Cyber ​​warfare can be classified as the mechanics of a specific attack that could be politically or financially motivated within the digital sphere. These attacks can originate from any digital device such as a mobile phone, PC or any other digital device. The motive for these state-sponsored attacks is to disable or destroy infrastructure without the need for military manpower or equipment. The number of attacks can be substantiated, but for the purposes of this report it will revolve around the following: Sabotage – this may be communications, utilities such as electricity/gas, financials such as banking/stock marketing, these systemic attacks can leave the country exposed to physical attacks such as terrorism. Espionage: Gathering information regarding classified or classified material that could provide a person, company, or party with a financial, political, or military advantage. Digital attacks can be carried out through a large group of innovations, however, they have an attack design that can be visualized. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an Original Essay Despite using the most cutting-edge innovation, periods of a digital attack for the most part resemble an example indistinguishable from a traditional tort. (Colarik, Janczewski 2007) The motivations and ramifications of cyber warfare The reasons for such attacks can be numerous and the end goal can be different from what one might expect and can cause disastrous effects, the four main types of reasons that can be used are: Infrastructure, political, military and financial (this list is not exhaustive) Countries such as Russia, the United States, the United Kingdom, Iran, China and North Korea are among the main exponents of the planet in cyber warfare. Some harmful effects of this can cause: · Loss of life (Donnelly 2018). Economic implications (Oxford Economics 2014) · Infrastructure failures (Pandey, Misra December 2016) · Politicians (Brenner, Clarke 2010). AramcoOn August 15, 2012, a cyberattack codenamed Shamoon also known as W32. DisTrack was used against the Aramco oil company in Saudi Arabia. (Madaan 2013) The main motive of this attack was to enter a network infrastructure and wipe the storage areas of all networked devices, Shamoon did this by connecting to the master boot record of the suspected hard drives but with a further side effect of this was preventing any connected machine from rebooting to prevent it from rebooting and damaging adjacent child companies. (Bronk, Tikk-Ringas 2013) The company suffered major losses and Shamoon damaged over 30,000 systems. After the attack Aramco recruited an external cybersecurity company to analyze the exploits used, after deeply analyzing thousands of lines of code it was found and it was suspected that this code was written by the Iranians, however due to the complexity and of the similarities of the code it seems that the code comes from the United States. (Dunn E John 2012) The implications Aramco had to stop production, this company supplies 10% of the world's oil (Nakov Anton 2011), contractors were laid off, employees had to use typewriters resulting in increased workload jobs and governments were affected by oil shortages, another subsequent event was that Aramco had to purchase 50,000 hard drives, saving money, but on a social level, local businesses and customers havesuffered and had to raise prices. (Pagliery 2015) Because of the location, no one was prosecuted. This year the second version of this exploit was released, it has since been investigated by the Industrial Control Systems Cyber ​​Emergency Response Team ISC – CERT, part of Homeland Security, who advised on the implications of such an exploit, the consequences, and an incident response plan on how to mitigate and strategize these issues in case such an event occurs again. (ICS-CERT 2012)StuxnetStuxnet was the first cyber weapon of its class to use a Zero-Day Exploit that was suspected to have been created directly through collaboration with the United States and the Israeli government. (Weinberger 2011) The purpose of this weapon was to disable the centrifuges inside one if not all of Iran's nuclear power plants, its design is a combination of multiple malware elements such as viruses, rootkits, words and trojans (summary. 2011). In November 2007 this weapon was used to attack the uranium enrichment plant, the result of which was to speed up by 1410 hertz and then slow down to 1064 hertz the centrifuges (Bond 2017) that separate waste from nuclear material in these plants, ending up destroying them. due to the dramatic change in speed. Its primary use is to systematically target industrial PLCs - programmable logic boards that are primarily used in most control systems such as factories, warehouses, power and water treatment plants, and amusement parks (Chen, Abu- Nimeh 2011a). It is also used in centrifuges separating waste from nuclear material in power plants, Stuxnet works by penetrating Windows based systems appearing as a Windows certification key then connecting to adjacent networks, once deployed it searches for and targets a piece of software call Step7 of Siemens AG (Gießler 2003) was intended to sabotage the connections to the control boards. Step7 had a serious security flaw that was being exploited, deep within the code there was a hardcoded password (Chen, Abu-Nimeh 2011b) embedded in the system, once corrupted, it would allow full access to change system priorities, shut down systems and disable active administrator accounts, courtesy of (Michael Holloway 2015) and Sandford University. The result of this epidemic is because once the main systems are infected, it sends false signals to the control boards and then spreads across the network. If this had not been detected, Iraq would have been a nuclear dead zone. There are many references to this attack, it must be said that most of these references state that it is about the merger of the governments of the United States and Iran, in this attack over 45,000 devices were affected, 66% of these are located in Iran (Bronk, Tikk-Ringas 2013). The Security Agency J-CAT Collaboration The collaboration of multiple government security agencies is working together to combat the cause of cyber warfare, the Joint Cybercrime Action Taskforce (J-CAT) is a collaboration between the EU Member States: Austria, France, Germany, Italy, the Netherlands, Spain, Sweden and the United Kingdom and non-EU member states: Australia, Canada, Colombia, Norway, Switzerland and the United States (new European task force will tackle international cybercrime. 2014). The main objective of J-CAT is to identify high-value targets that have potentially harmful treatment of the world's digital infrastructure, objectives include (non-exhaustive list): Identify pedophiles and child exploitation Preventhigh-tech crimes such as malware distribution, botnets, money laundering To eradicate anti-virus services, card cloning To educate and prevent social engineering. J-CAT's role with the European Cybercrime Center – EC3 (Buono 2012) is to identify laws governing cyber warfare/terrorism, analyze these laws and then provide identification tactics on how to improve these laws. EC3 organizes multiple conferences every year on emerging threats, EC3's core values ​​use a multi-pronged approach in cybercrime eradication, strategy and forensic operations. Operation Blackfin was one of the largest cyber collaboration efforts to date, its role was to systematically focus on identifying theft, email/online banking phishing data, DDoS attacks and social engineering, Below is an excerpt of the protocols used by the Cyber ​​Security Capability Portal (Weisser, 2015): Pursue – Proposed link activity to prevent campaign against the use of stressed toolsPrevent – ​​Proactive communications campaign to prevent the tendency of young people to become cyber criminals , communicating what is illegal and the consequences of this behavior, and to dissuade young people who find themselves at a crossroads from choosing the right pathProtect – The focus of the PROTECT activity will be on using threat data to inform companies hosting threats unresolved issues hosted on their Prepare infrastructure – The aim of the PREPARE activity will be to raise awareness of cybercrime and improve the experience of victims should they become victims. This has been done through the preparation of pop-up shops in collaboration with private sector partners (antivirus companies) Incident Response After a security breach or attack within a company or government a protocol is initiated, usually called response to cyber incidents, the main objective of this procedure is to prevent disaster, reduce recovery time and decrease financial impact. Once initiated, you follow an incident response plan, which is usually made up of six elements:Preparation: A set of rules, instructions and actions to complete if an attack or breach occurs.Identification: What is the method, the type and execution of the attack, what systems were affected. Containment: Once the identification process has taken place, all affected systems must be placed under isolation to protect remaining uninfected resources. Eradication: Once the affected systems have been quarantined, investigations are conducted to remove the affected systems. Recovery: When all systems are free of infection and given the green light, backup recovery procedures are initiated to restore all systems to function. Documentation: This is the most important part of incident response, once you identify how the attack occurred, analysis is performed to stop future attacks or breaches. If a security flaw is known and fixed based on what is learned from the attack, it can be prevented in the future. One such example occurred on Friday 12 May, when the NHS suffered a systemic attack. The ransomware was introduced into the NHS network by an employee who opened an attachment to an email that appeared genuine; from that opened attachment WannaCry was able to spread across the entire NHS infrastructure releasing malware on every machine/device it reached. Eighty organizations have been infiltrated into the NHS domain and over 10,000 medical records are.