Surviving Cyber War April09

Coming soon:
Blog: ThreatChaos.com
twitter.com/cyberwar
Surviving Cyber War

Agenda Crowd Sourced Cyber Weapons Pervasive Espionage Background Cyber Defense Preparedness

Threat hierarchy is a time line!
Information Warfare
CyberCrime
Hactivism
Vandalism
Experimentation

Rumblings April 1, 2001 Navy EP-3 Chinese F-8

The Five Levels of Cyber Defense Conditions
Cyber DefCon 1. Travel warnings. Governments issue warnings about protecting data when travelling to foreign nations.
Cyber DefCon 2. Nation states probe each other’s network’s for vulnerabilities.
Cyber Defcon 3. Wide spread information theft with intent to mine industrial as well as military and geo-political secret information.
Cyber DefCon 4. Targeted attacks against a nation’s military and government installations. Loss of critical data, collateral damage.
Cyber DefCon 5. Nation to nation attacks are malicious with intent to destroy communication infrastructure and disable business processes including financial markets.

Chinese Thinking
Wang Qingsong, Modern Military-Use High Technology, 1993
Zhu Youwen, Feng Yi,and Xu Dechi, Information War Under High Tech Conditions1994
Li Qingshan, New Military Revolution and High Tech War, 1995
Wang Pufeng, InformationWarfare and the Revolution in Military Affairs, Beijing: 1995;
Zhu Xiaoli and Zhao Xiaozhuo, The United States and Russia in the New Military Revolution,1996;
Li Qingshan, New Military Revolution and High Tech War, 1995
Dai Shenglong and Shen Fuzhen, Information Warfare and Information Security Strategy, 1996
Shen Weiguang, On New War 1997

Goal: Information Dominance
The degree of information superiority that allows the possessor to use information systems and capabilities to achieve an operational advantage in a conflict or to control the situation in operations short of war, while denying those capabilities to the adversary.
-Field Manual 100-6 Information Operations , August1996.

Custom Trojans, tools of the trade Michael Haephrati shows us how.

China knows Trojans
In the UK, the Home Office has warned about a spate of attacks in recent months involving e-mail Trojans. "We have never seen anything like this in terms of the industrial scale of this series of attacks," said Roger Cumming, director of NISCC

Titan Rain world wide
Custom Trojans
Sandia drops its shorts, 2005
Shawn Carpenter, First US Cyber Warrior
Summer 2007 Pentagon is attacked and shut down. Source of attack Chinese Red Army
German Chancellery, Summer 2007
Whitehall, UK
France
India
Australia

Ghost Net
1,200 computers including ministry and NATO machines
Looking for attribution
Attacks on the office of the Dalai Lama
Joint Strike Fighter Breach April 21, 2009

Joint Strike Fighter

Crowd sourcing

Cyber war breaks out
Estonia, March 2007
Ukrain November 2007
Lithuania, June 2008
Georgia, August 2008
Nashi summer camp ‘07

Cyber Defense Preparedness: Estonia
"Cooperative Cyber Defence (CCD) Centre of Excellence (COE) in Tallinn, Estonia.
-Cyber Defense Advisors deployed to Georgia
-Focus on “home guard”. The minute-man approach.
-Tools and techniques (to come)‏

Cyber Defense Preparedness: US
Cyber Defense Structure. Air Force? NSA? STRATCOM?
Offensive capability?
Spending: $7 billion new spending per year‏

Defending against DDoS
Massive bandwidth:
18+ gigs
Blocking
DNS
Shell game using
virtualization

Surviving Cyber War for every organization
Same rules apply, only more so.
Appoint a cyber security commander
Defense in depth against multiple adversaries
Fighting the low and slow war. Your information is their weapon. Worry about infiltration.
DDoS. Yes, it takes investment.
Surviving a meltdown. Remember modems?

Blog: www.threatchaos.com email: [email_address] Twitter: twitter.com/cyberwar

Surviving Cyber War April09

by Richard Stiennon

Accessibility

Upload Details

Usage Rights

2 Embeds 11

Statistics

Surviving Cyber War April09 Presentation Transcript

http://www.linkedin.com	10
http://www.slideshare.net	1