Project 6: Global Approaches to Cybersecurity
Step 13: Compose Global Cybersecurity Environment Report

Throughout this project, you have researched and considered global cybersecurity issues, technologies, and related policies. You have evaluated various countries and international organizations. It is now time to compose your consultant’s report to GlobalOutreach documenting your findings. Refer to the

instruction for the Global Cybersecurity Environment Report

for additional guidelines.

Submit your completed report.

Check Your Evaluation Criteria

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.

• 2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
• 7.2: Evaluate international cybersecurity policy.
• 8.2: Evaluate specific cybersecurity threats and the combination of technologies and policies that can address them.

Instruction for the Global Cybersecurity Environment Report

Review the work you have done throughout the project. If necessary, review the eLearning modules in steps 6 and 9 and your Simtray Report completed in Step 3 along with the feedback from your instructor.

Be sure to address the following items at some point in your report.

• Analyze critical issues in global cybersecurity management and policy.
• Analyze critical issues in global cybersecurity technology policy.
• Analyze the principles of warfare that underpin cyberwarfare theory and application.
• Assess cybersecurity policies and procedures for transnational legal compliance.
• Compare and contrast international cybersecurity standards bodies.
• Identify key initiatives in international cybersecurity policy.
• Assess the cross-cutting effects of policy, budget, and technological capabilities upon the ability to address cyberthreats at the enterprise, national, and international levels.
• Assess policy and technology trade-offs that must be considered and made when addressing cyberthreats at the enterprise, national, and international levels.
• Assess and critique cybersecurity programs.
• Assess emerging cybersecurity issues, risks, and vulnerabilities.
• Assess key cyberattack technologies.
• Assess how the theories and principles of war apply to cyberwarfare, and apply those theories to understand cyberoffense and cyberdefense challenges.

Report Sections

• Title Page
• Table of Contents
• Introduction
• International Cybersecurity Threat Matrix
• International Environmental Scan
• Regional Cybersecurity Threat Fact Sheet
• Botnet Evaluation
• Botnet Discussion
• Botnet
• Conclusion

Conclusion

• Reference Page

Global Cybersecurity Environment Report

Abstract

CMP 620 5041 Cybersecurity Governance

Table of Contents

……………………………………………………………………………………………………………………3

………………………………………………………………….3

Analyze critical issues in global cybersecurity management and policy………………………………3

Analyze critical issues in global cybersecurity technology policy……………………………………….4

Analyze the principles of warfare that underpin cyberwarfare theory and application…………..4

……………………………………………………………………..5

Threat Matrix……………………………………………………………………………………………………………….5

Compare and contrast international cybersecurity standards bodies…………………………………..8

…………………………………………………………………………………..9

Environmental Scan: Africa……………………………………………………………………………………………9

Identify key initiatives in international cybersecurity policy……………………………………………..10

……………………………………………………………………..11

Africa Fact Sheet…………………………………………………………………………………………………………11

Assess cybersecurity policies and procedures for transnational legal compliance……………….13

Assess and critique cybersecurity programs……………………………………………………………………14

Assess the cross-cutting effects of policy, budget, and technological capabilities upon the

ability to address cyberthreats at the enterprise, national, and international levels…………….15

Assess policy and technology trade-offs that must be considered and made when addressing
cyberthreats at the enterprise, national, and international levels………………………………………15

Assess and critique cybersecurity programs……………………………………………………………………16

…………………………………………………………………………………………………………16

Evaluation of Botnets…………………………………………………………………………………………………..16

Botnet Key Features…………………………………………………………………………………………………16

Issues associated with Botnets…………………………………………………………………………………..17

Global Cybersecurity Policy……………………………………………………………………………………..17

Botnets Evolved over the Years………………………………………………………………………………….18

Botnets Impact on Policy………………………………………………………………………………………….18

Assess emerging cybersecurity issues, risks, and vulnerabilities……………………………………….19

………………………………………………………………………………………………………….19

Botnet Discussion……………………………………………………………………………………………………19

How Botnets have emerged, changed, over past 5-10 years………………………………………19

Key Technical Features of Botnets………………………………………………………………………….19

What Contributing Factors may cause Botnets to change, over the next 10 years…….20

Assess key cyberattack technologies………………………………………………………………………………20

…………………………………………………………………………………………………………22

Conclusion……………………………………………………………………………………………………………………23

Assess how the theories and principles of war apply to cyberwarfare and apply those theories
to understand cyberoffense and cyberdefense challenges…………………………………………………23

References……………………………………………………………………………………………………………………..24

Table of Contents

Introduction
Global Approaches to Cybersecurity

There is no need to buy more resources and products, we will never manage every single
threat, and there will be security gaps between products. Concerning detection, malware moves
to quickly and it could take days, months to remedy the problem. The correct approach,
“prevention and consolidation, it looks at the entire organization and focuses on creating a single
architecture that covers all environments and is managed by a unified platform”. It “keeps every
entry point to the organization secured all the time, be it the traditional network, the data center,
mobile devices or the cloud server”. The “attack indicators are shared among all environments”.
All “technologies are synchronized to provide multiple-layers of protections, and all entry points
are protected with no security gaps between”. There is also a need to deliver actionable threat
intelligence between every device, network, branch office or endpoint, so that even if one
environment will be targeted – all the others will be able to identify the same threats and block
it” [ CITATION For17 \l 1033 ].

The “Global Conference on Cyberspace (GCCS), recommended a cybersecurity approach
that includes the three cyberspace powers, the United States, China & Russia”. In this approach,
the “multi-stakeholder model mirrors the traditional technical management of the Internet, which
has proven to be very effective in maintaining the resilience of cyberspace”. It is a “bottom-up
consensus, fosters a collective sense of management, and stresses the promotion of trust and
international cooperation”. At this present time, the United States, China & Russia “have not
agreed on a common treaty to harmonize national laws or facilitate cooperation in cyberspace”
[ CITATION wef15 \l 1033 ].

