Cyber Security & Information Warfare : A global security issue

Security Issue : Cyber Security
Vincent Joassin
RMA | COST
VeCo Summer School 2018
Cyber Security
&
Information Warfare

Security Issue :
Cyber security is a global security issue

 Introduction : Cyber Security is social issue
 Cyber Security : Definition and concepts
 International Relations : An Equilibrium of peace, Civilian technology and Information warfare
 Information warfare : Features
 A new system, a new equilibrium
 Anatomy of an attack
 Illustration : #MacronLeaks
Agenda

WHAT DID CYBER SECURITY MEAN TO ME?
 Confidentiality :
 Classified Systems
 Mission Planning
 Transmission
 Networks
 Classified Information
 Data
 Plans
 Ideas
 Methods
 Integrity :
 Weapon systems
 Accurate reporting
 Accurate coordinates
 Situation Awareness
 …
 Accessibility :
 Database
 Weapons
 Electronic Warfare
 Codes
 Communication
 Mission Flow
 C2
 ISR
 …
About me :

 Security clearances
 Access control
 Logs
 Data inventories
 USB policy
 User registrations
 Air gapping
 Connected Networks vs Private Networks
 Asset management
 …
About me :

HOW TO DEFINE CYBER SECURITY?
• Cyber security comprises technologies, processes and controls that are designed to protect systems, networks
and data from cyber attacks.
• Cyber attack is an attempt by hackers to damage or destroy a computer network or system.
CYBER SECURITY

This is only
the technical aspect
of the issue
CYBER SECURITY

• Goal : Data Protection ?
• NETSEC (Network Security)
• COMSEC (Communication Security)
• INFOSEC (Information Security)
• OPSEC (Operation Security)
• Security : Absence of threat for your project?
CYBER SECURITY

Tomas Ries – ISS / FHS
TOOLS
SKILL
WILL
SUNZI
ZHENG
QI
ORDINARY ENERGY
EXTRAORDINARY
ENERGY
Computer Systems, machines, devices
Training, Education ...
Perception, Public Opinion
Courtesy of
THE ESSENCE OF STRENGTH:
What do you need to accomplish something?
CYBER SECURITY

SOCIAL
FUNCTIONAL
ECOLOGICAL
POWER
DECISIONS
SOCIAL BASE
ECONOMIC BASE
TECHNOL BASE
NATURAL RESOURCES
HABITAT
SOCIETAL SECURITY
FUNCTIONAL SECURITY
ECOSECURITY
Security : VITAL LIFE SYSTEMS
Courtesy of
CYBER SECURITY
TOOLS
SKILL
WILL

SOCIAL
FUNCTIONAL
POWER
DECISIONS
SOCIAL BASE
ECONOMIC BASE
TECHNOL BASE
FUNCTIONAL SECURITY
Security : VITAL LIFE SYSTEMS
Courtesy of
CYBER SECURITY
Cyber Attacks
Consequences
SOCIETAL SECURITY

Inside information and systems - protected from the
outside world
CYBER SECURITY
OBJECTIVE:

Absence of threat in the cyberspace
CYBER SECURITY
CYBER SECURED:

A suggestion that something unpleasant or violent will happen.
From a military perspective : A combination of Intents and Capacities
CYBER SECURITY
THREAT
CYBER SECURED: Absence of threat in the cyberspace

CYBER SECURITY
CYBERSPACE
CYBER SECURED: Absence of threat in the cyber space
A set of digitized data constituting an information universe and a
communication medium, linked to the global interconnection of
computers.

CYBER SECURITY
The World Wide Web is an information
space where documents and other web
resources are identified by Uniform
Resource Locators (URLs), interlinked
by HyperText links, and accessible via
the Internet.

CYBER SECURITY
The Hypertext Transfer Protocol (HTTP) is
an application protocol for distributed, collaborative,
and hypermedia information systems.
Hypertext is structured text that uses logical links
(hyperlinks) between nodes containing text.
HTTP is the protocol to exchange or transfer hypertext.

CYBER SECURITY
• The Internet is the global system of
interconnected computer networks that use
the Internet protocol suite (TCP/IP) to link devices
worldwide.
• It is a network of networks that consists of private,
public, academic, business, and government
networks of local to global scope, linked by a broad
array of electronic, wireless, and optical
networking technologies.
• The Internet carries a vast range of information
resources and services, such as the inter-
linked hypertext documents and applications of
the World Wide Web (WWW), electronic
mail, telephony, file sharing, … and more!

