Suppression of Cyber-Defences

Similar documents
Advanced & Persistent Threat Analysis - I

Roles and Responsibilities of Cyber Intelligence for Cyber Operations in Cyberspace

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

Emergency Response Service IBM Corporation

WRITTEN TESTIMONY OF

Anthony J. Keane, MSc, PhD and Jason Flood, MSc Information Security & Digital Forensics Research Group Institute of Technology Blanchardstown

The main object of my research is :

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Endpoint & Server Protection. Brent Biernat First Vice President Network Services May 13, 2014

Appendix A: Gap Analysis Spreadsheet. Competency and Skill List. Critical Thinking

Cyber Threats Insights from history and current operations. Prepared by Cognitio May 5, 2015

Session 9: Changing Paradigms and Challenges Tools for Space Systems Cyber Situational Awareness

Trends in Malware DRAFT OUTLINE. Wednesday, October 10, 12

A Community Position paper on. Law of CyberWar. Paul Shaw. 12 October Author note

Microsoft s cybersecurity commitment

Penetration Testing Service. By Comsec Information Security Consulting

Cybersecurity Strategic Talent Management. March, 2012

Cyber Security Strategy of Georgia

From Perimetral Defense to Immune Systems: Protecting the National Cyber Space

Threat Intelligence UPDATE: Cymru EIS Report. cymru.com

TLP WHITE. Denial of service attacks: what you need to know

Defending Against Data Beaches: Internal Controls for Cybersecurity

NATO & Cyber Conflict: Background & Challenges

Top Ten Cyber Threats

BlackRidge Technology Transport Access Control: Overview

How To Integrate Intelligence Based Security Into Your Organisation

I N T E L L I G E N C E A S S E S S M E N T

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.

Cyber Security and Infrastructure: Problems of Today, Challenges for Tomorrow

Global Cybersecurity Center for Development. Korea Internet & Security Agency Ministry of Science, ICT and Future Planning

Confrontation or Collaboration?

Trends Concerning Cyberspace

Protecting critical infrastructure from Cyber-attack

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

NATIONAL DEFENSE AND SECURITY ECONOMICS

Offensive capabilities

SCADA/ICS Security in an.

HOLISTIC APPROACHES TO CYBERSECURITY TO ENABLE NETWORK CENTRIC OPERATIONS

Introduction of the GCCD. (Global Cybersecurity Center for Development)

Ed Ferrara, MSIA, CISSP Fox School of Business

Cyber Diplomacy A New Component of Foreign Policy 6

2 Gabi Siboni, 1 Senior Research Fellow and Director,

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Cybersecurity Landscape for the Utility Industry and Considerations for State Regulators

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Covert Operations: Kill Chain Actions using Security Analytics

Advanced Threats: The New World Order

A Detailed Strategy for Managing Corporation Cyber War Security

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

Perspectives on Cyber Security Strategies & Tactics

Promoting a cyber security culture and demand compliance with minimum security standards;

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

ICS Cyber Attacks: Fact vs. Fiction and Why it Matters

After the Attack. The Transformation of EMC Security Operations

KUDELSKI SECURITY DEFENSE.

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

External Supplier Control Requirements

CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015

Threat Landscape. Threat Landscape. Israel 2013

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

ONLINE RECONNAISSANCE

Continuous Network Monitoring

Breakout Session B: Cyber Security and Cybercrime Trends in Africa

Federal Bureau of Investigation

Cyber Security 2014 SECURE BANKING SOLUTIONS, LLC

Security and Privacy

Man, Machine and DDoS Mitigation

The virtual battle. by Mark Smith. Special to INSCOM 4 INSCOM JOURNAL

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

Cyber Security Response to Physical Security Breaches

Bellevue University Cybersecurity Programs & Courses

CYBER SECURITY THREATS AND RESPONSES

New Battlegrounds: The Future of Cyber Security and Cyber Warfare

Gregg Gerber. Strategic Engagement, Emerging Markets

New challenges in Data privacy.

Are you prepared to be next? Invensys Cyber Security

CyberSecurity Solutions. Delivering

The Battlefield. critical infrastructure:

ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM

Can We Become Resilient to Cyber Attacks?

Anthony Minnaar Dept of Criminology & Security Science School of Criminal Justice College of Law University of South Africa

Computer Security Threats

A Cyber Security Integrator s perspective and approach

CYBERSECURITY: ASSESSING THE IMMEDIATE THREAT TO THE UNITED STATES

5 Design Principles for Advanced Malware Protection

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Practical Steps To Securing Process Control Networks

Cyber Confrontation: Hackers Convincing Victory Over the Security Industry

Threat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency

Beyond the Hype: Advanced Persistent Threats

Protecting Critical Infrastructure

U. S. Attorney Office Northern District of Texas March 2013

Cybercrime: risks, penalties and prevention

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

The Four-Step Guide to Understanding Cyber Risk

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

Transcription:

Suppression of Cyber-Defences Brett van Niekerk University of KwaZulu-Natal South Africa

Research Problem Deterrence is often used as a national cyberspace strategy A cyber-attacker may have overwhelming superiority In such instances, deterrence is not applicable An alternative model is needed The paper proposes A model based on Suppression of Enemy Air Defences Defensive considerations for such scenarios

