AWC711_Topic1_Engen_Lecture - To Share.pptx

AWC711 Cyber and Information Warfare Elective Robert C. Engen Senior Lecturer, Deakin University Australian War College Topic 1: Unit Introduction

Topic Schedule Structure of the Unit Introduction to Cyber and Info Warfare, plus some definitions The “Golden Threads” Introduction to Exercise HALTSTATE

AWC711 Cyber and Information Warfare Elective Unit Structure

TOPIC 2: VULNERABILITIES Today’s topic is a deep-dive into a recent book by veteran software security analyst Mikko Hypponen , If It’s Smart, It’s Vulnerable . This is an entertaining introduction to some of the fundamentals of cyber vulnerabilities, why they are as ubiquitous as they are, and what the basic operating environment of cyber looks like. We will be discussing the nature of malware, the importance of the human element, network vulnerabilities, blockchain, and some of the basics of cyber “warfare” online. Hyponnen is a Finnish cyber security expert with thirty years’ experience in the field. Some of you will also be looking at chapters from Adam Barr’s excellent book from MIT Press, The Problem with Software .

TOPIC 3: HACKERS AND STATES The cyber domain presents challenges, opportunities, and critical threats to States. Perhaps most importantly, cyber is proving to be quite unlike other domains, and State power in one area does not translate seamlessly to others. Today’s topic is focused on reading Ben Buchanan’s The Hacker and the State (Harvard University Press, 2020), which is one of the best recent books for exploring the counterintuitive operational functioning of cyber capabilities. Buchanan argues that everyone on the internet is caught in the crossfire of persistent geopolitical cyber struggles. The global communications networks are the front line of a new kind of statecraft.

TOPIC 4: CYBER PERSISTENCE THEORY Cyber Persistence Theory, developed by Michael Fischerkeller (Institute for Defence Analysis), Emily Goldman (US Cyber Command), and Richard Harknett (University of Cincinnati) is a new way of conceptualizing the nature of cyber operations and campaigns. They argue that a failure to understand this strategic competitive space means that many states misapply the logic and strategies of coercion and conflict to this environment. Instead, they argue that the dynamics of cyber competition are exploitive rather than coercive and use this as the basis for developing new strategies of persistence rather than deterrence .

TOPIC 5: CYBER AS A WARFIGHTING DOMAIN? Most Western states, including Australia, have declared cyberspace to be a new domain of warfare. The number of cyber commands and organizations looking to develop national cyber strategies has increased significantly in the past decade. But cyberspace is not militarizing as quickly as many predicted. Today we look at the recent work of Max Smeets ( Center for Security Studies, Zurich), whose book No Shortcuts assesses the necessary building blocks for states to develop a military cyber capability. Rather than characterizing cyberspace as a free-for-all Wild West, Smeets argues that the cost of entry for creating and utilizing effective cyber weapons and capabilities is very high. For your deep dives, some of you will also be exploring Daniel Moore’s recent book Offensive Cyber Operations to come to grips with cyber warfare.

TOPIC 6: CYBER AND INTERNATIONAL LAW What is the legal framework surrounding cyber operations? What behaviours are permissible in cyberspace? This topic aims to identify and assess the extent to which existing norms and principles of international law can be applied to cyber warfare, with special attention to the Tallinn Manual 2.0 and other legal tools now available. This topic also discusses the fraught issue of attribution of cyber attacks and the difficulties (both technical and legal) in firmly attributing actions in cyberspace.

Putting it Together Exercise HALTSTATE Warfighting? How cyber fits as a warfighting domain and concern. Int’l Law Questions of law, legality, and attribution of cyber. Persistence & Deterrence Strategic postures for cyberspace. Hackers & States Signaling, shaping, infrastructure, and the geopolitical use of hacking. Vulnerabilities Appreciation for why vulnerabilities in software exist, and how they are exploited.

