Cyberspace Threats Affecting Business and Government in the Information Age

Cyberspace Threats Affecting Business and Government in the Information Age 1

CYBERSPACE THREATS AFFECTING BUSINESS AND GOVERNMENT IN THE

INFORMATION AGE

Cyberspace Threats Affecting Business and Government in the Information Age

Prepared by:

Sunita Kaur

Joshua Headings

David Clark

IT486: Critical Issues in Information Technology

Central Washington University

Prepared for:

Terry Linkletter

June 3, 2011


Index

Executive Summary ....................................................................................................... 3

Introduction .................................................................................................................... 3

Espionage ....................................................................................................................... 4

Cyber warfare ................................................................................................................. 7

Cyber security ................................................................................................................. 13

Conclusions .................................................................................................................... 20

References ...................................................................................................................... 21

Figures

Figure 1: How Prepared are Companies? ....................................................................... 15


Cyberspace Threats Affecting Business and Government in the Information Age

Executive Summary

Nations are quickly becoming aware of the many dangers inherent in the information age

that threaten not only the security of governments, but also the well being of citizens and of

economies. Crippling cyber attacks, industrial espionage, and many other risks taken by

venturing into cyberspace have had a significant impact on the geopolitical landscape, prompting

world powers and developing countries alike to begin ramping up a massive cyber arms race in

the bid to seek dominance over, or safe harbor from, mankind’s artificially created information

domain. People and businesses have been caught in the middle of this ongoing struggle, which

has greatly steepened the learning curve that must be overcome to stay informed and shield

against the potentially catastrophic consequences of this technological reality.

Introduction

Just as humanity woke up in the information age to the reality that nations are no longer

protected from foreign enemies and competitors around the world by oceans and other

geographic barriers, it has been onset by a future that has brought with it new challenges

threatening modern societies. In braving this new technological frontier, businesses and

governments have placed so much trust and reliance on computers to store and process

information, and have gone so far in computerizing and connecting systems supporting those

societies, that this has created a vast and all-encompassing cyberspace domain from which those

threats are now more real and more menacing than ever before. (Adams, 250)


Today it is estimated 98% of all local, state and federal U.S. government communications

take place over civilian-owned-and-operated computer networks, against which countless daily

cyber attacks have accounted for the loss of over $6 million each day from the nation’s economy,

on top of many more millions spent responding to and repairing damage from these attacks (an

excess of $100 million was spent by the Pentagon alone during a six-month period in 2009 for

this purpose). (Size) Computer hackers continuously probe the security of computer networks

owned by the nation’s largest corporations, as well as top government institutions including the

White House, the Department of Homeland Security, U.S. Secret Services, the Department of

Defense, and NASA. (Jensen, 2010) The perpetrators of these attacks cannot often be identified,

and may act independently or as part of an organized criminal or government effort. Motives for

such activity are often financial, political or strategic. When governments exhibit this behavior

over cyberspace against enemy nations or foreign businesses, all of these all of these motivations

fall under the umbrella of cyber warfare – “actions by a nation-state to penetrate another nation’s

computers or networks for the purposes of causing damage or disruption”. (Clarke, 5) This

concept has quickly evolved to include not only actions targeting the military and other public

sectors, but also the private and consumer sectors.

Espionage

Success in armed conflicts is often measured by the effectiveness of militaries to gain and

leverage new technologies for a strategic advantage. Indeed, nations have been practicing

economic espionage since before the invention of the computer to gain military and economic

advantages by illegally accessing and analyzing companies’ trade secrets and other private

information. Before people learned how to do this with computers, companies and governments


relied largely on spies embedded within targeted organizations to gather information that could

not otherwise be purchased or acquired. This includes knowledge that would make it easier to

compete with, defend against, or to circumvent an enemy’s military and economic strength. This

often relates to weapons systems and other technologies nations expend considerable resources

to develop.

