Cyber Conflict

In August 2008, the Russian Army invaded georgia. numerous, coordinated cyber attacks accompanied the military campaign. this represents the first instance of a large-scale computer network attack (CNA) conducted in tandem with major ground combat operations. The attack had no direct connection to the Russian government, but had a significant informational and psychological impact on Georgia: it effectively isolated the Caucasus state from the outside world.

Moonlight Maze is the code name given to a highly classified incident. Experts in information security and intelligence think that Moonlight Maze is an example of the longest lasting advanced persistent threat in recent history. Security experts had their first contact with this incident in March 1998. The official U.S. government perceived abnormal activity in restricted networks environments. Systems within the Pentagon, National Aeronautics and Space Administration (NASA), the Department of Energy (DOE), weapons laboratories and Universities throughout the United States were affected by targeted attacks on specific objectives that lasted long periods of time. The attacks were directed to seek sensitive but unclassified information systems and stored data. The incident response teams after repeated testing of the affected systems and data concluded that the cyber-attack had lasted almost two years. The cyber attackers had surfed freely through thousands and thousands of documents including maps of military installations, configuration of troops, military hardware design.

In this article, I analyse deterrence theory and argue that its applicability to cyberspace is limited and that these limits are not trivial. They are the consequence of fundamental differences between deterrence theory and the nature of cyber conflicts and cyberspace. The goals of this analysis are to identify the limits of deterrence theory in cyberspace, clear the ground of inadequate approaches to cyber deterrence, and define the conceptual space for a domain-specific theory of cyber deterrence, still to be developed.

Since 9/11, intelligence has evolved within a changing atmosphere of modern tactics and techniques for information collection. This atmosphere, coupled with massive leaps in technological advancement such as social media, mobile communications, processing analytics, large-form solid-state data storage, novel computational hardware, and software equipment, has thrust intelligence communities around the world into a strange new world of multi-dimensional intelligence. While science and technology and human capability both remain valuable facets of the same overlapping intelligence construct, there is an emerging trend of diametrically opposed camps pushing for one method over the other. This article explains how in terms of field application and intelligence information processing and analysis, both HUMINT and TECHINT could be maximized by the elimination of forced rivalry and by the encouragement of mutual cooperation that is currently lacking.

Given the tone of cyber security debate and coverage in the news media, the assumption would be that we have entered an era of constant cyber warfare. Yet, the idea that cyber conflict is prevalent and normal flies against all evidence when the macro perspective of cyber events is taken into account. On the contrary, there is a developing cyber norm against the use of severe cyber tactics as directed by states against each other. Perception is not reality, and we cannot take the frequent news reports and fears exhibited by policy-makers as evidence that we have entered an era of perpetual cyber conflict. What we witness is cyber espionage and probes, not cyber warfare or coercion. The system has stabilized into a process of limited acceptable uses of cyber technology in international affairs prohibiting the crossing of any line that might be considered a dangerous use of force, or actions that might provoke such a response. We will explore these themes through the use of data to demonstrate the lack of severe cyber incidents, the lack of responses to cyber actions, and the notion that cyber actions represent the beginnings of a taboo that is not to be broken. 2 Introduction The year 2015 seems like a breakout year for high profile and damaging cyber actions. The Sony hack, the Office of Personal Management espionage campaign, and Ukrainian power plant hack are few of several high profile cyber incidents launched against major networks. The framing of these violations is that we are in an era of more sophisticated and threatening cyber conflict that will continue to escalate and lead to a revolution in international affairs and state-to-state interactions. 1 Yet beyond all of the media hype and threat perception that cyber conflict is the number one national security threat, what is the macro outlook for the reality of the cyber threat? It is becoming accepted that we have entered an era where cyber conflict is tolerated, that it is " the new normal ". 2 This idea that cyber conflict is prevalent and normal flies against all evidence when the macro perspective of cyber events is taken into account. 3 On the contrary, there is a developing cyber norm against the use of severe cyber tactics as directed by states against each other. In this paper we demonstrate this trend through data, also discussing the advantages of taking a macro perspective on data in the field of cyber security. There is an ongoing dramatic revolution in how we communicate, utilize data, and interact given the advent of networked computers and ubiquity of connected mobile phones, but these advances have not transitioned to the framework of conflict and warfare. The speed that digital networks provide for communications changes how we interact with governments, individuals, and corporations, but it has yet to impact the course of conflict and diplomacy. Change in one domain, interaction and communication, is not automatically bound to produce changes in other domains, such as warfighting and diplomacy. Perception of cyberwar does not make it a reality. We cannot take the frequent news reports and fears exhibited by policy-makers as evidence that cyber war is a current state of affairs. A few isolated examples of cyber conflict between states do not make a trend. Instead of demands for escalation being acceded, there is a persistent avoidance of escalation in cyberspace. Instead, what we are seeing is cyber espionage and disruption, not cyber warfare or violence. The system has stabilized into a process of limited acceptable uses of cyber technology in international affairs that prohibits the crossing of any line that might be considered a dangerous use of force. We have entered the era of cyberpeace. Exploring this issue and perspective cannot come at a more critical time. Reactions to the cyber threat are tied directly to perceptions of cyber threat. Given that cyber security is often indicated as the number one international threat, just what is the reality of cyber conflict as experienced in the system? This article explores this theme, the perspective of the cyber moderate, and the outlook of positivity through cyberpeace.

