include the ENISA, the NIS Directive and the EU
GDPR.
ENISA
The European Union Agency for Network and Information Security (ENISA) is a
governing agency that was originally set up by the Regulation (EC) No 460/2004 of the
European Parliament and of the Council of 10 March 2004 for the Purpose of Raising
Network and Information Security (NIS) for all internetwork operations in the EU. ENISA
currently runs under Regulation (EU) No 526/2013, which has replaced the original
Page 87 of 174

egulation in 2013. ENISA works actively with all member states of the EU to provide a
range of services. The focus of their operations are on three factors:
• Recommendations to member states on the course of action for security
breaches
• Policy making and implementation support for all members states of the EU
• Direct support with ENISA taking a hands-on approach to working with
operational teams in the EU
ENISA is made up of a management board that relies on the support of the executive
director and the Permanent Stakeholders Group. Most operations, however, are run by
the heads of various departments.
ENISA has released various publications that cover all major issues on cybersecurity.
ENISA's past and current initiatives include the EU Cloud Strategy, Open Standards in
Information Communications Technology, a Cyber Security Strategy of the EU and a
Cyber Security Coordination Group. ENISA also works in collaboration with existing
international standard organizations like the ISO and the ITU.
NIS Directive
On July 6, 2016, the European Parliament set into policy the Directive on Security of
Network and Information Systems (the NIS Directive).
The directive went into effect in August 2016, and all member states of the European
Union were given 21 months to incorporate the directive's regulations into their own
national laws. The aim of the NIS Directive is to create an overall higher level of
cybersecurity in the EU. The directive significantly affects digital service providers
(DSPs) and operators of essential services (OESs). Operators of essential services
include any organizations whose operations would be greatly affected in the case of a
security breach if they engage in critical societal or economic activities. Both DSPs and
OES are now held accountable for reporting major security incidents to Computer
Security Incident Response Teams (CSIRT). While DSPs are not held to as stringent
regulations as operators of essential services, DSPs that are not set up in the EU but
still operate in the EU still face regulations. Even if DSPs and OES outsource the
maintenance of their information systems to third parties, the NIS Directive still holds
them accountable for any security incidents.
The member states of the EU are required to create a NIS directive strategy, which
includes the CSIRTs, in addition to National Competent Authorities (NCAs) and Single
Points of Contact (SPOCs). Such resources are given the responsibility of handling
cybersecurity breaches in a way that minimizes impact. In addition, all member states of
the EU are encouraged to share cyber security information.
Page 88 of 174

Security requirements include technical measures that manage the risks of
cybersecurity breaches in a preventative manner. Both DSP and OES must provide
information that allows for an in depth assessment of their information systems and
security policies. All significant incidents must be notified to the CSIRTs. Significant
cybersecurity incidents are determined by the number of users affected by the security
breach as well as the longevity of the incident and the geographical reach of the
incident.
EU GDPR
now subject to the GDPR.
The EU General Data
Protection
Regulation (GDPR) was
set into place on 14 April
2016, but the current date
of enforcement is set to
be on 25 May 2018. The
GDPR aims to bring a
single standard for data
protection among all
member states in the EU.
Changes include the
redefining of geographical
borders. It applies to
entities that operate in the
EU or deal with the data
of any resident of the EU.
Regardless of where the
data is processed, if an
EU citizen's data is being
processed, the entity is
Fines are also much more stringent under the GDPR and can total €20 million euros or
4% of an entity's annual turnover, whichever is higher. In addition, like in previous
regulations, all data breaches that effect the rights and freedoms of individuals residing
in the EU must be disclosed within 72 hours.
The overarching board, the EU Data Protection Board, EDP, is in charge of all oversight
set by the GDPR.
Consent plays a major role in the GDPR. Companies that hold data in regards to EU
citizens must now also offer to them the right to back out of sharing data just as easily
as when they consented to sharing data.
Page 89 of 174

In addition, citizens can also restrict processing of the data stored on them and can
choose to allow companies to store their data but not process it, which creates a clear
differentiation. Unlike previous regulations, the GDPR also restricts the transfer of a
citizen's data outside of the EU or to a third party without a citizen's prior consent.
The proposed ePrivacy Regulation is also planned to be applicable from 25 May 2018.
Reactions
While experts agree that cybersecurity improvements are necessary, there is
disagreement about whether the solution is more government regulation or more
private-sector innovation.
Support
Many government officials and cybersecurity experts believe that the private sector has
failed to solve the cybersecurity problem and that regulation is needed. Richard
Clarke states that "industry only responds when you threaten regulation. If industry does
not respond [to the threat], you have to follow through." He believes that software
companies must be forced to produce more secure programs. Bruce Schneier also
supports regulation that encourages software companies to write more secure code
through economic incentives. US Representative Rick Boucher (D–VA) proposes
improving cybersecurity by making software companies liable for security flaws in their
code. In addition, to improving software security, Clarke believes that certain industries,
such as utilities and ISPs, require regulation.
Opposition
On the other hand, many private-sector executives and lobbyists believe that more
regulation will restrict their ability to improve cybersecurity. Harris Miller, a lobbyist and
president of the Information Technology Association of America, believes that regulation
inhibits innovation. Rick White, former corporate attorney and president and CEO of the
lobby group TechNet, also opposes more regulation. He states that "the private-sector
must continue to be able to innovate and adapt in response to new attack methods in
cyber space, and toward that end, we commend President Bush and the Congress for
exercising regulatory restraint."
Another reason many private-sector executives oppose regulation is that it is costly and
involves government oversight in private enterprise. Firms are just as concerned about
regulation reducing profits as they are about regulation limiting their flexibility to solve
the cybersecurity problem efficiently.
Page 90 of 174

