Cyber Security

CYBER SECURITY – the challenge of the nearest future

Article written for course EU after the Cold War taught by George Hays II, 3rd semester IRES, Metropolitan University Prague

– 1 | 16 –

CYBER SECURITY the challenge of the nearest future

Nikola Schmidt

1. Introduction

Cyber security is a discipline which is hardly understandable for broad public even thou it

covers daily problems we face when using our personal computers. On the one hand we know

that some worms are destroyed by our antivirus’ shields perfectly every day and we are informed

about this incident by small window on our monitor. We do not worry about possible

consequences of infection, if so we put the computer to IT “hospital” and predict that those

“geeks” will cure it. On the other hand there are highly dangerous worms which are capable to

shut down electrical networks or control devices on gas pressure stations and those are capable to

do immediate injuries or consecutive damages or run chain of incidents such as shutting down

critical infrastructure of modern society.

2. The origin of cyber security discipline

2.1. Background of the networks and its security

In 2002 Hungarian physicist wrote a book about networks. Not about a computers

network only, but the first book about networking discipline itself. This work begun the journey

to uncover how everything in the world is connected (social relations, computer networks,

biological systems etc.) and how these networks behave, what rules are applied to networks and

what characteristics it has on a physical basis (Barabási, 2002). The most important outcome is

that everything what looks decentralized or chaotic tends to be organized, also the computer

networks. The most important outcome from the research is that chaotic nodes in the network

tend to create centers and then subsequently influence the other. Sometimes it is colloquially

called small business waves. Hence when scientists assigned to create a first communication

network as a US governmental task, the Arpanet created in 1969, to fulfill the primordial

achievements could not be successful challenge because those principles matters. The task was to



– 2 | 16 –

create a decentralized communication network durable for possible nuclear attack on a major

part of it. The network had to survive attack on the major part and be still capable to

communicate between two arbitrary nodes. The problem is that networks tend to create centers

and those are more vulnerable than the rest. The task could not be achieved in the sense of

perfectly decentralized network, but early after this experiment the Internet was created with

present sensitive attributes, mainly with the consecutive character of center based.

Cyber security is very young discipline which does not enjoy the same popularity as

some of the other security related disciplines. At the very beginning the most important problem

of cyber security is its own inviolability for broad public. Apple has been winning on the market

last years because of their philosophy how to design the devices. They focus on simplicity and

easy-to-use approach. This approach is highly complicated for broad acceptance of cyber related

security issues because it does not push people to think about security settings in their own

computer (or any other settings), consumers are satisfied when having everything prepared and

set in default. Steve Jobs said that good application is the one which works well without any

needed settings (Kahney, 2009). Because of the fact that this approach seems to be successful,

the world will not be more secure, but more vulnerable.

2.2. The origin of a problem on the side of the public

Cyber threats are hard to understand for any person who has never faced a virus

destroying their data and following reconstruction of a hard drive. In the first years of personal

computers the viruses were moving from computer to computer on diskettes, the first media used

for data transfer. As the data were transferred very slowly because everybody should copy it

personally, also the antiviruses were distributed very slowly. We could say that this world was

highly separated as the persons using computers and sharing data on diskettes were separated.

Hence the networks and their centers reflected more the social relations instead of nowadays

nods relations on the Internet network. The idea of spreading out to the world a virus which

could be a threat to the world peace was something unimaginable just one and half decade ago.

But it is not today.



– 3 | 16 –

Almost all the computers are connected to the Internet and most of them use some

centralized services such as Facebook or Gmail. Those centers represent most vulnerable parts of

the Internet network. More and more people want more standardized systems, minimum of

settings and easy-to-use operating systems what is highly understandable. They would like to

create some valuable outputs using their computers. Have well configured computer full of

tweaks and nice icons is not a value which they seek for. Hence the computer must be simple as

possible and provide maximum of simply accessible services. But this world which is

approaching will be more vulnerable than before and all those go-easy people will be a part of

the world which will arise. As the computers are more connected and more other devices are

synchronized and connected with whole local networks and new kids are more educated in

hacking those networks the more vulnerable world is. At this point governments matters.