Recent cyberattacks, such as those carried out against Estonia and Georgia, have grayed the line between political hackers and legitimate combatants involved in cyberconflicts. There has been fierce debate as to whether these attacks are the independent acts of politically motivated individuals and groups or the strategic acts of states using covert methods to direct such actions to achieve larger political objectives. These attacks lead to many important questions but have yet to be answered in the international community. Under international agreements, can a computer attack truly be claimed as an armed attack? Are participants in these cyberattacks legitimate combatants, or are they merely politically motivated individuals who are breaking the law and should thus be treated as criminals under existing international agreements? This article explores these issues, the possible benefits and drawbacks of such actions, and the ramifications such cybermilitias might have on the current and future state of cyberconflicts.

Over the last years there is a growing body of literature over exploiting cyberspace for offensive and defensive purposes. Cyber-conflict is after all the newest mode of warfare and cyber-weapons have been described as weapons of mass disruption. Although the attention on the technical and military dimensions of cyberspace is justifiable, one needs also to look into the legal and ethical aspects of cyber-conflict, in order to comprehend the complex nature of cyberspace. The lack of an international legal framework that defines the use of force in cyberspace, operational difficulties in deterring and identifying cyber-attacks as well as the asymmetric dimension of cyber-conflicts pose without a doubt, great pressure on both theorists and practitioners of warfare. This paper will highlight the legal and ethical dilemmas regarding the use of force in cyberspace and question how the Law of War can be applied to cyber-threats.

Political hackers and cyber militias have begun to play an increasingly significant role in cyber conflict. Non-state actors, hacktivist groups and patriotic hackers often participate in online hacking battles based on political, ideological or patriotic considerations. These groups, however, lack the legal, moral and ethical constraints often imposed on state-controlled entities. This lack of constraint could lead to the escalation of state-on-state conflicts and may inadvertently drive hostilities toward what Clausewitz would deem as total war in the cyberspace domain. It is with this in mind that western-style democracies, which are often reticent to make use of cyber militias and patriotic hackers, should begin to explore acceptable models to legitimately harness and employ such groups for limited cyber operations. Such usage could introduce needed constraints on these groups and could also prove to be a significant force multiplier in a domain where government and military organizations often suffer from limited human resources. This paper will explore several models for incorporating patriotic hackers and civilian technicians into militia-like organizations and integrating these types of organizations into a state’s cyber operations.

Dābiq is an electronic magazine (e-zine) utilising strategic utopianism and savagery messages supported by exemplary leadership, eschatology, and current events reports. This project analyses narrative themes present within Dābiq and how relevant and prevalent these themes are across issues. The project applies Thematic Network Analysis of the first six issues of Dābiq, laying foundations for understanding ISIL’s culture and counter-narrative development. It argues present terminology and first generation research constrain understanding of ISIL’s cultural specifics. This project establishes that rhetoric within Dābiq contains both political and religious narratives. Finally, this project establishes that ‘Exemplary Leadership’ theme dominates ISIL’s Dābiq rhetoric.

