3. CYBER WAR
The use of computer technology, most prominently the
internet, in order to disrupt, deny or degrade the
capabilities of an adversary, to an extent that it
cripples its day to day activities
To degrade the capabilities of an adversary with
ultimate goal of coercing adversary for a political
purpose, besides hacking into the servers, stealing
• The Soviet Union planned to steal software from a Canadian company to control its Trans-Siberian
• the CIA alters the software to cause the pipeline to explode.
• A hacker tracked to Germany by a researcher in US over a period of 10 months
• First recorded case of such investigation
• Morris worm shuts down 10% of internet
• First case of conviction for cyber crime
• Computers hacked at the Rome Air Development Center at Griffiss Air Force Base New York by
anonymous hacker and sensitive data stolen
• The NSA conducts a test, known as Eligible Receiver, to assess the vulnerability of government and
military computers to a cyberattack
• DoD establishes Joint Task force to defend computer networks
• The worm named Code Red affects computer networks running a Microsoft operating system. Some
websites, including the White House site, are disabled.
• Operation Titan Rain : US targeted allegedly by China for stealing info Vulnerable systems .
• Estonia experiences DoS for 22 days by the hackers believed to be backed by Russian Government.
• British and US Government officials alleged that official emails accounts hacked by PLA
• Georgia faces DDoS attack and blames Russia for that. Media Transportation and Government
Computer Networks crippled
• First case of data stealing through a flash drive using covert program at US base in Middle East.
• Israel Government sites subjected to Spam mail to the tune of 15 million emails per second. Israel
• 103 country including Indian Government and embassies computers hacked allegedly by China,
• Sensitive information stolen from Ministry of Defence Computers in India, suspect is China
• Stuxnet cripples Iranian Nuclear installation.
• Pentagon Declares Cyber War as Fifth domain
• IMF computers hacked , fingers point towards China
• Hackers delete hard drives of 30k computers in Saudi oil company.
• Military Wing of HAMAS carry out massive DDoS against nine US banks.
• U.S. Secretary of Defense Leon Panetta warns that the U.S. must protect itself against a “Cyber Pearl
• The New York Times Website shut down for 20 hours by Syrian Electronic Army.
• Chinese hackers had breached the computer network of the Office of Personnel Management in March.
• The computer networks of Sony Pictures were hacked, allegedly by North Korea
• The Russian hackers penetrated the email archives of White House and State Dept. officials
correspondence with President Barack Obama.
9. CYBER WAR
• Transition in dimensions of warfare from
physical to Cyber space.
• Assumed importance as fifth dimension.
• Security of cyberspace based on traditional
axioms of threats
• Affects Confidentiality, Integrity and
Availability besides new realm of Data
10. CYBER WAR
• Cyber warfare is closely related to other
aspects of cyber threats such as cyber crime,
cyber terrorism, cyber espionage and cyber
• Cyber war also includes the development
and implementation of security strategies to
defend against such attack mechanisms.
11. CYBER WAR
• At least 12 of the world’s 15 largest military powers
are currently building cyber warfare programs,
according to James Lewis, a cyber security expert at
the Center for Strategic and International Studies.
• The US has had a major influence on the
development of cyberspace by virtue of the fact that
much of the initial infrastructure and use was
centered in that country and it continues to be a
major force in its development and use.
• Admitted to having a dedicated Cyber War launching
• According to the cyber security firm Mandiant, the People’s
Liberation Army (PLA) has been using an elite cyber warfare
unit based in Shanghai to launch hundreds of cyber attacks
targeting mainly American.
• The unit, officially known as Unit 61398, operates under the
PLA’s Second Bureau of the General Staff Department’s (GSD)
• The PLA’s Unit 61398 is known for its use of zero-day exploits.
According to Mandiant, Unit 61398’s informal name was APT1
due to their skill at successfully carrying out advanced persistent
threats. Rajeev Chauhan
• China has “reached out” to people with the
necessary cyber skills in the IT sector and
academic community to help fill any gaps in
state expertise and personnel when needed.
