This is a preview of how your content will look on export. To export the complete content in DOC format, click the blue export button in the upper right corner of this page.
2.1 Fundamental Concepts
  • 1 2.1.1 Cyber-Attack v. Cyber-Exploitation

    Cyber-Attack v. Cyber-Exploitation. This is a fundamental distinction throughout cybersecurity that has important legal, policy, and jurisdictional implications. A cyber-attack is an act that disrupts, denies, degrades, or destroys information on a computer network or related system. Examples include the manipulation or destruction of data or code on a computer system to control or shut down an electricity grid, or to disrupt military communications, or to render banking data unreliable. A cyber-exploitation is the act of monitoring and related espionage on computer systems, as well as the copying (and thus theft) of data on these systems. In contrast to a cyber-attack, cyber-exploitation does not seek to affect the normal functioning of the computer or network from the perspective of the user. Examples of cyber-exploitation include stolen military secrets, intellectual property, and credit card numbers.

    • 1.1 William A. Owens, Kenneth W. Dam, and Herbert S. Lin, Committee on Offensive Information Warfare, National Research Council; The Basic Technology of Cyberattack in Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, 2009, pp.9-12,32.

  • 2 2.1.2 Characteristics of Cyber-Operations (attack and exploitation)

    All cyber-operations – both attacks, and exploitations – requires three things: a vulnerability, access to the vulnerability, and a payload.

    • 2.1 William A. Owens, Kenneth W. Dam, and Herbert S. Lin, Committee on Offensive Information Warfare, National Research Council; Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, 2009, Chapte 2 Technical and Operational Considerations in Cyberattack and Cyberexploitation, pp.79-158

  • 3 2.1.3 Why Offense Beats Defense

    The very basic reason why computer systems are vulnerable is that offense (both cyber-attack and cyber-exploitation) beats defense.

  • 4 2.1.4 Economics and Metrics

    Many cybersecurity problems are at bottom problems about misaligned incentives.

  • 5 2.1.5 Attribution

    A fundamental difficulty with regulating cybersecurity is the “attribution problem” of identifying the author of a cyber attack or cyber exploitation.

    • 5.1 David Clark and Susan Landau, Untangling Attribution, Proceedings of a Workshop on Deterring CyberAttacks: Informing Strategies and Developing Options for U.S. Policy, 2010

      Attribution on the Internet can mean the owner of the machine, the physical location of the machine, or the individual who is actually responsible for the actions. This paper teases apart the attribution problems in order to determine under which circumstances which types of attribution would actually be useful.

You've reached the bottom of your content preview.
To view the rest in your browser, click here.
To export the complete content in DOC format, click the blue export button in the upper right corner of this page.

(Note: If you view the entire playlist, any changes you've made to export settings will be lost. Large playlists may temporarily freeze your browser while loading, as well.)