Sun 1

Sun, Joshua
English 1103
1 December 2016
Professor Campbell
Cyber Warfare: The Way for Russians to Shut Off your Wifi and Everything Else
On August 6th, 1945, the first atomic bomb was dropped onto Hiroshima, immediately
vaporizing over 80,000 lives. The detonation of Little Boy changed the face of war and instilled
fear into all of mankind. However, a new invisible threat attacks in the darkness, sneaks past
walls, and renders the strongest militaries powerless: cyber warfare. What if one line of code
could shut down the entire stock market? And what if another could break into a banking
system? What if one person had the power to dismantle an entire airport without even leaving his
or her house? Now, take out the what-ifs and question marks, and the leftover phrases outline
a possible future for cyber-attacks. The technological realm has drastically changed in the past
two decades; more people have access to technology than ever before, and it is imperative for
people to realize that cyber warfare is not only a thing for the future, but a prevalent issue in
the present. As time changes, technology and all things cyber-related are moving forward at a
faster pace. Therefore, I will be investigating how the growing realm of cyber warfare affects
present and future combats.
In order to explore cyber warfare and cyber-attacks, you must be familiar with the
technological verbiage used in this field. In their article, Cyberwar: The What, When, Why, and
How, authors Dr. Angelyn Flowers, Graduate Program Director of Homeland Security, and Dr.
Sherali Zeadally, Associate Professor at the University of Kentucky, begin by exploring several
definitions of cyber warfare. They highlight that the Tallinn Manual on International Law

Sun 2

Applicable in Cyberwarfare, created by the North Atlantic Treaty Association, defines cyberwar
as a cyberattack, in either an offensive or defensive cyber operation, that is reasonably expected
to cause death to persons, damage, or cause destruction to objects (Flowers and Zeadally 15).
Similarly, Flowers and Zeadally summarize the Geneva Center for the Democratic Control of
Armed Forces definition of cyberwar as warlike techniques fought in the cyber realm that
disrupt networks and systems of a target-enemy in order to compromise the capability of
technology in defense or cyber terror programs. In other words, cyber warfare is the use of
technologies to attack other people across internet servers and networks. Other words such as
cyber-attack and cyber-terrorism are closely linked to cyber warfare and are commonly used
in this subject. Cyber-attacks are attacks that are implemented through networks and servers, and
cyber-terrorism is the use of cyber-attacks to engage in terrorist activities.
Since people cannot see cyber-attacks, the public has misconceptions on how often
cyber-attacks occur. There are many attacks, but the public only hears about the big attacks such
as the recent mass internet outage due to an attack on Dyn, a company that maintains vast control
over internet servers, or when Target was attacked and 110 million peoples credit and debit card
information was leaked in 2013. However, in the article, Cyber Attacks Against our Critical
Infrastructure Likely to Increase, Andrew Meola, a writer for Business Insider Intelligence,
states that the frequency and sophistication of cyber attacks are at an all-time high, and the costs
associated with data breaches continue to rise. In the present times, cyber-attacks are happening
every second. According to the prior article by Dr. Flowers and Dr. Zeadally, they found that
over 5.8 million cyber-attacks occurred around the world in a span of one month, May 2013.
Flowers and Zeadally predict that the number has increased exponentially in the present day.
Although you may have never experienced the results of a cyber-attack yet, the increasing

Sun 3

frequency and amount of cyber-attacks suggest that there is an increased possibility of receiving
attacks in the future.
The reason for the increase of cyber-attacks is due to the financially appealing aspect of
cyber-attacks. In order to infiltrate others through cyber-space, all you need is a computer that
can connect to the Internet whereas, to fight a war, you need tanks, aircrafts, ships, soldiers, and
food which can cost billions of dollars. Flowers and Zeadally state that although cyber security
and warfare require more specialized training for individuals, cyber warfare has been proven to
be easier to access. Nations, small terrorist groups, corporations, and many other groups can
easily hire prior cybercriminals to become cyber warriors for their purpose. This research,
along with many others, shows that in the past decade, cyber-attacks have grown and will
continue to grow.
One of the most prominent and common cyber-attacks is called Distributed Denial of
Service (DDoS). Dr. Shui Yu, a Senior Lecturer in the School of Information Technology at
Deakin University, states in his book, Distributed Denial of Service Attacks and Defense, that a
DDoS attack can be implemented by using a large amount of traffic to exhaust the resources of
a victim, such as network bandwidth, computing power, operating system data structures, and so
on. As a result, the quality of service of the victim is significantly degraded or disabled to its
legitimate clients (Yu 3). In simpler terms, an attacker uses thousands of different IP addresses
to access one service at the same time and as a result, it causes the service to either shutdown or
to be slow enough that it cannot be used for its normal services. Dr. Flowers and Dr. Zeadally
compare a DDoS attack to a naval blockade during a war; a naval blockade blocks supplies
during a war, and similarly, a DDoS attack blocks the exchange of information (Flowers and
Zeadally 19). The implementation of cyber-attacks has transformed in the past decade, and even

