User:Stephen.defibaugh/Cyberattack/Jmhogg Peer Review

General info

 * Whose work are you reviewing?

Stephen.defilbaugh


 * Link to draft you're reviewing
 * User:Stephen.defibaugh/Cyber-kinetic attack


 * Link to the current version of the article (if it exists)
 * Cyber-kinetic attack
 * Note: I was assigned to review the article for Cyberattack, which Stephen did not do an update for. As Cyber-kinetic attack is the only draft I can find for him, I am reviewing that to ensure that he gets feedback on the formatting at the least, and the content if he decides to proceed further with this article topic.

Lead
In the lead, you removed the citation describing a cyber-kinetic attack from the first sentence. I would suggest adding it back in at the end of the first sentence, as well as probably citing Joint Publication 3-12 or JP 3-13 in their definition of Offensive Cyberspace Operations since you're adding "deny, disrupt, degrade, and destroy," which are very much in the vernacular of DoD phrasing to describe cyberattacks.

Content
I like the content that you've added, but I think it might do to be organized a bit differently, which I won't cover in this section. I'm not personally familiar with an Aurora worm, but I am familiar with Operation Aurora (Operation Aurora). If that's what you were referring to, I don't think that meets the criteria of a cyber-kinetic attack, because it resulted in theft of intellectual property and did not deny, disrupt, degrade, or destroy data or the victims' access to that data. If you are referring to something else, I think you should definitely go into more detail about it.

Sources and References
I think your sourcing is a bit underdeveloped, and could stand to be fleshed out more for the paragraphs you've added. At the very least, there are a number of key terms I think you should link to their relevant Wikipedia articles (Though I seen you've done that twice for Stuxnet, and I believe the convention is to only do that once per term).

Organization
My main constructive criticism regards organization. I think you would be very well served to remove the section on Stuxnet/Aurora from the "Crossing the cyber-physical divide" section, and either add a section dedicated to Deny/Disrupt/Degrade/Destroy, or one section for each where you spell out what they mean and provide real world examples of how they have happened with references. Deny/Degrade/Disrupt have some overlap, but as possible examples:


 * Deny: Prevent access to systems or data without destroying them. Ransomware seems a pretty clear example, and there are numerous recent examples you could cite from ongoing news (e.g., REvil).
 * Disrupt: Breaking the flow of information. DDoS fits the bill, as my understanding of disruption is that it's more temporary than denial. Lazarus Group is known to do this for ransom, and you also have Lizard Squad, as well as the Chinese government reportedly targeting Hong Kong dissidents (https://www.zdnet.com/article/china-resurrects-great-cannon-for-ddos-attacks-on-hong-kong-forum/)
 * Degrade: Decreasing overall effectiveness. DDoS could again fit the bill, as could anything that eats up a lot of bandwidth or processing power. So arguably coinminers, data scrapers, or anything that does man-in-the-middle actions which limit capabilities.
 * Destroy: Actual destruction of systems or data that prevent the victims from being able to access them. Shamoon did this to Saudi Aramco, the Guardians Of Peace (Lazarus Group) did this to Sony, Stuxnet did this to the Iranian centrifuges at Natanz.

Overall I think you have a very interesting topic and I'm excited to see how the editors like it.

-Justin