2.3. The origin of the problem on the side of governments

Governments are not only responsible for broad public health but will be in the near

future also responsible for security of personal computers which can disturb whole country for

hours or days just because of connected to the infected Facebook. Governments are also

responsible for wide variety of public services such as water or electricity supply. Those services

are consumed today by implication, but the computers running the chain of machines which

provides such services are vulnerable as well. Disturbing those machines could have strategic or

symbolic background. Contemporary attacks against states are rare but they are targeting

computers within state which could harm state interests (Nazario, 2010).

Taking down the air defense by cyber related weapons during the air attack of Syria by

Israel in 2007 was strategic approach per se (Fulghum, Wall, & Butler, 2007). In this case the

target and the attacker or source of the attack was clear. Israel attacked Syria to support its own

air strike and prevent the collateral damage. This type of cyber-attack could be classified as

military one with no confuses.

A virus called Stuxnet which was found more than one year after launch was probably

scheduled to take down centrifuges in Iran because more than half of affected computers where

in Iran (Geers, 2011). The most problematic issue on Stuxnet is firstly unknown origin, secondly



– 4 | 16 –

that it affected thousands of computers around the world because this worm was designed to

maliciously manipulate common commercial software and thirdly, one whole year nobody knew

that it exists and operating on the Internet (Falkenrath, 2011). The question which arises at this

point is whether the commercial companies will cooperate or will be forced to cooperate with

governments when they are not the origin of the threat but only a pathway between adversaries.

It is not only this question which raises a dilemma to be resolved in the future. Stuxnet is just an

evidence that malicious half megabyte could harm highly sensitive systems such as nuclear one

with unknown origin. This fact must interest governments.

2.4. The origin of cyber-security discipline

Department of Defense in US named cyber dimension as a military domain like land, sea,

air and space in the Quadrennial Defense Review Report (DoD, 2010). Cyber space had been

more understood as a tool than the whole domain before. Politics and the public had to be

convinced that the threat is serious and the attacker could be a clever individuality rather than a

strong state (Geers, 2011). This fact has been proved several times. For instance we can

remember the attack of Mafia Boy (Barabási, 2002; Geers, 2011), a fifteen years old kid who

smashed the network of the most important commercial giants like eBay or Yahoo for hours or

days and cause injuries counted in millions of dollars. He did it from the home computer.

Mentioned cyber-attack of Syria by Israel or Stuxnet are well chosen examples to demonstrate

that the attacks by state to harm another state exist and could be evaluated on military level.

Mafia Boy taught us that there is no age limit of hackers who could harm world security.

We should fairly say that such discipline on the political level has been finding its place

during the last years. The first straight forward cyber threat analysis center was established in

Tallinn, Estonia in 2008. It is named NATO Cooperative Cyber Defence Centre of Excellence

(CCD COE). It does not belong under NATO command nor funded by NATO, but provides wide

analytic products to NATO nations on independent basis and funded by the nations directly.

CCD COE was established “to enhance the capability, cooperation and information sharing

among NATO, NATO nations and partners in cyber defence by virtue of education, research and

development, lessons learned and consultation. (CCDCOE, 2011)” On the level of IT specialists

the beginning could be placed into the year of 1995 when the first standards of the computer



– 5 | 16 –

security was written (Bosworth & Kabay, 2002). Those standards are the first wide accepted

standardized methods which should be followed in accordance to defend personal computers

against external threat.

On the other hand in the year of 2010 we can find eight governmental agencies analyzing

and facing cyber-attacks to United States (Joubert, 2010). US administration have been finding a

way how to tackle with cyber threats. Hence Clinton’s administration put emphasis on the cyber

threat in Presidential Decision Directive/NSC-63 in 1998 which was focused on securing critical

infrastructure of the nation state. This directive was superseded by Homeland Security

Presidential Directive-7 on 17th

December 2003 (DHS, 2008). In the same year US

administration created The National Strategy to Secure Cyberspace (TheWhiteHouse, 2003).