Deterrence in cyberspace is possible. But it requires an effort to develop a new domain-specific, conceptual, normative, and strategic framework. To be successful, cyber deterrence needs to shift from threatening to prevailing. I argue that by itself, deterrence is insufficient to ensure stability of cyberspace. An international regime of norms regulating state behaviour in cyberspace is necessary to complement cyber deterrence strategies and foster stability. Enforcing this regime requires an authority able to ensure States compliance with the norms at an international level, run investigations into suspected State-run (or Statesponsored) cyber operations to define attribution, expose breaches of the norms, and impose adequate sanctions and punishments. These requirements define a political mandate for an authority that will have a deep impact on international relations and geo-political equilibriums. The UN Security Council has the necessary resources and the political and coercive power to meet these requirements. The time has come to embrace this power to consolidate and enforce an international regime of norms to regulate state behaviour in cyberspace. Problems, mistakes, and even failures are to be expected, but they must not hinder the process.

Cyber-attacks are often called non-violent or non-kinetic attacks, but the simple truth is that there is a credible capability to use cyber-attacks to achieve kinetic effects. Kinetic Cyber refers to a class of cyber-attacks that can cause direct or indirect physical damage, injury or death solely though the exploitation of vulnerable information systems and processes. Kinetic cyber-attacks are a real and growing threat that is generally being ignored as unrealistic or alarmist. These types of attacks have been validated experimentally in the laboratory environment, they have been used operationally in the context of espionage and sabotage, and they have been used criminally in a number of attacks throughout the world. While these types of attacks have thus far been statistically insignificant, the rapid growth and integration of cyber physical systems into everything from automobiles to SCADA systems implies a significant kinetic cyber threat in the near future. It is imperative that the security community begin to take these types of threats seriously and address vulnerabilities associated with cyber physical systems and other devices that could be utilized to cause kinetic effects through cyber-attacks.

With the U.S. government acknowledgement of the seriousness of cyber threats, particularly against its critical infrastructures, as well as the Department of Defense officially labeling cyberspace as a war fighting domain, the Cold War strategy of deterrence is being applied to the cyber domain. However, unlike the nuclear realm, cyber deterrence must incorporate a wide spectrum of potential adversaries of various skill, determination, and capability, ranging from individual actors to state run enterprises. What’s more, the very principles that achieved success in deterring the launch of nuclear weapons during the Cold War, namely the threat of severe retaliation, cannot be achieved in cyberspace, thus neutralizing the potential effectiveness of leveraging a similar strategy. Attribution challenges, the ability to respond quickly and effectively, and the ability to sustain a model of repeatability prove to be insurmountable in a domain where actors operate in obfuscation.

"In today’s information-driven business environment, enterprise systems and processes capture an ever-increasing amount of data. To derive meaningful and actionable information from this data, businesses are compelled to commit significant resources to perform the necessary analysis. While all business areas are impacted to varying degrees, few face a greater challenge than the information security department. To support its mission to protect critical information assets, the information security department must maintain an ongoing process to capture, analyze and subsequently act on log and alert information collected from a wide array of systems across the enterprise.
Typically, these data must be analyzed and actionable.... Joey Hernandez worked as a SME Reviewer for this ISACA effort"

The paper explores the application of digital forensics techniques to cyber
warfare scenarios. A common accepted taxonomy for digital forensics (and anti-
forensics) activities, techniques, procedures and work flows does not yet exist
but guidelines and even international standards have given the field a framework:
this paper explores how digital forensics can be logically framed in the context
of cyber warfare.
The attribution of a cyber attack is widely considered a fundamental aspect to be
resolved before the formulation of every cyber strategy by nation-states. Digital
forensics procedures and protocols established in civilian contexts can be
adopted by military and intelligence bodies.
The paper explores the field of digital forensics as applied to cyber warfare,
mainly for defensive and intelligence operations. It proposed a taxonomy for
digital forensics activities and on the time dimension how it is applied to the
phases of forensic operations: prioritization, collection, acquisition, analysis,
interpretation, reporting/dissemination, detailing a model that tailors techniques
to military context, giving also a review of existing literature. Defensive and
intelligence activities also need knowledge of the range of anti-forensics
techniques applied by counterparts, so an analysis of the anti-forensics arsenal
and how it correlates with forensics processes is conducted.
In the conclusion the paper shows the cardinal role of digital forensics (post-
attack and in readiness processed) even in military activities and the value of
concepts developed in the civilian world, albeit adapted.

The growing frequency of state-associated cyberattacks has led to calls for the establishment of rules of behaviour in this increasingly relevant domain. While there has been no shortage of such initiatives over the past decade, their respective outcomes have highlighted the unique challenges faced by norm entrepreneurs in cyberspace. Questions of the contrasting conceptualizations of cyberspace and varying threat perceptions have stymied attempts to establish a globally acceptable set of norms that regulate state behaviour. As the Association of Southeast Asian Nations (ASEAN) continues to invest heavily in this domain, calls for the creation of cyber norms within the region have been made. Yet despite this positive development, this paper illustrates that the unique characteristics of ASEAN pose significant obstacles to the emergence and eventual internalisation of cyber norms. In response, this paper argues that success in this endeavour requires initiatives that focus on confidence and capacity-building measures to mitigate these constraints. Although the likelihood of common norms across ASEAN remains uncertain, the approach suggested may lead to the emergence of different yet congruent norms within the bloc.

The U.S.-China bilateral agenda is dominated by issues like trade, intellectual property rights, monetary policy, human rights and security issues. However, given the fact that critical national infrastructures and the private sector are increasingly dependent on digital assets, cyberspace has become an important aspect of their bilateral relationship. The purpose of this paper is to define the nature of U.S.-China relationship in cyberspace and identify issues that cause conflict between Washington and Beijing. For both sides, cyberspace is a realm where they exercise power politics in order to pursue their national interests. The two global competitors have different positions on most of the issues that relate to cyberspace. Fear and uncertainty are present in cyberspace for both Washington and Beijing. Nevertheless, they also have common goals. The level of interdependence between them is high and avoiding misperception and escalation is a mutual priority. Therefore, both sides are trying to avoid mistrust and conflict in cyberspace and establish some cooperative mechanisms. Based on previous practice from nuclear diplomacy, both sides are in the process of identifying diplomatic tools (e.g. confidence building measures, Track II diplomacy and simulations) in order to avoid unnecessary tension in cyberspace.

There are few more critical questions in the field of cyber security than the issue of how to prevent malicious cyber actions and the utility of deterrence in the cyber domain. For many, deterrence will protect us from an uncertain cyber future. Yet, the proliferation of scholars and academics conceptually stretching an age old or nuclear era concept to the new domain prevents the development of logics that might be more applicable and progressive in this transformative digital age. Put simply, cyber deterrence is logically problematic, empirically unsupported, and impractical to put into practice in cyberspace. The most powerful states in the world, conventionally or in terms of cyber power, are constantly attacked and probed, yet their capabilities do not deter the adversary given the conditions of the cyber framework. Building more powerful systems, making clear the threats and consequences of actions, or extending the threats to conventional actions will not save deterrence and make it work. Instead the concept of restraint offers a more viable perspective by which to understand cyber conflict dynamics and perhaps offers a better way to manage future interactions. This article explores the evolution of the concept, its application to the cyber domain, the problems with its implementation and logic, and the policy implications of our inability to move beyond the concept. By giving up the crutch of deterrence, strategists can finally focus on the important tasks required in the cyber domain-defenses, hygiene, understanding restraint dynamics, and shared norms and institutions that might make a cyber future a safe one. A clear intellectual debt is owed to

