Information WarfareInformation WarfareMidterm OverviewMidterm Overview

Lectures CoveredLectures Covered

Everything until (including) March 2nd

Reading: – All lecture slides– Denning book: Chapters 1, 2, 3, 4, 5, 7, 13

(access control), 14 (Risk management, Incident handling)

– Additional reading materials (next slide)

CSCE 727 - Farkas 2

Additional readingAdditional reading

Familiarity with CSCE 522 lecture notes, 2013 Fall, as needed, http://www.cse.sc.edu/~farkas/csce522-2013/lecture.htm

Denning, D. E. Stuxnet: What Has Changed? Future Internet 2012, 4, 672-687. (.pdf)

Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisition, and Operations, http://www.fas.org/irp/eprint/oss980501.htm

NSA revelations hobble pursuit of a comprehensive cyberdefense initiative, Homeland Security News Wire, 08/16, 2013,http://www.homelandsecuritynewswire.com/dr20130816-nsa-revelations-hobble-pursuit-of-a-comprehensive-cyberdefense-initiative

Expert calls for “surveillance minimization” to restore public trust, Homeland Security News Wire, 01/27/2014, http://www.homelandsecuritynewswire.com/dr20140127-expert-calls-for-surveillance-minimization-to-restore-public-trust

CSCE 727 - Farkas 3

Additional ReadingAdditional Reading

Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law. Thoughts on a Normative Framework., 37 Colum. J. Transnat'l L. 885, 1999,http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA471993

NIST special publications, Incident Handling Updated Guidelines, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf (general understanding only)

Roger C. Molander, Peter A. Wilson, B. David Mussington, Richard Mesic: What is Strategic Information Warfare?, 1996,http://www.rand.org/content/dam/rand/pubs/monograph_reports/2005/MR661.pdf

Information Security Policy - A Development Guide for Large and Small Companies, http://www.sans.org/reading_room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies_1331 

CSCE 727 - Farkas 4

CSCE 727 - Farkas 5

Information Security (INFOSEC)Information Security (INFOSEC)

Protection of information against intentional or unintentional unauthorized – Disclosure (confidentiality) – Modification (integrity)– Destruction (availability)

Concerned mainly with owned resources

CSCE 727 - Farkas 6

Security Tradeoffs

COST

Security Functionality

Ease of Use

CSCE 727 - Farkas 7

Information AssuranceInformation Assurance

Information security (prevention) plus – Authenticity and non-repudiation– Detection and reaction capabilities– Additional threats, like perception

managements and exploitation of public media

Addresses intentional or unintentional threats

CSCE 727 - Farkas 8

Information WarfareInformation Warfare Addresses only intentional attacks Information in any form and transmitted over any

media Defensive operations:

– Protection against attacks– Concerned with non-owned and owned resources

Offensive operations: – Exploit vulnerabilities in information resources– Motives, means, opportunities

WIN-LOSE NATURE OF OPERATIONS

CSCE 727 - Farkas 9

Gain-Loss Nature of IWGain-Loss Nature of IW

defense offense

ensure availability

prevent availabilityensure integrity

increase availability

decrease availability

decrease integrity

From: Denning Figure 2.1

CSCE 727 - Farkas 10

ActivitiesActivities

Play: hackers vs. ownersCrime: perpetrators vs. victimsIndividual rights: individuals vs.

individuals/organizations/governmentNational security: national level activities

– State activities– Terrorism

CSCE 727 - Farkas 11

Intention of AttackersIntention of Attackers

Defensive IWDifficult to guessDetermines response and incident handling

Offensive Information WarfareOffensive Information Warfare

CSCE 727 - Farkas 13

Win-Lose ActivityWin-Lose Activity Alter availability and integrity of resources to

benefit the offense Old vs. new methods Areas:

1. Open source and competitive intelligence 2. Psyops and perception management3. Signal intelligence

Not yet covered:1. Insiders threat2. Computer attacks3. Malicious software

CSCE 727 - Farkas 14

1 Open Source Intelligence1 Open Source Intelligence

Protected information: readily available in public domain, can be inferred from public data, or deduced from aggregated public data

Goal: answer specific question in support of some mission

Advantages: no risk for collector, provides context, mode of information acquisition, cover for data discovery by secret operations

Disadvantages: may not discover important information, assurance of discovery(?)

CSCE 727 - Farkas 15

1 Privacy and Copyright1 Privacy and Copyright

Piracy– Copyright Infringement

Acquisition of protected work without the owner’s permission

Human perception: not serious crime Significant loss for marketing/manufacturing/owner

– Trademark Infringement Intellectual property disputes Domain name disputes

CSCE 727 - Farkas 16

2 Psyops and Perception 2 Psyops and Perception ManagementManagement

Information operations that aim to affect perception of others

Goal: influence actions Means: influence emotions, reasoning, decisions Target: individuals, groups, nation, World Censorship

– Offensive: denies population access to certain materials– Defensive: protect society from materials that would

undermine its culture or governance

CSCE 727 - Farkas 17

4 Signal Intelligence4 Signal Intelligence Operations that involves interception and analysis

of signals across electromagnetic spectrum

Intelligence report, criminal investigations, employee monitoring

U.S. Federal wiretap restrictions

Foreign intelligence

Privacy rights

Defensive Information WarfareDefensive Information Warfare

CSCE 727 - Farkas 19

Defensive Information WarfareDefensive Information Warfare

Protect information resources from attacksPreserve the value of resource or recover

lost valueSecurity PolicyMethodsResponse

CSCE 727 - Farkas 20

Vulnerability MonitoringVulnerability Monitoring

Identify security weaknessesMethods: automated tools, human walk-

through, surveillance, audit, background checks

Red team: organized group of people attempting to penetrate the security safeguards of the system

CSCE 727 - Farkas 21

Incident HandlingIncident Handling Not all incidents can be prevented Incident

handling– Prevention and preparedness – Detection and analysis– Containment and recovery– Post-incident activity

Benefits:– Systematic and appropriate response to incidents– Quick response reduce loss and damage– Strengthen security– Satisfy legal requirements

Federal agency requirements

Sample tests Sample tests

Posted on class websiteWill be discussed on March 16, Monday

CSCE 727 - Farkas 22