Analysis of Cyberwarfare Ethics As It Pertains to Civilian Computer Networks/Infrastructures

Analysis of Cyberwarfare Ethics as It Pertains to Civilian Computer Networks/Infrastructures

Vanessa Paradine

Terms of Reference and Scope The Department of Defense (DoD) currently operates more than fifteen thousand different computer networks across four thousand military installations around the world, with as many as seven million DoD computers and telecommunications tools in use in eighty-eight countries.1 These networks experience over six million unauthorized probes per day.2 Due to the close integration of DoD and commercial networks, an attack within the cyber domain may significantly impact critical civilian infrastructures and networks. For the purpose of this article, the following definitions are pro vided: • Cyberspace, as defined by the National Security Presidential Di rective 541H0meland Security Presidential Directive 23, is "the interdependent network of information technology infrastruc tures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries."3 • Cyberspace operations is defined as "the employment of cy berspace capabilities where the primary purpose is to achieve military objectives or effects in or through cyberspace."4 • Cyberwarfare/cyberattack has not been defined by the Depart ment of the Defense (DoD); however, according to Deputy Defense Secretary William J. Lynn III, it can include a range of things-"from exploitation and exfiltration of data to degrada tion of networks to destruction of networks or even physical equipment, physical property."5 • Cyber Threats6 o Virtual-nonkinetic threats to DoD information networks that are just as real and damaging as physical threats.

34 Internatianal Journal of Intelligence Ethics, Vol. 4, No. 1 / Spring/Summer 2013 Analysis of Cyberwarfare Ethics 35

o Physical-kinetic threats mixed with nonkinetic threats; can severely impact the effectiveness of military joint operations. o Nation State-foreign-government sponsored; growing inter est in development of more sophisticated cyber capabilities leading to challenges in the defense of DoD information net works. o Non-Nation State-support for terrorist and organized crimi nal groups that have presented more opportunities for disrup tion of the DoD's information networks. • Distributed Denial of Service (DDoS)-An attacker attempts to prevent legitimate users from accessing information or services by targeting a user's computer, its network connection, or the com puters and network of the sites that a user is attempting to access. 7

Introduction

Cyberspace is a critical component to our everyday lives; nations depend on it for commerce, communication, and control of critical infrastructures such as electric power systems, water supply systems, and emergency services. Many countries and their top leadership recognize this domain as essential to their daily operations. The White House International Strategy for Cyberspace recognizes the importance of a highly developed electronic infrastructure:8 Digital infrastructure is increasingly the backbone of prosperous economies, vigorous research communities, strong militaries, transpar ent governments, and free societies. As never before, information tech nology is fostering transnational dialogue and facilitating the global flow of goods and services. These social and trade links have become indispensable to our daily lives. Critical life-sustaining infrastructures that deliver electricity and water, control air traffic, and support our financial system all depend on networked information systems. Gov ernments are now able to streamline the provision of essential services through eGovernment initiatives. Social and political movements rely on the Internet to enable new and more expansive forms of organiza tion and action. The reach of networked technology is pervasive and global. For all nations, the underlying digital infrastructure is or will soon become a national asset. In addition to civilian dependency of cyberspace, the United States and other nation state militaries are also heavily dependent on information networks for command and control of military forces, intelligence and logistics, and developing and fielding weapons 36 VANESSA PARADINE technologies.9 Armed forces that are considered to be modern and global in reach cannot effectively conduct operations without resilient, reliable information and communication networks and assured access to cyberspace. 1o This poses a new and complex ethical dilemma when a nation is conducting cyberwarfare operations. The integration of civilian and military cyber domains no longer limits cyberattacks to the battlefield, and civilian critical infrastructures are also at risk.ll Computer-induced failures of power grids, transportation systems, or on the financial sector could lead to physical damage and economic disruption on a massive scale, affecting civilians and economies world wideY Nonphysical damage such as theft of intellectual property may initially seem less destructive, yet it can still cause significant harm if it results in millions of dollars lost or if an adversary has duplicated critical defense science and technology.13 Cyberspace operations have become so advanced that the origin (country) of an attack may not be pinpointed. It is now easier for modern armed forces to infiltrate civilian networks and exploit them for military gain (e.g., shutdown power grids). This concept is perfect for covert operations-offering a protective shield of deniability of acts that may be considered unethical in conventional warfare.

Cyberwarfare Rules of Engagement

As a new and constantly evolving domain, the rules of cyberwar fare are not clearly defined. Recognizing the need for guidelines in cyberspace operations, the Secretary of Defense directed the com mander of the U.S. Strategic Command to establish the U.S. Cyber Command in June 2009.14 This new command has been charged with integrating and coordinating the activities of "full-spectrum military cyberspace operations" to ensure "reliable information and communication networks, to counter cyberspace threats, and to assure access to cyberspace. "15 Their strategy for the cyber do main is based on five pillars:16 • Pillar 1: Recognize cyberspace as a new domain of warfare. • Pillar 2: Employ defenses that can respond to attacks at network speed, as they happen or before they arrive. • Pillar 3: Ensure military and civilian critical infrastructures are protected. • Pillar 4: Cooperation with allies is essential to counter the cyber threat. Analysis of Cyberwarfare Ethics 37

• Pillar 5: Leverage the national technological base to build supe rior military capabilities. The u.s. and Cyber Command have cyberspace defense and deter rence measures well covered in their strategy. However, they are still lacking a cohesive plan for offensive operations. This is not surpris ing, as the cyber domain continually evolves and interconnects with military and civilian networks around the globe. In an effort to ad dress this issue, U.S. general Keith B. Alexander, Commander, u.s. Cyber Command, stated that "the DoD is working on cyber stand ing rules of engagement and in the meantime, the laws of land war fare and law of armed conflict apply to cyberspace. "17 As it relates to air, land, and sea domains, the law of armed conflict is derived from several sources, such as the Hague Conventions of 1899 and 1907, the Geneva Conventions of 1949, and their Additional Protocols of 1977.18 Article 49 of the Additional Protocols of 1977 defines attack as an act of "violence against the adversary," whether offensively or defensively, regardless of territorial location, and applicable to "land, air, or sea warfare that may affect the civilian population, individual civilians, or civilian objects on land. "19 The law of armed conflict in terms of conventional warfare for the protection of civil ians and property is clear and concise. Specific guidance as it pertains to civilians and critical infrastructures is outlined in Articles 51, 56, and 57 of the Additional Protocols of 1977:

Article 51-Protection of the civilian population20 • The civilian population as well as individual civilians shall not be the object of attack. • Indiscriminate attacks are prohibited. Indiscriminate attacks are: (a) those which are not directed at a specific military ob jective; (b) those which employ a method or means of combat which cannot be directed at a specific military objective; or (c) those which employ a method or means of combat and in each such case, are of a nature to strike military objectives and civilians or civilian objects without distinction. • Types of indiscriminate attacks: (a) bombardment by any methods or means which treats as a single military objective a number of clearly separated and distinct military objectives lo cated in a city, town, village or other area containing a similar concentration of civilians or civilian objects; and (b) an attack which may be expected to cause incidental loss of civilian life, 38 VANESSA PARADINE

injury to civilians, damage to civilian objects, or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated. Article 56-Protection of works and installations containing danger ous forces 21 • Works or installations containing dangerous forces, namely dams, dykes and nuclear electrical generating stations, shall not be made the object of attack, even where these objects are military objec tives, if such attack may cause the release of dangerous forces and consequent severe losses among the civilian population. • Other military objectives located at or in the vicinity of these works or installations shall not be made the object of attack if such attack may cause the release of dangerous forces from the works or installations and consequent severe losses among the civilian population. Article 57-Precautions in attack22 • In the conduct of military operations, constant care shall be taken to spare the civilian population, civilians and civilian objects. • Refrain from deciding to launch any attack which may be ex pected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects, or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated. • When a choice is possible between several military objectives for obtaining a similar military advantage, the objective to be selected shall be that the attack on which may be expected to cause the least danger to civilian lives and to civilian objects. The challenges with applying the conventional law of armed conflict with the cyber domain are isolating military targets (networks) while limiting damage to civilian infrastructures. Due to the complexity of modern networks, a definitive attack on a military target cannot be guaranteed without the possibility of civilian collateral damage.