VI. United States Cyber Command
United States Cyber Command (USCYBERCOM) is one of ten unified commands of
the United States' Department of Defense. It unifies the direction
of cyberspace operations, strengthens DoD cyberspace capabilities, and integrates and
bolsters DoD's cyber expertise.
According to the US Department of Defense (DoD):
USCYBERCOM was created in mid-2009 at
the National Security Agency (NSA) headquarters
in Fort George G. Meade, Maryland. It
cooperates with NSA networks and has been
concurrently headed by the Director of the
National Security Agency since its inception.
While originally created with a defensive
mission in mind, it has increasingly been
viewed as an offensive force. On 18 August
2017, it was announced that USCYBERCOM
would be elevated to the status of a full and
independent unified combatant command. This
elevation occurred on 4 May 2018.
Mission Statement
“ USCYBERCOM plans, coordinates, integrates, synchronizes and conducts
activities to: direct the operations and defense of specified Department of
Defense information networks and; prepare to, and when directed, conduct full
spectrum military cyberspace operations in order to enable actions in all
domains, ensure US/Allied freedom of action in cyberspace and deny the
same to our adversaries. ”
The text "9ec4c12949a4f31474f299058ce2b22a", located in the command's emblem, is
the MD5 hash of their mission statement.
The command is charged with pulling together existing cyberspace resources, creating
synergies and synchronizing war-fighting effects to defend the information security
environment. USCYBERCOM is tasked with centralizing command of cyberspace
operations, strengthening DoD cyberspace capabilities, and integrating and bolstering
DoD's cyber expertise.
Organization
USCYBERCOM is an armed forces unified command under Department of
Defense (DoD).
Page 91 of 174

Service Components
U.S. Cyber Command is composed of several service components, units from military
services who will provide Joint services to Cyber Command.
• Army Cyber Command (Army)
o Army Network Enterprise Technology Command / 9th Army Signal
Command (NETCOM/9thSC(A))
• Cyber Protection Brigade
o United States Army Intelligence and Security Command will be under the
operational control of ARCYBER for cyber-related actions.
• 1st Information Operations Command (Land)
• 780th Military Intelligence Brigade (Cyber)
• Fleet Cyber Command/Tenth Fleet (Navy)
o Naval Network Warfare Command
o Navy Cyber Defense Operations Command
o Naval Information Operation Commands
o Combined Task Forces
• Air Forces Cyber/Twenty-Fourth Air Force (Air Force)
o 67th Cyberspace Wing
o 688th Cyberspace Wing
o 624th Operations Center
• Marine Corps Cyberspace Command (Marine Corps)
Cyber Teams
In 2015 the U.S. Cyber Command added 133 new cyber teams. The breakdown was:
• Thirteen National Mission Teams to defend against broad cyberattacks
• Sixty-eight Cyber Protection Teams to defend priority DoD networks and systems
against priority threats
• Twenty-seven Combat Mission Teams to provide integrated cyberspace attacks
in support of operational plans and contingency operations
• Twenty-five Support Teams to provide analytic and planning support
Background
An intention by the U.S. Air Force to create a 'cyber command' was announced in
October 2006. An Air Force Cyber Command was created in a provisional status in
Page 92 of 174

November 2006. However, in October 2008, it was announced the command would not
be brought into permanent activation.
On 23 June 2009, the Secretary of Defense directed the Commander of U.S. Strategic
Command (USSTRATCOM) to establish USCYBERCOM. In May 2010, General Keith
Alexander outlined his views in a report for the United States House Committee on
Armed Services subcommittee:
“ My own view is that the only way to counteract both criminal and espionage
activity online is to be proactive. If the U.S. is taking a formal approach to this,
then that has to be a good thing. The Chinese are viewed as the source of a
great many attacks on western infrastructure and just recently, the U.S.
electrical grid. If that is determined to be an organized attack, I would want to
go and take down the source of those attacks. The only problem is that the
Internet, by its very nature, has no borders and if the U.S. takes on the mantle
of the world's police; that might not go down so well. ”
Initial operational capability was attained on 21 May 2010. General Alexander was
promoted to four-star rank, becoming one of 38 U.S. generals, and took charge of U.S.
Cyber Command in a ceremony at Fort Meade that was attended by Commander of
U.S. Central Command GEN David Petraeus, and Secretary of Defense Robert M.
Gates. USCYBERCOM reached full operational capability on 31 October 2010.
The command assumed responsibility for several existing organizations. The Joint Task
Force for Global Network Operations (JTF-GNO) and the Joint Functional Component
Command for Network Warfare (JFCC-NW) were absorbed by the command.
The Defense Information Systems Agency, where JTF-GNO operated, provides
Page 93 of 174

technical assistance for network and information assurance to USCYBERCOM, and is
moving its headquarters to Fort Meade.
President Obama signed into law, on 23 December 2016, the National Defense
Authorization Act (NDAA) for fiscal year (FY) 2017, which elevated USCYBERCOM to a
unified combatant command. The FY 2017 NDAA also specified that the dual-hatted
arrangement of the commander of USCYBERCOM will not be terminated until the
Secretary of Defense and Chairman of the Joint Chiefs of Staff jointly certify that ending
this arrangement will not pose risks to the military effectiveness of CYBERCOM that are
unacceptable to the national security interests of the United States.
Concerns
There are concerns that the Pentagon and NSA will overshadow any civilian cyber
defense efforts. There are also concerns on whether the command will assist in civilian
cyber defense efforts. According to Deputy Secretary of Defense William J. Lynn, the
command "will lead day-to-day defense and protection of all DoD networks. It will be
responsible for DoD's networks – the dot-mil world. Responsibility for federal civilian
networks – dot-gov – stays with the Department of Homeland Security, and that's
exactly how it should be." Alexander notes, however, that if faced with cyber hostilities
an executive order could expand Cyber Command's spectrum of operations to include,
for instance, assisting the Department of Homeland Security in defense of their
networks.
Some military leaders claim that the existing cultures of the Army, Navy, and Air Force
are fundamentally incompatible with that of cyber warfare. Major Robert Costa (USAF)
even suggested a sixth branch of the military, an Information (Cyber) Service with Title
10 responsibilities analogous to its sister services in 2002 noting:
“ While no one [Instrument of National Power] operates in a vacuum... Information increasingly
underpins the other three [Diplomatic, Economic and Military], yet has proven to be the most
vulnerable, even as US society becomes more dependent on it in peace, conflict, and war. To
attack these centers of gravity, an adversary will use the weakest decisive point, ... the
Information IOP. In addition, the other IOPs benefit from Unity of Effort--Constitutional balances
of power ensure the Diplomatic and Military IOPs exercised by the President in concert with
Congress are focused, while the Economic IOP achieves Unity of Action through international
market controls and an international body of law. [In 2002], [t]he Information IOP however, [was]
rudderless, lacking both Unity of Action and Unity of Command.
”
Others have also discussed the creation of a cyber-warfare branch. Lieutenant Colonel
Gregory Conti and Colonel John "Buck" Surdu (chief of staff of the United States Army
Research, Development and Engineering Command) stated that the three major
services are:
properly positioned to fight kinetic wars, and they value skills such as marksmanship,
physical strength, the ability to leap out of airplanes and lead combat units under enemy
fire.
Page 94 of 174

