PrEP: A Framework for Malware & Cyber Weapons
The Journal of Information Warfare, Vol.13, No.1, February 2014
20 Pages Posted: 26 Oct 2013 Last revised: 5 Apr 2015
Date Written: December 20, 2013
The contemporary debate over cyber security rests on a set of linguistic artifacts that date from the Cold War. Attempting to glean a starting point for debate over use of terms like “cyber attack” or “cyber war” is difficult, largely because there is little agreement on what constitutes a weapon in cyberspace, be it “weaponized code” or black hats with root access. For information security professionals, this has led to a proliferation of different taxonomies tied to proprietary anti-virus systems. To social science researchers and the policy community, the result has been unclear definitions and vague terminology, which hinder academic progress and the development of effective policy. This paper proposes a new framework to classify malware and cyber weapons based on the different pieces of malicious code that constitute them, then evaluates competing definitions of cyber weapons, and concludes with implications for this approach. As developed in this paper, Cyber Weapons are any combination of three software components: a Propagation Method, one or several Exploits, and a Payload designed to create destructive physical or logical effects. Defining malware requires a difficult balance between technical specificity and conceptual breadth. The PrEP framework attempts to combine these, while building out a set of concepts useful to both research and policy communities.
Keywords: Cyber weapon, intrusion, cyberdefense, exploit, payload, malware
Suggested Citation: Suggested Citation