Mary Manjikian. Obstacles to the Development of a Universal Lexicon for Cyberwarfare.

mmanjikian@regent.edu[Document title]

Obstacles to the Development of a Universal Lexicon for Cyberwarfare

Analysts have produced scholarship regarding the internet and about threat and conflict in the
cyber arena for several decades already. However, there still persists a lack of clarity regarding
terminology. Here I present six reasons for the development of competing terms and concepts and
describe obstacles to the development of a universal lexicon for cyberwarfare. I also provide Page | 1
examples of terms which are ambiguous. Finally, I describe why this problem is significant and
make some suggestions for how it might be tackled in the future.
1. The Interdisciplinary Nature of Cyber Inquiry
In considering the problem of terminology, we can point first to the interdisciplinary nature of the
field which examines cyberspace. A quick search of a library database brings up 140 journals with
the word internet in their titles from fields as diverse as librarianship, information law, internet
regulation, internet retailing, journalism, technology studies, military studies and psychology.
Each field has evolved separately in the past twenty years creating its own journals, experts and
conferences. And each field has created its own terms, assigning its own definitions and meanings.
However, scholars have also reached across disciplines, importing concepts across fields. This
process has not occurred logically. Sometimes terms are borrowed from one field like
philosophy and applied in ways which either change or broaden the definition. Sometimes the
borrowing is simply a bad fit, while in others the lack of attention to detail has created situations
where many scholars use a term but all define it differently.
The Problem with Defining Autonomy/Responsibility
For example, military personnel concerned with robotic warfare often speak of autonomy and
responsibility. Writers speak of attributing a strike to a particular party (an individual, organization
or state) which would then be held legally and ethically responsible for the action. Such arguments
conflate philosophical and legal notions of responsibility although they are not the same.
In philosophy, responsibility is the subject of a rich discourse with a more nuanced meaning,
resting on specific requirements that the subject be aware of himself as the actor carrying out an
action, and being cognizant of his or her actions. (Mele) This meaning is used when lawyers speak
of someone being competent to stand trial. In order to be declared competent one must meet
two requirements: to demonstrate an awareness of cause and effect (i.e. understanding that if you
shoot someone with a gun, that person will be gravely injured as opposed to, for example,
thinking that he is in a video game or other scenario in which people are shot but not injured) and
to demonstrate that you have agency that you can control your own actions (i.e. someone who
believes that he is being controlled by demons or aliens and that he is powerless to resist their
orders, would not be considered competnent).
In considering whether a robot could be declared responsible for a war crime or atrocity, military
ethicists have focused on legal definitions of autonomy and responsibility, tying them back to the
Just War notion of rightful authority. Within international law, an action is in accordance with
the Law of Armed Conflict (LOAC) if one can show rightful authority -- the clear establishment
Mary Manjikian. Obstacles to the Development of a Universal Lexicon for Cyberwarfare.
mmanjikian@regent.edu[Document title]

of accountability and a chain of command. Thus, analysts focused on whether an action was
traceable back to a robot or a machine acting autonomously to make decisions. If so, then the
agent or its creator/programmer can be held legally responsible. But philosopher Luciano Floridi
distinguishes between moral accountability and moral responsibility. Moral accountability refers
to a situation where a non-human agent, like a corporation, could be held accountable and asked
Page | 2
to pay damages if, for example, consumers were harmed in using a product. However, he argues
that only a human can be morally responsible because of the criteria advanced by philosophers
above. (Miller, Wolf, Grodzinsky, 101)
As this short discourse has shown, policymakers do not all use the same definitions of autonomy
and responsibility and as a result, there is confusion regarding policy.
Within the field of military cyber operations, we can identify the following terms which have been
borrowed, along with the fields which they have been borrowed from:
TERM Academic Disciplines
Autonomy, Responsibility, Philosophy, Law, Political
Robot Science
Jurisdiction, Attribution Law
(Cyber) Pearl Harbor, (Cyber) History
911
Information environment Librarianship
Code, Malicious Code, Computer Science
DDOS, exploit, zero day,
ransomware, open source
Deterrence, cyber defense Political Science,
International Relations
Liability Insurance

