293-military strategy in cyberspace
TRANSCRIPT
-
7/29/2019 293-Military Strategy in Cyberspace
1/38
Military Strategy in
Cyberspace
Stuart Staniford
Nevis Networks08/12/[email protected]
-
7/29/2019 293-Military Strategy in Cyberspace
2/38
Introduction to this exercise
This is my attempt to predict what cyberwar willlook like in 5-20 years Ie. This is all gross speculation
Like trying to think about air war in 1912
No real cyberwars have happened
Cyberwar will develop rapidly once it starts to reallyhappen
There will be surprises
Useful nonetheless: forewarned is forearmed
-
7/29/2019 293-Military Strategy in Cyberspace
3/38
Relevant Expertises
Network security,Network ops,
Cryptography, IDS,Vulnerability AsessmentDDOS, worm defense
Military Strategy,
Military History
Economics,Management Science,
OrganizationalPsychology
No-one is an expert in all of these
-
7/29/2019 293-Military Strategy in Cyberspace
4/38
Five Levels of Strategy
Due to Luttwak, Liddell-Hart
Technological
Iron swords, longbows, railroads, aircraft, tanks Exploits, DDOS, worms, firewalls, IDS
Tactical Tanks in formation (WWI/WWII), longbows in
dismounted ranks behind stakes (Crecy, Agincourt)What we do with a DDOS tool, or an IDS?
-
7/29/2019 293-Military Strategy in Cyberspace
5/38
Five Levels of Strategy
Operational (individual battle level)Waterloo, Crecy, Midway, Carshemish
Individual organization (utility, bank, ISP, carrier battlegroup)
Theatre StrategyWWII: Pacific, European, North African
Cyberwar same (but opens new theatres for attack)
Grand Strategy National level strategy - decisive military defeat,
econonomic exhaustion, nuclear blackmail, erosion ofwill
-
7/29/2019 293-Military Strategy in Cyberspace
6/38
Scenario: China vs US
Why did I choose this?Because its fun! Because I can!
China finally invades TaiwanHas been sabre-rattling for yearsRegular exercises in Taiwan straitsTaiwan and China have been in consensus
that they are ultimately one countryJust temporarily two administrations with two
systemsConsensus slowly breaking down in Taiwan
starting to want to be independent
Creating great anxiety in China
-
7/29/2019 293-Military Strategy in Cyberspace
7/38
Sequence of Events
Chinese troop/naval buildups 2 US carrier groups en route to area Heavy Chinese missile attacks on Taiwanese AF bases
to suppress air resistance Chinese invasion force sets across straits
Establishes beachhead US aircraft inflict substantial damage on operation
Small US marine expeditionary force flies to Taiwan to
help reinforce. US involvement can make the difference between
success and failure for China.
-
7/29/2019 293-Military Strategy in Cyberspace
8/38
Chinese Grand Strategy
Inflict enough pain on US to make us goaway, so they can
Reintegrate Taiwan without interference
NB China and US both have crediblestrategic nuclear deterrent
So neither side can use nuclear weaponsexcept as a last resort.
-
7/29/2019 293-Military Strategy in Cyberspace
9/38
Chinese Grand Strategy (II)
Suppose for purpose of this exercise They launch a large scale cyberattack on US
homeland.
Opens a North American theater to war In addition to south-east Asian Theater
They can only do via cyber-means
Goal is to make the war intolerable to us
Our choices are nuclear exchange Invade China
Counter with cyberattacks on China
Give up on Taiwan
Last is much the cheapest and most practical solution
-
7/29/2019 293-Military Strategy in Cyberspace
10/38
-
7/29/2019 293-Military Strategy in Cyberspace
11/38
Concentration of Force
Why doesnt China go after everything?
Traditional doctrine of concentration of force
Create local huge superiority of forces in favor of attackers Win completely at those key points
Rest of resistance crumbles
If they defeat defense in electric power and oilrefining/distribution, dont need to win anything else
Choose both so arent completely dependent on one
succeeding.
-
7/29/2019 293-Military Strategy in Cyberspace
12/38
Tel El Kebir (1882)
Egyptians: 23000 under Col Ahmed Arabi
70 field artillery pieces
British: 17000 under Lieutentant GeneralSir Garnet Wolseley
36 field pieces
About 3000 cavalry
-
7/29/2019 293-Military Strategy in Cyberspace
13/38
Egyptians
British
Tel El Kebir
-
7/29/2019 293-Military Strategy in Cyberspace
14/38
Lessons of Tel El Kebir
Victory of smaller force Deception
Maneuver
Surprise
Concentration of force
All these factors will be critical too
Challenge for defense in cyberdomain:Defense has to protect all critical infrastructures
Attackers get to pick 1-2 to throw all their resourcesagainst.
-
7/29/2019 293-Military Strategy in Cyberspace
15/38
-
7/29/2019 293-Military Strategy in Cyberspace
16/38
Is the Vulnerability There? Almost certainly
SCADA done over IP/Windows these days
Developers not used to a hostile environment Labor in obscurity
So just about certain to be plenty of vulnerabilities Machinery trusts its control system to look after it
Internet
Corporate
Scada
-
7/29/2019 293-Military Strategy in Cyberspace
17/38
Is the Attack Trivial Then?
Could a small band of hackers pull this off?
No!
Huge amounts of obscurity
Great diversity in SCADA systems Need vulnerabilities in most of them
Lots of testing needed
No public community working on this to help
Great diversity in deployments Which IP range is power station XYZ?
Attackers know none of this ab-initio Either reconnoiter up front
Or find out on fly
-
7/29/2019 293-Military Strategy in Cyberspace
18/38
Attacker Information Needs
For each of O(100) operational targets, need
Fairly detailed map of network/organization
What assets are where on network? What software is in use for most critical purposes?
Brand/version
Where defenders are?
Where key operational execs are?
To have developed vulnerabilities For all key software systems in use
Requires being able to get copies of them
Pretend to be a customer
-
7/29/2019 293-Military Strategy in Cyberspace
19/38
Advance Reconnaissance Options
InsidersGet spies jobs as (preferably) IT staff.Over time, stealthily map network and organization
Ideally want several in different areas for 1-2 yrsGives layer 8 view.
Cyber-surveillance Remotely compromise some desktops internally
Use them to map network at layer 2-7Capture keystrokes etcMust be stealthy and untraceable
No Chinese strings in Trojan Communication path home must be convoluted
-
7/29/2019 293-Military Strategy in Cyberspace
20/38
-
7/29/2019 293-Military Strategy in Cyberspace
21/38
-
7/29/2019 293-Military Strategy in Cyberspace
22/38
Balance of Force in operations
Attackers: 150-1000 attackers
Defenders (today): Security group: 1-10
Network group: 10-20 End-host sysads: 100s-1000s
Attackers have surprise,
superior organization
Defenders know terrain better
Have physical access (sort of)
Could your organization survive this kind of assault?
-
7/29/2019 293-Military Strategy in Cyberspace
23/38
Defense Response (today)
Reboot the company Disconnect from network
Turn everything off
Unplug every phone cable
Bring things up and clean and fix them one at a time
A single Trojan left untouched lets attacker
repeat the performance Likely to take weeks
Cannot have confidence that we fixed all thevulnerabilities the attacker knows.
-
7/29/2019 293-Military Strategy in Cyberspace
24/38
Attacker Requirements
Discipline, training
Hard to get hundreds of people to execute a complexplan.
