Scan details

Scan Time Total Pages Total Words

August 4th, 2025 at 15:09 UTC 29 7154

Analysis Report
Plagiarism Detection and AI Detection Report
CyberSecurity Final Report 1.docx

Plagiarism Detection AI Detection

0% 0%

Plagiarism Types Text Coverage W ords Text Coverage W ords

Identical 0% 0 AI Text 0% 0

Minor Changes 0% 0 Human Text 100% 7,154

Paraphrased 0% 0
Excluded

Excluded Omitted Words 0

Omitted Words 0

Ce r t i fi e d by About this report

help.copyleaks.com
Plagiarism
0%

Results (0)
*Results may not appear because the feature has been disabled. Plagiarism Types Text Coverage W ords

Identical 0% 0

Private Cloud Hub Shared Data Hub Filtered / Excluded

Minor Changes 0% 0
0 0 0

Paraphrased 0% 0

Excluded
Internet Sources AI Source Match Current Batch
0 0 0 Omitted Words 0

About Plagiarism Detection

Our AI-powered plagiarism scans offer three layers of text similarity detection: Identical, Minor Changes, and Paraphrased. Based on your scan settings we also provide insight

on how much of the text you are not scanning for plagiarism (Omitted words).

Identical Minor Changes

One to one exact word matches. Learn more Words that hold nearly the same meaning but have a change to their form (e.g.“large”

becomes “largely”). Learn more

Paraphrased Omitted Words

Different words that hold the same meaning that replace the original content (e.g. The portion of text that is not being scanned for plagiarism based on the scan settings.

"large" becomes "big") Learn more (e.g. the 'Ignore quotations' setting is enabled and the document is 20% quotations

making the omitted words percentage 20%) Learn more

Copyleaks Shared Data Hub

Our Shared Data Hub is a collection of millions of user-submitted documents that you can utilize as a scan resource and choose whether or not you would like to submit the file

you are scanning into the Shared Data Hub. Learn more

Filtered and Excluded Results

The report will generate a complete list of results. There is always the option to exclude specific results that are not relevant. Note, by unchecking certain results, the similarity

percentage may change. Learn more

Current Batch Results

These are the results displayed from the collection, or batch, of files uploaded for a scan at the same time. Learn more
 Interim Deliverable Report
Group 4
Cybersecurity

Project Title:
Cyber Warfare and National Security: Analysing State-Sponsored Cyber Attacks

Parth Raghvani H006

Kaushal Saraf H041
Lucky Kumar H014
Shikhar Patel D012
Nishkarsh Jaiswal F014
Ayesha Jada Siddiqui F056
Chinmay Anand C011
1. Introduction and Motivation: Rise in Cyber warfare:

Definition

The Cyber Warfare is the malicious activity which is undertaken by the nation state or its allies
in which cyber media is used to attack, interrupt or corrupt the information systems,
infrastructure or the national interests of the opposition. Cyber war is strategic, political and
military in comparison to cyber-crime, which is mostly profit-making.

The NATO states that:

Cyber warfare refers to the use of a nation or international entity to assault and possibly destroy
the computers or information-based structure of a different nation.

The causes of its increase: the most important factors

Factor Explanation
Weaponry Affordability Cyber fantasies (malware, ransomware, zero-day exploits) are
much more cost-effective as compared to conventional war
weapons.
International Digital Internet dependence of governments, military systems, and
Interdependence infrastructure has made the systems susceptible to attacks.
Stealth and Anonymity Cyber-attacks are hard to trace; the aggressor can leave the
identification behind through proxy servers or botnets.
Asymmetric Power Less powerful states as well as rogue states (e.g., North Korea,
Projection Iran) can attack other world powers such as the U.S. through
cyber instruments.
Making a protected election fail or getting the top secret papers of a diplomacy or
democratic looting military secrets are effective tools.

Case evidence in the Real World

Incident Year Description Attribution

Estonia DDoS 2007 Bank, media and parliament websites Suspected Russian
Attack broken, Estonian online infrastructure sponsored
is taken down. organizations
Stuxnet Worm 2010 First identified cyber-weapon which U.S and Israel
was used against physical (supposedly)
infrastructure (Iranian nuclear
 centrifuges)
Ukraine Power 2015 Blacked-out power of ~230,000 Sandworm Russian
Grid Attack residents by using a malware known APT group
as the Black Energy.
SolarWinds 2020 Hacked the U.S. federal agencies and SVR Russian
Attack fortune 500 companies through a Foreign Intelligence
software supply chain attack. Service
Volt Typhoon 2023- Chinese malware found in power China affiliated PLA
24 grids, water systems and players
communication infrastructure in the
U.S.

Motivations to State-Sponsored Cyber Attacks

Purpose Example
Espionage Stealing of defence blueprints, vaccine research or government
intelligence.
Sabotage Destroying the power grid or other satellites or transport networks.
Propaganda & To create the unrest inside the country with the help of bots and
PsyOps posting disinformation.
Pre-Positioning Planting of malware that can be used in times of war (e.g. Volt
Typhoon, planting within U.S. systems).
2. Survey of the National Security in the Digitalized World

Broadening National Security definition

In our age of computers, the idea of national safety has gone beyond military and border control.
It has, now, the following in it:
 Cybersecurity of critical infrastructure
 Data integrity & digital sovereignty
 Defence against cyber-espionage and sabotage
 Countering foreign influence operations

In our age of computers, the idea of national safety has gone beyond military and border control.
It has, now, the following in it:
• Cybersecurity of the critical infrastructure
• Integrity of data & sovereignty of data
• Protection with regard to cyber-surveillance and sabotage
• Addressing influence activities by the foreign powers

According to U.S. National Cybersecurity Strategy 2023, U.S strategy is based on five
strategic priorities:

The United States now considers cybersecurity as a national defence tonic of the nation.

Relevant National Security Threats in the Cyberspace

Type of threats Examples
Attacks In Critical Critical Infrastructure Attacks Colonial Pipeline
Infrastructure ransomware attack caused interruption in the fuel supply of
the U.S. over several days.
Offensive campaigns Chinese APT attacking U.S Defence contractors to steal
stealth aircraft designs.
Supply Chain Attacks Nearly 18,000 of the world organization were affected by
SolarWinds attack.
Election Interference Misinformation Interference of the 2016 and 2020 U.S.
elections, as an initiative by Russia.
Surveillance and Repression Spyware by the NSO Group Pegasus has been used to target
journalists, politicians and activists.
Governance and Defense Effect

• Military: The modern defence systems (e.g., drones, missiles) are software-moderated
and may be attacked by hackers.
• Energy Sector: Both the power grids and nuclear plants are supported with Industrial
Control Systems (ICS), which can be accessed through the cyber tools.
• Healthcare: The ransomware attacks targeted hospitals in the United States, Germany,
and India during the COVID-19!

Institutional response 19 Global response

Initiative Details
Cyber Command U.S. Founded to undertake offensive-defensive cyber-
attacks.
National Cyber Security Policy of This was adopted in 2013 to secure Indian cyberspace;
India pending, review.
The NIS2 Directive of the EU Enhances cybersecurity laws in the member states in
Europe.
UN Open-Ended Working Group The current discussions to outline international norms
(OEWG) within cyberspace.

Challenges that have never gone away

Challenge Explanation
Attribution Complexity Spoofing, botnets, and false flags are some
of the techniques employed by cyber
attackers in order to get investigators
confused.
Escalation Management A cyberattack may result into war causing
real-life military response to be launched.
Talent Shortage In 2024 there are more than 3.5 million
unfilled cybersecurity jobs in the world.
Artificial intelligence and Quantum Threats Powers around the world are in a mad dash
to weaponize AI and decrypt
communications using quantum computing.

Fact Based knowledge

Worldwide Computer Crime: It will rise to 10.5 trillion dollar annually by 2025
 • Mean financial costs due to Data Breach: 4.45 million India The Indian Cyber Incidents:
• According to the reports of the year only 2022, 13.9 lakh cyberattacks or 1.39 million
cyberattacks took place (CERT-In).
• The ransomware controlled by the CERT-In system more than 2000 attacks during the
year.

Government Budgets:
• The budgetary allocation on cybersecurity in the USA FY2024 is 13.5 billions of dollars.
• India: The Government of India is estimated to spend INR 515 Cr (202324) in its
Government outlay namely the Cybersecurity, which is proposed by MeitY.
3.Defining Cyber Warfare: Objectives and Classifications
The cyber warfare refers to the use of digital attacks by a government or a not state actor towards
spoiling, interfering with, or gaining an upper hand over an opponent in cyberspace. Computer
network operations are an aspect of these actions that target the military, governmental, or
critical infrastructure with an express aim of achieving strategic goals without the use of
conventional kinetic engagement..

Objectives of Cyber Warfare

The goals of it can be divided into such groups:

• Destruction of Enemy Command and Control: Intoxicated with non-conducive conditions of

reconnaissance, communication and operations, military performance is hampered.

• Espionage and Intelligence Gathering: By gaining access to sensitive information or

intellectual property in order to achieve strategic or tactical benefit.

• Disruption of Critical Infrastructure: Hundreds of millions of people can be severely

impacted due to disruption of power grids, financial systems, or public utilities.

• Influence and Psychological Operations: Through the manipulation of information to

influence the opinion of the people and at the same time lead to political outcomes.

• Denial of Service and Degradation: Denial of Service or the degradation of service that is
achieved by overloading the networks or systems in such a way that renders service inaccessible
or service capacity limited.

Classifications of Cyber Warfare

Cyber warfare can be classified based on the nature of operations and targets:

Classification Type Description

Offensive Cyber Deliberate attempts of harming, disrupting or degrading the systems

Operations or networks belonging to another hostile party.

Defensive Cyber Protection of own networks, detection of intrusions and response to

Operations cyber threats.
 Espionage and Stealth like operations to gain information without detection.
Intelligence

Electronic Warfare The use of cyber related activities like electronic systems, e.g. radar
(EW) and communication to damage kinetic operations

Cyber Alliance Sharing of vulnerabilities and co-ordinated attacks or defenses by

Operations collaborative cyber efforts of allied states

Characteristics
 Cyber warfare does not involve a physical impact yet it can result in a physical effect (e,g
Stuxnet attack on Iranian nuclear facilities).
 It takes advantage of weaknesses of legacy and modern systems and tends to use
unpatched software or trusting computing relations.
 Alliances complicate the issue as the members states are able to go weak together or
even synchronize their offensive/defensive cyber plans.
 It dwells in a globalized but territorialized cyberspace that makes legal and jurisdictional
schemes problematic.
4.State-Sponsored Attacks: Tools, Tactics, and Techniques (APT, malware, phishing, etc.)

State-sponsored attacks present a more advanced type of cyber operation which is highly
focused on the element of silence, durability, and precision that tend to target important
infrastructures, strategic embeddedness, and governmental facilities.

Such encroachments are often referred to as Advanced Persistent Threats (APTs), an

indication that displays the long-standing, focused nature of these types of intrusions.
To achieve their goals, the APT actors roll out a mixed bag of malware, phishing, supply chain
incursions, and other exploitation tools.

Main technologies and equipment used in state sponsored attacks:-

Advanced Persistent Threats(APTS):

APTs are long-standing persistent and focused cyber campaigns with an aspect of stealth.
Sandworm, Fancy Bear (APT28), and Gamaredon are examples of groups that use polymorphic
and metamorphic malware that allow them to detect conventional security systems by constantly
recoding the signatures of their code . APTs often perform a supply chain attack and use a zero-
day vulnerability to access an intended network.

Malware:
The variants of state-sponsored malware have high-quality ransomware with strong encryption
and double extortion strategies (they can not only encrypt data, but also blackmail to release it
publicly) . Too frequently such malware families employ polymorphism or metamorphism
effectively rewriting themselves, making their defensive countermeasure more complex.
Examples include backdoors, trojan, spyware.

Social engineering and phishing:

Phishing is primary vector for initial access and is often conducted as spear phishing with high
fidelity, targeting individual users in an organization. Such campaigns are taking advantage of
human vulnerabilities to install malware or harvest credentials. Social-engineering attacks play
on the emotions of the users to disclose confidential data or perform harmful operations.

Supply Chain attacks:

These attacks are gaining popularity and are involved in compromising third party vendors or
software providers in order to gain access to target organizations. These types of attacks make
use of trust relationships and may result in far-reaching effects as indicated in the recent high
profile cases
False Data Injection (FDI) Attacks:
Of special interest to critical infrastructure, FDI attacks tamper with sensor or operating data to
corrupt the operation of the system without being detected by traditional mechanisms. New
defensive measures have been proposed such as dynamic reconfiguration of the system to offer a
better detection of these attacks.

Frameworks and Methodologies for Understanding and Detecting State-Sponsored Attacks

MITRE ATT&CK Framework

A viable model of understanding state-sponsored cyber operation is based on an accurate list of
tactics, techniques and procedures - or TTPs. It is an orthodox chart of methods, allowing
protectors to follow individual phases of adversaries and to make sense of detection rules,
including YARA and Sigma signatures specific to specified threat actors, for example, the
Chinese group, the Typhoon.
The Cyber Kill Chain Model
It defines the reconnaissance part of an attack in the action on objectives, thus helping in early
warning and also in fast response. A combination of digital forensics tools and ontological
rationale can identify separate persistent attacks involving correlations of artifacts about the
clearly stipulated stages of this model.

Defensive Strategies
Some fundamental methods of which they are all involved in the protection of computer
structures against dynamic forms of challenges against them.

Zero Trust Architecture and Defense in Depth

It promote the implementation of multilayered security control mechanisms, continuous
monitoring, mutiple factor authentication, and strict access controls that can be defined to limit
the attack surfaces and segment penetration channels in case of a breach.

Active Defense and Dynamic Reconfiguration

It requires action to be more complex, and, at the same time, it helps to detect malicious actions
through harder-to-detect methods like file-drop infection (FDI) and fileless assault.

User Awareness and Training

It is focused on routine training on detection of phishing and social engineering efforts with
support of an incident-response planning to address as the key countermeasures to the
exploitation of human weaknesses.
5.Case Study 1 — Stuxnet: A Surgical Strike on Iran’s Enrichment Infrastructure

Strategic context and intent

By the mid-2000s the Natanz Fuel Enrichment Plant in Tehran was putting in place thousands of
the first-generation IR-1 centrifuges. Washington and Tel Aviv found the idea of a conventional
air-strike that would be politically combustible coupled with a rather technically dangerous idea,
hence it was launched as Operation Olympic Games, a secret project, the purpose of which was
to begin to damage production only to such an extent as could plausibly delay weapon-grade
enrichment without causing a military conflict.

Weapon design and infiltration chain

The engineers in the design created a modular worm consisting of four Windows zero-days, two
pilfered certificate-signing keys to Realtek and JMicron device drivers, and a deep understanding
of Siemens Step 7 PLC logic. Its exploit chain started outside Natanz: contractors were given
trojanised USB sticks which infected their laptops and when those laptops were attached later to
the cascade hall, now supposedly air-gapped, the worm spread across Windows hosts until it
found engineering workstations running Step 7. When established, Stuxnet took over parts of the
ladder logic installed in the centrifuge control, rotating rotors far past and far below their safe
harmonic frequency and then restarted the sensor telemetry at more normal frequencies to the
operators, disguising the attack.

Discovery, forensics and attribution

The malware was initially observed by the Belarussian company Virus BlokAda and not Iranian
engineers; the company sent an unusual sample to Microsoft on 17 June 2010. In a few weeks
industrial-malware analysts recognized hard-coded references to cascade-specific tags and
realized that the payload could only run when the devices were configured with 164 centrifuges
in one enrichment cascade, as it was with Natanz. Separate code-comparison and diplomatic
leaks subsequently attributed the operation to the NSA Tailored Access Operations group and the
Israeli Unit 8200.

Operational impact and geopolitical fallout

International Atomic Energy Agency inspectors also witnessed a sudden replacement of
approximately one thousand damaged IR-1 centrifuges between late in 2009 and early in 2010,
which as later reverse-engineering successes would indicate, comprised a percentage of the
number of installed centrifuges approximating ten percent in the plant. The analysts found that
the delays pushed Iranian enrichment schedule back twelve to twenty-four months and by
franking them diplomatically in the process without incurring such costs of kinetic action. With
the disclosure that software could cause physical destruction to infrastructure that should have
been deemed critical, the threat perceptions around the globe shifted and military speeds up its
investments in offensive capabilities in cyberspace.

6.Case Study 2 — SolarWinds Orion: A Supply-Chain Espionage Campaign

Strategic context and objectives

In another case where Stuxnet was used to sabotage hardware, the Foreign Intelligence Service
of Russia was interested in maintaining persistent visibility in U.S. government and fortune 500
networks. They have chosen to use SolarWinds Orion, a network-management tool that has
domain-wide privileges as its sole point of access in an espionage-campaign of breathtaking
scope.

Compromising the build system and mass distribution

The malicious actors had silently penetrated the CI/CD environment of SolarWinds in the last
quarter of 2019. In one of the build in February 2020 they added several obfuscated lines to
SolarWinds.Orion.Core.BusinessLayer.dll, built the code within the vendors pipeline and signed
the binary with the SolarWinds own certificate. It was backdoored in an update recommended on
the usual update channel between March and June 2020 (there were affected versions 2019.4
HF5 to 2020.2.1 HF1). There are approximately 18,000 customers that downloaded the package,
but the operators enabled second-stage tooling in a selective list of high-value networks.

Post-exploitationtradecraft
SUNBURST was a delayed dropper that held up to two weeks and ran domain-generation
algorithms and DNS-based C2 and also loaded in-memory via TEARDROP and RAINDROP.
They used targeted stolen Active Directory signing keys with none on chosen targets, and minted
fraudulent SAML tokens so that their pivot in on-premises identity infrastructure to Azure AD
and Microsoft 365 mailboxes was without impediment, providing long-term access, passive
stealth, with few disk-based artefacts to detect.

Detection, response and policy aftermath

FireEye discovered its own intrusion on 8 December 2020 in investigating a theft of red-team
tools; its announcement of this intrusion on 13 December prompted CISA to issue Emergency
Directive 21-01 the same day, requiring every civilian agency of the United States to
immediately disconnect or isolate Orion servers. In April 2021, a joint advisory officially made
the campaign the responsibility of SVR, and the White House issued diplomatic and economic
sanctions. The large and low-key nature of the event brought the legislation in to action:
Executive Order 14028 now mandates software vendors to the federal government to provide
Software Bills of Materials and implement secure-development attestations and zero-trust road-
maps.

Operational and economic impact

Months of identity-system rebuilding, lawsuits and courts took on the nine U.S. cabinet
departments including Treasury, State, Homeland Security, Defense and others as well as
technology heavyweights like Microsoft, Cisco and Intel. Available estimates of industry
analysts put direct incident-response and litigation expenses at over $100 million so far, and
venture spending on so called software-supply-chain security products was above $4 billion in
2022-23 as enterprises scrambled to secure their build pipelines.

7.Case Study 3: NotPetya—Using Cyber Weapons in the Russia-Ukraine War

The Background

NotPetya, a malware that pretended to be ransomware at first but was later found to be a wiper
designed to cause damage, hit Ukraine in June 2017. It was one of the worst cyberattacks in
history. MeDoc is a popular accounting program in Ukraine, and the attack started through its
update system. Once the malware got into a network, it spread quickly through both business and
government networks.

Propagation Method: NotPetya used several ways to spread, such as: The EternalBlue SMB
exploit, which WannaCry also used Mimikatz for stealing credentials Using PsExec and WMIC
to move laterally

Payload: The malware showed a ransom screen, but it permanently damaged systems by
overwriting the Master Boot Record (MBR), making devices unusable.

Scope: The initial targets were Ukrainian infrastructure -- banks, energy, and transportation. The
infection spread around the globe causing harm to companies like Maersk, FedEx, and Merck --
costing over 10 billion dollars.

Attribution The United States, United Kingdom and Australia, among other countries in the
West, attributed blame to the GRU, the Russian military intelligence agency for the NotPetya
cyberattack. Specifically, it blamed Unit 74455, otherwise known as the Sandworm Team. It was
believed that the attack was part of an ongoing hybrid warfare strategy by Russia against
Ukraine.

Strategic Intent
• Make Ukraine's economy and government less stable.
• Demonstrate to adversaries what can be accomplished in cyberspace.
• Convey deterrent or retaliatory capability without belligerent engagement.

Implications
• Made it apparent that cyber-enabled attacks by nation-states can cross into the systems of other
states, making it difficult to differentiate between regional conflict and global cyber crisis.
• Made it unequivocally clear that the governance and security of digital critical infrastructure
must be resilient to cyber-attacks and have backup capabilities.

8. How Countries Mask Their Digital Footprints:

What is Cyber Warfare Attribution?

Attribution is the process of determining who is responsible for the cyber-attacks.

Challenges:
  States often utilize independent hackers or cybercriminal groups (e.g. APT groups) to
retain plausible deniability.
 There may be overlap of tools or infrastructure, which would muddy accountability.
 Attackers can assume another person/entity's identity by inserting false artifacts, e.g.
Russian-language code in a North Korean operation. As an example, consider the alleged
false flags in the Sony Pictures hack.
 Many actors use malware that is publicly available, e.g. Cobalt Strike, Mimikatz, or
Metasploit. When TTPs overlap, it can be hard to assign attribution definitively.
 Attackers use TOR, VPNs, or botnets to mask the traffic's source.
 Bulletproof hosting in neutral jurisdictions are often used.
 Governments may delay or avoid attribution for a political reason, if they have been
diminished of intel or when a chain of proof is lacking.
 Political Attribution vs. Technical Attribution

Technical Attribution:

This is undertaken by cybersecurity companies and researchers, using forensic evidence (IP
addresses, malware signatures and behavioral patterns)

Political Attribution:

This can take into account, a government-issued intelligence report, the geopolitical context
and/or motivations.

Recent Advances

 Increasing use of AI-driven threat intelligence and machine learning to identify

attacker behaviour patterns.
 Collaboration between government agencies and private cybersecurity firms (e.g.,
FireEye, CrowdStrike, Kaspersky).