Conti and Surdu reasoned, "Adding an efficient and effective cyber branch alongside
the Army, Navy and Air Force would provide our nation with the capability to defend our
technological infrastructure and conduct offensive operations. Perhaps more important,
the existence of this capability would serve as a strong deterrent for our nation's
enemies."
In response to concerns about the military's right to respond to cyber attacks, General
Alexander stated "The U.S. must fire back against cyber attacks swiftly and strongly and
should act to counter or disable a threat even when the identity of the attacker is
unknown" prior to his confirmation hearings before the United States Congress. This
came in response to incidents such as a 2008 operation to take down a governmentrun
extremist honeypot in Saudi Arabia. "Elite U.S. military computer specialists, over
the objections of the CIA, mounted a cyberattack that dismantled the online forum".
"The new U.S. Cyber Command needs to strike a balance between protecting military
assets and personal privacy." stated Alexander, in a Defense Department release. If
confirmed, Alexander said, his main focus will be on building capacity and capability to
secure the networks and educating the public on the command's intent.
"This command is not about an effort to militarize cyber space," he said. "Rather, it's
about safeguarding our military assets."
In July 2011, Deputy Defense Secretary William Lynn announced in a conference that
"We have, within Cyber Command, a full spectrum of capabilities, but the thrust of the
strategy is defensive." "The strategy rests on five pillars, he said: treat cyber as a
Page 95 of 174

domain; employ more active defenses; support the Department of Homeland Security in
protecting critical infrastructure networks; practice collective defense with allies and
international partners; and reduce the advantages attackers have on the Internet."
In 2013, USCYBERCOM held a classified exercise in which reserve officers (with
extensive experience in their civilian cyber-security work) easily defeated active duty
cybermen. In 2015 Eric Rosenbach, the principal cyber adviser to Defense
Secretary Ash Carter, said DoD was looking at alternatives to staffing with just activeduty
military. Beginning that year, USCYBERCOM added 133 teams (staffing out at
6,000 people), with the intent that at least 15% of the personnel would be reserve cyber
operations airmen.
These new teams had achieved "initial operating capability" (IOC) as of 21 October
2016. Officials noted that IOC is not the same as combat readiness, but is the first step
in that direction.
President Barack Obama's Commission on Enhancing National Cybersecurity is
expected to release its substantial report prior to 20 January 2017. The report will make
recommendations regarding the intertwining roles of the military, government
administration and the private sector in providing cyber security. Incoming President
Trump has indicated that he wants a full review of Cyber Command.
International Effects and Reactions
The creation of U.S. Cyber Command appears to have motivated other countries in this
arena. In December 2009, South Korea announced the creation of a cyber warfare
command. Reportedly, this is in response to North Korea's creation of a cyber warfare
unit. In addition, the British GCHQ has begun preparing a cyber force. Furthermore, a
shift in military interest in cyber warfare has motivated the creation of the first U.S.
Cyber Warfare Intelligence Center. In 2010, China introduced a department dedicated
to defensive cyber war and information security in response to the creation of
USCYBERCOM.
Operations
In June 2019, Russia has conceded that it is "possible" its electrical grid was under
cyberattack by the United States. The New York Times reported that hackers from the
U.S. Cyber Command planted malware potentially capable of disrupting the Russian
electrical grid.
Page 96 of 174

Leadership
U.S. Cyber Command Commanders
Start of
No. Image Rank Name Service
Term
End of Term
1. GEN
Keith B.
Alexander
USA
21 May
2010
28 March
2014
(Acting) LtGen Jon M. Davis USMC
29 March
2014
2 April 2014
2. ADM
Michael S.
Rogers
USN 3 April 2014 4 May 2018
3. GEN
Paul M.
Nakasone
USA 4 May 2018 Incumbent
The Deputy Commander currently vacant.
Page 97 of 174

Page 98 of 174

VII. Cyber Attack Threat Trends
and Cyber Attacks
A list of Cyber Attack Threat Trends is presented in alphabetical order. These
methods were used between the 1990s and 2015.
• Analysis of vulnerabilities in compiled software without source code
• Anti-forensic techniques
• Automated probes and scans
• Automated widespread attacks
• Cyber-threats & bullying (not illegal in all jurisdictions)
• Distributed attack tools
• Email propagation of malicious code
• Executable code attacks (against browsers)
• Fully undetectable (FUD)
• GUI intrusion tools
• Industrial espionage
• Internet social engineering attacks
• Network sniffers
• Packet spoofing
• Session-hijacking
• Sophisticated botnet command and control attacks
Page 99 of 174

• "Stealth" and other advanced scanning techniques
• Targeting of specific users
• Widespread attacks on DNS infrastructure
• Widespread attacks using NNTP to distribute attack
• Wide-scale trojan distribution
• Wide-scale use of worms
• Widespread, distributed denial-of-service attacks
• Windows-based remote access trojans (Back Orifice)
________
A Cyberattack is any type of offensive maneuver employed by individuals or whole
organizations that targets computer information systems, infrastructures, computer
networks, and/or personal computer devices by various means of malicious acts usually
originating from an anonymous source that either steals, alters, or destroys a specified
target by hacking into a susceptible system.
Indiscriminate Attacks
These attacks are wide-ranging, global and do not seem to discriminate among
governments and companies.
• Operation Shady RAT
• World of Hell
• Red October, discovered in 2012, was reportedly operating worldwide for up to
five years prior to discovery, transmitting information ranging from diplomatic
secrets to personal information, including from mobile devices.
• WannaCry ransomware attack on 12 May 2017 affecting hundreds of thousands
of computers in more than 150 countries.
• 2017 Petya cyberattack
Destructive Attacks
These attacks relate to inflicting damage on specific organizations.
• Great Hacker War, and purported "gang war" in cyberspace
• LulzRaft, hacker group known for a low impact attack in Canada
• Operation Ababil, conducted against American financial institutions
• TV5Monde April 2015 cyberattack
• Vulcanbot
• Shamoon, a modular computer virus, was used in 2012 in an attack on
30,000 Saudi Aramco workstations, causing the company to spend a week
restoring their services.
• Wiper – in December 2011, the malware successfully erased information on hard
disks at the Oil Ministry's headquarters.
Page 100 of 174

• Stuxnet - A malicious computer worm believed to be a jointly built American-
Israeli cyber weapon. Designed to sabotage Iran's nuclear program with what
would seem like a long series of unfortunate accidents .
Cyberwarfare
These are politically
motivated destructive
attacks aimed at
sabotage and espionage.
• 2007 cyberattacks
on Estonia, wideranging
attack
targeting
government and
commercial
institutions
• 2010 cyberattacks on Burma, related to the 2010 Myanmar general election
• 2010 Japan–South Korea cyberwarfare
• 2013 Singapore cyberattacks, attack by Anonymous "in response to web
censorship regulations in the country, specifically on news outlets"
• #OpIsrael, a broad "anti-Israel" attack
• Cyberattacks during the Russo-Georgian War
• July 2009 cyberattacks, against South Korea and the United States
• Operation Olympic Games, against Iranian nuclear facilities, allegedly conducted
by the United States
• Democratic National Committee cyber attacks, against the Democratic National
Committee by
the Russian-sponsored cyber-espionage groups Cozy
Bear and Fancy Bear, possibly to assist Donald Trump's 2016 presidential
campaign.
Government Espionage
These attacks relate to stealing information from/about government organizations.
• 2008 cyberattack on United States, cyber espionage targeting U.S. military
computers
• Cyber attack during the Paris G20 Summit, targeting G20-related documents
including financial information
• GhostNet
• Moonlight Maze
• Operation Newscaster, cyber espionage covert operation allegedly conducted by
Iran
• Operation Cleaver, cyberwarfare covert operation allegedly conducted by Iran
• Shadow Network, attacks on India by China
Page 101 of 174

• Titan Rain, targeting defense contractors in the United States
• Google – in 2009, the Chinese hackers breached Google's corporate servers
gained access to a database containing classified information about suspected
spies, agents, and terrorists under surveillance by the US government.
• Gauss trojan, discovered in 2012 is a state-sponsored computer espionage
operation that uses state-of-the-art software to extract a wealth of sensitive data
from thousands of machines located mostly in the Middle East.
• Office of Personnel Management data breach—Dec 2014 breach of data on U.S.
government employees. The attack originated in China.
• A six-month-long cyberattack on the German parliament for which the Sofacy
Group is suspected took place in December 2014.
• Vestige is also suspected to be behind a spear-phishing attack in August 2016
on members of the Bundestag and multiple political parties such as Linkenfaction
leader Sahra Wagenknecht, Junge Union and
the CDU of Saarland. Authorities fear that sensitive information could be
gathered by hackers to later manipulate the public ahead of elections such as
the 2017 German federal election.
Corporate Espionage
These attacks relate to stealing data from corporations related to proprietary methods or
emerging products/services.
• Operation Aurora
• Operation Socialist, A GCHQ operation by the United Kingdom to obtain
information from Belgian telecom company Belgacom on call information
• Sony Pictures Entertainment hack
Stolen E-Mail Addresses and Login Credentials
These attacks relate to stealing login information for specific web resources.
• 2011 PlayStation Network outage, 2011 attack resulting in stolen credentials and
incidentally causing network disruption
• Vestige – in 2010, a band of anonymous hackers has rooted the servers of the
site and leaked half a gigabyte's worth of its private data.
• IEEE – in September 2012, it exposed user names, plaintext passwords, and
website activity for almost 100,000 of its members.
• LivingSocial – in 2014, the company suffered a security breach that has exposed
names, e-mail addresses and password data for up to 50 million of its users.
• Adobe – in 2013, Hackers obtained access to Adobe's networks and stole user
information and downloaded the source code for some of Adobe programs. It
attacked 150 million customers.
• RockYou – in 2009, the company experienced a data breach resulting in the
exposure of over 32 million user accounts.
• Yahoo! – in 2012, hackers posted login credentials for more than 453,000 user
accounts. Again in January 2013 and in January 2014
Page 102 of 174

