on cyberwarfare

5/28/2018 On Cyberwarfare

1/133

DCAF HORIZON 2015 WORKING PAPER No. 7

On Cyberwarfare

Fred Schreier


2/133


3/133

DCAF HORIZON 2015 WORKING PAPER No. 7

On Cyberwarfare

Fred Schreier


4/133


5/133

DCAF HORIZON 2015 WORKING PAPER 5

Table of ContentsOn Cyberwarfare 7

1. The Basic Building Blocks: Cyberspace, Cyberpower,

Cyberwarfare, and Cyberstrategy 10

2. The Difference between Information Warfare

and Cyberwarfare 19

3. Understanding the Threats in Cyberspace 31

4. Cyber Vulnerabilities and how Cyber Attacks

are Enabled 48

5. Major Issues, Ambiguities, and Problems of Cyberwar 68

Annex 1: In which Ways is Cyberwar different from

the other Warfighting Domains? 93

Annex 2: Summary of major Incidents of Cyber Conflict 107

Glossary 116

Select Bibliography 121


6/133

6 DCAF HORIZON 2015 WORKING PAPER


7/133


On Cyberwarfare

!"# %&'&()* +,-*% "). /-,0'"( )/,0( ) 1#+ (23# ,4 5*#)- )1% 3-#.#1( %)1'#-652/#-+)-7 8&15# &14,-9)(&,1 (#5"1,*,'2 )1% ("# &1(#-1#( "):# %#:#*,3#% (, .05" )1#;(#1( (")( ("#2 "):# /#5,9# ) 9)DF MF7D /&**&,1 401%&1' 4,- ("# 8#50-&(2 8#-:&5#= ("# ,44#1.&:# ,3#-)(&,1.= +"&5" )-# 401%#% 4-,9 ("# 1)(&,1)* &1(#**&'#15# )1% 9&*&()-2 &1(#**&'#15# 3-,'-)9 /0%'#(.7

F 8##6 ?)-5 N,("#1/#-' O P-05# 85"1#-= !"# 52/#- +)- ("-#)( "). /##1 '-,..*2 #;)''#-)(#%= G-*&1'(,1= C1(#**&'#15# 8B0)-#%


8/133


5)1 %#(#- &( ,- %#4#1.# 5)1 9&(&')(# &(. #44#5(.7 C(. 4,50. &. ,1 52/#-+)-4)-# )5(&:&(.

/# 9)%# /#(+##1 52/#-+)- )1% &14,-9)(&,1 +)-4)-#= ("# *)((#- ) 5,15#3( ,4 905"+&%#- .5,3#= 4,**,+#% /2 ("# 3-#.#1()(&,1 ,4 ("# #*#9#1(. (")( .##9 (, 9)A# 52/#-+)- 3-,/*#9. ,4 52/#-+)- +&** /# %&.50..#%= .",+&1' ("# 0.# )1% *&9&(. ,4 3,+#- &152/#-.3)5#7 C1 G11#; D= +# +&** .",+ &1 +"&5" +)2. 52/#-+)-4)-# &. %&44#-#1( 4-,9

C( &. &93,-()1( (, 3,&1( ,0( (")( ,("#- A&1%. ,4 52/#- )(()5A. ()A# 3*)5# -#'0*)-*2=+"&5" )-# 905" 9,-# 4-#B0#1( (")1 .()(#>.3,1.,-#% )5(&:&(.7!"#.# )-# 5,99&((#%/2 ")5A#-. (")( "):# #;3#-(&.# &1 .,4(+)-# 3-,'-)99&1' )1% 9)1&30*)(&,17 !"#25,15#1(-)(# ("#&- )5(&,1. ,1 #;3*,&(&1' ("# &1(-&5)5. ,4 5,930(#- 1#(+,-A.7 8,9#")5A#-. )-# .()(#>.3,1.,-#% )1% 3#-4,-9 *)+40* )5(&:&(.= /0( .,9# )-# 1,(7 P,(" A&1%.5)1 /# &1.(-09#1()* &1 ("# 5,1%05( ,4 52/#-+)-4)-#7 K"#1 52/#-+)-4)-# ,3#-)(,-.5,1%05( 52/#- )(()5A. 4,- )0(",-&J#% .()(#>.3,1.,-#% )(()5A. )1% 0.# *#')* 9#)1.=("#2 )-# 5,1.&%#-#% (, /# *#')* ")5A#-.7 Q#')* ")5A#-. 5,1%05( 52/#-.3)5# ,3#-)(&,1.01%#- *#')* )0(",-&(2 4,- *#')* 30-3,.#. +&(" 1, )%:#-.)-&)* &1(#1(7 R,- #;)93*#=

+#)A1#..#.7 ?#9/#-. ,4 ("# )-9#% 4,-5#. )1% ',:#-19#1( &1(#**&'#15# .#-:&5#. )*., %#4#1.&:# )1% ,44#1.&:# )/&*&(.7 !"#.# ")5A#-. )-# #&("#- &1%0.(-2 ,- ',:#-19#1(>.3,1.,-#% )1% )-# 1,( ")5A&1' 4,- 3#-.,1)* ')&17 C4 ")5A#-. )-# )((#93(&1' (, ')&1)55#.. &1(, 5,930(#- 1#(+,-A. 4,- ("# .)A# ,4 3,*&(&5)* ')&1= &( 5)1 /# 3)-( ,4 ) .()(#>.3,1.,-#% 5)93)&'17 K")( %#(#-9&1#. ("# *#')*&(2 ,4 ("#.# ,3#-)(&,1. &. &1(#1(7

S("#- A&1%. ,4 52/#- )(()5A. (")( ()A# 3*)5# -#'0*)-*2 )1% +"&5" )-# 905"9,-# 4-#B0#1( (")1 .()(#>.3,1.,-#% )5(&:&(. )-# 01)0(",-&J#% )((#93(. (, )55#..5,930(#-.= 5,930(#- 5,1(-,**#% .2.(#9.= ,- 1#(+,-A.7 T,+#:#-= ("#.# +&** 1,( /#

)%%-#..#% &1 ("&. #..)27 805" )5(&:&(. 5)1 -)1'# 4-,9 .&93*2 3#1#(-)(&1' ) .2.(#9)1% #;)9&1&1' &( 4,- ("# 5")**#1'#= ("-&**= ,- &1(#-#.(= (, #1(#-&1' ) .2.(#9 4,- -#:#1'#=(, .(#)* &14,-9)(&,1= 5)0.# #9/)--)..9#1(= #;(,-( 9,1#2= ,- 5)0.# %#*&/#-)(# *,5)*&J#%")-9 (, 5,930(#-. ,- %)9)'# (, *)-'#- 5-&(&5)* &14-).(-05(0-#.7 G9,1' ("#.# 52/#-)(()5A. ("-## 4,-9. 5)1 /# %&.(&1'0&."#%6 52/#- :)1%)*&.9= 52/#- 5-&9#= )1% 52/#-#.3&,1)'#7 !"# -#)*9 4,- ("# -#.,*0(&,1 ,4 ("#.# )(()5A. 1,-9)**2 *. &1 *)+ #14,-5#9#1()1%


9/133


%&.-03(&1' ,- %&.)/*&1' .#-:#-. /2 %)() ,:#-*,)%7 8,9# 5,1%05( 52/#- ,3#-)(&,1. ,1

/#")*4 ,4 3#-.,1)* 3,*&(&5)* 5)0.#. .05" ). ("# #1:&-,19#1(= "09)1 -&'"(.= )1% )1&9)*-&'"(.7 U2/#- :)1%)*&.9= .,9#(&9#. )*., 5)**#% H52/#- ",,*&')1&.9=I &. ("# 9,.( #44#5(. ,4 .05" &15&%#1(. )-#= ",+#:#-= '#1#-)**2 *&9&(#% &1 (&9# )1% 9,-# ,4(#1


10/133


1. The Basic Building Blocks:

Cyberspace, Cyberpower,Cyberwarfare, andCyberstrategy

G .21,3(&5 :+ )1% 5,93-#"#1.&,1 ,4 ("# .0/


11/133


,4 5,930(#-. )1% ,("#- #*#5(-,1&5 %#:&5#. (, .(,-#= 9,%&42 )1% #;5")1'# %)() :&)

"$

R,- ,1# +#** &14,-9#% &. 4-)9#% /2 ("# 0.# ,4 #*#5(-,1&5. )1% ("# #*#5(-,9)'1#(&5 .3#5(-09 (, 5-#)(#= .(,-#=9,%&42= #;5")1'#= )1% #;3*,&( &14,-9)(&,1 :&) &1(#->5,11#5(#% &14,-9)(&,1 )1% "% ",+ &1(#-1)(&,1)* *)+ .",0*% /# )33*% (, +)-4)-# 5,1%05(#% &1 52/#-.3)5#7

!"#.# 1#(+,-A#% )1% &1(#-5,11#5(#% &14,-9)(&,1 .2.(#9. -#.&%# .&90*()1#,0.*2&1 /,(" 3"2.&5)* )1% :&-(0)* .3)5#= )1% +&("&1 )1% ,0(.&%# ,4 '#,'-)3"&5)* /,01%)-.7

!"#&- 0.#-. -)1'# 4-,9 1)(&,1>.()(#. )1% ("#&- 5,93,1#1( ,-')1&J)(&,1)* #*#9#1(. )1%5,9901&(. %,+1 (, &1%&:&%0)*. )1% )9,-3",0. (-)1.>1)(&,1)* '-,03. +", 9)2 1,(3-,4#.. )**#'&)15# (, )12 (-)%&(&,1)* ,-')1&J)(&,1 ,- 1)(&,1)* #1(&(27 !"#2 -#*2 ,1 ("-##%&.(&15( 2#( &1(#--#*)(#% #44#5(. ,4 ("-## %&9#1.&,1.6 ("#16.#$%"(2("# $*4,07"5$,*"(= )1%("# %,+*$5$8/7 C1 ("# )''-#')(#= ("#.# 5,93-&.# ("# '*,/)* &14,-9)(&,1 #1:&-,19#1( ).,0(*&1#% &1 ("# %,5(-&1# 4,- C14,-9)(&,1 S3#-)(&,1.6 ("# 3"2.&5)* 3*)(4,-9.= .2.(#9.)1% &14-).(-05(0-#. (")( 3-,:&%# +(,!"( %,**/%5$8$5. (, &1(#-5,11#5( &14,-9)(&,1.2.(#9.= 1#(+,-A.= )1% "09)1 0.#-.@ ("# 9)..&:# )9,01(. ,4 $*4,07"5$,*"( %,*5/*5(")( 5)1 /# %&'&()**2 )1% #*#5(-,1&5)**2 .#1( )12+"#-# )12(&9# (, :&-(0)**2 )12,1#@)1% ("# 6'7"* %,+*$5$,*(")( -#.0*(. 4-,9 '-#)(*2 &15-#).#% )55#.. (, 5,1(#1(= +"&5"

5)1 "):# ) %-)9)(&5 &93)5( ,1 "09)1 /#"):&,- )1% %#5&.&,1 9)A&1'7"&

K)-4)-# ,4 ("# FD.(U#1(0-2 &1:,*:&1' ,33,1#1(. 3,..#..&1' #:#1 ) 9,%&509 "' &1 )1 H&14,-9)(&,1)*&J#% /)((*#.3)5#I+,0*% /# &93,..&/*# +&(",0( 52/#->/).#% .2.(#9. )1% 5)3)/&*&(.7 !"# )/&*&(2 (,-#3-,'-)9 ("# ()-'#(&1' %)() +&("&1 ) +#)3,1 ,1 &(. +)2 (, ("# ()-'#(= ("#1 -#*2 ,1 ("-,0'" ("# 0.# ,4 52/#-.3)5#7 U2/#-.3)5# #;&.(. )5-,.. ("# ,("#- %,9)&1. ,4 *)1%= .#)=)&-= )1% .3)5# )1% 5,11#5(. ("#.# 3"2.&5)* %,9)&1. +&(" ("# 5,'1&(&:# 3-,5#..#. (")(

/(/%50,*$%5/%6*,(,+$/#(, 5-#)(# )1% H#1(#-I 52/#-.3)5#= )1% 0.# ("# #1#-'. )1% 3-,3#-(. ,4 ("#/(/%50,7"+*/5$% #1/%50'7"((")( .#(. 52/#-.3)5# )3)-( 4-,9 ("# ,("#- %,9)&1.=)1% +")( 9)A#. 52/#-.3)5# 01&B0#7")

DF !"#$% '()*#+,%#"$ -./01

23)456"745 ,$8 9,%#"$,* :4+(5#%3

C/&%7DV

;$#%48 :%,%4< 9,=,* >$


12/133


S1# 5")-)5(#-&.(&5 ,4 52/#-.3)5# &. (")( $5 %"**,5 /9$#5 3$56,'5 !/$*+ "!(/ 5, /91(,$556/ *"5'0"((. /9$#5$*+ :;


13/133


"). (, /# .055#..40* )** ("# (&9#7 !"&-%= -)1'# &. 1, *,1'#- )1 &..0# &1 52/#-.3)5# .&15#)(()5A. 5)1 ,550- 4-,9 )12+"#-# &1 ("# +,-*%7$$R,0-("= ("# )((-&/0(&,1 ,4 )(()5A. &.

$%

.,5(2I. ,:#-+"#*9&1' -#*&)15# ,1 52/#-.3)5# &. 3-,:&%&1' )12 )(()5A#- " 5"0+/5>0$%6 /*8$0,*7/*5= -#.0*(&1' &1 '-#)( .(-)&1 ,1 ("# %#4#1%#- (, .055#..40**2 %#4#1% ("#%,9)&17$&

?)12 5,1.&%#- 52/#-.3)5# ). ("# 1#+#.( )1% 9,.( &93,-()1( )%%&(&,1 (, ("#+(,!"( %,77,*#= +"&5" 5,93-&.# 4,0- %,9)&1.6 9)-&(&9#= )&-= .3)5#= )1% 1,+ 52/#-7?)-&(&9# )1% )&- )-# ("# &1(#-1)(&,1)* ,5#)1. )1% .A. (")( %, 1,( 4)** 01%#- ("#


14/133


5*)..&5 5,1.(-)&1(. ,4 %&.()15#= .3)5#= (&9#= )1% &1:#.(9#1( )-# -#%05#%= .,9#(&9#.%-)9)(&5)**2= /,(" 4,- 0. )1% 4,- 3,(#1(&)* #1#9.7

Cyberpower

$' K"&*#52/#-.3)5# &. ("# %,9)&1 &1 +"&5" 52/#- ,3#-)(&,1. ()A# 3*)5#= 52/#-3,+#- &. ("# .09,4 .(-)(#'&5 #44#5(. '#1#-)(#% /2 52/#- ,3#-)(&,1. &1 )1% 4-,9 52/#-.3)5#7 G55,-%&1' $( C(. .(-)(#'&5 30-3,.# -#:,*:#. )-,01% ("# )/&*&(2 &1 3#)5#)1% +)- (, 9)1&30*)(# 3#-5#3(&,1. ,4 ("# .(-)(#'&5 #1:&-,19#1( (, ,1#I. )%:)1()'#

+"&*# )( ("# .)9# (&9# %#'-)%&1' ("# )/&*&(2 ,4 )1 )%:#-.)-2 (, 5,93-#"#1% (")(.)9# #1:&-,19#1(7 !-)1.4,-9&1' ("# #44#5(. ,4 52/#-3,+#- &1(, 3,*&52 ,/.()(# )5(,-.= #(57 E 9)2 /# )/*# (, *#)3 ,:#- ,*% (#5"1,*,'. (, %#3*,2)1% 0.# 1#+ ,1#. (, %-)9)(&5 )%:)1()'#7 S-')1&J)(&,1)* 4)5(,-. )*., 3*)2 ) -,*#= ,1 ("# 5-#)(&,1 )1% 0.# ,4 52/#-3,+#- )-# .")3#% /2 ("#&- ,-')1&J)(&,1)* 9&..&,1=/# &( 9&*&()-2= #5,1,9&5 ,- 3,*&(&5)*7 P0( ("# #*#9#1( 9,.( 5*,.#*2 (% (, 52/#-3,+#-

&. $*4,07"5$,*7 U2/#-.3)5# )1% 52/#-3,+#- )-# %&9#1.&,1. ,4 ("# $*4,07"5$,*"($*#50'7/*5 ,4 1,3/0= )1% ("#-# )-# 92-&)% +)2. (")( 52/#-3,+#- *&1A. (,= .033,-(.=)1% #1)/*#. ("# #;#-5&.# ,4 ("# ,("#- &1.(-09#1(. ,4 3,+#-7$!!"0.= &14,-9)(&,1 &. ("#%'00/*%. ,0 EFG ,4 %.!/01,3/07

FV 23)45 '"745

FW

U)..= FLLV= 37 W7 23)456"745 ,$8 9,%#"$,* :4+(5#%3 FX


15/133


C1 ("# '*,/)* #5,1,92 ,4 ("# FD.(U#1(0-2= 52/#-.3)5# &. 3-,/)/*2 ("# .&1'*# 9,.(&93,-()1( 4)5(,- *&1A&1' )** ("# 3*)2#-. (,'#("#-= /,,.(&1' 3-,%05(&:&(2= ,3#1&1' 1#+

