170 likes | 581 Views
Chapter 14: Cyber Warfare: An Architecture for Deterrence. Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions. Introduction to Cyber Warfare and Cyber Deterrence.
E N D
Chapter 14: Cyber Warfare: An Architecture for Deterrence Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Introduction to Cyber Warfare and Cyber Deterrence • Over 120 countries are actively conducting cyber operations, primarily espionage • It is estimated that the Chinese have over 100,000 activity duty cyber warriors, and over independent 80,000 hackers, who often carry out mission in the national interest • As stated in CNCI #10, cyber deterrence is a “strategy that will deter interference and attack in cyberspace… and developing appropriate responses by both state and non-state actors.” Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Methodology and Assumptions • Cyber deterrence is a cutting edge research problem, a very difficult one, in particular because attributing cyber activities is so difficult due to the technology • This research approach considers: • National Security Goals • Cyber Warfare Laws & Treaties • Strategic Functions • Solutions Architecture for Cyber Deterrence • Technical Functions Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Methodology & Assumptions 2 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Cyber Deterrence Challenges • Assigning attribution • Internet technology makes it relatively easy to misdirect attribution to other parties • Unpredictability of cyber attack impacts • Potential damage due to counter-retaliation • Nation states, non-state actors, and individuals are at a peer level, all capable of waging attacks • No clear legal framework exists Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Legal and Treaty Assumptions • Legality of cyber operations should be clarified in national and international treaties (allowing for non-disclosure) • Monitoring of suspected remote servers should be allowed,and attacked if they are non-life-critical, because servers used for attack may belong to unaware 3rd parties • Use of 3rd party servers should be defined unlawful according to the laws of war • International investigations should be enabled Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Cyber Deterrence Strategy Used in the book With permission from The RAND Corporation [Libicki 2010] Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Cyber Deterrence Retaliation Probabilities (Sample) Used in the book With permission from The RAND Corporation [Libicki 2010] Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Reference Model Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Attacker Conceptual Architecture Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Conceptual Application Architecture: Rapid Attribution Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Conceptual Information Architecture: Sample Record • RECORD: 1 • {'IPv4 Address': '173.201.21.161', 'FTP Open on Port': '21', 'RDP Open on Port': '3389', 'Ping Response':'Alive', 'Attack Organization': 'Aurora', 'Attack Role': 'Control Server'} • RECORD: 2 • {'IPv4 Address': '69.164.192.46', 'Ping Response':'Alive', 'Attack Organization': 'Aurora', 'Attack Role': 'Control Server'} • RECORD: 3 • {'IPv4 Address': '168.95.1.1', 'Ping Response':'Alive', 'Attack Organization': 'Aurora', 'Attack Role': 'Control Server'} • RECORD: 4 • {'IPv4 Address': '203.69.66.1', 'Ping Response':'Alive', 'Attack Organization': 'Aurora', 'Attack Role': 'Control Server’} Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Architectural Prototypes • Bot with Threaded Scanning • Botnet with Distributed Scanning Performance Actuals Performance Projected Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions REVIEW Chapter Summary