CYBER SECURITY
Cyberspace
Virtual space where individuals can :
• Access Information
• Get Direct Controls over things
• Communicate
At a very high speed and a very low cost
Information
Controls
Perceptions
Cyberspace
A set of digitized data constituting an information universe and a communication medium, linked to
the global interconnection of computers.

CYBER SECURITY
Cyberspace
Virtual space where individuals can :
• Access Information
• Get Direct Controls over things
• Communicate
At a very high speed and a very low cost
Information
Controls
Perceptions
Espionage
Sabotage
Deception
Threats?

INFORMATION SECURITY?
CONFIDENTIALITY ACCESSIBILITY
INTEGRITY

• International Security Issue
• International Relations
The Imperial system
• One government controls (the known) world
• Ex. Roman, Chinese, Aztec etc. Empire
The Feudal system
•Overlapping and competing centres of power with mixed non-territorial loyalties
and identities
•Ex. Medieval Europe
The anarchic system of states
•Non-hierarchical – no central power above the territorial defined sovereign states
•The Westphalian state system
International relations is: interaction and patterns of
interaction between political systems and other actors in an
anarchical setting without central power and common law.
An equilibrium of
power resources
available to main
competing powers
INTERNATIONAL SYSTEM
Courtesy of
Jacob Westberg

When two powers start a war, generally both sides think they can win,
and a least of them is usually wrong.
Jeremy Black

State A
State B
-3 -3
Do not fight
DonotfightFight
Fight
5 -10
-10 5
-8-8
State of Anarchy Prisoner Dilemma
Gain
Information
Perception

State A
State B
-3 -3
Do not fight
DonotfightFight
Fight
5 -10
-10 5
-100-100
State of Anarchy
Intel assessment : Capability
Diplomacy and Contacts : Intent
Nuclear Deterrence
-8-8
Prisoner DilemmaPrisoner Dilemma with communication
HistoryGain
Information
Perception

United Nations Membership over Time

State A
State B
-3 -3
Do not fight
DonotfightFight
Fight
5 -10
-10 5
-100-100
State of Anarchy
10 10
Gain
Information
Perception
TRADE
TRUST
COOPERATION

Social Media and Information Technology

Consequences on the international system
• Information is power : Information as a good
• Information is a nonrival good. [...]
• One person’s consumption does not diminish that of another.
• If I give you a light, it does not diminish my light.
• But in a competitive situation, it makes a big difference if I have the
light first and see things before you do.
Joseph S. Nye

CHEAP DUAL USE OF TECHNOLOGY

OPEN SOURCE INTELLIGENCE

• Information does not have to be secret to
be valuable.
• Whether in the blogs we browse, the
broadcasts we watch, or the specialized
journals we read, there is an endless
supply of information that contributes to
our understanding of the world.
• The Intelligence Community generally refers
to this information as Open Source
Intelligence (OSINT). OSINT plays an
essential role in giving the national security
community as a whole insight and context at
a relatively low cost.
OPEN SOURCE INTELLIGENCE

Information revolutions :
Knowledge is Power (Francis Bacon) =>
Government has always been concerned about the flow and control of
information
• Gutenberg’s (1398-1468) : Movable Printer => Bible
• American Revolution - (1765 – 1783) : Pamphlets
• WWI, WWII : Industrial Press
• Cold War : Dedicated channels , Radios, TV…
• Media (TV, Radio, …) : Telegrams, Radio Free Europe, CNN, Al Jazeera…
• Internet
Changes
• Main change is the cost
• Amount of information (Early 2010) : 998 billion of Gigabytes exchanged
• Flow of information
= Third industrial revolution

Consequences on the international system : Flow of information

• Gouvernment 1
• Society 1
• Gouvernment 2
• Society 2

Consequences on the international system : Transnational Communities

Consequences on the international system : New Actors

(SEMI) HIDDEN COMMUNITIES

Consequences on the international system : Information Control !

POST TRUTH SOCIETY : NARRATIVES VS FACTS?

Information, Attention, Credibility are three different resources.
• Information is abondant
• Attention is scarce
• Credibility is precious

Consequences on the international system : Information Control ?