This strategy was created to establish a communication and organizational framework for cyber

security related agencies and to raise the competitiveness in this domain. According to this

National Strategy several exercises like Cyberstorm I&II were conducted to prepare all related

capabilities for possible cyber-attack (Geers, 2011; Joubert, 2010).

3. Environment prepared for cyber attack

3.1. Events involved in cyber security related situations

I mentioned that according to Barabási’s theory of networks all nodes within chaotic

organization tend to organize itself. More detailed explanation using better example is the fact

that not all of the websites are equally important, not all people are equally important, so not all

people are under same surveillance for instance. All people around the world connect to different

web servers or looking for partners according their preferences. This behavior primarily creates

more visited sites and less visited sites. The amount of visitors makes the site important, rising

visitors raises the position of the site on search engines. If we take into consideration for instance

the Facebook, 800 million of users is a high number. But the most important number is that 400

million connect every day (Facebook, 2011). This fact make Facebook the best place for

distribution any malicious software; it is a center of social network between people provided by

the Internet network and the Facebook service. If the users were not permitted to use Facebook

in work on sensitive computers connected to sensitive local networks, they would be infected



– 6 | 16 –

differently. For example in 2008 the military computer situated in Middle East was infected by a

virus transferred on USB flash disk instead of direct attack through Internet (Lemos, 2010).

According to this article almost 50% of US companies have been infected by USB flash disks

simply because of the fact that the computers at homes are not under surveillance of experienced

administrators as those computers in companies. But they are used with the same USB sticks in

the same date by inexperienced users.

Firstly, people tend to make their lives comfortable. Most of them do not want to be

computer geeks, so they will choose the simplest, beautiful, functioning and accessible solutions.

Those are not solutions requiring participation on security issues. Secondly, employer cannot

force their employees to not use their home situated computers just because prevention. Thirdly,

there will be always equipment such as USB sticks which will be capable to transfer malicious

software over firewalls by human mistake or there will be always security holes in firewalls in

direct connection. Hence human and him/her performance influencing him/her reliability cannot

be changed significantly and will be the most used method to attack computers because the

reliability only change the probability of error. It means that according to Zeno’s paradox with

Achilles and turtle there will be always a portion of possible error. For attacker using zombie

computers or botnets (see chapter 3.2 below) a small portion of error is a huge hole. Facebook

with almost one billion of users must be incredible bait for any hacker trainees and stolen data of

100 million users last year is the evidence (BBC, 2010). The fact that the data were not probably

abused but only stolen by unknown hacker and provided to public by torrent1 is the evidence of

her/him exhibitionism or demonstration of power. Power of individuality and this power matters.

3.2. Cyber-attack targets and weapons

There are three basic forms of possible cyber-attack regarding what the hacker want to

do. The first targets confidentiality of data, second targets integrity of information and third

targets availability of computers – DoS attack – Denial of Service (Geers, 2011). Confidentiality

of data means stealing of sensitive information and using them for not mentioned purposes of

their owners. By this attack the hackers are able to create whole ghost networks, also called

1 Torrent is technology for downloading of files which cannot be deleted from internet, because they are situated on thousands of

computers in dozens of instances. Torrent tracker only track the availability of parts of the file and distribute it to downloaders from downloaders

who already downloaded the particular part.



– 7 | 16 –

botnets, which are capable to do the final attack over any target, but without possible reversal

disclosure of the attacker (Nazario, 2010). Integrity of information is less known but also highly

problematic. Hackers are changing the data by the way of their own intention. It could consist of

changing the data on website for particular time or redirect domains to malicious websites. It

includes also stealing of key data for criminal or military purposes like sabotage. The third form

of attack influences availability of computers or services their usually provide and includes well

known DoS attack. DoS consists mainly of huge amount of digital requests from botnets to one

particular server and causes shutting down of the server by overflowing its capacity. When

conducted in chain it could harm whole farms of servers and taking down some key services

such as air defense in Syria before air strike of Israel (Geers, 2011). It is important to emphasize

here that DoS attack cannot be simply closed preventively by firewalls, because closing the port

by firewall is a response of the server. Hence also restricted access creates response of the server

and response takes processor computing time.

