SlideShare a Scribd company logo

Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa

P
Pukhraj Singh

This document discusses politics and power in cybersecurity. It notes that most countries focus on passive or kinetic cyber capabilities through intelligence and military organizations. However, true innovation is in cognitive cyber effects that manipulate information to change thoughts and behaviors. The largest risk is using cyber-enabled information warfare to erode trust in societies. Offensive cyber toolchains have a distinct political architecture, and case studies show how code reuse reveals political semantics. Cyberspace is a continuously contested territory where control of data and assets does not overlap and is hard to ensure. Nation state sovereignty in cyberspace is declining as the environment becomes more contested.

Technology
1 of 35
Download to read offline
Politics & Power in ‘Cybersecurity’ Pukhraj Singh #PukhrajSingh
Cognitive cyber offence
DecieveDenyDegradeDestroyDisrupt True innovation in ‘cyberwar’ is cognitive OfferRemoveAnalyseAccess Innovations around techniques Innovations around effects Increasing innovation Increasing symmetricity Ref: Dave Aitel
Cognitive cyber offence There are fundamental reasons why most countries focus on passive or kinetic cyber as the ultimate tier of capability—typically the organisations with authority to engage in cyber are the Intelligence Services and the Military. They are institutionally predisposed to collecting data or conducting “deny, disrupt, destroy, degrade” operations to enable and support their forces -- The Grugq
Cognitive cyber offence [The way the US] came to technology defines how we think of it, and the West came to cyberspace through computers and hacking. Other cultures, however, approached cyber differently, primarily from its basic theoretical premise of providing a tool for control of populations -- Richard Danzig
Cognitive cyber offence [Cyber] effects will be produced by the manipulation of software, data, knowledge, and opinion. The objective is not kinetic but cognitive effect, the manipulation of information to change thoughts and behaviours -- James A. Lewis
Cognitive cyber offence On January 24, 2019, The Bulletin of the Atomic Scientists set the doomsday clock to two minutes to midnight The group added: “rather than a cyber Armageddon that causes financial meltdown or nationwide electrical blackouts,” a larger risk is the use of cyber-enabled information warfare that erodes “the trust and cohesion on which civilised societies rely”
Cognitive cyber offence • “…the heart and soul of the Soviet intelligence was subversion. Not intelligence collection, but subversion: active measures” – Oleg Kalugin, KGB • The Smidth-Mundt Act & the US Information Agency • TS Kuhn’s The Structure of Scientific Revolutions & data-driven behavioral modelling
Cyber offence is pure politics
Cyber offence is pure politics The state of threat intelligence
Cyber offence is pure politics • With the right kind of eye, you can see politics in malware code • Offensive toolchains have a political architecture • Cyber attacks have a distinct political signature
Cyber offence is pure politics • Case studies: • Malware code reuse as an expression of political semantics • Exploitation as a technology tree (ref: Dave Aitel)
Code reuse: from opcodes to ontology …we hope that the research community will take cautious advantage of a higher ontological category to describe collaborative frameworks for multiple threat actors …a focus on this ‘multi-tenant’ model of modular malware development…should allow for…an understanding of… the organizational complexities behind clusters of malicious activity that defy simplistic attribution claims -- J. A. Guerrero-Saade/Chronicle
Code reuse: from opcodes to ontology “Your adversary has a boss and a budget” -- The Grugq paraphrasing Phil Venables
Code reuse: from opcodes to ontology 2006: Thomas Dullien ran a “phylogenetic clustering algorithm” on a genus of malware, finding that “although we have ~200 samples, we only have two large families, three small families, two pairs of siblings, & a few isolated samples” 2011: Google acquires Zynamics 2012: Google acquires VirusTotal 2017:
Exploitation as a technology tree Lineage & Mathematics
Exploitation as a technology tree Lineage & Mathematics Operation Aurora -> Barium/Winnti/APT17/Axiom Winnti >>> Hashing subroutine <<< ShadowPad/NetSarang Winnti >>> base64 <<< CCleaner Stage 1 Winnti >>> String obfuscation <<< CCleaner Stage 2 (Sources: Costin Raiu & Intezer)
Cyber offence is pure politics Map the adversarial ecosystem of cyberspace in anthropological detail with the aim of increasing our understanding of our adversaries and our own incentives and methods of operation -- Richard Danzig
Nation state sovereignty in cyberspace is crashing
Power & conflict in meatspace*
Power & conflict in cyberspace
Cyberspace is [a] continuously contested territory in which we can control memory & operating capabilities some of the time but cannot be assured of complete control all of the time or even of any control at any particular time -- Richard Danzig A Contested Territory A contested territory
Possession, ownership & control [of data & assets in cyberspace] do not overlap -- Thomas Dullien AKA Halvar Flake A Contested Territory A contested territory
Ecology professor Philip Greear would challenge his graduate students to catalog all the life in a cubic yard of forest floor. Computer science professor Donald Knuth would challenge his graduate students to catalog everything their computers had done in the last ten seconds -- Dan Geer A Contested Territory A contested territory
[Cyber] offence & defence is the wrong dichotomy: it should be control & non-control -- Dave Aitel, A Contested Territory A contested territory
We will respond…we’ll respond proportionally, and we’ll respond in a place and time and manner that we choose -- President Obama on the Sony Pictures hack A Contested Territory Gone for a toss: causality & proportionality
Enterprise security: dying by a thousand cuts
A Contested Territory Mudge, 2011
A Contested Territory Mudge, 2015
A Contested Territory Why do we need universal threat ontologies & taxonomies? • OpenC2 • ATT&CK • CAPEC • OpenDXL • MITRE CAR • Unfetter • STIX-TAXII • YARA • OpenIoC • IODEF • MISP • VERIS • SCAP • …
A Contested Territory Vendors as foot soldiers Malware used by the U.S. in offensive cyber-operations plays “nice”…”We see guardrails on malware from nations like the U.S.” -- Kevin Mandia, FireEye
From declaratory to escalatory dominance
The declaratory model: 1995-2014 • Dave Aitel labelled Stuxnet as the “announcement of a team” more than anything else, which could take out any factory, any time • The current structures of offence are biased towards declaratory dominance
The escalatory puzzle Look, we’re moving into a new era here where a number of countries have significant capacities…But our goal is not to suddenly, in the cyber arena, duplicate a cycle of escalation that we saw when it comes to other arms races in the past, but rather to start instituting some norms so everybody’s acting responsibly -- Barack Obama, 2016
Questions? Thank you

Recommended

Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Pukhraj Singh
 
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
Pukhraj Singh
 
Understanding the 'physics' of cyber-operations - Pukhraj Singh
Understanding the 'physics' of cyber-operations - Pukhraj SinghUnderstanding the 'physics' of cyber-operations - Pukhraj Singh
Understanding the 'physics' of cyber-operations - Pukhraj Singh
Pukhraj Singh
 
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
Pukhraj Singh
 
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
Pukhraj Singh
 
Cyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckCyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality Check
Jarno Limnéll
 
Cyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in CyberspaceCyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in Cyberspace
Jarno Limnéll
 
Crim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllCrim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéll
Jarno Limnéll
 

Recommended

Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Synergy in Joint Cyber Operations - Indian National Defence University & HQ I...
Pukhraj Singh
 
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
The death of enterprise security as we know it - Pukhraj Singh - RootConf 2018
Pukhraj Singh
 
Understanding the 'physics' of cyber-operations - Pukhraj Singh
Understanding the 'physics' of cyber-operations - Pukhraj SinghUnderstanding the 'physics' of cyber-operations - Pukhraj Singh
Understanding the 'physics' of cyber-operations - Pukhraj Singh
Pukhraj Singh
 
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
Pukhraj Singh
 
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
BSides Delhi-2018 Keynote by Pukhraj Singh (Politics & Power in Cybersecurity)
Pukhraj Singh
 
Cyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckCyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality Check
Jarno Limnéll
 
Cyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in CyberspaceCyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in Cyberspace
Jarno Limnéll
 
Crim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllCrim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéll
Jarno Limnéll
 
Are we ready for Cyberwarfare
Are we ready for CyberwarfareAre we ready for Cyberwarfare
Are we ready for Cyberwarfare
Aurin Sheikh
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
Digicomp Academy AG
 
Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015
AFCEA International
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...
AFCEA International
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy
Sara-Jayne Terp
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286
Udaysharma3
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
tnwac
 
About cyber war
About cyber warAbout cyber war
About cyber war
eugenvaleriu
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
Is the us engaged in a cyber war
Is the us engaged in a cyber warIs the us engaged in a cyber war
Is the us engaged in a cyber war
David Willson, Attorney, CISSP, Security +
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
PECB
 
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Dr. Lydia Kostopoulos
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
Cyber Security Alliance
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert Lin
AFCEA International
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
Love Steven
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
William McBorrough
 
Why_TG
Why_TGWhy_TG
Why_TGTOP GUN
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operationsClifford Stone
 
2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosure
Sara-Jayne Terp
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
Dinesh O Bareja
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
Fidelis Cybersecurity
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber Conflict
Zsolt Nemeth
 

More Related Content

What's hot

Are we ready for Cyberwarfare
Are we ready for CyberwarfareAre we ready for Cyberwarfare
Are we ready for Cyberwarfare
Aurin Sheikh
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
Digicomp Academy AG
 
Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015
AFCEA International
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...
AFCEA International
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy
Sara-Jayne Terp
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286
Udaysharma3
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
tnwac
 
About cyber war
About cyber warAbout cyber war
About cyber war
eugenvaleriu
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
Is the us engaged in a cyber war
Is the us engaged in a cyber warIs the us engaged in a cyber war
Is the us engaged in a cyber war
David Willson, Attorney, CISSP, Security +
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
PECB
 
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Dr. Lydia Kostopoulos
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
Cyber Security Alliance
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert Lin
AFCEA International
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
Love Steven
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
William McBorrough
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operationsClifford Stone
 
2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosure
Sara-Jayne Terp
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
Dinesh O Bareja
 

What's hot (20)

Are we ready for Cyberwarfare
Are we ready for CyberwarfareAre we ready for Cyberwarfare
Are we ready for Cyberwarfare
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
 
Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015Cyber Ethics: TechNet Augusta 2015
Cyber Ethics: TechNet Augusta 2015
 
Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...Defending Your Base of Operations: How Industrial Control Systems are Being T...
Defending Your Base of Operations: How Industrial Control Systems are Being T...
 
2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy2019 11 terp_mansonbulletproof_master copy
2019 11 terp_mansonbulletproof_master copy
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286
 
Cyberwar and Geopolitics
Cyberwar and GeopoliticsCyberwar and Geopolitics
Cyberwar and Geopolitics
 
About cyber war
About cyber warAbout cyber war
About cyber war
 
Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber Security
 
Is the us engaged in a cyber war
Is the us engaged in a cyber warIs the us engaged in a cyber war
Is the us engaged in a cyber war
 
Artificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO ComplianceArtificial Intelligence (AI) – Two Paths to ISO Compliance
Artificial Intelligence (AI) – Two Paths to ISO Compliance
 
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
Due Diligence Considerations for Scientists, Commanders, and Politicians As T...
 
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
ASFWS 2012 - Cybercrime to Information Warfare & “Cyberwar”: a hacker’s persp...
 
USSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert LinUSSTRATCOM Cyber & Space 2011 Herbert Lin
USSTRATCOM Cyber & Space 2011 Herbert Lin
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
 
Why_TG
Why_TGWhy_TG
Why_TG
 
Information warfare and information operations
Information warfare and information operationsInformation warfare and information operations
Information warfare and information operations
 
2020 09-01 disclosure
2020 09-01 disclosure2020 09-01 disclosure
2020 09-01 disclosure
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
 

Similar to Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa

Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
Fidelis Cybersecurity
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber Conflict
Zsolt Nemeth
 
VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016Cameron Brown
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect us
Luis Borges Gouveia
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
mariaidga
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity risk
blogzilla
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
blogzilla
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxRunning head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
glendar3
 
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxRunning head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
todd581
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam Segal
Leslie Lee
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
alinainglis
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
Deepak Kumar (D3)
 
Malwares
MalwaresMalwares
Malwares
Claire Medolla
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0
Deepak Kumar (D3)
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
Jamie Moore
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
Olivier Busolini
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
Phil Agcaoili
 
Case studies in cybersecurity strategies
Case studies in cybersecurity strategiesCase studies in cybersecurity strategies
Case studies in cybersecurity strategies
EyesOpen Association
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 

Similar to Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa (20)

Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Models of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber ConflictModels of Escalation and De-escalation in Cyber Conflict
Models of Escalation and De-escalation in Cyber Conflict
 
VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect us
 
Cyber Security for Oil and Gas
Cyber Security for Oil and Gas Cyber Security for Oil and Gas
Cyber Security for Oil and Gas
 
Systemic cybersecurity risk
Systemic cybersecurity riskSystemic cybersecurity risk
Systemic cybersecurity risk
 
Cyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responsesCyber(in)security: systemic risks and responses
Cyber(in)security: systemic risks and responses
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxRunning head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
 
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docxRunning head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
Running head METHODS USED IN CYBER WARFARE1METHODS USED IN CYB.docx
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam Segal
 
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
 
C3 Cyber
C3 CyberC3 Cyber
C3 Cyber
 
Malwares
MalwaresMalwares
Malwares
 
Cyber of things 2.0
Cyber of things 2.0Cyber of things 2.0
Cyber of things 2.0
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and AfraidAECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
AECF: A Look into Cyber Crime - Doomsday Preppers for the Naked and Afraid
 
Case studies in cybersecurity strategies
Case studies in cybersecurity strategiesCase studies in cybersecurity strategies
Case studies in cybersecurity strategies
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 

Recently uploaded

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 

Recently uploaded (20)

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 

Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa

  • 1. Politics & Power in ‘Cybersecurity’ Pukhraj Singh #PukhrajSingh
  • 3. DecieveDenyDegradeDestroyDisrupt True innovation in ‘cyberwar’ is cognitive OfferRemoveAnalyseAccess Innovations around techniques Innovations around effects Increasing innovation Increasing symmetricity Ref: Dave Aitel
  • 4. Cognitive cyber offence There are fundamental reasons why most countries focus on passive or kinetic cyber as the ultimate tier of capability—typically the organisations with authority to engage in cyber are the Intelligence Services and the Military. They are institutionally predisposed to collecting data or conducting “deny, disrupt, destroy, degrade” operations to enable and support their forces -- The Grugq
  • 5. Cognitive cyber offence [The way the US] came to technology defines how we think of it, and the West came to cyberspace through computers and hacking. Other cultures, however, approached cyber differently, primarily from its basic theoretical premise of providing a tool for control of populations -- Richard Danzig
  • 6. Cognitive cyber offence [Cyber] effects will be produced by the manipulation of software, data, knowledge, and opinion. The objective is not kinetic but cognitive effect, the manipulation of information to change thoughts and behaviours -- James A. Lewis
  • 7. Cognitive cyber offence On January 24, 2019, The Bulletin of the Atomic Scientists set the doomsday clock to two minutes to midnight The group added: “rather than a cyber Armageddon that causes financial meltdown or nationwide electrical blackouts,” a larger risk is the use of cyber-enabled information warfare that erodes “the trust and cohesion on which civilised societies rely”
  • 8. Cognitive cyber offence • “…the heart and soul of the Soviet intelligence was subversion. Not intelligence collection, but subversion: active measures” – Oleg Kalugin, KGB • The Smidth-Mundt Act & the US Information Agency • TS Kuhn’s The Structure of Scientific Revolutions & data-driven behavioral modelling
  • 9. Cyber offence is pure politics
  • 10. Cyber offence is pure politics The state of threat intelligence
  • 11. Cyber offence is pure politics • With the right kind of eye, you can see politics in malware code • Offensive toolchains have a political architecture • Cyber attacks have a distinct political signature
  • 12. Cyber offence is pure politics • Case studies: • Malware code reuse as an expression of political semantics • Exploitation as a technology tree (ref: Dave Aitel)
  • 13. Code reuse: from opcodes to ontology …we hope that the research community will take cautious advantage of a higher ontological category to describe collaborative frameworks for multiple threat actors …a focus on this ‘multi-tenant’ model of modular malware development…should allow for…an understanding of… the organizational complexities behind clusters of malicious activity that defy simplistic attribution claims -- J. A. Guerrero-Saade/Chronicle
  • 14. Code reuse: from opcodes to ontology “Your adversary has a boss and a budget” -- The Grugq paraphrasing Phil Venables
  • 15. Code reuse: from opcodes to ontology 2006: Thomas Dullien ran a “phylogenetic clustering algorithm” on a genus of malware, finding that “although we have ~200 samples, we only have two large families, three small families, two pairs of siblings, & a few isolated samples” 2011: Google acquires Zynamics 2012: Google acquires VirusTotal 2017:
  • 16. Exploitation as a technology tree Lineage & Mathematics
  • 17. Exploitation as a technology tree Lineage & Mathematics Operation Aurora -> Barium/Winnti/APT17/Axiom Winnti >>> Hashing subroutine <<< ShadowPad/NetSarang Winnti >>> base64 <<< CCleaner Stage 1 Winnti >>> String obfuscation <<< CCleaner Stage 2 (Sources: Costin Raiu & Intezer)
  • 18. Cyber offence is pure politics Map the adversarial ecosystem of cyberspace in anthropological detail with the aim of increasing our understanding of our adversaries and our own incentives and methods of operation -- Richard Danzig
  • 19. Nation state sovereignty in cyberspace is crashing
  • 20. Power & conflict in meatspace*
  • 21. Power & conflict in cyberspace
  • 22. Cyberspace is [a] continuously contested territory in which we can control memory & operating capabilities some of the time but cannot be assured of complete control all of the time or even of any control at any particular time -- Richard Danzig A Contested Territory A contested territory
  • 23. Possession, ownership & control [of data & assets in cyberspace] do not overlap -- Thomas Dullien AKA Halvar Flake A Contested Territory A contested territory
  • 24. Ecology professor Philip Greear would challenge his graduate students to catalog all the life in a cubic yard of forest floor. Computer science professor Donald Knuth would challenge his graduate students to catalog everything their computers had done in the last ten seconds -- Dan Geer A Contested Territory A contested territory
  • 25. [Cyber] offence & defence is the wrong dichotomy: it should be control & non-control -- Dave Aitel, A Contested Territory A contested territory
  • 26. We will respond…we’ll respond proportionally, and we’ll respond in a place and time and manner that we choose -- President Obama on the Sony Pictures hack A Contested Territory Gone for a toss: causality & proportionality
  • 27. Enterprise security: dying by a thousand cuts
  • 30. A Contested Territory Why do we need universal threat ontologies & taxonomies? • OpenC2 • ATT&CK • CAPEC • OpenDXL • MITRE CAR • Unfetter • STIX-TAXII • YARA • OpenIoC • IODEF • MISP • VERIS • SCAP • …
  • 31. A Contested Territory Vendors as foot soldiers Malware used by the U.S. in offensive cyber-operations plays “nice”…”We see guardrails on malware from nations like the U.S.” -- Kevin Mandia, FireEye
  • 32. From declaratory to escalatory dominance
  • 33. The declaratory model: 1995-2014 • Dave Aitel labelled Stuxnet as the “announcement of a team” more than anything else, which could take out any factory, any time • The current structures of offence are biased towards declaratory dominance
  • 34. The escalatory puzzle Look, we’re moving into a new era here where a number of countries have significant capacities…But our goal is not to suddenly, in the cyber arena, duplicate a cycle of escalation that we saw when it comes to other arms races in the past, but rather to start instituting some norms so everybody’s acting responsibly -- Barack Obama, 2016