1 / 19

Cyberwar: You’re Doing It Wrong

Cyberwar: You’re Doing It Wrong. Marcus J. Ranum CSO, Tenable Network Security, Inc <mjr@tenable.com>. Who am I?. Author of “The Myth of Homeland Security” Industry “insider” with 20+ years work in security System designer Teacher Manager of coders CTO, CSO, CEO. Cybercriminal. Agenda:

charlestsmith
Download Presentation

Cyberwar: You’re Doing It Wrong

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyberwar: You’re Doing ItWrong Marcus J. RanumCSO, Tenable Network Security, Inc<mjr@tenable.com>

  2. Who am I? • Author of “The Myth of Homeland Security” • Industry “insider” with 20+ years work in security • System designer • Teacher • Manager of coders • CTO, CSO, CEO

  3. Cybercriminal • Agenda: • Diffuse and profit-driven • Tactical: short-term • The threat: • Profitably “hit and run” • Cannot eradicate: more will take their place • Creative • Rapidly shift to where the money is

  4. Cyber Spy • Agenda: • Surreptitiously get secrets from target • Suborn and manage trusted agents in critical positions • Strategic: long-term • The threat: • The cyber-era simplifies some technical aspects of espionage a bit while complicating others a bit

  5. Cyberterrorist • Agenda: • Ideological maximum-damage maximum-profile highly visible attacks with no restraint • Tactical: “Hit and run” to Cause Fear • The threat: • Targets will be critical infrastructure that results in explosions, destruction and death • Power, water, oil, shipping, vehicle control

  6. Cyberwarrior • Agenda: • Be prepared to attack/degrade/penetrate enemy command and control systems as an adjunct to physical military operations • Strategic: Long-term covert warfare • The threat: • Targets will be high-value, high-cost, and will have varying “hardness” against attack

  7. Geopolitical Logistics Train • Cyberwar and Cyberespionage both require: • Political “top cover” to prevent retaliation • Cyberwar: a military/political objective that can be usefully attacked • Military/political power to exploit temporary advantage • Cyberespionage: secrecy within the aggressor nation to prevent blow-back • In the case of commercial secrets, that will need to include protection against lawsuits, import restrictions, retorsive trade barriers, etc. • Cyberespionage: manufacturing capability/supply chain adequate to take advantage

  8. Agenda Mis-Alignment Cybercriminal Cyberspy Cyberterrorist Cyberwarrior Compete Provide cover Interfere with ops Provide cover May provide tech Provide cover Interfere with ops Cybercriminal No effect No effect Counterintelligence May detect May compromise ops Cyberspy No effect No effect No effect No effect Cyberterrorist No effect May interfere with ops during a conflict No effect Direct engagement during a conflict Cyberwarrior

  9. Defense Strategies Response, by target Government Private Sector “typical computer security” (firewalls, antivirus, patch management, IDS, system log analysis) “typical computer security” Cybercriminal Counterintelligence + “typical computer security” Expect the government to deal with it Cyberspy “typical computer security” “typical computer security” Cyberterrorist Counterintelligence + “typical computer security” Expect the government to deal with it for anything beyond “typical computer security” Cyberwarrior

  10. Some Things • Some things jump out at us immediately, namely: • Defensive approaches almost entirely overlap; what helps protect the target from cybercrime is likely to help protect the target • The only other thing that can usefully be thrown at the problem is counterintelligence • There aren’t any super cool government-specific defensive technologies for cybersecurity; they’d already be part of “normal internet security”

  11. Here’s the Problem • Cyberwar cannot, will not, ever be fought over military networks • Components of civilian infrastructure will carry the data • Components of civilian infrastructure will be some of the targets

  12. Again: International Law • “The parties to the conflict must at all times distinguish between civilian objects and military objectives. Attacks may only be directed against military objectives. Attacks must not be directed against civilian objects.”* * Rule 7 Customary International Humanitarian Law, ICRC

  13. Proportionality • Many like to point out:“Launching an attack which may be expected to cause incidental loss of civilian life, injury to civilians, damage to civilian objects, or a combination thereof, which would be excessive in relation to the concrete and direct military advantage anticipated, is prohibited.”* • That’s not a hunting license! • Go read Rule(s) 13 and 15 if you’re curious • The doctrine of proportionality is intended to be an individual’s argument of defense if they wind up on trial for war crimes * Rule 14 Customary International Humanitarian Law, ICRC

  14. Why It’s Dangerous • Use of main force is great when you’re the top dog … But you know that eventually you will find yourself unable to retaliate, and without a shred of moral high ground to complain from

  15. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks.” - Pentagon Spokesman

  16. A Weapon of Privilege • My fear* is that “cyberwar” will become a plaything of the powerful • We will use it on you but don’t you dare use it on us “If you shoot me in a dream, you’d better wake up and apologize” - Mr. White, “Reservoir Dogs”

  17. A Weapon of Privilege II • The US’ actions in cyberspace make sense if: • You assess them as the actions of a colonial power

  18. A Weapon of Privilege III • What does it even mean to “survive without the internet” now? • Obvious: your own DNS, your own routing infrastructure, a border of firewalls • Less Obvious: your own google • More subtle still: your own Oracle, your own Microsoft

  19. Conclusions • We are at a crucial time in the militarization of cyberspace • What example will security practitioners set? • Engaging purely in defensive operations is the only position without moral onus

More Related