1 / 38

Military Strategy in Cyberspace

Military Strategy in Cyberspace. Stuart Staniford Nevis Networks 08/12/04 stuart@nevisnetworks.com. Introduction to this exercise. This is my attempt to predict what cyberwar will look like in 5-20 years Ie. This is all gross speculation Like trying to think about air war in 1912

bono
Download Presentation

Military Strategy in Cyberspace

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Military Strategy in Cyberspace Stuart Staniford Nevis Networks 08/12/04 stuart@nevisnetworks.com

  2. Introduction to this exercise • This is my attempt to predict what cyberwar will look like in 5-20 years • Ie. This is all gross speculation • Like trying to think about air war in 1912 • No real cyberwars have happened • Cyberwar will develop rapidly once it starts to really happen • There will be surprises • Useful nonetheless: forewarned is forearmed

  3. Relevant Expertises Network security, Network ops, Cryptography, IDS, Vulnerability Asessment DDOS, worm defense Economics, Management Science, Organizational Psychology Military Strategy, Military History No-one is an expert in all of these…

  4. Five Levels of Strategy • Due to Luttwak, Liddell-Hart • Technological • Iron swords, longbows, railroads, aircraft, tanks… • Exploits, DDOS, worms, firewalls, IDS… • Tactical • Tanks in formation (WWI/WWII), longbows in dismounted ranks behind stakes (Crecy, Agincourt) • What we do with a DDOS tool, or an IDS?

  5. Five Levels of Strategy • Operational (individual battle level) • Waterloo, Crecy, Midway, Carshemish • Individual organization (utility, bank, ISP, carrier battle group) • Theatre Strategy • WWII: Pacific, European, North African • Cyberwar same (but opens new theatres for attack) • Grand Strategy • National level strategy - decisive military defeat, econonomic exhaustion, nuclear blackmail, erosion of will

  6. Scenario: China vs US • Why did I choose this? • Because it’s fun! Because I can! • China finally invades Taiwan • Has been sabre-rattling for years • Regular exercises in Taiwan straits • Taiwan and China have been in consensus that they are ultimately one country • Just temporarily two administrations with two systems • Consensus slowly breaking down in Taiwan – starting to want to be independent • Creating great anxiety in China

  7. Sequence of Events • Chinese troop/naval buildups • 2 US carrier groups en route to area • Heavy Chinese missile attacks on Taiwanese AF bases to suppress air resistance • Chinese invasion force sets across straits • Establishes beachhead • US aircraft inflict substantial damage on operation • Small US marine expeditionary force flies to Taiwan to help reinforce. • US involvement can make the difference between success and failure for China.

  8. Chinese Grand Strategy • Inflict enough pain on US to make us go away, so they can • Reintegrate Taiwan without interference • NB China and US both have credible strategic nuclear deterrent • So neither side can use nuclear weapons except as a last resort.

  9. Chinese Grand Strategy (II) • Suppose for purpose of this exercise • They launch a large scale cyberattack on US homeland. • Opens a North American theater to war • In addition to south-east Asian Theater • They can only do via cyber-means • Goal is to make the war intolerable to us • Our choices are nuclear exchange • Invade China • Counter with cyberattacks on China • Give up on Taiwan • Last is much the cheapest and most practical solution

  10. Chinese Theater Strategy • Stop two critical infrastructures functioning • For a period of weeks • They pick: • Electric power • Oil refining and gasoline/diesel distribution • US economy pretty much stops without these • 2.5% of US population involved in agriculture • Food production completely dependent on automation/energy. • 75% of Chinese population involved in agriculture • Food production unaffected by lack of oil/electricity

  11. Concentration of Force • Why doesn’t China go after everything? • Traditional doctrine of concentration of force • Create local huge superiority of forces in favor of attackers • Win completely at those key points • Rest of resistance crumbles • If they defeat defense in electric power and oil refining/distribution, don’t need to win anything else • Choose both so aren’t completely dependent on one succeeding.