I wrote earlier about self-indulgence of common computer users. Those are the most

powerful weapon at all. It is not about taking down huge firewall on huge systems by one

sophisticated attempt with logged information what happened to administrator. It is all about an

invisible penetration of security by human mistake (USB sticks with family photos or one

successful chain on Facebook). If hacker targets sufficient amount of people who will be willing

to open malicious emails or copy infected photos to USB stick which they use for work purposes

too, the networks will be vulnerable forever. There are no countable holes in security which

could be covered. There will always be one particular hole for one particular attack for particular

portion of time for one pivotal attack in particular date. The cyber space is under development by

millions of developers constantly. Security matters, but against kids who are in training mode so

far. “If the attacker is careless and leaves a large digital footprint (e.g., his home IP address),

law enforcement may be able to take quick action. If the cyber attacker is smart and covers his

digital tracks, then deterrence, evidence collection, and prosecution become major

challenges.(Geers, 2011, p. 36)”



– 8 | 16 –

4. Answering to cyber threats and attacks

4.1. IPv6 protocol

The first problem is a technical character of the Internet. The communication protocol

IPv4 is old almost as the Internet itself and provides wide amount of identity stealth possibilities.

New protocol IPv6 is under development for years, it is already implemented, but not widely

used. At my own opinion it will be implemented in democratic countries with obstacles because

at first or at last it damages the core principle of the Internet, the anonymity. The only one

forcible technical argument is the limit of IP addresses within IPv4, but this can be solved by

NAT and local networks. Do we really need a fridge connected to the internet on its own IP

address? We can solve it by bridging over NAT in our router by specific ports, hence we do not

need it and we will not early. But when the human being will be covering whole solar system by

technical devices we will need it immediately. It is about perspective in which position we are in

present day. The discussion will be about technical issues but background will be at first political

or security related. It will be governments who will be forced to make a decision, but the

transition will be slow and complicated (Geers & Eisen, 2007).

4.2. Cyber space characteristics

Strategy of deterrence was invented when the USA and the Soviet Union developed

enough powerful weapons to destroy the whole world, the absolute weapon (Brodie et al., 1946).

At this point destroying of an enemy loses its meaningful sense as it endangers the attacker itself.

It created MAD concept of Mutual Assured Destruction (Burchill, 1996). Cyber space has

specific character which could be stressed by Stenley Milgram’s psychological theory of the

authority obedience (Milgram, 1974). Imagine the situation on a scale of two extremes. One

extreme represents the situation when a hacker sitting in front of a computer training what is

possible in cyber space and cannot evaluate the authentic results of his/her behavior because

he/she is not in touch with witnesses of the attacker’s results. For example any shut down of the

electricity over half of the Europe will not provide with the circumstances of car accidents in

cities with pedestrians to the hacker. He/she will not take into consideration the chain of

accidents caused. On the other extreme pushing the Enter key running a huge cyber-attack under



– 9 | 16 –

command of high authority will never be understood by the attacker the same way as the knife in

hand during face-to-face fight. Remember the advertisement about software piracy – you are not

going to steal a car, so how you can steal a movie? Hence on both extremes we have very

different situations, but the psychology works the same way. Today it is commonly known

psychological concept. Cyber space emphasizes its power. However, how should we deter a

possible attack when the circumstances are unknown for the attacker? Who is the attacker?

On the one hand attacker is highly isolated from the victims, especially when the victims

are the result of chain of the causes. On the other hand state is identifiable subject when firing a

rocket, not simply when firing a DoS attack (Geers, 2011). Hacker could be hidden behind

highly sophisticated identity firewalls and proxies. The possibility to be hidden is fact as the

example of Estonia cyber-attack in 2007 showed us (Geers, 2011; Kaminski, 2010; Nazario,

2010). The sources of the attack were botnets in the USA but the ignition of the attack was

moving of the statue of Russian soldier from the center of Tallinn to the city border.

Investigation never uncovered who stood behind the attack and an idea of state supported or

directly conducted attack is only a speculation (Nazario, 2010). In the end of the investigation

Prime Minister of Estonia Urmas Paet accused Russia, but no evidence was collected to support

such claim (Wickramarathna, 2009, August 27).

