Changing Domains - Cyber and Information Domains 2024 lecture.pdf
benjaminang
64 views
44 slides
Sep 17, 2024
Slide 1 of 44
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
About This Presentation
Outline
Definitions – Cyber and Domains
Case studies of Cyber and Info Attacks Other Than War
Lessons learned from recent Cyber / Info domain conflict
--
Cyberspace: A global domain within the information environment consisting of the interdependent networks of information technology infrastructur...
Slide Content
CHANGING DOMAINS:
THE CYBER/INFO
REALM
Benjamin Ang
Head,Centre of Excellence for National Security
and Future Issues in Technology / Digital Impact
RSIS, NTU
THE CYBER/INFO
REALM
Benjamin Ang
Head,Centre of Excellence for National Security
and Future Issues in Technology / Digital Impact
RSIS, NTU
OUTLINE
•
Definitions –Cyber and Domains
•
Case studies of Cyber and Info Attacks Other Than War
•
Lessons learned from recent Cyber / Info domain conflict
•
Definitions –Cyber and Domains
•
Case studies of Cyber and Info Attacks Other Than War
•
Lessons learned from recent Cyber / Info domain conflict
WHAT ARE THE DOMAINS?
LAND : Earth’s
surface ending at the
high-water mark and
overlapping with the
maritime domain in
the landward
segment of the
littorals.
SEA: The oceans,
seas, bays, estuaries,
islands, coastal
areas, and the
airspace above these,
including the littorals.
AIR: The atmosphere,
beginning at the
Earth’s surface,
extending to the
altitude where its
effects upon
operations become
negligible.
SPACE : The area
above the altitude
where atmospheric
effects on airborne
objects become
negligible.
DOD Dictionary of Military and Associated Terms, January 2021, Accessed May 17, 2021
from https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/dictionary.pdf?ver=2019-05-29-162249-290
LAND : Earth’s
surface ending at the
high-water mark and
overlapping with the
maritime domain in
the landward
segment of the
littorals.
SEA: The oceans,
seas, bays, estuaries,
islands, coastal
areas, and the
airspace above these,
including the littorals.
AIR: The atmosphere,
beginning at the
Earth’s surface,
extending to the
altitude where its
effects upon
operations become
negligible.
SPACE : The area
above the altitude
where atmospheric
effects on airborne
objects become
negligible.
DOD Dictionary of Military and Associated Terms, January 2021, Accessed May 17, 2021
from https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/dictionary.pdf?ver=2019-05-29-162249-290
DEFINITIONS
Cyberspace (US DOD)
•A global domain within
the information
environment consisting
of the interdependent
networks of
information technology
infrastructuresand
resident data, including
the Internet,
telecommunications
networks, computer
systems, and
embedded processors
and controllers.
Cyber or network
warfare (wangluozhan
网
络战)(PLA)
•Takes place in “network
space (wangluo
kongjian;
网
络空间)”
e.g.,command and
control network,
intelligence,
information network,
air defense, logistic
networks
Information Warfare
(US DOD)
•Offensive and defensive
actions in physical and
virtual space that
enable and protect the
friendly force’s ability
to access, process, and
communicate
information that also
deny, exploit, corrupt
or destroy an
adversary force’s
ability to use
information.
InformationizedWarfare
(xinxihuazhanzheng;
信
息化
战争) (PLA)
•System-of-systems
conflict involving the
use of informationized
weapons and
associated tactics e.g.
information gathering,
communications,
command and control,
weapons, logistics
•Includes electronic
combat, computer
network combat,
psychological warfare,
https://www.slideshare.net/benjaminang
Cyberspace (US DOD)
•A global domain within
the information
environment consisting
of the interdependent
networks of
information technology
infrastructuresand
resident data, including
the Internet,
telecommunications
networks, computer
systems, and
embedded processors
and controllers.
Cyber or network
warfare (wangluozhan
网
络战)(PLA)
•Takes place in “network
space (wangluo
kongjian;
网
络空间)”
e.g.,command and
control network,
intelligence,
information network,
air defense, logistic
networks
Information Warfare
(US DOD)
•Offensive and defensive
actions in physical and
virtual space that
enable and protect the
friendly force’s ability
to access, process, and
communicate
information that also
deny, exploit, corrupt
or destroy an
adversary force’s
ability to use
information.