Key Terms Deterrence Cold war / MAD Limited, mostly known adversaries High entry cost Needs to be enforceable, repeatable Suppression of Enemy Air Defences (SEAD) First attacks erode air defence capability Air superiority E.g. Kosovo, Libya, Iraq

Cyber-warfare & Cyber-attacks During 1990s concerns arose of cyber-space and vulnerabilities of critical infrastructures Attack type System penetration / cyber-espionage Distributed denialof-service (DDoS) Examples Moonlight Maze (1998) Titan Rain (2003-2004) Buckshot Yankee (2008) GhostNet, ShadowNet & ShadyRAT (2009-2011) RSA SecurID (2011) Olympic Games (Flame, Duqu, Gauss 2012) Shamoon (2012) Red October (2013) Estonia (2007) Georgia (2008) South Korea & US (2009) Myanmar/Burma (2010) US Banks (2014-2013) Spamhaus/Cyberbunker (2013) System damage Stuxnet (2010) Malware infections US Air Force drones (2011)

Cyber-attack Cycles Hacking Cycle Reconnaissance Scanning Gain access Maintain access and cover tracks N/A Cyber-warfare Attack Cycle 1. Identify target 2. Identify global & infrastructure interfaces 3. Research national systems and networks 4. Gather intelligence information 5. Identify vulnerabilities 6. Covertly probe and test for traps and responses 7. Enter system, locate and transmit sensitive information to a safe location 8. Probe for other systems and networks 9. Probe systems and networks for additional information 10. Set logic bombs and trap doors, then delete intrusion evidence and leave the system 11. Search for additional target systems and networks, and repeat 1-10 12. Attack systems and networks during conflict

Deterrence in Cyber-defence Deterrence in cyber-defence fails: Unknown threat numbers & strength Difficulty in attribution Low entry cost Attacker may not be reliant on IT Willingness of attacker to accept retaliation Low Deterrence No Attribution Cyber Attack Anonymity Deterrence will only work if: both adversaries are known to each other, both adversaries have strong cyber-attack capabilities that can overcome the other's defences, and both adversaries are similarly heavily reliant on information technologies, so that a cyber-attack will significantly impact on the nation's economy and society.

Suppression of Cyber-defences The attacker will have an asymmetric advantage over the defender which may include one or more of the following: The defender cannot sufficiently attribute the attack, and therefore cannot retaliate; The attacker has vastly superior cyber-attack capabilities, and the adversary's capabilities are not sufficient to retaliate; The attacker's society and/or economy is not dependent on the information technology, therefore retaliation in cyber-space will have little effect; The attacker is prepared to suffer the consequences; The attacker is an internal threat to the defender, where retaliation is not possible.

Suppression of Cyber-defences The steps for Suppression of Cyber-defences: 1. Identify connections and nodes with the global and national information infrastructures, with particular focus on national ISPs 2. Identify cyber-defense organizations and facilities 3. Identify vulnerabilities and security measures within the target and cyber-defense networks 4. Infiltrate target, cyber-defense and ISP systems (covertly) 5. Conduct obfuscation 6. Attack primary target 7. Should attack be discovered, launch aggressive attacks on cyberdefense networks and target's security measures 8. Attack secondary targets if/as required 9. Continue attack on primary and secondary targets to cause cascading effects 10. Exit and cover tracks

Scenario: Infrastructure Attack Target national chemical warfare plant, with specific industrial controllers Existing CSIRT, military cyber-command Limited offensive / forensics capability Initial reconnaissance & compromise of internal servers, ISP and power station DDoS CSIRT, cyber-command & government as distraction Power station disrupted to affect CSIRT power supply Chemical warfare factory targeted, equipment destroyed CSIRT ineffective due to lack of power & request overload Security logging of all compromised facilities targeted Security information cannot be trusted due to tampering

Scenario: Cyber-espionage Botnet / APT extracting information from target nations Compromised file servers both inside & outside target nation Prior to completing extraction, infection discovered on secondary target Cyber-defences targeted Non-essential servers DDoS CSIRT & Government CSIRT distracted, provides attackers extra time Non-essential servers diverts attention away from primary attack Additional high-value information extracted File servers shut down & wiped

Defensive Considerations To prevent targeting of cyber-defenses, redundant facilities can be used to support each other Expensive Lack of available expertise Primary Cybersecurity Facility Redundant Cybersecurity Facility Sector CSIRTs / security intelligence centers SA National Cyber Security Policy SA Cybercrimes and Cybersecurity Bill

Telecomms Defensive Considerations Telecomms & IT Sector Mining Sector Transport Sector Cyber Security Hub Cyber Command Manufacturing Sector Financial Sector Cyber Crime Centre ECS-CERT

Conclusion Deterrence has limited effectiveness High asymmetry in favour of attacker may prevent retaliation New model, based on SEAD Target & disrupt cyber-defence & decision making organisations Increase effectiveness of primary attack Defensive considerations Traditional redundant cyber-defence facilities expensive Ring structure of sector-based cyber-defence facilities

Thank you Questions? Brett van Niekerk University of KwaZulu-Natal South Africa vanniekerkb@ukzn.ac.za

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information