While there is often very little risk of identification and punishment for individuals,

groups or institutions committing these acts, the damage done to those that fail to adequately

secure information from such attacks can be significant. The Chinese government, for example,

has made significant strides within the last decade to equip its armed forces with the world’s

most advanced military systems. It has been accused of stealing much of its newfound wealth of

technology from defense firms working for the U.S. government, which points to a massive

decentralized network of spies “…scouring the globe for the Chinese government, vacuuming up

every shred of technology information or hardware they can get their hands on.” One such spy

was found guilty in 2005 of exporting U.S. night vision goggles, and engines from Black Hawk

helicopters, to China. Other such spies have stolen low-noise amplifier microchips used in air-to-

ground missiles, as well as navigation and radar systems, engines from F-16 fighter jets, and

many other sensitive technologies. (Cooper)

Successful breaches of U.S. networks have resulted in the theft of countless files

containing sensitive data vital to the nation’s security, including surveillance information,

operational plans, and weapons blueprints. (Lynn) One widely reported theft occurred in 2009,

when it was feared someone had gained access to several terabytes of data detailing the highly

guarded secrets of the U.S. government’s most expensive known weapons program – the $382

billion F-35 Joint Strike Fighter project – with similar breaches compromising the security of the


Air Force’s air-traffic-control system. (Gorman) The targeted defense firm, Lockheed Martin,

later denied the report, pointing out the effectiveness of its security system to detect and prevent

the constant barrage of attempted intrusions that company and many like it have been faced with.

The high level of media attention given to this incident highlights the ever-present threat

of an event that would allow a competing company or foreign enemy to negate the strategic and

economic benefits yielded from the investment of not only the U.S. but many other allied nations

pooling their scientific and financial resources.

If a government had successfully stolen the F-35 Joint Strike Fighter plans, it could not

only use the information to determine how best to counter and defend against this technology,

but it could also reverse-engineer it to produce, and even sell, knockoffs of F-35 fighter jets. An

example of this was seen only last year in China, which ignored trade restrictions to purchase a

Russian Su-33 fighter jet from the Ukraine, and is now remanufacturing it for military use. Not

only that, but it is also selling copies of the plane on the international market, at a price so low

the Russian defense firm cannot compete because it is burdened with the need to recoup the high

cost it paid to develop the technology. (Pravda) This theft and infringement of the company’s

designs was repeated four years prior, when after delivering half of an ordered allotment of Su-

27CK fighter planes to China, the Chinese Communist Party (CPC) declined to sign an

agreement with Russia for the remaining shipments, revealing that it had successfully reverse-

engineered the technology (despite legal restrictions) after analyzing the planes it had already

received from Russia. China has been producing identical copies of those planes as well, at

relatively little expense.

The benefits of pursuing such espionage capabilities over cyberspace are too big to be

ignored, which is why it should not come as a big surprise that the U.S. and some of its biggest


allies join Russia, China, Iran, North Korea, and others on the list of the most aggressive users of

advanced military and economic intelligence gathering operations on the globe. (Lynch) As one

CEO of a cyber risk consulting firm put it, “…everybody is busy spying on everybody else.” In

the information age, the methods employed to circumvent the privacy of governments and

companies have added many layers of complexity to the geopolitical landscape. (Acohido)

Cyber warfare

The Pentagon has formally recognized cyberspace as a new and critically important domain

of war, as influential on the outcome of armed conflict as air, sea, land and space. (Lynn) This

assertion has been proven on the battlefield, and governments now clamor with the same vigor to

procure not only the best tanks, planes and other kinetic warfare technology, but also the

brightest minds and the newest cyber weapons and defenses to help seek dominance over their

enemies within this new domain. China is the latest nation to confirm the existence of its own

cyberwar command, which is believed to have existed for at least two years. The elite 30-

member cyber security force the CPC named the “Blue Army” was revealed in May of this year,

with the stated mission of thwarting cyber attacks made against China. (NewsCore) The

announcement followed a report released earlier in the year outlining numerous discovered

vulnerabilities in China’s infrastructure to an assertive cyber attack, including its dams, gas and

oil pipelines, factories, and other computerized systems relying on a relatively domestically

software industry. (Waterman)

Russia has displayed its cyber military might numerous times in recent years, most

notably against Estonia in 2007, and again during a brief conflict with Georgia in 2008. In both

instances, the Russian government allegedly directed the actions of botnets containing millions


of infected computers to flood these nations’ vital computer systems with overloading volumes

of Web traffic in sophisticated and prolonged denial of services (DoS) attacks. (Clarke, 13)

These cyber attacks affected telephone services, credit-card verification services, and the Internet

directory itself, hampering peoples’ ability to communicate and to pay for goods and services. In

a unique way, this type of attack was used to directly impact the governments, companies, and

private citizens of those countries. Society was largely put on hold for those small nations during

the course of these online assaults.

It has been speculated that the Russian government (which denied it role in these events,

instead characterizing them as a “populist response” beyond the control of the Kremlin) (Clarke,

20) was exerting significant constraint, likely hiding the true weight of its cyber warfare

capabilities for a major conflict against the U.N. or the United States (Clark ,21) Russia, along

with China, have also been accused of attempting to map out key U.S. systems (electric grids,

nuclear plants, financial networks, water and sewer, etc.) and implanting code that could

potentially be used to control and disable those systems. (Size)

Israel has also had great success in applying its cyber warfare know-how to the

battlefield. In 2007, an Israeli Air Force strike force of F-16 Falcons and F-15 Eagles

successfully entered Syrian airspace long enough to pepper a clandestine nuclear facility with

bombs, wiping out the work being done in secret by the Syrian government in conjunction with

North Korea. There are several theories as to how Israel could have pulled this off. One such

method holds that the jets were not detected because of a single unmanned aerial vehicle (UAV)

deployed over Syrian skies, with the job of capturing and altering radar signals before sending

those signals back to display on the network’s computer screens as images of empty skies.

(Clarke, 5) It has also been theorized an Israeli agent within a Russian or Syrian facility could


have hidden malicious code into the air defense program that would instruct the system to fail in

the event it received and processed a particular electronic signal provided by an Israeli UAV

passing overhead. Such a signal could have also been provided by an Israeli agent splicing into a

fiber-optic cable somewhere in Syria that was connected to the defense network. (Clarke, 8)

Whichever method was used, it likely cast doubts on the reputation of the Russian defense firm

that designed and manufactured Syria’s air defense systems.

Britain announced in May of this year that it was developing its own offensive cyber

warfare capabilities that it could use to respond to threats against its national security. The

country’s Armed Forces minister, Nick Harvey, said that a successful attack on Britain’s

computer networks could be “catastrophic”, and that the military’s new cyber weapons would

fall partially under the same rules governing its special forces. (Bloxham)

The U.S. is no stranger to cyber warfare, and has been applying its skill in this new

domain long before the nation embarked on its mission several years ago to develop a United

States Cyber Command capable of conducting full spectrum military cyberspace operations. At

the start of the second Iraq War, U.S. forces compromised the Iraqi military’s defense network,

(Clarke, 9) to deliver E-mails addressed to thousands of enemy military personnel with

instructions to line up all tanks and other armored vehicles, and for soldiers to abandon all

military installations. Many complied with the U.S. orders. It was recognized at the time that the

U.S. possessed the capability to subvert the networks of banks in Iraq and elsewhere to destroy

its leader’s financial assets, though the Bush Administration chose not to take this course of

action because of fears that this could not only violate international law, but also set a dangerous

precedent. One wrong move and American cyber warfare experts could in such a scenario


unintentionally wipe out entire financial institutions, (Clarke, 10) resulting in unpredictable

consequences.

Even more harmful to societies in the information age could be the strategies being

developed to disrupt the military capabilities made possible by cyber warfare technology. This

includes nations like the U.S., Russia, China and now India developing weapons capable of

destroying satellites stationed in orbit, which governments and commerce have become highly

dependent on for communication, navigation, surveillance, and a multitude of other essential

applications. Not least of these is the global positioning system (GPS), which modern militaries

use to guide smart bombs, mortars, and missiles to their targets with incredible accuracy. It is

also used to track and remotely operate UAV’s and other unmanned weapon systems from great

distances, as well as aid in coordinating fleet and troop movements, and conducting advanced

reconnaissance. Likewise, GPS and other satellite technology have countless business

applications that organizations rely on. Some of these include tracking and coordinating

commercial flights and ships, synchronizing electrical grids, and enabling high-speed Internet,

television and radio broadcasts, and cell phone transmissions.

In the name of national defense, earlier this year the Egyptian government and others

caught up in widespread historic protests across the Middle East attempted to control and

dissolve those protests by cutting off all cell phone and Internet services in the country, which

provide communication and social network capabilities empowering citizens to assemble and

speak out against those governments. Because of the important role those same technologies play

in peoples’ daily lives, One Western think tank estimated this tactic resulted in the approximate

loss of $18 million to the Egyptian economy each day services were suspended. A second think

tanked based in Paris warned the long-term price to the economy could be far greater, as these


events have likely made it more difficult to convince companies to do business within those

nations. (Associated Press) All of this has exasperated concerns about proposed U.S. legislation

that would give the government’s administration its own “kill switch” authority over Internet

services, with the stated intention of protecting vulnerable computer networks controlling

banking services, power grids, phone networks, and other key systems from a catastrophic attack

over cyberspace. (Waterman)