AWC711 – “Deep-Dive” Reading Format Readings will be a different format: not everyone does every reading. Instead, syndicate course members are assigned one reading each to do in depth. Most topics will have a short “Common Reading” that all CMs must complete . But then there will be (typically) six “Sub-Topics” each with its own reading or set of short readings . Your syndicate director will assign two students to each Sub-Topic in advance. You will complete the Sub-Topic reading, in detail. Syndicate time will be given in the morning sessions to perform a cross-brief, with CMs taking five minutes to outline the most important points of their Sub-Topic for one another. Yes, this is just the same as in the AWC704 unit you just took. !

Assessment: Operations Log The Operations Log represents the reflections submitted on major course themes with every round of Exercise HALTSTATE. There will be four Operations Logs to submit, each ~500 words, for a total of ~2,000 words. This is a group assessment and must be submitted as part of the Orders each exercise day.

Assessment: Oral Presentation The oral presentation is a group project due on the last day of the elective. It must be a 15-minute pre-recorded presentation that captures your insights into the character of cyber operations, and how you see this as being applicable to the defence of Australia.

Questions?

AWC711 Cyber and Information Warfare Elective Intro to Cyber and Information Warfare

The Cyber War in Ukraine, 2022-23 First “cyber war” between peers with roughly equivalent cyber capabilities has raised more questions than it has provided answers for. Ukrainian cyber security bolstered by Western partners and private sector. Russian cyber operations much less effective than expected. Large-scale but highly attritional cyber conflict. Tremendous spillover too. National Security Archive Cyber Vault: “A Chronology of the Cyber Aspects of the War in Ukraine,” current to 30 May 2023. Link .

The Cyber War in Ukraine, 2022-23 Sustained Russian attempts to hack into Ukrainian critical infrastructure have been largely defeated or quickly repaired. Defensive cyber has dominated because of access to good intelligence and top cybersecurity expertise. Substantial difficulty in coordinating cyber effects with military effects. Dearth of capabilities needed to impair military units, weapons systems, C2. Most important aspects of cyber have involved influence and information ops for cognitive effects. Also provides a crash course on how to digitize fighting forces on the cheap.

(Cyber War, huh) Good God y’all (What is it Good For?) The challenge for us is to understand cyber operations as undramatic and prosaic phenomena, while remaining conscious of its potential to be something far greater. What can cyber accomplish? Have we seen top-end offensive cyber capabilities deployed in Ukraine? If not, why not? Is deterrence working? What is cyber likely to accomplish? When does cyber serve as a useful adjunct to military operations , and in what ways? Collateral damage – malware cyber weapons are very likely to spread beyond the battlefield, possibly indiscriminately. 2022 was the year of wiper malware coming out of Russia.

Characteristics of the Tech Moore’s Law: the number of transistors on integrated circuit chips doubles every two years. Recursive simplicity of the technology. “Patterns inside patterns,” where the whole is structurally identical to the parts. Recursiveness of software simplifies its development and allows for exponential growth factors (see Moore’s Law ). Radical Connectivity. Individual computers in isolation are powerful, but connecting these devices is fundamental to creation of cyber strategic environment. Differs from segmented quality of the physical world. Accessibility. Universe of networks enables actions and interactions that previously were not possible. Availability. Opportunity for simultaneous retrieval of information. Limitation based not on how many copies of something exist but on server’s capacity to manage users. Speed. Time relative to managing the OODA loop shrinks due to vast sums of available information. Affordability. Resources required to exploit advantages are low, and continually declining. Also easier to use now.

Threat Actors From the Structured Threat Information Expression (STIX) v2.1: Threat Actors are actual individuals, groups, or organizations believed to be operating with malicious intent. Threat Actors leverage their resources, and possibly the resources of an Intrusion Set, to conduct attacks and run Campaigns against targets. Threat Actors can be characterized by their motives, capabilities, goals, sophistication level, past activities, resources they have access to, and their role in the organization. Some types of Threat Actors: Trolls/Thrill-Seekers: a person or group that attacks a system for recreation. Hacktivist: a person or group that attacks a system to promote a social or political agenda. Organized Crime: highly centralized enterprises run by criminals to engage in illegal activity. Nation-State Actors: aim to gain intelligence or launch attacks against others in the national interest. This can involve a nation’s own intelligence agencies, or an outside group that specializes in cyber crime. Insiders: any person with authorized access to a resource in question. Competitors: an organization or country engaged in commercial or economic competition with others.

Vulnerability From the Structured Threat Information Expression (STIX) v2.1: A Vulnerability is a weakness or defect in the requirements, designs, or implementations of the computational logic (i.e. code) found in software and some hardware components (firmware) that can be directly exploited to negatively impact the confidentiality, integrity, or availability of that system. Zero-Day Exploits are created by innovators who develop exploits to take advantage of previously-unknown Vulnerabilities.

Malware From the Structured Threat Information Expression (STIX) v2.1: Malware is a TTP that represents malicious code. It refers to a program that is inserted into a system covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system , or otherwise annoy or disrupt the victim.

Distributed Denial of Service (DDoS) attacks are brute-force attempts to overwhelm a target server with sudden surges in traffic, taking it offline. This is done through flooding a victim machine with superfluous requests. The most effective DDoS attacks happen when thousands of “slave” computers (previously infected with malware) all attack simultaneously. They are very difficult to defeat or even distinguish from legitimate traffic because there are no exploits involved, just volume of traffic. Distributed Denial of Service (DDoS)

Social Engineering Attacks It is easier to manipulate the people using software than it is to find vulnerabilities in the software itself. Most malicious cyber operations involve social engineering attacks that do not involve directly attacking software at all: they find ways to gain illegitimate access through manipulating the behaviour of legitimate users .

The Cyber Kill Chain Recon: illuminating the environment or harvesting info. Weaponization: pairing malicious code with an exploit to create a weapon (malware). Delivery: transmission of weapon to target. Exploitation: once delivered, malware is triggered and exploits the vulnerability. Installation: weapon installs malware on the system. C2: command channel for remote manipulation. Exfiltration: removing traces of presence and exiting the system.

Intrusion Sets From the Structured Threat Information Expression (STIX) v2.1: Intrusion Sets are grouped sets of adversarial behaviours and resources with common properties, believed to be orchestrated by a single organization. An Intrusion Set may capture multiple Campaigns or other activities that are all tied together by shared attributes indicating a commonly known or unknown Threat Actor .

Network Hygiene Like public health measures (hand washing, mask mandates, social distancing, etc.) but for cyber security. Equally annoying and expensive. Hard to get people to buy into voluntarily. Often have to force good practices upon them in order to improve security. Encryption, unique passwords, promptly patched bugs and system updates are all part of network hygiene, as is user behaviour.

AWC711 Golden Threads An idea that is present in all parts of something, holding it together and giving value. Part of organisational alignment. Rather than going broad with the topic of cyber, this elective will try to go deep, and pull each of these threads through all of the discussions. Each of these will also be reflected in Exercise HALTSTATE.

Golden Thread: Connectivity & Vulnerability Interplay and trade-offs between the extreme benefits of radical connectivity and the risks accrued by it.

Golden Thread: Physicality of Infrastructure Advantages, limitations, dangers, and opportunities created by the physical dimensions of computer network operations.

Golden Thread: Persistence and Deterrence Does cyber deterrence work? If not, why not? What is cyber persistence theory and how does it differ from deterrence?

Golden Thread: Information Warfare Information warfare: combines electronic, cyber warfare and psychological operations, such as the use of propaganda and disinformation, at the operational level to achieve strategic ends and effects. (Paterson and Hanley) It includes battlespace awareness, assured command and control, and integrated fires. Cyber technologies and tools are essential parts of IW because cyber allows direct access to targets and an ability to disguise intent . Proliferation of the Internet has allowed states and non-state actors to practise increasingly sophisticated forms of information warfare.

Questions?

Exercise HALTSTATE Game materials are on Adele under AWC711 Topic 7

To analyze the employment of cyber capabilities through the conduct of a virtually delivered wargame. Examine cyber fundamentals through a wargame co-designed by cyber operators. “Golden thread” of topics in AWC711: connectivity, vulnerability, persistence, deterrence, physicality. Have some fun! Plus, bragging rights. Suggest you start reading up on this early. All game materials are now available on Adele except the briefing packs. Aim with Ex Haltstate

Capture the Flag! Each Team has One Flag. The Flag represents vital or prestigious digital information that can be extracted from rival databanks. It is high-value data. Each Team’s Flag is hidden on one of the markers in its cyberspace area. Gather intelligence to locate it. Each Team is aware of the location of its own Flag. Steal other Teams’ Flags. Protect your own.

Game Action Victory Points A team still has its own Flag at the end of the game 10 Each rival Flag that you capture and hold at the end of the game 20 each Each rival’s Critical Infrastructure or Military Installation marker upon which you currently have Stealth Virus malware placed when the game ends 5 each How do you win? Victory Points

The Haltstate Balance Success in Ex Haltstate will be about striking a balance between the following three game factors: Offence is required to penetrate enemy networks and steal Flags. Higher Capabilities , higher Connectivity , concentrating force, and having access to many Intrusion Sets . Defence is required to maintain security of own systems and protect your Flag. Higher Network Defence , lower Connectivity , investing in Network Inoculation, having access to many Intrusion Sets , Firewalls. Resources are required to finance everything else, and grease the cogs of the game. Higher Connectivity , Cloud Servers .

Pathways Data Cables Represent the underground and underwater cables that carry the world’s Internet data. They are the main external infrastructure carrying data between teams. Colours are purely to differentiate, and carry no game significance. Network Connections Links between a team’s markers in their “internal” cyberspace, and represent the team’s internal networks and systems. Cyber actions in Runtime must follow Pathways consisting of Network Connections and Data Cables, tracing a route from the team’s Cyber Forces unit (which is on your Military Installation) to the intended target marker. The only functional difference between Data Cables and Network Connections is that Data Cables can be cut by enemy action .

Hops and the Hop Count Each section of Network Connection or Data Cable that the action “data” must travel across represents one “Hop,” as discussed in concepts earlier. Each Hop incurs a small penalty to the actions that the Cyber Forces unit is attempting to take. This represents latency, lag, and packet loss over complex network pathways. Here’s how it works: 1 2 3 4 4 segments are travelled, so all Cyber unit actions against that target will be made at a -4 Capability score. Hop Counts 3 is minimum for int’l sigs 4 is average 5 or 6 is a lot

The Haltstate “Kill Chain” Intelligence Network Illumination Enable Access Intrusion Sets or Phishing Deploy Malware Three different types of malware are available Achieve Effects Use malware to steal rivals’ Flags or compromise their other critical markers, scoring Victory Points

Intrusion Sets Ex Haltstate Intrusion Sets (Partial List) Stigmata Stillness Industrial Curse Orpheus Cold Wind Tear-Stain Sin-Eater Orphan-Grinder Intrusion Sets are bundles of programs, tactics, techniques, and procedures for breaking into certain software systems . These are offensive cyber weapons. Every unit with a Connectivity score has a software vulnerability to one or more Intrusion Sets. The better the Connectivity, the more vulnerabilities. If your team possesses an Intrusion Set that an enemy unit or marker is vulnerable to, you can easily access that unit or marker’s systems. Network Inoculation spends Resources to patch known vulnerabilities. But you cannot patch unknown ones.

Intrusion Sets: Example Connectivity “C” = Low Low Connectivity means this unit is only vulnerable to one Intrusion Set (randomly determined): Plague-Sever Connectivity “A” = High High Connectivity means this unit is vulnerable to three Intrusion Sets (randomly determined): Stigmata Orpheus Sin-Eater Critical : you do not know which Intrusion Sets your markers are vulnerable to until you research that Intrusion Set. You cannot patch against a threat you have no knowledge of.

Putting it Together Exercise HALTSTATE Warfighting? How cyber fits as a warfighting domain and concern. Int’l Law Questions of law, legality, and attribution of cyber. Persistence & Deterrence Strategic postures for cyberspace. Hackers & States Signaling, shaping, infrastructure, and the geopolitical use of hacking. Vulnerabilities Appreciation for why vulnerabilities in software exist, and how they are exploited.

Questions?

AWC711_Topic1_Engen_Lecture - To Share.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

AWC711_Topic1_Engen_Lecture - To Share.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Slide 38

Slide 39

Slide 40

Slide 41

Slide 42

Slide 43

Slide 44

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......