iscs-m3

profileTtnsK8Kb
ISCS-M4-Cyber.pdf

In our globally connected world businesses can become "victims" of nation-state political

objectives including becoming the target of cyber warfare. There is a growing list of examples

where companies are attacked to achieve what military objectives. One famous example is "the

world's first cyber war" (Tamkin, 2017) where Russia presumably attacked Estonian cyber assets

including banks, newspapers, broadcasters, and more. These attacks crippled Estonia - it's

citizens relied on digital currency and couldn't buy food when the banks were offline. They also

couldn't get any information on the banking outage due to attacks against newspapers and

broadcasters. Without belaboring the point, think about organizations where you might work.

Are they potential cyber warfare targets? What damage could a nation-state actor cause with an

attack? What can you do to protect the organization from attack? Consider these questions and

more as you proceed with the Discussion Forum.

Tamkin, E., (2017, April 27). 10 Years After the Landmark Attack on Estonia, Is the World

Better Prepared for Cyber Threats? Foreignpolicy.com. Retrieved

from: https://foreignpolicy.com/2017/04/27/10-years-after-the-landmark-attack-on-estonia-is-

the-world-better-prepared-for-cyber-threats/Links to an external site.

Links to an external site.(an interesting read if you have time)

Technical Requirements:

Review the 2 videos linked below and answer the 2 questions posed in the instructions narrative

following the video links.

Cyberwar | Amy Zegart | TEDxStanfordLinks to an external site.

Note: This 2nd video doesn't embed properly in Canvas. Copy the link into your web browser!

It is a CBS 60 Minutes video about Stuxnet and whether it constitutes a cyber warfare attack.

https://www.youtube.com/watch?v=kw--zLJT3ak

The Zertag video describes “5 Key Ways the Cyber Threat is Different” and the 60 Minutes

video notes that Iran did not consider StuxNet an act of war. With these observations in mind:

1. Discuss the parameters that would be necessary in order for a cyber attack to be considered an

act of war.

2. In traditional warfare, people are divided into “lawful combatants”, “unlawful combatants”,

and “non-combatants” per the Geneva Conventions and other legislation and accords.

Essentially, non-combatants should never be targeted by a military operation. Are nation-state

actors bound by any similar rules regarding cyber targets? If the US were to pursue future

international accords to protect “non-combatant” cyber assets, what types of systems should be

protected and what types of systems should be legitimate warfare targets? Provide your rationale

and justification for this position.

• The key here is for me to assess your ability to support & advocate for your position as

well as assess some critical analysis skills.

• I’m also looking for indicators that you understand MIS concepts as they apply in this

scenario. Are your assertions reasonable given the characteristics of modern MIS

systems?

• (Hint:) Though not a strict requirement, a strongly-supported argument often includes

cited sources & references.

Each question should be answered with a separate paragraph.

• Be sure to cite all external references and provide a bibliography if you do cite

external references.