Everyone must understand the plan Everyone must be extensively trained on tactics/technology so
its second nature
Must follow plan and replans flawlessly
And yet be creative enough to improvise
Plan never survives contact with the enemy Fog of War
These issues have always been critical in military operations
And have to repeat this for O(100) simultaneousoperations
-
7/29/2019 293-Military Strategy in Cyberspace
25/38
Crecy (1346)
French: 60,000 under Phillip VI
15000 armored knights
8000 Genoese Crossbowmen
English: 11,000 under Edward III
6000 longbowmen
-
7/29/2019 293-Military Strategy in Cyberspace
26/38
-
7/29/2019 293-Military Strategy in Cyberspace
27/38
Lessons of Crecy
Victory of vastly smaller force
Technology (longbow)
Tactics Ranks of longbowmen behind stakes
Fight on defensive
Training (indenture)Organization (single military command)
Discipline (extensive experience)
All these factors will be critical in cyberwar
-
7/29/2019 293-Military Strategy in Cyberspace
28/38
Total Chinese Effort Required
Force of about 50,000 attackers Strong shared culture of how to fight Disciplined and trained
Detailed planning Takes ~10 years to develop this institution Maybe 3 years as all-out effort during a war Strong visionary leadership required
Hard to do with no in-anger experience Internal war-gaming only Would much prefer a Spain, but reveals capability
-
7/29/2019 293-Military Strategy in Cyberspace
29/38
Cyberwar Myths (I)
Small teams can do enormous damage
Best hope of a small team is O($10b) in wormdamage Cannot target anything other than commonly available
systems
Cannot manage broad testing of attacks
Only penetrate
-
7/29/2019 293-Military Strategy in Cyberspace
30/38
Cyberwar Myths (II)
Attacks in cyberspace can be anonymousTrue at micro-scale of individual technological
attackNot true at macro-scale
Will be completely clear in grand strategic contextwho is conducting attack
Will be very large amounts of control traffic that willbe hard to miss 50,000 Chinese all doing something in US will get
noticed
Attacker will generally want to be known
-
7/29/2019 293-Military Strategy in Cyberspace
31/38
Cyberwar Myths (III)
Cyberspace erases distance
Mobility is more like land/sea than air Contrast to other thinkers
Battlefield is all information/knowledge Expertise on disabling power turbines
Takes years to acquire
Is not instantly transferrable to, say, crippling banks
transactional systems
Similarly defenders need deep understanding of thenetworks they defend.
First day on new network, will be pretty useless True for attackers and defenders
-
7/29/2019 293-Military Strategy in Cyberspace
32/38
Defensive Implications
The networks of critical organizations will needto be run as a military defense at all times.
Constant alertnessWell staffed
Regular defensive drills
Standing arrangements for reinforcement under
attack Extensive technological fortification
Excellent personnel and information security
-
7/29/2019 293-Military Strategy in Cyberspace
33/38
Hygiene
Patches, AV, external firewalls etc
Failsafe design of critical machinery:
Not just idiot-proof but enemy-proof
All critical, but
There will still be a way in
There will still be vulnerabilities
Current paradigm will be inadequate
-
7/29/2019 293-Military Strategy in Cyberspace
34/38
-
7/29/2019 293-Military Strategy in Cyberspace
35/38
Segmentation
Network must be internally subdividedContain worms
Loss of some systems does not lead to loss ofeverything
Networks within network within networks
Critical resources must be proxied
everywhere (not DOSable)
Network must give highly deceptiveappearance
Subdivisions small!
-
7/29/2019 293-Military Strategy in Cyberspace
36/38
Recovery
Software damage
Integrity checkers
Backup/rollback systems
Hardware damage
Supply of spares and spare parts
Distributed appropriatelyMilitary logistics approach
-
7/29/2019 293-Military Strategy in Cyberspace
37/38
Cyberwar defense system
Must exist throughout network
Enforce segmentation
Quantitative resistance to worms/DDOS/etc Provide deceptive view of anything IP is not
allowed to see
Proxy critical resources
Facilitate recovery Allow management of all this
Allow for defensive extemporization
-
7/29/2019 293-Military Strategy in Cyberspace
38/38
Implications
Defending nation in cyberspace is a militaryproblem.
Will require militarizing critical infrastructures.
Will require new paradigms and tools
Critical infrastructure is in private hands.
Huge tension - not a good outcome for civil
society Deeply ironic that this is result of network
promoting openness
Luttwaks Paradoxical logic of strategy