Your SlideShare is downloading. ×
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
CWFI   Presentation Version 1
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

CWFI Presentation Version 1

881

Published on

Presentation on cyber warfare, recent examples, current capabilities of the major players, and issues relating to the advancement of cyber warfare and cyber security in the United States. The Cyber …

Presentation on cyber warfare, recent examples, current capabilities of the major players, and issues relating to the advancement of cyber warfare and cyber security in the United States. The Cyber War Forum Initiative is promoted for its role in solving many elements of the issues facing the US.

Published in: Technology, Business
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total Views
881
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
1
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. The Cyber Warfare Initiative the Good, the Bad, and the Ugly LiveSquare Security www.LiveSquare.com
  • 2. Overview
    • Cyber Warfare – hype?
    • 3. Cyber what?
    • 4. A recent example
    • 5. The Players
    • 6. Why Now?
  • 11. Cyber Warfare - Hype?
    • ” Moonlight Maze” - 1999 – attributed to Russia
    • 12. ” Titan Rain” - started 2003 Titan Rain hackers gained access to many U.S. computer networks, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA. China.
    • 13. Estonia – March 2007, Ukrain – November 2007
    • 14. Lithuania – June 2008, Georgia – November 2008, Kyrgistan 2008
    • 15. ” GhostNet” – 2008 to present – China, KyLin OS (BSD or ???)
    • 16. DOD, White House, Congress, Lockheed Martin (F35 fighter)
    • 17. Dali Lama, Germany, France, India, Australia
    • 18. Iran
    • 19. The battle is fought every day.
      • If you run a network, and do not think you are being attacked...
  • 20. Cyber What?
    • Cyber Warfare
      • Structured seeking / intercepting / manipulating / destroying of industrial, military, economic, and social data and information systems.
      • 21. ” Everyone is attacking everyone.”
      • 22. Country vs. Country, Entity vs. Country, Entity vs. Entitiy, Entity vs. Individual
    • Why?
      • Money – western and eastern countries have publically admitted that data gathered of industrial value is passed to domestic industries. Acceleration. R & D efficiency, etc. - also a neat way to fund attackers and their toys. Money laundering.
      • 23. Political / Military – strategic asset identification. Intelligence, Target optimization. Economic pressure and articulation. Revenge. Combined kinetic and info attack to paralyze enemy, disinform, weaken, force them to expend resources.
      • 24. Social – why are you targeted? Why did/does Isreal socially map US phone calls? If you own a business, are in IT, or especially if you operate a security consulting practice why does your web site get visited daily by folks in China? Why is Identity Theft so huge? Do you facilitate money laundering?
  • 25. Cyber war: What to do
    • Disrupt communications – military, business, personal
    • 26. Disrupt and mix up commercial / financial transactions
      • Steal money – move it away, delete it
    • Use combination of internal and external propaganda sources to confuse / scare population and disorient ”response” entities, limit international response
    • 27. Cause enemy to expend resources and time on futile tasks
    • 28. Create crisis of confidence in enemy's currency, leadership, perceived stability, etc
    • 29. Modify / Destroy information sources, infrastructure, systems – change reality / history
  • 30. A Recent Example: Iran
    • ” hacktivisim”
      • Austin Heap – IT guy in SF giving people instructions on how to set-up proxies to defeat state based censorship, then gave how-to do that, then how-to attack Iran's government servers. 87 countries offer proxies. Thousands of proxies. Most blocked. Iran fights back and dDOS' his servers.
      • 31. Twitter – stopped regular maintenance to aid coordination of dissent in Iran. Aided by State Dept. and a few others.
      • 32. Hundreds of folks around the world trying to make new ”pathways” out from Iran to send news, online video, social networking sites, and Twitter.
    • Response
      • Iran shuts down and shifts its Internet connections, they are back up... Values domestic intelligence gathering over PR losses?
      • 33. The monitoring capability was provided, at least in part, by a joint venture of Siemens AG, the German conglomerate, and Nokia Corp., the Finnish cellphone company, in the second half of 2008, Ben Roome, a spokesman for the joint venture, confirmed. Source WSJ
      • 34. Iran uses kinetic attack to stop university students from communicating to the outside world. Students killed.
      • 35. Iran plays whack-a-mole with phones, sat phones, ”rogue” Internet connections
      • 36. Bans all foreign media, blocks farsi news sites outside Iran, etc.
      • 37. Iran declares an ”official end” to freedom of expression, people reject this...
      • 38. Using a phone, if you mention the wrong keyword, your line goes dead
      • 39. Pro-iran regime “hacktivists” breach the U of Oregon and leave a message...
  • 40. Lessons Learned