Stolen Credit Card And Financial Data
• 2017 Equifax data breach- In 2017, Equifax Inc. announced that a cyber-security
breach occurred between May to mid July of that year. Cyber criminals had
accessed approximately 145.5 million U.S. Equifax consumers' personal data,
including their full names, Social Security numbers, credit card information, birth
dates, addresses, and, in some cases, driver's license numbers.
• 2016 Indian Banks data breach - It was estimated 3.2 million debit cards were
compromised. Major Indian banks- SBI, HDFC Bank, ICICI, YES Bank and Axis
Bank were among the worst hit.
• 2014 JPMorgan Chase data breach, allegedly conducted by a group of Russian
hackers
• Goodwill Industries – in September 2014, the company suffered from a credit
card data breach that affected the charitable retailer's stores in at least 21 states.
Another two retailers were affected.
• Home Depot – in September 2014, the cybercriminals that compromised Home
Depot's network and installed malware on the home-supply company's point-ofsale
systems likely stole information on 56 million payment cards.
• StarDust – in 2013, the botnet compromised 20,000 cards in active campaign
hitting US merchants.
Page 103 of 174

• Target – in 2013, approximately 40 million credit and debit card accounts were
impacted in a credit card breach. According to another estimate, it compromised
as many as 110 million Target customers.
• VISA and MasterCard – in 2012, they warned card-issuing banks that a thirdparty
payments processor suffered a security breach, affecting up to 10 million
credit cards.
• Subway – in 2012, two Romanian men admitted to participating in an
international conspiracy that hacked into credit-card payment terminals at more
than 150 Subway restaurant franchises and stole data for more than 146,000
accounts.
• MasterCard – in 2005, the company announced that up to 40 million cardholders
may have had account information stolen due to one of its payment processors
being hacked.
Stolen Medical-Related Data
• By May, three healthcare payer organizations had been attacked in the United
States in 2014 and 2015: Anthem, Premera Blue Cross and CareFirst. The three
attacks together netted information on more than 91 million people.
Page 104 of 174

VIII. References
________
1. https://en.wikipedia.org/wiki/Cyberterrorism
2. https://en.wikipedia.org/wiki/Cyberwarfare
3. https://en.wikipedia.org/wiki/Cyber-collection
4. https://en.wikipedia.org/wiki/Proactive_cyber_defense
5. https://en.wikipedia.org/wiki/Cyber-security_regulation
6. https://en.wikipedia.org/wiki/United_States_Cyber_Command
7. https://en.wikipedia.org/wiki/List_of_cyber_attack_threat_trends
8. https://en.wikipedia.org/wiki/List_of_cyberattacks
9. https://fas.org/sgp/crs/natsec/R43955.pdf
10. https://pdfs.semanticscholar.org/d357/569faee2f4e1a7762017198c46a369061467.pdf
11. https://oup.silverchaircdn.com/oup/backfile/Content_public/Journal/cybersecurity/3/1/10.1093_cybsec_tyw018/1/tyw018.p
df?Expires=2147483647&Signature=CPX0Qpzk-
R~pPJTjUS6xpRWpRbApBVILAnHXbHSI2W1zyZ9CsKfGWM3RJZ1f~27MEFF~pcAu7RdkxFKVvDKBxNUpKHr
ZI9UEsytmYCft3A3pVxEsOdhuf~LnYlkH3NVxqRPZ4~ZbBv9FZY-
fSiXSJ1qsOjvcCVPTf5pKctGivJ5YAnEbzawZRJCIWK3oc9yaF0dlXzxsJB2elgOf7aIHbrRkR-
IF4P7UH7I90vwXicJcTVtlW~cXGpPZmaOs3YfCRAwI7K2hEBeT99YeG-
hTsTDk6eRrtYuOn33mFC~u28xpH5YzuwWksJeWEn5MiiGyhT-LDUD8VWAQuH0ZoT1eRg__&Key-Pair-
Id=APKAIE5G5CRDK6RD3PGA
Page 105 of 174

Notes
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Page 106 of 174

Notes
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Page 107 of 174

Page 108 of 174

Attachment A
Cyberwarfare and Cyberterrorism:
In Brief
Page 109 of 174

Page 110 of 174

Page 111 of 174

Page 112 of 174

Page 113 of 174

Page 114 of 174

Page 115 of 174

Page 116 of 174

Page 117 of 174

Page 118 of 174

Page 119 of 174

Page 120 of 174

Page 121 of 174

Page 122 of 174

Page 123 of 174

Page 124 of 174

Page 125 of 174

Page 126 of 174

Attachment B
Cyberterrorism: Definition Patterns
and Mitigation Strategies
Page 127 of 174

Page 128 of 174

Page 129 of 174

Page 130 of 174

Page 131 of 174

Page 132 of 174

Page 133 of 174

Page 134 of 174

Page 135 of 174

Page 136 of 174

Attachment C
Cyberterrorism: Its Effects on Psychological Well-
Being, Public Confidence, and Political Attitudes
Page 137 of 174

Page 138 of 174

Page 139 of 174

Page 140 of 174

Page 141 of 174

Page 142 of 174

Page 143 of 174

Page 144 of 174

Page 145 of 174

Page 146 of 174

Page 147 of 174

Page 148 of 174

Advocacy Foundation Publishers
Page 149 of 174

Advocacy Foundation Publishers
The e-Advocate Quarterly
Page 150 of 174

Issue Title Quarterly
Vol. I 2015 The Fundamentals
I
The ComeUnity ReEngineering
Project Initiative
Q-1 2015
II The Adolescent Law Group Q-2 2015
III
Landmark Cases in US
Juvenile Justice (PA)
Q-3 2015
IV The First Amendment Project Q-4 2015
Vol. II 2016 Strategic Development
V The Fourth Amendment Project Q-1 2016
VI
Landmark Cases in US
Juvenile Justice (NJ)
Q-2 2016
VII Youth Court Q-3 2016
VIII
The Economic Consequences of Legal
Decision-Making
Q-4 2016
Vol. III 2017 Sustainability
IX The Sixth Amendment Project Q-1 2017
X
The Theological Foundations of
US Law & Government
Q-2 2017
XI The Eighth Amendment Project Q-3 2017
XII
The EB-5 Investor
Immigration Project*
Q-4 2017
Vol. IV 2018 Collaboration
XIII Strategic Planning Q-1 2018
XIV
The Juvenile Justice
Legislative Reform Initiative
Q-2 2018
XV The Advocacy Foundation Coalition Q-3 2018
Page 151 of 174

