Transcript Cyber War and Cyber Terrorism - Dr Richard Overill

Battles in Cyber Space
Dr Richard E Overill
Department of Informatics
Nature of Warfare - Clausewitz
• Violent – potentially lethal
• Instrumental – a means to an end
• Political – Intention & attribution
In addition:
• a war is usually composed of several battles
• a battle is usually composed of several attacks
Domains of Warfare
•
•
•
•
•
Land – tanks, etc.
Sea – battleships, submarines, etc.
Air – aircraft, helicopters, UAVs, etc.
Space – rockets, satellites, etc.
Cyber – computers, networks, digital
infrastructure, etc.
Most wars involve several domains
A definition of Information
Warfare
“The deliberate, unauthorised and systematic
attack on critical information activities to
exploit information, deny services to the
authorised user, modify and corrupt data.”
– UK MoD
Infrastructure Attacks
“The most advanced society is really only four
meals away from anarchy, and if you could
attack a society through its computers to
cause a breakdown of the mechanisms, the
infrastructure, which cause it to run, you will
bring about mass deaths.”
– Stephen Badsey
Royal Military Academy Sandhurst, UK
Supervisory Control And Data Acquisition
(SCADA)
• Monitoring and controlling:
– Water purification and distribution systems
– Electricity generation and distribution systems
– Nuclear reprocessing plants
– etc.
• Typically connected to the Internet for
efficiency of operation.
H(ackers)2O
8 November 2011, Springfield, IL, USA.
• Hackers remotely accessed the online SCADA system
of Curran-Gardner Township Public Water District.
• They burned out a well pump that serviced about
2,200 households by repeatedly turning it on and off.
• Later reported as a false alarm caused by a contractor
remoting into the system while on holiday in Russia.
18 November 2011, Houston, TX, USA.
• Pr0f hacked into Harris County water plant and took
screenshots but did no damage.
“Stuxnet”
• Discovered in June/July 2010.
• Malicious software (“malware”) intended to sabotage
nuclear reprocessing plants in Iran.
• Targets and reprograms a specific model of Siemens
PLC (used to control ultracentrifuges) to operate
outside their specified parameters.
• Replays previously sampled normal ultracentrifuge
behaviour to the operators’ console.
• Propagates itself and hides its code modifications
• Involved 3-5 skilled person-years’ development
“Duqu”
• Discovered in September 2011.
• Malicious software (“malware”) intended to gather
intel such as system information and user profiles
• Source code highly similar to Stuxnet yet not
specifically targeting SCADA/PLC
• Unknown whether it is a prequel or a sequel to
Stuxnet
US DoE “Aurora” demo (March 2006)
US DoE “Aurora” demo (cont’d)
Questions? Ideas?
• Contact Dr Richard Overill with any
questions on
[email protected]