October 7, 2013

NSA Piloted Collecting Cellphone Location

Since the Snowden leaks earlier this year, the National Security Agency (NSA) has come under fire and has made multiple appearances at Congressional hearings. Recently, NSA Director General (GEN) Keith Alexander responded to a line of questioning at a Senate hearing admitting to a secret pilot in collecting cellphone location information. In 2010, the NSA started experimenting with data collected from cellphone towers that disclosed the locations of ordinary American citizens' cellphone; however, they discontinued the clandestine efforts in 2011 after determining it did not have "operational value." 
The experiment's main purpose was to see how the information would flow into the NSA's systems. During the pilot, NSA received bulk samples of cellphone location data that tested their systems' ability to handle the format. GEN Alexander stated that the information was not used for any other purpose to include intelligence analysis. To summarize it in a concise statement, the NSA collected the information not because they needed the information, but to simply see if they could and how it would work.

This little handy device
broadcasts your location.
Even scarier, while the NSA did not have current "requirement" for this information, he did mention it may be something they would need in the future. The government claims it has the legal basis under Section 215 of the Patriot Act to collect cellphone location information. The FBI already has the ability to obtain location data with a court order. A law enforcement agency investigating a crime suspect is different than an intelligence agency without probable cause.
Interestingly, the U.K. based The Register wrote "in Europe, network operators are obliged to keep the very same data, just in case law enforcement fancies a look at it...[W]e're doing much the same thing, on a bigger scale and with more success." (2013) An interesting tidbit to show you that the proverbial grass is not always greener on the other side of the pond.

For those with the "if you didn't do anything wrong, you have nothing to hide" mentality, please read our "Privacy:Why you should care about PRISM" post on why you might want to care.
Nakashima, E. (2 October 2013). NSA had test project to collect data on Americans' cellphone locations, director says. The Washington Post. Retrieved from http://articles.washingtonpost.com/2013-10-02/world/42599721_1_nsa-location-data-such-data 
Ray, B. (3 October 2013). NSA: Yes we 'experimented' with US mobile tracking. But we didn't inhale. The Register. Retrieved from http://www.theregister.co.uk/2013/10/03/nsa_admits_tracking_us_cellphones/ 

Savage, C. (2 Oct 2013). In test project, N.S.A. tracked cellphone locations. New York Times. Retrieved from http://www.nytimes.com/2013/10/03/us/nsa-experiment-traced-us-cellphone-locations.html 
Enhanced by Zemanta

October 5, 2013

Scam U: Job opportunity scam

Routinely the media reports about our failing economy, high unemployment rates, massive lay-offs and low employment opportunities. If you are like me, then you probably know one or more person affected by the ailing economy. Many people are in search for another source of income, because these bills are not going to pay themselves. Scammers, being parasitic scum, are taking advantage of this environment to prey upon the vulnerable through job opportunity scams. According to the Office of the Ohio Attorney General , job opportunity scams are commonplace. 
Below are three cases from September 2013 news reports to illustrate how the scam works.
Case #1. Recently an unemployed, Lakewood, Ohio man fell victim to a job scam. After applying online, he received an email requesting an interview conducted through Yahoo Messenger. They gave him the "job" soon after the interview. Communication with all company representatives were conducted online. Eventually the company sent him a check for $2,190 with instructions to purchase required job equipment, and wire the remaining money back. Unfortunately, his bank informed him the check was a fake after he already bought the equipment and wired the funds back. This left him on the hook for the $2,190.
Case #2. After recently moving, an unemployeed man sought employment help at a South Carolina Works office. The office's Veterans Assistance Program submitted his resume to the company, Godel Technology. Within a couple of weeks, the company emails the man notifying him he was selected as a job candidate. Shortly afterwards he began training and corresponding with his new "employer;" all of this was conducted online. Then the company sent him a series of checks for a total amount of $6,000 with instructions to wire the funds to a vendor in Illinois to pay for equipment. Days after following the instructions, the man finds out that the checks were bad and he is personally liable for the $6,000. The scammers used the name of a real company as a cover.

Case #3. An Alabama woman responded to a newspaper ad about a part-time clerical position at the company Keegan's Linkahead. The ad requested applicants to email resumes to an AOL email address. The company emailed her the job offer. Additionally, the company emailed instructions to deposit a check into her personal bank account, send a money order/cashier check to different location, and purchase certain business items. The remaining amount of money was her payment. Since the job was not what she expected, she emailed the company back notifying them she was not accepting the position. They responded with a hostile email stating they already sent her the first check, and she had to proceed with the first deposit before declining future jobs. They even claimed the FBI would be involved if she did not follow through.

