Upload
julie-bruce
View
264
Download
9
Embed Size (px)
Citation preview
InformationInformationWarfare Warfare
Theory of Information WarfareTheory of Information Warfare
Reading listReading list
This lecture– Denning Chapters 2– Denning, D. E. Stuxnet: What Has Changed? Future Internet
2012, 4, 672-687. (.pdf)
CSCE 727 - Farkas 2
CSCE 727 - Farkas 3
Information Security: “The protection of information against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional.” (U.S. federal standards)
Information assurance: Information security + defensive information warfare
Information Warfare: Only intentional attacks + offensive operations
Information DominanceInformation Dominance
Information Dominance - a condition that results from the use of offensive and defensive information operations to build a comprehensive knowledge advantage at a time, place, and on decision issues critical to mission success – from the IW Site, http://www.iwar.org.uk/iwar/resources/info-dominance/issue-paper.htm
CSCE 727 - Farkas 4
CSCE 727 - Farkas 5
Information WarfareInformation Warfare
Information resourcesPlayersOffensive operationsDefensive operations
WIN-LOSE NATURE OF OPERATIONS
Way of ThinkingWay of Thinking S. R. Covey: 7 Habits of Highly Effective People Habit 4: Think Win-Win
– Character-based code for human interaction and competition
– Win-lose zero-sum game, competing for limited resources
– Win-win the ultimate winner? How are these direction affecting our (cyber)
future?
CSCE 727 - Farkas 6
CSCE 727 - Farkas 7
Value of ResourcesValue of Resources Exchange value
– Determined by market value– Quantifiable
Operational value– Determined by the benefits that can be derived from using the
resource– May no be quantifiable
May not be the same value for each player (offensive and defensive players)
Actual (before) and potential (after) value Give examples!
CSCE 727 - Farkas 8
PlayersPlayersOffense: motives, means, opportunity
– Insiders, hackers, criminals, corporations, government, terrorists
Defense: protection– Federal Bureau of Investigation– U.S., Secret Service– Department of Treasury– Department of Defense– National Institute of Standards and technology
ROLE OF GOVERNMENT
CSCE 727 - Farkas 9
Offensive Information WarfareOffensive Information Warfare
Target: particular information resources – resources does not need to be owned or managed by the defense
Objective: increase the value of the resource for the offense and decrease it for the defense
Gain: financial, strategic, thrill, etc. Loss (defense): financial, tactical, strategic,
reputation, human loss, etc.
CSCE 727 - Farkas 10
Cost of Information WarfareCost of Information Warfare
Monetary expensePersonal timeRisk of getting caughtPunishmentResources used Measuring cost of cyber attacks
CSCE 727 - Farkas 11
OffenseOffense
Increase availability of resourceDecrease integrity of resourceDecrease availability of resource for
defense
CSCE 727 - Farkas 12
DefenseDefense
Prevent availability of resource for offenseEnsure integrityEnsure availability
CSCE 727 - Farkas 13
Offense: Increased availabilityOffense: Increased availabilityCollection of secret:
– Espionage (illegal) and intelligence (may be legal)
PiracyPenetration (hacking)Superimposition fraudIdentity theft Perception management
CSCE 727 - Farkas 14
Offense: Decrease Availability Offense: Decrease Availability for Defensefor Defense
Physical theftSabotageCensorship
CSCE 727 - Farkas 15
Offense: Decreased IntegrityOffense: Decreased Integrity
TamperingPenetration
– Cover up– Virus, worm, malicious code
Perception management– Fabrication, forgeries, fraud, identity theft,
social engineering
CSCE 727 - Farkas 16
DefenseDefensePrevention: keeps attacks from occurringDeterrence: makes attack unattractiveIndications and warning: recognize attacks
before it occursDetection: recognize attacksEmergency preparedness: capability to
recover from and response to attacksResponse: actions taken after the attack
Playgrounds to BattlegroundsPlaygrounds to Battlegrounds
CSCE 727 - Farkas 18
IW ActivitiesIW Activities
Context of human actions and conflictDomains:
– Play: hackers vs. owners– Crime: perpetrators vs. victims– Individual rights: individuals vs.
individuals/organizations/government– National security: national level activities
CSCE 727 - Farkas 19
PlayPlay
Playing pranksActors: hackers/crackers/phreakersMotivation: challenge, knowledge, thrillCulture: social/educational
– “global networks”– publications– forums
Law
CSCE 727 - Farkas 20
Crime Crime
Intellectual Property Crimes– IT targets: research and development, manufacturing and
marketing plan, customer list, etc.– Attacker: insiders, formal insiders– 1996: Economic Espionage Act (U.S. Congress)
Fraud– Telemarketing scam, identity theft, bank fraud,
telecommunication fraud, computer fraud and abuse
Fighting crime
CSCE 727 - Farkas 21
CrimeCrime
Actors:– Employees– Temp. staff– Vendors– Suppliers– Consultants
Trade secrets Identity theft Law
CSCE 727 - Farkas 22
Individual RightsIndividual Rights
Privacy– Secondary use of information
Free speech– Harmful/disturbing speech– Theft and distribution of intellectual property– Censorship
CSCE 727 - Farkas 23
National SecurityNational Security Foreign Intelligence
– Peace time: protecting national interests Open channels, human spies, electronic surveillance, electronic
hacking (?)
– War time: support military operations– U.S. Intelligence Priorities:
Intelligence supporting military needs during operation Intelligence about hostile countries Intelligence about specific transnational threats
– Central Intelligence Agency (CIA)– Primary targets in U.S.A.: high technology and defense-
related industry
CSCE 727 - Farkas 24
War and Military ConflictWar and Military Conflict
IT support, e.g., sensors, weapons, surveillance, etc.
Psyops and perception managementPhysical weapons (?)Cyber space battle (?) Unmanned devices (?)
CSCE 727 - Farkas 25
Terrorism Terrorism
Traditional:– Intelligence collection– Psyops and perception management
New forms:– Exploitation of computer technologies
Internet propaganda Cyber attacks (electronic mail flooding, DOS, etc.)
Protection of national infrastructure
CSCE 727 - Farkas 26
ProjectProject
CSCE 727 - Farkas 27
Sample ProjectsSample Projects Title: Mobile application security Title: Military Open Source Intelligence Title: Signal Security Title: Social Networking and Cyber Security Title: Peer-to-Peer File Sharing and Fair Use Title: Security for Unmanned Systems Title: (Semantic) Web Security Title: Electronic Distribution of Copyrighted Materials via Peer-to-
Peer Anonymous Networks Title: Echelon Title: Deception Detection Data Origin Authentication Title: Surveillance System and Legal Evidence