Justified Response and Proportionality in Cyberspace Operations

General Alexander stated that the United States must determine what constitutes "a reasonable and proportional response to a cyberattack Analysis of Cyberwarfare Ethics 39 and if that response includes authority to shut down a computer net work. "23 Deputy Secretary of Defense William J. Lynn III goes into further detail by stating that the United States "reserves the right, under the laws of armed conflict, to respond to serious cyberattacks with a proportional and justified military response at the time and place of our choosing. "24 The question of what type of response is considered justified and proportional in the cyber domain remains to be answered. The principles of jus ad bellum and jus in bello are critical in creating a framework to properly address the application of the law of armed conflict in the cyber domain. Jus ad bellum emphasizes that an act of war must have just cause, be implemented as a last resort, declared by a proper authority, possess the right intention, have a reasonable chance of success, and the end being proportional to the means used.25 International frameworks such as the United Nations (UN) Charter have supported this concept and provide guidance as the proper authority to determine just cause in declaring a war. Signed by fifty countries in June 1945 after World War II, the UN Charter was written to maintain international peace and security, specifically stating "to save succeeding generations from the scourge of war, which twice in our lifetime has brought untold sorrow to mankind" arid "to ensure, by the acceptance of principles and the institution of methods, that armed force shall not be used, save in the common interest. "26 Article 2(4), states, "All Members shall refrain in their international relations from the threat or use of force against the territorial integrity or political indepen dence of any state, or in any other manner inconsistent with the Purposes of the United Nations. "27 In the spirit of maintaining peace among nations, this article further validates that war should only be implemented when all other options for resolution have been ex hausted. These other options and authoritative body are outlined in Articles 39 through 41, stating that the Security Council will deter mine "the existence of any threat to the peace, breach of the peace, or act of aggression and decide what measures not involving the use of armed force are to be employed. "28 Prior to any armed force engagement sanctions to include "complete or partial interruption of economic relations and of rail, sea, air, postal, telegraphic, radio, and other means of communication, and the severance of diplomatic relations" are to be considered.29 Only if those measures have been proven inadequate, "actions by air, sea, or land forces as may be utilized as necessary to maintain and restore international peace and security. "30 If a member state finds itself under attack, a provision 40 VANESSA PARADINE to act in self-defense was also provided in Article 51: "Nothing in the present Charter shall impair the inherent right of individual or collective self-defense if an armed attack occurs against a Member of the United Nations. "31 Jus in bello emphasizes discrimination of legitimate targets and how much force is morally appropriateY Attacking targets indis criminately is considered unfair and unjust because of the negative impact to civilians and nonmilitary facilities. 33 As mentioned in the previous section, Articles 51, 56, and 57 of the Additional Protocols of 1977 specifically state:34 • Indiscriminate attacks are prohibited: (a) those which are not directed at a specific military objective; (b) those which employ a method or means of combat which cannot be directed at a specific military objective; or (c) those which employ a method or means of combat and in each such case, are of a nature to strike military objectives and civilians or civilian objects without distinction. • Works or installations containing dangerous forces, namely dams, dykes and nuclear electrical generating stations, shall not be made the object of attack, even where these objects are military objectives, if such attack may cause the release of dan gerous forces and consequent severe losses among the civilian population. • Refrain from deciding to launch any attack which may be ex pected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects, or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated.

