Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Slides for reference used during lecture on cyber war at college of VUT in Brno, Czech republic.
Published under CC license.

  • Be the first to comment

  • Be the first to like this


  1. 1. On cyber war Petr Špiřík
  2. 2. Cyber war is sexy Setting up the scene Cyber war is real. I am not a cyber warrior. Let’s have fun. Headlines in news Matrix is coming “World looks exactly like a Bruce Sterling novel” (Robertson, 2013) New World Order is here Cyber war affects the society PRISM NSA Drones Cyber war is wrapped in myths Conspiracy Reality Problem of informed decision Welcome aboard
  3. 3. State is involved Different lyric, same song Cyber war is not something completely different. Cyber war is new rather then alien battlefield. The more cyber changes things, the more they remain the same. Real, not virtual impact Asymmetric warfare Same people in charge Everything is new New capabilities New threats New playgrounds New questions War never changes
  4. 4. Attack surface Key concepts Offense is easy. Defense is hard. Cyber war is cheap. Attack vectors and attack surface are critical to understand. This is what defender protects The more developed country, the larger attack surface, the less realistic defense Attack vector This is what attacker uses There is not finite number of attack vectors Attack vectors can be of technology, social, conceptual or other quality Cost of cyber war Computer, brain and network connection is all the attacker needs Cost of “the western way” Hidden cost of technology advancements Democracy as a weakness
  5. 5. Information as a target Two-Face of information Information can be the target of cyber campaign or a tool – or both. Espionage Denial of information Information as a weapon Sabotage Propaganda Offensive cyber strikes Information as an environment Adaptability & swarming (Arquilla, 2005) Support capabilities Information supremacy (Arquilla, 2011)
  6. 6. Multiple attack vectors are cheap Technology Cylons were right. Network everything cannot be wrong! Underground economy supplies demand Botnets for hire – or taking Weaponized malware, zero day vulnerabilities Attack surface is wide Air gap does not work Human factor Smart grid USA pioneering smart grid faces issues What should never be connected to the internet – is. (Leverett, 2011) USA infrastructure rigged with logical bombs (Gorman, 2009)
  7. 7. Government capabilities are unmatched Actors Key actors are states and international organizations, including organized crime and terrorists. Individuals are playing the role of collateral damage. Because of legal options for governments Different power levels are incomparable Money always helps Buying resources Hiring people working for profit Cyber terrorists are like child porn Cyber is perfect weapon for them Scarce if any success stories Interaction in underground economy Actors meet in the gray area If we don’t buy it – the bad guys will!
  8. 8. USA States of interest USA, China, Russia & Northern Korea – this is the big four. Czech republic is zero. Almost exactly. Most advanced in technology Strong in attack Critically vulnerable Most visible China The biggest threat (Mandiant, 2013) Denies everything (US Congress, 2012) No one can do anything about them Russia Patriots Organized crime It’s Russia Northern Korea Cyber war is cheap
  9. 9. 2003, Iraq war Battlefield online, information supremacy Harsh lessons History of cyber war Starting with information supremacy on the battlefield, going through information denial and propaganda towards cyber weapons and weaponized malware. In ten years. 2007, Estonia Russia “patriots” targeting banks, media and state institutions NATO wake up call 2007, Israel Operation Orchard No nuclear plant, Korean workers, AA defense and Israel airstrike 2008, Georgia Russian “patriots”, information blackouts Well documented (US-CCU, 2009) 2010, Stuxnet Targeting Iran’s nuclear program Admitted by USA – Barack Obama, project Olympic games 2011, Georgia Cyber espionage attack from Russia (Ministry of Justice of Georgia, 2012) 2013, Czech Republic
  10. 10. USA perspective International environment It’s a wild west right now. The rule of the strongest. No legal framework. Espionage vs. sabotage Preparation of the battlefield loophole Act of war, kinetic response Leading the progress – in good or bad ((Clarke & Knake, 2012) International legal framework Does not exist History of fails (for example Russian proposal to UN in 2010) One sided claims (DoD, 2011) Bilateral agreements (USA-Russia since 2011) International cooperation Ad hoc only Aims towards responsibility for cooperation Problems Attribution Trust Aging
  11. 11. Strategic impacts Let’s strategize! The need for strategy on international as well as state level is recognized. One shared idea is not, though. Asymmetric warfare Who to nuke? Problems with escalations in decisive first-strike scenarios (nuclear weapons analogy) NATO Tallinn manual – where cyber war was born (CCDCOE, 2013) The latest input for discussion Private sector Defenseless against governments Demands protection, refuses regulation Privately owned critical infrastructure Problem of trust between unequal partners Direction goes to prescribed level of security, without regulated means how to do it
  12. 12. Cyber warrior wanted! Cyber warriors People with cyber security skills are in high demand. This presents and will present unique opportunity to be part of something great. Also – these people are a bit crazy. Wanna join? Lack of skilled professionals in private and government sector (and underground as well) There is a space for both highly specialized experts as well as cross-border generalists Education strategy USA universities opening sponsored programs for cyber warriors (sponsored by NSA, CIA, various programs) USA plans to quadruple current (2013) force by 2015 Hiring strategy Hacking challenges Different services are looking for those special talents – to hire them or at least persuade them to harm the opponents
  13. 13. Ethical questions Future evolution Cyber war seems like victimless and clean – but it is not. Simulations, war games and debates are going on to test the waters. What is the price of privacy and security for a human being? Is drone killing people or the operator? Are civilian targets legit? Where is the line between human rights and strategic planning? War games Regularly held by military and private organizations Red and Blue teams Mostly focused on the problems of escalation and kinetic force involvement Impact on civilians Problem of helpless bystander – no one wants to be the victim Cascading effects (power plant, power grid, hospital…) How can civilians influence the discussion?
  14. 14. Sources Thank you I hope you enjoyed the ride. If not – blame the speaker, not the topic and give it a second chance. It is worth it. Security conferences (Defcon, Blackhat) Governments (USA, NATO, EU) Security companies reports (Mandiant, Prolexic, Verisign) Security, military and political think tanks Blogs (Schneier, Krebs) Twitter (strong hacking community)
  15. 15. Reference Author@ Petr Špiřík Twitter @ HidenatNet Email @ Slideshare @ Robertson, A., 2013, ‘It's Bruce Sterling's novel, we just live in it’ [online], available from: Clarke, R.A. & Knake, R., 2012, ‘Cyber War: The Next Threat to National Security and What to Do About It’, Ecco Arquilla, J., 2011, ‘From blitzkrieg to bitskrieg: the military encounter with computers’, Communications of the ACM, vol. 54, no. 10, 2011 Arquilla, J., 2005, ‘Swarming and the Future of Conflict’ [online], Available from: 11.pdf Mandiant, 2013, ‘Exposing One of China’s Cyber Espionage Units’ [online], Available from: US Congress, 2012, ‘Investigative Report on the U.S. National Security Issues Posed by Chinese Telecommunications Companies Huawei and ZTE’ [online], Available from: US-CCU, 2009, ‘Overview by the US-CCU of the Cyber Campaign Against Georgia in August 2008’ [online], Available from: Sanger, D. E., 2012, ‘Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power’ Leverett, E.P.,2011, ‘Quantitatively Assessing and Visualising Industrial System Attack Surfaces’ [online], Available from: Gorman, S., 2009, ‘Electricity Grid in U.S. Penetrated By Spies’ [online], Available from: DoD, 2011, ‘Department of Defense Cyberspace Policy Report’ [online], Available from: ion%20934%20Report_For%20webpage.pdf CCDCOE, 2013, ‘Tallinn manual’ [online], Available from: Ministry of Justice of Georgia, 2012, ‘CYBER ESPIONAGE Against Georgian Government’ [online], Available from: