Cyber warfare involves politically motivated attacks on a nation's computer and information systems, replacing traditional military tactics with cyber tactics such as sabotage and espionage. Strategies for cyber warfare include offensive methods like psychological operations and technical weapons, as well as defensive measures emphasizing inter-agency cooperation and ongoing preparatory work. Key examples of cyber warfare include the Stuxnet attack on Iran's nuclear program and the 2007 cyberattacks against Estonia, highlighting the complexities of attribution and legality in this new domain of conflict.

1. CYBER WARFARE
JAMIE REECE MOORE

2. WHAT IS CYBER WARFARE?
Any virtual conflict initiated as a politically motivated attack on
another country’s computer and information systems.
Much like traditional warfare, however tanks and
soldiers are replaced with computers and hackers.
Objectives:
 Sabotage
• Deny access to information
• Destroy data
• Disrupt critical infrastructure systems
 Espionage
• Steal data
• Manipulate data to change its context or its perception

3. CYBER WARFARE STRATEGIES
Preparation –
Cyber warfare “weaponry” must be acquired and resourced
over time. If a country wishes to wage any type of cyber warfare,
they must first scout multiple weaknesses in the event hostilities
breakout.
 Research:
1. Find Vulnerabilities
2. Design Bugs to Exploit Vulnerabilities
 Reconnaissance:
Plan where attacks are best levied at. These may coincide with
traditional, physical military action.
 Vulnerability Enumeration:
Scan desired target systems for vulnerabilities. This could be as simple
as bad configurations or outdated software on critical devices.

4. CYBER WARFARE STRATEGIES
Offensive Strategies –
Like any traditional attack operation against an enemy,
cyber warfare requires assault diversification. Striking multiple
targets simultaneously by several methods increases attack
effectiveness greatly.
 Psychological Weapons:
 Social Engineering – deception of others in order to gain critical
information or access
 Psychological Operations – hack and alter government or media
websites to discredit the authority of a regime
 Technical Weapons:
 Weapons are dynamic and typically delivered instantaneously
 Preparations are quiet, however pre-attack testing is nearly impossible
 Attacks must be controllable and time sensitive
 Depending on the target, weapon effectiveness may not be immediately

5. CYBER WARFARE STRATEGIES
Defensive Strategies –
Today’s Internet is far too large to completely protect or
govern, thus government agencies must be interconnected with
other government and civil entities.
 Information security administrators at thousands of venerable sites
implement recommendations at the discretion of the national defense
agencies
Oftentimes, the best cyberwar defense is a good offense. Even if
one doesn’t intend on launching an immediate attack,
preparation against adversaries should be ongoing in the event
that they launch an attack. This is especially true for cyber
warfare because it is mostly invisible until executed.
 The source of cyber attacks must be attributable so that effective

6. CYBER WARFARE EXECUTION
Most commonly carried out abroad via the Internet, but
may also be locally executed by physically accessing sensitive
equipment. A recent attack against Iran, dubbed Stuxnet, was
injected into a computer system via a USB flash drive infected
with the worm.
 Droppers are the means which allow a computer virus to
compromise and populate a computer system before the actual
payload “detonates” so that it can be most effective. This could
be considered the missile.
 Payloads are the core operators of an attack. This malicious
code is intended to carryout the intended actions against the
target. This could be considered the warhead inside the missile.
 Control Consoles are the attackers’ interface to carryout their

7. CYBER WARFARE EXAMPLES
Stuxnet
WHEN? Discovered in 2010, however it can
be traced back to June 2009.
WHY? To slowly and covertly kill Iran’s
nuclear program from the inside outwards.
WHO? United States & Israel (suspected) vs.
IranHOW? Infiltrated an air-gapped system by infecting contractors’
computers with a computer worm that remained dormant until
landing on a Siemens PLC computer. The worm then over-sped
variable-frequency drives that were spinning nuclear centrifuges
so as to destroy the centrifuge units. All the while, a rootkit

8. CYBER WARFARE EXAMPLES
2007 Cyberattacks Against Estonia
WHEN? April 2007
WHY? To pressure Estonia government officials
into not relocating Soviet-era grave markers in Tallinn.
WHO? Russia (suspected) vs. Estonia
HOW? Included a series of cyber attacks against the Estonian
parliament, banks, ministries, and news media that utilized
distributed denial of service (DDoS) and ping flood attacks.
Several state and news media websites were also vandalized by
hackers.

9. CYBER WARFARE EXAMPLES
Red October
WHEN? First discovered in October 2012 (hence the name),
however the malware had been operating undetected since at
least 2007.
WHY? To steal sensitive diplomatic secrets from government
entities, including login credentials for other secure data
systems.
WHO? Unknown, but dozens of countries were affected, including
the United States and Russia (see next slide). At least 55,000
computers were infected.

11. CYBER WARFARE EXAMPLES
Sony Pictures Attack
WHEN? Discovered in November 2014, however the
cyber intrusion had begun at least two months prior, possibly as
early as 2013.
WHY? To pressure Sony Pictures to abandon their release of The
Interview, a movie about a fictional plot to kill North Korean
dictator Kim Jong Un.
WHO? North Korea (suspected) vs. United States (specifically Sony
Pictures)
HOW? Hackers utilized a Server Message Block (SMB) Worm Tool

12. U.S. CYBERWAR DEFENSES
 Department of Defense (specifically the U.S. Cyber
Command) – defends military assets against cyber
threats and maintains offensive capabilities
 Department of Homeland Security – defends civil and
commercial assets against cyber threats, including
critical infrastructure systems
 United States Computer Emergency Response Teams (US-
CERT) – defends the United States’ Internet infrastructure
against cyber threats along with coordinating responses to
cyber attacks
In the years to come, cyber warfare will likely become
as common as traditional warfare, leading many to
believe a new branch of military dedicated to cyber
warfare will emerge.

13. CYBER WARFARE
ACCOUNTABILITY
Where Did The Attack Originate?
Because of their secretive nature, most cyberwar attacks are difficult to
specifically trace. Even if there are clues and language pointing to a specific
group or country, these could easily be “false flags” trying to throw
investigators off the trail. Furthermore, these attacks can be coordinated and
executed from two or more different locations, meaning a hacker in Asia could
control a fleet of “zombies” that are physically located within the United States
to carryout their attacks.
Who Committed The Attack? An individual or state government?
Most acts of cyberwar are carried out at the will of a nation or a political figure,
however the actual legwork is usually done by a state-sponsored group. Acting
as a virtual “hitman,” these groups are specialized and try keep the government
clear of any wrongdoing. Sometimes however, individuals or smaller, non-
state-sponsored groups will carryout cyber attacks for a cause they believe in.
The hacktivist group Anonymous is a good example of this. While not

14. CYBER WARFARE LEGALITY
As if finding out who and why someone committed an
act of
cyberwar wasn’t hard enough…
International law may rarely define cyber attacks as an intentional
act of war. Furthermore, the International Criminal Court (ICC)
may only prosecute cases that include cyber attacks that can be
deemed as a crime against peace, an aggressive crime, or a crime
against humanity. Moreover, a country must be a signing party to
the ICC in order for their statues to apply to those within that
nation.
Even with multinational treaties and vague international laws,
most cyber warfare stems from sanctuary countries that are either
too undeveloped to have provisioned cyber laws or turn a blind
eye to cyber attacks. Countries such as China, North Korea, and

16. THIS BEGS THE QUESTION…
SHOULD WE RESPOND TO ACTS OF CYBERWAR WITH
DIPLOMACY AND LEGAL PROSECUTION, OR SHOULD WE
EVOLVE INTO A RETALIATORY, “FIGHT FIRE WITH FIRE”
POLICY?

17. REFERENCES
Code wars: America's cyber threat [Video file]. (2011). Retrieved February 10, 2017, from
http://fod.infobase.com/PortalPlaylists.aspx?wID=96757&xtid=47288
Davis, J. (2007, August 21). Hackers take down the most wired country in Europe. Retrieved
February 10, 2017, from https://www.wired.com/2007/08/ff-estonia/
Lee, D. (2013, January 14). 'Red October' cyber-attack found by Russian researchers. Retrieved
February 10, 2017, from http://www.bbc.com/news/technology-21013087
Peterson, A. (2014, December 18). The Sony Pictures hack, explained. Retrieved February 10,
2017, from https://www.washingtonpost.com/news/theswitch/wp/2014/12/18/ the-sony
pictures-hack explained/?utm_term=.23be3932b130
Vacca, J. R. (Ed.). (2013). Computer and information security handbook (2nd ed.). Waltham, MA:
Steve Elliot.
What is cyberwarefare (cyber war)? (n.d.). Retrieved February 9, 2017, from
https://www.techopedia.com/definition/13600/cyberwarfare
Zetter, K. (2014, November 3). An unprecedented look at Stuxnet, the world's first digital weapon.
Retrieved February 10, 2017, from https://www.wired.com/2014/11/countdown-to-zero-day
stuxnet/
Live Free or Die Hard (2007)