    • Governments cannot control the Internet in their country
      • China is failing continually, Iran has failed
      • 41. ” Turning off the Internet” does as much damage as good
      • 42. Choking resources does not work
        • Proxies, non-terrestrial communications, radio relay
    • dDOS of resources can be stopped
      • Just block / blackhole the IP space of the aggressors
    • The flow and the information / content is as valuable as kinetic capability
      • Truth and perception thereof is based on who can still talk.
  • 43. Cyber War - The Players
    • More than 120 countries have or are developing cyber warfare capability.
    • 44. China – National network configuration enhancing cyber defense, KyLin, ”green dam”, email trojans – known to have penetrated 103 countries, especially email systems. - military value
    • 45. RBN – email malware, identity theft, BOTnets
    • 46. The Brits, Israel (info and kinetic e.g. Gaza), Palestinians, Islamic Jihad, Al Qaeda, Russia to Uzbekistan relating to American Base.
    • 47. Anyone who wants to play
  • 48. Cyber War - The Players
    • The West
      • Estonia Cyber Defense Center of Excellence (CCD COE) - an academic cyber think tank that deals quite a bit with technical analysis of cyber events and discussion of international cyber policy to include the legal aspects of cyber warfare. (NATO) Does no monitoring, only analysis.
      • 49. The Cyber Warfare Forum Initiative – US and allies
      • 50. A big mess of agencies and players with many unresolved issues.
    • The East
      • Hundreds of cyber warfare groups funded by China, Russia, North Korea
      • 51. Formal and excellent training in hacking / cracking systems
      • 52. Financial funding and rewards for success to anyone
      • 53. Russian Business Network and other organized crime
      • 54. The East has a plan is is doing well
  • 55. The Players in Depth - China
    • Track record of success on a large scale
      • w/ Plausible deniability, RBN via China?, Trojan hardware
    • Significant funding
      • Committed to advancing offensive and defensive capabilities
      • 56. Rewarding those who advance / prove their capabilities
    • Hainan is a center of cyber attack activity and research.
      • Also center of military research, major sub base, center of conflict with US ships
      • 57. Military outpost since 110 BC!
    • Imported software must be certified, under tax scheme
    • 58. Building secure microprocessors with a secure operating system that runs on those chips
    • 59. National connectivity is designed to move through ”gateways”
  • 60. The Players in Depth - Russia
    • Well known to use cyber warfare
      • For war, for pressure on foreign governments
    • Uses RBN and other groups as contractors
      • Plausible deniability (law)
    • Precedes kinetic war with cyber war
      • Suggests highly tuned military strategy
    • dDOS, malware, communications interference, propaganda
  • 61. The Players in Depth - USA
    • Many different players on the board
      • Capabilities and authority in government spread thin
    • Started seeking offensive capability in 2008
      • Current strategy: BOTnets, malware, interference
    • Heavily constrained by US law, and adherence to International law
    • 62. National communications infrastructure a disadvantage – nearly 100% privately owned
    • 63. Capabilities largely from large US security firms that will not cooperate well
    • 64. Successes: Trojan hardware, communications intercept
  • 65. Why now?
    • White House indicated and prioritized national cyber security which is based on our ability to execute and defend against cyber war. This was driven by a long series of public penetrations and a serious penetration of the Obama campaign. High visibility to the top.
    • 66. The security industry in general sees an opportunity to resolve long standing issues.
    • 67. Members of the security industry got together to form a ”community” driven effort to cross contaminate and share information to induce improvements and knowledge sharing.
  • 68. Why now?
    • WH - appoints cyber czar, national CIO, and several other IT advisory positions
    • 69. Debate rages on who should be the top dog: person, agency, budget authority: lots of dialogue and posturing
    • 70. Security vendors see wash of funds and line up with their suits on
    • 71. The security community suddenly sees the need to help people to understand where we are and what is going on.
  • 72. Why now?
    • Although the quotes from our officials say that there is a three way tie between the US, Russia, and China...
      • we are clearly poorly organized
      • 73. we may have ”the capabilities” we need, but can we mobilize and utilize them? In time?
      • 74. it should be ”self-evident” that we both need and want to improve our footings
      • 75. The US faces a more difficult task in cyber defense than others due to network design, laws, and other issues.
  • 76. So?
    • If China and Russia are the big competitors, and we need to ”get better”...
      • Where are we really?
      • 77. Who does what?
      • 78. Is this a simple, or complex set of problems?
    • Do the problems get solved by government, private industry, or both?
