Kenneth Geers_The Art of Cyberwar

The Art of Cyberwar “…cut all telephone and road communication with the city ... exact details ... incomplete ... no reporters” NYT Syria 1982 ... Syria 2012 孫子兵法 New Pen New Sword www.wizel.com www.pna.net downloads www.wizel.com webmaster@hezbollah.org Hacker Portals You will attack … … IP addresses Bank of Israel Tel Aviv Stock Exchange Prime Minister’s Office Патриотизм снова Wikileaks Stuxnet NATO Cyber Centre - War Gamez Free Download by Kenneth Geers www.ccdcoe.org/278.html Dr. Kenneth Geers NCIS Cyber Subject Matter Expert Syria Chain of Command Intelligence = Intelligence HUMINT = HUMINT (Social Engineer) Special Forces = Special Forces Combat Engineer = Software Developer Infantry = Network Penetrator Tents = Clients, Servers Weapons = Information Cyber Battalion Lawful Chaotic Good Evil (cc) image by anemoneprojectors on Flickr (cc) image by anemoneprojectors on Flickr (cc) image by anemoneprojectors on Flickr Appeal Assistance Will Prohibition Inspection 1 1 0 0 0 Capable Credible (cc) image by anemoneprojectors on Flickr Communicate 0 0 0 Deny Punish Security Attribution Solution 1 1 0 Logic 1 Technology Deterrence Arms Control Lawful Chaotic Good Evil Strategy Training Objectivity Tactics Command 1 1 Art of War Battlefield 0 1 1 1 1 0 1 Estonia 2007: after Just War Confidence Building Measures 1. Non-aggression pact 2. Int'l administration 3. Transparent log files 4. World CERT 5. Joint investigations Prohibition Proportionality Distinction POW ethics Surrender 1 1 0 1 0 Competence Last resort Just cause Probability Declaration 1 1 Necessity 1 1 1 0 DEF CON XX 1. Environment Artificial, configurable Security vs freedom Code vs content 2. Proliferation Blinding speed 0 Day Defend classes of attacks 3. Proximity Connectivity not geography Air, sub, S Forces App, OS, compiler, HW Seizing cyber ground 4. Unpredictability Change w/o warning Must pull trigger to know Home-field advantage 5. Advantage Old: size, strength New: network, anonymity Tactical to strategic advantage 6. Flexibility Espionage: Golden Age Destruction: STXNT Most powerful: propaganda 7. Attribution Deterrence, retaliation: low credibility Ease of entry = rising numbers Real cyberwar, ID should be clear 8. Quiet Covert cyber war Retaliation in meatspace Proportionality Private sector vs nation-state 9. Subjectivity Cyber defense immature BDA calculations Effects-based evaluation 10. Morality Few inhibitions: no dead humans Future target: civilians End-state: war or peace? Like pirates Some IT no longer supported: SCADA Trad: most wars no embed reports, 24/7 TV Private sector cannot beat nation-states Legislation to require best practices? Business: profit more important than security When is inattention to security a crime? Existence of vulnerability does not justify attack Short-term gains undermine long-term integrity Should avoid unnecessary militarization of cyberspace The Art of Cyberwar Dr. Kenneth Geers NCIS Cyber Subject Matter Expert DEF CON XX "Rapidity is the essence of war: take advantage of the enemys unreadiness ... unexpected routes ... unguarded spots." "O divine art of subtlety and secrecy ... we learn to be invisible ... inaudible ... we can hold the enemy's fate in our hands." "A wise general makes a point of foraging on the enemy ... one cartload of the enemy's provisions is equivalent to twenty of one's own." "There are five ways of attacking with fire: burn soldiers in their camp; burn stores; burn baggage trains; burn arsenals and magazines; hurl dropping fire amongst the enemy." "Supreme excellence consists in breaking the enemy's resistance without fighting." "The Art of War teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable." "The natural formation of the country is the soldier's best ally ... shrewdly calculating difficulties, dangers and distances constitutes the test of a great general." "The general is skillful in attack whose opponent does not know what to defend; he is skillful in defense whose opponent does not know what to attack." "The general who is skilled in defense hides in the most secret recesses of the earth." "If you know the enemy and know yourself, you need not fear the result of a hundred battles." "The best thing of all is to take the enemy's country whole and intact." Georgia 2008: during Arab Spring: before < = #Tunisia #Egypt #Libya #Yemen #Syria # ? < sql injection Information Space Attack Space Wikileaks Stuxnet 2346.98 64.89 Strategic Cyber Security