INFORMATION CONTROL ? : INDUSTRIAL CONTROL SYSTEMS

INFORMATION CONTROL ? : MACHINES AND ARTIFICIAL INTELLIGENCE

• State of Anarchy
• Cooperation & Competition
• Information is a non rival good (Competitive)
• States actors
• (Semi-) Hidden Transnational Communities
• Multiple non states Actors
• Accessible digital systems
• Increased technological world
• Power diffusion
INTERMEDIATE CONCLUSIONS
 Low Cost
 Blurred Actors
 Bias views
 New trends
 Tracability is hard
 Trust is difficult
 Distance is less a
factor
Information Revolution
in the international system

INFORMATION WARFARE FEATURES
Features
Molander, Roger C. Strategic information warfare : a new face of war / Roger C. Molander,
Andrew S. Riddile, Peter A. Wilson (1996)
Information Revolution
in the international system
 Low Cost
 Blurred Actors
 Bias views
 New trends
 Tracability is hard
 Trust is difficult
 Distance is less a
factor

Features

“The fact that Cyber-Security knows no border implies that Cyber
Security is as good as weak as its weakest link.”

A NEW EQUILIBRIUM?
State A
State B
10 10
Do not fight
DonotfightFight
Fight
5 -10
-10 5
-100-100
State of Anarchy
5 5
State Actor Non State Actor
-3 -3
?

A NEW EQUILIBRIUM?
State A
State B
10 10
Do not fight
DonotfightFight
Fight
5 -10
-10 5
-100-100
State of Anarchy
15 15

A STATE OF COMPETITION AND COOPERATION
Courtesy of
A NEW EQUILIBRIUM?

RUSSIAN VIEWS
WILL
SKILL
TOOLS
STAGES OF
CONFLICT
TOOLS OF
CONFLICT
MILITARY
NON - MIL
Courtesy of
A NEW EQUILIBRIUM?

SOCIAL
FUNCTIONAL
ECOLOGICAL
POWER
DECISIONS
SOCIAL BASE
ECONOMIC BASE
TECHNOL BASE
NATURAL RESOURCES
HABITAT
FUNCTIONAL SECURITY
ECOSECURITY
VITAL LIFE SYSTEMS
Courtesy of
A NEW EQUILIBRIUM?
SOCIETAL SECURITY

SOCIAL
POWER
DECISIONS
SOCIAL BASE SOCIAL HEALTH
GRAND POLITICS
FUNCTIONAL
ECONOMIC BASE
TECHNOL BASE
FUNCTIONAL SECURITY
ECOLOGICAL
NATURAL RESOURCES
HABITAT
ECOSECURITY
OPERATIONAL
ENVIRONMENT
FULL SPECTRUM WARFARE
DEPENDENCY
CYBERSABOTAGE
INFORMATION WAR
SUBVERSION
VULNERABLE HYPERSOCIETY
DECLINE OF LIBERAL WORLD
LIBERAL LACK OF HARD POWER
Courtesy of

Tomas Ries – ISS / FHSRUSSIAN VIEW OF WAR
RUSSIAN VIEWS
SUBVERSION
INFORMATION WAR
SABOTAGE
Non-military – military
4:1
DEPENDENCY
EUROPEAN NUCLEAR
CONVENTIONAL
STRATEGIC NUCLEAR
Courtesy of
A NEW EQUILIBRIUM?
CONDUCTING INFORMATION OPERATIONS

SUBVERT
CONFUSE
SABOTAGE
COERCE
INFLUENCE DECISIONS
DISINFORMATION
(GERMANY, LONDON,
TECHNOLOGY)
CYBER, PHYSICAL,
CHEMICAL, SOCIAL
BUY, BLACKMAIL, CHARM
INFORMATION WAR
CREATE DEPENDENCY
INFRASTRUCTURE, ELECT.
BULLY
ECONOMY, BUSINESS
ELITE
SOCIETY
PARALYSE, EXTORT
BREAK RULES CONFIDENCE
MANOEUVRES, VIOLATIONS
ASASSINATIONS
DISTRACT
DIVERT FOCUS (KOREA, SYRIA,
MIGRATION, TERRORISM, CRIME)
ELITE, SOCIETY
ESPIONAGE
GET INFORMATION WHERE IT CAN BE FOUND
CYBER, TECHNICAL
HUMINT, RESEARCH
Courtesy of
A NEW EQUILIBRIUM?

