Security Training
Security Certification
Internet Storm Center
Cyber Security Graduate School
Security Awareness Training
Penetration Testing
Industrial Control Systems
Cyber Defense Foundations
IT Audit
Computer Forensics
Software SecurityInformation Warfare
Featuring 15 Papers as of April 16, 2013
-
InfoWar: Cyber Terrorism in the 21st Century Can SCADA Systems Be Successfully Defended, or are They Our "Achilles Heel"?
Michael Ratledge - April 16, 2013
While reading Erbschloes Information Warfare How to Survive Cyber Attacks in early 2001, with his detailed descriptions of the potential and how to protect ourselves against the same; it became painfully apparent that given the current state-of-affairs, we were both unprepared and severely incognizant of exactly where the weaknesses in our corporate, government and military infrastructure were located.
-
Defense in Depth: An Impractical Strategy for a Cyber World
Prescott Small - February 20, 2012
Defense in Depth was developed to defend a kinetic or real world military or strategic assets by creating layers of defense that compel the attacker to expend a large amount of resources, while straining supply lines.
-
The Jester Dynamic: A Lesson in Asymmetric Unmanaged Cyber Warfare
Terrence OConnor - February 14, 2012
We live in an era where a single soldier can digitally leak thousands of classified documents (possibly changing the course of war), attackers can compromise unmanned drone control software and intercept unencrypted video feeds, and recreational hackers can steal and release personal information from members of cyber think-tanks.
-
Mitigating Browser Based Exploits through Behavior Based Defenses and Hardware Virtualization
Joseph Faust - October 7, 2011
There does not seem to be a day or week that goes by that one does not encounter a headline story about an organization being compromised and infiltrated by attackers.
-
Solution Architecture for Cyber Deterrence
Thomas Mowbray - April 29, 2010
The mission of cyber deterrence is to prevent an enemy from conducting future attacks by changing their minds, by attacking their technology, or by more palpable means. This definition is derived from influential policy papers including Libicki (2009), Beidleman (2009), Alexander (2007), and Kugler (2009). The goal of cyber deterrence is to deny enemies freedom of action in cyberspace (Alexander, 2007). In response to a cyber attack, retaliation is possible, but is not limited to the cyber domain. For example, in the late 90s the Russian government declared that it could respond to a cyber attack with any of its strategic weapons, including nuclear (Libicki, 2009). McAfee estimates that about 120 countries are using the Internet for state-sponsored information operations, primarily espionage (McAfee, 2009).
-
Security for Critical Infrastructure SCADA Systems
Andrew Hildick-Smith - August 24, 2005
Supervisory Control and Data Acquisition (SCADA) systems and other similar control systems are widely used by utilities and industries that are considered critical to the functioning of countries around the world.
-
Information Warfare: The Unconventional Art In A Digital World
Eric Hrovat - October 31, 2003
Information warfare is the new art of subverting your enemy in the new battles of the 20th century and beyond.
-
The China Syndrome
Charles Bacon - October 31, 2003
Though estimates vary, the ensuing "Cyberwar" between U.S. and Chinese hackers ultimately affected some 1,100 American web sites and 1,600 Chinese sites.1
-
Information Warfare - It's Everybody's Battle
Charles Coffey - October 31, 2003
Major companies and government agencies have been fighting a vicious battle for years to defend their automated information systems.
-
The Future of Information Warfare
Carter Gilmer - October 31, 2003
The present war against terrorism, precipitated by the decidedly low-tech use of airplanes on September 11, is raising the awareness of corporations and individuals in regards to the security of business and personal information.
-
Can Cyberterrorists Actually Kill People?
Scott Newton - October 31, 2003
Instead of simply causing annoying service disruptions, catastrophic data loss, or even the fall of a technology-dependent society, could cyber terrorists and information warriors use computers to actually kill people directly?
-
Information Warfare: An Analysis of the Threat of Cyberterrorism Towards the US Critical Infrastruct
Shannon Lawson - October 31, 2003
The purpose of this paper is to explore the possibility of a terrorist group launching an information warfare attack against our infrastructure and to answer the question: Is the US ready to defend against a cyber attack?
-
Implementing a Local Security Program to Protect National Infrastructure System Companies and Facili
Mark Loos - October 31, 2003
The purpose of this paper is to review the macro-level issues involved in the need for a national level infrastructure protection program and then focus on those pertinent threats and developments that drive the need for specific security programs at the local infrastructure company level.
-
Federal Intrusion Detection, Cyber Early Warning and the Federal Response
Brian Fuller - June 19, 2003
This paper evaluates Priority One of the National Strategy to Secure Cyberspace, entitled "Priority 1: A National Cyberspace Security Response System," through a contextual analysis of the evolution of cyber early warning in the United States and an evaluation of the underlying technical model.
-
Redefining the Role of Information Warfare in Chinese Strategy
Edward Sobiesk - April 5, 2003
In this paper, a theory is introduced that China is currently executing a patient and deceptive form of information warfare that redefines the boundaries of Western definitions of the concept.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.
Masters This paper was created by a SANS Technology Institute student as part of their Master's curriculum.