  12. Tel El Kebir (1882) • Egyptians: 23000 under Col Ahmed Arabi • 70 field artillery pieces • British: 17000 under Lieutentant General Sir Garnet Wolseley • 36 field pieces • About 3000 cavalry

  13. Tel El Kebir Egyptians British

  14. Lessons of Tel El Kebir • Victory of smaller force • Deception • Maneuver • Surprise • Concentration of force • All these factors will be critical too • Challenge for defense in cyberdomain: • Defense has to protect all critical infrastructures • Attackers get to pick 1-2 to throw all their resources against.

  15. How Many Operations in Theater • Have to pick enough companies/organizations • That infrastructures can’t function except in small pockets • SWAG: O(100) largest energy companies • Simultaneous surprise attacks on them • Forces required are 100x forces for one • Now move down to operational level

  16. Is the Vulnerability There? • Almost certainly • SCADA done over IP/Windows these days • Developers not used to a hostile environment • Labor in obscurity • So just about certain to be plenty of vulnerabilities • Machinery trusts its control system to look after it Internet Corporate Scada

  17. Is the Attack Trivial Then? • Could a small band of hackers pull this off? • No! • Huge amounts of obscurity • Great diversity in SCADA systems • Need vulnerabilities in most of them • Lots of testing needed • No public community working on this to help • Great diversity in deployments • Which IP range is power station XYZ? • Attackers know none of this ab-initio • Either reconnoiter up front • Or find out on fly

  18. Attacker Information Needs • For each of O(100) operational targets, need • Fairly detailed map of network/organization • What assets are where on network? • What software is in use for most critical purposes? • Brand/version • Where defenders are? • Where key operational execs are? • To have developed vulnerabilities • For all key software systems in use • Requires being able to get copies of them • Pretend to be a customer

  19. Advance Reconnaissance Options • Insiders • Get spies jobs as (preferably) IT staff. • Over time, stealthily map network and organization • Ideally want several in different areas for 1-2 yrs • Gives layer 8 view. • Cyber-surveillance • Remotely compromise some desktops internally • Use them to map network at layer 2-7 • Capture keystrokes etc • Must be stealthy and untraceable • No Chinese strings in Trojan • Communication path home must be convoluted

  20. Cyber Battalion (1 operation)

  21. During Attack • All major teams must deploy quickly from small beachhead • Backdoor team (highest priority) • Compromises utility systems for other teams to use • Installs backdoors, remote dial-ups, etc to get back in later • Owns RAS servers, access routers etc • Preferably 100s-1000s of systems so every system in enterprise must be thoroughly cleaned • Defense Suppression Team • DOS, disabling, and destruction of systems used by defenders • Firewalls, IDS’s, desktops and laptops used by sysads • Offensive operations groups • Cripple actual infrastructure assets (turbines, pumps, etc, etc) • Physical damage where possible, • Disable/corrupt control systems • Logic bomb group inserts logic bombs in many systems and turns them off

  22. Balance of Force in operations • Attackers: 150-1000 attackers • Defenders (today): • Security group: 1-10 • Network group: 10-20 • End-host sysads: 100s-1000s • Attackers have • surprise, • superior organization • Defenders • know terrain better • Have physical access (sort of) • Could your organization survive this kind of assault?

  23. Defense Response (today) • Reboot the company • Disconnect from network • Turn everything off • Unplug every phone cable • Bring things up and clean and fix them one at a time • A single Trojan left untouched lets attacker repeat the performance • Likely to take weeks • Cannot have confidence that we fixed all the vulnerabilities the attacker knows.