TOOLS
SKILL
WILL
ESSENCE OF STRENGTH
SUNZI
ZHENG
QI
ZZZ
ZZZ
ZZZ
??
?
???
ORDINARY ENERGY
EXTRAORDINARY
ENERGY
Courtesy of
A NEW EQUILIBRIUM?
Computer Systems
Training, Education ...
Perception, Public Opinion

TOOLS
SKILL
WILL
Courtesy of
A NEW EQUILIBRIUM?

TOOLS
SKILL
Courtesy of
A NEW EQUILIBRIUM?

TOOLS
A NEW EQUILIBRIUM?
Courtesy of

TOOLS
Courtesy of
A NEW EQUILIBRIUM?
KINETIC
KILLS
NON
KINETIC
KINETIC
KILLS
KINETIC
KILLS

Tomas Ries – ISS / FHSESSENCE OF STRENGTH
Courtesy of

Tomas Ries – ISS / FHSESSENCE OF STRENGTH
SUNZI
”…TO WIN WITHOUT FIGHTING”
1. WEAKEN WILL
2. FOOL SKILL
’SHI’ SHAPING
Courtesy of

ANATOMY OF AN ATTACK
State A
State B
10 10
Do not fight
DonotfightFight
Fight
20 -5
-5 20
-100-100
State of Anarchy
15 15

• OSINT• E
• Intelligence
• Research
• Available information about the target(s) online
• …
• Social Engineering
• Deception• D
• Get people to trust …
• … and click
• Phishing email
• …• Ph
• Code (Technical aspect)
• Sabotage
• Password Cracking
• Backdoors
• Ransomware
• Malware
• …
• Consequences
• What Intents?
ANATOMY OF AN ATTACK
• Money ?
• Interest ?
• Compromission ?
• Ego ?
State Actor?
Non State Actor?
S
U
B
V
E
R
T
I
O
N
SOCIAL
INDIVIDUAL
TECHNICAL
C
A
P
A
B
I
L
I
T
I
E
S

19 :35 :42L – 4Chan
20 :00 :00L – Disobediant Media
20 :49 :00L – Jack Posobiec
20 :57 :00L – William Craddick
21: 30 :00L – Wikileaks
23: 30 :00L – Messsmer / relais par le Front National
00: 00 :00L – Black out médiatique en France
+-10.00L

19 :35 :42 – 4Chan
20 :00 :00 – Disobediant Media
20 :57 :00 – William Craddick
23: 30 :00 – Messsmer
/ relais par le Front National
20 :49 :00 – Jack Posobiec

So what now?
• There is a technical side and social aspect to Cyber Security.
• We need to have a holistic approach
• Technical
• Human
• Social
• Legal
• Economics
• …
Priorities
1. Leadership => Awareness => ok
2. Risk assessment => ?
3. Security Strategy => 50/50
4. A minimal information structure => 50/50

Cyber Security : Strategies
• Developing an offensive stance (Increase the costs?)
• Rating offensive capabilities (Tracking methodologies?)
• Protecting integrated global system (GDPR vs Patriot Act?)
• Security vs Privacy (How private should be an IP address?)
• Net neutrality (Who must take responsibility?)
• International regulations (Is a treaty feasible?)
• Building a mode solid cyber architecture (Who defines it? ISO?)
• Tackling the weakest link (How to detect it?)
• Securing Internet Supply chain (Malware at conception?)
• Increasing awareness (What education?)
• Taking a holistic approach (Who should decide?)
• Defining the role of governments (Standards?)
• Information sharing at international level (Zero-days?)
• Thinking differently about Cyber-Security (system protection vs priority protection)
• Citizen Awareness (How to inform?)
• Reducing Secrecy (Need to share vs Need to know)
• Defining pre-emptive cyber-attacks (Where is the line between Defense and Aggression?)
Security & Defense Agenda – Cyber-Security : The vexed question of global rules (2012)

Question?
https://www.linkedin.com/in/vincent-joassin-b68706144/
Vincent Joassin | RMA | COST
Join me on Linkedin
THANK YOU FOR YOUR ATTENTION

Cyber Security & Information Warfare : A global security issue

More Related Content

What's hot

Similar to Cyber Security & Information Warfare : A global security issue

Recently uploaded

Cyber Security & Information Warfare : A global security issue