2. Just Add Cyber: Borrowing Terms from Preexisting Literature

In addition to borrowing from other fields, we can point to a second problem. Scholars also
routinely take existing terms from their own fields, graft the term cyber onto the term and create
new concepts like cyber threat, cyber conflict, cyber-attack or cyber deterrence. Analysts may also
speak of virtual attacks, virtual threats, and virtual conflicts.
However, older concepts do not always fit exactly when grafted onto the cyber environment.
Cyber-attacks are not merely conventional attacks which occur within cyber space. Rather, cyber-
attacks may differ from conventional attacks in terms of the time frame in which they are carried
out, the types of actors involved, and the ability to measure and observe the damage which they
create. Borrowing of terms from earlier scholarship has also helped to create conceptual confusion.
The Problem with Deception in the Cyber Arena
Today, we can consider the conceptual confusion surrounding deception in cyberspace. The
concept spans a number of different fields. Within the military community, psychologists use
Mary Manjikian. Obstacles to the Development of a Universal Lexicon for Cyberwarfare.
mmanjikian@regent.edu[Document title]

deception to refer to types of psychological operations, aimed at furnishing an enemy with false
information. US Joint Publication 3-13.4 defines military deception as:
Those actions executed (at strategic, tactical and operational levels) to
deliberately mislead adversary decision makers as to friendly military capabilities,
intentions, and operations, thereby causing the adversary to take specific actions Page | 3
(or inactions) that will contribute to the accomplishment of the friendly mission.

Here deception is presented as defensive in nature, and an activity which occurs in wartime or
peacetime. Deceptive operations are often specific to a particular conflict, and are deliberate or
planned. Deception can occur on the operational, strategic and tactical levels. Actions may be
carried out by soldiers or civilians. The use of such "stratagems and ruses of war is legal
according to the Law of Armed Conflict (Thomas and Duncan).
However, the intelligence community also uses deception, but here deception actually has two
meanings. It may refer to deliberate actions taken at a specific time towards a specific target or it
may refer to a more general strategy of disinformation in which one cannot necessarily point to a
specific act of deception, or a specific perpetrator or target.
The IC refers to acts of deception in, for example, monitoring events like compliance with
international treaties and may describe a situation where an adversary acted deceptively in
violating a treaty and covering up evidence that it did so. ACTON, reference. These acts are
illegal within international law.
The IC also describes strategic deception where an adversary tries to mislead enemies as to his
intentions, thus depriving them of strategic warning through securing the element of surprise.
(CIA) Historic literature focusses on practices like Soviet disinformation campaigns, in which
false information was disseminated in order to mislead analysts as to a policymakers intentions.
Here, deception represents a type of covert operation, which is not acknowledged by a state and
thus, arguably it is quasi-legal. Some types of deception are also justifiable from an ethical
perspective while others are not.
Within the cyber arena, analysts draw upon many different literatures. In their work, Matestki and
Devost draw upon military deception, the literature of the intelligence community, and even work
on gaming strategy which purports to explain how people win at games like poker through
misleading their opponents. They marry together the two notions of diffuse (or general) deception,
and targeted, deliberate deception. In describing defense by deception, they suggest that system
architects plant false targets (honeypots) to mislead/misdirect adversaries, so they pursue the
wrong target and waste resources. Here, the defender may not have a specific adversary in mind
unlike the DOD and IC definitions, in which one attempts to dissuade a specific adversary. In
addition, the time frame during which honey pots might be deployed may be longer than the time
frame of a typical military conflict. However, these activities parallel the deceptive actions
described in the DOD document, in that they are presumably legal.
Mary Manjikian. Obstacles to the Development of a Universal Lexicon for Cyberwarfare.
mmanjikian@regent.edu[Document title]

For many analysts, including Climek. deception in cyberspace refers only to defensive operations.
Climek defines cyber deception as:
A deliberate and controlled act to conceal our networks, create uncertainty and
confusion against the adversarys efforts to establish situational awareness, and to
influence and misdirect adversary perceptions and decision processes. Page | 4

