SlideShare ist ein Scribd-Unternehmen logo

Cyberwar: (R)evolution?

Als PPTX, PDF herunterladen
Z
zapp0

Presentation on cyberwar for Masaryk University KISK - Expert Panel. Focus on current status, future outlook, threats and options.

Bildung
1 von 16
Cyberwar ®evolution? Petr Špiřík @ KISK Expert Panel 17. 12. 2015
PwC Petr Špiřík, MSc. Cyberwar: ®evolution? Professional PwC CEE CISO 29 countries, full scope of information security portfolio Former Cyber threat intelligence lead and Security architect I get paid for what I love. How cool is that? Personal Geek & security enthusiast Fascinated by cyberspace, cyber security realm and associated topics Believer in the power of information and that it wants to be free Low tolerance for nonsense. Rules of engagement Respect each other There are no stupid questions
PwC Cyber war … … or cyber operation? Threat actors Criminals Hacktivists Lone wolfs State actors The term cyberwar will be used through this presentation for simplicity Treat with caution War has a meaning from legal perspective Defined especially in IHL, explained in Tallinn Manual Not everyone “can” be at war Organized crime is not war Different rules apply in war (Cyber) act of war can result in kinetic response By abusing defined terms we risk misunderstanding – or worse During this presentation we will focus on operations in cyberspace where state is either a target or an attacker and where the objective is military or political advantage.
PwC History of notable incidents Helicopter view 2003, Iraq war Battlefield online, information supremacy Harsh lessons 2007, Estonia Russia “patriots” targeting banks, media and state institutions. NATO wake up call 2007, Israel, Operation Orchard No nuclear plant, Korean workers, AA defense and Israel airstrike 2008, Georgia Russian “patriots”, information blackouts Well documented 2010, Stuxnet, Operation Olympic games Targeting Iran’s nuclear program Admitted by USA – or not? 2011, Georgia Cyber espionage attack from Russia 2014, Ukraine Elections manipulation, “hybrid warfare”, joint kinetic & cyber activities
PwC Case study #1 Stuxnet family Stuxnet Targeting Iranian nuclear enrichment facilities Objective is physical damage Successful delay of nuclear program Designed to pass the air gap Discovered by accident Attribution: United States (99%) General James Cartwright Project Olympic games Considered “the first cyberweapon” Flame, Duqu, Gauss Same “family of cyber weapons” as Stuxnet Responsibility and accountability Flame (Discovered 2012) Cyber espionage Duqu (Discovered 2012, version 2.0 in 2015) ICS targeting Gauss (Discovered 2012) Targeting banking sector
PwC Case study #2 Case of Ukraine Ukraine conflict Election manipulation Does not have to be effective Support kinetic operations Supremacy over the battlefield CyberBerkut Propaganda and desinformation Hybrid war Overused and abused term Strong focus on information warfare Combination of traditional warfare with special forces & cyber operations Focus on fear, uncertainty, doubt Key concept is limiting opponent's options Avoidance of hot conflict Loopholes exploitation (legal, policy & decision making, strategic & tactical)
PwC Key distinct features Characteristic Asymetric Offense is easier than defense Fast No time for reaction Preventive measures Attribution vs. deniability Who to blame Who to counter Enablers Attack surface of the victim More advanced = more vulnerable Reduction leads to degradation Capability of the attacker Talent can be trained Technology is cheap Brave new world Interconnected Fast development
PwC Objectives of cyberwar Mission support When “cyber” is not the objective but delivery Military concept of mission “I want 200 soldiers at their doorstep tomorrow morning, sergeant!” Cyber capabilities To achieve the mission objective To prevent interruption of mission Logistics & operations focused Battlefield domination Takedown of enemy information command Contest the cyberspace environment Drones hacking Critical infrastructure disruption When military objective can be achieved by cyber means in more efficient, safe and cheaper way – it will be.
PwC Ways of war Technology Denial of service of key technologies Websites Communication Support system disruption Medical Logistic Navigation Infrastructure targeting Information Propaganda, political influence Hearts and minds of people Information denial, disruption or credibility loss Targeting decision making process Digital only – single point of failure Cyber to physical Demonstration of cyber capabilities in physical world Power plants do not have “self destruct” button Cross-domain knowledge required Security through obscurity works (this time) Marina Krotofil
PwC Cyber fratricide Competing interests “We need to go deeper!” Intelligence agencies Researchers Investigators Get as much information about the attacker as possible during his operations. “Leave me alone!” Innocent bystanders Private companies Individuals Don’t get harmed. Live the good life. Mind own business. Be sad. “This ends here!” Law enforcement Incident responders Operations Stop the attack. Get back to normal operations. Seek & destroy.
PwC Cyber Pearl Harbor We need more resources to prevent atrocious terrorist attack! No second Pearl Harbor! Cyber security = money Cyber security = more power to government Cyber security = more power in government Without the ever present terrorist threat of new “Cyber Pearl Harbor”, the flow of money & power will be endangered Is cyber terrorism even a thing? Give me one example! There are no cyber terrorists (theories!) Subgroups of other categories Skill barrier for dummies Recruitment for talents by others There might be cyber terrorists Dormant capabilities Cold war mode Efficient MAD concept in play
PwC Challenges of cyberwar Attack Aging weapons If we don’t use it, it will expire Speed is the factor Mutual assured destruction (MAD) from nuclear arms race reappears Who will be the warrior? Defense Line of defense What are my crown jewels? Home ground – the only advantage Seeking the high ground in cyberspace Who will be the guardian? Ability to attack can often mean the vulnerability to the same tactic employed by the adversary
PwC Future threats Technology Internet of Things (IoT) Self driving cars Smart houses Smart grid Growing computational capabilities Relying on legacy concepts from the 80s New technologies (drones, quantum computers) Faster evolution of capabilities than associated security concepts Social Balkanization of the Internet Adoption of wrong legal concepts Encryption damage Governmental lawful interception Growing gap of understanding Reality vs. decision makers Lack of “white hats” in cyber security community Pretending cyberspace is something completely different will backfire
PwC Is there no hope? If you can’t beat them, join them! When living in exciting times. Make use of it! Cyberspace is the last frontier. For now. The cyberspace landscape is changing. Make an impact! Possibilities are endless. Offensive, defensive, research, education, policy & decision making, cross-domain questions, ethics… There was never a better time to jump into cyber security industry Power of informed decision making Cyberspace is here to stay “Cyberwar” is reality and its role will grow Education is critical Self education is the key The power is just few keystrokes away Don’t panic, approach with caution To make the right decisions, you need to understand the world around you. It is a skill that can be acquired
PwC ®evolution? “War is not merely a political act, but also a real political instrument” “Gain a preponderance of physical forces and material advantages at the decisive point” Carl von Clausewitz Cyberwar is not a revolution. It is the evolution of existing concepts over new battlefield – the cyberspace. Gain information advantage Limit your adversaries’ options Know & control the battlefield Assure your operations Deny operations of the adversary Exercise the least minimum force
PwC Reference Petr Špiřík @HidenatNet petr.spirik@gmail.com petr.spirik@cz.pwc.com http://www.slideshare.net/zapp0 /cyberwar-revolution Clarke, R.A. & Knake, R., 2012, ‘Cyber War: The Next Threat to National Security and What to Do About It’, Ecco Arquilla, J., 2011, ‘From blitzkrieg to bitskrieg: the military encounter with computers’, Communications of the ACM, vol. 54, no. 10, 2011 Mandiant, 2013, ‘Exposing One of China’s Cyber Espionage Units’ [online], Available from: http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf US-CCU, 2009, ‘Overview by the US-CCU of the Cyber Campaign Against Georgia in August 2008’ [online], Available from: http://www.registan.net/wp-content/uploads/2009/08/US-CCU-Georgia-Cyber-Campaign-Overview.pdf Leverett, E.P.,2011, ‘Quantitatively Assessing and Visualising Industrial System Attack Surfaces’ [online], Available from: http://www.cl.cam.ac.uk/~fms27/papers/2011-Leverett-industrial.pdf DoD, 2011, ‘Department of Defense Cyberspace Policy Report’ [online], Available from: http://www.defense.gov/home/features/2011/0411_cyberstrategy/docs/NDAA%20Section%20934%20Report_For%20webpage.pdf CCDCOE, 2013, ‘Tallinn manual’ [online], Available from: http://www.ccdcoe.org/249.html Ministry of Justice of Georgia, 2012, ‘CYBER ESPIONAGE Against Georgian Government’ [online], Available from: http://dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf Mauer, T., 2015, ‘Cyber proxies and the crisis in Ukraine’ [online], Available from: https://ccdcoe.org/sites/default/files/multimedia/pdf/CyberWarinPerspective_Maurer_09.pdf Langner Group, 2013, ‘To kill a centrifuge’ [online], Available from: http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a- centrifuge.pdf Deep, A., 2015, ‘Hybrid war: Old concept, new techniques’ [online], Available from: http://smallwarsjournal.com/jrnl/art/hybrid-war-old- concept-new-techniques

Empfohlen

CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
Talwant Singh
 
Cyberwar threat to national security
Cyberwar threat to national securityCyberwar threat to national security
Cyberwar threat to national security
Talwant Singh
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286
Udaysharma3
 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -
ideaflashed
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
Digicomp Academy AG
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
Jamie Moore
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
EnclaveSecurity
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
Dinesh O Bareja
 

Empfohlen

CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
Talwant Singh
 
Cyberwar threat to national security
Cyberwar threat to national securityCyberwar threat to national security
Cyberwar threat to national security
Talwant Singh
 
Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286
Udaysharma3
 
Cyber Warfare -
Cyber Warfare -Cyber Warfare -
Cyber Warfare -
ideaflashed
 
Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)Cyber Warfare vs. Hacking (in English)
Cyber Warfare vs. Hacking (in English)
Digicomp Academy AG
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
Jamie Moore
 
Cyber war or business as usual
Cyber war or business as usualCyber war or business as usual
Cyber war or business as usual
EnclaveSecurity
 
Cyberwar - Is India Ready
Cyberwar - Is India ReadyCyberwar - Is India Ready
Cyberwar - Is India Ready
Dinesh O Bareja
 
Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015
Ajay Serohi
 
About cyber war
About cyber warAbout cyber war
About cyber war
eugenvaleriu
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
Space Defense Newsletter
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
Commonwealth Telecommunications Organisation
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
Maira Asif
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
Sameer Paradia
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
Adv Prashant Mali
 
Cyber war
Cyber warCyber war
Cyber war
Praveen
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Savigya Singh
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
hassanzadeh20
 
Honeypots in Cyberwar
Honeypots in CyberwarHoneypots in Cyberwar
Honeypots in Cyberwar
Mehdi Poustchi Amin
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
Suyash Shanker
 
114-116
114-116114-116
114-116
IKERIONWU FREDRICK
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
loverakk187
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
Eljay Robertson
 
Cyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismCyber Wars And Cyber Terrorism
Cyber Wars And Cyber Terrorism
Ganesh DNP
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
Deepak Pareek
 
A Cyber Security Review
A Cyber Security ReviewA Cyber Security Review
A Cyber Security Review
Simon Moffatt
 
Asymmetric threat 5_paper
Asymmetric threat 5_paperAsymmetric threat 5_paper
Asymmetric threat 5_paper
MarioEliseo3
 
RULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARRULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWAR
Talwant Singh
 
9 weebly ppt
9 weebly ppt9 weebly ppt
9 weebly ppt
Myra Lipsey
 
Intro to weebly
Intro to weeblyIntro to weebly
Intro to weebly
stantons
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
hassanzadeh20
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
Eljay Robertson
 
Asymmetric threat 5_paper
Asymmetric threat 5_paperAsymmetric threat 5_paper
Asymmetric threat 5_paper
MarioEliseo3
 

Was ist angesagt? (20)

Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015Cyber war a threat to indias homeland security 2015
Cyber war a threat to indias homeland security 2015
 
About cyber war
About cyber warAbout cyber war
About cyber war
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
 
Cyber warfare ss
Cyber warfare ssCyber warfare ss
Cyber warfare ss
 
Cyber War ( World War 3 )
Cyber War ( World War 3 )Cyber War ( World War 3 )
Cyber War ( World War 3 )
 
Cyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant MaliCyber warfare Threat to Cyber Security by Prashant Mali
Cyber warfare Threat to Cyber Security by Prashant Mali
 
Cyber war
Cyber warCyber war
Cyber war
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011Cyber terrorism fact or fiction - 2011
Cyber terrorism fact or fiction - 2011
 
Honeypots in Cyberwar
Honeypots in CyberwarHoneypots in Cyberwar
Honeypots in Cyberwar
 
Cyber terrorism
Cyber terrorismCyber terrorism
Cyber terrorism
 
114-116
114-116114-116
114-116
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
Cyber Wars And Cyber Terrorism
Cyber Wars And Cyber TerrorismCyber Wars And Cyber Terrorism
Cyber Wars And Cyber Terrorism
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
A Cyber Security Review
A Cyber Security ReviewA Cyber Security Review
A Cyber Security Review
 
Asymmetric threat 5_paper
Asymmetric threat 5_paperAsymmetric threat 5_paper
Asymmetric threat 5_paper
 
RULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWARRULES OF THE GAME IN CYBERWAR
RULES OF THE GAME IN CYBERWAR
 

Andere mochten auch

Intro to weebly
Intro to weeblyIntro to weebly
Intro to weebly
stantons
 
Introduction to weebly
Introduction to weeblyIntroduction to weebly
Introduction to weebly
tmjordan
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
Aeman Khan
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
Lipsita Behera
 

Andere mochten auch (16)

9 weebly ppt
9 weebly ppt9 weebly ppt
9 weebly ppt
 
Intro to weebly
Intro to weeblyIntro to weebly
Intro to weebly
 
Weebly powerpoint
Weebly powerpointWeebly powerpoint
Weebly powerpoint
 
Weebly Website Blog
Weebly Website BlogWeebly Website Blog
Weebly Website Blog
 
Cyberwarfare
CyberwarfareCyberwarfare
Cyberwarfare
 
Secure Shell - a Presentation on Ethical Hacking
Secure Shell - a Presentation on Ethical HackingSecure Shell - a Presentation on Ethical Hacking
Secure Shell - a Presentation on Ethical Hacking
 
Introduction to weebly
Introduction to weeblyIntroduction to weebly
Introduction to weebly
 
Are we ready for Cyberwarfare
Are we ready for CyberwarfareAre we ready for Cyberwarfare
Are we ready for Cyberwarfare
 
Cyber warfare
Cyber warfareCyber warfare
Cyber warfare
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
Cyber-crime PPT
Cyber-crime PPTCyber-crime PPT
Cyber-crime PPT
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber crime and security ppt
Cyber crime and security pptCyber crime and security ppt
Cyber crime and security ppt
 

Ähnlich wie Cyberwar: (R)evolution?

VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016
Cameron Brown
 
Unveiling the Enigma Can Cybersecurity Hack
Unveiling the Enigma Can Cybersecurity HackUnveiling the Enigma Can Cybersecurity Hack
Unveiling the Enigma Can Cybersecurity Hack
MSR Buzz
 
Top Cyber News MAGAZINE February 2022 Chuck D Brooks. Highest Resolution.pdf
Top Cyber News MAGAZINE February 2022 Chuck D Brooks. Highest Resolution.pdfTop Cyber News MAGAZINE February 2022 Chuck D Brooks. Highest Resolution.pdf
Top Cyber News MAGAZINE February 2022 Chuck D Brooks. Highest Resolution.pdf
TopCyberNewsMAGAZINE
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam Segal
Leslie Lee
 
wepik-the-cyber-security-puzzle-decoding-the-digital-defenses-202404070542196...
wepik-the-cyber-security-puzzle-decoding-the-digital-defenses-202404070542196...wepik-the-cyber-security-puzzle-decoding-the-digital-defenses-202404070542196...
wepik-the-cyber-security-puzzle-decoding-the-digital-defenses-202404070542196...
tushargupta27122003
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
TopCyberNewsMAGAZINE
 

Ähnlich wie Cyberwar: (R)evolution? (20)

Crim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéllCrim cybersecurity_jarno_limnéll
Crim cybersecurity_jarno_limnéll
 
VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016VFAC REVIEW issue12_extract_2016
VFAC REVIEW issue12_extract_2016
 
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South AfricaPukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
Pukhraj Singh - Keynote - ITWeb Security Summit-2019, Johannesburg, South Africa
 
Cyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in CyberspaceCyberwarfare and Aggressiveness in Cyberspace
Cyberwarfare and Aggressiveness in Cyberspace
 
Unveiling the Enigma Can Cybersecurity Hack
Unveiling the Enigma Can Cybersecurity HackUnveiling the Enigma Can Cybersecurity Hack
Unveiling the Enigma Can Cybersecurity Hack
 
Cyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality CheckCyber Conflicts - Time for Reality Check
Cyber Conflicts - Time for Reality Check
 
CSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael NarezziCSF18 - Guarding Against the Unknown - Rafael Narezzi
CSF18 - Guarding Against the Unknown - Rafael Narezzi
 
Top Cyber News MAGAZINE February 2022 Chuck D Brooks. Highest Resolution.pdf
Top Cyber News MAGAZINE February 2022 Chuck D Brooks. Highest Resolution.pdfTop Cyber News MAGAZINE February 2022 Chuck D Brooks. Highest Resolution.pdf
Top Cyber News MAGAZINE February 2022 Chuck D Brooks. Highest Resolution.pdf
 
The Hacked World Order By Adam Segal
The Hacked World Order By Adam SegalThe Hacked World Order By Adam Segal
The Hacked World Order By Adam Segal
 
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
 
Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018Cyber Security: A Common Problem 2018
Cyber Security: A Common Problem 2018
 
Cyber Security
Cyber Security Cyber Security
Cyber Security
 
Microsoft Digital Defense Report 2022.pdf
Microsoft Digital Defense Report 2022.pdfMicrosoft Digital Defense Report 2022.pdf
Microsoft Digital Defense Report 2022.pdf
 
Topic Summary.docx
Topic Summary.docxTopic Summary.docx
Topic Summary.docx
 
wepik-the-cyber-security-puzzle-decoding-the-digital-defenses-202404070542196...
wepik-the-cyber-security-puzzle-decoding-the-digital-defenses-202404070542196...wepik-the-cyber-security-puzzle-decoding-the-digital-defenses-202404070542196...
wepik-the-cyber-security-puzzle-decoding-the-digital-defenses-202404070542196...
 
Cyber Operations in Smart Megacities: TechNet Augusta 2015
Cyber Operations in Smart Megacities: TechNet Augusta 2015Cyber Operations in Smart Megacities: TechNet Augusta 2015
Cyber Operations in Smart Megacities: TechNet Augusta 2015
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
 
Cyber security Guide
Cyber security GuideCyber security Guide
Cyber security Guide
 
Cyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the ThreatCyber defense: Understanding and Combating the Threat
Cyber defense: Understanding and Combating the Threat
 

Mehr von zapp0

Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspace
zapp0
 

Mehr von zapp0 (7)

Enterprise incident response 2017
Enterprise incident response 2017Enterprise incident response 2017
Enterprise incident response 2017
 
Enterprise security management II
Enterprise security management IIEnterprise security management II
Enterprise security management II
 
Enterprise security incident management
Enterprise security incident managementEnterprise security incident management
Enterprise security incident management
 
Open source intelligence analysis
Open source intelligence analysisOpen source intelligence analysis
Open source intelligence analysis
 
Civilian OPSEC in cyberspace
Civilian OPSEC in cyberspaceCivilian OPSEC in cyberspace
Civilian OPSEC in cyberspace
 
Education to cyber security
Education to cyber securityEducation to cyber security
Education to cyber security
 
Cyberwar
CyberwarCyberwar
Cyberwar
 

Kürzlich hochgeladen

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 

Kürzlich hochgeladen (20)

Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 

Cyberwar: (R)evolution?