Analyze Global Approaches to Cybersecurity

Analyze critical issues in global cybersecurity management and policy

There are no global cybersecurity policies to manage or stop Nation-states
associated with cyberthreat actors, like, Russia, China, and Iran (UMUC, 2019).
The United States policies for cybercrime and cyberwarfare do not apply to state
actors. Cybersecurity policies have no international legal frameworks that can be
managed globally and with trust. Some of the critical issues at hand are the absence
of “international frameworks and standards, the lack of sharing global data about
security incidents, an international approach to developing offensive cyber
capabilities by both state and non-state actors, and the importance of global

government decision-makers” collaborating on cybersecurity, cybercrime,
cyberdefense, and cyber awareness [ CITATION Ter17 \l 1033 ].

Analyze critical issues in global cybersecurity technology policy

The Information Technology Industry Council (ITI) “supports policies that
increase security while maintaining the benefits of cyberspace”. ITI “works to
ensure that cybersecurity policies in the United States and around the world reflect
the interconnected and interoperable global nature of today’s digital
environment”.” In order to secure cyberspace, ITI advocates for cybersecurity
policies that are adaptable to rapidly emerging threats, technologies, and business
models” [ CITATION iti19 \l 1033 ]. Cybersecurity Tech Accord (CTA) “promotes
a safer online world by fostering collaboration among global technology
companies committed to protecting their customers and users and helping them
defend against malicious threats” [ CITATION cyb19 \l 1033 ]. Some critical
issues are lack of global tools to assist with cyberthreats, no global policies that
“prioritize security, privacy, integrity and reliability, and in turn reduce the
likelihood, frequency, exploitability and severity of vulnerabilities” [ CITATION
cyb19 \l 1033 ].

Analyze the principles of warfare that underpin cyberwarfare theory and
application

Concerning theory, “all state-sponsored military operations are conducted
for the purpose of accomplishing nation-state political or military objectives,
cyberspace, inherent to the initial design of the Internet, is formulated upon lines of
communication designed to transport information from point A to point B, and
there are key targets within cyberspace for which position and possession yield a
decisive military advantage”. “Any comprehensive theory that seeks to develop a
national strategy to conduct cyberwarfare should include as a primary objective the
need to secure critical cyber lines of communication, both physical (fiber optic
cable, SATCOM, ISPs, etc.) and logical (network domains, routers, servers, etc.)” [
CITATION Geo14 \l 1033 ]. Concerning application, Nation-state and non-state
actors must be willing to collaborate and agree on cybersecurity terminology and
concepts. The “application of cyber war capabilities has become increasingly
prominent due primarily to the fact that as many as 120 international governments
are pursuing information warfare programs” [ CITATION Far10 \l 1033 ]. In

response to other nation-states’ cyber programs, the 2006 Quadrennial Defense
Review (QDR) requested that the Department of Defense (DoD) develop a
capability to shape and defend cyberspace” [ CITATION Far10 \l 1033 ].

International Cybersecurity Threat Matrix
Threat Matrix

Country: China
Cyber Culture

(i.e., How does the country view
cyber threats? Is this consistent

with the general country
culture?)

Cybersecurity
Threats

Cyber Legal
Perspective/Cyber Economic

Perspective

Response to Cyberterrorism/Recruiting

A practice of “defending forward”
can look a lot like attacking
forward when one is on the
receiving end of a hacking
operation. One nation’s
development of additional cyber
capabilities and loosening of
authorities can be seen by other
nations as an unavoidable threat.
Interactions in cyberspace can
foster trust and cooperation, but
they also have the potential to
provoke suspicion, competition
and conflict. The deepening
cybersecurity dilemma is due not
just to American action. It is in
part due to threats the United
States perceives from China, a
topic her account largely glosses
over.

Points of
aggregations refer to
managed service
providers (MSPs),
which are companies
that manage other
firms’ information
technology (IT)
infrastructure
systems. These could
include small and
medium-sized MSPs,
as well as large
technology firms
such as IBM
[ CITATION Fan19 \l
1033 ].
China’s national
intelligence law, also
effective in 2017,
requires every
Chinese organization
and citizen to assist
and cooperate with
Beijing’s national
intelligence efforts.
The broad and vague
definition of
“national
intelligence” means
that companies and
citizens must answer
to the Chinese regime
when called upon
(Fang, 2019).
In 2010, “Chinese
actors attacked Adobe
Systems, Yahoo,
Symantec, Northrop
Grumman, Morgan
Stanley, and Dow
Chemical (Bengali,
et. al) using an
advanced persistent
threat (APT) that
appeared to be based
in Beijing”. The
“massive theft of tens
of millions records

China’s national intelligence
law, also effective in 2017,
requires every Chinese
organization and citizen to
assist and cooperate with
Beijing’s national intelligence
efforts. The broad and vague
definition of “national
intelligence” means that
companies and citizens must
answer to the Chinese regime
when called upon [ CITATION
Fan19 \l 1033 ].

Most Chinese have the same concerns as
much of the rest of the world about harmful
cyberactivity’s, including: efforts to crash,
slow, or paralyze vital cyber-based
Infrastructure; the promulgation of
information or images harmful to the polity,
society, or the economy (such as
pornography, false or misleading commercial
information, and the advocacy of violent
political revolution); espionage; the theft of
proprietary commercial data or information;
and specific actions designed to weaken the
capacity of the state to defend itself through
military and other means. Thus, both
authoritative and other Chinese observers
believe that “cyber security is an international
. . . issue and hacker attack is a common
challenge facing the whole world”
[ CITATION Swa13 \l 1033 ].

from the Office of
Personnel
Management (OPM)
in 2014 is attributed
to the Chinese, as is
the 2015 theft of
millions of records
from Anthem. This
represented the most
significant theft of
healthcare records to
date”. “Chinese
attacks against US
interests became so
prolific and bold that
the US took the
unprecedented step of
publicly accusing
China of attacking
US government
systems”
[ CITATION
UMU1914 \l 1033 ].

The 2015 agreement between the
United States and China on
commercial cybertheft seems to
have failed to appreciably slow the
widespread hacking of American
targets by state-affiliated Chinese
operators, though it may have
caused them to increase their
operational security in a bid to
evade detection.

Global dominance,
arms races,
Preparations for
Military Struggle
(PMS), international
strategic competition
in cyberspace
[ CITATION Jin19 \l
1033 ]

The new law sets forward,
important network equipment
and software will have to
receive government
certifications. This means that
specific pieces of intellectual
property or technical features
will have to be divulged,
which could easily be passed
on to Chinese companies by
the regulators behind
cybersecurity [ CITATION
Hao16 \l 1033 ].

