The Cybersecurity Threat Landscape

A look at the past, present, and future of cybersecurity & warfare

Connor Martin

Technological advancements have connected people around the world in novel ways. The ability to instantaneously transmit data impacted not only the way we communicate but ushered in a new era of industrialization as well. Banks, hospitals, businesses, and most of modern society’s critical infrastructure are in some way reliant on the internet to function. While this interconnectedness improves the functionality of everyday life, it also presents a new opportunity for malicious entities to cause disruption or harm to American lives and property. Roche (2019) contends that nation-states continue to invest in their cyber capabilities for both military and intelligence operations; conversely, common criminals have turned to modern technology to facilitate the theft of resources and intellectual property. Cybersecurity subsequently ascended to one of the foremost concerns for both the public and private sectors. The constant state of technological fluidity demands a multifaceted approach to address the national cyber security nexus. Mitigation, response, and recovery are imperative functions of robust, modern policymaking (Johnson, 2015). The following sections provide an exhaustive review of the contemporary cybersecurity threat landscape.

Historical Reference Points in Cybersecurity

Communication and signals intelligence rose to prominence during the World Wars and Cold War to follow; many countries engaged in the process of wiretapping telecommunication lines to eavesdrop on their enemies (Wark, 2020). The interception of telephonic communications became a type of precursor to information warfare during the latter half of the 20th Century. Crocker (2019) describes how in 1969, the Advanced Research Projects Agency Network, ARPANET, was introduced by the U.S. Department of Defense. This is the foundation of the modern-day internet; the TCP/IP protocol suite of ARPANET remains the fundamental communication framework used today. As the internet was being adopted by governments, militaries sought ways to leverage this technology to impact adversaries on the battlefield. Though much contention exists regarding the exact definition of a cyber weapon due to its intangibility, it has been observed over the past two decades how malicious software can impact critical infrastructure (Roguski, 2021).

Willett (2022) notes the Russian Federation has been heavily scrutinized for employing disruptive malware during conflicts with Ukraine since the early 2010’s. China has been frequently accused of committing intellectual property theft in the cyberspace by both governments and private companies alike (Shu Shang & Shen 2021). The cultural influence of computer hackers in the 1980’s and 1990’s romanticized the idea of covertly breaking into information systems; this later evolved into the roles of both malicious and ethical hackers. The 1986 Computer Fraud and Abuse Act passed by the U.S. government was one of America’s first major cybersecurity initiatives; this criminalized illicit or unnecessary access to information systems (Kane, 2020). Relative to the problems of mankind before the 20th Century, cyber threats are a novel concept. Researchers continue to pursue mechanisms to curtail emerging security threats, but the perpetual game of cat-and-mouse between malicious actors and governments demonstrates the longevity of modern information wars. It is apparent that cybersecurity has and will continue to play an important role in global history.

Critical Infrastructure and Cybersecurity

Most of the American key critical infrastructure apparatus is interconnected (Popescu, 2019). Further, Atkins and Lawson (2022) describe the consideration that a vast majority of U.S. critical infrastructure is privately-owned; thus, it is incumbent upon the government to work closely with the private sector through Public-Private Partnerships. The electrical grid system provides operational functionality to the banking system, healthcare facilities, and utility treatment centers. Since critical infrastructure relies on others to operate, it could be detrimental if one experiences a cybersecurity event. For example, communication infrastructure being impacted by ransomware can cause planes, public transportation, GPS, and satellite communications to be rendered ineffective (Fausto et al., 2021). Furthermore, the notion that they are heavily reliant on the internet to communicate and function poses a considerable national security risk if left unaddressed. The 2021 Colonial Pipeline cyber-attack highlights how gas and oil supplies can suffer from malicious activity (Tsvetanov & Slaria, 2021). Industrial automotive operations have halted due to being victimized by cyber threat actors; Hoffman and Baker (2022) further elaborate that hospitals have similarly been unable to access crucial patient health data. Attacks on banking infrastructure may leave Americans without the ability to withdraw money from their accounts—causing widespread panic. Businesses are unable to process transactions, and information system vulnerabilities leave sensitive customer data exposed to cyber criminals. The importance of cyber infrastructure protection in the modern era is exemplified by the monumental impact it has on society.

