Post 016 – CYBR 650

These are the things I learned in CYBR 650 - Current Trends in Cybersecurity

1.     I learned to think and communicate more clearly in terms of cybersecurity threats, vulnerabilities, and the risks they pose to an Enterprise.

2.    I learned to create and communicate a practical risk management framework that will help mitigate and control risks to a level with which a business can operate with open eyes, understanding the risks that they need to manage using finite resources.

3.    I learned the importance of cybersecurity issues and threats in modern society as we saw cybersecurity and Cyberwar issues come up numerous times, in things like a Presidential Executive Order, a State of the Union Address, and the Mandiant Report that described the extend of the Chinese Espionage Cyberattacks.

4.    I learned that we are in a cyberweapons arms race with Russia and China, and that though it is highly classified, the U.S. has significant offensive capabilities.

5.    I learned that cyberwarfare and PPD 20 topics are so hot that I could submit to and get accepted by two prominent cybersecurity-related conferences, thereby immediately applying what I have learned from this Cybersecurity Graduate Program at Bellevue University.

6.    I learned that Cybersecurity topics are so hot that I could submit to and get accepted by three prominent cybersecurity-related magazines, thereby continuing to applying what I have learned from this Cybersecurity Graduate Program at Bellevue University.

7.    I learned that I will be eligible for distinguished, prestigious certificates, adding to my current list of certifications.

8.    I learned that the majority of students of my three classes that I teach at the Illinois Institute of Technology are impressed and inspired and impressed by my accomplishments in this Cybersecurity Graduate Program at Bellevue University and in writing, and that they too have now decided to pursue cybersecurity for their future studies and career direction.

9.    I learned that my fellow students are great students and cybersecurity professionals, and they each contributed significantly to my learning and motivation during this this Cybersecurity Graduate Program at Bellevue University.

10.                      I learned that Professional Ronald Woerner, founder and director and teacher of this this Cybersecurity Graduate Program at Bellevue University, is a consummate cybersecurity educator and professor, and that he is willing to take the 

11.                      I learned that I made the right choice to pursue this this Cybersecurity Graduate Program at Bellevue University, and that for the duration of my career, I will know that I made the correct choice to pursue studies in this program.

12.                      Finally, I learned that despite my sacrifices of weekends and long hours since August 2011 when I entered this Cybersecurity Graduate Program at Bellevue University, I could not have made it without the help and support of my lovely wife and my wonderful in-laws.  The love and encouragement and support that they provided far exceed what I paid to participate in this program.  I will never forget or be able to repay the kindness and love they showed me during this program.

==================================================

References:

Anderson, R. (2008). Security Engineering, second edition. Indianapolis, IN: John Wiley.

Bellevue University. (2012).   Harry and Mae Case Study. Retrieved from  http://idcontent.bellevue.edu/content/CIT/cyber/generic/harryAndMaes/   December 14, 2012.

Cokins, G. (2009).  Performance Management: Integrating Strategy Execution, Methodologies, Risk, and Analytics.   Hoboken, NJ: John Wiley & Sons, Inc.

HP. (2012).  HP Openview download website.  Retrieved from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=427224&prodTypeId=12169&prodSeriesId=81198&swLang=13&taskId=135&swEnvOID=227  on December 16, 2012.

Landoll, D. L. (2011). The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, second edition. Boca Raton, FL: CRC Press.

McCumber, J. (2008).  Assessing and Managing Security Risk in IT Systems: a Technology-independent Approach. Retrieved from the web at https://buildsecurityin.us-cert.gov/swa/downloads/McCumber.pdf  on August 31, 2011.

Microsoft. (2012).  Microsoft Systems Center Operations Manager Technical Data.  Retrieved from http://technet.microsoft.com/en-us/library/hh205987.aspx on December 16, 2012.

National Institute of Standards and Technology (NIST). (2011).  NIST SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View.  Published by the National Institute of Standards and Technology, U.S. Department of Commerce in March 2011. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf  on June 11, 2012.

National Institute of Standards and Technology (NIST). (2011).  NIST SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View.  Published by the National Institute of Standards and Technology, U.S. Department of Commerce in March 2011. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf  on June 11, 2012.

O’Donnell, A. (2012). What Is SCAP? – An article published at About.com. Retrieved from  http://netsecurity.about.com/od/newsandeditorial1/g/What-Is-Scap.htm   December 16, 2012.

OGC. (2007). ITIL v3 Service Operation. London, U.K.: The Stationary Office.

Olzak, T. (2006).  Get Control of Vulnerability Management.  An article published at Toolbox.com on Apirl 1, 2006. Retrieved from http://it.toolbox.com/blogs/adventuresinsecurity/get-control-of-vulnerability-management-8569  on February 12, 2013.

Quinn, S., et al. (2012). NIST SP 800-117 - Guide to Adopting and Using the Security Content Autommation Protocol (SCAP) version 1.2 (Draft).  Retrieved from http://csrc.nist.gov/publications/nistpubs/800-117/sp800-117.pdf  on December 3, 2012

Senft, S., et al. (2013). Information Technology Control and Audit, fourth edition. Boca Raton, FL: CRC Press.

Swiderski, F. and Snyder, W. (2004).  Threat Modeling. Redmond, WA: Microsoft Press.

Talbot, J. and Jakeman, M. (2009).  Security Risk Management Body of Knowledge. Hoboken, NJ: John Wiley & Sons, Inc.

Waltermire, D. (2012). NIST SP 800-126 - The Technical Specification for the Security Content Autommation Protocol (SCAP), version 1.2, revision 2.  Retrieved from http://csrc.nist.gov/publications/nistpubs/800-126-rev2/SP800-126r2.pdf   on December 3, 2012.

White House. (2013). Executive Order on Improving Critical Infrastructure Cybersecurity. Retrieved from http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity-0  on February 12, 2013

Wheeler, E. (2011).  Security Risk Management: Building an Information Security Risk Management Program from the Ground Up.  Boston, MA: Syngress.

Windrem, R. (2013). Expert: US in cyberwar arms race with China, Russia.  An article published at NBCNEWS.com on February 20, 2013.  Retrieved from http://openchannel.nbcnews.com/_news/2013/02/20/17022378-expert-us-in-cyberwar-arms-race-with-china-russia?lite  on February 20, 2013

Witte. G., et al. (2012). Security Automation Essentials:  Streamlined Enterprise Security Management and Monitoring with SCAP.  New York, NY: McGrawHill.

Young, C. S. (2010).  Metrics and Methods for Security Risk Assessment.  Boston, MA: Syngress. 

= = = = = = = = = = = = = = = =  = =

William Favre Slater, III 
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation 
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career  
Chicago, IL
United States of America

Post 015 – CYBR 650

Harry and Mae's Infrastructure Improvement Action Plan - 

First Draft

This week, we were told that our Blog Assignment was to explain what the most difficult part of developing our Action Plan for our Course Project.

This was my Action Plan:

The action plan to remediate Harry and Mae’s IT security issues is simple.

1.  Implement a Security Management Framework

2.  Mitigate risks associated with the threats that have already been identified

3.  Continuously monitor threats and vulnerabilities

4.  Assess and manage the risks associated with these threats and vulnerabilities

5.  Apply controls where possible to mitigate risks

6.  Document residual risks

7.  Regularly report on threats, vulnerabilities, and risks to management

8.  Continually educate all employees about threats and vulnerabilities

9.  Continually educate and equip the IT staff with the knowledge and tools they need to mitigate the risks associated with the threats and vulnerabilities that are identified

= = = = = = = = = = = = = =

I think the two most difficult aspects of this assignment were:

1)  Structure it in a comprehensive, understandable manner that would garner the management support and buy-in needed to execute the plan.

2)  Recommending the adoption of a comprehensive, albeit proven, security management framework (ITIL v3) with which to better control and management security using finite resources.  That was a bold, yet needed move, if Harry and Mae’s is going to mature in the areas of risk management and security management.

==================================================

References:

Anderson, R. (2008). Security Engineering, second edition. Indianapolis, IN: John Wiley.

Bellevue University. (2012).   Harry and Mae Case Study. Retrieved from  http://idcontent.bellevue.edu/content/CIT/cyber/generic/harryAndMaes/   December 14, 2012.

Cokins, G. (2009).  Performance Management: Integrating Strategy Execution, Methodologies, Risk, and Analytics.   Hoboken, NJ: John Wiley & Sons, Inc.

HP. (2012).  HP Openview download website.  Retrieved from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=427224&prodTypeId=12169&prodSeriesId=81198&swLang=13&taskId=135&swEnvOID=227  on December 16, 2012.

Landoll, D. L. (2011). The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, second edition. Boca Raton, FL: CRC Press.

McCumber, J. (2008).  Assessing and Managing Security Risk in IT Systems: a Technology-independent Approach. Retrieved from the web at https://buildsecurityin.us-cert.gov/swa/downloads/McCumber.pdf  on August 31, 2011.

Microsoft. (2012).  Microsoft Systems Center Operations Manager Technical Data.  Retrieved from http://technet.microsoft.com/en-us/library/hh205987.aspx on December 16, 2012.

National Institute of Standards and Technology (NIST). (2011).  NIST SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View.  Published by the National Institute of Standards and Technology, U.S. Department of Commerce in March 2011. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf  on June 11, 2012.

National Institute of Standards and Technology (NIST). (2011).  NIST SP 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View.  Published by the National Institute of Standards and Technology, U.S. Department of Commerce in March 2011. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf  on June 11, 2012.

O’Donnell, A. (2012). What Is SCAP? – An article published at About.com. Retrieved from  http://netsecurity.about.com/od/newsandeditorial1/g/What-Is-Scap.htm   December 16, 2012.

OGC. (2007). ITIL v3 Service Operation. London, U.K.: The Stationary Office.

Olzak, T. (2006).  Get Control of Vulnerability Management.  An article published at Toolbox.com on Apirl 1, 2006. Retrieved from http://it.toolbox.com/blogs/adventuresinsecurity/get-control-of-vulnerability-management-8569  on February 12, 2013.

Quinn, S., et al. (2012). NIST SP 800-117 - Guide to Adopting and Using the Security Content Autommation Protocol (SCAP) version 1.2 (Draft).  Retrieved from http://csrc.nist.gov/publications/nistpubs/800-117/sp800-117.pdf on December 3, 2012

Senft, S., et al. (2013). Information Technology Control and Audit, fourth edition. Boca Raton, FL: CRC Press.

Swiderski, F. and Snyder, W. (2004).  Threat Modeling. Redmond, WA: Microsoft Press.

Talbot, J. and Jakeman, M. (2009).  Security Risk Management Body of Knowledge. Hoboken, NJ: John Wiley & Sons, Inc.

Waltermire, D. (2012). NIST SP 800-126 - The Technical Specification for the Security Content Autommation Protocol (SCAP), version 1.2, revision 2.  Retrieved from http://csrc.nist.gov/publications/nistpubs/800-126-rev2/SP800-126r2.pdf  on December 3, 2012.

Wheeler, E. (2011).  Security Risk Management: Building an Information Security Risk Management Program from the Ground Up.  Boston, MA: Syngress.

Witte. G., et al. (2012). Security Automation Essentials:  Streamlined Enterprise Security Management and Monitoring with SCAP.  New York, NY: McGrawHill.

Young, C. S. (2010).  Metrics and Methods for Security Risk Assessment.  Boston, MA: Syngress. 

Post 014 – CYBR 650

Panetta Delivers Sharp Warning about Cyber Attacks

SecDef: 'Cyber is now at a point where the technology is there to cripple a country'

In a tough speech delivered on February 6, 2013, outgoing Secretary of Defense, Leon Panetta announced that the capabilities of cyberattacks now were at the level that they could cripple the critical infrastructure of an entire country.  What makes this disturbing is three things:

1)  He among all the officials in the U.S. Government would be in the best position to know what he is talking about in this regard:  He is still the current Secretary of Defense, and has overseen the maturing of the cyberwarfare capabilities of the U.S. Military.  He also was the head of the CIA prior to assuming the role of Secretary of Defense after the departure of Robert Gates.

2)  He is probably 100% accurate in his assessment.

3)  This represents a previously unstated capability of cyberweapons by high-level U.S. Government officials, though it has been suspected for at least two to three years.

All this confirms that for me, I chose the right discipline to study and work for an M.S. in, and it affirms that I am researching and writing about topics that are extremely relevant to the national security of the United States.

In any case, I still believe that 2013 will be one of the most interesting years in our country’s 237-year history.

I have been researching and writing about Cyberwar and Cyberwarfare for 18 months.  It is a topic in which I have a strong interest.  Other articles here: 

http://billslater.com/writing

==================================================

References.

Washington Free Becon. (2013).  Panetta Delivers Sharp Warning about Cyber Attacks

SecDef: 'Cyber is now at a point where the technology is there to cripple a country'  An article published at the Free Beacon on February 6, 2013.  Retrieved from http://freebeacon.com/panetta-delivers-sharp-warning-about-cyber-attacks/  on February 7, 2013.

Kerr, D.  (2013).  'Cyber 9/11' may be on horizon, Homeland Security chief warns.  An article published at CNET on January 24, 2013.  Retrieved from http://news.cnet.com/8301-1009_3-57565763-83/cyber-9-11-may-be-on-horizon-homeland-security-chief-warns/  on January 26, 2013.

Turzanski, E. and Husick, L. (2012). “Why Cyber Pearl Harbor Won't Be Like Pearl Harbor At All...” A webinar presentation held by the Foreign Policy Research Institute (FPRI) on October 24, 2012. Retrieved from http://www.fpri.org/multimedia/2012/20121024.webinar.cyberwar.html   on October 25, 2012.

===================================================

William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career
Chicago, IL
United States of America

POST 013 - CYBR 650

The national government of Finland has recently published a new national cybersecurity strategy policy document as a part of the implementation of the Security Strategy for Society. The Strategy defines key goals and guidelines that will be used to respond to cyber threats and cyberattacks to ensure that cyberspace is available and usable. The document is available at this link: 

http://www.stefanomele.it/public/documenti/341DOC-531.pdf

According to a brief analysis by Stefano Mele:

The Strategy proposes 10 strategic guidelines to create the conditions for the materialisation of the national cyber-security vision. Those guidelines are:

1. Create an efficient collaborative model between the authorities and other actors for the purpose of advancing national cyber-security and cyber-defence.

2. Improve comprehensive cyber-security situation awareness among the key actors that participate in securing the vital functions of society.

3. Maintain and improve the abilities of businesses and organisations critical to the vital functions of society as regards detecting and repelling cyber-threats and disturbances that jeopardise any vital function and their recovery capabilities as part of the continuity management of the business community.

4. Make certain that the police have sufficient capabilities to prevent, expose and solve cybercrime.

5. The Finnish Defence Forces will create a comprehensive cyber defence capability for their statutory tasks.

6. Strengthen national cyber security through active and efficient participation in the activities of international organisations and collaborative fora that are critical to cyber security.

7. Improve the cyber expertise and awareness of all societal actors.

8. Secure the preconditions for the implementation of effective cyber-security measures through national legislation.

9. Assign cyber-security related tasks, service models and common cyber-security management standards to the authorities and actors in the business community.

10. The implementation of the Strategy and its completion will be monitored (Mele, 2013).

The U.S. really does need something like this new Cybersecurity Strategy document from Finland and I have been advocating for such policy since November 2012.

If the U.S. had such a policy that also included more details about offense and defensive use of cyberweapons, as well as an unambiguous stance on cyberdeterrence, it could possibly reduce the risk of cyberwar in my opinion.

Finland's new Cybersecurity Strategy document is written in English and is very understandable by most people that can use computers and the Internet.  This is very important when measuring the effectiveness of a policy. You don't want to publish important public policy documented that require a Juris Doctor degree to read and understand.

I recommend downloading and reviewing the document, and saving it for future reference. You never know when you might need to write such a document for your organization.

For comparison to Finland's policy, here's some more information about the current state of U.S. National Public Policy Related to Cyberspace.

Current U.S. Policy Covering Cyberwarfare Threats

        The current written policy related to cyberwarfare threats can be found in President Obama’s Defense Strategic Guidance 2012, a 16-page policy documented that was published on January 3, 2012.  The excerpt related specifically to cyberwarfare and cyber threats is shown below:

“To enable economic growth and commerce, America, working in conjunction with allies and partners around the world, will seek to protect freedom of access throughout the global commons –– those areas beyond national jurisdiction that constitute the vital connective tissue of the international system. Global security and prosperity are increasingly dependent on the free flow of goods shipped by air or sea. State and non-state actors pose potential threats to access in the global commons, whether through opposition to existing norms or other anti-access approaches. Both state and non-state actors possess the capability and intent to conduct cyber espionage and, potentially, cyber attacks on the United States, with possible severe effects on both our military operations and our homeland. Growth in the number of space-faring nations is also leading to an increasingly congested and contested space environment, threatening safety and security. The United States will continue to lead global efforts with capable allies and partners to assure access to and use of the global commons, both by strengthening international norms of responsible behavior and by maintaining relevant and interoperable military capabilities (Obama, 2012).”

The first explicit Obama Administration policy acknowledging the realities of cyber threats were published in a 30-page document titled International Strategy for Cyberspace in May 2011.

“Today, as nations and peoples harness the networks that are all around us, we have a choice. We can either work together to realize their potential for greater prosperity and security, or we can succumb to narrow interests and undue fears that limit progress. Cybersecurity is not an end unto itself; it is instead an obligation that our governments and societies must take on willingly, to ensure that innovation continues to flourish, drive markets, and improve lives. While offline challenges of crime and aggression have made their way to the digital world, we will confront them consistent with the principles we hold dear: free speech and association, privacy, and the free flow of information.

“The digital world is no longer a lawless frontier, nor the province of a small elite. It is a place where the norms of responsible, just, and peaceful conduct among states and peoples have begun to take hold. It is one of the finest examples of a community self-organizing, as civil society, academia, the private sector, and governments work together democratically to ensure its effective management. Most important of all, this space continues to grow, develop, and promote prosperity, security, and openness as it has since its invention. This is what sets the Internet apart in the international environment, and why it is so important to protect.

“In this spirit, I offer the United States' International Strategy for Cyberspace. This is not the first time my Administration has address the policy challenges surrounding these technologies, but it is the first time that our Nation has laid out an approach that unifies our engagement with international partners on the full range of cyber issues. And so this strategy outlines not only a vision for the future of cyberspace, but an agenda for realizing it. It provides the context for our partners at home and abroad to understand our priorities, and how we can come together to preserve the character of cyberspace and reduce the threats we face (Obama, 2011).”

How long has this policy been in place? Have any changes occurred to the policy over the years?

        This policy has evolved from the Comprehensive National Cybersecurity Initiative (CNCI) that was published by President George W. Bush in January 2008.  The three primary tenets of the CNCI policy were: 

“To establish a front line of defense against today’s immediate threats by creating or enhancing shared situational awareness of network vulnerabilities, threats, and events within the Federal Government—and ultimately with state, local, and tribal governments and private sector partners—and the ability to act quickly to reduce our current vulnerabilities and prevent intrusions.

“To defend against the full spectrum of threats by enhancing U.S. counterintelligence capabilities and increasing the security of the supply chain for key information technologies.

“To strengthen the future cybersecurity environment by expanding cyber education; coordinating and redirecting research and development efforts across the Federal Government; and working to define and develop strategies to deter hostile or malicious activity in cyberspace (Bush, 2008)”

        Though the Obama Administration reviewed and approved Bush’s CNCI policy in May 2009, Obama, who is regarded as the most technology-savvy president that has ever occupied the White House, went much further to acknowledge the importance of cyberspace to the American economy and the American military, and the importance of defending the U.S. from adversaries that could threaten us via cyberspace.  Obama’s policy also acknowledges the reality that future wars will be fought on the realm of cyberspace, and has thus funded the preparation of the U.S. armed forces to prepare for conflict in cyberspace (Gerwitz, 2011).

What is the effectiveness of current policy when it concerns this particular threat issue?

        The Obama Administration’s policies have been effective in raising the awareness of the U.S. population as to the importance of protecting assets that are connected in cyberspace.  These policies have also been effective in providing for the preparation of the U.S. military to deal with conflict in cyberspace.

