The Spectrum of Cyber Conflict From Hacking to Information Warfare ...
Cyber Conflict Research
description
Transcript of Cyber Conflict Research
![Page 1: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/1.jpg)
Cyber Conflict Research
Rain Ottis
22.4.2023
UNCLASSIFIED
![Page 2: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/2.jpg)
Disclaimer
The opinions expressed are those of the presenter and should not be considered as official policy of the CCD COE or NATO
UNCLASSIFIED
![Page 3: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/3.jpg)
Outline
• My background – why cyber defence?• What is a cyber conflict?• Volunteers in cyber conflicts• Farmers with laptops• National security implications• Spam• Q&A
UNCLASSIFIED
![Page 4: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/4.jpg)
About me
• 1999-2003 – USMA, BSc (Computer Science)• 2003-2005 – EDF Signal Battallion, instructor• 2005-2008 – National Defence College, TDC
CIS, cyber defence section chief• 2008- ...... – CCD COE, scientist
• 2005-2007 – TUT, MSc (Informatics)• PhD studies in TUT since 2007
UNCLASSIFIED
![Page 5: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/5.jpg)
Cyber Conflict
• Definition, please?• Cyberspace, cyber society, cyber attack, cyber
stuff etc.
UNCLASSIFIED
![Page 6: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/6.jpg)
Cyber Conflict
• An information system is a system* that is designed to operate with information.
* a fixed set of elements and their properties or relations
UNCLASSIFIED
![Page 7: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/7.jpg)
Cyber Conflict
• A weapon is a system that is designed to damage the structure or operations of some other system(s).
• An information technology weapon, or shorter – IT weapon, is an information technology based system that is designed to damage the structure or operations of some other system(s).
UNCLASSIFIED
![Page 8: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/8.jpg)
Cyber Conflict
• A cyber weapon is an information technology based system that is designed to damage the structure or operations of some other information technology based system(s).
• Cyber weapons are a subset of IT weapons
UNCLASSIFIED
![Page 9: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/9.jpg)
Cyber Conflict
• Cyber incidents are events that cause or may cause unacceptable deviation(s) in the structure or operation of an information system (or its components, including information, hardware, software etc.).
UNCLASSIFIED
![Page 10: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/10.jpg)
Cyber Conflict
• Cyber attack is the intentional use of a cyber weapon or a system that can be used as a cyber weapon against an information system in order to create a cyber incident.
UNCLASSIFIED
![Page 11: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/11.jpg)
Cyber Conflict
• Cyber espionage is the use of cyber attacks to cause a loss of confidentiality of the target system.
• Cyber conflict is the use of cyber attacks (which must include attacks against integrity or availability of the target systems) to achieve political aims.
• Cyber war is a cyber conflict between state actors.
UNCLASSIFIED
![Page 12: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/12.jpg)
Volunteers in Cyber Conflict
UNCLASSIFIED
![Page 13: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/13.jpg)
Volunteers in Cyber Conflict
UNCLASSIFIED
![Page 14: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/14.jpg)
Volunteers in Cyber Conflict
• (Using) politically supportive civilian assets• Create, Hijack or Manipulate? Or hope for the
best?• Plausible deniability• Low attribution level• May be protected from legal actions• Geographically spread out• Diverse arsenal• LOW resource need
UNCLASSIFIED
![Page 15: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/15.jpg)
Volunteers in Cyber Conflict
• Difficult to plan, control, restrain• Indirect control mechanism• Effectiveness not guaranteed• Rise of cyber crime
UNCLASSIFIED
![Page 16: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/16.jpg)
L33T H4X0R 1.0 - resources
• Access to a PC • Internet connection• Web browser• Time to browse forums and websites• -----• Potentially administrator rights on the PC• Potentially PC is a laptop with wireless
UNCLASSIFIED
![Page 17: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/17.jpg)
L33T H4X0R 1.0 - skills
• Using the web browser• Using a search engine• Downloading files from a web site• Opening data files (.doc, .xls etc.)• Opening (running) executable files• Copy-paste commands to command line and
execute
UNCLASSIFIED
![Page 18: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/18.jpg)
L33T H4X0R 1.0 – support actions
• Propaganda & Recruitment• Supply• Training• Reconnaissance & Targeting• Observation• Fog of War
UNCLASSIFIED
Сегодня, проводится грандиозная DoS-атака на сайт их правительства http://www.riik.ee/et/
ооуществить это легко - заходим в Пуск - Стандартные - командная строка, в открывшемся окне пишем : ping -n 5000 -l 1000 http://www.riik.ee
на это вы потратите 5 мегабайт исходящего трафика.
![Page 19: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/19.jpg)
L33T H4X0R 1.0 – support actions
UNCLASSIFIED
![Page 20: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/20.jpg)
L33T H4X0R 1.0 - attacks
• Denial of Service (DoS)• Distributed Denial of Service (DDoS)• Web defacement• Infecting systems with malware
UNCLASSIFIED
![Page 21: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/21.jpg)
Rocket science?
UNCLASSIFIED
![Page 22: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/22.jpg)
National security implications
• Attribution• Deterrence• Cyber Power• Critical Information Infrastructure Protection• Educating the end user• ...
UNCLASSIFIED
![Page 23: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/23.jpg)
I want in!
• CCD COE Annual Conference– Conference on Cyber Conflict, 15-18 June 2010– Will happen again in 2011
• ECIW 2011 – co-hosted by CCD COE and TUT Cybernetics Institute, July 7-8, 2011.
• IEEE Special Edition on Cyber Conflict – Abstracts due 15 June 2010– To appear in fall 2011
UNCLASSIFIED
![Page 24: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/24.jpg)
References
• Lorents, P. and Ottis, R. (2010) ”Knowledge Based Framework for Cyber Weapons and Conflict.” In Czosseck, C. and Podins, K. (Eds.) Conference on Cyber Conflict. Proceedings 2010. Tallinn: CCD COE Publications, p 129-142.
• Ottis, R. (2009) ”Theoretical Model for Creating a Nation-State Level Offensive Cyber Capability.” In Proceedings of the 8th European Conference on Information Warfare and Security, Lisbon. Reading: Academic Publishing Limited, p 177-182.
• Ottis, R. (2010) ”From Pitch Forks to Laptops: Volunteers in Cyber Conflicts.” In Czosseck, C. and Podins, K. (Eds.) Conference on Cyber Conflict. Proceedings 2010. Tallinn: CCD COE Publications, p 97-109.
• Ottis, R. (2010) ”Proactive Defence Tactics Against On-Line Cyber Militia.” 8th European Conference on Information Warfare and Security, 01-02.07.2010. Thessaloniki, Greece. [to appear]
UNCLASSIFIED
![Page 25: Cyber Conflict Research](https://reader035.fdocuments.us/reader035/viewer/2022062811/5681616c550346895dd0fa2e/html5/thumbnails/25.jpg)
Questions
Thank you!www.ccdcoe.org
http://conflictsincyberspace.blogspot.com
UNCLASSIFIED