4)- 9,-# #;(#1.&:# -#)5"7 !"# .)9# )33*. 4,- ("# %#:#*,39#1( ,4 1#+ (#5"1,*,'.&1 ("#&- 5-#)(&,1= #;3*,&()(&,1= )1% 9#).0-#9#1( ,4 .055#..7 G1% 52/#-3,+#-I. &93)5(,1 3,*&(&5)* )1% %&3*,9)(&5 )44)&-. &. ")-%*2 *#.. &1(#1.&:#7 !"# +,-*%I. 9,.( 0/&B0&(,0. )1% /2 (#--,-&.( 1#(+,-A. ,4 ("# )* [)#%) (23# )-# /,(" 0.&1' 52/#-3,+#- &1 ("#&-.(-0''*# 4,- "#)-(.= 9&1%.= )1% &%#).7%#

U2/#-.3)5# &. )*., (-)1.4,-9&1' ",+ &14,-9)(&,1 &. 5-#)(#%6 ("# -)+ 9)(#-&)*(")( 40#*. #5,1,9. )1% .,5(.7 G1% 1#+ 4,-9. ,4 5,1(#1( E &9)'#.= .,01%.=

&14,-9)(&,1 )1% %)() &1 90*(&3*# 4,-9. E )1% ("# 5,11#5(&:&(2 0.#% (, (-)1.9&( )1% !"&. )*., /2 #93*,2&1' H.,4( 3,+#-I )1% H.9)-( 3,+#-I &1 ("# 30-.0&( ,4 .(-)(#'&5 ',)*.7G. 52/#-3,+#- "). #;#-(#% &15-#).&1'*2 +&%#.3-#)% &93)5(. )5-,.. .,5(2 %0-&1' ("# (")( ,4 *&1A&1' 3#,3*# )1% ,-')1&J)(&,1. &1 1#+ +)2. &1 )1 &15-#).&1'*2 +&-#% +,-*%&1 +"&5" (-)%&(&,1)* /,-%#-. )-# /#&1' )*(#-#% )1% 1#+ -#*)(&,1."&3. )9,1' 3#,3*# )-#/#&1' 4,-'#%= 1,+ #:#- 9,-# ,4(#1 )*., +&(" ',:#-19#1(. )1% &1%&:&%0)*. &1(#-)5(&1'+&(" #)5" ,("#- )5-,.. 1)(&,1)* /,-%#-.7

U2/#-3,+#- 5)1 /# 0.#% (, 3-,%05# 3-#4#--#% ,0(5,9#. 3$56$* 52/#-.3)5#= ,-&( 5)1 0.# 52/#- &1.(-09#1(. (, 3-,%05# 3-#4#--#% ,0(5,9#. &1 ,("#- %,9)&1. ,'5#$)/52/#-.3)5#7 !"# A#2 #*#9#1(. ,4 52/#-3,+#- )-# ("# .5# ,4 ("# #*#5(-,9)'1#(&5.3#5(-09= ("# (#5"1,*,'2 ,4 #*#5(-,1&5.= )1% &1(#'-)(#% 9)19)%# &14-).(-05(0-#7 !"#A#2 ).3#5( ,4 52/#-3,+#- &. &(. 5)3)/&*&(2 (, 9)1&30*)(# ,- )55#.. ) ()-'#(I. 52/#-&14-).(-05(0-# :&) #;3*,&()(&,1 )1% )(()5A7 ?#)1. ,4 52/#-3,+#- 5,9# :&) 52/#-+)-4)-#7 )1 )%:#-.)-2= ,- (, )5":# 3,*&(&5)* ,//).#% )33*&5)(&,1 4015(&,1. )1% &.) A#2 +#)3,1 &1 52/#-+)-4)-#7

C/&%7 23)45 D,5B,54 ,$8 23)45 E455"5#


16/133


U2/#-3,+#- "). ("-## 9)&1 5")-)5(#-&.(&5.6 &( &. '!$='$5,'#2&( &. %,71(/7/*5"0.=)1% &( 5)1 /# #5/"(56.7 Q)1%= .#)= )&-= )1% .3)5# 3,+#- )-# )/*# (, '#1#-)(# .(-)(#'&5

#44#5( ,1 #)5" ,4 ("# ,("#- %,9)&1.7 P0( 1,("&1' '#1#-)(#. .(-)(#'&5 #44#5( &1 )** %,9)&1.., )/.,*0(#*2 )1% .&90*()1#,0.*2 ). 52/#-3,+#-=%%/#5)0.# %.!/01,3/0 $# '!$='$5,'#7

52/#-3,+#- &. ) %,71(/7/*5"0. $*#50'7/*5= 3)-(&50*)-*2 +"#1 0.#% )0(,1,9,0.*27C( &. &1%&-#5( /#5)0.# ("# 5,#-5&:# )/&*&(2 ,4 52/#-3,+#- &. .(&** *&9&(#%7 K"&*# 52/#-)(()5A. 5)1 /# %)9)'&1' )1% %&.-03(&:#= 1#&("#- ("# )(()5A. .044#-#% /2 Y.(,1&) &1 FLDL\DD= "):# /##1 -#)**2 5,#-5&:#7 !"&. 9)2 +#** 5")1'# &1 ("# 40(0-#7 P0( 4,- ("&. (, 4,- #;)93*#= +,0*% 9,.( *&A#*2 "):# 5)().(-,3"&5 5,1.#B0#15#.7 P0( -)("#- (")1

5,#-5&1' &(. :&5(&9 (, 5,15#%# (, )1 )(()5A#-I. %#9)1%.= &( 9)2 ,1*2 &1:&(# )1 #:#19,-# 5)().(-,3"&5 -#.3,1.#7 !"0.= 01(&* 52/#-3,+#- +&** 3-,:# &(. 5,#-5&:# 5)3)/&*&(2=&( 5)1 /# .)&% (, /# ) %,71(/7/*5"0. $*#50'7/*57

!"# *).( 5")-)5(#-&.(&5= 56"5 %.!/01,3/0 %"* !/ #5/"(56.= 9)A#. &( )((-)5(&:# (,9)12 0.#-.7 !"#2 5)1 0.# ("&. )/&*&(2 (, +*% &( .0--#3(&(&,0.*2 ,1 ) '*,/)* .5)*# ,- 3-,3-()-2 &14,-9)(&,1 +&(",0( ("# ,+1#-. /#&1' )12 +&.#- )4(#- (#-)/&(. ,4%)() "):# /##1 .(,*#17 ?)*&5&,0. .,4(+)-# 5)1 /# 3*)1(#% &1 )%:#-.)-2 C! .2.(#9.)1% 1#(+,-A. +&(",0( A1,+*#%'# 01(&* ("#.# +#)3,1. )-# )5(&:)(#% )1% 5)0.# ("#&-

,4 )((-&/0(&1' ("# &%#1(&(2 )1% 9,(&:)(&,1 ,4 9,.( )(()5A#-.= 9)A#. &( )1 )((-)5(&:#&1.(-09#1( 4,- ',:#-19#1(. )1% ,("#- )5(,-.7%&

Cyberwarfare

(+, %#5)%#.7 P,(" 52/#-3,+#- )1% 52/#-.3)5# "):# /##1 )( ("# "#)-( ,4 */3 %,*%/15#)1% ),%50$*/# ,4 3"0

5,1:#1(&,1)* +)-4)-#= %.!/01,3/0 6"# !/%,7/ "* $*)$#1/*#"!(/ /(/7/*5 ,4 7,)/0*5/%6*,(,+.>!"#/) 7$($5"0. %"1"!$($5.7

9)..&:#*2 5,,-%&1)(#% %&'&()* )..)0*( ,1 ) ',:#-19#1( /2 )1,("#-= ,- /2 *)-'# '-,03.,4 5&(&J#1.7 C( &. ("# )5(&,1 /2 ) 1)(&,1>.()(# (, 3#1#(-)(# )1,("#- 1)(&,1I. 5,930(#-.

9,%(54 "B D,5 #$ %F4 >$B"5C,%#"$ H?4 8##6 P-#11#-= 23)45%F54,%


17/133


4-,9 (#--,-&.( ,-')1&J)(&,1.= ,- .&93*2 )(()5A. /2 &1%&:&%0)*. 5)**#% ")5A#-.= +", )-# %'

.299#(-&5 ,- ).299#(-&5 ,44#1.&:# )1% %#4#1.&:# %&'&()* 1#(+,-A )5(&:&(2 /2 .()(#. ,-.()(#>*&A# )5(,-.= #15,93)..&1' %)1'#- (, 5-&(&5)* 1)(&,1)* &14-).(-05(0-# )1% 9&*&()-2

.2.(#9.7 C( -#B0&-#. ) "&'" %#'-## ,4 &1(#-%#3#1%#15# /#(+##1 %&'&()* 1#(+,-A. )1%&14-).(-05(0-# ,1 ("# 3)-( ,4 ("# %#4#1%#-= )1% (#5"1,*,'&5)* )%:)15#. ,1 ("# 3)-( ,4 %( %) G 5,930(#- 1#(+,-A. (, %&.-03(= %#12= %#'-)%#= ,- %#.(-,2 &14,-9)(&,1 -#.&%#1( &1 %*G

(, %#.5-&/# :)-&,0. ).3#5(. ,4 %#4#1%&1' )1% )(()5A&1' &14,-9)(&,1 )1% 5,930(#- %! )1% 1#(+,-A. &1 )1 #44,-( (, %&.-03( 5,9901&5)(&,1. )1% ,("#- 3#. ,4 &14-).(-05(0-# &" ,- %&'&()* 9#)1. /2 ) ',:#-19#1( ,- +&(" #;3*&5&( A1,+*#%'# ,4 ,- )33-,:)* ,4 (")(

',:#-19#1( )')&1.( )1,("#- .()(#= ,- 3-&:)(# 3-,3#-(2 +&("&1 )1,("#- .()(# &15*0%&1'6&1(#1(&,1)* )55#..= &1(#-5#3(&,1 ,4 %)() ,- %)9)'# (, %&'&()* )1% %&'&()**2 5,1(-,**#%&14-).(-05(0-#7 G1% 3-,%05(&,1 )1% %&.(-&/0(&,1 ,4 %#:&5#. +"&5" 5)1 /# 0.#% (, &$

G .055#..40* 52/#-+)- %#3#1%. 03,1 (+, ("&1'.6 9#)1. )1% :0*1#-)/&*&(27!"# H9#)1.I )-# ("# 3#,3*#= (,,*.= )1% 52/#- +#)3,1. ):)&*)/*# (, ("# )(()5A#-7 !"#:0*1#-)/&*&(2 &. ("# #;(#1( (, +"&5" ("# #1#92 #5,1,92 )1% 9&*&()-2 0.# ("# C1(#-1#()1% 1#(+,-A. &1 '#1#-)*7&% K# %, 1,( A1,+ +", "). +")( 52/#-+)- 5)3)/&*&(.#;)5(*27 P0( ) '-,+&1' 109/#- ,4 .()(#. "):# ,-')1&J#% 52/#-+)- 01&(. )1% #:#- 9,-#

.A&**#% C1(#-1#( #;3#-(. 4,- 5,9/)( &1 ("&. %,9)&17&&

8##6

!"#$% '()*#+,%#"$ -./01 L#+%#"$,53 "B M#*#%,53 ,$8 H


18/133


A National Strategy for Cyberspace

U2/#-3,+#- &. (#5"1&5)**2= ()5(&5)**2= )1% ,3#-)(&,1)**2 %&.(&15( 4-,9 ("# ,("#- ("# #1%0-&1' 1)(0-# ,4 +)-= +"&5" &. 015")1'&1'7 !"# A#2 .(-)(#'&5 )((-&/0(# ,452/#-3,+#- &. ("# )/&*&(2 &1 3#)5# )1% +)- (, 9)1&30*)(# ("# #50"5/+$% /*8$0,*7/*5(, ,1#I. )%:)1()'# +"&*# )( ("# .)9# (&9# %#'-)%&1' ("# )/&*&(2 ,4 )1 )%:#-.)-2 (,5,93-#"#1% (")( .)9# #1:&-,19#1(7 !"&. #50"5/+$% '5$($5. /95/*)# 5, "(( 56/ ,56/0 #50"5/+$%),7"$*#= '&:#1 ("#&- 0/&B0&(,0. %#3#1%#15# 03,1 52/#-.3)5#7 ?)1&30*)(&,1 3-,%05#.("# .(-)(#'&5 #44#5( ,4 9&.%&-#5(&,1 )1% %#5#3(&,1 (")( &1 (0-1 )**,+. ,("#- 9&*&()-2 )1%1)(&,1)* &1.(-09#1(. ,4 3,+#- (, )5":# 3,*&52 ,/


19/133


2. The Difference between

Information Warfare andCyberwarfare

Information Warfare or InformationOperations

C1 9,.( 5,01(-. H.!/03"0 &. .##1 ). ) .0/.#5(&,1 ,4 @*4,07"5$,* I"04"0/7

U,1(-,* ,4 &14,-9)(&,1 "). )*+)2. /##1 3)-( ,4 9&*&()-2 ,3#-)(&,1.7 C14,-9)(&,1K)-4)-# &. )1 #:,*:&1' 5,1.(-05( +&(" "&.(,-&5)* -,,(. /)5A (, )1(&B0&(27 !"# *)(# @*4,07"5$,* I"04"0/ )1% H,77"*) "*) H,*50,( I"04"0/ &1(, +")( ("# 9&*&()-2 1,+ 5)** @*4,07"5$,* J1/0"5$,*#= -#5,'1&J&1' ("# 5-&(&5)* -,*#,4 &14,-9)(&,1 ). )1 #*#9#1( ,4 1)(&,1)* 3,+#- ("-,0'" ("# 40** .3#5(-09 ,4 3#)5#= ). ) %,0/7$($5"0. %,71/5/*%.7 !"#2 .## &14,-9)(&,1 ). /,(" ) +#)3,1 )1% ) ()-'#( &1 +)-4)-#=)1% ("#2 ("&1A (")( &14,-9)(&,1 )1% A1,+*#%'# .03#-&,-&(2 5)1 +&1 +)-.7

!"# :)*0# ,4 &14,-9)(&,1 &. #1")15#% /2 (#5"1,*,'2= .05" ). 1#(+,-A.= C!.2.(#9.= )1% 5,930(#- %)()/).#.7 !"#.# #1)/*# ("# )-9#% 4,-5#. (, 5-#)(# ) 6$+6/0 (/8/(,4 #6"0/) #$5'"5$,*"( "3"0/*/##@ (, !/55/0 #.*%60,*$K/ %,77"*)2 %,*50,(2 "*) $*5/(($+/*%/@)1% (, 50"*#("5/ $*4,07"5$,* #'1/0$,0$5. $*5,%,7!"5 1,3/07 K&(" #:#- 9,-# +#)3,1.&15-#).&1'*2 -#*2&1' ,1 %)() )1% (#5"1&5)* &14,-9)(&,1 E .05" ). .9)-( 901&(&,1. (")( (#5"1,*,'. "):# #;(#1%#% ("# #1')'#9#1( #1:#*,3#@ 5,930(#-. )1% 5,9901&5)(&,1.(#5"1,*,'. "):# *#% (, )1 &15-#).# &1 ("# (#93, ,4 ,3#-)(&,1. ("-,0'" ("# &93-,:#%)/&*&(2 (, 5,,-%&1)(# )5(&,1.@&))1% ("# &1(#'-)(&,1 ,4 .#1.,-. &1(, +#)3,1. "). 9)%#("#.# 9,-# 3-#5&.# )1% *#(")*7 T,+#:#-= ("# -#)* (-)1.4,-9)(&,1 "). 1,( /##1 &1.#1.,-.= +#)3,1. ,- C! 1/0 #/= /0( &1 ."&4(&1' ("# 4,50. 4-,9 ("# 3"2.&5)* %&9#1.&,1(, ("# &14,-9)(&,1 %&9#1.&,17 !"#.# :)*0#. ,4 &14,-9)(&,1 5,1.(&(0(# ("# '-,01%*)2#- 4,- @*4,07"5$,* J1/0"5$,*#7 !"#2 )-# )*., ) 3-&9# #;)93*# 4,- ("# 1##% 4,- (&'"(+,8/0*"*%/,4 ("&. .#5(,-= 5*#)-*2 )%%-#..&1' +")( &. 3#-9&((#% &1 .&(0)(&,1. (")( -)1'#4-,9 -#*)(&:# 3#)5# (, )** ,0( 105*#)- +)-7

@*4,07"5$,* I"04"0/ H.!/03"04"0/7R,- ("# 5,1%05( ,4 C14,-9)(&,1 S3#-)(&,1.= 9)$B"5C,%#"$ H?4A 2*,(


20/133


&%#1(&5)* %,5(-&1#.&* %,0/ %"1"!$($5$/#

&1(#'-)(#% (, )5":# ("# %#.&-#% #44#5(.7&! &1(#'-)(#% #93*,29#1( ,4 ("#.# 5,-# 5)3)/&*&(. &1 5,15#-( +&(" )1% 0/("5/) '#

L#.%6,(,+$%"( J1/0"5$,*# ,/9)A#-. +&(" -#')-% (, 4-%*2 '$

J1/0"5$,*# $B"5C,%#"$ N645,%#"$


21/133


H,'*5/0$*5/(($+/*%/ 5,1%05(#% (, 3-,(#5( )')&1.( #.3&,1)'#= ,("#- &1(#**&'#15# )5(&:&(.= .)/,()'#=,- )..)..&1)(&,1 5,1%05(#% /2 ,- ,1 /#")*4 ,4 4,-#&'1 ',:#-19#1(. ,- #*#9#1(.("#-#,4= 4,-#&'1 ,-')1&J)(&,1.= 3#-.,1.= ,- &1(#-1)(&,1)* (#--,-&.( )5(&:&(.7'&

@7"+/0.MH,7!"5 H"7/0" 5,1.&.(. ,4 ("# )5B0&.&(&,1 )1% 0(&*&J)(&,1 ,4 .(&** )1%9,(&,1 &9)'#-2 &1 .033,-( ,4 5,9/)(= &14,-9)(&,1= "09)1&()-&)1= 83#5&)* R,-5#.=&1(#**&'#15#= -#5,11)&..)15#= #1'&1##-&1'= *#')*= 30/*&5 )44)&-.= )1% ,("#- ,3#-)(&,1.&1:,*:&1' ("# 9&*&()-27''

L6.#$%"( G55"%-

&14,-9)(&,1 ()-'#(.7 L6.#$%"(


22/133


9&*&()-2 ,3#-)(&,1.= (, 5,1.,*&%)(# )1% (, )5":# 1)(&,1)* ,3#-)(&,1)* ,/


23/133


@*4,07"5$,* J1/0"5$,*#(")( 5,14,01% #1#92 &14,-9)(&,1 .2.(#9. )( :)-&,0. 3,&1(.E .#1.,-.= 5,9901&5)(&,1.= 3-,5#..&1'= )1% 5,99)1% E +"&*# 3-,(#5(&1' ,1#I.

