Announcement

Collapse
No announcement yet.

Research on Cyber Warfare

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Research on Cyber Warfare

    Hi everyone, I've been lurking here for a few months, and I'm finally posting. A little bit of background - I am working on a bachelor's in Information Systems Security, and I want to get a Master's in Cyber Warfare afterward. For my Information Assurance class, I am writing a paper about "cyber warfare". I have already found several books, articles, government documents, case studies, etc. on the topic. I was just wondering if anyone had any resources they could contribute. I'm mainly looking for unclassified government documents, academic research, or any lesser-known books or publications that I may have missed. Some of the more comprehensive books on the topic are a bit dated and aren't as helpful as one would expect. I know a few books on "cyber warfare" are up for release in the next few months, but most of them will be released after the paper is due. I'm also open to articles in languages other than English. Thanks in advance for any help or suggestions!
    Last edited by AgentDarkApple; October 14, 2009, 14:56. Reason: To reflect what I've learned and to clarify the topic
    "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

  • #2
    Re: Research on Cyber Warfare

    I'd be happy to post some links to things, but since you are the one asking how about you start with some links to what you have found already? That way even more people can get the benefit of this thread.
    PGP Key: https://defcon.org/html/links/dtangent.html

    Comment


    • #3
      Re: Research on Cyber Warfare

      Originally posted by Dark Tangent View Post
      I'd be happy to post some links to things, but since you are the one asking how about you start with some links to what you have found already? That way even more people can get the benefit of this thread.
      I for one would love to take a look at what you've already come across, AgentDarkApple. I personally wouldn't be able to offer up much more than a Google search as far as what you're looking for, but I am interested on a non-professional level in Cyber Warfare research.
      "You have cubed asscheeks?"... "Do you not?"

      Comment


      • #4
        Re: Research on Cyber Warfare

        Thanks! Here is what I have so far. Some of this is directly about cyber warfare or the military's recent efforts to step up training for cyber warfare. Other sources point out vulnerabilities of what sorts of things could possibly become targets. This is only my first week of class, so I'm still early in the research phase. I only have limited access to most of the books, as I do not own a copy of many of them.

        Cyber Warfare/Information Warfare:

        Relevant Definitions (NSA site)- http://www.nsa.gov/about/faqs/terms_acronyms.shtml

        War 2.0- http://www.amazon.com/War-2-0-Irregu.../dp/0313364702

        Strategic Warfare in Cyber Space - http://www.amazon.com/Strategic-Warf...ref=pd_sim_b_1

        Cyber Warfare and Cyber Terrorism - http://www.amazon.com/Cyber-Warfare-...787112&sr=1-84

        Cyber Terrorism: Political and Economic Implications - http://www.amazon.com/Cyber-Terroris...ef=pd_sim_b_11

        Conquest in Cyberspace: National Security and Information Warfare - http://www.amazon.com/Conquest-Cyber...785375&sr=1-89

        The Nature of War in the Information Age: Clausewitzian Future - http://www.amazon.com/Nature-War-Inf...5327382&sr=8-1

        Unrestricted Warfare by Qiao Liang and Wang Xiangsui (old but still relevant)

        Study warns of Cyber Warfare - http://www.cnn.com/2009/US/08/17/cyb...are/index.html

        China - http://www.washingtontimes.com/news/...-cyberwarfare/
        - http://www.washingtontimes.com/news/...-race-with-us/

        Georgia & Russia - http://www.defensetech.org/archives/004363.html
        - http://www.popularmechanics.com/blog...s/4277603.html
        - http://www.pbs.org/newshour/bb/europ...war_08-13.html
        - http://news.bbc.co.uk/2/hi/europe/7559850.stm

        North Korea - http://www.scmagazineuk.com/North-Ko...rticle/136235/
        - http://www.cbsnews.com/stories/2009/...n5145967.shtml

        Israel - http://www1.cei.gov.cn/ce/doc/cenlx/200907150006.htm

        India, Israel, Pakistan- http://www.asiantribune.com/news/200...uclear-program

        US Govt agencies stepping up cyber security - http://www.sciencedaily.com/releases...0617123441.htm

        USAF cyber warfare training - http://www.wlox.com/Global/story.asp?S=11261989

        Pre-9/11 report to Congress on cyber warfare (need something more current) - http://www.fas.org/irp/crs/RL30735.pdf

        Command and control infrastructures - http://digital.cs.usu.edu/~erbacher/...olPoster-1.pdf

        PBS documentary - http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/

        NY Times cyberwar series -http://topics.nytimes.com/topics/fea...war/index.html

        List of links to more relevant information - http://staff.washington.edu/dittrich/cyberwarfare.html

        Vulnerabilities/Targets:

        Smart Grid - http://www.foxnews.com/story/0,2933,555367,00.html

        Critical Networks - http://www.sciencedaily.com/releases...1008113339.htm

        HEMP & HPM - http://www.scribd.com/doc/20517361/H...at-Assessments

        Note: I'll probably end up throwing in some stuff from my text books about cyber security, information assurance, etc. as well as some of the theories of war from Sun Tzu and Clausewitz that are relevant to cyber warfare.
        "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

        Comment


        • #5
          Re: Research on Cyber Warfare

          Might help if we know what your topic is other than 'cyber warfare'.

