CYBER-WARFARE AND

CYBER-TERRORISM
The Next Threat to National Security

Prepared by Rahim Adam & Jeffrey Thorson
IT 486, Central Washington University
June 5, 2014



Professional Value
Cyber-warfare and cyber-terrorism are important to an IT organization both directly and
indirectly. When it comes to our national security it is important to not forget that our private
companies plays vital role to our economy together with the support of our government sector.
Private companies can be attacked with a piece of malware or by a distributed denial of service
attack (DDoS) which is directly attacking the company. These attacks possess significant threat
to our nations interests. Both government organizations, private contractors, and the entire
private companies can also be affected through indirect means by attacking other means such as
power grids, air traffic controls systems, gas pipe lines, sabotage our communications of troops
as well as confusing their operational routines and our financial markets systems such as stock
market.
The root causes of cyber-warfare and cyber-terrorism points out to the evolution of
internet from early 1990s. As more private companies, government institutions and our military
tend to rely more on using computer systems and their network infrastructures, hackers and
professional attackers find it to be an opportunity to carry out threats in cyber space. Another
root a cause for cyber-warfare and cyber-terrorism is how easily those remote attacks can be
carried out with only minimum resource required and to create a psychological fear. A terrorist
can sit in front of his computer and launch an attack into different parts of the world by using
various paths into different countries while covering his tracks to be untraceable, and cause
massive financial damages and even fatalities. Minimal resources and very low budget plans
make it very easy in making this form of terror. On the other hand, traditional terrorism requires
much more resources such as: large finances, weapons, man power and security access. Cyber
terrorism fits with the terrorism common purpose which is to create fear, confusion and


panicking into lives of their enemies. Unlike tradition terrorism, cyber terrorism makes the
terrorists look fearful on the time of the attacks since it can take time to trace the attackers while
the damages continue to take place.
Cyber security is a matter comparable to other threats that United States faces due to its
effects on people, companies and our nations security. If our network security is not well
secured it might affect our economy, our nation interests and might put nation at risk.
As our nation and the world adapt rapidly to the technological advancement, it is
important to be concerned by moving quickly to strengthen our cyber security in all aspects
weather it is private or government institutions. Our report has found out that there will be more
threats as long as our private and governmental sectors do not step up to catch up with the
advance and robust measures to stop those threats.










Table of Contents
Executive Summary ............................................................................................................................ - 1 -
Introduction ......................................................................................................................................... - 2 -
Report Findings: .................................................................................................................................. - 3 -
Figure 1 Cyber-warfare Expenses for Countries ................................................................................ - 5 -
Figure 2 Attack Trend with Drill Downs of Motivations ................................................................... - 7 -
Figure 3 Top 10 Attack Techniques .................................................................................................. - 8 -
Figure 4 Distrubution of Targets ....................................................................................................... - 9 -
Figure 5 Percentage of Time Spent on IT Security ............................................................................ - 9 -
Summary ........................................................................................................................................... - 10 -
Conclusion ........................................................................................................................................ - 10 -
Recommendations ............................................................................................................................. - 10 -
References ......................................................................................................................................... - 12 -




- 1 -

Executive Summary

The Internet has become a vital resource in the past two decades, from a small network
limited primarily to the scientific community to a global network that counts more than two
billion users. With the advancements in technology, an increasing number of applications were
created for the Internet such as email and social networks.
The cyber world has seen an increase in cyber-warfare and cyber-terrorism. Some
countries such as the United States have weak security against these threats. With people storing
sensitive information on networks, this has led to cyber espionage against governments and
businesses.
This report explores where the world is today in cybersecurity and if businesses in the
United States should be held responsible for strengthening their infrastructure from Cyber-
attacks. Specifically, it delves into what has happened and what will happen in the future and
what the world is doing to prepare.
Given the increasing reliance on information systems in general and access to the Internet
in particular, critical infrastructure is growing progressively more vulnerable to cyber-attack.
Cyber weapons appear to be capable of catastrophic destruction in that they could inflict
extreme misfortune on a business in the form of imposing very large, long-term costs. Many
businesses are already incurring losses today because of cyber-attacks, but some are working to
minimize their vulnerability from future threats.
A cyber-attack against critical infrastructures in the United States will shock the public
and cause some sort of chaos. Compared to a standard attack, it is much more difficult to locate

- 2 -
where the attack came from. This can give attackers confidence to strike a company and steal
valuable information while staying hidden.
Cyber-terrorism has gained popularity in the world because of how simple it can be to
attack a business. As before, the attackers can stay hidden by using remote attacks. They also
only require minimal resources to manage an attack while also creating a big fear factor.
With cyber-warfare and cyber-terrorism becoming more prominent and an easy way to
attack an entity, it is becoming more important to protect the infrastructure from any possible
threat from anywhere in the world.
Introduction
The purpose of this report is to provide a realistic assessment of the capabilities, means,
and motivations of certain individuals or nations to conduct a remote, computer attack either
against the United States or against regional adversaries. There is no such thing as perfect IT
security. For instance, hackers seem always able to keep one step ahead of the latest software
security patch, and some secure portions of nations Department of Defense computer systems by
pertaining to procurement and logistics that are connected to the public switch network.
Depending on how these cyber-attacks are carried is how they get defined.
Cyber-warfare is Internet-based conflict involving politically motivated attacks on
information and information systems (Rouse). Cyber-warfare attacks can disable official
websites and networks, disrupt or disable essential services, steal or alter classified data, and
cripple financial systems - among many other possibilities.
Cyber-terrorism is the premeditated use of disruptive activities, or the threat thereof,
against computers and/or networks, with the intention to cause harm or further social,
ideological, religious, political or similar objectives or to intimidate any person in furtherance of

- 3 -
such objectives(Coleman). The U.S. Government states how cyber-terrorism will soon equal or
surpass the danger of terrorism in the near future.
In 2011, former department of homeland security secretary Michael Chertoff and former
defense secretary William Perry warned that The constant assault of cyber assaults has inflicted
severe damage to our national and economic security, as well as to the property of individual
citizens. The threat is only going to get worse. Inaction is not an acceptable action. (Hearing
Before The Committee on Homeland Security and Governmental Affairs Senate, February 16
2012)
The scope or limits of our study found that both cyberwar-fare and cyber-terrorism are
very hard to predict their occurrence as of when they will occur since they are carried remotely
and anonymously. Finding out as of whether the attack took place and where it came from it is
always known after the damage is done.
Report Findings:

In our report findings, we found cyber-warfare and cyber-terrorism to be increasing due
to numerous reasons but mainly because they are easy to be carried out at very low cost budget
close to nothing, they can create confusions to victims, amount of damage they can create and
attackers can remain anonymously for quiet sometime. Cyber-warfare and cyber-terrorism are
both crimes which can be launched from any location in the world using various tactics to
penetrate the security implemented by the victims. These threats are real, they prove no one to be
safe and they are able to defeat any country in the world including super power nations like the
United States.

- 4 -
Many people believe the United States is going to have a cyber-attack similar to the
devastation of 9/11. Secretary Napolitano stated After 9/11, we just could not do enough to
protect ourselves from another 9/11. And we have the opportunity here to do something
preemptively, preventively, methodically, and at much less cost to our society overall. (Hearing
Before The Committee on Homeland Security and Governmental Affairs Senate, February 16
2012). The bill was going to help make it their responsibility to take action and be proactive
about securing our infrastructure.
Secretary Napolitano Obviously, it will cost some to enforce this, to carry it out, but it
will be a fraction of what it would cost our society if there was a successful cyber attack.
(Hearing Before The Committee on Homeland Security and Governmental Affairs Senate,
February 16 2012).
The cost of constructing the worms or viruses they are pretty much close to nothing. It
takes a computer, internet and few tutorials from online on how to create those viruses if the
attacker does not have knowledge to create codes and send them to the victims. It is the win-win
situation for criminals to carry their attack undetected because they always want to continue with
their viscous attacks. Depending on the severity of the attacks, people who carry out these
actions they share two mainly common interests which is to create confusion and physiological
fear in victims mind as well as stealing classified data.
It is evident that cyber-warfare and cyber-terrorism always comes as a surprise even
though people and nations know about their existence. The attacks can originate from any part of
the world without anyones knowledge, however through the footprints they get discovered
sometimes after the damage is done. Severe increase of these threats proves that even super

- 5 -
power nations like USA are all struggling. Whether it is a major financial market, military,
private industries and other nations interest, threats continue to thrive more vigorously.
As the technology evolves, criminals who commit these viscous crimes get more
advanced in coding to keep engaging more in cyber-warfare and cyber-terrorism. On the victim
side situations get more serious in stepping up with methods to overcome these threats by
implementing more strict governmental rules and regulations as well as gearing up in cyber
security measures.


Figure 1 Cyber-warfare Expenses for Countries

(Pierluig, 2012)

- 6 -
Figure 1 displays five countries and describes what each of them are focusing on and also how
much each countries expenses are for the coming years. As you see, the US has a cyber budget
of $1.54 billion from 2013 to 2017 (Pierluig, 2012). While this graph provides and idea of a
countries status regarding cyber-warfare, it fails to show the private businesses aspect and how
much they will invest in their security. Since 90% of the United States infrastructure is controlled
by the private sector, the United States should put more focus into strengthening those businesses
as well to reinforce our core infrastructure.











- 7 -
Figure 2 Attack Trend with Drill Downs of Motivations

(Passeri, 2014)
Figure 2 above displays discovered attacks for each month of 2013 and what types of attacks
were taken place. It displays attacks have decreased as the year continued. Unforuneatly that is
not the case says Erin Palmer from BusinessAdministration Information. The report refers to
2013 as the year of the mega breach because of the high number of security breaches, a 62%
increase from 2012. Just eight of the many breaches in 2013 revealed more than 10 million
identities each (Palmer, 2014). Attacks are becoming more sophisticated and harder to detect
which allow hackers to steal more information without being caught.

