5 12 2012

The IPv6 (Internet Protocol version 6) was developed in order to address the impending shortage of address space that was a serious limiting factor to the continued usage of IPv4. The Internet Engineering Task Force (IETF) initiated it as early as 1994 (1).

The worldwide deployment of IPv6 traced back to July 1999, on which the major industry players and corporations around the world including manufactures, Research & Development institutions, Education organizations, Telecom Operators, Consulting companies and many others joined together in a nonprofit organization named “IPv6 Forum”(2). From that day on, the process of global deployment of IPv6 has been speeding up significantly. By now, IPv6 can be viewed as 21st century Internet to some extent. The current status of deployment of IPv6 around world is very promising: USA has issued a mandate to all vendors to switch to an IPv6 platform by summer of 2008. A consulting and R&D firm in Canada has also developed a tunnel server which allows any IPv4 node to be connected to the 6Bone.

However, considering the fact that only 2 commercial IPv6 address ranges have been allocated in North America, this indicates that the operational deployment of IPv6 in North America may progress slow since the problems of IPv4 shortage was not that urgent in those area yet. On the other hand, both Asian and European have strong support for the deployment of IPv6. China initiated a five year plan (China’s Next Generation Internet) with the objective of implementing IPv6 early, and put on display the new IPv6 deployment during Olympics in Beijing. The mobility industry in European is also a strong supporter of the transition to IPv6, and the European Telecommunications Standards Institute and the IPv6 Forum have also established a cooperation agreement. There are new actions about deployment of IPv6 everyday around the rest of the world as well. (3)

IPv6 has serious of new security features compared to IPv4. The first thing needs to be mentioned here is that IP security (IPsec) is part of IPv6 protocol suite, and it is mandatory. (4) IPsec is a set of Internet standards that uses cryptographic security services to providing confidentiality, authentication and Data Integrity. Although IPv4 also adapted IPsec as optional property, data is secured from the originating host to the destination host via various routers in IPv6 whereas only between border routers of separate networks in IPv4. (5) IPsec has a fundamental concept named Security Association (SA). SA is uniquely identified by the Security Parameters Index, destination IP address and security protocol. It is a one-way relationship between sender and receiver that defines the type of security services for a connection. IPv6 also has an authentication header (AH)which provides data integrity, anti-replay protection and data authentication for the entire IPv6 packet. In addition, the Encapsulating Security Payload (ESP) Header provides confidentiality, authentication and data integrity to the encapsulated payload. (4)

The new security features provided by IPv6 are significant improvements over IPv4 along with other new features of IPv6. However, it has created several new security issues.  Firstly, the strength of the encryption algorithms to be used to ensure global interoperability is limited due to export laws. Secondly,             public-key infrastructure (PKI) has not been fully standardized, which can be a problem to IPsec since it relies on PKI. Furthermore, there still exits flaws in against Denial of Service and flooding attacks. And there’s also the potential for inadvertent confusion among routers with the ability to change IP addresses, the generated traffic may look like a DDos attack to an IPv4 firewall. Besides, misconfiguring IPv6 systems is still big threat to organizations. (6)

As a CIO of CMU, the first and most important thing when consider implementing IPv6 on CMU campus is that we must not compromise the security of the site. Many of common threats and attacks on IPv4 also apply to IPv6, and on the other hand, many new threat possibilities do not appear in the same way as with IPv4. To begin with, I will mark the reconnaissance more difficult via proper address planning in order to prevent attackers from quickly understand the common addressing for the campus. I will also plan the control of management access to the campus switches carefully, implement IPv6 traffic policy and Control Plane Policing by Controlling IPv6 traffic based on source prefix that can help protect the network against basic spoofing (6).  However, despite the drawbacks and new security issues mentioned above, the benefits of IPv6 outweigh its shortcomings since IPv6 provides auto configuration capabilities, direct addressing, much more address space, built in IPsec and interoperability and mobility capabilities which are already widely embedded in network devices. As a CIO of CMU, I will certainly deploy IPv6.(7)


DNSSEC, stands for DNS Security extensions, was designed to add security to DNS and protect the Internet from certain attacks. It was first addressed by Steven Bellovin in his paper in 1995, the final design standardized in RFC 4033-35 March 2005 by IETF (8).

The following two figures represent the level of DNSSEC deployment in the word to date.  Those countries marked green have deployed DNSSEC today. Those marked yellow have plans to deploy it in the near future.



