Misplaced Pages

Cyberwarfare

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
(Redirected from Cyber security attack) Use of digital attacks against a state "Cyberwar" redirects here. For other uses, see Cyberwar (disambiguation). Not to be confused with electronic warfare or information warfare.

Cyberwarfare specialists of the United States Army's 782nd Military Intelligence Battalion (Cyber) supporting the 3rd Brigade Combat Team, 1st Cavalry Division during a training exercise in 2019.
Part of a series on
War
(outline)
History
Military






Battlespace


Weapons
TacticsList of military tactics
Operational
StrategyList of military strategies and concepts
Grand strategy
Administrative
Organization
Personnel
Logistics
Science
Law
Theory
Non-warfare
Culture
Related
Lists

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

There is significant debate among experts regarding the definition of cyberwarfare, and even if such a thing exists. One view is that the term is a misnomer since no cyber attacks to date could be described as a war. An alternative view is that it is a suitable label for cyber attacks which cause physical damage to people and objects in the real world.

Many countries, including the United States, United Kingdom, Russia, China, Israel, Iran, and North Korea, have active cyber capabilities for offensive and defensive operations. As states explore the use of cyber operations and combine capabilities, the likelihood of physical confrontation and violence playing out as a result of, or part of, a cyber operation is increased. However, meeting the scale and protracted nature of war is unlikely, thus ambiguity remains.

The first instance of kinetic military action used in response to a cyber-attack resulting in the loss of human life was observed on 5 May 2019, when the Israel Defense Forces targeted and destroyed a building associated with an ongoing cyber-attack.

Definition

There is ongoing debate over how cyberwarfare should be defined and no absolute definition is widely agreed upon. While the majority of scholars, militaries, and governments use definitions that refer to state and state-sponsored actors, other definitions may include non-state actors, such as terrorist groups, companies, political or ideological extremist groups, hacktivists, and transnational criminal organizations depending on the context of the work.

Examples of definitions proposed by experts in the field are as follows.

'Cyberwarfare' is used in a broad context to denote interstate use of technological force within computer networks in which information is stored, shared, or communicated online.

Raymond Charles Parks and David P. Duggan focused on analyzing cyberwarfare in terms of computer networks and pointed out that "Cyberwarfare is a combination of computer network attack and defense and special technical operations." According to this perspective, the notion of cyber warfare brings a new paradigm into military doctrine. Paulo Shakarian and colleagues put forward the following definition of "cyber war" in 2013, drawing on Clausewitz's definition of war: "War is the continuation of politics by other means":

Cyber war is an extension of policy by actions taken in cyber space by state or nonstate actors that constitute a serious threat to a nation's security or are conducted in response to a perceived threat against a nation's security.

Taddeo offered the following definition in 2012:

The warfare grounded on certain uses of ICTs within an offensive or defensive military strategy endorsed by a state and aiming at the immediate disruption or control of the enemy's resources, and which is waged within the informational environment, with agents and targets ranging both on the physical and non-physical domains and whose level of violence may vary upon circumstances.

Robinson et al. proposed in 2015 that the intent of the attacker dictates whether an attack is warfare or not, defining cyber warfare as "the use of cyber attacks with a warfare-like intent."

In 2010, the former US National Coordinator for Security, Infrastructure Protection and Counter-terrorism, Richard A. Clarke, defined cyberwarfare as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption". The target's own cyber-physical infrastructure may be used by the adversary in case of a cyber conflict, thus weaponizing it.

Controversy of term

There is debate on whether the term "cyber warfare" is accurate. In 2012, Eugene Kaspersky, founder of Kaspersky Lab, concluded that "cyberterrorism" is a more accurate term than "cyberwar." He states that "with today's attacks, you are clueless about who did it or when they will strike again. It's not cyber-war, but cyberterrorism." Howard Schmidt, former Cyber Security Coordinator in the Obama administration, said that "there is no cyberwar... I think that is a terrible metaphor and I think that is a terrible concept. There are no winners in that environment."

Some experts take issue with the possible consequences linked to the warfare goal. In 2011, Ron Deibert, of Canada's Citizen Lab, warned of a "militarization of cyberspace", as militaristic responses may not be appropriate. However, to date, even serious cyber-attacks that have disrupted large parts of a nation's electrical grid (230,000 customers, Ukraine, 2015) or affected access to medical care, thus endangering life (UK National Health Service, WannaCry, 2017) have not led to military action.

In 2017, Oxford academic Lucas Kello proposed a new term, "Unpeace", to denote highly damaging cyber actions whose non-violent effects do not rise to the level of traditional war. Such actions are neither warlike nor peace-like. Although they are non-violent, and thus not acts of war, their damaging effects on the economy and society may be greater than those of some armed attacks. This term is closely related to the concept of the "grey zone", which came to prominence in 2017, describing hostile actions that fall below the traditional threshold of war. But as Kello explained, technological unpeace differs from the grey zone as the term is commonly used in that unpeace by definition is never overtly violent or fatal, whereas some grey-zone actions are violent, even if they are not acts of war.

Cyberwarfare vs. cyber war

The term "cyberwarfare" is distinct from the term "cyber war". Cyberwarfare includes techniques, tactics and procedures that may be involved in a cyber war, but the term does not imply scale, protraction or violence, which are typically associated with the term "war", which inherently refers to a large-scale action, typically over a protracted period of time, and may include objectives seeking to utilize violence or the aim to kill. A cyber war could accurately describe a protracted period of back-and-forth cyber attacks (including in combination with traditional military action) between warring states. To date, no such action is known to have occurred. Instead, armed forces have responded with tit-for-tat military cyber actions. For example, in June 2019, the United States launched a cyber attack against Iranian weapons systems in retaliation to the shooting down of a US drone in the Strait of Hormuz.

Cyberwarfare and cyber sanctions

In addition to retaliatory digital attacks, countries can respond to cyber attacks with cyber sanctions. Sometimes, it is not easy to detect the attacker, but suspicions may focus on a particular country or group of countries. In these cases, unilateral and multilateral economic sanctions can be used instead of cyberwarfare. For example, the United States has frequently imposed economic sanctions related to cyber attacks. Two Executive Orders issued during the Obama administration, EO 13694 of 2015 and EO 13757 of 2016, specifically focused on the implementation of the cyber sanctions. Subsequent US presidents have issued similar Executive Orders. The US Congress has also imposed cyber sanctions in response to cyberwarfare. For example, the Iran Cyber Sanctions Act of 2016 imposes sanctions on specific individuals responsible for cyber attacks.

Types of threat

Main article: Cyberattack Further information: List of hacker groups, Advanced persistent threat, and Threat actor

Types of warfare

Cyber warfare can present a multitude of threats towards a nation. At the most basic level, cyber attacks can be used to support traditional warfare. For example, tampering with the operation of air defenses via cyber means in order to facilitate an air attack. Aside from these "hard" threats, cyber warfare can also contribute towards "soft" threats such as espionage and propaganda. Eugene Kaspersky, founder of Kaspersky Lab, equates large-scale cyber weapons, such as Flame and NetTraveler which his company discovered, to biological weapons, claiming that in an interconnected world, they have the potential to be equally destructive.

Espionage

PRISM: a clandestine surveillance program under which the NSA collects user data from companies like Facebook and Google.

Traditional espionage is not an act of war, nor is cyber-espionage, and both are generally assumed to be ongoing between major powers. Despite this assumption, some incidents can cause serious tensions between nations, and are often described as "attacks". For example:

Out of all cyber attacks, 25% of them are espionage based.

Sabotage

Computers and satellites that coordinate other activities are vulnerable components of a system and could lead to the disruption of equipment. Compromise of military systems, such as C4ISTAR components that are responsible for orders and communications could lead to their interception or malicious replacement. Power, water, fuel, communications, and transportation infrastructure all may be vulnerable to disruption. According to Clarke, the civilian realm is also at risk, noting that the security breaches have already gone beyond stolen credit card numbers, and that potential targets can also include the electric power grid, trains, or the stock market.

In mid-July 2010, security experts discovered a malicious software program called Stuxnet that had infiltrated factory computers and had spread to plants around the world. It is considered "the first attack on critical industrial infrastructure that sits at the foundation of modern economies," notes The New York Times.

Stuxnet, while extremely effective in delaying Iran's nuclear program for the development of nuclear weaponry, came at a high cost. For the first time, it became clear that not only could cyber weapons be defensive but they could be offensive. The large decentralization and scale of cyberspace makes it extremely difficult to direct from a policy perspective. Non-state actors can play as large a part in the cyberwar space as state actors, which leads to dangerous, sometimes disastrous, consequences. Small groups of highly skilled malware developers are able to as effectively impact global politics and cyber warfare as large governmental agencies. A major aspect of this ability lies in the willingness of these groups to share their exploits and developments on the web as a form of arms proliferation. This allows lesser hackers to become more proficient in creating the large scale attacks that once only a small handful were skillful enough to manage. In addition, thriving black markets for these kinds of cyber weapons are buying and selling these cyber capabilities to the highest bidder without regard for consequences.

Denial-of-service attack

Main article: Denial-of-service attack

In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root nameservers. DoS attacks often leverage internet-connected devices with vulnerable security measures to carry out these large-scale attacks. DoS attacks may not be limited to computer-based methods, as strategic physical attacks against infrastructure can be just as devastating. For example, cutting undersea communication cables may severely cripple some regions and countries with regards to their information warfare ability.

An electrical substation in the United Kingdom

Electrical power grid

The federal government of the United States admits that the electric power grid is susceptible to cyberwarfare. The United States Department of Homeland Security works with industries to identify vulnerabilities and to help industries enhance the security of control system networks. The federal government is also working to ensure that security is built in as the next generation of "smart grid" networks are developed. In April 2009, reports surfaced that China and Russia had infiltrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national security officials. The North American Electric Reliability Corporation (NERC) has issued a public notice that warns that the electrical grid is not adequately protected from cyber attack. China denies intruding into the U.S. electrical grid. One countermeasure would be to disconnect the power grid from the Internet and run the net with droop speed control only. Massive power outages caused by a cyber attack could disrupt the economy, distract from a simultaneous military attack, or create a national trauma.

Iranian hackers, possibly Iranian Cyber Army pushed a massive power outage for 12 hours in 44 of 81 provinces of Turkey, impacting 40 million people. Istanbul and Ankara were among the places suffering blackout.

Howard Schmidt, former Cyber-Security Coordinator of the US, commented on those possibilities:

It's possible that hackers have gotten into administrative computer systems of utility companies, but says those aren't linked to the equipment controlling the grid, at least not in developed countries. has never heard that the grid itself has been hacked.

In June 2019, Russia said that its electrical grid has been under cyber-attack by the United States. The New York Times reported that American hackers from the United States Cyber Command planted malware potentially capable of disrupting the Russian electrical grid.

Propaganda

Cyber propaganda is an effort to control information in whatever form it takes, and influence public opinion. It is a form of psychological warfare, except it uses social media, fake news websites and other digital means. In 2018, Sir Nicholas Carter, Chief of the General Staff of the British Army stated that this kind of attack from actors such as Russia "is a form of system warfare that seeks to de-legitimize the political and social system on which our military strength is based".

Jowell and O'Donnell (2006) state that "propaganda is the deliberate, systematic attempt to shape perceptions, manipulate cognitions, and direct behavior to achieve a response that furthers the desired intent of the propagandist" (p. 7). The internet is the most important means of communication today. People can convey their messages quickly across to a huge audience, and this can open a window for evil. Terrorist organizations can exploit this and may use this medium to brainwash people. It has been suggested that restricted media coverage of terrorist attacks would in turn decrease the number of terrorist attacks that occur afterwards.

