1 / 14

Chapter 14: Cyber Warfare: An Architecture for Deterrence

Chapter 14: Cyber Warfare: An Architecture for Deterrence. Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions. Introduction to Cyber Warfare and Cyber Deterrence.

angus
Download Presentation

Chapter 14: Cyber Warfare: An Architecture for Deterrence

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 14: Cyber Warfare: An Architecture for Deterrence Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  2. Introduction to Cyber Warfare and Cyber Deterrence • Over 120 countries are actively conducting cyber operations, primarily espionage • It is estimated that the Chinese have over 100,000 activity duty cyber warriors, and over independent 80,000 hackers, who often carry out mission in the national interest • As stated in CNCI #10, cyber deterrence is a “strategy that will deter interference and attack in cyberspace… and developing appropriate responses by both state and non-state actors.” Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  3. Methodology and Assumptions • Cyber deterrence is a cutting edge research problem, a very difficult one, in particular because attributing cyber activities is so difficult due to the technology • This research approach considers: • National Security Goals • Cyber Warfare Laws & Treaties • Strategic Functions • Solutions Architecture for Cyber Deterrence • Technical Functions Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  4. Methodology & Assumptions 2 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  5. Cyber Deterrence Challenges • Assigning attribution • Internet technology makes it relatively easy to misdirect attribution to other parties • Unpredictability of cyber attack impacts • Potential damage due to counter-retaliation • Nation states, non-state actors, and individuals are at a peer level, all capable of waging attacks • No clear legal framework exists Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  6. Legal and Treaty Assumptions • Legality of cyber operations should be clarified in national and international treaties (allowing for non-disclosure) • Monitoring of suspected remote servers should be allowed,and attacked if they are non-life-critical, because servers used for attack may belong to unaware 3rd parties • Use of 3rd party servers should be defined unlawful according to the laws of war • International investigations should be enabled Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  7. Cyber Deterrence Strategy Used in the book With permission from The RAND Corporation [Libicki 2010] Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  8. Cyber Deterrence Retaliation Probabilities (Sample) Used in the book With permission from The RAND Corporation [Libicki 2010] Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  9. Reference Model Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  10. Attacker Conceptual Architecture Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  11. Conceptual Application Architecture: Rapid Attribution Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  12. Conceptual Information Architecture: Sample Record • RECORD: 1 • {'IPv4 Address': '173.201.21.161', 'FTP Open on Port': '21', 'RDP Open on Port': '3389', 'Ping Response':'Alive', 'Attack Organization': 'Aurora', 'Attack Role': 'Control Server'} • RECORD: 2 • {'IPv4 Address': '69.164.192.46', 'Ping Response':'Alive', 'Attack Organization': 'Aurora', 'Attack Role': 'Control Server'} • RECORD: 3 • {'IPv4 Address': '168.95.1.1', 'Ping Response':'Alive', 'Attack Organization': 'Aurora', 'Attack Role': 'Control Server'} • RECORD: 4 • {'IPv4 Address': '203.69.66.1', 'Ping Response':'Alive', 'Attack Organization': 'Aurora', 'Attack Role': 'Control Server’} Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  13. Architectural Prototypes • Bot with Threaded Scanning • Botnet with Distributed Scanning Performance Actuals Performance Projected Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

  14. Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions REVIEW Chapter Summary

More Related