Skip to main content
main-content

Über dieses Buch

There is little doubt that cyber-space has become the battle space for confrontations. However, to conduct cyber operations, a new armory of weapons needs to be employed. No matter how many, or how sophisticated an aggressor’s kinetic weapons are, they are useless in cyber-space.

This book looks at the milieu of the cyber weapons industry, as well as the belligerents who use cyber weapons. It discusses what distinguishes these hardware devices and software programs from computer science in general. It does this by focusing on specific aspects of the topic—contextual issues of why cyber-space is the new battleground, defensive cyber weapons, offensive cyber weapons, dual-use weapons, and the implications these weapons systems have for practice.

Contrary to popular opinion, the use of cyber weapons is not limited to nation states; though this is where the bulk of news reporting focuses. The reality is that there isn’t a sector of the political-economy that is immune to cyber skirmishes. So, this book looks at cyber weapons not only by national security agencies and the military, but also by law enforcement, and the business sector—the latter includes administrations termed non-government organisations (NGOs).

This book offers study material suitable for a wide-ranging audience—students, professionals, researchers, policy officers, and ICT specialists.

Inhaltsverzeichnis

Frontmatter

Chapter 1. Weaponization of Computers

Abstract
This chapter examines how computer hardware and software can be weaponized. It draws analogies with other items of common use and shows how, why, and by whom cyber technology is weaponization. It concludes with a discussion of the implications for policy and ramifications for practice.
Henry Prunckun

Chapter 2. Human Nature and Cyber Weaponry: Use of Denial and Deception in Cyber Counterintelligence

Abstract
With the increase use of cyber weapons for Internet-based cyber espionage, the need for cyber counterintelligence has become apparent, but counterintelligence remains more art than science because of its focus on tricking human nature—the way people think, feel, and behave. Nevertheless, counterintelligence theory and practice have been extended to domains such as industry and finance, and can be applied to cyber security and active cyber defense. Nonetheless, there are relatively few explicit counterintelligence applications to cyber security reported in the open literature. This chapter describes the mechanisms of cyber denial and deception operations, using a cyber deception methods matrix and a cyber deception chain to build a tailored active cyber defense system for cyber counterintelligence. Cyber counterintelligence with cyber deception can mitigate cyber spy actions within the cyber espionage “kill chain.” The chapter describes how defenders can apply cyber denial and deception in their cyber counterintelligence operations to mitigate a cyber espionage threat and thwart cyber spies. The chapter provides a hypothetical case, based on real cyber espionage operations by a state actor.
Frank J. Stech, Kristin E. Heckman

Chapter 3. The Human Element: The “Trigger” on Cyber Weapons

Abstract
This chapter discusses the protection of businesses from cyber penetrations using the lessons and principles of defending firms against competitive intelligence operations. Although popular culture could lead one to believe that cyber penetrations are all about devices and software exploits, the reality is that the human element plays a pivotal part. In our high-tech society, cyber penetrations all too often rely on low-tech approaches, which can often easily be foiled by alert employees and contractors. Without employee and contractor gullibility, it would be difficult to impossible to penetrate a well-crafted cyber-security system. Like the first reported swindler who conned people in to giving them their watches, today’s con artists are focused on big prizes—information. This chapter examines data and the methods businesses can use to identify what is critical to their operations, and some simple, yet effective ways to protect it. These approaches are used in competitive intelligence and state that regardless of the high-tech environment in which corporations operate, cyber penetrations are often facilitated by low-tech approaches via the human element.
John J. McGonagle

Chapter 4. Cyber Defense for IMGs and NGOs Using Crime Prevention Through Environmental Design

Abstract
By using social media and crime prevention through environmental design (CPTED) principles, issue motivated groups (IMGs) and non-government organizations (NGOs) can develop cyber defense mechanisms and security measures. In contrast to military and governments, non-state actors should not require secrecy to protect its interests—rather secrecy is counter to the aims and objectives of those organisations or groups. Subsequently, the greater the transparency of action, the better for organizations and groups working against hostile governments. This chapter examines the possibilities of using social media and CPTED principles to enable issue motivated groups and non-government organizations to develop cyber defenses against hostile governments or agent provocateurs. It illustrates some possibilities and options available including using social media platforms and mixed technological networks. A central element to developing cyber defense is ensuring the online spaces are designed and administrated in a manner that allows users a sense of inclusiveness, transparency and security.
Troy Whitford

Chapter 5. Drinking from a Fire Hydrant: Information Overload As a Cyber Weapon

Abstract
The foundation of this chapter is based in the fact that information, as argued by Clausewitz, can by a weapon whether too little or too much. This chapter is presents a revised typology of cyber war within the international system. It addresses the limitations of a previous typology given the revelations that have occurred in the international system over the past several years. The typology addresses important issues including the type of attack, the actor involved, and the level of disruption that is generated by the attack. The resulting outcomes allow for better understanding and plotting of the impact of cyber war within the international system.
Craig Greathouse

Chapter 6. Archer’s Stakes in Cyber Space: Methods to Analyze Force Advantage

Abstract
This chapter presents two frameworks for analysing the deployment of cyber weapons by nation states. Framework One examines the factors that comprise the deployment of cyber weapons through four categories of analysis. These categories are: (a) how the cyber weapon is deployed; (b) the effects that the cyber weapon creates; (c) the target against which the cyber weapon is launched; and (d) the objectives sought through the cyber weapon deployment. Framework One is illustrated through an examination of Operation Orchard—the cyber enabled Israeli strike on a suspected Syrian nuclear facility in 2007. Framework Two provides an alternative means to analyse the deployment of cyber weapons by nation states. This is achieved through an examination of the variables considered when determining whether cyber weapon deployment will be politically advantageous. Central to the analysis is a comparative calculation of the benefits and disadvantages (dis-benefits) arising from the use of cyber weaponry. Consideration of benefits focuses on the political value of objectives that can be achieved through the deployment of cyber weaponry, as well as the likelihood that these objectives will be achieved. Analysis of dis-benefits focuses first on the internal and external political constraints on state deployment of cyber weapons, then on the risk and impact of retaliation against the state initiating cyber weapon use. The utility of Framework Two is explored by examining the Stuxnet attack on Iranian nuclear enrichment capabilities.
Daniel P. Hughes

Chapter 7. The Rule of Law: Controlling Cyber Weapons

Abstract
This chapter discusses how information and communications technology (computer systems and data transmission) are used as cyber weapons for criminal purposes. It canvasses a number of legislative policy options for controlling their misuse. It concludes with the view that implementing cyber weapons laws—in the same vein as firearms legislation—would not only help ensure society’s domestic wellbeing, it would aid national security.
Henry Prunckun

Chapter 8. Double-Edged Sword: Dual-Purpose Cyber Security Methods

Abstract
Using forensics techniques, organizations can uncover vital evidence and information regarding intrusion methods and techniques, what actions an intruder took when inside the system or network and what information was taken. However, anti-forensic techniques are being used by cyber-criminals to remove the traces which can be used to successfully investigate their intrusion or cover the fact that an intrusion has taken place. Many of the modern cyber-security programs that are used to defend networks, and the data held within them, are being used by those who would wish to enter these systems without permission—they are a double-edged sword. Cyber-security applications provide important advantages to security professionals. Nevertheless, these advantages are reduced, or lost, when they are used by cyber-criminals in an anti-forensics manner. This chapter explores how common security techniques and methods, such as system logging, vulnerability scanning, and network monitoring, can be misused by cyber-criminals to hide their presence on the network. It then explores some simple security practices and approaches that can be used by network defenders to reduce the effectiveness of these anti-forensic practices.
Angela S. M. Irwin

Chapter 9. “Who Was That Masked Man?”: System Penetrations—Friend or Foe?

Abstract
This chapter explores a range of hacking techniques that can be used for either malicious or good purposes. It focuses on the role of the penetration tester, also known as a white hat hacker, or an ethical hacker. The discussion highlights the need to employ ethical hackers to expose system vulnerabilities so that they can be addressed before they are exploited by criminals or other threat actors. Because the techniques and methods used by ethical hackers are largely the same as those used by malicious hackers, there are some risks that need to be considered. Moreover, that there is a need for improving the standard of professionalism amongst ethical hackers, through certification, education and validation. Professionals in this area of IT assist organizations to mitigate cyber threats, not only by testing systems, but also in reviewing policies, procedures and controls. Ethical hackers are thus, an integral component of a mature security program.
Georg Thomas, Greg Low, Oliver Burmeister

Chapter 10. Development and Proliferation of Offensive Weapons in Cyber-Security

Abstract
The proliferation of cyber weapons can put powerful offensive capabilities into the hands of states. This chapter explores just what a cyber weapon is and how the process of proliferation works. Highlighting the importance of information in building these offensive capabilities, the chapter argues that what should be considered a weapon is just a small part of what is proliferated in cybersecurity. While states have dominated the debate regarding cybersecurity threats, non-state and criminal actors play key roles in facilitating proliferation through the malware markets. When states and policymakers begin to examine how to disrupt the proliferation of new offensive techniques and methods, they should start with improving software security and resilience.
Trey Herr

Chapter 11. No Smoking Gun: Cyber Weapons and Drug Traffickers

Abstract
Drug trafficking is a criminal threat of billion-dollar proportions. Drug traffickers exercise international influence and Australian policymakers therefore need to reconsider the framework on which current policy rests. If the so-called war-on-drugs is couched in those terms, then it makes sense to explore a war-like approach—the use of information warfare to defeat drug traffickers’ information processes that are vital to supporting their worldwide financial networks as well as their command and control arrangements. This chapter promotes discussion about a drugs policy that focuses on attacking the source of the illicit drug problem using cyber weapons.
Henry Prunckun

Chapter 12. Autonomous Weapons: Terminator-Esque Software Design

Abstract
This chapter explores the moral implications of autonomous robotic weapons. This is done by answering several key questions. Firstly, in what sense are such weapons really autonomous? It is argued that this is not the case. Secondly, do such weapons necessarily compromise the moral responsibility of their human designers, computer programmers and/or operators and, if so, in what manner and to what extent? It is argued that it is not necessarily the case, at least if such weapons have human in or on the loop. Finally, should certain forms of autonomous weapons be prohibited? It is argued that human out of the loop weapons should be prohibited.
Seumas Miller

Chapter 13. Warfare of the Future

Abstract
This chapter discusses implications of cyber war with regard to critical infrastructure, primarily arrangements that relate to industrial control systems and processes that operate power, water, communications, manufacturing, and many other essential functions. The chapter explores the potential for disruption, espionage, and sabotage by rogue individuals, states, or sub-state adversaries. It discusses methods to help safeguard against these attacks as well as looking at the technical obstacles that arise because of the integrated nature of government and private-sector networks. The chapter contemplates the laws of armed conflict and the issue of whether a cyber-attack against the United States is of such magnitude to be considered an armed attack, so as to trigger the lawful exercise of the right of self-defence. The intention is to show that cyber-warfare is all-encompassing and cannot easily be categorized into nation-state, military, or civilian categories. The question of whether such attacks constitute the use of force and the lack of clarity around issues of attribution and detection suggests that traditional legal principles governing war need to be reassessed in the new era of cyber-warfare.
Sara M. Smyth

Chapter 14. Researching Cyber Weapons: An Enumerative Bibliography

Abstract
Scholarly literature about cyber weapons can be found in a number of sources, especially in college and university libraries. Articles published in the subject areas of computer science, engineering, export controls, law and military studies are also among the best sources of current analysis assuming they are peer-reviewed and substantiated with research sources. Patent applications, blog posts, and government documents may also provide researchers with valuable information about cyber weapons at various stages of the development and deployment processes. Bibliographies, whether analytic or enumerative, offer researchers a short cut to the relevant published material on the topic. This chapter presents an enumerative bibliography of sources with an overview of other methods useful in locating scholarly papers or updating the ones already found.
Lori Fossum

Erratum to: “Who Was That Masked Man?”: System Penetrations—Friend or Foe?

Without Abstract
Georg Thomas, Greg Low, Oliver Burmeister

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise