Cyber Warfare Situational Awareness & Best Defense Practices Presented by Hasan Yasar 19.11.2013

Download Cyber Warfare Situational Awareness & Best Defense Practices Presented by Hasan Yasar 19.11.2013

Post on 02-Jan-2016




1 download

Embed Size (px)



Cyber Warfare Situational Awareness & Best Defense Practices Presented by Hasan Yasar19.11.20131AgendaDefining the terms, What is..?A Brief HistoryAssess the problemImplications and nation wide strategyDefine ProcessTakeaways

Defining the terms, What is?Theft of IPEffect to Computer NetworkState sponsoredPolitical or hacktivist motivationArmed AttackMan-Made PlatformCyber Space XCyberattack X X X Cyberespionage X XCyberwarfare X X X X XCyber space: Everyone concedes that cyberspace is man-made. This is what makes it different from its predecessors. Most then proceed as if the difference between a natural and a man-made combat medium is of no greater importance than the difference between natural and man- made fibers. But it is not the man-made nature of cyberspace that makes it different. Cities are man-made, but city combat shares many of the rules of country combat. What matters is that cyberspace is highly malleable by its owners, hence its defenders, in ways other media are not. Cities, although man-made, are not particularly malleable.

cyberattack is deliberate exploitation of computer systems, technology-dependent enterprises and networks. Cyberattacks use malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft. Cyberattack is also known as a computer network attack (CAN)

Cyber espionage is defined as the use of dangerous and offensive intelligence measures in the cyber sphere of interactions. In detail, it is the act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use ofcrackingtechniques andmalicious softwareincludingTrojan horsesandspyware.

Cyber Warfare is the art and science of fighting without fighting; of defeating an opponent without spilling their blood. In other words, what follows are some examples of the disparate ways in which governments have attempted to force their wills against their adversaries and find victory without bloodshed in the cyber domain. Cyber warfare also involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or denial-of-service attacks.


History of Cyber Warfare1982: National security officials in the United States launched one of the world's first cyberattacks on another country: the Soviet Union. U.S. officials heard, through a KGB source named Farewell, that the Soviets intended to buy computer equipment through a front company to operate a gas pipeline. U.S. agents altered the software, which later caused the pipeline to explode.

1986-87: In 1986 and 1987, a physics researcher at the University of California at Berkeley uncovered a global hack of academic, military and government computers in the United States. Chronicled later in the book The Cuckoo's Egg, it was the first investigation of its kind, and it revealed online hacker threats spread around the globe.

1988: The first "worm" attack occurred on the Internet. A Cornell University student named Robert Tappan Morris released several dozen lines of code, which replicated wildly and hit thousands of computers hard. It stopped about 10 percent of the 88,000 computers linked to the Internet at the time.

2003: First Cyber Espionage, Data Exfiltration Titan RainThe amount of digital information created by computers, cameras and other data systems this year surpassed the amount of all information created in human history, according to studies by International Data Corp. and EMC.

2007: First Cyber warfare: During a dispute between Estonia and Russia, hackers launched massive attacks on Estonian government agencies, banks, newspapers and other organization, using networks of computers to shut down Estonian systems online. Some analysts, blaming Russia, asserted the attacks represent one of the first instances of cyberwar.

2008: HISTORYCyberspace accelerated its expansion, with the number of devices connected to the Internet exceeding the number of people on Earth for the first time. That number hit an estimated 12.5 billion in 2010, according to a researcher at Cisco who predicted it will rise to 50 billion in 2020. Hundreds of millions of new Internet users also sign on, many millions of them via mobile phones and other portable devices.

March 2009: Canadian researchers identified a Chinese espionage network operating on government computer systems in 103 countries, making it the largest operation of its kind ever publicly identified. The researchers dubbed the system GhostNet.

January 2010: Google announced that it and dozens of other companies were the focus of a "highly sophisticated and targeted attack" originating from China. The attack resulted in a huge amount of data being stolen. It was later dubbed Operation Aurora.

February 2010: The number of Internet users topped 2 billion. The Defense Department said that although "it is a man-made domain, cyberspace is now as relevant a domain for DoD activities as the naturally occurring domains of land, sea, air and space.

July 2010: Researchers discovered the most sophisticated and first publicly verified military-grade cyberweapon ever to be made public. A "worm" known as Stuxnet, it was designed to seek out certain industrial control systems made by Siemens. Stuxnet took advantage of four zero-day vulnerabilities and appeared to be targeted at a uranium enrichment program in Iran. Specialists said it appeared to have a devastating effect, destroying or damaging hundreds of centrifuges. And more advanced Duqu worm, latest Flame virus and Gauss with a mystery payload, aimed at Middle Eastern government systems as well as Shamoon virus that damaged 30,000 Saudi Aramco workstations. So These attacks prove that cyber warfare will increase its severity over time, revealing the critical importance of ensuring the security of cyber-space in the 21st century. As can be seen from timeline, this problem is kept growing tremendously. And dark side of the estimated ecominic value is $5B

4Where we are in 2013Source

Where we are in 2013Source

Assess the ProblemComplexityDomain, actors, targetThreats type and locationsIn any form and from anywhereInternational legal concernUnknown source/actorsEconomic impactCost on individuals and governmentInterconnected worldCritical systems, private sectors

Example to Complexity: McAfees 2008 Virtual Criminology Report, there are over 120 nations leveraging the Internet for political, military, and economic espionage activities. Actors is keyboard or a machine form unkonwn location against to missile. Kinetic war vs keyboard???

Legal Concern:Cyber capabilities and vulnerabilities raise tremendously important international legal questions. What are permissible uses of offensive cyber capabilities? What legal authority do states have to respond to cyber attacks or cyber threats by states or nonstate actors? Can states legally employ third parties to conduct cyber operations in self-defense of the state? In defining the legal issue, it is important to determine what constitutes an adversarial armed attack in cyberspace. While there is no clear statement in international law that outlines legally acceptable or unacceptable cyber defensive actions, there are legal principles and past state practices that establish the right to counter a cyber attack as a valid legal response to acts of aggression.


Interconnectivity of SectorsThere is a growing awareness of the vulnerability of a nations critical infrastructure to network attack. Transportation, banking, telecommunications, and energy are among the most vulnerable systems and may be subject to many modes of attack as can seen from history,Like Advancedn persistent threat, DDOS attack, insider threats, un-patch vulnerabilities. So now let us play once scenario and think about what will be impact 8

Interconnectivity of SectorsAssume that telecommunication systems is being compromised, no cell phone or land line phone,9

Interconnectivity of SectorsThen affect to banking system, since currently banking system will send a code for your authorization, but not able to do, as a an individual can not do our financial obligations, then can buy a ticket, then transportation, water, and energy system uses land line or cell tower to monitor each node or control systems. Supply chain system will not work and so on. 10Addressing the problem in some nationsTurkey Cyber Security Strategy Plan and action items definedNATO Cyber Defense Center European Union European Network Security Agency (ENISA)USA US Cyber Command (USCYBERCOM)UK UK Defense Cyber Operations Group (DCOG)Russia Information Warfare FrameworkFrance French Network and Information Security Agency (FNISA)Germany Cyber Defense Center (CDC)Korea Korean Information Security Agency (KISA)Canada Canadian Cyber Incident Response Center (CCIRC)

Turkey: Until October 2012, the responsible authority for cyber security was TUBITAK agency. As of 20 October 2012, after the Cabinet Decision Nr. 2012/3842 publication on the Official Gazette; the responsible authority became The Ministry of Transport, Maritime Affairs and Communications. The decision also establishes the National Cyber Security Board with membership of Ministries of Foreign and Internal Affairs and Defense and several undersecretari