Media Download Centre
Cyber Defence Bibliography 2012
Defence IQ offers this updated compilation of educational open-source links to articles, white papers and other media, covering some of the most intriguing topics on the cyber agenda this past year. If you’re undertaking research for academia, professional analysis, or just pure curiosity, you’ll be sure to find something here to add to your studies.
US Cyber Consequences Unit
Keeping the Cyber Peace: Alliances In The Asia-Pacific
John Bumgarner, CTO at the US Cyber Consequences Unit and speaker at CDANS 2013, explains in this article the importance of forming and solidifying allies in the Asia-Pacific, given the shifting economic tide and newly announced strategic military focus.
Tech-Savvy Terrorists: Countering Extremism On The Internet
The devastating terrorist actions in Mumbai in 2008 brought to attention the extent to which today’s extremists are using modern technology to organise, formulate and execute attacks. Bumgarner evaluates the need and the approach to countering this unique threat.
Securing the Cyber Sphere: Rethinking Military Doctrine
As technology evolves, so must military structure and the tactics used to defend national security. This article explores the contemporary need to effectively equip the Cyber Warrior through enhanced situational awareness.
Russia: why Georgia is sandbagging its networks
David J. Smith, Director of the Potomac Institute Cyber Center, and colleague Khatuna Mshvidobadze, Associate Academic Fellow, join us on the lines from Washington D.C. and Tbilisi for this year’s final pre-conference podcast. Topics on the agenda include Georgia’s progress since the infamous 2008 cyber attacks and what we know – or think we do – about Russian cyber policy.
Middle East: why has the region become a cyber attack hotspot?
Taimur Ijlal, former Head of Information for Dubai Bank, walks us through the reasons behind the explosion of reported cyber incidents throughout the Middle East in the past two years and considers the wider impact of threats to financial institutes. Taimur will be presenting on his views and experience at this year’s CDANS event.
Military Clouds: protecting and exploiting data services
Maj. Gen. (Rtd) Harold “Punch” Moulton is the former director of operations for US EUCOM. In this interview, he touches on ways in which militaries can exploit cloud security being used by adversaries and explains his view on why future operations of any kind will require a new component: a Joint Force Cyber Component Commander. Hear his thoughts today ahead of his presentation at CDANS 2013.
Dragon in the Machine: discussing the Chinese cyber rivalry
In the wake of allegations leveled at Huawei and ZTE that Chinese tech hardware is being manufactured for espionage, we speak with one of the world’s leading outside authorities on the activity of China within the digital space, how perceptions are impacting political dialogue, and how the risk to Western security can be abated. Bill Hagestad blew the whistle on the potential of hardware vulnerabilities at the factory-stage well over a year ago, but his warning was not heeded by all.
You can purchase his latest book, “21st Century Chinese Cyber Warfare” from Amazon.
Onsite at the 2012 Event
What people had to say about CDANS 2012
At CDANS 2012, Defence IQ spoke with several of the world’s leading specialists and influencers in the international cyber security domain, ranging from government, military, industry, and academia.
Obama’s Cyber Coordinator clarifies cyber policy concerns
Christopher Painter, the US Department of State’s Cyber Coordinator, sits down for a discussion of the key issues with Defence IQ’s Richard de Silva. Here, Painter addresses the White House’s cyber policy when it comes to international partnering and global network protection, including whether he believes there is a need for new rules of engagement in cyberspace.
Brazil preparing cyber defence for the World Stage
Lt Gen José Carlos Dos Santos, head of the Brazilian Army’s Cybernetic Centre (CDCiber), explains why his nation’s attention has turned so much to the digital space, as Brazil continues to modernise its entire military. Every new platform will need to be integrated with the network, and that means cyber security is a priority – particularly as all eyes will be on Rio’s World Cup and Olympic Games in just a few years time.
Austria’s role in European and global cyber defence
It’s not just the large-scale militaries taking an active approach to cyber defence. Brig Gen Helmut Habermayer is the head of Military Strategy for the Austrian MoD, and outlines the fringe work being advanced by his nation’s armed forces and how this must stand side-by-side with vulnerable infrastructure. Habermayer also discusses resourcing cyber warriors from the ‘black hat’ community and how the new generation is training for cyber defence.
Trinidad & Tobago’s cyber police force
Sergeant Amos Sylvester, head of the Trinidad & Tobago Cyber Crime Unit, explains how his department is now being sent across the world to source information, expertise and advice from other leading cyber defence initiatives. Sylvester’s primary concern is to thwart organised crime efforts to strip financial sector of its assets, because, in his own words, “cyber crime touches everyone in society” and must be controlled.
Risk of grand-scale cyber disaster “increasing every year”
Robert Lentz once headed the National Computer Security Center under the Reagan administration before it was cancelled in the 1980s. Only now is the US government seeking to catch up on combating the growing cyber threat, which includes the very real risk of a large-scale digital-led conflict. Lentz is now the President of FireEye, a company that is making vital progress in the field of private-public network security, and we find out how the architecture of the company provides such a robust platform.
- British Forces News coverage of Cyber Warfare 2011
Will Inglis of BFBS attended this year’s event and reported on the discussion for the benefit of the UK military.
Professor Dan Kuehl, National Defence University
Prof. Kuehl explains what the biggest developments in the cyber domain have been this past year, and what form he believes interoperation should take to properly ensure national and international security.
- LTC William T. Hagestad II, US Marine Corps Reserve
LTC Hagestad discusses the USMC involvement in the cyber battlespace, integration and division within the U.S. national defence programme, and his thoughts on where our efforts must lie to enhance resilience at all angles.
US Army RCERT Director: Defending the virtual front line
Michael Boyer, Director of RCERT Europe, explains what it takes to lead a team to protect the world’s best equipped army as it is targeted with a huge amount of cyber attacks daily. Boyer provides thoughts on the immediate dangers, why he believes we need a new cyber treaty, and details his recent success stories.
New Sherriff in Town: Law and order in US CYBERCOM
LCDR Paul A. Walker of the US Navy’s JAGC is the Operations Law Attorney for US CYBERCOM. He spoke with us this year on several key issues, including the difficulties facing the legal system when dealing with the cyber domain, why he believes concerns over attribution have been overblown, and why he thinks existing rules of engagement and conventions of war can be applied without issue to cyberspace.
Articles and Industry Reports
Squeezing Internet Freedom in the Name of Safety
Khatuna Mshvidobadze of the Potomac Institute for Policy Studies explores the growth of Russian internet activity, the control the state has over its use and the political ramifications that this will have in the coming years.
Cyber Law: Navigating the legalities of digital weapons
As world leaders are now beginning to openly acknowledge, robust cyber security for the purposes of national protection cannot remain strictly defensive. But are governments at risk of breaking international law with the use of “cyber weapons”? Defence IQ asked Stefano Mele, a lawyer with the Carnelutti Studio Legale Associato in Milan, and renowned expert on the legal issues pertaining to information technology, communications, cyber terrorism and cyber security.
Prioritizing Ict Development And Cybersecurity: A Matter Of National Security Policy
The National Defence College of the Philippines contributes this whitepaper created under a consolidated effort of leading thinkers within the country’s Information and Communications Technology community. As the Philippines “lags in ICT and cybersecurity compared to other developing countries in the region”, this paper outlines how the country can make concerted actionable steps to take immediate improvements.
The Need to Secure our Cyber Space
ITC expert Angelo T. Redoble casts a critical eye over the Philippines Cybercrime Act of 2012, exploring how it deviates from its original aims, its ‘reactive’ nature, and what it could mean for the future of national economic security.
Why investment in cyber is booming
Cyber space is unlike many other sectors – in the future there will not be one company that has all the capabilities to do everything; there won’t be a ‘one stop shop.’ But, equally, there won’t be numerous companies all offering the same thing either. For this reason, Manish Thakur, Managing Partner of New York-based private equity firm Hudson Fairfax Group (HFG), says there will be a great deal of diversity in the sector and as a consequence investment houses will need to specialise in certain areas of the cyber domain.
Estonia drops 2007 cyber attack investigation, focuses on future defences
Estonia-based think tank, the NATO Cooperative Cyber Defense Center of Excellence, has released a draft report that considers if and how international laws can be applied in the event of a cyber attack. Defence IQ’s Online Editor, Andrew Elwell takes a closer look at this report.
Securing the changing face of social for the military
As younger generations join the ranks, the pressure to enable the widespread use of social media within defence and the armed forces will only grow stronger, the applications available more complex and their functionality more sophisticated. Contribute David Oates explores how social media has changed the way people communicate and why the military shouldn’t wait to take control of this unsecured form of communication.
Cyber Incident Reporting in the EU: An overview of security articles in EU Legislation
This recent ENISA report evaluates the reforms and policies emerging in Europe to better understand the security gaps across infrastructure networks given a number of dangerous data breaches experienced by communications firms.
