Document Source: Computer Security Lab
This report contains three key parts – an
analysis of the nature of the problem, an examination of policy considerations
and recommendations, and a series of technical recommendations. Among the conclusions
reached was that contemporary technology could not provide a secure system in
an open
environment, and that it would be unwise to incorporate sensitive
information in an open environment system unless a significant risk of
accidental disclosure could be accepted.
Document Source: www.nsa.gov
This article, which appeared in a classified
NSA journal, explores seven common computer operating system vulnerabilities,
several penetration techniques, defensive measures, and future research areas.
Document Source: www.nsa.gov
The author of this article argues that while
computer users at NSA have been confident that the security of their systems is
“ironclad and invulnerable” the reality is quite different. He then
notes a number of user practices and implementation problems that make those
systems vulnerable.
Document Source: National Security Council
Freedom of Information Act Release.
This presidential directive notes the threats
to “automated information processing systems” and lays out
objectives, policies, and an organizational structure designed to safeguard
such systems.
Document Source: www.nsa.gov
This paper examines the nature of computer
viruses, whether there is an algorithm to determine whether a program is
infected with a virus, different classes of attack (including compromise,
spoofing, and denial of service), and solutions.
Document Source: www.nsa.gov
This paper examines a defense, involving
encryption, that can be used to respond to the detection of a computer virus -
and means for checking the effectiveness of the response.
The catalyst for this report was a November
1988 computer virus that caused thousands of computers, in the United States
and overseas, to shut down. The report provides details on some of the networks
disrupted by the virus, the means of infection, and notes the vulnerabilities
highlighted by the incident.
Document Source: National Security Council
Freedom of Information Act Release.
This presidential directive was produced in
response to the “continuing advances in microelectronics technology”
which had “stimulated an unprecedented growth in the demand and supply of
telecommunications and information processing services within the government
and throughout the private sector.” It states objectives, policies, and
means and responsibilities for implementation.
Document Source: www.gao.gov
This testimony of a GAO official concerns his
division’s investigation of the attacks by Dutch hackers on Army, Navy, and Air
Force computer systems – which the official characterizes as containing
unclassified but sensitive information – during Operation Desert Storm/Shield.
It examines how the hackers penetrated the systems, agency responses, and the
need for greater attention to computer security.
Document Source: www.nsa.gov
This one-page article reports NSA
classification guidelines with respect to any discussion of computer viruses
with regard to NSA systems. Classification of specific facts ranged from
Unclassified to Top Secret/Handle Via Comint Channels Only.
Document Source: www.nsa.gov
This heavily-redacted article extends beyond
cyber issues, but does note that “sophisticated telecommunications and
data networks … make it possible to deny and degrade a potential adversary’s
command and control communications and sensitive commercial and diplomatic
communications from great distances with little or no risk to life and
limb.”
[Deleted], “Out of Control,” Cryptologic Quarterly, Special Edition, 15, 1996. Secret.
Document Source: www.nsa.gov
This article, in another National Security
Agency journal, discusses the threat to computer systems containing classified
information via human intelligence operations directed at systems
administrators. A largely redacted section is titled “”Foreign
Intelligence Services Are Already Targeting Computer Personnel,” while the
final section offers recommendations on how to address the problem.
Document Source: www.gao.gov
This report and testimony by a GAO official
reports on an examination of hacker attacks on Defense Department computer
systems, including a 1994 episode that involved over 150 attempts to access the
computer systems of Rome Laboratory – which resulted in the theft of air
tasking research data and damage to the laboratory’s air tasking order research
project “beyond repair,” according to lab officials. The report and
testimony also discuss the challenges faced by DoD in securing its computer
systems.
Document Source: www.gao.gov
This report and testimony by a GAO official
reports on an examination of hacker attacks on Defense Department computer
systems, including a 1994 episode that involved over 150 attempts to access the
computer systems of Rome Laboratory – which resulted in the theft of air
tasking research data and damage to the laboratory’s air tasking order research
project “beyond repair,” according to lab officials. The report and
testimony also discuss the challenges faced by DoD in securing its computer
systems.
Document Source: Department of Defense Freedom
of Information Act Release.
This memo from the secretary of defense to the
director of NSA authorized the agency to develop computer network attack (CNA),
exploitation, and related techniques as well as to conduct analysis of foreign
information infrastructure systems in support of CNA technology development.
Document Source: www.nsa.gov
This article, by a senior NSA official, notes that
NSA was assigned the mission of computer network attack in March 1997, and
argues that the world was on the verge of a new age – “the information
age” – and that the future of war would be warfare in cyberspace.
Document Source:
www.fas.org.sgp/library/pccip.pdf.
This presidential commission report focused on
the protection of critical infrastructures – including energy, banking and
finance, transportation, and telecommunications – in the context of the
“rapid proliferation and integration of telecommunications and computer
systems” which “have connected infrastructures to one another in a
complex network of interdependence.” Its two parts focus on “the case
for action” and “a strategy for action.”
Document Source: Federation of American
Scientists (www.fas.org)
The introduction to this directive notes that
the military and economy of the United States are “increasingly reliant
upon certain critical infrastructures and upon cyber-based information
systems.” The remainder of the 18-page directive specifies the President’s
intent “to assure the continuity and validity of critical
infrastructures” in the face of physical or cyber threats, states a
national goal, delineates a public-private partnership to reduce vulnerability,
states guidelines, specifies structure and organization, discusses protection
of Federal government critical infrastructures, orders a NSC subgroup to
produce a schedule for the completion of a variety of tasks, and directs that
an annual implementation report be produced.
Document Source: www.dod.gov
The introduction to this assessment notes that
information operations includes information attack which, in turn, includes
computer network attack. It goes on to consider the implications of a variety
of domestic and international laws and treaties with regard to information
operations.
Document Source: National Security Agency
Freedom of Information Act Release.
This message from the NSA director provides
information to agency employees concerning a massive failure of the agency’s
computer system that left it temporarily incapable of processing data collected
by U.S. signals intelligence collection systems.
Document Source: www.dtic.mil.
This 38-page instruction states policy,
assigns responsibilities to a variety of organizations (including the Defense
Information Systems Agency, National Security Agency, and the now
disestablished U.S. Space Command), and stipulates procedures to provide
“structure and support” for computer network defense with DoD
information systems and computer networks.
Steven A. Hildreth, Congressional Research Service, Cyberwarfare, June 19, 2001. Unclassified.
Document Source: www.fas.org
This report discusses the definition of
cyberwarfare, and contains three case studies – including the Rome Laboratory
incident (Document 8a, Document 8b) and two exercises – and, inter alia,
reviews U.S policy and doctrine, organization, and legal issues. It also
discusses selected foreign views and activities with regard to cyberwar.
Robert Mueller, III, “Message
from the Director.” Unclassified.
Document Source: FBI Freedom of Information
Act Release.
This message from the director of the FBI,
early in his tenure, conveys his view as to the top ten challenges facing the
bureau and what the FBI needs to do to meet those challenges – which include
cyber-based attacks.
Document Source: Belfer Center for Science and
International Affairs, Harvard University (www.beflercenter.hks.harvard.edu)
This paper, written by the first director of
the Federal Bureau of Investigation’s National Infrastructure Protection
Center, examines: the range of cyber attackers (including insiders, criminal
groups, virus writers, foreign intelligence services, foreign military
organizations, terrorists, “hacktivists,” and recreational hackers),
types of cyber attacks, the international component of cyber attacks, the
federal response to cyber attacks, Presidential Decision Directives 62 and 63,
and the policy of the George H.W. Bush administration. Vatis also offers
recommendations concerning cyber research and development, alert status during
conflict, and identifying best practices related to cyber security.
The White House, The National
Strategy to Secure Cyberspace, February
2003. Unclassified.
Document Source: www.us-cert.gov
This 76-page document discusses the strategy’s
strategic objectives (including preventing cyber attacks against critical U.S.
infrastructures), the government’s role in cyber security, the anticipated role
of the Department of Homeland Security in cyber security, and five critical
priorities for cyberspace security (including a national cyberspace security
response system and international cooperation). A classified National Security
Presidential Directive (NSPD-38), with the identical title, was issued on July
7, 2004.
Document Source: Dudley Knox Library, Naval
Postgraduate School (www.nps.edu/library)
This master’s thesis examines the possibility
of using deception to defeat or mitigate the damage from cyberterrorism. It
examines, inter alia, the cyberterrorism threat, the values and risks of
deception, nine varieties of cyber deception (including concealment,
camouflage, false and planted information, ruses, and feints) and cyber
defense, and the pitfalls of cyber defense.
Interagency OPSEC Support Staff, Intelligence Threat Handbook, June 2004. Unclassified.
Document Source: Author’s Collection
The scope of this handbook is broader than
cybersecurity, but one section – Computers and the Internet – addresses the
history of Internet security, threats to computer network security, roots of
network vulnerability, outsider attack techniques, insider attack techniques,
and countermeasures.
Document Source: www.dhs.gov
This document reports on the inspector
general’s evaluation of the Department of Homeland Security’s efforts to
implement The
National Strategy to Secure Cyberspace(Document 14). It notes
“major accomplishments” – including the creation of a Computer
Emergency Readiness Team, creation of the National Cyber Alert System, and
sponsorship of the National Cyber Security Summit. It also notes “a number
of challenges to address long-term cyber threats and vulnerabilities” -
including the DHS National Cybersecurity Division’s need to prioritize its
initiatives, identify resources required to carry out its mission, and develop
strategic implementation plans.
Document Source: www.nitrd.gov/pitac/reports
The two main chapters of this report, prior to
the concluding chapter, address the importance of cyber security and examine
federal cyber security research and development efforts. In its concluding
chapter the committee states its findings and recommendations with regard to
federal funding for fundamental research in civilian cyber security, the cyber
security research community, technology transfer efforts, and the coordination
and oversight of federal cyber security research and development.
Document Source: www.rumsfeld.com
In this “snowflake” directed to his
under secretary for intelligence, Rumsfeld suggests that Cambone consider
establishing a group to review organization, budgeting, and presentation issues
with regard to cyber attacks.
Document Source: Department of Defense Freedom
of Information Act Release
This directive states Department of Defense
policy and responsibilities with regard to information operations (defined as
the integrated deployment of electronic warfare, computer network operations,
psychological operations, military deception, and operations security). Among
those whose responsibilities are identified is the Assistant Secretary of
Defense for Networks and Information Integration.
Document Source: Department of Defense Freedom
of Information Act Release.
This strategy document was issued to provide
guidelines to the Defense Department – including military service
organizations, the unified commands, and DoD components (including agencies,
field activities and other entities) – with regard to planning, executing, and
allocating resources for cyberspace operations. Its main chapters focus on the
strategic context, threats and vulnerabilities, strategic considerations, the
military strategic framework, and implementation and assessment. Several
enclosures address topics such as examples of threats and threat actors,
examples of vulnerabilities, and strategic priorities and outcomes.
Document Source: www.fas.org
This study examines possible terrorists’
objectives in conducting cyberattacks, computer vulnerabilities that might make
cyberattack against the U.S. homeland’s critical infrastructure viable, and
emerging computer and technical skills of terrorists. It also examines the
cybersecurity efforts of several government agencies, changing concerns about
cyberattack, and a number of additional issues concerning terrorist or criminal
cyber activities.
Document Source: Office of the Director of
National Intelligence Freedom of Information Act Release.
This report, by a DNI advisory group, argues that
the U.S. Government should accept that any of its information systems and
networks (even classified ones) might be compromised and recommends a strategy
for bolstering information assurance.
Document Source: Director of National
Intelligence Freedom of Information Act Release.
The core of this document is the
identification of, and discussion related to, six cyber counterintelligence
objectives (the specifics of two having been redacted from the version
released). It also contains several appendices, including one on the assessment
of damage/loss from cyber intrusions, and a glossary.
Intelligence Science Board, Technical Challenges of the National
Cyber Initiative, SECRET/CODEWORD.
Document Source: Director of National
Intelligence Freedom of Information Act Release.
The ISB, an advisory body reporting to the
DNI, identifies in this report a number of technical challenges to the DNI’s
National Cyber Initiative. These include, but are not limited to, the need for
extensive cooperation, a strategic view, macro-level metrics, and a national
approach. They note their agreement with a 2004 CIA assessment that the cyber
problem is on the scale of a “Manhattan Project.”
Document Source: www.nps.edu/library
The author of this thesis argues that with
“more sectors of critical national infrastructure [being] interconnected
in cyberspace,” the risk to national security from cyberattack “has
increased dramatically.” He explores the fundamentals of strategic deterrence,
the evolving cyber threat, deterrence strategy in cyberspace, and the prospects
for cyber deterrence.
Document Source:
www.dtic.mil/dtic/fr/fulltext/u2/a504991.pdf
This monograph was written to examine the
implications of alleged Russian cyber attacks against Estonia and Georgia for
the Russian Federation, former Soviet satellites, and international
organizations.
Document Source: www.dss.mil
This assessment of foreign attempts to
illicitly acquire U.S. technologies concerns a variety of techniques, including
“suspicious internet activity” – which includes, but is not limited
to “confirmed intrusion, attempted intrusion, [and] computer network attack.”
Document Source:
https://publicintelligence.net/cyber-warfare-lexicon
In addition to providing a series of
definitions concerning cyber activities, this document also contains a series
of discussions on aspects of cyberspace operations.
Document Source: The White House
(www.whitehouse.gov)
This paper reports the results of a
presidentially-directed 60-day comprehensive review to evaluate U.S. policies
and organizational structures related to cybersecurity. The review produced
seven main conclusions which included: “The Nation is at a crossroads,”
“The status quo is no longer acceptable,” “The United States
cannot succeed in securing cyberspace if it works in isolation,” and
“The Federal government cannot entirely delegate or abrogate its role in
securing the Nation from a cyber incident or accident.”
Document Source: Editor’s collection
This 176-page manual covers a variety of
aspects of computer incident handling – including the overall incident handling
program, methodology, reporting, analysis, response, tools, and collaboration
with other strategic communities.
Document Source: www.dod.gov
This memo from the Secretary of Defense
directs the commander of the U.S. Strategic Command to establish a U.S. Cyber
Command and that the command reach an initial operating capability by October
2009 and a full operating capability by October 2010. It also informs the
recipients of the Secretary’s plan to recommend to the president that the
National Security Agency director also become commander of the Cyber Command.
Document Source: https://cyberwarfare.nl
This document notes that “a new
operational environment has emerged as evidenced by the increasing frequency
and destructiveness of attacks and exploits launched against the United States
through cyberspace.” The central aspects of the strategy are the
definition of mission objectives (e.g. neutralizing intelligence activities
targeting U.S. and DoD interests in cyberspace) and enterprise objectives (e.g.
achieving unity of effort in cyberspace).
Document Source:
https://publicintelligence.net/fbi-corporate-america-ci.
This assessment discusses the elements of
counterintelligence management and support, provides a means of evaluating the
assorted threats (including insider and foreign threats) to corporate
information, and elements of neutralizing threats.
Document Source: Air University
(www.au.af.mil)
This study, prepared for the U.S.-China
Economic and Security Review Commission, focuses largely on Chinese computer
network exploitation (CNE) as a strategic intelligence collection tool. It
examines Chinese CNE operations strategy and operations during conflict, key
entities in Chinese computer network operations, cyber-espionage, an
operational profile of an advanced cyber intrusion, and a chronology of alleged
Chinese computer network exploitation events.
Document Source: www.ncsi-va.org
The Air Force Space Command is the lead U.S.
Air Force organization for cyberspace operations. The Command’s blueprint
reports on presidential guidance, joint guidance, Air Force intent, the
Commander’s guidance, the Air Force concept of cyberspace operations,
integration of capabilities, operational responsiveness, and cyberspace
culture.
Document Source: www.dtic.mil/whs/directives/corres/pdf/520513p.pdf
This Defense Department instruction states
policy, establishes responsibilities, and delegates authority with regard to
the protection of unclassified DoD information that passes through or resides
on unclassified Defense Industrial Base information systems and networks.
Document Source: www.dhs.gov
This white paper describes the Department of
Homeland Security’s computer network security activities, which includes the
operation of the EINSTEIN intrusion detection systems – including the systems
collection methods and the implications for privacy protection. It also
discusses topics such as oversight and compliance, the role of the National
Security Agency, and future program development.
Document Source: www.fas.org
This pamphlet explores how “the Army’s
future force in 2016-2028 will leverage cyberspace and CyberOps” and how
CyberOps (which is specified to consist of four components – cyberwarfare,
cyber network operations, cyber support, and cyber situational awareness) will
be integrated into full spectrum operations.