,+17'*

!"# .03#-&,-&(2 &. )5":#% /2 ')&1&1' .03#-&,- &1(#**&'#15# )1% 3-,(#5(&1' ,4 .05" .03#-&,-&(2 &. 1,( ("# )((-&(&,1 ,4 3"2.&5)* 9&*&()-2 )..#(. ,- (-,,3.7 C( &. ("#,%%5#%#"$ "B %F4 @(,*#%31


24/133


S3#-)(&,1.7(#C1 ,("#- +,-%.6 ,1# 5)1 .()-( ) +)- +&(" C14,-9)(&,1 S3#-)(&,1.= /0( 1,(+&1 &( #;5*0.&:#*2 +&(" C14,-9)(&,1 S3#-)(&,1.7

!"# 5*)&9. 9)%# /2 #1("0.&).(. ,4 C14,-9)(&,1 K)-4)-# )/,0( .055#..40*)33*&5)(&,1. ,4 C14,-9)(&,1 S3#-)(&,1. .##9 ,4(#1 #;)''#-)(#% ,- 9&.*#)%&1'7("K"#1 ("# ("#,-2 &. 30( (, ("# (#.( ("# -#.0*(. .##9 %#5&%#%*2 9&;#%7 S1 ("# .(-)(#'&5*#:#*= ("# -#.0*(. )-# *#).( 5,1:&15&1'= ()5(&5)* *#:#*7 !"#-# "):# /##1 .,9# -#)* )5":#9#1(. 1,1#("#*#..=)*,1'.&%# ) '-,+&1' -#)*&J)(&,1 (")( C14,-9)(&,1 K)-4)-# &. ) .+,-% (")( 50(. /,(" (#5"1,*,'&5)* #%'#= K#.(#-1 )-9#% 4,-5#. )-# ,4(#1 )( ) %&.)%:)1()'#7 C1 *)-'# 3)-(("#.# 3-,/*#9. "):# /##1 %0# (, ("# -#*)(&:# ,3#11#.. ,4 ("# .()(#. 5,15#-1#%= ("# 4)5(

(")( ("#2 )-# #;3#5(#% (, 3-,:&%# ) '-#)(#- )9,01( ,4 01/&).#% )550-)(# &14,-9)(&,1(")1 01%#9,5-)(&5 -#'&9#.= )1% )*., (, ("# "&'"#- #("&5)* #;3#5()(&,1. (")( ("#2 "):#(, 9##(7($

!"# '-#)(#.( 3-,/*#9 +&(" C14,-9)(&,1 K)-4)-# )1% C14,-9)(&,1 S3#-)(&,1.&. ("# *)5A ,4= ,- 5"-,1&5)**2 +"$%5"*1 "=45


25/133


)5(&:&(. &1 ("# ,("#- %,9)&1.= )1% )5(&:&(. &1 ("# ,("#- %,9)&1. 5)1 5-#)(# #44#5(.&1 )1% ("-,0'" 52/#-.3)5#7

Cyberwarfare

U2/#-+)- #;&.(. &1 ("# 9&*&()-2 )1% &1(#**&'#15# -#)*9 )1% -#4#-. (, 5,1%05(&1'9&*&()-2 ,3#-)(&,1. )55,-%&1' (, &14,-9)(&,1>-#*)(#% 3-&15&3*#.7 C( 9#)1. %&.-03(&1',- %#.(-,2&1' &14,-9)(&,1 )1% 5,9901&5)(&,1. .2.(#9.7 C( )*., 9#)1. (-2&1' (, A1,+#:#-2("&1' )/,0( )1 )%:#-.)-2 +"&*# A##3&1' ("# )%:#-.)-2 4-,9 A1,+&1' 905" )/,0(,1#.#*47(&

*#)%#-."&3 )1% )-9#% 4,-5#. &1 ("# ("#)(#- ,4 H,71'5/0 F/53,0- J1/0"5$,*#('

H,71'5/0 F/53,0- G55"%-E ,3#-)(&,1. %#.&'1#% (, %&.-03(= %#12= %#'-)%#= ,- %#.(-,2&14,-9)(&,1 -#.&%#1( &1 5,930(#-. )1% 5,930(#- 1#(+,-A.= ,- ("# 5,930(#-. ,- H,71'5/0 F/53,0- :91(,$5"5$,*= +"&5" 9#)1. -#(-:&1' H,71'5/0 F/53,0- E/4/*#/= +"&5" 5,1.&.(. ,4 )** 9#).0-#. 1#5#..)-2 (, 3-,(#5( ,+1 CU! ((!"0. 5,15#3(0)**2= H,71'5/0 F/53,0- J1/0"5$,*# %,8/0 ,*(.

" *"00,3/0 #/%5$,* ,4 "(( %.!/0 "55"%-#7 P0( ("# 3,(#1(&)* 4,- %)9)'# (")( 52/#-+)- 5)1

#1#92 1#(+,-A 5)3)/&*&(.= &. ,1*2 ,1# ,4 9)12 &1.(-09#1(. &1 ("# 4-)9#+,-A ,4 &15-#).# &1 ("# 5,9&1' 2#)-.= +&(" -#')-% (, ("# .()(# ,4 %#:#*,39#1(. &1 ,44#1.&:#52/#-+)- 5)3)/&*&(.= ("#-# &. .(&** ) *)5A ,4 #.()/*&."#% A1,+*#%'# )/,0( U,930(#- 9,.( &14,-9)(&,1 *. ,0(.&%# ("# 30/*&5 %,9)&17 G1% 9,.( ,-')1&J)(&,1. )-# .(&**

01.0-# )/,0( ("# .()(# ,4 ("#&- ,+1 52/#- .#50-&(27 !"0.= .,9# ,4 ("# #.(&9)(#. &1 ("&.)-#) .##9 #;)''#-)(#%= 3)-(&50*)-*2 (",.# *&1A#% (, ("# #;3#5()(&,1 (")( ("# 40(0-# +&**/-&1' 1,( ,1*2 )1 )-9. -)5# &1 52/#-.3)5#= /0( )*., #50"5/+$% %.!/03"0#7 U,1%05(&1' &( &93,..&/*#7 T,+#:#-= 52/#- )*,1# &. .(&** 01*&A#*2 (, +&1 +)-.7 Z&:#1 ("# &1(-&1.&5

2"C6,5,%#=4 :%5,%4?3 G-B0&**) O N,14#*%(= 94%7"5V< ,$8 94%7,5


26/133


.(&** 1,( 3,..&/*# (,%)2 (, 5,1%05( 3-#5&.#*2 ()-'#(#% 52/#- )(()5A.= '-#)( %,0/(. -#9)&1). (, +"#("#- .(-)(#'&5 52/#-+)- &. -#)**2 4#).&/*#7()

S1# &93,-()1( ).3#5( ,4 ("&. &. (")( 015,1(-,**)/*# /*,+/)5A #44#5(. &1 ("#"&'"*2 1#(+,-A#% :&-(0)* .3)5# 5,1.(&(0(# 5,1.&%#-)/*# -&.A. 4,- )1 )(()5A&1' .()(#7!"&. 4)5(,- &. )** ("# 9,-# -#*#:)1( .&15# ("# .()(#. (")( )-# 9,.( *&A#*2 (, %#:#*,3 ("#(#5"1,*,'&5)* A1,+>",+ 4,- .(-)(#'&5 52/#-+)- )-# )*., ("# 9,.( %#3#1%#1( ,1 ("#&- #44#5(.= ) 52/#-+)- +,0*% )*., 01%#-9&1# (-0.( &1 52/#-.3)5# ,:#- ("# *,1' (#-9= +&("3,..&/*# %#(-&9#1()* #44#5(. 4,- ("# '*,/)* #5,1,92= )1% ("0. 4,- )** 3)-(. &1:,*:#%78(-)(#'&5 52/#-+)-= /2 &(.#*4= +,0*% 3-,/)/*2 )11,2 /0( 1,( %&.)-9 )1 )%:#-.)-27 G1%)12 )%:#-.)-2 (")( 9#-&(. ) .(-)(#'&5 52/#-+)- 5)93)&'1 (, /# .0/%0#% )*., *&A#*23,..#..#. ("# 5)3)/&*&(2 (, .(-&A# /)5A &1 +)2. (")( 9)2 /# 9,-# (")1 )11,2&1'7 !"#

4)5( -#9)&1. (")( 1, ,1# -#)**2 A1,+. ",+ %#.(-05(&:# ) .(-)(#'&5 52/#- )(()5A &1 )

C4 ) .(-)(#'&5 52/#- )(()5A &. *#.. *&A#*2 (, /# %#5&.&:#= ("#1 52/#-+)-4)-#5)3)/&*&(. )( ("# ,3#-)(&,1)* *#:#* 4,- )5(&,1. )')&1.( 9&*&()-2 ()-'#(. %0-&1' ) -#)*+)- 9&'"( /#5,9# 9,-# &93,-()1(7 S3#-)(&,1)* 52/#-+)- 9)2 "):# ("# 3,(#1(&)* (,5,1(-&/0(# (, +)-4)-#7 T,+ 905" &. 01A1,+1 )1%= (, ) *)-'# #;(#1(= .(&** 01A1,+)/*#7P#5)0.# ) %#:).()(&1' 52/#- )(()5A 9)2 4)5&*&()(# ,- )93*&42 9&*&()-2 ,3#-)(&,1.= )1%/#5)0.# )1 ,3#-)(&,1)* 52/#-+)- 5)3)/&*&(2 .##9. -#*)(&:#*2 &1#;3#1.&:#= &( 9)2 +#**/# +,-(" %#:#*,3&1'7 P0( 4,- ,3#-)(&,1)* 52/#-+)- (, +,-A= &(. ()-'#(. "):# (, /#

)55#..&/*# )1% ,44#- :0*1#-)/&*&(.7(* !"#.# :0*1#-)/&*&(. "):# (, /# #;3*,&(#% &1 /# 9,1&(,-#% E +")( 9)2 .(&** /# )1 &15,15*0.&:# #1%#):,-7

U#-()&1(2 &1 3-#%&5(&1' ("# #44#5(. ,4 ,3#-)(&,1)* 52/#- )(()5A. &. 01%#-9&1#% /2 9)2 -#:#)* (")( ) 3)-(&50*)- .2.(#9 "). ) 3)-(&50*)- :0*1#-)/&*&(27 P0( 3-#%&5(&1' +")()1 )(()5A 5)1 %, -#B0&-#. A1,+&1' ",+ ("# .2.(#9 )1% &(. ,3#-)(,-. +&** -#.3,1% (,.&'1. ,4 %2.4015(&,1= )1% A1,+&1' ("# /#"):&,- ,4 3-,5#..#. )1% .2.(#9. )..,5&)(#%+&(" ("# .2.(#9 /#&1' )(()5A#%7 Y:#1 ("#1= ,3#-)(&,1)* 52/#-+)- ,3#-)(&,1. 9)2 -)-#*2

")-9 &1%&:&%0)*. %&-#5(*2= 1,- %, ("#2= +&(" .,9# #;5#3(&,1.= %#.(-,2 #B0&39#1(7(!

G(/#.(= .05" ,3#-)(&,1. )-# 9,-# *&A#*2 (, 5,140.# )1% 4-0.(-)(# ,3#-)(,-. ,4 9&*&()-2.2.(#9.= )1% ("#1 ,1*2 (#93,-)-&*2 /#5)0.#= %0# (, ("# #;3,1#1(&)* &11,:)(&,1= #:#1("# /#.( 52/#- )(()5A. "):# ) *&9&(#% ."#*4 *&4#7 !"0.= 52/#-+)- )( ("# ,3#-)(&,1)* *#:#* ,3#-)(&,1)* 52/#-)(()5A &1 ("# ",3#. (")( .055#.. +&** 4)5&*&()(# ) 5,9/)( ,3#-)(&,1

2:: H$,*3


27/133


9)2 /# 3-0%#1(@ /#((&1' ,1 ("# ,3#-)(&,1I. .055#.. ,1 ) 3)-(&50*)- .#( ,4 -#.0*(. 9)2 )#

!"-,0'",0( )** ("&.= %.!/0 )/4/*#/-#9)&1. ("# 9,.( &93,-()1( )5(&:&(2 4,- ("#)-9#% 4,-5#. &1 52/#-.3)5#7 !"# :).( 9)


28/133


+&(" )*9,.( 5,93*#(# )1,129&(2 )1% -#*)(&:# &9301&(2= )( *#).( &1 ("# .",-( (#-97

U2/#-+)- 9)2 "#*3 (, ):,&% ("# 1##% (, #1')'# &1 5,9/)( ,3#-)(&,1. )1% ("0..):#. *&:#.7

U2/#-+)- *#)%. (, ("# )/&*&(2 (, %&.-03( ("# )%:#-.)-2 -)("#- (")1 %#.(-,2 "&.4,-5#.7

P*0--#% (-)%&(&,1)* /,01%)-.6 U2/#-+)-4)-# 5-#)(#. &(. ,+1 H4,' )1% 4-&5(&,1 ,4+)-7I

)..#..9#1(.7

U2/#-+)- #1)/*#. )5(,-. (, )5":# 3,*&(&5)* )1% .(-)(#'&5 ',)*. +&(",0( ("# 1##%

#*#5(-&5 3,+#- '-&% (, )&- %#4#1.# -)%)-.= )-# )55#..&/*# +,-*%+&%# 4-,9 52/#-.3)5# (-)%&(&,1)* %#4#1.#.7

U2/#-+)- ")33#1. )( )*9,.( ("# .3##% ,4 *&'"(7 G. 3",(,1. ,4 )(()5A 3)5A#(. .(-#)9 /)-#*2 9#).0-)/*#= ("0. 5-#)(&1' 9,-# -&.A. 4,- %#5&.&,1 9)A#-.= 3)-(&50*)-*2 &1 )5-&.&.7

!"# :&5(&9 ,4 )1 )(()5A "). (, &1:#.( 5,1.&%#-)/*# -#.,0-5#. &1(, 1#0(-)*&J&1' ("#("-#)(= +"&5" -#B0&-#. (#)9. ,4 %#%&5)(#% .,4(+)-# )1% ")-%+)-# #;3#-(. +&("

&1%0.(-2 ,44#-. 9,-# )((-)5(&:# (#-9. 4,- ("#&- ()*#1(7

!"# :0*1#-)/&*&(. ,4 5,01(-. &15-#).&1'*2 %#3#1%#1( ,1 5,93*#;= &1(#-5,11#5(#%=)1% 1#(+,-A#% &14,-9)(&,1 .2.(#9. &15-#).# ,:#- (&9#= ("0. 3-,:&%&1' )%:#-.)-.+&(" ) ()-'#( -&5" #1:&-,19#1(7

R,- 9)12= ("# (#-9 52/#-+)- 5,1


29/133


3-#%&5( E ("#2 9)2 /# *#.. 3,+#-40* (")1 ",3#% 4,-= /0( 9)2 )*., "):# 9,-# #;(#1.&:#,0(5,9#. )-&.&1' 4-,9 ("# &1(#-5,11#5(#%1#.. ,4 .2.(#9.= -#.0*(&1' &1 01+)1(#% )''-#..,- +,0*% *&9&( "&9.#*4 (, ,1*2 ,1# 5*).. ,4 +#)3,1-27 T#15#= 52/#-+)-4)-# &.3-,1# (, "):# -#)* 3"2.&5)* 5,1.#B0#15#.7

