1
Information WarfareInformation Warfareandand
Cyber DefenseCyber Defense
April 2002April 2002
Mr. Larry WrightBooz Allen Hamilton
REPORT DOCUMENTATION PAGE Form Approved OMB No.0704-0188
Public reporting burder for this collection of information is estibated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completingand reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burder to Department of Defense, WashingtonHeadquarters Services, Directorate for Information Operations and Reports (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision oflaw, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS.
1. REPORT DATE (DD-MM-YYYY)22-04-2002
2. REPORT TYPEBriefing
3. DATES COVERED (FROM - TO)xx-xx-2002 to xx-xx-2002
4. TITLE AND SUBTITLEInformation Warfare and Cyber DefenseUnclassified
5a. CONTRACT NUMBER5b. GRANT NUMBER5c. PROGRAM ELEMENT NUMBER
6. AUTHOR(S)Wright, Larry ;
5d. PROJECT NUMBER5e. TASK NUMBER5f. WORK UNIT NUMBER
7. PERFORMING ORGANIZATION NAME AND ADDRESSBooz Allen Hamilton8283 Greensboro DriveMcLean, VA22102
8. PERFORMING ORGANIZATION REPORTNUMBER
9. SPONSORING/MONITORING AGENCY NAME AND ADDRESSBooz Allen Hamilton,
10. SPONSOR/MONITOR'S ACRONYM(S)11. SPONSOR/MONITOR'S REPORTNUMBER(S)
12. DISTRIBUTION/AVAILABILITY STATEMENTAPUBLIC RELEASE,13. SUPPLEMENTARY NOTES14. ABSTRACTSee report.15. SUBJECT TERMS16. SECURITY CLASSIFICATION OF: 17. LIMITATION
OF ABSTRACTPublic Release
18.NUMBEROF PAGES46
19. NAME OF RESPONSIBLE PERSONemail from Booz Allen (IATAC), (blank)[email protected]
a. REPORTUnclassified
b. ABSTRACTUnclassified
c. THIS PAGEUnclassified
19b. TELEPHONE NUMBERInternational Area CodeArea Code Telephone Number703767-9007DSN427-9007
Standard Form 298 (Rev. 8-98)Prescribed by ANSI Std Z39.18
REPORT DOCUMENTATION PAGEForm Approved
OMB No. 074-0188Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the dataneeded, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden toWashington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302, and to the Office of Management and Budget, PaperworkReduction Project (0704-0188), Washington, DC 20503
1. AGENCY USE ONLY (Leaveblank)
2. REPORT DATE4/22/2002
3. REPORT TYPE AND DATES COVEREDBriefing 4/22/2002
4. TITLE AND SUBTITLEInformation Warfare and Cyber Defense
5. FUNDING NUMBERS
6. AUTHOR(S)Wright, Larry
7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION REPORT NUMBER
Booz Allen & Hamilton8283 Greensboro DriveMcLean, VA 22102
9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSORING / MONITORING AGENCY REPORT NUMBER
Booz Allen Hamilton
11. SUPPLEMENTARY NOTES
12a. DISTRIBUTION / AVAILABILITY STATEMENTApproved for public release; Distribution unlimited
12b. DISTRIBUTION CODE
A
13. ABSTRACT (Maximum 200 Words)
Breifing about information warfare from the Phoenix Challenge 2002 Conference andWarfighter day.
14. SUBJECT TERMSIATAC Collection, information warfare, information assurance, cyberwarfare
15. NUMBER OF PAGES
45
16. PRICE CODE
17. SECURITY CLASSIFICATION OF REPORT
UNCLASSIFIED
18. SECURITY CLASSIFICATION OF THIS PAGE
UNCLASSIFIED
19. SECURITY CLASSIFICATION OF ABSTRACT
UNCLASSIFIED
20. LIMITATION OF ABSTRACT
UNLIMITED
NSN 7540-01-280-5500 Standard Form 298 (Rev. 2-89)Prescribed by ANSI Std. Z39-18298-102
2
USA CIRCA 2002USA CIRCA 2002
•• Massive networking has made the Massive networking has made the U.S. the world’s most vulnerable U.S. the world’s most vulnerable target for information attacktarget for information attack
•• Public and Private infrastructures Public and Private infrastructures have become virtually indistinguishable have become virtually indistinguishable and largely globaland largely global
3
The Entwined InfrastructureThe Entwined Infrastructure
ArmyArmy
NavyNavy
Intelligence Intelligence CommunityCommunity
SprintSprint
AT&TAT&TLong Haul Long Haul
CommunicationsCommunications
SwitchSwitch
USG/USG/DoDDoD is highly dependent on civilian infrastructure, is highly dependent on civilian infrastructure, and shared capability = shared vulnerabilityand shared capability = shared vulnerability
SIPRNET / SIPRNET / JWICSJWICS
4
Information Technology TrendsInformation Technology Trends
Power Is UpPower Is Up
1980
19821986
19891992 1996 1998 2000
286 386 486 Pentium P6 Pentium 4
286k
1MB
4MB
16MB 64MB 256MB
384MBDRAM
CPU
(Source: EIA, CNET, Gartner, Dell -- 2000)
2002
512MB
Pentium 4/Celeron
5
Information Technology TrendsInformation Technology Trends
Price Is DownPrice Is DownCost per MIPS*
(Source: Business Week, Jan -- 2002)* Millions of Instructions
Per Second
$$ (
log
)
Year
$500K
$1.20
Est. $.01 by
2012
$.85
1
10
100
1,000
10,000
100,000
1,000,000
1978 1982 1986 1990 1994 1998 2002
6
Attacks Are Growing SignificantlyAttacks Are Growing Significantly
0
10000
20000
30000
40000
50000
60000
70000
80000
88 89 90 91 92 93 94 95 96 97 98 99 0 2
Commercial
DoD
Commercial & DoDIncident Reports
00 02
7
Increasing VulnerabilitiesIncreasing Vulnerabilities
ll Number of Intrusions Number of Intrusions IncreasingIncreasingll Denial of Service Attacks Denial of Service Attacks IncreasingIncreasing
ll Velocity and Damage of Viruses Velocity and Damage of Viruses IncreasingIncreasingll Other Nations’, Terrorists’, and Other Nations’, Terrorists’, and
Criminals’ sophisticated cyber Criminals’ sophisticated cyber attack capabilities attack capabilities IncreasingIncreasing
“…30 computer virtuosos strategically located around the world, with a budget of less than $10 million, could bring the U.S. to its knees.”
-- Center for Strategic and International Studies (CSIS)
8
Virus Attacks:Virus Attacks:Accelerating in Speed & DamageAccelerating in Speed & Damage
Sources: ICSA.net, Carnegie Mellon CERT
Tim
e to
Bec
om
e M
ost
Pre
vale
nt
Vir
us
19901990 19951995 20002000
“Jerusalem” Virus3 years - $50M
Damage
“Concept” Virus“Concept” Virus4 Months 4 Months -- $50M $50M
DamageDamage
“Code Red” Worm“Code Red” Worm9 Hours ~ $2.6 B Damage9 Hours ~ $2.6 B Damage
““SircamSircam” Worm” Worm6 Hours ~ $1.3B 6 Hours ~ $1.3B
“Melissa” Virus“Melissa” Virus4 Days ~ $300M4 Days ~ $300M
DamageDamage
“Love Bug”5 Hours - >$800M
Damage
9
OMB Report:OMB Report:Most Federal Agencies Unable To Spot CyberMost Federal Agencies Unable To Spot Cyber--AttacksAttacks
14 Feb ‘0214 Feb ‘02
ll Many agencies have no meaningful system to test or Many agencies have no meaningful system to test or monitor system activity or detect intrusions.monitor system activity or detect intrusions.
ll General lack of policy or programs to detect, report, General lack of policy or programs to detect, report, or share information on vulnerabilities or attacks.or share information on vulnerabilities or attacks.
ll Most employees lack basic awareness or education Most employees lack basic awareness or education on computer security.on computer security.
ll Few agencies ensure contractor compliance on Few agencies ensure contractor compliance on security requirements or background checks.security requirements or background checks.