Cyberattacks and Their Consequences The effects of a disproportionate and indiscriminate attack were best seen in the spring of 2007 when Estonia was targeted by a series of DDoS attacks. As most modern countries, Estonia signifi cantly relies on the cyberspace domain to conduct daily operations. They have the highest broadband connectivity in Europe, with 98 percent of all bank transactions conducted through electronic means and 82 percent of all tax declarations submitted online.35 Additionally, they use e-Iearning environments in their schools and routinely use ID cards and digital signatures in both government Analysis of Cyberwarfare Ethics 41 and civilian sectors.36 The online attacks built up over the course of a few weeks and targeted Estonian government and civilian in frastructure, including banking institutions, government websites, and media outlets. 37 Members of the Estonian Parliament went four days without email, government communications networks were reduced to radio for a limited period, financial operations were severely compromised, ATMs were crippled, and their largest bank was forced to close Internet operations.38 Most people were barred from financial transactions, and the government was forced to close large parts of its network to people from outside the country, de nying Estonians abroad access their bank accounts.39 Although the perpetrators of this attack could not be directly pinpointed, it was alleged that the attack originated from various people within the ethnic Russian population of Estonia or the Russian government in response to the removal of a Soviet Soldier Statue commemorating the end of World War 11. 40 Clearly this was not an armed conflict, but this situation shows the devastation a cyberattack can affect on a country, its critical infrastructures, and the civilian population. A few years after the cyberattack on Estonia, A NATO Parliamen tary Assembly Committee Report on NATO and Cyber Defense recognized that cyberattacks pose a great threat to open economies and stated that keeping the cyber domain operating without major disruptions in service is as significant as ensuring sea and air lanes are open and safe. 41 It further acknowledged that domestic and international legal frameworks were not yet developed to address cyberattacks, and there is no precedent on punishment of such offenses to include economic sanctionsY The Commander, u.S. Strategic Command, General Kevin Chilton offered that the u.S. military response to a cyberattack would not be limited to the cyber domain, opening the possibility of a retaliatory reaction by conventional means.43 In the example of Estonia, the perpetrators could not be positively identified, so either a conventional or cyber retaliatory response is difficult to achieve. This is why most coun tries concentrate heavily on cyber defense and deterrence in their policies. Launching a cyberattack, whether in defense or retalia tion, could set a negative precedence that could affect the global economy and critical infrastructures worldwide. Another example of a cyberattack on a critical infrastructure is the 2010 virus that affected Iranian nuclear facilities, commonly known in the media as Stuxnet. Although Iran did not claim Stuxnet to be the particular virus that caused problems within their nuclear 42 VANESSA PARADINE . facilities, Iranian president Mahmoud Ahmadinejad admitted that a software virus infected its centrifuge plant and succeeded in contrib uting to the failure of a limited number of centrifuges.44 The Institute for Science and International Security preliminary assessment of the Stuxnet virus concluded that the virus was able to covertly take over the industrial control system and change the frequencies of certain types of frequency converters, which control the speed of motors.45 Each attack sequence sent commands to shut off the frequency con verters' warning and safety controls aimed at alerting operators of speed changes, ultimately leading to an increased number of equip ment failure. 46 Although these failures were not catastrophic, it set back Iran's uranium enrichment process. The portability and design of Stuxnet, however, poses a larger problem. It was designed "to spread in order to increase its chance of infecting an industrial con trol system via a removable drive used with an infected computer," therefore unintentionally infecting peripheral systems that are criti cal to plant operationY

Conclusion Although current laws, treaties, and policies are very clear in deter mining the "do's" and "don'ts" of armed conflict, they have not evolved with the technology and capabilities that we have today. The ease and speed of cyberwarfare make it a unique weapon that should be regarded with great care. The ethical dilemmas when consider ing waging an armed conflict in both the cyber and conventional domain are similar; however, many elements of a conflict would need to be redefined. In the examples mentioned in the previous sec tion, cyberattacks were not waged in response to an official armed conflict or war, and that is part of the problem. With the anonymity of the cyber domain there is little consequence when an adversary (country or individual hacker) disrupts the flow of information or embeds a virus in commercial software. The ethical dilemma and ac countability no longer rests with a single authoritative source within government but with an individual or group of individuals that con duct such attacks. This changes the playing field considerably and can affect how nations respond to further attacks. Should a whole nation be subject to retaliation due to a few individuals, or will it now be considered fair game? Since there are few solid lines between military and civilian in the cyber domain, it would be hard to discern a combatant versus noncombatant and a military network versus a Analysis of Cyberwarfare Ethics 43 civilian network. However, this may not be so different from placing an embargo on another country. The effect of economic disruption and isolation can still be achieved, but in a different manner. From both an offensive and defensive standpoint, the definition of a cyberattack is still unclear-does it include industrial espionage, or is it limited to degradation of military!civilian computer networks and infrastructures? Both harm the target nation, but the collateral damage experienced is very different. One could say that industrial espionage is purely economic and the other is detrimental to a large number of civilians and their property. Perhaps there needs to be a defined limit on what is considered collateral damage based on its scope and reach. Regardless of which school of thought is taken, both are harmful to country and ultimately affect the civilian population.