China is taking action to “protect its state
interest in the event of cyberattacks, new
rules will mandate strict data surveillance and
storage for firms working in the country”
[ CITATION Hun17 \l 1033 ].

With diplomacy and deterrence
not working as well as the
Pentagon would like, disruption of
malicious cyber activity has
become an option that is attractive
to policymakers, even if it carries
risks of its own.

cyberspace situation
awareness, cyber
defense, support for
the country’s
endeavors in
cyberspace, and
participation in
international cyber
cooperation
[ CITATION Jin19 \l
1033 ]

This law is also
counterproductive because
companies gathering data in
so-called “critical areas” will
have to store that data inside
China. At this stage, the
definition of “critical” is
worryingly broad. Complying
with this requirement will
force international firms to
make expensive investments to
build duplicate facilities within
China [ CITATION Hao16 \l

The “West really does not know how China
might handle
a nuclear terrorism crisis. There are some
scholars who believe Chinese
decision making is purposely vague. In fact,
the Chinese may have no plans
for crisis management. For example, it is not
clear to this writer whether
the Chinese believe a nuclear terrorism
incident would be a law enforcement
or a military problem. True, that kind of
concern mirrors a Western way of
thinking. And it is possible in a tightly
controlled society, like China’s, there
may be little time or inclination for any

1033 ]. bureaucratic or turf battles about
such a matter” [ CITATION Gro09 \l 1033 ].

China likely sees U.S. cyber
activities—whether intended to be
defensive or offensive—as
intrusive and threatening. It may
well launch hacking operations to
attempt to disrupt American
efforts.

The Chinese
government’s
monitoring of the
internet and social
media is based on its
potential use as a
platform to
disseminate
information that
could cause similar
social unrest to
spread, which could
lead to large-scale
social and political
instability

[ CITATION Jin19 \l
1033 ].

International companies will
have to weigh this risk against
the opportunity to do business
in China. China has had a long
reputation for ‘copying’
without getting insider access,
and this law could only open
the ease to which China’s
business sector can review
competition. For international
companies there is no easy
way forward as the choice is
black or white. Either foreign
companies will comply,
knowing China has a way to
peek into what previously was
private, or they will chose to
stand by principles of privacy
at the risk of being excluded
from the Chinese market
[ CITATION Hao16 \l 1033 ].

The Chinese actors are not concerned with
the United States view concerning
cyberterrorism. “An increase in Chinese
capability has opened the way “for bigger
data storage, for bigger data theft,” he said.
“And when you can gain it in bulk, you take it
in bulk” [ CITATION Nak15 \l 1033 ].

or all the dangers of the
cybersecurity dilemma, the United
States and China do have areas of
mutual interest in the digital
domain. For example, they share
interests in the integrity and
stability of the global financial
system, in not being misled into
great-power conflict with one
another by a third-party
malefactor, in not letting cyber
weapons get into the hands of
malicious non-state actors, in
better understanding how each side
approaches cyber-policy questions
such as the definitions of “armed
conflict” or “critical
infrastructure,” and in cooperating
to combat transnational
cybercrime [ CITATION Buc18 \l
1033 ].
Yes, this is consistent with the
general country culture.

China is more and
more dependent on
information networks
in all aspects,
including in defense.
China uses the term
“eight King Kongs”
to describe the top
internet companies in
its domestic supply
chain: Apple, Cisco,
Google, IBM, Intel,
Microsoft, Oracle,
and Qualcomm.
Heavy dependence on
these companies’
products makes it
necessary to work
towards developing
the domestic
technology industry
and its capabilities,
and to thereby make
the country’s internal
internet infrastructure
more secure

U.S. companies have already
began to strongly lobby against
the law, as well as China’s
position that the Internet must
be managed by authorities. But
despite the efforts of any
company, Chinese or other, the
cybersecurity law is just a
piece in a larger ongoing
political puzzle that companies
will have to deal with
[ CITATION Hao16 \l 1033 ].

China is a persistent collector of data,
especially rom the United States, it is my
belief that China will do whatever it takes to
protect and defend itself from the United
States, even if it means cyberterrorism
[ CITATION AnI13 \l 1033 ].

[ CITATION Jin19 \l
1033 ].

Compare and contrast international cybersecurity standards bodies

When identifying the most useful best-practice standards and guidance for
implementing effective cybersecurity, it is important to establish the role that each
fulfils, its scope, and how it interacts (or will interact) with other standards and
guidance. The “Cybersecurity Framework (CSF) is a voluntary framework
primarily intended for critical infrastructure organizations to manage and mitigate
cybersecurity risk based on existing standards, guidelines, and practices, while
ISO/IEC 27001 is the international Standard for best-practice information security
management systems (ISMSs)”. The “NIST SP 800-53 “Security and Privacy
Controls for Federal Information Systems and Organizations” details which
controls it recommends for all US federal information systems (excluding those in
national security), while ISO/IEC 27032 is the international Standard focusing
explicitly on cybersecurity”. HIPAA “established a national standard for the
security of electronic health information, including the protection of individually
identifiable health information, the rights granted to individuals, breach
notification requirements, and the role of the OCR (Office of Civil Rights), while
ISO/IEC 27035 is the international Standard for incident management, and
ISO/IEC 27031 is the international Standard for ICT readiness for business
continuity” [ CITATION itg19 \l 1033 ].

International Environmental Scan

Environmental Scan: Africa

Unique characteristics, that make cyberspace issues more challenging. Africa’s cybersecurity
measures are underdeveloped. African networks are easy targets because their networks are not
well protected. African-inspired cyber threats are mostly associated with financial gains (UMUC,
2019).

Role of NATO. The North Atlantic Treaty Organization (NATO) “has made clear its objective to
ensure that its operational and mission-related information systems are protected from
cyberthreats while the organization continues to help member nations increase the security of
their own national networks” (UMUC, Cybersecurity International Policy, 2019). NATO offers

education, training, and exercises to support member nation needs. It is important that each
member nation raises the bar on its own cyberdefense capabilities because the alliance as a
whole is only as strong as its weakest member nation (UMUC, Cybersecurity International
Policy, 2019).

