Post on 12-Jan-2016
Information WarfareInformation Warfare
Playgrounds to BattlegroundsPlaygrounds to Battlegrounds
CSCE 727 - Farkas 2
Last Class: Theory of IWLast Class: Theory of IW
Information resourcesPlayersOffensive operationsDefensive operations
WIN-LOSE NATURE OF OPERATIONS
Security ObjectivesSecurity Objectives
ConfidentialityIntegrity Availability
CSCE 727 - Farkas 3
Offense and Defense Offense and Defense
CSCE 727 - Farkas 4
Offensive Aim Defensive Action
Increase availability of resource for the offense
Prevent availability of resource for offense
Decrease integrity of resource for the defense
Ensure integrity of resource for the defense
Decrease availability of resource for defense
Ensure availability of resource for the defense
CSCE 727 - Farkas 5
Offense: Increased availabilityOffense: Increased availability Collection of secret:
– Espionage (illegal) and intelligenceintelligence (may be legal) Piracy Penetration (hacking) Superimposition fraud Superimposition fraud (use by the offense on the
defense’s legitimate usage) Identity theftIdentity theft Perception management Perception management (affect beliefs and
behavior)
CSCE 727 - Farkas 6
Offense: Decrease Availability Offense: Decrease Availability for Defensefor Defense
Physical theftPhysical theftSabotageSabotageCensorship Censorship
CSCE 727 - Farkas 7
Offense: Decreased IntegrityOffense: Decreased Integrity
TamperingTamperingPenetration
– Cover up– Virus, worm, malicious code
Perception managementPerception management– Fabrication, forgeries, fraud, identity theft,
social engineering
Defense – What Not to doDefense – What Not to do
CSCE 727 - Farkas 8
Closing The Barn Door After The Horse Is Gone
From: http://blog.johnlund.com/2013/10/closing-barn-door-after-horse-is-gone.html
CSCE 727 - Farkas 9
DefenseDefenseEmergency preparednessEmergency preparedness: capability to recover
from and response to attacks
Prevention: keeps attacks from occurringDeterrence: makes attack unattractiveIndications and warning: recognize attacks
before it occursDetection: recognize attacksResponse: actions taken after the attack
Playgrounds to BattlegroundsPlaygrounds to Battlegrounds
CSCE 727 - Farkas 11
IW ActivitiesIW Activities
Context of human actions and conflictDomains:
– Play: hackers vs. owners– Crime: perpetrators vs. victims– Individual rights: individuals vs.
individuals/organizations/government– National security: national level activities
CSCE 727 - Farkas 12
PlayPlay
Playing pranks Actors: hackers/crackers/phreakers Motivation: challenge, knowledge, thrill Culture: social/educational
– “global networks”– publications– forums
Law – DHS, Cybersecurity Laws & Regulations,
http://www.dhs.gov/cybersecurity-laws-regulations
CSCE 727 - Farkas 13
Crime Crime Intellectual Property Crimes
– IT targets: research and development, manufacturing and marketing plan, customer list, etc.
– 1996: Economic Espionage Act (U.S. Congress) + amendments Fraud
– Telemarketing scam, identity theft, bank fraud, telecommunication fraud, computer fraud and abuse
Fighting crime P. Roberts, U.S. Congress Hears Of Growing Cyber Espionage Threat To U.S.,
06/29. 2012, http://threatpost.com/en_us/blogs/us-congress-hears-growing-cyber-espionage-threat-us-062912
CSCE 727 - Farkas 14
CrimeCrime
Actors:– Employees– Temporary staff– Vendors– Suppliers– Consultants
Trade secrets Identity theft Law
CSCE 727 - Farkas 15
Individual RightsIndividual Rights
Privacy– Secondary use of information
Free speech– Harmful/disturbing speech– Theft and distribution of intellectual property– Censorship
E. Moyer, In Swartz protest, Anon hacks U.S. site, threatens leaks, 01/28/2013, http://news.cnet.com/8301-1009_3-57566016-83/in-swartz-protest-anon-hacks-u.s-site-threatens-leaks/
CSCE 727 - Farkas 16
National SecurityNational Security Foreign Intelligence
– Peace time: protecting national interests Open channels, human spies, electronic surveillance, electronic
hacking (?)
– War time: support military operations– U.S. Intelligence Priorities:
Intelligence supporting military needs during operation Intelligence about hostile countries Intelligence about specific transnational threats
– Central Intelligence Agency (CIA)– Primary targets in USA: high technology and defense-
related industry
CSCE 727 - Farkas 17
War and Military ConflictWar and Military Conflict
IT support, e.g., sensors, weapons, surveillance, etc.
Psyops and perception managementPhysical weapons (?)Cyber space battle (?) Unmanned devices (?)
CSCE 727 - Farkas 18
Terrorism Terrorism
Traditional:– Intelligence collection– Psyops and perception management
New forms:– Exploitation of computer technologies
Internet propaganda Cyber attacks (electronic mail flooding, DOS, etc.)
Protection of national infrastructure
AwarenessAwareness
Insider threatRemote access – authenticationCounterfeit hardwareAbuse of security guidelines
CSCE 727 - Farkas 19
Origin of AttacksOrigin of Attacks
Vulnerable computers– Dependence on computers– Education of users– Economy– Monopoly of OS
Non-state actors
CSCE 727 - Farkas 20