PrEP: A Framework for Malware & Cyber Weapons
The contemporary debate over cybersecurity rests on a set of linguistic artifacts that date from the Cold War. Attempting to glean a starting point for debate over use of terms such as ‘cyber attack’ or ‘cyber war’ is difficult, largely because there is little agreement on what constitutes a weapon in cyberspace. This paper proposes a new framework to classify malware and cyber weapons based on the different pieces of malicious code that constitute them. A Propagation Method (Pr) is the means by which a weapon is inserted into a target network or system, such as an infected USB stick or email carrying a compromised attachment. An Exploit (E) is code designed to compromise some aspect of a software system which allows third parties to effect unintended operations or consequences. A Payload (P) is the heart of a cyber-weapon: software written to achieve a particular goal such as stealing password files or deleting documents. A Cyber Weapons is any combination of three software components: a Propagation Method, one or several Exploits, and a Payload (PrEP) designed to create destructive physical or digital effects. This paper evaluates competing definitions of cyber weapons and concludes with implications for this approach.
- Trey Herr (Point of Contact)
- Senior Research Associate
- Trey is a research fellow at the Cyber Security and Policy Research Institute (CSPRI) and PhD student in the political science department at The George Washington University. His research focuses on national security policy, internet governance, and the market for malware and cyber weapons.
Project sponsor: The Cyber Security Policy and Research Institute (CSPRI)
1. Trey Herr. "PrEP: A Framework for Malware & Cyber Weapons," 2014. Click here.
2. Trey Herr and Paul Rosenzweig. "Cyber Weapons and Export Control: Incorporating Dual Use with the PrEP Model," 2015. Click here.
3. Trey Herr and Eric Armbrust. Milware: Identification and Implications of State Authored Malicious Software," 2015. Click here.