In Week 4, you will be provided with?5 topics involving cybercrime technology. You will have 2 assignments (a Discussion Board and a white paper Individual Project). Like in a criminal justice profes

Cyber-Terrorism: Finding a Common Starting Point By

Jeffrey Thomas Biller B.A., March 1998, University of Washington M.H.R., June 2004, University of Oklahoma

J.D., May 2007, University of Kansas

A Thesis submitted to

The Faculty of The George Washington University Law School

in partial satisfaction of the requirements for the degree of Master of Laws

May 20, 2012

Thesis directed by Gregory E. Maggs

Professor of Law, Co-director, National Security and U.S. Foreign Relations Law Program

All rights reserved

INFORMATION TO ALL USERS The quality of this reproduction is dependent on the quality of the copy submitted.

In the unlikely event that the author did not send a complete manuscript and there are missing pages, these will be noted. Also, if material had to be removed,

a note will indicate the deletion.

All rights reserved. This edition of the work is protected against unauthorized copying under Title 17, United States Code.

ProQuest LLC. 789 East Eisenhower Parkway

P.O. Box 1346 Ann Arbor, MI 48106 – 1346

UMI 1515265 Copyright 2012 by ProQuest LLC.

UMI Number: 1515265

ii

Acknowledgements

The author appreciates the generous support of the United States Air Force Jag Corps, for

the opportunity to study; Professor Gregory Maggs, for the excellent feedback and

guidance; and the author’s family, for the time and occasional solitude to complete this

paper.

iii

Disclaimer

Major Jeffrey T. Biller serves in the U.S. Air Force Judge Advocate General’s Corps.

This paper was submitted in partial satisfaction of the requirements for the degree of

Master of Laws in National Security and Foreign Relations at The George Washington

University Law School. The views expressed in this paper are solely those of the author

and do not reflect the official policy or position of the United States Air Force,

Department of Defense or U.S. Government.

iv

Abstract

Cyber-Terrorism: Finding a Common Starting Point Attacks on computer systems for both criminal and political purposes are on the

rise in both the United States and around the world. Foreign terrorist organizations are

also developing information technology skills to advance their goals. Looking at the

convergence of these two phenomena, many prominent security experts in both

government and private industry have rung an alarm bell regarding the potential for acts

of cyber-terrorism. However, there is no precise definition of cyber-terrorism under

United States law or in practice among cyber-security academicians. The lack of a

common starting point is one of the reasons existing law fails to directly address cyber-

terrorism.

This paper furnishes a lexicon of cyber-related malicious activities and argues for a

common working definition of cyber-terrorism. This definition can be both incorporated

into current counter-terror legislation and used by government agencies to combat cyber-

terrorism. This paper arrives at that definition by analyzing the various definitions

proposed by security experts and those in use by governmental organizations. This paper

builds on these definitions to arrive at a new definition that is at once broad enough to

cover the potentially unique effects of a weapon of cyber-terrorism, while narrow enough

to exclude computer network attacks that are relatively minor in nature. Second,

analyzing several recent cyber attacks, this paper finds that, while we have not yet faced a

“cyber 9/11,” computer network attacks for political purposes are on the rise and

becoming increasing complex. Third, this paper analyzes current law related to both

cyber-crimes and terrorism, finding that while these laws are applicable in many

v

instances, they fall short in adequately focusing on the most important factor when

addressing cyber-terrorism: prevention. This paper concludes by recommending that

cyber-terrorism, as defined in this paper, be incorporated into some of our most

frequently used laws to combat terrorism.

vi

Table of Contents Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Part I: The Current Situation in Cyberspace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

A. The Current Threat. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

B. The Inadequacy of the Current Approach. . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Part II: Defining Cyber-Terrorism. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16

A. Proposed Definition of Cyber-Terrorism. . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

B. General Lexicon of Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

1. Information System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

2. Computer Network Attack. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

3. Critical Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22

4. Terrorism. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

C. Definitional Elements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

1. The Effects Element – Fear and Anxiety. . . . . . . . . . . . . . . . . . . . . . . .28

2. The Intent Element – Motivation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

3. The Non-State Actor Requirement. . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

D. Current Definitions of Cyber-Terrorism. . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

1. U.S. Government Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

2. United Nations Definition. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

3. Academic Definitions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

E. Categories of Computer Network Attack. . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

1. Cyber-Crime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

2. Cyber-Espionage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

3. Armed Attack in Cyberspace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

vii

4. Hacktivism. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

5. Terrorist Use of the Internet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

Part III: Recent Examples of Computer Network Attack. . . . . . . . . . . . . . . . . . . . . . . . . 56

A. Anonymous. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

B. ILOVEYOU Virus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

C. U.S. Power Grid. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

D. Stuxnet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66

E. Estonia. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

Part IV: The Current Law and Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

A. The Dilemma of Attribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

B. Current Domestic Law Relating to Cyber-Crimes. . . . . . . . . . . . . . . . . . . . . 75

1. Computer Fraud and Abuse Act. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

2. Access Device Fraud. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

C. Domestic Counter-Terrorism Law Relating to Cyber-Terrorism. . . . . . . . . .80

1. The Federal Crime of Terrorism. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

2. Material Support to Terrorism Statutes. . . . . . . . . . . . . . . . . . . . . . . . . 81

3. Specially Designated Global Terrorist. . . . . . . . . . . . . . . . . . . . . . . . . .84

4. Conspiracy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86

Part V: Incorporating Cyber-Terrorism into Current Law. . . . . . . . . . . . . . . . . . . . . . . . .88

A. Material Support to Terrorism Statutes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

B. Foreign Intelligence Surveillance Act. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91

C. Conspiracy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .93

D. Weapons of Mass Destruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94

viii

Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .96

1

Introduction

“If I had an hour to save the world I would spend 59 minutes defining the problem and

one minute finding solutions” – Albert Einstein

On January 5, 2012, a grand jury sitting in the Eastern District of Virginia indicted

seven individuals and two corporations, Megaupload Limited and Vestor Limited, with

racketeering conspiracy, conspiring to commit copyright infringement, conspiring to

commit money laundering, and two substantive counts of criminal copyright

infringement.1 The indictment was based upon the alleged conspirators’ business of

profiting from the illegal sharing of copyrighted music and video files by users of their

website, megaupload.com.2 The website was one of the most popular on the Internet,

with approximately 150 million registered users, 50 million hits daily, endorsements from

music superstars, and earning its founder, Kim Dotcom, $42 million in 2011.3

1 U.S. Department of Justice, Office of Public Affairs, Justice Department Charges Leaders of Megaupload with Widespread Online Copyright Infringement, FBI Press Release (Jan. 19, 2012), available at http://www.fbi.gov/news/pressrel/press- releases/justice-department-charges-leaders-of-megaupload-with-widespread-online- copyright-infringement. 2 Id. 3 Nick Perry, Popular file-sharing website Megaupload shut down, USATODAY.COM (Jan. 20, 2012), http://www.usatoday.com/tech/news/story/2012-01-19/megaupload-feds- shutdown/52678528/1.

2

On January 19, 2012, New Zealand police arrived at the mansion of Kim Dotcom

by helicopter to arrest him.4 Mr. Dotcom retreated into a “safe room” where he had stored

weapons, including a sawed-off shotgun.5 The police eventually cut their way into the

room where he was arrested.6 Following Dotcom’s arrest, three other indicted co-

conspirators were arrested in Auckland, New Zealand at the request of the United States.7

Additionally, more than 20 search warrants were executed in the United States and eight

other countries, seizing approximately $50 million in assets.8 The action was “among the

largest criminal copyright cases ever brought by the United States and directly targets the

misuse of a public content storage and distribution site to commit and facilitate

intellectual property crime.”9

In the immediate aftermath of the arrests, one segment of the online community

responded with what the New York Times called “digital Molotov cocktails,”10 and

CNET called “going nuclear.”11 The hacker group Anonymous, in apparent

dissatisfaction with the Megaload arrests, launched cyber-attacks against the websites of

the White House, the U.S. Department of Justice (DoJ), the U.S. Copyright Office, and

4 Ben Sisario, 4 of 7 Named in Megaupload Indictment Denied Bail in New Zealand, N.Y. Times (Jan. 20, 2012), http://www.nytimes.com/2012/01/21/technology/megaupload-indictment-internet- piracy.html. 5 Id. 6 Id. 7 FBI Press Release, Jan. 19, 2012, supra note 1. 8 Id. 9 Id. 10 Sisario, N.Y. Times, supra note 4. 11 Molly Wood, Anonymous goes nuclear; everybody loses?, CNET (Jan. 19, 2012), http://news.cnet.com/8301-31322_3-57362437-256/anonymous-goes-nuclear-everybody- loses/ (arguing that the FBI may have goaded Anonymous into attacking their website with the arrests following debates about new legislation on Internet piracy in an attempt to turn public support away from Anonymous and similar hacking groups).

3

several entertainment companies and trade groups.12 Across the globe, network attacks

were up 24 percent immediately following the arrests.13 Anonymous’s cyber-attacks were

clearly politically motivated and geared towards influencing both government and

civilian opinion. These actions were definitely crimes, but not motivated by money or

other traditional criminal motives. Should the motivations of such an attack affect how it

is classified under the law? Was this a cyber-crime that should be treated like any other?

Was it an act of civil disobedience? Or, did its political motivations make it a unique form

of terrorism?

Cyber-crimes are now a part of everyday modern life, with estimated losses in 2009

placed at up to $1 trillion globally.14 Given the potential criminal rewards, they are as

unlikely to be eliminated as age-old crimes such as theft or battery. Lawmakers have

attempted to keep pace with statutes like the Computer Fraud and Abuse Act (CFAA),

which is continually updated and criminalizes almost any crime committed in the United

States conducted through computers or other information systems.15 However, the

anonymity inherent in the architecture of the Internet has made it easy for criminals to act

in cyberspace without getting caught.16 This anonymity, combined with society’s

12 Id. 13 Id. 14 Elinor Mills, Study: Cybercrime cost firms $1 trillion globally, CNET (Jan. 28, 2009), http://news.cnet.com/8301-1009_3-10152246-83.html; See also Internet Crimes Complaint Center, 2010 Internet Crime Report, available at http://www.ic3.gov/media/annualreport/2010_IC3Report.pdf. 15 18 U.S.C. §1030 (2006). The CFAA has been amended six times since it became law, in: 1988, 1994, 1996, 2001, 2002, and 2008. 16 See e.g., Thomas Crampton, Nigeria to battle Internet scams that taint its image, N.Y. Times (Jan. 23, 2004), http://www.nytimes.com/2004/01/23/business/worldbusiness/23iht-t16_0.html (reporting on the infamous) Nigerian Internet fraud schemes); and

4

increasing reliance on computers and computer networks have also made possible a new

type of cyber-crime with different motivations: cyber-terrorism. There is a growing

recognition of the threat of cyber-terrorism, and an ever-increasing amount of proposed

legislation and academic thought is being put towards its prevention.17 A well thought out

strategy, however, needs to start with a common working definition of cyber-terrorism.

This paper proposes a common working definition that legislators and government

agencies can work from, ensuring that the solutions developed are addressed to the most

pressing problems. This proposed definition is broad enough to cover the potentially

unique effects of a weapon of cyber-terrorism, while narrow enough to exclude computer

network attacks that are relatively minor in nature. The definition is carefully tailored, as

a definition that is either too broad or too narrow risks being either irrelevant or useless.

