Cybersecurity Exam Study Guide: Vocabulary Practice

Comprehensive vocabulary flashcards covering the nine presentations of the Cybersecurity exam study guide, including key doctrines, historical events, and technical frameworks.

Cyberspace

The virtual environment made of all interconnected computer networks, digital systems, and the people using them.

Cyberwar

A conflict between states or state-backed groups using digital attacks to damage, disrupt, or destroy the enemy's systems, involving offense and defense capabilities and dependence on the internet.

ARPANET (Advanced Research Projects Agency Network)

The first decentralized network created in $1969$ by the U.S. military that used redundancy and packet-switching; the direct ancestor of today's internet.

Packet-switching

The digital technology of breaking data into small packets that travel independently through a network.

Physical Layer

The hardware layer of cyberspace comprised of cables, routers, servers, satellites, and computers.

Logical Layer

The layer of cyberspace containing software and protocols like TCP/IP and DNS that make networks function.

Information Layer

The layer of cyberspace involving the actual data and content flowing through networks, such as emails, websites, and databases.

Human / Cognitive Layer

The layer of cyberspace consisting of the people who create, use, and are affected by it, including organizations and social effects.

Tallinn Manual

A non-legally binding expert analysis published in $2013$ that examines how international law applies to cyberspace, covering ius ad bellum and ius in bello.

Internet of Things (IoT)

Technologies that incorporate the physical world into the virtual one via networks of electronic sensors and devices connected to computers.

Augmented Reality (AR)

The integration of digital information with the user's environment in real time, overlaying content onto the physical world.

Platform

A digital system or service like Google or Facebook that enables users to interact and perform actions, operating across logical, information, and human layers.

Attribution

The difficult process of identifying who carried out a cyberattack using technical, intelligence, and contextual evidence.

Cyber Grey Zone

An operational space between peace and war involving coercive actions kept below the threshold of armed conflict to allow for deniability.

False Flags

A tactic where attackers plant fake evidence, such as code comments in a specific language, to point blame at another country.

Proxy Hackers

Criminal groups hired by states to carry out cyberattacks while maintaining the state's deniability.

Information Warfare (Russian)

A broad concept focusing on controlling information, narratives, and psychological operations to destroy a nation's will rather than just its networks.

NotPetya

A $2017$ Russian cyberweapon disguised as ransomware that acted as a destructive data wiper, causing global damage totaling approximately $\text{\$}10\,\text{billion}$.

Viasat KA-SAT attack

A cyberattack on February $24,\,2022\,$, that disabled tens of thousands of modems to disrupt Ukrainian military communications on the day of the Russian invasion.

Deterrence

The strategy of convincing an enemy not to attack by making the perceived costs higher than the potential benefits.

Escalation

An increase in the intensity of actions that leads to a fundamental change in strategic interaction; can be intentional or accidental.

Wormhole Escalation

A form of escalation in cyberspace where low-level incidents cause sudden jumps to a strategic crisis.

Tailored Deterrence

A customized deterrence strategy that adapts responses specifically to an individual adversary's values, vulnerabilities, and decision-making.

Deterrence by Entanglement

A passive deterrence mechanism where economic interdependence discourages attacks because hitting the enemy also hurts the attacker.

Stuxnet

A computer worm discovered in July $2010$, attributed to the USA and Israel, that physically destroyed approximately $1,000$ uranium centrifuges at Iran's Natanz facility.

Cyber Czar

The title for the White House Cybersecurity Coordinator role created under Obama to coordinate policy across government departments.

Persistent Engagement

A U.S. doctrine that emphasizes continuously anticipating and exploiting adversary vulnerabilities through proactive operations to achieve strategic advantage.

Defend Forward

A U.S. strategy of confronting threats before they reach domestic networks by hunting for adversaries in their own networks.

USCYBERCOM

The U.S. military unit responsible for defending DoD networks (dot-mil domain) and conducting authorized offensive cyber operations.

CISA (Cybersecurity and Infrastructure Security Agency)

An agency created in $2018$ under the DHS to protect U.S. civilian government networks (dot-gov) and critical infrastructure.

ACDC (Active Cyber Defense Certainty Act)

A proposed U.S. law that would grant private companies limited immunity to use attributional technologies or access attacker computers.

Passive Defense

Traditional cybersecurity measures such as firewalls, antivirus, and encryption used to monitor and protect one's own systems.

Active Defense

Proactive cybersecurity measures situated between passive defense and hack back, including technical interactions like honeypots and intelligence gathering.

Hack Back

Retaliatory hacking where a victim infiltrates an attacker's network to reclaim or destroy data; currently illegal for private companies under the CFAA.

Big Data

Large datasets characterized by high volume, variety, and speed where correlation (finding patterns) is often prioritized over causation.

Datafication

The practice of collecting data about everything, turning previously useless information into digital data.

Default Option Effect

A behavioral economic theory where people stick with pre-selected options due to laziness or lack of thought, allowing for manipulation of choice.

Social Credit System

A comprehensive Chinese state system that scores citizens on financial, social, and legal behavior, using Big Data for social control.

Right to be Forgotten

A legal right codified in the EU's GDPR ($2018$) allowing individuals to request the deletion of personal data from search engines.

MOOTW (Military Operations Other Than War)

A Chinese concept involving the controlled use of military force in peacetime to operationalize grey zone logic systematically.

Calibrated Escalation

A Chinese approach of applying step-by-step pressure to achieve goals without triggering a full U.S. military response.

Three Warfares

A Chinese doctrine adopted in $2003$ that integrates psychological warfare, media warfare, and legal warfare (lawfare).

Cyber Sovereignty

An ideological belief promoted by China that every state should have total control over its own digital space.

CCD COE

The NATO-linked Cooperative Cyber Defence Centre of Excellence located in Tallinn, Estonia, founded after the $2007$ cyberattacks.

Zero-day Exploit

An attack that utilizes a previously unknown software vulnerability for which no patch yet exists.

SCADA/ICS

Industrial control systems used in factories and power plants; target of the Stuxnet worm.