"Cyber War or Electronic Espionage - Active Defense or Hack Back" David Willson Attorney at Law, CISSP Assess & Protect Corporate Information

Similar documents
Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Research Note Engaging in Cyber Warfare

Legal & Ethical Considerations of Offensive Cyber-Operations?

Confrontation or Collaboration?

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

A Community Position paper on. Law of CyberWar. Paul Shaw. 12 October Author note

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Harmful Interference into Satellite Telecommunications by Cyber Attack

The main object of my research is :

Topic 1 Lesson 1: Importance of network security

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

NATO & Cyber Conflict: Background & Challenges

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

the Council of Councils initiative

Cybersecurity. Canisius College

Developing a robust cyber security governance framework 16 April 2015

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

CYBER WARFARE AN ANALYSIS OF THE MEANS AND MOTIVATIONS OF SELECTED NATION STATES INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE

Security & SMEs. An Introduction by Jan Gessin. Introduction to the problem

Secure Data Centers For America A SOLUTION TO

CYBER SECURITY THREAT REPORT Q1

SCADA/ICS Security in an.

Cybercrime: risks, penalties and prevention

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

James R. Clapper. Director of National Intelligence

VIENNA MODEL UNITED NATIONS CLUB

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns

Federal Bureau of Investigation. Los Angeles Field Office Computer Crime Squad

UNCLASSIFIED. Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI. June 15th, 2015

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION

Federal Bureau of Investigation

Online International Interdisciplinary Research Journal, {Bi-Monthly}, ISSN , Volume-III, Issue-IV, July-Aug 2013

New York State Energy Planning Board. Cyber Security and the Energy Infrastructure

Getting real about cyber threats: where are you headed?

FBI CHALLENGES IN A CYBER-BASED WORLD

Offensive capabilities

CYBERSECURITY RISK MANAGEMENT

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

The Four-Step Guide to Understanding Cyber Risk

WRITTEN TESTIMONY OF

FBI AND CYBER SECURITY

What is Cyber Liability

Corporate Spying An Overview

Trends and Tactics in Cyber- Terrorism

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Energy Cybersecurity Regulatory Brief

Trends Concerning Cyberspace

CSIS Security Research and Intelligence Research paper: Threats when using Online Social Networks Date: 16/

Protecting Organizations from Cyber Attack

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

Executive Director Centre for Cyber Victim Counselling /

The International Context for Cybersecurity

Public Private Partnerships and National Input to International Cyber Security

Collateral Effects of Cyberwar

Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World

OPC & Security Agenda

Liability Management Evolving Cyber and Physical Security Standards and the SAFETY Act

Cybersecurity Primer

Advanced & Persistent Threat Analysis - I

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Analytic and Predictive Modeling of Cyber Threat Entities J. Wesley Regian, Ph.D.

How To Protect Your Computer From Attack

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

New Battlegrounds: The Future of Cyber Security and Cyber Warfare

Train Like You Will Fight

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

CYBER SECURITY. ADVISORY SERVICES Governance Risk & Compliance. Shemrick Rodney IT Specialist Consultant Antigua & St. Kitts

Roles and Responsibilities of Cyber Intelligence for Cyber Operations in Cyberspace

How Secure is Your SCADA System?

Building a Business Case:

Nuclear Security Requires Cyber Security

CHAPTER 10: COMPUTER SECURITY AND RISKS

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

Internet threats: steps to security for your small business

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

ITAR Compliance Best Practices Guide

Vulnerability Assessment & Compliance

Cyber Security Where Do I Begin?

Counterintelligence Awareness Glossary

Transcription:

"Cyber War or Electronic Espionage - Active Defense or Hack Back" David Willson Attorney at Law, CISSP Assess & Protect Corporate Information

Iran Georgia France Estonia Attacks on Nations UK Belgium South Korea Canada United States

Allied Irish Banks Attacks on Businesses

Why has hacking gotten so bad? Great advances in technology Hacker underground where you can buy malware, point and click hacking programs, tech support Safety and anonymity

Who is Involved? Hackers Organized Crime Terrorists Nations

Headlines!! Digital Spies: The Alarming Rise of Electronic Espionage Foreign agents are stealing stealth technology, hacking heads of state, and sabotaging American companies. And while many of these attacks are traced to China, electronic espionage is an accelerating scourge that knows no national boundaries. (Adam Piore, Popular Science, Jan. 24, 2012)

Headlines!! U.S. Cyber-spying by China and Russia a threat Billions of dollars of trade secrets, technology and intellectual property are being siphoned each year from the computer systems of U.S. government agencies, corporations and research institutions to benefit the economies of China and other countries, the Office of the National Counterintelligence Executive said. (By Ellen Nakashima, Washington Post, Nov. 4, 2011)

Headlines!! Hack at Illinois Water Plant Shows Vulnerabilities in Critical Infrastructure Allegedly, hackers based in Russia were able to remotely shut down a water pump at a facility near Springfield. (Sue Marquette Poremba Nov 21, 2011- Reuters)

Headlines!! CHINA ACCUSED OF RUNNING 10- YEAR RING OF CYBER ESPIONAGE (PYMNTS.COM) A new report from security firm FireEye released yesterday (April 12) accuses the Chinese government of having involvement in a decade-long cyber espionage operation aimed at attacking government agencies, corporations and journalists in India and across Southeast Asia.

A Crippling Cyber Attack Would Be an 'Act of War' - Leon Panetta See video here: (https://www.youtube.com/watch?v=17fia7qoyy0)

Can we categorize the attacks on Nations? Electronic Espionage? Cyber War? Criminal Hacking?

So, where do we draw the line? When does a cyber attack cross the line from hacking, cyber crime, or electronic espionage and become an ACT of WAR??

Cyber War Act of War/ Use of Force/ Armed Attack LINGO Cyber Attack Electronic Espionage

UN Charter Geneva Convention Art. 51 Self-Defense Hague Convention LAW See: Talinin Manual Customary Int l Law Anticipatory Self-Defense

Use of Force v. Armed Attack 1. Use of Force: in response a nation may use lesser or equal means as compared to the original use of force (probably would not allow a kinetic response to a cyber attack considered a use of force ) 2. Armed Attack: allows the attacked nation to respond with a proportional response (if cyber attack is considered an armed attack, the attacked nation can likely respond with a kinetic attack)

Use of Force v. Armed Attack Issue: When does a cyber-attack equal an armed attack? Theory: Any cyber-attack that may have the same result as a kinetic attack would likely be classified as an armed attack

Is this electronic espionage or an act of war? Defacing your adversary s website? (Happened) Blocking their Internet access to the outside world? (Happened) Stealing their military secrets? (Happened)

Is this electronic espionage or an act of war? Planting logic bombs in critical infrastructure? What about in defense hardware and software: communication satellites, missile defense, etc.

Is this electronic espionage or an act of war? Disrupting an adversary s financial structure? Erasing an adversary s critical data? What about disrupting or even altering GPS? How about challenging our ability to operate freely in the cyber commons?

Is this electronic espionage or an act of war? How about disrupting or setting back your adversaries nuclear weapons program, or what they say is just nuclear power??

Do We Need a Response? Dubai: The US will face a teeth-breaking response if it continues to carry out cyber attacks against Iran, an Iranian official said Wed. If the Americans futile cyber attacks don t stop, it will face a teeth-breaking response,.... (Iranian Students News Agency)

Do We Have a War? If a tree falls in the woods and no one hears it, does it make a sound? If one nation attacks and the other does not respond do we have a war?

Critical Piece Do you know who is attacking you? Attribution (can you fire back blindly?) Sum of All Fears http://www.youtube.com/watch?v=8gpu-oz4p64 In this movie, terrorists made it appear that Russia detonated a nuclear weapon in Baltimore. This deception almost led to the US and Russia launching nuclear attacks on one another. Deception in cyberspace is much easier.

What About Precedence? In the 90 s a Russian professor declared that Russia considers information operations (the term used at the time) to be akin to a nuclear attack and retains the right to respond with a nuclear strike.

Recap 1. Has a cyber war already occurred? 2. Can we draw a clear line? 3. What factors must inevitably be considered? a. Attribution b. Escalation c. Setting precedence

Recap Stuxnet/Code Yellow/Shamoon Act of War/ Use of Force/ Armed Attack??

