Prezi

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in the manual

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Kenneth Geers_The Art of Cyberwar

DEF CON XX
by Kenneth Geers on 3 October 2012

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Kenneth Geers_The Art of Cyberwar

The Art of Cyberwar “…cut all telephone and road communication with the city ... exact details ... incomplete ... no reporters” NYT Syria 1982 ... Syria 2012 孫子兵法 New Pen New Sword www.wizel.com www.pna.net downloads www.wizel.com webmaster@hezbollah.org Hacker Portals You will attack … … IP addresses Bank of Israel
Tel Aviv Stock Exchange
Prime Minister’s Office Патриотизм снова Wikileaks Stuxnet NATO Cyber Centre - War Gamez Free Download by Kenneth Geers
www.ccdcoe.org/278.html Dr. Kenneth Geers NCIS Cyber Subject Matter Expert Syria Chain of Command Intelligence = Intelligence
HUMINT = HUMINT (Social Engineer)
Special Forces = Special Forces
Combat Engineer = Software Developer
Infantry = Network Penetrator
Tents = Clients, Servers
Weapons = Information Cyber Battalion Lawful Chaotic Good Evil (cc) image by anemoneprojectors on Flickr (cc) image by anemoneprojectors on Flickr (cc) image by anemoneprojectors on Flickr Appeal Assistance Will Prohibition Inspection 1 1 0 0 0 Capable Credible (cc) image by anemoneprojectors on Flickr Communicate 0 0 0 Deny Punish Security Attribution Solution 1 1 0 Logic 1 Technology Deterrence Arms Control Lawful Chaotic Good Evil Strategy Training Objectivity Tactics Command 1 1 Art of War Battlefield 0 1 1 1 1 0 1 Estonia 2007: after Just War Confidence Building Measures 1. Non-aggression pact
2. Int'l administration
3. Transparent log files
4. World CERT
5. Joint investigations Prohibition Proportionality Distinction POW ethics Surrender 1 1 0 1 0 Competence Last resort Just cause Probability Declaration 1 1 Necessity 1 1 1 0 DEF CON XX 1. Environment
Artificial, configurable
Security vs freedom
Code vs content 2. Proliferation
Blinding speed
0 Day
Defend classes of attacks 3. Proximity
Connectivity not geography
Air, sub, S Forces
App, OS, compiler, HW
Seizing cyber ground 4. Unpredictability
Change w/o warning
Must pull trigger to know
Home-field advantage 5. Advantage
Old: size, strength
New: network, anonymity
Tactical to strategic advantage 6. Flexibility
Espionage: Golden Age
Destruction: STXNT
Most powerful: propaganda 7. Attribution
Deterrence, retaliation: low credibility
Ease of entry = rising numbers
Real cyberwar, ID should be clear 8. Quiet
Covert cyber war
Retaliation in meatspace
Proportionality
Private sector vs nation-state 9. Subjectivity
Cyber defense immature
BDA calculations
Effects-based evaluation 10. Morality
Few inhibitions: no dead humans
Future target: civilians
End-state: war or peace? Like pirates
Some IT no longer supported: SCADA Trad: most wars no embed reports, 24/7 TV Private sector cannot beat nation-states
Legislation to require best practices?
Business: profit more important than security
When is inattention to security a crime? Existence of vulnerability does not justify attack
Short-term gains undermine long-term integrity
Should avoid unnecessary militarization of cyberspace The Art of Cyberwar Dr. Kenneth Geers NCIS Cyber Subject Matter Expert DEF CON XX "Rapidity is the essence of war: take advantage of the enemys unreadiness ... unexpected routes ... unguarded spots." "O divine art of subtlety and secrecy ... we learn to be invisible ... inaudible ... we can hold the enemy's fate in our hands." "A wise general makes a point of foraging on the enemy ...
one cartload of the enemy's provisions is equivalent to twenty of one's own." "There are five ways of attacking with fire: burn soldiers in their camp; burn stores; burn baggage trains; burn arsenals and magazines; hurl dropping fire amongst the enemy." "Supreme excellence consists in breaking the enemy's resistance without fighting." "The Art of War teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable." "The natural formation of the country is the soldier's best ally ... shrewdly calculating difficulties, dangers and distances constitutes the test of a great general." "The general is skillful in attack whose opponent does not know what to defend; he is skillful in defense whose opponent does not know what to attack." "The general who is skilled in defense hides in the most secret recesses of the earth." "If you know the enemy and know yourself, you need not fear the result of a hundred battles." "The best thing of all is to take the enemy's country whole and intact." Georgia 2008: during Arab Spring: before < = #Tunisia
#Egypt
#Libya
#Yemen
#Syria
# ? < sql injection Information Space Attack Space Wikileaks Stuxnet 2346.98
64.89 Strategic Cyber Security
See the full transcript