However, the policies have not been particularly effective as a deterrence to cyber threats presented by potential national enemies and non-state actors.  As recently as September 23, 2012 – September 30, 2012, cyber attacks in the form of distributed denial of service (DDOS) attacks from the Middle East against several major U.S. banks based have publicly demonstrated the ire of the attackers and also the vulnerabilities of banks with a customer presence in cyberspace (Strohm and Engleman, 2012).

Short-Term and Long-term Ramifications of Current Policy

        In the short-term, the Obama Administration’s policies regarding cyberspace have done much to raise the awareness of cyberspace as an area that requires protection for the public good and prosperity of the American people.  These policies have also served to show our allies and our potential enemies that the U.S. has the intention of defending cyberspace and all our interests that are connected to it.  In the long-term, these policies will probably evolve to reveal in a general, unclassified way, stronger defenses, stronger deterrent capabilities and probably offensive cyberweapons.

        On the legislative front, as recently as September 23, 2012, Chairman of the Senate Homeland Security Committee, Senator Joseph Lieberman (D., Connecticut), realizing that Congress would fail to pass cybersecurity legislation to designed to help protect the United States and its people, sent an urgent letter to President Obama to ask for the creation of a new Presidential Executive Order that would address several current cybersecurity issues, that includes how and when and where law enforcement can become involved in cybersecurity issues (Kerr, 2012).  Though many digital privacy rights advocates, including the Electronic Frontier Foundation, the Electronic Privacy Information Center, and the American Civil Liberties Union have strenuously fought recent cybersecurity legislation, it was expected by many cybersecurity experts that if President Obama is reelected in November 2012, the an Executive Order would be drafted and signed by the Obama Administration provide the tools that the federal government wants.  In fact, a secret Presidential Policy Directive, (PPD 20 was created and signed by President Obama.  (Axis of Logic, 2012). Perhaps in 2013 some expedient action on the part of the new president would probably take place even before Congress could successfully agree upon and pass such legislation.

Conclusion

        The good news is that President Obama and his Administration have an acute awareness of the importance of the cyberspace to the American economy and the American military.  The bad news is that because we are already in some form of cyberwarfare that appears to be rapidly escalating, it remains to be seen what effects these cyberattacks and the expected forthcoming Executive Orders that address cybersecurity will have on the American people and our way of life.  I believe it will be necessary to act prudently, carefully balancing our freedoms with our need for security, and also considering the importance of enabling and protecting the prosperity of the now electronically connected, free enterprise economy that makes the U.S. the envy of and the model for the rest of the world.

References:

Andreasson, K. (ed.). (2012). Cybersecurity: Public Sector Threats and Responses. Boca Raton, FL: CRC Press.

Andress, J. and Winterfeld, S. (2011). Cyber Warfare: Techniques and Tools for Security Practitioners. Boston, MA: Syngress.

Axis of Logic. (2012). Obama Secret Directive Gives Cyber-Control to Military For National Security.  Retrieved from http://article.wn.com/view/2012/11/18/Obama_Secret_Directive_Gives_CyberControl_to_Military_For_Na/ on December 20, 2012.

Bousquet, A. (2009). The Scientific Way of Warfare: Order and Chaos on the Battlefields of Modernity. New York, NY: Columbia University Press.

Bush, G. W. (2008).  Comprehensive National Cybersecurity Initiative (CNCI).  Published by the White House January 2008.  Retrieved from http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative  on January 5, 2012.

Carr, J. (2012).  Inside Cyber Warfare, second edition.  Sebastopol, CA: O’Reilly.

Clarke, R. A. and Knake, R. K. (2010). Cyberwar: the Next Threat to National Security and What to Do About It. New York, NY: HarperCollins Publishers.

Czosseck, C. and Geers, K. (2009). The Virtual battlefield: Perspectives on Cyber Warfare. Washington, DC: IOS Press.

Fayutkin, D. (2012). The American and Russian Approaches to Cyber Challenges.  Defence Force Officer, Israel.  Retrieved from http://omicsgroup.org/journals/2167-0374/2167-0374-2-110.pdf on September 30, 2012.

Finland. (2013).  Finland's Cyber Security Strategy.  Retrieved from http://www.stefanomele.it/public/documenti/341DOC-531.pdf   on January 29, 2013.