We can see from the figures above that most countries in European and north America have deployed DNSSEC.(9)

DNSSEC was designed to protect the internet from certain attacks, such as DNS caching poisoning.(10) It is a set of extensions to DNS which provides origin authentication of DNS data, data integrity and authenticated denial of service. It has several new resource record types to add security: Resource Record Signature (RRSIG), DNS Public Key (DNSKEY), Delegation Signer (DS), and Next Secure (NSEC).(10) DNSSEC uses public key cryptography to sign and authenticate DNS resource record sets (RRsets).  Digital signatures are stored in RRSIG resource records and are used in the DNSSEC authentication process. The DS can refer to a DNSKEY by storing the key tag, algorithm number and a digest of the DNSKEY. The NSEC resource record lists two separate things: the next owner name that contains   authoritative data or a delegation point NS RR set, and the set of RR types present at the NSEC RR’s owner name.(11) DNSSEC also has two DNS header flags namely Checking Disabled (CD) and Authenticated data (AD), it also support for the DNSSEC OK (DO) EDNS header bit so that a security-aware resolver can indicate in its queries that it wishes to receive DNSSEC RRs in response messages. DNSSEC protects clients from forged data by digitally signing DNS records. Clients can use this digital signature to check whether or not the supplied DNS information is identical to that held on the authoritative DNS server. It will also be possible to use DNSSEC-enabled DNS to store other digital certificates; this makes it possible to use DNSSEC as public key infrastructure for signing of e-mail. (12)

However, DNSSEC also introduce some new security issues. Firstly, DNSSEC must be able to report when a name is not found, and providing a signed “not found ” record for a name may cause a denial of service while a unsigned record could easily be spoofed. In addition, since DNSSEC will return a pre-signed report containing a range of names which do not exist and could be signed offline ahead of time. This will give attackers much more information about the network.(12)

As a CIO of CMU, here are few things I would consider when implementing DNSSEC on campus. Firstly, DNSSEC adds a vast amount of complexity and lack of transparency for errors that make it far harder for us to spot and fix issues as they arise, so we must understand the structure and function of DNSSEC thoroughly before implementing it. Secondly, there will be increasing opportunities for Internet communications breakdowns since currently the market is lack of application providers implementing DNSSEC. The potential Internet breakdown is obviously a major factor when consider implementing DNSSEC on campus. In conclusion, we should concede that despite the merits of DNSSEC mentioned above, there are few awards for an large cooperation such as CMU to actually run DNSSEC on Internet today, since most ISPs aren’t validating yet, and most applications aren’t yet DNSSEC savvy.(13) As a CIO of CMU, I would not recommend implementing DNSSEC on campus for the moment.







(6) http://www.darkreading.com/security/news/227300083



(8) http://www.internetdagarna.se/arkiv/2008/www.internetdagarna.se/images/stories/pdf/domannamn/Steve_Crocker_administrationofDNSSEC.pdf

(9) http://www.nlnetlabs.nl/projects/DNSSEC/history.html

(10) http://www.DNSSEC.net/

(11) http://www.rfc-archive.org/getrfc.php?rfc=4034

(12) http://www.techrepublic.com/blog/networking/DNSSEC-whats-the-fuss-all-about-and-what-does-us-homeland-security-have-to-do-with-it/234




Enterprise Resource Planning systems

4 12 2012

Enterprise Resource Planning (ERP) systems integrate core business functions into one system that maintains all assets and resources. ERP applications are found in many companies and each system spans the entire company, often integrating with their customers and suppliers to become a single fluid system. With so many touch points on the system it is important to have procedures governing the policies and technology factors of each ERP system.  As an Undergraduate student, I had the opportunity to take an ERP systems course.  Throughout the class there were labs where the student used a SAP GUI interface to simulate a muffin-making company. Through this simulation, we had to use the ERP system to produce a large batch of muffins from the preliminary stages of acquiring raw materials all the way the production stages of mixing the ingredients, baking, and distributing. The final labs included the accounting and finance modules of the ERP system as well as a customer-relationship management component. While this lab was fictional, and each student had access to every part of the SAP ERP system, it demonstrated just how connected each part of the system was to every other module in the ERP system and how important a secure system is in an enterprise.

