Cyber-Terrorism: E-WWIII? (4 of 8)

POST 4: Defense Against Cyber Terrorism

In this three-post arc, I will discuss the most prominent cyber-terrorism countermeasures and the network of defense being created against this modern warfare. In this post, specifically, we will look at the idea of what proactive cyber defense can mean on a global scale. In the following posts, we will look more closely at the American approach to cyber defense: the Kill Switch bill and information warfare.

Proactive Cyber Defense

Recognizing that traditional reactions to cyber-attacks are insufficient[1], the U.S. has determined a new course of action: proactive cyber defense. Rather than reacting to attacks after they have been carried out, the U.S. has employed the assistance of hackers in determining where a potential threat lies and taking proactive steps to eliminate the threat.

Based on how the U.S. reacted to the Estonian crisis in 2007, the first question that comes to mind is how? How can the U.S. now justify striking first in a cyber-attack scenario, when the U.N. told Estonia that they could not even strike back after an all-out internet shut down by the Russians?[2] Due to the growing realities of cyber-terrorism, and the obvious issues with prosecuting even the domestic nuisances in the homeland, the Pentagon changed their stance on cyber-tactics in 2011 finding that a cyber-attack is casus belli, an act of war. The new formal strategy was created to deter cyber-attacks which declared outright that a computer attack originating from a foreign nation, which threatens widespread civilian casualties, will be considered an act of war that may result in a swift military response.[3] It is worth noting that what constitutes a “threat” of civilian causalities can be slight; such as disruption of power or water. This strategy is aimed not at attacking, but at deterring and takes roots in the U.S. 1950’s cold war strategy.[4] However, there is one major flaw in the plan: in the event of a nuclear strike, the offending nation would be readily identifiable and therefore a target city would be selected for a response attack (mutually ensured destruction). In the context of cyber-warfare, the originating server is difficult to pin point and even more difficult to ensure that it is “a hacker and not the People’s Liberation Army.”[5] Recognizing that cold war ideologies on deterrence do not apply in the cyber-context, the new strategy suggests neutralizing attacks in the making as well as broader forms of deterrence that go far beyond a nations military capabilities—urges deterrence through threats against the nation’s reputation and economic well-being.[6]

In order to carry out these newly implanted strategies, the Pentagon set up the U.S. Cyber Command under the umbrella of the NSA’s U.S. Strategic Command and General Keith Alexander.[7] According to former Defense Secretary Robert Gates, this tactical move recognizes that cyberspace deserves military protection similar to that which is given to land, sea and air.[8]

“[O]ur increasing dependency on cyberspace, alongside a growing array of cyber threats and vulnerabilities, adds a new element of risk to our national security. To address this risk effectively and to secure freedom of action in cyberspace, the Department of Defense requires a command that possesses the required technical capability and remains focused on the integration of cyberspace operations.”[9]

byte me

Cyber command joins a host of other so-called “cyber-armies,” including Russia, Israel, North Korea, and China, all aimed at defending its nation’s networks and devising attacks at others.[10] Preceding his appointment to the Cyber Command, General Alexander stated that his unit will target command and control systems at foreign military headquarters, and other defense networks that require computers to operate, but seemed to evade the question of civilian infrastructure.[11] Although he stated that Cyber Command “would be sensitive to the ripple effects from this kind of warfare,” he declined to comment on whether municipal infrastructure essential to state sovereignty and stability would fall outside said “sensitivity.”[12] It’s these types of attacks that knock out utilities and emergency alert systems which could do the most damage and cause civilian casualties.

But what is proactive cyber defense? What specifically are these “armies” doing to prevent an attack? Besides information warfare (discussed in greater detail in Post 6) most of what these groups do is focused on compiling and analyzing data from previous attacks to understand how these attacks works and how to efficiently respond and eliminate them. Remember in Post 3 we discussed the catastrophic attack on Estonia which was only stopped when Estonian government officials cut off international internet access to the country to stop the DDoS attacks. Given Americans attachment and dependence upon the internet for business and personal affairs, this approach would be impractical at best.[13] Today, analysts are attempting to predict and thwart attacks before they occur so that in a worst case scenario society and our financial markets would remain stable.