This paper also shows how existing counter-terrorism statutes could be amended to

incorporate the proposed definition of cyber-terrorism. Statues included are the material

support to terrorism statutes,18 the Foreign Intelligence Surveillance Act (FISA),19

conspiracy to kill, kidnap, maim, or injure persons or damage property in a foreign

country,20 and the statutes addressing weapons of mass destruction (WMD).21 By

Somini Sengupta & Jenna Wortham, U.S. Charges 7 in Online Ad Fraud Scheme, N.Y. Times (Nov. 9, 2011), http://www.nytimes.com/2011/11/10/technology/us-indicts-7-in- online-ad-fraud-scheme.html (describing a recent Internet fraud scheme that diverted marketing revenue to fraudulent sites by replacing real ads with fraudulent ones). 17 See generally Susan W. Brenner, “At Light Speed” – Attribution and Response to Cybercrime/Terrorism/Warfare, 97 J. Crim. L. & Criminology 397 (2007) (describing why current laws do not adequately address the issue of attack attribution); and Aviv Cohen, Cyberterrorism: Are we Legally Ready, 9 J. Int’l Bus. & L. 1 (2010) (arguing for new international conventions to govern cyber-terrorism). 18 18 U.S.C. §§ 2339A-B (2006); 50 U.S.C. § 1701 et seq. (2006). 19 50 U.S.C. § 1801 et seq. (2006). 20 18 U.S.C. § 956 (2006). 21 50 U.S.C. § 2332A (2006).

5

incorporating cyber-terrorism into these statutes, a body of law that has been effectively

used to combat traditional acts of terrorism would become available to the cyber realm.

The author does not suggest that these changes, even if enacted wholesale, would

eliminate cyber-terrorism as a threat. However, they are examples of how a common

definition of cyber-terrorism can be used, and a piece in the puzzle towards the most

important aspect of any type of terrorism: prevention.

Part I of this paper examines the current state of cyber threats and why current law

is inadequate to deal with cyber-terrorism. Part II aims at providing a definition of cyber-

terrorism. Included in this section is an examination of the elements of this definition, a

lexicon of definitions used within that definition, an examination of other types of cyber-

attacks, and a comparison with current definitions of cyber-terrorism suggested by

academics or in use by government agencies. Part III examines several recent major

cyber-attacks to determine whether they fit this definition of cyber-terrorism. Part IV of

this paper is an overview of current domestic laws relating to both cyber-crimes and

terrorism, and a discussion of the major stumbling block in fighting cyber-terrorism:

attribution. Part V of this paper discusses incorporation of cyber-terrorism into several

current counter-terrorism statutes that could be effectively used to prevent cyber-

terrorism.

6

Part I. The Current Situation

“The very technologies that empower us to lead and create also empower those

who would disrupt and destroy.” – 2010 National Security Strategy

Attacks on information systems and networks have increased at an exponential rate

in the last two decades. A 1996 GAO report found that the Department of Defense (DoD)

faced 250,000 attempted attacks on its networks in 1995;22 in 2006 the number had risen

to 6 million; and in 2008 the number was more than 300 million.23 Looking beyond the

government, these numbers become staggering. Seventy-four million people in the

United States were victims of cyber crime in 2010, resulting in an estimated $32 billion

in financial losses.24 This section examines the current threats to information systems and

explores how the current approach is inadequate to the task of preventing a major cyber-

attack on the United States.

22 U.S. General Accounting Office, GAO/AIMD-96-84, Information Security: Computer Attacks at Department of Defense Pose Increasing Risks 3 (1996). 23 Scott Hamilton, Industry pulse: The unknown, Armed Forces J., http://www.armedforcesjournal.com/2009/11/4268936/ (last visited Feb. 4, 2012) (describing the growing awareness of government and private companies to develop a robust cyber-security industry). 24 Norton Cybercrime Report 2011, http://www.symantec.com/content/en/us/home_homeoffice/html/cybercrimereport/ (last visited Feb 4, 2012).

7

A. The Current Threat

President Barack Obama has labeled computer network attacks “among the most

serious economic and national security risks we face as a nation,”25 and that “America's

economic prosperity in the 21st century will depend on cybersecurity.”26 These

statements, although serious, are tame compared to some fears of cyber-security experts.

