cyber warfare: its increasing role in modern conflicts

8/7/2019 CYBER WARFARE: ITS INCREASING ROLE IN MODERN CONFLICTS

1/33

Cyber Warfare: its increasing role in modern

conflicts

Ana Sulakvelidze

Analyst in Intelligence and Military issues

At Information Security Studies and Analysis Center

INFORMATION SECURITY

STUDIES AND ANALYSIS CENTER


2/33

INFORMATION SECURITY STUDIES AND ANALYSIS CENTER E-LIBRARY

2

*******

Current document represents educational material and it is based on non-classified sources

and on personal observations. In case of any other kind use of this publication, author is not

responsible. The opinions and recommendations represented by this document should not be

considered as official position of INFORMATION SECUIRTY STUDIES AND ANALYSIS

CENTER, which by itself represents this document.

Ana Sulakvelidze

All Rights Reserved.

It is strictly forbidden copying and redistribution of this document, without authors

agreement.


3/33


3

* * *

The research concerns the main trends of cyber warfare, and the challenges related to

cybersecurity. The cyber standards of the United States and several international legal

frameworks along with the practical measures are discussed in the paper. Moreover, the most

massive and popular cases of cyber warfare are mentioned in a chronological way. Country

specifics, particularly, divergent approaches to cybersecurity, are demonstrated through the

examples of the United States, Russia, and Georgia. Significance of cyber tools in intelligence

activities, and the increasing role of cyber terrorism are also discussed in the research. Finally,

the relevant conclusion is outlined which includes the main recommendations from the author.


4/33


4

Table of Contents

Introduction . 3

I Local Standards

United States 4

II International Standards

International Organizations ... 6

United Nations .. 7

International Telecommunication Union (ITU) .. 8

North Atlantic Treaty Organization (NATO) .. 9

Council of Europe C3

.. 10

III Country Specifics

Russia .. 11

United States 12

Georgia 13

IV Cases of Cyber War .. 14

V Cyber Tools in Intelligence and Terrorism

Intelligence . 17

Cyber terrorism ... 18

VI Technical Stuff

Models of Cyber defense . 20

Conclusion .. 22

Appendix

References 24


5/33


5

Introduction

The modern world has become entirely technological. Scientific progress which mirrored in

technological novelties created a whole new domain cyberspace. Cyberspace, from the day

of its creation, plays an unimaginably colossal role in humans lives. Even though individualsare not physically present in the cyber domain, their basic activities and needs, are

significantly performed through it. Communication, logistics, financial and cultural activities,

education, social issues, international connectivity and cooperation, security, and several other

fields of human endeavor are now tightly connected to cyberspace, and strongly depend on its

proper functioning. If cyberspace is disrupted in some way, each of these above-mentioned

and several other areas of human life may easily appear at a serious stake.

Cyberspace has several definitions, and they are divergent. There is no one common definition

for cyberspace, however the majority of individuals clearly understand what it is. The word

"cyberspace" is credited to William Gibson, who used it in his book, Neuromancer, written in1984. Gibson defines cyberspace as "a consensual hallucination experienced daily by billions

of legitimate operators, in every nation, by children being taught mathematical concepts... A

graphical representation of data abstracted from the banks of every computer in the human

system. Unthinkable complexity. Lines of light ranged in the non-space of the mind, clusters

and constellations of data". 1

It is interesting to examine why the cyberspace has intruded into humans lives so profoundly.

The answer is not difficult: the process of computerization and intense data migration made

individuals and the whole world entirely dependent on it. Even though computers entered our

lives not long ago, they became indivisible parts of our daily lives. Not only individuals, butalso states and their governments significantly rely on the cyber domain. The process of

computerization appeared so sharp and instant, that the world was engaged in a continual race

with technological progress. While the progress was moving forward, and the world was

becoming entirely digital, individuals envisioned total insecurity in the newly created digital

world. We have a deluge of information and possibility to share it, but we are unaware how to

protect our information from damage. This question became the main problem and challenge

for the whole world.

Furthermore, it is essential not to ignore the role of politics while talking about the cyberspace

insecurity and the related problems. Cyber technologies became perfect tools for political use.In many ways cyberspace was effectively exploited in order to inspire political escalations;

several of these cases can easily be described as cyberwarfare. 2 Furthermore, modern

1 The Tech Terms computer dictionary. http://www.techterms.com/definition/cyberspace 2 The cases will be discussed later in the paper


6/33


6

conflicts are frequently accompanied by the cases of cyberwarfare. Cyber attacks are widely

used by terrorists as well, what makes them more and more dangerous for societies.

The International Community is considerably concerned with cyber challenges, as they

appreciate the potential risks that lurk in cyberspace and cyber related problems. While the

international community is trying to handle current cyber threats and challenges, newproblems and dangers emerge continuously. This fact stems from the reality that, people have

understood how powerful cyber tools are , and how effectively they could be used in order

to pursue ones aims. This is what can be called an increasing role in modern conflicts of

interests.

Local Standards

The United States

Technological development always required from government officials to harmonize state

policies with emerging technological improvements. In the 20th century the American Federal

government authorized several laws and organizations in order to adapt the national security

needs to the emerging technologies. In the 21 st century the need of adaptation is even greater

and more demanding, because the massive emergence of internet as a communication tool

requires from Federal officials an increased attention to the cyberspace security.

Throughout the past two decades the US Federal government have initiated a number of

important projects aimed at securing the US cyberspace. In 2003 The National Strategy to

Secure Cyberspacewas outlined in order to minimize US critical infrastructure vulnerability

to cyber attacks. Furthermore, United States Computer Emergency Readiness Team (US-

CERT) was created at the Department of Homeland Security, which became responsible for

implementing the National Strategy to Secure Cyberspace. Additionally, a number of

Einstein Programs, an automated process for gathering and sharing security information

through DHS, was also created by US-CERT.

In January 2008, president George W. Bush launched the Comprehensive National

Cybersecurity Initiative (CNCI), which became the key document in the process of cyberspace

standardization for that time. CNCI consists of 12 sub-initiatives that correspond to the major

needs for securing the US cyberspace.3

3 White House. Comprehensive National Cybersecurity Initiative, January 2008.http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative


7/33


8/33


8

businesses to share information and experiences in cyber crime detection and remediation

techniques with other businesses and the Federal government in order to ensure cyberspace

safety. 7

The Cybersecurity Policy Review strongly recommends the United States to engage into

international cooperation on cyber-related issues. Divergent national law standards and

practices hinder the process of creating a secure global digital environment. Consequently,

tight partnership with the international community is urgently needed. Several international

organizations are concerned with the cyber issues, for instance: United Nations, the Group of

Eight, NATO, the Council of Europe, the Asia-Pacific Economic Cooperation forum, the

Organization of American States, the Organization for Economic Cooperation and

Development, the International Telecommunication Union (ITU), the International

Organization for Standardization (ISO) and several others. Even though the efforts of these

organizations are considerable, new multi-lateral and bilateral agreements, and new ways of

cooperation between states and their governments should be established. Moreover, theUnited States should support other countries in the process of cyberspace legal standardization

on the national levels, and should buttress them to improve their capacity to fight

cybercrime. 8 Increased international cooperation, information and experience interchange will

certainly mirror in an increased ability to track cybercrime and to manage global challenges in

cyberspace.

Several important steps should be undertaken in order to elaborate the framework on incident

response. According to the Policy Review, information sharing framework should be outlined

in cooperation by the Federal, State, Local, and Tribal governments. Moreover, data owners,

network operators, and experts on privacy and civil liberties should be engaged in the process.

The recommended steps include creation of a non-profit, non-governmental organization to

serve as a trusted third-party host, where government and private sector can share information

data. In addition, the Review suggests that voluntary information sharing between the

Federal government and individual firms, or groups of firms is highly recommended in order

to achieve a stronger structure of incident response.9 Incident report from private sector is

priceless, because private sector is the most important stakeholder of cyber space and cyber

market. Civil liberties and privacy experts should be engaged in the discussion how to

increase the information interchange in order to ensure that civil privacy is protected; on the

other hand, it is vital to protect sensitive data in the process of intense data migration. What is

more, research community should be allowed to gain access to the information, which may

potentially be useful for future research in the field.

7 Ibid8 White House. Cyberspace Policy Review. 2009http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf 9 Ibid


9/33


9

For the final analysis, the Cybersecurity Policy Review with the Comprehensive National

Cybersecurity Initiative form the major guidelines for future steps and actions that should be

undertaken in the United States in order to create more resilient and secure cyberspace.

International Standards

International Organizations

As time passes, the world becomes more and more interdependent. Globalization in all realms

of human endeavor creates a global space for different countries and for their representatives.

As a result, we are captured by an irrefutable fact that, without international cooperation no

country, and no society can exist. This idea is especially flagrant when it comes to cyberspace.

Internet is a global tool, and consequently, its security also appears to be a global matter. Evenif a country has adopted an outstanding cybersecurity policy inside its borders, without an

intense international cooperation the cyberspace of this particular country would hardly be

protected. International standards on cybersecurity issues are vital in the global process of

cyberspace normalization.

Nowadays several international legal frameworks have already been adopted. International

cooperation in this process was active and comprehensive, however, the international level of

consensus have not yet been achieved. Several reasons could be suggested for the lack of

consensus, but I strongly believe that two reasons are at the top of this list: 1) cybersecurity is

quite a new field for lawmakers, no established experience and precedents are available tothem; and 2) nations are sensitive in terms of international cybersecurity policy, because they

appreciate a number of potential risks and threats that may the international cybersecurity

policy encompass in several ways. Unfamiliar topic and deterrence from open cooperation

became the major hindrances for achieving an international consensus on cyber-related issues

among states.

Even though the consensus has not yet been achieved, several international and multi-lateral

agreements have been established.

United Nations

To start with the International resolutions and policies, the General Assembly of the United

Nations has adopted a number of resolutions on information security. In December 2000, the

General Assembly adopted the resolution on Combating the Criminal Misuse of Information

Technologies. The document stressed the following topics: importance of cooperation among

concerned states; practice and experience sharing; workforce trainings; quick and effective

incident response; increased public awareness on the cases of cyber crime and its possible


10/33


10

outcomes; new design of the information technologies in order to facilitate crime detection

and prevention; civil liberties and privacy protection. 10 The resolution called all participant

states to take into account the above-mentioned recommendations in their efforts to combat

the criminal misuse of information technologies. Later on, in January 2003, the General

Assembly has adopted a further resolution on cyberspace security. Several elements for

creating a global culture of cybersecurity are emphasized in the document, in particular:

shared responsibility among involved parties; consistence of the cybersecurity policies with

the basic values of democracy; stronger emphasis on cyber education; risk assessment and

reassessment by the cybersecurity experts; and cybersecurity policy design and management.11

United Nations has adopted a number of other resolutions on cyberspace security and cyber

culture that create a good deal of basis for the international cooperation on the cyber-related

issues.

UN is not the sole organization which is concerned with the cyber matters. The International

Telecommunication Union (ITU) has published the Global Security Agenda (GCA)12

, which

addresses all major aspects of the cybersecurity policy.

International Telecommunication Union

GCA is based on international cooperation and involves all participant groups of cyberspace

in the process of building confident and safe cyber world. The document consists of five

major pillars/ work areas: 1) Legal Measures; 2) Technical and Procedural Measures; 3)Organizational Structures; 4) Capacity Building; 5) International Cooperation.

To start with the Legal Measures, the document emphasizes importance of creation the

national legislatures that will respond to the increasing number of cyber threats. GCA Legal

Measures consist of two major recourses: ITU Toolkit for Cybercrime, and Understanding

Cybercrime: Guide for Developing Countries.

The next chapter is about the Technical and Procedural Measures. These measures mainly

address the process of cyberspace standardization. ITUs Standardization Sector holds a vital

role in this process, because it brings together the private sector and governments in order to

ensure complete cooperation between the parties. A number of particular tools and bodies are

10 United Nations. 55/63. Combating the criminal misuse of Information Technologies. http://daccess-dds-ny.un.org/doc/UNDOC/GEN/N00/563/17/PDF/N0056317.pdf?OpenElement 11 United Nations. 57/239. Creation of a global culture of cybersecurityhttp://daccess-dds-ny.un.org/doc/UNDOC/GEN/N02/555/22/PDF/N0255522.pdf?OpenElement 12 ITU. Global Cybersecurity Agenda (GCA). http://www.itu.int/osg/csd/cybersecurity/gca/new-gca-brochure.pdf


11/33


11

involved in the process of standardization: the Study Group 17, which deals with the identity

management processes; ICT (Information and Communication Technologies) Security

Standards Roadmap promoting collaboration between international standards bodies; ITU

Radiocommunication Sector, and several others.13

The Chapter on Organizational Structure stresses importance of collaboration at every level:

governments, private sector, academia, regional and international organizations. A broad

collaboration is a key instrument for raised awareness about potential cyber threats. An

effective incident management is also emphasized in the chapter as a vital factor for handling

cybercrime. In order to build an effective incident management capacity, effective

coordination of funding and human recourses is indubitably needed.

The process of capacity building is always tightly correlated with the several problems and

challenges. Similarly, in cybersecurity the most pressing challenge is to build capacity in the

involved parties, especially in end-users. ITU has designed several activities in order to boostthe process of capacity building. The ITU National Cybersecurity/CIIP Self- Assessment Tool

is a practical initiative which is designed to assist ITU member states to create national legal

frameworks on cybersecurity, and to improve cyber protection infrastructures. Moreover, ITU

has designed a special Toolkit to promote a Culture of Cybersecurity, which provides

guidelines for SME (small and medium enterprises), consumers, and end-users in order to

improve their cyber awareness. ITU has also addressed the Botnet problem, especially

frequent in developing countries. The International Multilateral Partnership Against Cyber

Threats (IMPACT)14 Research Division, in collaboration with ITU, refers to academia

attention and encourages academic research in both, the newly emerged and specialized areas.

15

ITU Global Cybersecurity Initiative gives a considerable emphasis to the international

cooperation in cybersecurity issues. ITU Secretary General established a High Level Expert

Group (HLEG) which comprised high-level experts from governments, industry, relevant

regional/international organizations, research institutes, academic institutions and individual

experts from every part of the world. The main goal of HLEG was to analyze and refine the

developments of GCA.

ITU, in collaboration with IMPACT and several other international organizations, has

established the Centre for Policy and International Cooperation, which is responsible for

13 ITU. GCA. http://www.itu.int/osg/csd/cybersecurity/gca/new-gca-brochure.pdf 14International Multilateral Partnership Against Cyber Threats (IMPACT), international public-private initiative dedicated toenhancing the global communitys capacity to prevent, defend and respond to cyber threats. In May 2008, the ITU wasinvitedto become a member of the IMPACT Advisory Board.15 ITU. GCA. Building Capacity. http://www.itu.int/osg/csd/cybersecurity/gca/new-gca-brochure.pdf


12/33


12

formulation new cybersecurity policies, and should provide ITU member states basic

necessary guidelines for the harmonization of national laws around a variety of cyber-related

issues. 16

ITU is the author of Child Online Protection (COP) initiative. COP initiative was established

as an international collaborative network, which was designed to provide children and young

people online protection policy guidelines. 17

NATO

The North Atlantic Treaty Organization (NATO) gave a special emphasis to cybersecurity

challenges in its latest strategic concept NATO 2020. Cyber crime and cyber attacks are

indentified in the document as a new type of threat, called Unconventional Danger. Indeed,

the new concept calls for all state members to identify cyber threat as a growing threat to the

security of the Alliance and its members.18

The new security strategy provides particularrecommendations for the NATO member states on how to manage cyber-related threats and

challenges. But before turning to these recommendations, I would like to talk about NATOs

Cybersecurity Policy which was launched in 2007. NATO Cyber Defense Policy is

implemented by NATOs military, political, technical authorities, and by individual Allies.

The policy established a NATO Cyber Defense Management Authority (CDMA), which

became a sole responsible body for coordinating cyber issues throughout the Alliance.

Moreover, NATO established the Cooperative Cyber Defense Centre of Excellence

(CCDCOE) in order to boost research and trainings in the field. International cooperation is

highly stressed in the policy as a major tool for success in tackling cyber threats. The

document also outlined three phases of practical activity that were designed to mitigate NATO

cyber vulnerability. 19

Now, to turn to the NATO 2020 recommendations on cybersecurity issues. The New Concept

recommends the member states to undertake considerable efforts in monitoring NATOs

critical network in order to assess and remedy existing problems and vulnerabilities; the

Allies should also work on expanding the early warning capabilities in the form of NATO-

wide network. Moreover, Cooperative Cyber Defense Centre of Excellence (CCDCOE)

should increase its work on assisting member states and individual Allies, through training, to

16 ITU. GCA. International Cooperation. http://www.itu.int/osg/csd/cybersecurity/gca/new-gca-brochure.pdf 17 Ibid18 NATO 2020: Assured Security; Dynamic Engagement.http://www.nato.int/cps/en/natolive/official_texts_63654.htm?selectedLocale=en 19NATOs cyber defense policy and activities. http://www.nato.int/cps/en/natolive/topics_49193.htm ?


13/33


13

create strong and effective cyber defense programs. The Alliance should be prepared to send

an expert group to any member state which is at an immediate cyber stake. 20

Several other international and regional organizations, for instance G8 High Tech Group with

its Recommendations and Best Practices, Organization for Economic Co-operation and

Development (OECD) 21 with a number of reports and publications, INTERPOL, and several

others have contributed considerable efforts to the process of cyberspace standardization

which is currently underway. All these efforts, if brought together, represent a serious force

for managing cyber threats on international and national levels.

Council of Europe C3

For further analysis, I would pay my attention to the Council of Europes Convention on

Cybercrime (C3). It is worthy to mention that, C3 is the only binding international treaty on

the subject to have been adopted to date, and which enjoys a broad international support. Thetreaty was opened for signature in 2001, and entered into force in 2004. The treaty is open for

the member states and for non-member states as well. The total number of signatory states is

46, signatures not followed by ratification - 16, and signatures followed by ratification and

entry into force 30. 22 Conventions content consists of several directions of cyber

regulations on the national and international levels. First and foremost, general terms and

definitions are provided in the document. The steps and legal measures to secure cyberspace

that should be undertaken by the signatory parties on the national levels are also outlined.

Offences against confidentiality and integrity, content-related and computer offences,

additionally, offences related to the infringements of copyright and related rights are specified

separately as different articles, and sanctions for the prevention of these offences are also

depicted. Furthermore, the document outlines procedural measures for C3 implementation on

national levels, and places responsibilities on signatories to establish jurisdiction over any

offence considered in the Convention. The paper delineates the standards for the international

cooperation, extradition, and mutual assistance among signatory states with the specific

provisions. In addition, the document emphasizes establishment of 24/7 network point in order

to ensure immediate data and assistance interchange among parties.

C3

, as I already have mentioned, is the only binding international treaty to date which enjoys

an estimable support. Nevertheless, this document is far from sufficient to boost the process of

cyberspace standardization. Why? Several reasons could be provided to answer the question,

but the most important is that, there are divergent viewpoints and backgrounds among

20NATO 2020: Assured Security; Dynamic Engagement.

http://www.nato.int/cps/en/natolive/official_texts_63654.htm?selectedLocale=en 21 Organization for Economic Co-operation and Development (OECD).http://www.oecd.org/home/0,2987,en_2649_201185_1_1_1_1_1,00.html 22 Council of Europe. Convention on Cybercrime. 2001http://conventions.coe.int/Treaty/Commun/ChercheSig.asp?NT=185&CM=8&DF=&CL=ENG


14/33


14

involved parties about cyberspace and its legal aspects, that explain why no consensus has

yet been achieved. The difficulty of achieving consensus stems from country specifics. Each

state, especially the pioneers of cyber technologies, has its approach to the issue, what makes

difficult, and even impossible to date, to create a resilient and secure global cyberspace. In

order to make the situation more lucid, I will concentrate on three particular examples of

developed and developing countries: Russia, the United States, and Georgia.

Country Specifics

Russia

Russias approach to cybersecurity issues is outlined in the following documents: the

Information Security Doctrine of 2000, and the Strategy for Development of InformationSociety in Russia of 2008. According to the documents, it is clearly noticeable that Russia

approaches cybersecurity as a political and psychological matter; moreover, Russia tends to

use the terms information security and information technologies rather than cybersecurity,

and cyber technologies. Russia officials explain that, cybersecurity and cyberspace are

primarily technological terms, while information security and information space have more

political and philosophical contexts. 23 Even though Russias Information Security Doctrine is

mainly designed as a political tool focused on Russian society, it is also intended to influence

international audience. 24 Russia is considerably concerned with the creation of international

cyber regimes. Furthermore, Russia strongly supports the idea of international convention

which will ban development or use of military and civilian information as weapons in orderto prevent digital arm race.

25On the national level, Russia appreciates cybersecurity as a

stability factor for the state. Russia maintains the position that, a government should retain the

right to constrain or ban the information transmitted from outside the country borders should it

be regarded disruptive politically, socially, and culturally.26

It is interesting that this approach

of controlling the flow of information is designed not only for securing state interests, but also

for the stability of the existing regime. 27 What is more, Russia approaches the information

warfare as an everlasting phenomenon. Russia believes that information warfare is conducted

23

Russia, The United States, and Cyber Diplomacy. EastWest Institute. Franz-Stefan Gady, Greg Austin. 2010http://issuu.com/ewipublications/docs/usrussiacyber?mode=embed&layout=http%3A%2F%2Fskin.issuu.com%2Fv%2Fcolor%2Flayout.xml&backgroundColor=FFFFFF&showFlipBtn=true 24 FOI. Emerging Cyber Threats and Russian Views on Information Warfare and Information Operations.http://www2.foi.se/rapp/foir2970.pdf2525 Russia, The United States, and Cyber Diplomacy. EastWest Institute. Franz-Stefan Gady, Greg Austin. 2010http://issuu.com/ewipublications/docs/usrussiacyber?mode=embed&layout=http%3A%2F%2Fskin.issuu.com%2Fv%2Fcolor%2Flayout.xml&backgroundColor=FFFFFF&showFlipBtn=true 26 Ibid.27 FOI. Emerging Cyber Threats and Russian Views on Information Warfare and Information Operations. 2010http://www2.foi.se/rapp/foir2970.pdf


15/33


15

in peacetime, and in wartime as well. In peacetime, according to Russias approach,

information warfare is mainly conducted by the means of intelligence, politics and

psychological actors. Diplomatic, economic, and political measures (shaping public opinion)

are widely used in the information warfare in peacetime. When it comes to IW (Internet

World), computer viruses, other malware, and information gathering on adversarys cyber

technologies play a key role in cyber warfare in peacetime. Information warfare is conducted

by almost the same means in wartime as in peacetime, but some aspects are added or

accelerated. Particularly, the information warfare strategy in wartime includes special

operations to disrupt enemys command, control, and cyber system, particularly: information

blockade using DDoS, spamming, and electronic saturation tactics, and several others. 28

Finally, Russias main trends in cybersecurity consist of the emphasis on creating an

international cyber regime, maintaining by a government the right to control the information

flow from abroad, assessing cyber warfare as a permanent process conducted in peacetime and

also in wartime, and considering cyber warfare as a psychological and political tool. Russias

assessments and approaches to cyber warfare considerably differ from those of the United

States in several ways.

The United States

The United States approach to cyber warfare and cybersecurity is rather technological.

According to the US Defense officials, cyberspace is one of the domains which should be

protected from inside or outside attacks; no specifically political, psychological, or

philosophical backgrounds are attributed to cyber warfare. US doesnt favor the Russianapproach of international cyber regime, because of the difficulty to identify the origin of a

cyber attack, was it from government or individual hacker/hacker group. Nevertheless, the

United States buttress the international cooperation on cyber-related issues. Moreover,

according to the US policy, the main goal of cybersecurity can best be achieved by the

international cooperation. But what makes the US approach considerably different from the

Russian one is that, US believes cybersecurity is a particularly national issue, which should be

addressed by a state-centric approach. 29 As I have described earlier, the US gives more

emphasis to increased cyber education and public awareness, and to the establishment of the

national systems for ensuring countrys cybersecurity. Furthermore, US officials see as a

direct challenge to democratic principles to allow and justify governments control on freeflow of information. In addition, the United States has a more specific understanding of cyber

28 Ibid29Russia, The United States, and Cyber Diplomacy. EastWest Institute. Franz-Stefan Gady, Greg Austin.

http://issuu.com/ewipublications/docs/usrussiacyber?mode=embed&layout=http%3A%2F%2Fskin.issuu.com%2Fv%2Fcolor%2Flayout.xml&backgroundColor=FFFFFF&showFlipBtn=true


16/33


16

warfare which is strictly related to crisis or conflict, while in Russia cyber warfare is

emphasized in both, peace and wartimes.

In sum, it is clear that the United States is less extreme in the assessment of cyber warfare

phenomenon, and tends to more moderate ways of handling cyber threats.

Georgia

Georgia is a new-comer in the digital world. Georgia is a post-Soviet country; but while being

a post-Soviet country, Georgia strikingly seeks to become a part of the developed world. The

process of Georgias democratization is underway, and each field of the countrys societal life

is currently under reconstruction. Similarly, Georgias information infrastructure demonstrates

an urgent need to be transformed. This immediate need was clearly demonstrated in August2008 during the Russo-Georgian War. Georgian cyberspace was repeatedly attacked and,

consequently, disrupted for several days. Georgia appeared in an information vacuum during

the war. This fact demonstrated that Georgias cyberspace is easily penetrable and damageable

for foreign forces. Moreover, at the time of war, Georgia was dependent on Russia and Turkey

connections to the global internet30, which logically made its cyberspace more vulnerable.

The process of cyberspace standardization in Georgia was started several years before the

August War. In December 2004, the ICT (Information and Communication Technologies)

Development Framework for Georgia was elaborated by the UN Development Program, and

NCT Team, in cooperation with the Georgian Government, Georgian NationalCommunications Commission, and the World Bank.

The document represents an action plan for Georgian government in the process of creation a

stable and safe cyber infrastructure in the country. First and foremost, the document

recommends to identify the main priorities and capacities of information infrastructure

building, because Georgia is a developing country and existing socio-economic situation

should be surely considered while adopting a particular policy. Moreover, the document

mentions several problems that should be solved before the process of information

infrastructure building is started, particularly: the problems related to energetic (an energy

supply was considerably unstable in Georgia for that time), technical problems,administrative problems (lack of field experts in a state sector), and several others. The

document provides the key recommendations primarily for the government entities, because

the main responsibility of encouraging the cyberspace standardization process in Georgia

was placed on the government. These recommendations are as follows: to create a work

30 New York Times, August 2008. John Markoff. Georgia takes a beating in the cyberwar with Russia.http://bits.blogs.nytimes.com/2008/08/11/georgia-takes-a-beating-in-the-cyberwar-with-russia/


17/33


17

group which will be responsible for outlining the countrys cyber policy, and will coordinate

all cyber-related governmental activities according to the adopted policy; information

availability, confidentiality, and unity should be supported by the relevant state entities in

order to ensure secure and fair data migration process; private sector, as a main economic

force in a country, should entirely be engaged in the process of cyberspace standardization;

cyber laws should be elaborated, adopted, and harmonized with the international cyber trends

by the legislative officials; intelligence agencies and critical state entities should be provided

with the special and entirely secure communication tools (servers, hardware, and software) in

order to ensure critical data protection, and secure data flaw. A number of other specific

recommendations are also included in the document, however, the aforementioned ones

represent the most crucial provisions that are delineated in the paper.

Even though these recommendations were introduced several years ago, their implementation

was considerably delayed. Even today, few of these requirements are brought to fruition,

particularly: several legal frameworks were outlined, and Georgia signed the C3 European

Councils Convention on Cyber Crime (only signed, no ratification). The other

recommendations still remain as recommendations.

The particular reasons why Georgian cyberspace remains insecure, and no relevant actions

and steps are undertaken in order to improve the situation, are difficult to identify; absence of

a political will, lack of funds and human resources, socio-economic problems, territorial

conflicts, and several others may represent the potential reasons, or a group of reasons that

hinder the process of Georgian cyberspace standardization. Consequently, the information

infrastructure of Georgia remains underdeveloped, and considerably vulnerable to the

potential attacks, as it was in August 2008.

Cases of Cyber War

Cyber warfare, regardless its short history, counts an estimable number of precedents. In order

to create a better image about the chronology and essence of recent cases of cyberwarfare, I

would like to cite some of them that, in my opinion, were the most popular and massive.

To start with, in February 2006 more than 1000 Danish websites were attacked by the Islamic

hacker groups and individuals who were protesting controversial cartoons mocking Prophet

Mohammed. The attacks mainly defaced the homepages of Danish websites. More than 900

Danish and 1600 western websites were defaced during the protest. Many protester messages

condemned the publication of the cartoons in Danish newspaper Jyllands-Posten on 30


18/33


18

September 2005. Some messages called for boycotts of Danish goods. 31 The administrator of

the Hack attack monitoring group Zone-H Mr. Preatoni said in the interview with BBC, that

the hacker groups were mobilized from the different Islamic countries: Turkey, Saudi Arabia,

Oman and Indonesia. Even though, the defacements were cleared up quickly, in the case of

secondary defacement the results could be far more damaging. The list of damaged websites

are available on the Zone-H web page. 32

Estonian precedent of cyberattack in May 2007 was quite alarming and served as a wake-up

call for developed nations. 33 In April/May Estonian cyberspace experienced massive DDoS

(Distributed denial-of service) cyber attack. The attack was arranged according to the Botnet

scheme.In one case, the attackers sent a single huge burst of data to measure the capacity of

the network. Then, hours later, data from multiple sources flowed into the system, rapidly

reaching the upper limit of the routers and switches.34 A considerable number of

governments and countrys main banks servers were clogged. The Hansabank lost not less

than 1 million dollars as a result of the attack. Moreover, it was extremely difficult to trackthe attack origin, because the hackers infiltrated computers around the world with software

known as bots, and banded them together in networks to perform these incursions. The

computers become unwitting foot soldiers, or zombies, in the cyberattack.35

It is worth mentioning that, Estonia was particularly vulnerable to the attack as an internet

infrastructure is highly developed in the country (Estonia was the first country which held on-

line elections); many critical services were disrupted, for example: healthcare and e-bank

services. During the attack Estonia had to close off its networks for the outside-country users.

It is really a shame that an Estonian businessman traveling abroad does not have access to his

bank account, said Linnar Viik, a computer science professor and a leader in Estonias high-tech industry. This fact demonstrated that a massive cyberattack on one country automatically

involves and damages other countries as well. Estonian incident made clear for developed

countries that internet has become one of the most dangerous tools against states proper

functioning, and the fact was alarming indeed.

Estonian cyber attack was followed by the attack on Lithuanian cyberspace. In June 2008

hundreds of Lithuanian government and corporate websites were defaced with the Soviet

symbols and graffiti. The attacks shut down the websites of the national ethics body, the

securities and exchange commission, the Lithuanian Social Democratic Party and many

31 BBC News. Mark Ward. 2006. Anti-cartoon protests go on. http://news.bbc.co.uk/2/hi/technology/4692518.stm 32 Zone-H. http://www.zone-h.org/news/id/4275 33 NATO PA Assembly. NATO and Cyber Defense. http://www.nato-pa.int/default.asp?SHORTCUT=1782 34 The New York Times. Mark Landler and John Markoff.. 2007. Digital Fears Emerge After Data Siege in Estonia.

http://www.nytimes.com/2007/05/29/technology/29estonia.html?pagewanted=1&_r=1

35Ibid


19/33


19

others. 36 Even though the government websites problems were fixed more or less quickly,

the commercial and corporate ones were not lucky to manage the problem immediately, and

consequently, their financial losses were estimable.

Very soon after the Lithuanian precedent, Georgia was engaged in war with Russian

Federation started on August 7, 2008. The war was entirely conventional. The Russian troops

invaded Georgia and moved toward capital Tbilisi. Georgian borders were not the only

subject of invasion, Georgian cyberspace was also attacked massively. According to Internet

technical experts, it was the first time a known cyberattack had coincided with a shooting war.37

Almost all Georgian government and media web-sites were disrupted by the well-known

Botnet scheme. In the case of Georgia, it was not easy to remedy the attacked web pages

shortly because of poor preparedness. This fact was particularly damaging for Georgia at that

moment as the country faced conventional war at a time. Created information vacuum was

extremely harmful and dangerous. Georgian government was incapable to spread its

messages online and to connect with sympathizers around the world during the fighting withRussia. 38

Cyber warfare is omnipresent, western cyberspace is not the sole domain which is attacked,

but eastern cyberspace is similarly vulnerable to cyberattacks. The most glaring example of

the above-mentioned observation was Iran in June 2009 and February 2010. In June 2009

several websites belonging to Iranian news agencies, president Mahmud Ahmadinejad, Irans

supreme leader Ayatollah Ali Khamenei, the Ministry of Foreign Affairs, Ministry of Justice,

National Police, Ministry of the Interior, and others, about twelve, were disrupted by hackers.39 In February 2010 Iran cyberspace was attacked over again. This time the target was Irans

nuclear program: about 60 computers were infected by the Stuxnet worm40

.

The above-mentioned cases of cyber warfare all over the world represent the tiny piece of the

long list of cyberattack precedents, however, they clearly demonstrate that cyberattack is a

considerably harmful and dangerous tool against a target victim.

Cyberwarfare, as any type of attack or war, has its background and context, which is

frequently determined by a political plot. In order to be more specific, I would overlook

political backgrounds for each aforementioned cyberwarfare case.

To start with, consider Denmark. Cyber attack in Denmark had a clearly political background.

Danish websites were attacked after Danish newspaper Politiken printed Prophet

36 The Washington Post. Brian Krebs. 2008. Lithuania Weathers Cyber Attack, Braces for Round 2.http://voices.washingtonpost.com/securityfix/2008/07/lithuania_weathers_cyber_attac_1.html 37 The New York Times. John Markoff. 2008. Before the Gunfire, Cyberattacks.htthep://www.nytimes.com/2008/08/13/technology/13cyber.html 38 Ibid39 Pakalert Press. Cyberwarfare begins in Iran. 2009. http://pakalert.wordpress.com/2009/06/17/cyberwarfare-begins-in-iran/ 40 Stuxnet Worm. Computer Virus. http://en.wikipedia.org/wiki/Stuxnet


20/33


20

Mohammeds mocking cartoons. Islamic hackers from different Islamic countries united to

revenge. Many hackers used website attacks and defacements to make their contribution to

political protests, said Roberto Preatoni, the administrator of Zone-H. 41 Indeed, attack on

Danish cyberspace turned an effective, cheap, and rapid political tool for Islamic hackers.

Estonian case was quite similar to the Danish one with its political context, however, severaldetails should be considered for this precedent. In April 2007 Estonian government decided

to remove a bronze statue of a World War II era soldier from the park of Tallinn. The

Estonian authorities expected street protests from Russian descent Estonians, and also

expected the cyber protests; however, what happened was not simply a cyber protest, but a

cyber war. It was entirely difficult to accuse Russian government in triggering the cyberwar

against Estonia, however, Estonian cyber authorities asserted that an Internet address

involved in the attacks belonged to an official who worked in the administration of Russias

former president, Vladimir V. Putin. 42 Estonias presidents web-page was similarly attacked

from the I.P. address in Russian administration. Even though some particular facts that

demonstrate Russias involvement in the attack exist and can be accepted as plausible, certain

accusations are extremely difficult to make because of the murky character of cyberspace.

