Selected Bibliogoraphy for Cyber Security Last Updated April 13, 2010

Selected Bibliogoraphy for Cyber Security Last updated April 13, 2010

This list is a work in progress that we update regularly as new reports are found and/or published. If you have suggestions for additions, send them to [email protected] .

NGO & Other Publications

Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats James A. Lewis CSIS, 2003 http://csis.org/files/media/csis/pubs/021101_risks_of_cyberterror.pdf

Badware Websites Report, May 2008 StopBadware.org, 2008 http://www.stopbadware.org/home/badwebs

Chapter V: American Security in the Cyber Commons Contested Commons: The future of American Power in a Multipolar World CNAS, January 2010 http://www.cnas.org/files/documents/publications/CNAS%20Contested%20Commons_1.pdf

Computer Hacking: Making the Case for a National Reporting Requirement Jason Chang Berkman Center for Internet & Society, 2004 http://cyber.law.harvard.edu/publications/2004/Computer_Hacking

Cyber In-Security: Strengthening the Federal Cybersecurity Workforce Booz Allen Hamilton, July 2009 http://www.ourpublicservice.org/OPS/publications/download.php?id=135

Cyber Security and Politically, Socially and Religiously Motivated Cyber Attacks Paul Cornish Chatham House, February 2009 http://www.chathamhouse.org.uk/publications/papers/view/-/id/702/

Cyber Security and the Intelligence Community Eric Rosenbach and Aki J. Peritz Belfer Center for Science and International Affairs, July 2009 http://belfercenter.ksg.harvard.edu/publication/19158/cyber_security_and_the_intelligence_com munity.html

Cyberdeterrence and Cyberwar Martin Libicki RAND, October 2009 http://www.rand.org/pubs/monographs/2009/RAND_MG877.pdf Cybersecurity: Preventing Terrorist Attacks and Protecting Privacy in Cyberspace Gregory Nojeim Center for Democracy and Technology, November 2009 http://www.cdt.org/files/pdfs/20091117_senate_cybersec_testimony.pdf

Cyberwarfare and Cyberterrorism: The Need for a New U.S. Strategic Approach General Eugene E. Habiger, USAF (ret.) The Cyber Secure Institute, February 2010 http://cybersecureinstitute.org/docs/whitepapers/Habiger_2_1_10.pdf

Defending against cyber terrorism: preserving the legitimate economy Olivia Bosch in Alyson J.K. Bailes and Isabel Frommelt (eds.), Business and Security: Public–Private Sector Relationships in a New Security Environment, SIPRI and Oxford University Press, pp. 187–196, 2004 http://books.sipri.org/files/books/SIPRI04BaiFro/SIPRI04BaiFro16.pdf

E-Compliance: Toward a Roadmap for Effective Risk Management Urs Gasser and Daniel Haeuserman Berkman Center for Internet & Society, 2007 http://cyber.law.harvard.edu/publications/2007/ECompliance

The Generative Internet Jonathan Zittrain Berkman Center for Internet & Society, 2006 http://cyber.law.harvard.edu/publications/2006/The_Generative_Internet

Identity Management as a Cybersecurity Case Study Mary Rundle Berkman Center for Internet & Society, 2005 http://cyber.law.harvard.edu/publications/2005/Identity_Management_as_Cybersecurity_Case_S tudy

In the Crossfire: Critical Infrastructure in the Age of Cyber War McAfee and CSIS, 2010 http://resources.mcafee.com/content/NACIPReport

Innovation and Cybersecurity Regulation James A. Lewis CSIS, March 2009 http://csis.org/files/media/csis/pubs/090327_lewis_innovation_cybersecurity.pdf

Internet Law, Chapter 17: Cybercrime (preliminary version) Johnathan Zittrain Berkman Center for Internet & Society, 2004 http://cyber.law.harvard.edu/publications/2004/Internet_Law_Cybercrime

The “Korean” Cyber Attacks and Their Implications for Cyber Conflict James A. Lewis CSIS, October 2009 http://csis.org/files/publication/091023_Korean_Cyber_Attacks_and_Their_Implications_for_Cy ber_Conflict.pdf

Overview by the US-CCU of the Cyber Campaign Against Georgia in August of 2008 U.S. Cyber Consequences Unit, 2009 http://www.registan.net/wp-content/uploads/2009/08/US-CCU-Georgia-Cyber-Campaign- Overview.pdf

The public and the private at the United States Border with Cyberspace John Palfrey Mississippi Law Journal, 78.2, pp. 241-294, 2008 http://www.olemiss.edu/depts/ncjrl/pdf/ljournal09Palfrey.pdf

Securing Cyberspace for the 44th Presidency: A Report of the CSIS Commission on Cybersecurity for the 44th Presidency CSIS, 2008 http://csis.org/files/media/csis/pubs/081208_securingcyberspace_44.pdf

Shadows in the Cloud: Investigating Cyber Espionage 2.0 Joint Report: Information Warfare Monitor and Shadowserver Foundation, April 6, 2010 http://www.f-secure.com/weblog/archives/Shadows_In_The_Cloud.pdf

Stemming the International Tide of Spam: A Draft Model Law John Palfrey Berkman Center for Internet & Society, 2005 http://cyber.law.harvard.edu/publications/2005/Stemming_the_International_Tide_of_Spam

Strategic Advantage: Why America Should Care About Cybersecurity Melissa E. Hathaway Belfer Center for Science and International Affairs, October 2009 http://belfercenter.ksg.harvard.edu/files/Hathaway.Strategic%20Advantage.Why%20America%2 0Should%20Care%20About%20Cybersecurity.pdf

Targeting Information Infrastructures Ian Dudgeon in Gary Waters (ed.), Australia and Cyber-warfare, Australian National University, Chapter 4, pp. 59–84. 2008 http://epress.anu.edu.au/sdsc/cyber_warfare/pdf/whole_book.pdf

Trends in Badware 2007: What Internet Users Need To Know StopBadware.org, 2007 http://www.stopbadware.org/home/trends2007

Unrestricted Warfare Qiao Liang and Wang Xiangsui Beijing: PLA Literature and Arts Publishing House, 1999 http://cryptome.org/cuw.htm

Virtual Criminology Report 2009 – Virtually Here: The Age of Cyber Warfare McAfee and Good Harbor Consulting, LLC, 2009 http://resources.mcafee.com/content/NACriminologyReport2009

Government Publications & Policies (or on behalf of Governments)

Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Congressional Research Service, January 2008 http://www.fas.org/sgp/crs/terror/RL32114.pdf

Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation Prepared for the U.S. – China Economic and Security Review Commission, 2009 http://www.uscc.gov/researchpapers/2009/NorthropGrumman_PRC_Cyber_Paper_FINAL_Appr oved%20Report_16Oct2009.pdf

Critical Infrastructure Protection: DHS Needs to Better Address Its Cybersecurity Responsibilities Government Accountability Office, September 2008 http://www.surfacetransportationisac.org/SupDocs/Library/GAO_Reports/gao_cyber_full_report .pdf

Cyber Security Strategy Ministry of Defense, Estonia, 2008 http://www.mod.gov.ee/files/kmin/img/files/Kuberjulgeoleku_strateegia_2008-2013_ENG.pdf

Cyber Security Strategy of the United Kingdom: safety, security and resilience in cyber space United Kingdom, 2009 http://www.cabinetoffice.gov.uk/media/216620/css0906.pdf

Cybercrime: Public and Private Entities Face Challenges in Addressing Cyber Threats Government Accountability Office, July 2007 http://www.gao.gov/new.items/d07705.pdf

Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure The White House, March 2009 http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf

Information Security Doctrine of the Russian Federation: Approved by President Vladimir Putin on September 9, 2000 Russian Federation, 2000 http://www.mid.ru/ns- osndoc.nsf/1e5f0de28fe77fdcc32575d900298676/2deaa9ee15ddd24bc32575d9002c442b?Open Document

The IT Security Situation in Germany in 2009 Germany, Federal Office for Information Security, 2009 https://www.bsi.bund.de/cae/servlet/contentblob/517474/publicationFile/28002/bsi_lagebericht0 9_pdf.pdf

Japanese Information Security Status: Environment and Policies, Japan, Kei Harada, IT Security Center, Information-technology Promotion Agency http://www.ipa.go.jp/security/fy14/evaluation/tog/paper-tog0302e.pdf

National Plan for Information Infrastructure Protection Germany, Federal Ministry of the Interior, Oct. 2005 http://www.en.bmi.bund.de/cln_028/nn_148138/Internet/Content/Common/Anlagen/Nachrichten /Pressemitteilungen/2005/08/National__Plan__for__Information__Infrastructure__Protection,te mplateId=raw,property=publicationFile.pdf/National_Plan_for_Information_Infrastructure_Prote ction.pdf

National Cybersecurity Strategy: Key Improvements Are Needed to Strengthen the Nation’s Posture Government Accountability Office, March 2009 http://www.gao.gov/new.items/d09432t.pdf

The Second National Strategy on Information Security: Aiming for Strong "Individual" and “Society” in IT Age Japan, National Information Security Policy Council, 2009 http://www.nisc.go.jp/eng/pdf/national_strategy_002_eng.pdf

USCC Annual Report 2009 Chapter 2, Section 4: China’s Cyber Activities that Target the United States and the Resulting Impacts on US National Security http://www.uscc.gov/annual_report/2009/chapter2_section_4.pdf

White Paper on Defence and National Security France, 2008 http://www.livreblancdefenseetsecurite.gouv.fr/IMG/pdf/white_paper_press_kit.pdf http://www.ssi.gouv.fr/IMG/pdf/ANSSI_PRESS_RELEASE.pdf

Multinational & International Organization Publications

A More Secure World: Our Shared Responsibility. Report of the High-level Panel on Threats, Challenges and Change United Nations, 2004 http://www.un.org/secureworld/report2.pdf

An Inventory of 20 National and 6 International Critical Information Infrastructure Protection Policies Isabelle Abele-Wigert and Myriam Dunn International CIIP Handbook 2006, vol. 1, Center for Security Studies, ETH Zurich. 2006 http://www.crn.ethz.ch/publications/crn_team/detail.cfm?id=16651

APEC Cybersecurity Strategy APEC Telecommunications and Information Working Group, August 2002 http://unpan1.un.org/intradoc/groups/public/documents/APCITY/UNPAN012298.pdf

APEC Strategy to Ensure Trusted, Secure and Sustainable Online Environment Asia-Pacific Economic Cooperation, 2005 http://www.apec.org/apec/apec_groups/som_committee_on_economic/working_groups/telecom munications_and_information.MedialibDownload.v1.html?url=/etc/medialib/apec_media_library /downloads/workinggroups/telwg/pubs/2005.Par.0003.File.v1.1

Co-Chairs' Summary of the ARF Seminar on Cyber Terrorism ASEAN Regional Forum, 2004 http://www.aseansec.org/arf/12arf/Co- Chairs%27%20Report,%20Seminar%20on%20Cyber%20Terrorism,%20Jeju%20Island,%2013- 15Oct04.pdf

Convention on Cybercrime Council of Europe, 2001 http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm

Cyber Security and Politically, Socially and Religiously Motivated Cyber Attacks Paul Cornish European Parliament, Report to the Directorate-General for External Policies of the Union, 2009 http://www.chathamhouse.org.uk/files/13346_0209_eu_cybersecurity.pdf

Cybercrime: The Council of Europe Convention Congressional Research Service, September 2006 http://fpc.state.gov/documents/organization/36076.pdf

Economics of Malware: Security Decisions, Incentives and Externalities Organization for Economic Co-operation and Development, Directorate for Science, Technology, and Industry, 2008 http://www.oecd.org/dataoecd/53/17/40722462.pdf

Electronic Security: Risk Mitigation in Financial Transactions The World Bank, 2002 http://info.worldbank.org/etools/docs/library/159695/smetech/pdf/Glaessneretal_Esecurity.pdf

Governing the Internet: Freedom and Regulation in the OSCE Region Organization for Security and Co-operation in Europe, 2007 http://www.osce.org/publications/rfm/2007/07/25667_918_en.pdf

ITU Global Cybersecurity Agenda: High-Level Experts Group Global Strategic Report International Telecommunications Union, 2008 http://www.cybersecurity-gateway.org/pdf/global_strategic_report.pdf

ITU Study on the Financial Aspects of Network Security: Malware and Spam International Telecommunications Union, 2008 http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-study-financial-aspects-of-malware-and- spam.pdf

Legal and Regulatory Frameworks for the Knowledge Economy United Nations Economic and Social Council, 2009 http://www.uneca.org/codist/codist1/content/E-ECA-CODIST-1-15-EN.pdf

NATO – Cyber-Crime and Cyber-Security Panel Report International Institute for Strategic Studies and the Young Professionals in Foreign Policy, 2007 http://www.iiss.org/EasysiteWeb/getresource.axd?AssetID=2695&type=full&servicetype=Attac hment

NATO and Cyber Defence NATO Parliamentary Assembly, (2009) http://www.nato-pa.int/default.Asp?SHORTCUT=1782

Plan for Enhancing Internet Security, Stability, and Resiliency ICANN, 2009 http://icann.org/en/topics/ssr/ssr-draft-plan-16may09-en.pdf

Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience European Commission, 2009 http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2009:0149:FIN:EN:PDF

Security Issues and Recommendations for Online Social Networks European Network and Information Security Agency (ENISA), 2007 http://www.enisa.europa.eu/act/it/library/pp/soc-net/at_download/fullReport

Status of Development Information, Science and Technology in Africa United Nations Economic and Social Council, 2009 http://www.uneca.org/codist/codist1/content/E-ECA-CODIST-1-9-EN.pdf