Economic disruption

In 2017, the WannaCry and Petya (NotPetya) cyber attacks, masquerading as ransomware, caused large-scale disruptions in Ukraine as well as to the U.K.'s National Health Service, pharmaceutical giant Merck, Maersk shipping company and other organizations around the world. These attacks are also categorized as cybercrimes, specifically financial crime because they negatively affect a company or group.

Surprise cyber attack

The idea of a "cyber Pearl Harbor" has been debated by scholars, drawing an analogy to the historical act of war. Others have used "cyber 9/11" to draw attention to the nontraditional, asymmetric, or irregular aspect of cyber action against a state.

Motivations

There are a number of reasons nations undertake offensive cyber operations. Sandro Gaycken [de], a cyber security expert and adviser to NATO, advocates that states take cyber warfare seriously as they are viewed as an attractive activity by many nations, in times of war and peace. Offensive cyber operations offer a large variety of cheap and risk-free options to weaken other countries and strengthen their own positions. Considered from a long-term, geostrategic perspective, cyber offensive operations can cripple whole economies, change political views, agitate conflicts within or among states, reduce their military efficiency and equalize the capacities of high-tech nations to that of low-tech nations, and use access to their critical infrastructures to blackmail them.

Military

With the emergence of cyber as a substantial threat to national and global security, cyber war, warfare and/or attacks also became a domain of interest and purpose for the military.

In the U.S., General Keith B. Alexander, first head of USCYBERCOM, told the Senate Armed Services Committee that computer network warfare is evolving so rapidly that there is a "mismatch between our technical capabilities to conduct operations and the governing laws and policies. Cyber Command is the newest global combatant and its sole mission is cyberspace, outside the traditional battlefields of land, sea, air and space." It will attempt to find and, when necessary, neutralize cyberattacks and to defend military computer networks.

Alexander sketched out the broad battlefield envisioned for the computer warfare command, listing the kind of targets that his new headquarters could be ordered to attack, including "traditional battlefield prizes – command-and-control systems at military headquarters, air defense networks and weapons systems that require computers to operate."

One cyber warfare scenario, Cyber-ShockWave, which was wargamed on the cabinet level by former administration officials, raised issues ranging from the National Guard to the power grid to the limits of statutory authority.

The distributed nature of internet based attacks means that it is difficult to determine motivation and attacking party, meaning that it is unclear when a specific act should be considered an act of war.

Examples of cyberwarfare driven by political motivations can be found worldwide. In 2008, Russia began a cyber attack on the Georgian government website, which was carried out along with Georgian military operations in South Ossetia. In 2008, Chinese "nationalist hackers" attacked CNN as it reported on Chinese repression on Tibet. Hackers from Armenia and Azerbaijan have actively participated in cyberwarfare as part of the Nagorno-Karabakh conflict, with Azerbaijani hackers targeting Armenian websites and posting Ilham Aliyev's statements.

Jobs in cyberwarfare have become increasingly popular in the military. All four branches of the United States military actively recruit for cyber warfare positions.

In a 2024 study on the use of military cyber operations during the Russo-Ukrainian War, Frederik A. H. Pedersen and Jeppe T. Jacobsen concluded that cyber operations in warfare may only be impactful on the tactical and operational levels in a war's beginning, when cyber and non-cyber operations can be aligned and complex cyber weapons can be prepared before war breaks out, as well as cumulatively on a strategic level.

Civil

Potential targets in internet sabotage include all aspects of the Internet from the backbones of the web, to the internet service providers, to the varying types of data communication mediums and network equipment. This would include: web servers, enterprise information systems, client server systems, communication links, network equipment, and the desktops and laptops in businesses and homes. Electrical grids, financial networks, and telecommunications systems are also deemed vulnerable, especially due to current trends in computerization and automation.

Hacktivism

Politically motivated hacktivism involves the subversive use of computers and computer networks to promote an agenda, and can potentially extend to attacks, theft and virtual sabotage that could be seen as cyberwarfare – or mistaken for it. Hacktivists use their knowledge and software tools to gain unauthorized access to computer systems they seek to manipulate or damage not for material gain or to cause widespread destruction, but to draw attention to their cause through well-publicized disruptions of select targets. Anonymous and other hacktivist groups are often portrayed in the media as cyber-terrorists, wreaking havoc by hacking websites, posting sensitive information about their victims, and threatening further attacks if their demands are not met. However, hacktivism is more than that. Actors are politically motivated to change the world, through the use of fundamentalism. Groups like Anonymous, however, have divided opinion with their methods.

Income generation

Cyber attacks, including ransomware, can be used to generate income. States can use these techniques to generate significant sources of income, which can evade sanctions and perhaps while simultaneously harming adversaries (depending on targets). This tactic was observed in August 2019 when it was revealed North Korea had generated $2 billion to fund its weapons program, avoiding the blanket of sanctions levied by the United States, United Nations and the European Union.

Private sector

Further information: Cyber-arms industry and Market for zero-day exploits

Computer hacking represents a modern threat in ongoing global conflicts and industrial espionage and as such is presumed to widely occur. It is typical that this type of crime is underreported to the extent they are known. According to McAfee's George Kurtz, corporations around the world face millions of cyberattacks a day. "Most of these attacks don't gain any media attention or lead to strong political statements by victims." This type of crime is usually financially motivated.

Non-profit research

But not all those who engage in cyberwarfare do so for financial or ideological reasons. There are institutes and companies like the University of Cincinnati or the Kaspersky Security Lab which engage in cyberwarfare so as to better understand the field through actions like the researching and publishing of new security threats.

Preparedness

A number of countries conduct exercise to increase preparedness and explore the strategy, tactics and operations involved in conducting and defending against cyber attacks against hostile states, this is typically done in the form of war games.

The Cooperative Cyber Defence Centre of Excellence (CCDCE), part of the North Atlantic Treaty Organization (NATO), have conducted a yearly war game called Locked Shields since 2010 designed to test readiness and improve skills, strategy tactics and operational decision making of participating national organizations. Locked Shields 2019 saw 1200 participants from 30 countries compete in a red team vs. blue team exercise. The war game involved a fictional country, Berylia, which was "experiencing a deteriorating security situation, where a number of hostile events coincide with coordinated cyber attacks against a major civilian internet service provider and maritime surveillance system. The attacks caused severe disruptions in the power generation and distribution, 4G communication systems, maritime surveillance, water purification plant and other critical infrastructure components". CCDCE describe the aim of the exercise was to "maintain the operation of various systems under intense pressure, the strategic part addresses the capability to understand the impact of decisions made at the strategic and policy level." Ultimately, France was the winner of Locked Shields 2019.

The European Union conducts cyber war game scenarios with member states and foreign partner states to improve readiness, skills and observe how strategic and tactical decisions may affect the scenario.

As well as war games which serve a broader purpose to explore options and improve skills, cyber war games are targeted at preparing for specific threats. In 2018 the Sunday Times reported the UK government was conducting cyber war games which could "blackout Moscow". These types of war games move beyond defensive preparedness, as previously described above and onto preparing offensive capabilities which can be used as deterrence, or for "war".

Cyber activities by nation

Main article: List of cyber warfare forces

Approximately 120 countries have been developing ways to use the Internet as a weapon and target financial markets, government computer systems and utilities.

Asia

China

Main article: Cyberwarfare by China

According to Fritz, China has expanded its cyber capabilities and military technology by acquiring foreign military technology. Fritz states that the Chinese government uses "new space-based surveillance and intelligence gathering systems, Anti-satellite weapon, anti-radar, infrared decoys, and false target generators" to assist in this quest, and that they support their "Informatisation" of their military through "increased education of soldiers in cyber warfare; improving the information network for military training, and has built more virtual laboratories, digital libraries and digital campuses." Through this informatisation, they hope to prepare their forces to engage in a different kind of warfare, against technically capable adversaries. Foreign Policy magazine put the size of China's "hacker army" at anywhere from 50,000 to 100,000 individuals. Diplomatic cables highlight US concerns that China is using access to Microsoft source code and 'harvesting the talents of its private sector' to boost its offensive and defensive capabilities.

While China continues to be held responsible for a string of cyber-attacks on a number of public and private institutions in the United States, India, Russia, Canada, and France, the Chinese government denies any involvement in cyber-spying campaigns. The administration maintains the position that China is also victim to an increasing number of cyber-attacks. Most reports about China's cyber warfare capabilities have yet to be confirmed by the Chinese government.

In June 2015, the United States Office of Personnel Management (OPM) announced that it had been the target of a data breach targeting the records of as many as four million people. Later, FBI Director James Comey put the number at 18 million. The Washington Post has reported that the attack originated in China, citing unnamed government officials.

Operation Shady RAT is a series of cyber attacks starting mid-2006, reported by Internet security company McAfee in August 2011. China is widely believed to be the state actor behind these attacks which hit at least 72 organizations including governments and defense contractors.

The 2018 cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests is now known to be a part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, The hackers, are suspected of working on behalf of the Ministry of State Security (MSS), the country's Communist-controlled civilian spy agency.

On 14 September 2020, a database showing personal details of about 2.4 million people around the world was leaked and published. A Chinese company, Zhenhua Data compiled the database. According to the information from "National Enterprise Credit Information Publicity System", which is run by State Administration for Market Regulation in China, the shareholders of Zhenhua Data Information Technology Co., Ltd. are two natural persons and one general partnership enterprise whose partners are natural persons. Wang Xuefeng, who is the chief executive and the shareholder of Zhenhua Data, has publicly boasted that he supports "hybrid warfare" through manipulation of public opinion and "psychological warfare".

In February 2024 The Philippines announced that it had successfully fought off a cyber attack which was traced to hackers in China. Several government websites were targeted including the National coast watch and personal website of the president of the Philippines, Ferdinand Marcos Jr.

In May 2024 The UK announced that it had taken a database offline that is used by its defense ministry after coming under a cyber attack attributed to the Chinese state.

India

The Department of Information Technology created the Indian Computer Emergency Response Team (CERT-In) in 2004 to thwart cyber attacks in India. That year, there were 23 reported cyber security breaches. In 2011, there were 13,301. That year, the government created a new subdivision, the National Critical Information Infrastructure Protection Centre (NCIIPC) to thwart attacks against energy, transport, banking, telecom, defense, space and other sensitive areas.

The executive director of the Nuclear Power Corporation of India (NPCIL) stated in February 2013 that his company alone was forced to block up to ten targeted attacks a day. CERT-In was left to protect less critical sectors.

A high-profile cyber attack on 12 July 2012 breached the email accounts of about 12,000 people, including those of officials from the Ministry of External Affairs, Ministry of Home Affairs, Defense Research and Development Organizations (DRDO), and the Indo-Tibetan Border Police (ITBP). A government-private sector plan being overseen by National Security Advisor (NSA) Shivshankar Menon began in October 2012, and intends to boost up India's cyber security capabilities in the light of a group of experts findings that India faces a 470,000 shortfall of such experts despite the country's reputation of being an IT and software powerhouse.

In February 2013, Information Technology Secretary J. Satyanarayana stated that the NCIIPC was finalizing policies related to national cyber security that would focus on domestic security solutions, reducing exposure through foreign technology. Other steps include the isolation of various security agencies to ensure that a synchronised attack could not succeed on all fronts and the planned appointment of a National Cyber Security Coordinator. As of that month, there had been no significant economic or physical damage to India related to cyber attacks.

On 26 November 2010, a group calling itself the Indian Cyber Army hacked the websites belonging to the Pakistan Army and the others belong to different ministries, including the Ministry of Foreign Affairs, Ministry of Education, Ministry of Finance, Pakistan Computer Bureau, Council of Islamic Ideology, etc. The attack was done as a revenge for the Mumbai terrorist attacks.

On 4 December 2010, a group calling itself the Pakistan Cyber Army hacked the website of India's top investigating agency, the Central Bureau of Investigation (CBI). The National Informatics Center (NIC) has begun an inquiry.

