Bibliography
- Allison, Graham T. and Philip Zelikow, Essence of Decision: Explaining the Cuban Missile Crisis (New York: Pearson Education 1999).
- Anderson, Ross and Tyler Moore, ‘The Economics of Information Security’, Science 314/5799 (2006), 610–13. doi:10.1126/science.1130992
- Arbaugh, William A., William L. Fithen, and John McHugh, ‘Windows of Vulnerability: A Case Study analysis’, IEEE Computer 33/12 (2000), 52-58.
- Armstrong, Gary, Stewart Adam, Sara Denize, and Philip Kotler, Principles of Marketing (Melbourne: Pearson 2015).
- Arora, Ashish, Ramayya Krishnan, Anand Nandkumar, Rahul Telang, and Yubao Yang, ‘Impact of Vulnerability Disclosure and Patch Availability - An Empirical Analysis’, Workshop on the Economics of Information Security (Harvard University 2004).
- Arthur, Charles, ‘Cyber-attack concerns raised over Boeing 787 chip’s “back door”’, The Guardian, May 2012, <http://www.theguardian.com/technology/2012/may/29/cyber-attack-concerns-boeing-chip>.
- Auerswald, Philip E., Christian Duttweiler, and John Garofano, Clinton’s Foreign Policy: A Documentary Record (The Hague: Kluwer Law International 2003).
- Axelrod, Robert, ‘The Rational Timing of Surprise’, World Politics 31/2 (1979), 228–46. doi:10.2307/2009943
- Axelrod, Robert and Rumen Iliev, ‘Timing of Cyber Conflict’, Proceedings of the National Academy of Sciences 111/4 (2014), 1298–303. doi:10.1073/pnas.1322638111
- Bailey, Tucker, James Kaplan, and Chris Rezek, ‘Why senior leaders are the front line against cyberattacks’, McKinsey Insights, June 2014, <http://www.mckinsey.com/insights/business_technology/why_senior_leaders_are_the_front_line_against_cyberattacks>.
- Baldwin, D A., ‘The Concept of Security’, Review of International Studies 23 (1997), 5–26, 20. doi:10.1017/S0260210597000053
- Bartlett, Robert, ‘Developments in the Law-The Law of Cyberspace’, Harvard Law Review 112/1574 (1999), 1635.
- Beattie, Steve, Seth Arnold, Crispin Cowan, Perry Wagle, and Chris Wright, ‘Timing the Application of Security Patches for Optimal Uptime’, LISA XVI, November 2002.
- Bencsáth, Boldizsár, ‘Duqu, Flame, Gauss: Followers of Stuxnet’, RSA Conference Europe, 2012, <http://www.rsaconference.com/writable/presentations/file_upload/br-208_bencsath.pdf>.
- Bilge, Leyla and Tudor Dumitras, ‘Before We Knew It, An Empirical Study of Zero-Day Attacks In The Real World‘, CCS, October 2012.
- Bloom, Gedare, Eugen Leontie, Bhagirath Narahari, and Rahul Simha, ‘Chapter 12: Hardware and Security: Vulnerabilities and Solutions’, in Sajal K. Das, Krishna Kant, and Nan Zhang (eds.), Handbook on Securing Cyber-Physical Critical Infrastructure (Waltham: Morgan Kaufmann 2012).
- Byres, Eric, Andrew Ginter, and Joel Langill, ‘How Stuxnet Spreads – A Study of Infection Paths in Best Practice Systems’, February 2011, <http://www.abterra.ca/papers/how-stuxnet-spreads.pdf>.
- Campbell, John Y. and N. Gregory Mankiw, ‘Permanent and Transitory Components in Macroeconomic Fluctuations‘, NBER, 2169 (1987).
- Cavusoglu, Hasan, Huseyin Cavusoglu, and Srinivasan Raghunathan, ‘Efficiency of Vulnerability Disclosure Mechanisms to Disseminate Vulnerability Knowledge’, IEEE Transactions on Software Engineering 33/3 (2007), 171–85. doi:10.1109/TSE.2007.26
- Cavusoglu, Hasan, Huseyin Cavusoglu, and Jun Zhang, ‘Security Patch Management: Share the Burden or Share the Damage?’, Management Science 54/4 (2008), 657–70. doi:10.1287/mnsc.1070.0794
- Cochrane, J H., ‘Permanent and Transitory Components of GNP and Stock Prices’, The Quarterly Journal of Economics 109/1 (1994), 241–65. doi:10.2307/2118434
- Collins English Dictionary (online), ‘transitory’, <http://www.collinsdictionary.com/dictionary/English>.