In what could also be described as a flexing of its own cyber warfare capabilities, a

telecommunications company in China successfully redirected or “hijacked” nearly 15 percent of

the world’s Internet traffic to servers within China for an 18-minute period in early 2010. A

congressional report concluded the achievement diverted traffic to and from .gov and .mil Web

sites in the U.S., as well as Web sites used by the U.S. Senate, the office of the Secretary of

Defense, the National Oceanic and Atmospheric Administration, all military services, major U.S.

firms, and many others. It was unknown how the traffic had been redirected, or for what purpose.

It was pointed out that such actions could “enable surveillance of specific users or sites.” (Miller)

That traffic could also be halted in its tracks, unable to reach its destination, which could create

the same scenario we’ve seen in Estonia and Georgia on a massive scale.

Faced with these threats, the Pentagon now says the U.S. military will reserve the right to

respond with traditional military force to instances of sabotage over cyberspace, which the U.S.

government will in the future consider to be acts of war from those nations that the attacks

originate from. This new policy operates under the assumption that cyber attacks powerful

enough to disable U.S. power grids and other key systems would require the resources only a

government could provide. (Gorman) The unclassified portion of a new doctrine outlining these

new rules of engagement reportedly does not address the difficulty in identifying the perpetrators


of cyber attacks, nor does it take into account the ability of attackers to make a target believe the

intrusion originated from a different country altogether.

Cyber Security

Arguably the most extreme step to thwart future cyber attacks is being taken by Iran,

which has suffered significant setbacks to its nuclear program from numerous security breaches.

This includes the infamous “Stuxnet” computer worm reportedly crafted by the U.S. and Israel in

2009 to simultaneously destroy nearly a thousand uranium enriching centrifuges at Iranian

nuclear facilities. Other acts of sabotage against the program have been responsible for

destroying motors, vacuum pumps and other vulnerable equipment, some of which was believed

to have been infected with malicious code before it made its way to Iran from the international

market. (Markoff) The Iranian government is now pledging to unplug itself and other Muslim

countries from the rest of the world within the next two years by creating its own “national

Internet”. (Rhoads) The move to completely deny its citizens from public Internet access would

be unprecedented, and could have any number of political, social and economic consequences.

The task of governments and companies to protect against cyber attacks and other related

threats can appear daunting. Over 85% of those systems deemed critical to modern societies’

survival, including financial services, electrical grids, oil, gas, water, and other computerized

systems, are controlled by private corporations deemed incapable of adequately bracing this

infrastructure against a formidable cyber attack, due primarily to a lack of technical expertise. A

third of those companies included in a recent survey admitted to being unprepared for such an

attack. (HSNW) Companies claiming to being prepared for an attack are often discovered to be

exaggerating the strength and reliability of security systems intended to address such concerns.


MacAfee recently reported millions of dollars in sensitive information was stolen from

over five major international oil and gas companies in a string of successful cyber raids. The

attackers’ bounty included bidding contracts, oil exploration data, proprietary processes, and

other financial documentation. (HSNW) The data breaches were reportedly blamed on a lack of

stringent security measures. Even in the case of reputable top-tier banking institutions, hackers

have been successful slipping in and out of systems thought to be tightly monitored, using

relatively primitive methods of intrusion. Private corporations are failing to take seriously the

growing threat to every computer-based transaction being made.

Figure 1: How Prepared are Companies?

To survive in the information age, companies must develop organized and comprehensive

security programs complete with sets of periodically reviewed policies and procedural guidelines

for employees and management to ensure adamant and collaborative attention is being paid to

protecting precious assets. This requires related training integrated into workers’ duties,

providing a deeper understanding of the objective of the program and it’s implications on the

company as whole. The policies and procedures for information security should include clear


guidance for workers in regards to daily interaction with the computer network, including the

need for strict and enforceable login credentials such as unique identifiers and complex

passwords that should be altered every three months (Avitus Group).

