Cyber weapons can be divided into intrusive and unintrusive capabilities. Intrusive attacks, which require first gaining privileged access, have earned notoriety in the popular media. However, unintrusive attacks, which can be “noisy” but do not require privileged access, offer a potential cyber adversary many benefits. Using attack methods such as denial of service and telephony denial of service, and energy depletion attacks such as denial of sleep, an adversary can achieve demonstrable effects against a range of targets. These effects can be achieved while reducing the costly burden of pre-attack intelligence-gathering and pre-positioning of exploits that could signal intent or constitute a hostile act. The growth of the Internet of Things in national civilian and defense sectors has resulted in an expanded cyber-attack surface and increased the vulnerability of critical systems to certain unintrusive attacks. In this paper, we define, characterize, and present examples of unintrusive precision cyber weapons used in real-world operations. Given the high likelihood of encountering adversary employment of electronic warfare-like unintrusive capabilities, analyses of cyber conflict and friendly cyber security measures designed to defend against them should be predicated on scenarios that include their employment. Therefore, taking lessons from electronic protection doctrine, we advocate for preparation against the use of unintrusive precision cyber weapons through improved acquisition, training, and integration.
FULL ARTICLE HERE