Surviving Cyber War April09

Coming soon:

Blog: ThreatChaos.com twitter.com/cyberwar

Surviving Cyber War

2

Agenda

Pervasive Espionage

Background

Cyber Defense Preparedness

Crowd Sourced Cyber Weapons

Threat hierarchy is a time line!

• Information Warfare• CyberCrime• Hactivism• Vandalism• Experimentation

Rumblings

April 1, 2001

Navy EP-3

ChineseF-8

The Five Levels of Cyber Defense Conditions

• Cyber DefCon 1. Travel warnings. Governments issue warnings about protecting data when travelling to foreign nations.

• Cyber DefCon 2. Nation states probe each other’s network’s for vulnerabilities.

• Cyber Defcon 3. Wide spread information theft with intent to mine industrial as well as military and geo-political secret information.

• Cyber DefCon 4. Targeted attacks against a nation’s military and government installations. Loss of critical data, collateral damage.

• Cyber DefCon 5. Nation to nation attacks are malicious with intent to destroy communication infrastructure and disable business processes including financial markets.

Chinese Thinking

• Wang Qingsong, Modern Military-Use High Technology, 1993• Zhu Youwen, Feng Yi,and Xu Dechi, Information War Under High

Tech Conditions1994• Li Qingshan, New Military Revolution and High Tech War, 1995• Wang Pufeng, InformationWarfare and the Revolution in Military

Affairs, Beijing: 1995;• Zhu Xiaoli and Zhao Xiaozhuo, The United States and Russia in the

New Military Revolution,1996;• Li Qingshan, New Military Revolution and High Tech War, 1995• Dai Shenglong and Shen Fuzhen, Information Warfare and

Information Security Strategy, 1996• Shen Weiguang, On New War 1997

Goal: Information Dominance

The degree of information superiority that allows the possessor to use information systems and capabilities to achieve an operational advantage in a conflict or to control the situation in operations short of war, while denying those capabilities to the adversary.

-Field Manual 100-6 Information Operations, August1996.

Custom Trojans, tools of the tradeMichael Haephrati shows us how.

China knows Trojans

• In the UK, the Home Office has warned about a spate of attacks in recent months involving e-mail Trojans. "We have never seen anything like this in terms of the industrial scale of this series of attacks," said Roger Cumming, director of NISCC

Titan Rain world wide

• Custom Trojans• Sandia drops its shorts, 2005• Shawn Carpenter, First US Cyber Warrior• Summer 2007 Pentagon is attacked and shut

down. Source of attack Chinese Red Army• German Chancellery, Summer 2007• Whitehall, UK• France• India• Australia

Ghost Net

• 1,200 computers including ministry and NATO machines

• Looking for attribution• Attacks on the office of the Dalai Lama• Joint Strike Fighter Breach April 21, 2009

Joint Strike Fighter

Crowd sourcing

Cyber war breaks out

• Estonia, March 2007• Ukrain November 2007• Lithuania, June 2008• Georgia, August 2008

Nashi summer camp ‘07

Cyber Defense Preparedness: Estonia

"Cooperative Cyber Defence (CCD) Centre of Excellence (COE) in Tallinn, Estonia.

-Cyber Defense Advisors deployed to Georgia

-Focus on “home guard”. The minute-man approach.

-Tools and techniques (to come)

Cyber Defense Preparedness: US

Cyber Defense Structure. Air Force? NSA? STRATCOM?

Offensive capability?

Spending: $7 billion new spending per year

Defending against DDoS

Massive bandwidth: 18+ gigsBlocking DNSShell game using virtualization

Surviving Cyber War for every organization

• Same rules apply, only more so. • Appoint a cyber security commander • Defense in depth against multiple adversaries• Fighting the low and slow war. Your

information is their weapon. Worry about infiltration.

• DDoS. Yes, it takes investment.• Surviving a meltdown. Remember modems?

Blog: www.threatchaos.com

email: Richard.Stiennon@it-harvest.com

Twitter: twitter.com/cyberwar