CYBER WARFARE TOMORROWS WAR

TODAY 1

Michael Shelburne
Cyber Warfare: Tomorrows Wars Today
Sullivan College of Technology and Design

CYBER WARFARE TOMORROWS WAR TODAY 2

On November 24th of 2014 1 Sony Pictures was hacked by a hacking group based out of
North Korea in response to the release of the movie The Interview featuring James Franco and
Seth Rogan in a fictional plot to kill North Korean dictator Kim Jung-Un. During this attack,
over 40 Terabytes (close to the size of 13,640,000 digital 3-4 minutes songs) of information was
stolen containing company secrets and personal employee information (Mitchell, 2014). This
attack against an American company has raised a lot of questions and concerns in the media and
government on how to prevent and respond to such acts against American companies both in the
public and private sectors. This type of politically motivated attack on information and
information systems is known as Cyber Warfare (Rouse, 2010). This attack was aimed at
stopping the distribution and showing of The Interview. With cyber-attacks on the rise in
todays world of technology, governments are moving to define legislations to both prevent and
respond to attacks on their nations infrastructures whether it be in the public or private sectors.
This paper aims to explain the implications of cyber warfare in the world today and how
different governments are involved. As part of my own research, I conducted a survey on social
media to acquire responses from the public to various topics on the current state of cyber security
affairs. The aim of this survey was to see how the public views the pressing concerns in cyber
security affairs today.

1 Sony Pictures Entertainment Inc. (SPE) is the American entertainment subsidiary of Japanese

multinational technology and media conglomerate Sony.

CYBER WARFARE TOMORROWS WAR TODAY 3

Over the past decade as technology in the computer realm has grown exponentially, the
worlds leading countries are finding more and more use for cyber-based attacks. Due to the
popularity of cyber-attacks, nations are now hosting events and competitions in hopes of
recruiting the best security and hacking specialists their country has to offer. An example of this
practice is discussed in a news article by VOA news in 2013, In an effort to bolster its defenses
against cyber-attacks, Japan held its first government-sanctioned hacking contest, which
culminated February 3 in Tokyo.(VOA News, 2013). An interview with a nation official in the
article discusses why they were doing this, According to a report on NHK, Japans national
broadcaster, Masahiro Uemura, an official with the Ministry of the Economy, Trade and
Industry, said these kinds of contests are common in other countries and are used to develop a
domestic pool of cyber security experts. He added that Japan has a shortage of experts and is
looking for ways to foster them. Hacking techniques are getting more complicated and
sophisticated, he said. We need this kind of contest to fight back and survive. (VOA News,
2013). As more countries begin to realize the need for cyber-security and the threat of cyberbased attacks, these types of events will become more common place as a way to recruit the best
of the best. Whether or not these types of events hosted by governments will be a good thing or
bad remains to be seen. Of course a country who is in need of cyber security professionals would
benefit from these events to recruit potential employees to work for them, but this also gives
those countries additional weapons to use should they need them; the saying of With great
power comes great responsibility comes to mind here.
At the beginning of this paper I discussed the most recent large scale cyber based attack
on Sony Pictures. This is one of hundreds or even thousands of attacks that have happened in the
past decade that we know of. Another widely publicized attack that occurred in 2010 was the

CYBER WARFARE TOMORROWS WAR TODAY 4

attack on an Iranian Nuclear enrichment facility. This attack was done by use of a computer
worm which is a malicious piece of software that propagates from one computer to another
spreading its infection. This worm was dubbed Stuxnet and was used to cause destruction
within the facility by causing the machinery to operate outside of its standard safe operating
mode. In an article by Jon R. Lindsay on the worm he discusses what these types of attacks mean
to political powers around the world. He says, Stuxnet, the computer worm which disrupted
Iranian nuclear enrichment in 2010, is the first instance of a computer network attack known to
cause physical damage across international boundaries. Some have described Stuxnet as the
harbinger of a new form of warfare that threatens even the strongest military powers. The
influential (but largely untested) Cyber Revolution thesis holds that the internet gives militarily
weaker actors asymmetric advantages, that offense is becoming easier while defense is growing
harder, and that the attackers anonymity undermines deterrence. However, the empirical facts of
Stuxnet support an opposite interpretation; cyber capabilities can marginally enhance the power
of stronger over weaker actors, the complexity of weaponization makes cyber offense less easy
and defense more feasible than generally appreciated, and cyber options are most attractive when
deterrence is intact. Stuxnet suggests that considerable social and technical uncertainties
associated with cyber operations may significantly blunt their revolutionary potential.(Lindsay,
2013). He mentions the fact that attacks like stuxnet are becoming more complex in nature as
hackers are becoming more sophisticated. With the rise in complexity it is becoming difficult to
stay on the offense when the need to be on the defense is greater. You now have a power struggle
of whether to have a strong defense and a weak offense or vice versa. Regardless, vulnerabilities
are present and anyone with the expertise can take advantage of them.

