Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Full-Spectrum Information Operations for Critical Infrastructure Attacks

190 views

Published on

Presentation from 2019 CYBERWARCON covering layered/sequenced use of different disciplines of information operations (including cyber attacks) for critical infrastructure disruption.

Published in: Technology
  • Be the first to comment

Full-Spectrum Information Operations for Critical Infrastructure Attacks

  1. 1. Joe Slowik / @jfslowik Dragos, Inc. | November 2019
  2. 2. ➢ ➢ ➢ ➢ ➢
  3. 3. Preparatory Actions Deny Degrade Destroy Disrupt
  4. 4. Information Operations Electronic Warfare MISO MILDEC OPSEC Cyber
  5. 5. https://static.asianetnews.com/images/01cmpyww3 hvn9h80y7z8e8cdp0/Untitled_design__3__710x400x t.jpg https://www.ainonline.com/sites/default/files/styles/ain30_fullwidth_large/public/uploads/2016/09/jdamdrop.jpg?itok=DUnGUiL7 &timestamp=1473736361 https://cdn2.hubspot.net/hubfs/2030419/top- nation-state-hackers-NSA.jpg
  6. 6. Information Operations Electronic Warfare MISO MILDEC OPSEC Cyber
  7. 7. https://upload.wikimedia.org/wikipedia/commons/1/11/55_Savushkina_Street.jpg
  8. 8. Kinetic Attacks, Cyber represent Direct Disruption Events Ignores Access, Amplifying, and Uncertainty- Generating Aspects of other IO Disciplines Combining and Layering Effects produces Significantly Greater Impacts
  9. 9. https://upload.wikimedia.org/wikipedia/commons/thumb/8/8c/Teller- Ulam_device.png/330px-Teller-Ulam_device.png
  10. 10. https://thereformedbroker.com/wp-content/uploads/2013/04/flash-crash-2013.png
  11. 11. http://efc.web.unc.edu/files/2014/05/Promo-image-2014-05-02-blog- post.jpg https://www.wesa.fm/sites/wesa/files/styles/medium /public/201802/allegheny_county_elections_division_ voting_machines_vote_paper_trail_polling_place.jpg https://www.armytimes.com/resizer/QVWrcPl vxt9cAgZwB7WJhQnzTb0=/1200x0/filters:qua lity(100)/arc-anglerfish-arc2-prod- mco.s3.amazonaws.com/public/C7EFFDDA5B GHRAFFM4L2LAHGSY.jpg
  12. 12. • Use lots of zero days! • Destroy centrifuges! • Eliminate Iranian nuclear enrichment activity Popular Conception • Increase operational variation in centrifuges, increasing failure rate • Form a contributing part to a wider campaign to increase cost/reduce effectiveness of Iranian enrichment program Reality
  13. 13. Direct Impact • Some process disruption • Equipment failure Indirect Impact • Operators could no longer trust the process • Leadership no longer trusted scientists, supply chain Additional Efforts to Impact Leadership Decision-Making • Sanctions, diplomatic Efforts • Covert action, sabotage (Olympic Games) Result • Uranium still enriched • Trust in process reduced • Cost of program significantly increased
  14. 14. Increase cost of enrichment program Combined with physical & IO measures, emphasized risk of current activity Likely facilitated JCPOA negotiations, alter NCA decision calculus
  15. 15. General Conception • Turn the lights off • Enable the Zombie Apocalypse Additional Opportunities • Undermine public confidence in infrastructure • Create economic “friction”
  16. 16. Penetrate ICS, manually manipulate distribution sites Deploy KillDisk variant to wipe workstations Deploy serial-to- ethernet converter firmware ‘update’ DDoS utility telephone hotlines
  17. 17. Penetrate ICS, manually manipulate distribution sites Deploy KillDisk variant to wipe workstations Deploy serial-to- ethernet converter firmware ‘update’ DDoS utility telephone hotlines
  18. 18. Gain access to target utility networks or physical infrastructure Induce outage, interruption, or other noticeable effect Follow up disruption with magnification to increase perception, reach Allow victim responses to produce negative consequences
  19. 19. Critical Infrastructure Security Operational Resilience Root-Cause Analysis Education, Information, and Public Affairs
  20. 20. • JCS JP 3-13 – Information Operations (https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp3_13.pdf) • Stuxnet to CRASHOVERRIDE to TRISIS: Evaluating the History and Future of Integrity-Based Attacks on Industrial Environments (https://dragos.com/wp-content/uploads/Past-and-Future-of-Integrity-Based-ICS-Attacks.pdf) • Analysis of the Cyber Attack on the Ukrainian Power Grid – (https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf) • Defend Forward (https://pylos.co/2019/06/05/defend-forward/) • Kicked While Down: Critical Infrastructure Amplification and Messaging Attacks (https://pylos.co/2019/08/13/kicked-while- down-critical-infrastructure-amplification-and-messaging-attacks/)

×