The Fifth Dimension of Conflictuality: The Rise of Cyberspace and Its Effects on In- ternational Politics
Cyberspace has become a crucial element for political, social, financial and individual activities. The Information and Communication Technologies (ICT) have enhanced the human interactions and have contributed to “reinvent” classical concepts such as political participation, political debate, decision-making. However, their all-encom- passing, ubiquitous nature and their growing use for political and military purposes poses significant risks to international peace, stability and security. The low barrier of access to ICT capabilities, the speed of technological advances and the complexity of the cyberspace environment with regard to traditional legal definitions of borders have presented new challenges to States (the main actors of international relations) such as the inherent complexity of accurately attributing cyber-attacks. It is both this complexity and the frequent insistence of parties to attribute cyber-attacks and incidents “beyond a reasonable doubt” that gives one the ability to deny responsibility and frustrate attempts to build trust and political rapport in cyberspace. The purpose of this research is to analyze how cyberspace affects the international politics. The nature of the topic dictates the use of qualitative analysis of primary and secondary sources such as official reports, declarations and policy documents, and academic analysis, in order to understand effects and dynamics carried out by the cyber domain on classical concepts such as war, peace and international relations. The main idea of this research is that the development of Information and Communication Technolo- gies (ICTs) and the related (r)evolution of warfare have produced relevant effects on the dynamics of the contemporary international system highlighting, at the same time, how the militarization of the cyber domain has posed consequences on interna- tional security, peace and stability. However, the lack of specific research related to “cyberspace’s effects on international politics” highlights the need to devote more attention on this topic bearing in mind that, more extensive and enduring analysis on cyberspace’s dynamics might allowed policy makers the opportunity to improve
awareness related to cyber threats in order to governing challenges emerging from the digital sphere.

This paper seeks to argue for the development of a global and multileveled management of cybersecurity. To do so we first define cybersecurity by situating it within the broader framework of the changing concept of security. To this end we look at the evolution of the security concept, mainly since the end of the Cold War, and its relationship to cybersecurity in today’s global affairs. Then we identify the referent object of security, the importance of cyberthreats, and the need for a multileveled management of cybersecurity and cyberthreats. For such a management to be possible and effective, this paper argues that the development of a security culture of multileveled cybersecurity is necessary. To demonstrate how that could happen policy-wise, we briefly look at the current state of international cooperation on cybersecurity and put forward the idea of a framework of multileveled and global cooperation based on a strategy aiming at developing a global security culture of cybersecurity. Moreover, it is suggested that the development of this security culture should be gradual, based on horizontal and vertical multileveled cooperation, by starting with “low-politics” or non-politically sensitive cybersecurity matters. Such a multileveled framework of cybersecurity, with successful communication lines on and between all levels, may even provide a good platform for cooperation in other domains as well.

It is now well-established that the rapid evolution of cyberspace has impacted upon almost every aspect of our lives. The dramatic increase in the speed, volumes and range of communications that it offers has undoubtedly changed the ways that individuals interact with each other, how companies deliver services and, crucially, how we are governed. But there is also a darker side to cyberspace which poses a growing number of challenges to individual and collective security.

This book explores current and emerging trends in policy, strategy, and practice related to cyber operations conducted by states and non-state actors. The book examines in depth the nature and dynamics of conflicts in the cyberspace, the geopolitics of cyber conflicts, defence strategy and practice, cyber intelligence and information security

This article proposes a theoretical assessment of discourses on cyberconflict, and of their relation to the current perception of the state of cyberspace. By contrasting the “battlefield” approaches to cyberconflict with theoretical and factual materials on its social and political impacts, this article suggests that the “battlefield” terminology frames the discussion of online security within a drive for the “militarization” of cyberspace. It concludes by presenting generativity-based perspectives as a contribution towards addressing contemporary challenges to network politics in cyberconflict theoretical frameworks.