Cybersecurity and Critical Infrastructure Protection - Engineering & Design Concepts

Cybersecurity is a collective effort; both the public and private sectors are responsible for the securitization of America’s infrastructure. The Cybersecurity and Infrastructure Security Agency, CISA, is the technological arm of the Department of Homeland Security tasked with spearheading national cybersecurity protection and initiatives (Dawson et al., 2021). Along with the National Institute of Standards and Technology, NIST, CISA creates modern cybersecurity standards, policies, and guidance for both businesses and the government. Similarly, Huang et al. (2017) describe how the Open Web Application Security Project, OWASP, produces secure coding guidance for software engineers based on the current, known cyber threat landscape. Vulnerability researchers employed by both private entities and the U.S. government will reverse engineer malicious software to provide timely, effective intelligence to facilitate the securitization of cyber infrastructure (Bolton & Anderson‐Cook, 2017). There exists an insurmountable number of threats in the cyberspace; however, some threats pose a greater threat to cyber infrastructure than others.

Distributed denial-of-service, DDoS attacks severely impact the ability of information systems to function (Swami et al., 2020). According to Vormayr et al. (2017) Botnets are oftentimes compromised devices infected with malicious software to perform background tasks unbeknownst to the host user. DDoS attacks employ the use of infected computers to send massive amounts of data requests to the targeted service—causing it to seize functionality. Determining whether traffic is malicious or normal is a key component of recognizing a DDoS attack; an event targeting multiple layers of an information system simultaneously, such as a DNS amplification and HTTP flooding, can be an indicator of an attack (Mahjabin et al., 2022). Potential mitigation strategies include blackhole routing, web application firewalls, and rate limiting. Strategic security implementation is paramount for effective mitigation efforts, and companies such as Cloudflare similarly provide DDoS protection services by acting as a reverse proxy for network traffic (Liu et al., 2019).

Al-rimy et al. (2018) describe how ransomware has ascended to become one of the greatest threats to modern technology. This type of malware uses encryption to deny users access to their files unless a ransom is paid; similarly, some ransomware types threaten to divulge sensitive information or data if no payment is received. Users face an ethical dilemma when victimized by ransomware: one perspective is the files must be retrieved at all costs, and a ransom is then paid to the criminals. Conversely, the opposing viewpoints posit that paying a ransom only further encourages this type of victimization, and the risk of data loss is the alternative price they must pay. There is no guarantee that encryption keys will be sent once the ransom is paid, so this poses twice the risk. Ransomware will traverse files quietly in the background of an infected device, and it is often too late to implement countermeasures by the time it is discovered (Lee et al., 2018). Like most other forms of computer viruses, ransomware is transmitted through opening attachments or clicking links that inject malicious code. Software downloaded from unsavory websites may appear legitimate to the user, but underneath malicious processes are taking place.

Mitigation, Resilience, Redundancy

Mitigation, resiliency, and redundancy are key cybersecurity considerations (Johnson, 2015). Attack mitigation entails the use of strategic policymaking, controls, and monitoring. Educating people on cyber hygiene, as well as effective security implementation, can drastically reduce the likelihood of compromising a system. Routine phishing tests have shown some benefits by helping employees become more aware of the modern threat landscape (Xiong, et al., 2019). Administrative policies and procedures can further contribute to an organization’s cybersecurity robustness, and adequate control mechanisms reduce the risk of experiencing a cyber incident. A resilient cybersecurity apparatus decreases the chance that organizational data will be compromised by malicious actors. Wadhawan et al. (2018) note that resilient information systems may be difficult to enumerate by cyber criminals, and the implementation of timely, critical updates decreases the likelihood that a vulnerable can be exploited. Not all vulnerabilities are exploitable, but the 2021 Log4j vulnerability demonstrates the severe impact unpatched systems can have on critical infrastructure (Ufuktepe et al., 2022).

Redundancy facilitates system continuity. The use of backup software is common for many organizations, and this better ensures that systems are recoverable for any number of reasons (Adee & Mouratidis, 2022). It is not uncommon to have multiple redundant backup servers; Wahab et al. (2021) describe how Amazon Web Services, or AWS, allows administrators to create backup images across multiple datacenters. Routine backup cadences are important for operational functionality, and modern technologies allow for encrypted data storage. The concept of the cloud has proven to be an effective tool for redundancy, and this allows organizations to store their data remotely. This decreases the likelihood of both man-made and natural disasters impacting data as larger datacenters implement sophisticated physical and logical controls. AES and TLS securely transmit and stores data, so this alleviates some of the stress of continuity maintenance (Diemert & Jager, 2021). Organizations that store their information on servers locally risk losing important data if redundancy is not properly established.

Cyber Intelligence, Conflict, and Warfare

The modern cybersecurity landscape is of great importance to national security. Cyber intelligence, conflict, and warfare are emerging types of threats that previous generations had little experience with. The Cold War impacted the way countries safeguard critical information; covert agents once had to be within physical proximity to the origin of sensitive data, whereas today cyber intelligence allows for remote access to critical information over the internet. The United States government employs thousands of cybersecurity professionals to act in both offensive and defensive capacities. Defensive cyber intelligence is a component of the counterintelligence apparatus, and these roles seek to identify threats against American cyber infrastructure (Barnea, 2019). Offensive cyber intelligence seeks to infiltrate or compromise clandestine information systems; according to Loleski (2019), both offensive and defensive cyber capabilities are necessary for national security, and government organizations such as the National Security Agency and CISA are tasked with various roles within the cyberspace. Since most of the critical infrastructure and government functions are facilitated by computers, there is an increasingly urgent need to secure systems from becoming compromised. The Onion Router, TOR, was created by the U.S. Naval Research Laboratory to protect American intelligence communications; today, TOR is used by governments, dissidents, malicious actors, and criminals to anonymously perform a wide array of functions online—sometimes with malicious intent (Jadoon et al., 2019). The shift from a decentralized intelligence community to a centralized one under the Office of the Director of National Intelligence, ODNI, sought to improve the overall security and intelligence posture of the United States. The ODNI directs national cyber intelligence efforts, and they produce the national Cyber Threat Framework (Gentry, 2022).

Countries increasingly rely on technology and information systems during times of conflict. Nguyen and Sparks (2020) note that air defense and guidance systems, aircraft, and communications can be susceptible to disruption. Military planning and classified data are sent and stored on electronic devices, so foreign adversaries may attempt to illicitly access servers to extract secretive information or even sabotage the system entirely. Militaries and governments often utilize satellites to communicate with special operations forces in remote locations, and technologically sophisticated adversaries could potentially intercept these to undermine covert activities. Cybersecurity in conflict should not be conflated with electronic warfare; the use of electromagnetic and directed energy weapons differs from crippling information systems or leveraging the internet to collect intelligence (Pournelle, 2022). Nonetheless, cybersecurity will continue to play a pivotal role in future conflicts.

Cyber warfare has been used by aggressor nation-states during the 21st century. The Russian attack on Ukrainian electrical infrastructure highlights the importance of critical infrastructure securitization. Wasson and Bluesteen (2018) contend that larger countries such as China, Russia, and the United States are all likely to possess sophisticated cyber warfare capabilities—though there are no known instances where these countries have directly impacted the cyber infrastructure of another. The Stuxnet computer worm demonstrated the potential physical implications of a cyber-attack; Iranian SCADA systems were infected with malicious code that caused nuclear enrichment centrifuges to spin at extremely high speeds and caused substantial damage to Iran’s nuclear program (Nourian & Madnick, 2018). Cyber warfare can be one-sided depending on the independent capabilities of each country, but it is also important to note that cyber warfare, unlike kinetic warfare, is considerably less expensive to facilitate. North Korea, despite its economic deficiencies, exemplifies this by possessing effective cyber capabilities (Kim, 2022).

One of the foremost concerns with cyber warfare lies within the fact that determining the location and entity committing the attack is extremely difficult (Johnson, 2015). Anonymization, the globalization of interconnectivity, and the ability to alter geolocation data presents an arduous task to precisely determine belligerent parties. Further, Akoto (2022) found that nation-states may employ third-party aggressors to act on their behalf, and this allows governments to further deny involvement in an incident. The sophistication of an attack is often used as an indicator to identify state-sponsored cyber-attacks; some attack vectors require multiple teams of people and advanced government software. When malware is used in an attack it generally leaves behind remnants that can be used to identify potential aggressors, and reverse engineering is leveraged to understand how malicious code or software is used (Bolton & Anderson‐Cook, 2017). For this reason, it would be uncommon for the nation-state to use the same attack twice. Countries would be hesitant to launch an attack against other states due to the fear of retaliatory attacks. Similarly, unilateral actions by partner states may potentially increase the complexity of protecting key critical infrastructure on an international scale.