Role of United Nations. The “mission of the United Nations is as follows: maintain
international peace and security develop friendly relations among member nations based on
respect for equal rights achieve international cooperation in solving international problems to be
a center for harmonizing actions of nations in attaining common goals” (United Nations
Cybersecurity Approaches, 2019).

Cybersecurity Changes in the Next Decade. Based on current African cybersecurity threats,
my predictions for the next decade, center around improved protection measures for financial
transactions, implementation of technology that protects data and networks, and the ability to
collaborate with the United States cybersecurity programs, education and regulations to support
their internal industries.

Catalyst(s) for change. A catalyst for change could be the continued onslaught of State
sponsored attacks, organized crime, risks, threats, and vulnerabilities leading to serious financial
problems and a failure in protecting the countries government and infrastructure as a whole
(3tsconsulting.com, 2017).

Economic Perspective; Africa’s approach about cyberspace. Africa will change with the rest
of the world. Cybersecurity issues are global issues. “We live in a connected world made smaller
each day by the exponential growth of technology. Individuals, companies and countries rely on
cyberspace for everything from cell phone card recharge transactions to business partnership
arrangements or the movement of military forces from one country to the other”. “Safeguarding
cyberspace is a crucial discipline” for all countries (3tsconsulting.com, 2017).

Criminality Perspective; Africa can do more in the cyberspace area. African networks are
not protected; therefore “Cybercriminals are using the path of least resistance, thus bypassing
security investments that organizations have made in their infrastructure”. A “first defense” for
Africa would be “security awareness and public training” (3tsconsulting.com, 2017). The
“ultimate goal is to enable all countries in the region to have adequate legislation in place in
order to achieve a higher level of legal and policy interoperability” (3tsconsulting.com, 2017).

Changes and Suggestions, if I were the US ambassador to Africa. My first meeting would be
to develop a team of serious technicians and technical engineers to review the United Nations
policies, NATO, and the United States recommendations to improve information systems. I
would look at developing a version of African National Institute Standards and Technology
publications and set up some Federal Information Security Management Acts specific to Africa,
along with enacting new laws for cybercrime and cybercriminals.

Potential Impact of My recommendations. The “2017 cyber security survey shockingly
reveals that over 95% of African businesses are operating below the cybersecurity “poverty line”
(Kaimba, 2017). My recommendations can limit and control the number of would be cyber

criminals and adversaries. Lower the number of Denial-of-Service attacks (Dos) and Distributed-
Denial of service attacks (DDoS). Positively affect the nations cyber debt. The new NISTs,
African FISMA, Standards and training will bring the cyber security poverty line above the line
and allow African business to compete with other countries. The financial, manufacturing,
hospitality, government institutions and other private organizations will benefit and function at a
higher level, and consumer confidence will be at its highest.

Identify key initiatives in international cybersecurity policy

The key initiatives in cybersecurity policy are the “International
Telecommunication Union (ITU) an agency of the United Nations (UN) whose
purpose is to coordinate telecommunication operations and services throughout the
world”; ITU “Global Cybersecurity Agenda (GCA) a framework for international
cooperation aimed at enhancing confidence and security in the information
society” [ CITATION UMU1921 \l 1033 ].

The “GCA is designed for cooperation and efficiency, encouraging
collaboration with and between all relevant partners and building on existing
initiatives to avoid duplicating efforts”; the “ITU Toolkit for Cybercrime
Legislation, which addresses the first of the seven strategic goals of the ITU Global
Cybersecurity Agenda (GCA), also includes the elaboration of strategies for the
development of cybercrime legislation that is globally applicable and interoperable
with existing national and regional legislative measures by providing a model law
for countries” (cyberdialogue.ca, 2010). Regional law enforcement and
multinational government groups like the European Police Office (Europol), the
Association of Southeast Asian Nations (ASEAN), and the Organization for
Economic Co-Operation and Development (OECD) have also developed initiatives
to cooperate on cybercrime” [ CITATION UMU19 \l 1033 ].

The E-government initiatives are the Federal Information Security
management Act, the National Science Foundation, the Computer Fraud and Abuse
Act, the Electronic Signatures in Global and National Commerce Act, and the
Federal Desktop Computer Configuration

Regional Cybersecurity Threat Fact Sheet
Africa Fact Sheet

Cybersecurity threat experienced in Africa. “Attacks range from simple email scams to large-
scale theft of customer data using malware, ransom attacks and disinformation or fake news”.
Africa’s cyber-attacks effect financial institutions destroys their business reputation and
interferes with corporate and government operations (Yusuf, 2019).

Evolution of the associated malware and implications. Dorkbot has been a problem for Africa
for several years. “Dorkbot is designed to steal passwords for online accounts, including such
social networks as Facebook and Twitter, as well as to install additional malware that can turn
infected endpoints into nodes in a DDoS attack or part of a spam relay” (Schwartz, 2015).
“African businesses, specifically, find themselves at a crossroads, where they must balance
digital transformation with a greater focus on security policies and how to protect customer data”
(Croock, 2016). With Africa’s digital economy continuing to scale up rapidly, the need is
becoming more apparent for regulation and legislation to match (Croock, 2016). South Africa
has introduced a number of legislative measures to address the growing threat of cyber terrorism
and terrorist financing such as the Prevention of Organized Crime Act 38 of 1999 (“POCA”), the
Financial Intelligence Centre Act 38 of 2001 (“FICA”), the Electronic Communications and
Transactions Act 25 of 2002 (“ECT), the Regulation of Interception of Communications and
Provision of Communications-Related Information Act 70 of 2002 (“RICA”) and the Protection
of Constitutional Democracy against Terrorism and Related Activities Act 33 of 2004
(“PCDTRA”) (Cassim, 2012).

The “international community, must devote more attention to the development of central
authorities in critical regions such as the Middle East, North Africa, and the Sahel”. The “engines
that give life to the international treaty framework must be built, serviced, and properly
maintained”. Otherwise, efforts to address transnational crime and terrorism through a rule of
law framework will remain stymied” (Stigall, 2016).

Global cybersecurity policies might be used to counter the effects. The president’s
International Strategy for Cyberspace, which is to promote a strategic framework of international
cyber stability. This framework is designed to achieve and maintain a peaceful cyberspace
environment where all states are able to fully realize its benefits, where there are advantages to
cooperating against common threats and avoiding conflict, and where there is little incentive for
states to engage in disruptive behavior or to attack one another (US-Cert.gov, 2003). The
International Strategy for Cyberspace, spelled out key global policy areas that will promote
international standards, build relationships, and safeguard the free flow of information, and
promote the global interoperability of networks (International Strategy for Cyberspace:
Prosperity, Security, and Openness in a Networked World, 2011).

