SlideShare a Scribd company logo

Cyber war or business as usual

E
EnclaveSecurity

Are we near the point of cyber-armageddon or are we simply engaged in a new reality of information security priorities? Are the attacks being discovered daily against private sector and public federal systems somehow unique and new, or are they simply the new reality of cyberspace? Organizations are regularly forced to make difficult decisions about how best to protect their information systems. Executives daily open the newspaper to find another example of effective cyber attacks and hacking. How do organizations know when security mechanisms are enough to keep their data safe? In an effort to answer this question and respond to mounting cyber incidents worldwide, the US federal government has been engaging in numerous efforts to secure cyberspace. But what are they and will they be enough? In this presentation James Tarala, a Senior Instructor with the SANS Institute and a Principal Consultant at Enclave Security, will describe current efforts and the tools being offered to help citizens and protect cyberspace.

News & Politics
1 of 33
CyberWar or Business as Usual? The State of International CyberSecurity Initiatives James Tarala, Enclave Security
Fear, Fear, Scary Fear Actual headlines from the news: – “Cyberwar declared as China hunts for the West’s intelligence secrets” – The Times of London – “China has declared a cyber war: NATO” – The Times of London – “Cyber War: Sabotaging the System” – 60 Minutes – “Is Israel at Cyber War with Iran?” – ABC News – “FBI Warns Brewing Cyberwar May Have Same Impact as Well-Placed Bomb” – Fox News – “Cyber Warriors” – The Atlantic – “Iran Arrests 30 Accused Of U.S.-Backed Cyberwar” - Darkreading CyberWar or Business as Usual? © Enclave Security 2010 2
Is CyberWar Real? • It depends on who you ask… • The media today has realized that cyber-anything sells • So you can’t help but hear about: – CyberWar – China hacking everyone – The Advanced Persistent Threat (APT) – Russian organized crime & CyberCrime – Stolen credit cards & identities CyberWar or Business as Usual? © Enclave Security 2010 3
Some Say No… “There is no cyberwar…” Howard Schmidt, US Cyber-Security Coordinator “I think that is a terrible metaphor and I think that is a terrible concept, There are no winners in that environment (Wired).” CyberWar or Business as Usual? © Enclave Security 2010 4
Some Say Yes… "We can anticipate that adversarial actors will make cyberspace a battle front in future warfare… Even today, intrusions and espionage into our networks, as well as cyber-incidents abroad, highlight the unprecedented and diverse challenges we face in the battle for information.“ – Gen. Kevin Chilton, USAF "Cyber is a domain, just as land, sea, air, and space are domains. God made those four domains; you made the fifth one. God did a better job.“ – Gen. Michael Hayden , Former USAF / Director of the CIA CyberWar or Business as Usual? © Enclave Security 2010 5
Some Say Yes… “This right has not been specifically established by legal precedent to apply to attacks in cyberspace, it is reasonable to assume that returning fire in cyberspace, as long as it complied with law of war principles... would be lawful.“ – Gen. Keith Alexander, Cybercom "The big question is can a cyber attack invoke a physical response? The answer is we don't know what the appropriate response is to cyber war against a NATO ally, or what is the appropriate response by a NATO ally to an attack on us.“ – Mark Rasch, Former Head of DoJ Cybercrime Unit CyberWar or Business as Usual? © Enclave Security 2010 6
What is Real? • CyberWar is real • CyberEspionage is real • CyberCrime is real • However, all three need to be defined • Appropriate responses need to be defined • Rules of engagement for nations / organizations / individuals need to be defined CyberWar or Business as Usual? © Enclave Security 2010 7
First, the Origin of “Cyber” • First coined by William Gibson (cyberspace), in his 1982 short story, Burning Chrome • A later book, Necromancer, defines it further • In 2000 he said, “All I knew about the word "cyberspace" when I coined it, was that it seemed like an effective buzzword. It seemed evocative and essentially meaningless. It was suggestive of something, but had no real semantic meaning, even for me, as I saw it emerge on the page.” CyberWar or Business as Usual? © Enclave Security 2010 8
CyberWar – Defined • Unfortunately there is no agreed upon definition for any cyber related terms • Therefore we will take “cyber” out of the equation • War can be defined as (Encarta): 1. armed fighting between groups: a period of hostile relations between countries, states, or factions that leads to fighting between armed forces, especially in land, air, or sea battles "The two countries are at war." 2. period of armed fighting: a period of armed conflict between countries or groups "during the Vietnam War" 3. conflict: a serious struggle, argument, or conflict between people "The candidates are at war." CyberWar or Business as Usual? © Enclave Security 2010 9
A CyberWar Example • Attacks began 4/27/2007 • Included DDoS, web defacement, & spam attacks against the government, businesses, & individuals • Initiated after movement of Bronze Soldier of Tallinn • Russian gov’t denied involvement • Attributed to single Estonian citizen, or various hacktivists CyberWar or Business as Usual? © Enclave Security 2010 10
Another CyberWar Example • South Ossetia War of 2008 • Attacks began 8/5/2008, three days prior to Russian invasion • Attacks included DDoS attacks against news agencies & government sites primarily • Attribution never established officially, again hacktivists are blamed CyberWar or Business as Usual? © Enclave Security 2010 11
More CyberWar Examples • 1982 – US alters code managing Russian natural gas pipeline • 1998 – US hacks into Serbian air defense systems prior to bombing attacks against targets • 2006 – Israel blames Hezbollah for hacking Israeli sites during 2nd Lebanon War • 2007 – Various Kyrgyz websites & ISPs targeted with DoS attack during election by unknown actor • 2009 – Various Iranian government websites targeted in response to elections CyberWar or Business as Usual? © Enclave Security 2010 12
CyberEspionage – Defined • Unfortunately there is no agreed upon definition for any cyber related terms • Therefore we will take “cyber” out of the equation • Espionage (spying) can be defined as (Encarta): 1. Somebody employed to obtain secret information: an employee of a government who seeks secret information in or from another country, especially about military matters 2. Employee who obtains information about rivals: an employee of a company who seeks secret information about rival organizations 3. Secret observer of others: a watcher of other people in secret CyberWar or Business as Usual? © Enclave Security 2010 13
A CyberEspionage Example • Attack made public 4/2009 • Attack primarily involved theft of military secrets • Specifically, electronics & design specifications for the F35 project • Information could be used to better defend against the fighters • No official attribution declared, many speculate Chinese origins CyberWar or Business as Usual? © Enclave Security 2010 14
Another CyberEspionage Example • Attack occurred Winter 2009/2010 • Believed to utilize a 0-day exploit in IE6 • Primary target was breach of confidential search engine code & email accounts • Again attribution never officially determined, but again Chinese have been blamed CyberWar or Business as Usual? © Enclave Security 2010 15
More CyberEspionage Examples • 1996 – 2003 – “Titan Rain” attacks against US military targets from alleged Chinese sources • 1996 – 1998 – “Moonlight Maze” attacks against US military, energy, and university targets from alleged Russian sources • 2007 – “Digital Pearl Harbor” attacks against US military networks by unknown national actor • 2009 – “GhostNet” revealed by researchers as an attack against numerous US interests by alleged Chinese sources • 2009 – Unknown national actors attack US & South Korean government facilities from alleged North Korean sources CyberWar or Business as Usual? © Enclave Security 2010 16
CyberCrime – Defined • Unfortunately there is no agreed upon definition for any cyber related terms • Therefore we will take “cyber” out of the equation • Crime can be defined as (Encarta): 1. An illegal act: an action prohibited by law or a failure to act as required by law 2. An illegal activity: activity that involves breaking the law 3. An immoral act: an act considered morally wrong 4. An unacceptable act: a shameful, unwise, or regrettable act CyberWar or Business as Usual? © Enclave Security 2010 17
An Example of CyberCrime • Attack occurred 11/8/2008 • Primarily a financial theft, stealing $9.5 million from user bank accounts • Utilized stolen bank cards, raised their withdraw limit, & used mules to withdraw funds from distributed ATMs • Attribution back to 4 individuals from Eastern European nations CyberWar or Business as Usual? © Enclave Security 2010 18
More CyberCrime Examples • 1/2009 Heartland Payment Systems (130+ million) • 4/2009 Oklahoma Dept of Human Services (1 million) • 4/2009 Oklahoma Housing Finance Agency (225,000) • 5/2009 University of California (160,000) • 7/2009 Network Solutions (573,000) • 10/2009 U.S. Military Veterans Administration (76 million) • 10/2009 BlueCross BlueShield Assn. (187,000) • 12/2009 Eastern Washington University (130,000) • 1/2010 Lincoln National Corporation (1.2 million) • 3/2010 Educational Credit Management Corp (3.3 million) CyberWar or Business as Usual? © Enclave Security 2010 19
The Problem of Attribution • One of the biggest challenges responders face is the issue of attributing attacks to known actors • Attribution: “the ascribing of something to somebody or something, e.g. a work of art to a specific artist or circumstances to a specific cause (Encarta).” • How can incident responders attribute an attack to a bad actor? – IP address / MAC address ? – Coding signatures ? – Public announcements / credit ? CyberWar or Business as Usual? © Enclave Security 2010 20
Admitting to Offensive Capabilities • Which nations admit to having offensive CyberWarfare capabilities? • So far, only the following have stepped forward publically: – The United States (CyberCom) – The United Kingdom (Office of Cyber Security) – South Korea (Cyber Warfare Centre) • The following nations do not deny this capability: – France, Germany – Israel – India, Russia – North Korea, Iran CyberWar or Business as Usual? © Enclave Security 2010 21
One Response to the Attribution Issue • Hold countries responsible for the actions that occur within it’s IP address ranges • “Since the price of entry is so low, and … it’s difficult to prove state sponsorship, one of the thoughts … is to just be uninterested in that distinction and to actually hold states responsible for that activity emanating from their cyberspace… Whether you did [the attack yourself] or not, the consequences for that action [coming from your country] are the same.” – Gen. Michael Hayden CyberWar or Business as Usual? © Enclave Security 2010 22
The US Response So what has the US done since Jan 2009: – Commissioned Melissa Hathaway to perform a 60 day CyberSecurity review of US federal systems – Appointed Howard Schmidt as Cyber Security Coordinator – Proposed numerous pieces of legislation – Authorized the creation of CyberCom – Confirmed Gen. Keith Alexander as the head of CyberCom – Assigned the DHS responsibility for protecting non DoD federal computing systems – Made recommendations for continuous monitoring & assessment controls CyberWar or Business as Usual? © Enclave Security 2010 23
60 Day Cyber Security Review Recommendations from the Review: 1. Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities 2. Prepare an updated national strategy to secure the information and communications infrastructure 3. Designate cybersecurity as one of the President’s key management priorities and establish performance metrics. 4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate. 5. Formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government.
60 Day Cyber Security Review (2) Recommendations from the Review (cont): 6. Initiate a national public awareness and education campaign to promote cybersecurity 7. Develop U.S. Government positions for an international cybersecurity policy 8. Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement 9. Develop a framework for research and development strategies that focus on game-changing technologies 10. Build a cybersecurity-based identity management vision and strategy
CyberSecurity Legislation • Data Breach Notification Act, S 139 • Data Accountability and Trust Act, HR 2221 • International Cybercrime Reporting and Cooperation Act, S 1438 and HR 4692 • Cybersecurity Enhancement Act, HR 4061 • FISMA II, S. 921 • Intelligence Authorization Act, HR 2071 • Cybersecurity Act of 2009, S 773 • The Grid Reliability and Infrastructure Defense Act, HR 5026 • Energy and Water Appropriations Act 2010 CyberWar or Business as Usual? © Enclave Security 2010 26
US Military Security Efforts Creation of a Central Cyber Command: – Referred to as Cybercom – To be led by Director of the National Security Agency (NSA) Gen. Keith Alexander – To be located at Fort Meade – To have both defensive and offensive capabilities – Will centrally coordinate all DoD cyber defensive activities – Will assist private industry with “Perfect Citizen” program – This is in addition to numerous commands within each of the branches of service
DARPA’s Contribution • “The National Cyber Range program demonstrates the government’s commitment to incubate and create incentives for game- changing technological innovation.” • “Test new “leap-ahead” concepts and capabilities required to protect U.S. interests against a growing, worldwide cyber threat.”
So, what’s next? • “The times they are a changin” – Bob Dylan • Let’s be definitive with our terms • Not everything is a “Cyber War” • But, that doesn’t mean that bad things aren’t happening • There is a “new normal” – business as usual • Clearly electronic / cyber elements will be involved in future nation state conflicts • Nations / organizations / individuals need to know how to respond & mostly how to protect themselves CyberWar or Business as Usual? © Enclave Security 2010 29
An International Response • Nation states need to agree on terms & appropriate response • A “Cyber Treaty” agreed to internationally makes sense • A new version of the Geneva Convention, that specifically addresses the changing nature of warfare & technology • Russian proposed such a treaty in 1998 – never materialized • 15 nations currently considering such a treaty • Hamadoun Toure of the ITU has also proposed the idea • Many questions still exist, specifically how to enforce & hold nations accountable for attacks CyberWar or Business as Usual? © Enclave Security 2010 30
An Organization’s Response • “Quit whining, act like a man and defend yourself.” – Gen. Michael Hayden • Practically how do we make this happen? – Decide how important information & systems are to you – Determine how bad you really want to protect that information – Dedicate resources to the issue – Consider a control framework that focuses on a methods for deterring directed cyber attacks CyberWar or Business as Usual? © Enclave Security 2010 31
20 Critical Controls / CAG • “This consensus document of 20 crucial controls is designed to begin the process of establishing that prioritized baseline of information security measures and controls (CAG)” • 20 specific control categories meant to provide a prioritized response to these attacks • A chance for the cyber offense to inform the defense • Controls based on the principles of continuous monitoring & automation • Resources are limited, therefore let’s start with those controls that have the biggest impact in creating defensible systems CyberWar or Business as Usual? © Enclave Security 2010 32
Further Questions • If you have further questions & want to talk more… • James Tarala – E-mail: james.tarala@enclavesecurity.com – Twitter: @isaudit, @jamestarala – Blog: http://www.enclavesecurity.com/blogs/ • Resources for further study: – CSIS & SANS 20 Critical Controls – OMB Memorandum M-10-15 – NIST Security Control Automation Protocol (SCAP) CyberWar or Business as Usual? © Enclave Security 2010 33

Recommended

About cyber war
About cyber warAbout cyber war
About cyber wareugenvaleriu
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreJamie Moore
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 
Cyberwarfare
CyberwarfareCyberwarfare
CyberwarfareSpace Defense Newsletter
 
Cyber war
Cyber warCyber war
Cyber warPraveen
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ssMaira Asif
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Digicomp Academy AG
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfareshifahirani
 

Recommended

About cyber war
About cyber warAbout cyber war
About cyber wareugenvaleriu
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreJamie Moore
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )Sameer Paradia
 
Cyberwarfare
CyberwarfareCyberwarfare
CyberwarfareSpace Defense Newsletter
 
Cyber war
Cyber warCyber war
Cyber warPraveen
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ssMaira Asif
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Digicomp Academy AG
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfareshifahirani
 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -ideaflashed
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
 
Cyberwar threat to national security
Cyberwar threat to national securityCyberwar threat to national security
Cyberwar threat to national securityTalwant Singh
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India ReadyDinesh O Bareja
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introductionjagadeesh katla
 
Cyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrenceCyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrenceBikrant Gautam
 
Cyberwar: (R)evolution?
Cyberwar: (R)evolution?Cyberwar: (R)evolution?
Cyberwar: (R)evolution?zapp0
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosCommonwealth Telecommunications Organisation
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Ajay Serohi
 
The Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismPierluigi Paganini
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat Mishra
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011hassanzadeh20
 
Honeypots in Cyberwar
Honeypots in CyberwarHoneypots in Cyberwar
Honeypots in CyberwarMehdi Poustchi Amin
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorismAbdul Rehman
 
Kenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warMarioEliseo3
 
CYBER AWARENESS
CYBER AWARENESSCYBER AWARENESS
CYBER AWARENESSEDUJIE DOMINIC IGHODALO
 
Top 5 Cyber Threats of 2014
Top 5 Cyber Threats of 2014Top 5 Cyber Threats of 2014
Top 5 Cyber Threats of 2014The eCore Group
 
Us gov't building hacker army for cyber war yahoo! news
Us gov't building hacker army for cyber war yahoo! newsUs gov't building hacker army for cyber war yahoo! news
Us gov't building hacker army for cyber war yahoo! newsMarioEliseo3
 
Vol7no2 ball
Vol7no2 ballVol7no2 ball
Vol7no2 ballMarioEliseo3
 
Chap 5 online security and payment systems
Chap 5 online security and payment systemsChap 5 online security and payment systems
Chap 5 online security and payment systemsNorisuwanah Jaffar
 
