Courtney Askins

Mount Aloysius College

CSIT 401

Foreign Adversaries Use of Cybersecurity:

It's Impact on U.S. Citizens and the American Government

 Hackers are the stuff of Hollywood movies. Mission Impossible depicts Tom Cruise
illegally hacking into a security system of a highly classified facility to commit espionage and
destroy his target's capabilities. Spies targeting networks of enemy facilities and military
technology to cause chaos have been the interest of movie enthusiasts and nerds everywhere.
How are these systems protected? With cybersecurity analysts, of course! Cybersecurity is
relatively new. Every day new problems arise need to be addressed immediately. If left
unattended, then dire consequences can result. The consequences can range anywhere from a
good joke of the hacker just to prove he could do it to a more severe offender such as one of
America's greatest adversaries. Ask anyone who is America's greatest adversary, and most will
say either China or Russia. By analyzing cyber security's importance in everyday life, this paper
will evaluate the significance of how America's adversaries commit espionage and impact the
lives of its citizens.

Who breaches cybersecurity features of various entities, and why? Well, the individual
hacker can be anyone with access to technology. Why they do it varies from person to person.
One author named Li created a list of motivations listed here: (Li 2017).

Curious hacker Thrill seeker Power seeker Vandal

Steal industrial Exploit children Steal money Terrorism
secrets
International spy Revenge Cyberstalking Cyberactivism
Conduct espionage Test computer Steal intellectual Politically motivated
against a government security property

The effectiveness of cybersecurity can impact businesses everywhere. Small companies

suffer just as much as big-name businesses if hackers successfully breach their security systems.
Transfer of business deals can go up in smoke should trade secrets be revealed, or a company
does not reveal it had been hacked. This very situation happened to Yahoo in 2016. Verizon
Communications Inc. attempted to purchase Yahoo’s web assets in cash totaling $4.83 billion
(Trope and Hantover 2017). Usually, business deals can be very lucrative; should everything
remain transparent. However, sometimes businesses do not always reveal the problems they have
had in the past. Yahoo had failed to inform Verizon that in 2013 and 2014, there was a
successful hack of their data systems resulting in the most massive breach of personal data
totaling over one billion user accounts being illegally accessed (Trope and Hantover 2017).
Most businesses are given an option when transparency fails. Usually, this option is to terminate
the agreement due to the dishonesty of services rendered. In this particular situation, Verizon
was offered to either terminate their purchase or renegotiate the sales transaction (Trope and
Hantover 2017). Unfortunately, when sales agreements are renegotiated, the company loses
money or ends up responsible for future problems. As a result of the breach Yahoo agreed to
change the purchase price from $4.83 billion to $4.48 billion, they would be liable from any
lawsuits due to the breach, and both companies would be 50% responsible for any cash liabilities
related to any other data breaches (Trope and Hantover 2017). What would have been a
lucrative deal for Yahoo turned into a liability?

Government agencies such as the National Highway Traffic Safety Administration must
also remain vigilant in their fight for flawless cybersecurity gone are the days of older vehicles
equipped with a mere radio small manual windows. Few people seek to purchase these cars as
new, more luxurious vehicles have become inexpensive and more comfortable to more
comfortably people buy older vehicles to collect. However, with the advancement of technology
has come the modern automobile. These vehicles equipped with satellite tracking systems and
electronic steering have become an interest in national security.

The National Highway Traffic Safety Administration (NHTSA) published an

enforcement Guidance Bulletin in 2016 (Trope & Hantover, 2017). Vehicles today almost
always come with the option to use satellite connections. The guidance bulletin states that "If
software creates or introduces an unreasonable safety risk to motor vehicle systems including its
critical systems such as braking, steering, or acceleration, then that safety risk constitutes a
defect compelling a recall" (Trope & Hantover, 2017). Hackers can take control of cars
electronic systems just like they can with a computer. They can do so either directly or remotely.
If the hacker wanted, he could cause fatalities by taking control of the steering or braking. Scary
to think about the possibilities should the wrong individual be capable of such a thing. But what
happens if a defect is known even though there was no hacking attempt? According to the
bulletin, a recall must be issued (Trope & Hantover, 2017).

