The document discusses the realities of cyber warfare, emphasizing its impact on modern society, the complexities of defense versus offense, and the evolving nature of threats and capabilities. It highlights key actors, including nations like the USA, China, Russia, and North Korea, as well as organized crime, while addressing the need for strategic responses and the importance of skilled cyber professionals. The author critiques the current lack of legal frameworks and the ethical dilemmas inherent in cyber conflict, ultimately framing it as an evolving battlefield without clear rules or protections for civilians.

1. On cyber war
Petr Špiřík

2. Cyber war is sexy
Setting up the scene
Cyber war is real.
I am not a cyber warrior.
Let’s have fun.
Headlines in news
Matrix is coming
“World looks exactly like a Bruce Sterling novel”
(Robertson, 2013)
New World Order is here
Cyber war affects the society
PRISM
NSA
Drones
Cyber war is wrapped in myths
Conspiracy
Reality
Problem of informed decision
Welcome aboard

3. State is involved
Different lyric, same song
Cyber war is not something completely
different.
Cyber war is new rather then alien
battlefield.
The more cyber changes things, the
more they remain the same.
Real, not virtual impact
Asymmetric warfare
Same people in charge
Everything is new
New capabilities
New threats
New playgrounds
New questions
War never changes

4. Attack surface
Key concepts
Offense is easy.
Defense is hard.
Cyber war is cheap.
Attack vectors and attack surface are
critical to understand.
This is what defender protects
The more developed country, the larger attack
surface, the less realistic defense
Attack vector
This is what attacker uses
There is not finite number of attack vectors
Attack vectors can be of technology, social,
conceptual or other quality
Cost of cyber war
Computer, brain and network connection is all the
attacker needs
Cost of “the western way”
Hidden cost of technology advancements
Democracy as a weakness

5. Information as a target
Two-Face of information
Information can be the target of cyber
campaign or a tool – or both.
Espionage
Denial of information
Information as a weapon
Sabotage
Propaganda
Offensive cyber strikes
Information as an environment
Adaptability & swarming (Arquilla, 2005)
Support capabilities
Information supremacy (Arquilla, 2011)

6. Multiple attack vectors are cheap
Technology
Cylons were right. Network everything
cannot be wrong!
Underground economy supplies demand
Botnets for hire – or taking
Weaponized malware, zero day vulnerabilities
Attack surface is wide
Air gap does not work
Human factor
Smart grid
USA pioneering smart grid faces issues
What should never be connected to the internet – is.
(Leverett, 2011)
USA infrastructure rigged with logical bombs
(Gorman, 2009)

7. Government capabilities are unmatched
Actors
Key actors are states and international
organizations, including organized
crime and terrorists. Individuals are
playing the role of collateral damage.
Because of legal options for governments
Different power levels are incomparable
Money always helps
Buying resources
Hiring people working for profit
Cyber terrorists are like child porn
Cyber is perfect weapon for them
Scarce if any success stories
Interaction in underground economy
Actors meet in the gray area
If we don’t buy it – the bad guys will!

8. USA
States of interest
USA, China, Russia & Northern Korea –
this is the big four.
Czech republic is zero. Almost exactly.
Most advanced in technology
Strong in attack
Critically vulnerable
Most visible
China
The biggest threat (Mandiant, 2013)
Denies everything (US Congress, 2012)
No one can do anything about them
Russia
Patriots
Organized crime
It’s Russia
Northern Korea
Cyber war is cheap

9. 2003, Iraq war
Battlefield online, information supremacy
Harsh lessons
History of cyber war
Starting with information supremacy
on the battlefield, going through
information denial and propaganda
towards cyber weapons and
weaponized malware. In ten years.
2007, Estonia
Russia “patriots” targeting banks, media and state
institutions
NATO wake up call
2007, Israel
Operation Orchard
No nuclear plant, Korean workers, AA defense and Israel
airstrike
2008, Georgia
Russian “patriots”, information blackouts
Well documented (US-CCU, 2009)
2010, Stuxnet
Targeting Iran’s nuclear program
Admitted by USA – Barack Obama, project Olympic games
2011, Georgia
Cyber espionage attack from Russia (Ministry of Justice of
Georgia, 2012)
2013, Czech Republic

10. USA perspective
International environment
It’s a wild west right now. The rule of
the strongest. No legal framework.
Espionage vs. sabotage
Preparation of the battlefield loophole
Act of war, kinetic response
Leading the progress – in good or bad ((Clarke & Knake,
2012)
International legal framework
Does not exist
History of fails (for example Russian proposal to UN in
2010)
One sided claims (DoD, 2011)
Bilateral agreements (USA-Russia since 2011)
International cooperation
Ad hoc only
Aims towards responsibility for cooperation
Problems
Attribution
Trust
Aging