Q&A# ,("#- #*#9#1(. ,4 ("# 9,%#-1 9&*&()-2= 52/#- 4,-5#. )-# 9,.( *&A#*2 (, /#&1(#'-)(#% &1(, )1 ,:#-)** /)((*# .(-)(#'2 ). 3)-( ,4 ) %,7!$*/) "07# %"71"$+*7 U2/#-+#)3,1. +&** /# 0.#% &1%&:&%0)**2= &1 5,9/&1)(&,1= )1% )*., /*#1%#% .&90*()1#,0.*2+&(" 5,1:#1(&,1)* A&1#(&5 +#)3,1. ). 4,-5# 90*(&3*-.7)$U,930(#- (#5"1,*,'2 %&44#-.4-,9 ,("#- 9&*&()-2 )..#(.= ",+#:#-= &1 (")( &( &. )1 &1(#'-)* 5,93,1#1( ,4 )** ,("#-

)..#(. &1 9,%#-1 )-9#% 4,-5#.7 R-,9 ("&. 3#-.3#5(&:#= &( &. ("# ,1# 5-&(&5)* 5,93,1#1(03,1 +"&5" 9)12 9,%#-1 9&*&()-. %#3#1%= ) %#3#1%#15# (")( &. 1,( *,.( ,1 3,(#1(&)*#1#9.7

U,01(-. )-,01% ("# +,-*% )-# %#:#*,3&1' )1% &93*#9#1(&1' 52/#-.(-)(#'. %#.&'1#% (, &93)5( )1 #1#92I. 5,99)1% )1% 5,1(-,* .(-05(0-#= *,'&.(&5.=(-)1.3,-()(&,1= #)-*2 +)-1&1'= )1% ,("#- 5-&(&5)* 9&*&()-2 4015(&,1.7 C1 )%%&(&,1= 1)(&,1.)-# &15-#).&1'*2 )+)-# (")( ("# 0.# ,4 52/#- .(-)(#'. 5)1 /# ) 9)&1%0.(-&)* .,5(. )1% #5,1,9. )-# 5-&(&5)**2 %#3#1%#1( ,1&1(#-*&1A#% 5,930(#- &14,-9)(&,1 )1% 5,9901&5)(&,1 .2.(#9.7 8,3"&.(&5)(&,1 "). &14-).(-05(0-#. &. )1 )((-)5(&:# ,3(&,1 4,- 5,01(-. )1% 1,1>.()(# )5(,-. (")( +)1((, #1')'# &1 "#.77/50$% 3"04"0/2 )1% *)5A ("# 5)3)5&(2 (, 5,93#(# ,1 ("# (-)%&(&,1)*

("#&- 3,*&(&5)* ,/


30/133


?0*(&3*2&1' )1% 5,93*&5)(&1' ("# 015#-()&1(. )/,0( 52/#-+)- )-# ("# 3-,/*#9.(")( %#-&:# 4-,9 ("# 1)(0-# ,4 52/#-.3)5#= ("# .(#)%&*2 '-,+&1' :0*1#-)/&*&(. (")(#1)/*# 52/#- )(()5A.= 3*0. ("# 9)


31/133


3. Understanding the Threats in

CyberspaceU2/#-.3)5# &. ) /,-%#-*#.. H'*,/)* 5,99,1.I (")( )** )5(,-.= &15*0%&1' .()(#.=

.")-#7 R-,9 3#-.,1)* 0.# (, /0.&1#.. 3*)(4,-9. )1% 9&*&()-2 )33*&5)(&,1.= ("# -#*&)15#,1 52/#-.3)5# &. ,1*2 )55#*#-)(&1'7 8&15# ("# /#'&11&1' ,4 ("# FD.(5#1(0-2= ("# )/&*&(2 ("# )9)J&1' 3-,*&4#-)(&,1 ,4 CU! .2.(#9. &1(, )** ).3#5(. ,4 *&4#= ("# &93,-()15# ,4&14,-9)(&,1 4,- 3,*&(&5)* 9)((#-. "). &15-#).#%7 G1% +&(" &( ("# )/&*&(2 (, 9).(#- ("#'#1#-)(&,1= 9)1)'#9#1(= 0.#= )1% 9)1&30*)(&,1 ,4 &14,-9)(&,1 "). /#5,9# ) "&'"*2

%#.&-#% 3,+#- -#.,0-5# &1 &1(#-1)(&,1)* -#*)(&,1.7

G*(",0'" 52/#-.3)5# &. )'1,.(&5 (, 3,*&(&5. )1% &%#,*,'2= .()(# )1% 1,1>.()(#)5(,-. 5)1 0.# ("&. 3,+#- (, )5":# ,/3,+#- 9#)1.7 :0*1#-)/*# ()-'#(.7 !"# :&-(0)* (#--)&1 ,4 52/#-.3)5# &. .)&% (, 4):,- ("# ,44#1.# /#5)0.#52/#- )(()5A. )-# &1#;3#1.&:# )1% 5,1%05(&1' ("#9 -)-#*2 "). 5,1.#B0#15#.7 !"#.#(+, 4)5(. )-# ) 9)


32/133


The Problems that derive from the Nature ofCyberspace

U2/#-.3)5# &. ) 01&B0# %,9)&1 &1 (")( &( %,#. 1,( &(.#*4 ,55032 3"2.&5)* .3)5#7C( %,#.= ",+#:#-= %#3#1% ,1 3"2.&5)* 1,%#.= .#-:#-.= )1% (#-9&1)*. (")( )-# *,5)(#% &11)(&,1. (")( #;#-( 5,1(-,* )1% .,9#(&9#. ,+1#-."&37 !"# 30/*&5 ',,% (")( (-):#*. ("#&14,-9)(&,1 "&'"+)2 &. 9)19)%# )1% ")-% (, 5)(#',-&J# ,- *,5)(#7)' 9,.( ")5A#-. +#-# )4(#- ("# &14,-9)(&,1 (")( 5,1.(&(0(#. ("# 3)2*,)% ,4 52/#->.3)5#= -)("#- (")1 &(. &14-).(-05(0-#7 !"&.= ",+#:#-= &. 5")1'&1'7 !"# &14-).(-05(0-#)1% &14,-9)(&,1 /).# ,4 52/#-.3)5# &. )*9,.( #1(&-#*2 &1 ("# ")1%. ,4 3-&:)(# )1%5,99#-5&)* #1(#-3-&.#.= -)("#- (")1 ',:#-19#1(. ,- ("# 9&*&()-27 !, 5,93*&5)(#("&1'. 40-("#-= 01*&A# ("# ,("#- %,9)&1.= 52/#-.3)5# %,#. 1,( %#3#1% 3-&9)-&*2 ,1

.()(# 3,+#- 4,- .#50-&(2@ ("# '-#)( 9)-#'0*)(&,1 )1% *#.. )..0-)15# -)("#- (")1 )55#3( *&9&()(&,1.)1% "&'"#- 5,.(. (")( &15-#).# .)4#(2 )1% -#*&)/&*&(27)(

!"-#)(.= :0*1#-)/&*&(.= )1% -&.A. "):# '-,+1 #;3,1#1(&)**2 +&(" ("#3-,*&4#-)(&,1 ,4 0.# )1% %#3#1%#15# ,1 52/#-.3)5# &14-).(-05(0-#7 !"# #*#5(-,1&5%#3#1%#15# ,4 9,%#-1 5&:&*&J)(&,1 ,1 3"2.&5)* &14-).(-05(0-#= %)() )1% &14,-9)(&,1=)1% ("# -#.0*(&1' 5-&(&5)* &14-).(-05(0-# 4015(&,1)*&(2 -#B0&-#. ) .#)9*#.. C1(#-1#( ("# &1"#-#1( 3,(#1(&)* (, %#.(-,2 ,- -#1%#- 0.#*#.. *,'&5)*= 3"2.&5)*= (#5"1&5)*= )1%:&-(0)* &14-).(-05(0-#= )1% (, %)9)'# 5-&(&5)* 1)(&,1)* 5)3)/&*&(.= .05" ). #5,1,9&5=',:#-19#1(= 9&*&()-2= #%05)(&,1)*= "#)*("= .,5&)*= )1% ,("#- 5)3)/&*&(.7

!"-#)(. +&("&1 )1% 4-,9 52/#-.3)5# )-# %&.3)-)(#= %&440.#= )1% .,9# 9)2 )*.,/# %&.3-,3,-(&,1)(# &1 ("# ")-9 ("#2 5,0*% 5)0.#7 T,+#:#-= ("-#)(. (, 52/#- .#50-&(2)-# 1,( .21,129,0. +&(" ("-#)(. (, 1)(&,1)* .#50-&(27 !"# 9)


33/133


)//1(. /7!/))/) &1 ("# 52/#- %,9)&17 !"#2 )-&.# 4-,9 :0*1#-)/&*&(. &1"#-#1(= ,-4-,9 9)*+)-#))3*)5#%= &1 5,93*#; .,4(+)-# ,3#-)(&1' .2.(#9.= )1% 4-,9 9)*&5&,0.")-%+)-#7 !"#2 )-# #9/#%%#% /#5)0.# ("# ("-#)( &. )1 &1(-&1.&5 4#)(0-# ,4 52/#-.3)5#=+"&5" 9)2 1#:#- /# 40**2 #-)%&5)(#%7

"# )$8/0#/ "# 56/ 1(/56,0" ,4 1,5/*5$"((. 6,#5$(/ "%5,0#+", #;3*,&( ("#.# :0*1#-)/&*&(.= ("# )5(&,1. ("#2 ()A#= )1% ("# ()-'#(. ("#2 )(()5A7)*!"#-# )-# 9,-# (")1 1)(&,1>.()(# )5(,-.6 )9,1' ("# '-#)( %&:#-.&(2 ,4 )5(,-. )-# )*.,&%#,*,'&5)* )1% 3,*&(&5)* #;(-#9&.(.= (#--,-&.( ,-')1&J)(&,1.= +#**>,-')1&J#% 5-&9&1)*

')1'.= )1% )** .,-(. ,4 .()(#>.3,1.,-#%= 9#-5#1)-2 ,- &1%&:&%0)* ")5A#-.7 Y)5" 3,.#. )%&.(&15( ("-#)(= -#B0&-&1' ) %&44#-#1(&)(#% -#.3,1.#7

N,.#1/#-'= ("# -)33,-(#0- ,4 ) +,-A.",3 ,1 *"5$,*"( #/%'0$5. 560/"5# $*%.!/0#1"%/= )-'0#. (")( ("# 1)(0-# ,4 52/#-.3)5# 9)A#. ("-#)(. 4-,9 (")( %,9)&1401%)9#1()**2 %&44#-#1( 4-,9 (",.# #;&.(&1' &1 ("# H-#)* +,-*%7I)!G( *#).( 1&1# 4)5(,-.5,1(-&/0(# (, ("&. %&44#-#15#6

5,1(-,* /2 1)(&,1>.()(# )5(,-. +&(" %&44#-&1' *#')* )1% 50*(0-)* )33-,)5"#. )1%

%&.(&15( .(-)(#'&5 &1(#-#.(.7 !"# +,-*% "). /#5,9# ., %#3#1%#1( 03,1 ("# 52/#- %,9)&1 (")( %&.)..,5&)(&,1

&. &93,..&/*#7 U2/#- '*,/)*&J)(&,1 5)11,( /# 01%,1#@ 1#&("#- 5)1 ,0- -#*&)15# ,152/#-.3)5# 4,- 1)(&,1)* .#50-&(2 4015(&,1.7

!"# 1,+ '*,/)*&J#% 3-,%05(&,1 ,4 /,(" 52/#- ")-%+)-# )1% .,4(+)-# &1 9)12%&44#-#1( 5,01(-. 9)A#. &( :&-(0)**2 &93,..&/*# (, 3-,:&%# -#*&)/*# .033*2 5")&1)..0-)15# ,- ',,% 3-,%05( )..0-)15#7

!"# .5)*)/&*&(2 ,4 ("# 52/#- %,9)&1 9)A#. &( B0)*&()(&:#*2 %&44#-#1(7 K# %, 1,(%#)* +&(" A&1#(&5 4,-5# ,4 3"2.&5)**2 *&9&(#% -)1'#= /0( +&(" 9#5")1&.9 /2 +"&5",3#-)(&,1. ,1 ) '*,/)* .5)*# )-# 5,1(-,**#%7

S3#-)(&,1. +&("&1 ("# %,9)&1 )-# 5,1(-,**#% /2 ) .9)** 109/#- ,4 3#,3*#7Y:#-2%)2 0.#-. 5)11,( 9,%&42 ,- 5,1(-,* .,4(+)-# )1% ")-%+)-# ("#2 0.#= ("0.,1*2 4#+ "):# 5,1(-,* ,4 ("# 52/#- 01&:#-.#7

P#5)0.# ,4 ("# &1(#-5,11#5(#%1#.. )1% &1(#-,3#-)/&*&(2 ,4 52/#-.3)5#= 1, *,50.,4 3,.&(&:# 5,1(-,* &. 4#).&/*#7 Y44,-(. (, 9&(&')(# ("# ("-#)(= &4 3,..&/*# )( )**= +&**-#B0&-# 5*,.# &1(#-1)(&,1)* 5,,3#-)(&,17

?)*+)-# ] 9)*&5&,0. .,4(+)-# )1% ")-%+)-#7 N$ 23)45 D,5B,54= Q,1%,1= G U")(")9

9,%#"$,* :4+(5#%3 EF54,%< #$ 23)45


34/133


U")1'#. &1 ("# 52/#- %,9)&1 ,550- #:#- 9,-# -)3&%*27 !"# &1(#-5,11#5(#%1#..,4 52/#-.3)5# #1")15#. ("&. 5,1.#B0#15# ,4 )55#*#-)(&,17 P0( #)5" 5")1'# 5-#)(#.

)')&1 ) 1#+ 525*# ,4 :0*1#-)/&*&(.7 !"# %&.(-&/0(&,1 ,4 52/#- )..#(. .3)1. )** (23#. ,4 ,-')1&J)(&,1.= 4-,9 5*,.#% (,

',:#-19#1( 5,1(-,**#% .2.(#9. (, (",.# ,3#-)(#% /2 ("# 30/*&5= #)5" +&(" %&44#-#1(-#.,0-5#.= 5)3)/&*&(.= )1% 5,15#-1.7

!"# 1)(0-# ,4 52/#-.3)5# &. .05" (")( ("# (#5"1&5)* 5)3)5&(2 (, )((-&/0(# )5(&,1. (, )1,129&(2 &. #).&*2 )5":)/*#7

@*#/%'0$5. $* %.!/0#1"%/ &. 5)0.#% /2 ("-## 5,1%&(&,1. (")( %&.(&1'0&." &( 4-,9 "0%6$5/%5'0/ ,4 56/ @*5/0*/5 /91,*/*5$"( $**,8"5$,* $*5/+0"5$,* $*5, 56/ /%,*,7.2 #,%$/5.2 +,8/0*7/*52 "*) 56/ "07/) 4,0%/#B

The Internet Architecture

!"# )-5"&(#5(0-# ,4 ("# C1(#-1#( #1)/*#. 1#)-*2 &1.()1( 9,:#9#1( ,4 &14,-9)(&,1'*,/)**2 )( *,+ 5,.(7 !"# C1(#-1#( "). /##1 %#.&'1#% (, 5,11#5( 90*(&3*# 1#(+,-A.= (, 4,-#.## ("# :0*1#-)/&*&(. (")( +,0*% #9#-'# ). ("# C1(#-1#( 3-,*&4#-)(#% 4-,9

3#-:)%#. 9,%#-1 *&4#7 C( &. ("# C1(#-1#(I. ,3#11#.. (")( 5)--. %,+1.&%#. &1 (")( &(9)A#. &( #).- (, )(()5A )33*&5)(&,1. )1% ,3#-)(&1' .2.(#9. (")( )-# 1,( )%#B0)(#*2 )1,129,0.= '#1#-)(&1' &14,-9)(&,1 (")( (-):#*. &1 01%&44#-#1>(&)(#% 3)5A#(. (")( 5)1/# #15-23(#% (, %&.'0&.# ("# ,-&'&17 !"&. )1,129&(2 3-,:&%#% /2 ("# )-5"&(#5(0-# *#)%.(, )1 )((-&/0(&,1 5")**#1'# (")( -#1%#-. 9,.( 52/#- )(()5A. 01(-)5#)/*#7 Y.()/*&."&1'=*#( )*,1# )0("#1(&5)(&1' &%#1(&(2 &. 5")**#1'&1' &4 &( &. 3,..&/*# )( )**7

4-,9 "):&1' ("#&- &%#1(&(. %&.'0&.#% .&15# ("# ,1*&1# )1,129&(2 9)A#. &%#1(&42&1'

,3#-)(&1' 4-,9 '*,/)**2 %&.3#-.#% *,5)*#. 5)1= +&(" 1, +)-1&1' )1% ,1*2 9&**&.#5,1%./#(+##1 %#5&.&,1 )1% &93)5(= )(()5A .5,-#. ,4 %&'&()* ()-'#(. .&90*()1#,0.*2 +&(",0( 5").&1' '",.(. ,- #1%&1' 03 )( ")5A#% /,(1#(. +"#1 ("# )(()5A. ,-&'&1)(# 4-,9 )90*(&(0%# ,4 5,930(#-. )1% .#-:#-. &1 90*(&3*# 5,01(-.7


