LTC David Raymond is an Armor officer in the United States Army. He is assigned as an Assistant Professor in the Department of Electrical Engineering and Computer Science at the United States Military Academy, West Point. LTC Raymond has a Master’s degree in Computer Science from Duke University and a Ph.D. in Computer Engineering from Virginia Polytechnic and State University. He teaches senior-level computer networking and cyber security elective courses at West Point and conducts research on information assurance, network security, and online privacy.
A Control Measure Framework to Limit Collateral Damage and Propagation of Cyber Weapons
Co-authors: Gregory Conti (United States Military Academy West Point), Tom Cross (Lancope Inc.), Robert Fanelli (United States Cyber Command)
With the recognition of cyberspace as a warfighting domain by the U.S. Department of Defense, we anticipate increased use of malicious software as weapons during hostilities between nation-states. Such conflict could occur solely on computer networks, but increasingly will be used in conjunction with traditional kinetic attack, or even to eliminate the need for kinetic attack. In either context, precise targeting and effective limiting of collateral damage from cyber weaponry are desired goals of any nation seeking to comply with the law of war. Since at least the Morris Worm, malicious software found in the wild has frequently contained mechanisms to target effectively, limit propagation, allow self-destruction, and minimize consumption of host resources to prevent detection and damage. This paper surveys major variants of malicious software from 1982 to present and synthesizes the control measures they contain that might limit collateral damage in future cyber weapons. As part of this work, we provide a framework for critical analysis of such measures. Our results indicate that a compelling framework for critical analysis emerges by studying these measures allowing classification of new forms of malware and providing insight into future novel technical mechanisms for limiting collateral damage.