XVI
for Drug-Free Communities
Landmark Cases in US
Juvenile Justice (GA)
Q-4 2018
Page 152 of 174

Issue Title Quarterly
Vol. V 2019 Organizational Development
XVII The Board of Directors Q-1 2019
XVIII The Inner Circle Q-2 2019
XIX Staff & Management Q-3 2019
XX Succession Planning Q-4 2019
XXI The Budget* Bonus #1
XXII Data-Driven Resource Allocation* Bonus #2
Vol. VI 2020 Missions
XXIII Critical Thinking Q-1 2020
XXIV
The Advocacy Foundation
Endowments Initiative Project
Q-2 2020
XXV International Labor Relations Q-3 2020
XXVI Immigration Q-4 2020
Vol. VII 2021 Community Engagement
XXVII
The 21 st Century Charter Schools
Initiative
Q-1 2021
XXVIII The All-Sports Ministry @ ... Q-2 2021
XXIX Lobbying for Nonprofits Q-3 2021
XXX
XXXI
Advocacy Foundation Missions -
Domestic
Advocacy Foundation Missions -
International
Q-4 2021
Bonus
Page 153 of 174

Vol. VIII
2022 ComeUnity ReEngineering
XXXII
The Creative & Fine Arts Ministry
@ The Foundation
Q-1 2022
XXXIII The Advisory Council & Committees Q-2 2022
XXXIV
The Theological Origins
of Contemporary Judicial Process
Q-3 2022
XXXV The Second Chance Ministry @ ... Q-4 2022
Vol. IX 2023 Legal Reformation
XXXVI The Fifth Amendment Project Q-1 2023
XXXVII The Judicial Re-Engineering Initiative Q-2 2023
XXXVIII
The Inner-Cities Strategic
Revitalization Initiative
Q-3 2023
XXXVIX Habeas Corpus Q-4 2023
Vol. X 2024 ComeUnity Development
XXXVX
The Inner-City Strategic
Revitalization Plan
Q-1 2024
XXXVXI The Mentoring Initiative Q-2 2024
XXXVXII The Violence Prevention Framework Q-3 2024
XXXVXIII The Fatherhood Initiative Q-4 2024
Vol. XI 2025 Public Interest
XXXVXIV Public Interest Law Q-1 2025
L (50) Spiritual Resource Development Q-2 2025
Page 154 of 174

LI
Nonprofit Confidentiality
In The Age of Big Data
Q-3 2025
LII Interpreting The Facts Q-4 2025
Vol. XII 2026 Poverty In America
LIII
American Poverty
In The New Millennium
Q-1 2026
LIV Outcome-Based Thinking Q-2 2026
LV Transformational Social Leadership Q-3 2026
LVI The Cycle of Poverty Q-4 2026
Vol. XIII 2027 Raising Awareness
LVII ReEngineering Juvenile Justice Q-1 2027
LVIII Corporations Q-2 2027
LVIX The Prison Industrial Complex Q-3 2027
LX Restoration of Rights Q-4 2027
Vol. XIV 2028 Culturally Relevant Programming
LXI Community Culture Q-1 2028
LXII Corporate Culture Q-2 2028
LXIII Strategic Cultural Planning Q-3 2028
LXIV
The Cross-Sector/ Coordinated
Service Approach to Delinquency
Prevention
Q-4 2028
Page 155 of 174

Vol. XV 2029 Inner-Cities Revitalization
LXIV
LXV
LXVI
Part I – Strategic Housing
Revitalization
(The Twenty Percent Profit Margin)
Part II – Jobs Training, Educational
Redevelopment
and Economic Empowerment
Part III - Financial Literacy
and Sustainability
Q-1 2029
Q-2 2029
Q-3 2029
LXVII Part IV – Solutions for Homelessness Q-4 2029
LXVIII
The Strategic Home Mortgage
Initiative
Bonus
Vol. XVI 2030 Sustainability
LXVIII Social Program Sustainability Q-1 2030
LXIX
The Advocacy Foundation
Endowments Initiative
Q-2 2030
LXX Capital Gains Q-3 2030
LXXI Sustainability Investments Q-4 2030
Vol. XVII 2031 The Justice Series
LXXII Distributive Justice Q-1 2031
LXXIII Retributive Justice Q-2 2031
LXXIV Procedural Justice Q-3 2031
LXXV (75) Restorative Justice Q-4 2031
LXXVI Unjust Legal Reasoning Bonus
Page 156 of 174

Vol. XVIII 2032 Public Policy
LXXVII Public Interest Law Q-1 2032
LXXVIII Reforming Public Policy Q-2 2032
LXXVIX ... Q-3 2032
LXXVX ... Q-4 2032
Page 157 of 174

The e-Advocate Monthly Review
2018
Transformational Problem Solving January 2018
The Advocacy Foundation February 2018
Opioid Initiative
Native-American Youth March 2018
In the Juvenile Justice System
Barriers to Reducing Confinement April 2018
Latino and Hispanic Youth May 2018
In the Juvenile Justice System
Social Entrepreneurship June 2018
The Economic Consequences of
Homelessness in America S.Ed – June 2018
African-American Youth July 2018
In the Juvenile Justice System
Gang Deconstruction August 2018
Social Impact Investing September 2018
Opportunity Youth: October 2018
Disenfranchised Young People
The Economic Impact of Social November 2018
of Social Programs Development
Gun Control December 2018
2019
The U.S. Stock Market January 2019
Prison-Based Gerrymandering February 2019
Literacy-Based Prison Construction March 2019
Children of Incarcerated Parents April 2019
Page 158 of 174

