AnalyticalReport Cyberwarfare& Cyberterrorism

8/12/2019 AnalyticalReport Cyberwarfare& Cyberterrorism

1/16

CYBER-WARFARE AND

CYBER-TERRORISMThe Next Threat to National Security

Prepared by Rahim Adam & Jeffrey Thorson

IT 486, Central Washington University

June 5, 2014


2/16

Professional Value

Cyber-warfare and cyber-terrorism are important to an IT organization both directly and

indirectly. When it comes to our national security it is important to not forget that our private

companies plays vital role to our economy together with the support of our government sector.

Private companies can be attacked with a piece of malware or by a distributed denial of service

attack (DDoS) which is directly attacking the company. These attacks possess significant threat

to our nations interests. Both government organizations, private contractors, and the entire

private companies can also be affected through indirect means by attacking other means such as

power grids, air traffic controls systems, gas pipe lines, sabotage our communications of troops

as well as confusing their operational routines and our financial markets systems such as stock

market.

The root causes of cyber-warfare and cyber-terrorism points out to the evolution of

internet from early 1990s. As more private companies, government institutions and our military

tend to rely more on using computer systems and their network infrastructures, hackers and

professional attackers find it to be an opportunity to carry out threats in cyber space. Another

root a cause for cyber-warfare and cyber-terrorism is how easily those remote attacks can be

carried out with only minimum resource required and to create a psychological fear. A terrorist

can sit in front of his computer and launch an attack into different parts of the world by using

various paths into different countries while covering his tracks to be untraceable, and cause

massive financial damages and even fatalities. Minimal resources and very low budget plans

make it very easy in making this form of terror. On the other hand, traditional terrorism requires

much more resources such as: large finances, weapons, man power and security access. Cyber

terrorism fits with the terrorism common purpose which is to create fear, confusion and


3/16


4/16


5/16

- 1 -

Executive Summary

The Internet has become a vital resource in the past two decades, from a small network

limited primarily to the scientific community to a global network that counts more than two

billion users. With the advancements in technology, an increasing number of applications were

created for the Internet such as email and social networks.

The cyber world has seen an increase in cyber-warfare and cyber-terrorism. Some

countries such as the United States have weak security against these threats. With people storing

sensitive information on networks, this has led to cyber espionage against governments and

businesses.

This report explores where the world is today in cybersecurity and if businesses in the

United States should be held responsible for strengthening their infrastructure from Cyber-

attacks. Specifically, it delves into what has happened and what will happen in the future and

what the world is doing to prepare.

Given the increasing reliance on information systems in general and access to the Internet

in particular, critical infrastructure is growing progressively more vulnerable to cyber-attack.

Cyber weapons appear to be capable of catastrophic destruction in that they could inflict

extreme misfortune on a businessin the form of imposing very large, long-term costs. Many

businesses are already incurring losses today because of cyber-attacks, but some are working to

minimize their vulnerability from future threats.

A cyber-attack against critical infrastructures in the United States will shock the public

and cause some sort of chaos. Compared to a standard attack, it is much more difficult to locate


6/16

- 2 -

where the attack came from. This can give attackers confidence tostrike a company and steal

valuable information while staying hidden.

Cyber-terrorism has gained popularity in the world because of how simple it can be to

attack a business. As before, the attackers can stay hidden by using remote attacks. They also

only require minimal resources to manage an attack while also creating a big fear factor.

With cyber-warfare and cyber-terrorism becoming more prominent and an easy way to

attack an entity, it is becoming more important to protect the infrastructure from any possible

threat from anywhere in the world.

Introduction

The purpose of this report is to provide a realistic assessment of the capabilities, means,

and motivations of certain individuals or nations to conduct a remote, computer attack either

against the United States or against regional adversaries. There is no such thing as perfect IT

security. For instance, hackers seem always able to keep one step ahead of the latest software

security patch, and some secure portions of nations Department of Defense computer systems by

pertaining to procurement and logistics that are connected to the public switch network.

Depending on how these cyber-attacks are carried is how they get defined.

Cyber-warfare is Internet-based conflict involving politically motivated attacks on

information and information systems(Rouse). Cyber-warfare attacks can disable official

websites and networks, disrupt or disable essential services, steal or alter classified data, and

cripple financial systems - among many other possibilities.

