Upload
morgan-bryant
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
1 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
INFORMATION WARFARE
Part 3: TheoryAdvanced Course in Engineering
2005 Cyber Security Boot CampAir Force Research Laboratory Information Directorate, Rome, NY
M. E. Kabay, PhD, CISSPAssoc. Prof. Information Assurance
Program Direction, MSIADivision of Business & Management, Norwich University
Northfield, Vermont mailto:[email protected] V: 802.479.7937
2 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Topics
08:00-08:15 Introductions & Overview08:15-09:00 Fundamental Concepts09:05-11:55 Case Histories13:15-15:15 INFOWAR Theory15:30-16:00 Project Assignments
3 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Topics
What is INFOWAR?Schwartau’s Levels of INFOWARExamples of IW levelsMilitary Approaches to IW
4 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
What is INFOWAR?
Use of or attacks on information and information infrastructure to achieve strategic objectives
Tools in hostilities among NationsTrans-national groups (companies, NGOs,
associations, interest groups, terrorists)Corporate entities (corporations,
companies, government agencies)Individuals
5 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Dorothy Denning’s Nutshell
Information Warfare and Security (1999). ACM Press (ISBN 0-201-43303-6).
Offensive information warfare operations alter availability and integrity of information resourcesBenefit of offense & detriment to defenseOffense acquires greater access to infoDefense loses all or partial access to infoIntegrity of information diminished
6 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Denning’s Theory of INFOWAR
Information resources include people & toolsContainersTransportersSensorsRecordersProcessors
Value of resource differsOver timeTo different people
7 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Psyops in Cyberspace
Digital “photographs” may not be photographsAudio “recordings” may not be recordingsLog files may be fictionOpinion polls may be nonsenseElection results may be fixedConspiracy theories may be trueReferences may be nonexistentFacts may be illusory (see article “Junk Science”)History may be recreation
8 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Schwartau’s Levels of INFOWAR I: Against individuals
Theft, impersonationExtortion, blackmailDefamation, racism
II: Against organizationsIndustrial espionageSabotageCompetitive & stock manipulation
III: Against nationsDisinformation, destabilizationInfrastructure destabilizationEconomic collapse
9 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Military Approaches to IW
HUMINT INTELCOINTEL
SIGINTCOMINTELINTFISINT
MASINT IMINT TECHNINT OSINT
Human intelligence IntelligenceCounterintelligence
Signals intelligenceCommunicationsElectronicForeign Instrumentation
Measurement & signals Imagery Technical information Open source intelligence
10 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Information Warfare: Chaos on the Electronic Superhighway (1996.05)Winn Schwartau, The Security Awareness Co.OverviewMilitary Model Must Reflect Changes in
WarfareWhat Is War?
11 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Schwartau’s View (1996.05)
OverviewNational economies increasingly virtual
Most money no longer tangibleEspionage increasing for economic benefits
14% increase in espionage according to FBIMust resolve problem of defending against
powerful technology not limited to military use Should define defensive posture against
potential enemies’ capabilities, not perceived motivations
12 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Schwartau’s View (1996.05)
Military Model & Changes in WarfareMilitary systems are not necessarily the prime
targets of attackPsyops increasingly important: manipulation
of perceived reality using the gullibility of the mass media
Attacks on software: increasing the failure rates of systems even when people are trying to reduce errors
Denial of service increasing: airports, phone systems, banks
13 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Schwartau’s View (1996.05)
What Is War?Physical attacks are no longer the only basis
for defining acts of warWhat will military and civil response be to
concerted attack on civilian / industrial infrastructure?taking down the banksinterfering with air-traffic controldamaging productivity of major industries
…and if this is war, what is the response?
14 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Schwartau’s View (1996.05)
Destruction vs Reducing CompetitivenessQuestion: in a free-market world, not
necessary to destroy enemy; need merely render less competitive
Response from Schwartau:US govt must defend country, yet military
limited to physical warfareClassifying EW threats is foolish; should
educate civilian sectorShould define conditions for termination of
hostilities
15 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Schwartau’s View (1996.05)
How do we know who is attacking?Anonymity pervasive throughout cyberspaceStealth attacks natural consequence of
Internet architectureAgents can be hired without knowing their
handlersConventional intelligence services must wake
up to electronic threatsSee Information Warfare 1st Edition online
http://www.thesecurityawarenesscompany.com/chez/IW1-1.pdf
16 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
RAND on INFOWAR (1999.01)Strategic Information Warfare Rising
— The RAND Corporationmid-1998 (reported in press 1999.01)
Debate within the Pentagonwisdom of offensive information warfarecyberattacks on critical infrastructure worse
for US4 basic scenarios
U.S. supremacy in offense and defensive strategic IW
strategic IW elites — no first useglobal defensive dominance — arms controlmarket-based diversity — defend well,
recover fast
17 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
INFOWAR @ AAAS (1999.02)American Association for Advancement Science
(AAAS) panelists government private industry
INFOWAR real threatNeed better cooperation among law enforcement
officials around world catch culprits responsible for attacks
Changes international law extradiction suspects
Sceptics (e.g., Kevin Poulson) scoffedno electricity by now if IW threat so bad
19 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Kosovo Cyberwar (1999.03)
Attacks on US government & military agencies began 1999.03
Serbian hackersRetaliation for war against SerbsAs NATO bombing began in Serbia"Black Hand" hacker group"Serbian Angel" hackersWhite house Web site defaced
Red letters"Hackerz wuz Here“
20 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
European Basketball Contest (1999)
21 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Kosovo Cyberwar 1999.03
Kosovo conflict generated flurry hacking “First Internet War”“First CyberWar”“Web War I.”