As ERP systems are being implemented and configured it is important to integrate security features from the start. Security can often be over-looked as companies strive to complete ERP projects on time and on budget. Security features should be factored into the development and deployment of an ERP system from the start to avoid major revisions to the system in the future. “ERP systems must be able to process a wide array of business transaction and implement a complex security mechanism that provides granular-level access to users” (Pandey 1). Having a system that can process large amounts of data across various departments while still being secure from unauthorized users or hackers can prove to be a challenge. Integration of suppliers and customers throughout the supply chain increases the number of authorized user accounts but also “introduces new entry points to business systems from outside the traditional IT security perimeter” (VanHolsbeck 1). This forward and backward integration of customers and suppliers on a collaborative ERP system can be a high vulnerability if critical measures are not taken to ensure security.

An ERP system consists of a three-tier client-server architecture. The first layer is the presentation layer that consists of a Graphical User Interface (GUI) that allows input to be entered and generates the output back to the user (She 154). The application layer uses the input entered from the presentation layer and processes it. The database layer manages the data for the entire company and often includes the Operating System and hardware components of an ERP system (She 154). In addition to each layer of the tier, ERP systems also use web-based services to complete tasks. A variety of mark-up languages including SAML (Security Assertion Markup Language) and XACML (XML Access Control Markup Language) can be used within an ERP system to aid in securing web technologies (She 162). ERP systems are easily customizable to different industries such as manufacturing, finance and banking, healthcare and retail firms. With the large amount of customization, companies should be aware of security issues with implementing an ERP system with custom codes for transactions, programs, roles and authorizations (Medvedovskiy 26). Since each ERP system contains a multitude of modules for each functional business area, patching weaknesses within the ERP can be very costly but are important for the longevity of the system.

ERP systems are most secure following the Role-Based Access control model. As personnel within a company move around and change jobs, their job description should determine what areas of the ERP system they have access to and what areas they no longer need to view. Following this access control model as well as the Principle of Least Privilege, companies can mitigate the insider threat by reducing their exposure. Constraints such as time and day restrictions should be in place to limit access for authorized users. If the company works with a decentralized system and there are multiple administrators, the most senior administrator should allow or deny access (She 158). Having thorough audit logs is another important component of a secure ERP system. With so many transactions across different departments, managers can often be concerned with the performance speed of the system if every transaction is being recorded. “In a compromise between security and performance, enterprises can avoid logging every detail of system activity and focus on meaningful information that’s relevant to the transaction” ( VanHolsbeck 2). Audit log systems can also be programmed to identify and alert an administrator if an anomaly occurs which would help utilize resources more efficiently. Since ERP systems also include maintaining financial accounting information, having efficient audit logs is necessary due to the Sarbanes-Oxley legislature from 2002. Along with the audit logs, enterprises should also practice sound internal control monitoring to be a deterrent to malicious insiders and work to protect the system (VanHolsbeck 4). Since each ERP system is company- wide it is vital to have a strong password policy in place to authorize use as well as a method to change the passwords if necessary. Allowing weak passwords for users on the ERP system could allow for outside attackers to gain proprietary knowledge about the business and cause damage. Purchasers of ERP systems should validate that vendors have a means to encrypt passwords that are stored on the system (Hughes 1). Encrypting passwords for the ERP system is another level of security that can protect the system if it was ever compromised.

A variety of different sized businesses are now using ERP systems as the costs of implementing and maintaining the systems continually decrease. Ensuring that all authorized users of an ERP system have secure access, while still achieving a high degree of availability, can be a continuous goal to achieve. Information security policies should not only focus on perimeter security relating to networks but also to in-house ERP systems that manage day to day business functions.


Medvedovskiy, Ilya, and Alexander Polyakov. “ERP Security. Myths, Problems, Solution.”Digital Security (2010): 1-75. Digital Security. Web. 6 Nov. 2012. <http://dsecrg.com/files/pub/pdf/ERP%20Security.%20Myths,%20Problems,%20Solutions.pdf&gt;.

Pandey, Santosh K. “Major Challenges in Auditing ERP Security.” IT Harmony, n.d. Web. 3 Nov. 2012. <http://www.icisa.cag.gov.in/Background%20Material/Audit%20of%20ERP%20Systems/Security%20issues%20in%20ERP.pdf&gt;.

She, Wei, and Bhavani Thuraisingham. “Security for Enterprise Resource Planning Systems.”Information Systems Security 163rd ser. 16.152 (2007): 152-63. UTDallas.edu. Information Systems Security. Web. 5 Nov. 2012. <http://www.utdallas.edu/~bxt043000/Publications/Journal-Papers/DAS/J46_Security_for_Enterprise_Resource_Planning_Systems.pdf&gt;.