CenPOS EBPP Electronic Bill Presentment & Payment Enterprise Level III Solution
CenPOS EBPP Electronic Bill Presentment & Payment Enterprise Level III SolutionCenPOS EBPP Electronic Bill Presentment & Payment Enterprise Level III Solution
CenPOS EBPP Electronic Bill Presentment & Payment Enterprise Level III Solution3D Merchant powered by CenPOS
 

More Related Content

What's hot

CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
 
Cyberwar threat to national security
Cyberwar threat to national securityCyberwar threat to national security
Cyberwar threat to national securityTalwant Singh
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India ReadyDinesh O Bareja
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introductionjagadeesh katla
 
Cyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrenceCyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrenceBikrant Gautam
 
Cyberwar: (R)evolution?
Cyberwar: (R)evolution?Cyberwar: (R)evolution?
Cyberwar: (R)evolution?zapp0
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Ajay Serohi
 
The Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismPierluigi Paganini
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat Mishra
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011hassanzadeh20
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
 
Kenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warMarioEliseo3
 
Top 5 Cyber Threats of 2014
Top 5 Cyber Threats of 2014Top 5 Cyber Threats of 2014
Top 5 Cyber Threats of 2014The eCore Group
 
Us gov't building hacker army for cyber war yahoo! news
Us gov't building hacker army for cyber war yahoo! newsUs gov't building hacker army for cyber war yahoo! news
Us gov't building hacker army for cyber war yahoo! newsMarioEliseo3
 

What's hot (20)

Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
 
Cyberwar threat to national security
Cyberwar threat to national securityCyberwar threat to national security
Cyberwar threat to national security
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
 
Cyber warfare introduction
Cyber warfare introductionCyber warfare introduction
Cyber warfare introduction
 
Cyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrenceCyber warfare an architecture for deterrence
Cyber warfare an architecture for deterrence
 
Cyberwar: (R)evolution?
Cyberwar: (R)evolution?Cyberwar: (R)evolution?
Cyberwar: (R)evolution?
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015
 
The Role Of Technology In Modern Terrorism
The Role Of Technology In Modern TerrorismThe Role Of Technology In Modern Terrorism
The Role Of Technology In Modern Terrorism
 
Shubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.pptShubhrat.presentationfor cybercrime.ppt
Shubhrat.presentationfor cybercrime.ppt
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
 
Honeypots in Cyberwar
Honeypots in CyberwarHoneypots in Cyberwar
Honeypots in Cyberwar
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Kenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-warKenneth geers-sun-tzu-and-cyber-war
Kenneth geers-sun-tzu-and-cyber-war
 
CYBER AWARENESS
CYBER AWARENESSCYBER AWARENESS
CYBER AWARENESS
 
Top 5 Cyber Threats of 2014
Top 5 Cyber Threats of 2014Top 5 Cyber Threats of 2014
Top 5 Cyber Threats of 2014
 
Us gov't building hacker army for cyber war yahoo! news
Us gov't building hacker army for cyber war yahoo! newsUs gov't building hacker army for cyber war yahoo! news
Us gov't building hacker army for cyber war yahoo! news
 
Vol7no2 ball
Vol7no2 ballVol7no2 ball
Vol7no2 ball
 

Viewers also liked

Chap 5 online security and payment systems
Chap 5 online security and payment systemsChap 5 online security and payment systems
Chap 5 online security and payment systemsNorisuwanah Jaffar
 
CenPOS EBPP Electronic Bill Presentment & Payment Enterprise Level III Solution
CenPOS EBPP Electronic Bill Presentment & Payment Enterprise Level III SolutionCenPOS EBPP Electronic Bill Presentment & Payment Enterprise Level III Solution
CenPOS EBPP Electronic Bill Presentment & Payment Enterprise Level III Solution3D Merchant powered by CenPOS
 
Online Security and Payment System - PayPal
Online Security and Payment System - PayPalOnline Security and Payment System - PayPal
Online Security and Payment System - PayPalgaschan
 
electronic bill payment and presentment
electronic bill payment and presentmentelectronic bill payment and presentment
electronic bill payment and presentmenttejinderubs
 
E commerce security
E commerce securityE commerce security
E commerce securityShakti Singh
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 

Viewers also liked (6)

Chap 5 online security and payment systems
Chap 5 online security and payment systemsChap 5 online security and payment systems
Chap 5 online security and payment systems
 
CenPOS EBPP Electronic Bill Presentment & Payment Enterprise Level III Solution
CenPOS EBPP Electronic Bill Presentment & Payment Enterprise Level III SolutionCenPOS EBPP Electronic Bill Presentment & Payment Enterprise Level III Solution
CenPOS EBPP Electronic Bill Presentment & Payment Enterprise Level III Solution
 
Online Security and Payment System - PayPal
Online Security and Payment System - PayPalOnline Security and Payment System - PayPal
Online Security and Payment System - PayPal
 
electronic bill payment and presentment
electronic bill payment and presentmentelectronic bill payment and presentment
electronic bill payment and presentment
 
E commerce security
E commerce securityE commerce security
E commerce security
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 

Similar to Cyber war or business as usual

Securing Indian Cyberspace Shojan
Securing Indian Cyberspace ShojanSecuring Indian Cyberspace Shojan
Securing Indian Cyberspace ShojanShojan Jacob
 
Network security threats ahmed s. gifel
Network security threats ahmed s. gifelNetwork security threats ahmed s. gifel
Network security threats ahmed s. gifelAhmed Tememe
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 
RULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARRULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARTalwant Singh
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismRichard Stiennon
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Kenneth Carnesi, JD
 
