This chapter discusses cyber deterrence strategies and architectures. It outlines the objectives of cyber deterrence as preventing attacks, denying enemies freedom in cyberspace, and using cyber space for counterattacks. It discusses challenges like attribution and unpredictability. The chapter summarizes Libicki's cyber deterrence strategy of situational awareness, identification, analysis, attribution assessment, and retaliation considerations. It proposes a solution architecture using military botnets for effective distributed scanning and proposes prototypes and performance benchmarking of threaded and botnet-based scanning.

1. Chapter 14:
Cyber Warfare an Architecture of
Deterrence
Bikrant Gautam, Ang Sherpa,
Savanth Chintoju
Saint Cloud State University
IA612-MSIA-Fall

2. Objective of cyber deterrence
● Prevent an enemy from conducting future attacks.
● Deny enemies “freedom of action in cyberspace”
● Use the internet space for counter-attack.

3. Cyber Deterrence and
Cyber warfare
“The goal of Cyber deterrence is to deny enemies
“freedom of action in cyberspace”.“
- Alexander, 2007
“Cyberwarfare has been defined as "actions by a nation-
state to penetrate another nation's computers or
networks for the purposes of causing damage or
disruption”
- Wiki, 2015

4. Cyber Deterrence Challenges
● Assigning attribution
● Unpredictability of cyber attack
impacts
● Potential damage due to counter
retaliation
● No legal framework exists

5. Cyber Deterrence
Strategy
● Useful to understand how cyber deterrence
strategies and policies would operate in practice
● Libicki developed policy and strategy analysis
under the sponsorship of USAF, which were
influential
● A key goal of cyber deterrence is changing the
potential attackers mindset, forcing them to
reconsider the benefits and consequences of
conducting an attack.

6. There are several steps in Libicki’s concept
● Situational Awareness (Surveillance)
● Identify if it is a real attack
● Analyse if the attack motive is connected to state actor
● Determine the level of public awareness
● Assess state or non-state attribution
● Strength of the case for public attribution is assessed
● Methods of retaliation are considered

7. ● Explicit Deterrence
Counter attack policy is disclosed to attacker,
possibly by public announcement
● Implicit Deterrence
No public or direct disclosure to the attacker
about
counter attack
● ‘Risky’ factor has both implicit and explicit values to
signify the risk of counterattack.
● Libicki suggests Implicit deterrence is best option.

8. “We need to develop an early-warning system to
monitor cyberspace, identify intrusions, and locate the
source of attacks with a trail of evidence that can
support diplomatic, military and legal options – and we
must be able to do this in milliseconds.” (McConnell,
2010)

9. Reference Model

10. Surveillance Capabilities
● ensures that defenders are aware of potential cyber
attacks
Penetration Capabilities
● understand potential/actual hackers, investigate
attribution
Integration Capabilities
● to build an understanding of CNE
● populate knowledge base about attackers
Advanced Capabilities
● management of military botnets and parallel
scanning

11. Solution Architecture
● What is the solution for cyber deterrence?
● BOTNETs!!!
● Military botnets developed with bot script deployed
in each government computer.
● Effective as large number of computers controlled
by single organization.
● Useful on mass hacking or distributed scanning

12. Attack Model of Botnet

13. Defense/attribution Model

14. Architectural Prototypes
● Prototypes for multithreaded and botnet-like distributed
scanning.
● Botnet performance benchmarking

15. Threaded Scanning
● Serial scanning in linux
● Then implemented as multi threaded scanning.
● Performance increased.
● Practically feasible for pen testing.
Botnet for Distributed
Scanning
● Distributed botnet for parallel scans.
● Performed ping sweeps and nmap scans.
● contained the bot-command server architect with different
controlling scripts.
● First the script on target machine was run.
● Then this script connected with the machine running
command script.

16. Performance Benchmarking
● Scripts for both methods were run using python code.
● Threaded scan are faster than botnets.

17. Benchmarking continued...

18. Deterministic Models of
Performance
● Serial Scan
● Parallel (Threaded) Scan
● Distributed serial Scan
● Distributed Parallel (Threaded) Scan

19. Projection for Military
Botnets

20. Thanks,
Any Questions?