CYBERWAR: THE BATTLE OF A NEW FRONTIER

Cyberwar: The Battle of a New Frontier Edward S. Forde June 4, 2011

Email: edwardforde@gmail.com

CYBERWAR: THE BATTLE OF A NEW FRONTIER Cyberwar - The battle of a new frontier Table of Contents .....................................................................................P. 2 Abstract ....................................................................................................P. 3 Cyber Terms ............................................................................................P. 4 Introduction................................................................................................P. 8 Can Cybersecurity protect us in the cyberwar through cyberspace? ...........P. 9 Potential benefits and obstacles to overcome...........................................P. 10 Who should be in charge of cyber security? .............................................P. 11 Who are the likely cyber criminals? ..........................................................P. 12 What methods or tactics are they using? .....................................................P. 14 What impact does Cyberterrorism have on government, commercial and private companies? ............................................................................................. P. 16 Can Cyber Weapons be considered Weapons of Mass Disruption?.............P. 17 How can we fix our cyber defense? .......................................................... P. 18 Conclusion ................................................................................................ P. 23 References................................................................................................. P. 24

CYBERWAR: THE BATTLE OF A NEW FRONTIER Abstract

This research is a review of cyberwar and the Cybersecurity of cyberspace. Physical War has been around forever but our new enemy lurks out on the frontier of cyberspace. There is an overwhelming amount of articles pertaining to cyberspace and the cyberwar, but where do we mount our research for our Cybersecurity? Even though Cybersecurity is not only being fought by governments, it is being fought by universities, corporations, private businesses all the way down to the home users. Protecting our network defenses regardless if they are military or commercial, are vital to our daily growth and protection as a nation. As IT professionals, are we doing enough to protect our commercial businesses, government networks, private homes and employees from social networking, cyberattacks and cyber thugs? Providing our organizations with information assurance polices against this cyber war gives the Information Technology professional the availability, integrity, authentication, confidentiality, and non-repudiation to protect us in the battle of a new frontier. Keywords: cyber, war, Information Assurance, Defense in Depth, security, hacker

CYBERWAR: THE BATTLE OF A NEW FRONTIER Cyber Terms:

Cyber - A prefix used in a growing number of terms to describe new things that are being made possible by the spread of computers (Webopedia, 2011). Cyber Operator - working on behalf of a government wants to acquire a high priority technology or carry out a mission that serves his government's interests(Ruiz, 2011). Cyberpunk - a term loosely describing an antisocial individual conforming to a peculiar lifestyle characterized by an obsession with both computers and the dark side of the Internet (Steed, 2001). Cyberspace - the abstract, non-physical world made up of networked computers where people communicate, shop, study, research, play, socialize and other-wise interact (Steed, 2001). Cybertown - a virtual community set in the latter half of the 21st Century that may be accessed through the Netscape Web browser, Netscape Navigator (Steed, 2001). Cyber crime - encompasses any criminal act dealing with computers and networks (called hacking) (Webopedia, 2011). Cyber operator - working on behalf of a government wants to acquire a high priority technology or carry out a mission that serves his government's interests (Ruiz, 2011). Cyber Security - enables an organization to practice safe security techniques required to minimize the number of successful cyber security attacks (Techni Core, 2011). Cyber Terrorist - A cyber terrorist (which we haven't seen too many of yet) wants to cause chaos (Ruiz, 2011). Cyber Warrior - a Network Warfare and Ops Squadron fights battles 24/7 from a building in a nondescript office park here at Lackland Air Force Base (Munro, 2007).