4.3. Deterrence as a possible defense strategy

It is not so simple to deter a state from cyber-attack as the probability of uncovering

attacker after well conducted attack is near to zero. It is possible to deter a hacker who is training

his/her teenage hacking capabilities (Geers, 2011) but as argued in the previous paragraph it is

not possible to deter somebody who is obeyed to authority and know that the curtain of identity

is reliable. The obedience to authority prevails over moral values of persons (Milgram, 1974).

Nevertheless, approaches considering the defense against cyber-attack are mainly focused on

deterrence or defensive attacks with effect of deterrence (Gable, 2010; Geers, 2011; Kaminski,

2010; Libicki & Force, 2009).

Gable (2010) suppose that the deterrence by universal international law is the best way

how to avoid cyber-attacks when there is not feasible prevention. Other authors argue that rise



– 10 | 16 –

and speed of hacking tools development is astonishing (Geers, 2011) and based on the fact that

deterrence is the only way how to avoid cyber-attacks. I argue that we should make difference

between state conducted war and patriotic nation war conducted by private persons who are

powered by their own passion. This was the pivotal question when accusing Russia after the

attack on Estonia.

However, international organizations have made important steps too. Since 2004 OSCE

have been focusing on cyber terrorism as on one of the focal point. NATO has taken several

steps, most important is the agreement on common security policy on cyber defense in Bucharest

on 2008 which was the precedent of creating mentioned CCD COE (Gable, 2010). NATO has

not recognized cyber-attack as clearly military attack. It means that Article V cannot be utilized.

New institution named Critical Information Infrastructure Protection Initiative was established

within European institutional framework. UN Security Council have created several resolutions

since 2001 which addresses cyber terrorism or using cyber space for terrorist attacks and calls

upon international cooperation to tackle it (resolutions: 1373, 1566, 1624).

According to Gable the most important step is the Council of Europe’s enactment of the

Convention on Cybercrime in 2004. He supposes that “The Convention is significant because it

is the first multilateral treaty to address the issues of computer crime and electronic gathering of

evidence related to such crimes. As of July 17, 2009, twenty-six states had ratified the

Convention, and an additional twenty had signed but not ratified it. (Gable, 2010, p. 94)” OSCE

and Interpol reacted positively on this Convention as “providing an important international legal

and procedural standard for fighting cyber-crime.(Ibid)” Those are important steps for possible

deterrence as the international jurisdiction is needed. Also general indication of cyber-attack as

internationally recognized threat and crime is highly important for deterrence, especially against

highly intelligent kids which surpassing the previous generations in computer excellence.

Technology matters too. If the state is prepared for cyber-attack it will be less likely for

cyber terrorists or adversary states to fulfill their intents. Technological deterrence does not lie

only on high capable firewalls as argued above, but it lies also on capability of powerful

retaliation. During such method of defense the question about escalation is highly on place

(Libicki & Force, 2009). If the reaction will not be targeted, but based on unorganized spread out



– 11 | 16 –

of distributed DoS attacks, one has to take into consideration that also the domestic systems can

be harmed. At this point cyber war could grow to level where MAD concept becomes realistic.

Nowadays the power of cyber weapons is maybe not so high, but we can predict simply

following development of human dependency on cyber infrastructure.

However, a distinction needs to me made between non dangerous crime and highly

dangerous threat. Regarding the crime, Europe already established an agency called ENISA –

European Network and Information Security Agency, but its mandate focus strictly to the cyber-

crime and related jurisdiction (ENISA, 2012).

We have to take into consideration that the recent “successes” of closing down

megaupload.com on 19th

January 2012 or library.nu on 15th

February is the reaction of so called

cyber-crime against intellectual property. Those cases will primarily open a public discussion.

Physical libraries don’t infringe the law while they are renting books, so why it is needed to close

down functional digital distribution system which only has to begin share their revenues with the

authors? This is act of distributors instead of the authors and such criminal law infringement is

highly questionable, because it raises questions whether the law doesn’t need to be reconsidered

regarding new technology possibilities. The second part of cyber related crime is cyber threat,

because its activity threats the society in security issues and at last puts the lives of people under

the threat. There are no questions while human security is in danger. In this case Europe has been

sleeping out of doubt.