Van Holsbeck, Mark, and Jeffrey Z. Johnson. “Security in an ERP World.” Net-security.org, 24 May 2004. Web. 5 Nov. 2012. <http://www.net-security.org/article.php?id=691&gt;.

Memory Forensics

2 12 2012

Forensic Science

The word “forensic” comes from the Latin word “forensis”, which means “pertaining to courts of law” (Harper). In Forensic Science and Standards Act of 2012, forensic science was defined as “the basic and applied scientific research applicable to the collection, evaluation, and analysis of physical evidence, including digital evidence, for use in investigations and legal proceedings, including all tests, methods, measurements, and procedures” (Forensic Science and Standards Act of 2012, 112TH CONGRESS 2D SESSION, 2012).

Locard’s Principle

“Anyone or anything entering a crime scene takes something of the scene with them, or leaves something of themselves behind when they depart” (Saferstein, 2001).

When I first read this, it reminded me the “observer effect” of physics; it is impossible to measure any characteristic of a system without being a part of that system. In other words, the existence of observer changes the results of the measurement.

In a crime scene investigation, investigators have to show great care and responsibility to minimize the effects of the investigation process to the investigated phenomena. This is the main reason why investigators turn off all of the systems first by plugging off and then with the help of write blockers (special equipment to prevent a possible change to the disks being read) try to get the bit-by-bit image of the disks. Securing the integrity of data from any unwanted modification attempts is highly crucial for the investigation.

This in turn brings the loss of critical data on the volatile memory (RAM, CPU registers and caches) of the systems. When we turn off a computer, the data that was stored in volatile memory simply get lost because these devices were designed for fast access to data and they can store data only in the presence of electric currents. The transistors in these devices lose charge they are holding over time and get refreshed periodically. When we cut the power, memory transistors lose the charge (and therefore the data) in milliseconds.

To overcome the problem of losing volatile data two new approaches are being found attractive today;

  • Analysis of live systems
  • Memory forensics (Huebner, Bem, Henskens, & Wallis, 2007)

Memory Forensics

Memory forensics basically deals with analysis of memory images. For this, you have to have the memory dump (image) that was taken from the running machine. This can be done by a memory dumping utility like WinDD, WinEn or MDD. In Unix, dd command can be used to reach the memory and get an image of it. What dd does is, simply copying certain number of bytes from input stream (memory as a device under “/dev” in our case) to the output stream (a binary file).

Before we go further, we have to understand a basic point. For being able to get an image of memory we have to use a dump utility which will occupy a space on hard disk and when run, in the memory; and depending on the memory management and file system of the OS this will cause a change in the memory and hard disks, and can make you lose some valuable forensic data. Furthermore, the memory dump file also will occupy some space in the system. As a result, the forensic data that you gathered may not be used as evidence in courts. But this fact does not make memory forensics less valuable. If some forensic tools are implemented in the kernel level, we can expect memory forensics evidences be accepted as sound in the near future (Huebner, Bem, Henskens, & Wallis, 2007).

Memory dump files can have a variety of critical information that was stored by different processes and OS services. These include process information, open files, open connections, passwords and registry hives.

Open Source Memory Image Analysis Tool: Volatility

Volatility[1] is an open source set of analysis tools that was designed to extract forensic evidence from memory images of Windows and Linux machines. It was written in Python and has plugin support to give people a chance to extend its capabilities.

Volatility has a lot of internal modules to extract data about processes, network connections, open files etc. Below is a sample set of commands that come with Volatility framework:

In the Volatility 2.3 Release there are more than 120 internal commands.

pslist Lists the processes that were running on the system at the time of memory dump
psscan Finds also the processes that had been hidden by a rootkit
connections Shows connections that were active during memory dump
files Shows files that were opened by a process
strings Outputs strings in the dump file with corresponding virtual addresses
cmdscan Searches the memory for commands that attackers entered during a cmd.exe shell
getsids Gets security identifiers (SIDs) that were associated with processes
hivescan Scans memory image for well known patterns of registry hive structures

Table 1: Volatility commands (Volatility 2.3 release notes, 2012)

An Experiment and Results

I conducted an experiment with Volatility framework to better understand what critical data can be extracted from a memory image. For this experiment I created two small TrueCrypt[1] volumes, encrypted them with AES and mounted them with “Cache passwords and keyfiles in memory” option enabled for demonstration purposes.

Figure 1

Figure 1: TrueCrypt password dialog

This option is not enabled by default for security risks associated with it. At this point TrueCrypt cached passwords in RAM in an unencrypted fashion. Then, I took a memory dump with MDD[1].

Figure 2

Figure 2: Memory dump with MDD

For extracting keys from this image I used Jesse Kornblum’s “Cryptoscan” plugin[2] for Volatility framework. For the big size (around 3.5 GB) of the memory dump file, the scanning process took more than an hour and in the end the plugin could find the keys searched for:

Figure 3

Figure 3: Passwords in plain text

So, we can see that with this search plugin we could reveal the keys in a little more than an hour.


In this post, we tried to introduce memory forensics, talked about open-source Volatility tool that is commonly used to extract useful information from memory dumps, showed how a memory image can be taken and demonstrated extracting TrueCrypt keys with the help of Cryptoscan plugin. You have to load keys in memory (though not plaintext as in our example) for processor to use them to do encryption and decryption on the fly (Kaplan, 2007). So, although you have strong encryption, memory can reveal your keys and your state-of-the-art, unbreakable encryption will be of no value.


Forensic Science and Standards Act of 2012, 112TH CONGRESS 2D SESSION. (2012, July 12).

Harper, D. (n.d.). Forensic. Retrieved from Online Etymology Dictionary: http://www.etymonline.com/index.php?allowed_in_frame=0&search=forensic&searchmode=none

Huebner, E., Bem, D., Henskens, F., & Wallis, M. (2007). Persistent systems techniques in forensic acquisition of memory. Digital Investigation, 130-131.

Kaplan, B. (2007). RAM is Key, Extracting Disk Encryption Keys From Volatile Memory, Thesis Report. Pittsburgh: Carnegie Mellon University.

Saferstein, R. (2001). Forensic science handbook. Englewood Cliffs, NJ: Prentice Hall.

Volatility 2.3 Release Notes. (2012, Oct 24). Retrieved from Volatility, An advanced memory forensics framework: http://code.google.com/p/volatility/wiki/Release23



Cyber Lawfare: Establishing Norms for Use of Cyber Weapons

1 12 2012

by Max Blumenthal

Cyberwar is upon us. That is the call being issued by top American cyber experts in the wake of increased attacks from Iran and China. The U.S. is also stepping up its offensive cyber capabilities. As Secretary of Defense Leon Panetta stated, “We are facing the threat of a new arena in warfare that could be every bit as destructive as 9/11” (Thompson). These attacks are often directed at private enterprises that are considered critical infrastructure, such as banks and utility companies. In conventional warfare, there is a clear distinction between attacking strategic targets and protecting civilians. In cyberwar, no such distinction currently exists. One way of beginning to protect civilians in a cyber conflict is to create a treaty for international humanitarian law for cyberwarfare (Schneier). This treaty should be modeled after previous international humanitarian law, such as the Geneva Conventions and arms limitations treaties.

Geneva Conventions

The four Geneva Conventions are internationally agreed upon rules for nation-state conduct in warfare created after the tragic loss of life for tens of millions of civilians during World War II. The first Geneva Convention requires states to protect wounded soldiers as well as refrain from targeting medical personnel in a combat zone. The second Convention allows neutral parties to care for the wounded without being attacked by either side of a conflict. The third Convention extends protections for non-State actors, while the fourth Convention prevents collective punishment. Additional protocols prevent perfidy and indiscriminate attacks on civilians targets or total war (Red Cross).

In cyberwarfare, attacks should also respect these established norms. Perhaps the most important, yet most challenging to enforce, of these conventions is the prohibition against perfidy. Neil Rowe, of the Naval Postgraduate School, argues that most cyber-attacks are a form of perfidy in that they masquerade as a legitimate program, but carry a malicious payload. When the payload is discovered, some attacks may try to frame another target to avoid reprisal attacks. Rowe suggests that to prevent wrongful attribution of an attack, digital signatures could be required on cyber weapons to reduce the risk of collateral damage (Rowe).To allow for concealment of an attack while still providing attribution, these “signatures could be hidden steganographically”. The fourth Geneva Convention also offers an important  rule for cyberwarfare, prohibition against collective punishment. Unrestricted cyberwarfare should be eliminated. This means attacks on vital civilian systems, such as water treatment facilities and the financial system, should not occur because they provide little military benefit, but create massive civilian harm.