In last year’s penetration testing, nearly all Federal agencies earned a grade of “D” or lower for computer security – DoD earned the only passing grade.
Findings:Findings:
10
Information Information OperationsOperations
11
Information Superiority
Range of Operations
Peace Crisis Conflict /War War Termination PeacPeace Crisis Conflict /War War Termination Peacee
OPERATIONALOPERATIONAL
STRATEGICSTRATEGICLEVELS
OF
WAR
TACTICALTACTICAL
IOIOIWIW
TACTICALTACTICAL
OPERATIONALOPERATIONAL
STRATEGICSTRATEGIC
C2WC2WSTRATEGICSTRATEGIC
OPERATIONALOPERATIONAL
TACTICALTACTICAL
12
Peace
Peace
Crisis
Crisis
Hostilit
ies
Hostilit
iesPea
cePea
ce
StrategicStrategicInformationInformationOperationsOperations
OperationalOperationalIOIO
TacticalTacticalIOIO
ResponsibilitiesResponsibilities
NCA/JOINTNCA/JOINTSTAFFSTAFFCINC’sCINC’s
NCANCACINC’sCINC’s
CINCCINCJTFJTF
STATESTATENCANCA
CINC’sCINC’s
NONNON--DoDDoDSTATE FBISTATE FBIAGENCIES/AGENCIES/
CORPORATIONSCORPORATIONS
NONNON--DoDDoDSTATE FBISTATE FBIAGENCIES/AGENCIES/
CORPORATIONSCORPORATIONS
PolicyPolicy
LegalLegal
OrganizationalOrganizational
OperationsOperations
ArchitectureArchitecture
TechnologyTechnology
Info Info AssuranceAssurance
PDDPDD--5656PDDPDD--6363
PDDPDD--6868
Information OperationsInformation Operations
Focus AreasFocus AreasElementsElements
•• PSYOPPSYOP•• DeceptionDeception•• EWEW•• OPSECOPSEC•• Physical Physical
DestructionDestruction•• CNDCND•• CNACNA
13
IA / IO / IWIA / IO / IWA 10A 10--Day SampleDay Sample
IAIA
IOIO
IWIWRelated Related
SubjectsSubjects
ConferencesConferences
EE--mailmail Web SitesWeb SitesLinksLinks ArticlesArticles
3838 3232 2323 23502350
2222 1616 88 27132713
77 1111 22 2626
1616 3434
55 55 22
Knowledge and InterestKnowledge and InterestAre WidespreadAre Widespread
January 2002
14
IO “Threat” is Very NonIO “Threat” is Very Non--TraditionalTraditional
ll The IO “Threat” aims to diminish or destroy The IO “Threat” aims to diminish or destroy DoD’sDoD’s capability to gain and maintain Information capability to gain and maintain Information SuperioritySuperiority
ll Examples include:Examples include:•• Trusted insider who takes advantage of accessTrusted insider who takes advantage of access•• Insertion of malicious code into our systemInsertion of malicious code into our system•• Modification of our hardware or software, including Modification of our hardware or software, including
possibly at the supplier levelpossibly at the supplier level•• Remote “virtual” attackRemote “virtual” attack•• Empowered “virtual” agentsEmpowered “virtual” agents•• New approaches that have not yet been discoveredNew approaches that have not yet been discovered
ll Murphy’s law, natural events, and system fragility Murphy’s law, natural events, and system fragility all exacerbate likely problemsall exacerbate likely problems
ll Commercial sector will not meet all USG/Commercial sector will not meet all USG/DoDDoDsecurity needssecurity needs
15
The Insider ThreatThe Insider Threat
Greatest Greatest ThreatThreat
Significant Significant ThreatThreat
HighHigh LowLow
Source: GartnerGroupReport 5605
HighHigh
Tech
nica
l Lite
racy
Tech
nica
l Lite
racy Demonized But Demonized But
InsignificantInsignificant
InsignificantInsignificantLowLow
Internal Process KnowledgeInternal Process Knowledge
16
High Likelihood
High Impact
Low Impact
Low Likelihood
•• Today’s primary Today’s primary spending is on spending is on high likelihood high likelihood threats, but their threats, but their impact is lowimpact is low
