SlideShare a Scribd company logo
Politics & Power in ‘Cybersecurity’
Pukhraj Singh
#PukhrajSingh
Cognitive cyber offence
DecieveDenyDegradeDestroyDisrupt
True innovation in ‘cyberwar’ is cognitive
OfferRemoveAnalyseAccess
Innovations around techniques
Innovations around effects
Increasing innovation
Increasing symmetricity
Ref: Dave Aitel
Cognitive cyber offence
There are fundamental reasons why most countries focus on passive
or kinetic cyber as the ultimate tier of capability—typically the
organisations with authority to engage in cyber are the Intelligence
Services and the Military. They are institutionally predisposed to
collecting data or conducting “deny, disrupt, destroy, degrade”
operations to enable and support their forces
-- The Grugq
Cognitive cyber offence
[The way the US] came to technology defines how we think of it, and
the West came to cyberspace through computers and hacking. Other
cultures, however, approached cyber differently, primarily from its
basic theoretical premise of providing a tool for control of
populations
-- Richard Danzig
Cognitive cyber offence
[Cyber] effects will be produced by the manipulation of software, data,
knowledge, and opinion. The objective is not kinetic but cognitive
effect, the manipulation of information to change thoughts and
behaviours
-- James A. Lewis
Cognitive cyber offence
On January 24, 2019, The Bulletin of the Atomic Scientists set the
doomsday clock to two minutes to midnight
The group added: “rather than a cyber Armageddon that causes
financial meltdown or nationwide electrical blackouts,” a larger risk
is the use of cyber-enabled information warfare that erodes “the
trust and cohesion on which civilised societies rely”
Cognitive cyber offence
• “…the heart and soul of the Soviet intelligence was subversion. Not
intelligence collection, but subversion: active measures” – Oleg
Kalugin, KGB
• The Smidth-Mundt Act & the US Information Agency
• TS Kuhn’s The Structure of Scientific Revolutions & data-driven
behavioral modelling
Cyber offence is pure politics
Cyber offence is pure politics
The state of threat intelligence
Cyber offence is pure politics
• With the right kind of eye, you can see politics in malware code
• Offensive toolchains have a political architecture
• Cyber attacks have a distinct political signature
Cyber offence is pure politics
• Case studies:
• Malware code reuse as an expression of political semantics
• Exploitation as a technology tree (ref: Dave Aitel)
Code reuse: from opcodes to ontology
…we hope that the research community will take cautious advantage of
a higher ontological category to describe collaborative frameworks
for multiple threat actors
…a focus on this ‘multi-tenant’ model of modular malware
development…should allow for…an understanding of… the
organizational complexities behind clusters of malicious activity
that defy simplistic attribution claims
-- J. A. Guerrero-Saade/Chronicle
Code reuse: from opcodes to ontology
“Your adversary has a boss and a budget”
-- The Grugq paraphrasing Phil Venables
Code reuse: from opcodes to ontology
2006: Thomas Dullien ran a “phylogenetic clustering algorithm” on a
genus of malware, finding that “although we have ~200 samples, we
only have two large families, three small families, two pairs of
siblings, & a few isolated samples”
2011: Google acquires Zynamics
2012: Google acquires VirusTotal
2017:
Exploitation as a technology tree
Lineage & Mathematics
Exploitation as a technology tree
Lineage & Mathematics
Operation Aurora -> Barium/Winnti/APT17/Axiom
Winnti >>> Hashing subroutine <<< ShadowPad/NetSarang
Winnti >>> base64 <<< CCleaner Stage 1
Winnti >>> String obfuscation <<< CCleaner Stage 2
(Sources: Costin Raiu & Intezer)
Cyber offence is pure politics
Map the adversarial ecosystem of cyberspace in anthropological
detail with the aim of increasing our understanding of our adversaries
and our own incentives and methods of operation
-- Richard Danzig
Nation state sovereignty in cyberspace is crashing
Power & conflict in meatspace*
Power & conflict in cyberspace
Cyberspace is [a] continuously contested territory in which we can
control memory & operating capabilities some of the time but cannot be
assured of complete control all of the time or even of any control at any
particular time
-- Richard Danzig
A Contested Territory
A contested territory
Possession, ownership & control [of data & assets in cyberspace] do not
overlap
-- Thomas Dullien AKA Halvar Flake
A Contested Territory
A contested territory
Ecology professor Philip Greear would challenge his graduate students to
catalog all the life in a cubic yard of forest floor. Computer science
professor Donald Knuth would challenge his graduate students to catalog
everything their computers had done in the last ten seconds
-- Dan Geer
A Contested Territory
A contested territory
[Cyber] offence & defence is the wrong dichotomy: it should be control &
non-control
-- Dave Aitel,
A Contested Territory
A contested territory
We will respond…we’ll respond proportionally, and we’ll respond in a place
and time and manner that we choose
-- President Obama on the Sony Pictures hack
A Contested Territory
Gone for a toss: causality & proportionality
Enterprise security: dying by a thousand cuts
A Contested Territory
Mudge, 2011
A Contested Territory
Mudge, 2015
A Contested Territory
Why do we need universal threat ontologies & taxonomies?
• OpenC2
• ATT&CK
• CAPEC
• OpenDXL
• MITRE CAR
• Unfetter
• STIX-TAXII
• YARA
• OpenIoC
• IODEF
• MISP
• VERIS
• SCAP
• …
A Contested Territory
Vendors as foot soldiers
Malware used by the U.S. in offensive cyber-operations
plays “nice”…”We see guardrails on malware from nations
like the U.S.”
-- Kevin Mandia, FireEye
From declaratory to escalatory dominance
The declaratory model: 1995-2014
• Dave Aitel labelled Stuxnet as the “announcement of a team”
more than anything else, which could take out any factory,
any time
• The current structures of offence are biased towards
declaratory dominance
The escalatory puzzle
Look, we’re moving into a new era here where a number of
countries have significant capacities…But our goal is not to
suddenly, in the cyber arena, duplicate a cycle of escalation that
we saw when it comes to other arms races in the past, but rather
to start instituting some norms so everybody’s acting responsibly
-- Barack Obama, 2016
Questions?
Thank you

