A Few Cyber Warfare Resources

[JeffC]

Here's a nice collection of Cyberwarfare resources accumulated by the University of Washington. The major categories are: Cyberterrorism, Electronic Jihad, Media stories, Testimony/Reports to Congress, International Issues, Legal Issues, Misc.

Regarding the US Air Force Cyber Warfare activity:

Network Warfare integrated at RED FLAG

Cyberspace: A Warfighting Domain
(AF Cyberspace Task Force Brief)

And here's a link to the Air University Library's mega-link list on Cyberwar, Cyberspace, and Cybersecurity

Enjoy!

Jeff

[bismark17]

Thanks for posting that. I know Dittrick was really big into Malware Analysis and D/DOS attacks back in the day but didn't realize the U was still big into that.

[Stan]

Global hackers threaten net security in cyber warfare aimed at top targets, Rachel Williams, The Guardian, November 29 2007

China has spelled out in a white paper that "informationised armed forces" are part of its military strategy.

Targets include air traffic control, financial markets, government computer networks and utility providers. In September, the Guardian reported that Chinese hackers, including some believed to be from the state military, had been attacking the computer networks of British government departments, including the Foreign Office.

James Mulvenon, an expert on China's military, who is also director of the Centre for Intelligence and Research in Washington, said the Chinese were the first to jump "feet first" into 21st-century cyber-warfare technology.

[JeffC]

Global hackers threaten net security in cyber warfare aimed at top targets, Rachel Williams, The Guardian, November 29 2007

I think they're highlighting Chinese hackers because they're so effectivel, however China isn't unique in this respect. It's almost de rigour for a foreign intelligence service to probe another nation's computer networks for weak spots.

Another issue that the above referenced article refers to is Cybercrime, which in 2006 netted about $US 67 Billion from businesses and individuals, and we have few effective defenses against it. I just posted a report on the Economics of Phishing at IntelFusion. While Cyberwarfare projects get more funding, Cybercrime is the untamed and very lucrative Wild West for criminal organizations like the Russian Business Network and Rock Phish.

[Stan]

Jeff, I enjoyed your article. Cyber Militia comes across as a Super Geek battalion

Not a bad idea me thinks. We have specialists in psychological operations and civil affairs, but they primarily deal with face-to-face real people on a personal level. How would they fair against an opponent in the future on the other end of an IP?

Our head geek is so introverted, and more often than not, the last individual you would want in a social setting (he also totally agrees with this evaluation). However, on the keyboard and behind his monitor…he’s God.

Regards, Stan

[selil]

Levy, S. (1984). Hackers: Heroes of the computer revolution. New York: Penguin Putnam.

Stoll, C. (1990). The cuckoo's egg: Tracking a spy through the maze of computer espionage. New York: Pocket Books.

McCumber, J. (1991). Information Systems Security: A Comprehensive Model. Paper presented at the 14th National Computer Security Conference, National Institute of Standards and Technology. Baltimore, MD. October.

Pufeng, W. (1995). The challenges of information warfare. Excerpted from China Military Science(Spring 2005).

Hafner, K., & Lyon, M. (1996). Where wizards stay up late: The origins of the Internet. New York: Simon & Schuster.

Kahn, D. (1996). The code breakers: The Comprehensive history of secret communication from ancient times to the Internet. New York: Scribner.

In Athena's camp: Preparing for conflict in the information age. (1997). Santa Monica, CA: RAND.

PRESIDENTIAL DECISION DIRECTIVE/NSC-63. (1998). Retrieved November 1, 2007, from http://www.fas.org/irp/offdocs/pdd/pdd-63.htm

Ware, W. H. (1998). The cybe-posture of the national information infrastructure. Santa Monica, CA: Rand.

The changing role of information in warfare. (1999). Santa Monica, CA: RAND.

Denning, D. E. (1999). Information warfare and securty. New York: Addison Wesley.

Panda, B., & Giordano, J. (1999). Defensive information warfare. Communications of the ACM, 42(7), 31-32.

A nation transformed by information: How information has shaped the United States from colonial times to the present. (2000). New York: Oxford University Press.

Denning, D. E. (2000). Cyberterrorism. Retrieved November 1, 2007, from http://www.cs.georgetown.edu/~dennin...berterror.html

Networks and netwars: The future of terror, crime, and militancy. (2001). Santa Monica, CA: RAND.

The transnational dimmension of cyber crime and terrorism. (2001). Stanford, CA: Hoover Institution Press.

Erbschloe, M. (2001). Information warfare: How to survive cyber attacks. Berkley California: Osborne/McGraw Hill.

Kumagai, J. (2001). The web as a weapon. IEEE Spectrum(January), 118-121.

Levy, S. (2001). Cypto: How the code rebels beat the government saving privacy in the digital age. New York: Penguin Putnam.

Maconachy, W. V., Schou, C. D., Ragsdale, D., & Welch, D. (2001). A Model for Information Assurance: An Integrated Approach. Paper presented at the 2001 IEEE Workshop on Information Assurance and Security, US Military Academy, West Point, NY.

Householder, A., Houle, K., & Dougherty, C. (2002). Computer attack trends challenge internet security. Security & Privacy (Computer), 35(4), 5-7.

Lewis, J. A. (2002). Assessing the risks of cyber terrorism, cyber war and other cyber threats. Washington DC: Center for Strategic & International Studies.

Mitnick, K. D., & Simon, W. (2002). The art of deception: Controlling the human element of security. Indianapolis, IN: Wiley Publishing.

Homeland Security Presidential Directive/Hspd-7. (2003). Retrieved November 1, 2007, from http://www.whitehouse.gov/news/relea...0031217-5.html

Berkowitz, B. D. (2003). The new face of war: How war will be fought in the 21st century. New York: Free Press.

Cahill, T. P., Rozinov, K., & Mule, C. (2003). Cyber warfare peacekeeping. Paper presented at the Workshop on information assurance, United States Military Academy, West Point, NY.

Sheldon, F., Potok, T., Krings, A., & Oman, P. (2003). Critical energy infrastructure surviability, inherent limitation, obstacles, and mitigation strategies. Paper presented at the PowerCon 2003 - Special Theme: BLACKOUT, New York, USA.

Verton, D. (2003). Black Ice: The invisible threat of cyber-terrorism. New York: McGraw-Hill/Osborne.

Graham, P. (2004). Hackers & painters big ideas from the computer age. Sebestopol, CA: O'Reilly.

Gupta, A., & Laliberte, S. (2004). Security by example defend I.T. New York: Addison Wesley.

Saydjari, S. (2004). Cyber defense: Art to science. Communications of the ACM, 47(3), 53-57.

Sukhai, N. B. (2004). Hacking and cybercrime. Paper presented at the InfoSecCD Conference, Kennesaw, GA.

The Government of the United States. (2004). The 9/11 Commission report: Final report of the national commision on terrorist attacks upon the United States (Authorized Edition ed.). New York: Norton & Company.

Brenner, B. (2005). Myfip's Titan Rain connection. Retrieved November 17, 2007, from http://searchsecurity.techtarget.com...120855,00.html

Espiner, T. (2005, November 23, 2005). Security experts lift lid on Chinese hack attacks. Retrieved November 17, 2007, 2007, from http://news.zdnet.com/2100-1009_22-5969516.html

Gantz, J., & Rochester, J. B. (2005). Pirates of the digital millennium: How the intellectual property wars damage or personal freedoms, our jobs, and the world economy. Upper Saddle River, NJ: Financial Times Prentice Hall.

Ilett, D. (2005). Security Guru slams misuse of 'cyberterrorism'. Retrieved November 1, 2007, from http://news.zdnet.com/2100-1009_22-5685500.html

Luard, T. (2005, July 22, 2005). China's spies come out from the cold. International Version. Retrieved November 16, 2007, from http://news.bbc.co.uk/2/hi/asia-pacific/4704691.stm

Schneir, B. (2005). Attack trends: 2004 and 2005. Retrieved November 1, 2007, from http://www.schneier.com/blog/archive..._trends_2.html

Thornburgh, N. (2005, August 25, 2006). Inside the Chinese hack attack. Retrieved November 1, 2007, from http://www.time.com/time/nation/arti...098371,00.html

Wilson, C. (2005). Computer attack and cyberterrorism: Vulnerabilities and policy issues for congress (No. RL32114): The Library of Congress.

Dartnell, M. Y. (2006). Insurgency online: Web activism and global conflict. Toronto: University Tornoto Press.

Rogin, J. (2006, May 25, 2006). DOD: China fielding cyberattack units. Retrieved November 1, 2007, from http://www.fcw.com/online/news/94650-1.html

Wilson, C. (2006). Information operations and cyberwar: Capabilities and related policy issues (No. RL31787): The Library of Congress.

China spying 'biggest US threat'. (2007, November 15, 2007). International Version. Retrieved November 15, 2007, from http://news.bbc.co.uk/2/hi/americas/7097296.stm

China denies Pentagon cyber-raid. (2007, September 4, 2007). International Version. Retrieved November 16, 2007, from http://news.bbc.co.uk/2/hi/americas/6977533.stm

Meserve, J. (2007, September 26, 2007). Source: Staged cyber attack reveals vulnerability in power grid. Retrieved November 1,, 2007, from http://www.cnn.com/2007/US/09/26/pow...isk/index.html

Robb, J. (2007). Brave new war: The next stage of terrorism and the end of globalization. Hoboken, New Jersey: John Wiley & Sons.

Rollins, J., & Wilson, C. (2007). Terrorist capabilities for cyberattack: Overview and policy issues (No. RL33123): The Library of Congress.

Sevestopulo, D. (2007, September 3, 2007). Chinese military hacked into Pentagon. Retrieved November 17, 2007, from http://www.ft.com/cms/s/0/9dba9ba2-5...nclick_check=1

[JeffC]

Chris, I enjoyed your article. Cyber Militia comes across as a Super Geek battalion

"Chris?" Did somebody change my name and not tell me? I hate it when that happens!

It's definitely the Geek era. Talk about revenge of the Nerds.

In all seriousness, though, I do think that we need to explore new options for combating both cybercrime and cyberwarfare. I'll try to organize my thoughts about that over the next few days.

[Cannoneer No. 4]

is already at work taking down jihad YouTube videos.

[Stan]

is already at work taking down jihad YouTube videos.

I’d have thought that some Justice organization was controlling and ‘deleting’ these sites. I can only imagine what else comes with logging in, besides horrific imagery.

[Stan]

The Cyberwars begin is ranked number 1 with Foreign Policy in the top ten stories of 2007.

In late April, Western experts were caught off guard when a barrage of cyberattacks emanating from Russia crippled the banking, police, and government offices of Estonia. Many called it the world's first full-scale cyberinvasion. Then in June, Pentagon officials accused the Chinese military of hacking into a computer network used by top aides to U.S. Defense Secretary Robert Gates.

This emerging threat may explain why in September the U.S. Air Force quietly decided to form a Cyberspace Command. The new Cyberspace Command, due to become fully operational by October 2009, will be charged with helping to guard against such threats.

The Air Force has also just graduated its first class of cyberfighters, trained in network warfare. More than 20 years after the founding of the Internet, the next "revolution in military affairs" may be online.

More at the link. Note: free registration required

[selil]

I know one thing. When I changed my dissertation to cyber warfare as a form of low intensity conflict a whole lot of people started throwing money at me. I've gotten some interesting emails based on a little paper I published at a technology and society conference (LINK).