          For research I'd suggest getting outside of the cyber warfare field slightly for some perspective on things since cyber warfare is almost impossible to find materials not steeped in rhetoric, fear mongering and self serving interests (IMHO).

          The works of Bruce Schneier have been pretty good for that. Secrets and Lies comes to mind as it did alot to help me understand risk and threat in general and make my own decisions rather than someone else's opinions of it.

          Didn't see anything from Winn Schwartau on your list. Can't detail specific works since I usually get info straight from him.

          Any chance your paper will be shared after it's done?
          Never drink anything larger than your head!





          Comment


          • #6
            Re: Research on Cyber Warfare

            renderman, unless my professor makes me focus on a specific aspect, then the paper is going to include a broad overview of cyber warfare, a few examples of the threats and vulnerabilities involved (but I am trying to find very specific instances for this part), how information assurance applies to cyber warfare, and what measures can be taken or are being taken by the US to prepare itself for cyber warfare. Since it is for an Information Assurance class, I have to apply information assurance principles within the paper. I'll also try to keep up with posting any other relevant resources that I find, even if I don't use all of them in the paper. It would be cool if this turns into a resource for all members of the board who are interested in the topic. I will likely keep this information around and add to it throughout the year so I can base my senior seminar project (next year) on cyber warfare too.

            Thanks for recommending Secrets and Lies. I actually used some Schneier as a resource for an assignment last week. I will see what I can find from Winn Schwartau as well.

            I'll be glad to post my paper on here after it has been turned in and graded. Since my school uses turnitin.com, I don't want to risk posting it until after it is graded. The paper is due toward the end of November, as the semesters at my school are only 8 weeks long.
            "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

            Comment


            • #7
              Re: Research on Cyber Warfare

              Originally posted by renderman View Post
              Might help if we know what your topic is other than 'cyber warfare'.

              For research I'd suggest getting outside of the cyber warfare field slightly for some perspective on things since cyber warfare is almost impossible to find materials not steeped in rhetoric, fear mongering and self serving interests (IMHO).
              Here's your end all/be all definition of cyber-warfare. I'm sure it's completely accurate considering the source.

              I agree with you though. The term is more about instilling fear, than anything else. My own research into this has shown that most 'attacks' on infrastructure that have actually caused damage were from the inside, mostly disgruntled employees or ex-employees.

              Unless the media is just covering it up so we don't panic and set the couch on fire and spread jello on the floor. <We need a Tin Foil Beanie Icon>
              A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

              Comment


              • #8
                Re: Research on Cyber Warfare

                Haha streaker69 We're not allowed to use wikipedia, but hopefully the links at the bottom will lead me to some good stuff. I know a lot of the talk of cyber warfare is just hype right now, and it scares a lot of people since the majority of the US population relies heavily on technology but is otherwise not tech-savvy. However, I do know some people within the military who think it could become a really big deal. They seem to think that within the next few years, we will be dealing with large-scale attacks from "enemy" nations. That is why I'm looking for more sources from govt and military documents as well as from actual cyber security experts. We're allowed to speculate on the future of cyber warfare in the paper, as long as we have some legit documentation supporting it.

                I'll go ahead and post this before someone else does - here is a good satire of how one should write about cyber warfare http://neteffect.foreignpolicy.com/p..._10_easy_steps

                It's sad, but a lot of the stuff I've seen so far takes those angles.
                Last edited by AgentDarkApple; October 12, 2009, 06:48.
                "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

                Comment


                • #9
                  Re: Research on Cyber Warfare

                  I hate to toot this horn all the time on here, but if you look at internet turf wars between sub-groups on the internet, you might see a nice model for how cyber warfar might work. The *chans are constantly at war with other internet groups, themselves or other entities. http://insurgen.info/wiki/Main_Page is a good catalogue of these "exploits"
                  "As Arthur C Clarke puts it, "Any sufficiently advanced technology is indistinguishable from magic". Here is my corollary: "Any sufficiently technical expert is indistinguishable from a witch"."

                  Comment


                  • #10
                    Re: Research on Cyber Warfare

                    Might want to look at the cyber-initiatives in progress right now. I won't get into the merits of things like "AF Cyber Command", but they may be relevant for your paper if you want to google them.

                    Best of luck on getting that degree! A little paper goes a long ways.

                    Comment


                    • #11
                      Re: Research on Cyber Warfare

                      I was speaking at a conference a few weeks ago that was an energy and communications security con that drove me up the wall with the few talks I went to.

                      Most of the speakers were employees of vendors sponsoring the show and the first thing I noticed was that if not consciously, at least sub-consciously they were representing their company. Every talk was 'Here's why you need to deploy technology X in your infrastructure. Oh, and we happen to sell that product or consult on that'. They had a conflict of interest and were not helping the attendees much.