In July 2016, Cymmetria researchers discovered and revealed the cyber attack dubbed 'Patchwork', which compromised an estimated 2500 corporate and government agencies using code stolen from GitHub and the dark web. Examples of weapons used are an exploit for the Sandworm vulnerability (CVE-2014–4114), a compiled AutoIt script, and UAC bypass code dubbed UACME. Targets are believed to be mainly military and political assignments around Southeast Asia and the South China Sea and the attackers are believed to be of Indian origin and gathering intelligence from influential parties.

The Defence Cyber Agency, which is the Indian Military agency responsible for Cyberwarfare, is expected to become operational by November 2019.

Philippines

The Chinese are being blamed after a cybersecurity company, F-Secure Labs, found a malware, NanHaiShu, which targeted the Philippines Department of Justice. It sent information in an infected machine to a server with a Chinese IP address. The malware which is considered particularly sophisticated in nature was introduced by phishing emails that were designed to look like they were coming from an authentic sources. The information sent is believed to be relating to the South China Sea legal case.

South Korea

Main article: 2013 South Korea cyberattack

In July 2009, there were a series of coordinated denial of service attacks against major government, news media, and financial websites in South Korea and the United States. While many thought the attack was directed by North Korea, one researcher traced the attacks to the United Kingdom. Security researcher Chris Kubecka presented evidence multiple European Union and United Kingdom companies unwittingly helped attack South Korea due to a W32.Dozer infections, malware used in part of the attack. Some of the companies used in the attack were partially owned by several governments, further complicating cyber attribution.

Visualization of 2009 cyber warfare attacks against South Korea

In July 2011, the South Korean company SK Communications was hacked, resulting in the theft of the personal details (including names, phone numbers, home and email addresses and resident registration numbers) of up to 35 million people. A trojaned software update was used to gain access to the SK Communications network. Links exist between this hack and other malicious activity and it is believed to be part of a broader, concerted hacking effort.

With ongoing tensions on the Korean Peninsula, South Korea's defense ministry stated that South Korea was going to improve cyber-defense strategies in hopes of preparing itself from possible cyber attacks. In March 2013, South Korea's major banks – Shinhan Bank, Woori Bank and NongHyup Bank – as well as many broadcasting stations – KBS, YTN and MBC – were hacked and more than 30,000 computers were affected; it is one of the biggest attacks South Korea has faced in years. Although it remains uncertain as to who was involved in this incident, there has been immediate assertions that North Korea is connected, as it threatened to attack South Korea's government institutions, major national banks and traditional newspapers numerous times – in reaction to the sanctions it received from nuclear testing and to the continuation of Foal Eagle, South Korea's annual joint military exercise with the United States. North Korea's cyber warfare capabilities raise the alarm for South Korea, as North Korea is increasing its manpower through military academies specializing in hacking. Current figures state that South Korea only has 400 units of specialized personnel, while North Korea has more than 3,000 highly trained hackers; this portrays a huge gap in cyber warfare capabilities and sends a message to South Korea that it has to step up and strengthen its Cyber Warfare Command forces. Therefore, in order to be prepared from future attacks, South Korea and the United States will discuss further about deterrence plans at the Security Consultative Meeting (SCM). At SCM, they plan on developing strategies that focuses on accelerating the deployment of ballistic missiles as well as fostering its defense shield program, known as the Korean Air and Missile Defense.

North Korea

Further information: Sony Pictures hack and WannaCry ransomware attack

Africa

Egypt

In an extension of a bilateral dispute between Ethiopia and Egypt over the Grand Ethiopian Renaissance Dam, Ethiopian government websites have been hacked by the Egypt-based hackers in June 2020.

Europe

Cyprus

The New York Times published an exposé revealing an extensive three-year phishing campaign aimed against diplomats based in Cyprus. After accessing the state system the hackers had access to the European Union's entire exchange database. By login into Coreu, hackers accessed communications linking all EU states, on both sensitive and not so sensitive matters. The event exposed poor protection of routine exchanges among European Union officials and a coordinated effort from a foreign entity to spy on another country. "After over a decade of experience countering Chinese cyberoperations and extensive technical analysis, there is no doubt this campaign is connected to the Chinese government", said Blake Darche, one of the Area 1 Security experts – the company revealing the stolen documents. The Chinese Embassy in the US did not return calls for comment. In 2019, another coordinated effort took place that allowed hackers to gain access to government (gov.cy) emails. Cisco's Talos Security Department revealed that "Sea Turtle" hackers carried out a broad piracy campaign in the DNS countries, hitting 40 different organizations, including Cyprus.

Estonia

In April 2007, Estonia came under cyber attack in the wake of relocation of the Bronze Soldier of Tallinn. The largest part of the attacks were coming from Russia and from official servers of the authorities of Russia. In the attack, ministries, banks, and media were targeted. This attack on Estonia, a seemingly small Baltic state, was so effective because of how most of Estonian government services are run online. Estonia has implemented an e-government, where banking services, political elections, taxes, and other components of a modern society are now all done online.

France

See also: Global surveillance disclosures (2013–present)

In 2013, the French Minister of Defense, Mr Jean-Yves Le Drian, ordered the creation of a cyber army, representing its fourth national army corps (along with ground, naval and air forces) under the French Ministry of Defense, to protect French and European interests on its soil and abroad. A contract was made with French firm EADS (Airbus) to identify and secure its main elements susceptible to cyber threats. In 2016 France had planned 2600 "cyber-soldiers" and a 440 million euros investment for cybersecurity products for this new army corps. An additional 4400 reservists constitute the heart of this army from 2019.

Germany

See also: Global surveillance disclosures (2013–present)

In 2013, Germany revealed the existence of their 60-person Computer Network Operation unit. The German intelligence agency, BND, announced it was seeking to hire 130 "hackers" for a new "cyber defence station" unit. In March 2013, BND president Gerhard Schindler announced that his agency had observed up to five attacks a day on government authorities, thought mainly to originate in China. He confirmed the attackers had so far only accessed data and expressed concern that the stolen information could be used as the basis of future sabotage attacks against arms manufacturers, telecommunications companies and government and military agencies. Shortly after Edward Snowden leaked details of the U.S. National Security Agency's cyber surveillance system, German Interior Minister Hans-Peter Friedrich announced that the BND would be given an additional budget of 100 million Euros to increase their cyber surveillance capability from 5% of total internet traffic in Germany to 20% of total traffic, the maximum amount allowed by German law.

Netherlands

See also: Global surveillance disclosures (2013–present)

In the Netherlands, Cyber Defense is nationally coordinated by the National Cyber Security Centrum [nl] (NCSC). The Dutch Ministry of Defense laid out a cyber strategy in 2011. The first focus is to improve the cyber defense handled by the Joint IT branch (JIVC). To improve intel operations, the intel community in the Netherlands (including the military intel organization, MIVD) has set up the Joint Sigint Cyber Unit (JSCU). The Ministry of Defense oversees an offensive cyber force, called Defensive Cyber Command (DCC).

Norway

See also: Global surveillance disclosures (2013–present)

Russia

Main article: Cyberwarfare in Russia See also: Cozy Bear

It has been claimed that Russian security services organized a number of denial of service attacks as a part of their cyber-warfare against other countries, most notably the 2007 cyberattacks on Estonia and the 2008 cyberattacks on Russia, South Ossetia, Georgia, and Azerbaijan. One identified young Russian hacker said that he was paid by Russian state security services to lead hacking attacks on NATO computers. He was studying computer sciences at the Department of the Defense of Information. His tuition was paid for by the FSB. Russian, South Ossetian, Georgian and Azerbaijani sites were attacked by hackers during the 2008 South Ossetia War.

In October 2016, Jeh Johnson the United States Secretary of Homeland Security and James Clapper the U.S. Director of National Intelligence issued a joint statement accusing Russia of interfering with the 2016 United States presidential election. The New York Times reported the Obama administration formally accused Russia of stealing and disclosing Democratic National Committee emails. Under U.S. law (50 U.S.C.Title 50 – War and National Defense, Chapter 15 – National Security, Subchapter III Accountability for Intelligence Activities) there must be a formal Presidential finding prior to authorizing a covert attack. Then U.S. vice president Joe Biden said on the American news interview program Meet The Press that the United States will respond. The New York Times noted that Biden's comment "seems to suggest that Mr. Obama is prepared to order – or has already ordered – some kind of covert action".

Sweden

In January 2017, Sweden's armed forces were subjected to a cyber-attack that caused them to shutdown a so-called Caxcis IT system used in military exercises.

Ukraine

According to CrowdStrike from 2014 to 2016, the Russian APT Fancy Bear used Android malware to target the Ukrainian Army's Rocket Forces and Artillery. They distributed an infected version of an Android app whose original purpose was to control targeting data for the D-30 Howitzer artillery. The app, used by Ukrainian officers, was loaded with the X-Agent spyware and posted online on military forums. The attack was claimed by Crowd-Strike to be successful, with more than 80% of Ukrainian D-30 Howitzers destroyed, the highest percentage loss of any artillery pieces in the army (a percentage that had never been previously reported and would mean the loss of nearly the entire arsenal of the biggest artillery piece of the Ukrainian Armed Forces). According to the Ukrainian army this number is incorrect and that losses in artillery weapons "were way below those reported" and that these losses "have nothing to do with the stated cause".

In 2014, the Russians were suspected to use a cyber weapon called "Snake", or "Ouroboros," to conduct a cyber attack on Ukraine during a period of political turmoil. The Snake tool kit began spreading into Ukrainian computer systems in 2010. It performed Computer Network Exploitation (CNE), as well as highly sophisticated Computer Network Attacks (CNA).

On 23 December 2015 the Black-Energy malware was used in a cyberattack on Ukraine's power-grid that left more than 200,000 people temporarily without power. A mining company and a large railway operator were also victims of the attack.

Ukraine saw a massive surge in cyber attacks during the 2022 Russian invasion of Ukraine. Several websites belonging to Ukrainian banks and government departments became inaccessible.

United Kingdom

See also: Global surveillance disclosures (2013–present)

MI6 reportedly infiltrated an Al Qaeda website and replaced the instructions for making a pipe bomb with the recipe for making cupcakes.

In October 2010, Iain Lobban, the director of the Government Communications Headquarters (GCHQ), said the UK faces a "real and credible" threat from cyber attacks by hostile states and criminals and government systems are targeted 1,000 times each month, such attacks threatened the UK's economic future, and some countries were already using cyber assaults to put pressure on other nations.

On 12 November 2013, financial organizations in London conducted cyber war games dubbed "Waking Shark 2" to simulate massive internet-based attacks against bank and other financial organizations. The Waking Shark 2 cyber war games followed a similar exercise in Wall Street.

Middle East

Iran

Main article: Cyberwarfare by Iran See also: Iranian Cyber Army Further information: Operation Olympic Games, Operation Ababil, Operation Cleaver, and Operation Newscaster

Iran has been both victim and perpetrator of several cyberwarfare operations. Iran is considered an emerging military power in the field.

Flag of Cyber Police (FATA) of Islamic Republic of Iran

In September 2010, Iran was attacked by the Stuxnet worm, thought to specifically target its Natanz nuclear enrichment facility. It was a 500-kilobyte computer worm that infected at least 14 industrial sites in Iran, including the Natanz uranium-enrichment plant. Although the official authors of Stuxnet haven't been officially identified, Stuxnet is believed to be developed and deployed by the United States and Israel. The worm is said to be the most advanced piece of malware ever discovered and significantly increases the profile of cyberwarfare.

Iranian Cyber Police department, FATA, was dismissed one year after its creation in 2011 because of the arrest and death of Sattar Behesti, a blogger, in the custody of FATA. Since then, the main responsible institution for the cyberwarfare in Iran is the "Cyber Defense Command" operating under the Joint Staff of Iranian Armed Forces.