•• A much lesser A much lesser amount is spent amount is spent on low likelihood on low likelihood threats that will threats that will have a high impacthave a high impact
Today’s Spending ProfileToday’s Spending Profile
17
•• Broadly based, fairly uncoordinated USG/Broadly based, fairly uncoordinated USG/DoDDoD efforts are efforts are underwayunderway
•• Public awareness of IW and IA issues at home and abroad is Public awareness of IW and IA issues at home and abroad is dramatically greaterdramatically greater
•• Internet use has exploded and USG/Internet use has exploded and USG/DoDDoD use and use and dependence on the internet has grown exponentiallydependence on the internet has grown exponentially
•• We have an increased appreciation of our vulnerabilities We have an increased appreciation of our vulnerabilities from IWfrom IW
•• Remediation and preparations for Y2K diverted focus and Remediation and preparations for Y2K diverted focus and potential funds from IA/IW resolutionpotential funds from IA/IW resolution
•• A tremendous amount of energy is ongoing nationally, A tremendous amount of energy is ongoing nationally, which is likely which is likely -- over time over time -- to substantially improve U.S. to substantially improve U.S. IA/IW capabilitiesIA/IW capabilities
•• A combined WMD/IW attack could be potentially devastatingA combined WMD/IW attack could be potentially devastating
Today...Today...
18
World Trade Center: World Trade Center: The Real Target?The Real Target?
ll The 1993 World Trade Center The 1993 World Trade Center bombing appeared to be a bombing appeared to be a traditional Terrorist attack traditional Terrorist attack ----significant because of itssignificant because of itssize and planning on U.S. soilsize and planning on U.S. soil
ll In fact:In fact: The Terrorists intent was to The Terrorists intent was to topple the towers on Wall Streettopple the towers on Wall Streetinciting a crisis in U.S. financialinciting a crisis in U.S. financialmarketsmarkets
ll Therefore, Therefore, “intent”“intent” to impact/degrade/destroy the to impact/degrade/destroy the U.S. Economy U.S. Economy has been demonstratedhas been demonstrated
ll How long until there is a CyberHow long until there is a Cyber--terrorism event with terrorism event with the same intent?the same intent?
Originally briefed
Originally briefed
in March 2001!
in March 2001!
19
World Trade Center: World Trade Center: September 11, 2001September 11, 2001
ll The 9The 9--11 World Trade Center 11 World Trade Center attack went well beyond a attack went well beyond a traditional Terrorist attack traditional Terrorist attack ----The long term planning and The long term planning and coordination on U.S. soil coupled coordination on U.S. soil coupled with the attack on the Pentagon with the attack on the Pentagon made this an act of warmade this an act of war
ll In fact:In fact: The Terrorists intent The Terrorists intent was to incite a crisis in U.S. was to incite a crisis in U.S. financial markets and demonstrate financial markets and demonstrate U.S. inability to protect itselfU.S. inability to protect itself
ll Once again, Once again, “intent”“intent” to impact/degrade/destroy U.S. to impact/degrade/destroy U.S. infrastructure infrastructure was clearly demonstratedwas clearly demonstrated
ll How much worse would 9How much worse would 9--11 have been if it included 11 have been if it included a Cybera Cyber--terrorism element with the same intent?terrorism element with the same intent?
20
Our National Our National Security PostureSecurity Posture
21
National Security’s Changing National Security’s Changing LandscapeLandscape
ll Our concept of national security has always pivoted around the Our concept of national security has always pivoted around the physical and economic wellphysical and economic well--being of the American people.being of the American people.
ll For 200 years, this protection has largely been achieved For 200 years, this protection has largely been achieved beyond US shores.beyond US shores.
ll Today, defense of our economics and people must take place Today, defense of our economics and people must take place on US soil too!on US soil too!
ll Threats may now even be “remote” Threats may now even be “remote” ---- attacks against the US attacks against the US proper, from beyond our shores.proper, from beyond our shores.
ll In the Information Age, our wealth, security, and functionality In the Information Age, our wealth, security, and functionality are all rooted in our ability to control information.are all rooted in our ability to control information.
ll National security can no longer isolate the role of DoD and the National security can no longer isolate the role of DoD and the Intelligence Community from the business and private sector.Intelligence Community from the business and private sector.
Our national security must now become the responsibility Our national security must now become the responsibility of the United States of the United States ---- Not simply the Defense Department! Not simply the Defense Department!
22
•• Today, in the Information Age, we are the most vulnerable:Today, in the Information Age, we are the most vulnerable:–– Each of our infrastructures is dependent on othersEach of our infrastructures is dependent on others–– Globalization and financial integration is pervasiveGlobalization and financial integration is pervasive–– We must protect everywhere from attacks anywhereWe must protect everywhere from attacks anywhere
•• The conflict is engaged: Solar Sunrise, Moonlight Maze, The conflict is engaged: Solar Sunrise, Moonlight Maze, Melissa, Love Bug, Denial of Service, Code Red, Melissa, Love Bug, Denial of Service, Code Red, SircamSircam
•• The “nuclear threat” now is widely available to almost any The “nuclear threat” now is widely available to almost any nation or group as WMD or Information Warfare technologiesnation or group as WMD or Information Warfare technologies–– Consider information as a weapon of mass effect (WME)Consider information as a weapon of mass effect (WME)
•• NSA conducted a significant number or Red Team exercises NSA conducted a significant number or Red Team exercises during the last five years, using tools and techniques during the last five years, using tools and techniques downloaded from the Internetdownloaded from the Internet–– 99% of attacks undetected99% of attacks undetected
We are awaiting a “Cyber Pearl Harbor,” We are awaiting a “Cyber Pearl Harbor,” when we are already involved in a “Battle of Britain”when we are already involved in a “Battle of Britain”
We Are A Nation At RiskWe Are A Nation At Risk
23
So What?So What?
ll Our concept of national security must adapt to Our concept of national security must adapt to this changing world. In fact, a new concept this changing world. In fact, a new concept already is emerging. It encompasses:already is emerging. It encompasses:•• Traditional concerns Traditional concerns
•• National critical infrastructure protectionNational critical infrastructure protection–– Including critical private infrastructuresIncluding critical private infrastructures
•• Concerns that have not been traditional focus of Concerns that have not been traditional focus of national security: e.g., currency, privacy, intellectual national security: e.g., currency, privacy, intellectual propertyproperty
•• Protection of foreign networks and systems upon Protection of foreign networks and systems upon which we dependwhich we depend
24
Road Map for National Security: Road Map for National Security: Imperative for ChangeImperative for Change
ll Serious Gaps Exist in Agencies ability to Protect, Serious Gaps Exist in Agencies ability to Protect, Prevent, and Respond to Terrorist ThreatsPrevent, and Respond to Terrorist Threats
ll A “Catastrophic Attack” is likely to strike the U.S. in A “Catastrophic Attack” is likely to strike the U.S. in the next 25 yearsthe next 25 years
ll Need to Reorganize the State and Defense Need to Reorganize the State and Defense Departments and Invest in Education and Scientific Departments and Invest in Education and Scientific ResearchResearch
ll Create an Independent CabinetCreate an Independent Cabinet--level National level National Homeland Security Agency to Coordinate a National Homeland Security Agency to Coordinate a National Strategy against Terrorism (WMD & Cyber)Strategy against Terrorism (WMD & Cyber)
U.S. Commission on National Security/21st CenturyU.S. Commission on National Security/21st Century
The HartThe Hart--RudmanRudman ReportReport31 January 200131 January 2001
25
2025 Foundational2025 FoundationalNational Security ElementsNational Security Elements
ll US remains economically strong, retains role in shaping int’l US remains economically strong, retains role in shaping int’l environmentenvironment
ll S&T advancing at exponential pace, widely but unevenly S&T advancing at exponential pace, widely but unevenly distributeddistributed
ll World energy, water resources, and global aging become World energy, water resources, and global aging become significant factors in the national/global security equationssignificant factors in the national/global security equations
ll ee--Commerce transcends national boundaries, global interaction Commerce transcends national boundaries, global interaction in a multitude of markets on a hourly basis 7/24/365.in a multitude of markets on a hourly basis 7/24/365.