A relation of mutual influence exists between the way conflicts are waged and the societies waging them. As Clausewitz remarked, more than an art or a science, conflicts are a social activity. And much like other social activities, conflicts mirror the values of societies while relying on their technological and scientific developments. In turn, the principles endorsed to regulate conflicts play a crucial role in shaping societies. Think about the design, deployment, and regulation of weapons of mass destruction (WMDs). During World War II, WMDs were made possible by scientific breakthroughs in nuclear physics, which was a central area of research in the years leading to the War. Yet, their deployment proved to be destructive and violent beyond what the postwar world was willing to accept. The Cold War that followed and the nuclear treaties that ended it defined the modes in which nuclear technologies and WMDs can be used, drawing a line between conflicts and atrocities. In doing so, treaties and regulations for the use of WMDs contributed to shape contemporary societies as societies rejecting the belligerent rhetoric of the early twentieth century and to striving for peace and stability. The same mutual relation exists between information societies and cyber conflicts, making the regulation of the latter a crucial aspect, which will contribute to define current and future societies. In the short term, regulations are needed to avoid a digital wild west, as remarked by Harold Hongju Koh, the former Legal Advisor U.S. Department of State. For this reason, over the past few years, efforts have been devoted to analysing and interpreting the existing corpus of laws to guide states in engaging in international cyber conflicts.

In cyberspace, I argue, a powerful political actor is the one able to resolve, more than win, conflicts, as the China vs USA example indicates. This is because of the nature of cyber conflicts and the power dynamics of the information age. For one thing, the opponent may remain unknown. And even when attribution is not a problem, winning a cyber conflict may not mean crippling the opponent resources to make sure that it would not come back again. At the same time, paradoxically, when successful, the defending side of a cyber-attack may reveal too much about its cyber capabilities and skills. In doing so, it may expose itself to new attacks.

Cyber attacks are escalating in frequency, impact, and sophistication. For this reason, it is crucial to identify and define regulations for state behaviour and strategies to deploy countering measures that would avoid escalation and disproportionate use of cyber means, while protecting and fostering the stability of our societies. To this end, strategies to deter cyber attacks and norms regulating state behaviour in cyberspace are both necessary; unfortunately neither is available at the moment. In this chapter, I offer a theory of cyber deterrence and a set of policy recommendations to fill this vacuum.

Efforts to regulate cyber conflicts—and cyber-defence postures more generally— rose to prominence almost a decade ago, when the risks for national and international security and stability arising from the cyber domain became clear.1 As I argued elsewhere (Taddeo 2014), these efforts often rely on an analogy-based approach, according to which the regulatory problems concerning cyber conflicts are only apparent, insofar as these are not radically different from other forms of conflicts. Those endorsing this approach claim that the existing legal framework2 governing armed conflicts is sufficient to regulate the cyber battlefield. All that is needed is an in-depth analysis of such laws and an adequate interpretation of the phenomena. As Schmitt stresses.

This article focuses on the ethical analysis of cyber warfare, the warfare characterised by the deployment of ICTs. It addresses the vacuum of ethical principles surrounding this phenomenon by providing an ethical framework for the definition of such principles. The article is divided in three parts. The first one considers cyber warfare in relation to the so-called information revolution and provides a conceptual analysis of this kind of warfare. The second part focuses on the ethical problems posed by cyber warfare and describes the issues that arise when Just War Theory is endorsed to address them. The final part introduces Information Ethics as a suitable ethical framework for the analysis of cyber warfare, and argues that the vacuum of ethical principles for this kind warfare is overcome when Just War Theory and Information Ethics are merged together.

This paper seeks to create a practical taxonomy to describe cyber conflict events and the actors involved in them in a manner that is useful to security practitioners and researchers working in the domain of cyber operations. The proposed Cyber Conflict Taxonomy is an extensible network taxonomy organized as a plex data structure. Subjects of the taxonomy are entered as either Events or Entities and are then categorized using the categories and subcategories of Actions or Actors. Each of these categories is further subdivided into increasingly specific subcategories used to describe the defining characteristics of each subject and labeled lateral linkages are used illustrate the associative relationships between Entities and Events. The categories are organized in both a hierarchical and associative manner to illustrate the relationships between subjects and categories. A prototype of this taxonomy was developed and tested using a test set of recent cyber conflict!
events and used to explore the relationship and connections between these events and the states, groups or individuals that participated in them. Furthermore, this taxonomy can potentially identify actors across different events based on their similar method of operation, toolsets and target sets.