The Iranian state sponsored group MuddyWater is active since at least 2017 and is responsible for many cyber attacks on various sectors.

Israel

In the 2006 war against Hezbollah, Israel alleges that cyber-warfare was part of the conflict, where the Israel Defense Forces (IDF) intelligence estimates several countries in the Middle East used Russian hackers and scientists to operate on their behalf. As a result, Israel attached growing importance to cyber-tactics, and became, along with the U.S., France and a couple of other nations, involved in cyber-war planning. Many international high-tech companies are now locating research and development operations in Israel, where local hires are often veterans of the IDF's elite computer units. Richard A. Clarke adds that "our Israeli friends have learned a thing or two from the programs we have been working on for more than two decades."

In September 2007, Israel carried out an airstrike on a suspected nuclear reactor in Syria dubbed Operation Orchard. U.S. industry and military sources speculated that the Israelis may have used cyberwarfare to allow their planes to pass undetected by radar into Syria.

Following US President Donald Trump's decision to pull out of the Iran nuclear deal in May 2018, cyber warfare units in the United States and Israel monitoring internet traffic out of Iran noted a surge in retaliatory cyber attacks from Iran. Security firms warned that Iranian hackers were sending emails containing malware to diplomats who work in the foreign affairs offices of US allies and employees at telecommunications companies, trying to infiltrate their computer systems.

Saudi Arabia

On 15 August 2012 at 11:08 am local time, the Shamoon virus began destroying over 35,000 computer systems, rendering them inoperable. The virus used to target the Saudi government by causing destruction to the state owned national oil company Saudi Aramco. The attackers posted a pastie on PasteBin.com hours prior to the wiper logic bomb occurring, citing oppression and the Al-Saud regime as a reason behind the attack.

Pastie announcing attack against Saudi Aramco by a group called Cutting Sword of Justice

The attack was well staged according to Chris Kubecka, a former security advisor to Saudi Aramco after the attack and group leader of security for Aramco Overseas. It was an unnamed Saudi Aramco employee on the Information Technology team which opened a malicious phishing email, allowing initial entry into the computer network around mid-2012.

Shamoon 1 attack timeline against Saudi Aramco

Kubecka also detailed in her Black Hat USA talk Saudi Aramco placed the majority of their security budget on the ICS control network, leaving the business network at risk for a major incident. The virus has been noted to have behavior differing from other malware attacks, due to the destructive nature and the cost of the attack and recovery. US Defense Secretary Leon Panetta called the attack a "Cyber Pearl Harbor". Shamoon can spread from an infected machine to other computers on the network. Once a system is infected, the virus continues to compile a list of files from specific locations on the system, upload them to the attacker, and erase them. Finally the virus overwrites the master boot record of the infected computer, making it unusable. The virus has been used for cyber warfare against the national oil companies Saudi Aramco and Qatar's RasGas.

Saudi Aramco announced the attack on their Facebook page and went offline again until a company statement was issued on 25 August 2012. The statement falsely reported normal business was resumed on 25 August 2012. However a Middle Eastern journalist leaked photographs taken on 1 September 2012 showing kilometers of petrol trucks unable to be loaded due to backed business systems still inoperable.

Tanker trucks unable to be loaded with gasoline due to Shamoon attacks

On 29 August 2012 the same attackers behind Shamoon posted another pastie on PasteBin.com, taunting Saudi Aramco with proof they still retained access to the company network. The post contained the username and password on security and network equipment and the new password for the CEO Khalid Al- Falih The attackers also referenced a portion of the Shamoon malware as further proof in the pastie.

According to Kubecka, in order to restore operations. Saudi Aramco used its large private fleet of aircraft and available funds to purchase much of the world's hard drives, driving the price up. New hard drives were required as quickly as possible so oil prices were not affected by speculation. By 1 September 2012 gasoline resources were dwindling for the public of Saudi Arabia 17 days after the 15 August attack. RasGas was also affected by a different variant, crippling them in a similar manner.

Qatar

In March 2018 American Republican fundraiser Elliott Broidy filed a lawsuit against Qatar, alleging that Qatar's government stole and leaked his emails in order to discredit him because he was viewed "as an impediment to their plan to improve the country's standing in Washington." In May 2018, the lawsuit named Mohammed bin Hamad bin Khalifa Al Thani, brother of the Emir of Qatar, and his associate Ahmed Al-Rumaihi, as allegedly orchestrating Qatar's cyber warfare campaign against Broidy. Further litigation revealed that the same cybercriminals who targeted Broidy had targeted as many as 1,200 other individuals, some of whom are also "well-known enemies of Qatar" such as senior officials of the U.A.E., Egypt, Saudi Arabia, and Bahrain. While these hackers almost always obscured their location, some of their activity was traced to a telecommunication network in Qatar.

United Arab Emirates

The United Arab Emirates has launched several cyber-attacks in the past targeting dissidents. Ahmed Mansoor, an Emirati citizen, was jailed for sharing his thoughts on Facebook and Twitter. He was given the code name Egret under the state-led covert project called Raven, which spied on top political opponents, dissidents, and journalists. Project Raven deployed a secret hacking tool called Karma, to spy without requiring the target to engage with any web links.

In September 2021, three of the former American intelligence officers, Marc Baier, Ryan Adams, and Daniel Gericke, admitted to assisting the UAE in hacking crimes by providing them with advanced technology and violating US laws. Under a three-year deferred prosecution agreement with the Justice Department, the three defendants also agreed to pay nearly $1.7 million in fines to evade prison sentences. The court documents revealed that the Emirates hacked into the computers and mobile phones of dissidents, activists, and journalists. They also attempted to break into the systems of the US and rest of the world.

North America

United States

Main article: Cyberwarfare in the United States See also: Global surveillance disclosures (2013–present)

Cyberwarfare in the United States is a part of the American military strategy of proactive cyber defence and the use of cyberwarfare as a platform for attack. The new United States military strategy makes explicit that a cyberattack is casus belli just as a traditional act of war.

U.S. government security expert Richard A. Clarke, in his book Cyber War (May 2010), had defined "cyberwarfare" as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption." The Economist describes cyberspace as "the fifth domain of warfare," and William J. Lynn, U.S. Deputy Secretary of Defense, states that "as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare . . . has become just as critical to military operations as land, sea, air, and space."

When Russia was still a part of the Soviet Union in 1982, a portion of a Trans-Siberia pipeline within its territory exploded, allegedly due to a Trojan Horse computer malware implanted in the pirated Canadian software by the Central Intelligence Agency. The malware caused the SCADA system running the pipeline to malfunction. The "Farewell Dossier" provided information on this attack, and wrote that compromised computer chips would become a part of Soviet military equipment, flawed turbines would be placed in the gas pipeline, and defective plans would disrupt the output of chemical plants and a tractor factory. This caused the "most monumental nonnuclear explosion and fire ever seen from space." However, the Soviet Union did not blame the United States for the attack.

In 2009, president Barack Obama declared America's digital infrastructure to be a "strategic national asset," and in May 2010 the Pentagon set up its new U.S. Cyber Command (USCYBERCOM), headed by General Keith B. Alexander, director of the National Security Agency (NSA), to defend American military networks and attack other countries' systems. The EU has set up ENISA (European Union Agency for Network and Information Security) which is headed by Prof. Udo Helmbrecht and there are now further plans to significantly expand ENISA's capabilities. The United Kingdom has also set up a cyber-security and "operations centre" based in Government Communications Headquarters (GCHQ), the British equivalent of the NSA. In the U.S. however, Cyber Command is only set up to protect the military, whereas the government and corporate infrastructures are primarily the responsibility respectively of the Department of Homeland Security and private companies.

On 19 June 2010, United States Senator Joe Lieberman (I-CT) introduced a bill called "Protecting Cyberspace as a National Asset Act of 2010", which he co-wrote with Senator Susan Collins (R-ME) and Senator Thomas Carper (D-DE). If signed into law, this controversial bill, which the American media dubbed the "Kill switch bill", would grant the president emergency powers over parts of the Internet. However, all three co-authors of the bill issued a statement that instead, the bill " existing broad presidential authority to take over telecommunications networks".

In August 2010, the U.S. for the first time warned publicly about the Chinese military's use of civilian computer experts in clandestine cyber attacks aimed at American companies and government agencies. The Pentagon also pointed to an alleged China-based computer spying network dubbed GhostNet which was revealed in a 2009 research report.

On 6 October 2011, it was announced that Creech AFB's drone and Predator fleet's command and control data stream had been keylogged, resisting all attempts to reverse the exploit, for the past two weeks. The Air Force issued a statement that the virus had "posed no threat to our operational mission".

On 21 November 2011, it was widely reported in the U.S. media that a hacker had destroyed a water pump at the Curran-Gardner Township Public Water District in Illinois. However, it later turned out that this information was not only false, but had been inappropriately leaked from the Illinois Statewide Terrorism and Intelligence Center.

In June 2012 the New York Times reported that president Obama had ordered the cyber attack on Iranian nuclear enrichment facilities.

In August 2012, USA Today reported that the US conducted cyberattacks for tactical advantage in Afghanistan.

According to a 2013 Foreign Policy magazine article, NSA's Tailored Access Operations (TAO) unit "has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People's Republic of China."

In 2014, Barack Obama ordered an intensification of cyberwarfare against North Korea's missile program for sabotaging test launches in their opening seconds. On 24 November 2014, Sony Pictures Entertainment hack was a release of confidential data belonging to Sony Pictures Entertainment (SPE).

In 2016 President Barack Obama authorized the planting of cyber weapons in Russian infrastructure in the final weeks of his presidency in response to Moscow's interference in the 2016 presidential election. On 29 December 2016 United States imposed the most extensive sanctions against Russia since the Cold War, expelling 35 Russian diplomats from the United States.

Economic sanctions are the most frequently used the foreign policy instruments by the United States today Thus, it is not surprising to see that economic sanctions are also used as counter policies against cyberattacks. According to Onder (2021), economic sanctions are also information gathering mechanisms for the sanctioning states about the capabilities of the sanctioned states.

In March 2017, WikiLeaks published more than 8,000 documents on the CIA. The confidential documents, codenamed Vault 7 and dated from 2013 to 2016, include details on CIA's software capabilities, such as the ability to compromise cars, smart TVs, web browsers (including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera Software ASA), and the operating systems of most smartphones (including Apple's iOS and Google's Android), as well as other operating systems such as Microsoft Windows, macOS, and Linux.

In June 2019, the New York Times reported that American hackers from the United States Cyber Command planted malware potentially capable of disrupting the Russian electrical grid.

The United States topped the world in terms of cyberwarfare intent and capability, according to Harvard University's Belfer Center Cyber 2022 Power Index, above China, Russia, the United Kingdom and Australia.

In June 2023, the National Security Agency and Apple were accused by the Russian Federal Security Service (FSB) of compromising thousands of iPhones, including those of diplomats from China, Israel, NATO members, and Syria. Kaspersky Lab said many of its senior staff and managers were also hit by the ongoing attack, which it first suspected in early 2023. The oldest traces of infiltration date back to 2019. Kaspersky Lab said it had not shared the findings with Russian authorities until the FSB announcement.

Cyber mercenary

See also: Fancy Bear, Cozy Bear, Sandworm (hacker group), Lazarus Group, and Iranian Cyber Army

A cyber mercenary is a non-state actor that carries out cyber attacks for Nation states for hire. State actors can use the cyber mercenaries as a front to try and distance themselves from the attack with plausible deniability.

Cyberpeace

See also: Cyberweapon § Control and disarmament

The rise of cyber as a warfighting domain has led to efforts to determine how cyberspace can be used to foster peace. For example, the German civil rights panel FIfF runs a campaign for cyberpeace − for the control of cyberweapons and surveillance technology and against the militarization of cyberspace and the development and stockpiling of offensive exploits and malware. Measures for cyberpeace include policymakers developing new rules and norms for warfare, individuals and organizations building new tools and secure infrastructures, promoting open source, the establishment of cyber security centers, auditing of critical infrastructure cybersecurity, obligations to disclose vulnerabilities, disarmament, defensive security strategies, decentralization, education and widely applying relevant tools and infrastructures, encryption and other cyberdefenses.

The topics of cyber peacekeeping and cyber peacemaking have also been studied by researchers, as a way to restore and strengthen peace in the aftermath of both cyber and traditional warfare.

Cyber counterintelligence

Cyber counter-intelligence are measures to identify, penetrate, or neutralize foreign operations that use cyber means as the primary tradecraft methodology, as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions.

  • On 7 April 2009, The Pentagon announced they spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems.
  • On 1 April 2009, U.S. lawmakers pushed for the appointment of a White House cyber security "czar" to dramatically escalate U.S. defenses against cyber attacks, crafting proposals that would empower the government to set and enforce security standards for private industry for the first time.
  • On 9 February 2009, the White House announced that it will conduct a review of the country's cyber security to ensure that the Federal government of the United States cyber security initiatives are appropriately integrated, resourced and coordinated with the United States Congress and the private sector.
  • In the wake of the 2007 cyberwar waged against Estonia, NATO established the Cooperative Cyber Defence Centre of Excellence (CCD CoE) in Tallinn, Estonia, in order to enhance the organization's cyber defence capability. The center was formally established on 14 May 2008, and it received full accreditation by NATO and attained the status of International Military Organization on 28 October 2008. Since Estonia has led international efforts to fight cybercrime, the United States Federal Bureau of Investigation says it will permanently base a computer crime expert in Estonia in 2009 to help fight international threats against computer systems.
  • In 2015, the Department of Defense released an updated cyber strategy memorandum detailing the present and future tactics deployed in the service of defense against cyberwarfare. In this memorandum, three cybermissions are laid out. The first cybermission seeks to arm and maintain existing capabilities in the area of cyberspace, the second cybermission focuses on prevention of cyberwarfare, and the third cybermission includes strategies for retaliation and preemption (as distinguished from prevention).

One of the hardest issues in cyber counterintelligence is the problem of cyber attribution. Unlike conventional warfare, figuring out who is behind an attack can be very difficult.

Doubts about existence

In October 2011 the Journal of Strategic Studies, a leading journal in that field, published an article by Thomas Rid, "Cyber War Will Not Take Place" which argued that all politically motivated cyber attacks are merely sophisticated versions of sabotage, espionage, or subversion – and that it is unlikely that cyber war will occur in the future.

Legal perspective

NIST, a cybersecurity framework, was published in 2014 in the US.

The Tallinn Manual, published in 2013, is an academic, non-binding study on how international law, in particular the jus ad bellum and international humanitarian law, apply to cyber conflicts and cyber warfare. It was written at the invitation of the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence by an international group of approximately twenty experts between 2009 and 2012.

The Shanghai Cooperation Organisation (members of which include China and Russia) defines cyberwar to include dissemination of information "harmful to the spiritual, moral and cultural spheres of other states". In September 2011, these countries proposed to the UN Secretary General a document called "International code of conduct for information security".

In contrast, the United approach focuses on physical and economic damage and injury, putting political concerns under freedom of speech. This difference of opinion has led to reluctance in the West to pursue global cyber arms control agreements. However, American General Keith B. Alexander did endorse talks with Russia over a proposal to limit military attacks in cyberspace. In June 2013, Barack Obama and Vladimir Putin agreed to install a secure Cyberwar-Hotline providing "a direct secure voice communications line between the US cybersecurity coordinator and the Russian deputy secretary of the security council, should there be a need to directly manage a crisis situation arising from an ICT security incident" (White House quote).

A Ukrainian international law scholar, Alexander Merezhko, has developed a project called the International Convention on Prohibition of Cyberwar in Internet. According to this project, cyberwar is defined as the use of Internet and related technological means by one state against the political, economic, technological and information sovereignty and independence of another state. Professor Merezhko's project suggests that the Internet ought to remain free from warfare tactics and be treated as an international landmark. He states that the Internet (cyberspace) is a "common heritage of mankind".

On the February 2017 RSA Conference Microsoft president Brad Smith suggested global rules – a "Digital Geneva Convention" – for cyber attacks that "ban the nation-state hacking of all the civilian aspects of our economic and political infrastructures". He also stated that an independent organization could investigate and publicly disclose evidence that attributes nation-state attacks to specific countries. Furthermore, he said that the technology sector should collectively and neutrally work together to protect Internet users and pledge to remain neutral in conflict and not aid governments in offensive activity and to adopt a coordinated disclosure process for software and hardware vulnerabilities. A fact-binding body has also been proposed to regulate cyber operations.

In popular culture

In films

Main category: Films about cyberwarfare
Documentaries
Main category: Documentary films about cyberwarfare
  • Hacking the Infrastructure: Cyber Warfare (2016) by Viceland
  • Cyber War Threat (2015)
  • Darknet, Hacker, Cyberwar (2017)
  • Zero Days (2016)
  • The Perfect Weapon (2020)

In television

  • "Cancelled", an episode of the animated sitcom South Park
  • Series 2 of COBRA, a British thriller series, revolves around a sustained campaign of cyberwar against the United Kingdom and the British government's response to it.

