INFOWAR part 2 -- Theory
Download
Report
Transcript INFOWAR part 2 -- Theory
INFORMATION
WARFARE
Part 2: Theory
Advanced Course in Engineering
2005 Cyber Security Boot Camp
Air Force Research Laboratory Information Directorate, Rome, NY
M. E. Kabay, PhD, CISSP-ISSMP
Assoc. Prof. Information Assurance
Program Direction, MSIA & BSIA
Division of Business & Management, Norwich University
Northfield, Vermont
mailto:[email protected]
V: 802.479.7937
2-1/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Topics
08:00-08:15 Introductions & Overview
08:15-09:00 Fundamental Concepts
09:05-10:25 INFOWAR Theory
10:35-11:55 Case Histories & Scenarios
2-2/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Topics
What is INFOWAR?
Schwartau’s Levels of INFOWAR
Examples of IW levels
Military Approaches to IW
2-3/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
What is INFOWAR?
Use of or attacks on information and
information infrastructure to achieve strategic
objectives
Tools in hostilities among
Nations
Trans-national groups (companies, NGOs,
associations, interest groups, terrorists)
Corporate entities (corporations,
companies, government agencies)
Individuals
2-4/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Dorothy Denning’s Nutshell
Information Warfare and Security (1999). ACM
Press (ISBN 0-201-43303-6).
Offensive information warfare operations alter
availability and integrity of information
resources
Benefit of offense & detriment to defense
Offense acquires greater access to info
Defense loses all or partial access to info
Integrity of information diminished
2-5/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Denning’s Theory of
INFOWAR
Information resources include people & tools
Containers
Transporters
Sensors
Recorders
Processors
Value of resource differs
Over time
To different people
2-6/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Schwartau’s Levels of
INFOWAR
I: Against individuals
Theft, impersonation
Extortion, blackmail
Defamation, racism
II: Against organizations
Industrial espionage
Sabotage
Competitive & stock manipulation
III: Against nations
Disinformation, destabilization
Infrastructure destabilization
Economic collapse
2-7/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Military Approaches to IW
HUMINT
INTEL
COINTEL
SIGINT
COMINT
ELINT
FISINT
MASINT
IMINT
TECHNINT
OSINT
2-8/41
Human intelligence
Intelligence
Counterintelligence
Signals intelligence
Communications
Electronic
Foreign Instrumentation
Measurement & signals
Imagery
Technical information
Open source intelligence
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Information Warfare:
Chaos on the Electronic
Superhighway (1996.05)
Winn Schwartau, The Security Awareness Co.
Overview
Military Model Must Reflect Changes in Warfare
What Is War?
2-9/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Schwartau’s View (1996.05)
Overview
National economies increasingly virtual
Most money no longer tangible
Espionage increasing for economic benefits
14% increase in espionage according to FBI
Must resolve problem of defending against
powerful technology not limited to military use
Should define defensive posture against
potential enemies’ capabilities, not perceived
motivations
2-10/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Schwartau’s View (1996.05)
Military Model & Changes in Warfare
Military systems are not necessarily the prime
targets of attack
Psyops increasingly important: manipulation
of perceived reality using the gullibility of the
mass media
Attacks on software: increasing the failure
rates of systems even when people are trying
to reduce errors
Denial of service increasing: airports, phone
systems, banks
2-11/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Schwartau’s View (1996.05)
What Is War?
Physical attacks are no longer the only basis
for defining acts of war
What will military and civil response be to
concerted attack on civilian / industrial
infrastructure?
taking down the banks
interfering with air-traffic control
damaging productivity of major industries
…and if this is war, what is the response?
2-12/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Schwartau’s View (1996.05)
Destruction vs Reducing Competitiveness
Question: in a free-market world, not
necessary to destroy enemy; need merely
render less competitive
Response from Schwartau:
US govt must defend country, yet military
limited to physical warfare
Classifying EW threats is foolish; should
educate civilian sector
Should define conditions for termination of
hostilities
2-13/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Schwartau’s View (1996.05)
How do we know who is attacking?