4.4. The European approach

On 23rd

November 2001, in the shadow of 9/11 attacks and related consequences, a

conference related to cyber-security and European approach took place in Budapest. The

outcome of the conference was to motivate states in policy development regarding new cyber

related threats such as any computer related fraud, copyright infringements, child pornography or

network security violations. Treaty entered into force on 1st January 2004 (Council-of-Europe,

2012). It is important to note that during the conference the distinction between cyber-crime and

cyber-threat was vague. CCD COE according to the web pages (www.ccdcoe.org) was finally

established in 2008. As mentioned above the consequences of a cyber-attack had been

http://www.ccdcoe.org/



– 12 | 16 –

underestimated for a long time. The wake-up day for Europe was the attack to Estonia in 2007.

In March 2011 French government was attacked and forced to unplug 10.000 servers (Larive,

2011). Since then the cyber security and cyber threats have been becoming an extremely hot

topic. The Europe realized inherently that there is no strategy, nor defense against any such

attack which could very seriously harm whole society and cause immense injuries.

There is no consent who should take the responsibility under its agenda. It is not clear

whether Council, Commission or EU agencies should be in charge (Larive, 2011). Countries

within EU have their own strategies which aim to mainly same issues, but they hardly cooperate

even though they are stressing on the international cooperation as one of the most important

factor in reaching the success. The other similar factor regarding their strategy is the focus on

personal and individual responsibility of their electronic devices (CzechGov, 2011; DutchGov,

2011; FrenchGov, 2011; GermanGov, 2011). This fact is great news, but as mentioned above

people don’t mind about the security threats in their personal computers as they would like to

feel comfortable at first. It is not time to celebrate since majority of EU members don’t have their

own national strategy to date. This fact is extremely dangerous, there is no reason to postpone

creation of such strategies whereas the consequences of unsecured infrastructure is already

known.

Germans opened their center in June 2011, Czechs doesn’t have such specialized center,

the agenda is established under the Ministry of Defense and located in Brno, but Czechs highly

contribute to the Estonian NATO Center of Excellence. The other countries are going to open or

open their own cyber-security related offices during 2010 or 2011 (ibid.), hence the agenda is

very young and unexperienced. In June 2011 the responsible representative of the EU states met

in Brussels and talked about the shared EU cyber-security policy where Estonian minister of

Defense said that “If we are serious about the possible damage that bombs and bullets can

cause, then we should also give serious consideration to the dangers that can be sent through

global networks, because they can be used to strike at a country’s energy security, and damage

its economy and intellectual property. (Larive, 2011)” It seems that Europe already woke up and

started the cooperation regarding their national cyber-security strategies. The agenda within EU



– 13 | 16 –

is coordinated by a Commissioner Cecilia Malmström. She wanted to expand the competences of

ENISA, but the decision has not been made to date.

Above ENISA EU is preparing an opening of the Cybercrime Center in 2013 which will

have to deal with the most serious cyber-threats. Purpose of the Center is to provide a

functioning body “through which Member States and EU institutions will be able to build

operational and analytical capacity for investigations and cooperation with international

partners. (House-of-Lords, 2011)” This Center will be probably established under Europol

structures and its mandate will be mainly to support the existing centers within the national states

and provide unified measures, support and evaluation for their work as well as training, provide a

special knowledge, capacity for investigation and finally it shall be the body for wide effective

cooperation between involved institutions and national agencies, ENISA including.