CYBERWAR: THE BATTLE OF A NEW FRONTIER

Denial of service attacks (DoS) - are designed to lock out legitimate users from web sites or networks. Hackers run programs that repeatedly request information from the victim's computer until that computer is unable to answer any other requests. Hackers can run programs of automated scripts that barrage the victim computer or network so that it becomes unusable by legitimate users, or even has to be shut down. Distributed denial of service attacks (DDoS) - are automated attacks that run simultaneously from multiple computers. Hackers can plant Trojan horse programs on the computers of unsuspecting accomplices throughout the network or internet. At a given hour, all involved computers coordinate requests for information from the overloaded victim computer. DNS Spoofing - When you point your browser to randomsite.com, your computer will look up that entry in a massive directory called the Domain Name Service (DNS) database, and then send you to the appropriate site. Hacker - someone involved in computer security/insecurity, specializing in the discovery of exploits in systems (for exploitation or prevention), or in obtaining or preventing unauthorized access to systems through skills, tactics and detailed knowledge (Pursuit Magazine, 2010). Malware - software designed to infiltrate or damage a computer system without the owners informed consent. The term is a portmanteau of the words malicious and software (Pursuit Magazine, 2010). Packet Sniffers - were initially designed as a tool for system administrators to help debug networking problems. Essentially, they are devices which allow the user to intercept and interpret "packets" of information traversing a network. Any information

CYBERWAR: THE BATTLE OF A NEW FRONTIER

shared among a network of computers--username/password pairs, email, files being transferred--gets translated into "packets," which are sent out across the network. Phishing - is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. PayPal, eBay and online banks are common targets (Pursuit Magazine, 2010). Rootkit - a program (or combination of several programs) designed to take fundamental control (in UNIX terms root access, in Windows terms Administrator access) of a computer system, without authorization by the systems owners and legitimate managers. Access to the hardware (i.e., the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware (Pursuit Magazine, 2010). Social engineering - is a hacker term for deceiving or manipulating unwitting people into giving out information about a network or how to access it. Trojans horse programs - Trojans horse programs are "back doors" into a computer system. A hacker may disguise a Trojan as another program, video, or game, in order to trick a user into installing it on their system. Once a Trojan is installed, a hacker could have access to all the files on a hard drive, a system's email, or even to create messages that pop up on the screen. Trojans are often used to enable even more serious attacks. Web Defacements - hacker gains access to these files, he or she can replace or alter them in any way. The Republican National Committee, the CIA, and The New York

CYBERWAR: THE BATTLE OF A NEW FRONTIER

Times are just three of the highly publicized web page defacements over the past few years.

CYBERWAR: THE BATTLE OF A NEW FRONTIER Cyberwar: The Battle of a New Frontier

Introduction The battle of a new frontier is where you find most IT professionals fighting this cyberwar. Cybersecurity are measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack (Merriam-Webster, 2011). Protecting our businesses, employees, network defenses regardless if they are military or commercial, are vital to our daily growth and protection as a nation. All of our personal information is just sitting on commercial servers, databases and storage arrays. Even government defense information that could cripple our infrastructure is vulnerable to attacks. Cybersecurity requires everyone in the world to fight these emerging new threats. Cybersecurity is not only being fought by governments, it is being fought by universities, corporations, private businesses all the way down to the home users. Protecting our network defenses regardless if they are military or commercial, are vital to our daily growth and protection as a nation. All of our personal information is just sitting on commercial servers, databases and storage arrays. Even government defense information that could cripple our infrastructure is vulnerable to attacks. Organizations have a choice to protect themselves against cyberthreats. At one end of the continuum is the choice to do nothing: take your chances and hope for the best. At the other end is the company that locks down everything (Plfeeger and Ciszek 2008).

CYBERWAR: THE BATTLE OF A NEW FRONTIER Can Cybersecurity protect us in the cyberwar through cyberspace?