The NHTSA is not the only agency concerned about vehicle safety. Law enforcement
also investigates technology being used to circumvent laws in certain areas that ban other taxi
services such as Uber. Individuals can download software to their phones called Uber or Lyft.
These applications allow the individual to link a bank account and request rides from their
location to whichever destination they seek. In return, they pay the driver a fee usually based on
distance or a flat-rate fee. Unfortunately, not every city allows these companies to operate. To
protect profits for traditional taxi services, some cities have banned the use of Uber and Lyft.

Unfortunately for Uber, the New York Times wrote a story about them using software
called Greyball (Trope & Hantover, 2017). This was a nightmare for Uber as it resulted in an
investigation by law enforcement and a subsequent lawsuit. What is Greyball software? The
application allowed Uber to avoid picking up law enforcement or government officials by
analyzing credit card data and geolocation in an attempt to identify the requester (Trope and
Hantover 2017). When the individual was tagged as government, the application would deny the
requester a vehicle, or it would show that no cars were in the vicinity (Trope and Hantover
2017). This allowed Uber to avoid any law enforcement stings that would entrap its drivers,
therefore, foiling the police department’s plans. But like any other illegal activity, Uber was not
free from punishment despite its declaration to cease utilizing Greyball, and the damage was
already done.

Lawyers must obey cybersecurity practices as well. They are required to use encrypted
email when necessary to protect client information. Lawsuits can be tainted if a hacker can
access the lawyer’s emails to clients. One party can receive an unfair advantage when they have
the information they should have never seen before the court hearing. Should a lawyer find out
their systems have been breached, they are required to destroy client information on the devices
as much as possible and may be required to keep hard copy notes of the trials instead of
electronic records (Trope and Hantover 2017). This can be quite burdensome if a lawyer is not
used to keeping records on paper for their clients. Their case can be postponed until their
systems are fully functioning again.

Legal companies are just of much of a target as any big-name industry. AP Moller-
Maersk and DLA Piper were two big-name law firms affected for over a week by cyberattacks to
the point it disrupted active litigation (Trope and Hantover 2017). Countries such as China could
actively disrupt court hearings involving their companies with other international companies who
have filed lawsuits. They could also alter information in the legal systems of other countries to
benefit from the trial or to mitigate it entirely. This is unfair to the U.S. government, and it’s
citizens.

Health insurance companies can also be taken advantage of by hackers. To sell health
insurance, one must be licensed in whichever state he or she operates in. A program by the name
of Zenefits had helped people in various countries violate this law by allowing them to acquire a
certificate of completion. However, the individual has not taken the state licensing exam. It also
allowed the individual to remain logged in to the training program indefinitely, thereby allowing
them to sell insurance. At the same time, under the disguise of taking a course, they had no
intention of completing (Trope and Hantover 2017). A prospective buyer has the right to see an
insurance agent’s credentials that prove the individual is licensed. This causes problems should
law enforcement start identifying people who sold insurance for three years but did not complete
the requirement to have their license within six months of being hired. When companies fail to
prove their employees are doing what is required, they can be sued. Eventually, the law caught
up with Zenefits, and the company received a $1.2 million fine in the state of New York (Trope
and Hantover 2017).

Just how robust is cybersecurity? On May 12, 2017, WannaCry ransomware successfully
penetrated over 230,000 computers in a matter of 48 hours. This attack resulted in numerous
hospitals from performing their duties, disrupted transport networks, and immobilized businesses
(Trope and Hantover 2017). Unfortunately, this attack was so powerful it brought companies to
a halt for several months.

Airports are at just as much of a risk of security violations as big-name businesses. A

survey of I.T. personnel at 200 of the busiest airports in Europe and the USA was conducted
online in which only one-third of the staff responded (Lykou, Anagnostopoulou, & Gritzalis,
2018, 2019). Of those individuals, 59% stated they felt the airport had adequate I.T. security
protocols. However, 76% of the respondents indicated they felt the most significant security flaw
was the lack of awareness amongst I.T. personnel followed by internet connectivity risk (Lykou,
Anagnostopoulou, & Gritzalis, 2018, 2019). How do large airports compare to smaller airport
facilities? According to the survey, all of the facilities implemented the use of necessary
firewalls. Still, only 60% of the significant airports had ample security practices, whereas the
smaller facilities came in at 36% (Lykou, Anagnostopoulou, & Gritzalis, 2018, 2019). This is
alarming to think about. What these numbers mean is that if a hacker attacked the airports I.T.
infrastructure, there is a severe probability that they could cause substantial damage. Everything
from baggage tagging, to checking in to get tickets, to air traffic controllers could be
significantly harmed. Flights could be delayed, pilots would not be able to make contact with the
tower to decide if they can land or not. Ultimately this could put many individuals’ lives at stake
because air traffic controllers need to see everything going on to ensure the planes land safely.
Should a foreign country want to cause mass mayhem, it would only take a few skilled hackers
to attack several businesses and airports at the same time. After all, the attack in 2014 caused
businesses to be obstructed for months on end.

These various lapses in security can be utilized by foreign entities to conduct multiple
attacks against the U.S. government and its citizens. In recent news articles, stories about Jeff
Bezos, owner of Amazon, have recently come to light. The Saudi Crown Prince is alleged to
have been behind hacking Bezos's phone by sending him a video file over the application
Whatsapp. Once Bezos opened the video malware downloaded to his phone and started secretly
sending out data. Eventually, a news story was published revealing Bezos was having an affair.
The Crown Prince was suspected due to a message he had sent Bezos in which a picture of a
woman resembling his girlfriend was sent with the caption "women are a lot like terms and
conditions. In the end, you ignore everything they say, and you claim to agree." (BBC 2020).
The purpose of this attack was blackmail, as Bezos is one of the richest technology men on
Earth. He was also in talks with the Saudi Crown Prince about bringing Amazon to Saudi
Arabia.

Currently, there are plans to target Russia's senior leaders to deter any future attack on the
U.S. 2020 elections. General Paul Nakasone stated that the government was considering
targeting Melendez 2019’s elite and possibly publishing the identities of Russians working for
Russian military intelligence units who specialize in information technology (Melendez 2019).
This is a big deal. Melendez 2019's elite have been rumored to undermine their citizens and rob
them of money to stay in power. If Cybercom were to release such sensitive data on the
individuals, this could cause an uprising within Russia. When information like this becomes
public, it has, in the past, caused citizens to murder their government leaders in Russia in the
past. This has also been the case in other countries. However, General Nakasone indicated that
the information that would be released would not be sufficient enough to cause an uprising, as
that is not the ultimate goal. However, it would be sensitive enough to alter the leader’s decision
making for events at that particular time. General Nakasone refused to specify what information
would be published in such an event (Melendez 2019).

No country wants its intelligence analysts to be revealed. Not even America. By

revealing their analysts, this leaves them vulnerable to murder and intimidation campaigns.
These murder and intimidation tactics could then be carried out by both domestic entities in
Russia or by foreign adversaries. Should this same situation happen to America, our country
could stand to lose a lot of security-wise. Hence the reason why America is always trying to
protect its citizen's identities through proper information technology security protocols.

How do we protect against cyber-attacks? With security features such as firewalls, of

course. Various firewalls provide different levels of security. Everyone can download free
firewalls offering fundamental security. Firewalls that require payment give a much higher level
of protection by providing several layers of authentication and denial to unauthorized users.
According to (Sharma & Parekh 2017), free firewalls are typically used by various companies
with PFSense being the most widely used (Sharma & Parekh 2017). It does not cost much to get
excellent protection. What matters most is how well the program functions at denying cyber
attacks.

Of course, firewalls alone are not enough to protect the U.S. from attacks. General Keith
Alexander rated the U.S.'s cyber defense preparedness at a three on a scale of 1 to 10, giving the
U.S. an overall F (Ulsch 2014). Not done reviewing this source yet, come back later.

How big of a deal is cybersecurity? According to Hollis, "The U.S. is at least one of
thirty countries building a military capacity to conduct offensive cyberattacks" (Hollis, Ohlin &
Jens, 2018). Utilizing cyber attacks can occur in several ways. Hollis indicates these can be
through “disrupting an adversary's command and control networks, military-related critical
infrastructure, or weapons capabilities” (Hollis, Ohlin & Jens, 2018). But just how many
countries are willing to adopt a policy regarding cybersecurity for military defense? Some
countries are very concerned about this becoming an official thing. China and Cuba reportedly
do not want to accept that some militaries wish to the right to use it for self-defense (Hollis,
Ohlin & Jens, 2018).
 Cybersecurity has been and will continue to be a relatively new method of protection for
one's government. What is important is figuring out whether or not militarizing cybersecurity is
ideal. Several questions remain about doing such a thing. Unlike natural environments such as
the land, air, and sea, cyberspace remains a human-made creation. Almost everyone has heard of
the Geneva Conventions, which established a set of rules for the war on land. However,
cyberspace has yet to be included in such a thing. According to Hollis, questions regarding
establishing a set of cyberspace rules are, “who will have authority to regulate cyberspace; what
vehicles they will most likely use to do so; and what the rules of behavior for states and
stakeholders will be (Hollis, Ohlin & Jens, 2018). Historically, The Hague and the Geneva
Conventions have been extremely worthwhile in settling what should be acceptable standards. It
is possible at some point in the future that they will both accommodate issues about cyber
warfare. Unfortunately, according to Hollis, the biggest problem in establishing a treaty on cyber
warfare is the inability of various nation-states to mutually agree on what cyberspace is supposed
to be used for (Hollis, Ohlin, Jens 2018). Once this question is resolved amongst every country
on Earth or at least a vast majority, one could assume that a valid cyberwarfare treaty can come
into existence.

News companies have reported on this particular topic in recent years. Perhaps one day,
every nation can mutually agree on something or, at the very least, the most powerful countries
will. Source on china recently signing an agreement with the USA goes here; need to find it.

Much of America's military equipment operates through technology. Our naval vessels
require technology to get from one destination to another utilizing sonar. Fighter pilots have
radios in their cockpits that can be intercepted. Our military has reported that in Afghanistan, Al
Qaeda was using handheld radios. Luckily, our nation’s great warriors were able to intercept
their radio calls by deploying a technologically advanced system called a Guardian. What this
piece of equipment does is it causes the frequencies to be jammed and thereby denying the
enemy the opportunity to communicate with one another. Similarly, cell phones have been used
to set off explosives remotely. Our enemy can figure out how to hack our phones and computers
to prevent us from communicating between ourselves and the outside world. This can be quite
hazardous. They can listen in to our phone calls just like we do to theirs. Unfortunately, if the
enemy can listen in, then they can commit espionage during the war.
 The ability of the enemy to listen in to phone calls is just as detrimental as it is for us.
Should we go into negotiations with another country they could potentially listen in to our phone
calls to figure out a counter-argument without our knowledge? As a result, our negotiation
process will be hindered or potentially cause us to lose something valuable. I need to find the
source to back this claim.

As a result of the new usage of cyber warfare, the question about legalities comes into
play. What exactly does American law define cybersecurity as? Will other countries accept our
definition so we can cultivate a cyberwarfare treaty? (Source about law goes here).

What happens when cybersecurity is used to attack one's freedoms? Kubitschko

evaluates the threat that cybersecurity poses to those who seek democracy over communism.
One of America’s greatest adversaries has always been China. Our government has advocated
against the Chinese government’s mistreatment of its citizens. Within China, some individuals
would love to have capitalism and function as a democratic society like America.

China is perceived to be the biggest threat to cybersecurity in the U.S. due to their high
level of income and technical know-how that matches the U.S., The Air Force, is the most
vulnerable to cybersecurity attacks than any other branch of service according to one defense
analyst (Zhao, 2016). Due to its use of the NIPR net. Air force uses unencrypted communication
more. Distance is an issue for aerial refueling that has to be done over the internet. A report on
Chinese activities for cyberwarfare showed that they are focusing on the U.S. non-secure
transmissions. Could cripple warplanes and disrupt communications during an attack on places
like Taiwan. Could prevent a counter-attack (Zhao, 2016).