                      Most every vendor pushed the Aurora video of the generator self destructing as evident of the dire consequences of cyber warfare. I wanted to strangle them after the 3rd mention

                      On vendor whos talk I didn't attend unfortunately apparently mentioned me and several projects of mine as evidence of threats being local (which I have no issue with) but then apparently proceeded to provide solutions which wouldn't work as proof he and his company were capable of countering me. Well, it seems like he didn't know I was attending. The look on his face was priceless when I introduced myself later.

                      As that spoof article pointed out, riots and accidents are more a threat at the moment. Not that there is'nt risk of things being exacerbated by attackers, but I think the biggest threat right now is peoples complacency and lack of knowledge about how thier immediate world works and the inability to deal with a disaster.

                      Also something to consider, profit drives this industry. If there's no threat, there's no profit. It's very Orwellian in that you have an ever changing, faceless enemy that their products always seem to be the just in time solution. How much money would be saved over time if we re-invented the protocols causing the issues (or transitioning to secure ones) en mass. Not that attacks would stop, but it gives users the ability to do something about them before they are an epidemic issue.

                      Yes, I have had a few red bulls this morning, why do you ask...
                      Never drink anything larger than your head!





                      Comment


                      • #12
                        Re: Research on Cyber Warfare

                        Originally posted by AgentDarkApple View Post
                        Thanks for recommending Secrets and Lies. I actually used some Schneier as a resource for an assignment last week. I will see what I can find from Winn Schwartau as well.

                        I'll be glad to post my paper on here after it has been turned in and graded. Since my school uses turnitin.com, I don't want to risk posting it until after it is graded. The paper is due toward the end of November, as the semesters at my school are only 8 weeks long.
                        Winn's "Information Warfare" is dated, but I cut my teeth on it, as well as most of Schneier's works. ISBN for Winn's book is 1-56025-132-8. If you can't find it, I will lend my copy if you would like but I want it back. :-) If you would like to borrow it, pm me directly.

                        Would like to see your paper after it's turned in and graded.

                        Regards,

                        valkyrie
                        __________________________________________________
                        sapere aude

                        Comment


                        • #13
                          Re: Research on Cyber Warfare

                          renderman, I know a lot of companies (cyber security or otherwise) love to use scare tactics to get people to buy their products. That's hilarious that the guy cited you then didn't know you were anywhere around. I'm sure he felt like a moron later

                          That's why I'm looking for some help and advice here. I know you guys will help point me in the direction of expert, legit stuff and won't let me pass off a bunch of hyped-up crap as "research". I don't want my paper to be "The Eager Idiot's Guide to Cyber Warfare"
                          "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

                          Comment


                          • #14
                            Re: Research on Cyber Warfare

                            valkyrie, thanks for the generous offer, but I was able to find some places online that still sell the book.
                            "Why is it drug addicts and computer afficionados are both called users? " - Clifford Stoll

                            Comment


                            • #15
                              Re: Research on Cyber Warfare

                              Originally posted by AgentDarkApple View Post
                              That's why I'm looking for some help and advice here. I know you guys will help point me in the direction of expert, legit stuff and won't let me pass off a bunch of hyped-up crap as "research". I don't want my paper to be "The Eager Idiot's Guide to Cyber Warfare"
                              You can then follow it up with the "Dummys Guide to Cyber Warfare".

                              Scare tactics is a common selling technique and it's used anywhere things are sold. Much like the extended warranty scam that many places sell. Any time a sales stumpet comes in here and uses scare tactics for anything I normally starting being mean to them until they excuse themselves and leave.

                              Personally, I would not use 'cyber' in a paper at all, it sounds too hokey and too much hype already. That's what the uninformed use. You paper is basically about criminal hacking by foreign nation states. At least that's way I see it when you're going to use terms like 'warfare'. I doubt that the humans over a /b/ would even attempt to attack something that anyone really cared about like the power grid or water infrastructure as that would put the focus of the feds directly on them, and then I bet they'd find out how anonymous they're really not. So they can go ahead and play around with random people on the inturwebs.

                              As for attacking infrastructure by foreign nation states, the only system that would make any sense to attack is the power grid since it's interlinked, but things like water, sewer and gas are relatively disconnected from each other. Most of the evidence I've found on attacks on these systems has been internal. Now I don't count DDoS attacks as they're just an inconvenience and normally targeted against websites and not actually the control systems of the utility.

                              Edit: One more thing, even if there was an attack on the power grid, and someone ended up blacking out an area, I don't think it would cause that much wide spread panic. As an example, look at the North East blackout of I believe 2004. Several states went dark, PA didn't because the operators disconnected us from the grid when the cascade started, but even then there wasn't chaos. People went on with their lives, emergency services responded properly and nothing really bad happened.

                              Panic would only set in, if the media gets in there and starts hyping the event with talk of cyber warfare and attacks from other countries.
                              A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                              Comment

                              Working...
                              X