35/133


Exponential Innovation

C11,:)(&,1 "). #;3)1%#% ("# ):)&*)/&*&(2= 0.#= )1% 4015(&,1)*&(2 ,4 ("# C1(#-1#()( )1 )9)J&1' -)(#7 !,%)2= ("#-# )-# 9,-# (")1 F /&**&,1 C1(#-1#( 0.#-. '*,/)**2= ) :).( *#!"# .3-#)% ,4 9,/&*# %#:&5#.=+"&5" .0-3)..#% V /&**&,1 .0/.5-&3(&,1. +,-*%+&%# &1 FLDL= '&:#. )1 #:#1 '-#)(#-109/#- ,4 3#,3*# )55#.. (, ("# C1(#-1#( ). 9,/&*# %#:&5#. 5,1(&10# (, ,44#- /#((#-4015(&,1)*&(2= 3)-(&50*)-*2 4,- ("# %#:#*,3&1' +,-*%7*"Y:#->'-,+&1' 3-,5#..,- .3##%.)1% &93-,:#% )*',-&("9. 5,1(&10# (, 4)5&*&()(# '-#)(#- -#*&)15# ,1 ("# C1(#-1#(= +"&5")%%. (-&**&,1. ,4 %,**)-. (, ("# '*,/)* #5,1,92 #)5" 2#)-7 Z*,/)* #>5,99#-5# )5(&:&(2 FLFL7*$

!"0.= 5,1(&10#% &11,:)(&,1 ,44#-. &15-#).&1' ,33,-(01&(. 4,- 3-,%05(&:# 0.#,4 ("# C1(#-1#(7 T,+#:#-= &( )*., )&%. )** (",.# +&(" 9)*&5&,0. &1(#1( /2 3-,:&%&1'9,-# ()-'#(. )1% (,,*. 4,- )(()5A7 U2/#- .#50-&(2 &. (&9# 5,1.09&1' )1% #;3#1.&:#7?,-#,:#-= ("# 3-#..0-# .#50-&(2 5,93)1. 4##* (, 01:#&* &11,:)(&:# 3-,%05(. B0&5A*2*#)%. (, &1(-,%05(&,1 ,4 (#5"1,*,'. (")( )-# *#.. .#50-# (")1 ("#2 +,0*% /# &4 9,-# 9&**&,1 1#+ 3#. ,4 9)*+)-# &1 FLDL= ,- )1 ):#-)'# ,4 1#)-*2 VV=LLL 3#- %)2= #)5",1# -#3-#.#1(&1' ) 1#+ +#)3,1 4,- )(()5A#-.7 C( )*., -#3,-(#% &15-#).#. &1 ()-'#(#%)(()5A.= &1 ("#&- .,3"&.(&5)(&,1= )1% &1 ("# 109/#- ,4 )(()5A. ,1 ("# 1#+ 5*)..#. ,4%#:&5#. &1 FLDL7*%

Widespread Integration

!"# )-5"&(#5(0-# "). 4)5&*&()(#% C1(#-1#(I. &1(#'-)(&,1 &1(, )*9,.( #:#-2 ).3#5(,4 9,%#-1 *&4#7 K"&*# ("&. "). 2*%#% 9,.( -#9)-A)/*# )%:)15#. &1 3-,%05(&:&(2 3,(#1(&)* 5,1.#B0#15#.7 !"# &1(#'-)(#% 1)(0-# ,4 52/#-.3)5# &15-#).#. ("# 5")15#. -#.0*(&1' 4-,9 52/#- )(()5A. 5)1 *#)% (, %)9)'# )1% #:#1 3,(#1(&)* *,.. ,4 *&4# ("-,0'"

5).5)%&1' #44#5(. ,1 5-&(&5)* .2.(#9. )1% &14-).(-05(0-#7

Three Major Information Infrastructures

!"# +&%#.3-#)% &1(#'-)(&,1 "). /-,0'"( )/,0( 560// 7"?,0 $*4,07"5$,*$*40"#50'%5'0/# F"5$,*"( @*4,07"5$,* @*40"#50'%5'0/= +"&5" &. ("# A#2

EF4 >$%45$4% I+"$"C3 0Z W4,5< HB%451 2"CA E5,$


36/133


1#(+,-A #*#9#1( +&("&1 ) 5,01(-2 (")( #1)/*#. &(. &14,-9)(&,1 .,5(2 (, 4015(&,1= )1% E/4/*#/ @*4,07"5$,*

@*40"#50'%5'0/= +"&5" .#-:#. ) 5,01(-2I. %#4#1.# ,-')1&J)(&,1= /,(" 9&*&()-2 )1%5&:&*&)17 G1% ("# ("&-% &. ("# O(,!"( @*4,07"5$,* @*40"#50'%5'0/= +"&5" 3-,:&%#. ("# 5)3)/&*&(27 G1% &1 /,(" %#4#1.# )1% /-,)%#- 1)(&,1)* .#50-&(2 (#-9.= ("#2 3-,:&%# )3)("+)2 (, 52/#-+)- )1% &14,-9)(&,1 ,3#-)(&,1.7

!"# F"5$,*"( @*4,07"5$,* @*40"#50'%5'0/ &. ("# 1)(&,1+&%# &1(#-5,11#5(&,1 ,45,9901&5)(&,1. 1#(+,-A.= 5,930(#-.= %)()/).#.= )1% 5,1.09#- #*#5(-,1&5. (")(9)A# :).( )9,01(. ,4 &14,-9)(&,1 ):)&*)/*# (, 0.#-.7 C( #15,93)..#. ) +&%# -)1'# ,4#B0&39#1(= &15*0%&1' 5)9#-).= .5)11#-.= A#2/,)-%.= 4)5.&9&*# 9)5"&1#.= 5,930(#-.=

(-)1.9&..&,1 *&1#.= 1#(+,-A. ,4 )** (23#.= (#*#:&.&,1= 9,1&(,-.= 3-&1(#-.= )1% 905"9,-#7 !"# 4-%*2 )1% )%:#-.)-2 3#-.,11#* +", 9)A# %#5&.&,1. )1% ")1%*# ("# C14-).(-05(0-#7*&

H0$5$%"(@*40"#50'%5'0/= +"&5" &. %##9#% 5-&(&5)* /#5)0.# &(. &15)3)5&()(&,1 ,- %#.(-05(&,1+,0*% "):# ) %#/&*&()(&1' &93)5( ,1 ("# 1)(&,1)* .#50-&(2= )1% ("# #5,1,9&5 )1% .,5&)*+#*4)-# ,4 ("# 1)(&,17 !"#.# &14-).(-05(0-#. &15*0%# A#2 .#5(,-. .05" ). &14,-9)(&,1

(-)1.3,-( )1% %&.(-&/0(&,1= #9#-'#152 -#.50# .#-:&5#.= )1% 30/*&5 )%9&1&.(-)(&,1=3*0. *&.(. ,4 )%%&(&,1)* #*#9#1(. (")( :)-2 )5-,.. 5,01(-. )1% ,:#- (&9#7*'

)1% 5,1(&10,0. ,3#-)(&,17 K&(" ("#.# .2.(#9.= .#-:&5# 3-,:&%#-. 0.# 52/#-.3)5# (,5,9901&5)(# )1% 5,1(-,* .#1.&(&:# 3-,5#..#.= .05" ). ("# ,3#1&1' )1% 5*,.&1' ,4 +)(#-@ /)*)15&1' *#:#*. ,4 5"*,-&1)(&,1 &1 +)(#-@ -#'0*)(&1' 3,+#- '#1#-)(&,1 3*)1(.

). +#** ). 3,+#- .033*2 :&) ("# #*#5(-&5 '-&%@ 5,1(-,**&1' '-,01% (-)1.3,-()(&,1 )1% #44#5(. 5,0*% &1(#--03( .033*2 5")&1.= %)9)'# 5,1(-,* 4)5&*&(.I ,3#-)(&,1. -#9,(#*2=5-#)(# .5)-5&(. ,- #9#-'#15.= %#.(-,2 3-,3#-(2= )1% 3,(#1(&)**2 ")-9 ,- #:#1 A&**&11,5#1( 5&:&*&)1.7 G. )(()5A. '-,+ &1 9)'1&(0%# )1% &1(#1.&(2= ("# -&.A. ,4 &15&%#1(.+&(" 5).5)%&1' .,5&)* #44#5(. &15-#).#7


37/133


H0$5$%"( @*40"#50'%5'0/# "0/ +/*/0"((. 0/+"0)/) "# $*6/0/*5(. $*#/%'0/7 ?,.( ,4 ("#5,93,1#1(. )-# %#:#*,3#% &1 ("# 3-&:)(# .#5(,-= +"#-# ("# 3-#..0-# ,4 5,93#(&(&,1

9#)1. .#50-&(2 %,#. 1,( %-&:# .2.(#9 %#.&'17 U,930(#- )1% 1#(+,-A :0*1#-)/&*&(.)-# ("#-#4,-# (, /# #;3#5(#%= )1% ("#.# *#)% (, &14-).(-05(0-#. +&(" &1>/0&*( &1.()/&*&(.)1% 5-&(&5)* 3,&1(. ,4 4)&*0-#7*(G -#*)(&:#*2 .9)** )(()5A 5)1 )5":# ) '-#)( &93)5(=("0. ,44#-&1' ) H4,-5#>90*(&3*-I #44#5( (, (",.# 5)--2&1' ,0( &14-).(-05(0-# )(()5A.7*)

!"# E/4/*#/ @*4,07"5$,* @*40"#50'%5'0/&. ("# .")-#% ,- &1(#-5,11#5(#% .2.(#9,4 (#*#5,9901&5)(&,1. 1#(+,-A.= 5,930(#-.= %)()/).#. )1% #*#5(-,1&5 .2.(#9. +", 9)1)'# )1% .#-:# ("# &14-).(-05(0-#= )1% ("# &14,-9)(&,1 &(.#*47 C( &15*0%#.&14,-9)(&,1 &14-).(-05(0-# +"&5" &. 1,( ,+1#%= 5,1(-,**#%= 9)1)'#% ,- )%9&1&.(#-#%

**

!"# O(,!"( @*4,07"5$,* @*40"#50'%5'0/ &. ("# +,-*%+&%# &1(#-5,11#5(&,1 ,45,9901&5)(&,1. 1#(+,-A.= 5,930(#-.= %)()/).#.= )1% 5,1.09#- #*#5(-,1&5. (")(9)A# :).( )9,01(. ,4 &14,-9)(&,1 ):)&*)/*# (, 0.#-.7 C( #15,93)..#. ) +&%# -)1'# ,4#B0&39#1(= &15*0%&1' 5)9#-).= .5)11#-.= A#2/,)-%.= 4)5.&9&*# 9)5"&1#.= 5,930(#-.= (-)1.9&..&,1 *&1#.= 1#(+,-A. ,4 )** (23#.= (#*#:&.&,1= 9,1&(,-.= 3-&1(#-.= )1% 905"9,-#7 !"# 4-%*2 )1% )%:#-.)-2 3#-.,11#* +", 9)A# %#5&.&,1. )1% ")1%*# ("#(-)1.9&((#% &14,-9)(&,1 5,1.(&(0(# ) 5-&(&5)* 5,93,1#1( ,4 ("# Z*,/)* C14,-9)(&,1

C14-).(-05(0-#7*! C( &. 1,( &%#1(&5)* +&(" ("# C1(#-1#(= +"&5" &. ("# '*,/)* 1#(+,-A ,41#(+,-A.7 S("#- %#%&5)(#% 1#(+,-A. (")( )-# .()1%>)*,1# )1% 1,( 1#(+,-A#%= )-# 1,(3)-( ,4 ("# C1(#-1#(7

Key Characteristics of InformationInfrastructure

!# (")( )-# &93,-()1( (, ()-'#(&1' 5,1.&%#-)(&,1.7 !"#.# &15*0%#

%,71,*/*5#2 %,**/%5$8$5.2 !"*)3$)562 4'*%5$,*"( $*5/0)/1/*)/*%/= )1% ,3*/0#6$1 "*)%,*50,(B

>$B"5C,%#"$ [ :4+(5#%3A H$ >$%45$,%#"$,*!"(5$,*

EF54,%H$,*3


38/133


H,71,*/*5#

("

&. 9,-# &93*&5&(6

!"# 6"0)3"0/E ("# 5,930(#-.@ .#1.,-.@ 3"2.&5)* (-)1.9&..&,1 5,93,1#1(. .05" ).5)/*#.@ -)%&, )1% +&-#*#..@ .)(#**&(#. )1% (-)1.9&..&,1 (,+#-.@

!"# #,453"0/

!"# $*4,07"5$,*&(.#*4 E ("# %)()/).#.@ )1% &14,-9)(&,1 &1 (-)1.9&..&,1 &15*0%&1':,&5#= 4)5.&9&*#= (#;( 9#..)'#.= &9)'#-2= ,- &14,-9)(&,1 &1 ,("#- 4,-9.@

!"#1/,1(/+", ,3#-)(# )1% 9)&1()&1 ("# &14-).(-05(0-#.@ )1%

L,3/0 #'11(.= +&(",0( +"&5" ")-%+)-# )1% .,4(+)-# 5)11,( 4015(&,1 )1%&14,-9)(&,1 5)11,( /# (-)1.9&((#% ,- )55#..#%7 K"&*# &1(#'-)(#% /)5A03 3,+#-

.033*2 5,0*% /# 5,1.&%#-#% 3)-( ,4 ("# ")-%+)-# 5,93,1#1(= 9)&1. .033*2 &. 1,(7 (#-9. ,4 /,(" %0-)(&,1 )1% 5)3)5&(2= )1% 9)&1. .033*2 -#9)&1. 5-&(&5)* 4,- 40** )1%#1%0-&1' 4015(&,1)*&(27

H,**/%5$8$5.6 !"# :#-2 /-,)%= :&-(0)**2 &1.()1()1#,0. )1% .#)9*#.. 5,11#5(&:&(2)1% -#)5" )5-,.. ("# :)-&,0. %,9#.(&5 )1% &1(#-1)(&,1)* &14,-9)(&,1 %,9)&1. ,4 ("# ("#.# &14-).(-05(0-#. "):# )%(&9# %#3#1%#15# )*., )33*. (, 9)12 #9#-'#152 .#-:&5#. )1% #.3#5&)**2 (, -#*)(&:#*2 /- 3#-&,%. ,4 (&9#= 5,0*% "):# ) 9)%,+1I )55#..&/&*&(2 4,- %#3*,2#%5,9/)( 4,-5#. (, ("#&- "#)%B0)-(#-.I &1(#**&'#15# %)()/).#.7

Q'*%5$,*"( $*5/0)/1/*)/*%/6 P#(+##1 &14,-9)(&,1 )1% &(. .033,-(&1' .2.(#9.=)1% /#(+##1 ("# .033,-(&1' .2.(#9. ("#9.#*:#.= &. ) 9)


39/133


9,0*% ,4 ()-'#(&1' ,0(5,9#. &1 H#44#5(>/).#%I ,3#-)(&,1.7!"

J3*/0#6$1 "*) %,*50,(6 S+1#-."&3 ,4 ("# 1#(+,-A. :)-. /#(+##1 ("#',:#-19#1( )1% 3-&:)(# .#5(,-= %#3#1%&1' ,1 ("# 5,01(-2= )1% +")( 3)-( ,4 ("# 1#(+,-A+&("&1 (")( 5,01(-2 &. &1:,*:#%7 C1 9,.( 5,01(-.= ("# 9)(,>("#>9&10(# .&(0)(&,1)* )+)-#1#.. &. #..#1(&)* +"#-# (#5"1,*,'&5)* )1% .&(0)(&,1)*5,93*#;&(. ,1 ("# "09)1 %#5&.&,1 9)A#- )-# ) 5,15#-17 8&(0)(&,1)* )+)-#1#.. ")./##1 -#5,'1&J#% ). ) 5-&(&5)*= 2#( ,4(#1 #*0.&:#= 4,01%)(&,1 4,- .055#..40* %#5&.&,19)A&1' )5-,.. ) /-,)% -)1'# ,4 5,93*#; )1% %21)9&5 .2.(#9.= &15*0%&1' ):&)(&,1

XD C. ) 3-,5#.. 4,- ,/()&1&1' ) %#.&-#% .(-)(#'&5 ,0(5,9# ,- H#44#5(I ,1 ("# #1#92= ("-,0'" ("# .21#-'&.(&5=90*(&3*&5)(&:#= )1% 5090*)(&:# )33*&5)(&,1 ,4 ("# 40** -)1'# ,4 9&*&()-2 )1% 1,1>9&*&()-2 5)3)/&*&(. )( ("#

XF 801 !J0= EF4 H5% "B D,5= (-)1.*)(#% /2 Q&,1#* Z&*#.= )(6 !"# C1(#-1#( U*)..&5. G-5"&:#= H5C48 J"5+4< !"(5$,* :#%(,%#"$ ,7,54$4


40/133


,44.",-# ,&* )1% 105*#)- 3,+#- 3*)1( 9)1)'#9#1(= #(57

U2/#-.3)5# &. ) :).(= 5,93*#; )1% -)3&%*2 5")1'&1' /)((*#.3)5#7 !"# A#2 (,3-#:)&*&1' &1 ) ",.(&*# 52/#->.3)5# #1:&-,19#1( 9)2 * &1 ("# )/&*&(2 (, '#1#-)(# )5,93-#"#1.&:# 3&5(0-# ,4 (")( #1:&-,19#1(7!'C1 ("# A&1#(&5 -#)*9= ("# 4,+ ,4 3"0&. )(#-9 %#-&:#% 4-,9 U*)0.#+&(J -#4#--&1' (, 015#-()&1 A1,+*#%'# )/,0( ("# )%:#-.)-2=)1% ("# 3,.&(&,1 )1% )5(&:&(. ,4 ("# ,+1 4,-5#. &1 ("# 9&%.( ,4 )1 ,3#-)(&,17 K"&*#.&(0)(&,1)* )+)-#1#.. &. ) 9)&1 -#%01%)152= ,44#-&1' /)5A03 .2.(#9. )1% 4)&*,:#-

1#(+,-A 3)(".7 K"&*# -#%01%)152 &. &93,-()1( 4,- ):)&*)/&*&(2= &( )*., '-#)(*2 #1")15#.("# 5,93*#;&(2 ,4 .#50-&(27 G (23&5)* 1#(+,-A ,44#-. 9)12 3,..&/*# 3)(". (, 5,11#5( )0.#- (, )1 )33*&5)(&,17 C4 )12 .&1'*# 3)(" &. ):)&*)/*#= ("# )33*&5)(&,1 &. ):)&*)/*#7 P0( !(

C1 )%%&(&,1 (, ("# 5,93*#;&(2 ,4 52/#-.3)5#= .&(0)(&,1)* )+)-#1#.. &. 9)%#:#-2 5")**#1'&1' /#5)0.# ,4 5,1.()1( )1% %21)9&5 5")1'#7 Y:#1 &4 ("# ,+1 3,.&(&,1 &.