Cyber attack on Lithuania had considerably common characteristics with the Estonian and

Danish cases. Lithuanian government authorized the law banning the display of Soviet

emblems, including honors won during the World War II. Several cyber experts and cyber

officials reported that Russian hackers were the authors of the attack, and that their

propaganda was flagrant. iDefense said hacker groups used Internet forums and blasted spam

e-mails to spotlight a manifesto called "Hackers United Against External Threats to Russia,"

which called for an expansion of the targets to include Ukraine, the rest of the Baltic states,

and Western nations for supporting the expansion of NATO. 43 Soviet symbols are very

differently associated among ethnic Lithuanians and Russians: while Lithuanians view them

as a painful reminder of the Soviet Past, Russians are proud of this past, and become reluctant

to tolerate the law which bans soviet symbols.

Georgias case is extremely tied to the political context. Cyber attack on Georgia in August

2008 was the first cyber attack which coincided with the conventional war. Russo-Georgian

war started on August 7, and simultaneously started a massive cyber attack on Georgian and

pro-Georgian websites. As I mentioned earlier, by the cyber attack on Georgian cyberspace

Georgia was driven into an information deadlock. Even though, crime is hardly tracked and

detected in internet, the Georgian case is too obvious not to recognize Russias efforts in an

attempt to disconnect its victim during the war.

41 BBC News. Mark Ward. 2006. Anti-cartoon protests go on. http://news.bbc.co.uk/2/hi/technology/4692518.stm 42 The New York Times. Mark Landler and John Markoff.. 2007. Digital Fears Emerge After Data Siege in Estonia.http://www.nytimes.com/2007/05/29/technology/29estonia.html?pagewanted=1&_r=1 43 The Washington Post. Brian Krebs. 2008. Lithuania Weathers Cyber Attack, Braces for Round 2.http://voices.washingtonpost.com/securityfix/2008/07/lithuania_weathers_cyber_attac_1.html


21/33


21

When it comes to Iran, its cyberspace was attacked in June 2009 clearly on the political basis.

Discontent opposition supporters, as they believed their candidate had won the presidential

elections, decided to protest via internet. The second cyber attack on Iran in February 2010 is

yet under investigation, and the certain deductions about its political background cannot be

made; nevertheless, the fact that the target of the attack was Irans nuclear program will

probably help the investigators to observe the involvement of particular political interests in

the case.

Finally, it is easily discernible that cyberwarfare, as a conventional war, is mainly fomented

and inspired by political interests, and that each cyberwarfare case has its particular political

background, no matter who is the attacker: state, individual hacker, group of hackers,

terrorists, or other interested parties. All above-mentioned precedents in Denmark, Estonia,

Lithuania, Georgia, and Iran have clearly demonstrated that, cyberwarfare is an effective

political tool with a short history, though with massive availability and even universal use.

Cyber Tools in Intelligence Activities and

Terrorism

Intelligence

In the modern technological era cyberspace has become a domain which plays particularly

sensitive role in the process of ensuring national security of a country. Cyber tools become

particularly dangerous when it comes to the intelligence-related activities. Intelligence

agencies all over the world emphasize dramatic significance of cybersecurity. They devote

their efforts and energy to be entirely updated and prepared for the cyber threats, particularly

in existing political environment which is replete of anxiety. Furthermore, with ever growing

threats from terrorist groups that comfortably adapted their activities to the cyber weapons, the

need for efficient and resilient cybersecurity policy increases. The traditional ways and

techniques in terrorist, intelligence, and counterintelligence activities are much more

expensive, easily detectable, and precarious than cyber terrorism and cyber intelligence;

moreover, cyber terrorism can have much more massive and widespread results than aconventional terrorism. That is why terrorist groups and foreign intelligence agencies use

cyber tools more and more actively.

The US Intelligence Community is seriously concerned with the cyber-related problems, and

believes that cybersecurity issues should be immediately addressed and paid relevant


22/33


22

attention. It (cyber warfare) could paralyze our country, said CIA current director Leon

Panetta in the exclusive interview on This Week. 44

In the historical documents of the Central Intelligence Agency (CIA) importance of cyber

threats management is clearly emphasized. One of the documents describes the so-called

Solar Sunrise scenario which was used against the US military systems in 1998 by hackers.The hackers accessed unclassified logistics, administration, and accounting systems that

control the US ability to manage and deploy military forces. 45 This case appeared particularly

alarming for the US intelligence authorities, who identified the 21st century upcoming

security threats. Similarly in further documents and publications, cyber threats find a more and

more shining place for the attention. Computers are inexpensive, as compared to traditional

weapons, and require no large industrial base. They are globally available, and connectivity is

widespread and increasing. 46 There is a long list of reviews and publications on

cybersecurity issues by the US Intelligence Community, and needless to cite all of them,

because the main point is clear: intelligence community was concerned with the cybesecurity

issues in the past, and its disquiets on the topic grows at present.

Cyber Terrorism

Cyber terrorism is a new term for the security world. There are a number of definitions

provided by the different agencies and research centers; though, the main point in these

definitions is that, cyber terrorism is a premeditated, illegal political activity which is designed

to disrupt the national security of a state. Why do terrorist groups use cyber attacks? There

are several reasons for that: they are cheaper than traditional methods; the attacks are very

difficult to track, consequently personalities and locations are hidden by the attackers quite

efficiently; there are no barriers and check points to cross; attacks can be performed from theremote areas all over the world; a big number of targets can be attacked via cyberspace, which

means that an attack can be massive, affecting a large number of people. 47

Sixty three detected cyber crimes were committed from 2006 up-to-date; the targets were as

governmental entities also commercial and industrial ones.48 The number is indeed worthy of

attention, but the impact and consequences of cyber attacks are more alarming. Even though

44 Abc News. Jake Taper. 2010. CIA: Cyber Warfare Could 'Paralyze' U.S.http://blogs.abcnews.com/politicalpunch/2010/06/cia-cyber-warfare-could-paralyze-us.html 45 CIA. Cyber Threats and the US Economy. 2000. https://www.cia.gov/news-information/speeches-

testimony/2000/cyberthreats_022300.html 46 CIA. The Intelligence Community: 2001-2015. Daunting Challenges, Hard Decisions. https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi studies/studies/vol46no1/article05.html . also https://www.cia.gov/news-information/speeches-testimony/2001/gershwin_speech_06222001.html

47 Computer Crime Research Center. Dr. Mudawi Mukhtar Elmusharaf. 2004. Cyber Terrorism : The new kind of Terrorism.http://www.crime-research.org/articles/Cyber_Terrorism_new_kind_Terrorism/

48 Center for Strategic and International Studies. CSIS. Significant Cyber Incidents since 2006.http://csis.org/files/publication/101021_Significant%20Cyber%20Incidents%20Since%202006.pdf


23/33


23

cyber attacks are not generally associated with death and life distraction, as conventional war

and traditional terrorism, cyberwarfare devastates financial systems. Losses are huge. The US

industry estimates of losses from intellectual property to data theft in 2008 range as high as $1

trillion.49

Marathon Oil, ExxonMobil, and ConocoPhillips were hacked and lost the data

detailing the quantity, value, and location of oil discoveries around the world. Each company

estimated the losses of millions. 50 The 2001 Code Red Worm incident cost its victim US

companies about $2 billion in damage. The research organization Computer Economics

estimated that damages caused by The Love Bug, Melissa, Code Red, and other malware had

exceeded $54 billion of loss. A survey of 500 U.S. companies demonstrated that a reported

financial losses increased by 21 percent in 2002. In addition, those losses are increasingly the

result of organized, planned cyber-attacks. According to Ernst and Young, security

occurrences can cost companies between $17 and $28 million per incident, an average value.51

There are countless examples of huge financial losses caused by cyberwarfare, and no need tolist more of these examples, because aforementioned incidents obviously demonstrate how

damaging and devastating cyber tools actually are when used for crime. Additionally, cyber

warfare can cause even equivalent psychological panic among users, as a conventional war

among citizens; particularly, if the country is highly computerized as is Estonia, for instance,

where major social activities are undertaken via internet, cyberwarfare can cause a real shock

in a society. Consequently, its role and significance in modern conflicts should indubitably

paid qualified and comprehensive attention in order to make future cyber warfare more

manageable in the world societies. If current challenges of cyber warfare are not addressed

relevantly in time by the international community and national authorities, there is a

considerable risk that these challenges will probably drive us in a turmoil, which will be even

more difficult to disentangle.

49 White House. Cyberspace Policy Review.http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf 50 CSIS. Significant Cyber Incidents since 2006.http://csis.org/files/publication/101021_Significant%20Cyber%20Incidents%20Since%202006.pdf 51 All Businesses. Cyber warfare threatens corporations: expansion into commercial environments. 2006.http://www.allbusiness.com/finance/insurance-risk-management/889259-1.html


24/33


24

Technical Stuff

Models ofCyber Defense

Legal frameworks, initiatives, and policy analysis, if not accompanied by practical measures,remain simply hypothesis without relevant practical use and results. All theoretical cyber

frameworks are designed to support the establishment of effective and smart models of cyber

defense. Different government agencies, commercial organizations, and several other

entities have elaborated cyber defense models and technologies. Even though these models

and techniques generally are quite divergent, they have one important characteristic to share:

techniques are primarily designed to prevent malware penetration into a cyber system.

Generally speaking, the basic standards of cyber defense are elaborated by local Cyber

Emergency Response Teams (CERT) in different countries. For instance, US-CERT has

elaborated several tips and alerts for different computer programs, and made them available

for users on the US-CERT website. 52

Moreover, The US Department of Homeland Security and US-CERT established several

cyber defense programs for the state bodies and government entities in order to protect the

critical information of the state. The first such cyber defense program was the Einstein

1which was adopted in 2003. The program was an automated process for collecting,

correlating, analyzing, and sharing computer security information across the Federal

government, so that Federal agencies would be aware, in near real-time, of the threats to their

infrastructure and can act swiftly to take corrective measures.53

It was essential for theagencies to adopt the responding systems consistent with the OMB responding requirements54and FISMA expectations. 55

Einstein 2 was an updated version of its antecedent Einstein 1. The new programs main

advantage was that, it made possible by the incorporated network intrusion detection

technology to alert US-CERT to the presence of malware or potentially harmful software

activity in the federal network traffic. The network intrusion detection system used

predetermined signatures of malicious network traffic, and was not based upon personally

52 US-CERT. http://www.us-cert.gov/53 Privacy Impact Assessment Einstein Program I. 2004. http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_eisntein.pdf 54 Ibid55 FISMA. Federal Information Security Management Act 2002.http://www.marcorsyscom.usmc.mil/sites/pmia%20documents/documents/Federal%20Information%20Security%20Management%20Act%20(FISMA).htm


25/33


25

identifiable information (PII). Nevertheless, with time it became possible to identify new

malicious network traffics, and include them into the predetermined list. 56

Quite recently the Department of Homeland Security and US-CERT has launched a new

Initiative Three Exercise, which includes the assessment of the future cyber protection

program Einstein 3. Einstein 3 is the updated version of Einstein 1 and 2 with improved

capacities. Particularly, the new program will be able to detect, select and redirect malicious

internet traffic from a government agency, while its predecessors were able only to identify

and alert to the presence of malware. Moreover, Einstein 3 will be able to automatically

respond to the potential malware before the harm is done. Specifically, the exercise

technology will physically receive all redirected agency traffic and will apply predefined

signatures to that traffic to identify known or suspected cyber threats. What is more, Einstein 3

may even detect the personally identifiable information (PII) along with the predetermined

malicious signatures. 57

International Telecommunication Union (ITU), particularly its Standardization Sector,

provides specific and detailed technical recommendations and standards for secure

cyberspace. These standards are outlined in numerous documents and publications that are

widely available. Moreover, ITU Radiocommunication Sector provides the guidance for

proper radio communication: frequency raging, frequency sharing on the globe and so forth.

Several new cyber defense systems are also offered by the network security vendors. For

instance McAfee talks about the database of suspect URLs, IP addresses, and individuals; if

such a database is created, the vendor will provide its users with this information in order to

avoid malicious invasions into their cyber systems. The Microsoft proposed to build the

separate data center facilities protected by biometric controls that would be accessible only by

US citizens. 58 The most important trends appear to be awareness in real-time, and

continuous monitoring. Situational awareness becomes essential in the process of tackling

cyber threats. 59

As the old cyber defense approaches and models have demonstrated their weaknesses and

ineffectiveness in several ways a number of new approaches have emerged. These newly

outlined models are more complex and multilevel than their predecessors. Moreover, the

models are built on considerably heterogeneous concepts that logically make them quite

sophisticated for the future implementation.

56 Privacy Impact Assessment Einstein Program II. 2008.http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_einstein2.pdf 57 Privacy Impact Assessment for the Initiative Three Exercise. 2010.http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_nppd_initiative3exercise.pdf 58 Federal Times. Adam Stone. New tools power managers' defense against cyber attacks. 2010.http://www.federaltimes.com/article/20100521/IT01/5210303/ 59 Ibid.


26/33


26

One of the most sophisticated new models which attracted my attention is the Immuno-

Inspired Autonomic System for Cyber Defense. Biological immune system is an autonomic

self-protection system, which is characterized by an incredible flexibility and adaptability. The

new initiative focuses on building an autonomic defense system, using some immunological

metaphors for information gathering, analyzing, decision making and launching threat and

attack responses. Introduction of several new mechanisms potentially can provide a new

complex autonomic cyber defense system, in particular: immunity-based security agents with

multilateral functions, novel pattern recognizer which will effectively differentiate between

self and non self agents, also introduction of multi-layered defense system with several

mechanism in each layer for protection against pathogens, and multi-level data fusion and

correlation. The architecture of this potential cyber defense system is as follows: the system is

divided into three defense strategies; under each strategy several techniques and tools are

grouped according to their functions; nevertheless, these tools and techniques may be from

different strategy divisions they should use a common protocol, standard for communicationand information sharing.