Freedman, L. (2003).  The Evolution of Nuclear Strategy.  New York, NY: Palgrave Macmillian.

Gerwitz, D. (2011).  The Obama Cyberdoctrine: tweet softly, but carry a big stick.  An article published at Zdnet.com on May 17, 2011.  Retrieved from http://www.zdnet.com/blog/government/the-obama-cyberdoctrine-tweet-softly-but-carry-a-big-stick/10400  on September 25, 2012.

Hyacinthe, B. P. (2009). Cyber Warriors at War: U.S. National Security Secrets & Fears Revealed.  Bloomington, IN: Xlibris Corporation.

Kaplan, F. (1983), The Wizards of Armageddon: The Untold Story of a Small Group of Men Who Have Devised the Plans and Shaped the Policies on How to Use the Bomb.  Stanford, CA: Stanford University Press.

Kerr, D. (2012). Senator urges Obama to issue 'cybersecurity' executive order.  An article published at Cnet.com on September 24, 2012  Retrieved from http://news.cnet.com/8301-1009_3-57519484-83/senator-urges-obama-to-issue-cybersecurity-executive-order/  on September 26, 2012.

Kramer, F. D. (ed.), et al. (2009). Cyberpower and National Security. Washington, DC: National Defense University.

Libicki, M.C. (2009). Cyberdeterrence and Cyberwar. Santa Monica, CA: Rand Corporation.

Markoff, J. and Kramer, A. E. (2009). U.S. and Russia Differ on a Treaty for Cyberspace.  An article published in the New York Times on June 28, 2009.  Retrieved from http://www.nytimes.com/2009/06/28/world/28cyber.html?pagewanted=all  on June 28, 2009.

McBrie, J. M. (2007). THE BUSH DOCTRINE: SHIFTING POSITION AND CLOSING THE STANCE.  A scholarly paper published by the USAWC STRATEGY RESEARCH PROJECT.  Retrieved from http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA423774  on September 30, 2012.

Mele, S. (2013. Finland adopted its Cyber-security Strategy.  Retrieved from http://www.stefanomele.it/news/dettaglio.asp?id=341  on January 29, 2013.

Obama, B. H. (2012).  Defense Strategic Guidance 2012 - Sustaining Global Leadership:  Priorities for 21st Century Defense.  Published January 3, 2012.  Retrieved from http://www.defense.gov/news/Defense_Strategic_Guidance.pdf    on January 5, 2012.

Obama, B.H. (2011).  INTERNATIONAL STRATEGY for Cyberspace.  Published by the White House on May 16, 2011.  Retrieved from http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf  on May 16, 2011.

Radcliff, D. (2012). Cyber cold war: Espionage and warfare.  An article published in SC Magazine, September 4, 2012.  Retrieved from http://www.scmagazine.com/cyber-cold-war-espionage-and-warfare/article/254627/  on September 7, 2012.

Sanger, D. E. (2012). Confront and Conceal: Obama’s Secret Wars and Surprising Use of America Power.  New York, NY: Crown Publishers.

Stiennon, R. (2010). Surviving Cyber War. Lanham, MA: Government Institutes.

Strohm, C. and Engleman, E. (2012). Cyber Attacks on U.S. Banks Expose Vulnerabilities.  An article published at BusinessWeek.com on September 28, 2012  Retrieved from http://www.businessweek.com/news/2012-09-27/cyber-attacks-on-u-dot-s-dot-banks-expose-computer-vulnerability on September 30, 2012.

Technolytics. (2011). Cyber Commander's eHandbook: The Weaponry and Strategies of Digital Conflict. Purchased and downloaded from Amazon.com on April 16, 2011.

Waters, G. (2008). Australia and Cyber-Warfare.  Canberra, Australia: ANU E Press.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

William Favre Slater, III
MBA, M.S., PMP, CISSP, SSCP, CISA, ISO 27002, ISO 20000, ITIL v3, Cloud Computing Foundation
Project Manager / Program Manager
CYBR 650 Blog: http://cybr650.blogspot.com 
slater@billslater.com
williamslater@gmail.com
http://billslater.com/career 
Chicago, IL
United States of America