XV :#?$,* M,?,R#$4= ?)2

FLDL7XW


41/133


%)(# /#5)0.# 01-#*#1(&1' 5")1'# &. )1 &1"#-#1( 5")-)5(#-&.(&5 ,4 52/#-.3)5#7 !"#-# )-#%&44#-#1( ).3#5(. ,4 5")1'#7 S1# &. &1 ("# CU! .2.(#9. ("#9.#*:#.= +"&5" )-# 5,1.()1(*2

%#3*,2#%= %#5,99&..&,1#%= &1(#'-)(#%= )1% 03%)(#% +&(" 1#+ .,4(+)-# )1% ")-%+)-#7!"&. .,-( ,4 5")1'# &. 401%)9#1()* (, ("# 3,+#- ,4 %&.(-&/0(#% 5,930(&1'7 C( #1)/*#. 5")1'#= ("#-# )-# *&9&(. (, ",+ 905" 5,1(-,* 5)1 /# &93,.#% +&(",0( 5,93-,9&.&1'("# )%:)1()'#. (")( 52/#-.3)5# ,44#-.7

The Challenges of Protection against SecurityBreaches

G 9,-# &93,-()1( ).3#5( ,4 5")1'# &. 9,.(*2 ,0( ,4 5,1(-,* 4,- ("# 4,-5#.%#3*,2#%6 56/ %6"*+$*+ *"5'0/,4 8'(*/0"!$($5$/# "*) 560/"5#7 !"#-# )-# 9)12 (",0.)1%.,4 A1,+1 :0*1#-)/&*&(. &1 C! .2.(#9.= )1% 1#+ ,1#. )-# %&.5,:#-#% #:#-2 %)27 !"#52/#- .#50-&(2 5,93)12 8,3",. )1)*2J#% XV=LLL 9)*+)-# 3#. &1 &(. *)/. #:#-2 %)2&1 FLDL= 1#)-*2 %,0/*&1' ("# 109/#- ,4 9)*+)-# ("#2 (-)5A#% &1 FLLX7 !"&. )55,01(. )-# *#'&(&9)(# +#/.&(#. (")( +#-# ")5A#%7!)!"&. &. ) 5*#)- .&'1 (")( ("# 9)*+)-# ("-#)(5,1(&10#. (, '-,+ )( )1 )*)-9&1' -)(#7!*

G1% ,33,1#1(. )-# 5,1.()1(*2 %#:#*,3&1' 1#+ 9#(",%. )1% 9#5")1&.9. (,#;3*,&( ("#.# :0*1#-)/&*&(.7 !"# 3-,/*#9 &. (")( &( &. 5"#)3 (, %#:#*,3 ) 52/#- +#)3,1=+"&*# %#4#1%&1' )')&1.( &( 5,.(. ) *,(7 8,9# ,4 ("# 9,.( 5,93*#;= 5,99#-5&)**2):)&*)/*# %#4#1.# .,4(+)-# 1,+ "). /#(+##1 V )1% DL 9&**&,1 *&1#. ,4 5,%#7 C1 5,1(-).(= *&1#. ,4 5,%#7!!!"0.= +")( +). 5,1.&%#-#% &93-#'1)/*# 2#.(#-%)2 9)2 .",+ .0/(*#+#)A1#..#. (,%)2= )1% 9)2 *&A#*2 /# 5,93-,9&.#% (,9,--,+7 !"0.= 52/#- %#4#1.#. 5")1'&1' ("-#)(.7 P0( /#5)0.# ("# (-)%&(&,1)* 9)10)* (#5"1&B0#. )-# 4)&*&1' (, 3-,:&%#("# .#50-&(2 1##%#%= )0(,9)(#% .2.(#9. )-# -#B0&-#% (")( 5,1(&10,0.*2 9,1&(,-

.#50-&(2 3,.(0-#.= )1% 3-,:&%# -&.A>/).#% .&(0)(&,1)* )+)-#1#.. (, %#5&.&,1 9)A#-.7T#15#= (, 3-,(#5( ("#&- :&()* )..#(.= ("# )-9#% 4,-5#. 90.( 9##( ("# ("-#)(. 3-,)5(&:#*2+&(" ) .2.(#9>+&%# %#4#1.&:# )33-,)5" #93*,2&1' .03#-&,- (#5"1,*,'27"##

>$B"D"5*8 >$+

:"6F"<


42/133


!"#-# )-# ("-## 5*)..#. ,4 .2.(#9. 4,- %#4#1.&:# 3,.(0-# 9)1)'#9#1(= +"&5" "45/0= )'0$*+= )1% !/4,0/7

R,-#1.&5 .2.(#9. "#*3 ,-')1&J)(&,1. &1:#.(&')(# )(()5A. "45/0 ("#2 "):# ,550--#% (,01%#-.()1% /,(" ("#&- &93)5( )1% ("#&- -,,( 5)0.#.7 !"# 5,-# ,4 ("#.# .,*0(&,1. &."&.(,-&5)* *,'. (")( -#5,-% )5(&:&(2 ,1 #)5" ).3#5( ,4 ("# &14-).(-05(0-#= 4-,9 .,4(+)-#(, 1#(+,-A %#:&5#.7 !"#.# *,'. 5)1 /# )1)*2J#% 9)10)**2 (, %#(#-9&1# ("# .#B0#15#,4 #:#1(. (")( "):# *#% (, )1 &1(-0.&,1 ,- %&.-03(&,17 P0( ("# :,*09# )1% 5,93*#;&(2 ,4("&. %)() &. #1,-9,0.7 !"0.= ,-')1&J)(&,1. 1,+ &93*#9#1( *,' 9)1)'#9#1( .2.(#9.(")( 5,**#5(= .(,-#= )1% )1)*2J# (")( %)() )0(,>9)(&5)**27 !"#.# .2.(#9. 5,--#*)(#&14,-9)(&,1 4-,9 90*(&3*# .2.(#9. (, &%#1(&42 3)((#-1.= )1% 30( (,'#("#- ) (&9#*&1# ,4 #1)/*#% ("# /-#)5"= )1% &%#1(&42= #:)*0)(#= )1% )%%-#.. ("# %)9)'# %,1#7"#"

!"# 1#;( /#((#- 5*).. ,4 .&(0)(&,1)* )+)-#1#.. .2.(#9. "#*3. ("# 4,-5#. (, %#(#5()1% -#.3,1% (, )1 "55"%- $* 10,+0/##7 805" .2.(#9. -#*2 ,1 .#1.,-. )1% &1(-0.&,1%#(#5(&,1 .2.(#9. %#3*,2#% ("-,0'",0( ("# &14-)>.(-05(0-# (, &%#1(&42 .0.3&5&,0./#"):&,-= %#:&)(&,1 4-,9 1,-9)*52= )1% (, -)&.# )*)-9.7 G1 )*)-9 5)1 /# )1)*2J#%9)10)**2= /0( )1 &1(-0.&,1 9)2 -)&.# (,, 9)12 .05" )*)-9. ). &( 9,:#. ("-,0'" ("#&14-)>.(-05(0-#7 G1% .,-(&1' ,0( ) (-0# )(()5A 4-,9 ("# 1,-9)* /)5A'-,01% 1,&.# ,44)*.# )*)-9. &. )1 #;(-#9#*2 5,93*#; #1%#):,-7 !, )%%-#.. ("&.= .2.(#9. 4,- .#50-&(2&14,-9)(&,1 )1% #:#1( 9)1)'#9#1( 5)1 /# %#3*,2#% +"&5" 5,**#5( #:#1(.= )1)*2J#("#9 ,1 )1 &14-).(-05(0-#>+&%# /).&.= )1% &%#1(&42 +"#-# )1 #;3*,&( &. ,550--&1' )((")( 3,&1( &1 (&9#7 K&(" &14,-9)(&,1 ("0. ')&1#%= &15&%#1( -#.3,1.# (#)9. 5)1 ()A#

)5(&,1 (, 3-#:#1( ("# &1(-0.&,1 4-,9 3-,'-#..&1' )12 40-("#-7

!"# *).( )1% 9,.( &93,-()1( 5*).. ,4 .&(0)(&,1)* )+)-#1#.. .2.(#9. &. %#.&'1#%(, ,3#-)(# !/4,0/ )1 )(()5A /#'&1.= 4,50.&1' ,1 .(,33&1' )(()5A#-. /#4,-# ("#2 ')&1#1(-27"#$ R,- ("&.= %#4#1.#. (")( /*,5A 9)*&5&,0. .,4(+)-# )1% 01)0(",-&J#% )55#.. 9,1&(,-#% (, 3-#:#1( %#:&)(&,1 )1% 1,15,93*&)15# (")( 5)1 5-#)(# :0*1#-)/&*&(. &1 ("# ,("#- -&.A. &1 ("# &14-).(-05(0-#7 Q&A# 4,-#1.&5 )1% #:#1(>/).#% .2.(#9.= ("#.# .2.(#9.)-# #B0&33#% +&(" 5,93,1#1(. (")( )..#.. &1%&:&%0)* %#:&5#. .05" ). :0*1#-)/&*&(2

.5)11#-.7"#%

85)11#-. )1% .&9&*)- (,,*. &%#1(&42 :).( 109/#-. ,4 3,(#1(&)* %#:&5#&..0#.= 9,.( ,4 +"&5" )-# #44#5(&:#*2 9&(&')(#% /2 ("# %#4#1.#>&1>%#3(" )-5"&(#5(0-#.,4 .#50-&(27 8#50-&(2 3,.(0-# 9)1)'#9#1( .,*0(&,1. 5)1 /# %#3*,2#% (")( )1)*2J# ("# &14-).(-05(0-#= 5,--#*)(# ("#9 (,'#("#-= )1% &%#1(&42 ("# .2.(#9>+&%# .#50-&(2 &..0#.

DLD DLF K"


43/133


5)1 ("#1 3-&,-&(&J# )1% )%%-#.. 3-,/*#9. (, -#9#%&)(# !/4,0/ 56/. "0/ /91(,$5/) /2)%:#-.)-.7"#&

G. )*+)2. +&(" 5,930(#- .#50-&(2= ("#-# )-# (+, ("&1'. (, -#9#9/#-7 R&-.(=(")( .#50-&(2 %#3#1%. ,1 ) 5,9/&1)(&,1 ,4 (#5"1,*,'2 )1% 3,*&52@ )1% .#5,1%= (")(1, .2.(#9 &. #:#- (,()**2 .#50-#7 C( &. .)4#- (, )..09# (")( ("#-# +&** /# /-#)5"#.= )1%+,-A ,0( ",+ (, 9&1&9&J# ("# %)9)'#7 !")( 9#)1. .(,-&1'= )1% 9,:&1' )-,01%= ).*&((*# %)() ). 3,..&/*#@ )1,129&J&1' -#5,-%. )1% *&1A&1' (, 3#-.,1)* %#()&*. .(,-#% &1) .#3)-)(# %)()/).#@ 0.&1' #15-23(&,1 (, 3-,(#5( %)() &1 (-)1.&(= )1% 0.&1' C1(-)1#(.,*0(&,1. +"#-# 3,..&/*#7

8#50-&(2 )-5"&(#5(0-#. )-# /0&*( ,1 ("# 3-#9&.# (")( .055#..40* )(()5A. +&**,550-7 !"# -)3&%*2 5")1'&1' )1% &1"#-#1(*2 ,3#1 1)(0-# ,4 52/#-.3)5# 9)A#. ("&.

&1#:&()/*#7 !"# 0*(&9)(# 3-,(#5(&,1 )')&1.( )(()5A. &. (, )&->')3 5-&(&5)* .2.(#9. 4-,9 )1% 4015(&,1)*&(27 !, -#()&1 4015(&,1)*&(2 +"&*# .(&** ,44#-&1' -,/0.( .#50-&(2= 52/#- %#4#1.#. )-# %#.&'1#% (, 5,1()&1 ("# )(()5A /#4,-# &( 5)1 -#)5" 5-&(&5)* .2.(#9.7 ?05"*&A# 3"2.&5)* %#4#1.#.= *)2#-#% %#4#1.#. 5)1 3-,:&%# &15&%#1( -#.3,1.# (#)9. ("# (&9#(, ."0( %,+1 )1 )(()5A /#4,-# &( 5)0.#. 01)55#3()/*# %)9)'#7

Y44#5(&:# .&(0)(&,1)* )+)-#1#.. .2.(#9. )-# )1 &1(#'-)* 3)-( ,4 *)2#-#% %#4#1.#.7P0( #:#-2 *)2#- &15-#).#. ("# 5,93*#;&(2 ,4 ("# %#4#1.# #;3,1#1(&)**2= ., 9)&1()&1&1'

90*(&3*# *)2#-. /#(+##1 5")1'&1' ("-#)(. )1% 5")1'&1' CU! .2.(#9. -#B0&-#.)0(,9)(#% )..#..9#1( 5)3)/&*&(.7 Y:#1( 9)1)'#9#1( .2.(#9. (, -#.3,1% (, )(()5A.&1 3-,'-#.. )-# 1,+ /#5,9&1' 9,-# 5,99,17 P0( .#50-&(2 3,.(0-# 9)1)'#9#1( 4)("#-#% ("# C1(#-1#(7

K&(" #44#5(&:# 5,1(&1'#152 3*)1.= 3-,5#..#.= (,,*.= )1% 5,93#(#15. &1 3*)5#

4,- ("# #:#1( ,4 )1 &1(-0.&,1 ,- %&.-03(&,1= &15&%#1( -#.3,1.# (#)9. 5)1 -#)5( .+&4(*2(, 5,1()&1 )1% #-)%&5)(# ("# ("-#)(7 K&(" ("# "#*3 ,4 (&9#*2 &15&%#1( -#3,-(.= ("#2 5)1)..#.. )12 .2.(#9 %)9)'# ,- %)() *,.. )1% 9,:# B0&5A*2 (, -#.09# ,3#-)(&,1.7 G1%+&(" -#5,:#-2 3-,5#%0-#. )1% +,-A)-,01%. )*-#)%2 (",0'"( ,0(= &15&%#1( -#.3,1.# &14,-9)(&,17 !"#2 ("#1 5)1 -#.(,-# .2.(#9. )1% (#.(. (, "#*3 #1.0-# (")( )** 5,93,1#1(.