The South Carolina Department of Consumer Affairs states they see over 100 of these types of scams per month. Recovering the money after being conned is next to impossible since these scammers often cross multiple law enforcement jurisdictions. The best defense is to learn the red flags before you fall prey.
Job Scam Tips
Don't assume a job opportunity is real just because you found it on a legitimate website, newspaper, or through an employment office. 
Be leery of offers claiming you can easily make large sums of money with little to no experience. Every legitimate, paying job requires some type of skill. Additionally, if it was so easy, everybody would be doing it.
Research the company offering the job opportunity. Check with the Better Business Bureau to see if the company is real, or some fake organization created by scammers.
Scammers often claim to represent real businesses as illustrated in our second case. If you find a phone number for the business headquarters, call to verify if the company representatives emailing you are actually employees, or if the branch location offering the job is actually a real branch. The real business will want to protect its name and stop people that are using it to scam people.
Be cautious of anyone who:
  • Will not interview you in person. Each victim in our stories never personally met a representative from the company.
  • Relies heavily on commercially free email and/or instant messaging services. Our third case required resumes be sent to an AOL email address, and our first case conducted the interview only through Yahoo Messenger. Professional businesses will have email services with their own domain, which is not that expensive to get. Also, real businesses typically want a face-to-face interview.
  • Only communicates via email. The scammers in all three of our cases only communicated with their victims through electronic means, and never face-to-face.
  • Often uses poor grammar, misspellings, and poor sentence structure.
  • Asks you to deposit checks into your personal account and wire money. Real businesses do not operate this way, and this may be an indicator that you are involved in a money laundering scheme.
  • Requires you to pay for training, background investigations, or other employment requirements.
  • Requires you to fill out an online form requesting personal information like your social security number, or banking information.
  • Routinely provide excuses never to meet in person (i.e., out of the country for business).
Job offer scam from Australia.
Image from Naked Security
As with any scam, if it sounds to be good to be true, it probably is. To learn about other scams check out other Scam U posts. You can also read our "Verify Spam, Scam, or Hoax" post to discover resources in conducting your own research.
Better Business Bureau (2013). Top scams: Employment scams. Scam Stopper. Retrieved from http://www.bbb.org/scam-stopper/ts-employment-scams.php 
Brooks, R. (18 September 2013). Police warn of employment scam. Troy Messenger: Troy, AL. Retrieved from http://www.troymessenger.com/2013/09/18/police-warn-of-employment-scam/ 
Cooley, P. (19 September 2013). Unemployed Lakewood man scammed out of nearly $2,000 by false job offer. Northeast Ohio Media Group. Retrieved from http://www.cleveland.com/metro/index.ssf/2013/09/lakewood_man_scammed_out_of_ne.html 
Doyle, A. How to avoid online job scams. Retrieved from http://jobsearch.about.com/od/workathometips/qt/onlinejobscam.htm 
Randhawa, P.J. (3 October 2013). Police: Employment scam traced to SC Works website. WISTV. Retrieved from http://www.wistv.com/story/23503825/veteran-unemployment-lead-from-sc-works-was-scam?page=2&N=L
Sturgeon, J. (9 September 2013). Avoiding work-at-home scams. Fox Business. Retrieved from http://www.foxbusiness.com/personal-finance/2013/09/06/avoiding-work-at-home-scams/ 
Western Union. Tips to avoid falling victim to the employment scam. Retrieved from http://www.westernunion.com/static/img/consumer-protection/Tips_to_Avoid_Falling_Victim_to_the_Employment_Scam.pdf 

October 3, 2013

Active Shooter: How to Respond

Active shooter incidents can happen any where, any place. Do you know how to react?
Educate yourself with our short presentation.

October 2, 2013

Timeline: Aaron Alexis, Navy Yard Shooter

Below is the timeline of events for the Navy Yard shooter, Aaron Alexis, 34 year old from Fort Worth, Texas. I consolidated information from multiple online, publically accessible sources to lay the foundation to build a case study. In the near future, Security Checks will provide more analytical posts based on this.
Navy Yard Shooter:
Aaron Alexis

May 2004,  two construction workers parked their Honda Accord at their worksite next to the house Alexis was staying in. In the morning, Aaron Alexis walked outside, pulled a handgun from his waistband, and fired three shots into the rear tires, before he slowly walked away. Seattle Police officers responded to the incident, but were not able to locate Alexis. During police interviews, construction workers and the site manager reported that Alexis would stare at the workers on the job site every day over the last month prior to the shooting. They suspect, Alexis was angry over the parking situation around the work site.

