2 research outputs found
Cyber Conflicts in International Relations: Framework and Case Studies
Although cyber conflict is no longer considered particularly unusual, significant uncertainties remain about the nature, scale, scope and other critical features of it. This study addresses a subset of these issues by developing an internally consistent framework and applying it to a series of 17 case studies. We present each case in terms of (a) its socio-political context, (b) technical features, (c) the outcome and inferences drawn in the sources examined. The profile of each case includes the actors, their actions, tools they used and power relationships, and the outcomes with inferences or observations. Our findings include:
• Cyberspace has brought in a number of new players – activists, shady government contractors – to international conflict, and traditional actors (notably states) have increasingly recognized the importance of the domain.
• The involvement of the private sector on cybersecurity (“cyber defense”) has been critical: 16 out of the 17 cases studied involved the private sector either in attack or defense.
• All of the major international cyber conflicts presented here have been related to an ongoing conflict (“attack” or “war”) in the physical domain.
• Rich industrialized countries with a highly developed ICT infrastructure are at a higher risk concerning cyber attacks.
• Distributed Denial of Service (DDoS) is by far the most common type of cyber attack.
• Air-gapped (not connected to the public Internet) networks have not been exempt from attacks.
• A perpetrator does not need highly specialized technical knowledge to intrude computer networks.
• The potential damage of a cyber strike is likely to continue increasing as the Internet expands.
• The size of the actor under attack could have an influence on its ability to deter the attackers with actions in the physical world.
• The entrance barriers (including the monetary cost) for any actor to get involved in a conflict seem to be much lower in the cyber domain than in the physical domain.
• Accountability on the Internet is difficult, and gets further obscured when the attacks transcend national borders. This fact has probably made cyber attacks desirable for major military powers such as China, Russia and the United States.
In many ways, this paper is a re-analysis of the case studies set presented on A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 recently published by the Atlantic Council. In addition, we draw upon other materials (academic and media) to expand our understanding of each case, and add several cases to the original collection resulting in a data set of 17 cyber conflict, spanning almost three decades (1985-2013). Cuckoo's Egg, Morris Worm, Solar Sunrise, Electronic Disturbance Theater, ILOVEYOU, Chinese Espionage, Estonia, Russo-Georgian war, Conficker, NSA-Snowden, WikiLeaks and Stuxnet are some of the major cases included.This material is based on work supported by the U.S. Office of Naval Research, Grant No. N00014-09-1-0597. Any opinions, findings, conclusions or recommendations therein are those of the author(s) and do not necessarily reflect the views of the Office of Naval Research