Leading the charge has been the former chief counterterrorism adviser on the National

Security Council, Richard Clarke.27 In his book “Cyber War,” Clarke describes the

potential for “a massive cyberattack on civilian infrastructure that smacks down power

grids for weeks, halts trains, grounds aircraft, explodes pipelines, and sets fire to

refineries.”28 Former Director of National Intelligence and Director of the National

Security Agency, Mike McConnell, stated: “The warnings are over. It could happen

tomorrow.”29 McConnell described the potential for such an attack as impacting the

global economy on “an order of magnitude surpassing” 9/11.30

Whether cyber-attacks have the potential to rise to the level just described is

certainly debatable.31 However, the facts indicate that cyber-attacks for reasons other than

25 President Barack Obama, Remarks by the President on Securing Our Nation’s Cyber Infrastructure, The White House (2009), http://www.whitehouse.gov/the-press- office/remarks-president-securing-our-nations-cyber-infrastructure. 26 Id. 27 Profile: Richard Clarke, BBC (Mar. 22, 2004), http://news.bbc.co.uk/2/hi/americas/3559087.stm. 28 Richard A. Clarke & Robert Knake, Cyber War: The Next Threat to National Security and What to Do About It 260 (2010). 29 Max Fisher, Fmr. Intelligence Director: New Cyberattack May Be Worse Than 9/11, The Atlantic (Sept. 30, 2010), http://www.theatlantic.com/politics/archive/2010/09/fmr- intelligence-director-new-cyberattack-may-be-worse-than-9-11/63849/. 30 Id. 31 See, e.g., Joshua Green, The Myth of Cyberterrorism Wash. Monthly (Nov. 2002), http://www.washingtonmonthly.com/features/2001/0211.green.html (arguing the threat of cuber-terrorism is over-hyped and focusing too heavily on cyber-security will have a

8

money are becoming more and more prevalent. The years 2006 to 2010 saw a 650

percent increase on federal agencies.32 The rise in politically active hacking groups, such

as Anonymous, demonstrate that the Internet is increasingly a platform for dissenters,

domestic and foreign, to express their disagreement with the government.33 Espionage on

information systems is rapidly rising as well.34 Even “air-gapped”35 classified networks

are not immune, as the DOD’s classified network was compromised in 2008 by an attack

using flash drives.36

Politically motivated cyber-attacks are not limited to government websites. An

increasing number of attacks target corporations having policies with which hacking

negative effect on the information technology industry); and Derek E. Bambauer, Conundrum, 96 Minn. L. Rev. 584, 612 (2011) (arguing that scenes of cyber apocalypse are overblown, but cyber threats are real and that information, not systems should be the focus of cyber-security); but see Richard Clarke, National Coordinator for Security Infrastructure Protection and Counter-terrorism, National Security Council, Keynote Address at the Terrorism and Business Conference: Threats to U.S. National Security: Proposed Partnership Initiatives Towards Preventing Cyber Terrorist Attacks, in 12 DePaul Bus. L.J. 33 (1999) (arguing that large scale cyber-attacks are a distinct possibility and that the best way to respond to cyber-threats is through the development of public-private partnerships). 32 U.S. Gov’t Accountability Office, GAO-11-463T, Continued Attention Needed to Protect Our Nation's Critical Infrastructure and Federal Information Systems (2011) (from 5,503 incidents reported in FY 2006 to 41,776 reported in FY 2010). 33 See e.g., Kukil Bora, Anonymous Timeline 2011: The Rise of the Hactivist, Int’l Bus. Times (Feb. 23, 2012), http://www.ibtimes.com/articles/303449/20120223/anonymous- hacking-hactivist-acta-protest-ddos-blackout.htm (charting the increasing rate of hacking by Anonymous). 34 Ellen Nakashima, In a world of cybertheft, U.S. names China, Russia as main culprits, Wash. Post (Nov. 3, 2011), http://www.washingtonpost.com/world/national-security/us- cyber-espionage-report-names-china-and-russia-as-main- culprits/2011/11/02/gIQAF5fRiM_story.html (reporting on an intelligence report to Congress naming China and Russia as the primary culprits of cyber-espionage). 35 “Air gapped” networks are those physically, electrically, and electromagnetically isolated from other networks such as the Internet. 36 William J. Lynn III, U.S. Deputy Secretary of Defense, Defending a New Domain: The Pentagon’s Cyberstrategy, Foreign Affairs (Sept./Oct. 2010), available at http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new-domain (describing defense intitiatives put in place to defend the U.S. from cyber threats).

9

groups disagree, such as the 2010 attack on Google by a “highly sophisticated and

targeted attack” originating from China,37 and attacks against the music and motion

picture industries for their support of anti-copyright infringement legislation.38 Other

attacks have had widespread effects on entire nations, such as the 2007 attack on Estonia

by Russian hacking groups,39 and the 2009 cyber-attacks against South Korea.40 (These

attacks are describe in Part III below.)

Every day, new components of our infrastructure are being connected to networks,

allowing more efficient operation, but also opening those components to computer

network attacks.41 The development of smart grid technology is an example of this. By

placing controls of the power grid on interconnected information systems, power can be

efficiently controlled and distributed. The security of these systems should be made a

37 Andrew Jacobs & Miguel Helft, Google, Citing Attack, Threatens to Exit China, N.Y. Times (Jan. 13, 2010), http://www.nytimes.com/2010/01/13/world/asia/13beijing.html (discussing Google’s reaction to network attacks it says were aimed at curbing free speech in China). 38 See e.g., Attacks target recording industry, BBC (Sept. 20, 2010), http://www.bbc.co.uk/news/technology-11371315. 39 A look at Estonia’s cyber attack in 2007, msnbc.com, http://www.msnbc.msn.com/id/31801246/ns/technology_and_science-security/t/look- estonias-cyber-attack/ (last visited Feb 4, 2012) (the cyber attack on Estonia 2007, discussed in Part II of this paper, was a three week assault on Estonia’s “e-government” following the removal of a Russian memorial in Estonia’s capital). 40 South Korea hit by cyber attacks, BBC (Mar. 4, 2011), http://www.bbc.co.uk/news/technology-12646052 (these attacks were blamed by the South Korean government on North Korea, but definitive links were never established). 41 See e.g., Matthew L. Wald, Making Electricity Distribution Smarter, N.Y. Times Green Blog (April 21, 2009), http://green.blogs.nytimes.com/2009/04/21/making- electricity-distribution-smarter/ (discussing the spread of smart grid technology that increases efficiency in electrical power operations by monitoring and controlling electricity distribution); and Norman Announces New SCADA Security System to Protect Industrial Infrastructure, Market Watch (Feb. 14, 2012), http://www.marketwatch.com/story/norman-announces-new-scada-security-system-to- protect-industrial-infrastructure-2012-02-14 (announcing release of updated security measures for pipeline SCADA systems).

10

national priority.42 However, no level of security spending will completely eliminate

vulnerabilities, and those vulnerabilities will eventually be exploited.43

The dramatic rise in both attacks and vulnerabilities have led governments to

recognize the enormity of the issue, resulting in a push for increasing mandated cyber-

security covering both government and private networks. At a 2011 hearing, Rep. Dan

Lungren, Chairman of the House Subcommittee on Infrastructure Protection,

Cybersecurity and Security Technologies, stated that one of the top listed concerns for

American lawmakers, intelligence officials and military leaders is the rapidly growing

cyber threat.44 He cited the belief that a successful cyber attack on our power grid or

communications networks could cripple our economy and threaten national security.45

The President has established multiple task forces to evaluate and make

recommendations for the future of cyber-security.46 British Foreign Secretary William

Hague convened a conference on cyber attacks after criticisms of failing to take cyber

threats seriously in hi

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.