InformationizedWarfare
(xinxihuazhanzheng;
信
息化
战争) (PLA)
•System-of-systems
conflict involving the
use of informationized
weapons and
associated tactics e.g.
information gathering,
communications,
command and control,
weapons, logistics
•Includes electronic
combat, computer
network combat,
psychological warfare,
https://www.slideshare.net/benjaminang
EMERGING TECHNOLOGY
(US DOD 2023 STRATEGY)
Artificial Intelligence (AI) and
Machine Learning (ML)automating threat detection
improving response times
predicting potential cyber threats
analyzing large datasets
Quantum Computing
computational power
making communications more
secure
break adversaries’ encryption
Internet of Things (IoT)
enhance situational awareness and
operational efficiency
collect and transmit data in real-
time, for decision-making
https://www.slideshare.net/benjaminang
(US DOD 2023 STRATEGY)
Artificial Intelligence (AI) and
Machine Learning (ML)automating threat detection
improving response times
predicting potential cyber threats
analyzing large datasets
Quantum Computing
computational power
making communications more
secure
break adversaries’ encryption
Internet of Things (IoT)
enhance situational awareness and
operational efficiency
collect and transmit data in real-
time, for decision-making
https://www.slideshare.net/benjaminang
CONTRASTS
Information DomainCyber DomainConventional Domains
Information operations
Psychological operations
Non-physical e.g. DDOS,
jamming, malware
Nature: Physical combat
on land, sea, air
Influence, disrupt,
undermine
Disrupt infrastructure,
disrupt info, steal info
Objective: Capture
territory, destroy enemy
Propaganda, narratives,
disinformation, influence
Malware, bot networks,
phishing
Tools: Troops, tanks,
ships, aircraft
Hidden by proxies
Can be micro-targeted
Attackers stay hidden
Identity can be spoofed
Visibility: Subject to
camouflage
Law is not clear about
civilian targets
Law is not clear about
civilian targets
Targets: Should be
military, under IHL
https://www.slideshare.net/benjaminang
Information DomainCyber DomainConventional Domains
Information operations
Psychological operations
Non-physical e.g. DDOS,
jamming, malware
Nature: Physical combat
on land, sea, air
Influence, disrupt,
undermine
Disrupt infrastructure,
disrupt info, steal info
Objective: Capture
territory, destroy enemy
Propaganda, narratives,
disinformation, influence
Malware, bot networks,
phishing
Tools: Troops, tanks,
ships, aircraft
Hidden by proxies
Can be micro-targeted
Attackers stay hidden
Identity can be spoofed
Visibility: Subject to
camouflage
Law is not clear about
civilian targets
Law is not clear about
civilian targets
Targets: Should be
military, under IHL
https://www.slideshare.net/benjaminang
GOALS OF CYBER
ATTACKS: C, I, A
Confidentiality
Integrity
CIA Triad
Availability
Confidentiality
-Data breach (SingHealth)
-Trade secrets
Integrity
-Software (Solarwinds)
-Nuclear power plant
(Stuxnet)
Availability
-Ransomware or
wiperware(NotPetya)
-DDOS
ATTACKS: C, I, A
Confidentiality
Integrity
CIA Triad
Availability
Confidentiality
-Data breach (SingHealth)
-Trade secrets
Integrity
-Software (Solarwinds)
-Nuclear power plant
(Stuxnet)
Availability
-Ransomware or
wiperware(NotPetya)
-DDOS
Source: Md Faizal, G
Haciyakupoglu, J Yang, D
Leong, YL Teo, B Ang,
Countermeasures Against
Foreign Interference,
RSIS Policy Report
Definition
•
Foreign interference
occurs when a
foreign entity (state
or non-state actor),
•
with hostile intent,
•
takes actions to
deliberately,
covertlyand
deceptively
•
disruptthe politics
and policies of the
target state
RSIS FRAMEWORK OF INFORMATION,
INFLUENCE, AND INTERFERENCE
Haciyakupoglu, J Yang, D
Leong, YL Teo, B Ang,
Countermeasures Against
Foreign Interference,
RSIS Policy Report
Definition
•
Foreign interference
occurs when a
foreign entity (state
or non-state actor),
•
with hostile intent,
•
takes actions to
deliberately,
covertlyand
deceptively
•
disruptthe politics
and policies of the
target state
RSIS FRAMEWORK OF INFORMATION,
INFLUENCE, AND INTERFERENCE
FIRELAND
EXAMPLE OF A CYBER DOMAIN ATTACK
WATERLAND
(not aware)
AIRLAND
INFECTED
INFECTED
We’ve been
cyber-attacked!
