Austin Miceli

INR 4114

3/31/2019

Cyber Warfare

Cyber Warfare is a threat that has risen to prominence in recently history. Is the US

prepared for Cyber warfare in the future or is not enough being done? As the US has seen, the

Trump administration has acknowledged the importance of the topic. The president has

acknowledged the issue of cyber security by signing into effect a cyber security strategy. This is

the first Cyber security strategy of that has been put in place by the US in the last 15 years.1 The

plan is very encouraging as it acknowledges the importance understanding an being prepared for

cyber-attacks. Countries such as China already have government funded projects that gather

information and even steal information from US business and the government. The stolen

information is used against US business and the government which needs to be prevented or

stopped entirely.2 The president’s plan is put in 4 pieces and although they are very brief it is

important to look at each aspect and to understand if these can have a positive effect on US security

in the future. 3

The plan that president Trump has signed into effect follows four different tenets that will

be put into the National Cyber Strategy. Each of these will represent what the plan wishes to

1
President Trump Unveils America's First Cybersecurity Strategy in 15 Years. (2018, September 28). Retrieved
March 27, 2019, from https://www.whitehouse.gov/articles/president-trump-unveils-americas-first-cybersecurity-
strategy-15-years/
2
Cyber Warfare. (n.d.). Retrieved March 28, 2019, from https://www.rand.org/topics/cyber-warfare.html
3
The UN Secretary-General's Call for Regulating Cyberwar Raises More Questions Than Answers. (n.d.). Retrieved
March 26, 2019, from https://www.cfr.org/blog/un-secretary-generals-call-regulating-cyberwar-raises-more-
questions-answers

1
achieve in the future of Cyber Security. The first step of the plan is to protect American people,

the Homeland and the American way of life. The goal is to manage cybersecurity risks by

increasing security and resilience of the Nation’s information gathering and information systems.

The way that the plan wishes to achieve this goal is to take steps in making the Federal networks

more secure. The is also the goal of improving the security of critical infrastructure, to combat

cybercrime itself and improving how accurate and fast incident reports are made. Protection of the

US public is a very important part of cybersecurity and what it entails.4 An interesting aspect that

can be looked at is the dangerous that can arise involve medical equipment. Currently the very

relaxed ideas on cyber raise a very dangerous problem that can be exploited and may lead to

harming many American lives. Currently there is a vulnerability in medical equipment that can be

exploited if an individual were to gain access to a specific network.5 This brings up two aspects of

cyber that this plan states it can fix. The first would be defining what action will lead to a cyberwar

and the second is to improve the understanding of cyber for everyone including policymakers. A

better understanding would allow laws to be passed the prevented certain medical devices from

being sold or used with out certain protection and security in place to prevent or combat a cyber-

attack on the systems.6 Many people in the US and world rely on these medical devices and

ignoring this aspect can lead to a major loss of life in the country. Medical equipment is not the

only target that can have very negative effects if attacked by a cyber weapon. One interesting topic

is the power grid of the US and all the infrastructure that is involved with the power grid. 7 An

4
President Trump Unveils America's First Cybersecurity Strategy in 15 Years. (2018, September 28). Retrieved
March 27, 2019, from https://www.whitehouse.gov/articles/president-trump-unveils-americas-first-cybersecurity-
strategy-15-years/
5
Williams, P., & Woodward, A. (2015). Cybersecurity vulnerabilities in medical devices: A complex environment
and multifaceted problem. Medical Devices: Evidence and Research, 305. doi:10.2147/mder.s50048
6
Ibid
7
Wang, W., & Lu, Z. (2013). Cyber security in the Smart Grid: Survey and challenges. Computer Networks, 57(5),
1344-1371. doi:10.1016/j.comnet.2012.12.017

