SlideShare a Scribd company logo

Defense, Tech and Internet. The World Changed.

Fernando Tricas García
Fernando Tricas García

https://esglobal.org/defensa-tecnologia-e-internet-el-mundo-cambio/

Education
1 of 17
Download to read offline
Defense, Tech and Internet. The World Changed. Fernando Tricas Garcı́a ftricas@unizar.es Departamento de Informática e Ingenierı́a de Sistemas – Escuela de Ingenierı́a y Arquitectura – Instituto de Investigación en Ingenierı́a de Aragón – Universidad de Zaragoza Zaragoza, 25 de abril de 2023 Defense, Tech and Internet. The World Changed.
About me ▶ Currently ▶ Ass. Professor at the University of Zaragoza (Dept. Computer Science at the Escuela de Ingenierı́a y Arquitectura). ▶ Director of the Catedra Telefónica – Universidad de Zaragoza de Ciberseguridad. ▶ Just before, ICT management at the University. ▶ Research topics (Instituto de Investigación en Ingenierı́a de Aragón): ▶ Analysis and synthesis of well-behaved concurrent systems usign formal methods. ▶ Social Network Analysis in Internet. Defense, Tech and Internet. The World Changed.
Defense, Tech and Internet. The World Changed.
https://www.energy.gov/ceser/articles/national-strategy-secure-cyberspace-february-2003 Defense, Tech and Internet. The World Changed.
STUXNET 2005 (Start of development?) – 2010 (Uncovered) ▶ Israel & USA (unacknowledged), Operation Olympic Games. ▶ Attack against Iranian nuclear facilities. ▶ Target: Supervisory Control And Data Acquisition (SCADA). ▶ Programmable Logic Controllers (PLC). ▶ Gas centrifuges, for separating nuclear material. https://en.wikipedia.org/wiki/Gas_centrifuge Defense, Tech and Internet. The World Changed.
STUXNET ▶ They utilized four zero-day flaws. ▶ Remote Procedure Call (RPC) with no authenication (MS08-067) ▶ LNK/PIF vulnerability. (MS10-046) ▶ A Zero-day bug in the Print Spooler Service ▶ Elevation of privileges holes ▶ Windows machines and Siemens Step7 software. ▶ Collecting on industrial systems and causing the fast-spinning centrifuges to tear themselves apart. ▶ It can copy files, observe computer screens and keystrokes, remotely control computer functions ... Defense, Tech and Internet. The World Changed.
STUXNET Air gapped machines (offline) ▶ A rootkit, responsible for hiding all malicious files and processes, to prevent detection. ▶ Introduced to the target environment via an infected USB flash drive ▶ Unexpected commands to the PLC while returning a loop of normal operation system values back to the users. Defense, Tech and Internet. The World Changed.
STUXNET Air gapped machines (offline) ▶ A rootkit, responsible for hiding all malicious files and processes, to prevent detection. ▶ Introduced to the target environment via an infected USB flash drive ▶ Unexpected commands to the PLC while returning a loop of normal operation system values back to the users. Later. . . https://web.archive.org/web/20120104215049/http: //www.symantec.com/security_response/writeup.jsp?docid=2010-071400-3123-99 Defense, Tech and Internet. The World Changed.
https: //nationalinterest.org/blog/buzz/these-olympic-games-launched-new-era-cyber-sabotage-190082 Defense, Tech and Internet. The World Changed.
When did the Ukraine war start? Defense, Tech and Internet. The World Changed.
When did the Ukraine war start? https://jsis.washington.edu/news/ cyberattack-critical-infrastructure-russia-ukrainian-power-grid-attacks/ Defense, Tech and Internet. The World Changed.
Cyberwarfare ▶ Hybrid warfare (conventional + cyber) ▶ Low-level conventional and special operations. ▶ Offensive cyber and space operations. ▶ Psycological operations (social and traditional media) ▶ From low-intensity to high-intensity depending on circumstance. ▶ Strategy (General Nikolay Makarov) ▶ Disrupting adversary information systems, including by introducing harmful software ▶ Defending our own communications and command systems ▶ Working on domestic and foreign public opinion using the media, Internet and more. Defense, Tech and Internet. The World Changed.
Some keywords ▶ False flag ▶ Concealability, deniability ▶ Governments as malware authors. ▶ Markets ▶ Zero-days. . . attack or defense? Defense, Tech and Internet. The World Changed.
2023, March Defense, Tech and Internet. The World Changed.
https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf Defense, Tech and Internet. The World Changed.
Recommended reading ▶ Nicole Perlroth. ‘This Is How They Tell Me the World Ends: The Cyber Weapons Arms’ (February 2021). ▶ Mikko Hypponen. ‘If It’s Smart, It’s Vulnerable’ (August 2, 2022) More (classical) reading: ▶ Ken Thompson, ‘Reflections on Trusting Trust.’ Turing Award Lecture. 1984. https://users.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf ▶ Dan Geer. ‘Shared Risk at National Scale.’ https://web.stanford.edu/class/msande91si/www-spr04/slides/geer.pdf Defense, Tech and Internet. The World Changed.
Thanks! ¡Gracias! ftricas@unizar.es @fernand0 https://webdiis.unizar.es/~ftricas/ Defense, Tech and Internet. The World Changed.