Notes 1. u.s. Department of Defense, "Quadrennial Defense Review Report," 36-37. 2. U.S. Department of Defense, "United States Cyber Command Cybersecurity-U.S. Cybercom Tri-Fold." 3. Office of the White House, "Cyber Space Policy Review," 1. 4. Joint Chiefs of Staff, "DOD Dictionary of Military and Associated Terms." 5. Cheryl Pellerin, "Lynn: Cyberspace Is the New Domain of Warfare." 6. U.S. Department of Defense, "United States Cyber Command Cybersecurity-U.S. Cybercom Tri-Fold." 7. "US-CERT Cyber Security Tip ST04-015-Understanding Denial-of Service Attacks." 8. Office of the White House, "International Strategy for Cyberspace," 3. 9. U.S. Department of Defense, "Quadrennial Defense Review Report," 36-37. 1 O. Ibid. 11. Ibid. 12. William J. Lynn, "Remarks on Cyber at the Council on Foreign Relations. " 13. Ibid. 14. U.S. Department of Defense, "Cyber Command Fact Sheet." 15. Ibid. 16. William J. Lynn, "Remarks on Cyber at the Council on Foreign Relations. " 17. Donna Miles, "Doctrine to Establish Rules of Engagement against Cyber Attacks." 44 VANESSA PARADINE

18. International Humanitarian Law Research Initiative (IHLRI), "IHL Primer #l-What Is IHU" 19. "Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of Non-International Armed Con flicts (Protocol 1),8 June 1977," Article 59. 20. "Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of Non-International Armed Con flicts (Protocol 1),8 June 1977," Article 51. 21. "Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of Non-International Armed Con flicts (Protocol I), 8 June 1977," Article 56. 22. "Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of Non-International Armed Con flicts (Protocol 1),8 June 1977," Article 57. 23. Donna Miles, "Doctrine to Establish Rules of Engagement Against Cyber Attacks." 24. William J. Lynn, "Remarks on the Department of Defense Cyber Strategy. " 25. Alexander Moseley, "J ust War Theory." 26. United Nations, "Charter of the United Nations: Preamble." 27. Ibid. 28. United Nations, "Charter of the United Nations: Preamble." 29. Ibid. 30. Ibid. 31. Ibid. 32. Alexander Moseley, "Just War Theory." 33. Ibid. 34. "Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of Non-International Armed Con flicts (Protocol 1),8 June 1977," Articles 51-57. 35. "Protecting Europe against Large-Scale Cyber-Attacks," United Kingdom Parliament, 10. 36. Ibid. 37. Ibid. 38. Ibid. 39. Ibid. 40. Ibid. 41. NATO Parliamentary Assembly, "NATO and Cyber Defence." 42. Ibid. 43. John Schogol, "Official: No Options 'Off the Table' for U.S. Re sponse to Cyber Attacks." 44. David Albright, Paul Brannan, and Christina Walrond, "Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?" Institute for Science and International Security. Analysis of Cyberwarfare Ethics 45

45. Albright, Brannan, and Walrond, "Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?" 46. Ibid. 47. Ibid.

Works Cited

Albright, David, Paul Brannan, and Christina Walrond. "Did Stuxnet Take Out 1,000 Centrifuges at the Natanz Enrichment Plant?" Institute for Sci ence and International Security. http://isis-online.orglisis-reports/detaiV di d -stuxnet- take-ou t -1 OOO-cen trifuges-a t -the-na tanz-enrichmen t -plan tl (accessed October 15,2011). International Humanitarian Law Research Initiative (IHLRI). "IHL Primer #l-What Is IHL? I IHL Research." International Humanitarian Law Research Initiative. http://ihl.ihlresearch.orglindex.cfm?fuseaction=page .viewpage&pageid=2083 (accessed November 10,2011). Joint Chiefs of Staff. "DOD Dictionary of Military and Associated Terms." DTIC Online. http://www.dtic.mil/doctrine/dod_dictionary/ (accessed October 15, 2011). Lynn, William. "Remarks on Cyber at the Council on Foreign Rela tions." U.S. Department of Defense. www.defense.gov/speeches/speech .aspx?speechid=1509 (accessed November 9, 2011). Lynn, William. "Remarks on the Department of Defense Cyber Strategy." U.S. Department of Defense. http://www.defense.gov/speeches/speech .aspx?speechid=1593 (accessed November 18,2011). Miles, Donna. "Doctrine to Establish Rules of Engagement Against Cyber Attacks." U.S. Department of Defense. http://www.defense.gov/news/ newsarticle.aspx?id=65739 (accessed October 15,2011). Moseley, Alexander. "Just War Theory." Internet Encyclopedia of Philoso phy. http://www.iep.utm.eduljustwarl (accessed November 20,2011). NATO Parliamentary Assembly. "NATO and Cyber Defence. " NATO Par liamentary Assembly. http://www.nato-pa.intidefault.Asp?SHORTCUT =1782 (accessed November 12,2011). Office of the White House. "Cyber Space Policy Review." U.S. Department of Defense. http://www.defense.gov (accessed November 8, 2011). Office of the White House. "International Strategy for Cyberspace." The White House. www.whitehouse.gov/sites/defaultlfiles/rss_viewerlinterna tionaLstrategy_foccyberspace.pdf (accessed November 25, 2011). Pellerin, Cheryl. "Lynn: Cyberspace Is the New Domain of Warfare." U.S. Department of Defense. http://www.defense.gov/news/newsarticle .aspx?id=61310 (accessed October 15,2011). "Protecting Europe against Large-Scale Cyber-Attacks." United Kingdom Parliament. www.publications.parliament.uk/pa/ld20091 Olldselectlldeu corn/68/68.pdf (accessed December 1,2011). 46 VANESSA PARADINE

"Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of Non-International Armed Conflicts (Protocol I), 8 June 1977." International Commit tee of the Red Cross (ICRC). http://www.icrc.org/ihl.nsflWebART/470 -750071?OpenDocument (accessed November 7, 2011). "Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of Non-International Armed Conflicts (Protocol I), 8 June 1977." International Commit tee of the Red Cross (ICRC). http://www.icrc.org/ihl.nsflWebART/470 -750065?OpenDocument (accessed November 7, 2011). "Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of Non-International Armed Conflicts (Protocol I), 8 June 1977." International Commit tee of the Red Cross (ICRC). http://www.icrc.org/ihl.nsflWebART/470 -750073?OpenDocument (accessed November 7, 2011). Schogol, Jeff. "Official: No Options Off the Table for u.s. Response to Cyber Attacks." Stars and Stripes, May 8, 2009. http://www.stripes .com/news/official-no-options-off-the-table-for-u-s-response-to-cyber -attacks-1.91319 (accessed October 31, 2011). United Nations. "Charter of the United Nations: Preamble." United Na tions. http://www .un. org/en! documen tsl charterlpream b Ie .sh tml (accessed December 1,2011). "US-CERT Cyber Security Tip ST04-015-Understanding Denial-of Service Attacks." US-CERT: United States Computer Emergency Readi ness Team. http://www.us-cert.gov/casltips/ST04-015.html(accessed November 15,2011). U.S. Department of Defense. "Cyber Command Fact Sheet." www .defense.gov/homelfeatures/201 01041 O_cybersec/docs/CYBERCOM %20 Fact%20Sheet%20to %20replace%200nline%20version %200n %20 OCT%2013.pdf (accessed November 29, 2011). U.S. Department of Defense. "Quadrennial Defense Review Report." Quadrennial Defense Review. www.defense.gov/qdr/images/QDR_as_ oC12Feb10_1000.pdf (accessed November 22, 2011). U.S. Department of Defense. "United States Cyber Command-Cy bersecurity-U .S. Cybercom T ri-Fold." http://www.defense.gov/home/ features/201 01041 O_cybersec/docs/USCC_Trifold-v13.ppt (accessed No vember 15,2011).

Vanessa Paradine is a reserve navy officer and senior policy analyst with QinetiQ North America. She holds a BS from Rensselaer Polytechnic Institute and is completing her MALS degree with Georgetown University.