More Related Content

What's hot

Are we ready for Cyberwarfare
Are we ready for CyberwarfareAre we ready for Cyberwarfare
Are we ready for Cyberwarfare
Aurin Sheikh
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
Digicomp Academy AG
 
Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015
AFCEA International
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...
AFCEA International
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy
Sara-Jayne Terp
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286
Udaysharma3
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
tnwac
 
About cyber war
About cyber warAbout cyber war
About cyber war
eugenvaleriu
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber Security
Dominic Karunesudas
 
Is the us engaged in a cyber war
Is the us engaged in a cyber warIs the us engaged in a cyber war
Is the us engaged in a cyber war
David Willson, Attorney, CISSP, Security +
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
PECB
 
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Dr. Lydia Kostopoulos
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
Cyber Security Alliance
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert Lin
AFCEA International
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance  and security in the energy sectorsInformation warfare, assurance  and security in the energy sectors
Information warfare, assurance and security in the energy sectors
Love Steven
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
William McBorrough
 
Why_TG
Why_TGWhy_TG
Why_TG
TOP GUN
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operations
Clifford Stone
 
2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosure
Sara-Jayne Terp
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
Dinesh O Bareja
 

What's hot (20)

Are we ready for Cyberwarfare
Are we ready for CyberwarfareAre we ready for Cyberwarfare
Are we ready for Cyberwarfare
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
 
Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
 
About cyber war
About cyber warAbout cyber war
About cyber war
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber Security
 
Is the us engaged in a cyber war
Is the us engaged in a cyber warIs the us engaged in a cyber war
Is the us engaged in a cyber war
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
 
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert Lin
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance  and security in the energy sectorsInformation warfare, assurance  and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
 
Why_TG
Why_TGWhy_TG
Why_TG
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operations
 
2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosure
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
 

Similar to Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa

Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
Fidelis Cybersecurity
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber Conflict
Zsolt Nemeth
 
VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016
Cameron Brown
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect us
Luis Borges Gouveia
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
mariaidga
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
blogzilla
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity risk
blogzilla
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
Andrea Rossetti
 
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxRunning head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
glendar3
 
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxRunning head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
todd581
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam Segal
Leslie Lee
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
alinainglis
 
C3 Cyber
C3 CyberC3 Cyber
Malwares
MalwaresMalwares
Malwares
Claire Medolla
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0
Deepak Kumar (D3)
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
Jamie Moore
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
Olivier Busolini
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
Phil Agcaoili
 
Case studies in cybersecurity strategies
Case studies in cybersecurity strategiesCase studies in cybersecurity strategies
Case studies in cybersecurity strategies
EyesOpen Association
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Stephanie McVitty
 

Similar to Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa (20)

Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber Conflict
 
VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect us
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity risk
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxRunning head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
 
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxRunning head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam Segal
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
Malwares
MalwaresMalwares
Malwares
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
 
Case studies in cybersecurity strategies
Case studies in cybersecurity strategiesCase studies in cybersecurity strategies
Case studies in cybersecurity strategies
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 

Recently uploaded

Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
ScyllaDB
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
ScyllaDB
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Ukraine
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
leebarnesutopia
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 

Recently uploaded (20)

Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
Discover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched ContentDiscover the Unseen: Tailored Recommendation of Unwatched Content
Discover the Unseen: Tailored Recommendation of Unwatched Content
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
 
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfLee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 

Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa

  • 1. Politics & Power in ‘Cybersecurity’ Pukhraj Singh #PukhrajSingh
  • 3. DecieveDenyDegradeDestroyDisrupt True innovation in ‘cyberwar’ is cognitive OfferRemoveAnalyseAccess Innovations around techniques Innovations around effects Increasing innovation Increasing symmetricity Ref: Dave Aitel
  • 4. Cognitive cyber offence There are fundamental reasons why most countries focus on passive or kinetic cyber as the ultimate tier of capability—typically the organisations with authority to engage in cyber are the Intelligence Services and the Military. They are institutionally predisposed to collecting data or conducting “deny, disrupt, destroy, degrade” operations to enable and support their forces -- The Grugq
  • 5. Cognitive cyber offence [The way the US] came to technology defines how we think of it, and the West came to cyberspace through computers and hacking. Other cultures, however, approached cyber differently, primarily from its basic theoretical premise of providing a tool for control of populations -- Richard Danzig
  • 6. Cognitive cyber offence [Cyber] effects will be produced by the manipulation of software, data, knowledge, and opinion. The objective is not kinetic but cognitive effect, the manipulation of information to change thoughts and behaviours -- James A. Lewis
  • 7. Cognitive cyber offence On January 24, 2019, The Bulletin of the Atomic Scientists set the doomsday clock to two minutes to midnight The group added: “rather than a cyber Armageddon that causes financial meltdown or nationwide electrical blackouts,” a larger risk is the use of cyber-enabled information warfare that erodes “the trust and cohesion on which civilised societies rely”
  • 8. Cognitive cyber offence • “…the heart and soul of the Soviet intelligence was subversion. Not intelligence collection, but subversion: active measures” – Oleg Kalugin, KGB • The Smidth-Mundt Act & the US Information Agency • TS Kuhn’s The Structure of Scientific Revolutions & data-driven behavioral modelling
  • 9. Cyber offence is pure politics
  • 10. Cyber offence is pure politics The state of threat intelligence
  • 11. Cyber offence is pure politics • With the right kind of eye, you can see politics in malware code • Offensive toolchains have a political architecture • Cyber attacks have a distinct political signature
  • 12. Cyber offence is pure politics • Case studies: • Malware code reuse as an expression of political semantics • Exploitation as a technology tree (ref: Dave Aitel)
  • 13. Code reuse: from opcodes to ontology …we hope that the research community will take cautious advantage of a higher ontological category to describe collaborative frameworks for multiple threat actors …a focus on this ‘multi-tenant’ model of modular malware development…should allow for…an understanding of… the organizational complexities behind clusters of malicious activity that defy simplistic attribution claims -- J. A. Guerrero-Saade/Chronicle
  • 14. Code reuse: from opcodes to ontology “Your adversary has a boss and a budget” -- The Grugq paraphrasing Phil Venables
  • 15. Code reuse: from opcodes to ontology 2006: Thomas Dullien ran a “phylogenetic clustering algorithm” on a genus of malware, finding that “although we have ~200 samples, we only have two large families, three small families, two pairs of siblings, & a few isolated samples” 2011: Google acquires Zynamics 2012: Google acquires VirusTotal 2017:
  • 16. Exploitation as a technology tree Lineage & Mathematics
  • 17. Exploitation as a technology tree Lineage & Mathematics Operation Aurora -> Barium/Winnti/APT17/Axiom Winnti >>> Hashing subroutine <<< ShadowPad/NetSarang Winnti >>> base64 <<< CCleaner Stage 1 Winnti >>> String obfuscation <<< CCleaner Stage 2 (Sources: Costin Raiu & Intezer)
  • 18. Cyber offence is pure politics Map the adversarial ecosystem of cyberspace in anthropological detail with the aim of increasing our understanding of our adversaries and our own incentives and methods of operation -- Richard Danzig
  • 19. Nation state sovereignty in cyberspace is crashing
  • 20. Power & conflict in meatspace*
  • 21. Power & conflict in cyberspace
  • 22. Cyberspace is [a] continuously contested territory in which we can control memory & operating capabilities some of the time but cannot be assured of complete control all of the time or even of any control at any particular time -- Richard Danzig A Contested Territory A contested territory
  • 23. Possession, ownership & control [of data & assets in cyberspace] do not overlap -- Thomas Dullien AKA Halvar Flake A Contested Territory A contested territory
  • 24. Ecology professor Philip Greear would challenge his graduate students to catalog all the life in a cubic yard of forest floor. Computer science professor Donald Knuth would challenge his graduate students to catalog everything their computers had done in the last ten seconds -- Dan Geer A Contested Territory A contested territory
  • 25. [Cyber] offence & defence is the wrong dichotomy: it should be control & non-control -- Dave Aitel, A Contested Territory A contested territory
  • 26. We will respond…we’ll respond proportionally, and we’ll respond in a place and time and manner that we choose -- President Obama on the Sony Pictures hack A Contested Territory Gone for a toss: causality & proportionality
  • 27. Enterprise security: dying by a thousand cuts
  • 30. A Contested Territory Why do we need universal threat ontologies & taxonomies? • OpenC2 • ATT&CK • CAPEC • OpenDXL • MITRE CAR • Unfetter • STIX-TAXII • YARA • OpenIoC • IODEF • MISP • VERIS • SCAP • …
  • 31. A Contested Territory Vendors as foot soldiers Malware used by the U.S. in offensive cyber-operations plays “nice”…”We see guardrails on malware from nations like the U.S.” -- Kevin Mandia, FireEye
  • 32. From declaratory to escalatory dominance
  • 33. The declaratory model: 1995-2014 • Dave Aitel labelled Stuxnet as the “announcement of a team” more than anything else, which could take out any factory, any time • The current structures of offence are biased towards declaratory dominance
  • 34. The escalatory puzzle Look, we’re moving into a new era here where a number of countries have significant capacities…But our goal is not to suddenly, in the cyber arena, duplicate a cycle of escalation that we saw when it comes to other arms races in the past, but rather to start instituting some norms so everybody’s acting responsibly -- Barack Obama, 2016