What is the difference between a hacking attack and a cyberwar attack? What do current militaries consider an attack vs. exploitation or just «normal operations»? Kevin will present an overview on the cyber warfare topic and the current understanding of Advanced Persistent Threats in the context of cyber defense.
Referent: Kevin Kirst
2. Agenda
• Background
• Cyber Warfare
• National Cyber Investments
• The Components
PwC
• Recent Activity
• Why hasn’t it happened yet?
2
One Security
3. My Background
US Military Officer (Pacific Area of Operations)
• Comms & IT Infrastructure
• Military Satellites
• Cyber Operations
PwC
KPMG
• DoD Consulting
Booz Allen Hamilton
• DoD Cyber Threat Intelligence & Operations
PwC Switzerland
• OneSecurity – Cyber Security
One Security
3
Oktober 2012
4. Background
“The use of electronic means makes it possible to steal large quantities
of data at once or within a short time. Such cases of sophisticated
electronic espionage are regularly recorded.”
-Federal Intelligence Services Switzerland 2013
PwC
“The FIS has clear indications that the authorities of various countries
have been directly or indirectly involved in cyber attacks.”
-Federal Intelligence Services Switzerland 2013
One Security
4
10. Cyber Warfare components
Computer Network Operations (CNO)
• Computer Network Exploitation (CNE)
• Computer Network Defense (CND)
• Computer Network Attack (CNA)
PwC
One Security
10
Exploit to Attack?
“Any cyber operation that results in death or significant damage to
property qualifies as an armed attack.” –Talinn Manual
11. The Tallinn Manual
• States may not knowingly allow cyber infrastructure located in
their territory to be used for acts that adversely affect other States.
• States may be responsible for cyber operations directed against other
States, even though those operations were not conducted by the
security agencies. (i.e. hacktivist)
PwC
• The International Group of Experts agreed that cyber operations that
merely cause inconvenience or irritation do not qualify as uses
of force.
• States may respond to unlawful cyber operations that do not rise to
the level of a use of force with countermeasures.
• A State that is the victim of a cyber “armed attack” may respond by
using force. The force may be either cyber or kinetic.
One Security
11
Oktober 2012
13. Why hasn’t it happened yet?
PwC
One Security
13
Oktober 2012
Obfuscation
Definitions
Attribution
Confidence
14. These are easier to respond too….and to use
PwC
One Security
14
Oktober 2012
Obfuscation Definitions
Attribution Confidence
15. Conclusion
“....the risk of misattribution and escalation is real, and we always have
to consider the broad foreign policy implications of our actions.”
- Michael Daniel, White House Cybersecurity Coordinator
PwC
One Security
15