Citizen Lab’s Security Planner

Citizen lab logo

Citizen Lab has released a tool, called “Security Planner.” In a nutshell, Security Planner is a customized security advice tool for regular users, backed by a peer review process.  Answer a few simple questions to get personalized, online safety recommendations. It’s confidential – no personal information is stored and we won’t access any of your online accounts.

Cyber Warfare: A Reference Handbook


This timely handbook traces the development of cyber capabilities from their roots in information warfare and cryptology to their potential military application in combat.

• Incorporates expertise from diverse viewpoints from the military, government agencies, industry, and academia

• Provides an informative timeline of key events in the development of cyber warfare capabilities

• Highlights the most prominent and effective cyber attacks in history as well as legal attempts to curb them

The Evolution of Cyber War: International Norms for Emerging-Technology Weapons


Former secretary of defense Leon Panetta once described cyber warfare as “the most serious threat in the twenty-first century,” capable of destroying our entire infrastructure and crippling the nation.

Already, major cyber attacks have affected countries around the world: Estonia in 2007, Georgia in 2008, Iran in 2010, and most recently the United States. As with other methods of war, cyber technology can be used not only against military forces and facilities but also against civilian targets. Information technology has enabled a new method of warfare that is proving extremely difficult to combat, let alone defeat.

And yet cyber warfare is still in its infancy, with innumerable possibilities and contingencies for how such conflicts may play out in the coming decades. Brian M. Mazanec examines the worldwide development of constraining norms for cyber war and predicts how those norms will unfold in the future. Employing case studies of other emerging-technology weapons—chemical and biological, strategic bombing, and nuclear weaponry—Mazanec expands previous understandings of norm-evolution theory, offering recommendations for U.S. policymakers and citizens alike as they grapple with the reality of cyber terrorism in our own backyard.

Bridging the Planning Gap: Incorporating Cyberspace Into Operational Planning


Cyberspace operations have a far-reaching, permanent impact on military operations. At the conceptual level, the U.S. Department of Defense (DoD) now recognizes five warfighting domains: land, maritime, air, space, and cyber.1 While there are examples of how cyberspace support to military operations have advanced over the past decade, one gap has not been addressed in detail—operational planning.

Read the full article here.

Sharing the Cyber Journey


One operation, one mission, yet it requires a myriad of extraordinary experts—each unique and each integral to an RPA operation that depends on well over a hundred individual commercial and military network connections, dozens of integrated hardware systems, miles of fiber-optic cable, significant satellite bandwidth, and millions of lines of software code. Welcome to the cyber domain: an environment of intellect, integration, and, for good as well as ill, complex interdependency.

Read the full article here.

Cyber Terrorism after STUXNET


From the Summary:

Terrorists are known to use the Internet for communications, planning, recruitment, propaganda, and reconnaissance. They have shown interest in carrying out cyberattacks on U.S. critical infrastructures, although no such serious attacks are known publicly to have occurred. The discovery of the Stuxnet malware in July 2010, and its analysis over the next several months, was widely believed to have been a landmark event in cybersecurity, because it showed that cyberattacks against industrial control systems, hypothesized for a long time, are actually possible. After Stuxnet, there were public concerns that terrorists might be encouraged to acquire capabilities for similar cyberattacks.

This monograph examines cyberterrorism before and after Stuxnet by addressing questions of:

1. Motive—Are terrorists interested in launching cyberattacks against U.S. critical infrastructures?

2. Means—Are terrorists building capabilities and skills for cyberattacks?

3. Opportunity—How vulnerable are U.S. critical infrastructures?

It is noted that no serious cyberterrorism attacks have occurred after Stuxnet. This can be explained from a cost-benefit perspective that has not changed since Stuxnet. It can be argued that U.S. policies can really address vulnerabilities only by strengthening defenses of critical infrastructures.

Read the full book here.

Toward Attaining Cyber Dominance


Achieving global cyber superiority or global cyber control by any organization is no longer technically possible. Instead, the proper overarching objective should be dominance of one or more of the elements of cyberspace of most importance to the organization at any given time.1 The successful nation is the one that achieves and maintains strategic and tactical dominance in its critical elements of cyberspace when required.2 Two important questions related to the strategic aspects of cyber conflict are: what should be the basic technological building block(s) for strategic cyber defense to assure dominance of one’s own critical elements of cyberspace, and what are the classes of strategic data target(s) strategic cyber defense must protect?

Read the full article here.

Hacking Back: Not the Right Solution


The ability to retaliate against cyber attackers—irrespective of the legalities of such actions—appears to have gained traction in the United States government, but is it a practical response for achieving tactical and strategic objectives in cyberspace? Attribution limitations, collateral damage considerations, the Internet’s global archi- tecture, and potential event escalation make the challenges of engaging in active cyber defense an ineffective course of action destined to achieve limited tactical successes at best; and it risks accelerating digital as well as physical conflict. Too many variables prevent active cyber defense deter- ring or punishing adversaries in cyberspace. For that reason, this article advocates a more productive solution—aggressive cyber defense—to frustrate attackers via nondestructive or damaging activities.

Read the full article here.

Iran’s Emergence as a Cyber Power


As international scrutiny remains focused on the Islamic Republic of Iran’s nuclear program, a capability is developing in the shadows inside Iran that could pose an even greater threat to the United States. The 2010 National Security Strategy discusses Iran in the context of its nuclear program, support of terrorism, its influence in regional activities, and its internal problems. There was no mention of Iran’s cyber capability or of that ability to pose a threat to U.S. interests. This is understandable, considering Iran has not been a major concern in the cyber realm. Furthermore, Russia and China’s cyber activities have justifiably garnered a majority of attention and been widely reported in the media over the past decade. Iran’s cyber capabilities have been considered third-tier at best. That is rapidly changing. This report discusses the growing cyber capability of Iran and why it poses a new threat to U.S. national interests.

Read the full article here.