In this cyberwar, cyberspace is unlimited and our enemies have no faces that we can see at first glance. Policy, procedures and standards must be adhered to in order to combat these cyberpunks from penetrating our interior walls. Without standards, we have chaos. According to Techni Core (2011), "Cyber Security standards have been created due to the amount of sensitive information now stored on systems attached to the Internet (Cyber Security, para. 1). Techni Core (2011) also states that, Tasks that were once completed by hand are carried out by Information Systems; therefore, there is a need for Cyber Security and Information Assurance (IA) (Cyber Security, para. 1). According to the Headquarters Department of the Army (2007) Information Assurance policy mandates roles, responsibilities, and procedures for implementing the Army Information Assurance Program" (p. 1). Having these Information Assurance principles and polices in place, also ensures that private businesses, banks, electric and gas companies are protected from these cyber criminals, cyber terrorists and cyber operators. The National Information Systems Security (INFOSEC) (2000) states, Information Assurance is achieved when information and information systems are protected against such attacks through the application of security services such as: Availability, Integrity, Authentication, Confidentiality, and Non-Repudiation. In order to apply defense in depth techniques and put cyber security polices in place, you must have buy in from senior management. Without buy in from senior management, you will have a harder time guarding against cyber terrorism. Once you have the go ahead, these polices and techniques should include: security policy,

CYBERWAR: THE BATTLE OF A NEW FRONTIER

10

Information Assurance principles, system level Information Assurance architectures and standards, criteria for needed Information Assurance products, acquisition of products that have been validated by a reputable third party, configuration guidance, and processes for assessing the risk of the integrated systems (The National Information Systems Security (INFOSEC), 2000). Information technology professionals are their own worst enemies. They too should apply to their own standards maintain policies such as: Analog/ISDN/VoIP Line Policy, DMZ Lab Security Policy, Remote Access Policy, Router Security Policy, The Third Party Network Connection Agreements and a VPN Security Policy. Potential benefits and obstacles to overcome. From this research, it seems clear that keeping up with todays cyberwar is a hard task. Cyber crime grows faster than weeds and their tactics changes like the wind. Cyber warriors are even harder to come by because of the lack of training and skills. Since the Information Technology field is so vast, IT Specialists require a continuous updates to their education, certifications and knowledge. Without the updates, they will be obsolete to their duties at hand. To combat these cyber thugs, governments are training their cyber operators (a.k.a. cyber spooks) to use the Internet for espionage purposes (Pfanner, 2011). According to Lynn (2010), cyberwarfare is asymmetric. The low cost of computing devices means that U.S. adversaries do not have to build expensive weapons, such as stealth fighters or aircraft carriers, to pose a significant threat to U.S. military capabilities. A dozen determined computer programmers can, if they find a

CYBERWAR: THE BATTLE OF A NEW FRONTIER

11

vulnerability to exploit, threaten the United States' global logistics network, steal its operational plans, blind its intelligence capabilities, or hinder its ability to deliver weapons on target (Lynn, 2010, p.98). Cyber defense is just a piece of the pie for Cybersecurity. According to Saydiari (2004) we can define cyber defense from its component words. Cyber, short for cyberspace, refers to both networked infrastructure (computers, routers, hubs, switches, and firewalls) and the information assets (critical data on which an organization depends to carry out its mission) (p. 52). Defense is the act of making safe from attack. Therefore, cyber defense refers to an active process of dependably making critical function safe from attack (SAYDIARI, 2004). Who should be in charge of cyber security? Since all of these networks, computers, internet protocols, software and networking hardware are used by everyone; cybersecurity should not fall to one person, company or government agency, cyber security should on all parties and combat the issues together. But, this is an even harder task. Sharing of information is not a common practice between government and commercial entities. We do have software companies that release fixes that produced vulnerabilities, but what happens to those government agencies that find these vulnerabilities and choose to keep it from the public because they are now able to exploit their enemies defenses. That still leaves us and them vulnerable to other cyber criminals for exploitation. According to Zetter's (2009) article titled, NSA DOMINANCE OF CYBERSECURITY WOULD LEAD TO GRAVE PERIL, EX-CYBER CHIEF TELLS