44/133


&15&%#1(= ., ("# *#..,1. 5)1 /# )33*% (, "#*3 (, &93-,:# #;&.(&1' .#50-&(2 3-,:&.&,1.)1% 3-#:#1( -#50--#15#7"#'

Supply Chain and Vendor Access, Remote Access,Proximity Access, and Insider Access

&1(#-,3#-)/&*&(2 1##% 1,( /# 90(0)**2 #;5*0.&:# ,4 .#50-&(27 P0( ("# 52/#- .#50-&(25")**#1'# 5)1 ,1*2 /# )%%-#..#% #44#5(&:#*2 /2 40**2 01%#->.()1%&1' ("# +&%# -)1'# ,4("# -#)* 560/"5 8/%5,0##;&.(&1'= +"&5" 4)** &1(, 4,0- /-,)% 5)(#',-.6 #'11(. %6"$* "*)8/*),0 "%%/##20/7,5/ "%%/##=10,9$7$5. "%%/##= )1% $*#$)/0 "%%/##(, CU! .2.(#9.7

K&(" -#.3#5( (, ("# #'11(. %6"$*= &( &. +&%#*2 )55#3(#% (")( ("# '*,/)* #5,1,92"). '&:#1 1)(&,1. ("# )/&*&(2 (, 5,93#(# )1% 30-5").# .#-:&5#. &1 )1 #;3)1%&1' 9)-A#((")( "). %-&:#1 %,+1 3-&5#. )1% 3-,9,(#% -)3&% &1:#1(&,1 )1% &11,:)(&,17 P0( ("#'*,/)* .033*2 5")&1 )*., "). .0/.()1(&)**2 &15-#).#% ,0- :0*1#-)/&*&(. (, )%:#-.)-&)*9)1&30*)(&,1 ,4 ")-%+)-# )1% .,4(+)-#7 U,930(#-. ,- ("# )-5"&(#5(0-# ("#2 -&%#,1 5)1 /# 3,&.,1#% +&(" %,-9)1( 5)3)/&*&(. (")( 5)1 /# )+)A#1#% /2 )%:#-.)-.7Y:#1 &4 ,0- CU! .2.(#9. 5,9# ,0( ,4 ("# 4)5(,-2 &1 3-&.(&1# 5,1%&(&,1= ("#2 5)1 /#9)1&30*)(#% /2 ("# %#*&:#-2 .#-:&5#= ("# +",*#.)*#-= ("# -#()&*#-= ("# &1.()**#-= ("#


45/133


.&'1)*. &. ) ',,% #;)93*# ,4 ("&. :#5(,-7 !"-,0'" 5,99,1 (#5"1&B0#. .05" ). 3)..&:##*#5(-,1&5 9,1&(,-&1' ,4 &14,-9)(&,1 /#&1' (-)1.9&((#%=


46/133


T#15#= -#.3,1.#. *&9&(#% (, ("# *#:#* ,4 ("# 1)(&,1>.()(# )-# &1)%#B0)(#6%,,0)$*"5/) $*5/0*"5$,*"( "%5$8$5.= +&(" )** ("# )..,5&)(#% 3-,/*#9. ,4 -#)5"&1'

)'-##9#1( )1% ("#1 )5(&1' &1 5,15#-(= &. +")( &. -#B0&-#%7 !"# #1#92 5)1 ,1*2 /#A1,+1 ("-,0'" 5*,.# &1(#-1)(&,1)* 5,,3#-)(&,17 G1% "&. :0*1#-)/&*&(2 5)1 /# *#)-1( ,4)1% #;3*,&(#% ("-,0'" .05" 5,,3#-)(&,17

)(()5A. ,1 .2.(#9. 5,11#5(#% (, ("# C1(#-1#( 5)1 ,-&'&1)(# 4-,9 )12+"#-# ,1 (")( 5)1 /# #;3*,&(#% -#9,(#*2 4-,9 ) ("&-%7 R)&*0-#. &1 5-&(&5)* &14,-9)(&,1 &14-).(-05(0-#.&1 ,1# 1)(&,1 5)1 5).5)%# &1(, %#3#1%#1( .2.(#9. #*.#+"#-#7 Z,:#-19#1(. )1% ("#3-&:)(# .#5(,- 1##% (, 5,,-%&1)(# ("#&- #44,-(. (, #1")15# 52/#- .#50-&(2 *#:#*.= %#:#*,3.)4# )1% (-0.(#% 9#(",%. 4,- &14,-9)(&,1 .")-&1' )/,0( :0*1#-)/&*&(.= /*,5A )1%

)*., ) 1#+ *,,A )( ("# -#'0*)(,-2 1,-9.= &1(#-1)(&,1)* *#')* 1,-9. )1% )33-,)5"#.7

5,**)/,-)(&:# &14,-9)(&,1>.")-&1' )1% 3-,/*#9>.,*:&1' )9,1' 5,99#-5#= )5)%#9&)=

&1(#1%#% (, /# ) 9&*&()-2>,1*2= ,- #:#1 ) 9&*&()-2>5#1(-&5= .(-)(#'27 C( 1#5#..)-&*2 50(.)5-,.. ("# 3,-(4,*&, ,4 ) :)-(2 ,4 )5(,-.= ). &( .3)1. ("# (#5"1,*,'2 #93*,2#%= ("#

U2/#- )(()5A. 9)2 -&.# (, ("# *#:#* ,4 ) 1)(&,1)* .#50-&(2 ("-#)( +"#1 )%:#-.)-."):# &1:#.(#% #1,0'" (&9# )1% #44,-( &1(, 5-#)(&:# )1% +#**>(&9#% .(-&A#. ,1 ) 5-&(&5)* .",0*% 5,1.&%#- (")( #*#5(-&5&(2 "). 1, .0/.(&(0(#= )1% (")( )** ,("#- &14-).(-05(0-#.=&15*0%&1' 5,930(#- 1#(+,-A.= %#3#1% ,1 &(7 P#5)0.# ("# 52/#- )(()5A ("-#)( (, 5-&(&5)*&14-).(-05(0-#. &. .(-)(#'&5 &1 .5,3#= ("# 1)(&,1)* -#.3,1.# 90.( /# #B0)* (, ("# ().A6

52/#- *)+= )1% &1(#-1)(&,1)* 5,,3#-)(&,17 P#5)0.# 52/#- .#50-&(2 &. #:,*:&1' 4-,9 )(#5"1&5)* %&.5&3*&1# (, ) .(-)(#'&5 5,15#3(= )1% /#5)0.# 52/#- )(()5A. 5)1 )44#5( 1)(&,1)*.#50-&(2 )( ("# .(-)(#'&5 *#:#*= 1)(&,1)* *#)%#-. 90.( *,,A /#2,1% ("# ()5(&5)* )-#1)7 !"#='/#5 4,0 #50"5/+$% %.!/0 #/%'0$5. $*8,(8/# 7"0#6"($*+ "(( ,4 56/ 0/#,'0%/# ,4 " *"5$,*>#5"5/BC1 ("&. B0#.( 4,- .(-)(#'&5 52/#- .#50-&(2= &( &. )%:&.)/*# (, 30( #93").&. ,1 ) .#50-&(2

EF4 23)45$%45$,%#"$,* H+%#"$ C1.(&(0(#= FLDL7

DLX 947 W"5V E#C4


47/133


.2.(#9 )-5"&(#5(0-# (")( #93*,2. 90*(&3*# (-. ,4 %#4#1.#.= (")( 5)1 /# .#'9#1(#%01%#- )(()5A= )1% (")( "). ) "#)*("2 5,93,1#1( ,4 -#.&* (, )**,+ .3##%2 -#5,:#-27

!"# 9)&1 &93-,:#9#1(. (")( 5,0*% /# 9)%# +,0*% /# (, .(-#1'("#1 9#5")1&.9.4,- '*,/)* 5,,3#-)(&,1 )1% 5)3)5&(2 /0&*%&1'= )1% (, 40-("#- &15-#).# ("# 109/#- ,4 R,-09 )*-#)%2 /-&1'. (,'#("#- .()A#",*%#-. 4-,9 ("# 30/*&5 )1% 3-&:)(# .#5(,- ). +#**). 5&:&* .,5(2 '-,03. 4-,9 )-,01% ("# +,-*%= )1% "). )5(&:#*2 5,1.&%#-#% .#50-&(2

DDL >$%45$4% X"=45$,$+4A 254,%#$? N66"5%($#%#4< B"5 H**1!"# R,0-(" C1(#-1#( Z,:#-1)15#


48/133


4. Cyber Vulnerabilities and how

Cyber Attacks are EnabledT,.(&*# )5(&,1. )')&1.( )1 C! .2.(#9 ,- 1#(+,-A 5)1 ()A# (+, 4,-9.6 %.!/0 "55"%-

)1% %.!/0 /91(,$5"5$,*7 G %.!/0 "55"%-&. ("# 0.# ,4 %#*&/#-)(# )5(&,1. (, )*(#-= %&.-03(=%#5#&:#= %#'-)%#= ,- %#.(-,2 )%:#-.)-2 C! .2.(#9. )1% 1#(+,-A. ,- ("# &14,-9)(&,1)1% 3-,'-)9. -#.&%#1( &1 ,- (-)1.&(&1' ("#.# .2.(#9.7 H.!/0 /91(,$5"5$,*&. ("# 0.# ,4,3#-)(&,1. (, ,/()&1 &14,-9)(&,1= 0.0)**2 5*)1%#.(&1#*2 )1% 5,1%05(#% +&(" ("# .9)**>#.( 3,..&/*# &1(#-:#1(&,1 (")( .(&** )**,+. #;(-)5(&,1 ,4 ("# &14,-9)(&,1 .,0'"(7"""!"#.#.",0*% 1,( %&.(0-/ ("# 1,-9)* 4015(&,1&1' ,4 ("# .2.(#9.7 !"# /#.( 52/#- #;3*,&()(&,1

&. ,1# (")( ) 0.#- 1#:#- 1,(&5#.7

U2/#- )(()5A. )1% 52/#- #;3*,&()(&,1. )-# 3,..&/*# ,1*2 /#5)0.# @A #.#5/7#"*) */53,0-# "0/ 8'(*/0"!(/7 ?,.( :0*1#-)/&*&(. #;&.(&1' )-# &1(-,%05#% )55&%#1()**2("-,0'" ""$). %#.5-&/#% /#*,+7 G. *,1' ). 1)(&,1. -#*2,1 C! .2.(#9. )1% 1#(+,-A. ). ) 4,01%)(&,1 4,- 9&*&()-2 )1% #5,1,9&5 3,+#-= )1% ).*,1' ). ("#.# )-# )55#..&/*# 4-,9 ("# ,0(.&%#= ("#2 )-# )( -&.A ,4 /#&1' )(()5A#%7

%

8,4(+)-# G33*&5)(&,1. ,- .2.(#9 .,4(+)-# 9)2 "):# )55&>

5)1 .0/:#-( ("# &1(#1%#% 30-3,.# 4,- +"&5" ("# .,4(+)-#&. %#.&'1#%7

T)-%+)-# >&1' 9&5-,3-,5#..,-.= 9&5-,5,1(-,**#-.= 5&-50&( /,)-%.=3,+#- .033*.= 3#-&3"#-)*. .05" ). 3-&1(#-. ,- .5)11#-.=.(,-)'# %#:&5#.= )1% 5,9901&5)(&,1. #B0&39#1( .05" ).1#(+,-A 5)-%.7 !)93#-&1' +&(" .05" 5,93,1#1(. 9)2 .#>5-#(*2 )*(#- ("# &1(#1%#% 4015(&,1)*&(2 ,4 ("# 5,93,1#1( ,-3-,:&%# ,33,-(01&>(. (, &1(-,%05# 9)*+)-#7

8#)9. /#(+##1")-%+)-# )1% .,4(>+)-#

G1 #;)93*# ,4 .05" ) .#)9 9&'"( /# ("# -#3-,> (")( 5)1 /# &93-,3#-*2 )1% 5*)1%#.(&1#*2 -#3-,'-)99#%7

DDD C4 ("# -#B0&-#9#1( 4,- .(#)*(" &. 9#(= ("# )%:#-.)-2 &. *#.. *&A#*2 (, ()A# 5,01(#-9#).0-#. (, 1#')(# ("# *,..

DDF U2/#-%#(#--#15# )1% U2/#-+)-= ,37 5&(7= 37 ;&&&7


49/133


U , 9 9 0 1 & 5 ) >(&,1. 5")11#*.

!"# 5,9901&5)(&,1. 5")11#*. /#(+##1 ) .2.(#9 ,-1#(+,-A )1% ("# H,0(.&%#I +,-*% 5)1 /# 0.#% /2 )1 )%:#->

.)-2 &1 9)12 +)2.7 G1 )%:#-.)-2 5)1 3-#(#1% (, /# )1 )0>(",-&J#% 0.#- ,4 ("# 5")11#*= +,-A 5)1 /# (-&5A#% ,- /*)5A9)&*#% &1(, %,&1' ("# /&%%&1',4 )1 )%:#-.)-2= ,- .#** ("#&- .#-:&5#.7

8#-:&5# 3-,:&%>#-.

?)12 5,930(#- &1.()**)(&,1. -#*2 ,1 ,0(.&%# 3)->(. (, 3-,:&%# 5,930(#->-#*)(#% .#-:&5#.= .05" ). 9)&1>(#1)15# ,- C1(#-1#( .#-:&5#7 G1 )%:#-.)-2 9)2 /# )/*# (,3#-.0)%# ) .#-:&5# 3-,:&%#- (, ()A# .,9# .3#5&)* )5(&,1,1 &(. /#")*4= .05" ). &1.()**&1' )(()5A .,4(+)-# ,1 ) ()-'#(5,930(#-7

U2/#- )(()5A. )1% 52/#- #;3*,&()(&,1""& -#B0&-# :0*1#-)/&*&(2= )55#.. (, (")( :0*1#->

)/&*&(2= )1% ) 3)2*,)% (, /# #;#50(#%7 !"# 3-&9)-2 (#5"1&5)* %&44#-#15# /#(+##1 52/#-)(()5A )1% 52/#- #;3*,&()(&,1 &. &1 ("# 1)(0-# ,4 ("# 3)2*,)% (, /# #;#50(#%7 G 52/#-)(()5A 3)2*,)% &. %#.(-05(&:# +"#-#). ) 52/#- #;3*,&()(&,1 3)2*,)% )5B0&-#. &14,-9)>(&,1 ,- &1(#**&'#15# 1,1%#.(-05(&:#*27

!"# 3)2*,)% &. ("# (#-9 0.#% (, %#.5-&/# ("# ("&1'. (")( 5)1 /# %,1# ,15# :0*>1#-)/&*&(2 "). /##1 #;3*,&(#%7 R,- #;)93*#= &4 ) .,4(+)-# )'#1(= .05" ). ) :&-0.= ").#1(#-#% ) '&:#1 C! .2.(#9= &( 5)1 /# 3-,'-)99#% (, %, 9)12 ("&1'. E -#3-,%05# )1% 3-,'-)99)/*# 5)3)/&*&(.7 ?,-#,:#-= ("# (&9&1' ,4 )5(&,1. 5)1 )*., /# :)-%= )1%

&4 ) 5,9901&5)(&,1. 5")11#* (, ("# )%:#-.)-2 &. ):)&*)/*#= 3)2*,)%. 9)2 /# -#9,(#*203%)(#%7 C1 .,9# 5).#.= ("# &1&(&)**2 %#*&:#-#% 3)2*,)% 5,1.&.(. ,4 1,("&1' 9,-# (")1 )9#5")1&.9 4,- .5)11&1' ("# .2.(#9 (, %#(#-9&1# &(. (#5"1&5)* 5")-)5(#-&.(&5.= )1% )1>,("#- 9#5")1&.9 ("-,0'" +"&5" ("# )%:#-.)-2 5)1 %#*&:#- ("# /#.( .,4(+)-# 03%)(#.(, 40-("#- ("# 5,93-,9&.#7""'

U2/#-.3)5# &. ) :&-(0)* 9#%&09= )1% ). .05" 4)- *#.. ()1'&/*# (")1 *)1%= .#)= )&-= &1 '#1#-)*= )1% 52/#- #;3*,&()(&,1""()1% 52/#- )(()5A. &1 3)-(&50*)-= &. (, :+ &( ).

:F,8"7< #$ %F4 2*"(8A >$=4


50/133


16.#$%"( ("./0 #.*5"%5$% ("./0.&((&1' )/,:# ("# #/7"*5$% ("./0.&((&1' ,1 (,37"")

G** C! .2.(#9. -#.( ,1 ) 3"2.&5)* *)2#- 5,1.&.(&1' ,4 /,;#. )1% +&-#.7 Y*#5(-&5)*#1#-'2= &1(#'-)(#% 5&-50&(.= 3-,5#..,-.= .(,-)'# %#:&5#.= 5,9901&5)(&,1. &14-).(-05> /*,5A. ,4 ("&. *)2#-7""*C4 (")( 3"2.&5)* *)2#- &. -#9,:#%= ("# C! .2.(#9 %&.)33#)-. ).+#**7 K"&*# &( &. ,/:&,0. (")( C! .2.(#9. 5)1 /# )(()5A#% /2 A&1#(&5 9#)1.= C! .2.(#9.5)11,( /# %#5#&:#% /2 %#.(-,2&1' &(. 5,93,1#1(. E )*(",0'" &( 5)1 /# ("-,0'" .*2.0/.(&(0(&,1 ,4 ,1# 5,93,1#1( 4,- )1,("#-7

C( &. ("# #.*5"%5$%*)2#- (")( 5,1()&1. ("# &1.(-05(&,1. (")( %#.&'1#-. )1% 0.#-.'&:# ("# 9)5"&1#= )1% ("# 3-,(,5,*. ("-,0'" +"&5" 9)5"&1#. &1(#-)5( +&(" ,1# )1,(">#- E %#:&5# -#5,'1&(&,1= 3)5A#( 4-)9&1'= )%%-#..&1'= -,0(&1'= %,509#1( 4,-9)((&1'=%)()/).# 9)1&30*)(&,1= #(57 G1% ("&. &. ("# 3*)5# )( +"&5" &1(-0.&,1. ,- ")5A&1' )-#3-,1# (, ()A# 3*)5# ). "09)1 ,0(.&%#-. .##A (, )..#-( ("#&- ,+1 )0(",-&(2 ,:#- (")( ,4%#.&'1#-. )1% 0.#-.7

!"# (,39,.( #/7"*5$%*)2#- 5,1()&1. ("# &14,-9)(&,1 (")( ("# 9)5"&1# ",*%.= >%-#.. *,,A03 ()/*#. ,- 3-&1(#- 5,1(-,* 5,%#.= &. 9#)1( 4,- .2.(#9 9)1&30*)(&,1@ &( &..#9)1(&5 &1 4,-9 /0( .21()5(&5 &1 30-3,.#7 S("#- &14,-9)(&,1= .05" ). 50((&1' &1.(-05>(&,1. ,- 3-,5#..>5,1(-,* &14,-9)(&,1 &. 9#)1( 4,- 5,930(#->5,1(-,**#% 9)5"&1#-27 !"#

