This document discusses the evolution of cyber defense and technology. It first provides background on the author and their research interests. It then summarizes the Stuxnet attack on Iranian nuclear facilities between 2005-2010, believed to be carried out by Israel and the US. This marked a shift to states using cyber capabilities. The document next discusses cyberattacks that occurred during the Ukraine war and outlines a strategy of hybrid warfare combining conventional and cyber operations. It concludes by recommending related reading on cyber weapons and security.

1. Defense, Tech and Internet. The World Changed.
Fernando Tricas Garcı́a
ftricas@unizar.es
Departamento de Informática e Ingenierı́a de Sistemas – Escuela de Ingenierı́a y
Arquitectura – Instituto de Investigación en Ingenierı́a de Aragón – Universidad de
Zaragoza
Zaragoza, 25 de abril de 2023
Defense, Tech and Internet. The World Changed.

2. About me
▶ Currently
▶ Ass. Professor at the University of Zaragoza (Dept. Computer
Science at the Escuela de Ingenierı́a y Arquitectura).
▶ Director of the Catedra Telefónica – Universidad de Zaragoza
de Ciberseguridad.
▶ Just before, ICT management at the University.
▶ Research topics (Instituto de Investigación en Ingenierı́a de
Aragón):
▶ Analysis and synthesis of well-behaved concurrent systems
usign formal methods.
▶ Social Network Analysis in Internet.
Defense, Tech and Internet. The World Changed.

3. Defense, Tech and Internet. The World Changed.

4. https://www.energy.gov/ceser/articles/national-strategy-secure-cyberspace-february-2003
Defense, Tech and Internet. The World Changed.

5. STUXNET
2005 (Start of development?) – 2010 (Uncovered)
▶ Israel & USA (unacknowledged),
Operation Olympic Games.
▶ Attack against Iranian nuclear
facilities.
▶ Target: Supervisory Control And
Data Acquisition (SCADA).
▶ Programmable Logic Controllers
(PLC).
▶ Gas centrifuges, for separating
nuclear material.
https://en.wikipedia.org/wiki/Gas_centrifuge
Defense, Tech and Internet. The World Changed.

6. STUXNET
▶ They utilized four zero-day flaws.
▶ Remote Procedure Call (RPC) with no authenication (MS08-067)
▶ LNK/PIF vulnerability. (MS10-046)
▶ A Zero-day bug in the Print Spooler Service
▶ Elevation of privileges holes
▶ Windows machines and Siemens Step7 software.
▶ Collecting on industrial systems and causing the fast-spinning
centrifuges to tear themselves apart.
▶ It can copy files, observe computer screens and keystrokes,
remotely control computer functions ...
Defense, Tech and Internet. The World Changed.

7. STUXNET
Air gapped machines (offline)
▶ A rootkit, responsible for hiding all malicious files and
processes, to prevent detection.
▶ Introduced to the target environment via an infected USB
flash drive
▶ Unexpected commands to the PLC while returning a loop of
normal operation system values back to the users.
Defense, Tech and Internet. The World Changed.

8. STUXNET
Air gapped machines (offline)
▶ A rootkit, responsible for hiding all malicious files and
processes, to prevent detection.
▶ Introduced to the target environment via an infected USB
flash drive
▶ Unexpected commands to the PLC while returning a loop of
normal operation system values back to the users.
Later. . . https://web.archive.org/web/20120104215049/http:
//www.symantec.com/security_response/writeup.jsp?docid=2010-071400-3123-99
Defense, Tech and Internet. The World Changed.

9. https:
//nationalinterest.org/blog/buzz/these-olympic-games-launched-new-era-cyber-sabotage-190082
Defense, Tech and Internet. The World Changed.

10. When did the Ukraine war start?
Defense, Tech and Internet. The World Changed.

11. When did the Ukraine war start?
https://jsis.washington.edu/news/
cyberattack-critical-infrastructure-russia-ukrainian-power-grid-attacks/
Defense, Tech and Internet. The World Changed.

12. Cyberwarfare
▶ Hybrid warfare (conventional + cyber)
▶ Low-level conventional and special operations.
▶ Offensive cyber and space operations.
▶ Psycological operations (social and traditional media)
▶ From low-intensity to high-intensity depending on
circumstance.
▶ Strategy (General Nikolay Makarov)
▶ Disrupting adversary information systems, including by
introducing harmful software
▶ Defending our own communications and command systems
▶ Working on domestic and foreign public opinion using the
media, Internet and more.
Defense, Tech and Internet. The World Changed.

13. Some keywords
▶ False flag
▶ Concealability, deniability
▶ Governments as malware authors.
▶ Markets
▶ Zero-days. . .
attack or defense?
Defense, Tech and Internet. The World Changed.

14. 2023, March
Defense, Tech and Internet. The World Changed.

15. https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
Defense, Tech and Internet. The World Changed.

16. Recommended reading
▶ Nicole Perlroth. ‘This Is How They Tell Me the World Ends:
The Cyber Weapons Arms’ (February 2021).
▶ Mikko Hypponen. ‘If It’s Smart, It’s Vulnerable’ (August 2,
2022)
More (classical) reading:
▶ Ken Thompson, ‘Reflections on Trusting Trust.’ Turing Award
Lecture. 1984.
https://users.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
▶ Dan Geer. ‘Shared Risk at National Scale.’
https://web.stanford.edu/class/msande91si/www-spr04/slides/geer.pdf
Defense, Tech and Internet. The World Changed.

17. Thanks! ¡Gracias!
ftricas@unizar.es
@fernand0
https://webdiis.unizar.es/~ftricas/
Defense, Tech and Internet. The World Changed.