Characteristics of Dorkbot Malware. A “family of malware worms that typically spreads
through instant messaging, USB removable drives, websites or social media channels like
Facebook and Twitter. Downloading and installing Dorkbot malware results in its opening a
backdoor on infected computers, allowing for remote access and potentially turning the computer
into a botnet” (Stroud, 2019). The “Dorkbot worm gained publicity in late 2011 for an attack on
Facebook’s chat system, with users receiving a message with a bogus link that appeared to come
from one of their Facebook friends” (Stroud, 2019). In “2012, Dorkbot targeted Skype users, by
installing ransomware, that would threaten to lock a user out of being able to use their computer
and demand a payment of several hundreds of dollars be made within a limited timeframe or
have files on the computer deleted” (Stroud, 2019) . Attribution is difficult, since Dorkbot can
use backdoors, steal information from victims, and post malicious links in instant messages and
social media sites (F-secure.com, 2016).

Contributing factors to change characteristics over the next 10 years. 5G Security will
contribute change to all networks, by cross-layer security, end-to-end security, cross-domain
security, and secure-by-design measures (sdxcentral.com, 2012-2019). The “5G standard
promises to embody a mobile-connectivity revolution, providing enhanced broadband
connectivity and speed for a wide swath of customers” (sdxcentral.com, 2012-2019).

Technologies will counter global cybersecurity policy controls in the future. The “Center for
Strategic & International Studies (CSIS) Technology Policy Program has compiled an index of
existing cyber strategies and laws by country and territory. The index includes national strategies
addressing civilian and military national cyber defense, digital content, data privacy, critical
infrastructure protection, e-commerce, and cybercrime. This provides policymakers and
diplomatic officials a unified, at-a-glance database of global legal and policy frameworks to help
the global community understand, track, and harmonize regulations internationally” (CSIS.org,
2019).

“National regulations obviously do not replace the need for international negotiations and
agreements on measures to increase stability and security in cyberspace. CSIS, in partnership
with the UN Institute for Disarmament Research, organized three expert workshops to open and
broaden the discussion of international norms for responsible State behavior in cyberspace and to
identify new ideas to support further progress by the international community” (CSIS.org, 2019).
If countries and territories are willing to collaborate and work with trust, technologies will
improve with security.

Recommendations. Cybersecurity policy is important because government, military, corporate,
financial, and medical organizations collect, process, and store unprecedented amounts of data on
computers and other devices. Policy determine how an organization will protect its information
and information assets. Best security practices are generally accepted as superior to any other
methods or means.

In my opinion, there would be no need for security, cybersecurity, physical security,
information security, application security, operational security and any other security, if man
would could, consider other as themselves or treat one as one would like to be treated in return.

Assess cybersecurity policies and procedures for transnational legal compliance.

Global policies are needed for Internet governance, the decision-making
process for developing secure architectures, technical standards, administrative
procedures, and best practices at the international level and to ensure the secure,
resilient operation of the Internet” [ CITATION acl19 \l 1033 ]. “Cyberspace now
constitutes the primary domain for global communications and commerce, it has
become a critical national asset for many nations”. This “criticality may lead to
reexamination of traditional questions of public international law and military
doctrine”. The “global nature of communications networks, an array of public
policy, regulatory, and law enforcement issues that are being addressed within
independent domestic jurisdictions have wider ramifications for the United States
and other countries” [ CITATION acl19 \l 1033 ]. Transnational legal compliance
issues must start at the federal government level, and include the Federal
Information Security Act (FISMA), the Office of Management and Budget (OMB),
and the NIST Cybersecurity Framework, which provides a policy framework for
computer security guidance, and how private sector organizations in the United
States can assess and improve their ability to prevent, detect, and respond to
domestic and global cyber-attacks.

The North Atlantic Treaty Organization (NATO) is a “formal alliance
between the territories of North American and Europe”. NATO’s “main purpose is
to defend against the possibility of communist Soviet Union taking control of their
nation” [ CITATION col19 \l 1033 ]. The following organizations are
“cybersecurity policy making and decision making under NATO:

The North Atlantic Council,
Defence Policy and Planning Committee,
NATO Consultation, Command and Control Board,
NATO Military Authorities and Consultation, Command and Control Agency,
NATO Communication and Information Systems Services Agency” [ CITATION
UMU1925 \l 1033 ].

Cybersecurity “challenges for international bodies like NATO, the United
Nations or the European Union–are unique as determined by the governing
principles and membership of each body” [ CITATION UMU1924 \l 1033 ]. The

“NATO Policy on Cyber Defence will be implemented by NATO’s political,
military and technical authorities, as well as by individual allies” [ CITATION
UMU1925 \l 1033 ].

Assess and critique cybersecurity programs.

The benefits of a cybersecurity program are “common grounds for
cybersecurity risk management measures, provides a list of cybersecurity activities
that can be customized to meet the needs of any organization, provides a risk-based
approach to identifying cybersecurity vulnerabilities, provides a systematic way to
prioritize and communicate cost-effective improvement activities among
stakeholders, and provides a frame of reference on how an organization views
managing cybersecurity risk management” [ CITATION Cha18 \l 1033 ]. No

matter how great our cybersecurity programs are, “The United States is not close to
raising its defenses adequately and likely will not in the foreseeable future. Offense
has too great an advantage over defense” [ CITATION aei18 \l 1033 ]. The “United
States has the most powerful military in the world, including the greatest capacities
in offensive cyber. . . [But] the United States significant digital dependencies mean
that it loses in escalation in cyber because, as President Obama explained, “our
economy is more digitalized and it is more vulnerable, partly because we are a
wealthier nation and we are more wired” [ CITATION aei18 \l 1033 ].

“Maintaining and improving U.S. technical expertise would be an effective
step towards countering cyberterrorism” [ CITATION UMU1921 \l 1033 ]. The
present cybersecurity programs must educate users, and would be victims, if we
are going to get ahead of cybercriminals and stop cyberterrorism.

