How to Fight and Win the New Cyberwar

Monday, August 13, 2012

We are losing the cyberwar. The presentation that you can download below will explain how to fight and win this new war.  It will also explain why what we are doing now not only won't work, but it can't work because the net-centric defense approach is fundamentally flawed.

I will begin with the cyberwar "sitrep" which is a snapshot of where we are right now.  This includes the offensive and defensive purposes of cyberwar and how new requirements for connectivity greatly increases risk.  I'll also list the personnel issues, technical issues, economic issues ad management issues involved on the cyber battlefield.

Next I'll cover security technology including firewalls and how to hack them, anti-virus software and why it is ultimately ineffective.  I'll list various encryption techniques, the most effective of them being CKM (Constructive Key Management).  The three basic hacking techniques of footprinting, scanning and enumeration will also be described followed by network hacking for "zombie" creation.

I'll then describe medical device hacking, automobile hacking which means making your instruments and onboard computers behave erroneously, "on the bus" hacking via SmartPhones, LEO (Law Enforcement Officer)  X25 radio hacking through reverse engineering and even non-electronic hacking using the advanced 4GS phones' improved accelerometers and AI techniques for keystroke capture.

The history of the cyberwar battlefield will then be described because it's important to understand how we got in this mess in order for us to craft an effective solution.  A problem that is not understood cannot be solved.

I will cover software structure, security research results, DoD 5200.28 and ISO15408 secure system standards.  I will describe what can be done and what cannot be done in the cyber battle.  What objectives are useful and achievable and which objectives are not useful and are unachievable.

I'll wrap up with how to win the cyberwar with existing technologies, an approach and policies that, if properly put in place, will give us all 100% confidence in the security of our data and maintaining our 24-by-7 operational continuity.

Download the IQ Cyber Security Briefing here:

17797
Network->General
Information Security
Security Strategies Hacking Cyberwar Cyber Security Network Security Standards Cyber Warfare Cyber Offense Cyber Defense
Post Rating I Like this!
F66c1a87a8db2cb584b4e06e93a84ce3
Mikko Jakonen Nice document with lots of colorful pages and some good historical information, but unfortunately badly outdated and without responses.
1344961328
800ca77bf7ad76b2a830356569e524b7
Dr. Steve Belovich I am not sure what you mean by "outdated". The techniques for a secure system have been known for 40 years. Economics has prevented their widespread adoption. I explained this in a six-part series on InfoSec Island two years ago.

All net-centric defense approaches will fail because the TCP/IP protocol permits challenge-response without authentication. Until and unless that situation changes, no 100% sure-fire network defense is possible.

So, the only practical answer is to assume that your network is "polluted" with evil packets and thus focus on protecting your systems at the O/S kernel level so that the evil packets will do no harm (other than eating up bandwidth.
1344966647
94ae16c30d35ee7345f3235dfb11113c
Joel Harding Nice briefing, very comprehensive.

I don't agree with using the word "cyberwar" in this context. Yes, it gains attention, after that you're subject to sniping among us purists who believe cyberwar is not possible. Warfare in cyberspace is ungainly but much more accurate. The occasional sprinkling of military terms, such as Sitrep is quaint, but I fully expected strategic, operational or tactical TTP (tactics, techniques or procedures) to follow.

Cyberwar is such a distasteful term, in so many ways, but easy to use. Whenever I read an article, a paper or a presentation that uses that term, I cringe. Here's a recent blog I wrote on the subject: http://toinformistoinfluence.com/2012/08/14/cyberwar-lets-work-through-this-shall-we/ I believe it was reproduced here at InfosecIsland.
Even though the US military, through ARPA, then DARPA, invented the internet, it was designed to share information and insure its use as a means of communication even in the event of a nuclear war. It was never intended to be used as a means of warfare of and by itself. Now the US has created a Cyber Command, their experts are still struggling with many of the basic concepts of warfare to be conducted in cyberspace. The legal framework is still not formed, but there is hope: the CCDOS is about to release their 'Talinn Manual', which will refine many of the legal references needed.
Nice briefing. I suggest you peruse an excellent book by Kevin Coleman, the "Cyber Commander's eHandbook". While lacking proper academic references and citations it gives a much more solid framework for discussions of warfare in cyberspace.
1345397601
F66c1a87a8db2cb584b4e06e93a84ce3
Mikko Jakonen Hi Steve, Joel - I have never actually thought the phenomenon by the way Joel you present it. Still, how distasteful it is, many organizations in private or in government sector does use it as it has found a route to peoples hearts and minds. a Matrix syndrome :) - I don't want to feel or define the sematic meaning of cyber warfare to myself with an exact terms. It will bend and adjust.
What comes to the Tallinn Manual and with the rest of the case, I think the one with strongest capabilities within defence and offense areas of information warfare including 5th domain implemented via ways of hacking (software), C2W, network centric, automation (SCADA et al) and simulations - shall define the terms. The important thing is how to adapt to it and make decision where the line stands.
As Joel you mention about the Internet precursor, using Internet as a warfare "tool" itself is bit misleading. ARPANET is very much different now with a multitude of applications, such as Facebook (information superiority) build on top of the information sharing. Just a medium, to say. Kevin Coleman's book is one of the (not so many) referenceable books available.
1345467480
800ca77bf7ad76b2a830356569e524b7
Dr. Steve Belovich Hi Joel & Mikko - I agree that the term "Cyber War" has problems, but I used it because a) it gets attention and, b) most of my audience was law enforcement personnel and ex-military.

So, the military references were intentional to assist the audience to better "identify with and connect to" the material that I presented. That's it.
1345660515

Most Liked