nology used to transmit digital data via radio or wireless communications ... the main protocols in TCP/IP networks. IP
Glossary CHAPTER ONE Circuit switching – Type of communications in which a dedicated channel (or circuit) is established between two network nodes for the duration of a transmission. The circuit remains connected for the duration of the communication session and is ideal for communications that require data to be transmitted in real time.1 Command and control (C2) – The exercise of authority and direction by a properly designated commander over assigned and attached forces in the accomplishment of the mission.2 Cryptanalysis Operations to bypass cryptographic protection, conducted without initial knowledge of the key employed in providing that protection.3 The study of mathematical techniques for attempting to defeat cryptographic techniques and information-system security. This includes the process of identifying errors or weaknesses in the implementation of an algorithm, or in the algorithm itself.4 Operations to convert encrypted messages into plain text without initial knowledge of the key employed in their encryption.5 Integrated circuit/silicon chip/microchip – Small electronic device that consists of a set of electronic circuits on one small place, which is made out of semiconductor material, usually silicon.6 Packet switching – Digital networking communications protocol in which messages are divided into suitably sized blocks, called packets, before they are sent. Each packet is then transmitted individually and can follow different routes to its destination. Once all packets arrive at the destination, they are recompiled into the original message.7 Solid-state transistor – Device made of semiconductor material that amplifies a signal or opens or closes a circuit. Built entirely from solid material, the device contains electrons or other
Evolution of the Cyber Domain
charge carriers that are confined entirely within that material.8
CHAPTER TWO Bandwidth – The amount of data that can be transmitted in a fixed amount of time.9 Bulletin board – Part of an electronic-message centre on a computer server running custom software, which allows users to connect to the system through a terminal program. Once logged in, the user can perform functions such as uploading and downloading software and data, reading news and bulletins, and exchanging messages with other users through email, public message boards and sometimes direct-chat programs.10 Cyber domain – Cyberspace as a distinct global area of activities. It consists of the interdependent networks of information-technology infrastructures and resident data, including the internet, telecommunications networks, computer systems and embedded processors and controllers.11 Encrypted password – Phrase using either symmetric or asymmetric methods of encryption, which are reversible under certain conditions. Symmetric passwords use one symmetric key for encryption and decryption. Asymmetric passwords use a public and a private key to perform these functions.12 Graphical user interface (GUI) – Allows users to interact with electronic devices through graphical icons and visual indicators, as opposed to textbased interfaces, typed command labels or text navigation. Employs the computer’s graphics capabilities to make programs easier to use.13 Hashed password – Phrase using an irreversible hash function to allow it to be converted into digital data of fixed size. The hash function returns hash values, which are unique to the input. All hash values have the same length, regardless of the length of the input.14
5
Glossary
Microcomputer – Relatively small, and first widely available, computer with a microprocessor as a central processing unit. The term is often used interchangeably with ‘personal computer’. Microprocessor – A silicon chip that contains a CPU. In the world of personal computers, the terms microprocessor and CPU are used interchangeably.15 Social engineering An attempt to trick someone into revealing information (such as a password) that can be used to attack systems or networks.16 An effort to trick someone into performing certain actions, such as downloading and executing files that appear to be benign but are actually malicious.17 Virus – Computer program that can copy itself and infect multiple computers without the permission or knowledge of users. May corrupt or delete data, use email programs to spread itself, or erase the content on a hard disk.18 Wireless packet-data network – Refers to packet radio, which is a form of packet-switching technology used to transmit digital data via radio or wireless communications links.19 Worm – A self-replicating, self-contained program that uses networking mechanisms to spread itself.20
CHAPTER THREE CERT/CSIRT – ‘CERT’ refers to a Computer Emergency Response Team. The CERT Coordination Center was established in December 1988 by the US Defense Advanced Research Projects Agency. ‘CSIRT’ refers to a Computer Security Incident Response Team. Both are groups of individuals, usually security analysts, organised to develop, recommend and coordinate the rapid containment and eradication of threats, as well as the recovery of systems, in response to computersecurity incidents. Also called ‘CIRT’ (Computer Incident Response Team).21 Client–server architecture – Construct in which each computer or process on a network is either a client or a server. Also called ‘two-tier architecture’.22 Command, control and communications (C3) – An information system employed within a military organisation, combining strategic and tactical elements. A combat-direction system, tactical-data system and warning-and-control system may be regarded as C3 systems. Communications in C3 is the ability to provide, and function of providing,
6
the liaison necessary to exercise effective command between tactical and strategic units.23 Command, control and communications countermeasures (C3CM) – System integrating operations security (OPSEC), military deception, jamming and physical destruction. Using this integration and supported by intelligence, C3CM denies information to the enemy and influences, degrades or destroys the enemy’s C3 capabilities. At the same time, C3CM protects friendly C3.24 Command, control, communications and intelligence (C3I) – Variation of C3 that includes intelligence. Intelligence is the product resulting from the collection, processing, integration, evaluation, analysis and interpretation of available information concerning foreign nations, hostile or potentially hostile forces or elements, or areas of actual or potential operations.25 Cracker – Cracking refers to the activity conducted in order to break into a computer system. The term was coined in the mid-1980s by hackers who wanted to differentiate themselves from individuals whose sole purpose is to sneak through security systems.26 Digital divide – Separation between people who have access to advanced information and communication technology, such as the internet, and those who do not. Also known as the ‘digital-capability gap’.27 Hacker – A slang term for a computer enthusiast, i.e., a person who enjoys learning programming languages and computer systems and can often be considered an expert on the subject(s). Among professional programmers, depending on how it is used, the term can be either complimentary or derogatory, although it is developing an increasingly derogatory connotation.28 TCP/IP – Transmission Control Protocol/Internet Protocol (TCP/IP) is the suite of communications protocols used to connect hosts on the internet.29 Topography – Practice of graphic delineation in detail of natural and man-made features of an object, especially in a way to show their relative positions and elevations.30 Transmission control protocol (TCP) – One of the main protocols in TCP/IP networks. IP deals only with packets, while TCP enables two hosts to establish a connection and exchange streams of data.31
CHAPTER FOUR Backbone – Central conduit designed to transfer network traffic at high speeds. Network backbones
IISS Strategic Dossier
Glossary
aim to maximise the reliability and performance of large-scale, long-distance data communications.32 Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) – Group of functions designated by command, control, communications, computers as well as intelligence, surveillance and reconnaissance to coordinate military operations.33 Commercially available off-the-shelf (COTS) – Federal Acquisition Regulation term for an item of supply that is commercially available, sold in substantial quantities in the commercial marketplace and offered to the government, under a contract or subcontract at any tier, without modification, in the same form in which it is sold in the marketplace.34 Cybernetics – Study of control or regulatory mechanisms in human and machine systems, including computers. Name derived from the Greek word ‘kybernetes’ (steersman or governor).35 Domain Name System (DNS) – System used in TCP/IP networks for identifying computers and network services using user-friendly terms. When a user enters a DNS name in an application, DNS services can resolve the name to other information that is associated with the name, such as an IP address.36 Global System for Mobile Communications – Digital mobile telephony system widely employed in Europe and other parts of the world. Using a variation of time division multiple access, the technology digitises and compresses data, before transmitting it through a channel with two other streams of user data, each in its own time slot.37 High-performance computing – Advanced computing, communications and information technologies, including scientific workstations, supercomputer systems (including vector supercomputers and large-scale parallel systems), high-capacity and high-speed networks, special-purpose and experimental systems, and applications and systems software.38 Hypertext – A special type of database system in which objects, e.g. text, pictures, music and programs, can be creatively linked to each other.39 Hypertext transfer protocol (HTTP) – HTTP is the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions web servers and browsers should take in response to various commands.40 Supervisory
Control
Evolution of the Cyber Domain
and
Data Acquisition
(SCADA) – Automated system used to control industrial processes, such as the regulation of electrical-power transmission, waste-water treatment and chemical mixing.41 World Wide Web (WWW) – The World Wide Web is a system of internet servers that support specially formatted documents. The documents are formatted in a markup language called HTML (Hypertext Markup Language) that supports links to other documents, as well as graphics, audio and video files.42
CHAPTER FIVE Automated hacking – The act of breaking into a computer system using self-acting tools. The employment of such tools, some of which are freely available online, can allow the attacker to achieve her objectives without having to study technical methods or to come up with exploits for applications’ vulnerabilities.43 Back door – An undocumented way of gaining access to a computer system.44 Big data – The phrase ‘big data’ is used to describe a massive volume of both structured and unstructured data, the amount of which is too difficult to process using traditional database and software techniques.45 Botnet – A network of computers that have been penetrated, compromised and programmed to operate on the commands of an unauthorised remote user, usually without the knowledge of their owners or operators.46 The Cloud – The internet. ‘Cloud computing’ is the use of data and programs accessed via the internet, rather than those stored on a computer’s hard drive.47 Computer-network attack – Action taken to disrupt, obstruct, degrade or destroy information stored in a computer and/or computer network, or the computer and/or computer network itself.48 Computer-network defence (CND) – Actions taken to guard against unauthorised activity within computer networks. Includes monitoring, detection and analysis (such as trend and pattern analysis), as well as response and restoration activities.49 Computer-network exploitation – Actions taken to make use of a computer or computer network, as well as the information hosted therein, to gain an advantage.50 Computer-network operations – Computernetwork attacks, computer-network defence and
7
Glossary
related activities for enabling computer-network exploitation.51 Crimeware – Any program or set of programs expressly designed to facilitate illegal activity online.52 Critical information infrastructure (CII) – ICT systems vital to a country’s national security, economy or public health and safety.53 Critical infrastructure – Asset or system essential to the maintenance of vital societal functions.54 Cyber hygiene – Steps that computer users can take to improve their cyber security and better protect themselves online.55 Cyber crime – Illegal activity that is directed at a computer (such as hacking, phishing and spamming) or that is facilitated by a computer (such as hate crimes or the distribution of child pornography). Cyber criminals may use computer technology to access personal information or business/trade secrets, or use the internet for other exploitative or malicious purposes.56 Cyber security – Body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorised access.57 Cyberspace operations – The employment of cyberspace capabilities in which the primary purpose is to achieve objectives in or through cyberspace.58 Cyber surveillance – Practice of closely observing persons, objects or processes that is based on new technologies and that is operated from and on data networks, such as the internet.59 Cyber terrorism – Action designed to cause a change in the social order, create a climate of fear among the public, or influence national or international decision-making by affecting the integrity, confidentiality and/or availability of information, information systems and networks, or by manipulating ICT-based control of physical processes. Intended to achieve a political, religious or ideological objective.60 Distributed denial of service (DDoS) – Cyber attack that employs a series of computers to overwhelm the target (usually an internet site, server or router) with large amounts of traffic, suspending its ability to respond and effectively shutting it down.61 Fifth domain – Cyberspace as the fifth military realm, which has features, as well as operational demands and potential, in its own right. The other domains are land, sea, air and space.
8
Global Positioning System – ‘Constellation’ of 24 well-spaced satellites that orbit the Earth and make it possible for people with ground receivers to pinpoint their geographic location. The location accuracy is anywhere from 10–100 metres for most equipment. Accuracy can be pinpointed to within one metre with military-approved equipment.62 Hacktivism – The act of breaking into a computer system to advance a political or ideological cause.63 Information operations – The integrated employment of the core capabilities of electronic warfare, computer-network operations, military information-support operations, military deception and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt or usurp adversarial human and automated decision-making while protecting one’s own.64 Information security – Set of business processes that protects information assets regardless of how the information is formatted or whether it is being processed, in transit or being stored. Russia uses the term instead of ‘cyber security’, placing the emphasis on the content of transmissions rather than the integrity of networks.65 Logic bomb – Code inserted into a computer program – surreptitiously and intentionally – that will execute when set conditions are met, such as the passage of a defined period of time or a user’s failure to respond to a command. A delayedaction virus (also known as a ‘Trojan Horse’), it may display or print predetermined messages, delete or corrupt data, or have other undesirable effects.66 Malware – Program or file that alters a computer’s normal functions for malicious purposes or is otherwise harmful to the computer’s user.67 Patch – Update designed to quickly repair software. Also called a ‘fix’.68 Petabyte – 1,024 terabytes, or 250 bytes.69 Script kiddies – A script kiddie (or kiddy) is a person, normally someone who is not technologically sophisticated, who randomly seeks out a potential weakness over the internet in order to gain root access to a system without really understanding what he or she is exploiting, because the weakness was discovered by someone else. The term is originated by the more sophisticated crackers of computer-security systems.70 SIM card – Subscriber identity module, or smart card, that stores data for mobile-telephone users operating the Global System for Mobile
IISS Strategic Dossier
Glossary
Communications. Stores information on user identity, location and phone number, as well as network-authorisation data, personal security keys, contact lists and text messages.71 Spam – Use of email systems to send unsolicited messages in bulk, usually indiscriminately.72 Terabyte – 240 bytes.73 Trojan Horse – Malicious code hidden in seemingly harmless programming or data.74
CHAPTER SIX Artificial intelligence (AI) – Simulation of human-intelligence processes by machines, especially computer systems. These processes include learning (the acquisition of information and rules for using that information), reasoning (using rules to reach approximate or definite conclusions) and self-correction.75 Broadband – Form of telecommunication in which a wide band of frequencies is available to transmit information. This allows information to be multiplexed and transmitted on many different frequencies, or channels, within the band, allowing more information to be relayed within a fixed period of time.76 Cryptology – Mathematical processes such as number theory, and the application of the formulas and algorithms that underpin cryptography and cryptanalysis.77 Cyber diplomacy – Practice of public diplomacy relating to ICT and new platforms of communication, which recognises that technology offers new opportunities to interact with the wider public through the adoption of a networked approach, as well as adaptation to an increasingly multipolar, interdependent world.78 Cyber power – Ability to influence international cyber diplomacy and related decision-making, and to use cyber means to create favourable effects and conditions in cyberspace and other domains. E-governance – Public-sector use of ICT to enhance information and service delivery, encourage citizens’ participation in decision-making, and improve the accountability, transparency and effectiveness of government.79 Exascale computing – Discipline involving research into theoretical systems capable of at least one million trillion floating-point operations per second.80 Nanotechnology – Electronic and mechanical devices designed and manufactured at the molecular level.81
Evolution of the Cyber Domain
Photonics – Study of radiant energy whose fundamental element is the photon (such as light). Photonic devices use the photon in the same way that electronic applications use the electron, and benefit from the fact that light travels at around ten times the speed of electricity. Furthermore, unlike electric currents, visible-light and infrared beams pass through one another without interacting, and therefore do not cause interference.82 Quantum computing – Discipline involving research into theoretical systems based on the principles of quantum theory, which seeks to explain the nature and behaviour of energy and matter on the atomic and sub-atomic (quantum) levels.83 Smart clothing – Garments that interact with the wearer by sensing signals, processing information and carrying out responses.84
CHAPTER SEVEN Country-code top-level domain – Segment of the domain name identifying a particular country (for example, ‘.us’ for the United States).85 Domain name – A domain name locates an organisation or other entity on the internet. For example, the domain locates an internet address for ‘google. com’ at internet point 173.194.113.161 and a host server named ‘www’.86 Information society – Society in which the creation, distribution and manipulation of information has become the most significant economic and cultural activity.87 Internet infrastructure – Physical and virtual resources that support the ICT environment, including server, storage and network components.88 Internet protocol – Method by which data is sent from one computer to another over the internet. Each computer has at least one IP address that distinguishes it from all other devices connected to the internet.89 Multi-stakeholderism – Process that aims to bring together all major parties with an interest in a new form of communication, as well as solution-finding (and possibly decision-making) on a particular issue.90 Network security – Network security is a specialised field in computer networking that involves securing a computer-network infrastructure. Typically, network security is handled by either a network administrator or system administrator, who implements the security policy, network software and hardware necessary for the protection of
9
Glossary
the network from unauthorised access.91 Request for Comments (RFC) – Formal document issued by the Internet Engineering Task Force, which results from committee drafting and subsequent review by interested parties. While some of these documents are informal, others are intended to become internet standards, and are therefore only subject to change through subsequent Requests for Comments.92 Root – Directory in a computer-file system that includes all other directories.93 Root-server system – Internet structure in which an authoritative master list of all top-level domain names (such as *.com, *.net, *.org and individual country codes) is maintained and made available to routers. Also known as a ‘root name server’.94
CHAPTER EIGHT Confidence-building measures – Internationalrelations concept designed to mitigate political tensions and mistrust, and to reduce the danger of war. Usually refers to transparency, as well as cooperative and stabilisation efforts. Jus ad bellum – Criteria that a state must meet to legitimately engage in conflict; part of the theory of Just War.95 Jus in bello – Means by which a state may participate in a conflict while adhering to the principles of Just War (regardless of how or why the conflict began).96 Soft law – Rules and norms included in non-binding or voluntary treaties, resolutions, recommendations, codes of conduct and standards.97
CHAPTER NINE Advanced persistent threat (APT) – Targeted, long-term cyber operation launched by a powerful, determined attacker, usually an adversary state. The term was coined by the US Air Force and is regularly used in the cyber-security industry. Bulk data – Electronic collection of data composed of information collected from multiple records, whose primary relationship to each other is their shared origin in either a single database or multiple databases.98 Bulk intercept – Process of collecting large quantities of electronic transmissions before they reach the intended recipients, usually carried out by government agencies charged with protecting national security.99 Cryptography – Methods for storing and transmitting data in a form that only the intended
10
recipient can read and process. Modern cryptography centres on the objectives of confidentiality, integrity, non-repudiation and authentication.100 Data Encryption Standard (DES) – Outdated method for securely storing and transmitting data that uses one key to encrypt and decrypt a message.101 Electronic intelligence (ELINT) – Information gathered using electronic sensors; generally, from sources other than personal communications. The sensors may be active or passive, and are designed to ascertain the capabilities of a target (such as the location of a radar). A signal is analysed and compared to recorded data for known signal types. If the signal type is recognised, that information can be recorded; it can be categorised as new if no match is returned. Data obtained using this method is usually classified.102 Encryption – Conversion of electronic data into another form, called ‘ciphertext’, which cannot be easily understood by anyone except authorised parties.103 Exabyte – 260 bytes, or 1,024 petabytes.104 Export cipher suites – Encryption keys cleared for general export. Honeypot – Internet-connected system designed to attract and ‘trap’ users who seek to gain unauthorised access to computers, such as hackers.105 Human intelligence (HUMINT) – Information collected directly from, and provided by, people.106 Intercontinental ballistic missile (ICBM) – Landbased, long-range ballistic missile with a range greater than 3,000 nautical miles (5,556 km).107 Mass surveillance – Indiscriminate monitoring of a population or a significant component of a group. This includes activity by any system that generates and collects information on individuals without attempting to limit the data set to well-defined targets.108 Metadata – Data that describes other data, summarising basic facts about the information with the aim of making it easier to find and use. Examples include ‘author’, ‘date created’, ‘date modified’ and ‘file size’.109 Pretty Good Privacy (PGP) – Program used to encrypt and decrypt email, as well as to authenticate messages with digital signatures and encrypted stored files. Once the privacy software most widely used by individuals, it was developed by Philip R. Zimmermann in 1991 and has become a standard for email security.110 Public-key encryption (PKE) – Method for
IISS Strategic Dossier
Glossary
securely storing and transmitting data that uses two different but mathematically linked keys, one public and one private.111 RSA algorithm – System of public-key encryption widely used for handling sensitive data, particularly that transmitted over an insecure network such as the internet. First described by Ron Rivest, Adi Shamir and Leonard Adleman in 1977, the security it provides is derived from the difficulty of factoring large integers that are the product of two large prime numbers (even using modern-day supercomputers).112 Secure Sockets Layer (SSL) – Computernetworking protocol that manages server authentication, client authentication and encrypted communication between servers and clients.113 Signals intelligence (SIGINT) – Information acquired through the collection and analysis of electronic signals and communications, with the aim of supporting an organisation or individual in their decision-making, or allowing them to gain a strategic advantage. Used by intelligence agencies worldwide in domestic and foreign operations.114 Spear-phishing attack – Method of fraud that targets an organisation, seeking unauthorised access to confidential data through email ‘spoofing’. Usually conducted for financial gain, or to obtain trade secrets or military information – and thus not typically initiated by ‘random hackers’. Although they, like most phishing emails, appear to come from a trusted user, spear-phishing messages are distinct in that the apparent source is likely to be an individual within the recipient’s organisation; generally, someone in a position of authority.115 Virtual Private Network (VPN) – Technology that creates an encrypted connection over a non-secure network. Using VPN ensures the appropriate level of security within the connected systems when the underlying network infrastructure alone cannot.116 Voice over internet protocol (VoIP) – Technology for transmitting voice calls in digital form over the internet in discrete packets rather than through the traditional circuit-committed protocols of the public switched telephone network (thereby avoiding the tolls charged by service providers).117
CHAPTER TEN C4I2 – Command, control, communications, computers, intelligence and information.118 Firmware – Programming written onto the readonly memory of a computing device. Added during the manufacturing process and used to run
Evolution of the Cyber Domain
user programs on the device.119 Hybrid warfare – Practice of exploiting a wide spectrum of methods during a conflict. This may involve political, economic, military (regular and irregular), civilian, virtual and physical means, combined with the aim of benefiting from each of their strengths. Information assurance – Practice of protecting against, and managing, risk related to the use, storage and transmission of data in information systems.120 Keylogger – Hardware device or small program that monitors a user’s keystrokes on a computer keyboard.121 Psychological operations – Planned missions designed to convey selected information and indicators to foreign audiences, with a view to influencing their emotions, motives and objective reasoning – and, ultimately, the behaviour of foreign governments, organisations, groups and individuals. The purpose of such operations is to induce or reinforce foreign attitudes and behaviour favourable to the originator’s objectives.122 Rootkit – Collection of programs that grants administrator-level access to a computer or computer network. After its installation, the attacker can mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.123 Semi-Automatic Ground Environment (SAGE) US air-defence command-and-control system consisting of, inter alia, computerised radar stations, as well as direction and combat centres. Designed to produce a unified situational picture for fighter aircraft and other air-defence units. SQL injection – Form of attack on a databasefocused website in which the attacker executes unauthorised structured query language commands by taking advantage of insecure code on a system connected to the internet, bypassing the firewall. Such attacks are used to steal information from a database that would normally be inaccessible, and/or to access an organisation’s host computers through the computer hosting the database.124 Unmanned aerial vehicles (UAVs) – Aircraft that can be controlled remotely or can fly autonomously by using software-controlled flight plans embedded in its system, as well as GPS.125 Zero-day exploit – Technique that takes advantage of a security vulnerability on the day that the vulnerability becomes public knowledge.126
11
Glossary
NOTES 1 ‘Circuit
2
Switching’, Webopedia, http://www.webopedia.com/
21
CERTCC.html; Committee on National Security Systems,
US Department of Defense, Department of Defense Dictionary of
‘National Information Assurance (IA) Glossary’, 26 April 2010,
Military and Associated Terms, 8 November 2010 (amended 15 June 2015), http://fas.org/irp/doddir/dod/jp1_02.pdf. 3
http://www.ncsc.gov/publications/policy/docs/CNSSI_4009.pdf. 22
Richard Kissel (ed.), Glossary of Key Information Security Terms, National Institute of Standards and Technology, May 2013, http://
4
Ibid.
5
US Department of Defense, Department of Defense Dictionary of Military and Associated Terms, 8 November 2010 (amended 31
‘Packet Switching’, Webopedia, http://www.webopedia.com/ ‘Transistor’, Webopedia, http://www.webopedia.com/TERM/T/
9
10
com/dictionary/topography. 31
‘TCP’, Webopedia, http://www.webopedia.com/TERM/T/TCP.html.
Harry Henderson, Encyclopaedia of Computer Science and
32
Howard Davies and Beatrice Bressan, A History of International Research Networking: The People Who Made It Happen (West Sussex:
US Joint Chiefs of Staff, Joint Communications System, 10 June 2015,
John Wiley & Sons, 2010). 33
‘Encryption’, TechTarget, http://searchsecurity.techtarget.com/ ‘GUI – Graphical User Interface’, Webopedia, http://www.
Assessments, 2012). 34
and US National Aeronautics and Space Administration, ‘Federal
‘Command line vs. GUI’, Computer Hope, http://www.computer-
Acquisition Regulation’, http://farsite.hill.af.mil/reghtml/regs/ far2afmcfars/fardfars/far/12.htm. 35
com/b/mscom/archive/2007/03/12/the-gui-versus-the-commandline-which-is-better-part-1.aspx; ‘The GUI Versus the Command com/b/mscom/archive/2007/03/26/the-gui-versus-the-command-
Kissel (ed.), Glossary of Key Information Security Terms.
17
Ibid.
18
Ibid.
19
Vern A. Dubendorf, Wireless Data Technologies: Reference Handbook (West Sussex: Wiley, 2003); Greg Jones, ‘Packet Radio:
12
Kissel (ed.), Glossary of Key Information Security Terms.
‘Hypertext’, Webopedia, http://www.webopedia.com/TERM/H/ hypertext.html.
40
‘HTTP’, Webopedia, http://www.webopedia.com/TERM/H/ HTTP.html.
41
Democratic Policy & Communications Center, ‘Glossary of Cyber Related Terms’, http://www.dpc.senate.gov/docs/fs-112-2-183.pdf.
42
Introduction to Packet Radio’, Tucson Amateur Packet Radio, https://www.tapr.org/pr_intro.html.
US Congress, ‘High-Performance Computing Act of 1991’, https:// www.nitrd.gov/congressional/laws/102-194.pdf.
39
TERM/M/microprocessor.html. 16
‘GSM (Global System for Mobile Communication)’, TechTarget, http://searchmobilecomputing.techtarget.com/definition/GSM.
38
wolfram.com/HashFunction.html. ‘Microprocessor’, Webopedia, http://www.webopedia.com/
‘Domain Name System (DNS) Overview’, TechNet, https:// technet.microsoft.com/library/hh831667.
37
line-which-is-better-part-2.aspx. ‘Hash Function’, Wolfram MathWorld, http://mathworld.
‘Cybernetics’, TechTarget, http://searchsoa.techtarget.com/definition/cybernetics.
36
Line: Which is Better? (Part 2)’, Microsoft, http://blogs.technet.
20
US General Services Administration, US Department Of Defense
webopedia.com/TERM/G/Graphical_User_Interface_GUI.html;
Line: Which is Better? (Part 1)’, Microsoft, http://blogs.technet.
15
Andrew F. Krepinevich, Cyber Warfare: A ‘Nuclear Option’? (Washington DC: Center for Strategic and Budgetary
hope.com/issues/ch000619.htm; ‘The GUI Versus the Command
14
‘Topography’, Merriam-Webster, http://www.merriam-webster.
bandwidth.html.
definition/encryption. 13
‘TCP/IP’, Webopedia, http://www.webopedia.com/TERM/T/TCP_ IP.html.
30
‘Bandwith’, Webopedia, http://www.webopedia.com/TERM/B/
http://www.dtic.mil/doctrine/new_pubs/jp6_0.pdf. 12
‘Hacker’, Webopedia, http://www.webopedia.com/TERM/H/ hacker.html.
29
Technology (New York: Infobase Publishing, 2009), p. 61. 11
‘Digital Divide’, Webopedia, http://www.webopedia.com/ TERM/D/digital_divide.html.
28
transistor.html; Martin H. Weik, Fiber Optics Standard Dictionary (New York: Chapman & Hall, 1997), p. 937.
‘Crack’, Webopedia, http://www.webopedia.com/TERM/C/crack. html.
27
TERM/P/packet_switching.html. 8
US Department of Defense, Department of Defense Dictionary of Military and Associated Terms (amended 2015).
26
www.webopedia.com/TERM/C/chip.html. 7
US Army, Communications Techniques: Electronic CounterCountermeasures (Fort Gordon, GA: US Army, 1990).
25
‘Integrated Circuit’, Webopedia, http://www.webopedia.com/ TERM/I/integrated_circuit_IC.html; ‘Chip’, Webopedia, http://
US Naval Academy, ‘Fundamentals of Naval Weapons Systems’, http://fas.org/man/dod-101/navy/docs/fun/part20.htm.
24
January 2011), http://ra.defense.gov/Portals/56/Documents/rtm/ jp1_02.pdf.
‘Client–Server Architecture’, Webopedia, http://www.webopedia. com/TERM/C/client_server_architecture.html.
23
nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf.
6
‘CERT/CC’, Webopedia, http://www.webopedia.com/TERM/C/
TERM/C/circuit_switching.html.
‘World Wide Web’, Webopedia, http://www.webopedia.com/ TERM/W/World_Wide_Web.html.
43
Mirko Zorz, ‘Automated Hacking’, Net Security, 17 August 2012, http://www.net-security.org/article.php?id=1756.
IISS Strategic Dossier
Glossary 44
Kissel (ed.), Glossary of Key Information Security Terms.
45
‘Big Data’, Webopedia, http://www.webopedia.com/TERM/B/
70
TERM/S/script_kiddie.html; ‘Script Kiddy’, TechTarget, http://
big_data.html. 46
Democratic Policy & Communications Center, ‘Glossary of Cyber
searchmidmarketsecurity.techtarget.com/definition/script-kiddy. 71
Related Terms’. 47
48
com/definition/SIM-card. 72
Krepinevich, Cyber Warfare: A ‘Nuclear Option’?
http://www.pcmag.com/article2/0,2817,2372163,00.asp.
73
‘How Much Is 1 Byte, Kilobyte, Megabyte, Gigabyte, etc.?’.
NATO, NATO Glossary of Terms and Definitions, 2013, http://www.
74
‘Trojan Horse’, TechTarget, http://searchsecurity.techtarget.com/
49
Kissel (ed.), Glossary of Key Information Security Terms.
50
NATO, NATO Glossary of Terms and Definitions.
51
Kissel (ed.), Glossary of Key Information Security Terms.
52
‘Crimeware’, TechTarget, http://searchsecurity.techtarget.com/ definition/crimeware.
definition/Trojan-horse. 75
57
ID=3038&URL_DO=DO_TOPIC&URL_SECTION=201.html. 80
IEEE Spectrum, 19 December 2014, http://spectrum.ieee.org/
tion/2387/cybercrime.
computing/hardware/when-will-we-have-an-exascale-supercom-
‘Cybersecurity’, TechTarget, http://whatis.techtarget.com/defini-
puter; ‘Presentation: Exascale’, Exascale Computing Research,
US Department of Defense, Department of Defense Dictionary of
http://www.exascale-computing.eu/presentation-2/. 81
manufacturing. 82
naire/docs/definitions/definitions_anglais/cyber_surveillance. pdf.
‘Photonics’, TechTarget, http://whatis.techtarget.com/definition/ photonics.
83
Babak Akhgar, Andrew Staniforth and Francesca Bosco, Cyber Crime and Cyber Terrorism Investigator’s Handbook (New York:
‘Nanotechnology (Molecular Manufacturing)’, TechTarget, http:// whatis.techtarget.com/definition/nanotechnology-molecular-
Monica Tremblay, ‘Cyber-surveillance’, Encyclopedic Dictionary of Public Administration, http://www.dictionnaire.enap.ca/diction-
60
Jeremy Hsu, ‘When Will We Have an Exascale Supercomputer?’,
‘Cybercrime’, Technopedia, http://www.techopedia.com/defini-
Military and Associated Terms (amended 2015). 59
UN Educational, Scientific and Cultural Organization, ‘E-governance’, http://portal.unesco.org/ci/en/ev.php-URL_
tion/cybersecurity. 58
Jan Melissen, The New Public Diplomacy: Soft Power in International Relations (New York: Palgrave Macmillan, 2007), pp. 30, 57.
79
‘Cyber Hygiene’, Collins, http://www.collinsdictionary.com/ submission/1930/Cyber%20hygiene.
56
‘Cryptology’, TechTarget, http://searchsecurity.techtarget.com/ definition/cryptology.
78
critical-infrastructure/index_en.htm. 55
‘Broadband’, TechTarget, http://searchtelecom.techtarget.com/ definition/broadband.
77
‘Critical Infrastructure’, European Commission, http://ec.europa. eu/dgs/home-affairs/what-we-do/policies/crisis-and-terrorism/
‘AI (Artificial Intelligence)’, TechTarget, http://searchcio.techtarget.com/definition/AI.
76
R. Shirey, ‘Internet Security Glossary, Version 2’, Network Working Group, August 2007, http://tools.ietf.org/html/rfc4949.
54
‘SIM Card’, TechTarget, http://searchmobilecomputing.techtarget.
Eric Griffith, ‘What Is Cloud Computing?’, PC Mag, 17 April 2015,
wcnjk.wp.mil.pl/plik/file/N_20130808_AAP6EN.pdf.
53
‘Script Kiddie’, Webopedia, http://www.webopedia.com/
‘Quantum Computing’, TechTarget, http://whatis.techtarget.com/ definition/quantum-computing.
84
MinYoung Suh, Katherine E. Carroll and Nancy L. Cassill,
Elsevier, 2014), p. 15.
‘Critical Review on Smart Clothing Product Development’,
61
Krepinevich, Cyber Warfare: A ‘Nuclear Option’?
Journal of Textile and Apparel, Technology and Management, vol. 6,
62
‘Global Positioning System’, TechTarget, http://searchmobilecomputing.techtarget.com/definition/Global-Positioning-System.
63
‘Hactivism’, TechTarget, http://searchsecurity.techtarget.com/ definition/hacktivism.
64
66
69
htm.
Evolution of the Cyber Domain
Minu Hemmati, Multi-stakeholder Processes for Governance and Sustainability (London: Earthscan Publications, 2002), pp. 2–3.
91
‘Network Security’, Webopedia, http://www.webopedia.com/ TERM/N/network_security.html.
‘How Much Is 1 Byte, Kilobyte, Megabyte, Gigabyte, etc.?’, Computer Hope, http://www.computerhope.com/issues/chspace.
‘IP Address’, TechTarget, http://searchwindevelopment.techtarget.com/definition/IP-address.
90
‘Patch’, TechTarget, http://searchenterprisedesktop.techtarget. com/definition/patch.
‘Infrastructure’, TechTarget, http://searchdatacenter.techtarget. com/definition/infrastructure.
89
‘Malware’, TechTarget, http://searchmidmarketsecurity.techtarget.com/definition/malware.
68
‘Information Society’, TechTarget, http://whatis.techtarget.com/ definition/Information-Society.
88
‘Logic Bomb’, TechTarget, http://searchsecurity.techtarget.com/ definition/logic-bomb.
67
‘Domain Name’, TechTarget, http://searchwindevelopment.techtarget.com/definition/domain-name.
87
‘Information Security’, TechTarget, http://searchsecurity.techtarget.com/definition/information-security-infosec.
‘Top Level Domain’, TechTarget, http://searchsoa.techtarget.com/ definition/top-level-domain.
86
US Department of Defense, Department of Defense Dictionary of Military and Associated Terms (amended 2015).
65
no. 4, 2010, p. 1. 85
92
‘Request for Comments (RFC)’, TechTarget, http://whatis.techtarget.com/definition/Request-for-Comments-RFC.
13
Glossary 93
‘Root Directory’, TechTarget, http://searchnetworking.techtarget. com/definition/root-directory.
94
‘Root Server System’, TechTarget, http://searchnetworking.techtarget.com/definition/root-server-system.
95
113 ‘Secure
Teresa Fajardo, ‘Soft Law’, Oxford Bibliographies, 30 January obo-9780199796953/obo-9780199796953-0040.xml#. ‘Re: Answers to Questions Posed by the Right to Know Advisory Committee/Bulk Records Subcommittee’, InforME, http://www. maine.gov/legis/opla/RTKINFORMEcomments.pdf. ‘Interception’, Oxford Dictionaries, http://www.oxforddictionaries.com/definition/english/interception.
100 ‘Cryptography’,
TechTarget, http://searchsoftwarequality.tech-
target.com/definition/cryptography. Encryption Standard’, TechTarget, http://searchsecurity.
techtarget.com/definition/Data-Encryption-Standard. 102 ‘ELINT
(Electronic Intelligence)’, TechTarget, http://whatis.tech-
target.com/definition/ELINT-electronic-intelligence. 103 ‘Encryption’,
TechTarget, http://searchsecurity.techtarget.com/
definition/encryption. 104 ‘How
Much is 1 Byte, Kilobyte, Megabyte, Gigabyte, etc.?’.
105 ‘Honey
Pot’, TechTarget, http://searchsecurity.techtarget.com/
definition/honey-pot. 106 NATO, 107 US
NATO Glossary of Terms and Definitions.
Department of Defense, Department of Defense Dictionary of
Military and Associated Terms (amended 2015). 108 ‘Mass
Sockets Layer (SSL)’, TechTarget, http://searchsecurity.
techtarget.com/definition/Secure-Sockets-Layer-SSL.
2014, http://www.oxfordbibliographies.com/view/document/
101 ‘Data
(Rivest–Shamir–Adleman)’, TechTarget, http://
searchsecurity.techtarget.com/definition/RSA.
www.crimesofwar.org/a-z-guide/jus-ad-bellum-jus-in-bello/. Ibid.
Surveillance’, Privacy International, https://www.privacy-
international.org/?q=node/52. 109 ‘Metadata’,
metadata.
14
target.com/definition/Pretty-Good-Privacy. 111 ‘RSA Algorithm
112 Ibid.
97
99
Good Privacy’, TechTarget, http://searchsecurity.tech-
Karma Nabulsi, ‘Jus ad Bellum/Jus in Bello’, Crimes of War, http://
96
98
110 ‘Pretty
TechTarget, http://whatis.techtarget.com/definition/
114 ‘SIGINT
(Signals Intelligence)’, TechTarget, http://whatis.tech-
target.com/definition/SIGINT-signals-intelligence. 115 ‘Spear
Phishing’, TechTarget, http://searchsecurity.techtarget.
com/definition/spear-phishing. 116 ‘Virtual
Private Network’, TechTarget, http://searchenter-
prisewan.techtarget.com/definition/virtual-private-network. 117 ‘VoIP’,
TechTarget, http://searchunifiedcommunications.tech-
target.com/definition/VoIP. 118 ‘C4I2’,
Military Dictionary, http://www.military-dictionary.org/
C4I2. 119 ‘Firmware’,
TechTarget, http://whatis.techtarget.com/definition/
firmware. 120 ‘Information Assurance’,
TechTarget, http://searchcompliance.
techtarget.com/definition/information-assurance. 121 ‘Keylogger’,
TechTarget, http://searchmidmarketsecurity.tech-
target.com/definition/keylogger. 122 US Air
Force, ‘Operations: Psychological Operations (PSYOP)’,
http://fas.org/irp/doddir/usaf/10-702.htm. 123 ‘Rootkit’,
TechTarget, http://searchmidmarketsecurity.techtarget.
com/definition/rootkit. 124 ‘SQL
Injection’, Webopedia, http://www.webopedia.com/
TERM/S/SQL_injection.html. 125 ‘Drone’,
WhatIs.com, http://whatis.techtarget.com/definition/
drone. 126 ‘Zero-day
Exploit’, Webopedia, http://www.webopedia.com/
TERM/Z/Zero_Day_exploit.html.
IISS Strategic Dossier