June 2004, after many failed attempts to contact Aaron Alexis, Seattle Police arrested him, and obtained permission to search the house where they found a gun and ammunition. Alexis claimed the construction workers were mocking and disrespecting him. He stated he had an anger-fueled “blackout,” and could not remember firing his weapon. Additionally, he claimed to suffer from post-traumatic stress disorder from being an active participant in the September 11, 2001 rescue attempts, even though there is no evidence that this is true. The incident report is available here.

May 2007, Aaron Alexis enlisted into the Navy Reserves. Typically applicants submit their background investigation paperwork to begin the clearance process. Alexis fails to mention his 2004 arrest and thousand dollars of debt in the background investigation questionnaire. The standard background investigation for a secret level clearance is a National Agency Check with Local Agency Checks and Credit Check (NACLC). This type of investigation is comprised of a national agency check (i.e., FBI criminal history repository), credit check, and local law enforcement checks from where the applicant lived over the past five years. (Defense Security Service, 2013) You can read more about the process at the Defense Security Service (DSS) site.

Between May and August 2007, the government contract company USIS conducts the background investigation on behalf of the federal Office of Personnel Management (OPM). According to FBI criminal history records, Alexis’ 2004 arrest was for malicious mischief. OPM reports that the Seattle Police Department would not make the records available, so they had to corroborate the arrest through court records and statements from Aaron Alexis. When confronted about answering “No” to security clearance questions about whether he had ever been arrested or charged with a felony, Alexis claimed he did not say “yes” because the charge was dismissed. Alexis did not mention shooting the tires out, and the court documents supported his statements.

August 2007 OPM finalized USIS’ investigation on Alexis, which did not contain all police or court records about the 2004 Seattle incident. The investigation referenced it as a verbal altercation where Alexis deflated the tires on the construction workers’ vehicle, omitting any reference to a gun.

March 2008, the Department of the Navy (DON) Central Adjudication Facility (CAF) reviewed the investigation. DON CAF granted Alexis a secret clearance with a warning about his negative credit history. Based on the rules, he is not due for a reinvestigation until the 10 year anniversary of his closed investigation.

10-11 August 2008, Alexis was arrested and jailed overnight in DeKalb, Georgia for disorderly conduct outside a nightclub. According to the citation, he was thrown out of the club for causing damages inside. Outside the building he continued to curse, act belligerently, and refused to leave the property. You can read more here.

September 2008, Alexis received non-judicial punishment for unauthorized absence caused by his August arrest in Georgia. He lost pay and had a reduction in rank. The Navy annotated this in his official personnel file; however, lack of reporting indicates the incident was not reported to the CAF to be part of his security clearance records. (Garner, 2013)

July 2009, Alexis received a second non-judicial punishment for being drunk and disorderly, which resulted in a reduction in rank. As with the previous punishment, the Navy annotated it in Alexis’ personnel file, but failed to report the incident to the CAF. Alexis appealed this punishment.

4 September 2010, Alexis was arrested in Fort Worth, Texas for discharging a firearm in his residence. Allegedly he fired a gun through the ceiling of his apartment. Alexis claimed the weapon accidentally discharged when cleaning it while cooking. The woman reporting stated Alexis “confronted her in the parking lot about making too much noise…she is terrified of [him] and feels that [the shooting] was done intentionally.” (Wall Street Journal, 2013) Police forced their way into Alexis’ apartment since he refused to answer the door when police originally knocked.

September 2010, Navy unit started proceedings to administratively discharge him from the Navy due to multiple misconduct citations. He would have received an other than honorable discharge from the Navy. Because of a lack of evidence, the unit stopped proceedings.

December 2010, Alexis requested an early release from the Navy under the reduction-in-force program. The Navy Personnel Command approved his request.

January 2011, Alexis received an honorable discharge with the most favorable re-entry code.

February 2011, the Navy issued Alexis a Navy Reserve Identification and Privilege card. He enrolled into the VA health care system.