CYBERWAR: THE BATTLE OF A NEW FRONTIER

12

CONGRESS, the intelligence community has always and will always prioritize its own collection efforts over the defensive and protection mission of our governments and nations digital systems. High levels of classification prevent the sharing of information necessary to adequately defend our systems and creates insurmountable hurdles when working with a broad range of government that lack appropriate clearances, no communication and partnership with the private sectors (Zetter, 2009). Sharing the responsibility of cyber initiatives with the cyber town is just like sharing the responsibility with the open source software community. It gives everyone an opportunity to communicate, find and repair the holes in our networks, computers an software packages, so we can mount a proper cyber defense. According to Wheeler (2003) The advantages of having source code open extends not just to software that is being attacked, but also extends to vulnerability assessment scanners and they should intentionally look for vulnerabilities in configured systems (p. 12). These same principles can apply to the sharing of resources and initiatives when it comes to fighting cyber crimes. Who are the likely cyber criminals? In order to understand who the cyber criminals are, you must also understand the differences in the various types of hackers. In Charles (2008) article, The type of hackers: Black Hat, White Hat or Grey Hat Hacker, Which Type are you?, states: a) A white hat hacker is a computer and network expert who attacks a

security system on behalf of its owners or as a hobby, seeking vulnerabilities that a malicious hacker could exploit. Instead of taking malicious advantage of exploits, a

CYBERWAR: THE BATTLE OF A NEW FRONTIER

13

white hat hacker notifies the system's owners to fix the breach before it is can be taken advantage of. b) A black hat is a person who compromises the security of a computer

system without permission from an authorized party, typically with malicious intent. A black hat will maintain knowledge of the vulnerabilities and exploits they find for a private advantage, not revealing them to the public or the manufacturer for correction. c) A grey hat is a skilled hacker who sometimes will act legally and other

times may not. They are a cross between white hat and black hat hackers. They usually do not hack for personal gain or have malicious intentions, but may or may not occasionally commit crimes during the course of their technological exploits (Charles, 2008). The type of cyber criminals we have been focusing on in this research are known as black hats, crackers and hackers. In the world of cyberspace we will not see airplanes crashing into buildings or bombs exploding on trains but we could see human and economic consequences that are very much on par with traditional acts of terrorism (Chertoff, 2008). In the world of cyberspace, we will see the cyber criminals, hackers, cyber operators from other governments that wish to infiltrate, steal and cause chaos. Computers at the Pentagon, since 9/11 attacks, have been attacked by attempted intrusions estimated at 100,000 times a year (Marshall, 2010). Google announced in January of this year, that they were pulling out of China because of a highly sophisticated and targeted attack on their corporate infrastructure originating from China that resulted in the theft of intellectual property from Google (Marshall, 2010).

CYBERWAR: THE BATTLE OF A NEW FRONTIER

14

All criminals pursue the path of least resistance More than half of all computer breaches occur in the retail and food and beverage industries, which have fewer Cybersecurity safeguards than, for example, the financial services sector, which handles vast amounts of money and generally has sophisticated safeguards (see figure 1) (Marshall, 2010). By hacking these computer systems enables the hackers to use those computers as zombies to penetrate other computers.

Figure 1 (Marshall, 2010).

What methods or tactics are cyber criminals using? Some network security attacks are listed below (Weng and Qin, 2007): a) b) c) Email Based Network Security Attacks Logon Abuse Attacks Spoofing Attacks

CYBERWAR: THE BATTLE OF A NEW FRONTIER d) e) f) g)

15

Intrusion Attacks (Vlachos, Androutsellis-Theotokis and Spinellis). Denial of Service (DoS) Network Security Attacks Worms & Trojans Web page defacing