Smart Grid Security
ENISA offers this extremely useful paper of recommendations to improve national smart grid security for European states. From fostering greater awareness to increasing the sharing of information between member states, this report provides a ten-point plan for enhanced reliability of 21st century CNI.
The New Reality of Cyber War
Defence intelligence experts James Farwell and Rahal Rohozinski reflect on the June 2012 Stuxnet report from correspondent David Sanger, who infers that Operation ‘Olympic Games’ marks evidence that offensive cyber capabilities are here and now. Writing for ‘Survival’, this article looks at the ongoing ramifications of last year’s Stuxnet malware and what this means for near-future defence strategies.
Defence firms primed for cyber security acquisitions
Following Raytheon’s acquisition of cyber security firm Pikewerks Corporation, Defence IQ looks at the trend of large defence organisations purchasing or creating cyber defence divisions. Whilst other parts of these companies struggle in the face of budget cuts and cancelled contracts, business in the cyber divisions is often booming.
Are We Heading Towards a ‘Digital 9/11’?
What was once referred to as a ‘digital Pearl Harbour’ has since given way to the notion of a ‘digital 9/11’, owing not just to the freshness of recent memory, but to an insistence upon accuracy. For it is acknowledged by most involved in the cyber domain that should a large-scale virtual attack take place, it will not be levelled primarily at military systems, but at the more vulnerable, and more vital, civilian networks.” Read why we need a measured analysis of the prospect of a large-scale cyber disaster, and the aspects dividing opinion among leading experts.
Overview by the US-CCU of the Cyber Campaign against Georgia in August of 2008
With both Georgian and Russian speakers in attendance at this year’s event, the US Cyber Consequences Unit has taken the opportunity to release its 2009 analysis of the cyber campaign that disrupted critical Georgian systems during the 2008 dispute. This special report finds that the attacks were the activities of independent actors and not of the Russian government, as once suggested by some analysts. However, it raises serious concerns upon which all nations must take action when it comes to the policing and prevention of potentially dangerous hackers, working from within home boundaries. All views and conclusions expressed herein are those of the US-CCU and not of IQPC.
- Cyber Doctrine: Towards a coherent evolutionary framework for learning resilience
Contributor: JP MacIntosh, J Reid and LR Tyler. Institute for Security & Resilience Studies, University College London.
Drawing on work and with input from cybersecurity practitioners, technology specialists, legal experts, policy makers, entrepreneurs and academics, ISRS has identified the major challenges faced by anyone seeking to ensure the security, exploitation and exploration of cyberspace. Whether a sovereign body, corporation or citizen, surviving and thriving will depend upon embracing an ethos of delivery, innovation and growth to ensure that the UK becomes a (or possibly the) trusted hub for global ventures.
How 3 cyber threats transform the role of incident response
This Guidance Software paper describes how malware enables these advanced persistent threats. Three case studies explain how enterprise information security and incident response (IR) teams can employ cyber-forensics tools to minimize the damage.
How to Painlessly Audit your Firewall with Skybox
Read up on this guide to automated firewall compliance audits, change assurance and ruleset optimization, with solutions by 2012 sponsor Skybox.
“Firewalls have become victims of their own success. These ubiquitous network security devices are the first line of defense for the business network, examining an endless stream of network traffic against a set of established rules. Over time, the exponential growth in web applications, e-commerce, communication tools, and networked business applications has led to a similar exponential growth in firewall complexity…”
Using Risk Modeling & Attack Simulation for Proactive Cyber Security by Skybox
Tap into Skybox’s predictive solutions for effective security risk management.
“For years, security concerns have been a major driver of IT spending. Every new threat or perceived risk to network infrastructures encourages new vendors and new technologies, each offering another layer of security to respond to a particular threat. Collectively, organizations spend an enormous amount of time and resources deploying and managing security solutions to block malware, protect data, and keep critical business services operating. Yet most organizations remain inadequately protected against evolving and dangerous cyber threats…”
Achieve efficient and effective PCI Compliance by automating many required controls and processes
“The Payment Card Industry (PCI) established a security standard called the Data Security Standard (DSS) in order to reduce the risk organizations face as related to credit card fraud, hacking and various other security issues. A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or it risks losing the ability to process credit card payments. The penalties and sanctions for non-compliance are severe…”
Skybox Products – What We Have To Offer
Like what you’ve read so far? View four of Skybox’s available products to see how the digital component of your business can be better safeguarded and enabled. Includes:
- Network Assurance
- Firewall Assurance
- Change Manager
- Risk Control