Conclusion
References:

Jeff Bezos hack: Saudi Arabia calls claim 'absurd'. (2020, January 22). Retrieved from
https://www.bbc.com/news/business-51171400

Kubitschko, S. (2015). The role of hackers in countering surveillance and promoting democracy.
Media and Communication, 3(2), 77-87. doi:10.17645/mac.v3i2.281

Li, X. (2017). A review of motivations of illegal cyber activities. Kriminologija & Socijalna
Integracija, 25(1), 110-126. doi:10.31299/ksi.25.1.4

Lykou, G., Anagnostopoulou, A., & Gritzalis, D. (2018;2019;). Smart airport cybersecurity:
Threat mitigation and cyber resilience controls. Sensors (Basel, Switzerland), 19(1), 19.
doi:10.3390/s19010019

Melendez, P. (2019, ). U.S. CyberCom looks to target russian elite if moscow messes with 2020
election: One tactic explored by U.S. cyber command includes targeting senior russian
leadership’s sensitive, personal data if moscow tries to interfere in the 2020 elections. The Daily
Beast

Ohlin, J. D., & Hollis, D. B. (2018). What if cyberspace were for fighting? Ethics &
International Affairs, 32(4), 441-456. doi:10.1017/S089267941800059X

Sharma, R., & Parekh, C. (2017). firewalls: A study and its classification. International Journal
of Advanced Research in Computer Science, 8(5)

Trope, R. L., & Hantover, L. L. (2017). Reckoning with the hacker age: Cybersecurity
developments. Business Lawyer, 73(1), 227-238.

Ulsch, N. M. (2014). Cyber threat: How to manage the growing risk of cyber attacks (1st ed.).
Hoboken, New Jersey: Wiley.
 Annotated Bibliography

Badenhorst, R. (2017). cybersecurity: Saves financial organizations. Accountancy S.A., 32

The Journal of Accountancy examines how cybersecurity protects and maintains various
financial organizations. This is important to Americans everywhere. If a foreign adversary can
access our bank accounts, it can create chaos. Protecting our finances also protects the
government infrastructure from foreign adversaries draining our reserves.

Coles-Kemp, L., Ashenden, D., & O'Hara, K. (2018). Why should I? cybersecurity, the security
of the state, and the insecurity of the citizen. Politics and Governance, 6(2), 41-48.
doi:10.17645/pag.v6i2.1333

Case studies such as this one are useful in examining cybersecurity obligations of the state versus
its obligations to its citizens. To what expense is the citizen affected by the state maintaining
cybersecurity? It analyzes absences in security. These are absences of consensus as to whose
security is being addressed, evidence of equivalence between the mechanisms that control
behavior, and two-way legibility.

Day, G., & Cresswell, A. (2017). Security in the digital world: For the home user, parent,
consumer, and home office. Ely: It Governance.

This study examines the persistent threats everyone experiences on a day to day basis. Another
hacker, Martin Hellman, describes how he created the public key encryption. The importance of
firewalls and why they are necessary are discussed. Most importantly, how cybersecurity uses
hackers to violate various systems across the world.

Dinniss, H. H., Institutionen för säkerhet, strategi och ledarskap (ISSL), Försvarshögskolan, &
Folkrättscentrum (upphört). (2012). Cyberwarfare and the laws of war. G.B.: Cambridge
University Press. doi:10.1017/CBO9780511894527.
Cyber Warefare analyzes international law and how it pertains to cybersecurity threats. It also
relates to armed conflict. An analysis of international humanitarian law to computer network
attacks is also examined.

DOD announces the first U.S. cyber command and first U.S. CYBERCOM commander. (2010).
(). Washington: Federal Information & News Dispatch, Inc.

This article reviews the new creation of fo cyber command. It is similar to CENTCOM in which
it specializes in a particular area. CENTCOM focuses on the middle east, while CYBERCOM
focuses on the security of the internet and telecommunications systems. It also evaluates
the new challenges ahead for the new command.

Esteves, J., Ramalho, E., & Haro, G. D. (2017). To improve cybersecurity, think like a hacker.
MIT Sloan Management Review, 58(3), 71.

Various companies have become victims of cybersecurity incidents. Presently, these companies
include Target, JPMorgan Chase, Home Depot, Sony Pictures, Ashley Madison, and Yahoo.
Interviews with several hackers reveal the motives behind the attacks. These reasons are either
explorative or exploitation.

Finnemore, M., & Hollis, D. B. (2016). Constructing norms for global cybersecurity. American
Journal of International Law, 110(3), 425-479. doi:10.1017/S0002930000016894

Efforts are being made to establish norms for cybersecurity. Countries all over the world are
trying to identify what should be prohibited and which actions are ok. New insights help identify
challenges that cybersecurity analysts face globally. The effects of these new norms are
evaluated based on what happens in the world.

Grimes, R. A. (2017). Hacking the hacker: Learn from the experts who take down hackers. New
York: John Wiley & Sons, Incorporated.
An interview is conducted with 26 notable white hat hackers. These analysts explain why they
have chosen this profession, and it’s importance. They also explain the persistent threats
everyone faces. Martin Hellman also describes how he helped create public-key encryption.

Hu, H., Ahn, G., & Kulkarni, K. (2012). Detecting and resolving firewall policy anomalies.
IEEE Transactions on Dependable and Secure Computing, 9(3), 318-331.
doi:10.1109/TDSC.2012.20

Firewalls are analyzed in this article. How effective they are and how they can be infiltrated is
examined. Experiments are conducted regularly to find inadequacies in the security features of
the firewall.

Jeff Bezos hack: Saudi Arabia calls claim 'absurd'. (2020, January 22). Retrieved from
https://www.bbc.com/news/business-51171400

This news article summarizes the Jeff Bezos phone hack scandal. It states that the crown prince
of Saudi Arabia has hacked into his phone by sending a weblink to Jeff's phone. These malicious
web links can be used to spy on target phones. Saudi Arabia denies the claim despite evidence
due to an affair Jeff had. The crown prince sent a message about the woman that he would not
have known about unless he hacked into Jeff's phone.

Kosseff, J. (2018). Defining cybersecurity law. Iowa Law Review, 103(3), 985-1031.

Kosseff describes what cybersecurity is. He goes into detail about how the U.S. legal system still
doesn't have a general idea of what cybersecurity laws should entail. It also goes into detail about
what can be done to protect citizens' privacy. In it, he also elaborates on why privacy is
important.

Kubitschko, S. (2015). The role of hackers in countering surveillance and promoting democracy.
Media and Communication, 3(2), 77-87. doi:10.17645/mac.v3i2.281

The Chaos Computer Club (CCC)—one of the world's largest and Europe's oldest hacker
organizations, is evaluated in this publication. CCC is examined because hackers utilizing
surveillance are poorly understood. The rationale of this paper is to examine the CCC as a civil
society organization that counter-acts contemporary assemblages of surveillance in two ways.
They deconstruct technology and then rebuild and maintain a new alternative media presence.
They also broadcast to people everywhere what they can do and how.

Li, X. (2017). A review of motivations of illegal cyber activities. Kriminologija & Socijalna
Integracija, 25(1), 110-126. doi:10.31299/ksi.25.1.4

Motivations of hackers conducting illegal activities are examined in this paper. These individuals
have motivations that vary widely. The hackers are similar in that they operate in grey areas
where the law can be manipulated. An in-depth examination determines why these hackers do
what they do.

Lykou, G., Anagnostopoulou, A., & Gritzalis, D. (2018;2019;). Lykou, Anagnostopoulou, &
Gritzalis, 2018, 2019 cybersecurity: Threat mitigation and cyber resilience controls. Sensors
(Basel, Switzerland), 19(1), 19. doi:10.3390/s19010019

Lykou, Anagnostopoulou, & Gritzalis, 2018, 2019 have been a huge deal since September 11,
2001. Ever since hijackers took over the airplanes and crashed them, national security has looked
into Lykou, Anagnostopoulou, & Gritzalis, 2018, 2019. One feature is protecting airplanes from
having their systems attacked. Some companies have considered equipping airplanes with
features to land them in case of an emergency such as a hijacking.