Sun 4

though there are a multitude of techniques, DDoS attacks serves as the most effective method for
the implementation of general attacks. However, other potent attack methods, such as Stuxnet,
are specifically tailored for certain programs and missions. Overall, DDoS attacks are the cutting
edge of cyber warfare due to their simplicity, high success rate, and efficiency.
Knowing the basic principles of DDoS, the massive Internet outage that happened on
October 21st, 2016 can be analyzed more thoroughly. According to an article in The Guardian,
Nicky Woolf, a freelance writer, describes the cause of the outage that dismantled the Dyn
companys servers. Dyn is a company that controls vast parts of the internets infrastructure;
major websites that relied on Dyns servers such as Twitter, Netflix and many others were shut
down due to successive DDoS attacks that lasted an entire day (Woolf). More specifically, even
though this internet server company regularly receives DDoS attacks, this planned attack was on
a scale at which they could not handle. Kyle York, the Chief Strategy Officer of Dyn, states, at
this point we know this was a sophisticated, highly distributed attack involving tens of millions
of IP addresses. After they restored their services after the first attack, a second wave followed,
compromising their servers for the rest of the day. York ends by stating that even though their
investigation has not lead them to a certain hacker group or organization, many of the IP
addresses were controlled by the Mirai botnet, a common malware used by hackers to control or
invade computers through servers. This DDoS attack was the largest one in the history of cyberattacks which can only suggest increased repercussions of these attacks in the future.
However, one of the most prominent cyber-attacks was the Stuxnet computer worm.
Stuxnet was discovered in June 2010 and is believed to be jointly built by American and Israeli
forces. James P. Farwell, an expert in communication strategy and cyber war, and Rafal
Rohozinski, an expert in information security and cyber war, summarize the events of Stuxnet;

Sun 5

Stuxnet was used to monitor and control large facilities such as power plants and nuclear plants
in the Natanz uranium enrichment plant in Iran. Stuxnet was a malicious computer worm,
specifically designed for this purpose, that worked by slowing and speeding processes to a
dangerous rate while showing signs of normality. At this plant, the centrifuges enriched the
uranium gas at an alarming rate, and Iranian workers could not determine the problem. (Farwell
and Rohozinski 23). Consequently, many Iranian centrifuges were shut down and deemed
irreparable. During an era of economic recession in the United States, the United States and
Israel successfully shut down the Iranian program without using costly measures.
In addition to country-sponsored attacks, there have been many private groups and
organizations that have been carrying out attacks in the past decade. According to Richard
Pollack, a reporter for the Daily Caller, the most common group of hackers can be anything
from a loose collection of people interested in societal change, to criminal syndicates,
governments, and terrorist groups. For example, Anonymous is a well-known hacktivist group
that has utilized Distributed Denial of Service attacks to access sensitive information or to shut
down programs. One of their most well-known cyber-attacks was carried out against Sony April
of 2011, which compromised the private information of over 100 million PlayStation 3 users.
Although Anonymous carries out cyber-attacks against companies and organizations, many
people do not deem the members to be cyber-terrorists. Brian Harvey and David Wagner,
professors at the University of California at Berkeley, defend the group by comparing the group
members to animal-rights protesters who send anonymous communiqus after releasing
captive minks into the wild (qtd.in Krupnick). Harvey ends with the comment, I dont view
them as a threat I think theyre the good guys. Theyre an ally. On the other hand, there are
many private groups that have terrorized the United States. According to Eduard Kovacs, a