Cyber-terrorism is the premeditated use of disruptive activities, or the threat thereof,

against computers and/or networks, with the intention to cause harm or further social,

ideological, religious, political or similar objectives or to intimidate any person in furtherance of


7/16

- 3 -

such objectives(Coleman). The U.S. Government states how cyber-terrorism will soon equal or

surpass the danger of terrorism in the near future.

In 2011, former department of homeland security secretary Michael Chertoff and former

defense secretary William Perry warned that The constant assault of cyber assaults has inflicted

severe damage to our national and economic security, as well as to the property of individual

citizens. The threat is only going to get worse. Inaction is not an acceptable action.(Hearing

Before The Committee on Homeland Security and Governmental Affairs Senate, February 16

2012)

The scope or limits of our study found that both cyberwar-fare and cyber-terrorism are

very hard to predict their occurrence as of when they will occur since they are carried remotely

and anonymously. Finding out as of whether the attack took place and where it came from it is

always known after the damage is done.

Report Findings:

In our report findings, we found cyber-warfare and cyber-terrorism to be increasing due

to numerous reasons but mainly because they are easy to be carried out at very low cost budget

close to nothing, they can create confusions to victims, amount of damage they can create and

attackers can remain anonymously for quiet sometime. Cyber-warfare and cyber-terrorism are

both crimes which can be launched from any location in the world using various tactics to

penetrate the security implemented by the victims. These threats are real, they prove no one to be

safe and they are able to defeat any country in the world including super power nations like the

United States.


8/16

- 4 -

Many people believe the United States is going to have a cyber-attack similar to the

devastation of 9/11. Secretary Napolitano stated After 9/11, we just could not do enough to

protect ourselves from another 9/11. And we have the opportunity here to do something

preemptively, preventively, methodically, and at much less cost to our society overall.(Hearing

Before The Committee on Homeland Security and Governmental Affairs Senate, February 16

2012). The bill was going to help make it their responsibility to take action and be proactive

about securing our infrastructure.

Secretary Napolitano Obviously, it will cost some to enforce this, to carry it out, but it

will be a fraction of what it would cost our society if there was a successful cyber attack.

(Hearing Before The Committee on Homeland Security and Governmental Affairs Senate,

February 16 2012).

The cost of constructing the worms or viruses they are pretty much close to nothing. It

takes a computer, internet and few tutorials from online on how to create those viruses if the

attacker does not have knowledge to create codes and send them to the victims. It is the win-win

situation for criminals to carry their attack undetected because they always want to continue with

their viscous attacks. Depending on the severity of the attacks, people who carry out these

actions they share two mainly common interests which is to create confusion and physiological

fear in victims mind as well as stealing classified data.

It is evident that cyber-warfare and cyber-terrorism always comes as a surprise even

though people and nations know about their existence. The attacks can originate from any part of

the world without anyones knowledge, however through the footprints they get discovered

sometimes after the damage is done. Severe increase of these threats proves that even super


9/16


10/16

- 6 -

Figure 1 displays five countries and describes what each of them are focusing on and also how

much each countries expenses are for the coming years. As you see, the US has a cyber budget

of $1.54 billion from 2013 to 2017(Pierluig, 2012). While this graph provides and idea of a

countries status regarding cyber-warfare, it fails to show the private businesses aspect and how

much they will invest in their security. Since 90% of the United States infrastructure is controlled

by the private sector, the United States should put more focus into strengthening those businesses

as well to reinforce our core infrastructure.


11/16

- 7 -

Figure 2Attack Trend with Drill Downs of Motivations

(Passeri, 2014)

Figure 2 above displays discovered attacks for each month of 2013 and what types of attacks

were taken place. It displays attacks have decreased as the year continued. Unforuneatly that is

not the case says Erin Palmer from BusinessAdministration Information. The report refers to

2013 as the year of the mega breach because of the high number of security breaches, a 62%

increase from 2012. Just eight of the many breaches in 2013 revealed more than 10 million

identities each (Palmer, 2014). Attacks are becoming more sophisticated and harder to detect

which allow hackers to steal more information without being caught.


12/16

- 8 -

Figure 3Top 10 Attack Techniques

(Passeri, 2014)

Out of all the attacks that were detected, figure 3 breaks down what were the top 10 attacks in

2013. As shown DDoS was the most used technique with SQL injection behind it. DDoS attacks

are popular because hackers can control a botnet with thousands of computers and can attack

someone with high a high rate of success.


13/16

- 9 -

Figure 4Distrubution of Targets

(Passeri, 2014)

Figure 4 illustrates who are targets for cyber attacks between January and April of 2014. With

the top three targets being industry, government and organizations, these are the most critical to a

country. There needs to be a greater investment in securing these networks to help diminish

attacks from occurring.

Figure 5Percentage of Time Spent on IT Security

(Begun, 2008)


14/16

- 10 -

This graph shows an estimate of how much time an average user spends on IT Security. The

majority of users surveyed spend no more than 3 hours on security per week. This gives an idea

of how businesses are still not doing enough to protect themselves from cyber-terrorism and that

it needs to be taken seriously.

Summary

Cyber-warfare and cyber-terrorism have become a real concern and are becoming more

of a threat with better technology. People need to be educated on how serious these threats are and how to

help decrease the chance of an attack taking place. As illustrated in figure 5, it is evident more people

need to spend more time learning the precautions that would in preventing these attacks.

Failing to educate the public on what steps they can take to help minimize cyber-attacks would be

very costly to the United States not only economically, but also on a personal level. With attacks being

more focused towards the industry and government as stated in figure 4, there is more of a concern that

peoples private information can be at risk.

Conclusion

The world is changing the way war is pictured. In the past we used weapons such

as guns and missiles to attack our enemy, but today, we use technology. Cyber-attacks are the

weapons of the future. Cyber-terrorists can attack any target from anywhere in the world to cause

chaos and harm.

Recommendations

The United States has almost single-handedly blocked arms control in cyberspace. Over

the past decade, the United States has declined to join in on cyber talks because they had not yet


15/16

- 11 -

explored what it wanted to do in the area of cyber war. Now that over twenty nations militaries

and intelligence services have created offensive cyber war units and we have gained a better

understanding of what cyber war could look like, it may be time for the United States to review

its position on cyber arms control and ask whether there is anything beneficial that could be

achieved through an international agreement.(Clarke & Knake, 2010, pp. 219-220).

With cyber-warfare on the rise, and the private sector controlling the majority of the

countrys infrastructure, the government must communicate with the private sector to raise

awareness of the threats and what steps need to be taken to secure the infrastructure.

To help strengthen defenses even more, the government will need to teach citizens how

to protect themselves from cyber-attacks and what needs to be done in case of a possible threat.

By creating guidelines for everyone to follow and a clear path to take, these are just a few

steps that can be taken to help secure our countries infrastructure from any future cyber-attacks

and protect the citizens from harm.


16/16

12

References

Begun, D. A. (2008, June 23).Are SMBs Easy Pickin's for Cyber Criminals?Retrieved from Hot

Hardware: http://hothardware.com/News/Are-SMBs-are-Easy-Pickins-for-Cyber-

Criminals/Clarke, R. A., & Knake, R. K. (2010). Cyber War.

Coleman, K. (2014, June 3). Cyberterrorism.Retrieved from Directions Magazine:

http://www.directionsmag.com/articles/cyber-terrorism/123840

Hearing Before The Committee on Homeland Security and Governmental Affairs Senate, U. S.

(February 16 2012). Securing America's Future: The CyberSecurity Act of 2012. (p. 2).

Washington D.C.: U.S. Government Printing Office.

Palmer, E. (2014, Aprl 25).BusinessAdministration Information. Retrieved from Report:

Targeted Cyber-Attacks Increased by 91% in 2013:

http://www.businessadministrationinformation.com/news/report-targeted-cyber-attacks-

increased-by-91-in-2013

Passeri, P. (2014, May 19).Hackmageddon.Retrieved from 2013 Cyber Attacks Statistics

(Summary): http://hackmageddon.com/category/security/cyber-attacks-statistics/

Pierluig, P. (2012, October 5).InfoSec Institure.Retrieved from The Rise of Cyber Weapons and

Relative Impact on Cyberspace: http://resources.infosecinstitute.com/the-rise-of-cyber-

weapons-and-relative-impact-on-cyberspace/

Rouse, Margaret. "Cyberwarfare." May 2010. SearchSecurity. 3 June 2014

.

Coleman, Kelvin. "Cyberterrorism." 10 October 2003. Directions Magazine. 3 June 2014

.

Date post:	03-Jun-2018
Category:	Documents
Upload:	adamr1667
View:	225 times
Download:	1 times

AnalyticalReport Cyberwarfare& Cyberterrorism

Documents