Melendez, P. (2019, ). U.S. CyberCom looks to target russian elite if Melendez 2019 messes
with the 2020 election: One tactic explored by U.S. cyber command includes targeting senior
russian leadership’s sensitive, personal data if Melendez 2019 tries to interfere in the 2020
elections. The Daily Beast

Allegedly Russia has hacked the 2016 elections. The 2020 elections are not safe either. This
article evaluates what the U.S. may do to deter a future attack on the next elections. Deterrents
against the Russian government are evaluated in case a future attack reoccurs.
Munoz, C. (2006). As leaders debate 'CYBERCOM' mission: AIR FORCE OFFICIAL SEES
CHINA AS BIGGEST U.S. THREAT IN CYBERSPACE. Inside the Air Force, 17(46), 7-8.

China has always been a big adversary of the U.S. Russia is also another adversary of the U.S.
China has dedicated personnel to solely conduction espionage through cybersecurity attacks.
Some Chinese citizens are employed solely to work tirelessly on hacking.

Ohlin, J. D., & Hollis, D. B. (2018). What if cyberspace were for fighting? Ethics &
International Affairs, 32(4), 441-456. doi:10.1017/S089267941800059X

The ethical and legal implications of prioritizing the militarization of cybersecurity are examined
in this document. Factors such as who can regulate cyberspace, how they will do it, and what the
rules will become. Currently, we are seeing cybersecurity being weaponized throughout the
world. What will the ethics be concerning cybersecurity?

Scandariato, R., Wuyts, K., & Joosen, W. (2015). A descriptive study of Microsoft's threat
modeling technique. Requirements Engineering, 20(2), 163. doi:10.1007/s00766-013-0195-2

Microsoft's STRIDE is a popular threat modeling technique commonly used to discover the
security weaknesses of a software system. In turn, discovered weaknesses are a major driver for
incepting security requirements. This paper evaluates STRIDEs ineffectiveness. It uses a study of
several university students in a Masters's program.

Sharma, R., & Parekh, C. (2017). firewalls: A study and its classification. International Journal
of Advanced Research in Computer Science, 8(5).

This is simply another study on firewalls and their usefulness. How firewalls work is examined.
Methods to take them down are examined. Future methods to prevent issues are discussed.

Trope, R. L., & Hantover, L. L. (2017). Trope and Hantover 2017 with the hacker age:
Cybersecurity developments. Business Lawyer, 73(1), 227-238.

There were cyber incidents involving Yahoo that caused problems with Verizon acquiring
Yahoo. Software utilized to evade the police by Uber is discussed. This is important because it
shows various companies using cybersecurity flaws to get away with petty crimes. Also,
Zenefits misused software to avoid insurance broker licensing education requirements.

Ulsch, N. M. (2014). Cyber threat: How to manage the growing risk of cyber attacks (1st ed.).
Hoboken, New Jersey: Wiley.

Various parts of the government are at risk of cyberattacks. It assesses how governments and
private entities should protect their assets to prevent horrible consequences. An examination of
government and private corporations working together is analyzed to determine the best method
to protect data.

Yang, T. Y., Dehghantanha, A., Choo, K. R., & Muda, Z. (2016). Windows instant messaging
app forensics: Facebook and skype as case studies. PloS One, 11(3), e0150300.
doi:10.1371/journal.pone.0150300.

People nowadays use instant messaging in various forms. Some forms are text messages, others
are through Facebook messenger or even Whatsapp. These devices are attractive for people
wanting to commit phishing attacks. Facebook and Skype are specifically examined in this
essay. They look into everything from how long the data is kept to whether or not it's deleted
once the apps are uninstalled.

Zhao, Y. (2016). China and cybersecurity: Espionage, strategy, and politics in the digital
domain. Vancouver: The University of British Columbia - Pacific Affairs.

Zhao examines how China utilized software to spy on its citizens and people abroad. It examines
how cybersecurity is used in espionage. The implications of such tactics are also identified and
how it affects politics.