Serbs & Albanians + supporters attacked each others' Web sites & NATO“If you're looking for truth visit
WWW.B92.NET”“SAMURAI RULLEZ!”
23 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Kosovo Cyberwar (1999.03)
Serbian viral attacks? mi2g security group
London EnglandNotorious for sensationalist headlines
Pro-Serbian cyberwarriors sending virus-laden e-mail to NATObusinesseshospitalsgovernment agencies
Concerted effort disrupt Kosovo air-war
25 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Asymmetric INFOWAR (1999.04)Countering New Terrorism
by I.O. Lesser B. Hoffman J. Arquilla D.F. Ronfeldt M. Zanini & B.M. Jenkins
New terrorism more diverse sources motivations tactics
More lethal global reachAsymmetric strategy
less-capable adversariespolitical violence
26 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
INFOWAR @ DoD: (1999.09)Marvin Langston
Deputy Assistant Secretary Defense (C3I) Office Secretary Defense's Deputy Chief
Information Officer National Defense University group September
Pentagon needs put more effort into defensive & offensive information technology
DoD's dependence commercial off-the-shelf software (COTS) impossible achieve information superiorityDoD must invest much more research
development for particular technological needs
28 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
INFOWAR? Nonsense, says Christy (1999.09)
US has never been target of information warfareJames Christy Defense-wide Information Assurance
Program (DIAP)Cybercriminals not cyberwarriorsFundamental difficulties responding
military has expertise computer crime butcannot help law enforcement agencies
without presidential directive
29 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
INFOWAR? Nonsense. (cont’d)Civilian sector ignorant of computer crime
countermeasuresCan’t tell cyberattacks under way
most victims keep information secretdon’t help law enforcement investigators
Precise attribution & blame extremely difficult in cyberspace — anonymity
Public favors privacy over cybercrime prevention & law enforcement — ignorance
Jurisdiction over cyberspace crimes confused — competing geographical claims
30 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
INFOWAR in Oz? (1999.10)
Foreign (US?) military site attacked Stocik Exchange late 1998?
Richard Humphrey Managing Director Australian Stock Exchange implied attacking site was in USA
“Foreign government” denied any possibility such attack from military site
Urged changes to Australian lawsmake it easier to try hackers present laws require criminal hackers be
apprehended in act of hacking
31 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
INFOWAR / China (1999.11)
Importance of INFOWAR grows in PRCChinese military newspaper Jiefangjun
Baoauthors Leng Binglin, Wang Ylin, Zhao
WenxiangFor maximum war role, must integrate
INFOWAR with other combat actionsCybersuperiority necessary but not sufficient
for military victory today
32 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
INFOWAR / China (2000.02)
Taiwan Research InstituteGird itself against information warfare
People's Republic China Elements IW:
disruption critical infrastructure disruption military C3I opsmisinformation campaigns damage economic activity lower morale on island before initiating
conventional warfare
34 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
INFOWARGAMES (1999.11)
Institute for Security Intelligence's Center for Technology Terrorism & Jane's Publications
War-game simulation (did not really hack) IRS primary targetFalse information, denial of serviceHack into IRS audit systemSend out millions audit & tax-due noticesTap into immigration control (Dept State) to
issue visas to known terroristsCreate fake documents — IRS investigating
personal lives members CongressLeak fakes to media + send fake compromising
photographs
36 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Critical Infrastructure Protection (1999.11)Information Technology Association of America
(ITAA) Statement of Principles Importance protecting national information
infrastructure Private industry: primary authorityLowest possible government regulation in critical
infrastructure protection Call for distinctions among cyber-mischief,
cybercrime, cyberwar Appropriate law enforcement agencies take
charge specific casesminimal jurisdictional confusionassurance clear legal basis for prosecution
38 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
German Government Plans Net Defenses
German plans for early-warning of hacker attacks (2001.05)
Build Computer Emergency Response Teams throughout country
Increased cooperation should permit rapid response to hacker attacks
39 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Republic of Korea warns of Cyber Attacks
ROK Ministry of Information and Communication issues warnings (2001.05)
Concern about US & (PRC) Chinese hackers using Korea as staging ground for INFOWAR
KISA launched special task force against US and Chinese attacks
Instructed Korean Internet-site operators to report unusual traffic at any time
40 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
US Warns of Military Response to Cyberattacks
Richard Clarke tells Senate Judiciary Committee of plans for retaliation (2002.02)
White House Technology Advisor says that cyberattack would be met “in any appropriate way: through covert action, through military action, any one of the tools available to the president.”*
In 2003.02, President Bush signed an order authorizing development of guidelines on unilateral or retaliatory cyberattacks against foreign computers and networks
*Question: HOW DO YOU KNOW FOR SURE WHO IS ATTACKING YOU?
41 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
STRATCOM focuses on Cyberwar
U.S. Strategic Command (Stratcom) will focus on computer network attack (2003.02)
Stratcom now in charge of global command, control, communications, computer, intelligence, surveillance and reconnaissance (C4ISR) capabilities
“All pieces of the enemy's system of systems that are valid military targets [are] on the table as we go about war planning.”
“…Unimportant whether we take out a computer center with a bomb or a denial-of-service program. If it's critical to the enemy and we go to war, it will be in our sights.”
42 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Cyberwar Games for US Military Cadets
West Point Cyber Defense Exercise pits military students against NSA experts (2004.04)
4-day exercise in April 2004NSA Red Team (“Red Cell”) attacked
networksNo hackbackNo sabotage
USMMA (Merchant Marine Academy) team won contest by maintaining services and recovering faster from attacks
43 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Cyberattack Implications StudiedCyberterror impact, defense under scrutiny
(2004.08)Coordinated cyberattack against U.S. could
topple parts of Internet, silence communications and commerce,paralyze federal agencies and businessesdisrupt $M in financial transactions, hang up air traffic control systems, deny access to emergency 911 services, shut down water supplies and interrupt power supplies to millions of homes
More than 2 dozen countries have “asymmetrical warfare” strategies
44 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
North Korea Ready for Cyberwar?
North Korea ready to launch cyber war (2004.10)
North Korea has trained more than 500 computer hackers capable of launching cyber warfare against the United States, South Korea's defense ministry says. In a report to the National Assembly's National Defense Committee, the ministry said that hackers from North Korea were among the best in the world.
--Agence France Presse
45 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Cyberterrorism by 2006?
Cyberterrorism a possibility in two years (2004.10)
Cyberterrorism could become a reality in 2006, a leading UK information security expert has said. Speaking at the SC Magazine Conference in London on Thursday, October 21, director of information security for Royal Mail David Lacey said that that the world would witness cyberterrorism within two years. Lacey said, “there is a lot of consistency in research that shows many of the real risks won't come to a crescendo until then. We know a lot about some of the trends coming. Real terrorists have not had the capability to carry out threats. But that will change as the stakes get higher.“
--ZDNet (UK)
46 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
New Cyberwar Command Center
Cyber warriors anticipate center (2005-02)
Personnel in the military's new cyberdefense organization hope to operate a new command center by late spring. The facility will include new hardware and software to help workers of the Joint Task Force-Global Network Operations (JTF-GNO) operate, manage and defend the military's 10 computer networks. "It will be a state-of-the-art facility," said Army Brig. Gen. Dennis Via, deputy commander of the JTF-GNO. He spoke Wednesday, February 23 at the Department of Defense Global Information Grid Enterprise Services conference held by the Association for Enterprise Integration, an industry trade group. The opening of the new command center coincides with JTF-GNO becoming fully operational.
--Federal Computer Week
47 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Chinese Cyberwar From South America? U.S. officials warn of Chinese intelligence and
cyberwarfare roles in Latin America (2005.04)
U.S. officials … warned about Chinese intentions to establish an intelligence and cyberwarfare beachhead in the [S. America]. Roger Noriega, assistant secretary of state for Latin America, and Rogelio Pardo−Maurer, the top Defense Department official for the Western Hemisphere, testified before a House panel [and] said China's interests in Latin America were mostly on the economic side, but warned that Beijing could also have an intelligence agenda as it increased trade with Latin America. Pardo−Maurer said that “we need to be alert to rapidly advancing Chinese capabilities, particularly in the fields of intelligence, communications and cyberwarfare, and their possible application in the region.”
--Miami Herald
48 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
DISCUSSION
49 Copyright © 2005 M. E. Kabay. All rights reserved. 13:15-15:15
Class Resumes at
15:30:11