System Design and Management Program. Stuart Madnick and Allen Moulton. Massachusetts Institute of Technology.
The purpose of this paper is to offer an introductory overview on the collateral damages of cyberwarfare. This paper offers an overview on cyberwarfare with focus on collateral damages and the role of victims.
Cyberwarfare is a new type of warfare that poses numerous challenges. First, the article outlines basic definitions of cyberwarfare and cyber weapons proposed so far, and it outlines the international legal framework.
Second, the article addresses collateral damages and the role of victims including illustrations of two paradigmatic cases of widely known cyberattacks.
Cyberwarfare is a complex phenomenon and raises many questions regarding definitions, differences with reference to other warfare, and finally compatibility with ius ad bellum and ius in bello international law.
Some questions may be solved interpreting existing law, others remain open and without a clear solution. Such complexity depends on the fact that attacks may differ sensibly depending on the final target, scope, hardware and software tools used.
They all have in common to exploit computer systems and networks in order to achieve a military advantage. Considering the wide range of information technologies, scopes and targets, it is quite difficult to provide a comprehensive definition.
To date there are several attempts to define cyberwarfare: Cyberwarfare differs from other types of warfare in many aspects.
We highlight some Cyber warfare thesis them. First, cyberwarfare immediate targets are computer systems and networks and most cyberattacks are conducted through computers and computer networks. Nonetheless, computer systems and networks may be used to target physical systems and produce physical damages, Cyber warfare thesis and injury.
Second, cyberwarfare attacks may be planned to be executed in a very short lapse of time. Third, cyberwarfare activities, given how computer networks and particularly the Internet are designed, may be routed through many territories, hence complex problems regarding law of neutrality arise.
Fourth, some cyberwarfare activities, aimed at creating kinetic attacks, may use the hardware and weapons of the enemy in order to execute the attack by remote controlling them.
Fifth, most cyberwarfare attacks may be launched in stealth mode, i. And finally, many cyberwarfare activities may require the use of many computer techniques and technologies and malware or the exploitation of vulnerabilities in the targeted computer systems, as well as social engineering techniques in order to gain access to computer systems and networks.
Sometimes such activity requires an extensive study and design, a lot of programming and a multidisciplinary approach. A lot of investments and preparation may be needed for attacks that rarely may be launched more than once or replicated. Definitions and an Example of Software Used One important question is whether the tools used for most cyberwarfare activities and attacks are to be considered weapons.
Such problem has implications with regard to all international law dealing with armed attacks, use or threat to use the force and how to conduct hostilities. With regards to such aspect, two different points of view are to be highlighted.
According to the first, a tool hardware equipment or computer code is a weapon on the basis of its objective possibility to cause harm or to allow the execution of an attack. An example of such type of definition is: We will focus on what appears clearly to be an example of cyberweapon, regardless of the approach and point of view: Upon identification and penetration of such system, the malware was designed to damage a specific type of turbines and so to create physical damage bypassing human and automated controls of the target industrial plant.
The effect is similar to the one obtainable by destroying such turbines with conventional weapons so called kinetic attack during a traditional warfare activity. The features of the complex malware and the deep knowledge of the target systems indicate that it was specifically designed software, created by multidisciplinary team relying on a particular knowledge of the industrial processes that governed the target system.
Analysis of the phenomenon and definitions of the concept are important in order to deal with important international law issues, particularly with the ius ad bellum  and the ius in bello  norms.
For what ius ad bellum is concerned, primary problems are whether cyberwarfare is to be considered use of the force according art. As a matter of fact, at the time of UN Charter drafting cyberwarfare or cyberspace did not exist and so the question whether current international norms apply or whether new international norms are needed assumes a great relevance.
The norms formulated by the experts consist in numbered rules and each rule is accompanied by a short commentary.Kramer, et al. presents a similar thesis with some policy recommendations, as does Rosenzweig A skeptical assessment of the threat of cyber warfare, yet accepts that cyber threats of a different nature are real and potentially serious.
Rosenzweig, Paul. Biodefense PhD writes ‘groundbreaking’ thesis on cyber warfare It took six years—eight, if you count the two to get the master’s degree—for Craig Wiener to receive his PhD in biodefense from George Mason University’s Schar School of Policy and Government.
The thesis takes a look at the different approaches (instrument-based, target-based and effects-based) to assessing the question of whether or not a cyber attack .
In a book entitled, Cyber War: The Next Threat to National Security and What to do About It, Richard Clarke and Bob Knake provide a vivid description of the dangers associated with a cyber-attack. Cyber Warfare offensive capability does not outmatch defensive capability to the extent that would allow the achievement of a strategic .
Royal Holloway University of London ISG MSc Information Security thesis series Cyber-physical attacks: Dawn of a new age in cyber-warfare? Authors.