DOCSLIB.ORG

Strategic Analysis of Cyber Weapons

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Strategic Analysis of Cyber Weapons Comparing Cyber Weapons to Traditional Weapons Through the Lens of Business Strategy Frameworks by Nicola Bates Supervisor: Professor Konstantinos Markantonakis Information Security Group Royal Holloway, University of London 1 Acknowledgements My thanks go to Professor Konstantinos Markantonakis for supervision on this project. Also to Dr Raja Naeem Akram for advice on where to focus analysis, Dr Michelle Bentley for discussion on weapon categorisation, Dr Nicholas Griffin for casting an eye over strategy framework use within this context, Dr Robert Bates for help on strategic framework analysis and Neil Ashdown for proof reading and feedback. 2 Table of Contents Page Acknowledgements…………………..……………………….…………………………….2 List of figures and tables…………………..………………………………………………..6 Executive summary…………….……………………………………………………………8 1. Introduction and background…………………………………………………………..10 1.1 Introduction……………………………………………………………………………..10 1.2 What is a cyber weapon?…………………………………………………………..11 1.3 Cyber weapons considered for analysis……………………………………….…13 1.4 Actors in cyberspace………………………….…………………………………….14 1.5 Overview of strategic frameworks.…….…………………………………………...16 1.5.1 PESTLE………………..………….…………….……………………………….16 1.5.2 Porter’s Five Forces………………………….…………………………………18 1.5.3 SWOT……………………………….……….…………………………………..19 1.6 Summary and methodology………….……….……………………………………20 2. Comparisons of cyber and conventional weapons….….…….……………………..21 2.1 Introduction….……….………………………….…………….……………………..21 2.2 The fifth domain of warfare………………………….…………….……………….21 2.3 The battlefield………….……………………………….……………………………22 2.3.1 Reach………….……………………………….………………………………...23 2.3.2 Speed………….……………………………….………………………………...23 2.3.3 Volatility………….……………………………….………………………………23 2.3.4 Target dependence………….………………………….………………………24 2.3.5 Offence dominance………….……………………………….…………………24 2.4 Under theorisation.….…………….……….………………………………………..25 2.5 Threat assessment.…………….…………………….……….…………………….25 2.6 Attribution…….…………….…………………….…………….…………………….26 2.7 Proliferation.……….…………………….…………….…………………………….27 2.8 Legal aspects….……………………………….……………………………………28 3 2.9 Cost………….…………………………….….……………………………………..29 2.10 Diversity of actors………….……………………………….……………………..31 2.11 Life expectancy of weapons…………………………….………………………..32 2.12 Intrusion and attack may look the same in cyber……….………….….……….32 2.13 Improved defences counter attacks globally………….………………………..33 2.14 Conclusion………….……………………………….……………………………..34 3. PESTLE analysis of cyber and conventional weapons…..…………………………35 3.1 Introduction to attacks….………………………………….………………………..35 3.2 Estonia – April 2007….………………………………….………………………….36 3.3 Invasion of Georgia – August 2008….…………………………………………….38 3.4 Stuxnet – June 2010….……...………………………….………………………….40 3.5 Saudi Aramco – August 2012….………………………………….……………….42 3.6 F-35 IP theft – 2013 ….………………………………….…………………….……44 3.7 Sony Pictures – November 2014….……………………………………………….46 3.8 Financial transactions, SWIFT – 2014-2015….………………………………….48 3.9 Ukraine power grids – December 2015….………………………………………..50 3.10 US election interference – November 2016….………………………...….……52 3.11 WannaCry – May 2017…………..…………………….………………………….54 3.12 Conclusion………………………………………………………………………….55 4. Porter’s Five Forces analysis…………………………………………………...……..57 4.1 Introduction……………………………………………………………………….….57 4.2 Threat of substitute products……………………………………………………….57 4.3 Threat of protection versus attack…………………………………………………58 4.4 The power of buyers and the power of suppliers………………………………...59 4.5 Rationality of the market……………………………………………………….…...61 4.6 Conclusion……………………………………………………………………………62 5. Conclusions……………………………………………………………………………...64 5.1 Conclusion……………………………………………………………………………64 5.1.1 Cyber changes the battlefield………………………………………………….64 5.1.2 Areas where cyber is beneficial……………………………………………….65 4 5.1.3 Challenges of deploying cyberattacks ……………………………………….66 5.1.4 Cyber weapons are here to stay………………………………………………68 5.2 Further work………………………………………………………………………….69 5.3 Closing thoughts…………………………………………………………………….72 Appendices………………………………………………………………………………....73 Appendix 1: PESTLE results for Estonia………………………………………….…..73 Appendix 2: PESTLE results for Georgia……………………………………………..75 Appendix 3: PESTLE results for Stuxnet……………………………………………...77 Appendix 4: PESTLE results for Saudi Aramco.……………………………………..79 Appendix 5: PESTLE results for F-35 IP theft………………………………………..82 Appendix 6: PESTLE results for Sony Pictures………………………………………83 Appendix 7: PESTLE results for SWIFT………………………………………………85 Appendix 8: PESTLE results for Ukraine power……………………………………...87 Appendix 9: PESTLE results for US election………………………..………………..89 Appendix 10: PESTLE results for WannaCry………………………………………...91 List of definitions and acronyms…………………………………………………………..94 References………………………………………………………………………………….95 5 List of tables and figures Page Table 1: Relationship between state and non-state actors in cyberattack…………..14 Table 2: Types of threat actors in the cyber domain ………………..