9. Comparative Analysis: Cyber Warfare Tactics – U.S., Russia, China, North Korea

United States
 • Management of Cyber Warfare: Defence mode with capability for offensive measures;
alignment of cyber operations with other armed services' doctrine and defensive security
initiatives.
• Identified Agencies: Cyber Command (USCYBERCOM), NSA, DHS.
• Approach: Use of advanced persistent threats (APTs) to collect intelligence, deterrence,
and strategic strike capabilities. Attention on zero day exploit research and securing
critical infrastructure.
• Example: Turkey seed of the Stuxnet operation against Iran's nuclear centrifuges (future
Stuxnet operation, identified by the U.S. ET).
• Quantifiable Metrics: The US government has budgeted approximately 10.4billion
dollars in their proposed FY2024 federal budget for cybersecurity in their proposed study,
which most critically has areas of focus that include critical infrastructure and supply
chain security (Sources- Congressional Budget Justification FY

Russia

• Direction: Hybrid Warfare, where cyber means are one component of information warfare
and part of a collection of mixed methods or doctrine called psychological operations.
• Major agencies: GRU, FSB
• Tactics - Coercive diplomacy applied in the direct use of disinformation campaigns or
disinformation campaigns as interference or attack during an electoral process, somewhat
DDoS attacks on websites, and infiltration of critical infrastructure.
• Examples of Russia as an actor: Ukrainian power grid attacks in 2015 and 2016,
interference in the 2016 Us elections.
• Data Point: Russia has utilized both patriotic hackers and criminal proxies that are
difficult to attribute

China

• Strategy: Long-term cyber-espionage strategy to advance technology, IP stealing,

maintain regional hegemony.
Agencies: PLA Strategic Support Force Government and Party/MSS
• Tactics: To undermine economic and military hegemony by targeting government
agencies, companies and research facilities.
• Examples: Cloud Hopper targeting managed service providers globally and stealing IP.
• Data Point: from 2017-2022, China's state-sponsored cyber espionage public cases
accounted for 30% of the world

North Korea
 • Strategy: The country was engaged in economic gain and using cyber for asymmetric
warfare.
• Agencies: Bureau 121, Reconnaissance General Bureau.
• Tactics: Cryptocurrency hacking, ransomware, hacking financial systems.
• Examples: WannaCry ransomware attack back in 2017; hacking cryptocurrency
exchanges multiple times.
• Fact: North Korea has been stealing cryptocurrency for at least 4 years, for a value of
over 3 billion as a means to fund their weapon programs.

9.Global Cyber Defence Strategies: Policies, Laws & National Security Frameworks

United States

• Policy Frameworks - National Cyber Strategy, CISA directives, NIST Cybersecurity

Framework.
• National Security Mechanisms - Identify Critical Infrastructure, introduction of public-
private partnerships, mandatory incident reporting.
• Data point - American National Cybersecurity Strategy talks about the move of the
cybersecurity responsibility from people to organizations that have systemic
responsibility
European Union

• Policy Framework - EU Cybersecurity Strategy, NIS2 Directive.

• Legislation - GDPR which has influence on Cybersecurity, Digital Operational Resilience
Act. National Security Mechanisms - ENISA coordination, CERT-EU, mandatory
incident reporting.
• Data point - The EU's Cyber Solidarity Act recommended strengthens common resilience
by building up European Cyber Shield.

China

• Policy Frameworks - Multi-Level Protection Scheme (MLPS), Cybersecurity Law.

• Legislation - Personal Information Protection Law, Data Security Law.
• National Security - Control of the Internet by the public, mandatory localization of data.
• Data point - China is the most demonstrative in the world in terms of regulation of its
cyberspace and regulation in this area is strict).

Russia
 • Policy Framework: Information Security Doctrine .
• Laws: Sovereign Internet Law which mandates domestic traffic.
• National Security: a centralized approach to the Internet and close supervision of digital
life.
• Data Point: The testing of the Russia portion of the world Internet, the so-called Runet,
has given it readiness for disconnection during crises

International Collaboration

• Budapest Convention on Cybercrime: 68 states that ratified this treaty for the
harmonization of cybercrime laws.
• UN GGE and OEWG Dialogues: for the purpose of establishing the norms of responsible
state behaviour.
• Cybersecurity Tech Accord: more than 150 companies across the world focus on user
protections against cyber attacks.
• Data Point: World Economic Forum Global Cybersecurity Outlook 2024 states that 74
percent of organizations around the world believe in public-private partnership as
essential for developing cyber resilience

Key Trends and Challenges

• Ransomware attacks increased significantly: In 2024, the number of ransomware attacks

surged by 34 percent globally.
• Cyber talent shortage: There will be an expected worldwide shortfall of 3.5 million cyber
professionals in 2025.
• Cybersecurity and artificial intelligence: As cybersecurity professionals, we are seeing AI
being applied by both attackers and defenders in areas such as automation, evasion, and
scaling.
• Attacks on critical infrastructure: Attackers are targeting the health, energy and finance
sectors with specific sympathies towards state-sponsored attacks.
10. Role of International Cooperation: NATO, UN and Cyber Diplomacy

NATO: Strategic Readiness & Collective Cyber Defence

NATO is now leading the organization of allied cybersecurity. At the Warsaw Summit in 2016,
it declared cyberspace to be one of its domains of operation, as it recognized attacking an ally in
the cyberspace domain could trigger Article 5 of the NATO Charter - collective defence (NATO,
n.d.). The Cyber Defence Pledge of 2016 was reiterated at the Vilnius Summit in 2023, pledging
the members to strengthen national cyber defence and invest in infrastructures . In 2025 all
members agreed to enhance defence spending to a minimum of 5% of the GDP and 1.5% to
cyber security in particular with protecting critical infrastructure an priority.

Main projects are:

 NATO DIANA: invests in dual-use start-ups that are innovating in cyber resilience,
including secure communication.
 Cooperative Cyber Defence Centre of Excellence (CCDCOE), Tallinn: it is a knowledge
center that organizes studies, training and the annual Locked Shields Cyber-defense
exercise, the largest live-fire cyber exercise in the world (NATO CCDCOE, n.d.).
 Cyber Coalition Exercises: They simulate the largest possible cyberattacks with as many
as 1,300 experts that contribute to the development of a common operational response.
These coordinating efforts escalate adverse effects on Advanced Persistent Threats
(APTs) and ransomware, and state-sponsored hacking, i.e., Russia, China, and North
Korea.

The United Nations: Universal Norms, Voluntary Principles, and Constraints

The UN has an important normative and diplomatic role to play in global cyber governance but
has no ability to enforce. Essentially, it operates on two large tracks:

i. Group of Government Experts (GGE):

The GGE is a team of experts that have met under the auspices of the UN since 2004, and came
to the conclusion in 2015 that international law applies to cyberspace - as either a function of the
UN Charter, International Humanitarian Law (IHL), or the principles of sovereignty.
ii. Open-Ended Working Group (OEWG):

The OEWG commenced in 2019, and all 193 UN Member states are involved. It promoted
CBMs, including incident reporting; voluntary norms; and inter-state cooperation.

Both models are hampered by:

Free-will:
There are no promises (binding), only aspirational norms.
Enforcement Gap:
ONU has no attribution systems nor a body of sanction in space geopolitics
fragmentation: Russia and China will be more likely to push for state-centric, sovereign
Internet governance, whereas the preference of liberal democracies is for a free; open
and secure on-line environment.

The Rise of Cyber Diplomacy: A Global Need

Cyber-attacks perpetrated by states continue to become more rampant and sophisticated. Given
that, cyber diplomacy has become an increasingly important diplomatic tool in concordance with
deterrence.

Key Developments:

 The cyber diplomacy toolbox of the European Union facilitates pro-active and
coordinated actions such as sanctioning the attacker, denunciation, or withdrawal of
diplomatic privileges where state actors engage in cyber violence (Council of the EU,
2017). There are also a growing number of joint cyber threat dialogues and workshops in
which India has participated with countries such as the USA, Japan, Singapore, and Israel
with protection of critical infrastructure, coordination of CERT, and data sovereignty as a
priority.
 Cyber ambassadors and envoys: 40 or more countries are also formalizing cyber
diplomatic instruments to advocate national cyber interests. The Global Forum on Cyber
Expertise (GFCE) is pulling together efforts to track state sponsored attacks and assist
developing nations with enhancing their cyber capacity, law reforms targeting appropriate
levels of regulation. Cyber diplomacy can be inclusive of recruiting private sector actors
such as Google, Microsoft, Cisco etc. as private sector actors tend to be the first entities
to have an indication of state actor sponsored attacks (before governmental agencies).
The multi stakeholder approach also enhances both effective and responsive behaviours.
11.Ethical, Legal, and Human Rights Consequences of Cyber Warfare

Ethical Dilemmas in Cyber Warfare

Warfare ethics normally covers several principles, such as:

 Distinction - which only targets combatants, not civilians.

 Proportionality - which uses force that is no disproportionate.
 Necessity - which uses force only when necessary.

It is somewhat harder to use these principles in cyberwarfare, because the consequences of

cyberattacks are uncertain and they affect civilians, not military objects.

i. The Attack on Civilian Structures: One of the worst ethical problems is that most
of these attacks are aimed at civilians and even when civilians do not constitute the
aim of the attack. For example, the 2017 WannaCry ransomware attack affected over
200,000 computers in 150 countries, interrupted hospital operations in Britain,
delayed surgery, and devastated a health system. On one hand, it was suggested that
this attack can be politically rationalized but the victims were unsuspecting sick
patients and their care providers.

ii. False-Flag Operations: Some cyber attacks are actually done with what appears to
be the origins of a foreign country or an organization. This kind of attack is known as
a false-flag operation. It creates confusion, false claims, but in a worst-case scenario
could result in innocent countries going to war. For example, stateside in 2014, the
hack of Sony Pictures occurred, where the US was falsely blamed for deriding North
Korea - at an early glance the evidence led to China.

iii. Autonomous Cyber Weapons: There is another grave threat; the autos growing use
of AI enabled autonomous cyber technology which can act independently of human
input or management in the cyber operating environment once it is programmed.
These tools can locate a target or targets, choose who it wants to attack, determine the
best means to attack, establish the timing of the attack and one of the most alarming
parts, it can plan and execute all of this without even human oversight.

Legal Frameworks: Challenges and Uncertainties

Although theoretically, the legal frameworks for international law do apply to cyber warfare, the
situation remains cloudy and uncertain. Law practitioners and government agencies are still to
find ways to implement existing law in what has become a complex hybrid conflict that extends
beyond traditional conflict.
The laws of war or International Humanitarian Law (IHL) describe the legal framework around
certain rules and principles that protect civilians and limit the impacts of war and conflict. The
Tallinn Manual 2.0 provides, in the event of a question of applicability of international law to
cyber operations, principles to be established for cyberwarfare:

i. Sovereignty: No state is permitted to intrude into another states cyberspace, or other

resources, unless prior consent has been given.
ii. Use of Force: Cyberattack can be construed as a case of force if physical damage or
loss of life is caused.
iii. Self-Defense: Nations will be able to act in self-defense, whether on a cyber level or
conventional airspace attack level, if attacked.
However, the Tallinn Manual is non-binding. It is merely an expert opinion based on twenty
something years of law profession. Most countries do not ratify it, and it does not present any
legal force. Cybercrime involves multiple state actors with the complication of disguising one's
role in the actual crime and crossing through tens of nations by VPN. All the ICANN and IP
addresses get obscured through false identity in a different part of the world. This all covers up
any trace of ownership.

i. And no one can sue.

ii. Or sanctions can be improperly imposed.
iii. And as history shows, you could also target the wrong party, resulting in new tensions
on the planet.

As a 2022 CSIS report noted, over 60 percent of the significant state-sponsored cyber intrusions
in the last few years had not been positively attributed to a state actor.

Human Rights Risks in Cyber Warfare

Cyber warfare affects the fundamental human rights, but it does not mean the attacks are such a
physical threat.
They are:
 Right to Privacy:
There are now cybersecurity tools being implemented to follow the citizens. One
example is Pegasus spyware, and some governments use it to illegally infiltrate the
 phones of activists and opposition figures and journalists. That breaches the
fundamentally important concepts of privacy and the individual's freedom of thought.

 Freedom of Expression:

Cyber warfare is one of the tools of state power to limit freedom of expression, either
by suppressing itself the information or depriving access to the channels of crucial
importance. Indicatively, independent news media in Russia and Iran have been shut
down permanently by hackers, who coordinate the process of DDoS attacks. Similarly,
in situations where the regime aims at suppressing the organisation of mass actions,
when the central methods of interference with freedom of speech consist in blocking
social-media sites, grave infringements of speech and expression are notable.

 Access to the Required Services:

The possible outcomes of cyber attacks go beyond censorship of the discourse; they can
trigger further service denial attacks. It is being reported that in such cases when the
malicious intruders break into core systems, power grids, hospitals, banks, water-treatment
plants and many more, affected civilians in millions can be subject to excruciating suffering.

This is also depicted in the empirical record. In Ukraine, there was nationwide attack on the
countrywide power supplies in 2015 and 2016 using computers-based attacks resulting in
making some parts of the system inactive and leaving thousands of citizens exposed to cold
weather without electricity. At the same time, Myanmar government blocked internet
connections in the short-term after the events of the 2021 coup, which hindered
communications, access to education and healthcare, and emergency-response resources. In a
broader sense, the cases under discussion point to the potentials with regards to the cyber
interference as a means of suppression, ostracism, and social policing.

12. Future Outlook

Artificial Intelligence in Cyber Warfare

Artificial intelligence (AI) acts as a double-edged sword in cyber warfare; it provides

previously unattainable opportunities for defenders, and at the same time, new powerful
weapons for attackers.

1.1. AI as an Offensive Weapon

The spread of artificial intelligence (AI) is a major accelerator to speed and magnitudes of
the cyberattacks. Malicious agents based on AI can scan networks constantly to identify
vulnerabilities, analyse their defensive positions and alter their methods of attack in real-time
to avoid being caught by conventional security systems.

The potential of AI is depicted further by advanced types of malware and ransomware.

Specifically, AI can create entirely new malware strains and at the same time develop current
malware families and therefore stand a greater chance that such threats manage to bypass
system signature-based defences that have traditionally limited second-tier ransomware.

Enhancements in the social engineering techniques are another significant aspect of AI-
powered threats evolution. The generative AI has now the capacity to create fraudulent
phishing emails, deep fakes, or other advanced forms of social engineering which are
sometimes personalised, grammatical and hence very convincing. These mechanisms greatly
increase the chances of successful attacks, which increases click-through rates and facilitates
credential theft.

More directly, it is likely that in the future AI models will be the target of autonomous AI
agents rather than acting specifically on a solution that uses AI, through vulnerabilities in
algorithm or data, or by ‘poisoning’ models after deployment to degrade the accuracy or
trustworthiness of the relevant AI-based solution.

On top of that, AI tools also create a reduced skill-barrier to more advanced operations that
can be executed by less sophisticated threat actors such as reconnaissance, phishing attacks,
and malware creation.

1.2. AI as a Defensive Tool

Improved Threat Detection and Response:

Using AI to process the data sets at levels of speed the industry has not seen before allows
the detection of anomalous behaviors, indicators of compromise, and potential breaches in
 real-time that can, not only identify threats faster than human analysts, but also with
increased accuracy. The AI-based systems also optimize the prioritization of safeguarding
alerts and provide subtle dashboards.

Predictive Analytics and Vulnerability Management:

AI has the ability to predict new or emerging vulnerability and assess systems in the form of
testing the systems to ascertain vulnerabilities before they are exploited based on analysis of
past data.

Automated Security Operations:

AI can reduce the number of manual, routine security operations and tasks, including 24/7
system monitoring, conducting compliance checks, scoring alerts to prioritize, conducting
investigations, and automated response actions to mitigate exposure of systems, data, or
information, leaving humans to investigate higher strategic level threats.

Adaptable Defenses:
AI-enhanced defensive systems enables learning and adaption against new threats and attack
techniques, in order for defenses to remain robust against adaptive cybercriminal activity.

Combating Ransomware:
AI tools are being developed to find, combat, or mitigate Ransomware more effectively.

2. Zero Trust Models

The Zero Trust Architecture (ZTA) provides a strategic model for approaching cybersecurity
that assumes no user, device, or application can be implicitly trusted, whether they are inside
or outside the organization’s network perimeter. In instead, every access attempt is
considered a threat that needs to be verified.

2.1. Zero Trust Core Principles

Never Trust, Always Verify: The central hypothesis. All users, devices, and connections are
assumed to be untrusted.

Verify Explicitly:
Each access request is authenticated and authorized based on all known data sources such as
user identities, locations, devices, sensitivity of data. Multi-factor authentication (MFA) and
identity management are important pieces.
Least Privilege Access:
Users, applications, and devices get only the minimum level of access required to perform
their assigned functions. This limits potential damages if a breach occurs, and limits lateral
movement in the network,

Micro-segmentation:
Networks are divided into groups; the segments are contained and isolated. An attacker may
achieve access to one segment, but with micro-segmentation in place, their ability to move to
other parts of the network is limited.

Continuous oversight and validation:

Access isn't a single permission; users, devices, and connections are constantly monitored
and re-validated during their sessions and any anomalous behavior generates immediate
scrutiny.

Cybersecurity automation:
The ZTA protocols use automated systems for cybersecurity monitoring, linking enterprise-
wide information systems, and assessing user activity for the purpose of proactively updating
network-based defenses.

2.2. Role in National Security

Increased resilience to state-sponsored attacks:

Traditional perimeter-based security may be too weak and reactive for sophisticated state-
sponsored attackers because at some point they will penetrate perimeter defenses. Zero trust
offers internal barriers and granularity in control in the case an attacker penetrates external
defenses or an employee misuses data; it limits the compromise and diffusion internally.

Securing remote work and cloud environments:

Remote work directed the biggest and most rapid increase in organizational use of cloud
technologies, resulting in challenges with routing data, traditional perimeter security no
longer proves effective outside the organization. ZTA allows secure access regardless of
device and location to cloud resources.

Protecting critical infrastructure:

Government agencies, finance, healthcare, energy and related sectors, manage data and
systems that can be extremely sensitive and important. The zero trust model allows them to
do their jobs while limiting the potential exposure to outside attacks and inside threats.
Enhanced containment of threats:
ZTA splits and contains networks and provides checks and balances - local networking
provides lateral movement challenges and least privilege control, therefore significantly
reducing an attacker's ability to garner most, if not all from an intrusion.

Alignment with Government Directives:

Numerous countries (e.g., U.S. government, including OMB Memo M-22-09) have mandated
or recommended the adoption of governmentwide Zero Trust principles for national security
systems and critical infrastructure.

3. Quantum Threats
Quantum computing, although nascent, can present a long-term existential threat to many
core cryptographic mechanisms of modern cybersecurity, including systems employed to
protect national security information
.
3.1. Quantum Computers and their Threat to Current Cryptography

Shor's Algorithm:
Shor algorithm is a quantum algorithm that can be used to efficiently factorize large integers
and compute discrete logarithms, to which well-used public-key encryption algorithms are
based (such as RivestShamirAdleman (RSA) and Elliptic Curve Cryptography (ECC)). This
is something critical in terms of modern safe communication systems like HTTPs, VPNs and
blockchain services.

Grover's Algorithm:
Although Grover's is not as grave a threat as Shor's, Grover's algorithm does provide
quadratic speedup to search an unsorted database, which reduces the effective security of
symmetric-key cryptography (for example, Advanced Encryption Standard (AES)) by
halving the security of the key length.

Within the context of national security, quantum technology can have three major issues:
 (i) undoing classified intelligence, military communications and government secrets
endangering defense and intelligence activities;

(ii) breaking key infrastructure such as power, transportation, financial systems and many
others potentially catapulting societies into chaos; and (iii) the breaking down of digital
signatures and authentication thereby reducing social trust in transactions and identities and
allowing parties to take advantage of small dishonesties.

Therefore, quantum computing is a geopolitical factor that is potentially destabilizing.

Quantum computing supremacy is a strategic advantage that any state could gain and which
can transform international relations and worsen the already existing power asymmetries.
The advancement is a source of exciting escapades of cyber war and espionage.

Mitigation Strategies: PQC

The response to the quantum threat is split into a few categories:

(1) the creation of quantum-resistant algorithms,
(2) development of comprehensive migration plans,
(3) increased size of keys in symmetric cryptography,

1. Creation of quantum-resistant algorithms

The research, development, and standardization of cryptographic algorithms that can
withstand attacks of quantum computers, usually labeled as Post-Quantum Cryptography
(PQC) are the main mitigating factor. This is being led by the National Institute of Standards
and Technology (NIST) which has evaluated several candidate PQC algorithms that will be
standardized in due course.

2. The migration planning and implementation

Governmental bodies and critical-infrastructure spheres need to start implementing the
overall migration strategies that will enable them to switch existing cryptographic systems to
PQC. These strategies will require the identification of vulnerable assets, the tracing of
cryptographic relationships, and the utilization of hybrid cryptographic techniques, which is a
combination of PQC and the existing algorithms, throughout the transition phase.

3. Borderless symmetric cryptography

In symmetric cryptography, the problem with increasing key sizes In symmetric
cryptography, a problem arises because it is typical to double the size of the key, as opposed
to traditional cryptography.
In symmetric encryption, raising key sizes slightly can offer a level of resistance to the
speedup offered by Grover algorithm.
.
AI Content
0%

Text Coverage W ords

AI Text 0% 0

Human Text 100% 7,154

Excluded

Omitted Words 0

About AI Detection

Our AI Detector is the only enterprise-level solution that can verify if the content was written by a human or generated by AI, including source code and text that has been

plagiarized or modified. Learn more

AI Text Human Text

A body of text that has been generated or altered by AI technology. Any text that has been fully written by a human and has not been

Learn more altered or generated by AI. Learn more

Copyleaks AI Detector Effectiveness

Credible data at scale, coupled with machine learning and widespread adoption, allows us to continually refine and improve our ability to understand complex text patterns,

resulting in over 99% accuracy—far higher than any other AI detector—and improving daily. Learn more

Ideal Text Length

The higher the character count, the easier for our technology to determine irregular patterns, which results in a higher confidence rating for AI detection. Learn more

Reasons It M ight Be AI W hen You T hink It's Not

The AI Detector can detect a variety of AI-generated text, including tools that use AI technology to paraphrase content, auto-complete sentences, and more. Learn more

User AI Alert History

Historical data of how many times a user has been flagged for potentially having AI text within their content. Learn more

AI Logic

The number of times a phrase was found more frequently in AI vs human text is shown according to low, medium, and high frequency. Learn more