In the U.S., for example, all government employees are instructed not to use private E-

mail accounts to discuss issues considered sensitive to national security. Agencies like the

Commodity Futures Trading Commission go the extra step of denying workers access to

personal E-mail account providers while they are on the job. Such restrictions may not

necessarily be included as a set rule employees must follow, however, and it is left up to each

agency to decide what access should be granted. The importance of these policies was

highlighted in a widely reported theft of hundreds of E-mail account passwords belonging to

Chinese journalists and activists, as well as senior U.S. government officials. These accounts are

managed by Google, which claims the goal of what it says is a perpetrator based in China was to

spy on the communications of those U.S. government officials. According to the Google official

who identified the security breach, the attacker had unfettered access to the E-mail accounts for a

number of months. (Quinn)

Another solution companies should consider is enforcing encryption policies on a local

level. These could range from network encryption, which is especially effective in wireless

networks, to actual data storage encryption on the physical level (Granville 106). With the

proliferation of individuals using person devices for corporate/government work, it has become

more difficult to regulate security and encryption policies. Data leakage from employees using

personal devices for work has become a very real issue that must be dealt with (Hayes 2008).

Adherence to encryption standards, as well following the recommendations outlined in the

following paragraphs, is one way that this issue can be greatly diminished.


Use of digital signatures is yet another effective method for securing a company’s

information. This provides a way to ensure the integrity of information and also ensures genuine

identity of the parties involved. Along with taking advantage of encryption and digital signature

strategies, it's important for organizations to keep updated anti-virus solutions on company

devices, and on those devices that have access to company resources (Granville 106). Virus

detection and removal software is one of the most basic ways that information warfare can be

detected and stopped at a local level, before it can have any negative effects on its target.

Firewalls provide added protection that can significantly reduce the risk of contamination

from cyber attacks on a private network. These devices can be configured to ignore things such

as denial of service (DoS) or distributed denial of service (DDoS) attacks, and many can also

serve as intrusion detection systems (IDS) that can help alert ISP's to various types of attacks

(Granville 106). Intrusion Detection Systems can be configured to relay attack information

upstream to ISP's who can then use countermeasures to defend themselves.

Confidential information in both digital and paper form should be limited in access to

only those that need it. In addition, various security parameters should be put in place to deter

unauthorized access. This may be in the form of logins or physical locks. One such technique

employed by U.S. defense firms and many top firms involves a two-factor authentication

technology offered by RSA known as SecurID, intended to protect E-mail, Web servers, VPNs,

WLANs, and other network resources from being compromised in a cyber attack. (Kaplan) The

sophisticated algorithms utilized in this technology to generate a constant flow of continuously

changing security keys was cracked by computer hackers in March, and it has been speculated

widely since that the successful attack on RSA left agencies and businesses employing RSA’s

security services vulnerable to additional attacks carried out at a later date against Lockheed


Martin, L-3 Communications and others that are suspected to involve the exploitation of the

compromised SecurID technology. These events serve as a grim reminder of just how vulnerable

computer networks are, and the importance of developing a depth of defenses to secure against

threats from cyberspace; to ensure all network traffic is being monitored and segmented, and that

numerous layers of precautionary software and procedures are put in place to prevent too much

reliance being placed on a single security strategy. (Hulme)

Software installation is another concern companies should address in their cyber security

plan. Both commercial as well as open-source software packages include various flaws or errors

that may provide an “open door” to hackers into the company’s system (Avitus Group). Software

installation should be conducted in a standardized, authorized manner. Administrators should be

ultimately responsible for software changes and installations. Personal usage should be included

in the security guidelines, as this also poses issues for companies. The plan must lay out the

particular usage expectations for employees, including the limitations placed on them. Lastly,

company equipment usage should be monitored to ensure security updates as well as compliance

with company policies (Avitus Group). Equipment extends to USB drives, portable computers as

well as PDA’s. Law enforcement may assist in the development of strong public sector solutions

to address national security issues. The public sector solutions combined with private solutions

may create a more feasible and solid defense against cyber attacks. Government assistance will

allow the company to work in partnership with law enforcements to investigate and rid their

networks of malicious activity.

Various programs have been created by the government that can assist public and private

sector companies in developing a more secure network. For example, the Department of

Homeland Security currently deploys an “intrusion-detection and security system” by the name


of Einstein for the Comprehensive National Cybersecurity Initiative (CNCI) (Montalbano). It is

to be implemented in three phases, with Einstein 1 being a network traffic monitor, Einstein 2 an

intruder detector, and Einstein 3 a supplementary layer to the previous phase. This program is

currently being used by 12 federal agencies and provides over 250,000 indicators of malicious

activity per month (Montalbano). The program is expected to begin servicing all federal

government IT infrastructure by the end of this year. A supplementary program by the name of

Einstein 3 will serve as a detector on top of the Einstein 2’s technology (Montalbano). The

system picks up on common threats using deep packet inspection and redirects the traffic to the

departments’ cyber security system, which then decides what is considered a potential threat and

how to address that threat prior to any potential damage. The system is currently used with a

commercial internet service provider, indicating a private-public relationship. According to

analyst these types of cross platforms of relationships are to grow exponentially as the

government works to secure network infrastructure against cyber attacks. Any type of concrete

security defense is most likely going to based on government and private technologies to use the

best practices from both sectors (Montalbano).