• In October 2014, the FBI issued a warning
that a Chinese hacking collective known as
Axiom has been engaged in a sophisticated
campaign to steal valuable data from U.S.
• Taiwan’s National Security Bureau (NSB) has
identified another unit of the GSD’s Third
Department that is involved in cyber-
activities.(source Taipei Times)
• China’s cyber capabilities are organized by a
strategy involving “to establish information
• Information dominance refers to:
– taking and maintaining control of an adversary’s access
to its own information, and
– disrupting the flow of information necessary for
“decision-making or combat operations.”
• United States Cyber Command (USCYBERCOM) is
an armed forces sub-unified command subordinate
to United States Strategic Command and centralizes
command of cyberspace operations, organizes existing
cyber resources and synchronizes defense of U.S.
military networks. (wiki).
• The Army Cyber Command (ARCYBER) is an Army
component command for the U.S. Cyber Command:
– Army Network Enterprise Technology Command / 9th
Army Signal Command
– Portions of 1st Information Operations Command (Land)
– United States Army Intelligence and Security
Command will be under the operational control of
ARCYBER for cyber-related actionsRajeev Chauhan
• Marine Corps Forces Cyberspace Command
• Navy Cyber Forces
• Twenty-Fourth Air Force with following components
– 67th Network Warfare Wing
– 688th Information Operations Wing
– 689th Combat Communications Wing
• United States Tenth Fleet, consisting of
– Naval Network Warfare Command
– Navy Cyber Defense Operations Command
– Naval Information Operation Commands
– Combined Task Forces Rajeev Chauhan
• Cyberwarfare in the United States is the United States
Cyber Command's military strategy of Proactive Cyber
Defence and the use of cyber warfare as a platform for
• The five pillars is the framework for the United States
military strategy for cyber warfare.
– Cyberspace as new warfare domain
– Proactive defense
– Critical infra protection
– Collective defense
– Maintain and enhance the advantage of technological change
• Britain will create a new cyber unit which will be known
as the Joint Cyber Reserve.(2013)
– will be tasked primarily with defending the UK against cyber
– will also have the capability to launch strikes where deemed
• Ministry of Defence (MoD) will be looking to employ
hundreds of IT experts who will be responsible for
defending the nation’s critical data and computer
• Cyber defences blocked around 400,000 advanced
malicious cyber threats against the government’s secure
internet alone Rajeev Chauhan
• An Army unit, called the 77th Brigade, is set up to
help fight the cyberwars of the future.
– Made up from reservists as well as regulars from all three
services of the armed forces.
– The team is modelled on the Chindits, a specialist unit
which fought in Burma during the Second World War.
– “clinical cyber strikes” could be used to disable key
military assets such as nuclear and chemical weapons,
enemy communications and other tools of war.
(Government Communication Head Quarter)
• GCHQ is an intelligence and security organisation, working to
keep Britain safe and secure in the challenging environment of
• GCHQ strives to ensure that life in the UK isn't compromised
through cyber attack or on-line serious crime, employing some
of the world's leading experts on Information Security (how do
• GCHQ and its sister agencies, MI5 and the Secret Intelligence
Service, could not tackle the cyber challenges "at scale"
without greater support from the private sector, including the
largest US technology companies which dominate the web.
27. NORTH KOREA
• Cyber attacks like the one inflicted by the North
Korean government on Sony are just the opening
skirmishes before the outbreak of a hugely
dangerous cyber war that is inevitable.
• North Korea has natural cyber-defenses
– it only has about 1,000 IP addresses,
– it has only very few computers so its 'terrain' is very
• Recent references in cooperation with US in spying on Asian
countries, especially India.
• Australian Signals Directorate with support from the Defence
Science and Technology Organisation has developed new cyber
offensive capabilities in 2014, to carryout,
– Access, modify and Delete Data remotely
– Dissemination of False Information
– Penetration of FW protecting Avionics of targets, inserting Trojan
• Part of 5-Eye partners....US, UK, Canada, Australia and New
• IDF has announced in June
– Establish a Cyber Command within two years.