The biggest challenge mentioned in all the above cited national strategies or reports are

the cooperation with the private sector. It holds knowledge and highly specialized professionals

with long-lasting experience which should be used in dealing with any cyber-threats and cyber-

crimes. On the other hand the pace how the cyber world is developing is amazing and building

society dependent on information systems and making all the systems inter connected is a

creation of the threat itself. I doubt whether it is finally possible to fulfill such a mission. First,

the national strategies tend to stand behind of the sovereignty of its state founder indeed, while

the cooperation against cyber-threats must be global – not globally coordinated – or the attacker

will have key advantage. Second, I am convinced that those working within such centralized

security related centers will tend to break the security defense which they are actually working

on. It is not a joke, because strengthening the defense will be their daily occupation, they must

test it somehow. Those people live their parallel lives, hence in the work they will fulfill their

duties with state related honor, at homes their will fulfill their personal related honor. Third, the

cooperation of the private sector is needed of course, on the other hand who can expect that they

will do it for another purpose than their own selfish market oriented advantages? This kind of

cooperation will tend to give a preferential treatment for involved ones. It’s liberally naïve.



– 14 | 16 –

5. Conclusion

This article does not provide such space to describe all mentioned concepts or approaches

in detail, but it should provide with introduction to cyber security concepts with some related

authors arguments. The essence of cyber security is firstly the fact that small amount of people

take care and recognizes it as serious threat, especially the public whose computers are

commonly abused as botnets or modified to zombies; hence they play their role in cyber war

unwittingly. Secondly finding the source of any attack is highly complicated; hence the attack is

usually shadowed by anonymity. Thirdly we can be sure that the threat will be more serious as

the modern society will be more dependent on network infrastructure and new IPv6 will create

new threats after all, new ways of attack, new holes in security and new losses as it will create

new infrastructure no matter on how superior the security will be. Fourthly deterrence is the most

powerful defense, but the contemporary jurisdiction is weak. Internet is the anarchic space par

excellence and jurisdiction is needed, but the essence of internet is freedom of sharing

information what supported democracies and created new ones; hence creating powerful and

sensitive jurisdiction is essential on the following endeavor, but will have to face obstacles.

An attempt for a wisecrack in the end: can we imagine a virus written directly for

Facebook with goal to start DoS attacks at the same second from 500 million computers to shut

down all power plants around the world or fire all nuclear bombs? When we experienced

capability of Stuxnet which was not uncovered for one (!) year, a virus capable to shut down

nuclear centrifuges in Iran, what kind of virus will be written for Facebook? Who will be the first

person solving such attack, a 27 years old billionaire? Cyber space have created series of

unpredictable astonishing surprises, hence there is no more capable field of security research

which could provide us with unpredictable surprise maybe tomorrow.



– 15 | 16 –

Bibliography

1. Barabási, A. L. (2002). Linked: the new science of networks: Perseus Pub.

2. BBC. (2010). Details of 100m Facebook users collected and published Retrieved 28.12.2011, from

http://www.bbc.co.uk/news/technology-10796584

3. Bosworth, S., & Kabay, M. E. (2002). Computer security handbook: John Wiley & Sons.

4. Brodie, B., Dunn, F. S., Wolfers, A., Corbett, P. E., Fox, W. T. R., & Studies, Y. U. I. o. I. (1946). The

absolute weapon: atomic power and world order: Harcourt, Brace and Company.

5. Burchill, S. (1996). Theories of international relations / Scott Burchill and Andrew Linklater with Richard

Devetak, Matthew Paterson and Jacqui True. New York: St. Martin's Press.

6. CCDCOE. (2011). NATO Cooperative Cyber Defence Centre of Excellence Retrieved 28.12.2011, from


7. Council-of-Europe. (2012). Budapest convention on cyber-crime. Retrieved from

http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CM=8&DF=02/06/2010&CL=E

NG.

8. CzechGov. (2011). Cyber security strategy of the Czech Republich for the 2011 – 2015 period.

9. DHS. (2008, 8th September 2008). Homeland Security Presidential Directive 7: Critical Infrastructure

Identification, Prioritization, and Protection Retrieved 28.12.2011, from

http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm

10. DoD. (2010). Quadrennial Defense Review Report: Department of Defense, Washington D.C.

11. DutchGov. (2011). The National Cyber Security Strategy (NCSS), Success through cooperation.

12. ENISA. (2012). European Nework and Information Security Agency Retrieved 16.2.2012, from

http://www.enisa.europa.eu/

13. Facebook. (2011). Official Statistics. Facebook Retrieved 28.12.2011, from

http://www.facebook.com/press/info.php?statistics

14. Falkenrath, R. A. (2011). From Bullets to Megabytes, New York Times, The (NY), p. 31. Retrieved from

http://www.nytimes.com/2011/01/27/opinion/27falkenrath.html?_r=1

15. FrenchGov. (2011). Information systems defence and security - France’s strategy.

16. Fulghum, D. A., Wall, R., & Butler, A. (2007). CYBER-COMBAT'S FIRST SHOT. [Article]. Aviation

Week & Space Technology, 167(21), 28-31.