See also

References

  1. Singer, P. W.; Friedman, Allan (March 2014). Cybersecurity and cyberwar : what everyone needs to know. Oxford. ISBN 9780199918096. OCLC 802324804.{{cite book}}: CS1 maint: location missing publisher (link)
  2. "Cyberwar – does it exist?". NATO. 13 June 2019. Retrieved 10 May 2019.
  3. Smith, Troy E. (2013). "Cyber Warfare: A Misrepresentation of the True Cyber Threat". American Intelligence Journal. 31 (1): 82–85. ISSN 0883-072X. JSTOR 26202046.
  4. Lucas, George (2017). Ethics and Cyber Warfare: The Quest for Responsible Security in the Age of Digital Warfare. Oxford. p. 6. ISBN 9780190276522.{{cite book}}: CS1 maint: location missing publisher (link)
  5. "Advanced Persistent Threat Groups". FireEye. Retrieved 10 May 2019.
  6. "APT trends report Q1 2019". securelist.com. 30 April 2019. Retrieved 10 May 2019.
  7. "GCHQ". www.gchq.gov.uk. Retrieved 10 May 2019.
  8. "Who are the cyberwar superpowers?". World Economic Forum. 4 May 2016. Retrieved 24 June 2021.
  9. ^ Cyber warfare : a multidisciplinary analysis. Green, James A., 1981–. London. 7 November 2016. ISBN 9780415787079. OCLC 980939904.{{cite book}}: CS1 maint: location missing publisher (link) CS1 maint: others (link)
  10. Newman, Lily Hay (6 May 2019). "What Israel's Strike on Hamas Hackers Means For Cyberwar". Wired. ISSN 1059-1028. Retrieved 10 May 2019.
  11. Liptak, Andrew (5 May 2019). "Israel launched an airstrike in response to a Hamas cyberattack". The Verge. Retrieved 10 May 2019.
  12. ^ Robinson, Michael; Jones, Kevin; Helge, Janicke (2015). "Cyber Warfare Issues and Challenges". Computers and Security. 49: 70–94. doi:10.1016/j.cose.2014.11.007. Retrieved 7 January 2020.
  13. ^ Shakarian, Paulo; Shakarian, Jana; Ruef, Andrew (2013). Introduction to cyber-warfare: a multidisciplinary approach. Amsterdam: Morgan Kaufmann Publishers – Elsevier. p. 2. ISBN 9780124079267. OCLC 846492852.
  14. ^ Clarke, Richard A. Cyber War, HarperCollins (2010) ISBN 9780061962233
  15. Blitz, James (1 November 2011). "Security: A huge challenge from China, Russia and organised crime". Financial Times. Archived from the original on 6 June 2015. Retrieved 6 June 2015.
  16. Arquilla, John (1999). "Can information warfare ever be just?". Ethics and Information Technology. 1 (3): 203–212. doi:10.1023/A:1010066528521. S2CID 29263858.
  17. Parks, Raymond C.; Duggan, David P. (September 2011). "Principles of Cyberwarfare". IEEE Security Privacy. 9 (5): 30–35. doi:10.1109/MSP.2011.138. ISSN 1558-4046. S2CID 17374534.
  18. Taddeo, Mariarosaria (19 July 2012). An analysis for a just cyber warfare. International Conference on Cyber Conflict (ICCC). Estonia: IEEE.
  19. "Implications of Privacy & Security Research for the Upcoming Battlefield of Things". Journal of Information Warfare. 17 (4). 2018. Retrieved 6 December 2019.
  20. ^ "Latest viruses could mean 'end of the world as we know it,' says the man who discovered Flame", The Times of Israel, 6 June 2012
  21. ^ "White House Cyber Czar: 'There Is No Cyberwar'". Wired, 4 March 2010
  22. Deibert, Ron (2011). "Tracking the emerging arms race in cyberspace". Bulletin of the Atomic Scientists. 67 (1): 1–8. doi:10.1177/0096340210393703. S2CID 218770788.
  23. "What limits does the law of war impose on cyber attacks?". International Committee of the Red Cross. 28 June 2013. Retrieved 8 November 2022.
  24. Kello, Lucas (2017). The Virtual Weapon and International Order. New Haven, Connecticut: Yale University Press. pp. 77–79. ISBN 9780300220230.
  25. "The Politics of Cyberspace: Grasping the Danger". The Economist. London. 26 August 2017.
  26. Popp, George; Canna, Sarah (Winter 2016). "The Characterization and Conditions of the Gray Zone" (PDF). NSI, Inc. Archived (PDF) from the original on 5 September 2021.
  27. Kello, Lucas (2022). Striking Back: The End of Peace in Cyberspace and How to Restore It. New Haven, Connecticut: Yale University Press. p. 218. ISBN 9780300246681.
  28. "US 'launched cyber-attack on Iran weapons systems'". BBC News. 23 June 2019. Retrieved 9 August 2019.
  29. Barnes, Julian E.; Gibbons-Neff, Thomas (22 June 2019). "U.S. Carried Out Cyberattacks on Iran". The New York Times. ISSN 0362-4331. Retrieved 9 August 2019.
  30. "Executive Order – "Blocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities"". The White House. 1 April 2015. Retrieved 19 June 2021.
  31. "Sanctions Programs and Country Information". U.S. Department of the Treasury. Retrieved 19 June 2021.
  32. "Cyber Sanctions". United States Department of State. Retrieved 19 June 2021.
  33. Ratcliffe, John (18 May 2016). "Text – H.R.5222 – 114th Congress (2015–2016): Iran Cyber Sanctions Act of 2016". United States Congress. Retrieved 19 June 2021.
  34. Weinberger, Sharon (4 October 2007). "How Israel Spoofed Syria's Air Defense System". Wired.
  35. "Cyber espionage bug attacking Middle East, but Israel untouched — so far", The Times of Israel, 4 June 2013
  36. "A Note on the Laws of War in Cyberspace" Archived 7 November 2015 at the Wayback Machine, James A. Lewis, April 2010
  37. "Cyberwarfare". The New York Times. ISSN 0362-4331. Retrieved 21 March 2021.
  38. Rayman, Noah (18 December 2013). "Merkel Compared NSA To Stasi in Complaint To Obama". Time. Retrieved 1 February 2014.
  39. Devereaux, Ryan; Greenwald, Glenn; Poitras, Laura (19 May 2014). "Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas". The Intercept. First Look Media. Archived from the original on 21 May 2014. Retrieved 21 May 2014.
  40. Schonfeld, Zach (23 May 2014). "The Intercept Wouldn't Reveal a Country the U.S. Is Spying On, So WikiLeaks Did Instead". Newsweek. Retrieved 26 May 2014.
  41. Bodmer, Kilger, Carpenter, & Jones (2012). Reverse Deception: Organized Cyber Threat Counter-Exploitation. New York: McGraw-Hill Osborne Media. ISBN 0071772499, ISBN 978-0071772495
  42. Sanders, Sam (4 June 2015). "Massive Data Breach Puts 4 Million Federal Employees' Records at Risk". NPR. Retrieved 5 June 2015.
  43. Liptak, Kevin (4 June 2015). "U.S. government hacked; feds think China is the culprit". CNN. Retrieved 5 June 2015.
  44. Liptak, Kevin (20 June 2015). "Hacking Diplomatic Cables Is Expected. Exposing Them Is Not". Wired. Retrieved 22 June 2019.
  45. Gupta, S.C. (8 November 2022). 151 Essays. Vol. 1 (1st ed.). Australia. p. 231.{{cite book}}: CS1 maint: location missing publisher (link)
  46. "Clarke: More defense needed in cyberspace" Archived 24 March 2012 at the Wayback Machine HometownAnnapolis.com, 24 September 2010
  47. "Malware Hits Computerized Industrial Equipment". The New York Times, 24 September 2010
  48. Singer, P.W.; Friedman, Allan (2014). Cybersecurity and Cyberwar: What Everyone Needs to Know. Oxford: Oxford University Press. p. 156. ISBN 978-0-19-991809-6.
  49. Gross, Michael L.; Canetti, Daphna; Vashdi, Dana R. (2016). "The psychological effects of cyber terrorism". The Bulletin of the Atomic Scientists. 72 (5): 284–291. Bibcode:2016BuAtS..72e.284G. doi:10.1080/00963402.2016.1216502. ISSN 0096-3402. PMC 5370589. PMID 28366962.
  50. "Understanding Denial-of-Service Attacks | CISA". us-cert.cisa.gov. Archived from the original on 18 March 2021. Retrieved 10 October 2020.
  51. Lewis, Sherryn Groch, Felicity (4 November 2022). "The internet is run under the sea. What if the cables are cut?". The Sydney Morning Herald. Retrieved 8 November 2022.{{cite web}}: CS1 maint: multiple names: authors list (link)
  52. Shiels, Maggie. (9 April 2009) BBC: Spies 'infiltrate US power grid'. BBC News. Retrieved 8 November 2011.
  53. Meserve, Jeanne (8 April 2009). "Hackers reportedly have embedded code in power grid". CNN. Retrieved 8 November 2011.
  54. "US concerned power grid vulnerable to cyber-attack" Archived 30 October 2020 at the Wayback Machine. In.reuters.com (9 April 2009). Retrieved 8 November 2011.
  55. Gorman, Siobhan. (8 April 2009) Electricity Grid in U.S. Penetrated By Spies. The Wall Street Journal. Retrieved 8 November 2011.
  56. NERC Public Notice. (PDF). Retrieved 8 November 2011.
  57. Xinhua: China denies intruding into the U.S. electrical grid. 9 April 2009
  58. ABC News: Video. ABC News. (20 April 2009). Retrieved 8 November 2011.
  59. Buchan, Russell (2012). "Cyber Attacks: Unlawful Uses of Force or Prohibited Interventions?". Journal of Conflict and Security Law. 17 (2): 211–227. doi:10.1093/jcsl/krs014. ISSN 1467-7954. JSTOR 26296227.
  60. Halpern, Micah (22 April 2015). "Iran Flexes Its Power by Transporting Turkey to the Stone Age". Observer.
  61. ^ "How Not To Prevent a Cyberwar With Russia". Wired. 18 June 2019.
  62. "Russian military admits significant cyber-war effort". bbc.com. 21 February 2017.
  63. Ajir, Media; Vailliant, Bethany (2018). "Russian Information Warfare: Implications for Deterrence Theory". Strategic Studies Quarterly. 12 (3): 70–89. ISSN 1936-1815. JSTOR 26481910.
  64. Carter, Nicholas (22 January 2018). "Dynamic Security Threats and the British Army". RUSI. Archived from the original on 29 March 2018. Retrieved 30 January 2018.
  65. Cowen, Tyler (2006). "Terrorism as Theater: Analysis and Policy Implications". Public Choice. 128 (1/2): 233–244. doi:10.1007/s11127-006-9051-y. ISSN 0048-5829. JSTOR 30026642. S2CID 155001568.
  66. "NotPetya: virus behind global attack 'masquerades' as ransomware but could be more dangerous, researchers warn". 28 June 2017. Archived from the original on 19 September 2020. Retrieved 11 August 2020.
  67. "NotPetya ransomware outbreak cost Merck more than $300M per quarter". TechRepublic. Retrieved 11 July 2018.
  68. Perlroth, Nicole; Scott, Mark; Frenkel, Sheera (27 June 2017). "Cyberattack Hits Ukraine Then Spreads Internationally". The New York Times. Retrieved 11 July 2018.
  69. Elhais, Hassan Elhais-Dr Hassan (21 November 2021). "What is the impact of ransomware on financial crime compliance in the UAE?". Lexology. Retrieved 8 November 2022.
  70. Palmer, Robert Kenneth. "Critical Infrastructure: Legislative Factors for Preventing a Cyber-Pearl Harbor." Va. JL & Tech. 18 (2013): 289.
  71. Molfino, Emily (2012). "Viewpoint: Cyberterrorism: Cyber "Pearl Harbor" is Imminent". In Costigan, Sean S.; Perry, Jake (eds.). Cyberspaces and Global Affairs. Routledge. p. 75. ISBN 978-1-4094-2754-4.
  72. Arquilla, John (27 July 2009). "Click, click... counting down to cyber 9/11". SFGate. Archived from the original on 1 March 2012. Retrieved 15 May 2019. (Link at SFGate)
  73. Magee, Clifford S. (Marine Corps Command and Staff College. Quantico VA) (Third Quarter 2013). "Awaiting the Cyber 9/11" (PDF). Joint Force Quarterly (70). NDU Press: 76–82.
  74. Gaycken, Sandro (2010). "Cyberwar – Das Internet als Kriegsschauplatz". {{cite journal}}: Cite journal requires |journal= (help)
  75. "Careers in the Military". www.careersinthemilitary.com. Retrieved 8 November 2022.
  76. ^ "Cyber-War Nominee Sees Gaps in Law", The New York Times, 14 April 2010
  77. Cyber ShockWave Shows U.S. Unprepared For Cyber Threats Archived 19 July 2013 at the Wayback Machine. Bipartisanpolicy.org. Retrieved 8 November 2011.
  78. Drogin, Bob (17 February 2010). "In a doomsday cyber attack scenario, answers are unsettling". Los Angeles Times.
  79. Ali, Sarmad (16 February 2010). "Washington Group Tests Security in 'Cyber ShockWave'". The Wall Street Journal.
  80. Cyber ShockWave CNN/BPC wargame: was it a failure? Archived 23 February 2010 at the Wayback Machine. Computerworld (17 February 2010). Retrieved 8 November 2011.
  81. Steve Ragan Report: The Cyber ShockWave event and its aftermath Archived 22 July 2011 at the Wayback Machine. The Tech Herald. 16 February 2010
  82. Lee, Andy (1 May 2012). "International Cyber Warfare: Limitations and Possibilities". Archived 27 March 2012 at the Wayback Machine Jeju Peace Institute.
  83. "Azerbaijani hackers broke into over 90 armenian websites – VIDEO". Azerbaycan24. 27 September 2020.
  84. Giles, Christopher (26 October 2020). "Nagorno-Karabakh: The Armenian-Azeri 'information wars'". BBC.
  85. "Become a Naval Cyber Warfare Engineer (CWE) : Navy.com". www.navy.com.
  86. Pedersen, Frederik A H; Jacobsen, Jeppe T (2024). "Narrow windows of opportunity: the limited utility of cyber operations in war". Journal of Cybersecurity. 10 (1). doi:10.1093/cybsec/tyae014. ISSN 2057-2085.
