intel q2

Cyberspace

The digital realm formed by interconnected networks where data, communication, and operations take place.

ICANN

Internet Corporation for Assigned Names and Numbers; manages domain names and IP addresses.

IETF

Internet Engineering Task Force; sets technical rules and standards for the Internet.

W3C

World Wide Web Consortium; develops web standards to ensure the long-term growth of the web.

TCP/IP

Transmission Control Protocol/Internet Protocol; the common language used by devices to communicate over the Internet.

Identity (in cyberspace)

Your online name or account, such as a username or email.

Authentication

Process of proving identity, typically through passwords, codes, or biometrics.

Malware

Malicious software designed to disrupt, damage, or gain unauthorized access to systems.

Phishing

Fraudulent attempts to obtain sensitive information by disguising as a trustworthy entity in electronic communication.

DDoS (Distributed Denial of Service)

An attack that overwhelms a website with traffic to make it unavailable.

APT (Advanced Persistent Threat)

A prolonged and targeted cyberattack where perpetrators remain undetected to steal data.

PKI (Public Key Infrastructure)

A system that manages digital certificates and public-key encryption to secure data and verify identities.

Cyber Attack

Intended to cause disruption or damage to systems, services, or data.

Cyber Exploitation

Covertly accessing systems to extract information without damaging them.

Jus ad Bellum

Refers to the legal justification for going to war, applied to cyber as whether an operation constitutes force.

Jus in Bello

Laws governing how warfare should be conducted, including principles of necessity and proportionality.

Law of Armed Conflict (LOAC)

Covers both jus ad bellum and jus in bello; includes issues like attribution and accountability in cyber conflicts.

Offensive Cyber Operations

Actions taken to disrupt or destroy adversaries' systems.

Defensive Cyber Operations

Measures to detect, respond, and recover from cyberattacks.

Executive Order 12333

Authorizes U.S. intelligence agencies to conduct surveillance and collect foreign intelligence.

USA Patriot Act of 2001

Expanded U.S. surveillance capabilities post-9/11, including provisions for tracking cybercriminals.

Title 50

Covers intelligence activities often under civilian control, including SIGINT by the CIA.

Title 10

Covers military operations under the Department of Defense, more open and regulated.

Cyber Power

The ability to use cyberspace to create strategic effects across peace, crisis, and conflict scenarios.

Resilience as Strategy

Focus on resilience in cybersecurity, including anticipation, absorption of shocks, and recovery capabilities.

OODA Loop

A decision-making process consisting of Observe, Orient, Decide, and Act, applied to situational awareness in cyber contexts.

Technical Vulnerabilities

Weaknesses in systems that can be exploited to gain unauthorized access or cause damage.

Cybercriminals

Individuals or groups who seek profit through cyberattacks, fraud, or theft.

Hacktivists

Individuals who use cyberattacks for political or social causes.

Censorship and Privacy Issues

Conflicts arising from different countries' varying rules regarding censorship and data privacy.

Primary Cyber Threats

Nation-states, cybercriminals, hacktivists, and insider threats that pose risks in cyberspace.

Cyber Warfare

Formal conflict that involves cyber operations with the intent to harm or disrupt.

Infrastructure Protection

Measures taken to safeguard critical infrastructure from cyber threats.

Standing Rules of Engagement (SROE)

Guidelines for military personnel on how to act during operations. In cyber, they define when and how U.S. forces may engage in digital conflict.

What is the inherent right of self-defense under the SROE?

applies at all levels—national, collective/allied forces, unit, and individual—and allows response to hostile acts or hostile intent.

core principles of the Standing Rules of Engagement (SROE)?

• Necessity: There must be a hostile act or intent.

• Use of Force: Deadly force must be necessary.

• Proportionality: Response must be decisive and proportional to the attack.

• Identification: Sometimes required, sometimes not.

how do the SROE apply to cyber operations?

1. Defensive

2. Hybrid

3. Offensive

What is Informatized Warfare?

Warfare that seeks to unify forces through digital and networked systems.

What is Intelligentized Warfare?

A modern form of warfare that integrates artificial intelligence and autonomous systems.

What is Cyberware?

A type of warfare conducted entirely in cyberspace using cyber tools.

What is Electronic Warfare?

The use of electromagnetic spectrum in combat to disrupt enemy communications or radar.

What does C5I stand for?

Command, Control, Communication, Computer, Cyber, and Intelligence.

What is the first stage in cyber operations?

Target Identification: The attacker identifies and researches targets, looking for vulnerabilities or susceptible people.

second phase of cyber operations?

The attacker gathers information about the target organization, its systems, and people—often through social media or public events.

3rd phase of cyber ops

Gaining Access: This stage involves the attacker successfully executing malicious code to infiltrate the target environment. This can happen through techniques such as spear phishing, exploiting vulnerabilities in Internet-facing systems, or social engineering. It mirrors the "Initial Compromise" phase of the cyber attack lifecycle.

4th phase of cyber ops

Hiding Presence: Once inside the network, the attacker seeks to conceal their activities and remain undetected. This could involve installing backdoors, covering tracks, or employing techniques to evade detection. This relates to the "Maintain Presence" phase, as maintaining stealth is crucial for the attacker’s ongoing activities.

5th cyber ops

Establishing Persistence: In this phase, the attacker ensures they have ongoing, undisturbed access to the compromised systems. This could involve installing multiple variants of malware, utilizing VPNs, or using other methods to ensure continued access over time. This phase corresponds to the "Establish Foothold" and "Maintain Presence" stages.

6th cyber ops

Execution: The attacker achieves their objective, such as stealing sensitive data, intellectual property, or personally identifiable information (PII). This stage is equivalent to the "Complete Mission" phase, where the attacker completes their goals, whether stealing data or disrupting services.

7th cyber ops

Assessment: After the mission, the attacker may assess the outcome of their actions, ensure they have all the information or access they need, and determine if further actions are necessary. This can be seen as an evaluation phase, ensuring the mission was successful and preparing for any further stages if needed.

layers of cyber space

physical, syntatic, sematic

1.       Physical:

actual tangible parts

syntatic

instructions/code/software

semantic

info and data

• Insider threats

• – Employees or insiders misusing access.