Even though this system is quite difficult and challenging to design, this model can be

considered as a potential cyber defense system which will be brought to fruition by scientists

in the future. 60

Conclusion

Cyberspace has penetrated human lives so profoundly that, it appears quite demanding and

challenging for the whole world to be protected from the increasing cyber threats. Each realm

of human endeavor is considerably dependant on cyber tools and their proper functioning.

State, private, and civil sectors have become equally vulnerable to cyber warfare. Moreover,

cyber tools acquired dramatic significance in political processes; intelligence agencies, and

other state bodies use cyber tools quite effectively in their activities. Furthermore, terrorist

groups and organizations favor cyber attack and cyber warfare in their pursuit. The main

reasons for the popularity of cyber warfare are that, cyber warfare is cheap, its tracking is

difficult, and it causes unimaginable psychological shock and financial losses.

Several countries all over the world have adopted particular cyber standards (legal

frameworks and practical measures) in order to regulate their cyberspaces. The international

organizations and unions are considerably concerned with the emerging cyber threats, and

undertake relevant steps for cyberspace standardization. Nevertheless, these efforts appear to

60 Dipankar Dasgupta. Intelligent Security Systems Research Lab. The University of Memphis. Immuno-Inspired AutonomicSystem for Cyber Defense.


27/33


27

be insufficient for achieving a stable consensus among involved parties. Furthermore,

involved political interests of different countries make it more difficult to reach a common

agreement on cyber issues.

Additionally, several technical problems such are lack of qualification, and system failures

are equally important along with the legal and policy challenges.

For the final analysis, as cyber threats become more and more demanding, challenging and

dangerous it is vital for the worlds safe future that the cooperation between involved parties

on the national and international levels extends and deepens. The chronology of cyber warfare

has demonstrated that no country, no region, and no society is protected from cyber threats.

The more a country is developed technologically, the stronger is a cyber vulnerability.

Consequently, the international community should take a responsibility to encourage all the

possible initiatives in order to ensure cybersecurity for the whole world. The need for

increased cooperation is entirely urgent, because our modern world is replete of anxiety andantagonism, and cyber warfare, as an effective and cheap weapon, becomes more and more

popular among people.

I strongly believe, that cyber needs should be addressed by nations and international

community in time and with relevant attention with legal and practical measures in order to

protect our already frustrated world from cyber chaos.


28/33


28

Appendix

References

CYBER REPORT 2008 2010 by Lasha PataraiaINFORMATION SECURITY STUDIES AND ANALYSIS CENTER http://www.issac.ge

www.techterms.com

White House Comprehensive National Cybersecurity Initiative January 2008

White House Cyberspace Policy Review 2009

United Nation General Assembly. 55/63 - Combating the criminal misuse ofInformation Technologies

United Nations General Assembly. 57/239 Creation of a global culture of cybersecurity

ITU General Cybersecurity Agenda

NATO 2020 Assured Security ; Dynamic Engagement.

NATOs cyber defense policy and activities

Council of Europe Convention on Cybercrime 2001

Russia, The United States, and Cyber Diplomacy EastWest InstituteFranz-Stefan Gady, Greg Austin 2010

FOI -Swedish Defense Research Agency Emerging Cyber Threats and Russian Views on

Information Warfare and Information Operations 2010

New York Times, August 2008 John MarkoffGeorgia takes a beating in the cyberwarwith Russia

BBC News,2006 Mark Ward Anti-cartoon protests go on

Zone-H News www.zone-h.org


29/33


29

NATO PA Assembly NATO and Cyber Defense

The New York Times, 2007 Mark Landler and John Markoff Digital Fears Emerge After DataSiege in Estonia

The Washington Post, 2008 Brian Krebs Lithuania Weathers Cyber Attack, Braces for Round2

The New York Times, 2008 John Markoff Before the Gunfire, Cyberattacks

Pakalert Press, 2009 Cyberwarfare begins in Iran

Abc News, 2010 Jake Taper CIA: Cyber Warfare Could 'Paralyze' U.S

Central Intelligence Agency, 2000 Cyber Threats and the US Economy

CIA The Intelligence Community: 2001-2015 Daunting Challenges, Hard Decisions

Computer Crime Research Center, 2004 Dr. Mudawi Mukhtar Elmusharaf Cyber Terrorism:The new kind of Terrorism

Center for Strategic and International Studies (CSIS) Significant Cyber Incidents since 2006

All Businesses, 2006 Cyber warfare threatens corporations: expansion into commercialenvironments

US-CERT www.us-cert.gov

Privacy Impact Assessment Einstein Program I, 2004

FISMA. Federal Information Security Management Act 2002

Privacy Impact Assessment Einstein Program II, 2008

Privacy Impact Assessment for the Initiative Three Exercise, 2010

Federal Times, 2010 Adam Stone New tools power managers' defense against cyber attacks

Dipankar Dasgupta Intelligent Security Systems Research Lab The University of Memphis

Immuno-Inspired Autonomic System for CyberDefense


30/33


30

ABOUT THE CENTER

Information Security Studies and Analysis Center is the first and only in the Caucasus region

oriented towards the field of Information Security.

Establishment of the organization was caused by the new reality to develop after 2008

Russian-Georgian conflict. The war in 2008 showed us that there were no systems developed

so far to provide protection against the means of informational warfare and cyber-terrorism,this equally is a challenge to both public and private sectors. Non-existence of respective law

basis, governmental institutions and appropriate means to fight against cyber-crime and cyber-

terrorism affects not only the homeland security but economy of the country also.

Currently in both private or governmental sectors there are modern technologies actively

implemented, the bigger is the process automation scale the more dificcult is its control. In the


31/33


31

conditions where there are espionage and other security challenges, that are of a technological

character, there are new threats to rise, consequently security of the information becomes vital

to not only governmental organizations, but private sector also.

Opposite to the named above threats and challenges our organization gathered a team of

experienced professionals, that gives us the opportunity for the first time in Georgia toestablish institutional mechanisms to fight cyber-terrorism, piracy, corporate espionage and so

on.

OUR SERVICES

We offer unique services to private and governmental sectors, such as:

y Training of specialists in the fields of Information Secuirty, intelligence and anti-terrorism;

y Staffing;y Training to different type of employees of private and governmental sectors;y Audit in terms of informational security aspects and preparation of respective

recommendations;

y Development of standards and SOPs;y Creation of organizational units for threat monitoring and incident reaction;y Consultancy in IT infrastructural issues, legal part of IT projects;y Development of software/hardware solutions, provision and implementation;y IT outsourcing, protected hosting on US servers, domain registration and etc.

The first priority to the center still remains study of the technological, geopolitical and

military challenges existing in the country, at the same time in-depth analysis of such, and

timely provision of the objective information to public. For this purpose analytical unit of

ISSAC periodically prepares and publishes analysis of modern threats and global trends. We

are maximally transparent in our activities and we help out those interested in these fields, we

give them knowledge base and encourage them to become part of the various projects

conducted by the center.

Our goal is to cooperate with as much governmental institution and educational units as

possible in order to ensure more effective fight against modern threats, create general/common

standards and means of implementation of these standards, increase the quality of

informationin this field to the society and provide our services to those who really needs it.


32/33


32

This publication was downloaded from E-LIBRARY portal of

INFORMATION SECURITY STUDIES AND ANALYSIS CENTER

http://www.issac.ge


33/33


cyber warfare: its increasing role in modern conflicts

Documents