Tuesday, January 29, 2013

POST 013 - CYBR 650





The national government of Finland has recently published a new national cybersecurity strategy policy document as a part of the implementation of the Security Strategy for Society. The Strategy defines key goals and guidelines that will be used to respond to cyber threats and cyberattacks to ensure that cyberspace is available and usable. The document is available at this link: 

According to a brief analysis by Stefano Mele:

The Strategy proposes 10 strategic guidelines to create the conditions for the materialisation of the national cyber-security vision. Those guidelines are:

1. Create an efficient collaborative model between the authorities and other actors for the purpose of advancing national cyber-security and cyber-defence.


2. Improve comprehensive cyber-security situation awareness among the key actors that participate in securing the vital functions of society.

3. Maintain and improve the abilities of businesses and organisations critical to the vital functions of society as regards detecting and repelling cyber-threats and disturbances that jeopardise any vital function and their recovery capabilities as part of the continuity management of the business community.

4. Make certain that the police have sufficient capabilities to prevent, expose and solve cybercrime.

5. The Finnish Defence Forces will create a comprehensive cyber defence capability for their statutory tasks.

6. Strengthen national cyber security through active and efficient participation in the activities of international organisations and collaborative fora that are critical to cyber security.

7. Improve the cyber expertise and awareness of all societal actors.

8. Secure the preconditions for the implementation of effective cyber-security measures through national legislation.

9. Assign cyber-security related tasks, service models and common cyber-security management standards to the authorities and actors in the business community.

10. The implementation of the Strategy and its completion will be monitored (Mele, 2013).

The U.S. really does need something like this new Cybersecurity Strategy document from Finland and I have been advocating for such policy since November 2012.

If the U.S. had such a policy that also included more details about offense and defensive use of cyberweapons, as well as an unambiguous stance on cyberdeterrence, it could possibly reduce the risk of cyberwar in my opinion.

Finland's new Cybersecurity Strategy document is written in English and is very understandable by most people that can use computers and the Internet.  This is very important when measuring the effectiveness of a policy. You don't want to publish important public policy documented that require a Juris Doctor degree to read and understand.

I recommend downloading and reviewing the document, and saving it for future reference. You never know when you might need to write such a document for your organization.

For comparison to Finland's policy, here's some more information about the current state of U.S. National Public Policy Related to Cyberspace.



Current U.S. Policy Covering Cyberwarfare Threats


        The current written policy related to cyberwarfare threats can be found in President Obama’s Defense Strategic Guidance 2012, a 16-page policy documented that was published on January 3, 2012.  The excerpt related specifically to cyberwarfare and cyber threats is shown below:

“To enable economic growth and commerce, America, working in conjunction with allies and partners around the world, will seek to protect freedom of access throughout the global commons –– those areas beyond national jurisdiction that constitute the vital connective tissue of the international system. Global security and prosperity are increasingly dependent on the free flow of goods shipped by air or sea. State and non-state actors pose potential threats to access in the global commons, whether through opposition to existing norms or other anti-access approaches. Both state and non-state actors possess the capability and intent to conduct cyber espionage and, potentially, cyber attacks on the United States, with possible severe effects on both our military operations and our homeland. Growth in the number of space-faring nations is also leading to an increasingly congested and contested space environment, threatening safety and security. The United States will continue to lead global efforts with capable allies and partners to assure access to and use of the global commons, both by strengthening international norms of responsible behavior and by maintaining relevant and interoperable military capabilities (Obama, 2012).”

The first explicit Obama Administration policy acknowledging the realities of cyber threats were published in a 30-page document titled International Strategy for Cyberspace in May 2011.
“Today, as nations and peoples harness the networks that are all around us, we have a choice. We can either work together to realize their potential for greater prosperity and security, or we can succumb to narrow interests and undue fears that limit progress. Cybersecurity is not an end unto itself; it is instead an obligation that our governments and societies must take on willingly, to ensure that innovation continues to flourish, drive markets, and improve lives. While offline challenges of crime and aggression have made their way to the digital world, we will confront them consistent with the principles we hold dear: free speech and association, privacy, and the free flow of information.

“The digital world is no longer a lawless frontier, nor the province of a small elite. It is a place where the norms of responsible, just, and peaceful conduct among states and peoples have begun to take hold. It is one of the finest examples of a community self-organizing, as civil society, academia, the private sector, and governments work together democratically to ensure its effective management. Most important of all, this space continues to grow, develop, and promote prosperity, security, and openness as it has since its invention. This is what sets the Internet apart in the international environment, and why it is so important to protect.

“In this spirit, I offer the United States' International Strategy for Cyberspace. This is not the first time my Administration has address the policy challenges surrounding these technologies, but it is the first time that our Nation has laid out an approach that unifies our engagement with international partners on the full range of cyber issues. And so this strategy outlines not only a vision for the future of cyberspace, but an agenda for realizing it. It provides the context for our partners at home and abroad to understand our priorities, and how we can come together to preserve the character of cyberspace and reduce the threats we face (Obama, 2011).”

How long has this policy been in place? Have any changes occurred to the policy over the years?

        This policy has evolved from the Comprehensive National Cybersecurity Initiative (CNCI) that was published by President George W. Bush in January 2008.  The three primary tenets of the CNCI policy were: 

“To establish a front line of defense against today’s immediate threats by creating or enhancing shared situational awareness of network vulnerabilities, threats, and events within the Federal Government—and ultimately with state, local, and tribal governments and private sector partners—and the ability to act quickly to reduce our current vulnerabilities and prevent intrusions.
“To defend against the full spectrum of threats by enhancing U.S. counterintelligence capabilities and increasing the security of the supply chain for key information technologies.
“To strengthen the future cybersecurity environment by expanding cyber education; coordinating and redirecting research and development efforts across the Federal Government; and working to define and develop strategies to deter hostile or malicious activity in cyberspace (Bush, 2008)”

        Though the Obama Administration reviewed and approved Bush’s CNCI policy in May 2009, Obama, who is regarded as the most technology-savvy president that has ever occupied the White House, went much further to acknowledge the importance of cyberspace to the American economy and the American military, and the importance of defending the U.S. from adversaries that could threaten us via cyberspace.  Obama’s policy also acknowledges the reality that future wars will be fought on the realm of cyberspace, and has thus funded the preparation of the U.S. armed forces to prepare for conflict in cyberspace (Gerwitz, 2011).

What is the effectiveness of current policy when it concerns this particular threat issue?

        The Obama Administration’s policies have been effective in raising the awareness of the U.S. population as to the importance of protecting assets that are connected in cyberspace.  These policies have also been effective in providing for the preparation of the U.S. military to deal with conflict in cyberspace.

However, the policies have not been particularly effective as a deterrence to cyber threats presented by potential national enemies and non-state actors.  As recently as September 23, 2012 – September 30, 2012, cyber attacks in the form of distributed denial of service (DDOS) attacks from the Middle East against several major U.S. banks based have publicly demonstrated the ire of the attackers and also the vulnerabilities of banks with a customer presence in cyberspace (Strohm and Engleman, 2012).




Short-Term and Long-term Ramifications of Current Policy
        In the short-term, the Obama Administration’s policies regarding cyberspace have done much to raise the awareness of cyberspace as an area that requires protection for the public good and prosperity of the American people.  These policies have also served to show our allies and our potential enemies that the U.S. has the intention of defending cyberspace and all our interests that are connected to it.  In the long-term, these policies will probably evolve to reveal in a general, unclassified way, stronger defenses, stronger deterrent capabilities and probably offensive cyberweapons.

        On the legislative front, as recently as September 23, 2012, Chairman of the Senate Homeland Security Committee, Senator Joseph Lieberman (D., Connecticut), realizing that Congress would fail to pass cybersecurity legislation to designed to help protect the United States and its people, sent an urgent letter to President Obama to ask for the creation of a new Presidential Executive Order that would address several current cybersecurity issues, that includes how and when and where law enforcement can become involved in cybersecurity issues (Kerr, 2012).  Though many digital privacy rights advocates, including the Electronic Frontier Foundation, the Electronic Privacy Information Center, and the American Civil Liberties Union have strenuously fought recent cybersecurity legislation, it was expected by many cybersecurity experts that if President Obama is reelected in November 2012, the an Executive Order would be drafted and signed by the Obama Administration provide the tools that the federal government wants.  In fact, a secret Presidential Policy Directive, (PPD 20 was created and signed by President Obama.  (Axis of Logic, 2012). Perhaps in 2013 some expedient action on the part of the new president would probably take place even before Congress could successfully agree upon and pass such legislation.

Conclusion
        The good news is that President Obama and his Administration have an acute awareness of the importance of the cyberspace to the American economy and the American military.  The bad news is that because we are already in some form of cyberwarfare that appears to be rapidly escalating, it remains to be seen what effects these cyberattacks and the expected forthcoming Executive Orders that address cybersecurity will have on the American people and our way of life.  I believe it will be necessary to act prudently, carefully balancing our freedoms with our need for security, and also considering the importance of enabling and protecting the prosperity of the now electronically connected, free enterprise economy that makes the U.S. the envy of and the model for the rest of the world.


References:

Andreasson, K. (ed.). (2012). Cybersecurity: Public Sector Threats and Responses. Boca Raton, FL: CRC Press.
Andress, J. and Winterfeld, S. (2011). Cyber Warfare: Techniques and Tools for Security Practitioners. Boston, MA: Syngress.
Axis of Logic. (2012). Obama Secret Directive Gives Cyber-Control to Military For National Security.  Retrieved from http://article.wn.com/view/2012/11/18/Obama_Secret_Directive_Gives_CyberControl_to_Military_For_Na/ on December 20, 2012.
Bousquet, A. (2009). The Scientific Way of Warfare: Order and Chaos on the Battlefields of Modernity. New York, NY: Columbia University Press.
Bush, G. W. (2008).  Comprehensive National Cybersecurity Initiative (CNCI).  Published by the White House January 2008.  Retrieved from http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative  on January 5, 2012.
Carr, J. (2012).  Inside Cyber Warfare, second edition.  Sebastopol, CA: O’Reilly.
Clarke, R. A. and Knake, R. K. (2010). Cyberwar: the Next Threat to National Security and What to Do About It. New York, NY: HarperCollins Publishers.
Czosseck, C. and Geers, K. (2009). The Virtual battlefield: Perspectives on Cyber Warfare. Washington, DC: IOS Press.
Fayutkin, D. (2012). The American and Russian Approaches to Cyber Challenges.  Defence Force Officer, Israel.  Retrieved from http://omicsgroup.org/journals/2167-0374/2167-0374-2-110.pdf on September 30, 2012.
Finland. (2013).  Finland's Cyber Security Strategy.  Retrieved from http://www.stefanomele.it/public/documenti/341DOC-531.pdf   on January 29, 2013.
Freedman, L. (2003).  The Evolution of Nuclear Strategy.  New York, NY: Palgrave Macmillian.
Gerwitz, D. (2011).  The Obama Cyberdoctrine: tweet softly, but carry a big stick.  An article published at Zdnet.com on May 17, 2011.  Retrieved from http://www.zdnet.com/blog/government/the-obama-cyberdoctrine-tweet-softly-but-carry-a-big-stick/10400  on September 25, 2012.
Hyacinthe, B. P. (2009). Cyber Warriors at War: U.S. National Security Secrets & Fears Revealed.  Bloomington, IN: Xlibris Corporation.
Kaplan, F. (1983), The Wizards of Armageddon: The Untold Story of a Small Group of Men Who Have Devised the Plans and Shaped the Policies on How to Use the Bomb.  Stanford, CA: Stanford University Press.
Kerr, D. (2012). Senator urges Obama to issue 'cybersecurity' executive order.  An article published at Cnet.com on September 24, 2012  Retrieved from http://news.cnet.com/8301-1009_3-57519484-83/senator-urges-obama-to-issue-cybersecurity-executive-order/  on September 26, 2012.
Kramer, F. D. (ed.), et al. (2009). Cyberpower and National Security. Washington, DC: National Defense University.
Libicki, M.C. (2009). Cyberdeterrence and Cyberwar. Santa Monica, CA: Rand Corporation.
Markoff, J. and Kramer, A. E. (2009). U.S. and Russia Differ on a Treaty for Cyberspace.  An article published in the New York Times on June 28, 2009.  Retrieved from http://www.nytimes.com/2009/06/28/world/28cyber.html?pagewanted=all  on June 28, 2009.
McBrie, J. M. (2007). THE BUSH DOCTRINE: SHIFTING POSITION AND CLOSING THE STANCE.  A scholarly paper published by the USAWC STRATEGY RESEARCH PROJECT.  Retrieved from http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA423774  on September 30, 2012.
Mele, S. (2013. Finland adopted its Cyber-security Strategy.  Retrieved from http://www.stefanomele.it/news/dettaglio.asp?id=341  on January 29, 2013.
Obama, B. H. (2012).  Defense Strategic Guidance 2012 - Sustaining Global Leadership:  Priorities for 21st Century Defense.  Published January 3, 2012.  Retrieved from http://www.defense.gov/news/Defense_Strategic_Guidance.pdf    on January 5, 2012.
Obama, B.H. (2011).  INTERNATIONAL STRATEGY for Cyberspace.  Published by the White House on May 16, 2011.  Retrieved from http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf  on May 16, 2011.
Radcliff, D. (2012). Cyber cold war: Espionage and warfare.  An article published in SC Magazine, September 4, 2012.  Retrieved from http://www.scmagazine.com/cyber-cold-war-espionage-and-warfare/article/254627/  on September 7, 2012.
Sanger, D. E. (2012). Confront and Conceal: Obama’s Secret Wars and Surprising Use of America Power.  New York, NY: Crown Publishers.
Stiennon, R. (2010). Surviving Cyber War. Lanham, MA: Government Institutes.
Strohm, C. and Engleman, E. (2012). Cyber Attacks on U.S. Banks Expose Vulnerabilities.  An article published at BusinessWeek.com on September 28, 2012  Retrieved from http://www.businessweek.com/news/2012-09-27/cyber-attacks-on-u-dot-s-dot-banks-expose-computer-vulnerability on September 30, 2012.
Technolytics. (2011). Cyber Commander's eHandbook: The Weaponry and Strategies of Digital Conflict. Purchased and downloaded from Amazon.com on April 16, 2011.
Waters, G. (2008). Australia and Cyber-Warfare.  Canberra, Australia: ANU E Press.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com 
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career 
Chicago, IL
United States of America

Sunday, January 27, 2013

Post 012 - CYBR 650





'Cyber 9/11' may be on horizon, Homeland Security chief warns.

Senior Leadership at the National Command level authorities now think a massive cyberattack is now imminent.

Warfare in the Fifth dimension.

Considering the source of this information was DHS Secretary Janet Napolitano, I think all Americans should be concerned. I am.

Between the December 2012 five-year extension of the bill for warrantless wiretapping, the Internet Kill Switch announcement of 2012, and the activation of the (top secret) President Policy Directive 20 on Novermber 14, 2012, many of the pieces are in place for the U.S. to engage in a full-fledged cyberwar.  What should get everyone's attention however, is the high-level stature that is the source of this January 24, 2013 announcement.  DHS Secretary is responsible for all the cybersecurity in the U.S. government except the military branches that are protected by U.S. Cyber Command.

My own opinion about cyberwarfare and our national leadership is that our national leaders (whom I implicitly trust to comprehend the challenges and do the right things) need to include cyberwarfare and cyberdeterrence in national unambiguous public policy. To do less than this puts the country at greater risk of an all out cyberwar that could have unintended consequences.

In any case, I believe that 2013 will be one of the most interesting years in our country's 237-year history.

I have been researching and writing about Cyberwar and Cyberwarfare for 18 months.  It is a topic in which I have a strong interest.  Other articles here:  http://billslater.com/writing

===========================================================

References.

Kerr, D.  (2013).  'Cyber 9/11' may be on horizon, Homeland Security chief warns.  An article published at CNET on January 24, 2013.  Retrieved from http://news.cnet.com/8301-1009_3-57565763-83/cyber-9-11-may-be-on-horizon-homeland-security-chief-warns/  on January 26, 2013.


Turzanski, E. and Husick, L. (2012). “Why Cyber Pearl Harbor Won't Be Like Pearl Harbor At All...” A webinar presentation held by the Foreign Policy Research Institute (FPRI) on October 24, 2012. Retrieved from http://www.fpri.org/multimedia/2012/20121024.webinar.cyberwar.html on October 25, 2012.

===========================================================

William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career
Chicago, IL
United States of America


Sunday, January 20, 2013

Post 011 - CYBR 650





I had an important article published in Hakin9 On Demand magazine on January 15, 2013.

I was inspired to write it because I knew that applying the concepts described in the article would help make cyberspace a little safer.  The article explains how using a well-designed security compliance framework can help an organization defend against the perils of cyberattacks and cyberwarfare.  As far as I know, no one yet has been bold enough or knowledgeable enough to take the time to write such an article for the general public.  Note that I did not receive any academic credit or even any compensation for writing this article.


Article Title:
Applying a Security Compliance Framework to Prepare Your Organization for Cyberwarfare and Cyberattacks


Article Link:

Cover Photo Link:


The Simple Truths of this Article

1.  Cyberwar is coming or could be already here.  All the signs and news media coverage and publicly known actions of the U.S. Government confirm it

2.  If you use have an IT infrastructure that is important to your business operations, you need to protect your business from Cyberattacks and Cyberwarfare

3.  There are many things you can do, and things you cannot legally do if you are in the United States, to protect your business from Cyberattacks and Cyberwarfare.  Restrictions inside the U.S. Code, Title 10, and other various cyber legislation strictly prohibit retaliation or going on the offensive.  But you can prepare and protect yourself from cyberattacks.

4.  In any organization, Management Support is required to understand and allocate the resources to defend against cyberattacks.

5.  Understanding risk identification, threats, vulnerabilities, controls, performing risk assessment, and risk management are essential to becoming an effective protector of IT assets.

6.  Because of the complex nature of most IT infrastructures and assets and how they integrate with an organization's business operations, it is better to use some type of proven framework with which to assure that all the important aspects of compliance and infrastructure security have meet address and are being measured.

References:
  
Bousquet, A. (2009). The Scientific Way of Warfare: Order and Chaos on the Battlefields of Modernity. New York, NY: Columbia University Press.
Brewer, D. and  Nash, M.  (2010). Insights into the ISO/IEC 27001 Annex A.  A paper written published by Dr. David Brewer and Dr. Michael Nash to explain ISO 27001 and Risk Reduction in Organizations.  Retrieved from http://www.gammassl.co.uk/research/27001annexAinsights.pdf  on March 10, 2011.
Bush, G. W. (2008).  Comprehensive National Cybersecurity Initiative (CNCI).  Published by the White House January 2008.  Retrieved from http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative  on January 5, 2012.
Calder, A. and Watkins, S. (2012). IT Governance:  An International Guide to Data Security and  ISO27001/ISO27002, 5th edition.  London, U.K.: IT Governance Press.
Carr, J. (2012).  Inside Cyber Warfare, second edition.  Sebastopol, CA: O’Reilly.
Clarke, R. A. and Knake, R. K. (2010). Cyberwar: the Next Threat to National Security and What to Do About It. New York, NY: HarperCollins Publishers.
Crosston, M. (2011).  World Gone Cyber MAD: How “Mutually Assured Debilitation” Is the Best Hope for Cyber Deterrence.  An article published in the Strategic Studies Quarterly, Spring 2011.  Retrieved from http://www.au.af.mil/au/ssq/2011/spring/crosston.pdf  on October 10, 2012.
Czosseck, C. and Geers, K. (2009). The Virtual battlefield: Perspectives on Cyber Warfare. Washington, DC: IOS Press.
Edwards, M. and Stauffer, T. (2008).  Control System Security Assessments.  A technical paper presented at the 2008 Automation Summit – A Users Conference, in Chicago. Retrieved from http://www.infracritical.com/papers/nstb-2481.pdf   on December 20, 2011.
Fayutkin, D. (2012). The American and Russian Approaches to Cyber Challenges.  Defence Force Officer, Israel.  Retrieved from http://omicsgroup.org/journals/2167-0374/2167-0374-2-110.pdf on September 30, 2012.
Freedman, L. (2003).  The Evolution of Nuclear Strategy.  New York, NY: Palgrave Macmillan.
Gerwitz, D. (2011).  The Obama Cyberdoctrine: tweet softly, but carry a big stick.  An article published at Zdnet.com on May 17, 2011.  Retrieved from http://www.zdnet.com/blog/government/the-obama-cyberdoctrine-tweet-softly-but-carry-a-big-stick/10400  on September 25, 2012.
Gjelten, T.  (2010). Are 'Stuxnet' Worm Attacks Cyberwarfare? An article published at NPR.org on October 1, 2011. Retrieved from http://www.npr.org/2011/09/26/140789306/security-expert-u-s-leading-force-behind-stuxnet  on December 20, 2011.
Gjelten, T.  (2010). Stuxnet Computer Worm Has Vast Repercussions. An article published at NPR.org on October 1, 2011.  Retrieved from http://www.npr.org/templates/story/story.php?storyId=130260413 on December 20, 2011.
Gjelten, T.  (2011). Security Expert: U.S. 'Leading Force' Behind Stuxnet. An article published at NPR.org on September 26, 2011. Retrieved from http://www.npr.org/2011/09/26/140789306/security-expert-u-s-leading-force-
behind-stuxnet  on December 20, 2011.
Gjelten, T.  (2011). Stuxnet Raises 'Blowback' Risk In Cyberwar. An article published at NPR.org on December 11, 2011.   Retrieved from http://www.npr.org/2011/11/02/141908180/stuxnet-raises-blowback-risk-in-cyberwar  on December 20, 2011.
Goldman, D. (2013).  Nations prepare for cyber war.  An article published at CNN on January 7, 2013.  Retrieved from http://money.cnn.com/2013/01/07/technology/security/cyber-war/index.html?hpt=hp_c3  on January 7, 2013.
Hagestad, W. T. (2012). 21st Century Chinese Cyberwarfare. Cambridgeshire, U.K.: IT Governance.Hyacinthe, B. P. (2009). Cyber Warriors at War: U.S. National Security Secrets & Fears Revealed.  Bloomington, IN: Xlibris Corporation.
ISO. (2005) “Information technology – Security techniques – Information security management systems requirements”, ISO/IEC 27001:2005.  Retrieved from http://www.ansi.org on February 1, 2011.
Jaquith, A. (2007). Security Metrics.  Boston, MA: Addison Wesley.
Kaplan, F. (1983), The Wizards of Armageddon: The Untold Story of a Small Group of Men Who Have Devised the Plans and Shaped the Policies on How to Use the Bomb.  Stanford, CA: Stanford University Press.
Kerr, D. (2012). Senator urges Obama to issue 'cybersecurity' executive order.  An article published at Cnet.com on September 24, 2012.  Retrieved from http://news.cnet.com/8301-1009_3-57519484-83/senator-urges-obama-to-issue-cybersecurity-executive-order/ on September 26, 2012.
Kramer, F. D. (ed.), et al. (2009). Cyberpower and National Security. Washington, DC: National Defense University.
Langer, R. (2010).  A Detailed Analysis of the Stuxnet Worm.  Retrieved from http://www.langner.com/en/blog/page/6/  on December 20, 2011.
Libicki, M.C. (2009). Cyberdeterrence and Cyberwar. Santa Monica, CA: Rand Corporation.
Markoff, J. and Kramer, A. E. (2009). U.S. and Russia Differ on a Treaty for Cyberspace.  An article published in the New York Times on June 28, 2009.  Retrieved from http://www.nytimes.com/2009/06/28/world/28cyber.html?pagewanted=all  on June 28, 2009.
Mayday, M. (2012).  Iran Attacks US Banks in Cyber War: Attacks target three major banks, using Muslim outrage as cover.  An article published on September 22, 2012 at Poltix.Topix.com.  Retrieved from http://politix.topix.com/homepage/2214-iran-attacks-us-banks-in-cyber-war  on September 22, 2012.
McBrie, J. M. (2007). THE BUSH DOCTRINE: SHIFTING POSITION AND CLOSING THE STANCE.  A scholarly paper published by the USAWC STRATEGY RESEARCH PROJECT.  Retrieved from http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA423774  on September 30, 2012.
Obama, B. H. (2012).  Defense Strategic Guidance 2012 - Sustaining Global Leadership:  Priorities for 21st Century Defense.  Published January 3, 2012.  Retrieved from http://www.defense.gov/news/Defense_Strategic_Guidance.pdf    on January 5, 2012.
Obama, B.H. (2011).  INTERNATIONAL STRATEGY for Cyberspace.  Published by the White House on May 16, 2011.  Retrieved from http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf  on May 16, 2011.
Payne, K. B. (2001). The Fallacies of Cold War Deterrence and a New Direction.  Lexington, KY: The University of Kentucky Press.
Pry, P. V. (1999). War Scare: Russia and America on the Nuclear Brink. Westport, CT: Praeger Publications.
Radcliff, D. (2012). Cyber cold war: Espionage and warfare.  An article published in SC Magazine, September 4, 2012.  Retrieved from http://www.scmagazine.com/cyber-cold-war-espionage-and-warfare/article/254627/  on September 7, 2012.
Saini, M. (2012). Preparing for Cyberwar - A National Perspective.  An article published on July 26, 2012 at the Vivikanda International Foundation. Retrieved from http://www.vifindia.org/article/2012/july/26/preparing-for-cyberwar-a-national-perspective  on October 14, 2012.
Sanger, D. E. (2012). Confront and Coneal: Obama’s Secret Wars and Surprising Use of America Power.  New York, NY: Crown Publishers.
Schmidt, H. S. (2006). Patrolling Cyberspace: Lessons Learned from Lifetime in Data Security. N. Potomac, MD: Larstan Publishing, Inc.
Schmitt, E. and Shanker, T. (2011).  U.S. Debated Cyberwarfare in Attack Plan on Libya.  An article published in the New York Times on October 17, 2011.  Retrieved from http://www.nytimes.com/2011/10/18/world/africa/cyber-warfare-against-libya-was-debated-by-us.html  on October 17, 2011.
Slater, W. F. (2013).  ISO 27001 Resource Page.  Retrieved from http://billslater.com/iso27001 on January 12, 2013.
Stiennon, R. (2010). Surviving Cyber War. Lanham, MA: Government Institutes.
Strohm, C. and Engleman, E. (2012). Cyber Attacks on U.S. Banks Expose Vulnerabilities.  An article published at BusinessWeek.com on September 28, 2012.  Retrieved from http://www.businessweek.com/news/2012-09-27/cyber-attacks-on-u-dot-s-dot-banks-expose-computer-vulnerability on September 30, 2012.
Technolytics. (2012). Cyber Commander's eHandbook: The Weaponry and Strategies of Digital Conflict, third edition. Purchased and downloaded on September 26, 2012.
The ISO 27000 Directory. (2012). An Introduction to ISO 27001, ISO 27002....ISO 27008.  Retreived from http://www.27000.org/index.htmhttp://idcontent.bellevue.edu/content/CIT/cyber/615/compliance  on December 7, 2012.
Turzanski, E. and Husick, L. (2012). “Why Cyber Pearl Harbor Won't Be Like Pearl Harbor At All...” A webinar presentation held by the Foreign Policy Research Institute (FPRI) on October 24, 2012. Retrieved from http://www.fpri.org/multimedia/2012/20121024.webinar.cyberwar.html  on October 25, 2012.
U.S. Army. (1997). Toward Deterrence in the Cyber Dimension:  A Report to the President's Commission on Critical Infrastructure Protection.  Retrieved from http://www.carlisle.army.mil/DIME/documents/173_PCCIPDeterrenceCyberDimension_97.pdf  on November 3, 2012.
U.S. Department of Defense, JCS. (2006). Joint Publication (JP) 5-0, Joint Operation Planning, updated on December 26, 2012.  Retrieved from http://www.dtic.mil/doctrine/new_pubs/jp5_0.pdf  on October 25, 2012.
Waters, G. (2008). Australia and Cyber-Warfare.  Canberra, Australia: ANU E Press.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

William Favre Slater, III 
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud 
Computing Foundation 
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com 
slater@billslater.com 
williamslater@gmail.com 
Chicago, IL
United States of America