- Corporation, Symantec, ‘Internet Security Threat Report 2014‘, 2014, <http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf>.
- Dacey, Robert F., ‘Information security progress made, but challenges remain to protect federal systems and the nation’s critical infrastructures’, Government Accountability Office, 2003, <http://world.std.com/~goldberg/daceysecurity.pdf>.
- Denning, Dorothy E., ‘Rethinking the Cyber Domain and Deterrence’ JFQ, 77 (2015).
- Economist, The, ‘It’s about time: Escalating cyber-attacks‘, February 2014, <http://www.economist.com/blogs/babbage/2014/02/escalating-cyber-attacks>.
- Flanagan, Ben, ‘Former CIA chief speaks out on Iran Stuxnet attack’, The National, December 2011, <http://www.thenational.ae/business/industry-insights/technology/former-cia-chief-speaks-out-on-iran-stuxnet-attack>.
- Florida Center for Instructional Technology, ‘Chapter 2: What is a Protocol?’, 2013, <http://fcit.usf.edu/network/chap2/chap2.htm>.
- Fortinet, Head-First into the Sandbox‘, 2014, <https://www.fortinet.com/sites/default/files/whitepapers/Head_First_into_the_Sandbox.pdf>.
- Frei, Christa and Alfonso Sousa-Poza, ‘Overqualification: Permanent or Transitory?’, Applied Economics 44 (2012), 1837–47. doi:10.1080/00036846.2011.554380
- Frei, Stefan, Bernhard Tellenbach, and Bernhard Plattner, ‘0-Day Patch: Exposing Vendors (In)security Performance’, BlackHat Europe, 2008, <https://www.blackhat.com/presentations/bh-europe-08/Frei/Whitepaper/bh-eu-08-frei-WP.pdf>.
- Gartzke, Erik, ‘The Myth of Cyberwar: Bringing War in Cyberspace Back Down to Earth’, International Security 38/2 (2013), 41–73, 59-60. doi:10.1162/ISEC_a_00136
- Gilbert, David, ‘Equation Group: Meet the NSA ‘gods of cyber espionage’, International Business Times, February 2015, <http://www.ibtimes.co.uk/equation-group-meet-nsa-gods-cyber-espionage-1488327>.
- Goodin, Dan, ‘How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last’, Ars Tecnica, (February 16, 2015), <http://arstechnica.com/security/2015/02/how-omnipotent-hackers-tied-to-the-nsa-hid-for-14-years-and-were-found-at-last/>.
- Greenberg, Andy, ‘Shopping for Zero-Days: A Price List For Hackers’ Secret Software Exploits‘, Forbes Magazine, March 2012, <http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/>.
- Hamilton, Booz Allen and The Economist Intelligence Unit, ‘Cyber Power Index: Findings and Methodology‘, 2011, <http://www.boozallen.com/media/file/Cyber_Power_Index_Findings_and_Methodology.pdf>.
- Hayden, Michael V., ‘The Future of Things Cyber’, Strategic Studies Quarterly 5/1 (2011), 3-7.
- Herr, Trey, ‘PrEP: A Framework for Malware & Cyber Weapons’, Cyber Security and Research Institute, (2014).
- Herrera, Geoffrey L., Technology and International Transformation: The Railroad, the Atom Bomb, and the Politics of Technological Change (Albany: State University of New York Press 2006).
- Jang-Jaccard, Julian and Surya Nepal, ‘A Survey of Emerging Threats in Cybersecurity’, Journal of Computer and System Sciences 80/5 (2014), 973–93. doi:10.1016/j.jcss.2014.02.005
- Karri, Ramesh, Jeyavijayan Rajendran, Kurt Rosenfeld, and Mark Tehranipoor, ‘Trustworthy Hardware: Identifying and Classifying Hardware Trojans’, Computer 43/10 (2010), 39–46. doi:10.1109/MC.2010.299
- Kaspersky Lab’s Global Research & Analysis Team, ‘Animals in the APT Farm’, Securelist, March 2015, <https://securelist.com/blog/research/69114/animals-in-the-apt-farm/>.
- Kaspersky Lab’s Global Research & Analysis Team, ‘Houston, we have a problem‘, SecureList, February 2015, <https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy>.
- Kaspersky Lab’s Global Research & Analysis Team, ‘The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns‘, June 2015, Securelist, <https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/>.
- Kaspersky Lab’s Global Research & Analysis Team, ‘A Fanny Equation: “I am your father, Stuxnet” ‘, Securelist, February 2015, <https://securelist.com/blog/research/68787/a-fanny-equation-i-am-your-father-stuxnet/>.
- Kaur, Ratinder and Maninder Singh, ‘A Survey on Zero-Day Polymorphic Worm Detection Techniques’, IEEE Communications Surveys & Tutorials 16/3 (2014), 1520–49. doi:10.1109/SURV.2014.022714.00160
- Keegan, John, A History of Warfare (London: Random House 1994).
- Kello, Lucas, ‘Cyber Disorders: Rivalry and Conflict in a Global Information Age’, Presentation, International Security Program Seminar Series, Belfer Center for Science and International Affairs, Harvard Kennedy School May 2012, <http://belfercenter.hks.harvard.edu/files/kello-isp-cyber-disorders.pdf>.
- Krepinevich, Andrew ‘Cyber Warfare: a ‘nuclear option’?’, Center for Strategic and Budgetary Assessments, 2012, <http://www.csbaonline.org/wp-content/uploads/2012/08/CSBA_Cyber_Warfare_For_Web_1.pdf>.
- Lab, Kaspersky, ‘Equation Group, Questions and Answers’, February 2015, <https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf>.
- Levy, J S., ‘The Offensive/Defensive Balance of Military Technology: A Theoretical and Historical Analysis’, International Studies Quarterly 28 (1984), 219–38. doi:10.2307/2600696
- Lewis, James A., ‘Conflict and Negotiation in Cyberspace’, The Technology and Public Policy Program, 2013, <http://csis.org/files/publication/130208_Lewis_ConflictCyberspace_Web.pdf>.
- Libicki, Martin C., Conquest in Cyberspace: National Security and Information Warfare (Cambridge: Cambridge University Press 2007).
- Libicki, Martin C., ‘Cyberspace Is Not a Warfighting Domain’, A Journal of Law and Policy for the Information Society 8/2 (2012), 326.
- Lin, Herbert S., ‘Offensive Cyber Operations and the Use of Force’, Journal of National Security Law and Policy 4/63 (2010), 63–86.
- Lin, Herbert S., ‘Escalation Dynamics and Conflict Termination in Cyberspace’, Strategic Studies Quarterly 6/3 (2012), 46–70.
- March, James G. and Herbert A. Simon, Organizations (New York: John Wiley and Sons 1958).
- Menn, Joseph, ‘Special Report: U.S. Cyber war Strategy Fear of Blowback’, Reuters, May 2013, <http://www.reuters.com/article/2013/05/10/us-usa-cyberweapons-specialreport-idUSBRE9490EL20130510>.
- Mitnick, Kevin, The Art of Deception (Hoboken: John Wiley & Sons 2002).
- Mitnick, Kevin and William L. Simon, The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders, & Deceivers (Ronald Madzima & Sons 2005).
- Nappa, Antonio, Richard Johnson, Leyla Bilge, Juan Caballero, and Tudor Dumitras, ‘The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching’, IEEE Symposium on Security and Privacy, San Jose, CA, 2015.
- Okhravi, Hamed and David Nicol, ‘Evaluation of Patch Management Strategies’, International Journal of Computational Intelligence: Theory and Practice 3/2 (2008), 109–17.
- Owens, William A., Kenneth W. Dam, and Herbert S. Lin (eds.), ‘Excerpts from Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities‘, National Research Council, 2009.
- Pauna, Adrian and Konstantinos Moulinos, ‘Window of exposure… a real problem for SCADA systems? Recommendations for Europe on SCADA patching‘, European Union Agency for Network and Information Security Publication, December 2013.
- Presidency of the Council of Ministers Italy, ‘National Strategic Framework for the Security of Cyberspace‘, December 2013, <http://www.sicurezzanazionale.gov.it/sisr.nsf/wp-content/uploads/2014/02/italian-national-strategic-framework-for-cyberspace-security.pdf>.
- Radianti, Jaziar and Jose. J. Gonzalez, ‘Understanding Hidden Information Security Threats: The Vulnerability Black Market’, Proceedings of the 40th Hawaii International Conference on System Sciences, Hawaii, 2007.
- Ramos, Terry, ‘The Laws of Vulnerabilities,’ RSA Conference, February 2006.
- Random House Webster’s Unabridged Dictionary (online), ‘transitory,’< http://dictionary.reference.com/browse/transitory>.
- Ransbotham, Sam, Sabyasachi Mitra, and Jon Ramsey, ‘Are Markets for Vulnerabilities Effective?’, ICIS 2008, <http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1192&context=icis2008>.
- Rid, Thomas, ‘Cyber War Will Not Take Place’, Journal of Strategic Studies 35/1 (2012), 5–32. doi:10.1080/01402390.2011.608939
- RSA, ‘Cybersecurity Poverty Index‘, 2015, <https://www.emc.com/collateral/ebook/rsa-cybersecurity-poverty-index-ebook.pdf>.
- Sanger, David E., Confront and Conceal: Obama’s Secret Wars and Surprising use of American Power (New York: Crown Publishing 2012).
- Sanger, David E., ‘Obama Order Sped Up Wave of Cyberattacks Against Iran’, The New York Times, June 2012, <http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=0>.
- Schneier, Bruce, ‘Crypto-Gram‘, September 2000, <https://www.schneier.com/crypto gram/archives/2000/0915.html>.
- Schneier, Bruce, ‘How the NSA Attacks Tor/Firefox Users With QUANTUM and FOXACID’, Schneier on Security, October 2013, <https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html>.
- Schneier, Bruce, ‘The Witty Worm a New Chapter in Malware’, Computer World, June 2014, <http://www.computerworld.com/article/2565119/malware-vulnerabilities/the-witty-worm–a-new-chapter-in-malware.html>.
- Shachtman, Noah and Peter W. Singer, ‘The Wrong War: The Insistence on Applying Cold War Metaphors to Cybersecurity Is Misplaced and Counterproductive’, Brookings Institute, August 2011, <http://www.brookings.edu/research/articles/2011/08/15-cybersecurity-singer-shachtman>.
- Shipley, Greg, ‘Painless (well, almost) patch management procedures’, Network Computer, 2004, <http://www.networkcomputing. com/showitem.jhtml?docid=1506f1>.
- Song, Cristian, Cadar JaeSeung, and Peter Pietzuch, ‘SYMBEXNET: Testing Network Protocol Implementations with Symbolic Execution and Rule-Based Specifications’, IEEEE Transactions on Software Engineering 40/7 (2013), 695–709. doi:10.1109/TSE.2014.2323977
- Subrahmanian, V. S., Michael Ovelgönne, B. Tudor Dumitras, and Aditya Prakash, ‘Chapter 4, The Global Cyber-Vulnerability Report’, in V.S. Subrahmanian, Michael Ovelgonne, B. Tudor Dumitras, and Aditya Prakash) (eds.), Terrorism, Security and Computation (New York: Springer 2015).
- Sweeting, Andrew, ‘Equilibrium Price Dynamics in Perishable Goods Markets: The Case of Secondary Markets for Major League Baseball Tickets‘, NBER, Working Paper 14505, (2008).
- The Grugq, ‘Twitter’, 2016, <https://twitter.com/thegrugq>.
- Tsipenyuk, Katrina, Brian Chess, and Gary McGraw, ‘Seven pernicious kingdoms: A taxonomy of software security errors’, IEEE Security and Privacy Magazine 3/6 (2005), 81–84. doi:10.1109/MSP.2005.159
- United Nations Institute for Disarmament Research, ‘The Cyber Index: International Security Trends and Realities‘, United Nations Publications, 2013, <http://www.unidir.org/files/publications/pdfs/cyber-index-2013-en-463.pdf>.
- Verizon, ‘Data Breach Investigations Report‘, 2015, <http://www.verizonenterprise.com/DBIR/>.
- Zetter, Kim, ‘Hacking Team Leak shows How Secretive Zero-Day Exploit Sales Work’, Wired, (July 2015), <http://www.wired.com/2015/07/hacking-team-leak-shows-secretive-zero-day-exploit-sales-work/>.