1. Cordero 1
Enrique
J
Cordero
Dr.
Marie-‐Helen
Maras
Cybercrime
–
GLOB1-‐GC.2510
March
30,
2012
Cyberterrorism:
Is
it
a
case
of
Alice
in
wonderland?
“If
you
know
the
enemy
and
know
yourself,
you
need
not
to
fear
the
result
of
a
hundred
battles…
If
you
know
neither
the
enemy
nor
yourself,
you
will
succumb
in
every
battle…
Knowing
the
enemy
enables
you
to
take
offensive,
knowing
yourself
enables
you
to
stand
on
the
defensive.”
Sun
Tzu,
The
Art
of
War.
Attack
by
Stratagem,
18
Introduction
What
happened
with
the
“old
days”
of
conventional
and
guerilla
warfare
when
your
enemy
had
a
human
face,
and
tactical
plans
as
well
as
rules
of
engagement
where
clearly
defined,
the
amount
and
sophistication
of
one’s
kinetic
weapons
was
the
game
changer
and
acquiring
such
strategic
and
tactical
advantages
required
vast
amounts
of
resources?
Well,
as
we
will
see
in
the
following
pages,
those
days
have
been
rapidly
changing
and
may
be
replaced
by
a
world
that
until
recent
years
has
been
only
in
the
imagination
of
Hollywood.
The
structure
of
this
paper
is
delineated
by
the
answers
to
the
following
3
dilemmas:
Why
is
cyberterrorism
the
greatest
threat
amongst
all
forms
of
cybercrime?
What
measures
are
we
taking
against
the
threat
of
cyberterrorism,
and
how
effective
are
they?
And
finally,
how
can
we
better
address
the
threat
of
cyberterrorism?
2. Cordero 2
Threat
assessment
Of
all
the
forms
of
cybercrime
cyberterrorism
stand
out
as
the
most
debated,
the
most
talked
about
in
the
media,
the
most
feared,
yet
the
least
consistently
defined
and,
not
surprisingly,
the
one
with
the
least
number
of
convictions.
It
is
this
combination
of
factors,
the
lack
of
clear
definitions,
hence
unclear
laws,
enforcement
and
punishment,
along
with
the
potential
threat
of
a
major
cyberattack
with
devastating
effects,
which
makes
cyberterrorism
the
greatest
threat
of
all
forms
of
cybercrime.
So,
as
stated
in
Sun
Tzu’s
quote
at
the
beginning
of
this
dissertation,
the
formula
to
successfully
wage
any
form
of
war
relies
on
knowing
the
enemy
and
ourselves;
however,
in
what
relates
to
cyberterrorism
we
still
have
yet
to
know
both.
Knowing
ourselves:
Definitions
and
legal
challenges
The
key
to
knowing
ourselves
in
the
cyberterrorism
space
relies
in
having
clear
definitions
as
to
what
it
is
and
what
it
is
not,
which
in
turn
would
build
a
baseline
for
establishing
governance
and
the
rule
of
law.
Definitions
of
cyberterrorism
date
back
to
the
1980’s
when
the
term
was
first
coined
by
Barry
Colin,
a
senior
fellow
at
the
Institute
for
Security
and
Intelligence
in
California,
who
discussed
this
dynamic
of
terrorism
as
transcendence
from
the
physical
to
the
virtual
realm
and
“the
intersection,
the
convergence
of
these
two
worlds....” 1
However,
nowadays
definitions
range
from
scholarly
developed
hybrid
concepts
between
Colin’s
statement
and
the
US
Government’s
definition
of
conventional
terrorism,
through
law
enforcement
conceived
and
based
mainly
on
impact
to
civilian
enterprise
data,
to
some
broad
in
scope
generated
by
legislative
groups.
Here
are
examples
of
the
three:
3. Cordero 3
Maura
Conway,
a
doctoral
student
in
the
department
of
political
science,
Trinity
College
in
Dublin
defines
cyberterrorism
as,
Premeditated,
politically
motivated
attacks
by
subnational
groups
or
clandestine
agents
against
information,
computer
systems,
computer
programs,
and
data
that
result
in
violence
against
noncombatant
targets.2
Dr.
William
F.
