My CAJ Experience

I guess the CAJ exam tomorrow will mark the end of this project and therefore the end of my blogging about cyberwar. In a way I am, of course, relieved that I finally concluded another task this semester, but I am also a bit sad for not having an excuse for researching an actually interesting topic on the internet. To end my CAJ project and to get a bit of an overview of my blogposts, I will use this post to resume my work and to talk a bit about what I learned from this project.

In the last few posts (I don't know exactly how many posts I wrote related to cyberwar) I talked about hackers, about what they are doing, their punishments when they get involved in cyberwar, the wish for their recruitment to reinforce cyber security, their targets and the difficulty of tracking them, as well as about a cyber conflict that involved Israeli and Saudi Arabian teams of hackers. I also talked about the two, probably most famous cyber attacks: Stuxnet and The Estonian Cyberwar. Looking at cyberwar from a different angle, I talked about the role timing played in cyber attacks, about a mathematical equation for calculating the perfect moment to attack and about the argument that "a cyberwar won't exist". As cyberwar is also directly linked to cyber security, I introduced a TED talk about cyber security and linked this to preparations for a cyberwar by the U.S as well as to cyberwar games. Last but not least, I tried to link cyberwar to the use of drones by the military and the revolution that could cyberwarfare could lead to in the military.

Looking back at my blogposts I regret that I did not focus on some more aspects of cyberwar. Even though I read about the different cyberwar scenarios that people fear, I never blogged about it. I could have easily linked this to doomsday preppers for example. I would also have liked to talk about an experiment when hackers succeeded in hacking into a car by using radio frequences, or to talk about some more famous cyber attacks.

If I had the chance to start the project all over again, I would start with simply reading a lot about cyberwar. Then I would go on to create a mind map about all the different topics I read about and how they could relate to each other. I would plan my posts better and try to bring them into order before actually putting them online, instead of letting myself be led from one topic to another.

Even so, I have to say that I greatly enjoyed this project. I learned a lot about cyberwar and cyber security, but I also learned a lot in English. Looking back at this project also taught me how important organization is, mainly if a project develops over a period of several weeks or even months.

The U.S prepares for a Cyberwar

http://securityaffairs.co/wordpress/12070/security/how-the-us-are-preparing-to-cyber-warfare.html

In the context of cyber warfare, the US and Israel are generally considered the most advanced countries, as they have allegedly participated in the creation of the first official cyber weapon, Stuxnet, as well as in many other sophisticated cyber-attacks. As both nations suffer an increasing number of cyber-attacks daily and are therefore improving their cyber capabilities. The Pentagon has even announced a major expansion of its cyber army to defend national infrastructures in 2013.

They announced that the Defense Department’s Cyber Command would be increased from 900 to 4000 units and that the resources dedicated to the operations in cyberspace were going to be quadrupled. In addition to the expansion of the Cyber Command, a restructure into three distinct areas, namely

1.      “national mission forces” is responsible for the protection of computer systems that support the nation’s power grid and critical infrastructure.

2.     “combat mission forces” is responsible for offensive operations.

3.     “cyber protection forces” is responsible for Pentagon’s computer systems security.

was planned.

In order to further expand their cyber warfare capabilities, Pentagon has even involved private companies, universities and computer-gaming companies in the development of certain technologies. Mainly now the U.S has started to massively invest in cyber defense, so as to respond to cyber threats and to attain the ability to launch successful cyber-attacks against hostile states.

The goal of one specific project, in cooperation with DARPA, is to develop a new generation of cyber soldiers, AI, able to prevent cyber-attacks and to launch itself strong offensive cyber-attacks. The research program has a duration of five years and will be financed with $110 million.

Not only the US, but governments all over the world are searching for a cyber strategy that provides an optimum balance between a good cyber offense and defense, as most cyber-attacks are characterized by the necessity of an immediate cyber response in order to avoid the destruction of assets and resources.

As cyber espionage, hacking and warfare operations are shifting to cyberspace, the US and any ther government must improve its cyber capabilities.

Cyberwar Games

http://www.optimalrisk.com/Advanced-Cyber-Defence-Services/Cyber-War-Games
http://www.zdnet.com/largest-ever-cyber-wargame-tests-europes-defences-7000028871/

As cyberwar has increasingly gained attention in recent years, the popularity and importance of cyberwar games has been on the rise as well. As experts mention that it becomes more and more apparent that static security measures are one of the greatest risks of sophisticated cyber attacks, agencies are trying to strengthen their ability to recover quickly from cyber attacks and to resume normal operations.

In order to be prepared for destructive cyber attacks, a combination of sophisticated technology and managerial procedures is needed. The reaction of staff in the situational analysis, decision making and communication need the greatest improvement in a crisis. The general knowledge of organisations on cyberwar, their capabilities and their awareness of the threat of cyberwar can be elevated by the simulation of a cyberwar.

 Those war games generally consist of a series of desktop exercises and masterclasses over a period of two days. In the first phase attempts to create a familiarity with the general knowledge on cyberwar and how to manage it. In the second phase the game itself takes place. One team starts to attack the computer system of an organization, which is in return observed and accompanied by mentors through their response to these attacks. The whole process of attacks and counter-attacks are assessed and evaluated. The third phase consists of a workshop in which the war game is analyzed and the performances of different organizations are compared and contrasted.

Recently Europe’s largest ever cybersecurity war games have begun in order to test the cooperation of EU countries in the event of a cross-border cyber attack. More than 200 organisations will take part in this event, including energy companies and telecom operators.

The scale of this cyberwar game should also prove that Europe takes the threat of cyberwar seriously. The whole event is organized by the European Union Agency for the Network and Information Security (Enisa).

16 cybersecurity incidents which were similar to real life cases, were given to the participants. The results were then investigated and analysed by security professionals in terms of confidentiality, integrity and availability of sensitive information.