As individual countries fight to conquer cyber crime and defend against its ghastly

effects, numerous problems remain unaddressed. Perhaps the biggest problem remains in the

legality of the cyber warfare and its correlating activities. Many countries are facing issues on

validating cyber attacks and its effects due to the lack of a legal order on the principle. There are

no legal parameters that outline cyber attacks or address the “breach of legal order” (Economist).

Various organizations have tried to assume the position of the legal authority such as NATO

however, none have prevailed. (Economist) The lack of a common legal code on an international

level has left many countries out in the dark. Such code should be a collaboration of the majority


of the world’s nations, and should highlight the definition of a cyber crime in detail, as well as

offer ramifications of any breaches (Economist). Attackers should be held accountable for their

actions, and governments should be monitored by an international body to control cyber attacks.

Some efforts have been made on this front, including The Council of Europe, a guardian of many

international legal conventions. The council has worked to form a cyberspace treaty since 2001

addressing cyber crime (Economist). Many countries have failed to agree on the treaty’s

language, however, making it ineffective. Another effort is currently being undertaken by the

International Telecommunication Union, which hopes to create a global convention against cyber

crime. Some analyst predict a commonly agreed upon treaty will reach concurrence by 2012,

though reports vary considerably (Economist).

Conclusions

Cyberspace has made its way to the forefront of the international community’s focus as

an invisible and until recently silent struggle that has permeated our daily economic, political,

scientific, and cultural activities. (Watts) The threats to companies and governments in this new

domain are very real, and can affect small businesses and private citizens just as easily as it can

slip under the doors of the Pentagon and the White House. Everyone must do more to become

educated about and take appropriate precautions to protect their privacy, assets, and livelihoods

in this information age.


References

Adams, A. A., & McCrindle, R. J. (2008). Pandora's box: social and professional issues of the

information age. Chichester: Wiley.

Acohido, B. (2010, January 15). China-Google quarrel highlights world of cyber espionage -

USATODAY.com. News, Travel, Weather, Entertainment, Sports, Technology, U.S. &

World - USATODAY.com. Retrieved May 23, 2011, from

http://content.usatoday.com/communities/technologylive/post/2010/01/chinese-

cyberspies-arent-the-only-ones-on-the-prowl/1

Associated Press. (2011, February 3). Internet cut-off could cost Egyptian economy |

OregonLive.com. Oregon Local News, Breaking News, Sports & Weather -

OregonLive.com. Retrieved May 26, 2011, from

http://www.oregonlive.com/business/index.ssf/2011/02/internet_cut-

off_could_cost_eg.html

Avitus Group. (2011). Timely Opportunity. BizActions | Email Newsletters | Business

Newsletters. Retrieved May 29, 2011, from

http://www.bizactions.com/showopp.cfm/spid/2296/art/1404/ind/US/

Bloxham, A. (2011, May 31). Cyber weapons 'now integral part of Britain's armoury' -

Telegraph. Telegraph.co.uk - Telegraph Online, Daily Telegraph and Sunday Telegraph -

Telegraph. Retrieved May 31, 2011, from


http://www.telegraph.co.uk/news/newstopics/onthefrontline/8546921/Cyber-weapons-

now-integral-part-of-Britains-armoury.html

Chinese-born spy gets 15 years in prison - US news - Security - msnbc.com. (2010, February 8).

Msnbc.com - Breaking News, Science and Tech News, World News, US News, Local

News- Msnbc.com. Retrieved May 23, 2011, from

http://www.msnbc.msn.com/id/35300466/ns/us_news-security/t/chinese-born-engineer-

gets-years-spying/dx

Colin, (2010, January 20). DoD Buzz | Find More Backups for GPS: AF Chief. DoD Buzz |

Online Defense and Acquisition Journal. Retrieved May 26, 2011, from

http://www.dodbuzz.com/2010/01/20/back-away-from-gps-af-chief/

Clarke, R. A., & Knake, R. K. (2010). Cyber war: the next threat to national security and what

to do about it. New York: Ecco.