…………………15 Table 3: PESTLE analysis descriptions for cyber weapons comparison…..………..17 Table 4: Porter’s Five Forces descriptions for competitive market analysis…………19 Table 5: Comparison of the five domains of warfare.………………………………….22 Table 6: Summary PESTLE analysis for Estonia..….……………..…………………...38 Table 7: Summary PESTLE analysis for Georgia...………………..…………………..39 Table 8: Summary PESTLE analysis for Stuxnet………………..………..…………...42 Table 9: Summary PESTLE analysis for Saudi Aramco………………..……………..44 Table 10: Summary PESTLE analysis for F-35 IP theft...………………..……………45 Table 11: Summary PESTLE analysis for Sony Pictures..………………..…………..48 Table 12: Summary PESTLE analysis for SWIFT.………………..…………………...50 Table 13: Summary PESTLE analysis for Ukraine power………………..………..….52 Table 14: Summary PESTLE analysis for US election..………………..……………..54 Table 15: Summary PESTLE analysis for WannaCry..………………..………………55 Table 16: Combined PESTLE analysis………………………………..………………...56 Table 17: Summary of Porter’s Five Forces analysis………………………….....……63 Table 18: PESTLE analysis for Estonia...………………..……………………………...75 Table 19: PESTLE analysis for Georgia...………………..……………………………..77 Table 20: PESTLE analysis for Stuxnet..………………..……………………………...79 Table 21: PESTLE analysis for Saudi Aramco..………………..………………………81 Table 22: PESTLE analysis for F-35 IP theft...………………..………………………..83 Table 23: PESTLE analysis for Sony Pictures...………………..………………………85 Table 24: PESTLE analysis for SWIFT...………………..………………………………87 Table 25: PESTLE analysis for Ukraine power………………..………..……………...89 Table 26: PESTLE analysis for election interference..………………..……………….91 Table 27: PESTLE analysis for WannaCry..………………..………………….……….27 6 List of tables and figures (continued) Page Figure 1: Types of cyberattack………………….……………….…………………….…12 Figure 2: Cyberattacks considered in this report.……….……………………………..14 Figure 3: ZERODIM payouts for mobile phones………………………………………..30 Figure 4: Cyberattacks considered mapped to section numbers………………...…..35 7 Executive Summary Advances in technology have changed the way nation states conduct offensive operations, with cyber capabilities increasingly being used. With such rapid change it has been noted that more research is now needed into how the cyber domain fits into general strategic theory [1]. Traditionally this would be performed from a military perspective by looking at the direct comparison to kinetic means in terms of physical impact. With cyber weapons possessing a different set of characteristics, deployment and impact mechanisms, this report will propose, and demonstrate, that the application of business strategy methodologies to provide a suitable and insightful framework in which to consider the differences between cyber and kinetic attacks. Such frameworks can be used to explain the power dynamics between different actors within the cyber domain. The data from this work can then be used to analyse trends within operations using cyber weapons and conventional weapons in order to support decision making. Within the current body of work the use of business strategy frameworks specifically for cyber weapons have only been found in consultancy companies, such as Inkwood Research [2], rather than in research papers or governments. Consultancy sources require payment to access and so have not been viewed. Comparing results to my research were therefore not possible. This project aims to: • increase knowledge of the cyber domain required for strategic decisions making; • compare cyber and kinetic attacks which would achieve the same effect or objective; • determine what the strategic benefits of cyber weapons are compared to traditional attacks, as well as the limitations and challenges of cyber weapons. Historical examples of cyber weapons will be analysed using business strategy frameworks. These examples will be compared with alternative ways of achieving the same effect or objective using ‘traditional’ kinetic means and operations. A market overview of the cyber weapons field will also be completed ranging from low end, downloadable tools, up to very sophisticated, targeted capabilities. This will provide a clearer understanding of how the cyber weapons market operates. Key findings from analysis have been that cyber weapons: • can combine action at a distance, with close quarters accuracy and efficiency, permitting a new class of attacks which are de-risked versus conventional means; • offer the ability to strike rapidly, without warning across an entire network, propagating faster than investigators can react; • In the main have reversible effects and are limited in
Load more

Recommended publications
  • What Every CEO Needs to Know About Cybersecurity