However, Mateski and Devost also use the term deception to refer to activities associated with
specific psychological operations -- in, for example, claiming that corporations should
intentionally attribute an attack to the wrong class of attacker, in order to throw the original
adversary off. Here, deception more closely parallels the Soviet disinformation tactics described
above, and the authors appear to be borrowing from the IC literature, rather than the DOD
literature.
Still others used deception to refer to specific practices within cyberspace, many of which are
offensive operations, and many of which often overlap with criminal activity. Such practices
include spoofing, computer fraud and masquerading, which describes a situation where an
automated program might attempt to psychologically manipulate people through pretending to be
a human (i.e. The making of robocalls, automated robots who participate in online chatrooms and
attempt to steer the conversation, and the use of twitterbots). (Miller, Wolf and Grodzinsky)
Deception is also involved in installing malware and carrying out rootkit- man in the middle
attacks. Such acts may be illegal and unethical.
Finally, analysts have described the legal practice of penetration testing as involving deception,
since the pen tester often uses social engineering in order to gain awareness of the weaknesses and
vulnerabilities within a computer system, which he may have been hired to assess. (Pierce et al.)
Social engineering is defined as the practice of obtaining computer information by manipulating
legitimate users. It is a form of deception in which testers might impersonate legitimate users
and make inquiries about passwords or send emails inviting a user to click on a link. It relies less
on technology and more on the human element in getting access to a system. (Allen) Because
social engineering involves deception, it raises ethical issues.
Thus, within the cyber arena, deception is a broad term, ill defined, which is used in a variety of
different ways. Here, the best way to better define the term might be to disaggregate it coming
up with specific definitions of defense and offensive deceptive practices, as well as defining what
constitutes an act of cyber deception. It would also be useful to define what types of acts of cyber
deception are legal and illegal, according to US and international law, as well as to define which
acts are considered unethical, and to establish criteria for determining their ethicality.
The Problem of Deterrence
We might also consider the term cyber deterrence which is widely used by military planners.
Here Haley suggests that it is appropriate to superimpose the theory of deterrence upon the cyber
arena. He simplifies the notion of deterrence, writing that in deterrence theory, the objective is
to eliminate attacks by making costs and consequences outweigh benefits. If a nation is able to
mount a strong defense and create a credible threat of retaliation, then the theory suggests that
Mary Manjikian. Obstacles to the Development of a Universal Lexicon for Cyberwarfare.
mmanjikian@regent.edu[Document title]

attackers will be deterred. However, he then goes on to explain that the parallel between
conventional deterrence in an arena like nuclear deterrence and the notion of nuclear deterrence is
not exact. He describes, for example, the fact that all parties to a conflict are known in speaking
of nuclear deterrence, while in the area of cyber deterrence, the parties to the conflict may not be
identified and the attack may not be attributed to a particular individual. In her work, Manjikian
Page | 5
goes on to note that traditional theories of deterrence are based on a paradigm in which the players
are known, the costs and benefits of attack are known to all parties, and the time frame is specified.
In contrast, the cyber-attack scenario may take place over a period of months or even years; there
may be multiple, iterative attacks in which the benefits may accrue over time to the attacker while
weakening the defender; and attackers may change identities, cooperative with one another, or
share information. (Manjikian, 2016) For this reason, she suggests abandoning the quest to apply
the nuclear deterrent scenario, literature and terminology in the cyber arena, since continuing to
do so merely sows conceptual confusion.
Here we can also consider the definition of cyber warfare. The legal site USlegal.com offers the
following definition of cyberwarfare. Cyberwarfare is:
An armed conflict conducted in whole or part by cyber means. Military
operations conducted to deny an opposing force the effective use of cyberspace
systems and weapons in a conflict. It includes cyber-attack, cyber defense, and
cyber enabling actions including . . . attack through cyberspace.
In this instance, cyberwarfare is not seen as a separate type of warfare, but is rather described as
an extension of conventional warfare, in which the means by which the actions are conducted is
through cyber action in the cyber arena.
We can compare this definition to the one put forth by the Rand Corporation:
Cyber warfare involves the actions by a nation-state or international organization
to attack and attempt to damage another nation's computers or information
networks through, for example, computer viruses or denial-of-service attacks.
The Rand definition, in contrast to the US Legal definition, focusses on the target of activities,
terming an action to be an act of cyberwarfare if it results in damage to another nations critical
infrastructure. The definition put forth by the Rand Corporation is unusual in that it does not
reference the notion of armed conflict. While the US Legal definition implies though it does not
state directly -- that cyberwarfare is an activity engaged in by military personnel who are
presumably professional soldiers (not civilians) and who are doing so as part of their job the
Rand Corporation is broad enough to encompass the activities of civilians, including both state
and nonstate actors. It does not include the term armed conflict anywhere in the definition.
Finally, we can consider an editorial which ran in the British newspaper The Guardian in fall of
2016. In this article, the author uses the term cyberwarfare in relation to the allegations that
Russian hackers working for the Russian government carried out attacks on the US Democratic
National Committee aimed at manipulating the outcome of a US presidential election by releasing
compromising information on one of the two candidates. The event in question was not an armed
Mary Manjikian. Obstacles to the Development of a Universal Lexicon for Cyberwarfare.
mmanjikian@regent.edu[Document title]