CYBER WARFARE TOMORROWS WAR TODAY 5

As with any type of attack whether it is on a global, nation, group, individual scale, a
response is usually dictated in some shape or form. In regards to the recent attack on Sony
Pictures, President Obama issued an economic sanction on North Korea. Some say that the
sanction will do little to punish North Korea, but will serve more as a message to others that
these types of attacks will not go unpunished. One journalist had this to say, New U.S. sanctions
against North Korea over the hacking of Sony Corp. will probably have a limited impact on the
isolated Asian nation, but may serve as a warning to other countries suspected of sponsoring
cyber-attacks. The measures announced, Friday Jan. 2nd 2015, by President Barack Obama
against 10 North Korean officials and three government entities were the first public action taken
by the U.S. response to the November hacking of Sonys movie studio. The administration said
further punishment is coming. (Snyder, 2015). The executive order from the President, gives a
brief overview of the documented reasons for the sanctions:
I, BARACK OBAMA, President of the United States of America, find that the
provocative, destabilizing, and repressive actions and policies of the Government
of North Korea, including its destructive, coercive cyber-related actions during
November and December 2014, actions in violation of UNSCRs 1718, 1874,
2087, and 2094, and commission of serious human rights abuses, constitute a
continuing threat to the national security, foreign policy, and economy of the
United States, and hereby expand the scope of the national emergency declared in
Executive Order 13466 of June 26, 2008, expanded in scope in Executive Order
13551 of August 30, 2010, and relied upon for additional steps in Executive Order
13570 of April 18, 2011. (The White House, 2015).

CYBER WARFARE TOMORROWS WAR TODAY 6

Not only did Obama place sanctions on North Korea as a response to this attack, he has
also made a huge push for cyber security legislatio n in the United States. He says:
In this interconnected, digital world, there are going to be opportunities for
hackers to engage in cyber assaults both in the private sector and the public
sector. Now, our first order of business is making sure that we do everything to
harden sites and prevent those kinds of attacks from taking place...But even as we
get better, the hackers are going to get better, too. Some of them are going to be
state actors; some of them are going to be non-state actors. All of them are going
to be sophisticated and many of them can do some damage. This is part of the
reason why its going to be so important for Congress to work with us and get an
actual bill passed that allows for the kind of information-sharing we need.
Because if we dont put in place the kind of architecture that can prevent these
attacks from taking place, this is not just going to be affecting movies, this is
going to be affecting our entire economy in ways that are extraordinarily
significant. (Obama, 2014).

His proposed plans involve: Modernizing Law Enforcement Authorities to Combat Cyber
Crime, National Data Breach Reporting, and Enabling Cybersecurity Information Sharing (The
Whitehouse, 2015). This push to better define cyber laws in the U.S. sets a great example for
countries around the world to do the same. As cyber-attacks become more commonplace in the
world, legislation will need to be created in every form of government in the world if they are
going to survive among each other. With the ease of sending commands remotely to a computer
across the world to damage, destroy, and steal data; cyber-warfare and cybercrime will be a
standard tactic in war time.

CYBER WARFARE TOMORROWS WAR TODAY 7

With the information gathered and shown in this paper, it is safe to assume that cyber
warfare, security, and legislation are constantly evolving. Each one changing the other as
technology changes and grows. As they change, the businesses and governments of the world
will need to change and evolve as well to defend themselves and function properly. The
battlefield of guns and bombs we know today may soon change to a battlefield we see on a
screen filled with a different assortment of weapons that are stored in computer files.

With cyber security and cyber warfare being such a huge topic in todays media, I set out
to find how educated and opinionated the public was in regards to these topics. Though means of
social media, I distributed a 10 question survey involving relevant topics in cyber legislation,
attacks, and data compromises. During the course of the survey I received 24 responses and what
I found was surprising.

At the beginning of this paper I discussed the recent attack on Sony Pictures. With that
being such a huge topic of discussion in the media I thought it only right to ask a couple
questions in the survey in regards to the matter. My question, Are you familiar with the recent
attack on Sony Pictures involving the movie The Interview? was aimed at providing detail on
how many people actually stay up to date with political news.

CYBER WARFARE TOMORROWS WAR TODAY 8

Out of the 24 responses, 75%/18 responded yes at being aware of the matter which is a fairly
good percentage of people being knowledgeable at current affairs, especially in cyber affairs. My
second question on the topic asked, Based off your answer to the previous question, do you
believe that Sony Pictures and the U.S. government handled the situation accordingly?.