2
attack that damages and destroys any component in the power grid would have devastating results

for all peoples and the US and throughout the world. A power grid failure will lead to millions of

lives being lost and will take a large amount of time to repair.8 The US will need to improve its

power grid to ensure that it will be able to withstand attacks in the future. One way to improve the

grind is to upgrade and improve the technology that the power grid runs on. More upgraded

computers would allow for greater security as well as the upgrade would allow for more efficient

energy. Cyber security would also greatly improve on an updated power grid. There will need to

be multiple forms of security that the government will need to assess and work towards. The

government will need to identify and possible vulnerabilities in any and all networks associated

with the power grid. There will also need to be research and preparation for a way to counter any

attack that may be detected in the system. The first step to being successful in creating a power

grid that is ready for cyber attacks is to create an architecture that allows for strict protections but

will also allow for upgrades as well as maintaining strength in the cyber realm.9

The second part of the plan is to promote American prosperity. The goal of this part is to

continue protecting America’s influence in the technology ecosystem. There will also be the

approach to develop cyberspace in to an open “engine” of economic growth, innovation and

efficiency. The way that the plan wishes to support this claim is to support a vibrant resilient digital

economy, to foster and protect American ingenuity, and develop superior cybersecurity workforce.

This piece is extremely important in the plan because one weakness that the US faces and many

companies face an issue with personnel.10 This piece of the plan carries some very significant

8
Wang, W., & Lu, Z. (2013). Cyber security in the Smart Grid: Survey and challenges. Computer Networks, 57(5),
1344-1371. doi:10.1016/j.comnet.2012.12.017
9
Ibid
10
President Trump Unveils America's First Cybersecurity Strategy in 15 Years. (2018, September 28). Retrieved
March 27, 2019, from https://www.whitehouse.gov/articles/president-trump-unveils-americas-first-cybersecurity-
strategy-15-years/

3
 information that needs to be addressed very soon. The value of information and intellectual

property continues to rise which creates an issue. The more the value of intellectual property rises,

the more vulnerable it is to cyber espionage.11 Currently there is a problem that has arrived with

this fact and it is a struggle of understanding who should be responsible for protection. Companies

argue that the government should be more active in deterrence.12 The government should be

working to stop any state actors from directly targeting the private companies. On the other side

the government believes that companies should protect their own property. The government also

expects the companies to share their information with the government on what is being targeted

and what is being used to defend from attacks.13 This issue provides an example of what would

aid in increasing American prosperity and what needs to be focused on in this topic. Cyber

espionage has a very negative impact on the US economy and leads to large amounts of loss every

year. If the government does not react quickly, the number of dollars lost will only continue to

rise.14

The third part of the plan is to preserve peace through strength. The part of the plan states

that there will be improvements to the way that the country identifies, counters, disrupts, degrades

and deters behavior in cyberspace that is damaging and contrary to the national interests of the US.

11
Mayers, & Merton, A. (2018). A Study on How Cyber Economic Espionage Affects U.S. National Security and
Competitiveness. A Study on How Cyber Economic Espionage Affects U.S. National Security and Competitiveness, 1-
14. Retrieved March 29, 2019.
12
Paul, Christopher, & Waltzman. (2018, January 10). How the Pentagon Should Deter Cyber Attacks. Retrieved
March 28, 2019, from https://www.rand.org/blog/2018/01/how-the-pentagon-should-deter-cyber-attacks.html

13
Mayers, & Merton, A. (2018). A Study on How Cyber Economic Espionage Affects U.S. National Security and
Competitiveness. A Study on How Cyber Economic Espionage Affects U.S. National Security and Competitiveness, 1-
14. Retrieved March 29, 2019.
14
Paul, Christopher, & Waltzman. (2018, January 10). How the Pentagon Should Deter Cyber Attacks. Retrieved
March 28, 2019, from https://www.rand.org/blog/2018/01/how-the-pentagon-should-deter-cyber-attacks.html

4
This will also be while preserving the America’s power in and through cyberspace.15 The way that

the plan states that it will achieve this is for the US to enhance cyber stability by creating norms

of a responsible state. The norms include the behavior, attribution of unacceptable behavior in

cyberspace and the imposition of costs on malicious cyber actors. This part of the plan would seem

to be the most important because deterrence may be the best way for the government to combat

the dangers of cybersecurity. One way that the US can improve the deterrence is once again to

determine just what is meant when the word cyber is used. Having a definition will allow for a

much better and more concise approach.16 It is notable to understand that not activity that occurs

in cyberspace is a cyber activity or threat. After the US finally agrees on what is cyber and what

is not, the focus will need to be clearly and concisely defining what an action is. This will allow

for policymakers to understand what a situation is and to have multiple options to approach the

topic at hand.17 The change of mindset will also need to adjust because many individuals approach

using cyber as too high of a risk when reality it is not. Cyber activities will need to be put into

categories that will determine what type of action it is.18 An example of this is the usage of code

that targets another countries infrastructure. These types of activities need to be classified as a

high-level threat and will need special approval for its usage to occur.

An important way to combat the and be prepared for new threats is to work to evolve the

way the US monitors cyber-attacks. An important defense is cyberspace is to be able to detect the

15
President Trump Unveils America's First Cybersecurity Strategy in 15 Years. (2018, September 28). Retrieved
March 27, 2019, from https://www.whitehouse.gov/articles/president-trump-unveils-americas-first-cybersecurity-
strategy-15-years/
16
Kramer, F. D., & Wentz, L. K. (2008). Cyber influence and international security. Washington, D.C.: Center for
Technology and National Security Policy, National Defense University.
17
Ibid
18
Fazzini, K. (2018, September 21). Trump's new strategy means the U.S. could get more aggressive with Russia
and China over hacking. Retrieved March 25, 2019, from https://www.cnbc.com/2018/09/21/trump-cybersecurity-
policy-offensive-hacking-nsa-russia-china.html

5
attacks before they even begin.19 Many different types of attacks are started from code that is

already in the system is activated when the attack is ready. An important way to be ready is to have

vast networks of people who are working together to improve the response time of the US and its

allies. Having a collaboration system in place allows for far greater amounts of information to be

discovered while also allowing for all involved to have less work and issues to deal with.20

Continuing the idea of improving strength and peace, the US will need to work on

improving the way the US interacts with other nations. It will be very important for the US to

integrate with other countries to have multiple groups interacting.21 With all countries being

integrated it will allow for much faster reaction and much greater influence in the world. One very

important aspect that has been very significant has been the integration of cyber intelligence

between other countries and the US. Being able to have access to multiple groups of cyber

information will allow for better reaction and being able to out think other groups.22

The US should also use Cyber to influence what happens in the physical world. Using

cyber to affect the physical world could be extremely influential and can lead to more efficient

activities. Using both can be seen as combined arms and will open up many opportunities with

other countries as well. Cyber can be used in this manner for a stronger form of deterrence as well

as used for military information gathering to have more concise and accurate information that can

be beneficial and more effective. After determining how cyber can be used it is important to

understand how it can be used for deterrence. Deterrence can be seen as influence and in order for

19
Narayanan, S. N., Ganesan, A., Joshi, K., Oates, T., Joshi, A., & Finin, T. (2018). Early Detection of Cybersecurity
Threats Using Collaborative Cognition. 2018 IEEE 4th International Conference on Collaboration and Internet
Computing (CIC). doi:10.1109/cic.2018.00054
20
Ibid
21
Mattis, J., & D. (n.d.). Summary of the 2018 National Defense Strategy of the United States of America.
22
Ibid

6
the proper deterrence to work the US will need to have a complete understanding of its cyber

capabilities. If policymakers understand cyber through the definitions that were created the US can

have better deterrence through cyber.23 The US must adjust its cyber actions when working to deter

a state to show that its actions also support what the goal of the deterrence is. Effective deterrence

takes in all aspects of another and in todays world, cyber is as important as understand a countries

culture and history. Another way that the US can improve its resolve is to be open and transparent

on what is expected and prohibited by all those involved. The US should also work on staying

within the lines that it would also like see and finally should punish those who chose to not follow

what has been put in place. Showing resolve is very important and the strong showings will allow

for better forms of deterrence as other countries understand what is being said. Effective deterrence

will be extremely important in the realm of cyberspace and will play a major role in the near

future.24

The fourth piece of the plan is to advance American influence in cyberspace. The plan is

to preserve long-term openness, interoperability, security, and the reliability of the internet which

is supporting America’s interests. The plan will take specific global efforts to promote these

objectives, while supporting market growth for infrastructure. There will also be interest taken to

support new emerging technologies and building cyber capacity internationally. 25 One way the Us

can work to achieve this is through treaties that involve cyber.26 A stated earlier, there needs to be

23
Luiijf, H. A., Besseling, K., Spoelstra, M., & Graaf, P. D. (2013). Ten National Cyber Security Strategies: A
Comparison. Lecture Notes in Computer Science Critical Information Infrastructure Security,1-17. doi:10.1007/978-
3-642-41476-3_1
24
Ibid
25
President Trump Unveils America's First Cybersecurity Strategy in 15 Years. (2018, September 28). Retrieved
March 27, 2019, from https://www.whitehouse.gov/articles/president-trump-unveils-americas-first-cybersecurity-
strategy-15-years/
26
Rosenzweig, P., Bucci, S. P., PhD, & Inserra, D. (n.d.). Next Steps for U.S. Cybersecurity in the Trump
Administration: Active Cyber Defense. Retrieved March 28, 2019.

7
definitions for cyber actions. Currently international law does not discuss private offensive and

defensive cyber activity. The lack of laws for this can be influenced with different treaties could

be very important. This can be a good idea but in their current manner do not directly affect private

cybersecurity either and this will need to be approached in the state versus from a holistic view.

Treaties in cyberspace can be an important step forward, however, and they can be very efficient

if carried out well. The use of treaties can bridge the gap between what international law covers

and does not cover.27

Having a plan is important because cyber attacks are very real, and they can happen at any

moment this quite evident by looking at recent attacks that have occurred. In January of 2019 there

have been multiple occurrences such as the US Department of Justice announcing that it will work

to disrupt North Korean botnets that were being used to attack companies involved with the media,

aerospace, financial and important infrastructure. In February of 2019 the Airbus company

announced that it was targeted by the Chinese that stole information of European employees. These

actions show the importance of having a plan in place to actively understand what is and is not be

allowed.28

Another important aspect to understand is the want of other countries to work on improving

cyber security throughout the world. Recently the UN has discussed the lack of rules that pertain

to cyber-warfare and that this presents a threat to everyone that must be investigated. It was noted

that everyday countries are involved in cyberwars and it is not clear if the Geneva convention

applies to cyberwarfare of if the international humanitarian laws apply to cyber. One aspect of this

27
Ibid
28
Significant Cyber Incidents. (n.d.). Retrieved March 25, 2019, from
https://www.csis.org/programs/cybersecurity-and-governance/technology-policy-program/other-projects-
cybersecurity

8
is that cyberwar is not defined or has one meaning. The Secretary general of the UN uses the word

cybersecurity multiple times but then states that cybersecurity is more than just a cyber war. It is

important for the UN to determine the difference because the difference between a war and peace

is very important to understand for the UN to enforce this.29 War can be detrimental to the UN and

all involved and saying cyberwar needs to have a clear and concise definition with evidence of the

cyberwars. Another concerning aspect of the UN is that secretary-general states that it will be

difficult to speak of the topic and it cannot be discussed. It has been noted and heavily discussed

between many different countries and it is concerning for the UN to not actively acknowledge

problems that may be faced. The UN does have a charter that does prohibit use of force and does

apply to cyber. The UN group of governmental Experts has discussed what laws should apply but

again here too there is no set rules for cyberwarfare.30 This problem is one that the US will need

to pay attention to as this could have a direct impact on US cyber power. The US will need to push

for the UN to make a decisive definition of cyberwar as the more it is left alone, the more problems

there might be faced. 31

The Plan that President Trump has presented sets a very promising starting point for the

government to begin ensuring safety in cyberspace. This plan alone will not be enough and will

need to be expanded upon. As seen each point speaks about pieces of cyberspace but that need to

be addressed but there will be a lot more that needs to be covered and the goal of the Trump

Administration should be to begin work on these topics as soon as possible. Early work will expose

more areas that need to be focused on and may not have been spoken of in the plan itself. Overall

29
The UN Secretary-General's Call for Regulating Cyberwar Raises More Questions Than Answers. (n.d.). Retrieved
March 26, 2019, from https://www.cfr.org/blog/un-secretary-generals-call-regulating-cyberwar-raises-more-
questions-answers
30
Ibid
31
Ibid

9
the plan can be effective and is a great step forward for the interests of the US. The plan will also

benefit allies of the US as it would involve collaborating with other allies to increase safety.