ll Asymmetries multiply, threatening US response capabilitiesAsymmetries multiply, threatening US response capabilities
ll WMDs proliferate to a wider range of state and nonWMDs proliferate to a wider range of state and non--state actorsstate actors
ll Conflict will resort to forms and levels of violence shocking toConflict will resort to forms and levels of violence shocking toour sensibilitiesour sensibilities
ll Alliances and coalitions will be increasingly difficult to Alliances and coalitions will be increasingly difficult to establish and establish and sustainsustain
(Excerpted from: Hart(Excerpted from: Hart--RudmanRudman--Gingrich Commission)Gingrich Commission)
26
IssuesIssuesandand
ObservationsObservations
27
• Information Superiority, like information assurance, is dependent on taking a large volume of data, sifting through it to gain key information, leading to knowledge that can be applied as understanding.
• What We Have:
– Today, the US can gather a vast amount of data through a variety of sources and sensors.
– Some of that data can be sifted to find the nuggets of key information.
– A lesser amount is converted to knowledge, and even less is really understood.
Too Much Data; Too Little Too Much Data; Too Little Knowledge & UnderstandingKnowledge & Understanding
DataDataData InformationInformation KnowledgeKnowledge UnderstandingUnderstanding
28
President
Attorney General NSC
DOJ / FBI
NIPC
CINCSPACE
DOD Fusion Ctrs
Authorities Authorities for Responsefor Response
Key Key IssueIssue
??
Issues in RespondingIssues in Respondingto a Potential Cyber Eventto a Potential Cyber Event
ll How do we handle an How do we handle an incident when it is not incident when it is not clear whether it a crime, clear whether it a crime, a foreign attack, or a foreign attack, or both?both?
ll How should responses How should responses be coordinated between be coordinated between National Security and National Security and Law Enforcement?Law Enforcement?
ll How should How should responsibility be responsibility be handed off once the handed off once the attacker/criminal is attacker/criminal is identified?identified?
ll How de we interface with How de we interface with the private sector?the private sector?
CYBER EVENTCrime or Attack? Private
Sector?
29
Issues (Issues (con’tcon’t))
ll Can a trusted system be composed of untrusted Can a trusted system be composed of untrusted components?components?
ll What role can Active Defense play in Defensive IO?What role can Active Defense play in Defensive IO?ll Complexity is growing faster than solutions Complexity is growing faster than solutions
Increased complexity:Increased complexity:–– Makes it more difficult to defend our networked systemsMakes it more difficult to defend our networked systems
AND AND –– Makes it more difficult for an adversary to predict and evaluateMakes it more difficult for an adversary to predict and evaluate the the
effects of his attackseffects of his attacks
ll Defending against information attack is more critical Defending against information attack is more critical andandmore difficult than conducting an information attack more difficult than conducting an information attack against an adversaryagainst an adversary
ll From an operational perspective good security often From an operational perspective good security often conflicts with getting things doneconflicts with getting things done
30
ConclusionsConclusions
31
Y GG
1. Designate an accountable IW focal point1. Designate an accountable IW focal point
2. Organize for IW2. Organize for IW--DD
3. Increase awareness3. Increase awareness
4. Assess infrastructure dependencies and 4. Assess infrastructure dependencies and vulnerabilitiesvulnerabilities
5. Define threat conditions and responses5. Define threat conditions and responses
6. Assess IW6. Assess IW--D readinessD readiness
7. “Raise the bar” with high7. “Raise the bar” with high--payoff, lowpayoff, low--cost cost itemsitems
1996 Recommendation
Current Status of 1996 DSB Current Status of 1996 DSB RecommendationsRecommendations
G
Y
Y
R
Y
R
Y
Pre 9/11Status
Post 9/11Status
G
Y
R Y
Y
R
Y
G
Y
Y GG
R YY
32
8. Establish and maintain a minimum 8. Establish and maintain a minimum essential information infrastructureessential information infrastructure
9. Focus the R&D9. Focus the R&D
10. Staff for success10. Staff for success
11. Resolve the legal issues11. Resolve the legal issues
12. Participate fully in critical infrastructure 12. Participate fully in critical infrastructure protectionprotection
13. Provide the resources13. Provide the resources
1996 Recommendation
Current Status of 1996 DSB Current Status of 1996 DSB RecommendationsRecommendations
Y GGY
R
Y
R
Y
Pre 9/11Status
Post 9/11Status
R Y
Y
Y
Y
Y GG
R
Y
R
33
Who Has Responsibility?Who Has Responsibility?
Threat Assessments
Indications & Warning
Attack Characterization & Response
Cold War Now
IC DoD / IC / USG Private Sector
IC DoD / IC / USG Private Sector
CINCsJCS
DoD / IC / USG Private Sector
A Shared ResponsibilityA Shared Responsibility
34
In Some Areas Even 9/11 Did Not In Some Areas Even 9/11 Did Not Cause ChangeCause Change
ll FBI Report FBI Report –– April 2002April 2002•• 90% of businesses and government agencies 90% of businesses and government agencies
suffered hacker attacks within the past year.suffered hacker attacks within the past year.•• Only 1/3 of those attacks were reported.Only 1/3 of those attacks were reported.•• 80% of those surveyed acknowledged financial 80% of those surveyed acknowledged financial
losses however, only 44% were willing or able to losses however, only 44% were willing or able to quantify the damage (~$455M).quantify the damage (~$455M).
•• 78% admitted employee abuse of Internet.78% admitted employee abuse of Internet.•• 85% had detected viruses on their networks.85% had detected viruses on their networks.
ll Conclusion: “Now, more than ever, the government Conclusion: “Now, more than ever, the government and private sector need to work together to share and private sector need to work together to share information and be more cognitive of computer information and be more cognitive of computer security…”security…”
35
BackBack--UpUpSlidesSlides
36
DISA
CND RelationshipsCND RelationshipsLimited
Tactical Control
CINCsCINCsCINCs
IntelligenceCommunityIntelligenceCommunity
Other DoD Agencies
Other DoD Agencies
Direction
Coordination
Coordination
Coordination
National Infrastructure
Protection Center (NIPC)
Operational
Policy
AIR FORCE (67 IW)
AFCERT
AIR FORCE (67 IW)
AFCERT
NAVY(NCTF-CND)NAVCERT
NAVYNAVY(NCTF(NCTF--CND)CND)NAVCERTNAVCERT
ARMY(LIWA)
ACERT
ARMY(LIWA)
ACERT
DISA(GNOSC)
DOD CERT
DISA(GNOSC)
DOD CERT
MARINES(MAR-CND)
MIDAS
MARINES(MAR-CND)
MIDAS
Logistic,Technical,
AdminSupportNational
CommunicationsSystem (NCS)
NationalCommunications
System (NCS)
National Coordinating Ctr
Info Sharing
Info Sharing& Advisory Notices
Information Sharing and
Analysis Centers(ISAC)
Private Sector Critical Industries
4Telecommunications4Banking & Finance• Transportation• Water Supply• Energy• Emergency Services• Public Health
Private Sector
Coordination
37
Elements of IOElements of IO
PSYOPPSYOP
Planned operations to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals.
JP 1-02
38
Elements of IOElements of IO
DeceptionDeception
Those measures designed to mislead the enemy by manipulation, distortion, or falsification of evidence to induce him to react in a manner prejudicial to his interests.