This chapter is divided into three main sections. The first discusses the political environment in China to provide the context for dissent and involves a broad stroke on neoliberalism in China with a further discussion on censorship and control in this environment. A second section maps networked dissent in terms of the impact and use of Information Communication Technologies (ICTs) in relation to civil society, mass incidents and labour resistance, and shows how it links to broader resistance in the global mediascape. The final section concentrates on nationalism and the symptomatic repression of ethnic and religious minorities, as well as nationalism, which fuels and links to cybercrime and patriotic hacking.

The world's perception of cyberspace has evolved from the libertarian promises of the 1990s to the current situation, where nation-states seek to reestablish their sovereignty. This paper explores the history of our conceptions of cyberspace, from the enthusiastic utopias culminating in the so-called " declaration of independence of cyberspace " to the technological underpinnings and the legislative steps being taken by today's governments to assert more control. It will address efforts in the West and East to resolve diverse, multi-faceted, and ongoing challenges that range from supporting open cyberspace to being able to heavily monitor the threat activities and the various state and non-state actors operating in cyberspace. The paper will highlight the technical and regulatory difficulties in establishing borders in cyberspace, as well as the corresponding policy consequences, and reveal how actors are evading borders by using various techniques such as cryptography and data havens, to name a few. The main takeaway is that the balkanization of cyberspace is not only a reality, but also a course that may be too difficult to reverse, and raises the question of how do open societies balance sovereignty with individual freedoms in cyberspace? A proposal is offered, drawing from examples in which the sovereignty of nation-states is limited and in which borders are not a factor, such as the international body of law regulating global commons. Alessandro Guarino is the principal consultant of StudioAG, an Italian information security and cybersecurity consultancy firm. Emilio Iasiello is a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector.

This article analyses various cyber conflicts and cyber crime incidents attributed to Russian hackers, such as the Estonian and Georgian cyber conflicts and the ‘Climategate hack’. The article argues that Russian hackers were blamed by dozens of outlets for the Climategate hack, because that was consistent with global media coverage of cyber crime incidents which portrayed Russians as highly powerful hackers responsible for many hacking incidents. This narrative also was congruent with the new Cold War rhetoric that consistently takes issue with Russia acting on its geopolitical interests. These interests are seen to manifest themselves in Russia’s objection to countries, formerly under its influence, participating in the NATO alliance and its seemingly obstructive stance at the Copenhagen summit on climate change.

Implementing an active defence strategy in cyberspace, means reacting to cyber attacks reaching out beyond the boundaries of the attacked networks, up to the point of counterattacking and disabling servers or other infrastructures belonging to the enemy, if deemed necessary. Individuating the source of the attacks is in this scenario very important given the rapid reaction times needed. The attribution problem common in cyber conflict comes to the fore even more starkly when implementing ACD and the tools and techniques of digital forensics are fundamental in resolving it, at least from a technical standpoint. Pre-forensics and forensic techniques are a necessary component of the strategy, albeit not the only ones obviously. In attributing an attack the general strategic and political context must be taken into consideration but in the first place the very nature of Active Cyber Defence calls for very rapid responses and in the second place evidence must be collected as early as possible also in order to be presented not in a court of law as in criminal forensics but for instance before international organizations lie the U.N. The paper explores forensic methods and techniques appropriate for an active defence posture in cyberspace, starting with their main trait: these activities must be as automated as possible, or better still autonomous, mainly because of the time constraints imposed by the chosen strategy, but also because of the huge amount of data involved in the analysis -e.g. IP traffic over long periods of time if persistent threats suspected. Preparatory procedures are essential in a cyber conflict context, much more so than in civilian scenarios, so an in-depth analysis for pre-forensics is provided, building later on specific methods for attack detection and analysis of evidence, exploring machine learning techniques for automated analysis of traffic and malware and detection of anomalies, including activity profiling. Forensic procedures for offline evidence individuation, acquisition and analysis are also explored and how they fit in active defence.