CYBER WARFARE TOMORROWS WAR TODAY 9

This question requires the responder to have a little bit more knowledge on the situation. During
the aftermath of the attack on Sony, President Obama placed economic sanctions on North Korea
in hopes of sending a message to North Korea and to set an example for the rest of the world.
This question was aimed at seeing the opinions of policies and retaliation that these types of
attacks have on the government. The responses being at 39% saying yes they agree and 13%
saying they do not agree. Surprisingly 47% said they had no opinion on the matter. This type of
response worries me as it indicates that people dont really care about these types of issues. This
type of attack will become more and more common in the years to come and will effect more and
more people.
During another section of this paper, I discussed the computer worm called Stuxnet
which attacked an Iranian Nuclear facility and disabled and destroyed the machines located there.
As I discussed, this type of attack is known as cyber warfare. This act of warfare will become more
popular in the years to come as technology advances and more countries develop cyber specialists
that work as soldiers to attack other countries. I decided to ask a few questions in regards to cyber

CYBER WARFARE TOMORROWS WAR TODAY 10

warfare in my survey as well as how companies are protecting them selfs. My question, Do you
believe using the internet to attack another country is a more acceptable approach to militar y
dominance than troops on the ground? Please state your reason. To my surprise, nearly half of all
the responses indicated that they are against this idea. Most responses indicated both that
technological dominance isnt enough to win a war and that physical attacks were more effective
at winning wars. Others stated that they believe that technological dominance would save lives of
soldiers and civilians while others say it is a far more effective strategy to target a countries
economy systems and disable them. This types of answers are great as they indicate that people
actually care about the methods being used by our military and government against others in the
world. My next question discussed adding more security to networks of companies and if those
companies should be working to have more secure networks than they currently do.

As you can see from the graph, every response indicated that they feel companies should
be working towards a more secure network. If any indication of the all of the recent attacks on
ecommerce companies, securing their networks more would not be a bad idea and their

CYBER WARFARE TOMORROWS WAR TODAY 11

customers would feel safer in regards to purchasing from them. My next question went hand in

hand with the latter.

Again, every respondent indicated that both the government and companies should be
working to be above just the bare minimum when securing their networks. More often than not,
companies choose productivity over security as productivity is what makes the money. Sadly,
these companies who have this mind set are the ones that are targeted and exploited. Although
security doesnt directly make the company any money, it does however protect your investment
and prevent you from any type of clean up after an attack which can become very expensive.
Another big topic in cyber security today has been the discussion of information sharing.
Should private companies be required to share information on attacks with government agencies
so both entities can work together to analyze the scope of the attack?

CYBER WARFARE TOMORROWS WAR TODAY 12

As shown, 47% of participants agreed that yes this type of information should be shared
with the government when it occurs. The remaining half of the participants chose no as well as
miscellaneous answer, Big brother knows all. Which is a nod towards the United States
National Security Agency (NSA) and theyre controversial means of information gathering. This
type of policy can be seen as both good and bad. On one hand, when attacks such the Sony attack
occur, the cyber security analysts are not alone in the endeavor of analyzing data, finding where
the attack originated from, etc. as they will have a separate resource from the government to
work with on the issue as well. On the more controversial side of things, this data sharing may
include personal information from customers or employees that has not been authorized by those
parties to be shared with another entity other than the one they have already approved. This

CYBER WARFARE TOMORROWS WAR TODAY 13

brings up further questions on how to handle such information sharing such as, should personal
information being blacked out in the sharing process, will that prevent the analysis from being
fully accurate, should the private company be required to inform customers if their data is being
shared to another party. This type of situation is new and will require further review on the
structure before it should actually become a part of cyber security legislation, if ever. As stated
throughout this paper, cyber security and the laws that belong to it are ever changing and the best
thing the world can do is adapt as best as possible.

CYBER WARFARE TOMORROWS WAR TODAY 14

References
Rouse, Margaret (May, 2010) cyberwarfare. Retrieved from
http://searchsecurity.techtarget.com/definition/cyberwarfare
Mitchell, Andrea (January 18, 2015). Sony Hack: N. Korean Intel Gleaned By NSA
During Incursion. Retrieved from http://www.nbcnews.com/storyline/sony-hack/sony-hack- nkorean-intel- gleaned- nsa-during- incursion-n288761
VOA News (February 04, 2013). Japan Holds First, Government-Sanctioned Hacking
Contest. Retrieved from http://www.voanews.com/content/japan- first-government-sponsoredhacking-contest/1597014.html
Lindsay, J. R. (2013). Stuxnet and the Limits of Cyber Warfare. Security Studies, 22(3),
365-404. doi:10.1080/09636412.2013.816122
Snyder, Jim (Jan 2, 2015). U.S. Sanctions Seen as Warning to Nations Backing CyberAttacks. Retrieved from http://www.bloomberg.com/politics/articles/2015-01-03/us-sanctionsseen-as-warning-to-nations-backing-cyberattacks
The White House (January, 2015). Executive Order -- Imposing Additional Sanctions
with Respect to North Korea. Retrieved from http://www.whitehouse.gov/the-pressoffice/2015/01/02/executive-order-imposing-additional-sanctions-respect- north-korea
Obama, Barack (January, 2015) SECURING CYBERSPACE - President Obama
Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts. Retrieved
from http://www.whitehouse.gov/the-press-office/2015/01/13/securing-cyberspace-presidentobama-announces-new-cybersecurity- legislat

CYBER WARFARE TOMORROWS WAR TODAY 15

The White House (January, 2015). SECURING CYBERSPACE - President Obama
Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts. Retrieved
from http://www.whitehouse.gov/the-press-office/2015/01/13/securing-cyberspace-presidentobama-announces-new-cybersecurity- legislat