Upload
angus
View
116
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Chapter 14: Cyber Warfare: An Architecture for Deterrence. Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions. Introduction to Cyber Warfare and Cyber Deterrence. - PowerPoint PPT Presentation
Citation preview
Lecture Materials for the John Wiley & Sons book:Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
April 21, 2023 DRAFT 1
Chapter 14: Cyber Warfare: An Architecture for Deterrence
Introduction to Cyber Warfare and Cyber Deterrence •Over 120 countries are actively conducting
cyber operations, primarily espionage•It is estimated that the Chinese have over
100,000 activity duty cyber warriors, and over independent 80,000 hackers, who often carry out mission in the national interest•As stated in CNCI #10, cyber deterrence is
a “strategy that will deter interference and attack in cyberspace… and developing appropriate responses by both state and non-state actors.”
04/21/23 DRAFT 2Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Methodology and Assumptions •Cyber deterrence is a cutting edge
research problem, a very difficult one, in particular because attributing cyber activities is so difficult due to the technology•This research approach considers:
–National Security Goals–Cyber Warfare Laws & Treaties–Strategic Functions–Solutions Architecture for Cyber Deterrence–Technical Functions
04/21/23 DRAFT 3Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Methodology & Assumptions 2
04/21/23 DRAFT 4Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Cyber Deterrence Challenges•Assigning attribution–Internet technology makes it relatively
easy to misdirect attribution to other parties•Unpredictability of cyber attack
impacts•Potential damage due to counter-
retaliation•Nation states, non-state actors, and
individuals are at a peer level, all capable of waging attacks•No clear legal framework exists
04/21/23 DRAFT 5Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Legal and Treaty Assumptions•Legality of cyber operations should be
clarified in national and international treaties (allowing for non-disclosure)•Monitoring of suspected remote servers
should be allowed,and attacked if they are non-life-critical, because servers used for attack may belong to unaware 3rd parties•Use of 3rd party servers should be defined
unlawful according to the laws of war•International investigations should be
enabled
04/21/23 DRAFT 6Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
04/21/23 DRAFT 7Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Cyber Deterrence Strategy
Used in the bookWith permission fromThe RAND Corporation[Libicki 2010]
Cyber Deterrence Retaliation Probabilities (Sample)
04/21/23 DRAFT 8Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Used in the bookWith permission fromThe RAND Corporation[Libicki 2010]
Reference Model
04/21/23 DRAFT 9Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Attacker Conceptual Architecture
04/21/23 DRAFT 10Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Conceptual Application Architecture: Rapid Attribution
04/21/23 DRAFT 11Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Conceptual Information Architecture: Sample Record
•RECORD: 1•{'IPv4 Address': '173.201.21.161', 'FTP Open on Port': '21',
'RDP Open on Port': '3389', 'Ping Response':'Alive', 'Attack Organization': 'Aurora', 'Attack Role': 'Control Server'}•RECORD: 2•{'IPv4 Address': '69.164.192.46', 'Ping Response':'Alive',
'Attack Organization': 'Aurora', 'Attack Role': 'Control Server'}•RECORD: 3•{'IPv4 Address': '168.95.1.1', 'Ping Response':'Alive',
'Attack Organization': 'Aurora', 'Attack Role': 'Control Server'}•RECORD: 4•{'IPv4 Address': '203.69.66.1', 'Ping Response':'Alive',
'Attack Organization': 'Aurora', 'Attack Role': 'Control Server’}
04/21/23 DRAFT 12Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Architectural Prototypes•Bot with Threaded Scanning•Botnet with Distributed Scanning
04/21/23 DRAFT 13Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Performance Actuals Performance Projected
REVIEW Chapter Summary
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
04/21/23 DRAFT 14