Use of Force v. Armed Attack Use of Force: I would argue that most of what we see in the news that is labeled a cyber-attack or cyber war could be considered a use of force, thus allowing the aggrieved nation to respond in kind. Question: is the use of Stuxnet then considered a use of force? Yes Is it an Armed Attack? This question is yet to be answered!!

What will it Take? No single incident Combination of attacks Rise to level of do or die or economic Armageddon!

Cyber Pearl Harbor? Eric Rosenbach, Deputy Assistant Secretary of Defense for Cyber Policy: A catastrophic cyber-war is important to prepare for, but an unlikely scenario. Stealing data important to the nation s economic security, is occurring here and now! (National Defense July 2012)

Assuming we are not at war, then this is a Risk Management problem for companies. How do you manage this risk? Develop and implement Rules of Engagement (ROE) for your company. E.g. Do you have a plan?

Businesses are on their own Government has its hands full! What can companies do? Active Defense!! (Take the fight to the bad guys)

Attacks on businesses? Economic Espionage? Criminal Hacking? Does the breach of a large company impact the national security of the nation where it resides?

Cyber Attacks The Cost Time Money We are losing the battle Traditional defenses don t work New defenses and options are needed

500 Executives Surveyed One thing is very clear: The cyber security programs of US organizations do not rival the persistence, tactical skills, and technological prowess of their potential cyber adversaries. www.pwc.com/cybersecurity One sad reality is despite all the warnings, companies and individuals continue to fail to implement basic security practices.

Current Options for Business Cleanup Nothing Block Response Remove Hack Back Call LE

Hack Back- Active Defense What is it?

No Is Hacking Back Self- Defense Legal? C.H. Chuck Chassot of the DoD Command, Control, Communications & Intelligence office: It is the DoD's policy not to take active measures against anybody because of the lack of certainty of getting the right person.

Is Hacking Back in Self-Defense Legal? Yes Timothy Mullen, CIO of AnchorIS, Inc.: People should be allowed to neutralize one that is unwittingly spreading destructive Internet worms such as Nimda Jennifer Stisa Grannick, litigation director at the Center for Internet and Society at Stanford Law School: This is a type of defense of property. There is a lot of sympathy for that (kind of action) from law enforcement and vendors because we do have such a big problem with viruses.

Deterrents to Hack Back Law Ethics Retribution Illegal to gain unauthorized access to a computer Highly probable that hacking back will affect innocent computers or networks You may awaken the beast!

Hack Back- Active Defense Legal Issues Nations Law of War Law of Neutrality Collateral Damage

Hack Back- Active Defense Legal Issues Business Domestic Law International Law Can/should businesses rely on their governments to defend them? Can they take matters into their own hands?

Law Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby does or causes XXX is in violation of XYZ Law.

One Theory Embed Code in the Phone Home function of a Bot. When the Bot connects to the IRC server the Code disables it.

Legal? Did you have the intent to access the innocent computer or server being used as the IRC server? Did you access that server without authorization? Did you cause harm, alter, or in some way have a negative impact on the innocent computer?

Legal?, cont. Does an infected computer impliedly grant you access to their system if their computer is causing damage to or plaguing your computer or network? Wouldn t a traditional scenario of self-defense apply in this situation? Is the only driving factor imminence?

Legal?, cont. Does an infected computer whose negligence allows your computer to be attacked, and the attack is ongoing or imminent, give you automatic authority to defend yourself by accessing that infected computer? Can the victim of a bot attack claim that their code was automatic, used common protocols, followed the bot into the infected server (IRCd), and blocked the bot did he exceed authorized access?

Common Objections: Retribution and Ethics Issues You will start a war with China! Really?

You will impact an innocent bystander! No one in this scenario is innocent. Victim? Yes! Innocent? No!

Business Owner, Executive, Leader: What s Your Responsibility Protect the business Assess the risk Implement good security Reduce or eliminate liability Protect reputation Recover quickly

Hack Back Scenario www.lowestoftjournal.co.uk

Questions? David Willson Attorney at Law, CISSP Assess & Protect Corporate Information david@titaninfosecuritygroup.com Text the number 50500 In the message type: titansecurity

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information