Cooper, S. (2009, July 10). How China Steals U.S. Military Secrets - Popular Mechanics.

Automotive Care, Home Improvement, Tools, DIY Tips - Popular Mechanics. Retrieved

May 22, 2011, from

http://www.popularmechanics.com/technology/military/news/3319656


Clark, C. (2010, January 20). DoD Buzz | Find More Backups for GPS: AF Chief. DoD Buzz |

Online Defense and Acquisition Journal. Retrieved May 26, 2011, from

http://www.dodbuzz.com/2010/01/20/back-away-from-gps-af-chief/

CSIS. (2011). In the Dark: Crucial Industries Confront Cyberattacks (Rep.).

Gilad, Ben. "The Future of Competitive Intelligence: Contest for the Profession's Soul",

Competitive Intelligence Magazine, 2008, 11(5), 22

Gorman, S. (2009, April 21). Computer Spies Breach Fighter-Jet Project - WSJ.com. Business

News & Financial News - The Wall Street Journal - Wsj.com. Retrieved May 23, 2011,

from http://online.wsj.com/article/SB124027491029837401.html

Gorman, S. (2011, May 31). Pentagon: Online Cyber Attacks Can Count as Acts of War -

WSJ.com. Business News & Financial News - The Wall Street Journal - Wsj.com.

Retrieved May 31, 2011, from

http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html?

mod=WSJ_hp_LEFTTopStories

Granville, J. J. (2003). Dot.Con: The Dangers of Cyber Crime and a Call for Proactive

Solutions. Australian Journal of Politics & History, 49(1), 102-109. Retrieved from

EBSCOhost.


Johnson, R. (2011, February 14). Russian sold secrets for China's first carrier - Washington

Times. Washington Times - Politics, Breaking News, US and World News. Retrieved May

23, 2011, from http://www.washingtontimes.com/news/2011/feb/14/russian-sold-secrets-

for-chinas-first-carrier/

Hambling, D. (2011, March 6). GPS chaos: How a $30 box can jam your life - tech - 06 March

2011 - New Scientist. Science News and Science Jobs from New Scientist - New Scientist.

Retrieved May 26, 2011, from http://www.newscientist.com/article/dn20202-gps-chaos-

how-a-30-box-can-jam-your-life.html

Hayes, J. J. (2008). Have data? Will travel [IT security threat]. Engineering & Technology

(17509637), 3(15), 60-61. doi:10.1049/et:20081510

HSNW. (2011, March 25). Businesses cannot defend against cyber attacks, expert says.

Homeland Security News Wire. Retrieved May 29, 2011, from

http://homelandsecuritynewswire.com/businesses-cannot-defend-against-cyber-attacks-

expert-says

HSNW. (2011, April 22). Dramatic increase in critical infrastructure cyber attacks, sabotage.

Homeland Security News Wire. Retrieved May 29, 2011, from

http://www.homelandsecuritynewswire.com/dramatic-increase-critical-infrastructure-

cyber-attacks-sabotage


Lynch, D. J. (2007, July 27). Law enforcement struggles to combat Chinese spying -

USATODAY.com. News, Travel, Weather, Entertainment, Sports, Technology, U.S. &

World - USATODAY.com. Retrieved May 22, 2011, from

http://www.usatoday.com/money/world/2007-07-22-china-spy-1_N.htm

Lynn, W. J. (2010, September). Defending a New Domain | Foreign Affairs. Home | Foreign

Affairs. Retrieved May 23, 2011, from

http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new-domain

Markoff, J. (2011, January 15). Inside The United States' Secret Sabotage Of Iran : NPR. NPR :

National Public Radio : News & Analysis, World, US, Music & Arts : NPR. Retrieved

May 29, 2011, from http://www.npr.org/2011/05/09/135854490/inside-the-united-states-

secret-sabotage-of-iran

Miller, J. R. (2010, November 16). Internet Traffic from U.S. Government Websites Was

Redirected Via Chinese Networks - FoxNews.com. FoxNews.com - Breaking News |

Latest News | Current News. Retrieved May 25, 2011, from

http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-

servers/

NewsCore. (2011, March 26). China Confirms Existence of Elite Cyber-Warfare Outfit the 'Blue

Army' - FoxNews.com. FoxNews.com - Breaking News | Latest News | Current News.


