View
236
Download
0
Category
Preview:
Citation preview
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 1/24
SESSION ID:
Eight Cyber Conflicts Which ChangedCyberspace
STR-F01
Jason Healey
Director of the Cyber Statecraft Initiative Atlantic Council
@Jason_Healey
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 2/24
Cyber Truisms
Cyber conflict is moving incredib
quickly.
Change is the only constant…
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 3/24
From Army Cyber Command Update,
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 4/24
Cyber TruismsFew if any contemporary computer security controls
have prevented a [red team] from easily accessing any
information sought.
The market does not work well enough to raise the secu
of computer systems at a rate fast enough to match the
apparent growth in threats to systems.
Espionage over networks can be cost-efficient, offer
nearly immediate results, and target specific locations …
insulated from risks of internationally embarrassingincidents
The almost obsessive persistence of serious
penetrators is astonishing.
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 5/24
Cyber Truisms
1979
1988
1991
1988
Few if any contemporary computer security controls
have prevented a [red team] from easily accessing any
information sought.
The market does not work well enough to raise the secu
of computer systems at a rate fast enough to match the
apparent growth in threats to systems.
Espionage over networks can be cost-efficient, offer
nearly immediate results, and target specific locations …
insulated from risks of internationally embarrassingincidents
The almost obsessive persistence of serious
penetrators is astonishing.
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 6/24
Eight Cyber Conflicts
1. Cuckoo’s Egg (1986) – only DoJ paid attention
2. Morris Worm (1988) – Led to first CERT
3. ELIGIBLE RECEIVER and SOLAR SUNRISE (1997, 1998) – JTF-CN
4. MOONLIGHT MAZE (2000+) – Cooperation and coordination
5. Chinese Espionage (2000s) -- Led to billions spent through CNCI
6. Estonia and Georgia (2007, 2008) – Global attention, NATO focus
7. BUCKSHOT YANKEE (2008) – US Cyber Command
8. Stuxnet (2009) – Global attention, possible counterattack on US banks
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 7/24
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 8/24
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 9/24
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 10/24
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 11/24
WHAT HAPPENED IN 1986?
11
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 12/24
Cuckoo’s Egg: ~1986
12
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 13/24
Morris Worm: 1988
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 14/24
ELIGIBLE RECEIVERand SOLAR SUNRISE
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 15/24
MOONLIGHT MAZE: late 1990s, early 2000
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 16/24
Chinese Espionage: 2000s- Today
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 17/24
Estonia (2007) and Georgia (2008)
17
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 18/24
BUCKSHOT YANKEE
18
St t d US I C t C fli t
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 19/24
Stuxnet and US-Iran Covert Conflict:mid-2000s to today
19
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 20/24
Eight Cyber Conflicts
1. Cuckoo’s Egg (1986) – only DoJ paid attention
2. Morris Worm (1988) – Led to first CERT
3. ELIGIBLE RECEIVER and SOLAR SUNRISE (1997, 1998) – JTF-CN
4. MOONLIGHT MAZE (2000+) – Cooperation and coordination
5. Chinese Espionage (2000s) -- Led to billions spent through CNCI
6. Estonia and Georgia (2007, 2008) – Global attention, NATO focus
7. BUCKSHOT YANKEE (2008) – US Cyber Command
8. Stuxnet (2009) – Global attention, possible counterattack on US banks
T L l Fi di
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 21/24
There is a history and we must learn from it!
Dynamics are relatively stable despite change…
Top-Level FindingsFrom Cyber as National Security History
T L l Fi di
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 22/24
There is a history and we must learn from it!
Comparison to fighter pilots
The real impacts of cyber conflicts have been cooverestimated
Cyber Pearl Harbor, no deaths yet! (we think)
Top-Level FindingsFrom Cyber as National Security History
Top Le el Findings
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 23/24
There is a history and we must learn from it!
The real impacts of cyber conflicts have been consistently overestimated
Cyber is more familiar than it seems
The more strategically significant a cyber conflict is, the m
is to conflicts on the land, in the air, and on the sea—with o
exception
With implications for Speed of Response
Attribution
Warning
Deterrence
Top-Level FindingsFrom Cyber as National Security History
8/11/2019 Eight Conflicts Cyber Conflicts
http://slidepdf.com/reader/full/eight-conflicts-cyber-conflicts 24/24
There is a history anfrom it!
The real impacts of c
have been consisten
Cyber is more famili
The more strategica
cyber conflict is, the
conflicts on the land
the sea—with one c
QUESTIONS?
@Jaso
Cyber Statecraft Initiative• International conflict, competition
and cooperation in cyberspace
• Publications (all at our website,
acus.org)
• Public and Private Events
Recommended