Recommended

⭐⭐⭐⭐⭐ CV Victor Asanza
⭐⭐⭐⭐⭐ CV Victor Asanza⭐⭐⭐⭐⭐ CV Victor Asanza
⭐⭐⭐⭐⭐ CV Victor AsanzaVictor Asanza
 
VCO Simulation with Cadence Spectre
VCO Simulation with Cadence SpectreVCO Simulation with Cadence Spectre
VCO Simulation with Cadence SpectreHoopeer Hoopeer
 
Network Software
Network SoftwareNetwork Software
Network SoftwareAzamat Abdoullaev
 
Running head SMART GRID .docx
Running head SMART GRID .docxRunning head SMART GRID .docx
Running head SMART GRID .docxtodd521
 
Artificial intelligene (1)
Artificial intelligene (1)Artificial intelligene (1)
Artificial intelligene (1)Siddhu gowda
 
PenO1: les 2
PenO1: les 2PenO1: les 2
PenO1: les 2Erik Duval
 
Capstone Paper
Capstone PaperCapstone Paper
Capstone PaperThomas Kaczmarek
 
Greater China Cyber Threat Landscape - ISC 2016
Greater China Cyber Threat Landscape - ISC 2016Greater China Cyber Threat Landscape - ISC 2016
Greater China Cyber Threat Landscape - ISC 2016Sergey Gordeychik
 

Recommended

⭐⭐⭐⭐⭐ CV Victor Asanza
⭐⭐⭐⭐⭐ CV Victor Asanza⭐⭐⭐⭐⭐ CV Victor Asanza
⭐⭐⭐⭐⭐ CV Victor AsanzaVictor Asanza
 
VCO Simulation with Cadence Spectre
VCO Simulation with Cadence SpectreVCO Simulation with Cadence Spectre
VCO Simulation with Cadence SpectreHoopeer Hoopeer
 
Network Software
Network SoftwareNetwork Software
Network SoftwareAzamat Abdoullaev
 
Running head SMART GRID .docx
Running head SMART GRID .docxRunning head SMART GRID .docx
Running head SMART GRID .docxtodd521
 
Artificial intelligene (1)
Artificial intelligene (1)Artificial intelligene (1)
Artificial intelligene (1)Siddhu gowda
 
PenO1: les 2
PenO1: les 2PenO1: les 2
PenO1: les 2Erik Duval
 
Capstone Paper
Capstone PaperCapstone Paper
Capstone PaperThomas Kaczmarek
 
Greater China Cyber Threat Landscape - ISC 2016
Greater China Cyber Threat Landscape - ISC 2016Greater China Cyber Threat Landscape - ISC 2016
Greater China Cyber Threat Landscape - ISC 2016Sergey Gordeychik
 
How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsYury Chemerkin
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012James Collinge, CISSP
 
An iot based secured smart e-campus
An iot based secured smart e-campusAn iot based secured smart e-campus
An iot based secured smart e-campusshivaraj kumar gowdas
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
 
Kerberos
KerberosKerberos
KerberosRohitSingh943054
 
Iot - Technology and Market Overview
Iot - Technology and Market OverviewIot - Technology and Market Overview
Iot - Technology and Market OverviewNewton Licciardi
 
Fixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTFixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTNUS-ISS
 
