Codex - Building Blocks

1. What is code?a. Computer language consisting of instructions and informationb. Example: A software developer writes code for a new program in one of a variety oflanguages, such as C#. Eventually, all instructions to the computer are converted tobinary machine language, zeros and ones. 

2. What makes up a network?a. Two or more devices connected togetherb. Example: A Wi-Fi network wirelessly links computers, phones, and tablets to eachother and to the Internet via a router. 

3. What is an adversary (or threat actor)?a. A group or individual with the intent to carry out harmful activitiesb. Example: In 2015, an adversary targeted the United States Office of PersonnelManagement.
 
4. What is an Advanced Persistent Threat (APT)?a. An adversary characterized by greater expertise, time, and resources, often capable ofconducting campaigns over a sustained periodb. Example: APT1 is a well-known intruder into a variety of systems. 

5. What is an insider threat?a. An adversary that is within—rather than outside—the targeted organizationb. Example: The Maroochy, Australia, sewage system, controlled by a computer system,failed due to an operation carried out by a disgruntled former employee.
 6. What is an intrusion?a. An intrusion occurs when an adversary gains unauthorized access to a computersystem, and usually acquires the ability to either read data from the system or executetheir own codeb. Example: The Office of Personnel Management suffered an intrusion resulting in aloss of data in 2015. 
7. What is an intrusion set or campaign?a. A series of related intrusions, often against similar targets, likely conducted by thesame actor, often using similar techniquesb. Example: A number of intrusions against Tibetan-related targets were linked to anintrusion set called GhostNet. 
8. What is an indicator of compromise?a. Forensic evidence that an intrusion has occurred. Frequently divided intoi. Atomic indicators, which are individual pieces of data, such as IP addressesii. Computed indicators, which are mathematical signatures of programs known tobe maliciousiii. Behavioral indicators, which refer to the modus operandi of a particular intruder 
9. What is computer network defense or cyber defense?a. The process of securing a network against intrusions and other malicious actionsb. Example: The United States is building tools for securing government computernetworks, known as EINSTEIN. 
10. What is computer network exploitation?a. The process of making an unauthorized intrusion into a computer network for thepurposes of copying sensitive data, often done stealthilyb. Example: The 2015 breach at OPM resulted in the copying of millions of sensitivedatabase records. 
11. What is computer network attack?a. An incident that targets the proper functioning of a computer network, such as byoverwhelming it with data to deny legitimate users’ access, destroying data necessaryfor its function, or using the system to cause physical harmb. Example: The computer network attack on Sony in 2014 wiped many systems entirely. 
12. What is cyberwar?a. The as-yet hypothetical notion that sustained strategic damage via cyber attack canbe used in lieu of physical or kinetic war as a means of achieving victory in a conflictbetween states. 
13. What is cyberwarfare?a. The ways in which cyber attacks may contribute to achieving military or political ends,in conjunction with other kinds of operationsb. Example: In 2008, in the midst of a conventional war with Georgia, Russia—orRussian sympathizers—carried out cyber attacks against Georgian targets. 
14. What is computer forensics?a. The method of examining data on a computer system as a means of detecting anintrusion or other malicious activity; often useful for attributionb. Example: The examination of logs of network data, the examination of memory onaffected computer systems, and an attempt to reconstruct the timeline of an incident. 
15. What is attribution?a. The process of identifying, technically, politically, or both, the source of an intrusionor other malicious activity. High-quality attribution blends technical data, operationalanalysis and information, and a strategic perspective. Frequently, intruders will takesteps to make attribution more difficult, such as obscuring their origins or leaving falseflagsb. Example: In response to the 2014 cyber attack on Sony Pictures Entertainment,President Obama attributed the incident to North Korea. 
16. What is the CIA Triad?a. Three important characteristics of a secure computer system:i. Confidentiality: Ensuring that data is not accessible by unauthorized usersii. Integrity: Ensuring that data is accurate and has not been maliciously orunintentionally corruptediii. Availability: Ensuring data is available to authorized users. 
17. What is resilience?a. The process of building a computer system such that it can withstand attempted, andsometimes successful, intrusions and attacksb. Example: A system with a back-up data center is more resilient to some kinds ofcyber attacks. 
18. What is Tor (The Onion Router)?a. A method of obscuring the origin and destination of internet traffic by routing itthrough a series of intermediate serversb. Example: Protestors in dissident regimes frequently use Tor to hide theircommunications. 
19. What is the Dark Web (or Tor Hidden Services)?a. A method of hosting information such that both visitors and the host can choose tobe anonymous (but need not be)b. Example: Facebook set up a hidden service in order to enable users in authoritarianregimes to connect more easily to its site.

To comment on a term, supplement an example, or add a new entry, e-mail us at digitalfutures@wilsoncenter.org.