Sun 6

writer for the news group, Softpedia, a private group called UGNazi utilized DDoS attacks to
specifically target the Washington Military Defense database, compromising the functionality of
the database and leaking the information of military officials. One of the biggest threats and
advantages to cyber warfare is the accessibility as well as the capability to carry out large scale
attacks with a small group of personnel. As a result, there are a lot of different cyber-terrorist and
cyber-activist groups all around the world that serve different purposes, but all can pose a direct
threat to the United States and its citizens.
Along with the growing impact of cyber warfare, the United States government has been
implementing and supporting cyber defense. According to the U.S. Department of Defense, the
United States has prioritized building alliances, coalitions, and partnerships abroad to
improve cybersecurity and cyber operations (U.S. Department of Defense 5). In April 2015, the
U.S. Department of Defense produced a government publication that dictates the goals and
actions taken to prepare for the growing threat of cyber warfare. The U.S. Department of
Defense creates three main goals pertaining to cyber warfare: (1) defend our nations networks
and systems, (2) be prepared to defend and assist our allies when they are under cyber-attacks of
large consequences, and (3) have the capability to assist the military and carry out attacks if
necessary. These three goals cannot be achieved solely with a growing focus on cyber defense in
the military; therefore, the government has partnered up with private companies and
organizations to create plans that all businesses and companies can use to protect themselves
from cyber-attacks. According to Joe Reeder and Ryan Bradel, writers for the National Defense
Magazine, the government issued a framework to serve as a how-to guide for organizations that
run the countrys critical infrastructure including those in the energy, oil and gas,
telecommunications, drinking water, food production, public health, transportation and financial

Sun 7

services sectors. As we can see, the perfect cyber defense is very difficult to achieve. In the past,
it only required the government to spend funds on a large army and an abundance of resources to
create a solid national security. However, nowadays, cyber security requires the involvement of
organizations, companies, and the government to establish a strong cyber defense because they
are all interconnected by the servers and networks they use to communicate. Therefore, the
development of cyber-tactics and partnership with companies all over the United States is a key
role to minimize the effects of cyber-attacks. With the increased actions of the government, it is
imperative to inform the public on this information.
The history of cyber warfare is relatively short, and it is understandable that the public
may have developed misconceptions on this topic. Dr. Myriam Dunn Cavelty, a Deputy for
research at the Center for Security Studies (CSS), states that computer technology has been
involved with national security in the past decade, but the fears that are developed in the public
remain largely the stuff of Hollywood movies or conspiracy theory. Cavelty defends her
position by stating that the controversy of the cyber-fear is not supported by actual results from
cyberterrorism. She backs up her argument by reasoning that government officials and media
groups incorporated many terms that included the prefixes cyber, computer, and
information in the early 1980s, which instilled fear into the public that was just beginning to
familiarize itself with technology. Cavelty argues that these vague terms are losing meaning
because the public and the entertainment industry are assigning a misunderstood, fear-filled
meaning to them. Although I disagree with what Dr. Cavelty states about how there are no
repercussions from cyber-attacks, I fully endorse Dr. Caveltys statement about how the lack of
accurate information is misleading the general publics views on cyber warfare. Her scholarlyarticle, "Cyber-TerrorLooming Threat or Phantom Menace? The Framing of the U.S. Cyber-

Sun 8

Threat Debate," was published in 2008, and in the span of eight years, drastic changes in the
cyber-realm became evident. Nations such as the United States, Israel, and Russia capitalized on
the use of cyber warfare. Stuxnet dismantled an entire nuclear program in June of 2010. Russia
shut down half of the entire Ukrainian power grid in December of 2013. Target lost the credit
and debit information of over 110 million people in 2013. A coordinated DDoS attack resulted in
an internet outage along the entire East Coast in 2016. Dr. Myriam Dunn Caveltys assessment
of cyber warfare in 2008 brings to light the changes that have occurred. Cyber warfare has
transformed; however, the misconceptions have not. There is a two-part problemone, the
government needs to provide more accurate and detailed analysis on cyber-attacks, and two, the
public needs to become more informed of the situations instead of reacting to events and
developing a blind fear.
Imagine a situation where a foreign nation infiltrates all 99 nuclear reactor plants in the
United States. By leaking a computer worm into each system, an upgraded version of Stuxnet
would return a message of normality to the system while changing the rate uranium is processed
abnormally. In an instant, the computer worm pushes the reactors past their max threshold and
all 99 nuclear plants melt into Chernobyl, destroying everything in the vicinity and releasing
radiation all across the United States. Twenty-percent of the countrys energy source would
instantly disintegrate, shutting down water sanitation facilities, gas stations, internet
communications, and much more. This cyber-attack, more widespread and lethal than 9/11,
could trigger an era of economic depression, health deterioration, and genocide. Now although
cyber warfare may seem of concern to only a small group of computer scientists, it should in fact
concern anyone who uses technology daily. According to Scott Borg, CEO of the Cyber
Consequences Unit, a cyberattack could physically destroy or sabotage electrical generation

Sun 9

stations, refineries, pipelines, banking systems, railroad switchesthousands of people could be

killed immediately by explosions, leaks of toxic chemicals (qtd.in Armerding). As seen
before in the Ukranian grid and Stuxnet, there is a growing threat to technologically-advanced
countries. The United States is built by and based off technology which makes it the most
vulnerable nation in the world. Dr. Flowers and Dr. Zeadally end their research by saying
cyber-attacks have the ability to disrupt the way in which ordinary individuals live their lives
(Flowers and Zeadally 19). Of course, the public does not have the power to combat these cyberattacks. However, by having an awareness and acknowledgement that these attacks do exist and
can transform into greater threats, we can be prepared when the very technology we thrive on
turns into the technology that threatens our lives.

Sun 10

Works Cited
Armerding, Taylor. "Cyber Warfare in Sights at Government Training Conference." Network
World. CSO, 18 May 2012. Web. 16 Oct. 2016.
Cavelty, Myriam Dunn. "Cyber-TerrorLooming Threat or Phantom Menace? The Framing of
the US Cyber-Threat Debate." Journal of Information Technology & Politics 4.1 (2008):
19-36. Taylor Francis Online. Web. 16 Oct. 2016.
Farwell, James P., and Rafal Rohozinski. "Stuxnet and the Future of Cyber War." Survival 53.1
(2011): 23-40. Academic Search Complete [EBSCO]. Web. 5 Nov. 2016.
Flowers, Angelyn, and Sherali Zeadally. "Cyberwar: The What, When, Why, and How." IEEE
Technology and Society Magazine (n.d.): n. pag. IEEE. Web. 28 Sept. 2016.
Kovacs, Eduard. "UGNazi Hackers Leak Data from Washington Military Department."
Softpedia. N.p., 14 May 2012. Web. 21 Nov. 2016.
Krupnick, Matt. "Freedom Fighters or Vandals? No Consensus on Anonymous." The Mercury
News. N.p., 15 Aug. 2011. Web. 21 Nov. 2016.
Meola, Andrew. "Cyber Attacks Against Our Critical Infrastructure Are Likely to
Increase." Business Insider. Business Insider, Inc, 26 May 2016. Web. 05 Nov. 2016.
Reeder, Joe, and Ryan Bradel. "Cyber Security Regime Undergoing Changes." Cyber Security
Regime Undergoing Changes. National Defense Industrial Association, May 2014. Web.
05 Nov. 2016.
U.S. Department of Defense. The Department of Defense Cyber Strategy. Defense.gov. N.p.,
Apr. 2015. Web. 5 Nov. 2016.
Pollack, Richard. "These Are the Hacker Groups Everyones Watching Right Now." The Daily
Caller. N.p., 7 Sept. 2015. Web. 21 Nov. 2016.

Sun 11

Woolf, Nicky. "DDoS Attack That Disrupted Internet Was Largest of Its Kind in History,
Experts Say." The Guardian. Guardian News and Media, 26 Oct. 2016. Web. 05 Nov.
2016.
York, Kyle. "Dyn Statement on 10/21/2016 DDoS Attack." Dyn Blog. N.p., 22 Oct. 2016. Web.
21 Nov. 2016.
Yu, Shui. Distributed Denial of Service Attack and Defense. New York: Springer,
2014. WorldCat [OCLC]. Web. 5 Nov. 2016.