Introduction to Artificial Intelligence - Pengenalan Kecerdasan Buatan
Introduction to Artificial Intelligence - Pengenalan Kecerdasan BuatanIntroduction to Artificial Intelligence - Pengenalan Kecerdasan Buatan
Introduction to Artificial Intelligence - Pengenalan Kecerdasan BuatanSunu Wibirama
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016InfinIT - Innovationsnetværket for it
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3Asad Zaman
 
Securing Critical Infrastructures with a cybersecurity digital twin
Securing Critical Infrastructures with a cybersecurity digital twin Securing Critical Infrastructures with a cybersecurity digital twin
Securing Critical Infrastructures with a cybersecurity digital twin Massimiliano Masi
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...TI Safe
 
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021Francesco Flammini
 
Low-cost real-time internet of things-based monitoring system for power grid ...
Low-cost real-time internet of things-based monitoring system for power grid ...Low-cost real-time internet of things-based monitoring system for power grid ...
Low-cost real-time internet of things-based monitoring system for power grid ...IJECEIAES
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)Rohana K Amarakoon
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 
azeem final iot report.docx
azeem final iot report.docxazeem final iot report.docx
azeem final iot report.docxQadeerAhmadShaikh
 
IoT overview 2014
IoT overview 2014IoT overview 2014
IoT overview 2014Mirko Presser
 
Campus Network.pptx
Campus Network.pptxCampus Network.pptx
Campus Network.pptxChetanGaurkar2
 
Criptomonedas y otras inversiones en la red: oportunidades y riesgos.
Criptomonedas y otras inversiones en la red: oportunidades y riesgos.Criptomonedas y otras inversiones en la red: oportunidades y riesgos.
Criptomonedas y otras inversiones en la red: oportunidades y riesgos.Fernando Tricas García
 
Inteligencia Artificial.
Inteligencia Artificial.Inteligencia Artificial.
Inteligencia Artificial.Fernando Tricas García
 

More Related Content

Similar to Defense, Tech and Internet. The World Changed.

How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsYury Chemerkin
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
 
Iot - Technology and Market Overview
Iot - Technology and Market OverviewIot - Technology and Market Overview
Iot - Technology and Market OverviewNewton Licciardi
 
Fixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTFixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTNUS-ISS
 
Introduction to Artificial Intelligence - Pengenalan Kecerdasan Buatan
Introduction to Artificial Intelligence - Pengenalan Kecerdasan BuatanIntroduction to Artificial Intelligence - Pengenalan Kecerdasan Buatan
Introduction to Artificial Intelligence - Pengenalan Kecerdasan BuatanSunu Wibirama
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security PresentationFilip Maertens
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3Asad Zaman
 
Securing Critical Infrastructures with a cybersecurity digital twin
Securing Critical Infrastructures with a cybersecurity digital twin Securing Critical Infrastructures with a cybersecurity digital twin
Securing Critical Infrastructures with a cybersecurity digital twin Massimiliano Masi
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...TI Safe
 
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021Francesco Flammini
 
Low-cost real-time internet of things-based monitoring system for power grid ...
Low-cost real-time internet of things-based monitoring system for power grid ...Low-cost real-time internet of things-based monitoring system for power grid ...
Low-cost real-time internet of things-based monitoring system for power grid ...IJECEIAES
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)Rohana K Amarakoon
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsStanford School of Engineering
 

Similar to Defense, Tech and Internet. The World Changed. (20)

How stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systemsHow stuxnet spreads – a study of infection paths in best practice systems
How stuxnet spreads – a study of infection paths in best practice systems
 
SCADA White Paper March2012
SCADA White Paper March2012SCADA White Paper March2012
SCADA White Paper March2012
 
An iot based secured smart e-campus
An iot based secured smart e-campusAn iot based secured smart e-campus
An iot based secured smart e-campus
 
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSCYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMS
 
Kerberos
KerberosKerberos
Kerberos
 
Iot - Technology and Market Overview
Iot - Technology and Market OverviewIot - Technology and Market Overview
Iot - Technology and Market Overview
 
Fixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoTFixing the Last Missing Piece in Securing IoT
Fixing the Last Missing Piece in Securing IoT
 
Introduction to Artificial Intelligence - Pengenalan Kecerdasan Buatan
Introduction to Artificial Intelligence - Pengenalan Kecerdasan BuatanIntroduction to Artificial Intelligence - Pengenalan Kecerdasan Buatan
Introduction to Artificial Intelligence - Pengenalan Kecerdasan Buatan
 
SCADA Security Presentation
SCADA Security PresentationSCADA Security Presentation
SCADA Security Presentation
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3
 
Securing Critical Infrastructures with a cybersecurity digital twin
Securing Critical Infrastructures with a cybersecurity digital twin Securing Critical Infrastructures with a cybersecurity digital twin
Securing Critical Infrastructures with a cybersecurity digital twin
 
How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...How to protect energy distribution for millions of people against cyber attac...
How to protect energy distribution for millions of people against cyber attac...
 
