Military Considerations in ICS/SCADA Attacks

Similar documents
Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

Long Term Defence Study

A Community Position paper on. Law of CyberWar. Paul Shaw. 12 October Author note

Harmful Interference into Satellite Telecommunications by Cyber Attack

The main object of my research is :

Roles and Responsibilities of Cyber Intelligence for Cyber Operations in Cyberspace

Legal Issues / Estonia Cyber Incident

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 9 R-1 Line #139

Trends Concerning Cyberspace

Public Private Partnerships and National Input to International Cyber Security

Statement by Mr. Stephen Welby. Assistant Secretary of Defense for Research and Engineering. Before the

Department of Defense DIRECTIVE

Towards Software Engineering Process for C4I Systems

Cyber defence in the EU Preparing for cyber warfare?

"Cyber War or Electronic Espionage - Active Defense or Hack Back" David Willson Attorney at Law, CISSP Assess & Protect Corporate Information

STATEMENT BY DAVID DEVRIES PRINCIPAL DEPUTY DEPARTMENT OF DEFENSE CHIEF INFORMATION OFFICER BEFORE THE

AUSA Background Brief

Hybrid Warfare & Cyber Defence

Cybersecurity Strategic Talent Management. March, 2012

Navy Information Dominance Industry Day

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

Cyberspace Strategic Impact Social Risk Management. Cyber Security and Cyber Defence. Cyber Defense: NATO Vision

FBI AND CYBER SECURITY

Is NATO Ready to Cross the Rubicon on Cyber Defence?

Resources projected in the previous development plan and the reality

ARI 26/2013 (Translated from Spanish) 17 September Cyber cells: a tool for national cyber security and cyber defence

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

Software Reprogramming Policy for Electronic Warfare and Target Sensing Systems

Our long-term transformation strategy will exploit these tactical advances to achieve two key operational level objectives:

Session 9 Cyber threats in the EU s and NATO s new strategic context General Kees Homan: Introduction Political cyber attacks

Research Note Engaging in Cyber Warfare

Army Doctrine Update

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

Bio-inspired cyber security for your enterprise

GAO DEFENSE DEPARTMENT CYBER EFFORTS. More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities

DOD DIRECTIVE CLIMATE CHANGE ADAPTATION AND RESILIENCE

A Cyber Security Integrator s perspective and approach

Advanced & Persistent Threat Analysis - I

HOLISTIC APPROACHES TO CYBERSECURITY TO ENABLE NETWORK CENTRIC OPERATIONS

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL. (U) SIGINT Strategy February 2012

Big 4 Information Security Forum

working group on foreign policy and grand strategy

CYBER PANEL MEMBERS. Mr. Hart is a member of the United States Air Force Senior Executive Service with over fifteen years service as an SES.

CYBER SECURITY, INTELLIGENCE AND AWARENESS COURSE PARK HOTEL THE HAGUE THE HAGUE, NETHERLANDS 26-30OCTOBER 2015

Information Assurance Manual

SCADA/ICS Security in an.

Triangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace

U.S. Defense Priorities OSD PA&E

Cyber Security Strategy of Georgia

By John Pirc. THREAT DETECTION HAS moved beyond signature-based firewalls EDITOR S DESK SECURITY 7 AWARD WINNERS ENHANCED THREAT DETECTION

The virtual battle. by Mark Smith. Special to INSCOM 4 INSCOM JOURNAL

CAPABILITY FOR DEFENCE IN TURKEY

Predictive Cyber Defense A Strategic Thought Paper

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills

The Intelligent, Proactive Information Assurance and Security Technology IPDM

A Detailed Strategy for Managing Corporation Cyber War Security

Security Threats on National Defense ICT based on IoT

Legal & Ethical Considerations of Offensive Cyber-Operations?

Recent cyber-security studies in the U.S. David D. Clark MIT CFP May, 2009

DEFENSE INFORMATION SYSTEMS AGENCY STRATEGIC PLAN UNITED IN SERVICE TO OUR NATION

UNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #50

DoD Strategy for Defending Networks, Systems, and Data

THE CRITICAL ROLE OF EDUCATION IN EVERY CYBER DEFENSE STRATEGY

Middle Class Economics: Cybersecurity Updated August 7, 2015

Forecast to Industry 2015

An Overview of Large US Military Cybersecurity Organizations

The Guidelines for U.S.-Japan Defense Cooperation April 27, 2015

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

Cybersecurity Delivering Confidence in the Cyber Domain

Cybersecurity Landscape for the Utility Industry and Considerations for State Regulators

White Paper: Cyber Hawk or Digital Dove

Director of Intelligence Proposed Research Topics

The Korean Cyber Attacks and Their Implications for Cyber Conflict James A. Lewis Center for Strategic and International Studies October 2009

SUB Hamburg A/ Cyber Conflict. Competing National Perspectives. Edited by Daniel Ventre ) WILEY

United States Cyber Security in the 21st Century

Architecture Modeling Approach for Net-Centric Enterprise Services (C4ISR/C2 Architecture Track)

Autonomous Intelligent Agents in Cyber Offence

Faculdade de Direito, Lisboa, 02-Jul The Competitive Advantage of Cybersecurity

CYBERSECURITY: ASSESSING THE IMMEDIATE THREAT TO THE UNITED STATES

One Minute in Cyber Security

NATIONAL DEFENSE AND SECURITY ECONOMICS

PEO SYSCOM Conference Joint Pgm Management Perspective

Cyber Security Summit China and Cyber Warfare Desmond Ball 25 July 2011

BlackRidge Technology Transport Access Control: Overview

Jagello Hybrid Warfare: A New Phenomenon in Europe s Security Environment

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Anti-Terrorism Officer (ATO) Course Seminar Description & Outline

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.

PATRIOTWATCHTM PATRIOTSHIELDTM PATRIOTSWORDTM

The term cyberwar is common in

Defending against modern threats Kruger National Park ICCWS 2015

Estonia 2007 Cyberattakcs

White Paper Assured PNT Inside Military Ground Vehicles Using D3

UNCLASSIFIED. HPSCI White Paper on Cyber security December 10, 2008

SUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012

KUDELSKI SECURITY DEFENSE.

Cybersecurity Kill Chain. William F. Crowe, CISA, CISM, CRISC, CRMA September 2015 ISACA Jacksonville Chapter Meeting August 13, 2015

a V e N als enting/gee Mers IGN rse amp Nuclear a can Ica

Active Engagement, Modern Defence

Transcription:

Military Considerations in ICS/SCADA Attacks W. Andrew Pennington CISSP, Net+, A+, MS, MIM Senior Program Manager Cyber Security Training October 13, 2011

Presentation Topics Military s Operational Ethos DoD Vulnerability Reporting Conclusions Cyber Warfighting Paradigm Vulnerability Reporting in the OODA Loop Competing Interests in Vulnerability Reporting Criticality of Vulnerability Remediation Vulnerability vs. Risk DoD Vulnerability Reporting Preference Benefits of Non-Public Disclosure Need for New Laws and Treaties Vulnerability reporting will change over time Need to balance priorities Disclosure is a public service

Cyber Warfighting Paradigm Sensor Integration (Surveillance & Reconnaissance) Observe Intelligence Orient Data Integration (Situational Awareness) Conventional Ops Land/Sea Air & Space Domains Cyber Domain Cognitive Domain Influence Ops Act Actions Integration Decide Operational Integration (Battle Management) Top Priority: Integrating Offensive and Defensive Ops

Vulnerabilities & the OODA Loop Command & Control (C2) Components Observe & Orient VULNERABILITIES Attack Defend C2 capabilities provide the ability to recognize what needs to be done in a situation and to ensure that effective actions are taken.

Influence of Cyber Weapons NATO Cooperative Cyber Defence Centre of Excellence Tallinn, Estonia Estonia Attacks, April 27, 2007 Bronze Night DDOS via BOTNET Traced to Russia but no absolute proof NATO created a new Cyber Defense Center

Influence of Cyber Weapons Armed Conflict over Ossetia & Abkhazia Georgia Attacks, July 2008 Attack Vector DDOS via BOTNET on news media & government sites, external internet Master Controller in Russia, with BOTNETs in Canada, Turkey, & Estonia Cyber Attack integration with Kinetic Attacks during Armed Conflict Result Georgia lost all financial access to foreign banks Lost credit cards and cell phones Georgians shut down their own Financial web services

Influence of Cyber Weapons Buckshot Yankee, 2008 Disclosed by Deputy Defense Secretary William J. Lynn III Flash Memory moratorium Led to creation of new US Cyber Command

Influence of Cyber Weapons STUXNET WORM, July 2010 First known Cyber Precision Weapon Advanced Cyber Weaponization Changed world view on cyber attack capabilities

DoD Influence of Cyber Weapons Civilian CRITICAL INFRASTRUCTURE & KEY RESOURCES (CIKR)

Why Use Cyber as a Weapon System? Mature Weapon System Infant Weapon System $1,000 Asymmetric Weapon: 1 versus 1,000,000 $1,000,000,000 A weapon is near the end of its useful life cycle when defending it requires more resources than its offensive capability.

Cyber is Becoming a Symmetric Weapon Infant Weapon System Life Cycle Adolescent Mature Asymmetric Offensive Weapon: Symmetric Offensive & Defensive Weapon: $1K - $1 million $1-100 millions $Billions

8 Principles of Weapons Development Excerpt from: The Future of War by George & Meredith Friedman 1. New technology frequently appears less sophisticated than old technology 2. Each weapon system (B2) or culture of weapon systems (airplane) has a life cycle 3. A weapon system reaches its limit of usefulness when the defensive measures needed for its survival destroy its utility 4. The military that is least likely to recognize Point 3 is the one that has previously been the most successful 5. At its high point, just prior to disaster, the last generation of technology appears to be invincible 6. Technologies that defeat previous weapons systems share a common characteristic: simplification of warfare & relentless offensive 7. The life cycle of a weapon system is determined by the pace of countermeasure development and the ability to design defenses against the countermeasures 8. A successful military is one that can constantly overthrow old weapons and doctrine and integrate new ideas and personnel without social upheaval.

Aspects of Effective Weaponization Command and control Accurate targeting Adapts to navigation Capable of operating autonomously Recallable Self-destruct capable Operates in a predictable manner Supports situational awareness Controlled impact (minimization of collateral damage) Executes on command, timing after release, or target recognition Multipurpose functionality available on command

Aspects of Integrated Weaponization ODA Loop Requires Rules of Engagement (ROE)-based execution authority Need to identify the appropriate attack vector Need to respond to legal authority to act Need to provide further options and info to command authorities Attack Operate Defend Ability to Coordinate ALL levels of government response with a GLOBAL response

Aspects of Effective Weaponization Survivability Mobility with Stealth Reconstitution Surprise and deception Weapon superiority Upgrade-able to be technically superior Adaptable to tests on a range or in the field Sustainable Maintainable Repairable (field and depot) Life cycle program management

Aspects of Effective Weaponization Integrated into other national capabilities Used for military advantage, not from desperation Cost effective Simple New Accepted and usable in warfare

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information