1 / 24

Dir. Lars D. Nicander, Center for Asymmetric Threat Studies, Swedish National Defence College

Presentation at the Symposium “Threats from the Net” New asymmetric threats in modern information societies Tallinn February 29, 2008. Dir. Lars D. Nicander, Center for Asymmetric Threat Studies, Swedish National Defence College. Terrorism Studies. IO Studies. Intelligence Studies.

normanbell
Download Presentation

Dir. Lars D. Nicander, Center for Asymmetric Threat Studies, Swedish National Defence College

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presentation at the Symposium “Threats from the Net”New asymmetric threats in modern information societiesTallinnFebruary 29, 2008 Dir. Lars D. Nicander, Center for Asymmetric Threat Studies, Swedish National Defence College

  2. Terrorism Studies IO Studies Intelligence Studies Dr. Magnus Ranstorp Dr. Greg Treverton (+ Wilhelm Agrell) Dr. Dan Kuehl Synergy Asymmetric Threats

  3. The Swedish Concept of IO* Information operations are joint and coordinated measures in peace, crises and war in support of political or military goals by affecting or using information and information systems owned by the opponents or other foreign parties. This can be done by using own information and information systems, which also at the same time must be protected. One important feature is to affect the processing of decisions and decision making. There are both offensive and defensive information operations, which are carried out in political, economic and military relations. Examples of information operations are information warfare, media manipulation, psychological warfare and intelligence operations. Defensive information operations are joint and coordinated measures in peace, crises and war regarding policy, operations, personnel and technology to protect and defend information, information systems and the ability for rational decision making. *MoTIC-bill 99/00:86

  4. IO/IW Synergy Strategic/Economic Environment Joint Operations IO/ IW Information, Intelligence Perceptions Information Systems, Infosec

  5. Defensive Information Operations (IO-D)/ Defensive Information Warfare (IW-D) Critical Infrastructure Protection Information Assurance Taxonomy

  6. The Asymmetric Character Classes Coalitions Coalitions III Nations Nations II Organisations Organisations Individuals Individuals I

  7. The Dilemmas • Anonymous attacks • How to detect an attack? • Who is at the other end? • A teenage hacker? • A corporation/organisation? • A nation? • Mix of these? • What is an Act of War in Cyberspace?

  8. Information/Cyberterrorism

  9. Continuity of gov. (incl. media comm.) • Power • Telecom/ISP • Financial systems • ATC CIIP Critical Information Infrastructure Protection

  10. Home Made HERF/EMP Device20MWatts30m Soft Kill Range

  11. Cyber/Information Terrorism • Aum Shinryko • E-Jihad 2000-2001 • Arrest of an AQ-hacker in US • Al-Qaida IPB vs California • ATC – Boston and Schipol • Proliferation of DEW-weapons?

  12. Cell (d) the most difficult to detect and counter Critical Infrastructure Threat Matrix Target Infrastructure Threat Matrix Physical Digital (b) IRA attack plan on London Power Grids, July 1996 (a) Conventional Terrorism (Oklahoma City Bombing) Physical Tool (c) Spoof (or HPM) Air Traffic Control to crash plane (d) “Pure” Cyber Terrorism (Trojan horse in public switched networks) EM(DEW + digital)

  13. A scenario • Airbus over Schipol or LAX • DEW or ”can-bomb” • TV-camera or ”celluar-camera”  9/11-effect…!

  14. The International Context

  15. International law (”use of force”) etc International Co-operation, Regimes etc Management issues (”bending pipes”) Three Challenges International tasks • Domestic tasks

  16. Some examples • Conflict between East Timor and Indonesia in the end of 1997-99 • The website (the ”.tp”-domain) of the East Timor independence movement located in Ireland was ”shot down” 990119. Indonesian Intelligence service suspected. • “e-Jihad” 2000-2001 • Attack on the Israeli Land Register Authority routed over Berlin and London • Estonia Spring 2007 • Who´s law applies? • What are the ROE`s for governments and LEA?

  17. Collective Security in Cyberspace • There are no borders in Cyberspace! • A cyber-intrusion could be routed from country A through country B, C and D before it ends up in country E. • How can we trace back these intrusions? • Today: International Law Enforcement or private initiatives (FIRST etc) • Tomorrow: ”Fishwebs” between national CERT:s for tracing intrusions back in real time?

  18. Country A Country B Country C Country D Country E Building “fishwebs” in Cyberspace Country Z Country Y UN, ITU etc Country X

  19. How to get an IA outreach? • Closed technical and other arrangements (Five-eyes etc) has limited relevance when IT-attacks could pass through 192 countries • Global approach needed • How to deny “safe havens”? • What kind of incentives (“sticks and carrots”)? • Could the Stanford Treaty be a model?

  20. International law (”use of force”) etc International Co-operation, Regimes etc Management issues (”bending pipes”) Three Challenges International tasks • Domestic tasks

  21. Conclusions of the Estonian case for Crisis Management • Enhancement of the security policy toolbox? • A state actor (with big resources) can act through cyber attacks and still conceal it's involvement. • Cyber attacks can be used in several ways: • As an add-on to economic sanctions or other non-miltary means of power projection (The Estonia Case) • As a force multiplier (taking out emergency systems after bomb attacks) • To improve preparedness and contingency planning in this area there is a need for: • Operational experience (More of Red Team exercises to detect critical vulnerabilities i societal networks, a GovCERT working 24/7 etc) • Cooperation – between agencies, private-public and international

  22. Swedish IO and International Law* The use of cyber-weapons to attack information systems does not constitute violence in terms of international law but it may nevertheless contravene international law. At the same time it should be possible to make use of such weapons within the provision of the UN Charter (Article 41) – given an appropriate UN Resolution and consequent legal mandate – in order to uphold sanctions or for other conflict prevention measures even though this has hitherto not happened.A more flexible arsenal of non-violent measures of this type would be in line with traditional Swedish policy in this field. Another legal question is how, using measures permitted under international law, it is possible to bring to book, for example, terrorists who make use of such weapons.An international review of the provision of international law would be of interest to Sweden, with regard both to cyber-attacks perpetrated by states or individuals and to the possibility of using such a weapon as an instrument of sanction enforcement. *Parliament Decision 1999 (99/00:30)

  23. ConclusionAreas of international co-operation • Doctrines concerning use of IO/IW under UN or other international legal auspices (international operations, upholding sanctions etc.) • Principles of building Regimes for defensive actions taken in Cyberspace (tracing, counterhacking etc.)

  24. Q&A www.fhs.se/cats

More Related