Assess the cross-cutting effects of policy, budget, and technological capabilities
upon the ability to address cyberthreats at the enterprise, national, and
international levels.

“Cross-border enforcement policies, cross-border collaboration policies and
cross border global enterprise frameworks can limit and mitigate cyberthreats. The
international levels require more collaboration and understanding between, states,
nation-states and non-state actors. “Global issues are typically handled either
through the establishment of a member-state treaty that governs the issues or

through the formation of a global body that directs activities” [ CITATION
UMU1921 \l 1033 ].

The “Internet is a conduit for crime, terrorism, espionage, intellectual
property theft, and international offensive maneuvers”. The “Tallinn Manual
provides some broad guiding principles to assist NATO towards developing
strategies and polices, along with the Law of Armed Conflict (LOAC), the
International Court of Justice (ICJ) and the Permanent International Court of
Justice (PICJ)” [ CITATION UMU1925 \l 1033 ].

Assess policy and technology trade-offs that must be considered and made when
addressing cyberthreats at the enterprise, national, and international levels.

Every decision involves trade-offs. “Some of the tradeoffs for enterprise
would include direct or indirect cyber-security related losses”. “Direct impact
comes from “successful” breaches achieved by hackers, while indirect impacts
come from displaced resources, increased caution of moving forward with the new
technology-enabled innovations and inefficiencies caused by the necessary cyber-
security reviews” [ CITATION Nel17 \l 1033 ]. At the “national level, tradeoffs
include acknowledging difficulties of defining covered activities and the technical
difficulties of attribution and verification” [ CITATION aei18 \l 1033 ]. At the
International level, tradeoffs might include measures to “reduce use of offensive
operations in cyberspace as an instrument to advance U.S. interest” [ CITATION
Dav14 \l 1033 ]. The “need to manage multiple common interests with China or
Russia or any other nation generally requires policy makers to make tradeoffs”
[ CITATION Dav14 \l 1033 ].

Assess and critique cybersecurity programs.

The benefits of a cybersecurity program are “common grounds for
cybersecurity risk management measures, provides a list of cybersecurity activities
that can be customized to meet the needs of any organization, provides a risk-based
approach to identifying cybersecurity vulnerabilities, provides a systematic way to
prioritize and communicate cost-effective improvement activities among
stakeholders, and provides a frame of reference on how an organization views
managing cybersecurity risk management” [ CITATION Cha18 \l 1033 ]. No

matter how great our cybersecurity programs are, “The United States is not close to
raising its defenses adequately and likely will not in the foreseeable future. Offense
has too great an advantage over defense” [ CITATION aei18 \l 1033 ]. The “United
States has the most powerful military in the world, including the greatest capacities
in offensive cyber. . . [But] the United States significant digital dependencies mean
that it loses in escalation in cyber because, as President Obama explained, “our
economy is more digitalized and it is more vulnerable, partly because we are a
wealthier nation and we are more wired” [ CITATION aei18 \l 1033 ].

Humans are the weakest link, “Break the people, break the system”
[ CITATION UMU1921 \l 1033 ]. Northrop Grumman, “believes and recommends
intensive training for organizations with the goal of creating a global, integrated
battle-management network composed of virtual, real-time, geographically
distributed battlefield down to the desk level” [ CITATION UMU1921 \l 1033 ].

Anything connected to the Internet is on the frontline. For example, U.S.
electrical grids, water supply systems, transportation networks, covered entities,
entertainment, and major broadcasting networks are on the front line. The United
States cybersecurity program is not up to par, and will not be able to stop a huge
cyberspace attack, we will just respond and try to recover.

Botnet Evaluation

Evaluation of Botnets.
Botnet Key Features.

A botnet is a “network of computers, or “bots,” that are maliciously infected
with malware that allows them to be controlled as part of a network”. Botnets “are
used to infect other networks or systems, to launch malicious e-mail (spam), and to
conduct distributed denial-of-service (DDoS) attacks”. Botnets “generally leverage
computers without the knowledge of the owner, using the computers to increase the
capacity of the botnet to wreck damages”. As with other networks, botnets can
operate using several different configurations, including peer-to-peer, hierarchical,
or hub and spoke”. Botnets “operate under the command and control of a lead or
central computer”. A “botnet has a bot herder, or botmaster, that controls botnets
remotely, usually through an Internet Relay Chat (IRC), which is a means of real-
time communication over the Internet or through peer-to-peer (P2P) networking
communications”. The “command and control (C&C) occurs at the server, a typical
bot runs without being detected using covert channel standards, such as Instant
Messaging to communicate with the (C&C) server” [ CITATION UMU1919 \l
1033 ].

Issues associated with Botnets.

The “use of botnets is on the rise. Industry experts estimate that botnets
attacks have resulted in the overall loss of millions of dollars from financial
institutions and other major US businesses”. Once “the malware is on your
computer, it’s hard to detect. In addition to your computer being commanded to
link up with other compromised computers to facilitate criminal activity, the bot
can also collect and send out your personally identifiable information—like credit
card numbers, banking information, and passwords—to the criminals running it”
[ CITATION UMU1920 \l 1033 ]. Through the “NCIJTF and in alliance with its
US government (USG) partners, international partners, and private sector
stakeholders, the FBI has worked collaboratively in developing a multipronged
effort aimed at defeating the world’s most dangerous botnets” [ CITATION
UMU1920 \l 1033 ]. It is difficult to combat Internet organized crime with the
rapid development of mobile devices and their inability to prevent hackers from
linking them to “botnets and crimeware toolkits” [ CITATION UMU1918 \l 1033 ].
The goal is to educate users, so they are aware of suspicious links and illegal
Internet activity.

Global Cybersecurity Policy.

Global law enforcement activities can help combat some of the cybercrimes,
but countries must be willing to work together. The “Council of Europe
Convention on Cybercrime is the first treaty to cover network security violations,
copyright infringement, computer-related fraud, and child pornography”
[ CITATION UMU1921 \l 1033 ]. The United Nations Office on Drugs and Crime
(UNODC) has focused much attention on cybercrime. Its position is that
cybercrime is transnational, and that active transnational cooperation is needed to
make the investigation of criminal cases feasible, but the disagreements on matters
such as privacy, intellectual privacy, and criminal prosecution vary from country to
country, which means years before laws are passed and agreed upon.