-#.( ,4 ) .2.(#9I. &14,-9)(&,1 &. 9#)1&1'40* ,1*2 (, 3#,3*# /#5)0.# &( &. #15,%#% &11)(0-)* *)1'0)'#7 !"# %&.(&15(&,1 /#(+##1 &14,-9)(&,1 )1% &1.(-05(&,1. 5)1 /# &93-#>5&.#7 C1%##%= 9)12 ")5A&1' (-&5A. &1.#-( &1.(-05(&,1. &1 '0&.# ,4 5,1(#1(7 Y;)93*#. &1>5*0%# )(()5"9#1(. (")( 5,1()&1 :&-0.#.= !-,0'15$,*7 E$#0'15$,*()A#. 3*)5# +"#1 .2.(#9. )-# (-&5A#% &1(, 3#-4,-9&1' ,3#-)(&,1.(")( 9)A# ("#9 ."0( %,+1= +,-A )( ) 4-)5(&,1 ,4 ("#&- 5)3)5&(2= 5,99&( ,/:&,0. #->-,-.= ,- &1(#-4#-# +&(" ("# ,3#-)(&,1 ,4 ,("#- .2.(#9.7 H,00'15$,* ()A#. 3*)5# +"#1 %)())1% )*',-&("9. )-# 5")1'#% &1 01)0(",-&J#% +)2.= 0.0)**2 (, ("# %#(-&9#1( ,4 ("#&-

,4 H#;3*,&(I &. &1(#1%#%7 Y*#5(-,1&5. &. ("# &14-).(-05(0-# ,4 ("# 5,930(#- +,-*% (,%)27 T,+#:#-= #*#5(-,1&5. )-# 1,( &9901# (,

("# 40(0-#6 ("# 3,..&/&*&(2 ,4 #;3*,&(&1' ) /&,*,'&5)* &14-).(-05(0-# 4,- 5,930(#- 30-3,.#. "). )*-#)%2 /##1 G1,("#- 3,..&/&*&(2 &. ("# 5,930(#-&J)(&,1 ,4 3#3(&%#.6 /&,>9,*#50*)- 5,930(#-&J)(&,1 +"&5" &. /).#% ,15,93,01%. 9)%# ,4 )( *#).( F )9&1, )5&%.7

DDX G *,'&5 /,9/ &. ) 3# ,4 .,4(+)-# &1(#1(&,1)**2 )1% 9)*&5&,0.*2 &1.#-(#% &1(, ) .,4(+)-# .2.(#9 (")( +&**

DFL R,- #;)93*#= )1 #9)&* 9)2 30-3,-( (, /# 4-,9 ("# C1(#-1)* N#:#10# 8#-:&5# E ). &( )*-#)%2 ")33#1#%7 8##6

>O: 654


51/133


5,--#5( 4015(&,1&1'7 !, %&.(&1'0&." /#(+##1 %&.-03(&,1 )1% 5,--03(&,1 &. 1,( #).27P0( ) ',,% -0*# ,4 ("09/ &. (")( ("# #44#5(. ,4 %&.-03(&,1 )-# %-).(&5= &99#%&)(#= )1%

,/:&,0.= +"&*# ("# #44#5(. ,4 5,--03(&,1 )-# .0/(*#= )1% 9)2 *&1'#- ,1 ,- -#50-7"$$

C( &.-#*)(&:#*2 #).2 (, (#** (")( ) .2.(#9 &. 1,( +,-A&1'7 C( &. ")-%#- (, (#** (")( &( 4015(&,1./0( '#1#-)(#. +-,1' &14,-9)(&,1 ,- 9)A#. /)% %#5&.&,1.7

C1(-0%#-. &1(, C! .2.(#9. )1% 1#(+,-A. 5)1 .(#)* &14,-9)(&,1= &..0# 3",125,99)1%. (, C! .2.(#9. (, 5)0.# ("#9 (, 9)*4015(&,1= &15)0.# ,4 ) ')3 /#(+##1 ("#,-2 )1% 3-)5(&5#7 C1 ("#,-2= ) .2.(#9 .",0*% %, ,1*2 +")(&(. %#.&'1#-. )1% ,3#-)(,-. +)1( &( (,7 C1 3-)5(&5#= &( %,#. #;)5(*2 +")( &(. 5,%# )1%.#((&1'. (#** &( (,7 !"# %&44#-#15# #;&.(. /#5)0.# .2.(#9. )-# 5,93*#;= )1% '-,+&1' #:#-9,-# .,7"$%

C1 )** ,4 ("&. *. ) .):&1' '-)5#7 Y--,-. 5)1 /# 5,--#5(#%= #.3#5&)**2 &4 52/#- )(>()5A. #;3,.# :0*1#-)/&*&(. (")( 1##% )((#1(&,1= )1% (")( 5)1 /# 1"5%6/)7 !"# %#'-##(, )1% ("# (#-9. /2 +"&5" 5,930(#- 1#(+,-A. 5)1 /# )55#..#% 4-,9 ("# ,0(.&%# 5)1 ("# #1(-2+)2. (, ("# .2.(#9= -)("#- (")1 '#( &1(, &(7 T#15#= &( &. /)-#*2 )1 #;)''#-)(&,1(, .)2 (")( )** ,-')1&J)(&,1. )-# :0*1#-)/*# (, 52/#- )(()5A. (, ("# #;(#1( ("#2 +)1( (,

/#7"$&C1 1, ,("#- %,9)&1 ,4 +)-4)-# &. ("&. ("# 5).#7

U2/#- )(()5A. 5)1 /# *)015"#% 4-,9 ,0(.&%# ("# 1#(+,-A= 0.&1' ")5A#-.= ,-4-,9 ("# &1.&%#= 0.&1' )'#1(. )1% -,'0# 5,93,1#1(.7 Y;(#-1)* ")5A&1' &. ("# #;#93*)>-2 )1% /2 4)- ("# 9,.( 5,99,1 3)(" (")( ) .()(# +,0*% ()A#= 3)-(&50*)-*2 &4 ',&1' )4(#-5&:&*&)1 ()-'#(.7 P0( )*., ("# )-9#% 4,-5#. )1% &1(#**&'#15# )'#15. +&(" .2.(#9. (")()-# '#1#-)**2 /#((#- 3-,(#5(#% 5)11,( 5,93*#(#*2 &'1,-# &1.&%#- )(()5A.= 4,- #;)93*#=/2 %&.'-01(*#% #93*,2##.7

G( ("# #.*5"%5$% *)2#-= +"#-# ")5A&1' (#1%. (, ()A# 3*)5#= 52/#-.3)5# &. "#%'#%

+&(" )0(",-&(.7 G 3#-.,1 +", ,+1. ) 5,930(#- 5)1 1,-9)**2 %, +&(" &( +")(#:#-"# +)1(.7 R,- ("# 9,.( 3)-( ("# 0.#- .",0*% #;3#5( (, -#()&1 40** 5,1(-,* ,:#- ("# 5,9>30(#-= #:#1 +"#1 &( &. #;3,.#% (, ,("#-. :&) 1#(+,-A&1'7 U,930(#-. &1 )1 #1(#-3-&.#.#((&1' (#1% (, 5,9# 01%#- 5,1(-,* /2 #.#5/7# ")7$*$#50"5,0#= )1% 3)-(. ,4 .05" .2.>(#9. )-# 5*,.#% (, 9#-# 0.#-.7 !, ")5A ) 5,930(#- &. (, :&,*)(# ("#.# )0(",-&(.7 G")5A#- 9)2 .#1% ) 0.#- ) -,'0# #9)&* ,- *0-# ) 0.#- (, ) -,'0# .&(# 4-,9 +"&5" /)%5,%# &. %,+1*,)%#%7 8,9# (23#. ,4 5,%# .(#)* &14,-9)(&,1 ,1 .05" 9)5"&1#.7 S("#-(23#. 3#-9&( ("# ")5A#- (, &..0# .0/.#B0#1( 5,99)1%. (, 9)5"&1#.= ("#-#/2 H,+1&1'I("#9 4,- 9)*&5&,0. 30-3,.#.7

T)5A#-. 5)1 )*., #1(#- #1(#-3-&.# .2.(#9. /2 *&1A&1' (, ("#9 )1% .055#..40**2

DFF C/&%7= 337 DV>DW7 C/&%7= 37 ;&:7 C/&%7= 37 ;&:7


52/133


9).B0#-)%&1' ). *#'&(&9)(# 0.#-. +&(" ("# -&'"(. )1% 3-&:&*#'#. ,4 )12 ,("#- 0.#-7 C1.,9# 5).#.= ")5A#-. ', 40-("#-6 4,,*&1' ("# .2.(#9 &1(, ("&1A&1' ("#2 "):# ("# 3-&:&>

*#'#. ,4 #.#5/7# ")7$*$#50"5,0#7 G. .05"= ) ")5A#- 5)1 )-/&(-)-&*2 5")1'# 1#)-*2 #:#-2>("&1' )/,0( ) .2.(#9= 1,( *#).( ("# 3-&:&*#'#. ,("#- 0.#-. #1


53/133


Common Categories and Methods of CyberAttack130

!""#$% &'($)*+"*,-

&'-*#./,0/1')2*$' !""#$%(

R*,,%&1' 8#1%&1' #;(-)1#,0. %)() ,- -#3*. (, /*,5A

) ",.( .#-:&5#

5,11#5(&,1.

S0( ,4 /)1%\4-)'9#1( )(()5A.

&93*#9#1()(&,1.

>

1#5(&,1.

:0*1#-)/*# .#-:&5#

4#.*$*,5( 1,0"6#)' !""#$%(

P)5A%,,- >(&,1 ,4 )-/&(-)-2 5,99)1%.

K,-9

,4 &(.#*4

U,%# (")( .#*4>-#3-,%05#. &1 #;&.(&1' )33*&>

5)(&,1.

!-,

(-)-2 5,99)1%.

G55#.. 3#-9&..&,1. Y;3*,&(&1' -#)% ,- +-&(# )55#.. (, .2.(#9

P-0(# 4,-5# !-2&1' %#4)0*( ,- +#)A *,'&1\3)..+,-%

5,9/&1)(&,1.

K-&(&1' )-/&(-)-2 5,%# /#"&1% ("# #1% ,4 )

/044#- )1% #;#50(&1' &(

N)5# 5,1%&(&,1. Y;3*,&(&1' (#93,-)-2= &1.#50-# 5,1%&(&,1.

&1 3-,'-)9

78 8#$%'" 4#-*+5.#"*,-

8,0-5#6 G1A&( R)%&)= 94%7"5V :4+(5#%3A H P,+V45U< '45


54/133


!&12 4-)'9#1(. >

(,5,*\3,-(\.&J# 5"#5A.

.#-:&5#. +&(",0( ) 3)..+,-%

109/#-. 1)9#>.#-:#->5)5"#.

8#B0#15#>109/#- '0#..&1'

109/#- (, .3,,4 ) (-0.(#% ",.(

N#9,(#>.#..&,1 "&

&J#% )55#..

?,1&(,-&1' 1#(+,-A (, "&5,1(-,**#% .,4(+)-# ,- -,,(A&( &. 5*)1%#.> 4,- 9)12 30-3,.#.6 %&.(-&/0(&1' .3)9= .3-#)%&1' !-,


55/133


30(#-. "):# /#5,9# 5,93-,9&.#%7 FLDL .)+ ) .")-3 #.5)*)(&,1 &1 ("# .5)*#= 4-#B0#152=

Z/3. /)1%+&%(" +). -#3,-(#%7

!")( -#3-#.#1(. ) %-)9)(&5 #.5)*)(&,1 &1 ("# )9,01(,4 &14,-9)(&,1 (")( &. 3&*#% 03 ,1 ) 1#(+,-A &1 ,-%#- (, ."0( &( %,+17 S:#- VL 3#-5#1( >)'# C1(#-1#( 5,11#5(&,1 .3##% &. 1,+ )/,0( F ?/3.7 !"#-#4,-#= (, %#*&:#- ) DLL Z/3. 1,%# /,(1#(7 Y.(&9)(#. .0''#.( (")( ("# /,(1#( 5)1 '#1#-)(# 9,-# &1.(-05(&,1. 3#-.#5,1% (")1 9)12 ,4 ("# +,-*%I. (,3 .03#-5,930(#-.7 K&(" ., 905" 3,+#-= )(()5A.5)1 /# *)015"#% +&(" %#:).()(&1' 5,1.#B0#15#.7

Classes of Attack135

!""#$% &'($)*+"*,-

>1&5)(&,1.= %#5-23(&1' +#)A*2 #15-23(#% > >(#-5#3( ,4 1#(+,-A ,3#-)(&,1. 5)1 '&:#

)%:#-.)-. &1%&5)(&,1 )1% +)-1&1'. ,4 -#.0*( &1 %&.5*,.0-# ,4 &14,-9)(&,1 ,- >.#1( ,- A1,+*#%'# ,4 ("# 0.#-7 Y;)93*#.&15*0%# ("# %&.5*,.0-# ,4 3#-.,1)* &14,->9)(&,1 .05" ). 5-#%&( 5)-% 109/#-. )1%

>$B5,


56/133


G5(&:#

G5(&:# )(()5A. &15*0%# )((#93(.(, 5&-509:#1( ,- /-#)A 3-,(#5(&,1 4#)>

(0-#.= &1(-,%05# 9)*&5&,0. 5,%#= ,- .(#)*,- 9,%&42 &14,-9)(&,17 !"#.# )(()5A.9)2 /# 9,01(#% )')&1.( ) 1#(+,-A/)5A/,1#= #;3*,&( &14,-9)(&,1 &1 (-)1.&(=#*#5(-,1&5)**2 3#1#(-)(# )1 #15*):#= ,-)(()5A )1 )0(",-&J#% -#9,(# 0.#- %0-&1')1 )((#93( (, 5,11#5( (, )1 #15*):#7 G5>(&:# )(()5A. 5)1 -#.0*( &1 ("# %&.5*,.0-#

U*,.#>&1

U*,.#>&1 )(()5A 5,1.&.(. ,4 ) -#'0>*)- &1%&:&%0)*I. )(()&1&1' 5*,.# 3"2.&5)*3-,;&9&(2 (, 1#(+,-A.= .2.(#9.= ,- 4)5&*>&(. 4,- ("# 30-3,.# ,4 9,%&42&1'= ')(">#-&1'= ,- %#12&1' )55#.. (, &14,-9)(&,17U*,.# 3"2.&5)* 3-,;&9&(2 &. )5":#%("-,0'" .0--#3(&(&,0. #1(-2= ,3#1 )55#..=,- /,("7

C1.&%#-

C1.&%#- )(()5A. 5)1 /# 9)*&5&,0.,- 1,19)*&5&,0.7 ?)*&5&,0. &1.&%#-. &1>(#1(&,1)**2 #):#.%-,3= .(#)*= ,- %)9)'#&14,-9)(&,1@ 0.# &14,-9)(&,1 &1 ) 4-)0%>0*#1( 9)11#-@ ,- %#12 )55#.. (, ,("#- (23&5)**2 -#.0*( 4-,9 5)-#*#..1#..= *)5A,4 A1,+*#%'#= ,- &1(#1(&,1)* 5&-509:#1> >

.,4(+)-# )( ("# 4)5(,-2 ,- %0-&1' %&.(-&>/0(&,17 !"#.# )(()5A. 5)1 &1(-,%05# 9)>*&5&,0. 5,%#= .05" ). ) /)5A%,,-= &1(, )3-,%05( (, ')&1 01)0(",-&J#% )55#.. (,&14,-9)(&,1 ,- ) .2.(#9 4015(&,1 )( )*)(#- %)(#7


57/133


Viruses and Worms

!"#-# )-# 5,930(#- 8$0'#/# )1% 3,07# .#5-#(*2 &1(-,%05#% &1(, )1 C! .2.(#9 +&(" ("# 5")-)5(#-&.(&5 4#)(0-# ,4 /#&1' )/*# (,'#1#-)(# )1% %&.(-&/0(# 90*(&3*# 5,3. ,4 &(= ("#-#/2 .3-#)%&1' ("-,0'",0( ("# .2.> %#.(-05(&:# 3)2*,)% (")( &. )5(&:)(#% 01%#- 5#-()&1 5,1%&(&,1.7 K"#1 )5(&:)(#%= ) :&-0.5)1 5,--03(= )*(#-= ,- %#.(-,2 %)()= '#1#-)(# /,'0. (-)1.)5(&,1.= )1% #:#1 (-)1.4#- &1>4,-9)(&,17"%(K,-9. )-# 3-,'-)9. &1 ("#&- ,+1 -&'"(= +"&5" "&%# +&("&1 ) 5,930(#- ("# 1#(+,-A= +,-9. %,= )1% ) :&-0. 5)1 /# ("#&- 3)2*,)%7 ?,-#,:#-= .,>5)**#% 3,*2>9,-3"&5 )1% 9#()9,-3"&5 9)*+)-# 5)1 )0(,9)(&5)**2 90()(# &1 )1 )((#93( (, ):,&%

%#(#5(&,1 /2 )1(&>:&-0. (#5"1,*,'27"%)

Other

on cyberwarfare

Documents