Tafoya,
a
retired
FBI
special
agent,
and
now
coordinator
of
and
a
professor
in
the
Information
Protection
and
Security
Program
at
the
University
of
New
Haven
in
Connecticut
defines
cyberterrorism
as,
Intimidation
of
civilian
enterprise
through
the
use
of
high
technology
to
bring
about
political,
religious,
or
ideological
aims,
actions
that
result
in
disabling
or
deleting
critical
infrastructure
data
or
information.3
The
National
Conference
of
State
Legislatures,
an
organization
of
legislators
created
to
help
policymaker’s
issues
such
as
economy
and
homeland
security
defines
cyberterrorism
as,
[T]he
use
of
information
technology
by
terrorist
groups
and
individuals
to
further
their
agenda.
This
can
include
use
of
information
technology
to
organize
and
execute
attacks
against
networks,
computer
systems
and
telecommunications
infrastructures,
or
for
exchanging
information
or
making
threats
electronically.
Examples
are
hacking
into
computer
systems,
introducing
viruses
to
vulnerable
networks,
web
site
defacing,
Denial-‐of-‐
service
attacks,
or
terroristic
threats
made
via
electronic
communication.4
Differences
and
similarities
between
them
are
described
in
Table
1
in
terms
of
perpetrator,
motive,
target
and
intent.
Notice
that
of
these
4
areas
only
two,
motive
and
target
are
similar
across
the
three
definitions,
and
it
is
in
the
perpetrator
and
the
intent
were
the
wider
gap
is.
These
gaps
are
important
to
recognize
for
two
fundamental
reasons,
first
to
concentrate
the
debate
amongst
the
different
stakeholders,
and
second
to
enhance
4. Cordero 4
TABLE
1.
Cyberterrorism
Definitions
Definition
Perpetrator
Motive
Target
Intent
Scholar
• Subnational
groups
• Clandestine
agents
• Politically
motivated
• Information
• Computer
systems
• Computer
programs
• Data
• Violence
against
non-‐
combatants
Law
Enforcement
• Anyone
• Political,
religious
or
ideological
aims
• Information
• Critical
infrastructure
data
• Intimidation
of
civilian
enterprise
Legislative
Group
• Terrorist
Groups
• Individuals
• Further
groups
agendas
• Information
technology
• Computer
systems
• Telecom
infrastructure
• Attacks
against
systems
• Terroristic
threats
interpretation
of
the
law
when
it
comes
to
both
enforcement,
prosecution
and
conviction.
This
leads
us
to
the
second
aspect
of
knowing
ourselves,
the
legal
conundrum.
Take
the
case
of
Luis
Mijangos,
a
Southern
California
man
who
in
March
2011
was
accused
of
cyberterrorism,
found
guilty
and
then
sentenced
to
6
years
in
prison.
The
specific
charges
were
wire-‐tapping
and
computer
hacking.
Mijangos
infiltrated
computers
belonging
to
women
and
teenage
girls
where
he
found
sexually
explicit
photos
and
threaten
to
put
them
online
unless
they
provided
him
with
more.
As
it
can
be
clearly
seen
this
particular
case
does
not
fit
the
intent
or
motive
in
any
of
the
definitions
above,
and
only
fits
the
perpetrator
in
Dr.
Tafoya’s
definition
because
is
broad
enough.
However,
the
case
was
portrayed
as
cyberterrorism
because
the
word
alone
would
justify
a
more
severe
punishment,
as
it
is
clear
in
the
words
of
U.S.
District
Judge
George
King
himself,
who
called
the
crimes
a
form
of
cyberterrorism
and
warned
other
hackers
they
will
meet
stiff
penalties
for
ruining
people’s
lives:
“Society
has
to
understand
that
if
you
engage
in
this
5. Cordero 5
type
of
behavior,
it’s
no
joke,”
King
said.
“You
are
going
to
jail
and
going
to
jail
for
a
long
time.”
5
There
is
no
doubt
that
the
crimes
for
which
this
man
was
accused,
tried
and
sentenced
are
despicable
and
deserve
punishment,
but
the
concept
of
cyberterrorism
should
not
be
hijacked
so
we
as
a
society
can
call
for
harsher
punishment.
To
illustrate
even
further
the
complexity
of
the
different
legal
challenges
consider
the
cases
of
the
recent
SOPA
and
PIPA
bills,
which
were
very
quickly
rejected
in
Congress
on
the
grounds
of
invasion
of
privacy
and
limitation
of
citizen’s
liberties
in
the
Internet.6
Now,
as
of
the
writing
of
this
paper,
a
new
bill,
CISPA,
is
being
debated
in
the
US
Congress,
and
many
experts
and
internet
freedom
defenders
are
already
calling
it
a
refurbish
version
of
the
old
SOPA/PIPA,
but
with
even
more
overreaching
measures
that
“would
end
the
Internet
as
we
know
it.”7
It
seems
like
even
with
the
best
of
intentions
from
our
legislature
this
bills
are
crafted
casting
such
a
wide
net
that
include
many
forms
of
cybercrime,
cyberterrorism
being
one
of
them,
adding
more
complexity
and
confusion
into
the
legal
dilemma.
Knowing
the
enemy:
Is
cyberterrorism
the
sum
of
all
fears
or
just
weapons
of
mass
annoyance?8
In
the
road
to
knowing
the
enemy
the
first
step
is
to
assess
the
level
of
risk
and
probability
associated
with
a
potential
aggressive
action
that
may
come
from
the
other
side.
Unfortunately,
threat
assessment
in
cyberterrorism
goes
from
the
devastating
and
imminent
to
the
nuisance
and
dismissive.
Let’s
evaluate
the
first
one,
devastating
and
imminent.
6. Cordero 6
One
of
the
earliest
risk
assessments
of
this
kind
appears
in
the
National
Security
Decision
Directive
Number
145
on
National
Policy
on
Telecommunications
and
Automated
Information
Systems
Security
issued
by
the
White
House
on
September
17,
1984,
stated
that,
The
technology
to
exploit
these
electronic
systems
is
widespread
and
is
used
extensively
by
foreign
nations
and
can
be
employed,
as
well,
by
terrorist
groups
and
criminal
elements.
Government
systems
as
well
as
those
which
process
the
private
or
proprietary
information
of
US
persons
and
businesses
can
become
targets
for
foreign
exploitation.9
The
second
identifiable
assessment
came
shortly
after
the
terrorist
attacks
of
September
11,
2001
in
New
York
City
when
a
special
congressional
commission
examining
terrorism
was
concerned
that
future
attacks
against
the
U.S.
might
occur
in
conjunction
with
a
cyberattack
that
would
maximize
the
destructive
effects
of
physical
weapons
such
as
bombs
or
chemical
assaults:
"There
has
been
substantial
concern
[about]
the
potential
consequences
of
cyberattacks,"
"Communications,
if
disrupted,
could
have
significant
impact
on
the
[physical]
attack
itself,
and
we
have
been
very
focused
on
that
and
very
concerned
about
that
particular
issue,"
said
Virginia
Gov.
James
Gilmore,
chairman
of
the
commission.10
Then
in
March
of
2002
and
April
of
the
same
year
the
CIA
stated
that
they
were
alert
to
the
possibility
of
cyber
warfare
attacks
by
terrorist
as
they
were
becoming
viable
options
for
them
and
other
foreign
adversaries
becoming
more
familiar
with
these
targets,
and
even
went
as
far
as
pinpointing
al-‐Qa’ida
and
Hizballah
becoming
more
adept
at
using
the
Internet
and
computer
technologies:
“This
groups
have
the
intentions
and
desire
to
develop
some
of
the
cyberskills
necessary
to
forge
and
effective
cyber
attack
MO.”11
7. Cordero 7
Finally,
we
have
The
Comprehensive
National
Cybersecurity
Initiative
in
which
President
Obama
has
identified
cybersecurity
as
one
of
the
most
serious
economic
and
national
security
challenges,
but
one
that
the
US
is
not
adequately
prepared
to
counter.12
Opposite
to
these
previous
assessments
we
have
the
nuisance
and
dismissive
school
of
thought.
According
to
James
A.
Lewis
from
the
Center
for
Strategic
&
International
Studies,
based
on
an
assessment
of
the
historical
occurrence
of
cyberterrorism
attacks
against
infrastructure,
the
consequences
of
routine
infrastructure
failures,
the
dependency
of
infrastructure
on
computer
networks
and
their
redundancies,
and
the
likelihood
of
cyber-‐
weapons
achieving
political
goals,
computer
network
vulnerabilities
are
an
increasingly
serious
business
problem
but
their
threat
to
national
security
is
overstated.
In
all
cases,
cyber
attacks
are
less
effective
and
less
disruptive
than
physical
attacks.
Their
only
advantage
is
that
they
are
cheaper
and
easier
to
carry
out
than
a
physical
attack.13
Just
recently
Dr.
Thomas
Rid
stated
that
a
virtual
conflict
is
more
hype
than
reality
and
that
recent
cyberattacks
such
as
the
one
in
Estonia
were
more
a
nuisance
and
an
emotional
strike
in
the
country,
also
that
creating
a
Pearl
Harbor
scenario
in
cyberspace
would
be
a
daunting
challenge
at
best.
In
his
view
Cyberwar
alarmists
want
the
United
States
to
see
cybersecurity
as
a
new
challenge
on
a
geopolitical
scale.14
Having
this
disparity
of
assessments
will
only
increase
the
possibilities
of
disagreement
in
selecting
the
right
course
of
action
and
reduce
the
ability
to
better
understand
the
enemy’s
true
capability
while
some
members
of
the
stakeholder
community
will
be
overly
concerned
and
reactive
whereas
others
will
be
complacent
and
underprepared.
8. Cordero 8
Current
measures
and
their
effectiveness
In
the
US
From
the
cyber-‐power-‐countries
the
United
States
is
the
one
at
the
helm
of
the
debate
and
one
of
the
most
progressive
in
terms
of
actions
and
preparedness
in
relation
not
only
to
cyberterrorism,
but
cybercrime
in
general.
This
comes
as
no
surprise
since
the
country
has
gone
through
a
rude
awakening
after
the
terrorist
attacks
of
9/11
and
the
wars
that
came
after
that.
Many
measures
have
been
taken
both
in
terms
of
legislation
and
institutional
change;
however,
the
effectiveness
of
these
actions
is
still
being
debated.
Legislative
Measures
Policy
measures
date
back
to
the
Reagan
administration
with
two
pieces
of
legislation,
the
Computer
Abuse
Act
in
1984/8615
targeted
to
curb
computer
crime,
and
the
1987
Computer
Security
Act16
enacted
in
an
effort
to
protect
federal
agencies’
computer
data
from
espionage.
However,
one
of
the
most
notable
in
recent
years
came
when
the
Bush
administration
enacted
the
USA
Patriot
Act
in
2001,
more
specifically
Title
VIII
Section
81417,
which
deals
with
strengthening
the
criminal
laws
against
terrorism
as
well
as
the
deterrence
and
prevention
of
cyberterrorism.
In
particular
it
increased
the
maximum
penalty
for
intentionally
damaging
a
federally
protected
computer
from
a
prison
term
of
five
years
to
a
prison
term
of
10
years
and
raised
the
maximum
penalty
from
a
prison
term
of
10
years
to
a
prison
term
of
20
years
for
intentionally
or
recklessly
damaging
a
federally
protected
computer
after
having
previously
been
convicted
of
computer
abuse.18
It
also
broadened
the
scope
of
protection
provided
to
federally
protected
computers
by
adding
a
fifth
category
for
triggering
criminal
or
civil
liability.
9. Cordero 9
Effectiveness
of
policy
measures
can
be
assessed
in
two
ways:
deterrence,
and
effective
prosecution
and
conviction.
Deterrence
is
hard
to
document,
but
one
can
just
consider
the
fact
that
there
has
not
been
an
occurrence
of
a
major
cyberattack
with
significant
or
devastating
impact,
despite
the
countless
and
relentless
efforts
of
enemy
groups
to
acquire
and
use
cyber-‐weapons
against
the
US
and
its
interests.19
Now,
in
terms
of
prosecution
and
convictions,
a
2004
report
to
Congress
from
Atty.
Gen.
John
Ashcroft
stated
that,
since
the
enactment
of
the
USA
PATRIOT
Act
and
as
a
direct
result
of
it,
the
US
Department
of
Justice
had
charged
310
defendants
with
criminal
offenses
related
to
terrorism,
and
from
those
179
had
already
been
convicted.
In
relation
to
cyberterrorism,
the
same
report
cited
the
2004
conviction
of
Rajib
Mitra,
a
man
who
jammed
the
Madison,
Wisconsin
police
department’s
emergency
radio
system
in
more
than
20
occasions;
Mitra
was
sentenced
to
eight
years
in
prison.
Also
cited
is
the
case
of
a
cyberterrorist
threat
to
the
South
Pole
Research
Station
in
2003,
which
was
quickly
investigated
and
resolved
using
section
212
of
the
act
to
identify
the
perpetrators
and
arrest
them
before
any
harm
was
done.20
Institutional
Change
Measures
In
June
of
2009
the
US
military
recognizing
the
importance
of
protecting
cyberspace
just
as
they
do
land,
air,
sea
and
space,
initiated
an
effort
to
consolidate
two
task
forces
(Joint
Task
Force-‐Global
Network
Operations,
which
carried
out
the
bulk
of
operation
Buckshot
Yankee,
and
Joint
Task
Force-‐Network
Warfare,
the
military's
cyber-‐offense
arm)
into
a
single
four-‐start
command,
the
U.S.
Cyber
Command,
which
began
operations
in
May
2010
as
part
of
the
U.S.
strategic
command
with
General
Keith
B.
Alexander
as
head
of
this
new
command.
10. Cordero 10
Institutional
change
effectiveness
is
usually
gaged
by
the
accomplishment
of
its
fundamental
missions.
USCYBERCOM
has
three
basic
missions:
first,
to
protect
all
defense
networks
and
support
military
and
counter-‐terrorism
missions
with
operations
in
cyberspace;
second,
to
manage
and
orchestrate
all
cyberwarfare
resources
across
the
U.S.
military;
and
third,
to
work
and
liaise
with
a
wide
range
of
stakeholders
inside
and
outside
the
U.S.
government
in
pursue
of
the
cybermission.
21
In
reference
to
the
first
element
of
the
mission,
in
August,
2011,
Army
Cyber
Command
reported
that
a
corps
of
21,000
soldiers
and
civilians
has
been
put
together
to
serve
24/7
worldwide
operating
and
defending
all
Army
networks
under
the
U.S.
Cyber
Command
umbrella.
In
simplest
terms,
Army
Cyber
Command
provides
security
for
these
networks
so
commanders,
regardless
of
their
location,
can
communicate
with
their
own
forces,
higher
headquarters
and
other
elements.22
In
relation
to
the
second
premise
of
USCYBERCOM
mission,
the
U.S.
Air
Force
reported
in
October,
2010,
that
cyber
training
became
a
permanent
fixture
of
the
Air
Force
Basic
Military
Training
curriculum.
The
two
main
courses,
Cyber
200
and
Cyber
300,
give
students
two
slightly
different
looks
at
cyber
operations,
but
cover
the
same
main
topics:
the
technology,
the
policy,
the
doctrine
and
the
law
as
they
relate
to
the
cyber
domain.23
Finally,
USCYBERCOM
results
in
following
its
third
mission
are
demonstrated
when
in
August,
2011,
a
new
pilot
program
in
which
the
Defense
Department
shares
classified
threat
intelligence
with
defense
contractors
or
their
commercial
Internet
service
providers
is
showing
promise
in
increasing
their
cyber
defenses
and
preventing
enemy
intrusions
into
sensitive
government
networks.24
11. Cordero 11
In
the
International
Community
Activities
at
the
UN
have
shown
some
initial
measures
in
the
form
of
several
General
Assembly
resolutions
dealing
with
the
creation
of
a
global
culture
of
cybersecurity
and
the
protection
of
critical
information
infrastructures.
Moreover,
a
new
Group
of
Governmental
Experts
will
form
in
2012
to
submit
a
report
in
2013,
marking
the
next
step
in
the
politico-‐military
stream
and
the
norm
emergence
process.25
In
these
new
efforts
each
of
the
commanding
countries
plays
a
different
role
as
their
motives
are
drive
by
individual
interest,
to
that
effect
Russia
has
been
playing
a
crucial
role
in
this
process
with
the
U.S.
as
the
most
important
counterweight.
Germany,
Canada,
and
the
United
Kingdom
have
also
played
an
active
role
funding
various
research
projects
and
expert
groups.
Curiously,
China
seems
to
have
been
rather
inactive
except
for
its
co-‐sponsorship
of
the
resolution
in
the
First
Committee
in
the
year
after
the
U.S.
decided
to
vote
against
it
for
the
first
time
and
the
recent
code
of
conduct.26
In
terms
of
the
effectiveness
that
these
norms
will
have
in
the
future,
one
has
to
consider
first
that
the
UN
is
a
fragmented
system
in
its
activities
regarding
cybercrime
and
ultimately
countries
themselves
will
play
a
fundamental
role
as
norm
originators,
as
well
as
the
different
endogenous
and
exogenous
factors
that
undoubtedly
will
affect
the
perceptions
of
States’
policy
makers.
Forward-looking
preparedness
As
we
have
seen
there
is
still
work
to
be
done
in
the
quest
to
fighting
the
threat
of
cyberterrorism,
and
such
a
fight
is
better
served
by
a
robust
prevention
strategy.
Prevention
starts
with
taking
effective
actions
to
increase
awareness
and
education,
as
well
12. Cordero 12
as
setting
the
appropriate
legal
frameworks
that
will
allow
for
effective
deterrence
and
adjudication.
Important
strides
have
been
accomplished
in
terms
of
education
but
the
subject
is
still
very
unknown
and
clouded
by
misconception
and
sensationalism.
The
media
in
particular
is
a
very
important
actor
in
this
space
and
a
fundamental
connection
to
the
public
in
general,
so
educating
it
and
empowering
it
can
prove
very
effective
in
the
prevention
efforts.
Regarding
adjudication
the
first
step
is
setting
clear
scope
and
definitions
about
cyberterrorism.
As
demonstrated
in
the
beginning
of
this
paper,
current
definitions
widely
vary
across
the
different
sets
of
stakeholders
involved
in
the
discourse,
so
a
starting
point
could
be
reaching
agreement
in
the
areas
of
perpetrator
and
intent
since
there
seems
to
be
already
a
common
language
in
what
relates
to
motive
and
target.
Once
all
stakeholders
party
to
this
important
form
of
cybercrime
reach
agreement
as
to
its
definition
and
scope,
setting
the
rule
of
law
that
will
govern
monitoring,
enforcement
and
punishment
will
transcend
from
semantics
to
execution.
In
conclusion,
the
debate
must
go
on,
but
concrete
and
prompt
actions
must
be
taken
in
the
near
future.
At
stake
are
not
only
the
national
security
of
all
cyberpower
nations,
but
also
the
assurance
of
a
safe
and
stable
Internet
that
can
continue
serving
as
catalyzer
for
economic
and
social
development.
It
is
then
of
vital
importance
that
future
debates
and
solutions
are
the
result
of
a
concerted
effort
between
a
wide
spectrum
of
stakeholders
from
academia,
state
actors,
law
enforcement
agencies,
the
media
as
well
as
sensible
members
of
the
hacking
community
such
as
“white
hat”
hackers
and
other
cybersecurity
experts.
I
would
like
to
finish
this
dissertation
by
highlighting
the
words
of
Sun
Tzu
regarding
the
importance
of
preventive
and
defensive
measures:
“Attack
is
the
secret
of
defense;
defense
is
the
planning
of
an
attack.”
13. Cordero 13
REFERENCES
1
Tafoya,
William
L.
“Cyber
Terror,”
FBI
Law
Enforcement
Bulletin,
November
2011,
http://www.fbi.gov/stats-‐services/publications/law-‐enforcement-‐
bulletin/november-‐2011/cyber-‐terror
(accessed
April
25,
2012).
2
Conway,
Maura.
“What
is
Cyberterrorism?”
Current
History
101.659
(2002):
436-‐42.
3
Ditto
reference
1
4
National
Conference
of
State
Legislatures.
“Cyber
Terrorism”
http://www.ncsl.org/programs/lis/cip/cyberterrorism.htm
(accessed
April
25,
2012).
5
Chicago
Sun-‐Times.
“6
years
for
California
man
convicted
of
cyberterrorism.”
September
3,
2011.
http://www.suntimes.com/news/nation/7412050-‐418/6-‐years-‐for-‐
california-‐man-‐convicted-‐of-‐cyberterrorism.html
(accessed
April
26,2012)
6
The
DePaulia.
“SOPA/PIPA
bills
rejected.”
January
23,
2012.
http://www.depauliaonline.com/mobile/nation-‐world/sopa-‐pipa-‐bills-‐rejected-‐
1.2746879
(accessed
April
26,
2012)
7
International
Business
Times.
“What
Is
CISPA
2012?
Inside
The
Bill
That
Has
Internet
Privacy
Advocates
Up
In
Arms.”
April
26,
2012.
http://www.ibtimes.com/articles/333865/20120426/cispa-‐what-‐sopa-‐pipa-‐acta-‐
stop-‐congress.htm
(accessed
April
26,
2012)
8
Weapons
of
mass
annoyance:
a
phrase
originated
by
Stewart
Baker.
9
Dunn-‐Cavelty,
Myriam.
“Cyber-‐Terror-‐
Looming
Threat
or
Phantom
Menace?
The
Framing
of
the
US
Cyber-‐Threat
Debate.”
Journal
of
Information
Technology
&
Politics.
(2008)
4:1,
19-‐36.
14. Cordero 14
10
Computerworld.
“U.S.
commission
eyes
cyberterrorism
threat
ahead.”
September
17,
2001.
http://www.computerworld.com/s/article/63965/U.S._commission_eyes_cyberterr
orism_threat_ahead?taxonomyId=017
(accessed
April
26,
2012)
11
Ditto
reference
9
12
The
White
House.
National
Security
Council.
“The
Comprehensive
National
Cybersecurity
Initiative.”
http://www.whitehouse.gov/cybersecurity/comprehensive-‐national-‐
cybersecurity-‐initiative
(accessed
April
26,
2012)
13
Lewis,
James
A.
“Assessing
the
Risks
of
Cyber
Terrorism,
Cyber
War
and
Other
Cyber
Threats.”
Center
for
Strategic
and
International
Studies.
December,
2002.
http://csis.org/files/media/csis/pubs/021101_risks_of_cyberterror.pdf
(accessed
April
27,
2012)
14
Rid,
Thomas.
“Think
Again:
Cyberwar.”
Foreign
Policy
Magazine.
March/April
2012.
http://www.foreignpolicy.com/articles/2012/02/27/cyberwar?print=yes&hidecom
ments=yes&page=full
(accessed
March
20,
2012)
15
The
Counterfeit
Access
Device
and
Computer
Fraud
Abuse
Act,
18
U.S.C.
1030
(1984).;
Computer
Fraud
Abuse
Act
(U.S.)
18
U.S.C.
1030(a)
(1986)
16
Computer
Security
Act
of
1987,
Public
Law
100-‐235,
H.R.
145,
(1988),
(100th
Congress)
17
USA
PATRIOT
Act
of
2001,
Public
Law
107-‐56,
H.R.
3162,
(2001),
(107th
Congress)
18
US
Department
of
Justice.
“Report
From
The
Field:
The
USA
PATRIOT
Act
at
work.”
July
2004.
http://www.justice.gov/olp/pdf/patriot_report_from_the_field0704.pdf
(accessed
April
27,
2012)
19
Ditto
reference
9
15. Cordero 15
20
Ditto
reference
18
21
Lynn,
William
J,
III.
2010.
“Defending
a
New
Domain.”
Foreign
Affairs.
89,
no.
5:
97-‐108.
22
U.S.
Department
of
Defense.
“Army
Cyber
Command
Focuses
on
Protecting
Vital
Networks.”
American
Forces
Press
Service.
August
15,
2011.
http://www.defense.gov/news/newsarticle.aspx?id=65031
(accessed
April
28,
2012)
23
U.S.
Department
of
Defense.
“Air
Force
School
Focuses
on
Cybersecurity.”
American
Forces
Press
Service.
October
29,
2010.
http://www.defense.gov/news/newsarticle.aspx?id=61471
(accessed
April
28,
2012)
24
U.S.
Department
of
Defense.
“Sharing
Intelligence
Helps
Contractors
Strengthen
Cyber
Defenses.”
American
Forces
Press
Service.
August
16,
2011.
http://www.defense.gov/news/newsarticle.aspx?id=65050
(accessed
April
28,
2012)
25
Maurer,
Tim.
“Cyber
Norm
Emergence
at
the
United
Nations
–
An
Analysis
of
the
UN‘s
Activities
Regarding
Cyber-‐security?”
Discussion
Paper
2011-‐11,
Cambridge,
Mass.:
Belfer
Center
for
Science
and
International
Affairs,
Harvard
Kennedy
School,
September
2011.
26
Ditto
reference
25