These cyber criminals have been known to use malware, launching of phishing attacks, rootkits and viruses to penetrate our defenses. They don't always have to use a computer's front or back door in order to get in; they use deceit like social engineering to obtain personnel information that allows them sometimes faster and deeper access on our networks. One of the most notorious hacker of all time that used a lot of social engineering was Kevin Mitnick. He was considered the most famous hackers of all time. He has over twenty years of experience circumventing information security measures and has successfully breached information security at the IRS and the Social Security Administration using social engineering techniques (Frontline, 2001). In 2008, the U.S. Department of Defense suffered a significant compromise of its classified military computer networks. It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East (Lynn, 2010, p.98). Gen. Keith Alexander, director, National Security Agency Commander, U.S. Cyber Command was quoted saying, "that the U.S. military is responsible for protecting more than 7 million machines, linked through 15,000 networks with 21 satellite gateways and 20,000 commercial circuits composed of countless devices and components" (McCluney, 2010, para. 10). Further evidence is provided in the same article which also stated, "National and military information infrastructures are heavily intertwined and as a

CYBERWAR: THE BATTLE OF A NEW FRONTIER

16

result, Defense Department (DoD) systems are probed by unauthorized users 250,000 times an hour, over 6 million times a day"(McCluney, 2010, para. 10). What impact does Cyberterrorism have on government, commercial and private companies? Cyberterrorism has a huge impact government, businesses and home users. According to the National Research Council (2002), cyberattacks could compromise systems and networks in ways that could render communications and electric power distribution difficult or impossible, disrupt transportation and shipping, disable financial transactions, and result in the theft of large amounts of money. A successful attack may lay a foundation for later attacks, be set to cause damage well after the initial penetration, or enable the clandestine transmission of sensitive information stored on the attacked system (National Research Council, 2002, p. 5). The impact of risk that cyberterrorism has on government, commercial and private companies are enormous. According to McDowell (2004, 2009), among these dangers are viruses erasing your entire system, someone breaking into your system and altering files, someone using your computer to attack others, or someone stealing your credit card information and making unauthorized purchases. In either case, malicious acts against a network can cause systems to go down. Losses to production, loss of revenue, loss of information could be crippling to organizational viability and sustainment. According to Harreld and Fonseca (2001) Information security is a business risk-management issue, and implementation is the responsibility of every person at a company (p. 37).

CYBERWAR: THE BATTLE OF A NEW FRONTIER

17

Chertoff (2008) believes that this could happen in the event of a successful cyber attack: 1. A successful cyber attack could shut down essential government services, imperil business operations, erode public trust in financial transactions, and disrupt electronic communications. 2. The impact of a cyber attack could be far-reaching indeed, threatening multiple sectors of the economy at once and creating cascading effects across interdependent systems and operations. Can Cyber Weapons be considered Weapons of Mass Disruption? Weapons of Mass Destruction were once considered nuclear, radiological, and biological weapons. Welcome to the World Wide Web, where one click of a mouse could bring an entire corporation or government down to its knees. One slip of a tongue, an individual leaves a password exposed, and you could lose your identity. In cyberspace, these weapons of mass destruction can destroy everything if we are not protected. Most people to include the United States government consider cyber weapons to be weapons of mass destruction. One such threat is that of malicious code being embedded in firmware of computer or application software from foreign suppliers. The government has found that foreign suppliers of software or computers have slip in harmful code in amongst the tens of millions of lines of code that comes installed on the hard disk. Many of times, they have added this harmful code to the BIOS (Basic Instruction Operating Set). According to Technolytics Institute (2007) Every time you

CYBERWAR: THE BATTLE OF A NEW FRONTIER

18

turn on the computer or other device, the malicious code would initiate and wait to arm itself and become a cyber weapon (p. 2). How can we fix our cyber defense? According to Techni Core (2011), "U.S. Government entities have an even higher and more pressing urgency to implement the strictest form of Cyber Security practices to secure its information up to the highest classified level. The need for Cyber Security within the Government Information Systems is especially critical since many current terrorist and espionage acts are organized and facilitated using the Internet(Cyber Security, para. 3). Plfeeger and Ciszek (2008) propose a four-step process can help organizations evaluate assets to be protected, potential assailants, and likely methods and tactics: Ranking and Risk Analysis Methods of Protection Gap Analysis and Ranking Identify Course of Action Commercial businesses have a need for cyber security to protect their trade secrets, proprietary information, HIPAA-regulated medical and personal information, PCI compliance, and personally identifiable information (PII) of customers or employees (Techni Core, para. 2). According to CERT Software Engineering Institute (2001), "Security risks arise from the possibility of intentional misuse of your computer by