      • Who does what?
      • 79. Can we define the problems?
  • 80. CWFI – Cyber Warfare Forum Initiative
      Founder - Paul V de Souza, Chief Security Engineer AT&T Our mission is to promote Cyber Warfare awareness within the U.S Military, U.S Government, U.S private companies and U.S Citizens. Such mission is to be extended to all U.S allies all over the world with the intent of guarding our cyber freedoms and protecting our way of life. The Cyber Warfare Forum Initiative (CWFI) promotes innovation, unity and collaboration of various cyber security communities of interest all over the world. Our mission will be accomplished by active engagement of our team members in the fields of education (conferences and training), information sharing (forums, reports and news) and partnerships with the military, government and private sector. We invite all to join us in the fight for a safer cyberspace where confidentiality, integrity and availability rest assured. Under one umbrella of collaboration and knowledge, we can make a difference. We have a very unique group of professionals.
  • 81. Questions
    • Government is asking questions like...
      • At what point does cyber security need, override US law?
      • 82. When can the military ”shut down” domestic ISPs?
      • 83. Does the Constitution allow for the government to ”take control” of the cyber security issue for everyone or just itself?
      • 84. Is it possible to solve this problem in the private sector?
    • Business groups / owners are asking...
      • Can we even really defend ourselves?
      • 85. Is this really a government / countrywide problem or should the private sector be in charge of its own house? If so, how is it a cyber defense (national)?
    • People are asking...
      • Why am I not safe now?
      • 86. When will I be safe?
  • 87. What a mess!
    • Where are we?
  • 88. The Good
    • CWFI on LinkedIn – debate --> policy makers (direct)
    • 89. OWASP - Open Web Application Security Project
    • 90. NIST.gov / Mitre.org
    • 91. iBlocklist.com
    • 92. OpenDNS for small business and consumers
    • 93. Numerous web sites with links to resources... the pieces of the puzzle are out there
    • 94. We are the most innovative people on the planet...
  • 95. The Bad - Government
    • NATO does not define cyber attack as an attack. Therefore, NATO countries have no defense under Article 5.
    • 96. Investigating entities will not pursue breaches resulting in less than 700k in damages.
      • Prosecuting external aggressors is nearly impossible
    • China has prioritized recruiting hacking / cracking talent and is funding them as part of a national security effort. The US has a problem with hiring hackers /crackers and has done very little. This creates an asset shift to China in capabilities and R&D.
    • 97. China's new wall has limited ex-filtration from the country and therefore, sources of attacks cannot easily be determined as they are aliased. Infiltration is shut down by shutting down the gateways. A comprehensive strategy exists in China. The US, not so much.
    • 98. US law and constitutional issues should prevent the ”solution” from being a government owned and operated entity. However, all seem to be looking to the government for ”the solution”.
    • 99. If the business community / private sector is the solution...
  • 100. The Bad – Private Industry
    • Culture problems in the security world
      • The big squish the small - take all oxygen
      • 101. The big security companies actively suppress the smaller companies via a multitude of means. This harms innovation. They are also not buying innovation from the smaller companies so they are simply shutting the other guys out.
      • 102. Not Invented Here (NIH) - Anybody else's products are crap.
      • 103. Turtle Complex - all issues within an organization must be concealed to prevent embarrassment or worse... questions.
      • 104. Hollywood Simplex I - if you are a security vendor at a client, you are the only one doing anything of value. The others are there to try to steal your spotlight.
      • 105. The Kids Clubhouse - if you are not a part of the *con speakers and/or attendees club then obviously you know nothing about security. Only people that attend or speak at conferences know anything worth while.
      • 106. Power User Macho - even if you really have little understanding about what is going on: be aggressive. Ignorance is best concealed behind a good offense.
      • 107. Megalomania - with this security product / concept / method - I shall rule the world. All others shall bow to me. Ah ha ha ha ha ha.
      • 108. Monopoly mindset - it's better to stay on top and regularly fail than to let some punk small company show us up.
    • Many in the information security business believe that accurate ”attribution” of cyber attacks is impossible. Therefore, no cyber warfare defense can be effectively created.
    • 109. Little collaboration combined with the stiffling of innovation = bad day for US.
  • 110. The Bad – Security Consumer
    • I can't have someone embarrass me by changing "my strategy". Therefore, the vendor needs to fit into my world concept