Cybersecurity Legal Issues

Since the 1990s, numerous legislative pieces have sought to address the securitization of U.S. critical infrastructure. In 1996, President Clinton signed Executive Order 13010 which aimed to not only identify key critical infrastructure but further establish the President's Commission on Critical Infrastructure Protection (Boys, 2018). Since 1996, every U.S. President has enacted some form of legislation or presidential directive that emphasizes the need to secure American critical cyber infrastructure. The Computer Fraud and Abuse Act may be described as one of the most important pieces of technological legislation in the United States; this empowers law enforcement and legal professionals to pursue cyber criminals across the spectrum (Kane, 2020). Defining key terms are important legal considerations as well—legislators, scholars, and cybersecurity professionals pose different definitions of cyber weapons and cyber terrorism. Definitions have legal ramifications, and they are used frequently to determine the next course of action during the litigation process. Similarly, it is incumbent upon lawmakers to define these key concepts so the Department of Defense, Department of Homeland Security, and the U.S. Justice Department can pursue retaliatory measures against malicious actors.

Kinetic warfare is generally observed by the loss of life or physical property; however, this is not necessarily the case if an information system is compromised, sabotaged, or manipulated. The explicit definition of the components of a cyber-related incident could be the factor determining if states engage in cyber warfare, or if the government prosecutes a cybercriminal (Li, 2017). The September 11th terrorist attacks brought to question America’s ability to protect critical infrastructure. President Bush subsequently signed Executive Order 13228 and established the Department of Homeland Security (Brzozowski, 2017). CISA and the ODNI facilitate most national cyber security efforts, but the DoD’s NSA and most other intelligence agencies broadly address the varying issues and threats of the cyber realm. The USA PATRIOT Act allowed the American intelligence and law enforcement communities additional powers, and the FREEDOM Act has since replaced it (Rajah, 2019). These legislative pieces were met with contention from both the American public and other lawmakers; the ability of the U.S. government to access emails, internet activity, and phone records is viewed as a violation of American civil rights.

Economic Costs of Cybersecurity

The economic impact of cybersecurity and its implications are remarkable. Fang et al. (2022) describes how ransomware alone has caused millions of dollars in damage, and businesses have been forced to spend more on their cybersecurity budgets to address the vast array of potential threats. People are frequently victimized by internet scams, identity theft, and financial fraud. The cost of responding to a cybersecurity incident can be considerable depending on the nature of the attack, and third parties are oftentimes needed to perform more complex information security audits (Yen et al., 2018). It is also important to consider the cost of reputation damage; customers and clients may lose confidence in an organization if they experience a data breach. In turn, companies can lose vital business and ultimately impact their revenue due to being the victim of a cyber incident. It is often significantly more cost-effective to invest in mitigation strategies rather than responding to a data loss (Alsaleh et al., 2017).

The Future Threat Landscape of Cybersecurity

Artificial Intelligence, or A.I., drastically impacted the cybersecurity landscape. The ability for machines to not only learn but act without direct human interaction contributes to both offensive and defensive cybersecurity capabilities (Jing et al., 2021). Aggressors can potentially manipulate AI to allow malicious traffic into an organization’s infrastructure, and cybersecurity analysts may not detect the compromise of data. Conversely, AI is commonly used by cybersecurity professionals in a defensive capacity; according to González-Granadillo et al. (2022), Security Information and Event Management, SIEM software can be used to detect anomalous activity across many layers of organizational infrastructure in a single location. Security Orchestration, Automation, and Response, SOAR software can effectively respond to many different cyber threats without input from a human operator (Schlette et al., 2021). This technology demonstrates the importance of AI in the contemporary landscape, and security researchers contend that it will continue to be an important aspect of cybersecurity in the coming decades.

Quantum computing is an emerging technology that will impact national security. Quantum computers can execute Shor’s Algorithm, and this can be used to bypass many forms of modern encryption (Rossi et al., 2022). Shiba et al. (2022) show that AES-256 has been shown to be capable of preventing quantum computers from solving encryption algorithms, but the popular RSA encryption is susceptible to attacks using quantum bits or cubits. This has not been implemented across the spectrum by either public or private sectors. Critical infrastructure involves many moving components; ensuring that all software and systems that touch sensitive data are secured from quantum computing will be a considerable task. Nation-states can leverage quantum computing to infiltrate the information systems of others (Barbeau & Garcia-Alfaro, 2022). The major roadblock to the implementation of quantum computing is both cost and complexity, and this will likely become more feasible as the technology is explored further. Other emerging technologies, such as nanotechnology, will require further research regarding the impact they will have on the future national security apparatus (Rai et al., 2022).

Conclusion

The researcher of this text provides an overview of the modern cybersecurity landscape. Historical reference points in cybersecurity are described, and the ascension of the internet from a defense communications project to the globalization of all information is observed. The interconnectedness of critical cyber infrastructure presents an opportunity for both effectiveness and risk. The impact that infrastructure has on other types of infrastructure is important to consider, and if one infrastructure type experiences a cybersecurity incident it can negatively impact others. The researcher discusses engineering and design concepts relative to modern cyber threats. Mitigation should be the foremost consideration for those developing or maintaining information systems.

Cybersecurity resiliency is facilitated by strategic implementation, and redundancy is critical for ensuring continuity. Cyber intelligence has proven to be a major aspect of the modern national security apparatus. Cybersecurity has and will continue to impact global conflicts; cyber warfare is a complex and increasingly urgent consideration for governments to address. The researcher examined both potential and historical legal issues relevant to information security in the post-9/11 era. The economic costs of cybersecurity are impacted by multiple factors, and reputational damage can be detrimental to an organization. The researcher concludes by describing how emerging technologies such as Artificial intelligence, quantum computing, and nanotechnology will dictate the future of the cybersecurity threat landscape for both public and private entities. The ever-changing nature of the cyber threat landscape demands continuous consideration and research conducive to the robustness of the U.S. national security apparatus.

References

Adee, R., & Mouratidis, H. (2022). A dynamic four-step data security model for data in cloud computing based on cryptography and steganography. Sensors, 22(3), 1109. https://doi.org/10.3390/s22031109

Akoto, W. (2022). Accountability and cyber conflict: Examining institutional constraints on the use of cyber proxies. Conflict Management and Peace Science, 39(3), 311-332. https://doi.org/10.1177/07388942211051264

Al-rimy, B. A. S., Maarof, M. A., & Shaid, S. Z. M. (2018). Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions. Computers & Security, 74, 144-166. https://doi.org/10.1016/j.cose.2018.01.001

Alsaleh, M. N., Al-Shaer, E., & Husari, G. (2017). ROI-driven cyber risk mitigation using host compliance and network configuration. Journal of Network and Systems Management, 25(4), 759-783. https://doi.org/10.1007/s10922-017-9428-x

Barbeau, M., & Garcia-Alfaro, J. (2022). Cyber-physical defense in the quantum era. Scientific Reports, 12(1), 1905-1905. https://doi.org/10.1038/s41598-022-05690-1

Barnea, A. (2019). Big data and counterintelligence in western countries. International Journal of Intelligence and Counterintelligence, 32(3), 433-447. https://doi.org/10.1080/08850607.2019.1605804

Bolton, A. D., & Anderson‐Cook, C. M. (2017). APT malware static trace analysis through bigrams and graph edit distance. Statistical Analysis and Data Mining, 10(3), 182-193. https://doi.org/10.1002/sam.11346

Boys, J. D. (2018). The Clinton administration's development and implementation of cybersecurity strategy (1993-2001). Intelligence and National Security, 33(5), 755-770. https://doi.org/10.1080/02684527.2018.1449369

Brzozowski, C. (2017). The department of homeland Security’s role in protecting the national economy. Homeland Security Affairs.

Crocker, S. D. (2019). The ARPAnet and its impact on the state of networking. Computer, 52(10), 14-23. https://doi.org/10.1109/MC.2019.2931601

Dawson, M., Bacius, R., Gouveia, L. B., & Vassilakos, A. (2021). understanding the challenge of cybersecurity in critical infrastructure sectors. Land Forces Academy Review, 26(1), 69-75. https://doi.org/10.2478/raft-2021-0011

Diemert, D., & Jager, T. (2021). On the tight security of TLS 1.3: Theoretically sound cryptographic parameters for real-world deployments. Journal of Cryptology, 34(3). https://doi.org/10.1007/s00145-021-09388-x

Fang, R., Xu, M., & Zhao, P. (2022). Determination of ransomware payment based on bayesian game models. Computers & Security, 116, 102685. https://doi.org/10.1016/j.cose.2022.102685

Fausto, A., Gaggero, G. B., Patrone, F., Girdinio, P., & Marchese, M. (2021). Toward the integration of cyber and physical security monitoring systems for critical infrastructures. Sensors, 21(21), 6970. https://doi.org/10.3390/s21216970

Gentry, J. A. (2022). Cyber intelligence: Strategic warning is possible. International Journal of Intelligence and Counterintelligence, 1-26. https://doi.org/10.1080/08850607.2022.2095544

González-Granadillo, G., González-Zarzosa, S., & Diaz, R. (2021). Security information and event management (SIEM): Analysis, trends, and usage in critical infrastructures. Sensors, 21(14), 4759. https://doi.org/10.3390/s21144759

Hoffman, T. W., & Baker, J. F. (2022). Navigating our way through a hospital ransomware attack: Ethical considerations in delivering acute orthopedic care. Journal of Medical Ethics. https://doi.org/10.1136/medethics-2021-107876

Huang, H., Zhang, Z., Cheng, H., & Shieh, S. W. (2017). Web application security: Threats, countermeasures, and pitfalls. Computer, 50(6), 81-85. https://doi.org/10.1109/MC.2017.183

Kane, S. (2020). Available, granted, revoked: A new framework for assessing unauthorized access under the computer fraud and abuse act. The University of Chicago Law Review, 87(5), 1437-1477.

Popescu, V. F. (2019). the cyber security of critical infrastructures in an increasingly connected world. Bulletin of "Carol I" National Defense University, 8(3)

Jadoon, A. K., Iqbal, W., Amjad, M. F., Afzal, H., & Bangash, Y. A. (2019). Forensic analysis of tor browser: A case study for privacy and anonymity on the web. Forensic Science International, 299, 59-73. https://doi.org/10.1016/j.forsciint.2019.03.030

Jing, H., Wei, W., Zhou, C., & He, X. (2021). An artificial intelligence security framework. Journal of Physics, 1948(1), 12004. https://doi.org/10.1088/1742-6596/1948/1/012004

Johnson, T. A. (2015). Cybersecurity: Protecting critical infrastructures from cyber attack and cyber warfare. Boca Raton, FL: CRC Press. ISBN: 9781482239225.

Kim, M. (2022). North Korea’s cyber capabilities and their implications for international security. Sustainability, 14(3), 1744. https://doi.org/10.3390/su14031744

Lee, K., Yim, K., & Seo, J. T. (2018). Ransomware prevention technique using key backup. Concurrency and Computation, 30(3). https://doi.org/10.1002/cpe.4337

Li, J. X. (2017). Cyber crime and legal countermeasures: A historical analysis. Internationa Journal of Criminal Justice Sciences, 12(2), 196-207. https://doi.org/10.5281/zenodo.1034658

Liu, Z., Cao, Y., Zhu, M., & Ge, W. (2019). Umbrella: Enabling ISPs to offer readily deployable and privacy-preserving DDoS prevention services. IEEE Transactions on Information Forensics and Security, 14(4), 1098-1108. https://doi.org/10.1109/TIFS.2018.2870828

Loleski, S. (2019). From cold to cyber warriors: The origins and expansion of NSA's tailored access operations (TAO) to shadow brokers. Intelligence and National Security, 34(1), 112-128. https://doi.org/10.1080/02684527.2018.1532627

Mahjabin, T., Xiao, Y., Li, T., & Guizani, M. (2022). Hotlist and stale content update mitigation in local databases for DNS flooding attacks. Telecommunication Systems, 81(3), 417-430. https://doi.org/10.1007/s11235-022-00950-x

Nourian, A., & Madnick, S. (2018). A systems theoretic approach to the security threats in cyber physical systems applied to Stuxnet. IEEE Transactions on Dependable and Secure Computing, 15(1), 2-13. https://doi.org/10.1109/TDSC.2015.2509994

Nguyen, L., & Sparks, J. L. (2020). Air, space, and cyberspace: Reinvigorating defense of US critical infrastructure. Air & Space Power Journal, 34(3), 44-53.

Pournelle, P. (2022). The need for cooperation between wargaming and modeling & simulation for examining cyber, space, electronic warfare, and other topics. Journal of Defense Modeling and Simulation, https://doi.org/10.1177/15485129221118100

Rajah, J. (2019). Law, politics, and populism in the U.S.A. P.A.T.R.I.O.T. act. Indiana Journal of Global Legal Studies, 26(1), 61-86. https://doi.org/10.2979/indjglolegstu.26.1.0061

Rai, S., Patnaik, S., Rupani, A., Knechtel, J., Sinanoglu, O., & Kumar, A. (2022). Security promises and vulnerabilities in emerging reconfigurable nanotechnology-based circuits. IEEE Transactions on Emerging Topics in Computing, 10(2), 763-778. https://doi.org/10.1109/TETC.2020.3039375

Roche, E. M. (2019). The search for global cyber stability. Journal of Information Technology Cases and Applications, 21(2), 68-73. https://doi.org/10.1080/15228053.2019.1636570

Roguski, P. (2021). An inspection regime for cyber weapons: A challenge too far? AJIL Unbound, 115, 111-115. https://doi.org/10.1017/aju.2021.6

Rossi, M., Asproni, L., Caputo, D., Rossi, S., Cusinato, A., Marini, R., Agosti, A., & Magagnini M. (2022). Using Shor’s algorithm on near term quantum computers: A reduced version. Quantum Machine Intelligence, 4(2). https://doi.org/10.1007/s42484-022-00072-2

Schlette, D., Vielberth, M., & Pernul, G. (2021). CTI-SOC2M2 – the quest for mature, intelligence-driven security operations and incident response capabilities. Computers & Security, 111, 102482. https://doi.org/10.1016/j.cose.2021.102482

Shiba, R., Sakamoto, K., & Isobe, T. (2022). Efficient constructions for large‐state block ciphers based on AES new instructions. IET Information Security, 16(3), 145-160. https://doi.org/10.1049/ise2.12053

Shu Shang, C., & Shen, W. (2021). Beyond trade war: Reevaluating intellectual property bilateralism in the US–China context. Journal of International Economic Law, 24(1), 53-76. https://doi.org/10.1093/jiel/jgab003

Swami, R., Dave, M., & Ranga, V. (2020). Software-defined networking-based DDoS defense mechanisms. ACM Computing Surveys, 52(2), 1-36. https://doi.org/10.1145/3301614

Tsvetanov, T., & Slaria, S. (2021). The effect of the colonial pipeline shutdown on gasoline prices. Economics Letters, 209, 110122. https://doi.org/10.1016/j.econlet.2021.110122

Ufuktepe, E., Tuglular, T., & Palaniappan, K. (2022). Tracking code bug fix ripple effects based on change patterns using Markov chain models. IEEE Transactions on Reliability, 71(2), 1141-1156. https://doi.org/10.1109/TR.2022.3167943

Vormayr, G., Zseby, T., & Fabini, J. (2017). Botnet communication patterns. IEEE Communications Surveys and Tutorials, 19(4), 2768-2796. https://doi.org/10.1109/COMST.2017.2749442

Wadhawan, Y., AlMajali, A., & Neuman, C. (2018). A comprehensive analysis of smart grid systems against cyber-physical attacks. Electronics, 7(10), 249. https://doi.org/10.3390/electronics7100249

Wahab, O. A., Bentahar, J., Otrok, H., & Mourad, A. (2021). Resource-aware detection and defense system against multi-type attacks in the cloud: Repeated Bayesian Stackelberg game. IEEE Transactions on Dependable and Secure Computing, 18(2), 605-622. https://doi.org/10.1109/TDSC.2019.2907946

Wark, W. (2020). 'Favourable geography: Canada's arctic signals intelligence mission'. Intelligence and National Security, 35(3), 319-330. https://doi.org/10.1080/02684527.2020.1724629

Wasson, J. T., & Bluesteen, C. E. (2018). Taking the archers for granted: Emerging threats to nuclear weapon delivery systems. Defence Studies, 18(4), 433-453. https://doi.org/10.1080/14702436.2018.1528137

Willett, M. (2022). The cyber dimension of the Russia-Ukraine war. Survival, 64(5), 7-26. https://doi.org/10.1080/00396338.2022.2126193

Xiong, A., Proctor, R. W., Yang, W., & Li, N. (2019). Embedding training within warnings improves skills of identifying phishing webpages. Human Factors, 61(4), 577-595. https://doi.org/10.1177/0018720818810942

Yen, J., Lim, J., Wang, T., & Hsu, C. (2018). The impact of audit firms’ characteristics on audit fees following information security breaches. Journal of Accounting and Public Policy, 37(6), 489-507. https://doi.org/10.1016/j.jaccpubpol.2018.10.002