  24. Attacker Requirements • Discipline, training • Hard to get hundreds of people to execute a complex plan. • Everyone must understand the plan • Everyone must be extensively trained on tactics/technology so it’s second nature • Must follow plan and replans flawlessly • And yet be creative enough to improvise • “Plan never survives contact with the enemy” • “Fog of War” • These issues have always been critical in military operations • And have to repeat this for O(100) simultaneous operations

  25. Crecy (1346) • French: 60,000 under Phillip VI • 15000 armored knights • 8000 Genoese Crossbowmen • English: 11,000 under Edward III • 6000 longbowmen

  26. Crecy Stream English Crecy Forest French

  27. Lessons of Crecy • Victory of vastly smaller force • Technology (longbow) • Tactics • Ranks of longbowmen behind stakes • Fight on defensive • Training (indenture) • Organization (single military command) • Discipline (extensive experience) • All these factors will be critical in cyberwar

  28. Total Chinese Effort Required • Force of about 50,000 attackers • Strong shared culture of how to fight • Disciplined and trained • Detailed planning • Takes ~10 years to develop this institution • Maybe 3 years as all-out effort during a war • Strong visionary leadership required • Hard to do with no in-anger experience • Internal war-gaming only • Would much prefer a “Spain”, but reveals capability

  29. Cyberwar Myths (I) • Small teams can do enormous damage • Best hope of a small team is O($10b) in worm damage • Cannot target anything other than commonly available systems • Cannot manage broad testing of attacks • Only penetrate <10% of enterprise systems • Cannot seriously disrupt the economy • Takes large sophisticated institution to cause serious economic disruption • Only nation states can play at this level

  30. Cyberwar Myths (II) • Attacks in cyberspace can be anonymous • True at micro-scale of individual technological attack • Not true at macro-scale • Will be completely clear in grand strategic context who is conducting attack • Will be very large amounts of control traffic that will be hard to miss • 50,000 Chinese all doing something in US will get noticed • Attacker will generally want to be known

  31. Cyberwar Myths (III) • Cyberspace erases distance • Mobility is more like land/sea than air • Contrast to other thinkers • Battlefield is all information/knowledge • Expertise on disabling power turbines • Takes years to acquire • Is not instantly transferrable to, say, crippling bank’s transactional systems • Similarly defenders need deep understanding of the networks they defend. • First day on new network, will be pretty useless • True for attackers and defenders

  32. Defensive Implications • The networks of critical organizations will need to be run as a military defense at all times. • Constant alertness • Well staffed • Regular defensive drills • Standing arrangements for reinforcement under attack • Extensive technological fortification • Excellent personnel and information security

  33. Hygiene • Patches, AV, external firewalls etc • Failsafe design of critical machinery: • Not just idiot-proof but enemy-proof • All critical, but… • There will still be a way in • There will still be vulnerabilities • Current paradigm will be inadequate

  34. Preventing reconnaissance • An attacker who can develop a detailed well-informed plan at leisure will win. • Personnel security • Background checks for power company staff should be • Comparable to security clearances for military/intel • Prevent scans • Critical information is on a need-to-know basis • (Turbine manuals are not on internal web) • Extensive internal deception/honeynet efforts • Reconnaissance will find all kinds of bogus things • Force attack to be extemporized.

  35. Segmentation • Network must be internally subdivided • Contain worms • Loss of some systems does not lead to loss of everything • Networks within network within networks • Critical resources must be proxied everywhere • (not DOSable) • Network must give highly deceptive appearance • Subdivisions small!

  36. Recovery • Software damage • Integrity checkers • Backup/rollback systems • Hardware damage • Supply of spares and spare parts • Distributed appropriately • Military logistics approach

  37. Cyberwar defense system • Must exist throughout network • Enforce segmentation • Quantitative resistance to worms/DDOS/etc • Provide deceptive view of anything IP is not allowed to see • Proxy critical resources • Facilitate recovery • Allow management of all this • Allow for defensive extemporization

  38. Implications • Defending nation in cyberspace is a military problem. • Will require militarizing critical infrastructures. • Will require new paradigms and tools • Critical infrastructure is in private hands. • Huge tension - not a good outcome for civil society • Deeply ironic that this is result of network promoting openness • Luttwak’s “Paradoxical logic of strategy”

More Related