  87. ^ Lin, Tom C. W. (14 April 2016). "Financial Weapons of War". Minnesota Law Review. 100: 1377–1440. SSRN 2765010.
  88. Denning, D. E. (2008). The ethics of cyber conflict. The Handbook of Information and Computer Ethics. 407–429.
  89. Kenney, Michael (2015). "Cyber-Terrorism in a Post-Stuxnet World". Orbis. 59 (1): 111–128. doi:10.1016/j.orbis.2014.11.009.
  90. "North Korea took $2 billion in cyberattacks to fund weapons..." Reuters. 5 August 2019. Retrieved 9 August 2019.
  91. "North Korea 'stole $2bn via cyber-attacks'". 7 August 2019. Retrieved 9 August 2019.
  92. "Google Attack Is Tip Of Iceberg", McAfee Security Insights, 13 January 2010
  93. "Financially Motivated Threats – cyber.uk". cyber.uk. Retrieved 8 November 2022.
  94. hoffmacd (18 April 2010). "U.S. Needs New National Strategy in Era of Cyberaggression, UC Paper Concludes". UC News. Retrieved 6 March 2022.
  95. "Advanced threat actors engaged in cyberespionage in APAC up their game in new campaign". www.kaspersky.com. 26 May 2021. Retrieved 8 November 2022.
  96. "Cyber-war gaming: A cybersecurity tabletop exercise". SearchSecurity. Retrieved 8 November 2022.
  97. ^ "Locked Shields". ccdcoe.org. Retrieved 7 August 2019.
  98. "Agency leads NATO team in tough cyber exercise". www.ncia.nato.int. Retrieved 7 August 2019.
  99. Allison, George (11 April 2019). "NATO takes part in international cyber security exercise". UK Defence Journal. Retrieved 7 August 2019.
  100. "CCDCOE". ccdcoe.org. Retrieved 7 August 2019.
  101. Boffey, Daniel (27 June 2019). "EU to run war games to prepare for Russian and Chinese cyber-attacks". The Guardian. ISSN 0261-3077. Retrieved 7 August 2019.
  102. Wheeler, Caroline; Shipman, Tim; Hookham, Mark (7 October 2018). "UK war-games cyber attack on Moscow". The Sunday Times. ISSN 0956-1382. Retrieved 8 August 2019.
  103. Detrixhe, John (7 October 2018). "The UK is practicing cyberattacks that could black out Moscow". Quartz. Retrieved 8 August 2019.
  104. "Public servants prepare for cyber attacks at inaugural war games". ABC News. 19 September 2017. Retrieved 8 November 2022.
  105. Government-sponsored cyberattacks on the rise, McAfee says Archived 17 June 2013 at the Wayback Machine. Network World (29 November 2007). Retrieved 8 November 2011.
  106. ^ "How China will use cyber warfare to leapfrog in military competitiveness". Culture Mandala: The Bulletin of the Centre for East-West Cultural and Economic Studies. Vol. 8, no. 1 October 2008. p. 42. Archived from the original on 10 March 2011. Retrieved 15 January 2013.
  107. "How China will use cyber warfare to leapfrog in military competitiveness". Culture Mandala: The Bulletin of the Centre for East-West Cultural and Economic Studies. Vol. 8, no. 1 October 2008. p. 43. Archived from the original on 10 March 2011. Retrieved 15 January 2013.
  108. "China's Hacker Army". Foreign Policy. 3 March 2010.
  109. "US embassy cables: China uses access to Microsoft source code to help plot cyber warfare, US fears". The Guardian. London. 4 December 2010. Retrieved 31 December 2010.
  110. "China to make mastering cyber warfare A priority (2011)". NPR. Retrieved 15 January 2013.
  111. Barrett, Devlin (5 June 2015). "U.S. Suspects Hackers in China Breached About four (4) Million People's Records, Officials Say". The Wall Street Journal. Retrieved 5 June 2015.
  112. "U.S. gov't hack may be four (4) times larger than first reported". 22 June 2015.
  113. Sanders, Sam (4 June 2015). "Massive Data Breach Puts 4 Million Federal Employees' Records at Risk". NPR.
  114. Finkle, Jim (3 August 2011). "State actor seen in "enormous" range of cyber attacks". Reuters. Retrieved 3 August 2011.
  115. O'Flaherty, Kate. "Marriott Breach – What Happened, How Serious Is It And Who Is Impacted?". Forbes. Retrieved 12 December 2018.
  116. "Starwood Reservation Database Security Incident". answers.kroll.com. Retrieved 12 December 2018.
  117. Sanger, David E.; Perlroth, Nicole; Thrush, Glenn; Rappeport, Alan (11 December 2018). "Marriott Data Breach Is Traced to Chinese Hackers as U.S. Readies Crackdown on Beijing". The New York Times. ISSN 0362-4331. Retrieved 12 December 2018.
  118. "Marriott hotel cyber attack linked to Chinese spy agency". The Independent. 12 December 2018. Retrieved 12 December 2018.
  119. "Marriott cyberattack traced to Chinese hackers". Axios. 12 December 2018. Retrieved 12 December 2018.
  120. Hurst, Daniel; Kuo, Lily; Graham-McLay, Charlotte (14 September 2020). "Zhenhua Data leak: personal details of millions around world gathered by China tech company". The Guardian. Retrieved 14 September 2020.
  121. "National Enterprise Credit Information Publicity System". GSXT. Retrieved 16 September 2020.
  122. Graham, Ben (13 September 2020). "Zhenhua Data: 35,000 Aussies being spied on by China as part of 'psychological war'". News.com.au. Archived from the original on 17 September 2020. Retrieved 16 September 2020.
  123. "Philippines wards off cyber attacks from China-based hackers". Yahoo News. 5 February 2024. Retrieved 5 February 2024.
  124. https://www.reuters.com/world/uk/uk-has-taken-military-database-offline-after-hack-reports-says-minister-2024-05-07/
  125. ^ "Beware of the bugs: Can cyber attacks on India's critical infrastructure be thwarted?". BusinessToday. Retrieved 15 January 2013.
  126. "National Critical Information Infrastructure Protection Centre". National Critical Information Infrastructure Protection Centre. 8 November 2022. Retrieved 8 November 2022.
  127. Poornima, B. (August 2022). "Cyber Threats and Nuclear Security in India". Journal of Asian Security and International Affairs. 9 (2): 183–206. doi:10.1177/23477970221099748. ISSN 2347-7970. S2CID 249831452.
  128. "5 lakh cyber warriors to bolster India's e-defence". The Times of India. India. 16 October 2012. Archived from the original on 26 January 2013. Retrieved 18 October 2012.
  129. "36 government sites hacked by 'Indian Cyber Army'". The Express Tribune. Retrieved 8 November 2011.
  130. "Hacked by 'Pakistan cyber army', CBI website still not restored". Ndtv.com (4 December 2010). Retrieved 8 November 2011.
  131. Pauli, Darren. "Copy paste slacker hackers pop corp locks in ode to stolen code". The Register.
  132. "APT Group 'Patchwork' Cuts-and-Pastes a Potent Attack". Threatpost. 7 July 2016. Retrieved 2 January 2017.
  133. Pandit, Rajat (16 May 2019). "Agencies take shape for special operations, space, cyber war | India News – Times of India". The Times of India. Retrieved 15 July 2019.
  134. "White paper" (PDF). f-secure.com.
  135. Sudworth, John. (9 July 2009) "New cyberattacks hit South Korea". BBC News. Retrieved 8 November 2011.
  136. Williams, Martin. UK, Not North Korea, Source of DDOS Attacks, Researcher Says Archived 17 August 2009 at the Wayback Machine. PC World.
  137. "28c3: Security Log Visualization with a Correlation Engine". YouTube. 29 December 2011. Archived from the original on 21 December 2021. Retrieved 4 November 2017.
  138. "SK Hack by an Advanced Persistent Threat" (PDF). Command Five Pty Ltd. Retrieved 24 September 2011.
  139. Lee, Se Young. "South Korea raises alert after hackers attack broadcasters, banks". Global Post. Retrieved 6 April 2013.
  140. Kim, Eun-jung (April 2013). "S. Korean military to prepare with U.S. for cyber warfare scenarios". Yonhap News Agency. Retrieved 6 April 2013.
  141. "An Egyptian cyber attack on Ethiopia by hackers is the latest strike over the Grand Dam". Quartz. 27 June 2020.
  142. "The Ethiopian-Egyptian Water War Has Begun". Foreign Policy. 22 September 2020.
  143. David E Sanger Hacked European Cables Reveal a World of Anxiety About Trump, Russia and Iran, New York Times (2018).
  144. Lily Hay Newman, Hacking Diplomatic Cables Is Expected. Exposing Them Is Not, Wired (2018).
  145. Michalis Michael, Major and successful hackers' attack in Cyprus Archived 29 July 2020 at the Wayback Machine, BalkanEU (2019).
  146. "War in the fifth domain. Are the mouse and keyboard the new weapons of conflict?". The Economist. 1 July 2010. Retrieved 2 July 2010.
  147. Estonia accuses Russia of 'cyber attack'. The Christian Science Monitor. (17 May 2007). Retrieved 8 November 2011.
  148. Ian Traynor, "Russia accused of unleashing cyberwar to disable Estonia", The Guardian, 17 May 2007
  149. Boyd, Clark. (17 June 2010) "Cyber-war a growing threat warn experts". BBC News. Retrieved 8 November 2011.
  150. Scott J. Shackelford, From Nuclear War to Net War: Analogizing Cyber Attacks in International Law, 27 Berkeley J. Int'l Law. 192 (2009).
  151. "Bienvenue sur Atlantico.fr – Atlantico.fr". www.atlantico.fr. Archived from the original on 5 January 2019. Retrieved 5 January 2019.
  152. "Terre, Air, Mer, Cyber ? La 4ème armée entre coup de com et réalités". 13 October 2014. Archived from the original on 24 September 2020. Retrieved 1 June 2018.
  153. "Vers une cyber-armée française ?". France Culture. 29 January 2013.
  154. Nouvelle, L'Usine (13 December 2016). "Pourquoi la France se dote d'une cyber-armée – Défense". Usinenouvelle.com/ – via www.usinenouvelle.com.
  155. "L'armée française consolide son commandement cyber". Le Monde. 12 December 2016.
  156. "Germany's 60-person Computer Network Operation (CNO) unit has been practicing for cyber war for years". Archived from the original on 15 June 2013.
  157. "Hackers wanted to man front line in cyber war" Archived 29 May 2013 at the Wayback Machine, The Local, 24 March 2013
  158. "Germany to invest 100 million euros on internet surveillance: report" Archived 1 November 2013 at the Wayback Machine, Kazinform, 18 June 2013
  159. "National Cyber Security Centrum – NCSC". 14 May 2013.
  160. "Defensie Cyber Strategie". Retrieved 11 August 2020.
  161. "Cyber commando". 29 March 2017.
  162. Cyberspace and the changing nature of warfare Archived 3 December 2008 at the Wayback Machine. Strategists must be aware that part of every political and military conflict will take place on the internet, says Kenneth Geers.
  163. "www.axisglobe.com". Archived from the original on 17 August 2016. Retrieved 1 August 2016.
  164. Andrew Meier, Black Earth. W. W. Norton & Company, 2003, ISBN 0-393-05178-1, pages 15–16.
  165. Danchev, Dancho (11 August 2008). "Coordinated Russia vs Georgia cyberattack". ZDNet. Archived from the original on 12 December 2008. Retrieved 25 November 2008.
  166. "Joint Statement from the Department of Homeland Security and Office of the Director of National Intelligence on Election Security". Department of Homeland Security and Office of the Director of National Intelligence on Election Security. 7 October 2016. Retrieved 15 October 2016.
  167. "U.S. Says Russia Directed Hacks to Influence Elections". NYT. 7 October 2016.
  168. "Presidential approval and reporting of covert actions". gpo.gov. United States Code. Retrieved 16 October 2016.
  169. "VP Biden Promises Response to Russian Hacking". NBC News Meet the Press. 14 October 2016.
  170. "Biden Hints at U.S. Response to Russia for Cyberattacks". NYT. 15 October 2016.
  171. Ringstrom, Anna (25 January 2017). Goodman, David (ed.). "Swedish forces exposed to extensive cyber attack: Dagens Nyheter". Reuters. Archived from the original on 25 January 2017.
  172. Ukraine's military denies Russian hack attack Archived 7 January 2017 at the Wayback Machine , Yahoo! News (6 January 2017)
  173. "Danger Close: Fancy Bear Tracking of Ukrainian Field Artillery Units". CrowdStrike. 22 December 2016.
  174. Defense ministry denies reports of alleged artillery losses because of Russian hackers' break into software, Interfax-Ukraine (6 January 2017)
  175. Mazanec, Brain M. (2015). The Evolution of Cyber War. USA: University of Nebraska Press. pp. 221–222. ISBN 9781612347639.
  176. "BlackEnergy malware activity spiked in runup to Ukraine power grid takedown". The Register. Retrieved 26 December 2016.
  177. "Ukraine crisis: 'Wiper' discovered in latest cyber-attacks". BBC News. 24 February 2022. Retrieved 24 February 2022.
  178. "Al Qaeda rocked by apparent cyberattack. But who did it?". The Chris Science Monitor. 4 April 2012.
  179. Britain faces serious cyber threat, spy agency head warns. The Globe and Mail (13 October 2010). Retrieved 8 November 2011.
  180. "Attack the City: why the banks are 'war gaming'". 13 November 2013.
  181. "Wall Street banks learn how to survive in staged cyber attack". Reuters. 21 October 2013.
  182. "Iran's military is preparing for cyber warfare". Flash//CRITIC Cyber Threat News. 16 September 2013. Retrieved 18 March 2015.
  183. Denning, Dorothy E. (16 July 2012). "Stuxnet: What Has Changed?". Future Internet. 4 (3): 672–687. doi:10.3390/fi4030672.
  184. AFP (1 October 2010). Stuxnet worm brings cyber warfare out of virtual world. Google. Retrieved 8 November 2011.
  185. Ralph Langner: Cracking Stuxnet, a 21st-century cyber weapon | Video on Archived 1 February 2014 at the Wayback Machine. Ted.com. Retrieved 8 November 2011.
  186. Lakshmanan, Ravie (10 March 2022). "Iranian Hackers Targeting Turkey and Arabian Peninsula in New Malware Campaign". thehackernews.
  187. "Israel Adds Cyber-Attack to IDF", Military.com, 10 February 2010
  188. "IAEA: Syria tried to build nuclear reactor". Ynetnews. Associated Press. 28 April 2011. Retrieved 5 March 2022.
  189. Fulghum, David A. "Why Syria's Air Defenses Failed to Detect Israelis", Aviation Week & Space Technology, 3 October 2007. Retrieved 3 October 2007.
  190. Fulghum, David A. "Israel used electronic attack in air strike against Syrian mystery target Archived 21 May 2011 at the Wayback Machine", Aviation Week & Space Technology, 8 October 2007. Retrieved 8 October 2007.
  191. Perlroth, Nicole (12 May 2018). "Without the nuclear deal, Iranian cyber attacks resume". The Sydney Morning Herald.
  192. "Pastie: 'Untitled'". 15 August 2012. Cutting Sword of Justice. Retrieved 3 November 2017.
  193. "Jose Pagliery:The inside story of the biggest hack in history". CNN Money. 5 August 2015. Retrieved 15 May 2019.
  194. ^ Kubecka, Christina (29 December 2015). "How to Implement IT Security after a Cyber Meltdown" (PDF). Retrieved 3 November 2017. (Video on YouTube-archive)
  195. Bumiller, Elisabeth; Shanker, Thom (11 October 2012). "Elisabeth Bumiller and Thom Shanker: Panetta Warns of Dire Threat of Cyberattack on U.S." The New York Times. Retrieved 3 November 2017.
  196. ^ "The Shamoon Attacks". Symantec. 16 August 2012. Retrieved 19 August 2012.
  197. "Jose Pagliery: The inside story of the biggest hack in history". 5 August 2015. Retrieved 19 August 2012.
  198. Harper, Michael (31 August 2012). "RedOrbit: Energy Company RasGas Is Infected with Shamoon Virus".
  199. "Shamoon virus attacks Saudi oil company". Digital Journal. 18 August 2012. Retrieved 19 August 2012.
  200. "Shamoon virus targets energy sector infrastructure". BBC News. 17 August 2012. Retrieved 19 August 2012.
  201. "Saudi Aramco hug, another one". 29 August 2012. Retrieved 3 November 2017.
  202. "Shamoon Attackers Employ New Tool Kit to Wipe Infected Systems". McAfee Blog. 19 December 2018. Retrieved 8 November 2022.
  203. "Youtube – Chris Kubecka: How to Implement IT Security after a Cyber Meltdown". YouTube. 3 August 2015. Retrieved 3 November 2017.
  204. "GOP Fundraiser Sues Qatar Over Stolen Emails". The Wall Street Journal. 26 March 2018.
  205. "GOP Fundraiser Elliott Broidy Expands Suit Alleging Qatar-Backed Hacking". The Wall Street Journal. 25 May 2018.
  206. "Hackers Went After a Now-Disgraced G.O.P. Fund-Raiser. Now He Is After Them". The New York Times. 20 September 2018.
  207. "UAE: Activist Ahmed Mansoor sentenced to 10 years in prison for social media posts". Amnesty International. 31 May 2018. Retrieved 31 May 2018.
  208. "Inside the UAE's secret hacking team of American mercenaries". Reuters. Retrieved 30 January 2019.
  209. Mazzetti, Mark; Goldman, Adam (14 September 2021). "Ex-U.S. Intelligence Officers Admit to Hacking Crimes in Work for Emiratis". The New York Times. Archived from the original on 28 December 2021. Retrieved 14 September 2021.
  210. American Forces Press Service: Lynn Explains U.S. Cybersecurity Strategy. Defense.gov. Retrieved 8 November 2011.
  211. "Pentagon to Consider Cyberattacks Acts of War". The New York Times. 31 May 2011
  212. ^ "Cyberwar: War in the Fifth Domain" Economist, 1 July 2010
  213. Lynn, William J. III. "Defending a New Domain: The Pentagon's Cyberstrategy", Foreign Affairs, Sept/Oct. 2010, pp. 97–108
  214. Markoff, John (26 October 2009). "Old Trick Threatens the Newest Weapons (Published 2009)". The New York Times. ISSN 0362-4331. Retrieved 22 October 2020.
  215. Mazanec, Brain M. (2015). The Evolution of Cyber War. USA: University of Nebraska Press. pp. 235–236. ISBN 9781612347639.
  216. A Bill. To amend the Homeland Security Act of 2002 and other laws to enhance the security and resiliency of the cyber and communications infrastructure of the United States.. Senate.gov. 111th Congress 2D Session
  217. Senators Say Cybersecurity Bill Has No 'Kill Switch' Archived 21 September 2012 at archive.today, Information Week, 24 June 2010. Retrieved 25 June 2010.
  218. ANNUAL REPORT TO CONGRESS Military and Security Developments Involving the People's Republic of China 2010. US Defense Department (PDF). Retrieved 8 November 2011.
  219. "AP: Pentagon takes aim at China cyber threat". Archived from the original on 23 August 2010. Retrieved 11 August 2020.
  220. U.S. drone and predator fleet is being keylogged. Wired, October 2011. Retrieved 6 October 2011
  221. Hennigan, W.J. "Air Force says drone computer virus poses 'no threat'". Los Angeles Times, 13 October 2011.
  222. Schwartz, Mathew J. (21 November 2011). "Hacker Apparently Triggers Illinois Water Pump Burnout". InformationWeek. Archived from the original on 24 January 2012. Retrieved 1 December 2011.
  223. Zetter, Kim (30 November 2011). "Exclusive: Comedy of Errors Led to False 'Water-Pump Hack' Report". Wired.
  224. Sanger, David E. "Obama Order Sped Up Wave of Cyberattacks Against Iran." The New York Times, 1 June 2012.
  225. Satter, Raphael. "US general: We hacked the enemy in Afghanistan.". Associated Press, 24 August 2012.
  226. "U.S. NSA Unit 'TAO' Hacking China For Years". Business Insider. 11 June 2013
  227. "Secret NSA hackers from TAO Office have been pwning China for nearly 15 years". Computerworld. 11 June 2013.
  228. Sanger, David E.; Broad, William J. (4 March 2017). "Trump Inherits a Secret Cyberwar Against North Korean Missiles". The New York Times. Retrieved 4 March 2017.
  229. Greg Miller, Ellen Nakashima, Adam Entous: Obama's secret struggle to retaliate against Putin's election interference, Washington Post, 23. June 2017
  230. Lee, Carol E.; Sonne, Paul (30 December 2016). "U.S. Sanctions Russia Over Election Hacking; Moscow Threatens to Retaliate". The Wall Street Journal.
  231. "U.S. imposes sanctions on Russia over election interference". CBS News. 29 December 2016. Retrieved 29 December 2016.
  232. "US expels 35 Russian diplomats, closes two compounds: report". DW.COM. 29 December 2016. Retrieved 29 December 2016.
  233. Onder, Mehmet (2020). "Regime Type, Issue Type and Economic Sanctions: The Role of Domestic Players". Economies. 8 (1): 2. doi:10.3390/economies8010002. hdl:10419/257052.
  234. Onder, Mehmet (2021). "Economic sanctions outcomes: An information-driven explanation" (PDF). Journal of International Studies. 14 (2): 38–57. doi:10.14254/2071-8330.2021/14-2/3. S2CID 244621961 – via ProQuest.
  235. Shane, Scott; Mazzetti, Mark; Rosenberg, Matthew (7 March 2017). "WikiLeaks Releases Trove of Alleged C.I.A. Hacking Documents". The New York Times. Retrieved 7 March 2017.
  236. Greenberg, Andy (7 March 2017). "How the CIA Can Hack Your Phone, PC, and TV (Says WikiLeaks)". WIRED. Retrieved 8 April 2017.
  237. Murdock, Jason (7 March 2017). "Vault 7: CIA hacking tools were used to spy on iOS, Android and Samsung smart TVs". International Business Times UK. Retrieved 8 April 2017.
  238. "WikiLeaks posts trove of CIA documents detailing mass hacking". CBS News. 7 March 2017. Retrieved 8 April 2017.
  239. "Vault 7: Wikileaks reveals details of CIA's hacks of Android, iPhone Windows, Linux, MacOS, and even Samsung TVs". Computing. 7 March 2017.
  240. ^ Faulconbridge, Guy (1 June 2023). "Russia says US hacked thousands of Apple phones in spy plot". Reuters.
  241. "Cyber Mercenaries: The Failures of Current Responses and the Imperative of International Collaboration".
  242. ^ Hofkirchner, Wolfgang; Burgin, Mark (24 January 2017). The Future Information Society: Social and Technological Problems. World Scientific. ISBN 9789813108981. Retrieved 22 May 2017.
  243. Grady, Mark F.; Parisi, Francesco (28 November 2005). The Law and Economics of Cybersecurity. Cambridge University Press. ISBN 9781139446969. Retrieved 22 May 2017.
  244. Robinson, Michael; Janicke, Helge; Jones, Kevin (2017). "An Introduction to Cyber Peacekeeping". arXiv:1710.09616 .
  245. Akatyev, Nikolay; James, Joshua (2015). "Cyber Peacekeeping". Digital Forensics and Cyber Crime. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Vol. 157. pp. 126–139. doi:10.1007/978-3-319-25512-5_10. ISBN 978-3-319-25511-8.
  246. Ramsbotham, Oliver; Miall, Hugh; Woodhouse, Tom (11 April 2011). Contemporary Conflict Resolution. Polity. ISBN 9780745649740. Retrieved 22 May 2017.
  247. "What are the challenges of cybersecurity in times of peace and war?". CyberPeace Institute. 19 July 2022. Retrieved 8 November 2022.
  248. DOD – Cyber Counterintelligence. Dtic.mil. Retrieved 8 November 2011.
  249. Pentagon Bill To Fix Cyber Attacks: ,0M. CBS News. Retrieved 8 November 2011.
  250. "Senate Legislation Would Federalize Cybersecurity". The Washington Post. Retrieved 8 November 2011.
  251. "White House Eyes Cyber Security Plan". CBS News (10 February 2009). Retrieved 8 November 2011.
  252. CCD COE – Cyber Defence Archived 31 May 2009 at the Wayback Machine. Ccdcoe.org. Retrieved 8 November 2011.
  253. Associated Press (11 May 2009) FBI to station cybercrime expert in Estonia. Boston Herald. Retrieved 8 November 2011.
  254. Lisa Lucile Owens, Justice and Warfare in Cyberspace, The Boston Review (2015), available at
  255. Reed, John. "Is the 'holy grail' of cyber security within reach?". Foreign Policy Magazine, 6 September 2012.
  256. Rid, Thomas (2012). "Cyber War Will Not Take Place". Journal of Strategic Studies. 35 (1): 5–32. doi:10.1080/01402390.2011.608939. S2CID 153828543.
  257. "Cybersecurity Framework". NIST. 13 March 2017. Archived from the original on 8 November 2022. Retrieved 8 November 2022.
  258. "Tallinn manual 2.0 on the international law applicable to cyber operations | WorldCat.org". www.worldcat.org. Retrieved 8 November 2022.
  259. Russian Embassy to the UK . Retrieved 25 May 2012.
  260. Gjelten, Tom (23 September 2010). "Seeing The Internet As An 'Information Weapon'". NPR. Retrieved 23 September 2010.
  261. Gorman, Siobhan. (4 June 2010) WSJ: U.S. Backs Talks on Cyber Warfare. The Wall Street Journal. Retrieved 8 November 2011.
  262. Sean Gallagher, US, Russia to install "cyber-hotline" to prevent accidental cyberwar, Arstechnica, 18 June 2013
  263. Український центр політичного менеджменту – Зміст публікації – Конвенция о запрещении использования кибервойны Archived 7 October 2011 at the Wayback Machine. Politik.org.ua. Retrieved 8 November 2011.
  264. "'Digital Geneva Convention' needed to deter nation-state hacking: Microsoft president". Reuters. 14 February 2017. Retrieved 20 February 2017.
  265. Kaspersky, Eugene. "A Digital Geneva Convention? A Great Idea". Forbes. Retrieved 20 February 2017.
  266. "Regulating the Use and Conduct of Cyber Operations: Challenges and a Fact-Finding Body Proposal", https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3540615 (2019/2020)
  267. Yuval Shany; Michael N. Schmittwebsite=Naval War College. "An International Attribution Mechanism for Hostile Cyber Operations". Retrieved 1 January 2024.
  268. "Darknet, Hacker, Cyberwar – Der geheime Krieg im Netz" (in German). Archived from the original on 4 April 2017. Retrieved 3 April 2017.

Further reading

Library resources about
Cyberwarfare

External links

Information security
Related security categories
vectorial version
vectorial version
Threats
Defenses
Global catastrophic risks
Technological
Sociological
Ecological
Climate change
Earth Overshoot Day
Biological
Extinction
Others
Astronomical
Eschatological
Others
Fictional
Organizations
General
Cyberwarfare by country
Categories: