Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Cyber-Security

Lecture presentation for the module War and Security at Royal Holloway 2014.
by

Adam Drew

on 30 March 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Cyber-Security

Cyber-Terrorism
Cyber-Privacy (Human Security)
Cyber-Security
Cyber-War
Cyber-Crime
Cy
ber-Terrorism

Financing
Cyber-War
Patriotic Hackers
Plausible Deniability
Cyber-Privacy
Provided Targets
Surveillance vs Espionage
Same methods
Justifies
The Reaction/Legislation
Is this Security?
The Human Security section of Cyber Security.
How much privacy are we willing to trade in return for security from possible threat?
Are the current trends in government surveillance posing a threat to future freedoms on the internet and with technology?
Do current government programs such as PRISM and Tempora justify their existence as tools to restrict terrorism?
What balance between secrecy and oversight should exist with such programs?
Same tech.
Expertise sharing

Intro and Facts
The Facts
The Legislation
Is this Security?
The Facts
The Reaction/Legislation
Is this Security?
The Facts
The Reaction/Legislation
Is this Security
Cyber-Crime
Betweeness Centrality
Number of shortest paths between two individuals that pass through a person of interest.
Eigenvector Centrality
Meta Data Analysis
"Duality of persons and groups" (Breiger, 1974)
Based solely on group membership.
Individual centrality weighted based on connections to other central individuals.
The Links
With Cyber-Terrorism:
Justifies

With Cyber-War:
Provides targeting for.

With Cyber-Crime:
Justified By.
Utilises same technology/methods.
The Links
With Cyber-Terrorism:
Utilises same technology/methods.

With Cyber-War:
Services for hire/state affiliation.

With Cyber-Privacy:
Justifies.
Utilises same technology/methods.
Questions:
Which do you find most worrying, cyber-crime, cyber-warfare, cyber-terrorism or cyber-suveillance?

Facts:
The majority of states now include specific mention of cyber-terrorism in anti-terrorism legislation.
Cyber-crime is estimated to cost the UK alone £27 Billion a year. (Detica, 2011)
The US created it's Cyber Command unit in 2009 under the subordinate to United States Strategic Command.
2013 Budget $212M
GCHQs Tempora program, through direct tapping of fibre optic cables collects 21PTb of data a day.
What is Cyber-crime?
UK Police Definition splits cyber-crime into three categories:
'Pure' cyber-crimes where computer systems are the target, and method of attack.
'Existing' crimes that have been transformed in scale by criminal use of the internet or computers.
Use of the internet to facilitate 'traditional' crimes.
Examples:
'Pure' Cyber-Crime
Malware designed to steal personal information, mostly financial.
At any one time infected in the region of 60,000 computers.
Generated income between $83K and $8.3B in 10 days.
Case Study: Torpig
Denial or Distributed Denial of Service Attacks (DoS/DDoS.
Theft of data.
Destruction of computers.
Law Enforcement:
UK Department
NCA
US Department
FBI
National Law:
Computer Misuse Act 1990 (UK)
US equivalent
Owning software that can be misused.
Copyright Infringement.
Any acts illegal in traditional sense.
Academic Approach:
What is Illegal?:
Dual purpose technologies.
Broad definitions.
Reactionary vs. Anticipatory
Internatioal Law:
Council of Europe Convention on Cyber Crime/ Wassenaar Arrangement
More Human less Strategic
State Security.
Risk to Critical National Infrastructure (CNI).
Financial Instability.
Individual Human Security.
Financial.
Privacy.
International Issues.
Organised cyber-crime groups outsourcing services to governtments/non-state actors.
Most nations anti-terror legislation contains reference to cyber attacks.

Generally can be separated into narrow, or broad approaches.
What is Cyber-Terrorism?
Cyber Terrorists by Method:
Who are the Cyber-Terrorists?
Broad Definition:
Examples of Cyber-Terrorism
National Legislation:
Broad
UK
US
International Legislation:
UN
NATO
etc.
Academic Approach:
Doesn't create a spectacle.
Cannot kill.
Punitive Legislation ineffective against terrorists.
One person's terrorist is anothers freedom fighter.
Case Study: Anonymous
OpPayback
OpWestboro
(Terrorism)
(Activism)
The Links
With Cyber-Crime:
Organised Crime offering services for hire.

With Cyber-War:
State affiliation or definitional similarities.

With Cyber-Privacy:
Justifies.
Utilises same technology/methods.
Response to Amazon, paypall and Mastercard freezing donations to wikileaks.

DDoS resulting in both Mastercard and VISA servers going down.

Political motivation, therefore terrorist act?
Narrow Definition:
Pure Cyber Terrorists:
Traditional groups using cyber-attacks but also carry out physical operations
Groups whose sole methods of attack are cyber orientated. May or may not have an cyber orientated ideology.
Anonymous operations, defacements, DDoS attacks.
None...
Narrow
Australia
Canada
Critical National Infrastrcuture?
Communications, emergency services, energy, financial services, food, government, health, transport, water
Does cyber-terrorism need to be considered beyond the existing academic and legal framework of terrorism?

Is cyber-terrorism a comensurate threat to traditional terrorism?

What are the human security implications of broad definitions of cyber-security?
The Threat
vs.
The Reality
The Fear of Cyber-War
Utilised Aurora vulnerability to destroy centrifuges at Natanz, Iran.
Made by Israel and US.
Stuxnet & Flame
Two Opposing Arguments
Existing laws governing armed conflict are sufficient, no specific legislation on cyber-war is necessary.
United States
United Kingdom
Israel
Existing laws are completely insufficient or require specific clarification with regards to cyber-war.
Russia
China
Academic Argument
The Links
With Cyber-Crime:
Organised Crime offering services for hire.

With Cyber-Terrorism:
Patriotic hackers.
Difficulty assigning blame.

With Cyber-Privacy:
Provided targets by.
Surveillance vs. Espionage
Stuxnet:
Flame:
"the most sophisticated malware we encountered during our practice; arguably, it is the most complex malware ever found." (CrySyS Labs)
Record Audio, screenshots, keyboard activity, skype conversations, bluetooth hack.
Disable or destroy CNI.
Gather intelligence of ongoing or planned operations.
Disrupt military communications and command capability.
How great is the threat of cyber-warfare in comparison to the threat of conventional warfare?

What is the likelihood of meaningful legislation and control of cyber-weapons?

How much of a gap remains between Sci-fi and reality?
b.socrative.com/login/student:
928c8756
The Facts
PRISM/Communications Data Bill
Tempora
Golden Nugget
Rolling Thunder (Anonymous)
Online games.
Optic Nerve
"It's not about the content, it's not about reading people's emails or listening to their telephone calls. This is purely about the who, when and where made these communications and it's about ensuring we catch criminals and stop terrorists."
Theresa May, June 2012
William Hague, June 2013
"To intercept the content of any individual’s communications in the UK requires a warrant signed personally by me, the Home Secretary, or by another Secretary of State."
Tapping fibre optic cables that pass through the UK.
Storing it all for 30 days.
Content and metadata.
Makes UK the leading member of the five eyes electronic eavesdropping alliance.
US, UK, Canada, Australia, New Zealand.
21Pb a day
192 British Libraries a day.
PATRIOT
Privacy Committee
RIPA
ECHR
ECJ
DRIP
Securitisation
Unreasoned Response
Destruction of Machines
"When it comes to telephone calls: Nobody is listening to your telephone calls. That's not what this program's about. What the intelligence community is doing is identifying, looking at phone numbers and durations of calls. They are not looking at people's names, and they're not looking at content. But by sifting through this so-called metadata, they may find potential leads with respect to folks who might engage in terrorism.

If they want to actually listen to a phone call, they have to go back to a federal judge."
Barack Obama, June 2013
Services for Hire
Justifies/Justified by
Cyber-Security
Facts:
Cyber-war
The US Cyber Command has a budget of $447M, over double previous year's.
Cyber-terrorism
The Majority of countries include specific mention of cyber in anti-terrorism legsislation
Cyber-crime
Estimated to cost the UK £27B a year.
Cyber-privacy
UK the most advanced of the five eyes nations.
Should the Internet itself be considered as CNI?
Full transcript