intel q2

2. Should cyberspace be considered critical infrastructure?

Yes. Many essential services—like hospitals, banks, transportation, and even national defense—use cyberspace. If it’s attacked or disrupted, it could cause serious problems.

3. Who governs the Internet?

No single person or country controls it. Instead, groups like:

• ICANN (manages domain names),

• IETF (sets technical rules), and

• W3C (makes web standards)
  work together with governments, companies, and users to keep the Internet running and fair.

4. How does the Internet work?

The Internet links devices worldwide using a common language (called TCP/IP). When you send something, it breaks into data packets that travel through routers and servers and are put back together at the other end.

5. What are identity and authentication on the Internet?

• Identity is your online name or account (like a username or email).

• Authentication is how you prove it’s really you—by entering a password, using a code, or scanning your fingerprint.

I. Introduction to Cyberspace and Cybersecurity

• Definition and evolution of cyberspace
  → Cyberspace is the digital realm formed by interconnected networks where data, communication, and operations take place. It started as a concept in science fiction but became real through the rise of the Internet and digital tech.

• Early visions and historical developments
  → Early computer scientists and futurists imagined a global network. The military (e.g., ARPANET) and academic institutions laid the foundation for today's Internet.

• The scope and importance of the cyber domain
  → Cyberspace affects nearly every aspect of modern life—business, politics, national security, and personal relationships.

III. Governance of the Internet

• Key organizations:

  • ICANN – Assigns domain names and IP addresses.

  • IETF – Creates Internet protocols and standards.

  • ISPs – Provide Internet access to users.

• Role of states and private companies
  → Governments manage law enforcement and regulation; private firms build and operate much of the infrastructure.

• Global regulation challenges
  → No single government controls the Internet. Different countries have different rules, which leads to conflict over censorship, privacy, and control.

IV. Identity and Authentication

• What “identity” means in cyberspace
  → Your identity online is your digital representation—email, username, device, or IP address.

• Authentication methods
  → Ways to prove your identity, including:

  • Passwords

  • Two-factor authentication (2FA)

  • Biometrics (like fingerprint or face scan)

• Issues of trust and anonymity
  → It's hard to know who you’re interacting with online. People can fake identities, and attackers often hide who they are.

V. Threats in Cyberspace

• Key threat actors:

  • Nation-states – Use cyber tools for spying, disruption, or even warfare.

  • Cybercriminals – Seek profit through hacking, fraud, or theft.

  • Hacktivists – Use cyberattacks for political or social causes.

  • Insider threats – Employees or insiders misusing access.

• Technical vulnerabilities:

  • Malware – Malicious software like viruses and ransomware.

  • Phishing – Fake emails or messages tricking users into giving up sensitive info.

  • DDoS – Overloads a website with traffic to shut it down.

• APT (Advanced Persistent Threat)
  → A long-term, targeted cyberattack where attackers stay hidden in a system to steal data, often linked to government-backed hacking groups.

• PKI (Public Key Infrastructure)
  → A system that uses encryption and digital certificates to protect data and confirm identities online, like securing websites with HTTPS.

• Obama Administration’s 4 cyberspace priorities:

  1. Open to innovation – Encourages growth, tech development, and entrepreneurship.

  2. Secure enough to earn public trust – Users must feel safe online.

  3. Globally interoperable – Internet should work the same across borders.

  4. Reliable – Internet services must stay up and running, even during crises.

• Reflective question:
  → Do these priorities still apply today? Many experts say yes, though new concerns like AI, misinformation, and surveillance may require updated principles like transparency and accountability.

II. Key Frameworks and Models

• Table 1.1: Key Cyberspace Organizations and Roles

  • DoD (Department of Defense) – Handles cyber warfare and military operations.

  • DHS (Department of Homeland Security) – Protects U.S. infrastructure and responds to attacks.

  • NSA (National Security Agency) – Gathers intelligence and secures government networks.

  • FBI – Investigates cybercrime.

  • Private sector – Owns much of the infrastructure and must protect it in partnership with the government.

Difference Between Cyber Attack and Cyber Exploitation

• Cyber Attack: Intended to cause disruption or damage to systems, services, or data. Focus is on destruction, denial of service, or corruption.

• Cyber Exploitation: Involves covertly accessing systems to extract information without damaging the system. Goal is intelligence gathering, not harm.

• Key Difference: The payload—cyber-attack destroys, while cyber exploitation steals information​

Possible Objectives of Cyber Attack

1. Destruction: Erase data or wipe systems (e.g., delete files or reformat disks).

2. Deception: Impersonate officials or spread fake intelligence.

3. Data Manipulation: Alter planning data to mislead decision-makers.

4. Service Disruption: Launch denial-of-service attacks to slow or crash systems (e.g., spam attacks or jamming).

5. Psychological Impact: Create mistrust in the reliability of data​Cyberspace and National….

⚖ Jus ad Bellum (Right to War)

• Refers to the legality of engaging in war.

• Applied to cyber, it addresses whether a cyber operation is a "use of force" or an "armed attack".

• Challenge: Terms like “armed attack” are vague in cyber context (e.g., Stuxnet case)​Cyberspace and National….

⚔ Jus in Bello (Law in War)

• Rules on how warfare should be conducted.

• Includes principles of necessity, distinction, and proportionality.

• Applied to cyber: Are civilian systems being wrongly targeted? Are effects proportionate?​Cyberspace and National….

🛡 Law of Armed Conflict (LOAC)

• Covers both jus ad bellum and jus in bello.

• Key issues in cyber: Attribution (who did it?), Application (what law applies?), and Accountability.

• LOAC can apply, but enforcement is tricky in cyberspace​Cyberspace and National….

💻 Offensive Cyber Operations

• Actions to disrupt, degrade, or destroy adversary systems.

• Can involve malware, denial-of-service, or data corruption.

🛡 Defensive Cyber Operations

• Measures to detect and respond to attacks.

• May include hardening systems, monitoring networks, and restoring systems after compromise.

📜 Executive Order 12333

• Authorizes intelligence agencies to conduct surveillance and collect foreign intelligence, including in cyberspace.

📏 Standing Rules of Engagement (SROE)

• Guidelines for military personnel on how to act during operations.

• In cyber, defines when and how U.S. forces may engage in digital conflict.

• Inherent right of Self Defense (National, Collective/Allied Forces, Unit & Indvl)

PRINCIPALS:

• Necessity: hostile act/intent

• Is it necessary to use deadly force

• Proportionality: respond decisively and in proportion to attack

• Sometimes identification is necessary sometimes not

• Application to cyber:

1.defensive

2.hybrid

3. offense

🇺🇸 USA Patriot Act of 2001

• Expanded U.S. surveillance capabilities post-9/11.

• Includes provisions for tracking cybercriminals and terrorists.

📘 Title 50 vs Title 10

• Title 50: Covers intelligence activities, often covert and under civilian control (CIA), authority to do SIGINT

• Title 10: Covers military operations (DoD), more open and regulated.

📘 Chapter 8: Cybered Conflict, Cyber Power, and Security Resilience as Strategy

• Cybered Conflict vs. Cyberwar

  • Cybered conflict is broader and continuous; not limited to formal warfare.

  • Focuses on systemic vulnerabilities and persistent disruption.

• Defining Cyber Power

  • Not just about offensive tools—includes resilience, redundancy, and system hardening.

  • Nations need cyber power to defend critical infrastructure and societal functions.

  • Recognizes power as the ability to persist and adapt under stress.

• Resilience as Strategy

  • Emphasis on resilience over purely reactive defense.

  • Resilience includes:

    • Anticipation

    • Absorption of shocks

    • Recovery capabilities

  • Develop a culture of security across public and private sectors.

📘 Chapter 13: Toward a Theory of Cyber Power: Strategic Purpose in Peace and War

• Concept of Cyber Power

  • Cyber power = ability to use cyberspace to create strategic effects.

  • Extends across peace, crisis, and conflict scenarios.

  • Deny adverse access, monitor activities, obtain valuable info from adversary.

  • Sum of strategic effects generated by cyber operations in and from cyber space.

·       INFORMATION is currency of cyber power

• CYBER SPACE: infinite with low cost energy

-relies on e.mag spectrum and man made objects

• Purpose of Cyber Power

  • Achieve strategic goals without necessarily using force.

  • Shape opponent behavior through access, manipulation, or denial of information and systems.

• Characteristics of Cyber Power

  • Speed and reach: instant effect globally.

  • Ambiguity and attribution issues make deterrence complex.

  • Cost-effective and asymmetrical—small actors can challenge powerful states.

• Cyber Power in Peace

  • Used for espionage, influence, shaping international norms.

  • Seen in diplomatic pressure, soft power campaigns, economic disruption.

• Cyber Power in War

  • Targeting infrastructure.

  • Supporting kinetic operations with digital means.

OODA LOOP

OBSERVE the enemy

ORIENT self toward the enemy

DECIDE make a decision by integrating all intel/resources

ACT

Informatized warfare: seeks to unify forces

1.       Intelligentized warfare

2.       Cyberware

3.       Electronic warfare

4.       C5I: Command, Control, Communication, Computer, Cyber and Intelligence

Stages of cyber ops:

Target Identification: This is the stage where the attacker identifies and researches potential targets. This includes analyzing systems, personnel, and identifying vulnerable entry points, such as public-facing applications or people who might be susceptible to social engineering. This step corresponds to the "Initial Reconnaissance" phase.

Reconnaissance: In this stage, the attacker gathers as much information as possible about the target organization. This may involve deep research into the organization’s systems, employees, and business activities, often through methods like social media scanning or attending events. This phase is part of the "Initial Reconnaissance" phase as well.

Gaining Access: This stage involves the attacker successfully executing malicious code to infiltrate the target environment. This can happen through techniques such as spear phishing, exploiting vulnerabilities in Internet-facing systems, or social engineering. It mirrors the "Initial Compromise" phase of the cyber attack lifecycle.

Hiding Presence: Once inside the network, the attacker seeks to conceal their activities and remain undetected. This could involve installing backdoors, covering tracks, or employing techniques to evade detection. This relates to the "Maintain Presence" phase, as maintaining stealth is crucial for the attacker’s ongoing activities.

Establishing Persistence: In this phase, the attacker ensures they have ongoing, undisturbed access to the compromised systems. This could involve installing multiple variants of malware, utilizing VPNs, or using other methods to ensure continued access over time. This phase corresponds to the "Establish Foothold" and "Maintain Presence" stages.

Execution: The attacker achieves their objective, such as stealing sensitive data, intellectual property, or personally identifiable information (PII). This stage is equivalent to the "Complete Mission" phase, where the attacker completes their goals, whether stealing data or disrupting services.

Assessment: After the mission, the attacker may assess the outcome of their actions, ensure they have all the information or access they need, and determine if further actions are necessary. This can be seen as an evaluation phase, ensuring the mission was successful and preparing for any further stages if needed.

Layers of cyber space:

1.       Physical: actual tangible parts

2.       Syntatic: instructions/code/software

3.       Semantic: info and dat

·       Human is integrated in all levels