JP 1-02
39
Elements of IOElements of IO
EWEWElectronic Warfare (EW) is any military action involving the use of electromagnetic and directed energy to control the electromagnetic spectrum or to attack the enemy. The three major subdivisions within Electronic Warfare are:
ElectronicWarfare
(EW)
ElectronicWarfare
(EW)
ElectronicAttack(EA)
ElectronicAttack(EA)
ElectronicProtect
(EP)
ElectronicProtect
(EP)
ElectronicWarfare Support
(ES)
ElectronicWarfare Support
(ES)
40
Elements of IOElements of IO
OPSECOPSECOOPSEC is a process of identifying PSEC is a process of identifying critical critical informationinformation and subsequently analyzing and subsequently analyzing friendly actions attendant to military friendly actions attendant to military operations and other activities to:operations and other activities to:
Joint Pub 3-54
• Identify those actions that can be observed by adversary intelligence systems
• Determine indicators adversary intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries
• Select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation
41
Elements of IOElements of IO
Physical Physical DestructionDestruction
ll Physical attack/destruction refers to Physical attack/destruction refers to the use of “hard kill” weapons the use of “hard kill” weapons against designated targets as an against designated targets as an element of an integrated IO effort element of an integrated IO effort
JP 3JP 3--1313
ll Application of combat power to Application of combat power to destroy or neutralize enemy forces destroy or neutralize enemy forces and installations. and installations. FM 3FM 3--1313
42
Elements of IOElements of IO
Computer Computer Network Network
OperationsOperations
CNO – Computer Network Attack Computer Network Defense (CND) and Computer Network Exploitation (CNE) collectively.
DCID 7/3
43
What Has Changed?What Has Changed?
19801980ll Monolithic Soviet ThreatMonolithic Soviet Threatll BiBi--polar Worldpolar Worldll Democracy vs. CommunismDemocracy vs. Communismll Politics DominatePolitics Dominatell Perimeter / Bastion ConceptsPerimeter / Bastion Conceptsll US Vulnerable AbroadUS Vulnerable Abroadll PrePre--PC EnvironmentPC Environmentll Peak of the Industrial AgePeak of the Industrial Age
We Are Redefining “National Security”We Are Redefining “National Security”
20022002ll USUS DominanantDominanant Global PowerGlobal Powerll EuropeamEuropeam UnionUnionll Global EconomyGlobal Economyll Economics DominateEconomics Dominatell US Military Budgets US Military Budgets ll US Vulnerable at HomeUS Vulnerable at Homell Computers /Computers / TelcomTelcom PervasivePervasivell Dependent on INTERNETDependent on INTERNETll Rate of Technology ChangeRate of Technology Changell Dawn of the Information AgeDawn of the Information Age
44
Information Assurance Information Assurance --Current StatusCurrent Status
ll Architecture: A solid journey is planned, Architecture: A solid journey is planned, but the roadmap is incomplete.but the roadmap is incomplete.
ll Technology: New developments race Technology: New developments race ahead of understanding (vulnerabilities, ahead of understanding (vulnerabilities, dependencies, reliability) dependencies, reliability) ---- complexity is complexity is growing faster than resultsgrowing faster than results
ll People: Limited bench strength.People: Limited bench strength.ll R&D: Not using the right seed corn.R&D: Not using the right seed corn.
ll Policy & LegalPolicy & Legal: : •• Cold War Policy + 19th Century Law Cold War Policy + 19th Century Law ==
21st Century Solutions21st Century Solutions
45
The Time is Right to Make Progress The Time is Right to Make Progress in Protecting Our Infrastructuresin Protecting Our Infrastructures
ll 88--10 years of experience and study of 10 years of experience and study of these issuesthese issues
ll Congress and the Defense Department are Congress and the Defense Department are sensitized sensitized –– Particularly since 9Particularly since 9--1111
ll Foreign awareness and programs show Foreign awareness and programs show substantial growthsubstantial growth
ll A change in Administration has taken A change in Administration has taken placeplace
ll We should lock in and build on key prior We should lock in and build on key prior recommendationsrecommendations
ll Increased private sector involvementIncreased private sector involvement
Top Related