Worked as a waiter at the “Happy Bowl Thai” in White Settlement, Texas prior to working with The Experts. Friends from this period stated Alexis expressed anger towards the Navy, claiming he never was promoted due to the color of his skin.

September 2012 to January 2013, Alexis worked for the subcontracting company, “The Experts” in Japan.

June 2013, the company “The Experts” reported hiring an unnamed service to conduct background investigation on Aaron Alexis which only turned up a minor traffic violation. Recent reporting does not indicate how detailed or thorough of a check they conducted. Additionally, reports state “The Experts” confirmed his secret clearance with the Department of Defense. Under the DoD security clearance reciprocity rule, Alexis’ previous security clearance investigation was still valid since he did not have a significant break in his employment (less than two years), and the CAF did not have any un-adjudicated derogatory information about him.  None of the previous incidents were reported to the CAF, so his security clearance file did not have any additional derogatory information to review.

7 August 2013, Newport, Rhode Island police responded to a call by Aaron Alexis at the Marriott Hotel. Alexis claimed an individual “sent 3 people to follow him and keep him awake by talking to him and sending vibrations into his body…[He] first heard them talking to him through a wall while at the Residence Inn in Middleton.” Alexis reported that the voices followed him to the Marriott and were “using ‘some sort of microwave machine’ to send vibrations through the ceiling, penetrating his body so he cannot fall asleep.” He could not elaborate what the voices were saying, but Alexis expressed that he was worried these individuals were going to harm him. The Newport Police forward the report to the Naval Station Police since Alexis was a Navy contractor. Lack of reporting indicates the Navy did not follow up on the report. The incident report is available here.

In late August 2013, he visited two VA emergency rooms complaining of insomnia attributed to his work schedule. The VA medically evaluated him, provided a small prescription, and instructed him to follow up with his primary care provider. In a September 18, 2013 press release, the VA stated Aaron Alexis never received any care from their system beyond these emergency room visits.

25 August 2013, Alexis arrives to the Washington, DC area pursuant to his future employment.

9 September 2013, Alexis started working for the Naval Sea System Command Headquarters at the Washington Navy Yard, a sprawling 65 acre facility on the banks of the Anacostia River. Approximately 3,000 people work at the headquarters, many of them civilians.

Aaron Alexis friend, Mike Ritavato recalled Alexis expressing frustration over a salary issue with The Experts during one of their last conversations. Open source reporting does not date this conversation.

14 September 2013, Alexis fired at the range and legally bought a Remington 870 shotgun from the Sharpshooters Small Arms Range in Northern Virginia. The store ran a federal background check on him, which came back clean. Later that day, Alexis purchased a hacksaw and other items at a Northern Virginia home improvement store. He would later etch into the shotgun were the phrases "End to the torment!," "Not what yall say!," and "My ELF weapon!"
"End to the torment"
 etched into the shotgun.
Image from FBI

16 September 2013, Alexis legitimately accesses the Navy Yard as a result of his contractor work and his valid pass to gain entry to building 197.

     o 0753 – Alexis’ rental car, blue Toyota Prius with New York plates, entered parking garage #28 at the Washington Navy Yard, located directly across from building 197.

     o 0808 – Alexis exited the parking garage on foot carrying a backpack containing a disassembled sawed off shotgun, purple duct tape, and electronic media. He entered building 197 and proceeded to the elevator.

    o 0809 – He exited the elevator on the fourth floor then went to the men’s bathroom with his backpack and a clipboard. In a bathroom stall he assembles the shotgun.

Alexis backpack he left in the
bathroom stall.
Image from FBI.
CCTV image of Alexis entering
Building 197.
Image from FBI.

o 0815 – Alexis left the bathroom and crossed the hallway into the 4 West area of building 197. He leaves the backpack and clipboard in a bathroom stall.

o 0816 – He shoots the first victim in the 4 West area. Alexis continues to quietly, indiscriminately shoot people as they inadvertently crossed his path. Screaming is heard echoing throughout the building alerting people that something was happening.

o 0817 – The first frantic 911 call is received from the fourth floor.

o 0820 – Alexis used the stairs to leave the fourth floor and enter the third floor.

o 0828 – He appeared on the first floor. On the ground level Alexis killed the armed security guard and seized the man’s semi-automatic Beretta pistol.

o 0834 –  Police teams joined by naval security officers and US Park Police were on the scene actively clearing the building looking for the active shooter.

o 0857 – Alexis returned to the third floor. When Alexis ran out of shot gun shells, he switched to the slain security guard’s Beretta pistol to continue shooting people.

o 0925 – Law enforcement kill him during a shootout on the third floor.

During the chaos, somebody pulled the fire alarm in the building, and people were yelling at others run or barricade themselves. The below video clip contains released CCTV footage from the FBI.

Agence France-Presse (20 Sep 2013). Washington Navy Yard shooting: Aaron Alexis ‘hunted’ his victims, say FBI. The Telegraph. Retrieved from http://www.telegraph.co.uk/news/worldnews/northamerica/usa/10322226/Washington-Navy-Yard-shooting-Aaron-Alexis-hunted-his-victims-say-FBI.html
Aljazeera America. (17 Sep 2013) Alleged Navy Yard shooter Aaron Alexis: A study in contradictions. Retrieved from http://america.aljazeera.com/articles/2013/9/16/aaron-alexis-suspectednavyyardshooterworkedforhp.html
Associated Press. (24 Sep 2013). Aaron Alexis timeline: Navy Yard shooter’s military career in detail. Huffington Post. Retrieved from http://www.huffingtonpost.com/2013/09/24/aaron-alexis-timeline_n_3982275.html
Baldor, L. (24 Sep 2013). Report: Feds whitewashed Alexis’ background check. The Associated Press. Retrieved from http://usnews.nbcnews.com/_news/2013/09/24/20672636-report-feds-whitewashed-alexis-background-check
CNN Wire Staff. (16 Sep 2013). ‘One of the worst things we’ve seen’ – a timeline of Navy Yard shooting. CNN News. Retrieved from http://www.cnn.com/2013/09/16/us/dc-navy-yard-tic-toc/index.html
Davis, A., Halsey, A., and Laris, M. (17 Sep 2013).Navy Yard shooter Aaron Alexis carved an indiscriminate path through Building 197. The Washington Post. Retrieved from http://articles.washingtonpost.com/2013-09-17/local/42151645_1_navy-yard-atrium-shooter

Defense Security Service. Reciprocity of clearances. Personnel Security Management Office for Industry (PSMO-I). Retrieved on 1 October 2013 from http://www.dss.mil/psmo-i/indus_psmo-i_recip_clear.html
Department of Veterans Affair. (18 Sep 2013). Statement from the Department of Veterans Affairs on Aaron Alexis. Retrieved from http://www.va.gov/opa/pressrel/pressrelease.cfm?id=2480
Federal Bureau of Investigation (25 Sep 2013). Law enforcement shares findings of the investigation into the Washington Navy Yard shootings. FBI Press Release. Retrieved from http://www.fbi.gov/washingtondc/press-releases/2013/law-enforcement-shares-findings-of-the-investigation-into-the-washington-navy-yard-shootings
Foster, P., Sanchez, R. and Lawler, D. (16 Sep 2013). Washington Navy Yard shooting: Gunman brings terror to US base. The Telegraph. Retrieved from http://www.telegraph.co.uk/news/worldnews/northamerica/usa/10312761/Washington-shooting-two-injured-at-US-Navy-Base.html
Garamone, J. (23 Sep 2013). Navy recommends security changes in wake of Navy Yard tragedy. American Forces Press Service and Defense Media Activity-Navy. Retrieved from http://www.navy.mil/submit/display.asp?story_id=76757
Garner, M. (17 Sep 2013). Police: D.C. shootings suspect arrested in DeKalb in ’08. The Atlanta Journal-Constitution. Retrieved from http://www.ajc.com/news/news/crime-law/police-dc-shootings-suspect-arrested-in-dekalb-in-/nZy6H/
McVeigh, K. and Lewis, P. (17 Sep 2013). Aaron Alexis passed recent background checks by employer and gun store. The Guardian. Retrieved from http://www.theguardian.com/world/2013/sep/17/aaron-alexis-background-check-employer-gun
Spangenthal-Lee, J. (16 Sep 2013). Suspect in Navy Yard attack previously arrested in Seattle for “anger-fueled” shooting. Seattle Police Department. Retrieved from http://spdblotter.seattle.gov/2013/09/16/suspect-in-navy-yard-attack-previously-arrested-in-seattle-for-anger-fueled-shooting/
Star, B. (24 Sep 2013). Official: Navy did not know that 2004 Alexis arrest involved gun. CNN. Retrieved from http://www.cnn.com/2013/09/23/us/navy-yard-shooting/?hpt=hp_t3
Wall Street Journal (16 Sep 2013). Incident report from Aaron Alexis’s 2010 arrest. Wall Street Journal: Washington Wire. Retrieved from http://blogs.wsj.com/washwire/2013/09/16/incident-report-from-aaron-alexiss-2010-arrest/#
Whitlock, C. (24 Sep 2013). Aaron Alexis didn’t report gun arrest during background check, received clearance. Washington Post. Retrieved from http://www.washingtonpost.com/world/national-security/aaron-alexis-didnt-report-gun-charge-during-background-check-received-clearance/2013/09/23/ac472dae-248b-11e3-a626-0ae190346c4d_story.html
Enhanced by Zemanta

October 1, 2013

Analytical Review "Cyber Warfare: Armageddon in a Teacup?"

Available for sale on Amazon
or for free at DTIC.
"Cyber warfare: Armageddon in a teacup?" is a detailed report attempting to provide an academic, analytical review to a hot topic that lacked substantiated, open source research in 2009. Major (MAJ) Bradley Boyd did not buy into the media sensationalism of cyber warfare during this time.  He attempted to counter the speculative cyber warfare discussions that painted this emerging way of war with significant strategic achievements.  While cyber warfare was a developing field to watch, it did not achieve the strategic doomsday scenario many within the media and Pentagon walls were hyping.  MAJ Boyd analyzes three case studies of publicized state sponsored cyber warfare against the military information operations criteria to determine strategic impact. Through his academic rigor, he tried to demonstrate the true capabilities and impact of cyber warfare at the time of publishing.  
To fully comprehend the reasoning behind MAJ Boyd's research paper, the reader must have an awareness of the events occurring when he researched it from February to December 2009.  A person that understands the reasoning behind research will have a clearer grasp of the purpose and process.  Amongst the state sponsored cyber-attacks, and reports to Congress about the pervasive Chinese cyber threat at the time, discussions about cyber warfare permeated through the national political and policy channels.  Some highlighted examples are:

- In July 2009, NATO hosted a cyber-warfare conference.1  

- The Economist published in November 2008, the op-ed piece, "Marching off to cyberwar," which covered the "cyberattacks on Estonia in 2007." 2

- In August 2009, CNN published an article called "Study warns of cyberwarfare during military conflicts." 3

- Quotes of officials and specialist stating "the actions of those [cyber warfare tactics] could have enormous strategic consequences,"4 and "a successful attack on these Internet-connected networks could paralyze the U.S.,"5 were heavily publicized within the media.

- Other military students wrote cyber warfare/threat research papers using the topic-du-jour.  For instance, within MAJ Boyd's class year, 2009, MAJ Andre Abadie's master thesis research paper was "WWW. Kasseringpass.com: Determining the U.S. Army's readiness for tactical operations in cyberspace," and Lieutenant Commander Jorge Muniz, Jr's master thesis research paper was "Declawing the dragon: Why the U.S. must counter Chinese cyber-warrior."  These papers attempt to persuade for military preparation against the emerging cyber threat. 

MAJ Boyd questioned the cyber warfare’s grand strategic achievement claims, as indicated by the title of his report.  The title plays on the English idiom "tempest in a teacup," which the Cambridge online dictionary defines as "a lot of unnecessary anger and worry about a matter that is not important." 6  

The primary audience is a military staff officer concerned about the emerging threat gaining traction within the media and senior military leadership.  MAJ Boyd assumes his audience has little background knowledge of cyber warfare, based on the first chapter’s dedication to cyber warfare's historic connections, definition, and importance. MAJ Boyd purposely tries to distinguish cyber warfare as being separate from information operations. Considering he fails to define the term, he assumes his audience is familiar with definition. Since very few outside of the military community are knowledgeable of this term, it is reasonable to conclude his intended targeted audience was military. Knowing his audience, it is important for him to make this distinction because the Joint Publication 3-19, Information Operations defines information operations as "the integrated employment of the core capabilities of electronic warfare, computer network operations, psychological operations, military deception, and operations security, in concert with specified supporting and related capabilities, to influence, disrupt, corrupt or usurp adversarial human and automated decision making while protecting our own." 7 Since cyber warfare contains elements of electronic warfare and computer network operations, it is easy to see why a military officer may confuse the terms cyber warfare and information operations. 

The secondary audience is the general public. Even though his primary audience typically uses unique jargon, MAJ Boyd avoids military specific lingo, and writes in plain language for a wider general audience appeal.  Additionally, the fact that he recommends the integration of the civilian population "into all courses of action,"8 indicates he wanted the general public to be part of the cyber warfare dialog.  Besides his use of clear language, he tries to equate a cyber-war attack to an event the average person has experienced; the snowstorm.  You do not need any military experience to understand this metaphor.  The snow storm metaphor illustrates the lasting effects of cyber warfare.  Granted they create inconveniences, but the impact is short lived. 9 MAJ Boyd makes a point to annotate for the reader that the metaphor came from cyber security specialist, Mr. Martin C. Libicki. This is a credibility builder connection between the author and reader.  He continues such techniques throughout the report.
To provide a meaningful counter argument to the cyber warfare debate, MAJ Boyd had to provide a strong appeal based on facts.  As mentioned in the report's abstract, he wanted "to enable a realistic discussion of the topic..."10 Reality needs to be based on facts, and logical analysis.  Early within the report, he lays the groundwork prior to delving into the case studies, by providing historical background, literature review, limitations, assumptions, and methodology.  The research methodology chapter provides a logical explanation for the case studies used within the report, as well as points out to the reader the strengths of the chosen method.  This builds the report's credibility.  This gradual build has each chapter acting as a sequential rung in the ladder leading the reader to the conclusion.  His natural flow and organization makes reading the lengthy report a bit easier.  Any future studies assessing the strategic impact of cyber warfare will likely build off the ground work laid out in MAJ Boyd's analysis.

Through his research methodology, he attempts to address the report’s noted issues.  His assumption of dealing with only demonstrated capabilities steers him away from speculative capabilities. Many garnered their cyber warfare fears from the speculation of potential capabilities.  MAJ did not dismiss potential future capabilities, but he wanted to ratchet the cyber fear down to reasonable expectations based on demonstrated capabilities. 

One noted issue was the lack of credible open source resources as MAJ Boyd pointed out when he stated "a great deal on the employment of cyber warfare is not open source information."11 He tries to address this limitation through his research methodology.  One assumption was that the international community would know any strategic accomplishments through cyber-attacks, which means open source documentation would readily be available.  This overcomes a need to rely on classified information by making a weakness, a strength.  The lack of open source reports on strategic cyber-attack achievements indicated a deficiency in meaningful success.   Granted, he could have easily provided a greater in-depth analysis using classified sources, but it would have limited the dissemination of his research. Considering he wanted to draw the general public into the cyber debate, he had to keep his report within the public domain.  In order to play a greater role in furthering the national cyber warfare discussion, he accepted the source limitation. 

MAJ Boyd quickly acknowledges his research uses a significant percentage of online sources.12  These types of sources were frowned upon for academic research; however, credible sources could be found on the Internet.  Technology centric sources typically rely heavily on the Internet and other cyber technology advances.  Considering he was investigating a technological war tactic, it only makes sense his research would incorporate such sources.  Through his acknowledgment, he points out that "many sources with valid and accurate information on the subject present their material solely on the Internet."12  This demonstrates to the reader that he employed critical assessments of source reliability in order to create a solid basis for his analysis.  Credible logic needs to be based upon trusted sources.  If the reader questions the sources' credibility, it will make trusting the author's logic difficult.

Despite some weaknesses, his overall assessment is solid.  The fact the Pentagon Library incorporates the report into its Global Strategic Assessment: Cyber Warfare collection, speaks highly of MAJ Boyd's thorough work.  He uses a proven and accepted model of analysis in assessing the before and after national strategic situation in all three case studies.14,15   The Diplomatic, Intelligence, Military, and Economic (DIME) model uses "factors to study various threats and their effect on real-time decision-making or inter-agency rapid response, generally using analysis of non-kinetic and low attribution solutions."16 This method was and is a traditional model that our National leaders use to assess strategic environments.  Through using this model instead of creating a new one, he adds additional validity to his assessments.  When all three cases demonstrated that cyber warfare was not capable of achieving "strategic political objectives on its own,"17 the reader had a clear understanding on how MAJ Boyd reached this conclusion.

As previously mentioned in this paper, MAJ Boyd's report is rather lengthy, which turns people away from reading his solid analysis and recommendations for an emerging tactic that effect more than soldiers on a battlefield.  There are elements sprinkled throughout the first few chapters that could be eliminated to cut the length down without detracting from the analysis and conclusions.  For instance, the history portion, while interesting, adds no value to the overall report.  Readers could understand the current capabilities without knowing the "birth of cyber warfare." 18 Additionally, the literature review could be shortened.  Certain analysis of the literature provided interesting bits of information, but MAJ Boyd fails to draw these bits up into his conclusions, and recommendations. The portion discussing the fundamental view towards cyber-attacks, such as "Western European militaries appear to view cyber warfare as a criminal action," did not add to the report.19  Granted this demonstrates why there is a shortage in military doctrine dealing with cyber warfare, but this was not mentioned in the report, and readers were left to draw their own conclusion.  Editing the paper to remove non-supportive details, could have left room for him to expand upon the reasoning behind his recommendations.

Overall, MAJ Boyd provides a solid analytical look at the cyber warfare capabilities demonstrated in 2009.  He achieves his intended objective of enabling "a realistic discussion of the topic," by constructing a well thought out argument.  The research appeals to the targeted audience, and provides much to consider.  Based upon the presented information, the reader would reach the same conclusion as the author.  Cyber warfare is the Armageddon in a teacup.  With the rapid improvement in technology, a follow up assessment should be done. When that is, MAJ Boyd's report would serve as the basis model.

End Notes

1.      NATO, 2009 

2.      Economist, 2008

3.      Meserve, 2009

4.      Elegant, 2009

5.      Pilkington, 2008 

6.      Cambridge Online Dictionary, 2001

7.      Joint Staff, 2006

8.      Boyd, 2009, page 84

9.      Ibid, page 6

10.  Ibid

11.  Ibid, page 8  

12.  Ibid, page 9  

13.  Ibid

14.  Ibid, page 22

15.  Ibid, page 2

16.  Department of Defense, 2009

17.  Boyd, 2009

18.  Ibid, page 1

19.  Ibid, page 15 

Boyed, Bradley L. "Cyber Warfare: Armageddon in a Teacup?." DTIC Online. Last modified December 11, 2009. Accessed February, 2013. http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA512381.
"Cyber catalog search." Combined Arms Research Library (CARL) Digital Library. Accessed February, 2013. http://cgsc.contentdm.oclc.org/cdm/search/searchterm/Cyber.
"Cyber warfare conference." NATO. Last modified June, 2009. Accessed February, 2013. http://www.nato.int/cps/en/natolive/news_55801.htm.
"Cyberwarfare: Marching off to cyberwar." The Economist. Last modified December, 2008. Accessed February, 2013. http://www.economist.com/node/12673385.
Department of Defense. "DoD Modeling and Simulation Glossary." Modeling & Simulation Coordination Office. Last modified March, 2010. Accessed January, 2013. http://www.msco.mil/files/Draft_MS_Glossary_March_B_version.pdf.
Elegant, Simon. "China's Capacity for Cyberwarfare with the U.S. - TIME." Breaking News, Analysis, Politics, Blogs, News Photos, Video, Tech Reviews - TIME.com. Last modified November 18, 2009. Accessed February, 2013. http://www.time.com/time/world/article/0,8599,1940009,00.html.
Hollies, David. "Cyberwar Case Study: Georgia 2008 | Small Wars Journal." Small Wars Journal. Last modified January 6, 2011. Accessed February, 2013. http://smallwarsjournal.com/jrnl/art/cyberwar-case-study-georgia-2008.
Joint Staff. "Joint Publication 3-13: Information Operations." US Army War College. Last modified February 13, 2006. Accessed February, 2013. http://www.carlisle.army.mil/DIME/documents/jp3_13.pdf.
Meserve, Jeanne. "Study warns of cyberwarfare during military conflicts." CNN. Last modified August 17, 2009. Accessed February, 2013. http://edition.cnn.com/2009/US/08/17/cyber.warfare/index.html.
Pilkington, Ed. "China winning cyber war, Congress warned." The Guardian. Last modified November 20, 2008. Accessed February, 2013. http://www.guardian.co.uk/technology/2008/nov/20/china-us-military-hacking.
"Storm in a teacup - definition in British English Dictionary & Thesaurus - Cambridge Dictionary Online." Cambridge Dictionary Online. Accessed February, 2013. http://dictionary.cambridge.org/dictionary/british/storm-in-a-teacup#storm-in-a-teacup__1.