Dyson College of Arts and Sciences

Hence tapping into this mass collective of completely insecure computers replete with massive vulnerabilities while at the same time attackers mask their real identities—by proxy, zombie computer, spyware/virus infected, etc. so as to maintain the capability to launch attacks—also demonstrates another plausible notion that should be considered, although it requires suspending a thinking mind: that a different state or government-sponsored agency from outside China is using the zombie chain to throw attention on China is possible but implausible, and hence the tremendous friction between the U.S. and China continues as America withstands constant intellectual property thefts from abroad, mostly China. In early December 2005 the director of the SANS Institute, a security institute in the United States, said that the attacks were "most likely the result of Chinese military hackers attempting to gather information on U.S. systems." 24 Adam Paller went on to state that the attacks came from individuals with "intense discipline," and that, "no other organization could do this if they were not a military". 25, 26, 27 Since the advent of the Advanced Persistent Threat—manifest by China's Titan Rain—the U.S. has withstood the constant bombardment of attacks emanating from overseas and has been the target of constant probing and attempted network penetrations, vying to see how far attackers might burrow inside sensitive networks. The Computer Emergency Response Team (ICS-CERT) states, for example, that industrial control systems in the United States were targets of cyber-attacks at least 245 times in the 12-month period between October 1, 2013 and September 30, 2014. Seventy-nine of these incidents involved companies in the energy sector; sixty-five of the incidents involved attacks that managed to gain access to ICS manufacturer systems, and of the known attack vectors, 42 of the incidents were attributed to directly to phishing attacks, while the attack vector could not be identified for the other 94. 28, 29 Real World Examples of 'Hard' Cyber Attacks that Illustrate the Need to Embrace the Controls May 2007 saw the world's first cyber-attack by one nation on another using the Internet and its underpinning technologies, IP (Internet Protocol) and TCP (Transmission Control Protocol). Shortly after the Estonian government opted to remove a bronze war memorial statue of a World War II-era Russian soldier in April, 2005, Estonia, which under force had become part of the U.S.S.R. immediately after the conclusion of World War II, became the world's first victim of a covert massive cyber-attack that crippled the nation. The attack occurred in the middle of a dispute over the fate of the soldier statue and its removal to an area outside the town's center; Russia's disapproval was palpable as the two nations bickered over the fate of the statue and, after Estonian officials removed it from the town square location, Estonia was subjected to a barrage of cyber warfare activities that disabled the government's websites, political party websites, Estonian online newspapers, banks and companies—essentially anything connected to the Internet that could be reached from outside the country. 30 69

• Cover