This thesis is part of a project at the Naval Postgraduate School to assess the Computer Network Operations (CNO) threat of foreign countries. CNO consists of Computer Network Attack (CNA), Computer Network Exploitation (CNE), and Computer Network Defense (CND). Threats to the nation's critical infrastructures come from an adversary using CNA and CNE to degrade, deny or destroy access to the information systems they depend upon. Defensive capabilities are also addressed since exploitation, attack, and defense are inherently related. The result of a successful cyber-attack upon these critical infrastructures has the potential to cripple a country's communications and other vital services, economic well-being, and defensive capabilities. The goal of this thesis is to develop a methodology for assessing the CNO threat of Iran. The methodology is based on open sources that can supplement classified information acquired by the intelligence community.

In the twenty-first century, political hostilities have moved largely from the battlefield to cyberspace. Since the Stuxnet virus was uncovered in 2010, built jointly by U.S. and Israeli intelligence to disarm the Iranian nuclear program, attention has been drawn to the real-life damage that such virtual programs can inflict. In this book, a range of experts, from journalists, to lawyers, to government officials, offer their varied opinions on the dawn of cyberwarfare, allowing readers to determine where they stand on this important issue.

This open access book provides the first comprehensive collection of papers that provide an integrative view on cybersecurity. It discusses theories, problems and solutions on the relevant ethical issues involved. This work is sorely needed in a world where cybersecurity has become indispensable to protect trust and confidence in the digital infrastructure whilst respecting fundamental values like equality, fairness, freedom, or privacy. The book has a strong practical focus as it includes case studies outlining ethical issues in cybersecurity and presenting guidelines and other measures to tackle those issues. It is thus not only relevant for academics but also for practitioners in cybersecurity such as providers of security software, governmental CERTs or Chief Security Officers in companies.

The new US National Cyber Strategy points to Russia, China, North Korea and Iran as the main international actors responsible for launching malicious cyber and information warfare campaigns against Western interests and democratic processes. Washington made clear its intention of scaling the response to the magnitude of the threat, while actively pursuing the goal of an open, secure and global Internet.The first Report of the ISPI Center on Cybersecurity focuses on the behaviour of these “usual suspects”, investigates the security risks implicit in the mounting international confrontation in cyberspace, and highlights the current irreconcilable political cleavage between these four countries and the West in their respective approaches “in and around” cyberspace.

Terrorism has shown evidence of transitioning from the physical environment to one that originates in cyberspace. Cyber terrorism is a new, evolving, and adaptive method of attack, which could threaten the national security of the United States by targeting various critical infrastructures. Critical infrastructures are assets that are vital to the functionality and prosperity of American society. Many industrial critical infrastructures utilize computer network systems to control and monitor facility processes. Research indicates that critical infrastructures' computer network systems have fundamental vulnerabilities, which have been exacerbated by the industry-wide pursuits to expand productivity. The desire for increased productivity has inherently placed more emphasis on efficiency than security. Subsequently, advancements in technology have created an industrial environment of high proficiency, while physical and cyber security is marginalized. Since critical infrastructures are invaluable to the survivability of the United States, this research study evaluated the challenges of ensuring their security. Based on the research presented in this study, it can be concluded that the majority of security breaches of computer networks are a direct result of human malfunction and/or negligence. Cyber security is significantly dependent on the reduction of human vulnerabilities. As a result, development, implementation, and enforcement of security policies outlining processes, procedures, and best practices for owners, operators, and personnel will prove to be a fundamental component to the future of cyber security. In addition, continued education and training coupled with frequent risk assessments should be conducted to decrease the threat of a security breach.