Anonymity pervasive throughout cyberspace
Stealth attacks natural consequence of
Internet architecture
Agents can be hired without knowing their
handlers
Conventional intelligence services must wake
up to electronic threats
See Information Warfare 1st Edition online
http://www.thesecurityawarenesscompany.com/chez/IW1-1.pdf
2-14/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
RAND on INFOWAR
(1999.01)
Strategic Information Warfare Rising
— The RAND Corporation
mid-1998 (reported in press 1999.01)
Debate within the Pentagon
wisdom of offensive information warfare
cyberattacks on critical infrastructure worse
for US
4 basic scenarios
U.S. supremacy in offense and defensive
strategic IW
strategic IW elites — no first use
global defensive dominance — arms control
market-based diversity — defend well,
recover fast
2-15/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWAR @ AAAS (1999.02)
American Association for Advancement Science
(AAAS) panelists
government
private industry
INFOWAR real threat
Need better cooperation among law enforcement
officials around world
catch culprits responsible for attacks
Changes international law
extradiction suspects
Sceptics (e.g., Kevin Poulson) scoffed
no electricity by now if IW threat so bad
2-16/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Kosovo Cyberwar (1999.03)
Attacks on US government & military agencies
began 1999.03
Serbian hackers
Retaliation for war against Serbs
As NATO bombing began in Serbia
"Black Hand" hacker group
"Serbian Angel" hackers
White house Web site defaced
Red letters"Hackerz wuz Here“
2-17/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
European Basketball Contest
(1999)
2-18/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Asymmetric INFOWAR
(1999.04)
Countering New Terrorism
by I.O. Lesser B. Hoffman J. Arquilla D.F.
Ronfeldt M. Zanini & B.M. Jenkins
New terrorism more diverse
sources
motivations
tactics
More lethal global reach
Asymmetric strategy
less-capable adversaries
political violence
2-19/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWAR? Nonsense, says
Christy (1999.09)
US has never been target of information
warfare
James Christy
Defense-wide Information Assurance
Program (DIAP)
Cybercriminals not cyberwarriors
Fundamental difficulties responding
military has expertise computer crime but
cannot help law enforcement agencies
without presidential directive
2-20/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWAR? Nonsense.
(cont’d)
Civilian sector ignorant of computer crime
countermeasures
Can’t tell cyberattacks under way
most victims keep information secret
don’t help law enforcement investigators
Precise attribution & blame extremely difficult
in cyberspace — anonymity
Public favors privacy over cybercrime
prevention & law enforcement — ignorance
Jurisdiction over cyberspace crimes
confused — competing geographical claims
2-21/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWAR in Oz? (1999.10)
Foreign (US?) military site attacked Stock
Exchange late 1998?
Richard Humphrey
Managing Director Australian Stock Exchange
implied attacking site was in USA
“Foreign government” denied any possibility
such attack from military site
Urged changes to Australian laws
make it easier to try hackers
present laws require criminal hackers be
apprehended in act of hacking
2-22/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWAR / China (1999.11)
Importance of INFOWAR grows in PRC
Chinese military newspaper Jiefangjun
Bao
authors Leng Binglin, Wang Ylin, Zhao
Wenxiang
For maximum war role, must integrate
INFOWAR with other combat actions
Cybersuperiority necessary but not sufficient
for military victory today
2-23/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWAR / China (2000.02)
Taiwan Research Institute
Gird itself against information warfare
People's Republic China
Elements IW:
disruption critical infrastructure
disruption military C3I ops
misinformation campaigns
damage economic activity
lower morale on island before initiating
conventional warfare
2-24/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
INFOWARGAMES (1999.11)
Institute for Security Intelligence's Center for
Technology Terrorism & Jane's Publications
War-game simulation (did not really hack)
IRS primary target
False information, denial of service
Hack into IRS audit system
Send out millions audit & tax-due notices
Tap into immigration control (Dept State) to
issue visas to known terrorists
Create fake documents — IRS investigating
personal lives members Congress
Leak fakes to media + send fake compromising
photographs
2-25/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Critical Infrastructure
Protection (1999.11)
Information Technology Association of America
(ITAA) Statement of Principles
Importance protecting national information
infrastructure
Private industry: primary authority
Lowest possible government regulation in critical
infrastructure protection
Call for distinctions among cyber-mischief,
cybercrime, cyberwar
Appropriate law enforcement agencies take
charge specific cases
minimal jurisdictional confusion
assurance clear legal basis for prosecution
2-26/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
German Government Plans
Net Defenses
German plans for early-warning of hacker
attacks (2001.05)
Build Computer Emergency Response Teams
throughout country
Increased cooperation should permit rapid
response to hacker attacks
2-27/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Republic of Korea Warns of
Cyber Attacks
ROK Ministry of Information and
Communication issues warnings (2001.05)
Concern about US & (PRC) Chinese hackers
using Korea as staging ground for INFOWAR
KISA launched special task force against US
and Chinese attacks
Instructed Korean Internet-site operators to
report unusual traffic at any time
2-28/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
US Warns of Military
Response to Cyberattacks
Richard Clarke tells Senate Judiciary
Committee of plans for retaliation (2002.02)
White House Technology Advisor says that
cyberattack would be met “in any appropriate
way: through covert action, through military
action, any one of the tools available to the
president.”*
In 2003.02, President Bush signed an order
authorizing development of guidelines on
unilateral or retaliatory cyberattacks against
foreign computers and networks
*Question: HOW DO YOU KNOW FOR SURE
WHO IS ATTACKING YOU?
2-29/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
STRATCOM focuses on
Cyberwar (2003.02)
U.S. Strategic Command (Stratcom) will focus
on computer network attack
Stratcom now in charge of global command,
control, communications, computer, intelligence,
surveillance and reconnaissance (C4ISR)
capabilities
“All pieces of the enemy's system of systems
that are valid military targets [are] on the table as
we go about war planning.”
“…Unimportant whether we take out a computer
center with a bomb or a denial-of-service
program. If it's critical to the enemy and we go
to war, it will be in our sights.”
2-30/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cyberattack Implications
Studied
Cyberterror impact, defense under
scrutiny (2004.08)
Coordinated cyberattack against U.S.
could
topple parts of Internet,
silence communications and
commerce,
paralyze federal agencies and
businesses
disrupt $M in financial transactions,
Cont’d
2-31/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cyberattack Implications
(cont’d)
hang up air traffic control systems,
deny access to emergency 911
services,
shut down water supplies and
interrupt power supplies to millions
of homes
More than 2 dozen countries have
“asymmetrical warfare” strategies
2-32/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
North Korea Ready for
Cyberwar?
North Korea ready to launch cyber war
North Korea has trained more than 500
computer hackers capable of launching cyber
warfare against the United States, South Korea's
defense ministry says. In a report to the
National Assembly's National Defense
Committee, the ministry said that hackers from
North Korea were among the best in the world.
--Agence France Presse, 2004.10
2-33/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Cyberterrorism by 2006?
Cyberterrorism a possibility in two years
Cyberterrorism could become a reality in 2006, a
leading UK information security expert has said.
Speaking at the SC Magazine Conference in London
on Thursday, October 21, director of information
security for Royal Mail David Lacey said that that the
world would witness cyberterrorism within two
years. Lacey said, “there is a lot of consistency in
research that shows many of the real risks won't
come to a crescendo until then. We know a lot about
some of the trends coming. Real terrorists have not
had the capability to carry out threats. But that will
change as the stakes get higher.“
--ZDNet (UK), 2004.10
2-34/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
New Cyberwar Command
Center
Cyber warriors anticipate center
Personnel in the military's new cyberdefense organization
hope to operate a new command center by late spring. The
facility will include new hardware and software to help
workers of the Joint Task Force-Global Network
Operations (JTF-GNO) operate, manage and defend the
military's 10 computer networks. "It will be a state-of-theart facility," said Army Brig. Gen. Dennis Via, deputy
commander of the JTF-GNO. He spoke Wednesday,
February 23 at the Department of Defense Global
Information Grid Enterprise Services conference held by
the Association for Enterprise Integration, an industry
trade group. The opening of the new command center
coincides with JTF-GNO becoming fully operational.
--Federal Computer Week, 2005.02
2-35/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Chinese Cyberwar From
South America?
U.S. officials warn of Chinese intelligence and cyberwarfare
roles in Latin America
U.S. officials … warned about Chinese intentions to
establish an intelligence and cyberwarfare beachhead in
the [S. America]. Roger Noriega, assistant secretary of
state for Latin America, and Rogelio Pardo−Maurer, the top
Defense Department official for the Western Hemisphere,
testified before a House panel [and] said China's interests
in Latin America were mostly on the economic side, but
warned that Beijing could also have an intelligence agenda
as it increased trade with Latin America. Pardo−Maurer said
that “we need to be alert to rapidly advancing Chinese
capabilities, particularly in the fields of intelligence,
communications and cyberwarfare, and their possible
application in the region.”
--Miami Herald, 2005.04
2-36/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
US Army on Lookout for
Sensitive Info Online
Army officials have said they will take a closer look at
blogs and Web sites maintained by soldiers. Many such
blogs and Web sites include photographs or other
information that inadvertently exposes classified or
sensitive information to anyone with access to the
Internet. Gen. Peter Schoomaker, the Army’s chief of
staff, noted that soldiers routinely post pictures online
that include "tactics, techniques, and procedures" for
weapons systems. According to Richard Cody, Army
vice chief of staff, "The enemy is actively searching the
unclassified networks for information, especially
sensitive photos." Schoomaker issued a memo saying
that the Army will work to closely monitor Web sites and
blogs to avoid operational security violations, which
"needlessly place lives at risk and degrade the
effectiveness of our operations."
--Federal Computer Week, 2005.08
2-37/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Hacker Attacks In U.S.
Linked To Chinese Military
A systematic effort by hackers to penetrate U.S. government and
industry computer networks stems most likely from the Chinese
military, the head of a leading security institute said. The attacks
have been traced to the Chinese province of Guangdong, and the
techniques used make it appear unlikely to come from any other
source than the military, said Alan Paller, the director of the SANS
Institute, an education and research organization focusing on
cybersecurity. In the attacks, Paller said, the perpetrators "were in
and out with no keystroke errors and left no fingerprints, and
created a backdoor in less than 30 minutes. How can this be done
by anyone other than a military organization?" Paller said that
despite what appears to be a systematic effort to target government
agencies and defense contractors, defenses have remained weak in
many areas. Security among private-sector Pentagon contractors
may not be as robust, said Paller, because "they are less willing to
make it hard for mobile people to get their work done." The U.S.
military has code-named the recent hacker effort "Titan Rain" and
has made some strides in counter-hacking to identify the attackers,
Paller said.
-- DSH IAIP Daily 2005.12.13
2-38/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Insidious Attacks
DIGITAL DOOMSDAY CAN BE AVOIDED WITH
PREPARATION
A common nightmare scenario in the business world is that
a hacker will crack a company's digital defenses, steal
sensitive data or disable the network. Scott Borg, director
and chief economist at the U.S. Cyber Consequences Unit
(US-CCU), an independent organization that churns out
information security data on behalf of the government, says
enterprises face a darker possibility. Online outlaws could
quietly penetrate the network and, over six to eight months,
alter critical data so that it's no longer accurate. For
instance, an attacker could access a health insurance
company's patient records and modify information on a
person's prescriptions or surgical history. Or an attacker
could access an automotive company's database and
tamper with specifications on various car parts.
--Bill Brenner, SearchSecurity 2006.05.03
2-39/41
09:05-10:25
Copyright © 2006 M. E. Kabay. All rights reserved.
Psyops in Cyberspace – and
Society
Digital “photographs” may not be photographs
Audio “recordings” may not be recordings
Log files may be fiction
Opinion polls may be nonsense
Election results may be fixed
Conspiracy theories may be true
References may be nonexistent
Facts may be illusory
History may be fiction
Enemies may be invented
Threats may be propaganda
2-40/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25
Class
Resumes at
10:35:07
2-41/41
Copyright © 2006 M. E. Kabay. All rights reserved.
09:05-10:25