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
IEEE SMC TCHS Award Ceremony at IEEE CSR conference 2021
 
Low-cost real-time internet of things-based monitoring system for power grid ...
Low-cost real-time internet of things-based monitoring system for power grid ...Low-cost real-time internet of things-based monitoring system for power grid ...
Low-cost real-time internet of things-based monitoring system for power grid ...
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
 
azeem final iot report.docx
azeem final iot report.docxazeem final iot report.docx
azeem final iot report.docx
 
IoT overview 2014
IoT overview 2014IoT overview 2014
IoT overview 2014
 
Campus Network.pptx
Campus Network.pptxCampus Network.pptx
Campus Network.pptx
 

More from Fernando Tricas García

Criptomonedas y otras inversiones en la red: oportunidades y riesgos.
Criptomonedas y otras inversiones en la red: oportunidades y riesgos.Criptomonedas y otras inversiones en la red: oportunidades y riesgos.
Criptomonedas y otras inversiones en la red: oportunidades y riesgos.Fernando Tricas García
 
Consejos y oportunidades en ciberseguridad
Consejos y oportunidades en ciberseguridadConsejos y oportunidades en ciberseguridad
Consejos y oportunidades en ciberseguridadFernando Tricas García
 
Oportunidades y consejos de ciberseguridad
Oportunidades y consejos de ciberseguridadOportunidades y consejos de ciberseguridad
Oportunidades y consejos de ciberseguridadFernando Tricas García
 
Algoritmos de Inteligencia artificial y ofertas personalizadas de bienes y se...
Algoritmos de Inteligencia artificial y ofertas personalizadas de bienes y se...Algoritmos de Inteligencia artificial y ofertas personalizadas de bienes y se...
Algoritmos de Inteligencia artificial y ofertas personalizadas de bienes y se...Fernando Tricas García
 
Por qué mi banco me envía un SMS para confirmar mis operaciones y otras dific...
Por qué mi banco me envía un SMS para confirmar mis operaciones y otras dific...Por qué mi banco me envía un SMS para confirmar mis operaciones y otras dific...
Por qué mi banco me envía un SMS para confirmar mis operaciones y otras dific...Fernando Tricas García
 
Un bot (no inteligente) multiinterfaz y distribuido como asistente personal
Un bot (no inteligente) multiinterfaz y distribuido como asistente personalUn bot (no inteligente) multiinterfaz y distribuido como asistente personal
Un bot (no inteligente) multiinterfaz y distribuido como asistente personalFernando Tricas García
 
Seguridad en Internet. Ataques informáticos. Sitios seguros
Seguridad en Internet. Ataques informáticos. Sitios segurosSeguridad en Internet. Ataques informáticos. Sitios seguros
Seguridad en Internet. Ataques informáticos. Sitios segurosFernando Tricas García
 
Te puede pasar a ti. Tres consejos y algunas tendencias
Te puede pasar a ti. Tres consejos y algunas tendenciasTe puede pasar a ti. Tres consejos y algunas tendencias
Te puede pasar a ti. Tres consejos y algunas tendenciasFernando Tricas García
 

More from Fernando Tricas García (20)

Criptomonedas y otras inversiones en la red: oportunidades y riesgos.
Criptomonedas y otras inversiones en la red: oportunidades y riesgos.Criptomonedas y otras inversiones en la red: oportunidades y riesgos.
Criptomonedas y otras inversiones en la red: oportunidades y riesgos.
 
Inteligencia Artificial.
Inteligencia Artificial.Inteligencia Artificial.
Inteligencia Artificial.
 
