The document discusses the significance of cyberwarfare, highlighting how reliant society is on information technology, which can be manipulated and attacked. It outlines various types of cyber offenses and attacks, the challenges faced in detecting and preventing these threats, and the necessary changes for effective cyber defense. Additionally, it emphasizes the personal impact of cyberwarfare and the importance of establishing a stronger digital identity and chain of custody.

1. Cyberwar Gets Personal
Association of Information Systems Professionals
Nicholas Davis, CISA, CISSP
Chief Information Security Officer
University of Wisconsin System
Monday, March 5, 2018

2. Keep In Mind
"Cyber attacks offer terrorists the possibility of greater
security and operational flexibility. Theoretically they can
launch a computer assault from almost anywhere in the
world, without directly exposing the attacker to physical
harm”
George Tenet, the Director of Central Intelligence of the
United States
3/5/2018 UNIVERSITY OF WISCONSIN 2

3. Overview
Why Cyberwar Matters
What Cyberwar Means
Offensive Cyberwar
Defensive Cyberwar
Personal Cyberwar
Needed Changes to Win
At Cyberwar
3/5/2018 UNIVERSITY OF WISCONSIN 3

4. Why Cyberwar Matters
Everything we do relies upon information
technology, as individuals, groups, and as a
society
We don’t think about it, but:
• Water supply
• Air traffic control
• Power
All depend upon and can be manipulated
and damaged through cyberattack
3/5/2018 UNIVERSITY OF WISCONSIN 4

5. Why Cyberwar Matters
3/5/2018 UNIVERSITY OF WISCONSIN 5

6. Why Cyberwar Matters
Imagine a Day Like This
9:00 AM, Stock market taken down by DOS attack
3/5/2018 UNIVERSITY OF WISCONSIN 6

7. Why Cyberwar Matters
Imagine a Day Like This
11:42 AM, Power to 23% of the country goes out
3/5/2018 UNIVERSITY OF WISCONSIN 7

8. Why Cyberwar Matters
Imagine a Day Like This
1:17 PM, mobile networks across 70% of the
country are dead
3/5/2018 UNIVERSITY OF WISCONSIN 8

9. Why Cyberwar Matters
Imagine a Day Like This
3:37 PM, All air traffic around the country is
grounded as radar goes down
3/5/2018 UNIVERSITY OF WISCONSIN 9

10. Why Cyberwar Matters
Imagine a Day Like This
6:46 PM, while visiting your heart attack stricken
family member in the hospital, the life support
machine shuts off
3/5/2018 UNIVERSITY OF WISCONSIN 10

11. Why Cyberwar Matters
Information technology makes our lives
more enjoyable, and safe
Reliance on information technology has
made us all vulnerable, both directly or
indirectly
3/5/2018 UNIVERSITY OF WISCONSIN 11

12. Why Cyberwar Matters
Cyberattacks Are Inexpensive
3/5/2018 UNIVERSITY OF WISCONSIN 12

13. Why Cyberwar Matters
Remotely Executed
3/5/2018 UNIVERSITY OF WISCONSIN 13

14. Why Cyberwar Matters
Annonymity
3/5/2018 UNIVERSITY OF WISCONSIN 14

15. Why Cyberwar Matters
Information is the most valuable asset to an
organization
3/5/2018 UNIVERSITY OF WISCONSIN 15

16. Why Cyberwar Matters
Authentication
Process that ensures and confirms a user's identity
3/5/2018 UNIVERSITY OF WISCONSIN 16

17. Cyberwar Offense
Who is the Bad Guy?
National intelligence of foreign adversaries – it’s
their job.
3/5/2018 UNIVERSITY OF WISCONSIN 17

18. Cyber Offense
Who is the Bad Guy
Cyber warrior - militarily motivated
3/5/2018 UNIVERSITY OF WISCONSIN 18

19. Cyber Offense
Who is the Bad Guy
Cyber Terrorist - politically and often religiously
motivated
3/5/2018 UNIVERSITY OF WISCONSIN 19

20. Cyber Offense
Who is the Bad Guy
Corporate competitors/Industrial espionage -
seeking competitive information; theft of
intellectual property
3/5/2018 UNIVERSITY OF WISCONSIN 20

21. Cyber Offense
Who is the Bad Guy
Organized crime/criminal
element - economically
motivated and seek
information that can be sold
or used to extort money from
victims
3/5/2018 UNIVERSITY OF WISCONSIN 21

22. Cyber Offense
Who is the Bad Guy
Insider/employees –Embarrassment, cash
3/5/2018 UNIVERSITY OF WISCONSIN 22

23. Cyber Offense
Who is the Bad Guy
Hacker, stalker, social media bully – desire to
exploit notable target
3/5/2018 UNIVERSITY OF WISCONSIN 23

24. Cyber Offense
Attack Classes
Passive attack: A passive attack is a type of attack
where the attacker simply monitor the network activity
as a part of reconnaissance. A passive attack is difficult
to detect, because the attacker is not actively attacking
any target machine or participating in network traffic.
An example of a passive attack is an attacker capturing
packets from the network.
Prevention: Potential threats from Passive attacks can
be eliminated by implementing good network
encryption.
3/5/2018 UNIVERSITY OF WISCONSIN 24

25. Cyber Offense
Attack Classes
Active attack: Active attack is a type of attack where
the attacker actively launching attack against the
target servers. In active attack the attacker is
actively sending traffic that can be detected.
Prevention: Active attacks can be prevented by
using Firewalls and IPS (Intrusion Prevention
Systems).
3/5/2018 UNIVERSITY OF WISCONSIN 25