– Includes Military Intelligence and C4I Telecommunications division.
• Contribute towards the overall IDF Cyber Potential.
• Challenges would be to attain both long range planning and
precise execution capabilities at different level with optimal
degree of operational flexibility in both offensive and defensive
• DMI’s 8200 signal intelligence unit was handling int collection
and offensive missions, whereas C4I directorate was handling
cyber defensive missions.
• Salient points:-
– The cyber command will be in charge of both the buildup and
– DMIs working in cyber space in conjunction with conventional
intelligence gathering missions has not contributed to overall
– Synergy between DMIs intelligence gathering and offensive
setup with various cyber units.
– Reciprocal data gathering and dissemination amongst other
– Maximum operational cooperation and coordination between
New Command and other IDF forces and units
– Coordination with civilian agencies like National Cyber
Bureau and Cyber Authority.Rajeev Chauhan
• Since November 2010, an organization called “The Cyber
Defense Command” has been operating in Iran under the
supervision of the country’s “Passive Civil Defense
Organization” a subdivision of the Joint Staff of Iranian
• According to a 2014 report by Institute for National
Security Studies, Iran is "one of the most active players in
the international cyber arena“.
• In June 2010, Iran was the victim of a cyber attack when
its nuclear facility in Natanz was infiltrated by the cyber-
worm ‘Stuxnet’. Thereafter it has learnt a lot and
developed a potent cyber warfare capabilities.
• It has been claimed that Russian security services
organized a number of denial of service attacks as a part
of their Cyber-warfare against other countries, most
– 2007 cyber attacks on Estonia
– 2008 cyber attacks on South Ossetia, Georgia, and Azerbaijan.
• The Russian government had been fostering and financing
the Nashi youth organization for more than years. Nashi
members were involved in the Estonia cyber attacks of
2007, Georgian govt websites in 2008 and targeted
individual Georgian supporters in 2009
• Since 2010, Russia like the U.S., China and other
countries has made dual use information security
research and development a top priority at dozens of
top research institutes and universities.
• At least twelve institutes provide world-class
instruction to their graduates in dual use
information security and electronic warfare
technologies, who are then hired by the Security
Services and Ministry of Defense for offensive and
• In the Netherlands Cyber Defense is nationally coordinated by the
National Cyber Security Center (NCSC).
• The Dutch Ministry of Defense laid out a cyber strategy in 2011.
• The first focus is to improve the cyber defense handled by the
Joint IT branch (JIVC).
• Joint Sigint Cyber Unit (JSCU) has been setup with an aim to
improve intel operations in the Netherlands (including the
military intel organization MIVD)
• The Ministry of Defense has set up an offensive cyber force,
called Defense Cyber Command (DCC)
• In 2013, Germany admitted the existence of their 60-
person Computer Network Operation unit.
• The German intelligence agency, BND, announced that his
agency had observed up to five attacks a day on
government authorities, thought mainly to originate in
• After Edward Snowden leaked details of the U.S. National
Security Agency's cyber surveillance system, Germany
announced that the BND would be given an additional
budget of 100 million Euros to increase their cyber
36. INDIA: Why?
• Cyber Attacks affecting national infrastructure through
– Sensitive information leaks….Confidentiality
– Malicious programs effecting critical operations and
applications like power, communication etc…..
– Denial of Services, bringing down critical financial and
banking infrastructure….effecting their Availability.
• Attack on availability of CII is grave in nature as it has
direct impact on national assets and their functioning.
• All types of threats to be addressed in any National
Cyberspace Protection Policies and Procedures.
37. INDIA: Where do we stand?
• Indian Cyberspace subjected to frequent attacks by
China, Pakistan, US, UK, Bangladesh, Anonymous
• Cyber Security Policies …implementation?
• Agencies..CERT-IN, NTRO, NCCC(National Cyber
Coord Committee), NATGRID, NCIIPC
• Potent offensive capabilities
• Capability to sustain
• Disaster management and continuity plan
• Robustness of CII
38. • Chinese are focused…are we!
• Offensive and Defensive capability….