iscs-m3
In our globally connected world businesses can become "victims" of nation-state political
objectives including becoming the target of cyber warfare. There is a growing list of examples
where companies are attacked to achieve what military objectives. One famous example is "the
world's first cyber war" (Tamkin, 2017) where Russia presumably attacked Estonian cyber assets
including banks, newspapers, broadcasters, and more. These attacks crippled Estonia - it's
citizens relied on digital currency and couldn't buy food when the banks were offline. They also
couldn't get any information on the banking outage due to attacks against newspapers and
broadcasters. Without belaboring the point, think about organizations where you might work.
Are they potential cyber warfare targets? What damage could a nation-state actor cause with an
attack? What can you do to protect the organization from attack? Consider these questions and
more as you proceed with the Discussion Forum.
Tamkin, E., (2017, April 27). 10 Years After the Landmark Attack on Estonia, Is the World
Better Prepared for Cyber Threats? Foreignpolicy.com. Retrieved
from: https://foreignpolicy.com/2017/04/27/10-years-after-the-landmark-attack-on-estonia-is-
the-world-better-prepared-for-cyber-threats/Links to an external site.
Links to an external site.(an interesting read if you have time)
Technical Requirements:
Review the 2 videos linked below and answer the 2 questions posed in the instructions narrative
following the video links.
Cyberwar | Amy Zegart | TEDxStanfordLinks to an external site.
Note: This 2nd video doesn't embed properly in Canvas. Copy the link into your web browser!
It is a CBS 60 Minutes video about Stuxnet and whether it constitutes a cyber warfare attack.
https://www.youtube.com/watch?v=kw--zLJT3ak
The Zertag video describes “5 Key Ways the Cyber Threat is Different” and the 60 Minutes
video notes that Iran did not consider StuxNet an act of war. With these observations in mind:
1. Discuss the parameters that would be necessary in order for a cyber attack to be considered an
act of war.
2. In traditional warfare, people are divided into “lawful combatants”, “unlawful combatants”,
and “non-combatants” per the Geneva Conventions and other legislation and accords.
Essentially, non-combatants should never be targeted by a military operation. Are nation-state
actors bound by any similar rules regarding cyber targets? If the US were to pursue future
international accords to protect “non-combatant” cyber assets, what types of systems should be
protected and what types of systems should be legitimate warfare targets? Provide your rationale
and justification for this position.
• The key here is for me to assess your ability to support & advocate for your position as
well as assess some critical analysis skills.
• I’m also looking for indicators that you understand MIS concepts as they apply in this
scenario. Are your assertions reasonable given the characteristics of modern MIS
systems?
• (Hint:) Though not a strict requirement, a strongly-supported argument often includes
cited sources & references.
Each question should be answered with a separate paragraph.
• Be sure to cite all external references and provide a bibliography if you do cite
external references.