- 8 -





Figure 3 Top 10 Attack Techniques
(Passeri, 2014)
Out of all the attacks that were detected, figure 3 breaks down what were the top 10 attacks in
2013. As shown DDoS was the most used technique with SQL injection behind it. DDoS attacks
are popular because hackers can control a botnet with thousands of computers and can attack
someone with high a high rate of success.

- 9 -
Figure 4 Distrubution of Targets

(Passeri, 2014)
Figure 4 illustrates who are targets for cyber attacks between January and April of 2014. With
the top three targets being industry, government and organizations, these are the most critical to a
country. There needs to be a greater investment in securing these networks to help diminish
attacks from occurring.
Figure 5 Percentage of Time Spent on IT Security

(Begun, 2008)

- 10 -
This graph shows an estimate of how much time an average user spends on IT Security. The
majority of users surveyed spend no more than 3 hours on security per week. This gives an idea
of how businesses are still not doing enough to protect themselves from cyber-terrorism and that
it needs to be taken seriously.

Summary

Cyber-warfare and cyber-terrorism have become a real concern and are becoming more
of a threat with better technology. People need to be educated on how serious these threats are and how to
help decrease the chance of an attack taking place. As illustrated in figure 5, it is evident more people
need to spend more time learning the precautions that would in preventing these attacks.
Failing to educate the public on what steps they can take to help minimize cyber-attacks would be
very costly to the United States not only economically, but also on a personal level. With attacks being
more focused towards the industry and government as stated in figure 4, there is more of a concern that
peoples private information can be at risk.
Conclusion
The world is changing the way war is pictured. In the past we used weapons such
as guns and missiles to attack our enemy, but today, we use technology. Cyber-attacks are the
weapons of the future. Cyber-terrorists can attack any target from anywhere in the world to cause
chaos and harm.
Recommendations

The United States has almost single-handedly blocked arms control in cyberspace. Over
the past decade, the United States has declined to join in on cyber talks because they had not yet

- 11 -
explored what it wanted to do in the area of cyber war. Now that over twenty nations militaries
and intelligence services have created offensive cyber war units and we have gained a better
understanding of what cyber war could look like, it may be time for the United States to review
its position on cyber arms control and ask whether there is anything beneficial that could be
achieved through an international agreement. (Clarke & Knake, 2010, pp. 219-220).
With cyber-warfare on the rise, and the private sector controlling the majority of the
countrys infrastructure, the government must communicate with the private sector to raise
awareness of the threats and what steps need to be taken to secure the infrastructure.
To help strengthen defenses even more, the government will need to teach citizens how
to protect themselves from cyber-attacks and what needs to be done in case of a possible threat.
By creating guidelines for everyone to follow and a clear path to take, these are just a few
steps that can be taken to help secure our countries infrastructure from any future cyber-attacks
and protect the citizens from harm.










- 12 -
References

Begun, D. A. (2008, June 23). Are SMBs Easy Pickin's for Cyber Criminals? Retrieved from Hot
Hardware: http://hothardware.com/News/Are-SMBs-are-Easy-Pickins-for-Cyber-
Criminals/
Clarke, R. A., & Knake, R. K. (2010). Cyber War.
Coleman, K. (2014, June 3). Cyberterrorism. Retrieved from Directions Magazine:
http://www.directionsmag.com/articles/cyber-terrorism/123840
Hearing Before The Committee on Homeland Security and Governmental Affairs Senate, U. S.
(February 16 2012). Securing America's Future: The CyberSecurity Act of 2012. (p. 2).
Washington D.C.: U.S. Government Printing Office.
Palmer, E. (2014, Aprl 25). BusinessAdministration Information. Retrieved from Report:
Targeted Cyber-Attacks Increased by 91% in 2013:
http://www.businessadministrationinformation.com/news/report-targeted-cyber-attacks-
increased-by-91-in-2013
Passeri, P. (2014, May 19). Hackmageddon. Retrieved from 2013 Cyber Attacks Statistics
(Summary): http://hackmageddon.com/category/security/cyber-attacks-statistics/
Pierluig, P. (2012, October 5). InfoSec Institure. Retrieved from The Rise of Cyber Weapons and
Relative Impact on Cyberspace: http://resources.infosecinstitute.com/the-rise-of-cyber-
weapons-and-relative-impact-on-cyberspace/
Rouse, Margaret. "Cyberwarfare." May 2010. SearchSecurity. 3 June 2014
<http://searchsecurity.techtarget.com/definition/cyberwarfare>.
Coleman, Kelvin. "Cyberterrorism." 10 October 2003. Directions Magazine. 3 June 2014
<http://www.directionsmag.com/articles/cyber-terrorism/123840>.