The “ITU created a Global Cybersecurity Agenda (GCA) in 2007 to initiate
a global approach to increasing cybersecurity effectiveness and reducing risks and
threats in cyberspace”. The “ITU has also created a toolkit for cybercrime
legislation, to promote strategies for developing cybercrime legislation that is

globally applicable and interoperable with existing legislative measures”
[ CITATION UMU1921 \l 1033 ].

The United States must work hard and fast to face the number of
cyberthreats critical to the infrastructure. One way is by “partnership with private
and government sectors, and creation of global agreements” [ CITATION
UMU1921 \l 1033 ].

Botnets Evolved over the Years.

There was a time when botnets were a difficult task, but now “putting
together a botnet is as easy as ABC,123, IoT”. With the “availability and
vulnerability of IoT devices and new advances in malware, it’s now relatively easy
for botnet owners who know what they’re doing to build botnets that consist of
hundreds of thousands of devices, allowing hackers to create massive botnets and
launch massive cyber-attacks” [ CITATION IoT18 \l 1033 ].

Botnets Impact on Policy.

Regulatory policies are a must, “but the rapid spread and evolution of
Internet technologies around the world, make building consensus on regulatory
policies impossible” [ CITATION UMU1921 \l 1033 ]. The question isn’t if we
need global law enforcement, but how and who will regulate policy around the
world. The use of bots and botnets have created an emergency need for the Federal
Bureau of Investigations (FBI), the Secret Service, the National Counterterrorism
center (NCTC), the Central Intelligence Agency (CIA), the Department of
Homeland Security (DHS), the National Coordinating Center for
Telecommunications (NCC) and the United States Computer Emergency Readiness
Team (US-CERT) to come together and work together, to solve these issues.

Assess emerging cybersecurity issues, risks, and vulnerabilities.

The major issue, no one is really concerned with ransom attacks until they
hit close to home. The average Internet user knows little about cybersecurity, let
alone security. Some of the risk associated with the lack of concern for security is
no security awareness training for your average user, which means more personal
cyberattacks, distributed denial of service (DDoS) attacks, malware attacks, and
Internet of Things (IoT) attacks. In 2019, as technology move to 5G (fifth
generation cellular network technology that provides broadband access) more

vulnerabilities will hit the market, and attacks will include “crypto jacking, cross-
site scripting, and mobile malware” [ CITATION DeN19 \l 1033 ].

Botnet Discussion
Botnet Discussion

Global Nature of Botnets. The “botnet begins with the infection process, were codes attach
spam to email or instant messages. The next step is rallying, were the bot connects to a C&C
server and establishes a zombie. The next stage is commands and reports, were the bots get new
commands and execute orders and the results are reported to the C&C server. If the bandwidth is
too low, the bot will abandon by the botmaster. If the bandwidth is acceptable, the next step is to
secure the botnet, bots and botnets are dynamic and flexible in nature. Botnets are continuously
being updated and their codes change day to day” [ CITATION Esl19 \l 1033 ]. The stages are
sometime referred to as spreading and injection, communications stage, and the attack stage
[ CITATION Rah14 \l 1033 ].

How Botnets have emerged, changed, over past 5-10 years. Botnet
strategies, technologies, and techniques are constantly evolving and adapting in response to
mitigation measures [ CITATION int15 \l 1033 ].

Key Technical Features of Botnets. Bots “lengths of command packets are
typically very small, and bots reply to the Botmaster’s command very fast” [ CITATION
Rah14 \l 1033 ]. Botnets are “perfect for striking DDoS attacks, and attribution or tracing botnet
masters is difficult”. The “cheap and lazy botnets get dismantled, meaning the ones we have left
are highly resilient against technical and legal take down” [ CITATION Mon16 \l 1033 ].

Example Botnets.

1. “Star Wars, known as a twitter botnet. Star Wars sends unsolicited spam, creates fake trending
topics to sway public opinion, and launches certain cyberattacks,

2. Hajime, known as a Malware botnet. This Japanese botnet is protecting IoT devices from
being infected by additional malware,

3. WireX Android Botnet, a malicious app that has been rampant for years, because the apps
themselves do not appear malicious after users install them, they evade initial detection,

4. The Reaper IoT Botnet, known to quietly target vulnerabilities in wireless IP-based cameras
and other IoT devices by running a list of known usernames and passwords against the device,

5. Satori IoT Botnet, Japanese botnet, Satori botnet spreads by exploiting a zero-day
vulnerability in routers and use a “remote code” execution bug instead of relying on a Telnet
scanner to find vulnerable devices to infect with malware” [ CITATION pen17 \l 1033 ].

6. “Mirai is a malware botnet known to compromise Internet of Things (IoT) devices in order to
conduct large-scale DDoS attacks. Mirai is dropped after an exploit has allowed the attacker to
gain access to a machine” [ CITATION cis19 \l 1033 ].

What Contributing Factors may cause Botnets to change, over the next
10 years. “Cross-border enforcement, cross-border collaboration can be facilitated by laws that
make botnets and their malicious activity illegal and permit appropriate information collection
and sharing for mitigation and enforcement”[ CITATION int15 \l 1033 ]. “Anti-Botnet Initiatives
like botfrei.de from Germany which detects and notifies infected customers and provides
disinfection assistance” [ CITATION UMU1919 \l 1033 ]. The “Dutch Anti-Botnet Treaty from
the Netherlands, and the Danish Botnet Memorandum of Understanding, which recommends the
exchange of relevant tools and information among Internet Service Providers (ISPs), and the use
of quarantine tools to isolate infected computers and the requirement to notify end users of the
ISPs when botnets are found in their networks” [ CITATION UMU1919 \l 1033 ].

