Unas reflexiones sobre la ciberguerra (Spanish)

SIMO Network 2012 I Foro Profesional TIC de ATI Los nuevos enfoques de la gestión de la Seguridad Madrid, 26 de septiembre de 2012

© Copyright 2012, iTTi, Innovation & Technology Trends Institute / Instituto de Tendencias en Tecnologías e Innovación.

Unas reflexiones sobre la CIBERGUERRA

Miguel GARCÍA-MENÉNDEZ | iTTi Manolo PALAO | iTTi

[email protected]

iTTi | Instituto de Tendencias en Tecnologías e Innovación

Un FORO para la INVESTIGACIÓN y la REFLEXIÓN

[I]nformación [F]ormación

[O]pinión [R]ecomendación

3 SIMO 2012 ATI Ciberguerra -iTTi- © Copyright 2012, iTTi, Innovation & Technology Trends Institute / Instituto de Tendencias en Tecnologías e Innovación.

3 SET 2012


4 SET 2012

Una presentación a nivel de divulgación

Fuen

te: ht

tp://te

ache

rweb

.crav

en.k1

2.nc.u

s/TPE

/kind

erga

rten/i

mag

es/2

A90C

21B9

6354

5C1B

3634

CB0E

E89A

110.j

pg

5 5 SIMO 2012 ATI Ciberguerra -iTTi- © Copyright 2012, iTTi, Innovation & Technology Trends Institute / Instituto de Tendencias en Tecnologías e Innovación.

Agen

da


6 SET 2012

1. Se habla mucho de Ciberguerra. La Ciberguerra está de moda

2. La ‘moda’ atrae –proporcionalmente- más titulares que la ‘realidad’. La atracción /gravitación depende de muchos intereses (todo es ‘relativo’)

3. Debería interesar más la Ciberpaz

4. Ciberguerra y Ciberpaz se están tratando de forma incompleta. Faltan –al menos- gobernanza y divulgación. Faltan conceptos claros, magnitudes y métricas

5. Falta de consenso. Negacionistas vs objetivistas

6. Algunas referencias importantes

7. SEGURINFO España 2012

Unas reflexiones sobre la CIBERGUERRA

Fuen

te:

http:/

/dy6g

3i6a1

660s

.clou

dfron

t.net/

MeIr3

omw

3O31

hhBW

DqGF

qgJY

Amc/m

t-89/w

ere-

inspir

ed-ch

ristop

her-s

hann

ons-f

loral-

mens

wear

-mak

eup.j

pg

7 7 SIMO 2012 ATI Ciberguerra -iTTi- © Copyright 2012, iTTi, Innovation & Technology Trends Institute / Instituto de Tendencias en Tecnologías e Innovación.

Una

s re

flexi

ones

so

bre

la

CIBE

RGU

ERRA


8 SET 2012

Fuente: http://www.victorioylucchino.com/

Fuente: http://www.victorioylucchino.com/

La Ciberguerra está de moda

Se habla mucho de Ciberguerra


9 SET 2012

Fuente: https://www.google.es/search?q=ropa+de+trabajo&hl=en&client=firefox-a&rls=org.mozilla:es-ES:official&channel=fflb&prmd=imvns&tbm=isch&tbo=u&source=univ&sa=X&ei=kVhKUPu6FdS2hAe4-4CwCA&sqi=2&ved=0CMQBELAE&biw=1280&bih=661

La ‘moda’ atrae –proporcionalmente- más titulares que la ‘realidad’ La atracción /gravitación depende de muchos intereses (todo es ‘relativo’)


10 SET 2012

Fuen

te:

http

://w

ww

.goo

gle.

es/i

mgr

es?h

l=en

&cl

ient

=fire

fox-

a&hs

=s5b

&sa

=X&

rls=o

rg.m

ozill

a:es

-ES

:offi

cial

&ch

anne

l=np

&bi

w=1

429&

bih=

738&

tbm

=isc

h&pr

md=

imvn

s&tb

nid=

RhZp

xbM

9oA0

94M

:&im

gref

url=

http

://w

ww

.str

ange

cosm

os.c

om/c

onte

nt/it

em/1

5307

5.ht

ml&

doci

d=AD

QVC

eVzW

garS

M&

imgu

rl=ht

tp:/

/ww

w.s

tran

geco

smos

.com

/im

ages

/con

tent

/153

075.

jpg&

w=7

00&

h=45

8&ei

=JP5

KUIy

UJs

bB0Q

Xk0I

GwDw

&zo

om=1

&ia

ct=h

c&vp

x=31

4&vp

y=28

8&

dur=

80&

hovh

=181

&ho

vw=2

78&

tx=1

38&

ty=8

6&sig

=109

2453

8851

4343

8748

60&

page

=1&

tbnh

=105

&tb

nw=1

60&

star

t=0

&nd

sp=2

8&ve

d=1t

:429

,r:8,

s:0,

i:98



11 SET 2012

Fuen

te: ht

tp://w

ww.g

oogle

.es/i

mgr

es?h

l=en&

clien

t=fire

fox-a

&hs=

s5b&

sa=X

&rls=

org.m

ozilla

:es-

ES:o

fficial

&cha

nnel=

np&b

iw=1

429&

bih=7

38&t

bm=is

ch&p

rmd=

imvn

s&tbn

id=vD

j36CA

4Sao

jQM

:&im

grefu

rl=htt

p://m

iafen

e.hu

/categ

ory/v

ilag/&

docid

=6-0

nswo

E3uA

ZuM

&imgu

rl=htt

p://m

iafen

e.hu/w

p-co

ntent/

2009

/09/

chine

se-a

rmy-

trianin

g-for

-nati

onal-

day-p

arad

e-60

th-an

niver

sary

-01-

560x

373.

jpg&w

=560

&h=3

73&e

i=JP5

KUIyU

JsbB

0QXk

0IGwD

w&zo

om=1

&iac

t=hc&

vpx=

197&

vpy=

330&

dur=

644&

hovh

=183

&hov

w=27

5&tx=

145&

ty=13

5&sig

=109

2453

8851

4343

8748

60&p

age=

2&tbn

h=16

4&tbn

w=22

8&s

tart=2

8&nd

sp=2

0&ve

d=1t:

429,r

:0,s:2

8,i:1

63

http:

//4.b

p.blo

gspo

t.com

/__pH

oqjgx

kwI/S

HwwW

PEtiV

I/AAA

AAAA

AA2Y

/NAf

d2BO

QQIM

/s400

/103

-038

7_IM

G_2.

JPG



12 SET 2012

Fuente: http://www.google.es/imgres?start=204&hl=en&client=firefox-a&rls=org.mozilla:es-ES:official&channel=np&biw=1429&bih=738&tbm=isch&tbnid=gQPsbIBy0qo-tM:&imgrefurl=http://canadianchefscongress.com/site/2010/06/&docid=bW-aDivlKQL0hM&imgurl=http://canadianchefscongress.com/site/wp-content/uploads/IMG_7565.jpg&w=640&h=426&ei=TwJLUPaQKK-20QX69YHQDg&zoom=1&iact=rc&dur=543&sig=109245388514343874860&page=10&tbnh=167&tbnw=223&ndsp=23&ved=1t:429,r:0,s:204,i:83&tx=151&ty=77



13 SET 2012

Fuente: http://www.wacs2000.org/images/news/uae/WACS_Global_Chefs_Challenge/edgechefs1.jpg


Fuen

te: h

ttp://i

fc.dp

z.es/r

ecur

sos/p

ublic

acion

es/31

/78/06

medin

a.pdf


14 SET 2012

Fuen

te: ht

tp://p

assp

ortto

eat.fi

les.w

ordp

ress

.com/

2011

/10/im

g_99

70.jp

g

Fuen

te: ht

tp://w

ww.da

vidda

rling.i

nfo/im

ages

/hear

t_tra

nspla

nt_su

rger

y.jpg



15 SET 2012

Fuente: https://www.google.com/calendar/render?tab=mc


Fuen

te: ht

tp://2

.bp.

blogs

pot.c

om/-S

DCtT

SmkD

YY/T

cHSo

G9W

v_I/A

AAAA

AAAC

Go/Z

-F9X

_N-T

fo/s1

600/w

ildfox

-cou

ture-

cobr

asna

ke-s

hoot-

with-

atlan

ta-de

-cada

net-ta

ylor.jp

g


16 SET 2012

Fuen

te:

http

://w

ww

.goo

gle.

es/i

mgr

es?h

l=en

&cl

ient

=fire

fox-

a&rls

=org

.moz

illa:

es-

ES:o

ffici

al&

chan

nel=

fflb&

biw

=128

0&bi

h=66

1&tb

m=i

sch&

tbni

d=CZ

Inm

KgEn

Wga

ZM:&

imgr

efur

l=ht

tp:/

/es.

123r

f.com

/pho

to_5

6290

32_u

nico

-per

man

ente

-ras

treo

-de-

punt

a-ro

ja-9

-mm

-par

abel

lum

-car

tuch

o-ai

slad

o.ht

ml&

doci

d=oO

_2sg

8pCW

9RGM

&im

gurl=

http

://u

s.123

rf.c

om/4

00w

m/4

00/4

00/s

lava

polo

/sla

vapo

lo09

10/s

lava

polo

0910

0000

7/56

2903

2-un

ico-p

erm

anen

te-

rast

reo-

de-p

unta

-roj

a-9-

mm

-par

abel

lum

-car

tuch

o-ai

slad

o.jp

g&w

=262

&h=

400&

ei=A

1ZKU

LjjC

8a00

QXr

6ID4

Ag&

zoom

=1&

iact

=hc&

vpx=

1065

&vp

y=18

7&du

r=45

1&ho

vh=1

53&

hovw

=107

&tx

=150

&ty

=153

&si

g=10

9245

3885

1434

3874

860&

page

=4&

tbnh

=153

&tb

nw=1

07&

star

t=57

&nd

sp=2

2&ve

d=1t

:429

,r:10

,s:57

,i:28

7

Si vis pacem, para bellum

Debería interesar más la Ciberpaz


17 SET 2012

Fuente: http://en.wikipedia.org/wiki/War

guerra (war) [10+ condiciones] (1) organized, (2) armed, and, often, a (3) prolonged conflict that is carried on between states, nations, or other parties typified by (4) extreme aggression, (5) social disruption, and usually (6) high mortality. War should be understood as an (7) actual, (8) intentional and (9) widespread (10) armed conflict between political communities, and therefore is defined as a form of political violence. The set of techniques used by a group to carry out war is known as warfare. An absence of war (and other violence) is usually called peace.

Ciberguerra y Ciberpaz se están tratando de forma incompleta

Conflicto 1 organizado 2 armado 3 prolongado 4 extremo 5 perturbación 6 mortandad 7 real 8 intencionado 9 amplio 10 político


18 SET 2012

Fuente: http://en.wikipedia.org/wiki/War#Types_of_warfare

Conflicts in the following list are currently causing at least 1,000 violent deaths per year, a categorization used by the Uppsala Conflict Data Program[57] and recognized by the United Nations.



http://en.wikipedia.org/wiki/Uppsala_Conflict_Data_Program

http://en.wikipedia.org/wiki/War

http://en.wikipedia.org/wiki/United_Nations


19 SET 2012

Ciberguerra y Guerra

B Guerra

Ciberguerra

B

A

A

Guerra

Ciberguerra



20 SET 2012

Cyberwar: un enfoque tridimensional simplificado

Motivación

Ámbito Duración

guerra mundial guerra ofensiva guerra defensiva (1) batallas (2) codicia – crimen organizado codicia – sicarios / autónomos vandalismo – odio – ideología – sabotaje curiosidad – ego (script kids, hackers)

larga duración permanente continua alta frecuencia ocasional

estados – países – organizaciones - bloques masivo (regional, nacional) infraestructuras críticas sectores industriales / regiones personas - empresas – organismos (3) (4)

Copy

right

© 2

012

by M

anue

l Pal

ao ,

Mig

uel G

arcí

a-M

enén

dez,

e iT

Ti

(*) http://brazil.kaspersky.com/sobre-a-kaspersky/centro-de-imprensa/blog-da-kaspersky/MaaS



21 SET 2012

Fuente: http://securityaffairs.co/wordpress/8765/intelligence/state-sponsored-attack-or-not-thats-the-question.html?goback=.gde_1870711_member_165007262

Fuen

te:

http

://w

ww

.lem

onde

.fr/s

por

t/ar

ticle

/201

2/09

/18/

le-s

ri-la

nka-

accu

eille

-la-4

e-ed

ition

-de

-la-c

oupe

-du-

mon

de-d

e-tw

enty

20_1

7619

45_3

242.

htm

l#xt

or=E

PR-3

2280

274-

[NL_

Spor

t]-2

0120

918-

[titr

es_p

rinci

paux

]


22 SET 2012

Cyberwar: un enfoque ampliado de 5 dimensiones

Motivación

Duración

Interiorización Ciberdependencia

Copy

right

© 2

012

by M

anue

l Pal

ao ,

Mig

uel G

arcí

a-M

enén

dez,

e iT

Ti


Fortaleza/Poder Tecnológico vs. Inercia/Exceso de confianza De la GUERRA ELECTRÓNICA a la CIBERGUERRA La TECNIFICACIÓN como AMENAZA

National Cyber Strength = f(cyberoffensiveness, cyberdependency, cyberdefensiveness) Concienciación Formación Imputabilidad Madurez cívica National Accountability

Ámbito

A M B


23 SET 2012

Like for the cyber-weapon definition, we have to focus on three elements 1. context, 2. aim and 3. losing party (subject/object) to recognise if we are in front of a cyber-warfare or a cyber-terrorism (even state-sponsored) attack. http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&discussionID=166883832&gid=1836487&commentID=96507872&trk=view_disc&ut=21C_4C4DGLZBo1 Stefano Mele •


http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&discussionID=166883832&gid=1836487&commentID=96507872&trk=view_disc&ut=21C_4C4DGLZBo1




http://www.linkedin.com/groups?viewMemberFeed=&gid=1836487&memberID=26069657



24 SET 2012

“… as a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain in warfare . . . [which] has become just as critical to military operations as land, sea, air, and space.“ William J. Lynn, U.S. Deputy Secretary of Defense http://securityaffairs.co/wordpress/8765/intelligence/state-sponsored-attack-or-not-thats-the-question.html?goback=.gde_1870711_member_165007262

tierra

¿ciberespacio?

aire

mar

espacio

Falta de consenso

LTC Greg Conti, Assistant Professor, USMA-WestPoint


25 SET 2012

‘Negacionistas’ [Naysayers]

Fuente: http://cyberarms.wordpress.com/2010/10/23/putting-the-cyber-in-cyber-warfare/

“… you can’t kill with Denial of Service attacks. … you can’t shut down the power grid through the internet.”

‘CYBERWAR NAYSAYER’ About 20,900 results

https://www.google.es/#hl=en&output=search&sclient=psy-ab&q=cyberwar+naysayer&oq=cyberwar+naysayer&gs_l=hp.12...10149.20162.1.22458.17.17.0.0.0.0.319.3119.0j12j4j1.17.0...0.0...1c.WR7dfoieoUs&psj=1&fp=1&biw=1024&bih=431&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.&cad=b


26 SET 2012


Cyber war threat exaggerated claims security expert http://www.bbc.com/news/technology-12473809

Bruce Schneier claims that emotive rhetoric around the term does not match the reality. He warned that using sensational phrases such as "cyber armageddon" only inflames the situation. Mr Schneier, who is chief security officer for BT, is due to address the RSA security conference in San Francisco this week. His point of view was backed by Howard Schmidt, cyber security co-ordinator for the White House.

http://www.bbc.com/news/technology-12473809


27 SET 2012


cyber-war-still-not-a-thing http://reason.com/blog/2011/10/21/cyber-war-still-not-a-thing

Despite what your congressman may tell you, cyber war might never happen, says a researcher in the Department of War Studies at King’s College London. Thomas Rid, also a fellow at Johns Hopkins’ School for Advanced International Studies, writes that “Cyber War Will Not Take Place”, an assessment that contrasts with those of many elected U.S. officials. Rid claims that no online attack to date constitutes cyber war and that it’s “highly unlikely that cyber war will occur in the future.”

Fuen

te:

http:/

/www

.bewe

dding

plann

er.co

m/ins

pirati

onal-

elie-

saab

-pric

es.ht

ml/ha

ute-co

uture

-elie

-saab

-pric

es


28 SET 2012

‘Negacionistas’ [Naysayers] http://reason.com/archives/2011/07/25/the-cybersecurity-industrial-c/singlepage

The Cybersecurity-Industrial Complex. The feds erect a bureaucracy to combat a questionable threat. A rough … consensus has emerged that the United States is facing a grave and immediate threat that can only be addressed by more public spending and tighter controls on private network security practices. But there is little clear, publicly verified evidence that cyber attacks are a serious threat. What we are witnessing may be a different sort of danger: the rise of a Cybersecurity - -industrial complex, much like the military-industrial complex of the Cold War, that not only produces expensive weapons to combat the alleged menace but whips up demand for its services by wildly exaggerating our vulnerability.

‘The New Industrial State’ (1967), John Kenneth Galbraith

http

://e

n.w

ikip

edia

.org

/wik

i/File

:John

_Ken

neth

_G

albr

aith

.jpg


29 SET 2012


Andrea Zapparoli Manzoni (20120926, CYBER SECURITY Forum Initiative - CSFI http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&discussionID=166883832&gid=1836487&commentID=96645448&trk=view_disc&ut=0WJneMXcjW-Bo1 [acerca de unos ataques DDoS a la Banca de EEUU] - this is definitely not cyber war (simply because such a thing doesn't exist, like the Unicorn)


http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&discussionID=166883832&gid=1836487&commentID=96645448&trk=view_disc&ut=0WJneMXcjW-Bo1





30 SET 2012

Analistas, Auditores y ‘Objetivistas’

SEGURINFO, Madrid,

20121121

“Unfortunately too many published assessments have favored sensationalism over careful analysis” “… few single foreseeable cyber-related events have the capacity to propagate onwards and become a full-scale ―global shock”. “A critical feature of any worthwhile analysis is discipline in the use of language”. “Cyber espionage is not ―a few clicks away from cyberwar, it is spying which is not normally thought of as ―war”.


31 SET 2012


“By the same token a short-term attack by hacktivists is not cyberwar either”. “A pure cyberwar, that is one fought solely with cyber-weapons, is unlikely”. “On the other hand in nearly all future wars as well as the skirmishes that precede them policymakers must expect the use of cyberweaponry”. “… the Internet was designed from the start to be robust so that failures in one part are routed around…”


32 SET 2012


“In terms of cyber attacks the one overwhelming characteristic is that most of the time it will be impossible for victims to ascertain the identity of the attacker – the problem of attribution. This means that a defense doctrine based on deterrence will not work. The most immediately effective action that governments can take is to improve the security standards of their own critical information systems.


33 SET 2012


The report addressed web/email attacks. The techniques used bypass both signature and heuristic security means. I. Web 225% increase in web infections in last 6 months. 643/week now. Attacks vary by industry: Healthcare - 100% increase Financial Services - spike in April/May - from Latvia Technology - high volume - stable trend - target is Intellectual Property Energy/Utility - 60% increase - target is smart grid II. Email 56% increase in malicious email in last 6 months Two methods used: malicious links in email and email attachments. Links are growing faster. "Throw away*" domains are being used more - those used 1-10 times and discarded. This is to circumvent filters and black lists by domain. (*also known as Limited Use Domains/Crafted Domains) Attachments: increase in variance by type of attachment. Target vulnerabilities in serving applications. (Example: pdf/Abode)

Michael S Hines [email protected] <[email protected]>

"FireEye Advanced Threat Report - First Half 2012" Thesis of the report: Advanced attacks bypass traditional security like Firewalls, Intrusion Prevention, and Anti-virus.


34 SET 2012


III. Files Filter and limit by type. Examine inbound for malicious content. Examine outbound for proprietary information. Many attacks are trying to obtain data more now. Files are being extracted using the HTTP (port:80) protocol - which is usually more open. IV. Some protective moves you can make. #1. User education regarding risks in email (links and attachments) and web sites (links). #2. Defense in depth - key - protecting not only the front door, but internal networks for the proper access controls (users/data paths) #3. Secure coding best practices (never trust user input - audit/examine/test/validate). (Example: a web site that queries a database: if the user enters a "*" and no check is made and the "*" is passed to SQL, the request is to return all rows in the table - a very easy exploit - and most likely not what you want to happen).

Michael S Hines [email protected] <[email protected]>


35 SET 2012

“We have met the enemy and he is us” Fuente: Walt Kelly . http://wiki.answers.com/Q/What_is_the_origin_of_the_phrase_'I_have_found_the_enemy_and_it_is_us'#ixzz264CPrYv4

Fuen

te h

ttp:

//2.

bp.b

logs

pot.c

om/_

JnCU

XFEd

Vus/

TObN

m8k

A-fI/

AAAA

AAAA

Buw

/CR3

Nld

AsfB

Q/s

1600

/6a0

0d83

41ca

4d95

3ef0

1348

1cb7

b9e9

70c-

800w

i.jpg


Fuen

te:

http:/

/dy6g

3i6a1

660s

.clou

dfron

t.net/

MeIr3

omw3

O31h

hBW

DqGF

qgJ

YAmc

/mt-8

9/wer

e-ins

pired

-ch

ristop

her-s

hann

ons-f

loral-

mens

wear

-mak

eup.j

pg

http://wiki.answers.com/Q/What_is_the_origin_of_the_phrase_'I_have_found_the_enemy_and_it_is_us'




36 SET 2012

Algunas referencias importantes


37 SET 2012



38 SET 2012



39 SET 2012



40 SET 2012



41 SET 2012



42 SET 2012



43 SET 2012



44 SET 2012



45 SET 2012



46 SET 2012



47 SET 2012



48 SET 2012



49 SET 2012

" ... to define a common language for describing IA work and work components, in order to provide commercial certification providers and training vendors with targeted information to enhance their learning offerings.”

Fuente: IT Security EBK: A Competency and Functional Framework for IT Security Workforce Development Section 1. Introduction. http://www.us-cert.gov/ITSecurityEBK/EBK2008.pdf

information assurance


Fuente: http://ris.fashion.telegraph.co.uk/RichImageService.svc/imagecontent/1/TMG7843655/p/milan_versace_gett_1662788a.jpg


50 SET 2012


Fuente: iTTi


51 SET 2012

Fuente: www.SegurInfo.org

[email protected]

Business

Unas reflexiones sobre la ciberguerra (Spanish)