    What Every CEO Needs to Know About Cybersecurity Decoding the Adversary AT&T Cybersecurity Insights Volume 1 AT&T Cybersecurity Insights: Decoding the Adversary 1 Contents 03 Letter from John Donovan Senior Executive Vice President AT&T Technology and Operations 04 Executive Summary 05 Introduction 07 Outsider Threats 15 Looking Ahead: Outsider Threats 16 Best Practices: Outsiders 18 Insider Threats 24 Looking Ahead: New Potential Threats 25 Looking Ahead: Emerging Risks 26 Best Practices: Malicious Insiders 27 Best Practices: Unintentional Insiders 28 Moving Forward 32 Conclusion 33 Know the Terms For more information: Follow us on Twitter @attsecurity 35 End Notes and Sources Visit us at: Securityresourcecenter.att.com © 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T Globe logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change. 2 ATT.com/network-security Business leader, Welcome to the inaugural issue of AT&T Cybersecurity Insights, a comprehensive look at our analysis and findings from deep inside AT&T’s network operations groups, outside research firms, and network partners. This first issue, “Decoding the Adversary,” focuses on whether or not you and your board of directors are doing enough to protect against cyber threats. Security is not simply a CIO, CSO, or IT department issue. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge. It is a responsibility that must be shared amongst all employees, and CEOs and board members must proactively mitigate future challenges.
    [Show full text]
  • Cyberattack Attribution
    CYBERATTACK ATTRIBUTION A BLUEPRINT FOR PRIVATE SECTOR LEADERSHIP RESEARCH FELLOWS SENIOR RESEARCH FELLOWS Justin Collins Allison Anderson Cameron Evans Stacia Lee Chris Kim Kayley Knopf FACULTY LEAD Selma Sadzak Jessica Beyer Nicholas Steele Julia Summers Alison Wendler This report is a product of the Applied Research Program in the Henry M. Jackson School of International Studies at the University of Washington. The Applied Research Program matches teams of top-achieving Jackson School students with private and public sector organizations seeking dynamic, impactful, and internationally-minded analyses to support their strategic and operational objectives. For more information about the Applied Research Program please contact us at [email protected]. Executive Summary After three decades of development, adoption, and innovation, the Internet stands at the core of modern society. The same network that connects family and friends across the world similarly ties together all aspects of daily life, from the functioning of the global economy to the operation of governments. The digitization of daily life is the defining feature of the 21st century. While the pervasiveness of Internet-enabled technology brings significant benefits, it also brings serious threats—not only to our economy and safety, but also to our trust in computer systems.1 The Internet is central to modern life, yet major state-sponsored cyberattacks persist in disrupting Internet access and function. These attacks undermine faith in government and public trust in democratic institutions. Attribution attempts to date have been unable to deter states from building malicious code for even greater destructive capabilities. In response, we propose the formation of an attribution organization based on international private sector coordination.
    [Show full text]
  • The 2014 Sony Hack and the Role of International Law
    The 2014 Sony Hack and the Role of International Law Clare Sullivan* INTRODUCTION 2014 has been dubbed “the year of the hack” because of the number of hacks reported by the U.S. federal government and major U.S. corporations in busi- nesses ranging from retail to banking and communications. According to one report there were 1,541 incidents resulting in the breach of 1,023,108,267 records, a 78 percent increase in the number of personal data records compro- mised compared to 2013.1 However, the 2014 hack of Sony Pictures Entertain- ment Inc. (Sony) was unique in nature and in the way it was orchestrated and its effects. Based in Culver City, California, Sony is the movie making and entertain- ment unit of Sony Corporation of America,2 the U.S. arm of Japanese electron- ics company Sony Corporation.3 The hack, discovered in November 2014, did not follow the usual pattern of hackers attempting illicit activities against a business. It did not specifically target credit card and banking information, nor did the hackers appear to have the usual motive of personal financial gain. The nature of the wrong and the harm inflicted was more wide ranging and their motivation was apparently ideological. Identifying the source and nature of the wrong and harm is crucial for the allocation of legal consequences. Analysis of the wrong and the harm show that the 2014 Sony hack4 was more than a breach of privacy and a criminal act. If, as the United States maintains, the Democratic People’s Republic of Korea (herein- after North Korea) was behind the Sony hack, the incident is governed by international law.