26. Cyber Offense
Attack Classes
Close-in attack: A Close-in attack is a type of attack
where the attacker is physically close to the target
system. Attacker can the the advantages of being
physically close to the target devices.
Prevention: Good physical security can prevent
Close-in attacks
3/5/2018 UNIVERSITY OF WISCONSIN 26

27. Cyber Offense
Attack Classes
Insider attack: An insider attack is an attack from
inside users, who use their access credentials and
knowledge of the network to attack the target
machines.
Prevention: Good layer 2 security, authentication
and physical security can prevent Insider attacks.
3/5/2018 UNIVERSITY OF WISCONSIN 27

28. Cyber Offense
Attack Classes
Distribution attack: Distribution attacks are the
attacks using backdoors introduced to hardware or
software systems at the time of manufacture. Once
the hardware or software became functional,
attackers can leverage the backdoor to attack the
target devices.
Prevention: Trusted hardware/software vendors
and integrity checks can prevent Distribution
attacks.
3/5/2018 UNIVERSITY OF WISCONSIN 28

29. Cyber Offense
Types of Attacks
Application-layer attacks are
implemented using
several different methods. One of
the most common methods is
exploiting well known
weaknesses in software that are
commonly found on servers, such
as send mail, HTTP, and FTP.
3/5/2018 UNIVERSITY OF WISCONSIN 29

30. Cyber Offense
Types of Attacks
Auto rooters. Auto rooters are programs that
automate the entire hacking process. Computers
are sequentially scanned, probed, and captured.
3/5/2018 UNIVERSITY OF WISCONSIN 30

31. Cyber Offense
Types of Attacks
Backdoors are paths into
systems that can be created
during an intrusion or with
specifically designed Trojan
horse code.
The backdoor, unless
detected and removed, can
be used again
3/5/2018 UNIVERSITY OF WISCONSIN 31

32. Cyberwar Challenges
No Physical Boundaries
3/5/2018 UNIVERSITY OF WISCONSIN 32

33. Cyberwar Challenges
Difficult to Detect and Track.
3/5/2018 UNIVERSITY OF WISCONSIN 33

34. Cyberwar Challenges
Cheap and Easy
3/5/2018 UNIVERSITY OF WISCONSIN 34

35. Cyberwar Challenges
Always On
3/5/2018 UNIVERSITY OF WISCONSIN 35

36. Cyberwar Challenges
Economic Impact
3/5/2018 UNIVERSITY OF WISCONSIN 36

37. Cyber Defense
Always vs Once
3/5/2018 UNIVERSITY OF WISCONSIN 37

38. Cyber Defense
Defense in Depth
3/5/2018 UNIVERSITY OF WISCONSIN 38

39. Cyber Defense
Basic Methodology
3/5/2018 UNIVERSITY OF WISCONSIN 39

40. Cyber Defense
Digital Signature
3/5/2018 UNIVERSITY OF WISCONSIN 40

41. Cyber Defense
Encryption
3/5/2018 UNIVERSITY OF WISCONSIN 41

42. Cyberwar
Past – SCADA - Availability
3/5/2018 UNIVERSITY OF WISCONSIN 42

43. Cyberwar
Present – “Fake News” - Integrity
3/5/2018 UNIVERSITY OF WISCONSIN 43

44. Future of Cyberwar
As We Have Talked About
• Availability continues to be a concern
• Integrity of data and information is now
being questioned
• Any idea of what comes next?
3/5/2018 UNIVERSITY OF WISCONSIN 44

45. Cyberwar Future
Next Up - Confidentiality
3/5/2018 UNIVERSITY OF WISCONSIN 45

46. Cyberwar Future Personal Leverage
Complex Scenarios
• Your ISP is broken into and your web browsing records are stolen by
a foreign adversary
• Your church’s membership database is compromised by same
adversary
• You receive an email that demands you vote for a specific candidate,
or else the web surfing records get sent to your church pastor
3/5/2018 UNIVERSITY OF WISCONSIN 46

47. Cyberwar Future
Computers Can’t Be Trusted, So
Everything Becomes Untrustworthy
3/5/2018 UNIVERSITY OF WISCONSIN 47

48. Cyberwar
Needed Changes
3/5/2018 UNIVERSITY OF WISCONSIN 48

49. Needed Defensive
Cyberwar Tools
• Personal Digital Identity
• Information Technology
Deployment Model Change
• Digital Reliance on Chain of
Logical and Physical Custody
3/5/2018 UNIVERSITY OF WISCONSIN 49

50. Currently, This is My
Weak Digital Identity
3/5/2018 UNIVERSITY OF WISCONSIN 50

51. Stronger Digital Identity Trust
Is On the Horizon
3/5/2018 UNIVERSITY OF WISCONSIN 51

52. You Can’t Defend
A Dispersed Castle
3/5/2018 UNIVERSITY OF WISCONSIN 52

53. Cyber Defense
Cloud (Herd = Strength)
3/5/2018 UNIVERSITY OF WISCONSIN 53

54. You Don’t Use a Toothbrush
If You Don’t Know Its History
3/5/2018 UNIVERSITY OF WISCONSIN 54

55. Chain of Custody
is Immensely Important
3/5/2018 UNIVERSITY OF WISCONSIN 55

56. Challenges to
Implementation
• Cost
• Talent
• Societal and
Government
Trust
3/5/2018 UNIVERSITY OF WISCONSIN 56

57. Question and Comments
Session
Nicholas Davis
ndavis@uwsa.edu
3/5/2018 UNIVERSITY OF WISCONSIN 57