by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : July 2015
GCN JULY 2015 • GCN.COM 15 4 defining characteristics of cyber weapons THE NUMBER and sophis- tication of cyberattack campaigns by nations will continue to increase because they minimize the need to risk military personnel or costly equipment. Unlike personnel and equipment, computer code can be instantly redeployed to any area, and because code is reusable, it offers a practi- cally bottomless magazine for future attacks. News reports now describe cyberattacks that can result in severe physi- cal damage to facilities and equipment, and a tendency has arisen for the media to compare malicious cyber code to weaponry. But what is the definition of a weapon, and how can we more clearly identify when a cyberattack should be correctly labeled a “cyber weapon”? The Tallinn Manual on the International Law Applicable to Cyber Warfare, which was developed after a series of cyberattacks against Estonia in 2007 caused extensive dis- ruption to civilian services, defines a cyber weapon as a “cyber means of warfare” that is capable, by design or intent, of causing injury to persons or objects. With most cyberattacks, however, the attribution and intention might be unknow- able. In addition, cyberat- tacks often create cascade effects that were outside the original intentions of the attacker. However, reverse-engi- neering and analysis of mali- cious code used in recent sophisticated cyberattacks have revealed four common characteristics that help provide a clearer and more useful definition of a cyber weapon: 1. A campaign that might combine multiple malicious programs for espionage, data theft or sabotage. 2. A stealth capability that enables undetected op- eration within the targeted system over an extended period of time. 3. An attacker with appar- ently intimate knowledge of the workings of the targeted system. 4. A special type of com- puter code that can bypass protective cybersecurity technology. The most frequently dis- cussed example of a state- sponsored cyber weapon attack resulting in physical damage involved a years- long campaign of stealth, data theft and sabotage tar- geting the nuclear program in Iran. Malicious programs were crafted to steal sensi- tive information, monitor internal messages and then disrupt and disable targeted industrial control systems for a specific type of centri- fuge equipment in a special nuclear facility in Iran. The entire campaign might have been operating from 2006 through 2010 before being discovered by security personnel out- side Iran. Analysts agree that such a sophisticated and long-running cyber campaign showed that the designers of the malicious code had acquired an intimate knowledge of the targeted systems before launching the cyberattacks. The cyber weapon cam- paign caused Iran’s nuclear program to suffer a setback, but one that lasted only a short time. Since the attack was discovered, Iran has tak- en steps to increase manage- ment of its security and has revived its capabilities for enriching nuclear materials. Future-generation cyber weapons will undoubt- edly take greater advantage of opportunities that are expanding as more intimate knowledge about designs and vulnerabilities of equip- ment and facilities becomes available over the Internet. Future targets will likely include complex military weapon systems, command and control systems or even missile defense systems. Although there has been no reported loss of life directly linked to cyberat- tacks, there is a growing temptation for nations to view cyber weapons as a “cleaner” form of warfare, to be favored over, or perhaps even replace, traditional negotiations that can be prolonged and frustrating. However, the next genera- tion of cyber weapons will increasingly target and destroy physical equipment in industrial and military facilities, and the time might come when we begin to see human casualties. • — Clay Wilson is a retired program director of cyber- security studies at Ameri- can Military University and past program director of cybersecurity policy at University of Maryland University College. There is a growing temptation to view cyber weapons as a “cleaner ” form of warfare, to be favored over traditional negotiations. BY CLAY WILSON INDUSTRY INSIGHT 0715gcn_015.indd 15 6/29/15 4:09 PM