  • 1. Cyberwar ®evolution? Petr Špiřík @ KISK Expert Panel 17. 12. 2015
  • 2. PwC Petr Špiřík, MSc. Cyberwar: ®evolution? Professional PwC CEE CISO 29 countries, full scope of information security portfolio Former Cyber threat intelligence lead and Security architect I get paid for what I love. How cool is that? Personal Geek & security enthusiast Fascinated by cyberspace, cyber security realm and associated topics Believer in the power of information and that it wants to be free Low tolerance for nonsense. Rules of engagement Respect each other There are no stupid questions
  • 3. PwC Cyber war … … or cyber operation? Threat actors Criminals Hacktivists Lone wolfs State actors The term cyberwar will be used through this presentation for simplicity Treat with caution War has a meaning from legal perspective Defined especially in IHL, explained in Tallinn Manual Not everyone “can” be at war Organized crime is not war Different rules apply in war (Cyber) act of war can result in kinetic response By abusing defined terms we risk misunderstanding – or worse During this presentation we will focus on operations in cyberspace where state is either a target or an attacker and where the objective is military or political advantage.
  • 4. PwC History of notable incidents Helicopter view 2003, Iraq war Battlefield online, information supremacy Harsh lessons 2007, Estonia Russia “patriots” targeting banks, media and state institutions. NATO wake up call 2007, Israel, Operation Orchard No nuclear plant, Korean workers, AA defense and Israel airstrike 2008, Georgia Russian “patriots”, information blackouts Well documented 2010, Stuxnet, Operation Olympic games Targeting Iran’s nuclear program Admitted by USA – or not? 2011, Georgia Cyber espionage attack from Russia 2014, Ukraine Elections manipulation, “hybrid warfare”, joint kinetic & cyber activities
  • 5. PwC Case study #1 Stuxnet family Stuxnet Targeting Iranian nuclear enrichment facilities Objective is physical damage Successful delay of nuclear program Designed to pass the air gap Discovered by accident Attribution: United States (99%) General James Cartwright Project Olympic games Considered “the first cyberweapon” Flame, Duqu, Gauss Same “family of cyber weapons” as Stuxnet Responsibility and accountability Flame (Discovered 2012) Cyber espionage Duqu (Discovered 2012, version 2.0 in 2015) ICS targeting Gauss (Discovered 2012) Targeting banking sector
  • 6. PwC Case study #2 Case of Ukraine Ukraine conflict Election manipulation Does not have to be effective Support kinetic operations Supremacy over the battlefield CyberBerkut Propaganda and desinformation Hybrid war Overused and abused term Strong focus on information warfare Combination of traditional warfare with special forces & cyber operations Focus on fear, uncertainty, doubt Key concept is limiting opponent's options Avoidance of hot conflict Loopholes exploitation (legal, policy & decision making, strategic & tactical)
  • 7. PwC Key distinct features Characteristic Asymetric Offense is easier than defense Fast No time for reaction Preventive measures Attribution vs. deniability Who to blame Who to counter Enablers Attack surface of the victim More advanced = more vulnerable Reduction leads to degradation Capability of the attacker Talent can be trained Technology is cheap Brave new world Interconnected Fast development
  • 8. PwC Objectives of cyberwar Mission support When “cyber” is not the objective but delivery Military concept of mission “I want 200 soldiers at their doorstep tomorrow morning, sergeant!” Cyber capabilities To achieve the mission objective To prevent interruption of mission Logistics & operations focused Battlefield domination Takedown of enemy information command Contest the cyberspace environment Drones hacking Critical infrastructure disruption When military objective can be achieved by cyber means in more efficient, safe and cheaper way – it will be.
  • 9. PwC Ways of war Technology Denial of service of key technologies Websites Communication Support system disruption Medical Logistic Navigation Infrastructure targeting Information Propaganda, political influence Hearts and minds of people Information denial, disruption or credibility loss Targeting decision making process Digital only – single point of failure Cyber to physical Demonstration of cyber capabilities in physical world Power plants do not have “self destruct” button Cross-domain knowledge required Security through obscurity works (this time) Marina Krotofil
  • 10. PwC Cyber fratricide Competing interests “We need to go deeper!” Intelligence agencies Researchers Investigators Get as much information about the attacker as possible during his operations. “Leave me alone!” Innocent bystanders Private companies Individuals Don’t get harmed. Live the good life. Mind own business. Be sad. “This ends here!” Law enforcement Incident responders Operations Stop the attack. Get back to normal operations. Seek & destroy.
  • 11. PwC Cyber Pearl Harbor We need more resources to prevent atrocious terrorist attack! No second Pearl Harbor! Cyber security = money Cyber security = more power to government Cyber security = more power in government Without the ever present terrorist threat of new “Cyber Pearl Harbor”, the flow of money & power will be endangered Is cyber terrorism even a thing? Give me one example! There are no cyber terrorists (theories!) Subgroups of other categories Skill barrier for dummies Recruitment for talents by others There might be cyber terrorists Dormant capabilities Cold war mode Efficient MAD concept in play
  • 12. PwC Challenges of cyberwar Attack Aging weapons If we don’t use it, it will expire Speed is the factor Mutual assured destruction (MAD) from nuclear arms race reappears Who will be the warrior? Defense Line of defense What are my crown jewels? Home ground – the only advantage Seeking the high ground in cyberspace Who will be the guardian? Ability to attack can often mean the vulnerability to the same tactic employed by the adversary
  • 13. PwC Future threats Technology Internet of Things (IoT) Self driving cars Smart houses Smart grid Growing computational capabilities Relying on legacy concepts from the 80s New technologies (drones, quantum computers) Faster evolution of capabilities than associated security concepts Social Balkanization of the Internet Adoption of wrong legal concepts Encryption damage Governmental lawful interception Growing gap of understanding Reality vs. decision makers Lack of “white hats” in cyber security community Pretending cyberspace is something completely different will backfire
  • 14. PwC Is there no hope? If you can’t beat them, join them! When living in exciting times. Make use of it! Cyberspace is the last frontier. For now. The cyberspace landscape is changing. Make an impact! Possibilities are endless. Offensive, defensive, research, education, policy & decision making, cross-domain questions, ethics… There was never a better time to jump into cyber security industry Power of informed decision making Cyberspace is here to stay “Cyberwar” is reality and its role will grow Education is critical Self education is the key The power is just few keystrokes away Don’t panic, approach with caution To make the right decisions, you need to understand the world around you. It is a skill that can be acquired
  • 15. PwC ®evolution? “War is not merely a political act, but also a real political instrument” “Gain a preponderance of physical forces and material advantages at the decisive point” Carl von Clausewitz Cyberwar is not a revolution. It is the evolution of existing concepts over new battlefield – the cyberspace. Gain information advantage Limit your adversaries’ options Know & control the battlefield Assure your operations Deny operations of the adversary Exercise the least minimum force
  • 16. PwC Reference Petr Špiřík @HidenatNet petr.spirik@gmail.com petr.spirik@cz.pwc.com http://www.slideshare.net/zapp0 /cyberwar-revolution Clarke, R.A. & Knake, R., 2012, ‘Cyber War: The Next Threat to National Security and What to Do About It’, Ecco Arquilla, J., 2011, ‘From blitzkrieg to bitskrieg: the military encounter with computers’, Communications of the ACM, vol. 54, no. 10, 2011 Mandiant, 2013, ‘Exposing One of China’s Cyber Espionage Units’ [online], Available from: http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf US-CCU, 2009, ‘Overview by the US-CCU of the Cyber Campaign Against Georgia in August 2008’ [online], Available from: http://www.registan.net/wp-content/uploads/2009/08/US-CCU-Georgia-Cyber-Campaign-Overview.pdf Leverett, E.P.,2011, ‘Quantitatively Assessing and Visualising Industrial System Attack Surfaces’ [online], Available from: http://www.cl.cam.ac.uk/~fms27/papers/2011-Leverett-industrial.pdf DoD, 2011, ‘Department of Defense Cyberspace Policy Report’ [online], Available from: http://www.defense.gov/home/features/2011/0411_cyberstrategy/docs/NDAA%20Section%20934%20Report_For%20webpage.pdf CCDCOE, 2013, ‘Tallinn manual’ [online], Available from: http://www.ccdcoe.org/249.html Ministry of Justice of Georgia, 2012, ‘CYBER ESPIONAGE Against Georgian Government’ [online], Available from: http://dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf Mauer, T., 2015, ‘Cyber proxies and the crisis in Ukraine’ [online], Available from: https://ccdcoe.org/sites/default/files/multimedia/pdf/CyberWarinPerspective_Maurer_09.pdf Langner Group, 2013, ‘To kill a centrifuge’ [online], Available from: http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a- centrifuge.pdf Deep, A., 2015, ‘Hybrid war: Old concept, new techniques’ [online], Available from: http://smallwarsjournal.com/jrnl/art/hybrid-war-old- concept-new-techniques