Cybercrime
CybercrimeCybercrime
CybercrimeSERCOD
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docxalinainglis
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinAFCEA International
 

Similar to Cyber war or business as usual (20)

Is the us engaged in a cyber war
Is the us engaged in a cyber warIs the us engaged in a cyber war
Is the us engaged in a cyber war
 
Cyber Wars.pptx
Cyber Wars.pptxCyber Wars.pptx
Cyber Wars.pptx
 
Securing Indian Cyberspace Shojan
Securing Indian Cyberspace ShojanSecuring Indian Cyberspace Shojan
Securing Indian Cyberspace Shojan
 
Network security threats ahmed s. gifel
Network security threats ahmed s. gifelNetwork security threats ahmed s. gifel
Network security threats ahmed s. gifel
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
 
RULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARRULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWAR
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber Realism
 
Hacking (1)
Hacking (1)Hacking (1)
Hacking (1)
 
Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01Infosecurity2013nl 131103184054-phpapp01
Infosecurity2013nl 131103184054-phpapp01
 
Cyber security mis
Cyber security misCyber security mis
Cyber security mis
 
Cyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinarCyber security lifting the veil of hacking webinar
Cyber security lifting the veil of hacking webinar
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Do it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 PresentationDo it Best Corp. Techapalooza 2013 Presentation
Do it Best Corp. Techapalooza 2013 Presentation
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security Protection
 
The Cybersecurity Mess
The Cybersecurity MessThe Cybersecurity Mess
The Cybersecurity Mess
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert Lin
 

More from EnclaveSecurity

Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseEnclaveSecurity
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseEnclaveSecurity
 
Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellEnclaveSecurity
 
Enterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security AssessmentsEnterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security AssessmentsEnclaveSecurity
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsEnclaveSecurity
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsEnclaveSecurity
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementEnclaveSecurity
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security failEnclaveSecurity
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionEnclaveSecurity
 
Recent changes to the 20 critical controls
Recent changes to the 20 critical controlsRecent changes to the 20 critical controls
Recent changes to the 20 critical controlsEnclaveSecurity
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsEnclaveSecurity
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controlsEnclaveSecurity
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controlsEnclaveSecurity
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerEnclaveSecurity
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewallsEnclaveSecurity
 

More from EnclaveSecurity (17)

Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized Defense
 
The CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for DefenseThe CIS Critical Security Controls the International Standard for Defense
The CIS Critical Security Controls the International Standard for Defense
 
Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShell
 
Enterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security AssessmentsEnterprise PowerShell for Remote Security Assessments
Enterprise PowerShell for Remote Security Assessments
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security Assessments
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare Technology
 
An Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security AssessmentsAn Introduction to PowerShell for Security Assessments
An Introduction to PowerShell for Security Assessments
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to Measurement
 
Governance fail security fail
Governance fail security failGovernance fail security fail
Governance fail security fail
 
The intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protectionThe intersection of cool mobility and corporate protection
The intersection of cool mobility and corporate protection
 
Recent changes to the 20 critical controls
Recent changes to the 20 critical controlsRecent changes to the 20 critical controls
Recent changes to the 20 critical controls
 
Prioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controlsPrioritizing an audit program using the 20 critical controls
Prioritizing an audit program using the 20 critical controls
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controls
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
 
Its time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primerIts time to rethink everything a governance risk compliance primer
Its time to rethink everything a governance risk compliance primer
 
Benefits of web application firewalls
Benefits of web application firewallsBenefits of web application firewalls
Benefits of web application firewalls
 

Recently uploaded

Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...narsireddynannuri1
 
Israel Palestine Conflict, The issue and historical context!
Israel Palestine Conflict, The issue and historical context!Israel Palestine Conflict, The issue and historical context!
Israel Palestine Conflict, The issue and historical context!Krish109503
 
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's DevelopmentNara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Developmentnarsireddynannuri1
 
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docxkfjstone13
 
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
29042024_First India Newspaper Jaipur.pdf
29042024_First India Newspaper Jaipur.pdf29042024_First India Newspaper Jaipur.pdf
29042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...Diya Sharma
 
30042024_First India Newspaper Jaipur.pdf
30042024_First India Newspaper Jaipur.pdf30042024_First India Newspaper Jaipur.pdf
30042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
TDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s Leadership
TDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s LeadershipTDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s Leadership
TDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s Leadershipanjanibaddipudi1
 
Embed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdhEmbed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdhbhavenpr
 
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptxLorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptxlorenzodemidio01
 
BDSM⚡Call Girls in Sector 135 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 135 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 135 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 135 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreieGujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreiebhavenpr
 
Minto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptxMinto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptxAwaiskhalid96
 
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkoEmbed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkobhavenpr
 
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书Fi L
 
Julius Randle's Injury Status: Surgery Not Off the Table
Julius Randle's Injury Status: Surgery Not Off the TableJulius Randle's Injury Status: Surgery Not Off the Table
Julius Randle's Injury Status: Surgery Not Off the Tableget joys
 
28042024_First India Newspaper Jaipur.pdf
28042024_First India Newspaper Jaipur.pdf28042024_First India Newspaper Jaipur.pdf
28042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...Axel Bruns
 

Recently uploaded (20)

Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
 
Israel Palestine Conflict, The issue and historical context!
Israel Palestine Conflict, The issue and historical context!Israel Palestine Conflict, The issue and historical context!
Israel Palestine Conflict, The issue and historical context!
 