17. Gable, K. A. (2010). Cyber-Apocalypse Now: Securing the Internet Against Cyberterrorism and Using

Universal Jurisdiction as a Deterrent. [Article]. Vanderbilt Journal of Transnational Law, 43(1), 57-118.

18. Geers, K. (2011). Strategic Cyber Security: NATO CCD COE Publication.

19. Geers, K., & Eisen, A. (2007). IPv6: World Update. Paper presented at the 2nd International Conference on

Information Warfare and Security.

20. GermanGov. (2011). Cyber Security Strategy for Germany.

http://www.bbc.co.uk/news/technology-10796584


http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CM=8&DF=02/06/2010&CL=ENG

http://conventions.coe.int/Treaty/Commun/QueVoulezVous.asp?NT=185&CM=8&DF=02/06/2010&CL=ENG

http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm

http://www.enisa.europa.eu/

http://www.facebook.com/press/info.php?statistics

http://www.nytimes.com/2011/01/27/opinion/27falkenrath.html?_r=1



– 16 | 16 –

21. House-of-Lords. (2011). European Union Committee - Seventeenth Report The EU Internal Security

Strategy. Retrieved from

http://www.publications.parliament.uk/pa/ld201012/ldselect/ldeucom/149/14902.htm.

22. Joubert, V. (2010). GETTING THE ESSENCE OF CYBERSPACE; A THEORETICAL FRAMEWORK TO

FACE CYBER ISSUES. Paper presented at the Conference on Cyber Conflict Proceedings 2010.

23. Kahney, L. (2009). Inside Steve's Brain: Penguin Group USA.

24. Kaminski, R. T. (2010). ESCAPING THE CYBER STATE OF NATURE: CYBER DETERRENCE AND

INTERNATIONAL INSTITUTIONS. Paper presented at the Conference on Cyber Conflict.

25. Larive, M. (2011). Where does the EU stand on the development of a cybersecurity strategy? Retrieved

16th February, 2012, from http://foreignpolicyblogs.com/2011/09/09/where-does-the-eu-stand-on-the-

development-of-a-cybersecurity-strategy/

26. Lemos, R. (2010). Security's Gaping Hole: USB Flash Drives. Information week Retrieved 28.12.2011,

from http://www.informationweek.com/news/security/client/227300112

27. Libicki, M. C., & Force, P. A. (2009). Cyberdeterrence and cyberwar: RAND.

28. Milgram, S. (1974). Obedience to authority: an experimental view: Harper & Row.

29. Nazario, J. (2010). Politically Motivated Denial of Service Attacks. Arbor Networks, United States.

30. TheWhiteHouse. (2003). The National Strategy to Secure Cyberspace. Washington, DC.

31. Wickramarathna, W. (2009, August 27). Defining cyber terrorism. Online edition of Daily News Retrieved

29.12.2011, from http://www.dailynews.lk/2009/07/27/fea02.asp

http://www.publications.parliament.uk/pa/ld201012/ldselect/ldeucom/149/14902.htm

http://foreignpolicyblogs.com/2011/09/09/where-does-the-eu-stand-on-the-development-of-a-cybersecurity-strategy/

http://foreignpolicyblogs.com/2011/09/09/where-does-the-eu-stand-on-the-development-of-a-cybersecurity-strategy/

http://www.informationweek.com/news/security/client/227300112

http://www.dailynews.lk/2009/07/27/fea02.asp

Cyber Security

Documents

george hays

metropolitan

3rd semester

cold war taught

cyber security

social relations

usb sticks

national strategy