Arms Limitation or Weapons Ban

The Strategic Arms Limitation Talks Agreements (SALT I and SALT II) sought to halt Soviet and American nuclear ballistic missile launcher production. In cyberwar, an arms limitation treaty has been championed by Russian and China and recently won the consideration of the United States (Gorman).Such a treaty could allow for cyber weapon development and usage for certain military systems, but outright ban weapons that seek to attack civilian infrastructure or military command and control systems. The greatest difficulty with such an agreement is enforcement. Unlike a physical weapon, it fairly easy to conceal a cyber weapon from inspectors (Goldsmith). Also, a treaty does not necessarily prevent countries from giving weapons technology to non-state actors, the main road-block for U.S. adoption of the Russian proposal.

In contrast to an arms limitation treaty, an all out ban on certain weapons has also proven effective for certain weapons. For example, the Biological Weapons Convention prohibits the production and use of biological and toxic arms in warfare. The reason for an all-out ban on biological weapons is that this kind of warfare was deemed indiscriminate and “abhorrent” (Red Cross) even in war. Poorly designed cyber weapons have the potential to have significant unintended consequences. For example, a U.S. cyber attack on Iraq’s financial system in 2003 was prevented, because “Bush administration officials worried that the effects would not be limited to Iraq but would instead create worldwide financial havoc” (Markoff and Shanker). Like an arms limitation treaty, enforcement would be difficult, but inspectors will only need to find evidence of a cyber weapon’s development instead of determining the target of the weapon. Bruce Schneier recognizes that while this may be the ideal policy, a ban on “unaimed or broadly targeted weapons” (Schneier) would also have a significant positive effect and be easier to implement.


Besides a number of enforcement concerns, a treaty’s effectiveness is also hindered by the gray area that separates cyber war and cyber espionage. A treaty would need to govern computer network attacks, but still allow for computer network exploitation. An all out cyber weapons ban is unlikely to happen, but it is possible that certain weapons, such as those that target SCADA units, or targets could be banned. An arms limitation treaty offers a more moderated approach that allows for some production and testing of weapons, but requires an unrestricted inspections, which may be difficult for rival nations to agree to. Finally, a treaty for cyberwarfare provides an opportunity to establish rules of engagement in cyberspace and has the potential to improve protections for civilians and limit the development and deployment of cyber weapons determined to be so destructive that they are immoral, even in warfare.


  1. Goldsmith, Jack. “Cybersecurity Treaties: A Skeptical View.” 9 March 2011. Hoover Institute Task Force on National Security and Law. 29 October 2012                   <http://media.hoover.org/sites/default/files/documents/FutureChallenges_Goldsmith.pdf&gt;.
  2. Gorman, Siobhan. “U.S. Backs Talks on Cyber Warfare.” 4 June 2010. Wall Street Journal. 29 October 2012                   <http://online.wsj.com/article/SB10001424052748703340904575284964215965730.html&gt;.
  3. Markoff, John and Thom Shanker. “Halted ’03 Iraq Plan Illustrates U.S. Fear of Cyberwar Risk.” 1 August 2009. New York Times. 29 October 2012                   <http://www.nytimes.com/2009/08/02/us/politics/02cyber.html?_r=0&gt;.
  4. Red Cross. “Chemical and biological weapons.” 29 October 2010. International Committee of the Red Cross. 29 October 2012 <http://www.icrc.org/eng/war-and-law/weapons/chemical-biological-weapons/overview-chemical-biological-weapons.htm&gt;.
  5. —. “The Geneva Conventions of 1949 and their Additional Protocols.” International Committee of the Red Cross. 29 October 2012 <http://www.icrc.org/eng/war-and-law/treaties-customary-    law/geneva-conventions/index.jsp>.
  6. Rowe, Neil. “War Crimes from Cyberweapons.” Journal of Information Warfare 6.3 (2007): 15-25.
  7. Schneier, Bruce. “Cyberwar Treaties.” 14 June 2012. Schneier on Security. 29 October 2012<http://www.schneier.com/blog/archives/2012/06/cyberwar_treati.html&gt;.
  8. Thompson, Mark. “Panetta Sounds Alarm on Cyber-War Threat.” 12 October 2012. Time. 29 October   2012 <http://nation.time.com/2012/10/12/panetta-sounds-alarm-on-cyber-war-      threat/#ixzz2A9hs0hIX>.