    [Show full text]
  • Attack on Sony 2014 Sammy Lui
    Attack on Sony 2014 Sammy Lui 1 Index • Overview • Timeline • Tools • Wiper Malware • Implications • Need for physical security • Employees – Accomplices? • Dangers of Cyberterrorism • Danger to Other Companies • Damage and Repercussions • Dangers of Malware • Defense • Reparations • Aftermath • Similar Attacks • Sony Attack 2011 • Target Attack • NotPetya • Sources 2 Overview • Attack lead by the Guardians of Peace hacker group • Stole huge amounts of data from Sony’s network and leaked it online on Wikileaks • Data leaks spanned over a few weeks • Threatening Sony to not release The Interview with a terrorist attack 3 Timeline • 11/24/14 - Employees find Terabytes of data stolen from computers and threat messages • 11/26/14 - Hackers post 5 Sony movies to file sharing networks • 12/1/14 - Hackers leak emails and password protected files • 12/3/14 – Hackers leak files with plaintext credentials and internal and external account credentials • 12/5/14 – Hackers release invitation along with financial data from Sony 4 Timeline • 12/07/14 – Hackers threaten several employees to sign statement disassociating themselves with Sony • 12/08/14 - Hackers threaten Sony to not release The Interview • 12/16/14 – Hackers leaks personal emails from employees. Last day of data leaks. • 12/25/14 - Sony releases The Interview to select movie theaters and online • 12/26/14 –No further messages from the hackers 5 Tools • Targeted attack • Inside attack • Wikileaks to leak data • The hackers used a Wiper malware to infiltrate and steal data from Sony employee
    [Show full text]
  • View Final Report (PDF)
    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
    [Show full text]
  • State Cyberspace Operations Proposing a Cyber Response Framework
    Royal United Services Institute for Defence and Security Studies Occasional Paper State Cyberspace Operations Proposing a Cyber Response Framework Gary D Brown State Cyberspace Operations Proposing a Cyber Response Framework Gary D Brown RUSI Occasional Paper, September 2020 Royal United Services Institute for Defence and Security Studies ii State Cyberspace Operations 189 years of independent thinking on defence and security The Royal United Services Institute (RUSI) is the world’s oldest and the UK’s leading defence and security think tank. Its mission is to inform, influence and enhance public debate on a safer and more stable world. RUSI is a research-led institute, producing independent, practical and innovative analysis to address today’s complex challenges. Since its foundation in 1831, RUSI has relied on its members to support its activities. Together with revenue from research, publications and conferences, RUSI has sustained its political independence for 189 years. The views expressed in this publication are those of the author, and do not reflect the views of RUSI or any other institution. They are not an official policy or position of the National Defense University, the Department of Defense or the US government. Published in 2020 by the Royal United Services Institute for Defence and Security Studies. This work is licensed under a Creative Commons Attribution – Non-Commercial – No-Derivatives 4.0 International Licence. For more information, see <http://creativecommons.org/licenses/by-nc-nd/4.0/>. RUSI Occasional Paper, September 2020. ISSN 2397-0286 (Online). Royal United Services Institute for Defence and Security Studies Whitehall London SW1A 2ET United Kingdom +44 (0)20 7747 2600 www.rusi.org RUSI is a registered charity (No.
    [Show full text]
  • Are Enhanced Warfighters Weapons, Means, Or Methods of Warfare?
    Are Enhanced Warfighters Weapons, Means, or Methods of Warfare? Rain Liivoja and Luke Chircop 94 INT’L L. STUD. 161 (2018) Volume 94 2018 Published by the Stockton Center for the Study of International Law ISSN 2375-2831 Enhanced Warfighters: Weapons, Means, or Methods? Vol. 94 Are Enhanced Warfighters Weapons, Means, or Methods of Warfare? Rain Liivoja and Luke Chircop CONTENTS I. Introduction ............................................................................................. 162 II. Biological Weapons ................................................................................ 164 A. Defining Biological Agents ........................................................ 166 B. Enhanced Warfighters as Biological Agents ............................ 166 C. Enhancements as Biological Agents ......................................... 170 D. Enhancements as Chemical Weapons ...................................... 172 III. Weapons ................................................................................................... 173 A. Defining Weapons....................................................................... 173 B. Enhanced Warfighters as Weapons .......................................... 176 IV. Means of Warfare ................................................................................... 178 A. Defining Means of Warfare ....................................................... 178 B. Enhanced Warfighters as Means of Warfare ........................... 179 V. Methods of Warfare ..............................................................................
    [Show full text]
  • Episode 230: Click Here to Kill Everybody
    Episode 230: Click Here to Kill Everybody Stewart Baker: [00:00:03] Welcome to Episode 230 of The Cyberlaw Podcast brought to you by Steptoe & Johnson. We are back and full of energy. Thank you for joining us. We're lawyers talking about technology, security, privacy, and government. And if you want me to talk about hiking through the rain forest of Costa Rica and just how tough my six-year-old granddaughter is, I'm glad to do that too. But today I'm joined by our guest interviewee Bruce Schneier, an internationally renowned technologist, privacy and security guru, and the author of the new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. We'll be talking to him shortly. For the News Roundup, we have Jamil Jaffer, who's the founder of the estimable and ever-growing National Security Institute. He's also an adjunct professor at George Mason University. Welcome, Jamil. Jamil Jaffer: [00:00:57] Thanks, Stewart. Good to be here. Stewart Baker: [00:00:58] And David Kris, formerly the assistant attorney general in charge of the Justice Department's National Security Division. David, welcome. David Kris: [00:01:07] Thank, you. Good to be here. Stewart Baker: [00:01:08] And he is with his partner in their latest venture, Nate Jones, veteran of the Justice Department, the National Security Council, and Microsoft where he was an assistant general counsel. Nate, welcome. Nate Jones: [00:01:23] Thank you. Stewart Baker: [00:01:25] I'm Stewart Baker, formerly with the NSA and DHS and the host of today's program.
    [Show full text]
  • NAVIGATING the CYBERSECURITY STORM
    NAVIGATING the CYBERSECURITY STORM A Guide for Directors and Officers BY PAUL A. FERRILLO EDITED BY BILL BROWN published by sponsored by sponsored by 1 © 2015 by Paul A. Ferrillo. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any other information storage or retrieval system without prior written permission. To use the information contained in this book for a greater purpose or application, contact Paul A. Ferrillo via [email protected] 2 Is your company protected from the Internet of RiskSM? With CyberEdge® cyber insurance solutions you can enjoy the Business Opportunity of Things. 20 billion objects are connected to the Internet, what everyone is calling the Internet of Things. This hyperconnectivity opens the door both to the future of things, and to greater network vulnerabilities. CyberEdge end-to-end cyber risk management solutions are designed to protect your company from this new level of risk. So that you can turn the Internet of Things into the next big business opportunity. To learn more and download the free CyberEdge Mobile App, visit www.AIG.com/CyberEdge Insurance, products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Insurance and services may not be available in all jurisdictions, and coverage is subject to actual policy language. For additional information, please visit our website at www.AIG.com. ABOUT PAUL A. FERRILLO Paul Ferrillo is counsel in Weil’s Litigation Department, where he focuses on complex securities and business litigation, and internal investigations.
    [Show full text]
  • Hacks, Leaks and Disruptions | Russian Cyber Strategies
    CHAILLOT PAPER Nº 148 — October 2018 Hacks, leaks and disruptions Russian cyber strategies EDITED BY Nicu Popescu and Stanislav Secrieru WITH CONTRIBUTIONS FROM Siim Alatalu, Irina Borogan, Elena Chernenko, Sven Herpig, Oscar Jonsson, Xymena Kurowska, Jarno Limnell, Patryk Pawlak, Piret Pernik, Thomas Reinhold, Anatoly Reshetnikov, Andrei Soldatov and Jean-Baptiste Jeangène Vilmer Chaillot Papers HACKS, LEAKS AND DISRUPTIONS RUSSIAN CYBER STRATEGIES Edited by Nicu Popescu and Stanislav Secrieru CHAILLOT PAPERS October 2018 148 Disclaimer The views expressed in this Chaillot Paper are solely those of the authors and do not necessarily reflect the views of the Institute or of the European Union. European Union Institute for Security Studies Paris Director: Gustav Lindstrom © EU Institute for Security Studies, 2018. Reproduction is authorised, provided prior permission is sought from the Institute and the source is acknowledged, save where otherwise stated. Contents Executive summary 5 Introduction: Russia’s cyber prowess – where, how and what for? 9 Nicu Popescu and Stanislav Secrieru Russia’s cyber posture Russia’s approach to cyber: the best defence is a good offence 15 1 Andrei Soldatov and Irina Borogan Russia’s trolling complex at home and abroad 25 2 Xymena Kurowska and Anatoly Reshetnikov Spotting the bear: credible attribution and Russian 3 operations in cyberspace 33 Sven Herpig and Thomas Reinhold Russia’s cyber diplomacy 43 4 Elena Chernenko Case studies of Russian cyberattacks The early days of cyberattacks: 5 the cases of Estonia,
    [Show full text]
  • The Ethics of Cyberwarfare Randall R
    This article was downloaded by: [University of Pennsylvania] On: 28 February 2013, At: 08:22 Publisher: Routledge Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK Journal of Military Ethics Publication details, including instructions for authors and subscription information: http://www.tandfonline.com/loi/smil20 The Ethics of Cyberwarfare Randall R. Dipert a a SUNY (State University of New York) at Buffalo, NY, USA Version of record first published: 16 Dec 2010. To cite this article: Randall R. Dipert (2010): The Ethics of Cyberwarfare, Journal of Military Ethics, 9:4, 384-410 To link to this article: http://dx.doi.org/10.1080/15027570.2010.536404 PLEASE SCROLL DOWN FOR ARTICLE Full terms and conditions of use: http://www.tandfonline.com/page/terms-and- conditions This article may be used for research, teaching, and private study purposes. Any substantial or systematic reproduction, redistribution, reselling, loan, sub-licensing, systematic supply, or distribution in any form to anyone is expressly forbidden. The publisher does not give any warranty express or implied or make any representation that the contents will be complete or accurate or up to date. The accuracy of any instructions, formulae, and drug doses should be independently verified with primary sources. The publisher shall not be liable for any loss, actions, claims, proceedings, demand, or costs or damages whatsoever or howsoever caused arising directly or indirectly in connection with or arising out of the use of this material. Journal of Military Ethics, Vol. 9, No. 4, 384Á410, 2010 The Ethics of Cyberwarfare RANDALL R.
    [Show full text]
  • Ethical Hacking
    Ethical Hacking Alana Maurushat University of Ottawa Press ETHICAL HACKING ETHICAL HACKING Alana Maurushat University of Ottawa Press 2019 The University of Ottawa Press (UOP) is proud to be the oldest of the francophone university presses in Canada and the only bilingual university publisher in North America. Since 1936, UOP has been “enriching intellectual and cultural discourse” by producing peer-reviewed and award-winning books in the humanities and social sciences, in French or in English. Library and Archives Canada Cataloguing in Publication Title: Ethical hacking / Alana Maurushat. Names: Maurushat, Alana, author. Description: Includes bibliographical references. Identifiers: Canadiana (print) 20190087447 | Canadiana (ebook) 2019008748X | ISBN 9780776627915 (softcover) | ISBN 9780776627922 (PDF) | ISBN 9780776627939 (EPUB) | ISBN 9780776627946 (Kindle) Subjects: LCSH: Hacking—Moral and ethical aspects—Case studies. | LCGFT: Case studies. Classification: LCC HV6773 .M38 2019 | DDC 364.16/8—dc23 Legal Deposit: First Quarter 2019 Library and Archives Canada © Alana Maurushat, 2019, under Creative Commons License Attribution— NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) https://creativecommons.org/licenses/by-nc-sa/4.0/ Printed and bound in Canada by Gauvin Press Copy editing Robbie McCaw Proofreading Robert Ferguson Typesetting CS Cover design Édiscript enr. and Elizabeth Schwaiger Cover image Fragmented Memory by Phillip David Stearns, n.d., Personal Data, Software, Jacquard Woven Cotton. Image © Phillip David Stearns, reproduced with kind permission from the artist. The University of Ottawa Press gratefully acknowledges the support extended to its publishing list by Canadian Heritage through the Canada Book Fund, by the Canada Council for the Arts, by the Ontario Arts Council, by the Federation for the Humanities and Social Sciences through the Awards to Scholarly Publications Program, and by the University of Ottawa.
    [Show full text]