10
 Works Cited

Cyber Warfare. (n.d.). Retrieved March 28, 2019, from https://www.rand.org/topics/cyber-

warfare.html

Fazzini, K. (2018, September 21). Trump's new strategy means the U.S. could get more aggressive

with Russia and China over hacking. Retrieved March 25, 2019, from

https://www.cnbc.com/2018/09/21/trump-cybersecurity-policy-offensive-hacking-nsa-russia-

china.html

Hawkins, D. (2018, September 21). The Cybersecurity 202: Trump administration seeks to project

tougher stance in cyberspace with new strategy. Retrieved March 24, 2019, from

https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-

202/2018/09/21/the-cybersecurity-202-trump-administration-seeks-to-project-tougher-stance-in-

cyberspace-with-new-

strategy/5ba3e85d1b326b7c8a8d158a/?noredirect=on&utm_term=.2cee08a89ef7

Kramer, F. D., & Wentz, L. K. (2008). Cyber influence and international security. Washington,

D.C.: Center for Technology and National Security Policy, National Defense University.

Luiijf, H. A., Besseling, K., Spoelstra, M., & Graaf, P. D. (2013). Ten National Cyber Security

Strategies: A Comparison. Lecture Notes in Computer Science Critical Information

Infrastructure Security,1-17. doi:10.1007/978-3-642-41476-3_1

Mattis, J., & D. (n.d.). Summary of the 2018 National Defense Strategy of the United States of

America.

11
Mayers, & Merton, A. (2018). A Study on How Cyber Economic Espionage Affects U.S. National

Security and Competitiveness. A Study on How Cyber Economic Espionage Affects U.S.

National Security and Competitiveness,1-14. Retrieved March 29, 2019.

Narayanan, S. N., Ganesan, A., Joshi, K., Oates, T., Joshi, A., & Finin, T. (2018). Early Detection of

Cybersecurity Threats Using Collaborative Cognition. 2018 IEEE 4th International Conference

on Collaboration and Internet Computing (CIC). doi:10.1109/cic.2018.00054

Paul, Christopher, & Waltzman. (2018, January 10). How the Pentagon Should Deter Cyber Attacks.

Retrieved March 28, 2019, from https://www.rand.org/blog/2018/01/how-the-pentagon-should-

deter-cyber-attacks.html

President Trump Unveils America's First Cybersecurity Strategy in 15 Years. (2018, September 28).

Retrieved March 27, 2019, from https://www.whitehouse.gov/articles/president-trump-unveils-

americas-first-cybersecurity-strategy-15-years/

Rosenzweig, P., Bucci, S. P., PhD, & Inserra, D. (n.d.). Next Steps for U.S. Cybersecurity in the

Trump Administration: Active Cyber Defense. Retrieved March 28, 2019.

Significant Cyber Incidents. (n.d.). Retrieved March 25, 2019, from

https://www.csis.org/programs/cybersecurity-and-governance/technology-policy-program/other-

projects-cybersecurity

The UN Secretary-General's Call for Regulating Cyberwar Raises More Questions Than Answers.

(n.d.). Retrieved March 26, 2019, from https://www.cfr.org/blog/un-secretary-generals-call-

regulating-cyberwar-raises-more-questions-answers

12
Wang, W., & Lu, Z. (2013). Cyber security in the Smart Grid: Survey and challenges. Computer

Networks,57(5), 1344-1371. doi:10.1016/j.comnet.2012.12.017

Williams, P., & Woodward, A. (2015). Cybersecurity vulnerabilities in medical devices: A complex

environment and multifaceted problem. Medical Devices: Evidence and Research,305.

doi:10.2147/mder.s50048

13