Smart Grids y ciberseguridad
Smart Grids y ciberseguridadSmart Grids y ciberseguridad
Smart Grids y ciberseguridad
 
Consejos y oportunidades en ciberseguridad
Consejos y oportunidades en ciberseguridadConsejos y oportunidades en ciberseguridad
Consejos y oportunidades en ciberseguridad
 
Oportunidades y consejos de ciberseguridad
Oportunidades y consejos de ciberseguridadOportunidades y consejos de ciberseguridad
Oportunidades y consejos de ciberseguridad
 
Algoritmos de Inteligencia artificial y ofertas personalizadas de bienes y se...
Algoritmos de Inteligencia artificial y ofertas personalizadas de bienes y se...Algoritmos de Inteligencia artificial y ofertas personalizadas de bienes y se...
Algoritmos de Inteligencia artificial y ofertas personalizadas de bienes y se...
 
Ciberseguridad en la Nube.
Ciberseguridad en la Nube. Ciberseguridad en la Nube.
Ciberseguridad en la Nube.
 
Oportunidades en Ciberseguridad.
Oportunidades en Ciberseguridad.Oportunidades en Ciberseguridad.
Oportunidades en Ciberseguridad.
 
Por qué mi banco me envía un SMS para confirmar mis operaciones y otras dific...
Por qué mi banco me envía un SMS para confirmar mis operaciones y otras dific...Por qué mi banco me envía un SMS para confirmar mis operaciones y otras dific...
Por qué mi banco me envía un SMS para confirmar mis operaciones y otras dific...
 
Un bot (no inteligente) multiinterfaz y distribuido como asistente personal
Un bot (no inteligente) multiinterfaz y distribuido como asistente personalUn bot (no inteligente) multiinterfaz y distribuido como asistente personal
Un bot (no inteligente) multiinterfaz y distribuido como asistente personal
 
Seguridad aplicaciones web
Seguridad aplicaciones webSeguridad aplicaciones web
Seguridad aplicaciones web
 
Seguridad en Internet. Ataques informáticos. Sitios seguros
Seguridad en Internet. Ataques informáticos. Sitios segurosSeguridad en Internet. Ataques informáticos. Sitios seguros
Seguridad en Internet. Ataques informáticos. Sitios seguros
 
Te puede pasar a ti. Tres consejos y algunas tendencias
Te puede pasar a ti. Tres consejos y algunas tendenciasTe puede pasar a ti. Tres consejos y algunas tendencias
Te puede pasar a ti. Tres consejos y algunas tendencias
 
Seguridad de la Información
Seguridad de la InformaciónSeguridad de la Información
Seguridad de la Información
 
Fabricación
FabricaciónFabricación
Fabricación
 
Big Data
Big DataBig Data
Big Data
 
Web 4.0
Web 4.0Web 4.0
Web 4.0
 
Internet para las cosas. Web 1.0, 2.0
Internet para las cosas. Web 1.0, 2.0Internet para las cosas. Web 1.0, 2.0
Internet para las cosas. Web 1.0, 2.0
 
Sácale todo el partido a tu móvil - I
Sácale todo el partido a tu móvil - ISácale todo el partido a tu móvil - I
Sácale todo el partido a tu móvil - I
 
La nube
La nubeLa nube
La nube
 

Recently uploaded

OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsSandeep D Chaudhary
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024Elizabeth Walsh
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Philosophy of china and it's charactistics
Philosophy of china and it's charactisticsPhilosophy of china and it's charactistics
Philosophy of china and it's charactisticshameyhk98
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
Basic Intentional Injuries Health Education
Basic Intentional Injuries Health EducationBasic Intentional Injuries Health Education
Basic Intentional Injuries Health EducationNeilDeclaro1
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxDr. Ravikiran H M Gowda
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17Celine George
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 

Recently uploaded (20)

OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Philosophy of china and it's charactistics
Philosophy of china and it's charactisticsPhilosophy of china and it's charactistics
Philosophy of china and it's charactistics
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Basic Intentional Injuries Health Education
Basic Intentional Injuries Health EducationBasic Intentional Injuries Health Education
Basic Intentional Injuries Health Education
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 

Defense, Tech and Internet. The World Changed.

  • 1. Defense, Tech and Internet. The World Changed. Fernando Tricas Garcı́a ftricas@unizar.es Departamento de Informática e Ingenierı́a de Sistemas – Escuela de Ingenierı́a y Arquitectura – Instituto de Investigación en Ingenierı́a de Aragón – Universidad de Zaragoza Zaragoza, 25 de abril de 2023 Defense, Tech and Internet. The World Changed.
  • 2. About me ▶ Currently ▶ Ass. Professor at the University of Zaragoza (Dept. Computer Science at the Escuela de Ingenierı́a y Arquitectura). ▶ Director of the Catedra Telefónica – Universidad de Zaragoza de Ciberseguridad. ▶ Just before, ICT management at the University. ▶ Research topics (Instituto de Investigación en Ingenierı́a de Aragón): ▶ Analysis and synthesis of well-behaved concurrent systems usign formal methods. ▶ Social Network Analysis in Internet. Defense, Tech and Internet. The World Changed.
  • 3. Defense, Tech and Internet. The World Changed.
  • 5. STUXNET 2005 (Start of development?) – 2010 (Uncovered) ▶ Israel & USA (unacknowledged), Operation Olympic Games. ▶ Attack against Iranian nuclear facilities. ▶ Target: Supervisory Control And Data Acquisition (SCADA). ▶ Programmable Logic Controllers (PLC). ▶ Gas centrifuges, for separating nuclear material. https://en.wikipedia.org/wiki/Gas_centrifuge Defense, Tech and Internet. The World Changed.
  • 6. STUXNET ▶ They utilized four zero-day flaws. ▶ Remote Procedure Call (RPC) with no authenication (MS08-067) ▶ LNK/PIF vulnerability. (MS10-046) ▶ A Zero-day bug in the Print Spooler Service ▶ Elevation of privileges holes ▶ Windows machines and Siemens Step7 software. ▶ Collecting on industrial systems and causing the fast-spinning centrifuges to tear themselves apart. ▶ It can copy files, observe computer screens and keystrokes, remotely control computer functions ... Defense, Tech and Internet. The World Changed.
  • 7. STUXNET Air gapped machines (offline) ▶ A rootkit, responsible for hiding all malicious files and processes, to prevent detection. ▶ Introduced to the target environment via an infected USB flash drive ▶ Unexpected commands to the PLC while returning a loop of normal operation system values back to the users. Defense, Tech and Internet. The World Changed.
  • 8. STUXNET Air gapped machines (offline) ▶ A rootkit, responsible for hiding all malicious files and processes, to prevent detection. ▶ Introduced to the target environment via an infected USB flash drive ▶ Unexpected commands to the PLC while returning a loop of normal operation system values back to the users. Later. . . https://web.archive.org/web/20120104215049/http: //www.symantec.com/security_response/writeup.jsp?docid=2010-071400-3123-99 Defense, Tech and Internet. The World Changed.
  • 10. When did the Ukraine war start? Defense, Tech and Internet. The World Changed.
  • 11. When did the Ukraine war start? https://jsis.washington.edu/news/ cyberattack-critical-infrastructure-russia-ukrainian-power-grid-attacks/ Defense, Tech and Internet. The World Changed.
  • 12. Cyberwarfare ▶ Hybrid warfare (conventional + cyber) ▶ Low-level conventional and special operations. ▶ Offensive cyber and space operations. ▶ Psycological operations (social and traditional media) ▶ From low-intensity to high-intensity depending on circumstance. ▶ Strategy (General Nikolay Makarov) ▶ Disrupting adversary information systems, including by introducing harmful software ▶ Defending our own communications and command systems ▶ Working on domestic and foreign public opinion using the media, Internet and more. Defense, Tech and Internet. The World Changed.
  • 13. Some keywords ▶ False flag ▶ Concealability, deniability ▶ Governments as malware authors. ▶ Markets ▶ Zero-days. . . attack or defense? Defense, Tech and Internet. The World Changed.
  • 14. 2023, March Defense, Tech and Internet. The World Changed.
  • 16. Recommended reading ▶ Nicole Perlroth. ‘This Is How They Tell Me the World Ends: The Cyber Weapons Arms’ (February 2021). ▶ Mikko Hypponen. ‘If It’s Smart, It’s Vulnerable’ (August 2, 2022) More (classical) reading: ▶ Ken Thompson, ‘Reflections on Trusting Trust.’ Turing Award Lecture. 1984. https://users.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf ▶ Dan Geer. ‘Shared Risk at National Scale.’ https://web.stanford.edu/class/msande91si/www-spr04/slides/geer.pdf Defense, Tech and Internet. The World Changed.