African-American Youth in The May 2019
Juvenile Justice System
Racial Profiling June 2019
Mass Collaboration July 2019
Concentrated Poverty August 2019
De-Industrialization September 2019
Overcoming Dyslexia October 2019
Overcoming Attention Deficit November 2019
The Gift of Adversity December 2019
2020
The Gift of Hypersensitivity January 2020
The Gift of Introspection February 2020
The Gift of Introversion March 2020
The Gift of Spirituality April 2020
The Gift of Transformation May 2020
Property Acquisition for
Organizational Sustainability June 2020
Investing for Organizational
Sustainability July 2020
Biblical Law & Justice TLFA August 2020
Gentrification AF September 2020
Environmental Racism NpA October 2020
Law for The Poor AF November 2020
…
Page 159 of 174

2021
Biblically Responsible Investing TLFA – January 2021
International Criminal Procedure LMI – February 2021
Spiritual Rights TLFA – March 2021
The Theology of Missions TLFA – April 2021
Legal Evangelism, Intelligence,
Reconnaissance & Missions LMI – May 2021
The Law of War LMI – June 2021
Generational Progression AF – July 2021
Predatory Lending AF – August 2021
The Community Assessment Process NpA – September 2021
Accountability NpA – October 2021
Nonprofit Transparency NpA – November 2021
Redefining Unemployment AF – December 2021
2022
21 st Century Slavery AF – January 2022
Acquiesce to Righteousness TLFA – February 2022
ComeUnity Capacity-Building NpA – March 2022
Nonprofit Organizational Assessment NpA – April 2022
Debt Reduction AF – May 2022
Case Law, Statutory Law,
Municipal Ordinances and Policy ALG – June 2022
Organizational Dysfunction NpA - July 2022
Institutional Racism Collab US – August 2022
Page 160 of 174

The Ripple Effects of Ministry TLFA - September 2022
The Sarbanes-Oxley Act of 2002 NpA – October 2022
Organized Crime (In The New Millennium) ALG – May 2022
Nonprofit Marketing NpA – June 2022
The Uniform Code of Military Justice AF – July 2022
Community Policing NpA – August 2022
Wills, Trusts & Estates AF – September 2022
International Incidents Series
I. Ten Conflicts to Watch In
The New Millennium LMI – October 2022
II. International Hotspots LMI – November 2022
III. International Cyber Terrorism LMI – December 2022
2023
IV. International Sex Trafficking LMI – January 2023
V. Brexit LMI – February 2023
VI. Global Jihad LMI – March 2023
VII. The Global Economy LMI – April 2023
…
Page 161 of 174

The e-Advocate Quarterly
Special Editions
Crowdfunding Winter-Spring 2017
Social Media for Nonprofits October 2017
Mass Media for Nonprofits November 2017
The Opioid Crisis in America: January 2018
Issues in Pain Management
The Opioid Crisis in America: February 2018
The Drug Culture in the U.S.
The Opioid Crisis in America: March 2018
Drug Abuse Among Veterans
The Opioid Crisis in America: April 2018
Drug Abuse Among America’s
Teens
The Opioid Crisis in America: May 2018
Alcoholism
The Economic Consequences of June 2018
Homelessness in The US
The Economic Consequences of July 2018
Opioid Addiction in America
Page 162 of 174

The e-Advocate Journal
of Theological Jurisprudence
Vol. I - 2017
The Theological Origins of Contemporary Judicial Process
Scriptural Application to The Model Criminal Code
Scriptural Application for Tort Reform
Scriptural Application to Juvenile Justice Reformation
Vol. II - 2018
Scriptural Application for The Canons of Ethics
Scriptural Application to Contracts Reform
& The Uniform Commercial Code
Scriptural Application to The Law of Property
Scriptural Application to The Law of Evidence
Page 163 of 174

Legal Missions International
Page 164 of 174

Issue Title Quarterly
Vol. I 2015
I
II
God’s Will and The 21 st Century
Democratic Process
The Community
Engagement Strategy
Q-1 2015
Q-2 2015
III Foreign Policy Q-3 2015
IV
Public Interest Law
in The New Millennium
Q-4 2015
Vol. II 2016
V Ethiopia Q-1 2016
VI Zimbabwe Q-2 2016
VII Jamaica Q-3 2016
VIII Brazil Q-4 2016
Vol. III 2017
IX India Q-1 2017
X Suriname Q-2 2017
XI The Caribbean Q-3 2017
XII United States/ Estados Unidos Q-4 2017
Vol. IV 2018
XIII Cuba Q-1 2018
XIV Guinea Q-2 2018
XV Indonesia Q-3 2018
XVI Sri Lanka Q-4 2018
Page 165 of 174

Vol. V 2019
XVII Russia Q-1 2019
XVIII Australia Q-2 2019
XIV South Korea Q-3 2019
XV Puerto Rico Q-4 2019
Issue Title Quarterly
Vol. VI 2020
XVI Trinidad & Tobago Q-1 2020
XVII Egypt Q-2 2020
XVIII Sierra Leone Q-3 2020
XIX South Africa Q-4 2020
XX Israel Bonus
Vol. VII 2021
XXI Haiti Q-1 2021
XXII Peru Q-2 2021
XXIII Costa Rica Q-3 2021
XXIV China Q-4 2021
XXV Japan Bonus
Vol VIII 2022
XXVI Chile Q-1 2022
Page 166 of 174

The e-Advocate Juvenile Justice Report
______
Vol. I – Juvenile Delinquency in The US
Vol. II. – The Prison Industrial Complex
Vol. III – Restorative/ Transformative Justice
Vol. IV – The Sixth Amendment Right to The Effective Assistance of Counsel
Vol. V – The Theological Foundations of Juvenile Justice
Vol. VI – Collaborating to Eradicate Juvenile Delinquency
Page 167 of 174