Assess key cyberattack technologies.
The Top ten most common cyber-attacks:

1. Denial-of-service (DoS) and distributed denial-of-service (DDoS)
attacks. A denial-of-service attack overwhelms a system’s resources so that it
cannot respond to service requests [ CITATION Mel18 \l 1033 ].
2. Man-in-the-middle (MitM) attacks
A MitM attack occurs when a hacker inserts itself between the
communications of a client and a server [ CITATION Mel18 \l 1033 ].
3. Phishing and spear phishing attacks
Phishing attack is the practice of sending emails that appear to be from
trusted sources with the goal of gaining personal information or influencing
users to do something. It combines social engineering and technical trickery
[ CITATION Mel18 \l 1033 ].
4. Drive-by attacks
Drive-by download attacks are a common method of spreading malware.
Hackers look for insecure websites and plant a malicious script into HTTP or
PHP code on one of the pages. This script might install malware directly
onto the computer of someone who visits the site, or it might re-direct the
victim to a site controlled by the hackers. Drive-by downloads can happen
when visiting a website or viewing an email message or a pop-up window
[ CITATION Mel18 \l 1033 ].
5. Password attacks
Brute-force password guessing means using a random approach by trying
different passwords and hoping that one work Some logic can be applied by

trying passwords related to the person’s name, job title, hobbies or similar
items [ CITATION Mel18 \l 1033 ].
A dictionary attack, a dictionary of common passwords is used to attempt to
gain access to a user’s computer and network. One approach is to copy an
encrypted file that contains the passwords, apply the same encryption to a
dictionary of commonly used passwords, and compare the results
[ CITATION Mel18 \l 1033 ].
6. SQL injection attacks
A successful SQL injection exploit can read sensitive data from the database,
modify (insert, update or delete) database data, execute administration
operations (such as shutdown) on the database, recover the content of a
given file, and, in some cases, issue commands to the operating system
[ CITATION Mel18 \l 1033 ].
7. Cross-site scripting (XSS) attacks
XSS attacks use third-party web resources to run scripts in the victim’s web
browser or scriptable application. Specifically, the attacker injects a payload
with malicious JavaScript into a website’s database. When the victim
requests a page from the website, the website transmits the page, with the
attacker’s payload as part of the HTML body, to the victim’s browser, which
executes the malicious script [ CITATION Mel18 \l 1033 ].
8. Eavesdropping attacks
Eavesdropping attacks occur through the interception of network traffic. By
eavesdropping, an attacker can obtain passwords, credit card numbers and
other confidential information that a user might be sending over the network.
Eavesdropping can be passive or active: Passive eavesdropping — A hacker
detects the information by listening to the message transmission in the
network. Active eavesdropping — A hacker actively grabs the information
by disguising himself as friendly unit and by sending queries to transmitters.
This is called probing, scanning or tampering [ CITATION Mel18 \l 1033 ].
9. Birthday attacks
Birthday attacks are made against hash algorithms that are used to verify the
integrity of a message, software or digital signature. A message processed by
a hash function produces a message digest (MD) of fixed length,
independent of the length of the input message; this MD uniquely
characterizes the message. The birthday attack refers to the probability of
finding two random messages that generate the same MD when processed by
a hash function. If an attacker calculates same MD for his message as the
user has, he can safely replace the user’s message with his, and the receiver
will not be able to detect the replacement even if he compares MDs
[ CITATION Mel18 \l 1033 ].

10. Malware attacks
“Malicious software can be described as unwanted software that is installed
in your system without your consent. It can attach itself to legitimate code
and propagate; it can lurk in useful applications or replicate itself across the
Internet” [ CITATION Mel18 \l 1033 ].

Assessing the above cyber-attacks individually can be difficult, each attack
can cause some loss of either confidentiality, integrity, and or availability (CIA) of
a network. My best advice is the proper use of “firewalls, intrusion detection
systems (IDS), intrusion prevention systems (IPS), network access control (NAC),
web filters, proxy servers, anti-DDos devices, load balancers, and spam filters”
[ CITATION Net19 \l 1033 ]. The proper security policy will address each specific
attack. For example, the implementation of a strong network security policy,
incident response policy, acceptable use policy, Computer, Internet and E-mail
usage policy, privacy policy, third-party access policy, account management policy,
user monitoring policy, and a password management policy will provide guidance
for each of the above types of threats and attacks.

Botnet Conclusion
Botnets are serious malware attacks, governments, private sectors and allied

and unallied countries must work together to stop cybercrime and organizations
that promote use of botnets as a threat. Information security specialist should
ensure they are well trained are aware of botnet features and attack measures.
Together we can detect botnets, prevent infections, and identify when a compute
has been taken over and assist with the clean-up/restore process.

Conclusion
Assess how the theories and principles of war apply to cyberwarfare and apply
those theories to understand cyberoffense and cyberdefense challenges.

It is difficult to determine who is attacking who, attribution. Cyberwarfare is
a “battle for control over information and communication flows, with the ultimate
goal of taking advantage of your opponent” [ CITATION Rob15 \l 1033 ].
Cyberwarfare or “information warfare can be seen as a game, played between
defenders and attackers who are in direct competition”. “Defenders perform
defensive operations to protect information in any form, seeking to maintain its
confidentiality, integrity and availability”. “Attackers perform o ensive operations,ff

seeking to damage that confidentiality, integrity and availability”. “Cyberspace
blurs the line between o ense, and defense and that this principle therefore can’t ff
be applied to cyberwarfare” [ CITATION Rob15 \l 1033 ]. Understanding how
cyber offensive measures, which deploys a proactive approach to security using
ethical hacking, and cyber defensive measures, which uses a reactive approach to
security that focuses on prevention, detection, and response to attacks is the key to
cybersecurity challenges.

Introduction
Analyze Global Approaches to Cybersecurity
Analyze critical issues in global cybersecurity management and policy
Analyze critical issues in global cybersecurity technology policy
Analyze the principles of warfare that underpin cyberwarfare theory and application
International Cybersecurity Threat Matrix
Threat Matrix
Compare and contrast international cybersecurity standards bodies
International Environmental Scan
Environmental Scan: Africa
Identify key initiatives in international cybersecurity policy
Regional Cybersecurity Threat Fact Sheet
Africa Fact Sheet
Assess cybersecurity policies and procedures for transnational legal compliance.
Assess and critique cybersecurity programs.
Assess policy and technology trade-offs that must be considered and made when addressing cyberthreats at the enterprise, national, and international levels.
Assess and critique cybersecurity programs.
Botnet Evaluation
Evaluation of Botnets.
Assess emerging cybersecurity issues, risks, and vulnerabilities.
Botnet Discussion
Assess key cyberattack technologies.
Botnet Conclusion
Conclusion
Assess how the theories and principles of war apply to cyberwarfare and apply those theories to understand cyberoffense and cyberdefense challenges.