CYBERWAR: THE BATTLE OF A NEW FRONTIER

19

intruders via the Internet (III, para. A). Information security is concerned with three main areas: Confidentiality - information should be available only to those who rightfully have access to it Integrity -- information should be modified only by those who are authorized to do so Availability -- information should be accessible to those who need it when they need it (CERT Software Engineering Institute, 2001). The Department of Defense has been fighting back these cyber criminals with their own cyber spooks from the National Security Agency called the Red Team. NSAs Red Team according to Derene (2008), are sort of like the Special Forces units of the security industryhighly skilled teams that clients pay to break into the clients' own networks. For commercial and government agencies, these guys find the security flaws so they can be patched before someone with more nefarious plans sneaks in (Derene, 2008). We can fix our cyber defense by using these nine objectives in our IT security: 1. Having a strong, effective information security program consisting of many layers (Spontek, 2006). 2. Create what security professionals refer to as a "defense in depth."(Spontek, 2006).

CYBERWAR: THE BATTLE OF A NEW FRONTIER

20

3. Create well-designed IT security program are to make any unauthorized, unwanted access to your information systems extremely difficult, easily detected and well-documented (Spontek, 2006). 4. Firewalls, virus filters, intrusion detection systems, monitoring programs and usage policies are all essential components of a strong defense (Spontek, 2006). 5. Ensure that adequate information security tools are available, everyone is properly trained in their use, and that enough time is available to use them properly. Then hold all personnel accountable for their information system security practices. 6. Conduct frequent, unannounced red-team penetration testing of deployed systems and report the results to responsible management (National Research Council, 2002, p. 13). 7. Promptly fix problems and vulnerabilities that are known or that are discovered to exist. 8. Mandate the organization-wide use of currently available network/configuration management tools, and demand better tools from vendors.

CYBERWAR: THE BATTLE OF A NEW FRONTIER

21

9. Use defense in depth - design systems under the assumption that they could be connected to a compromised network or a network that is under attack, and practice operating these systems under this assumption. The three biggest reasons these cyber criminals are still getting into commercial and government networks is because of the lack of end user training, lack of updated protocols, lack of defense in depth techniques and security policies not being enforced. If there is little to no training or security policies for employees then it will be easier for these hackers to apply their techniques into your organizations. The best way of guarding against Cyberterrorism (Harreld and Fonseca, 2001): 1) Protect what you consider most critical to business operations, assets, and continuity. 2) Have intrusion detection so you'll know when intruders get around your defenses. 3) Have a response team and a response plan. 4) Tighten rules for inbound traffic. 5) If you don't do business with addresses in certain countries or regions, consider denying those IP blocks at your gateways. 6) Ports are just as important in your defensive strategy as IP addresses. 7) Establish a good security and disaster-recovery posture for your networks.

CYBERWAR: THE BATTLE OF A NEW FRONTIER

22

8) Consider special insurance designed to cover Internet-and network-related damage or loss. 9) Notify all users on your networks not to open suspicious e-mail attachments. 10)Force anti-virus updates throughout the network and direct all users, particularly those with laptops, to power up and update their anti-virus before conducting any business on the computer.

CYBERWAR: THE BATTLE OF A NEW FRONTIER Conclusion

23

Apparently, some of the information technology professionals are not doing their due diligence. Policy, procedures and security standards must be adhered to in order to combat these cyberpunks from penetrating our interior walls. Without security standards, we have chaos. Having a policy for everything is better than not having any polices. As stated earlier, Information Assurance is achieved when information and information systems are protected against such attacks through the application of security services such as: Availability, Integrity, Authentication, Confidentiality, and NonRepudiation. Training is another aspect in the battle of a new frontier we see as the cyberwar. According to Mallery (2008) Security is a very specialized area and requires appropriate training and knowledge. As IT professionals, we must be in a position to both identify vulnerabilities on a network, but also be in a position to identify attack patterns on the network (Mallery, 2008). Training is not only for Information Technology professionals, but for the employees as well. IT professionals must obtain and possess the knowledge; wisdom and understanding to pass on in layman terms so that their employers are able to get a better understanding of the war they are fighting. Without assistance or buy in from senior management, the IT professional will find resistance and their battle in the cyberwar will be lost.

CYBERWAR: THE BATTLE OF A NEW FRONTIER References

24

Biddick, M. (2010, August). GAP IN FEDERAL IT STRATEGY. InformationWeek,(1275), 36. Retrieved January 22, 2011, from ABI/INFORM Global. (Document ID: 2114712641). Brandt, A. (2009). HIGH-RISK SECURITY THREATS (AND HOW TO FIX THEM). (Cover story). PC World, 27(3), 62-70. Retrieved from EBSCOhost. CERT SOFTWARE ENGINEERING INSTITUTE. (2001). CERT Coordination Center Home Network Security. Retrieved from http://www.cert.org/tech_tips/home_networks.html#III-A Charles, K. (2008). THE TYPES OF HACKERS: BLACK HAT, WHITE HAT OR A GREY HAT HACKER, WHICH TYPE ARE YOU?. Examiner.com, 2008( 8), 1. Chertoff, M. (2008). THE CYBERSECURITY CHALLENGE. Regulation & Governance, 2(4), 480-484. doi:10.1111/j.1748-5991.2008.00051.x Clapper, D. (2011, January). STOLEN DATA AND FRAUD: THE HANNAFORD BROTHERS DATA BREACH. Journal of the International Academy for Case Studies: Special Issue Number 1,121-130. Retrieved January 22, 2011, from ABI/INFORM Global. (Document ID: 2243561531). Coleman, K. G. (2007). CYBER WARFARE. Technolytics, 2007(1), 1-7.

CYBERWAR: THE BATTLE OF A NEW FRONTIER

25

Denning, D. E., & Smith, G. (2003). TIGHTER CYBERSECURITY. Issues in Science & Technology, 20(1), 7-8. Retrieved from EBSCOhost. Frontline. (2001). THE TESTIMONY OF AN EX-HACKER. Retrieved from http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/testimony.html Fulghum, D. A. (2009). EMBRACING CYBERWAR. Aviation Week & Space Technology, 170(25), 49. Retrieved from EBSCOhost. Gregory Goth. 2009. U.S. UNVEILS CYBERSECURITY PLAN. Commun. ACM 52, 8 (August 2009), 23-23. DOI=10.1145/1536616.1536626 http://doi.acm.org.library.capella.edu/10.1145/1536616.1536626 Hansen, B. (2002, April 12). CYBER-CRIME. CQ Researcher, 12, 305-328. Retrieved from http://library.cqpress.com/cqresearcher/ Harreld, H., & Fonseca, B. (2001, October). GUARDING AGAINST CYBERTERRORISM. InfoWorld, 23(43), 34-37. Retrieved May 5, 2011, from ABI/INFORM Global. (Document ID: 86023472). http://proquest.umi.com.library.capella.edu/pqdweb? did=86023472&Fmt=7&clientId=62763&RQT=309&VName=PQD Harris, S. (2009). THE CYBER DEFENSE PERIMETER. National Journal, 23. Retrieved from EBSCOhost.

CYBERWAR: THE BATTLE OF A NEW FRONTIER Henrie,M. & Liddell, P. (2008, March). QUANTIFYING CYBER SECURITY RISK. CONTROL ENGINEERING, 55(3), IP.12. Retrieved May 30, 2011, from ABI/INFORM Global. (Document ID: 1448311781).