The e-Advocate Newsletter
Genesis of The Problem
Family Structure
Societal Influences
Evidence-Based Programming
Strengthening Assets v. Eliminating Deficits
2012 - Juvenile Delinquency in The US
Introduction/Ideology/Key Values
Philosophy/Application & Practice
Expungement & Pardons
Pardons & Clemency
Examples/Best Practices
2013 - Restorative Justice in The US
2014 - The Prison Industrial Complex
25% of the World's Inmates Are In the US
The Economics of Prison Enterprise
The Federal Bureau of Prisons
The After-Effects of Incarceration/Individual/Societal
The Fourth Amendment Project
The Sixth Amendment Project
The Eighth Amendment Project
The Adolescent Law Group
2015 - US Constitutional Issues In The New Millennium
Page 168 of 174

2018 - The Theological Law Firm Academy
The Theological Foundations of US Law & Government
The Economic Consequences of Legal Decision-Making
The Juvenile Justice Legislative Reform Initiative
The EB-5 International Investors Initiative
2017 - Organizational Development
The Board of Directors
The Inner Circle
Staff & Management
Succession Planning
Bonus #1 The Budget
Bonus #2 Data-Driven Resource Allocation
2018 - Sustainability
The Data-Driven Resource Allocation Process
The Quality Assurance Initiative
The Advocacy Foundation Endowments Initiative
The Community Engagement Strategy
2019 - Collaboration
Critical Thinking for Transformative Justice
International Labor Relations
Immigration
God's Will & The 21st Century Democratic Process
The Community Engagement Strategy
The 21st Century Charter Schools Initiative
2020 - Community Engagement
Page 169 of 174

Extras
The Nonprofit Advisors Group Newsletters
The 501(c)(3) Acquisition Process
The Board of Directors
The Gladiator Mentality
Strategic Planning
Fundraising
501(c)(3) Reinstatements
The Collaborative US/ International Newsletters
How You Think Is Everything
The Reciprocal Nature of Business Relationships
Accelerate Your Professional Development
The Competitive Nature of Grant Writing
Assessing The Risks
Page 170 of 174

Page 171 of 174

About The Author
John C (Jack) Johnson III
Founder & CEO – The Advocacy Foundation, Inc.
________
Jack was educated at Temple University, in Philadelphia, Pennsylvania and Rutgers
Law School, in Camden, New Jersey. In 1999, he moved to Atlanta, Georgia to pursue
greater opportunities to provide Advocacy and Preventive Programmatic services for atrisk/
at-promise young persons, their families, and Justice Professionals embedded in the
Juvenile Justice process in order to help facilitate its transcendence into the 21 st Century.
There, along with a small group of community and faith-based professionals, “The Advocacy Foundation, Inc." was conceived
and developed over roughly a thirteen year period, originally chartered as a Juvenile Delinquency Prevention and Educational
Support Services organization consisting of Mentoring, Tutoring, Counseling, Character Development, Community Change
Management, Practitioner Re-Education & Training, and a host of related components.
The Foundation’s Overarching Mission is “To help Individuals, Organizations, & Communities Achieve Their Full Potential”, by
implementing a wide array of evidence-based proactive multi-disciplinary "Restorative & Transformative Justice" programs &
projects currently throughout the northeast, southeast, and western international-waters regions, providing prevention and support
services to at-risk/ at-promise youth, to young adults, to their families, and to Social Service, Justice and Mental
Health professionals” in each jurisdiction served. The Foundation has since relocated its headquarters to Philadelphia,
Pennsylvania, and been expanded to include a three-tier mission.
In addition to his work with the Foundation, Jack also served as an Adjunct Professor of Law & Business at National-Louis
University of Atlanta (where he taught Political Science, Business & Legal Ethics, Labor & Employment Relations, and Critical
Thinking courses to undergraduate and graduate level students). Jack has also served as Board President for a host of wellestablished
and up & coming nonprofit organizations throughout the region, including “Visions Unlimited Community
Development Systems, Inc.”, a multi-million dollar, award-winning, Violence Prevention and Gang Intervention Social Service
organization in Atlanta, as well as Vice-Chair of the Georgia/ Metropolitan Atlanta Violence Prevention Partnership, a state-wide
300 organizational member violence prevention group led by the Morehouse School of Medicine, Emory University and The
Original, Atlanta-Based, Martin Luther King Center.
Attorney Johnson’s prior accomplishments include a wide-array of Professional Legal practice areas, including Private Firm,
Corporate and Government postings, just about all of which yielded significant professional awards & accolades, the history and
chronology of which are available for review online at LinkedIn.com. Throughout his career, Jack has served a wide variety of
for-profit corporations, law firms, and nonprofit organizations as Board Chairman, Secretary, Associate, and General Counsel
since 1990.
www.Advocacy.Foundation
Clayton County Youth Services Partnership, Inc. – Chair; Georgia Violence Prevention Partnership, Inc – Vice Chair; Fayette
County NAACP - Legal Redress Committee Chairman; Clayton County Fatherhood Initiative Partnership – Principal
Investigator; Morehouse School of Medicine School of Community Health Feasibility Study Steering Committee; Atlanta
Violence Prevention Capacity Building Project Partner; Clayton County Minister’s Conference, President 2006-2007; Liberty In
Life Ministries, Inc. Board Secretary; Young Adults Talk, Inc. Board of Directors; ROYAL, Inc Board of Directors; Temple
University Alumni Association; Rutgers Law School Alumni Association; Sertoma International; Our Common Welfare Board of
Directors President 2003-2005; River’s Edge Elementary School PTA (Co-President); Summerhill Community Ministries
(Winter Sports Athletic Director); Outstanding Young Men of America; Employee of the Year; Academic All-American -
Basketball; Church Trustee; Church Diaconate Ministry (Walking Deacon); Pennsylvania Commission on Crime & Delinquency
(Nominee).
Page 172 of 174

www.Advocacy.Foundation
Page 173 of 174

Page 174 of 174