This document discusses cyber warfare and defense strategies. It argues that a purely defensive cyber posture poses risks, and that principles of conventional warfare suggest taking the fight to adversaries through counterattacks in cyberspace when necessary. It provides examples of historical cyber attacks and discusses Indonesia's growing reliance on information technology as well as challenges in ensuring cyber security given vulnerabilities in its networks and systems. The document advocates developing proactive security strategies and treating skilled hackers as a potential national security resource rather than just a threat.

1. Is Cyber-offence
the New
Cyber-defence?
Jim Geovedi
National Defence Information Technology Seminar 2010

2. Background

3. Cyber-warfare
• Government warfare conducted over the Internet.
• Actions by a nation-state to penetrate another nation's
computers or networks for the purposes of causing
damage or disruption.
• Cyber-warfare is a relatively new type of weaponry with
various effects on the target. It doesn't have any
limitations of use and can achieve most of the goals set.
3

4. Cyber-defence
• Purely defensive posture poses significant risks.
• If we apply the principle of warfare to the cyber-domain,
the defence of the nation is better served by capabilities
enabling us to take the fight to our adversaries, when
necessary, to do counter-attack.
• In warfare, the notion of counter-attack is extremely
powerful.
4

5. Cyber-attack
• Definition: e compromise of targets without destruction
or disruption, but rather through covert means, for the
purposes of accessing information or modifying it or
preparing such access for future use in exploitation or attack.
• A serious cyber-attack is almost unavoidable. It is
cheaper and easier for a foreign country or a terrorist group
than a physical attack.
• Cyber-attack could result in military response.
Attackers or terrorists could gain access to the digital
controls for the nation's utilities, power grids, air traffic
control systems and power plants.
5

6. Revenge vs. Justice
• In warfare, revenge is appealingly straightforward.
• Treating the whole thing as a military problem is easier
than working within the legal system.
• In peacetime, justice in cyberspace can be difficult
(and dangerous).
• It can be hard to figure out who is attacking you, and it
can take a long time to make them stop.
• It can be even harder to prove anything in court. Anyone
accused of a crime deserves a fair trial.
6

7. Various Case Histories

8. In 1982, computer code stolen from a Canadian
company by Soviet spies cause a Soviet gas pipeline to
explode. e code had been modified by the CIA to
include a logic bomb which changed the pump speeds to
cause the explosion.

9. In the 2006 war against Hezbollah, Israel alleges that cyber-warfare was part of the conflict, where the Israel
Defense Force, (IDF) intelligence estimates that several countries in the Middle East used Russian hackers and
scientists to operate on their behalf. As a result, Israel has attached growing importance to cyber-tactics, and
has become, along with the U.S., France and a couple of other nations, involved in cyber-war planning. Many
international high-tech companies are now locating research and development operations in Israel, where local
hires are often veterans of the IDF's elite computer units.

10. In April 2007, Estonia came under cyber attack in the wake of relocation of the Bronze Soldier of
Tallinn. e largest part of the attacks were coming from Russia and from official servers of the
authorities of Russia. In the attack, ministries, banks, and media were targeted.

11. On March 28, 2009, a cyber spy network, dubbed GhostNet, using servers mainly based in China
has tapped into classified documents from government and private organisations in 103 countries,
including the computers of Tibetan exiles, but China denies the claim.

12. In December 2009 through January 2010, a cyber attack, dubbed Operation Aurora, was launched
from China against Google and over 20 other companies. Google said the attacks originated from
China and that it would "review the feasibility" of its business operations in China following the
incident. According to Google, at least 20 other companies in various sectors had been targeted by
the attacks. McAfee spokespersons claim that "this is the highest profile attack of its kind that we
have seen in recent memory."

13. In September 2010, Iran was attacked by the Stuxnet worm, thought to specifically target its
Natanz nuclear enrichment facility. e worm is said to be the most advanced piece of malware ever
discovered and significantly increases the profile of cyber-warfare.

14. Cyber-warfare Readiness in
Indonesia

15. Indonesia’s ICT
• Indonesia’s Information Communication Technology
(ICT) grow rapidly and enter all sectors of human life.
• Indonesia’s central bank raised its 2011 economic growth
forecast to as much as 6.5% from an earlier forecast of as
much as 6% as consumer spending accelerates1.
• Indonesia has adopted ICT as a tool for governance and
development. Its national ICT vision: “to bring into reality
a modern information society, prosperous and high
competitive, with strong supported by ICT”.
1. Novrida Manurung, Indonesia Raises 2011 Economic Growth Forecast to 6%-6.5%. Retrieved on 7 November 2010 from http://www.businessweek.com/news/
2010-03-11/indonesia-raises-2011-economic-growth-forecast-to-6-6-5-.html
15

17. http://www.cablemap.info/

19. .co.id — 2,042 of which 500 single ip and 1,542 mass defacements

20. .go.id — 2,932 of which 1,071 single ip and 1,861 mass defacements

21. .net.id — 83 of which 31 single ip and 52 mass defacements

22. ere has been a high volume of detections in Asia, and Iran (52.2%),
Indonesia (17.4%) and India (11.3%) seem to have been particularly hard hit,
compared to, say, the USA (0.6%), ranked 11th in our statistics.

23. Defence Strategy & Tactics
• Reactive behaviour. It reacts upon with the appropriate
response by increasing the awareness on weakness.
• ere will be always several successful penetrations at the
beginning.
• Planned behaviour. Appropriate security planning well
thought of and implemented appropriately.
• e plan can’t cover all scenarios.
• Proactive behaviour. Concentrates on identifying and
covering its own potential weaknesses.
• Needs highly skilled people and very tight security system in place.
23

24. Security Aspects
• Security is based on 3
aspects: people, process
and technology. As
process and technology
are developed by
people, human
resources are the key to
cyber-security defines
initiative.
24

25. Cyber-attack Methodology
25
Vulnerability
Examination
IntrusionProfiling
Attack
Initiation
Covering
Tracks
1
2 3 4
5
Information Gathering
Intelligence Survey and Scouting
Perimeter Mapping
Asset Identification
Vulnerability Analysis
Exploitation Planning
Exploitation
Propagation

26. Hackers as National Security
Resource

29. Hacker Motivations
29
MONEY
ENTERTAINMENT
EGO
CAUSE
ENTRANCE TO SOCIAL GROUP
STATUS

30. Indonesia IT Salary 2008/2009

32. Local Hacker Community
• Kecoak Elektronik
• Hackerlink
• Antihackerlink
• Jasakom
• ECHO
• Binus Hacker
• etc.
32

35. Conclusion
• Government must understand how important computers
are to defending the nation.
• Playing defence is often more difficult than playing offence.
• Computer-savvy patriots are required to defend the country
from spies, terrorists, and other criminals.
• e local hacker community is our ally, and we need to pay
attention to what they're doing out there.
35