26

Headquarters Department of the Army, .(2007). ARMY REGULATION - INFORMATION ASSURANCE. Information Management, 25(2), 1-103. Kaplan, D. (2011, January). 2 MINUTES ON... THE DATA BREACH HEARD AROUND THE WORLD. SC Magazine, 22(1), 16. Retrieved Mayy 22, 2011, from Criminal Justice Periodicals. (Document ID: 2238914181). Lawrence D. Bodin, Lawrence A. Gordon, and Martin P. Loeb. 2008. INFORMATION SECURITY AND RISK MANAGEMENT. <em>Commun. ACM</em> 51, 4 (April 2008), 64-68. DOI=10.1145/1330311.1330325 http://doi.acm.org/10.1145/1330311.1330325 Lynn, W. (2010). DEFENDING A NEW DOMAIN. Foreign Affairs, 89(5), 97-108. Retrieved May 30, 2011, from ABI/INFORM Global. (Document ID: 2129061161). Mallery, J. (2008). Network Risk Management. Security Technology & Design, 18(5), 52. Marshall, P. (2010, February 26). CYBERSECURITY. CQ Researcher, 20, 169-192. Retrieved from http://library.cqpress.com/cqresearcher/ McCluney, C. N. (2010, June 8). NEW CYBER CHIEF: CYBERSPACE MUST BECOME A NATIONAL SECURITY PRIORITY. Armed with Science. Retrieved

CYBERWAR: THE BATTLE OF A NEW FRONTIER May 30, 2011 from http://science.dodlive.mil/2010/06/08/new-cyber-chiefcyberspace-must-become-a-national-security-priority/

27

McDowell, M. (2004, 2009). NATIONAL CYBER ALERT SYSTEM CYBER SECURITY TIP ST04-001. US-CERT. Retrieved from http://www.us-cert.gov/cas/tips/ST04001.html Merriam-Webster. (2011). Cybersecurity. Retrieved from http://www.merriamwebster.com/dictionary/cybersecurity Munro, N. (2007). CYBER WARRIORS. National Journal, 2007(1007), 1-4., Retrieved from http://www.govexec.com/dailyfed/1007/102907ol.htm National Security Priority. Armed with Science. Retrieved November 6, 2010 from http://science.dodlive.mil/2010/06/08/new-cyber-chief-cyberspace-mustbecome-a-national-security-priority/ Pfanner, E. (2011, January 17). WREAKING CYBERHAVOC ISN'T SO EASY; MEDIA CACHE. The International Herald Tribune, pp. 18. Pfleeger, S., & Ciszek, T.. (2008, September). CHOOSING A SECURITY OPTION: THE INFOSECURE METHODOLOGY. IT Professional Magazine, 10(5), 46-52. Retrieved May 30, 2011, from ABI/INFORM Global. (Document ID: 1557505111). Pursuit Magazine. (2010). INTERNET & CYBER CRIME TERMS AND DEFINITIONS. Retrieved from http://pursuitmag.com/cyber-crime-terms-and-definitions/

CYBERWAR: THE BATTLE OF A NEW FRONTIER

28

Sharon Spontak. (2006, December). DEFENSE IN DEPTH: How Financial Executives Can Boost IT Security. Financial Executive, 22(10), 51-53. Retrieved January 24, 2011, from ABI/INFORM Global. (Document ID: 1182662141). Techni Core. (2011). WHAT IS CYBER SECURITY?. Retrieved from http://www.technicore.com/what-is-cyber-security.htm Technolytics Institute, . (2007). Department of Cyber Defense An organization whos time has come!. Technolytics Institute, 2007(11), 1-7. lWheeler, D. A. (2003). SECURE PROGRAMMING FOR LINUX AND UNIX HOW-TO. David A. Wheeler Personal Home Page, 2003(3), 1-168.