11. Strategic impacts
Let’s strategize!
The need for strategy on international
as well as state level is recognized. One
shared idea is not, though.
Asymmetric warfare
Who to nuke?
Problems with escalations in decisive first-strike
scenarios (nuclear weapons analogy)
NATO
Tallinn manual – where cyber war was born
(CCDCOE, 2013)
The latest input for discussion
Private sector
Defenseless against governments
Demands protection, refuses regulation
Privately owned critical infrastructure
Problem of trust between unequal partners
Direction goes to prescribed level of security,
without regulated means how to do it

12. Cyber warrior wanted!
Cyber warriors
People with cyber security skills are in
high demand. This presents and will
present unique opportunity to be part
of something great. Also – these
people are a bit crazy. Wanna join?
Lack of skilled professionals in private and
government sector (and underground as well)
There is a space for both highly specialized experts
as well as cross-border generalists
Education strategy
USA universities opening sponsored programs for
cyber warriors (sponsored by NSA, CIA, various
programs)
USA plans to quadruple current (2013) force by 2015
Hiring strategy
Hacking challenges
Different services are looking for those special
talents – to hire them or at least persuade them
to harm the opponents

13. Ethical questions
Future evolution
Cyber war seems like victimless and
clean – but it is not. Simulations, war
games and debates are going on to
test the waters. What is the price of
privacy and security for a human
being?
Is drone killing people or the operator?
Are civilian targets legit?
Where is the line between human rights and
strategic planning?
War games
Regularly held by military and private organizations
Red and Blue teams
Mostly focused on the problems of escalation and
kinetic force involvement
Impact on civilians
Problem of helpless bystander – no one wants to be
the victim
Cascading effects (power plant, power grid,
hospital…)
How can civilians influence the discussion?

14. Sources
Thank you
I hope you enjoyed the ride. If not –
blame the speaker, not the topic and
give it a second chance. It is worth it.
Security conferences (Defcon, Blackhat)
Governments (USA, NATO, EU)
Security companies reports (Mandiant, Prolexic,
Verisign)
Security, military and political think tanks
Blogs (Schneier, Krebs)
Twitter (strong hacking community)

15. Reference
Author@ Petr Špiřík
Twitter @ HidenatNet
Email @ petr.spirik@gmail.com
Slideshare @
www.slideshare.net/zapp0/cyberwar27509085
Robertson, A., 2013, ‘It's Bruce Sterling's novel, we just live in it’ [online], available from:
http://www.theverge.com/2013/8/8/4598942/its-bruce-sterlings-novel-we-just-live-init
Clarke, R.A. & Knake, R., 2012, ‘Cyber War: The Next Threat to National Security and What to
Do About It’, Ecco
Arquilla, J., 2011, ‘From blitzkrieg to bitskrieg: the military encounter with computers’,
Communications of the ACM, vol. 54, no. 10, 2011
Arquilla, J., 2005, ‘Swarming and the Future of Conflict’ [online], Available from:
http://www.rand.org/content/dam/rand/pubs/documented_briefings/2005/RAND_DB3
11.pdf
Mandiant, 2013, ‘Exposing One of China’s Cyber Espionage Units’ [online], Available from:
http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
US Congress, 2012, ‘Investigative Report on the U.S. National Security Issues Posed by Chinese
Telecommunications Companies Huawei and ZTE’ [online], Available from:
http://intelligence.house.gov/sites/intelligence.house.gov/files/HuaweiZTE%20Investigative%20Report%20(FINAL).pdf
US-CCU, 2009, ‘Overview by the US-CCU of the Cyber Campaign Against Georgia in August
2008’ [online], Available from: http://www.registan.net/wpcontent/uploads/2009/08/US-CCU-Georgia-Cyber-Campaign-Overview.pdf
Sanger, D. E., 2012, ‘Confront and Conceal: Obama's Secret Wars and Surprising Use of
American Power’
Leverett, E.P.,2011, ‘Quantitatively Assessing and Visualising Industrial System Attack Surfaces’
[online], Available from: http://www.cl.cam.ac.uk/~fms27/papers/2011-Leverettindustrial.pdf
Gorman, S., 2009, ‘Electricity Grid in U.S. Penetrated By Spies’ [online], Available from:
http://online.wsj.com/news/articles/SB123914805204099085
DoD, 2011, ‘Department of Defense Cyberspace Policy Report’ [online], Available from:
http://www.defense.gov/home/features/2011/0411_cyberstrategy/docs/NDAA%20Sect
ion%20934%20Report_For%20webpage.pdf
CCDCOE, 2013, ‘Tallinn manual’ [online], Available from: http://www.ccdcoe.org/249.html
Ministry of Justice of Georgia, 2012, ‘CYBER ESPIONAGE Against Georgian Government’
[online], Available from:
http://dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf