Surviving Cyber War April09

1,276 views

Published on

Presentation on the events leading up to the current state of cyber unpreparedness.

  • Be the first to comment

  • Be the first to like this

Surviving Cyber War April09

  1. 1. <ul><li>Coming soon: </li></ul><ul><li>Blog: ThreatChaos.com </li></ul><ul><li>twitter.com/cyberwar </li></ul>Surviving Cyber War
  2. 2. Agenda Crowd Sourced Cyber Weapons Pervasive Espionage Background Cyber Defense Preparedness
  3. 3. Threat hierarchy is a time line! <ul><li>Information Warfare </li></ul><ul><li>CyberCrime </li></ul><ul><li>Hactivism </li></ul><ul><li>Vandalism </li></ul><ul><li>Experimentation </li></ul>
  4. 4. Rumblings April 1, 2001 Navy EP-3 Chinese F-8
  5. 5. The Five Levels of Cyber Defense Conditions <ul><li>Cyber DefCon 1. Travel warnings. Governments issue warnings about protecting data when travelling to foreign nations. </li></ul><ul><li>Cyber DefCon 2. Nation states probe each other’s network’s for vulnerabilities. </li></ul><ul><li>Cyber Defcon 3. Wide spread information theft with intent to mine industrial as well as military and geo-political secret information. </li></ul><ul><li>Cyber DefCon 4. Targeted attacks against a nation’s military and government installations. Loss of critical data, collateral damage. </li></ul><ul><li>Cyber DefCon 5. Nation to nation attacks are malicious with intent to destroy communication infrastructure and disable business processes including financial markets. </li></ul>
  6. 6. Chinese Thinking <ul><li>Wang Qingsong, Modern Military-Use High Technology, 1993 </li></ul><ul><li>Zhu Youwen, Feng Yi,and Xu Dechi, Information War Under High Tech Conditions1994 </li></ul><ul><li>Li Qingshan, New Military Revolution and High Tech War, 1995 </li></ul><ul><li>Wang Pufeng, InformationWarfare and the Revolution in Military Affairs, Beijing: 1995; </li></ul><ul><li>Zhu Xiaoli and Zhao Xiaozhuo, The United States and Russia in the New Military Revolution,1996; </li></ul><ul><li>Li Qingshan, New Military Revolution and High Tech War, 1995 </li></ul><ul><li>Dai Shenglong and Shen Fuzhen, Information Warfare and Information Security Strategy, 1996 </li></ul><ul><li>Shen Weiguang, On New War 1997 </li></ul>
  7. 7. Goal: Information Dominance <ul><li>The degree of information superiority that allows the possessor to use information systems and capabilities to achieve an operational advantage in a conflict or to control the situation in operations short of war, while denying those capabilities to the adversary. </li></ul>-Field Manual 100-6 Information Operations , August1996.
  8. 8. Custom Trojans, tools of the trade Michael Haephrati shows us how.
  9. 9. China knows Trojans <ul><li>In the UK, the Home Office has warned about a spate of attacks in recent months involving e-mail Trojans. &quot;We have never seen anything like this in terms of the industrial scale of this series of attacks,&quot; said Roger Cumming, director of NISCC </li></ul>
  10. 10. Titan Rain world wide <ul><li>Custom Trojans </li></ul><ul><li>Sandia drops its shorts, 2005 </li></ul><ul><li>Shawn Carpenter, First US Cyber Warrior </li></ul><ul><li>Summer 2007 Pentagon is attacked and shut down. Source of attack Chinese Red Army </li></ul><ul><li>German Chancellery, Summer 2007 </li></ul><ul><li>Whitehall, UK </li></ul><ul><li>France </li></ul><ul><li>India </li></ul><ul><li>Australia </li></ul>
  11. 11. Ghost Net <ul><li>1,200 computers including ministry and NATO machines </li></ul><ul><li>Looking for attribution </li></ul><ul><li>Attacks on the office of the Dalai Lama </li></ul><ul><li>Joint Strike Fighter Breach April 21, 2009 </li></ul>
  12. 12. Joint Strike Fighter
  13. 13. Crowd sourcing
  14. 14. Cyber war breaks out <ul><li>Estonia, March 2007 </li></ul><ul><li>Ukrain November 2007 </li></ul><ul><li>Lithuania, June 2008 </li></ul><ul><li>Georgia, August 2008 </li></ul>Nashi summer camp ‘07
  15. 15. Cyber Defense Preparedness: Estonia <ul><li>&quot;Cooperative Cyber Defence (CCD) Centre of Excellence (COE) in Tallinn, Estonia. </li></ul><ul><li>-Cyber Defense Advisors deployed to Georgia </li></ul><ul><li>-Focus on “home guard”. The minute-man approach. </li></ul><ul><li>-Tools and techniques (to come)‏ </li></ul>
  16. 16. Cyber Defense Preparedness: US <ul><li>Cyber Defense Structure. Air Force? NSA? STRATCOM? </li></ul><ul><li>Offensive capability? </li></ul><ul><li>Spending: $7 billion new spending per year‏ </li></ul>
  17. 17. Defending against DDoS <ul><li>Massive bandwidth: </li></ul><ul><li>18+ gigs </li></ul><ul><li>Blocking </li></ul><ul><li>DNS </li></ul><ul><li>Shell game using </li></ul><ul><li>virtualization </li></ul>
  18. 18. Surviving Cyber War for every organization <ul><li>Same rules apply, only more so. </li></ul><ul><li>Appoint a cyber security commander </li></ul><ul><li>Defense in depth against multiple adversaries </li></ul><ul><li>Fighting the low and slow war. Your information is their weapon. Worry about infiltration. </li></ul><ul><li>DDoS. Yes, it takes investment. </li></ul><ul><li>Surviving a meltdown. Remember modems? </li></ul>
  19. 19. Blog: www.threatchaos.com email: [email_address] Twitter: twitter.com/cyberwar

×