The U.S. Cyber Command has outlined their 5 top priorities with respect to proactive cyber defense: 1) improving situational awareness across networks; 2) creating trained and ready cyber teams; 3) building a more defensible architecture; 4) evolving authorities, roles and responsibilities for defending the nation; 5) constructing effective command and control processes and concepts for operating in cyberspace.[14]

In order to accomplish the tangible, technical side of these goals, researchers have developed “filter-based methods” of algorithms to learn and transfer behaviors of attacks to future attacks.[15] The algorithm classifies a certain attack as either innocent or malicious based on how the perceived attack “behaves.” This behavior is logged and transferred for use against novel attacks and applies what it has learned to new attacks which are related but not identical to the initial attack.[16] Through this process existing information on how attacks, and the human behavior behind the malware, behave and react can be extrapolated into the future. This vast amount of knowledge which is learned and cataloged allows defense networks to successfully (with increasing speed and accuracy) respond to attacks.[17]

In the next two posts we will discuss the other aspects of defending against cyber-attack; in terms of legislation we will examine the Kill Switch bill which gives the President the option of shutting down the internet and it terms of how the U.S. monitors potential attacks we will look at information warfare.

[1] CFAA has proven inefficient at stopping cyber-terrorist groups (like Anonymous) because prosecutors are unable to identify and charge offenders under the CFAA. Even when an individual is singled out, or even a group of participants, due to the large and contiguous nature of these groups—originating from an unknown number of countries) there will always be countless other members planning and escalating attacks. Swathi Padmanabhan, Hacking for Lulz : Employing Expert Hackers to Combat Cyber Terrorism, 15 Vand. J. Ent. & Tech. L. 191, 206 (2012).

[2] See War in the Fifth Domain, The Economist Newspaper, LTD., July 1, 2010, (retrieved Oct. 20, 2013) The Economist, and many other sources, alleges that part of the reason the U.S. and other Western nations were reluctant to comment on cyber-terrorism is because the NSA and Britain’s GCHQ are some of the most active hackers, syphoning off information from foreign networks similar to ATP1 (discussed in Post 3). Shedding light on the issue would have shed light on their own cyber-espionage capabilities.


[3] David E. Sanger & Elisabeth Bumiller, Pentagon to Consider Cyberattacks an Act of War, N.Y. Times, May 31, 2011, (retrieved on Oct. 20, 2013)

[4] Id.

[5] Id.

[6] Id.

[7] Kelly A. Gable, Cyber-Apocalypse Now: Securing the Internet Against Cyberterrorism and Using Universal Jurisdiction As A Deterrent, 43 Vand. J. Transnat’l L. 57, 90 (2010); Cyberwar, The Economist Newspaper, LTD., July 1st, 2010, (retrieved on Oct. 20, 2013)

[8] William Jackson, DOD Creates Cyber Command as U.S. Strategic Command Subunit, FCW, June 24, 2009, (retrieved Oct. 20, 2013)

[9] Id.

[10] Cyberwar, supra note 58; see also War in the Fifth Domain, supra note 54.

[11] Thom Shanker, Cyberwar Nominee Sees Gap in Law, N.Y. Times, April 14, 2010, (retrieved Oct. 20, 2013)

[12] Id.

[13] Also, the Estonia attack occurred in 2007 and reliance upon the internet in our daily lives has grown dramatically since that time due to the prevalence of smart phones. Whereas in 2007 many businesses could remain operational on their own internal systems, in 2013 most businesses and their software require constant internet access. Consider how many small businesses exist solely online and would suffer great profit loss were internet access shut off. We will discuss this possibility in more detail in the next post.

[14] Jeff Erlichman, Military Cyber Chief Details Top 5 US Cyber Command, NSA Priorities, Breaking Gov, Feb. 2, 2012, (retrieved Oct. 21, 2013),

[15] Richard Colbaugh & Kristin Glass, Proactive Defense for Evolving Cyber Threats, Report from the Sandia National Laboratories (Nov. 2012), available at

[16] Id.

[17] Id. 

One Response to “Cyber-Terrorism: E-WWIII? (4 of 8)”

  1. Looks like I should hold comments here for the arc…. Looking forward to reading the next two.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: