Cyber Terrorism: Undermining International Security

Estonia and NATO

Main article: 2007 cyberattacks on Estonia

The Baltic state of Estonia was the target of a massive denial-of-service attack that ultimately
rendered the country offline and shut out from services dependent on Internet connectivity in
April 2007. The infrastructure of Estonia including everything from online banking and
mobile phone networks to government services and access to health care information was
disabled for a time. The tech-dependent state experienced severe turmoil and there was a
great deal of concern over the nature and intent of the attack.

The cyber attack was a result of an Estonian-Russian dispute over the removal of a bronze
statue depicting a World War II-era Soviet soldier from the center of the capital, Tallinn.[3] In
the midst of the armed conflict with Russia, Georgia likewise was subject to sustained and
coordinated attacks on its electronic infrastructure in August 2008. In both of these cases,
circumstantial evidence point to coordinated Russian attacks, but attribution of the attacks is
difficult; though both the countries blame Moscow for contributing to the cyber attacks, proof
establishing legal culpability is lacking.

Estonia joined NATO in 2004, which prompted NATO to carefully monitor its member
states' response to the attack. NATO also feared escalation and the possibility of cascading
effects beyond Estonia's border to other NATO members. In 2008, directly as a result of the
attacks, NATO opened a new center of excellence on cyberdefense to conduct research and
training on cyber warfare in Tallinn.[45]

The chaos resulting from the attacks in Estonia illustrated to the world the dependence
countries had on information technology. This dependence then makes countries vulnerable
to future cyber attacks and terrorism.[3]

Quick information on the cyber attack on Estonia and its effects on the country.[46]

 Online services of Estoninan banks and government services were taken down by
uncontrollable high level of internet traffic
 Media outlets were also down and so broadcasters could not deliver the news of the
cyber attacks
 Some of the services were under attack for 22 days, while other online services were
taken down completely
 Riots and Looting went on for 48 hours in Tallinn, Estonia
 The cyber attack served as a wake up call to Estonia and for the entire world on the
importance of cyber defence.

As cyberattacks continue to increase around the world, countries still look at the attacks on
Estonia in the 2007 as an example of how countries can fight future cyberattacks and
terrorism. As a result of the attacks, Estonia is now is currently one of the top countries in
cyber defence and online safety and its capital city of Tallinn is home to NATO’s cyber
defense hub. The government of Estonia continues to update there cyber defence protocols
and national cybersecurity strategies. NATO’s Coopeative Cyber Defence Centre in Tallinn
also conducts research and training on cyber security to not just help Estonia but other
countries that are in the alliance.[47]
China

The Chinese Defense Ministry confirmed the existence of an online defense unit in May
2011. Composed of about thirty elite internet specialists, the so-called "Cyber Blue Team", or
"Blue Army", is officially claimed to be engaged in cyber-defense operations, though there
are fears the unit has been used to penetrate secure online systems of foreign governments.[48]
[49]
China's leaders have invested in its foundations of cyber defense and quantum computing
and artificial intelligence. 39 Chinese soldiers were chosen  to strengthen China's cyber
defenses. The reason given by Spokesman for the Ministry of National Defense, Geng
Yansheng was that their internet protection was currently weak. Geng claimed that the
program was only temporary to help improve cyber defenses.[50]

India

To counter the cyber terrorists, also called "white-collar jihadis", the police in India has
registered private citizens as volunteers who patrol the internet and report the suspected cyber
terrorists to the government. These volunteers are categorised in three categories, namely
"Unlawful Content Flaggers", "Cyber Awareness Promoters" and "Cyber Experts". In August
2021, police arrested five suspected white-collar jihadis who were preparing a hit list of
officers, journalists, social activists, lawyers and political functionaries to create fear among
people. The white-collar jihadis are considered "worst kind of terrorists" as they remain
anonymous and safe in other nations, but inflict "immeasurable" amount of damage and
brainwashing.[51]

In India, the demand for cyber security professionals has increased over 100 per cent in 2021
and will rise 200 per cent by 2024.[52]

Eighty two percent of companies in India had a ransomware attack in the year 2020. The cost
it takes to recover from a ransomware attack in India has gone from $1.1 million in 2020 to
$3.38 million in 2021.[53] India is at the top of the list of 30 countries for ransomware attacks.

A cyber-attack took place on the electricity grid in Maharashtra that resulted in a power
outage. This occurred in October 2020 and the authorities believe China was behind it.[54]

Important information like dates of birth and full names were leaked for thousands of patients
who were tested for COVID-19. This information was made accessible on Google and was
leaked from government websites. The job portal IIMjobs was attacked and the information
of 1.4 million people looking for jobs was leaked. The information leaked was quite
extensive including the location of users and their names and phone numbers. The
information for 500,000 Indian police personal was sold on a forum in February 2021. The
information contained much personal information. The data was from a police exam taken in
December 2019.[55]

Korea

According to 2016 Deloitte Asia-Pacific Defense Outlook,[56] South Korea's 'Cyber Risk
Score' was 884 out of 1,000 and South Korea is found to be the most vulnerable country to
cyber attacks in the Asia-Pacific region. Considering South Korea's high speed internet and
cutting-edge technology, its cyber security infrastructure is relatively weak.[57] The 2013
South Korea cyberattack significantly damaged the Korean economy. This attack wounded
the systems of two banks and the computer networks of three TV broadcasters. The incident
was a massive blow, and the attacker was never identified. It was theorized to be North
Korea. The week before North Korea accused the United States and South Korea of shutting
down their internet for two days.[58] In 2017, a ransomware attack harassed private companies
and users, who experienced personal information leakage. Additionally, there were North
Korea's cyber attacks which risked national security of South Korea.[59]

In response to this, South Korean government's countermeasure is to protect the information

security centres the National Intelligence Agency. Currently, 'cyber security' is one of the
major goals of NIS Korea.[60] Since 2013, South Korea had established policies related to
National cyber security and trying to prevent cyber crises via sophisticated investigation on
potential threats. Meanwhile, scholars emphasize on improving the national consciousness
towards cyber attacks as South Korea had already entered the so-called 'hyper connected
society'.

North Korea's cyberwarfare is incredibly efficient and the best of state-sponsored hackers.
Those who are chosen to be hackers are selected when they are young and trained specifically
in cyberwarfare. Hackers are trained to steal money from ATMs but not enough to be
reported. North Korea is great at zero-day exploits. The country will hack anyone they chose
to. They steal secrets from companies and government agencies and steal money from
financial systems to fund their hacking operations.[61]

Pakistan

Pakistani Government has also taken steps to curb the menace of cyberterrorism and
extremist propaganda. National Counter Terrorism Authority (Nacta) is working on joint
programs with different NGOs and other cyber security organizations in Pakistan to combat
this problem. Surf Safe Pakistan[62] is one such example. Now people in Pakistan can report
extremist and terrorist related content online on Surf Safe Pakistan portal. The National
Counter Terrorism Authority (NACTA) provides the Federal Government's leadership for the
Surf Safe Campaign.

Ukraine

A series of powerful cyber attacks began 27 June 2017, that swamped websites of Ukrainian
organizations, including banks, ministries, newspapers and electricity firms.

USA

On 22 December 2009, the White House named its head of computer security as Howard
Schmidt to coordinate U.S Government, military and intelligence efforts to repel hackers. He
left the position in May 2012.[64] Michael Daniel was appointed to the position of White
House Coordinator of Cyber Security the same week[65] and continues in the position during
the second term of the Obama administration.[66]

Obama signed an executive order to enable the US to impose sanctions on either individuals
or entities that are suspected to be participating in cyber related acts. These acts were
assessed to be possible threats to US national security, financial issues or foreign policy
issues.[67] U.S. authorities indicted a man over 92 cyberterrorism hacks attacks on computers
used by the Department of Defense.[68] A Nebraska-based consortium apprehended four
million hacking attempts in the course of eight weeks.[69] In 2011 cyberterrorism attacks grew
20%.[70]

In May 2021, President Joe Biden announced an executive order aiming to improve
America's cybersecurity. It came about after an increase in cybersecurity attacks aimed at the
country's public and private sector. The plan aims to improve the government's cyberdefense
by working on its ability to identify, deter, protect against, detect, and respond to attacks. The
plan has 10 sections written into the document that include, to name a few, improving sharing
of threat information, modernizing the government's cybersecurity, and establishing a
Cybersecurity Review Board.[71]

Examples
An operation can be done by anyone anywhere in the world, for it can be performed
thousands of miles away from a target. An attack can cause serious damage to a critical
infrastructure which may result in casualties.[72]

Some attacks are conducted in furtherance of political and social objectives, as the following
examples illustrate:

 In 1996, a computer hacker allegedly associated with the White Supremacist

movement temporarily disabled a Massachusetts ISP and damaged part of the ISP's
record keeping system. The ISP had attempted to stop the hacker from sending out
worldwide racist messages under the ISP's name. The hacker signed off with the
threat: "you have yet to see true electronic terrorism. This is a promise."
 In 1998, Spanish protesters bombarded the Institute for Global Communications
(IGC) with thousands of bogus e-mail messages. E-mail was tied up and
undeliverable to the ISP's users, and support lines were tied up with people who
couldn't get their mail. The protestors also spammed IGC staff and member accounts,
clogged their Web page with bogus credit card orders, and threatened to employ the
same tactics against organizations using IGC services. They demanded that IGC stop
hosting the Web site for the Euskal Herria Journal, a New York-based publication
supporting Basque independence. Protestors said IGC supported terrorism because a
section on the Web pages contained materials on the terrorist group ETA, which
claimed responsibility for assassinations of Spanish political and security officials,
and attacks on military installations. IGC finally relented and pulled the site because
of the "mail bombings".
 In 1998, ethnic Tamil guerrillas attempted to disrupt Sri Lankan embassies by sending
large volumes of e-mail. The embassies received 800 e-mails a day over a two-week
period. The messages read "We are the Internet Black Tigers and we're doing this to
disrupt your communications." Intelligence authorities characterized it as the first
known attack by terrorists against a country's computer systems.[73]
 During the Kosovo conflict in 1999, NATO computers were blasted with e-mail
bombs and hit with denial-of-service attacks by hacktivists protesting the NATO
bombings. In addition, businesses, public organizations and academic institutes
received highly politicized virus-laden e-mails from a range of Eastern European
countries, according to reports. Web defacements were also common. After the
Chinese Embassy was accidentally bombed in Belgrade[citation needed], Chinese hacktivists
 posted messages such as "We won't stop attacking until the war stops!" on U.S.
government Web sites.
 Since December 1997, the Electronic Disturbance Theater (EDT) has been conducting
Web sit-ins against various sites in support of the Mexican Zapatistas. At a designated
time, thousands of protestors point their browsers to a target site using software that
floods the target with rapid and repeated download requests. EDT's software has also
been used by animal rights groups against organizations said to abuse animals.
Electrohippies, another group of hacktivists, conducted Web sit-ins against the WTO
when they met in Seattle in late 1999. These sit-ins all require mass participation to
have much effect, and thus are more suited to use by activists than by terrorists.[27]
 In 2000, a Japanese investigation revealed that the government was using software
developed by computer companies affiliated with Aum Shinrikyo, the doomsday sect
responsible for the sarin gas attack on the Tokyo subway system in 1995. "The
government found 100 types of software programs used by at least 10 Japanese
government agencies, including the Defense Ministry, and more than 80 major
Japanese companies, including Nippon Telegraph and Telephone."[74] Following the
discovery, the Japanese government suspended use of Aum-developed programs out
of concern that Aum-related companies may have compromised security by breaching
firewalls. gaining access to sensitive systems or information, allowing invasion by
outsiders, planting viruses that could be set off later, or planting malicious code that
could cripple computer systems and key data system.[75]
 In March 2013, The New York Times reported on a pattern of cyber attacks against
U.S. financial institutions believed to be instigated by Iran as well as incidents
affecting South Korean financial institutions that originate with the North Korean
government.[35]
 In August 2013, media companies including The New York Times, Twitter and the
Huffington Post lost control of some of their websites after hackers supporting the
Syrian government breached the Australian Internet company that manages many
major site addresses. The Syrian Electronic Army, a hacker group that has previously
attacked media organisations that it considers hostile to the regime of Syrian president
Bashar al-Assad, claimed credit for the Twitter and Huffington Post hacks in a series
of Twitter messages. Electronic records showed that NYTimes.com, the only site with
an hours-long outage, redirected visitors to a server controlled by the Syrian group
before it went dark.[76]
 Pakistani Cyber Army is the name taken by a group of hackers who are known for
their defacement of websites, particularly Indian, Chinese, and Israeli companies and
governmental organizations, claiming to represent Pakistani nationalist and Islamic
interests.[77] The group is thought to have been active since at least 2008,[78] and
maintains an active presence on social media, especially Facebook. Its members have
claimed responsibility for the hijacking of websites belonging to Acer,[79] BSNL,[80]
India's CBI, Central Bank, and the State Government of Kerala.[81][82]
 British hacker Kane Gamble, sentenced to 2 years in youth detention, posed as CIA
chief to access highly sensitive information.[83] He also "cyber-terrorized" high-profile
U.S. intelligence officials such as then CIA chief John Brennan or Director of
National Intelligence James Clapper.[84][85] The judge said Gamble engaged in
"politically motivated cyber terrorism".[86]
 In March 2021 hackers affiliated with Russia were reported to have targeted
Lithuanian Officials and decision makers. The cyber-espionage group APT29 which
is believed to have carried out the attacks utilized the country's own IT infrastructure
against organizations involved in the development of a COVID-19 vaccine.[87]
 On 21 March 2021, the CNA was attacked with a ransomware attack, which caused
the company to have no control over its network. CNA Financial Corporation is one
of the largest insurance companies based in the United States. It offers cyber
insurance to its customers.[88] This attack caused the organization to lose access to
online services and business operations. Thus, the CNA had to pay 40 million dollars
to regain control of its network. At first, the CNA decided to ignore the hackers by
trying to solve the problem independently, but they could not find a way, so they
surrendered money to the group within a week.  The group responsible for this attack
is called Evil Corp. They used a new type of malware called Phoenix CrytoLocker.
The new malware encrypted 15,000 devices on the network and employees working
remotely while logged into the company's VPN during the attack.[89] The FBI strongly
discourages companies from paying ransomware because it encourages more attacks
in the future, and data might not get returned.
 On 7 May 2021, the Colonial Pipeline was hit with a cyberattack that disrupted oil
distribution. The Colonial Pipeline is a pipeline that controls almost half (45%) of the
oil that runs through the East Coast of the United States. This attack caused the
company to turn off the pipeline, which it had never done before. Thus, many people
panicked buying gasoline at gas stations, and the government thought this attack
would quickly spread.[90] Ultimately, the Colonial Pipeline paid nearly an amount of 5
million dollars worth of cryptocurrency. Even though the Colonial paid all the money,
the system did not turn on as rapidly as it used to.[91] The hacker accused of this attack
is a group called DarkSide. The money that the Colonial paid went to DarkSide, but
there are other entities involved as well. For now, DarkSide has decided to
discontinue its operations.[92]
 On 30 May 2021, JBS was exposed to a cyberattack of ransomware which delayed the
plant's meat production. JBS is the world's largest meat producer that provides meat-
related products for people. This attack caused the shutdown of all nine beef factories
in the United States and disrupted poultry and pork production. In addition, labor had
to be cut due to the closings of the factories, and the cost of meat increased due to no
meat being produced.[93] Ultimately, JBS had to pay 11 million dollars worth of
cryptocurrency to regain control.[94] A group called REvil was responsible for the
attack. REvil is a group based in the country of Russia that is also one of the most
productive ransomware organizations.[95]
 In the summer of 2021, crimes committed in Cyprus,[96][97] Israel[98] and Lithuania[99]
were classified by experts as Internet terrorism. Anonymous persons informed law
enforcement authorities through the internet about mined business centers and office
buildings. Main target was the gambling company Affise. According to Ambassador
John R. Bolton,[100] these occurrences are vivid examples of Internet terrorism. Amb.
Bolton believes that they are consequences of financial conflict stirred among the
owners of Affise, PlayCash and "CyberEye-25" group. According to the expert, all
three companies gain illicit income associated with criminal activities on the Internet.
 In early December 2021 it was reported least nine U.S State Department had their
phones hacked by an unknown attacker. All nine employees had Apple Iphones. The
hack, which took place over several months, was done through the use of iMessages
that had a software attached that when sent, without needing to be interacted with,
installed spyware known as Pegasus. The software used was developed and sold by an
Israel-based spyware development company named NSO Group.[101]
 In December 2021 at least five US defense and tech firms have been hacked by a
group operating from China. The group took advantage of an exploit used in these
organization's software to conduct their campaign which came to light in upcoming
 months. The target of these breaches were passwords as well as having the goal of
intercepting private communications. As of right now the extent of the damage is
unclear as the breaches are ongoing.[102]

 As a response to the 2022 Russian invasion of Ukraine, Anonymous performed many

attacks against computer systems in Russia. Most notably, Anonymous committed a
cyberattack against Roskomnadzor in March 2022.[103]

 India, US, Indonesia, and China accounted for 45% of total cyberattacks on
government agencies worldwide in the second half of 2022, according to a report by
cybersecurity firm CloudSek, released Friday. The number of attacks on government
agencies were up 95% year-on-year, the report claims.
 India was the most targeted country in 2022 as attacks on government agencies more
than doubled. CloudSek attributed this to an increase in activities of Malaysia-based
hacktivist group Dragon Force, which ran campaigns such as #OpIndia and
#OpsPatuk against India in retaliation to the controversial comments by an Indian
politician on Prophet Mohammed.



 Another hacker group Khalifah Cyber Crew intensified attacks on India in protest
against alleged “Muslim discrimination" by the government, the report said.
 Hacktivism is a form of cyberattack where the hacker’s motivation is not financial
gains but to promote a political agenda or protest against certain policies. Last year,
attacks on China also increased due to its aggressive stance towards Taiwan and the
Uyghur community.
 Attacks on government agencies in China declined to 4.5% of all attacks from 13.10%
last year. On the other hand, in India, US, and Indonesia, the share of all attacks grew
from 6.3% to 13.7%, 7.4% to 9.6%, and 4.6% to 9.3%, respectively,
 In 2022, hacktivism accounted for 9% of the cyberattacks on the government sector.
 In addition to hacktivism, government agencies in India are also increasingly being
targeted by phishing campaigns, according to the report.
 CloudSek also found that ransomware groups were very active and accounted for 6%
of the attacks on governments. LockBIT, which provides ransomware-as-a-service
(RaaS) was the most prominent ransomware operator. Its targets this year include
government agencies in the US, Canada, and Italy. In November, a Russian national
was arrested in Canada for alleged involvement in LockBIT ransomware campaigns
in the US.
 \Last month, India’s top government-run hospital All India Institute of Medical
Science (AIIMS) was also hit by a cyberattack causing disruption of online services
that lasted over two weeks.
 India’s nodal cybersecurity agency Computer Emergency Response Team (CERT-In)
found in its investigation that five AIIMS’ servers were compromised during the
attack and nearly 1.3 terabytes of data was encrypted by hackers.
 “The ratio of government-sponsored attacks has also multiplied; however, there is no
exact figure for this increase since these attacks are mostly untraceable. This growth
can be primarily attributed to the advent of RaaS models," CloudSek said.
 Attacks on Russia increased 600% in 2022 in retaliation to its invasion of Ukraine,
making it the fifth most targeted country.
  Cyberattacks on government agencies are not new. Many of these attacks state
sponsored and are aimed at stealing sensitive information or cripple critical
infrastructure of other countries. Indian entities are often targeted by hacker groups
with links to China. Similarly, many of the attacks on US agencies often originate
from Russia or North Korea.
 According to IBM’s ‘Cost of Data Breach Report 2022’, the average cost of data
breaches in the government sector has increased from $1.93 million in 2021 to $2.07
million this year.
 Experts believe that state-sponsored hackers will go after cloud services next year due
to growing digital transformation. “Nation states will begin to target cloud service
provider (CSP) managed services as companies migrate more of their attack surface to
these managed services," said Bob Huber, chief security officer at Tenable, a
cybersecurity firm.


Sabotage

Non-political acts of sabotage have caused financial and other damage. In 2000, disgruntled
employee Vitek Boden caused the release of 800,000 litres of untreated sewage into
waterways in Maroochy Shire, Australia.[104][105]

More recently, in May 2007 Estonia was subjected to a mass cyber-attack in the wake of the
removal of a Russian World War II war memorial from downtown Tallinn. The attack was a
distributed denial-of-service attack in which selected sites were bombarded with traffic to
force them offline; nearly all Estonian government ministry networks as well as two major
Estonian bank networks were knocked offline; in addition, the political party website of
Estonia's Prime Minister Andrus Ansip featured a counterfeit letter of apology from Ansip for
removing the memorial statue. Despite speculation that the attack had been coordinated by
the Russian government, Estonia's defense minister admitted he had no conclusive evidence
linking cyber attacks to Russian authorities. Russia called accusations of its involvement
"unfounded", and neither NATO nor European Commission experts were able to find any
conclusive proof of official Russian government participation.[106] In January 2008 a man
from Estonia was convicted for launching the attacks against the Estonian Reform Party
website and fined.[107][108]

During the Russia-Georgia War, on 5 August 2008, three days before Georgia launched its
invasion of South Ossetia, the websites for OSInform News Agency and OSRadio were
hacked. The OSinform website at osinform.ru kept its header and logo, but its content was
replaced by a feed to the Alania TV website content. Alania TV, a Georgian government-
supported television station aimed at audiences in South Ossetia, denied any involvement in
the hacking of the websites. Dmitry Medoyev, at the time the South Ossetian envoy to
Moscow, claimed that Georgia was attempting to cover up information on events which
occurred in the lead-up to the war.[109] One such cyber attack caused the Parliament of
Georgia and Georgian Ministry of Foreign Affairs websites to be replaced by images
comparing Georgian president Mikheil Saakashvili to Adolf Hitler.[110] Other attacks involved
denials of service to numerous Georgian and Azerbaijani websites,[111] such as when Russian
hackers allegedly disabled the servers of the Azerbaijani Day.Az news agency.[112]

In June 2019, Russia has conceded that it is "possible" its electrical grid is under cyber-attack
by the United States.[113] The New York Times reported that American hackers from the
United States Cyber Command planted malware potentially capable of disrupting the Russian
electrical grid.[114]

Website defacement and denial of service

Even more recently, in October 2007, the website of Ukrainian president Viktor Yushchenko
was attacked by hackers. A radical Russian nationalist youth group, the Eurasian Youth
Movement, claimed responsibility.[115][116]

In 1999 hackers attacked NATO computers. The computers flooded them with email and hit
them with a denial-of-service attack. The hackers were protesting against the NATO
bombings of the Chinese embassy in Belgrade. Businesses, public organizations and
academic institutions were bombarded with highly politicized emails containing viruses from
other European countries.[117]

In December 2018, Twitter warned of "unusual activity" from China and Saudi Arabia. A bug
was detected in November that could have revealed the country code of users' phone
numbers. Twitter said the bug could have had ties to "state-sponsored actors".[118][119]

In May 2021 successive waves of DDOS attacks aimed at Belnet, Belgium's public sector
ISP, took down multiple government sites in Belgium. 200 sites were affected leaving public
offices, universities, and research centers unable to access the internet fully or partially.[120]

In fiction
This article appears to contain trivial, minor, or unrelated references to popular
culture. Please reorganize this content to explain the subject's impact on popular
culture, providing citations to reliable, secondary sources, rather than simply listing
appearances. Unsourced material may be challenged and removed. (May 2022)

 The Japanese cyberpunk manga, Ghost in the Shell (as well as its popular movie and
TV adaptations) centers around an anti-cyberterrorism and cybercrime unit. In its
mid-21st century Japan setting such attacks are made all the more threatening by an
even more widespread use of technology including cybernetic enhancements to the
human body allowing people themselves to be direct targets of cyberterrorist attacks.
 In the movie Live Free or Die Hard, John McClane (Bruce Willis) takes on a group of
cyberterrorists intent on shutting down the entire computer network of the United
States.
 The movie Eagle Eye involves a super computer controlling everything electrical and
networked to accomplish the goal.
 The plots of 24 Day 4 and Day 7 include plans to breach the nation's nuclear plant
grid and then to seize control of the entire critical infrastructure protocol.
 The Tom Clancy created series Netforce was about an FBI/Military team dedicated to
combating cyberterrorists.
 Much of the plot of Mega Man Battle Network is centered around cyberterrorism.
 In the 2009 Japanese animated film Summer Wars, an artificial intelligence cyber-
terrorist attempts to take control over the world's missiles in order to "win" against the
main characters that attempted to keep it from manipulating the world's electronic
devices.
 In the 2012 film Skyfall, part of the James Bond franchise, main villain Raoul Silva
(Javier Bardem) is an expert cyberterrorist who is responsible for various
cyberterrorist incidents in the past.
 Cyberterrorism plays a role in the 2012 video game Call of Duty: Black Ops II, first
when main antagonist Raul Menendez cripples the Chinese economy with a
cyberattack and frames the United States for it, starting a new Cold War between the
two powers. Later, another cyberattack with a computer worm leads to Menendez
seizing control of the entire U.S drone fleet. Finally, one of the game's endings leads
to another attack similar to the latter, this time crippling the U.S' electrical and water
distribution grids. An alternate ending depicts the cyberattack failing after it is
stopped by one of the game's characters pivotal to the storyline.
 The plot of the 2014 video game Watch Dogs is heavily influenced by cyber-
terrorism. In which players take control of the game's protagonist, Aiden Pierce, an
accused murder suspect,[citation needed] who hacks into a ctOS (Central Operating System),
giving him complete control of Chicago's mainframe in order to hunt down his
accusers.
 The video game Metal Slug 4 focuses on Marco and Fio, joined by newcomers Nadia
and Trevor, to battle a terrorist organization known as Amadeus that is threatening the
world with a computer virus.
 The visual novel Baldr Force has the main character Tooru Souma joining a military
organization to fight cyberterrorism to avenge the death of his friend.
 The Japanese manga and live action Bloody Monday is highly influenced by hacking
and cracking. The main character Takagi Fujimaru is a Super Elite hacker which use
his hacking knowledge to fight against his enemies.
 In the television series Mr. Robot, the main plot line follows groups of hackers who
engage in cyber terrorism as well as other events.

 Critical systems whose network addresses would not be generally known were
targeted, including those serving telephony and financial transaction processing.[17]
Although not all of the computer crackers behind the cyberwarfare have been
unveiled, some experts believed that such efforts exceed the skills of individual
activists or even organised crime as they require a co-operation of a state and a large
telecom company.[5]
 A well known Russian hacker Sp0Raw believes that the most efficient online attacks
on Estonia could not have been carried out without the blessing of the Russian
authorities and that the hackers apparently acted under "recommendations" from
parties in higher positions.[18] [19] At the same time he called claims of Estonians
regarding direct involvement of Russian government in the attacks[20] "empty words,
not supported by technical data".[19]
 Mike Witt, deputy director of the United States Computer Emergency Readiness
Team (CERT) believes that the attacks were DDoS attacks. The attackers used botnets
—global networks of compromised computers, often owned by careless individuals.
"The size of the cyber attack, while it was certainly significant to the Estonian
government, from a technical standpoint is not something we would consider
significant in scale," Witt said.[21]
 Professor James Hendler, former chief scientist at The Pentagon's Defense Advanced
Research Projects Agency (DARPA) characterised the attacks as "more like a cyber
riot than a military attack."[21]
 "We don't have directly visible info about sources so we can't confirm or deny that the
attacks are coming from the Russian government," Jose Nazario, software and
 security engineer at Arbor Networks, told internetnews.com.[22] Arbor Networks
operated ATLAS threat analysis network, which, the company claimed, could "see"
80% of Internet traffic. Nazario suspected that different groups operating separate
distributed botnets were involved in the attack.
 Experts interviewed by IT security resource SearchSecurity.com "say it's very
unlikely this was a case of one government launching a coordinated cyberattack
against another": Johannes Ullrich, chief research officer of the Bethesda said
"Attributing a distributed denial-of-service attack like this to a government is hard."
"It may as well be a group of bot herders showing 'patriotism,' kind of like what we
had with Web defacements during the US-China spy-plane crisis [in 2001]." Hillar
Aarelaid, manager of Estonia's Computer Emergency Response Team "expressed
skepticism that the attacks were from the Russian government, noting that Estonians
were also divided on whether it was right to remove the statue".[23]
 "Today security analysts widely believe that the attacks were condoned by the
Kremlin, if not actively coordinated by its leaders." Andy Greenberg, author of the
WIRED Guide to Cyberwar 23 August 2019. He noted that the next year, 2008,
similar attacks on Georgia were accompanied by a Russian physical invasion.
wired.com.[24]
 Clarke and Knake report that upon the Estonian authorities informing Russian
officials they had traced systems controlling the attack to Russia, there was some
indication in response that incensed patriotic Russians might have acted on their own.
[17]
Regardless of conjectures over official involvement, the decision of Russian
authorities not to pursue individuals responsible—a treaty obligation—together with
expert opinion that Russian security services could readily track down the culprits
should they so desire, leads Russia observers to conclude the attacks served Russian
interests.[17]
 On May 23, 2012, the Atlantic Council convened a retrospective conference,
"Building a Secure Cyber Future: Attack on Estonia, Five Years On" in which cyber-
experts who had been involved in the conflict discussed lessons learned and how the
field of cyber-conflict was changed by the Estonian attack and the following year's
attack on Georgia. The conference was organized by Jason Healey, director of the
Atlantic Council's Cyber Statecraft Initiative, and featured talks by Jaan Priisalu,
Director General of Estonia's Information System Authority; Bill Woodcock, an
American cybersecurity expert who assisted in the defense; Jonatan Vseviov, then
Minister of Defense and subsequently Ambassador to the United States; Heli Tiirmaa-
Klaar, Estonian Ambassador-at-Large for Cybersecurity; and others.[25] Priisalu
discussed the attack's impact on the Estonian financial system, while Woodcock
described the methods the Estonian CERT used to coordinate defensive actions with
network operators and their counterparts in neighboring countries, and Vseviov talked
about the broader societal implications of the attack, and NATO's Article 5
obligations.

 Claiming responsibility for the attacks

 A Commissar of the Nashi pro-Kremlin youth movement in Moldova and
Transnistria, Konstantin Goloskokov (Goloskov in some sources[26]), admitted
organizing cyberattacks against Estonian government sites.[18] Goloskokov stressed,
however, that he was not carrying out an order from Nashi's leadership and said that a
lot of his fellow Nashi members criticized his response as being too harsh.[19]
 Like most countries, Estonia does not recognise Transnistria, a secessionist region of
Moldova. As an unrecognised nation, Transnistria does not belong to Interpol.[27]
Accordingly, no Mutual Legal Assistance Treaty applies. If residents of Transnistria
were responsible, the investigation may be severely hampered, and even if the
investigation succeeds finding likely suspects, the legal recourse of Estonian
authorities may be limited to issuing all-EU arrest warrants for these suspects. Such
an act would be largely symbolic.
 Head of Russian Military Forecasting Center, Colonel Anatoly Tsyganok confirmed
Russia's ability to conduct such an attack when he stated: "These attacks have been
quite successful, and today the alliance had nothing to oppose Russia's virtual
attacks", additionally noting that these attacks did not violate any international
agreement.[28]

 Influence on international military doctrines

 The attacks triggered a number of military organizations around the world to
reconsider the importance of network security to modern military doctrine. On 14
June 2007, defence ministers of NATO members held a meeting in Brussels, issuing a
joint communiqué promising action by the autumn of 2007.[29] NATO's Cooperative
Cyber Defence Centre of Excellence (CCDCOE) was established in Tallinn on 14
May 2008.[30][31]
 On 25 June 2007, Estonian president Toomas Hendrik Ilves met with US president
George W. Bush.[32] Among the topics discussed were the attacks on Estonian
infrastructure. [33]
 The events have been reflected in a NATO Department of Public Diplomacy short
movie War in Cyberspace.[
 On 20 July 2008, weeks before the Russian invasion of Georgia, "zombie" computers
were already on the attack against Georgia.[2][3] The website of the Georgian president
Mikheil Saakashvili was targeted, resulting in overloading the site. The traffic
directed at the website included the phrase "win+love+in+Rusia". The site then was
taken down for 24 hours.[4][5]
 On 5 August 2008, the websites for OSInform News Agency and OSRadio were
hacked. The OSinform website at osinform.ru kept its header and logo, but its content
was replaced by the content of Alania TV website. Alania TV, a Georgian
government supported television station aimed at audiences in South Ossetia, denied
any involvement in the hacking of the rival news agency website. Dmitry Medoyev,
the South Ossetian envoy to Moscow, claimed that Georgia was attempting to cover
up the deaths of 29 Georgian servicemen during the flare-up on August 1 and 2.[6]
 On 5 August, Baku–Tbilisi–Ceyhan pipeline was subject to a terrorist attack near
Refahiye in Turkey, responsibility for which was originally taken by Kurdistan
Workers' Party (PKK) but there is circumstantial evidence that it was instead a
sophisticated computer attack on line's control and safety systems that led to increased
pressure and explosion.[7]
 According to Jart Armin, a researcher, many Georgian Internet servers were under
external control since late 7 August 2008.[8] On 8 August, the DDoS attacks peaked
and the defacements began.[9]
 However, within hours the traffic was again diverted to Moscow-based servers.[8][10]
 On 10 August 2008, RIA Novosti news agency's website was disabled for several
hours by a series of Georgian counter-attacks.[11][12]
 By 11 August 2008, the website of the Georgian president had been defaced and
images comparing President Saakashvili to Adolf Hitler were posted. This was an
example of cyber warfare combined with PSYOPs.[9] Georgian Parliament's site was
also targeted.[9][8][13] Some Georgian commercial websites were also attacked.[10][8][13][14]
The Ministry of Foreign Affairs set up a blog on Google's Blogger service as a
temporary site. The Georgian President's site was moved to US servers.[9][13] The
National Bank of Georgia’s Web site had been defaced at one point and 20th-century
dictators' images and an image of Georgian president Saakashvili were placed.[2] The
Georgian Parliament website was defaced by the "South Ossetia Hack Crew" and the
content was replaced with images comparing President Saakashvili to Hitler.[13]
 Estonia offered hosting for Georgian governmental website and cyberdefense
advisors.[15][3] It was reported that the Russians bombed Georgia’s telecommunications
infrastructure, including cell towers.[15] Private United States companies also assisted
the Georgian government to protect its non-war making information such as the
government payroll during the conflict.[16]
 Russian hackers also attacked the servers of the Azerbaijani Day.Az news agency.
The reason was Day.Az position in covering the Russian-Georgian conflict.[17]
ANS.az, one of the leading news websites in Azerbaijan, was also attacked.[18]
Russian intelligence services had also disabled the information websites of Georgia
during the war.[17] The Georgian news site Civil Georgia switched their operations to
one of Google's Blogspot domains.[15] Despite the cyber-attacks, Georgian journalists
managed to report on the war. Many media professionals and citizen journalists set up
blogs to report or comment on the war.[19][20][10]
 Reporters Without Borders condemned the violations of online freedom of
information since the outbreak of hostilities between Georgia and Russia. "The
Internet has become a battleground in which information is the first victim," it said.[18]
 The attacks involved Denial-of-service attacks.[13][18][2]
 On 14 August 2008, it was reported that although a ceasefire reached, major Georgian
servers were still down, hindering communication in Georgia.[20]

 Analysis
 The Russian government denied the allegations that it was behind the attacks, stating
that it was possible that "individuals in Russia or elsewhere had taken it upon
themselves to start the attacks".[2][21][22]
 Dancho Danchev, a Bulgarian Internet security analyst claimed that the Russian
attacks on Georgian websites used “all the success factors for total outsourcing of the
bandwidth capacity and legal responsibility to the average Internet user.”[9]
 Jose Nazario, security researcher for Arbor Networks, told CNET that he was seeing
evidence that Georgia was responding to the cyber attacks, attacking at least one
Moscow-based newspaper site.[23]
 According to Don Jackson, director of threat intelligence at SecureWorks, this was
lending credence to the idea that the Russian government was indeed behind the
attack, rather than the RBN.[24] Furthermore, Jackson found that not all the computers
that were attacking Georgian websites were on RBN servers, but also on "Internet
addresses belonging to state-owned telecommunications companies in Russia".[24]
 Gadi Evron, the former chief of Israel's Computer Emergency Response Team,
believed the attacks on Georgian internet infrastructure resembled a cyber-riot, rather
than cyber-warfare. Evron admitted the attacks could be "indirect Russian (military)
action," but pointed out the attackers "could have attacked more strategic targets or
 eliminated the (Georgian Internet) infrastructure kinetically." Shadowserver registered
six different botnets involved in the attacks, each controlled by a different command
server.[25][26]
 In March 2009, Security researchers from Greylogic concluded that Russia's GRU
and the FSB were likely to have played a key role in co-coordinating and organizing
the attacks. The Stopgeorgia.ru forum was a front for state-sponsored attacks.[27]
 John Bumgarner, member of the United States Cyber Consequences Unit (US-CCU)
did a research on the cyberattacks during the Russo-Georgian War. The report
concluded that the cyber-attacks against Georgia launched by Russian hackers in 2008
demonstrated the need for international cooperation for security. The report stated that
the organizers of the cyber-attacks were aware of Russia's military plans, but the
attackers themselves were believed to have been civilians. Bumgarner’s research
concluded that the first-wave of cyber-attacks launched against Georgian media sites
were in line with tactics used in military operations.[28] "Most of the cyber-attack tools
used in the campaign appear to have been written or customized to some degree
specifically for the campaign against Georgia," the research stated.[29]

Online presence
US journalist Pete Earley described his interviews with former senior Russian intelligence
officer Sergei Tretyakov, who defected to the United States in 2000:

Sergei would send an officer to a branch of the New York Public Library where he could get
access to the Internet without anyone knowing his identity. The officer would post the
propaganda on various websites and send it in emails to US publications and broadcasters.
Some propaganda would be disguised as educational or scientific reports. ... The studies had
been generated at the Center by Russian experts. The reports would be 100% accurate [4]

Tretyakov did not specify the targeted web sites, but made clear they selected the sites which
are most convenient for distributing the specific information. According to him, during his
work in New York City in the end of the 1990s, one of the most frequent subjects was the
War in Chechnya.[4]

According to a publication in Russian computer weekly Computerra, "just because it became

known that anonymous editors are editing articles in English Wikipedia in the interests of UK
and US intelligence and security services, it is also likely that Russian security services are
involved in editing Russian Wikipedia, but this is not even interesting to prove it — because
everyone knows that security bodies have a special place in the structure of our [Russian]
state"[5]

Cyberattacks
It has been claimed that Russian security services organized a number of denial of service
attacks as a part of their cyber-warfare against other countries, such as the 2007 cyberattacks
on Estonia and the 2008 cyberattacks on Russia, South Ossetia, Georgia, and Azerbaijan.[6][7]
One identified young Russian hacker said that he was paid by Russian state security services
to lead hacking attacks on NATO computers. He was studying computer sciences at the
Department of the Defense of Information. His tuition was paid for by the FSB.[8]
Estonia

Main article: 2007 cyberattacks on Estonia

In April 2007, following a diplomatic row with Russia over a Soviet war memorial, Estonia
was targeted by a series of cyberattacks on financial, media, and government websites which
were taken down by an enormous volume of spam being transmitted by botnets in what is
called a distributed denial-of-service attack. Online banking was made inaccessible,
government employees were suddenly unable to communicate via e-mail, and media outlets
could not distribute news. The attacks reportedly came from Russian IP addresses, online
instructions were in Russian, and Estonian officials traced the systems controlling the
cyberattacks back to Russia.[9][10] However, some experts held doubts that the attacks were
carried out by the Russian government itself.[11] A year after the attack NATO founded the
Cooperative Cyber Defence Centre of Excellence in Tallinn as a direct consequence of the
attacks.[12]

In response to the 2022 Russian invasion of Ukraine, Estonia has removed a Soviet-era tank
monument near Narva.[13] After its removal, Estonia was subject to "the most extensive
cyberattack" since the 2007 cyberattacks.[14]

France

Further information: 2017 Macron e-mail leaks

The attack was initially claimed by a group calling themselves the "Cyber Caliphate"
however a more in-depth investigation by French authorities revealed the attack on the
network had links to APT28, a GRU-affiliated hacker group.[15][16] In May 2017, on the eve of
the French presidential election, more than 20,000 e-mails belonging to the campaign of
Emmanuel Macron were dumped on an anonymous file-sharing website, shortly after the
campaign announced they had been hacked. Word of the leak spread rapidly through the
Internet, facilitated by bots and spam accounts. An analysis by Flashpoint, an American
cybersecurity firm, determined with "moderate confidence" that APT28 was the group behind
the hacking and subsequent leak.[17]

In February 2021 the Agence nationale de la sécurité des systèmes d'information said that
"several French entities" were breached by Sandworm between late 2017 and 2020 by
hacking French software company Centreon to deploy malware. Similar to the 2020 United
States federal government data breach. The ANSSI said the breach "mostly affected
information technology providers, especially web hosting providers." Russia has denied
being behind the cyberattack. Centreon said in a statement that it "has taken note of the
information" but disputed that the breach was linked to a vulnerability in their commercial
software.[18][19][20]

Georgia

Further information: Cyberattacks during the 2008 South Ossetia war

On 20 July 2008, the website of the Georgian president, Mikheil Saakashvili, was rendered
inoperable for twenty-four hours by a series of denial of service attacks. Shortly after, the
website of the National Bank of Georgia and the parliament were attacked by hackers who
plastered images of Mikheil Saakashvili and former Nazi leader Adolf Hitler. During the war,
many Georgian government servers were attacked and brought down, reportedly hindering
communication and the dissemination of crucial information. According to technical experts,
this is the first recorded instance in history of cyberattacks coinciding with an armed conflict.
[21][22]

An independent US-based research institute US Cyber Consequences Unit report stated the
attacks had "little or no direct involvement from the Russian government or military".
According to the institute's conclusions, some several attacks originated from the PCs of
multiple users located in Russia, Ukraine and Latvia. These users were willingly participating
in cyberwarfare, being supporters of Russia during the 2008 South Ossetia war, while some
other attacks also used botnets.[23][24]

Germany

In 2015, a high-ranking security official stated that it was "highly plausible" that a cybertheft
of files from the German Parliamentary Committee investigating the NSA spying scandal,
later published by WikiLeaks, was conducted by Russian hackers.[25][26] In late 2016, Bruno
Kahl, president of the Bundesnachrichtendienst warned of data breaches and misinformation-
campaigns steered by Russia.[27] According to Kahl, there are insights that cyberattacks occur
with no other purpose than to create political uncertainty.[28][29] Süddeutsche Zeitung reported
in February 2017 that a year-long probe by German intelligence "found no concrete proof of
[Russian] disinformation campaigns targeting the government".[30] By 2020 however German
investigators had collected enough evidence to identify one suspect.[31]

Hans-Georg Maaßen, head of the country's Federal Office for the Protection of the
Constitution, noted "growing evidence of attempts to influence the [next] federal election" in
September 2017 and "increasingly aggressive cyber espionage" against political entities in
Germany.[32] The New York Times reported on 21 September 2017, three days before the
German federal election, that there was little to suggest any Russian interference in the
election.[33] In 2021 the European Commission has accused Russia of trying to interfere in
European democratic processes just days before the parliamentary election on September 26
in Germany.[34]

Kyrgyzstan

Beginning in mid-January 2009, Kyrgyzstan's two main ISPs came under a large-scale DDoS
attack, shutting down websites and e-mail within the country, effectively taking the nation
offline. The attacks came at a time when the country's president, Kurmanbek Bakiyev, was
being pressured by both domestic actors and Russia to close a U.S. air base in Kyrgyzstan.[35]
The Wall Street Journal reported the attacks had been carried out by a Russian "cyber-
militia".[36]

Poland

A three-year pro-Russian disinformation campaign on Facebook with an audience of 4.5

million Poles was discovered in early 2019 by OKO.press and Avaaz. The campaign
published fake news and supported three Polish pro-Russian politicians and their websites:
Adam Andruszkiewicz, former leader of the ultra-nationalist and neo-fascist All-Polish
Youth and, as of 2019, Secretary of State in the Polish Ministry of Digitisation; Janusz
Korwin-Mikke; and Leszek Miller, an active member of the Polish United Workers' Party
during the communist epoch and a prime minister of Poland during the post-communist
epoch. Facebook responded to the analysis by removing some of the web pages.[37]

Romania

Main article: 2022 cyberattacks on Romania

Between late April and early May 2022, in the midst of the 2022 Russian invasion of
Ukraine, multiple Romanian government, military, bank and mass media websites were taken
down after a series of DDoS attacks, behind which was a pro-Kremlin hacking group, Killnet.
The hacking group described the cyberattacks to be a response to a statement made by then-
Senate president, Florin Cîțu that Romania would provide Ukraine with military equipment.
[38][39][40]

South Korea

According to two United States intelligence officials that talked to The Washington Post, and
also the findings of cybersecurity analyst Michael Matonis,

The worm targeted all Olympic IT infrastructure, and succeeded in taking down WiFi, feeds
to jumbotrons, ticketing systems, and other Olympic systems. It was timed to go off at the
start of the opening ceremonies. It was unique in that the hackers attempted to use many false
signatures to blame other countries such as North Korea and China.[41]

Ukraine

Main article: Russian-Ukrainian cyberwarfare

In March 2014, a Russian cyber weapon called Snake or "Ouroboros" was reported to have
created havoc on Ukrainian government systems.[42] The Snake tool kit began spreading into
Ukrainian computer systems in 2010. It performed Computer Network Exploitation (CNE),
as well as highly sophisticated Computer Network Attacks (CNA).[43]

From 2014 to 2016, according to CrowdStrike, the Russian APT Fancy Bear used Android
malware to target the Ukrainian Army's Rocket Forces and Artillery. They distributed an
infected version of an Android app whose original purpose was to control targeting data for
the D-30 Howitzer artillery. The app, used by Ukrainian officers, was loaded with the X-
Agent spyware and posted online on military forums. CrowdStrike claims the attack was
successful, with more than 80% of Ukrainian D-30 Howitzers destroyed, the highest
percentage loss of any artillery pieces in the army (a percentage that had never been
previously reported and would mean the loss of nearly the entire arsenal of the biggest
artillery piece of the Ukrainian Armed Forces.[44]).[45] According to the Ukrainian army, this
number is incorrect and that losses in artillery weapons "were way below those reported" and
that these losses "have nothing to do with the stated cause".[46]

The U.S. government concluded after a study that a cyber attack caused a power outage in
Ukraine which left more than 200,000 people temporarily without power. The Russian
hacking group Sandworm or the Russian government were possibly behind the malware
attack on the Ukrainian power grid as well as a mining company and a large railway operator
in December 2015.[47][48][49][50][51][52] A similar attack occurred in December 2016.[53]

In February 2021 Ukraine accused Russia of attacking the System of Electronic Interaction of
Executive Bodies a web portal used by the Ukrainian government to circulate documents by
uploaded documents that contained macroscripts which if downloaded and enabled would
lead to the computer to secretly download malware that would allow hackers to take over a
computer.[54][55]

In January 2022, a cyberattack on Ukraine took down the website of the Ministry of Foreign
Affairs and other government agencies.[56] Although an investigation has not been conclusive
the cyber attacks coincide with the Russo-Ukrainian crisis.

. U.S. officials attributed the attacks to Russian attackers, although the Russian government
denied involvement.[57]

2014 Ukrainian presidential election

Pro-Russian hackers launched a series of cyberattacks over several days to disrupt the May
2014 Ukrainian presidential election, releasing hacked emails, attempting to alter vote tallies,
and delaying the final result with distributed denial-of-service (DDOS) attacks.[58][59] Malware
that would have displayed a graphic declaring far-right candidate Dmytro Yarosh the
electoral winner was removed from Ukraine's Central Election Commission less than an hour
before polls closed. Despite this, Channel One Russia "reported that Mr. Yarosh had won and
broadcast the fake graphic, citing the election commission's website, even though it had never
appeared there."[58][60] According to Peter Ordeshook: "These faked results were geared for a
specific audience in order to feed the Russian narrative that has claimed from the start that
ultra-nationalists and Nazis were behind the revolution in Ukraine."[58]

United Kingdom "Brexit" referendum

Further information: Brexit and Russian interference in the 2016 United Kingdom referendum on
exiting the European Union

In the run up to the referendum on the United Kingdom exiting the European Union
("Brexit"), Prime Minister David Cameron suggested that Russia "might be happy" with a
positive Brexit vote, while the Remain campaign accused the Kremlin of secretly backing a
positive Brexit vote.[61] In December 2016, Ben Bradshaw MP claimed in Parliament that
Russia had interfered in the Brexit referendum campaign.[62] In February 2017, Bradshaw
called on the British intelligence service, Government Communications Headquarters, then
under Boris Johnson as Foreign Secretary, to reveal the information it had on Russian
interference.[63] In April 2017, the House of Commons Public Administration and
Constitutional Affairs Select Committee issued a report stating, in regard to the June 2016
collapse of the government's voter registration website less than two hours prior to the
originally scheduled registration deadline (which was then extended), that "the crash had
indications of being a DDOS 'attack.'" The report also stated that there was "no direct
evidence" supporting "these allegations about foreign interference." A Cabinet Office
spokeswoman responded to the report: "We have been very clear about the cause of the
website outage in June 2016. It was due to a spike in users just before the registration
deadline. There is no evidence to suggest malign intervention."[64][65]

In June 2017, it was reported by The Guardian that "Leave" campaigner Nigel Farage was a
"person of interest" in the United States Federal Bureau of Investigation into Russian
interference in the United States 2016 Presidential election.[66] In October 2017, Members of
Parliament in the Culture, Media and Sport Committee demanded that Facebook, Twitter,
Google and other social media corporations, to disclose all adverts and details of payments by
Russia in the Brexit campaign.[67]

United States

See also: Russian interference in the 2016 United States elections, Russian interference in the 2018
United States elections, and Russian interference in the 2020 United States elections

Putin's Asymmetric Assault on Democracy in Russia and Europe: Implications for U.S. National
Security

In 1999, Moonlight Maze was the US investigation of a 1996-1999 Russian cyberattack

against NASA, the Pentagon, the US military, civilian academics and government agencies.
The cyberattack was attributed to Russian-state-sponsored hackers.[68][69][70]

The 2008 cyberattack on the United States was connected to Russian language threat actors.
[71]

In April 2015, CNN reported that "Russian hackers" had "penetrated sensitive parts of the
White House" computers in "recent months." It was said that the FBI, the Secret Service, and
other U.S. intelligence agencies categorized the attacks as "among the most sophisticated
attacks ever launched against U.S. government systems."[72]

In 2015, CNN reported that Russian hackers, likely working for the Russian government, are
suspected in the State Department hack. Federal law enforcement, intelligence and
congressional officials briefed on the investigation say the hack of the State Department
email system is the "worst ever" cyberattack intrusion against a federal agency.[73]
In February 2016, senior Kremlin advisor and top Russian cyber official Andrey Krutskikh
told the Russian national security conference in Moscow that Russia was working on new
strategies for the "information arena" that was equivalent to testing a nuclear bomb and
would "allow us to talk to the Americans as equals".[74]

In 2016, the release of hacked emails belonging to the Democratic National Committee, John
Podesta, and Colin Powell, among others, through DCLeaks and WikiLeaks was said by
private sector analysts[75] and US intelligence services[76] to have been of Russian origin.[77][78]
Also, in December 2016, Republicans and Democrats on the Senate Committee on Armed
Services called for "a special select committee to investigate Russian attempts to influence
the presidential election".[79][80]

In 2018, the United States Computer Emergency Response Team released an alert warning
that the Russian government was executing "a multi-stage intrusion campaign by Russian
government cyber actors who targeted small commercial facilities' networks where they
staged malware, conducted spear phishing, and gained remote access into energy sector
networks." It further noted that "[a]fter obtaining access, the Russian government cyber
actors conducted network reconnaissance, moved laterally, and collected information
pertaining to Industrial Control Systems."[81] The hacks targeted at least a dozen U.S. power
plants, in addition to water processing, aviation, and government facilities.[82]

In June 2019, the New York Times reported that hackers from the United States Cyber
Command planted malware potentially capable of disrupting the Russian electrical grid.[83]
According to Wired senior writer Andy Greenberg, "The Kremlin warned that the intrusions
could escalate into a cyberwar between the two countries."[83]

Over several months in 2020, a group known as APT29 or Cozy Bear, working for Russia's
Foreign Intelligence Service, breached a top cybersecurity firm and multiple U.S. government
agencies including the Treasury, Commerce, and Energy departments and the National
Nuclear Security Administration.[84] The hacks occurred through a network management
system called SolarWinds Orion. The U.S. government had an emergency meeting on 12
December 2020, and the press reported the hack the next day. When Russia's Foreign
Intelligence Service performs such hacks, it is typically "for traditional espionage purposes,
stealing information that might help the Kremlin understand the plans and motives of
politicians and policymakers," according to The Washington Post, and not for the purpose of
leaking information to the public.[85]

Further information: 2020 United States federal government data breach

In February 2021 a report by Dragos stated that Sandworm has been targeting US electric
utilities, oil and gas, and other industrial firms since at least 2017 and were successful in
breaching these firms a "handful" of times.[86][87]

In May 2021, the Colonial Pipeline ransomware attack was perpetrated by Russian language
hacking group DarkSide.[88][89] It was the largest cyberattack on an energy infrastructure target
in US history. Colonial Pipeline temporarily halted the operations of the pipeline due to the
ransomware attack.[90] The Department of Justice recovered the bitcoin ransom from the
hackers.[91]

Venezuela
After the news website Runrun.es published a report on extrajudicial killings by the
Bolivarian National Police, on 25 May 2019, the Venezuelan chapter of the Instituto de
Prensa y Sociedad (IPYS), pointed out that the website was out of service due to an uncached
request attack, denouncing that it originated from Russia.[92]

False alarms
On 30 December 2016, Burlington Electric Department, a Vermont utility company, announced that
code associated with the Russian hacking operation dubbed Grizzly Steppe had been found in their
computers. Officials from the Department of Homeland Security, FBI and the Office of the Director of
National Intelligence warned executives of the financial, utility and transportation industries about
the malware code.[93] The first report by The Washington Post left the impression that the grid had
been penetrated, but the hacked computer was not attached to the grid. A later version attached
this disclaimer to the top of its report correcting that impression: "Editor's Note: An earlier version
of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities
say there is no indication of that so far. The computer at Burlington Electric that was hacked was not
attached to the grid.

There are many different motives for cyberattacks, with the majority being for financial
reasons. However, there is increasing evidence that hackers are becoming more politically
motivated. Cyberterrorists are aware that governments are reliant on the internet and have
exploited this as a result. For example, Mohammad Bin Ahmad As-Sālim's piece "39 Ways to
Serve and Participate in Jihad" discusses how an electronic jihad could disrupt the West
through targeted hacks of American websites, and other resources seen as anti-Jihad,
modernist, or secular in orientation (Denning, 2010; Leyden, 2007).[41]

Many of the cyberattacks are not conducted for money, rather the cyberattacks are conducted
due to different ideological beliefs and due to wanting to get personal revenge and outrage
towards company or individual, the cybercriminal is attacking.[42] An employee might want to
get revenge on a company if they were mistreated or wrongfully terminated.[citation needed]

Other motivations for cybercriminals include:

 Political goals
 Competition between companies
 Cyberwarfare between two countries
 Money

Political goals motivate cyber-attackers because they are not happy with candidates and they
might want certain candidates to win the election, therefore, they might alter the election
voting to help their preferred candidate win.

Competition between two companies can also stir up a cyberattack, as one company can hire
a hacker to conduct the attack on a company as they might want to test the rival company's
security. This will also benefit a company because it will force their competitor's customers
to think that the company is not secure due to them getting cyber attacked effortlessly and
they don't want any of their personal credentials getting leaked.
Cyberwarfare is motivation for countries that are fighting each other. This is mainly used to
weaken the opposing country by compromising its core systems and the countries data and
other vulnerable information.

Money is motivating for cyber attacks for ransomware, phishing, and data theft as the cyber
criminals can differently contact the victims and ask for money and in return the data stays
safe.

Laws in Various Countries on Cyber Terrorism

Singapore
New laws allowing Singapore to launch pre-emptive strikes against computer hackers have
raised fears that Internet controls are being tightened and privacy compromised in the name
of fighting terrorism The city-state's parliament has approved tough new legislation aimed at
stopping "cyber terrorism," referring to computer crimes that are endanger national security,
foreign relations, banking and essential public services. Security agencies can now patrol the
Internet and swoop down on hackers suspected of plotting to use computer keyboards as
weapons of mass disruption. Violators of the Computer Misuse Act such as website hackers
can be jailed up to three years or fined up to S$10,000 ($5,800).

New York
A bill sponsored by state Sen. Michael Balboni, R-East Williston, that makes cyber terrorism
a felony was approved by the legislative body earlier this month and sent to the State
Assembly. Under the legislation, cyber terrorism, using computers to disrupt, terrorize or kill,
would become a class B felony, carrying a prison term of up to 25 years.

Malaysia
Malaysia is to establish an international centre to fight cyber-terrorism, providing an
emergency response to high-tech attacks on economies and trading systems around the globe,
reports said. Prime Minister Abdullah Ahmad Badawi said during a visit to the United States
that the facility, sited at the high-tech hub of Cyberjaya outside Kuala Lumpur, would be
funded and supported by governments and the private sector.

The New Straits Times said the centre would be modelled on the Centre for Disease Control
in Atlanta, which helps handle outbreaks of disease around the world.

Abdullah -- who announced the initiative at the close of the World Congress on Information
Technology in Austin, Texas -- said the threat of cyber-terrorism was too serious for
governments to ignore.

The Interpol, with its 178 member countries, is doing a great job in fighting against cyber
terrorism. They are helping all the member countries and training their personnel. The
Council of Europe Convention on Cyber Crime, which is the first international treaty for
fighting against computer crime, is the result of 4 years work by experts from the 45 member
and non-member countries including Japan, USA, and Canada. This treaty has already
enforced after its ratification by Lithuania on 21st of March 2004.

The Association of South East Asia Nations (ASEAN) has set plans for sharing information
on computer security. They are going to create a regional cyber-crime unit by the year 2005.
United Kingdom
United Kingdom adopted Terrorism Act, 2000, which gives the definition of terrorism and
also gives various provisions for Cyber terrorism.

Pakistan
Whoever commits the offence of cyber terrorism and causes death of any person shall be
punishable with death or imprisonment for life, according to the ordinance, which was
published by the state-run APP news agency. The Prevention of Electronic Crimes law will
be applicable to anyone who commits a crime detrimental to national security through the use
of a computer or any other electronic device, the government said in the ordinance. It listed
several definitions of a terrorist act including stealing or copying, or attempting to steal or
copy, classified information necessary to manufacture any form of chemical, biological or
nuclear weapon.

In India
Although the term cyber terrorism is absent from the terminology of the Indian law, Section
69 of the Information Technology Act is a strong legislative measure to counter the use of
encryption by terrorists. This section authorizes the Controller of Certifying Authorities
(CCA) to direct any Government agency to intercept any information transmitted through any
computer resource.

Constitution of India
Any person who fails to assist the Government agency in decrypting the information sought
to be intercepted is liable for imprisonment up to 7 years.
Article 300A of Constitution of India states that all persons have a right to hold and enjoy
their properties. In a specific case of Bhavnagar University v Palitana Sugar Mills Pvt. Ltd.
Supreme Court applied the constitutional clause with the interpretation that anyone can enjoy
his or her property rights in any manner preferred. This also includes property rights to
information stored on computers or in any electronic format.

Articles 301 to 305 refer to the right for free trade. As long as an individual carries out a
business in accordance with law, it cannot be interfered. Besides, free trade and any
commercial activities cannot be visualized without technological rights, which mean that any
distortion of those is illegal. In India these provisions have been effectively used to protect
individual property rights against the actions of cyber-criminals.

Penal Code
A big deal of protection is also provided by Indian Penal Code. Section 22 of it gives a
definition of a movable property stating that it also includes all corporal properties. It means
that any information stored on a computer can be conveniently regarded as a movable
property as it can definetely be moved from one place to another and is not attached.

Section 29A of the Code with Section 2(1)(t) of the Information Technology Act provides
that electronic record means data, record, or data generated, image or sound stored, received
or sent in an electronic form or microfilm or computer generated microfiche.

Cyber-terrorism and Human Rights

Universal Declaration of Human Rights in its Preamble talks about a freedom from fear and
want. Freedom from fear is mostly a term of psychological nature, however, it is being used
very widely nowadays especially in cases of terrorism. Article 3 of the Declaration sets the
right to security of person. As we know, term person also includes an environment (s)he
exists in, different from the term individual which under one of the concepts imagines it as
something abstract, apart from any other surrounding conditions. So protecting a personal
security would also mean protecting his (her) social, economical and other connections,
threads established with the environment. As long as in modern reality these are sometimes
predominantly based on technology, computers or internet, cyber-terrorism protection also
deals with security of person. Here I would also add Article 5 with it's protection against
degrading treatment. Personal harm is also a part of degradation and treating a person in a
current way is something that may be provided by cyber-criminal act as it was proven above.

One important provision that I would like to pay special attention to is Article 12 of the
Declaration. It states: No one shall be subjected to arbitrary interference with his privacy, nor
to attacks upon his honour or reputation. Privacy is defined as the quality or state of being
apart from company or observation which in combination with another definition of freedom
from unauthorized intrusion given by the same source, also includes the privacy of computer-
stored data and a right to enjoy it's private state of non-interference without personal will of
the possessor.

Article 17 sets a right to property and a restriction to deprive anyone from possessed
property. Property is defined as anything that is owned by a person or entity , including two
types of it: real property and personal property. Personal property or personality includes
movable assets which are not real property, money, or investments.

Article 19, however, plays a different role in this topic and is mostly associated with internet
use by terrorists in general.

Judicial response:
The judiciary can play its role by adopting a stringent approach towards the menace of cyber
terrorism. It must, however, first tackle the jurisdiction problem because before invoking its
judicial powers the courts are required to satisfy themselves that they possess the requisite
jurisdiction to deal with the situation. Since the Internet "is a cooperative venture not owned
by a single entity or government, there are no centralized rules or laws governing its use. The
absence of geographical boundaries may give rise to a situation where the act legal in one
country where it is done may violate the laws of another country. This process further made
complicated due to the absence of a uniform and harmonized law governing the jurisdictional
aspects of disputes arising by the use of Internet. It must be noted that, generally, the scholars
point towards the following "theories" under which a country may claim prescriptive
jurisdiction:
(a) a country may claim jurisdiction based on "objective territoriality" when an activity takes
place within the country,
(b) a "subjective territoriality" may attach when an activity takes place outside a nation's
borders but the "primary effect" of the action is within the nation's borders,
(c) a country may assert jurisdiction based on the nationality of either the actor or the victim,
(d) in exceptional circumstances, providing the right to protect the nation's sovereignty when
faced with threats recognised as particularly serious in the international community.
In addition to establishing a connecting nexus, traditional international doctrine also calls for
a "reasonable" connection between the offender and the forum. Depending on the factual
context, courts look to such factors, as whether the activity of individual has a "substantial
and foreseeable effect" on the territory, whether a "genuine link" exists between the actor and
the forum, the character of the activity and the importance of the regulation giving rise to the
controversy, the extent to which exceptions are harmed by the regulation, and the importance
of the regulation in the international community. The traditional jurisdictional paradigms may
provide a framework to guide analysis for cases arising in cyberspace [Dawson Cherie;
Creating Borders on the Internet- Free Speech, the United States and International
Jurisdiction, Virginia Journal of International Law, V-44, No-2 (Winter, 2004).]. It must be
noted that by virtue of section 1(2) read with section 75 of the Information Technology Act,
2000 the courts in India have long arm jurisdiction to deal with cyber terrorism.

Conclusion
Therefore, cyber terrorism is becoming major tool for terrorists and thus it is getting more
essential to frame policies to counter these attacks.

The Biden-Harris Administration has warned repeatedly about the potential for Russia to
engage in malicious cyber activity against the United States in response to the unprecedented
economic sanctions we have imposed.  There is now evolving intelligence that Russia may be
exploring options for potential cyberattacks.

The Administration has prioritized strengthening cybersecurity defenses to prepare our

Nation for threats since day one. President Biden’s Executive Order is modernizing the
Federal Government defenses and improving the security of widely-used technology. The
President has launched public-private action plans to shore up the cybersecurity of the
electricity, pipeline, and water sectors and has directed Departments and Agencies to use all
existing government authorities to mandate new cybersecurity and network defense
measures. Internationally, the Administration brought together more than 30 allies and
partners to cooperate to detect and disrupt ransomware threats, rallied G7 countries to hold
accountable nations who harbor ransomware criminals, and taken steps with partners and
allies to publicly attribute malicious activity.

We accelerated our work in November of last year as Russian President Vladimir Putin
escalated his aggression ahead of his further invasion of Ukraine with extensive briefings and
advisories to U.S. businesses regarding potential threats and cybersecurity protections. The
U.S. Government will continue our efforts to provide resources and tools to the private
sector, including via CISA’s Shields-Up campaign and we will do everything in our power to
defend the Nation and respond to cyberattacks. But the reality is that much of the Nation’s
critical infrastructure is owned and operated by the private sector and the private sector must
act to protect the critical services on which all Americans rely.

We urge companies to execute the following steps with urgency:

 Mandate the use of multi-factor authentication on your systems to make it harder for
attackers to get onto your system;
 Deploy modern security tools on your computers and devices to continuously look for
and mitigate threats;
  Check with your cybersecurity professionals to make sure that your systems are
patched and protected against all known vulnerabilities, and change passwords across
your networks so that previously stolen credentials are useless to malicious actors;
 Back up your data and ensure you have offline backups beyond the reach of malicious
actors;
 Run exercises and drill your emergency plans so that you are prepared to respond
quickly to minimize the impact of any attack;
 Encrypt your data so it cannot be used if it is stolen;
 Educate your employees to common tactics that attackers will use over email or
through websites, and encourage them to report if their computers or phones have
shown unusual behavior, such as unusual crashes or operating very slowly; and
 Engage proactively with your local FBI field office or CISA Regional Office to
establish relationships in advance of any cyber incidents. Please encourage your IT
and Security leadership to visit the websites of CISA and the FBI where they will find
technical information and other useful resources.

We also must focus on bolstering America’s cybersecurity over the long term. We encourage
technology and software companies to: 

 Build security into your products from the ground up — “bake it in, don’t bolt it on”
— to protect both your intellectual property and your customers’ privacy.
 Develop software only on a system that is highly secure and accessible only to those
actually working on a particular project.  This will make it much harder for an
intruder to jump from system to system and compromise a product or steal your
intellectual property.

 Use modern tools to check for known and potential vulnerabilities. Developers can fix
most software vulnerabilities — if they know about them.  There are automated tools
that can review code and find most coding errors before software ships, and before a
malicious actor takes advantage of them. 

 Software developers are responsible for all code used in their products, including
open source code. Most software is built using many different components and
libraries, much of which is open source.  Make sure developers know the provenance
(i.e., origin) of components they are using and have a “software bill of materials” in
case one of those components is later found to have a vulnerability so you can rapidly
correct it. 

 Implement the security practices mandated in the President’s Executive Order,

Improving our Nation’s Cybersecurity. Pursuant to that EO, all software the U.S.
government purchases is now required to meet security standards in how it is built and
deployed. We encourage you to follow those practices more broadly.

Abstract
At present, most of the economic, commercial, cultural, social and governmental activities
and interactions of countries, at all levels, including individuals, non-governmental
organizations and government and governmental institutions, are carried out in cyberspace.
Recently, many private companies and government organizations around the world are facing
the problem of cyber-attacks and the danger of wireless communication technologies.
Today’s world is highly dependent on electronic technology, and protecting this data from
cyber-attacks is a challenging issue. The purpose of cyber-attacks is to harm companies
financially. In some other cases, cyber-attacks can have military or political purposes. Some
of these damages are: PC viruses, knowledge breaks, data distribution service (DDS) and
other assault vectors. To this end, various organizations use various solutions to prevent
damage caused by cyber-attacks. Cyber security follows real-time information on the latest
IT data. So far, various methods had been proposed by researchers around the world to
prevent cyber-attacks or reduce the damage caused by them. Some of the methods are in the
operational phase and others are in the study phase. The aim of this study is to survey and
comprehensively review the standard advances presented in the field of cyber security and to
investigate the challenges, weaknesses and strengths of the proposed methods. Different
types of new descendant attacks are considered in details. Standard security frameworks are
discussed with the history and early-generation cyber-security methods. In addition, emerging
trends and recent developments of cyber security and security threats and challenges are
presented. It is expected that the comprehensive review study presented for IT and cyber
security researchers will be useful.

1. Introduction
For more than two decades, the Internet has played a significant role in global
communication and has become increasingly integrated into the lives of people around the
world. Innovations and low cost in this area have significantly increased the availability, use
and performance of the Internet, thus that today the Internet has about 3 billion users
worldwide (Tan et al., 2021). The Internet has created a vast global network that has
generated billions of dollars annually for the global economy (Judge et al., 2021). At present,
most of the economic, commercial, cultural, social and governmental activities and
interactions of countries, at all levels, including individuals, non-governmental organizations
and government and governmental institutions, are carried out in cyberspace (Aghajani and
Ghadimi, 2018). Vital and sensitive infrastructures and systems either form a part of
cyberspace themselves or are controlled, managed and exploited through this space, and most
of the vital and sensitive information is transferred to this space or basically It has been
formed in this space (Akhavan-Hejazi and Mohsenian-Rad, 2018). Most media activities are
transferred to this space, most financial exchanges are done through this space and a
significant proportion of citizens’ time and activities are spent interacting in this
space (Priyadarshini et al., 2021). The share of income from cyberspace businesses in the
Gross domestic product (GDP) of countries has increased significantly and among the
indicators set to measure the extent of development, cyberspace indicators have a major
share. A significant part of the material and spiritual capital of countries is spent on this space
and a significant part of the material income and spiritual achievements of citizens are
obtained or have a major impact on this space (Amir and Givargis, 2020). In other words,
different aspects of citizens ’lives are literally intertwined with this space, and any instability,
insecurity and challenges in this space will directly affect different aspects of citizens’
lives (Li et al., 2020). Nevertheless, cyberspace has posed new security challenges to
governments. The low cost of entry, anonymity, uncertainty of the threatening geographical
area, dramatic impact and lack of public transparency in cyberspace, have led to strong and
weak actors including governments, organized and terrorist groups and even individuals in
this space, and threats such as cyber warfare, cybercrime, cyber terrorism, and cyber
espionage (Niraja and Srinivasa Rao, 2021). This distinguishes cyber threats from traditional
national security threats, which are largely transparent in nature and whose actors are
governments and nations that can be identified in a specific geographical area, and it has
caused national security in its traditional sense to be challenged and inefficient in this
space (Sarker, 2021). For more than a decade, analysts have pondered the possible
consequences of cyber-attacks (Shin et al., 2021). There are various scenarios for severe and
sometimes widespread physical or economic damage, including the function of a virus that
attacks the financial documents of an economic system or disrupts a country’s stock market,
or by sending an incorrect message, it will cause the country’s power plant to stop and fail, or
even by disrupting the air traffic control system, it will cause air accidents (Snehi and
Bhandari, 2021, Ahmed Jamal et al., 2021). Therefore, until governments come up with a
clear definition of a cyber-attack that is accepted and favored by the international community,
it will certainly be very difficult for experts to address the complex and diverse dimensions
and aspects of the issue and provide legal advice and analysis (Cao et al., 2021). Therefore,
the question that arises is what is a cyber-attack, what are its characteristics and whether
basically any attack that takes place in cyberspace can be considered a kind of attack in its
traditional and classic sense or not (Gupta Bhol et al., 2021). The existence of a
comprehensive definition of a cyber-attack will undoubtedly have a direct impact on the legal
environment to continue and identify the consequences of this attack type (Furnell et al.,
2020). There is no doubt that the lack of a clear and comprehensive definition not only
obscures the leading legal path, but also leads to diversity in interpretation and practice, and
ultimately to the achievement of sometimes contradictory legal conclusions (Alhayani et al.,
2021). Therefore, the importance and necessity of having an acceptable definition, at least for
the beginning of the topic and its explanation, adaptation and analysis is very important, and
a detailed study is necessary. In the present study, first the nature of cyber-attack is explained
and then the segregation and cyber-attack classification are examined and then the existing
definitions are investigated and analyzed from the point of view of international experts and
organizations. Finally the conclusion of the paper is presented.

2. Fundamental concepts
Cyber-attacks fall into a broader context than what is traditionally called information
operations. Information operations integrated use of the main capabilities of electronic
warfare, psychological, computer network, military trickery and security operations in
coordination with special support and relevant abilities and to penetration, stop, destroy or
hijack human decisions and It is one of the decision-making processes of national
institutions (Hart et al., 2020). Fig. 1 describes the anatomy of a cyber-attack. From the
USNM Strategy for cyberspace operations, computer network operation is composed of the
attack, defense, and utilization enabling (Ma et al., 2021). The latter is different from network
attacks and network defense, because this type of operation focuses more on collection and
analyzing information than interrupting networks, and may itself be the prelude to an
attack (Alghamdie, 2021). These operations can be carried out of disseminating information
and propaganda purposes (Thomson, 2015). Computer network exploitation enabling
operations can also be carried out with the aim of stealing important computers data. In such
a context, Trap Sniffers and Doors are beneficial tools for cyber espial (Liu et al., 2021). Trap
Doors permit an external user to accessibility software at any time without the knowledge of
the computer user. Sniffers are a tool to steal usernames and passwords (Karbasi and Farhadi,
2021). Table 1 describes the basic definitions and concepts of cyberspace. The consequences
of cyber warfare can include the following (Khan et al., 2020, Furnell and Shah, 2020,
Mehrpooya et al., 2021):

The overthrow of the system of government or the catastrophic threat to national

security; a

Simultaneous initiation of physical warfare or groundwork and facilitate the start of

physical warfare in the near future;

Catastrophic destruction or damage to the country’s image at the international level;

Catastrophic destruction or damage to the political and economic relations of the

country;

Extensive human casualties or danger to public health and safety;

Internal chaos;

Widespread disruption in the administration of the country;

Destroying public confidence or religious, national and ethnic beliefs;

Severe damage to the national economy;

Extensive destruction or disruption of the performance of national cyber assets.

In addition, five scenarios can be considered for cyber warfare: (1) Government-sponsored
cyber espionage to gather information to plan future cyber-attacks, (2) a cyber-attack aimed
at laying the groundwork for any unrest and popular uprising, (3) Cyber-attack aimed at
disabling equipment and facilitating physical aggression, (4) Cyber-attack as a complement to
physical aggression, and (5) Cyber-attack with the aim of widespread destruction or
disruption as the ultimate goal (cyber warfare) (Alibasic et al., 2016). One type of cyber-
attack is encryption. Encryption is a reversible method of encrypting data that requires a key
to decrypt. Encryption can be used in conjunction with encryption, which provides another
level of confidentiality (Sun et al., 2018). Encryption is the implementation and study of data
encryption and decryption thus that it can only be decrypted by specific individuals. The
system for encrypting and decrypting data is the encryption system (ji et al., 2021).
Encryption is a powerful tool for protecting important and private information when exposed
to threats from strangers and criminals, as well as for hiding unauthorized activities from law
enforcement. As computers grow faster and failure methods become more secure,
cryptographic algorithms require sustained consolidation to prevent insecurity (Zou et al.,
2020). Note that, in general, a distinction can be made between cyber-crime, cyber-warfare,
and cyber-attacks. Fig. 2 and Table 2 describes the distinction between cyber-crime, cyber-
warfare, and cyber-attack that defines the conceptual distinction between them.

2.1. Definition of cyber-attack from the specialists’ point of view

Various definitions of cyber-attack had been made by specialists in both legal and technical
fields, the most important of which are as follows:

(1) Richard Clark: Cyber-attacks are actions taken by countries to infiltrate the computers or
computer networks of a country or other countries to cause damage or disruption (Motsch et
al., 2020). In the analysis and critique of this definition, it can be said that the three elements,
namely the perpetrator of the attack, the purpose and intention of the attack, have been used
as criteria, without considering the forms of disruption (Cao et al., 2019). In addition, in
terms of the perpetrator of the attack, only countries are mentioned in general, however, if an
attack in the context and geographical area under the control and jurisdiction of a country
(cyberspace of networks under the control of countries) by individuals and If non-
governmental and private groups act against a third country, it will basically fall outside the
scope of the mentioned definition and will not include them, and thus there should be a gap in
the legal coverage of such attacks. Given this situation, it can be said that the mentioned
definition is largely incomplete and does not include a significant part of the attacks carried
out by private and non-governmental groups, and leads to a vacuum (Zhang, 2017).

(2) Michael Hayden: Any intentional attempt to disrupt or destroy another country’s
computer networks (Robinson et al., 2015). Obviously, this definition is also very general and
does not make any distinction between cybercrime, cyber-attack and cyber warfare, and the
line between their detection is in an aura of ambiguity, the lack of such a distinction will
certainly affect commentators and policymakers in their actions. The broad framework of the
rules of war leaves free cyberspace, which can certainly have dangerous and adverse
consequences for the spread of war and belligerence of countries (Edgar and Manz, 2017).
Hence, the generality of the above definition is in fact its main weakness, which leads to lack
of luck. Compared to the first definition, which limited the perpetrators of the attack to
government aggressors, this definition is general that it is easy to interpret and, as mentioned,
can be dangerous and have negative effects and cause confusion in relations between
countries and ultimately a threat to peace at the level of the international
community (Nicholson et al., 2012).
(3) Martin Libicki: Digital attacks on computer systems cause the attacked computer systems
to appear normal, but in fact produce and issue untrue responses (Quigley et al., 2015). This
approach to defining cyber-attacks in fact excludes a wide range of potential threats to the
national security of a country whose cyber infrastructure has been targeted but has not
reached the level and threshold of meaningful attacks. The fact of the matter is that these
threats can cause damage to the computer systems and networks of the target country.
Therefore, any definition of a cyber-attack that excludes the above will necessarily be an
incomplete definition that does not have the necessary comprehensiveness (Damon et al.,
2014, Shamel et al., 2016).

(4) Tallinn Manual Group: A cyber-attack is an offensive or defensive cyber operation that
can cause injury or death to persons or cause damage or destruction of property. The
confusing point of this definition is in fact the results and effects obtained. From the point of
view of the providers of this definition, a cyber-attack will be of the nature of an attack if it
leads to the results stated in the definition (i.e. infliction of personal and financial
injuries) (Bullock et al., 2021). Therefore, the main basis of the definition of this group is the
result-oriented nature of cyber-attacks, not the attacks themselves; In this way, if this type of
attack leaves the effects and consequences of violence, objective and tangible, it will be
described as an attack, and it is at this stage that the rules of international law in related areas
and fields (the right to appeal to coercion, the law of war and the law of international
responsibility will be enforceable (Chen et al., 2021).

3. Cyber space threats

Naturally, it is the scope of the global cyberspace, which creates overlapping and overlapping
areas of control for national actors with different legal and cultural approaches and different
strategic interests (Iqbal and Anwar, 2020). Countries around the world have become
sufficiently dependent on cyberspace for communications and control of the physical world;
in a way that it is definitely impossible to separate from it. Therefore, the security tasks and
functions of each country are increasingly affected by cyberspace (Zhao et al., 2020). Due to
the global production of software and hardware products, it is impossible to provide
guarantees in the product supply chain process. The scalability of the cyber domain makes it
qualitatively different. A bomb has a limited physical range in the most extreme conditions;
however cyber-threats have a very wide range of effects, therefore we have a mechanism that
can control real-world operations. Like many other areas of knowledge, operations within the
cyberspace are controlled by a relatively small number of individuals. Users do not have the
ability to modify or control the software and hardware they use. It is no secret that a small
number of people can effectively control or manage cyber warfare (Zhang et al., 2021).
Despite the required concentration and specialized knowledge, the distributed nature of the
cyber domain prevents a person or group of individuals from seeking complete control.
Changes in the field of cyber occur rapidly and are based on the constant development of
computing and communication technologies. Cyber cohesion increases this acceleration.
Each change creates a new era of vulnerability and response. Cyberspace is far from static
and almost dynamic throughout (Varga et al., 2021). The distribution of cyber assets is
widespread in all types of organizations, from closed and government-controlled systems to
systems owned and managed by the private sector of society, each with different resources
and facilities and different capacities and concerns are present on the scene (Zhao et al.,
2021). The nature of cyberspace is such that, at present, there is no technical ability to assign
activities to individuals or groups or organizations, with a high degree of confidence. The
basic threats in cyberspace are: foreign threats, internal threats, threats in the supply chain of
goods and services, and threats due to insufficient operational capability of local forces (Al-
Ghamdi, 2021). Foreign intelligence services use cyber tools to carry out some of their
intelligence gathering and espionage activities. Numerous such cases have been reported
worldwide for the misuse and destruction of countries’ information infrastructures,
comprising the computer systems, Internet information networks, and processors and
controllers embedded in vital industries. Another source of attacks is groups of people who
attack cyber systems to make money, and the attacks of these groups are increasing (Beechey
et al., 2021). In addition, other groups (hackers) sometimes enter the network to express
themselves. In the current situation, it is possible to infiltrate networks with a minimum of
knowledge and skills, by downloading the necessary programs and protocols from the
Internet and using them against other sites. Meanwhile, another group (called Hacktivism)
with politically motives attacks popular web pages or e-mail hosts. These groups usually
impose increased loads on e-mail hosts, and by infiltrating the web sites, they announce their
political messages (Solomon, 2017). On the other hand, internal dissatisfied agents operating
within the organization are the main source of cybercrime, and these agents do not need to
have significant knowledge of cyber-attacks; because their target system awareness mostly
allows unlimited access to hit the system or steal the organization’s information. Terrorists
are another source of threat that seeks to destroy, disabling, or maliciously exploit vital
infrastructure to menace national security, inflict heavy losses, weaken the country’s
economy, and undermine public mentality and trust (Saxena and Gayathri, 2021). Fig. 3
shows the sources of cyber threats.

The most important cyber-attacks methods are Denial of service, logical bomb, Abuse tools,
Sniffer, Trojan horse, Virus, Worm, Send spam, and Botnet. Fig. 4 illustrates the important
cyber-attacks types. In the Denial of service method, the authorized users’ access to the
system and vice versa is lost. In fact, the attacker from one point starts immersing the target
computers in various messages and blocking the legal flow of data. This prevents any system
from using the Internet or communicating with other systems (Topping et al., 2021). In
another method, called widespread Denial of services, instead of launching an attack from a
single source, they attack from a large number of distributed systems simultaneously. This is
often done by using worms and multiplying them on multiple computers to attack the target.
Abuse tools are available to the public that can detect and enter vulnerabilities in networks
with different skill levels. A logic bomb is another type of attack in which a programmer
enters code into a program in which, in the event of a specific event, the program
automatically performs a destructive activity (Li et al., 2021, Marefati et al., 2018). Sniffer is
also a program that eavesdrops on routed information and looks for specific information such
as passwords by examining each packet in the data stream (Patel et al., 2021). Trojan horse
hides dangerous code and commonly looks like a helpful program that the user is willing to
run (Al Shaer et al., 2020). In addition, a virus befouls system files, which are commonly
practicable programs, by inserting a copy of it into those files. By loading infected files into
memory, these versions run and allow the virus to infect other files. Unlike worms, viruses
require human intervention to spread. On the other hand, the worm is an autonomous system
program that regenerates itself by copying from one computer to another in the network (Aziz
and Amtul, 2019). Finally, Botnet is a network of infected remote control systems, which is
used to distribute malware, coordinate attacks, and spam and steal messages. Botnets are
usually secretly installed on the target computer, allowing the unauthorized user to remotely
control the target system to achieve their malicious goals. Botnets are also referred to as
electronic soldiers (Kharlamova et al., 2021).

Fig. 4. Main cyber-attacks types.

Qiu et al. (2021) analyzed the impact and threat of cyber security in WAMS-based FFR
(Fractional flow reserve) control with novel scale CNN for processing the spoofing data from
two scales. They also investigated the time–frequency based cyber-security defense
framework for FFR system. The result showed higher accuracy and robustness with actual
synchrophasor data. Lee et al. (2021) developed a method for unified cyber-attack reply
process according to a knowledge-based hidden Makrove modeling. They also examined a
security state approximation method by updated HMMs. The validity of the developed
method has been demonstrated via conducting a case. Zhang and Malacaria (2021) provided a
cyber-security decision support system to select an optimal security portfolio to counteract
multistage cyber-attacks. That system had both online and preventive optimizations
supported by a LM to detect ongoing attacks. They found that the online was a Bayesian
STACKELBERG game for choose the efficient solutions. Kim et al. (2020) examined the
cyber-attack possibility variables for NPPs. In addition, the quantifying of the comparative
significance of NPP possibility variables using AHP and FA was provided. They found that
the recognition of Korean cyber security method had superior preference to be
performed. Tosun (2021) showed that the cyber-attacks demonstrate sudden negative shocks
to firms’ popularities. In addition, financial markets respond to corporate security breaches as
addition comeback decrement. Also, trading rate increased due to selling pressure and
liquidity enhances. In long term, R&D and dividends drop while target firms keep
compensating the CEOs.

1. Download : Download high-res image (374KB)

2. Download : Download full-size image

Fig. 5. Security triangle (CIA).

4. Cyber-security
Cyber security is an important issue in the infrastructure of every company and organization.
In short, a company or organization based on cyber security can achieve high status and
countless successes, because this success is the result of the company’s capability to protect
private and customer data against a competitor. Organizations and competitors of customers
and individuals are abusive. A company or organization must first and foremost provide this
security in the best way to establish and develop itself (Rodríguez-deArriba et al., 2021).
Cyber-security includes practical measures to protect information, networks and data against
internal or external threats. Cyber-security professionals protect networks, servers, intranets,
and computer systems. Cyber-security ensures that only authorized individuals have access to
that information (Ahmed Jamal et al., 2021). For better protection, it is necessary to know the
types of cyber security. Fig. 5 demonstrates the different types of cyber security.

Network Security: Network security protects the computer network from disruptors, which
can be malware or hacking. Network security is a set of solutions that enable organizations to
keep computer networks out of the reach of hackers, organized attackers, and
malware (Zhang, 2021).

1. Download : Download high-res image (282KB)

2. Download : Download full-size image

Fig. 6. Different types of cyber security.

Application Security: Using hardware and software (such as anti-virus programs, encryption,
and firewalls) protects the system against external threats that may interfere with application
development (Alkatheiri et al., 2021).

Information Security: Protects physical and digital data against unauthorized access,
disclosure, misuse, unauthorized changes, and deletion (Ogbanufe, 2021).

Operational Security: Includes processes and decisions made to control and protect data. For
example, user permissions when accessing the network or processes that specify when and
where information may be stored or shared (Ogbanufe, 2021).

Cloud Security: Protects information in the cloud (based on the software), and monitors to
remove the on-site attacks risks (Krishnasamy and Venkatachalam, 2021).

User training: Refers to unpredictable aspects of cyber- security, namely individuals. Anyone
can accidentally get a virus into the security system. Teaching the user to remove suspicious
attachments in the email, not connecting to anonymous USBs, and other critical issues should
be part of any company’s corporate security plan (Krishnasamy and Venkatachalam, 2021).

Cybercrime is any unauthorized activity involving a system, equipment or network. Two

different types of cybercrime are: Crimes that use a system as a target, and the crimes that a
system unknowingly plays a role in creating. Table 3 shows the methods commonly used by
cybercriminals. The security of any organization begins with three principles: confidentiality,
integrity, and availability. These three principles are referred to as the security triangle, or
CIA, which has served as the standard for systems security since the first computer systems
(see Fig. 6) (Palmieri et al., 2021). The principle of confidentiality states that only authorized
sources can access sensitive information and functions. Example: Military secrets
(Confidentiality). The principles of integrity claim that only authorized individuals and
resources can modify, add or remove sensitive information and functions. Example: A user
enters incorrect data into a database (Integrity). Availability Principles claim that systems,
functions, and data must be available on demand upon agreed parameters based on SLA
service level (Availability) (Nguyen and Golman, 2021). The best cyber-security methods go
outside the principles outlined mentioned. Any advanced hacker can bypass this easy defense.
As a company grows, cyber-security becomes more difficult. Another limitation of cyber-
security is treatment with the growing participates with the virtual and actual worlds of data
exchange. An important challenge in cyber-security is the absence of eligible occupational to
do the work. Many people are at the lower extremity of the vision of cyber-security with
general skills. Cyberspace coverage is a broad topic. In the following article, we will review
the main types of cyber security. A comprehensive strategy covers all of these aspects and
does not overlook any of them (Alzubaidi, 2021). The world’s major infrastructure acts as a
combined cyber–physical. We get a lot of benefits from this wonderful structure. However,
deploying an online system creates a new vulnerability to hacking and cyber-attacks.
Organization decision-makers need to incorporate into their agenda how attacks may affect
their performance. Several of the best new hackers see the security of web applications as the
weakest point for attacking an organization. Application security starts with excellent
encryption. Each strategy must be custom designed and implemented for each business
differently. In this way, hacking information and infiltrating it is less done. Cyber-security is
becoming increasingly complex. Organizations need to have a “security perspective” on how
cyber-security works. As a result, you must always have high security to be one step ahead of
hackers. Due to raising security ventures, investment in cyber-security systems and services
is enhancing. The three companies active in this field are McAfee, Cisco, and Trend
Micro (Chandra and Snowe, 2020).

Table 3. Methods commonly used by cybercriminals.

Method Description Ref.

Denial of A hacker consumes all server resources, so access to the service

Alghamdie (2021)
Service is not possible for system users.

Man-in-the- Where a hacker puts himself between the victim device and the
Huang et al. (2020)
Middle router to eavesdrop on or change data packets.

Malware is a way in which victims come in contact with worms Edgar and Manz
Malware
or viruses and their devices become infected. (2017)

It is a method in which a hacker sends a seemingly legitimate Saxena and

Phishing
email asking users to disclose confidential information. Gayathri (2021)

4.1. Cyber-security policy

Cyber has increased the yield of the community and effectively distributed information over
time. No problem what application or industry cyber is used in, increasing production has
always been considered. Fast data transfer to cyberspace mostly declines the total system
security. For technology professionals who improve production, security indicators are often
in direct conflict with progress because prevention indicators reduce, prohibit, or delay user
access, consume indicators that identify critical system resources, and respond to
management attention (Katrakazas et al., 2020). The system changes to satisfactory and
immediate system equipment. The conflict between the security situation and cyber
performance demand along the cyber-security policy is important. The term “policy” is used
in a variety of areas related to cyber-security, and refers to information distribution rules and
regulations, private sector goals for data conservation, system operations strategies for
technology control. However, in the works of this field, the term cyber-security policy is used
for different purposes. Like the phrase “cyberspace”, there is no fixed definition for cyber-
security policy, but when this concept is used as an adjective in the field of policy, a common
concept is intended (Tam et al., 2021).

The cyber-security policy is accepted by the regulatory framework and is officially applied
lonely to the relevant areas of the regulator. Security policy components vary according to the
policy spectrum (Cheng et al., 2020). The national cyber-security policy, for example,
includes all citizens and perhaps foreign businessmen working in its field, but corporate
cyber-security only applies to employees who are employed or have a legal contract and are
expected to regulate their behavior toward the company. It is not even possible to expect
resource providers who rely entirely on one customer to adhere to the customer security
policy unless a formal contract is in place (Alghamdi, 2021). The content of the security
policy is determined by the objectives of the relevant regulatory body. The national security
objectives are very different from the corporate security objectives. The manner of
interpretation and registration of the policy shall be determined by the implementing
organizations and its approval shall be determined by the regulatory board and the
components concerned. In government, the process by which goals become policies and the
process by which policies are incorporated into law are different. But in companies, it is
common to have a centralized security unit that is responsible for cyber-security policy and
related standards and solutions. Standards and solutions of the security unit in companies
become the guide of regulations. When security is a top priority for the organization, one can
also see the cyber-security policy issued by the various internal units of the common
components wing. These common components sometimes identify policy inconsistencies that
occur as a result of trying to implement these issues simultaneously (Quigley et al., 2015).

The country’s cyber policy is now a part of the policy of national security. Even if we
consider a country’s cyber-security policy in line with the State Department policy or the
economic policy, these types of laws and policies are not as sovereign as the constitution. In
fact, policy is created and published in reports and lectures through discussion of various
points and discussions. Policies are created to guide and decide on laws and regulations. The
policy itself is not related to rules and regulations. At best, laws, agreements, and rules
represent a meaningful and wise policy. However, cyber-security enforcement orders, rules
and regulations can be provided without creating a cyber-security policy (Sakhnini et al.,
2021).

In the corporate environment, different departments are expected to follow the rules for fear
of sanctions, as the sanctions will continue until the delinquent sector closes. For instance,
human resource, civil, or costing policies are coded to the extent that any non-compliance
with the notification rules closes the relevant section. Middle managers support processes
such as hiring staff or filing expenses, and are expected to incorporate communicative
policies into departmental activities and to create indicators at the departmental level to
assess policy compliance. In the public sector, any type of organizational subdivision faces
governance constraints (Baig et al., 2017). There are exceptions, in which different sections
of the information classification are taken very seriously, but the company security policy
provided by the CEO applies to the whole company, but the security policy issued by the
CEO is limited to the domain. Technology staff is applicable. One of the recent changes in
the organizational spectrum is the employment of a senior data security manager or a senior
manager who is responsible for selecting different dimensions of the security situation of
organizations. In addition, one of the undesirable differences between corporate cyber-
security policy and human resource or legal policy is that it is left to middle managers.
Cyber-security policy may require that ”when the risk of disclosure of confidential
information is high, information should not be provided without carefully examining the
recipient’s ability to maintain information security (Arend et al., 2020). This policy leaves the
assessment of data risk to a manager who may want to reduce costs using outsourcing the
flow of information to the office and using people outside the office to do information
analysis. Maybe the same manager wants to ignore scrutiny to reduce costs. Such a situation
is the result of miscalculations of information responsibilities toward a person who is not a
security expert, or perhaps the culture of the organization in question bears the risk. In any
case, the division of tasks is essential. These situations become more complex and difficult
due to the fact that cyber-security measures have not matured as much as accounting or
human resource indicators.

5. Conclusion
Cyberspace and related technologies are one of the most important sources of power in the
third millennium. The characteristics of cyberspace, such as low entry prices, anonymity,
vulnerability and asymmetry, have created the phenomenon of power dissipation, which
means that if governments have so far divided the game of power among themselves, then it
must be Other actors, such as private companies, organized terrorist and criminal groups, and
individuals, although it is still governments that play an important role in this. Naturally, this
phenomenon will not deprive governments of their national security. This effect can be
evaluated in several ways. First is the concept of security. National security can no longer be
defined in terms of military issues and internal and external borders, but today, the risk of
declining quality of life of citizens is a threat to national security. The second is the
disappearance of the geographical dimension of cyber threats. In the past, military threats had
a specific geographical location. As a result, it was not difficult to deal with, at least in terms
of identification. Third is the extent of vulnerabilities posed by cyber threats. These threats
are sporadic, multidimensional, and because they are associated with sensitive networks and
infrastructure, their level of damage are very high. Fourth, these threats cannot be contained
by traditional means alone, such as the use of military and police force, and governments
alone are not sufficient to counter them, and effective and bilateral cooperation between
governments and the private sector, which has common interests in dealing with them. With
such threats are, he demands. Fifth, as the previous point shows, cyber threats are not limited
to governments, but individuals and companies will not be immune to the harms of these
threats. Sixth, since security in the information age is not merely governmental, the various
theoretical approaches in international relations whose theories are based primarily on
government are easily overlooked or confusing.

Cyber security in usa

Cybersecurity has been an issue in the US federal government at least as far back as 1983,
when President Ronald Reagan saw the movie “War Games” and asked his national security
team, “Can someone really do that?” The answer had been something like “Yes, sort of…”
which led an increased emphasis on computer security at the federal level. 

In 1993, President Bill Clinton convened a panel of industry security experts, who warned
him of serious risks if the federal government did not get more serious about cyberthreats.
Many initiatives and policies followed. They were all well-intended but perhaps not as
effective as anyone would have wanted.

The deficiency of the federal government’s cyber programs has been on display ever since. A
seemingly nonstop series of cyber disasters has beset the federal government. These range
from the data breach at the Office of Personnel Management (OPM) in 2015 to the theft of
secret submarine codes in 2018 and untold other brazen attacks. 

Certainly, this last year has seen some incredible cyber lapses, including the SolarWinds
hack, which effectively exposed every system in the federal government to unauthorized
access and unknown tampering. It could take years to sort out what actually happened and
determine if the damage can ever truly be remediated. 

Critical infrastructure has also been revealed to be highly exposed, with the ransomware
attack on the Colonial Pipeline demonstrating just how easy it is for foreign criminal gangs to
wreak havoc on American life. Foreign hackers also shut down a major beef processor,
showing in the space of one month that foreign adversaries can switch of the US fuel and
food supplies at will. 
The Biden administration is responding on multiple fronts. The president’s proposed $2
trillion infrastructure spending bill includes funding for upgrading the infrastructure
resilience of the nation’s electrical grid, dealing with supply chain vulnerabilities—the root
cause of the SolarWinds attack—and supporting research on artificial intelligence (AI) and
quantum computing. The administration is also moving to treat ransomware attacks with the
same law enforcement authority as terrorism. Biden has further asked Congress for $9.8
billion for federal agencies to use in improving their cybersecurity.

All of this comes on top of congressional movement to realize the recommendations of the
2020 Cyberspace Solarium Commission report. This respected report, which came from
months of dialogues with the cyber industry’s best minds, contains more than 80
recommendations to make the country, not just the government, safer from cyber risk.  

The US federal government’s cybersecurity 

Disasters notwithstanding, it would be unfair to say that the federal government has been
taking no action to combat cyber threats. The struggles the US faces in cyber are not for a
lack of trying. The difficulty seems to be one of speed and agility. The government can only
move so quickly. The bad guys, in contrast, can pivot very rapidly from one threat vector to
another.

Indeed, the US federal government employs thousands of people in cybersecurity roles,

across multiple departments, the military and the intelligence sector. These are highly trained
professionals are motivated and sworn to defend the United States against all enemies. They
are working to mitigate the massive cyber risks this society faces. Government entities,
standards bodies and private companies are involved in the effort. There are laws and policies
similarly aimed at reducing cyber risk. The following present some of the highlights. 

Federal agencies
The federal government works at cyber defense across a variety of agencies. The National
Security Agency (NSA) is among the most prominent, but least well understood. They are
involved in intercepting foreign cyberattacks while also engaging in offense cyber programs
against our enemies. The NSA has been criticized for keeping cyber vulnerabilities secret so
they can use them to attack others—but leaving American computers exposed. 

They are starting to change this practice. In early 2020, for example, the agency made
headlines for notifying Microsoft of a vulnerability in Windows 10, rather than holding the
vulnerability back for their own purposes. The NSA discovery also triggered an emergency
notification by The Cybersecurity and Infrastructure Security Agency (CISA), to federal
agencies to remediate the Windows problem as quickly as possible—a good example of how
federal cyber defense can work when everyone is doing their jobs. 

CISA, which is part of the Department of Homeland Security (DHS), functions as the main
cyber risk advisor to the United States. They focus primarily on securing federal network and
digital critical infrastructure, like power plants and dams, but the CISA also finds itself in the
lead on many other national cybersecurity efforts. CISA is a new agency, formed in 2018
through the Cybersecurity and Infrastructure Security Agency Act of 2018, which was signed
by President Trump. CISA is a continuation of several predecessor agencies, some of which
were already operating inside DHS. 

The CISA does not work alone. Rather, it has many partners across the government as well as
in private industry and the non-profit sector. The agency works closely with industry groups
that coordinate security and policies in the electrical power sector, nuclear plants, chemical
plants and so forth. This includes the North American Electric Reliability Corporation
(NERC). This organization’s Critical Infrastructure Protection Standards (NERC-CIP) form
the core of countermeasures to protect the American electrical grid.

CISA departments include the National Risk Management Center (NRMC), which is a
planning, analysis, and collaboration center for identifying and addressing critical
infrastructure risks. They also run the Emergency Communications Division and the United
States Computer Emergency Readiness Teams (US-CERT), which responds to cyber
incidents. 

One CISA program that’s drawing praise from industry experts is Continuous Diagnostics
and Mitigation (CDM). CDM, which was commissioned by Congress, offers a dynamic
approach to fortifying the cybersecurity of government networks and systems. It provides
federal departments and agencies with capabilities and tools to conduct automated, on-going
assessments.

CISA is just one agency. Each federal agency is responsible for establishing cybersecurity
standards for itself and entities it works with through the Federal Information Security
Management Act of 2002 (FISMA). This process can be uneven, as GAO reporting has
revealed. Then, industry-specific laws that address cybersecurity each have their own agency
oversight. The HIPAA law that covers healthcare privacy and cybersecurity is run out of the
Department of Health and Human Services (HHS). The Gramm-Leach-Bliley Act, which
deals with financial institutions and customer privacy, is managed by the Federal Trade
Commission (FTC).

Private corporations receive little or no federal cyber protection. With critical infrastructure
companies like power utilities, CISA provides extensive coordination, threat sharing and
guidance. For companies outside of critical infrastructure, businesses are entirely self-reliant
for cyber defense. This makes sense, because the government cannot possibly protect every
American corporation. However, it’s extremely difficult for regular companies to fend off
nation state actors.

The US Cyber Command

The United States Cyber Command (USCYBERCOM) is one of the Department of Defense’s
(DoD’s) eleven unified commands. Its mandate includes strengthening DoD cyberspace
capabilities and supporting both defensive and offensive cyber operations. It was created in
2009, originally as part of the NSA. Their mission statement reads, “USCYBERCOM plans,
coordinates, integrates, synchronizes and conducts activities to: direct the operations and
defense of specified Department of Defense information networks and; prepare to, and when
directed, conduct full spectrum military cyberspace operations in order to enable actions in all
domains, ensure US/Allied freedom of action in cyberspace and deny the same to our
adversaries.”
USCYBERCOM is not the only entity in the US military working on cyber defense and
offense. Each branch of the service has its own CISO and cyber operations. USCYBERCOM
may play a coordinating role in the work of these other groups. USCYBERCOM is quite
small, however, when viewed in the context of the overall US military. 

Laws and standards

Several federal regulations cover cybersecurity. These include HIPPA and Gramm-Leach-
Bliley. The most prominent of them, however, is FISMA, which was originally part of the
Homeland Security Act of 2002. FISMA “requires the development and implementation of
mandatory policies, principles, standards, and guidelines on information security” for
government agencies. Any company or public sector entity deals with the federal government
must adhere to FISMA. 

Like most federal regulations, FISMA is at once complex, sprawling and vague. The specific
standards used for FISMA are determined by the National Institute of Standards (NIST).
NIST has published various standards and frameworks to enable FISMA compliance. There
are dozens of NIST standards and specialized specifications for data security, encryption and
so forth. The essence of FISMA is that it binds all federal agencies to the same standard for
cybersecurity. It assigns responsibility for cybersecurity to agency heads and provides
accountability through certifications and audits. 

However, as GAO reporting has shown, individual agencies may not be doing all they can to
stay secure. Critics point out that the FISMA methodology emphasizes planning over the
measurement of actual security. Most government security experts feel FISMA has helped
the federal government get more secure, but worry that it can risk becoming a checklist rather
than a driver of serious security improvement. Observers have also noted that these laws do
not cover companies that are critical to the Internet, such as Internet Service Providers,
software makers and so forth. 

As progress is made in some areas, other parts of the government are clearly lagging. For
example, the Office of Personnel Management (OPM) has still not fully addressed the
cybersecurity weaknesses that led to the attack. A 2019 audit found “material weaknesses,” in
the OPM’s the agency’s information systems control environment. 

For example, as reported in Federal News Network, The Inspector General reported that
“OPM didn’t have a system in place to identify and generate a complete and accurate listing
of contractors and their employment status. Additionally, the IG found OPM didn’t
appropriately provision and de-provision users’ access to the network based on their work
status.” These are exactly the kind of control breakdowns that enable hackers to penetrate
networks.

Threat sharing

The government and private industry have gotten a lot better at sharing threat intelligence in
recent years. There are now many Information Sharing and Analysis Centers (ISACs) across
the US. ISACs are in the business of sharing relevant threat information with interested
parties. For instance, if a company in the financial industry discovers a piece of malware, it
can share its “signature,” or identifying characteristics with ISACs in the electrical power
grid sector and so on. This sharing enables better protection all around. 
Cybersecurity employment in the federal government
The US federal government either does not know, or will not disclose, just how many of its
employees work in cybersecurity. The number is surely in the tens, if not hundreds of
thousands, however. The federal government is likely the world’s largest employer of
cybersecurity personnel. 

Each federal agency has its own internal security team. Agencies like CISA, the National
Security Agency and the FBI have dedicated cybersecurity personnel. Many of the jobs
require security clearances. Each branch of the military has its own substantial cyber
operations—spanning intelligence, offensive and defensive cyber war. With the recent push
for increased cybersecurity action and regulation, it’s a good time to be preparing for a career
in cybersecurity with the federal government. 

or more than two decades, the Internet has played a significant role in global communication
and has become increasingly integrated into the lives of people around the world. Innovations
and low cost in this area have significantly increased the availability, use and performance of
the Internet, thus that today the Internet has about 3 billion users worldwide (Tan et al.,
2021). The Internet has created a vast global network that has generated billions of dollars
annually for the global economy (Judge et al., 2021). At present, most of the economic,
commercial, cultural, social and governmental activities and interactions of countries, at all
levels, including individuals, non-governmental organizations and government and
governmental institutions, are carried out in cyberspace (Aghajani and Ghadimi, 2018). Vital
and sensitive infrastructures and systems either form a part of cyberspace themselves or are
controlled, managed and exploited through this space, and most of the vital and sensitive
information is transferred to this space or basically It has been formed in this
space (Akhavan-Hejazi and Mohsenian-Rad, 2018). Most media activities are transferred to
this space, most financial exchanges are done through this space and a significant proportion
of citizens’ time and activities are spent interacting in this space (Priyadarshini et al., 2021).
The share of income from cyberspace businesses in the Gross domestic product (GDP) of
countries has increased significantly and among the indicators set to measure the extent of
development, cyberspace indicators have a major share. A significant part of the material and
spiritual capital of countries is spent on this space and a significant part of the material
income and spiritual achievements of citizens are obtained or have a major impact on this
space (Amir and Givargis, 2020). In other words, different aspects of citizens ’lives are
literally intertwined with this space, and any instability, insecurity and challenges in this
space will directly affect different aspects of citizens’ lives (Li et al., 2020). Nevertheless,
cyberspace has posed new security challenges to governments. The low cost of entry,
anonymity, uncertainty of the threatening geographical area, dramatic impact and lack of
public transparency in cyberspace, have led to strong and weak actors including governments,
organized and terrorist groups and even individuals in this space, and threats such as cyber
warfare, cybercrime, cyber terrorism, and cyber espionage (Niraja and Srinivasa Rao, 2021).
This distinguishes cyber threats from traditional national security threats, which are largely
transparent in nature and whose actors are governments and nations that can be identified in a
specific geographical area, and it has caused national security in its traditional sense to be
challenged and inefficient in this space (Sarker, 2021). For more than a decade, analysts have
pondered the possible consequences of cyber-attacks (Shin et al., 2021). There are various
scenarios for severe and sometimes widespread physical or economic damage, including the
function of a virus that attacks the financial documents of an economic system or disrupts a
country’s stock market, or by sending an incorrect message, it will cause the country’s power
plant to stop and fail, or even by disrupting the air traffic control system, it will cause air
accidents (Snehi and Bhandari, 2021, Ahmed Jamal et al., 2021). Therefore, until
governments come up with a clear definition of a cyber-attack that is accepted and favored by
the international community, it will certainly be very difficult for experts to address the
complex and diverse dimensions and aspects of the issue and provide legal advice and
analysis (Cao et al., 2021). Therefore, the question that arises is what is a cyber-attack, what
are its characteristics and whether basically any attack that takes place in cyberspace can be
considered a kind of attack in its traditional and classic sense or not (Gupta Bhol et al., 2021).
The existence of a comprehensive definition of a cyber-attack will undoubtedly have a direct
impact on the legal environment to continue and identify the consequences of this attack
type (Furnell et al., 2020). There is no doubt that the lack of a clear and comprehensive
definition not only obscures the leading legal path, but also leads to diversity in interpretation
and practice, and ultimately to the achievement of sometimes contradictory legal
conclusions (Alhayani et al., 2021). Therefore, the importance and necessity of having an
acceptable definition, at least for the beginning of the topic and its explanation, adaptation
and analysis is very important, and a detailed study is necessary. In the present study, first the
nature of cyber-attack is explained and then the segregation and cyber-attack classification
are examined and then the existing definitions are investigated and analyzed from the point of
view of international experts and organizations. Finally the conclusion of the paper is
presented.

2. Fundamental concepts
Cyber-attacks fall into a broader context than what is traditionally called information
operations. Information operations integrated use of the main capabilities of electronic
warfare, psychological, computer network, military trickery and security operations in
coordination with special support and relevant abilities and to penetration, stop, destroy or
hijack human decisions and It is one of the decision-making processes of national
institutions (Hart et al., 2020). Fig. 1 describes the anatomy of a cyber-attack. From the
USNM Strategy for cyberspace operations, computer network operation is composed of the
attack, defense, and utilization enabling (Ma et al., 2021). The latter is different from network
attacks and network defense, because this type of operation focuses more on collection and
analyzing information than interrupting networks, and may itself be the prelude to an
attack (Alghamdie, 2021). These operations can be carried out of disseminating information
and propaganda purposes (Thomson, 2015). Computer network exploitation enabling
operations can also be carried out with the aim of stealing important computers data. In such
a context, Trap Sniffers and Doors are beneficial tools for cyber espial (Liu et al., 2021). Trap
Doors permit an external user to accessibility software at any time without the knowledge of
the computer user.