Along with the USA and Russia, China is often considered one of the leading cyber-powers in the world. In this excerpt, we explore how Chinese military thought, developed in the 1990’s, influenced their cyber-operations in the early 2000’s. In particular, we examine the ideas of Unrestricted Warfare and Active Offense and discuss how they can permit for the theft of intellectual property.  We then specifically look at how the case study of Operation Aurora – a cyber-operation directed against many major U.S. technology and defense firms, reflects some of these ideas.

The increase in frequency of cyber attacks launched against the Association of South East Asian Nations (ASEAN) regional bloc that have been attributed to the People’s Republic of China (PRC) sets a precedent for the future of low impact cyber conflicts. While the calls
for mutual defense of cyberspace and regional cooperation have been highlighted in the ASEAN ICT Masterplan 2015, conflicting interests between members and the nature of the ASEAN principles
suggests that any eventual cyber defense policies can only be framed within the context of individual state interests. This lack of cohesion paves the way for low impact cyber attacks that, while not targeting critical infrastructure, can enable the aggressor to influence the different instruments of national power within the  region and serves as a viable tool to project power and influence with minimal risk of escalation as opposed to traditional approaches. While this moves against the current predictions that suggests targeted and debilitating attacks aimed at crippling critical  infrastructure, the lack of instances of such lends weight to the assumption that these are unlikely for the time being. On the other hand, the recent events that have taken place in the ASEAN bloc has shown that the PRC has, and continues to, utilized low impact
cyber attacks. By taking advantage of the problem of attribution coupled with the lack of knowledge regarding its true cyber capabilities and the threat of kinetic retaliation, the PRC has found itself able to operate freely. This study aims to discuss how the PRC
has adopted this strategy in response to recent disputes with members within ASEAN, in particular, the Republic of the Philippines. The paper highlights the low impact approach that the PRC has chosen as a means of exerting its influence in ongoing disputes
with the Republic of the Philippines and to a greater extent, the rest of the region. The study discusses the underlying factors that allow the PRC to operate freely by taking advantage of the fundamental weaknesses of ASEAN as a platform for establishing a cyber defense
mechanisms within the region and goes on to caution as to the long term repercussions of such.

The rhetoric over the rate with which state-sponsored or state-endorsed cyber attacks has grown dramatically in the past years. Increasing dependence on information communication technologies by both state and non-state actors; compounded further by the low-cost of entry and the challenge of attribution within the cyber domain have all but assured that this phenomenon would continue in the foreseeable future. While there is no shortage of literature that discusses the benefits and ease with which these events occur within this domain, their dynamics have yet to be studied through the lens of cyber power. Through the analysis of state cyber power vis-a-vis historical cyber conflicts between states, the study identifies cyber strategies that states may use against each other. In the future, the foresight provided by this study may go on to aid in establishing appropriate controls to not only mitigate the possible
impact of future cyber conflicts but may also lead to the creation
of effective deterrence mechanisms.

The Boko Haram terrorism, which began in 2009 has had a devastating impact on the society. So far, it has triggered one of the worst humanitarian crises in history and has been responsible for over 30 thousand deaths with over two million others displaced, mostly in the North-east of the country with sizeable spillovers into the neighboring countries of Chad, Niger and Cameroon. Boko Haram’s primary goal was to create an Islamic caliphate in the region, and like other terrorist networks, uses the unconventional, hit-and-run guerrilla war tactics. This has rendered the insurgency to be a hard nut to crack, a phenomenon that is cited as one of the main reasons the group is able to continually carry out successful attacks despite being declared “technically defeated”. Hence, this need to seek for alternative, ‘unconventional’ media as a tool for counterterrorism. The media, both new and traditional have been shown to play a critical role toward the de-Bokoharamization campaign of the Nigerian Federal Government in collaboration with its Western partners. However, due to the guerrilla tactics nature of the insurgency, human-wearable digital microchip technology such as radio frequency identification and wireless body area network systems have been suggested as capable of yielding desirable outcomes. Following a critical review of literature and taking from Laswell’s communication model, this review article offers a digital communication counterterrorism model to complement the state’s efforts toward the anti-terrorism campaign.