    • 111. If people find out our problems I might lose my job... "So we are fine."
    • 112. We don't do anything with jet fighters, therefore our problems are much smaller and very different.
    • 113. We can't solve every problem, so we will focus on responding to the stuff that hits us. We will react to issues as they come up.
    • 114. We don't want to work with other companies. We want attackers to leave us alone and attack them. Our strategy is displacement.
    • 115. Alphabet-soup - even though the letters and credentials have no track record of success. It is still mandatory. Letters are cool.
    • 116. Job-dutious-abandoness - the more security stuff I/we do, the more likely it is to catch someone's eye and embarrass me/us. Wait for something bad, jump in and be a hero. Leaders are often shot in the back.
  • 117. The Ugly
    • Culture problems in the security industry prohibit real dialogue and solutions.
    • 118. Most programmers do not know how to secure code.
    • 119. Most companies don't allocate resources to security testing
    • 120. Most ”outsourced and off-shored” projects are never reviewed for security. That ends up biting us in the... e.g. FBI, RNC
    • 121. Controversial Assertion by me: ”Trusted Computing” is a fallacy
    • 122. Public Key / Private Key: PKI failed and has multiple defeats (SHA1)
    • 123. The proliferation of super computers
      • Peer-to-Peer supercomputing – bigger than government can buy
    • Attack sophistication is improving exponentially
    • 124. Our enemies are more patient than we are
  • 125. The Ugly
    • Most ”hands on” techies leave the hands on world within 5 years. Our plans and designs are based on limited knowledge.
    • 126. Our business' can see only one year at a time. This limits real or focused results.
    • 127. Cloud computing companies offer outstanding local attack centers.
    • 128. No such thing as an objective measurement or standard.
    • 129. Folks in government ”have to spend to much time and money” to test any new technology. Slows adoption or even sensible change.
    • 130. Breaches are so frequent, coupled with the very real problem of lingering infections from prior breaches, that quantifying and eradication of threats is nearly impossible.
    • 131. The sophistication of the attackers vs. our ability to defend is definitely a knife to a gunfight scenario.
  • 132. What next?
    • US legal and Constitutional issues
    • 133. Political football
    • 134. More of the same
    • 135. US becomes a distant third, 4th?
    • 136. - or -
    • Dreamland...
      • A move to a merit based system – everyone can play
      • 137. Better co-operation in the security industry
      • 138. Large coalitions of collaborators (geocentric?)
      • 139. A ”caustic cauldron” for security testing (community based)
  • 140. We can see the future...
    • The solution is in the private sector
    • 141. Government shall need to protect its systems
      • Can facilitate when necessary
      • 142. Needs to be able to order ISP shutdowns, blocking of aggressors, and real time intelligent identification of aggressors in times of emergency / crisis
      • 143. May regulate by sector
      • 144. Cyber Minuteman defense?
    • “ Attacks” must be viewed, measured, and responded to intelligently
      • Likely a multi-stage process
        • Not 2 stage
  • 145. What Next? Action!
    • Newbies – go and learn, read and follow, ponder and invent, educate your peers
    • 146. Small players – collaborate, continue your innovation, evangelize
    • 147. Big players – innovate or buy, stop the stifle, sub-contract
    • 148. Government – national testing labs (caustic cauldron) , don't go to the dark side, open up the gene pool
  • 149. Resources
    • CWFI - http://www.linkedin.com/groups?gid=1836487
    • 150. White House Cyberspace Policy Review - http://www.cwfi.us/index.php?option=com_docman&task=doc_download&gid=2&Itemid=92
    • 151. Cyber Attacks Against Georgia: Legal Lessons Identified - http://www.carlisle.army.mil/DIME/documents/Georgia%201%200.pdf
    • 152. OWASP - http://www.owasp.org
    • 153. Dark Reading - http://www.darkreading.com
    • 154. Packet Storm - http://packetstormsecurity.org/
    • 155. Security Lists - http://www.seclists.org
    • 156. Sickurity - http://www.sickurity.com/
    • 157. SANS TOP 25 Most Dangerous Programming Errors - http://www.sans.org/top25errors/
  • 158. Resources
    • The Evolution of Cyberwar - http://www.cfr.org/publication/15577/
    • 159. 2001 – Report to Congress on Cyber warfare - http://www.fas.org/irp/crs/RL30735.pdf
    • 160. Estonia Cyber Defense Center of Excellence - http://www.ccdcoe.org
    • 161. Searchable NIST Common Vulnerability Enumeration Database - http://www.livesquare.com/portal/cve.asp - FREE
    • 162. Common Attack Pattern Enumeration and Classification - http://capec.mitre.org - FREE
    • 163. LiveSquare's Daily Security Bulletin - http://www.livesquare.com/portal/dsb.asp – FREE to you!
  • 164. Thank you!
    • Thank you Barry Wade!
    • 165. Thank you Arizona Security Practitioners Forum
    • 166. Thank you for coming!
    • 167. I thank those of you who have decided to participate moving forward and look forward to your contributions.

×