Retrieved May 26, 2011, from http://www.foxnews.com/scitech/2011/05/26/china-

confirms-existence-blue-army-elite-cyber-warfare-outfit/

Pravda. China Creates Pirate Copy of Russia’s Su-33 Deck-Based Fighter Jet - English

pravda.ru. (2010, April 6). English Pravda.ru: Russian News and Analysis. Retrieved

May 23, 2011, from http://english.pravda.ru/world/asia/04-06-2010/113664-china_pirate-

0/

Rawnsley, A. (2011, March 7). North Korea Jams GPS in War Game Retaliation | Danger Room

| Wired.com. Wired.com. Retrieved May 26, 2011, from

http://www.wired.com/dangerroom/2011/03/north-korea-jams-gps-in-war-game-

retaliation/

Reuters. (2009, April 21). Pentagon, Lockheed: Fighter Data Not Stolen | News & Opinion |

PCMag.com. Technology Product Reviews, News, Prices & Downloads | PCMag.com |

PC Magazine. Retrieved May 23, 2011, from

http://www.pcmag.com/article2/0,2817,2345699,00.asp

Rhoads, B. C. (2011, May 28). In Censorship Move, Iran Plans Its Own, Private Internet -

WSJ.com. Business News & Financial News - The Wall Street Journal - Wsj.com.


http://online.wsj.com/article/SB10001424052748704889404576277391449002016.html


Size, F. (2009, April 8). Spies Penetrate U.S. Electrical Grid - CBS News. Breaking News

Headlines: Business, Entertainment & World News - CBS News. Retrieved May 29,

2011, from http://www.cbsnews.com/stories/2009/04/08/national/main4928223.shtml

Sternstein 04/13/2011, A. (2011, April 13). U.S. law enforcement agencies struggle to detect

cyberattack sponsors - Nextgov. Nextgov - Federal Technology News, Best Practices, and

Web 2.0 Tools. Retrieved May 25, 2011, from

http://www.nextgov.com/nextgov/ng_20110413_3265.php

CNN. (2010, August 25). Cyberattack in 2008 prompted new Pentagon cyberdefense plan -

CNN. Featured Articles from CNN. Retrieved May 25, 2011, from

http://articles.cnn.com/2010-08-25/tech/pentagon.cyberattack_1_military-networks-

cyberdefense-military-computers?_s=PM:TECH

Magnuson, S. (2010, November 16). Cyber Experts Have Proof That China Has Hijacked U.S.-

Based Internet Traffic: UPDATED. Foxnews.com. Retrieved from

http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=249

Montalbano, E. (2010, July 29). Black Hat: U.S. Infrastructure Vulnerable To Cyber Attack --

InformationWeek. InformationWeek | Business Technology News, Reviews and Blogs.


http://www.informationweek.com/news/government/security/226300202


The Economist. (2007, May 24). Cyberwarfare: Newly nasty | The Economist. The Economist -

World News, Politics, Economics, Business & Finance. Retrieved May 29, 2011, from

http://www.economist.com/node/9228757?Story_ID=E1_JNNRSVS

Thompson, M. (2010, March 30). EMP Risk: Washington, Military Warned on Nuclear Threat -

TIME. Breaking News, Analysis, Politics, Blogs, News Photos, Video, Tech Reviews -

TIME.com. Retrieved May 26, 2011, from

http://www.time.com/time/nation/article/0,8599,1976224,00.html

Waterman, S. (2011, March 23). Senate debates president's power during cyber-attack -

Washington Times. Washington Times - Politics, Breaking News, US and World News.


http://www.washingtontimes.com/news/2011/may/23/senate-debates-presidents-power-

during-cyber-attac/?page=all

Waterman, S. (2011, March 17). China open to cyber-attack - Washington Times. Washington

Times - Politics, Breaking News, US and World News. Retrieved May 29, 2011, from

http://www.washingtontimes.com/news/2011/mar/17/china-open-to-cyber-attack/

Watts, J. (2011, June 3). China brands Google 'snotty-nosed' as cyber feud intensifies | World

news | The Guardian. Latest News, Comment and Reviews from the Guardian |

Guardian.co.uk. Retrieved June 03, 2011, from

http://www.guardian.co.uk/world/2011/jun/03/china-google-cyber-warfare


.

Documents

Cyberspace Threats Affecting Business and Government in the Information Age