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's DevelopmentNara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
 
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
 
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
 
29042024_First India Newspaper Jaipur.pdf
29042024_First India Newspaper Jaipur.pdf29042024_First India Newspaper Jaipur.pdf
29042024_First India Newspaper Jaipur.pdf
 
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
 
30042024_First India Newspaper Jaipur.pdf
30042024_First India Newspaper Jaipur.pdf30042024_First India Newspaper Jaipur.pdf
30042024_First India Newspaper Jaipur.pdf
 
TDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s Leadership
TDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s LeadershipTDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s Leadership
TDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s Leadership
 
Embed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdhEmbed-4.pdf lkdiinlajeklhndklheduhuekjdh
Embed-4.pdf lkdiinlajeklhndklheduhuekjdh
 
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptxLorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
Lorenzo D'Emidio_Lavoro sullaNorth Korea .pptx
 
BDSM⚡Call Girls in Sector 135 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 135 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 135 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 135 Noida Escorts >༒8448380779 Escort Service
 
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Greater Noida Escorts >༒8448380779 Escort Service
 
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreieGujarat-SEBCs.pdf pfpkoopapriorjfperjreie
Gujarat-SEBCs.pdf pfpkoopapriorjfperjreie
 
Minto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptxMinto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptx
 
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopkoEmbed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
Embed-2 (1).pdfb[k[k[[k[kkkpkdpokkdpkopko
 
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
如何办理(BU学位证书)美国贝翰文大学毕业证学位证书
 
Julius Randle's Injury Status: Surgery Not Off the Table
Julius Randle's Injury Status: Surgery Not Off the TableJulius Randle's Injury Status: Surgery Not Off the Table
Julius Randle's Injury Status: Surgery Not Off the Table
 
28042024_First India Newspaper Jaipur.pdf
28042024_First India Newspaper Jaipur.pdf28042024_First India Newspaper Jaipur.pdf
28042024_First India Newspaper Jaipur.pdf
 
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
AI as Research Assistant: Upscaling Content Analysis to Identify Patterns of ...
 

Cyber war or business as usual

  • 1. CyberWar or Business as Usual? The State of International CyberSecurity Initiatives James Tarala, Enclave Security
  • 2. Fear, Fear, Scary Fear Actual headlines from the news: – “Cyberwar declared as China hunts for the West’s intelligence secrets” – The Times of London – “China has declared a cyber war: NATO” – The Times of London – “Cyber War: Sabotaging the System” – 60 Minutes – “Is Israel at Cyber War with Iran?” – ABC News – “FBI Warns Brewing Cyberwar May Have Same Impact as Well-Placed Bomb” – Fox News – “Cyber Warriors” – The Atlantic – “Iran Arrests 30 Accused Of U.S.-Backed Cyberwar” - Darkreading CyberWar or Business as Usual? © Enclave Security 2010 2
  • 3. Is CyberWar Real? • It depends on who you ask… • The media today has realized that cyber-anything sells • So you can’t help but hear about: – CyberWar – China hacking everyone – The Advanced Persistent Threat (APT) – Russian organized crime & CyberCrime – Stolen credit cards & identities CyberWar or Business as Usual? © Enclave Security 2010 3
  • 4. Some Say No… “There is no cyberwar…” Howard Schmidt, US Cyber-Security Coordinator “I think that is a terrible metaphor and I think that is a terrible concept, There are no winners in that environment (Wired).” CyberWar or Business as Usual? © Enclave Security 2010 4
  • 5. Some Say Yes… "We can anticipate that adversarial actors will make cyberspace a battle front in future warfare… Even today, intrusions and espionage into our networks, as well as cyber-incidents abroad, highlight the unprecedented and diverse challenges we face in the battle for information.“ – Gen. Kevin Chilton, USAF "Cyber is a domain, just as land, sea, air, and space are domains. God made those four domains; you made the fifth one. God did a better job.“ – Gen. Michael Hayden , Former USAF / Director of the CIA CyberWar or Business as Usual? © Enclave Security 2010 5
  • 6. Some Say Yes… “This right has not been specifically established by legal precedent to apply to attacks in cyberspace, it is reasonable to assume that returning fire in cyberspace, as long as it complied with law of war principles... would be lawful.“ – Gen. Keith Alexander, Cybercom "The big question is can a cyber attack invoke a physical response? The answer is we don't know what the appropriate response is to cyber war against a NATO ally, or what is the appropriate response by a NATO ally to an attack on us.“ – Mark Rasch, Former Head of DoJ Cybercrime Unit CyberWar or Business as Usual? © Enclave Security 2010 6
  • 7. What is Real? • CyberWar is real • CyberEspionage is real • CyberCrime is real • However, all three need to be defined • Appropriate responses need to be defined • Rules of engagement for nations / organizations / individuals need to be defined CyberWar or Business as Usual? © Enclave Security 2010 7
  • 8. First, the Origin of “Cyber” • First coined by William Gibson (cyberspace), in his 1982 short story, Burning Chrome • A later book, Necromancer, defines it further • In 2000 he said, “All I knew about the word "cyberspace" when I coined it, was that it seemed like an effective buzzword. It seemed evocative and essentially meaningless. It was suggestive of something, but had no real semantic meaning, even for me, as I saw it emerge on the page.” CyberWar or Business as Usual? © Enclave Security 2010 8
  • 9. CyberWar – Defined • Unfortunately there is no agreed upon definition for any cyber related terms • Therefore we will take “cyber” out of the equation • War can be defined as (Encarta): 1. armed fighting between groups: a period of hostile relations between countries, states, or factions that leads to fighting between armed forces, especially in land, air, or sea battles "The two countries are at war." 2. period of armed fighting: a period of armed conflict between countries or groups "during the Vietnam War" 3. conflict: a serious struggle, argument, or conflict between people "The candidates are at war." CyberWar or Business as Usual? © Enclave Security 2010 9
  • 10. A CyberWar Example • Attacks began 4/27/2007 • Included DDoS, web defacement, & spam attacks against the government, businesses, & individuals • Initiated after movement of Bronze Soldier of Tallinn • Russian gov’t denied involvement • Attributed to single Estonian citizen, or various hacktivists CyberWar or Business as Usual? © Enclave Security 2010 10
  • 11. Another CyberWar Example • South Ossetia War of 2008 • Attacks began 8/5/2008, three days prior to Russian invasion • Attacks included DDoS attacks against news agencies & government sites primarily • Attribution never established officially, again hacktivists are blamed CyberWar or Business as Usual? © Enclave Security 2010 11
  • 12. More CyberWar Examples • 1982 – US alters code managing Russian natural gas pipeline • 1998 – US hacks into Serbian air defense systems prior to bombing attacks against targets • 2006 – Israel blames Hezbollah for hacking Israeli sites during 2nd Lebanon War • 2007 – Various Kyrgyz websites & ISPs targeted with DoS attack during election by unknown actor • 2009 – Various Iranian government websites targeted in response to elections CyberWar or Business as Usual? © Enclave Security 2010 12
  • 13. CyberEspionage – Defined • Unfortunately there is no agreed upon definition for any cyber related terms • Therefore we will take “cyber” out of the equation • Espionage (spying) can be defined as (Encarta): 1. Somebody employed to obtain secret information: an employee of a government who seeks secret information in or from another country, especially about military matters 2. Employee who obtains information about rivals: an employee of a company who seeks secret information about rival organizations 3. Secret observer of others: a watcher of other people in secret CyberWar or Business as Usual? © Enclave Security 2010 13
  • 14. A CyberEspionage Example • Attack made public 4/2009 • Attack primarily involved theft of military secrets • Specifically, electronics & design specifications for the F35 project • Information could be used to better defend against the fighters • No official attribution declared, many speculate Chinese origins CyberWar or Business as Usual? © Enclave Security 2010 14
  • 15. Another CyberEspionage Example • Attack occurred Winter 2009/2010 • Believed to utilize a 0-day exploit in IE6 • Primary target was breach of confidential search engine code & email accounts • Again attribution never officially determined, but again Chinese have been blamed CyberWar or Business as Usual? © Enclave Security 2010 15
  • 16. More CyberEspionage Examples • 1996 – 2003 – “Titan Rain” attacks against US military targets from alleged Chinese sources • 1996 – 1998 – “Moonlight Maze” attacks against US military, energy, and university targets from alleged Russian sources • 2007 – “Digital Pearl Harbor” attacks against US military networks by unknown national actor • 2009 – “GhostNet” revealed by researchers as an attack against numerous US interests by alleged Chinese sources • 2009 – Unknown national actors attack US & South Korean government facilities from alleged North Korean sources CyberWar or Business as Usual? © Enclave Security 2010 16
  • 17. CyberCrime – Defined • Unfortunately there is no agreed upon definition for any cyber related terms • Therefore we will take “cyber” out of the equation • Crime can be defined as (Encarta): 1. An illegal act: an action prohibited by law or a failure to act as required by law 2. An illegal activity: activity that involves breaking the law 3. An immoral act: an act considered morally wrong 4. An unacceptable act: a shameful, unwise, or regrettable act CyberWar or Business as Usual? © Enclave Security 2010 17
  • 18. An Example of CyberCrime • Attack occurred 11/8/2008 • Primarily a financial theft, stealing $9.5 million from user bank accounts • Utilized stolen bank cards, raised their withdraw limit, & used mules to withdraw funds from distributed ATMs • Attribution back to 4 individuals from Eastern European nations CyberWar or Business as Usual? © Enclave Security 2010 18
  • 19. More CyberCrime Examples • 1/2009 Heartland Payment Systems (130+ million) • 4/2009 Oklahoma Dept of Human Services (1 million) • 4/2009 Oklahoma Housing Finance Agency (225,000) • 5/2009 University of California (160,000) • 7/2009 Network Solutions (573,000) • 10/2009 U.S. Military Veterans Administration (76 million) • 10/2009 BlueCross BlueShield Assn. (187,000) • 12/2009 Eastern Washington University (130,000) • 1/2010 Lincoln National Corporation (1.2 million) • 3/2010 Educational Credit Management Corp (3.3 million) CyberWar or Business as Usual? © Enclave Security 2010 19
  • 20. The Problem of Attribution • One of the biggest challenges responders face is the issue of attributing attacks to known actors • Attribution: “the ascribing of something to somebody or something, e.g. a work of art to a specific artist or circumstances to a specific cause (Encarta).” • How can incident responders attribute an attack to a bad actor? – IP address / MAC address ? – Coding signatures ? – Public announcements / credit ? CyberWar or Business as Usual? © Enclave Security 2010 20
  • 21. Admitting to Offensive Capabilities • Which nations admit to having offensive CyberWarfare capabilities? • So far, only the following have stepped forward publically: – The United States (CyberCom) – The United Kingdom (Office of Cyber Security) – South Korea (Cyber Warfare Centre) • The following nations do not deny this capability: – France, Germany – Israel – India, Russia – North Korea, Iran CyberWar or Business as Usual? © Enclave Security 2010 21
  • 22. One Response to the Attribution Issue • Hold countries responsible for the actions that occur within it’s IP address ranges • “Since the price of entry is so low, and … it’s difficult to prove state sponsorship, one of the thoughts … is to just be uninterested in that distinction and to actually hold states responsible for that activity emanating from their cyberspace… Whether you did [the attack yourself] or not, the consequences for that action [coming from your country] are the same.” – Gen. Michael Hayden CyberWar or Business as Usual? © Enclave Security 2010 22
  • 23. The US Response So what has the US done since Jan 2009: – Commissioned Melissa Hathaway to perform a 60 day CyberSecurity review of US federal systems – Appointed Howard Schmidt as Cyber Security Coordinator – Proposed numerous pieces of legislation – Authorized the creation of CyberCom – Confirmed Gen. Keith Alexander as the head of CyberCom – Assigned the DHS responsibility for protecting non DoD federal computing systems – Made recommendations for continuous monitoring & assessment controls CyberWar or Business as Usual? © Enclave Security 2010 23
  • 24. 60 Day Cyber Security Review Recommendations from the Review: 1. Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities 2. Prepare an updated national strategy to secure the information and communications infrastructure 3. Designate cybersecurity as one of the President’s key management priorities and establish performance metrics. 4. Designate a privacy and civil liberties official to the NSC cybersecurity directorate. 5. Formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government.
  • 25. 60 Day Cyber Security Review (2) Recommendations from the Review (cont): 6. Initiate a national public awareness and education campaign to promote cybersecurity 7. Develop U.S. Government positions for an international cybersecurity policy 8. Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement 9. Develop a framework for research and development strategies that focus on game-changing technologies 10. Build a cybersecurity-based identity management vision and strategy
  • 26. CyberSecurity Legislation • Data Breach Notification Act, S 139 • Data Accountability and Trust Act, HR 2221 • International Cybercrime Reporting and Cooperation Act, S 1438 and HR 4692 • Cybersecurity Enhancement Act, HR 4061 • FISMA II, S. 921 • Intelligence Authorization Act, HR 2071 • Cybersecurity Act of 2009, S 773 • The Grid Reliability and Infrastructure Defense Act, HR 5026 • Energy and Water Appropriations Act 2010 CyberWar or Business as Usual? © Enclave Security 2010 26
  • 27. US Military Security Efforts Creation of a Central Cyber Command: – Referred to as Cybercom – To be led by Director of the National Security Agency (NSA) Gen. Keith Alexander – To be located at Fort Meade – To have both defensive and offensive capabilities – Will centrally coordinate all DoD cyber defensive activities – Will assist private industry with “Perfect Citizen” program – This is in addition to numerous commands within each of the branches of service
  • 28. DARPA’s Contribution • “The National Cyber Range program demonstrates the government’s commitment to incubate and create incentives for game- changing technological innovation.” • “Test new “leap-ahead” concepts and capabilities required to protect U.S. interests against a growing, worldwide cyber threat.”
  • 29. So, what’s next? • “The times they are a changin” – Bob Dylan • Let’s be definitive with our terms • Not everything is a “Cyber War” • But, that doesn’t mean that bad things aren’t happening • There is a “new normal” – business as usual • Clearly electronic / cyber elements will be involved in future nation state conflicts • Nations / organizations / individuals need to know how to respond & mostly how to protect themselves CyberWar or Business as Usual? © Enclave Security 2010 29
  • 30. An International Response • Nation states need to agree on terms & appropriate response • A “Cyber Treaty” agreed to internationally makes sense • A new version of the Geneva Convention, that specifically addresses the changing nature of warfare & technology • Russian proposed such a treaty in 1998 – never materialized • 15 nations currently considering such a treaty • Hamadoun Toure of the ITU has also proposed the idea • Many questions still exist, specifically how to enforce & hold nations accountable for attacks CyberWar or Business as Usual? © Enclave Security 2010 30
  • 31. An Organization’s Response • “Quit whining, act like a man and defend yourself.” – Gen. Michael Hayden • Practically how do we make this happen? – Decide how important information & systems are to you – Determine how bad you really want to protect that information – Dedicate resources to the issue – Consider a control framework that focuses on a methods for deterring directed cyber attacks CyberWar or Business as Usual? © Enclave Security 2010 31
  • 32. 20 Critical Controls / CAG • “This consensus document of 20 crucial controls is designed to begin the process of establishing that prioritized baseline of information security measures and controls (CAG)” • 20 specific control categories meant to provide a prioritized response to these attacks • A chance for the cyber offense to inform the defense • Controls based on the principles of continuous monitoring & automation • Resources are limited, therefore let’s start with those controls that have the biggest impact in creating defensible systems CyberWar or Business as Usual? © Enclave Security 2010 32
  • 33. Further Questions • If you have further questions & want to talk more… • James Tarala – E-mail: james.tarala@enclavesecurity.com – Twitter: @isaudit, @jamestarala – Blog: http://www.enclavesecurity.com/blogs/ • Resources for further study: – CSIS & SANS 20 Critical Controls – OMB Memorandum M-10-15 – NIST Security Control Automation Protocol (SCAP) CyberWar or Business as Usual? © Enclave Security 2010 33

Editor's Notes

  1. Are we near the point of cyber-armageddon or are we simply engaged in a new reality of information security priorities? Are the attacks being discovered daily against private sector and public federal systems somehow unique and new, or are they simply the new reality of cyberspace? Organizations are regularly forced to make difficult decisions about how best to protect their information systems. Executives daily open the newspaper to find another example of effective cyber attacks and hacking. How do organizations know when security mechanisms are enough to keep their data safe? In an effort to answer this question and respond to mounting cyber incidents worldwide, the US federal government has been engaging in numerous efforts to secure cyberspace. But what are they and will they be enough? In this presentation James Tarala, a Senior Instructor with the SANS Institute and a Principal Consultant at Enclave Security, will describe current efforts and the tools being offered to help citizens and protect cyberspace.
  2. http://ricks.foreignpolicy.com/posts/2010/04/16/here_comes_cyber_command_but_it_probably_will_be_headed_by_a_human