Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
While reading Erbschloe’s Information Warfare – How to Survive Cyber Attacks in early 2001, with his detailed descriptions of the potential and how to protect ourselves against the same; it became painfully apparent that given the current state-of-affairs, we were both unprepared and severely incognizant of exactly where the weaknesses in our corporate, government and military infrastructure were located.
Defense in Depth was developed to defend a kinetic or real world military or strategic assets by creating layers of defense that compel the attacker to expend a large amount of resources, while straining supply lines.
By: Terrence OConnor (posted on February 14, 2012)
We live in an era where a single soldier can digitally leak thousands of classified documents (possibly changing the course of war), attackers can compromise unmanned drone control software and intercept unencrypted video feeds, and recreational hackers can steal and release personal information from members of cyber think-tanks.
The mission of cyber deterrence is to prevent an enemy from conducting future attacks by changing their minds, by attacking their technology, or by more palpable means. This definition is derived from influential policy papers including Libicki (2009), Beidleman (2009), Alexander (2007), and Kugler (2009). The goal of cyber deterrence is to deny enemies “freedom of action in cyberspace” (Alexander, 2007). In response to a cyber attack, retaliation is possible, but is not limited to the cyber domain. For example, in the late 90’s the Russian government declared that it could respond to a cyber attack with any of its strategic weapons, including nuclear (Libicki, 2009). McAfee estimates that about 120 countries are using the Internet for state-sponsored information operations, primarily espionage (McAfee, 2009).
By: Andrew Hildick-Smith (posted on August 24, 2005)
Supervisory Control and Data Acquisition (SCADA) systems and other similar control systems are widely used by utilities and industries that are considered critical to the functioning of countries around the world.
The present war against terrorism, precipitated by the decidedly low-tech use of airplanes on September 11, is raising the awareness of corporations and individuals in regards to the security of business and personal information.
By: Scott Anthony Newton (posted on October 31, 2003)
Instead of simply causing annoying service disruptions, catastrophic data loss, or even the fall of a technology-dependent society, could cyber terrorists and information warriors use computers to actually kill people directly?
By: Shannon M. Lawson (posted on October 31, 2003)
The purpose of this paper is to explore the possibility of a terrorist group launching an information warfare attack against our infrastructure and to answer the question: Is the US ready to defend against a cyber attack?
The purpose of this paper is to review the macro-level issues involved in the need for a national level infrastructure protection program and then focus on those pertinent threats and developments that drive the need for specific security programs at the local infrastructure company level.
This paper evaluates Priority One of the National Strategy to Secure Cyberspace, entitled "Priority 1: A National Cyberspace Security Response System," through a contextual analysis of the evolution of cyber early warning in the United States and an evaluation of the underlying technical model.