conflict nor was it a military operation, nor was it aimed at denying the opposing force the
effective use of cyberspace systems and weapons in a conflict. Therefore, it does not meet the
US Legal definition of an act of cyberwarfare. The events described also do not meet the definition
put forth by the Rand Corporation, since they were not specifically aimed at attacking or
attempting to damage another nations computers or information networks. Instead, the attacks,
Page | 6
if we may call them that, constitute an act of political doxing, which the cybersecurity analyst
Schneier defines as the practice of publishing personal information about people without their
consent. Schneier notes that the term comes from documents and originated in hacker culture.
It was first used to refer back to the actions of the group Anonymous, back in 2001.
The Russian hacking example suggests that the definition of cyberwarfare, and the definitions
regarding what constitutes an act of cyberwar are likely to continue to change and evolve over
time, as new techniques of cyberwarfare are discovered and created. Again, it would be useful to
disaggregate the term, as well as to perhaps distinguish between armed cyber conflict (carried out
by military personnel and contractors) as well as non-armed cyber conflict, which might
encompass actions such as political doxing, carried out by a variety of actors.
3. Differences Within Government Agencies
While academia thus seems to be facing a lack of conceptual clarity, the problem does not end
there. In addition, within the United States government, in many instances, different agencies do
not have a unified definition of key concepts. For example, the Information Technology law Wiki
provides several different definitions of cyber threat. The definitions are taken from the US
Department of Homeland Security Privacy Impact Assessment for an exercise carried out in 2010;
the US Computer Emergency Response Team (CERT) document Partnering for Cyber
Resilience and the 2016 White House National Cyber Security Strategy.
The US Department of Homeland Security defines cyber threat as:
any identified effort directed toward access to, exfiltration of, manipulation of, or
impairment to the integrity, confidentiality, security, or availability of data, an
application, or a federal system, without lawful authority.
The US CERT defines a cyber-threat as
Any potential cyber events that may cause unwanted outcomes, resulting in harm
to a system or organization. Threats may originate externally or internally and may
originate from individuals or organizations.
Finally, the National Cyber Security Strategy defines a cyber threat as
anything capable of compromising the security of, or causing harm to, information
systems and internet connected devices (to include hardware, software and
associated infrastructure), the data on them and the services they provide, primarily
by cyber means.
Mary Manjikian. Obstacles to the Development of a Universal Lexicon for Cyberwarfare.
mmanjikian@regent.edu[Document title]

These three definitions differ in key ways: All agree that something is a cyber threat even if it has
not yet caused any damage. That is, it may be an incipient threat. An attempt also does not need
to be successful to be a threat, according to all definitions.
However, the CERT definition focusses on the events and impacts in measuring whether or not
something is a threat, while DHS focusses on the creators intent. (The CERT definition thus Page | 7
encompasses a theoretical situation in which the threat might be accidental, with no damage
intended in the manner of an industrial accident). The National Cybersecurity strategy uses the
broadest definition.
All definitions also stop short of identifying who specifically must be the owner or administrator
of a system. In this definition, a cyber threat may be against government property, commercial
property or individual property. The definition is also broad enough to include many different
types of scenarios. Here, again we can consider the possibility of a hacker breaking into a
computer on which a state keeps information such as voter registration records. In this case, voter
registration records would be considered information systems or data, and thus a state would be
justified in asking the Department of Homeland Security for resources in order to safeguard this
data.
In this case, it appears that the broad definitions, many of which use the term any (any potential
cyber events; anything capable of . . .) have been written in order to encompass a variety of
scenarios, some of which we cannot even conceptualize of, but which might be possible in the
future. (For example, the national Cyber Security Strategy definition is broad enough to
encompass a science fiction type scenario where a hacker is able to compromise an individuals
medical device, such as a pacemaker or an insulin pump.)
4. The Difficulty of Defining Terms Internationally
A look at international documents adds even more confusion. As Manjikian argues in her analysis
of Russian and Chinese internet policy, both nations have issued their own white papers on the
internet and its role in society. In these documents, both the Russian and Chinese white papers
both include a much broader definition and description of cyber threats which includes ideas
like spiritual pollution and western ideas. (Manjikian, 2013). Here the threat may not be to
critical infrastructure, and may not be associated with societal disruption. Instead, the threat may
be a threat to national identity. Here it is the existence of the internet itself, and the openness and
transparency it provides which is described as threatening rather than the specific agentic actions
of particular actors, state or nonstate. The threat of western ideas could emanate as much from
movies and television as it does from a foreign military or hacker collective.
Internationally, the Tallinn Manual, drawn up in 2009 through the Tallinn manual process, is a
document produced at the NATO Cooperative Cyber Defense Center in Tallinn, Estonia. The
document is intended to be used as a cornerstone in developing international law in regard to cyber
conflict. However, this document does not actually define cyber threat, although it mentions that
a cyber operation that constitutes a threat or use of force against another nation is unlawful. (42)
Mary Manjikian. Obstacles to the Development of a Universal Lexicon for Cyberwarfare.
mmanjikian@regent.edu[Document title]

And The United Nations does not presently have a definition of cyber warfare (Beaver). This is
not entirely surprising since the lack of international consensus on many key terms, and the
potential for politicizing a discussion by defining terms has thus far kept the UN from defining
many terms, such as terrorism.
As Maurer points out, the choice of which term to use and how to define that term is often a Page | 8
political decision. Choosing one term rather than another can be seen as making a policy statement
and a group might thus consciously decide not to use a term. He notes that the International
Telecommunications Union, the body responsible for regulating the technological backbone of the
internet, has consciously not defined cyber-attack and cyberwarfare, for example, because it wants
to focus on peaceful uses of the internet, rather than acknowledging it as an arena of conflict.
We may expect that even in the future, it will be difficult to come up with widely accepted
international definitions of key terms.
5. How Professional Organizations Define Terms
Finally, professional organizations like the Association of Computing Machinery the worlds
largest organization of professional computer scientists might be expected to play a leading role
in defining these terms. The ACM is widely known for its Code of Conduct, which defines ethical
behavior for all professional computer scientists (in much the same way that the AMA defines
ethical behavior for physicians). However, the code as it currently stands states what specifically
is expected of members of computer science profession but does not make explicit policy
statements such as one should not participate in the conduct of cyber warfare. The document
thus does not define key terms but rather details what is expected of members in terms of character
and integrity. The ACMs approach differs then from a code of conduct for biologists in the United
States and the European Union which contains an explicit repudiation of types of behavior like
making biological weapons, or statements by groups like the AMA explicitly repudiating torture.
As this brief outline shows, there is therefore no one source where one can consult to find a
definitive understanding of any particular term. In 2012, the United States Department of Defense
attempted to create what it termed a join cyber operations lexicon, which would standardize the
ways in which key cyber terms were defined and understood by all of the US military services
(Army, Navy, Air Force, Marines). In acknowledging the problem, General James Cartwright
wrote, In short, cybers unique vocabulary doesnt discretely describe the nuances of its mission
sets, lend itself to established legal interpretations of authorities and limitations or reflect the
standardized vernacular of other domains.
While the Joint Operations lexicon was undoubtedly of use to those within the military, the
definitions which it created were in many ways too military-specific to be useful to those in other
fields, or to translate well into those fields. For example, the DOD Manual defines a cyber network
attack as: a category of fires employed for offensive purposes in which actions are taken through
the use of computer networks to disrupt, deny, degrade, manipulate or destroy information resident
on the target information system or the computer networks or the computer network itself. (3)
Mary Manjikian. Obstacles to the Development of a Universal Lexicon for Cyberwarfare.
mmanjikian@regent.edu[Document title]

These definitions are largely tactical, rather than strategic, and may ultimately be most useful for
talking within the group but not for carrying out discussion with diverse audiences including the
media, policymakers, allies and adversaries.
6. Defining Terms in a Rapidly Changing Field
Page | 9
Finally, we must consider the problem of emerging technologies. An emerging technology is one
where it is often difficult to predict the impact it will have in the future, and therefore it is one
where policymakers know they must be aware of the new technology since it will require
regulation. However, the long-term effects of a technology may be unclear or ambiguous, and
thus its difficult to think about the challenges which might emerge, or the regulatory regimes
which will need to develop. Halaweh includes cloud computing, ambient intelligence and virtual
reality social networking websites among emerging technologies describing them as
technologies which may be significant and socially relevant in ten to fifteen years.
As we saw in the discussion of cyber-attacks, new technologies create new ways of carrying out
activities, and it may be difficult to decide how an activity like Russia hacking into the Democratic
National Committees files should be classified, since the original definition of cyber-attack did
not conceptualize of this as a possibility either politically or technologically.
Why it Matters
As we have seen in the short essay, the lack of specific definitions is problematic in terms of
assigning blame and establishing jurisdiction. A lack of clarity regarding the nature of what has
transpired makes it difficult to decide which body of law should be used to regulate activities and
design responses when a breach has occurred. Writing in 2012, Yale University law professors
Crootoff and Hathaway argued that the term cyber-attack was poorly defined, and that one could
not therefore argue that all cyber-attacks by states constituted acts of war and should therefore be
the subject of international law, including the Law of Armed Conflict.
As we have also seen in this paper, the response of the legal community has been frequently to
disaggregate a term, as Crootoff and Hathaway do, creating sub-categories of cyber-attacks, some
of which would be subject to international law, while others might more properly be regulated by
means of criminal law.
We should expect to see more situations where an industry or profession disaggregates a term,
establishing new classes of cyber-attack, for example, We may look to the evolving profession of
cyber liability insurance policy underwriting as an area where clear definitions will be crucial as a
starting point for establishing liability. This may provide our best hope for establishing clearer
and more universal definitions in the future.
Mary Manjikian. Obstacles to the Development of a Universal Lexicon for Cyberwarfare.
mmanjikian@regent.edu[Document title]

Allen, M. (2006) Social Engineering: A Means to Violate a Computer System. SANS

Institute Reading Room, London. Available at http://www.sans.org/reading-
room/whitepapers/

Beaver, M. (2016) The United Nations and Cyberwarfare. Global Risk Advisors,London.
Page | 10
Available at https://globalriskadvisors.com/blog/united-nations-cyber-warfare/ Accessed
January 25, 2017.

Cartwright, J. (2011) Joint Terminology for Cyberspace Operations. Department of

Defense, Washington, DC. Available at http://www.nsci-
va.org/CyberReferenceLib/2010-11-
joint%20Terminology%20for%20Cyberspace%20Operations.pdf Accessed November 2,
2016.

Central Intelligence Agency Library (1996) Deception. Available at

https://www.cia.gov/library/center-for-the-study-of-intelligence/kent-
csi/vol16no4/html/v17i1a05p_0001.htm Accessed January 26, 2017.

Climek, D. No Date. Cyber Deception, Journal of Cybersecurity and Information

Systems Vol 4, No. 1. Available at https://www.csiac.org/journal-article/cyber-deception/
Accessed November 1, 2016.

Crootoff, R. and Hathaway, O. (2012) The Law of Cyber Attack. Yale Law School
Scholarship Repository, New Haven, CT. Available at
http://digitalcommons.law.yale.edu/fss_papers/3852/ Accessed Jan 1, 2017.

Gallagher, S. (2014) NSAs automated hacking engine offers hands-free pwning of the
world. Ars Technica. Available at arstechnica.com/information-technology/2014/nsas-
autom Accessed October 21, 2016.

Goodman, M. (2016) Future Crimes: Inside the Digital Underground and the Battle for
a Connected World. Penguin, New York.

Halaweh, M. 2013. Emerging Technology: What is it? Journal of Technology

Management and Innovation Vol 8, No. 3, pp. 108-116.

Human Rights Voices. No Date. UN 101: There is no UN Definition of Terrorism.

Available at http://www.humanrightsvoices.org/EYEontheUN/un_101/facts/?p=61
Accessed November 18, 2016.

Klion, D. The US-Russia discord will be an ugly fact for the next president. The
Guardian. October 9, 2016. Available at https:
Mary Manjikian. Obstacles to the Development of a Universal Lexicon for Cyberwarfare.
mmanjikian@regent.edu[Document title]

//www.theguardian.com/commentisfree/2016/oct/09/us-russia-discord Accessed
November 8, 2016.

Manjikian, M. (2013) Threat Talk: Comparative Politics of Internet Addiction.

Routledge, New York.
Page | 11

Manjikian, M. (2016) Deterring Cybertrespass and Securing Cyberspace: lessons from

United States Border Control Strategies. US Army War College Strategic Studies
Institute, Carlisle, PA.

Mateski, M. and Devost, M.(2014) The Devil Does not exist: The Role of Deception in
Cyber. Blackhat, Las Vegas. Available at https://www.blackhat.com/docs/us-
14/materials/us-14-Mateski-The-Devil-Does-Not-Exist-The-Role-Of-Deception-In-
Cyber.pdf Accessed November 22, 2016.

Maurer, T. (2011) Cyber norm emergence at the United Nations. Available at

https://www.acm.org/about-acm/acm-code-of-ethics-and-professional-conduct accessed
December 23, 2016.

Mele, A (2006) Fischer and Ravizza on Moral Responsibility. The Journal of Ethics
Vol 10, No. 3, pp. 283-294.

Miller, K; Wolf, M and Grodzinsky, Frances (2015) Behind the Mask: Machine
Morality. Journal of Experimental and Theoretical Artificial Intelligence Vol. 27, No.
1, pp. 99-107.

Pierce, J; Jones, A and Warren, M. (2006) Penetrating Testing Professional Ethics: A

Conceptual Model and Taxonomy. Australasian Journal of Information Systems Vol
13, No. 2, pp. 193-200.

Rand Corporation (No Date) Cyberwarfare. http://www.rand.org/topics/cyber-

warfare.html

Schneier, B. (2015) Doxing as an Attack. Schneier on Security Blog. Available at

https://www.schneier.com/blog/archives/2015/01/doxing_as_an-at.html. Accessed
December 9, 2016.

Thomas, A. and Duncan, J. Eds. (No Date) Annotated Supplement to the Commanders
Handbook on the Law of Naval Operations, International Law Studies Vol. 73.

US Legal, Inc. (No date) Act of War Law and Legal Definition. Available at
https://definitions.uslegal.com/a/act-of-war/ Accessed January 25, 2017.
Mary Manjikian. Obstacles to the Development of a Universal Lexicon for Cyberwarfare.
mmanjikian@regent.edu[Document title]

Page | 12