1 / 12

Battles in Cyber Space

Battles in Cyber Space. Dr Richard E Overill Department of Informatics. Nature of Warfare - Clausewitz. Violent – potentially lethal Instrumental – a means to an end Political – Intention & attribution In addition: a war is usually composed of several battles

guang
Download Presentation

Battles in Cyber Space

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Battles in Cyber Space Dr Richard E Overill Department of Informatics

  2. Nature of Warfare - Clausewitz • Violent – potentially lethal • Instrumental – a means to an end • Political – Intention & attribution In addition: • a war is usually composed of several battles • a battle is usually composed of several attacks

  3. Domains of Warfare • Land – tanks, etc. • Sea – battleships, submarines, etc. • Air – aircraft, helicopters, UAVs, etc. • Space – rockets, satellites, etc. • Cyber – computers, networks, digital infrastructure, etc. Most wars involve several domains

  4. A definition of Information Warfare “The deliberate, unauthorised and systematic attack on critical information activities to exploit information, deny services to the authorised user, modify and corrupt data.” – UK MoD

  5. Infrastructure Attacks “The most advanced society is really only four meals away from anarchy, and if you could attack a society through its computers to cause a breakdown of the mechanisms, the infrastructure, which cause it to run, you will bring about mass deaths.” – Stephen Badsey Royal Military Academy Sandhurst, UK

  6. Supervisory Control And Data Acquisition(SCADA) • Monitoring and controlling: • Water purification and distribution systems • Electricity generation and distribution systems • Nuclear reprocessing plants • etc. • Typically connected to the Internet for efficiency of operation.

  7. H(ackers)2O 8 November 2011, Springfield, IL, USA. • Hackers remotely accessed the online SCADA system of Curran-Gardner Township Public Water District. • They burned out a well pump that serviced about 2,200 households by repeatedly turning it on and off. • Later reported as a false alarm caused by a contractor remoting into the system while on holiday in Russia. 18 November 2011, Houston, TX, USA. • Pr0f hacked into Harris County water plant and took screenshots but did no damage.

  8. “Stuxnet” • Discovered in June/July 2010. • Malicious software (“malware”) intended to sabotage nuclear reprocessing plants in Iran. • Targets and reprograms a specific model of Siemens PLC (used to control ultracentrifuges) to operate outside their specified parameters. • Replays previously sampled normal ultracentrifuge behaviour to the operators’ console. • Propagates itself and hides its code modifications • Involved 3-5 skilled person-years’ development

  9. “Duqu” • Discovered in September 2011. • Malicious software (“malware”) intended to gatherintel such as system information and user profiles • Source code highly similar to Stuxnet yet not specifically targeting SCADA/PLC • Unknown whether it is a prequel or a sequel to Stuxnet

  10. US DoE “Aurora” demo (March 2006)

  11. US DoE “Aurora” demo (cont’d)

  12. Questions? Ideas? • Contact Dr Richard Overill with any questions on richard.overill@kcl.ac.uk

More Related