Where did it come
from?
The malware
must have
come from
WATERLAND!
https://www.slideshare.net/benjaminang
EXAMPLE OF A CYBER DOMAIN ATTACK
WATERLAND
(not aware)
AIRLAND
INFECTED
INFECTED
We’ve been
cyber-attacked!
Where did it come
from?
The malware
must have
come from
WATERLAND!
https://www.slideshare.net/benjaminang
FIRELAND
PROBLEM: ATTRIBUTION IS RISKY
WATERLAND
(not aware)
AIRLAND
INFECTED
INFECTED
WATERLAND, if you
attacked us, we willtake
countermeasures
against you!
We’re
innocent!
Ha haha
(evil
laughter)
PROBLEM: ATTRIBUTION IS RISKY
WATERLAND
(not aware)
AIRLAND
INFECTED
INFECTED
WATERLAND, if you
attacked us, we willtake
countermeasures
against you!
We’re
innocent!
Ha haha
(evil
laughter)
CASE STUDIES OF
CYBER AND INFO
INCIDENTS OTHER
THAN WAR
CYBER AND INFO
INCIDENTS OTHER
THAN WAR
FOREIGN
INTERFERENCE:
POLITICAL LEADERS
INTERFERENCE:
POLITICAL LEADERS
FOREIGN INTERFERENCE:
RELIGIOUS LEADERS
RELIGIOUS LEADERS
CONSPIRACY CAMPAIGNS ONLINE
DISCUSSION: WHAT DO
YOU THINK ABOUT
THESE CYBER DOMAIN
INCIDENTS AND
RESPONSES
Difficulty of attribution?
Lack of capacity to impose consequences?
Diplomatic
Informational
Military
Economic
Financial
Intelligence
Legal
Power imbalance or trade dependence?
YOU THINK ABOUT
THESE CYBER DOMAIN
INCIDENTS AND
RESPONSES
Difficulty of attribution?
Lack of capacity to impose consequences?
Diplomatic
Informational
Military
Economic
Financial
Intelligence
Legal
Power imbalance or trade dependence?
CASE 1. VIETNAM AIRPORT
•
Airport screens defaced with
political messages
•
Cyberattack by 1937CN?
1
•
1937CN denied responsibility
•
Vietnam Government tells
cyber community to show
restraint after attack
2
•
Airport screens defaced with
political messages
•
Cyberattack by 1937CN?
1
•
1937CN denied responsibility
•
Vietnam Government tells
cyber community to show
restraint after attack
2
CASE 2.
SINGHEALTH
BREACH
SINGHEALTH Hack: Personal data
of 1.5 million patients, including
Prime Minister Lee
3
“Deliberate, targeted and well-
planned cyber attack … not the
work of casual hackers or criminal
gangs"
4
“We are not able to reveal more
because of operational security
reasons”
5
SINGHEALTH
BREACH
SINGHEALTH Hack: Personal data
of 1.5 million patients, including
Prime Minister Lee
3
“Deliberate, targeted and well-
planned cyber attack … not the
work of casual hackers or criminal
gangs"
4
“We are not able to reveal more
because of operational security
reasons”
5
CASE 3: INDONESIA
RANSOMWARE
ATTACK
•
National data centrehit by ransomware
•
230 government agencies affected
•
Governmentrefusedtopayransom
•
Hackers later gave the key and
apologized
RANSOMWARE
ATTACK
•
National data centrehit by ransomware
•
230 government agencies affected
•
Governmentrefusedtopayransom
•
Hackers later gave the key and
apologized
CASE 4:
PHILIPPINES
DOST HACK
•
Breach of Department of Science and
Technology (DOST) systems
•
Locked DOST out of their systems
•
2-terabyte worth of data, including
research plans, designs and schematics
•
2
nd
attack defaced websites
•
DICT deployed NCRT, National Computer
Response Team
•
Blamed on hacktivist groups #opEDSA and
Hulksec
PHILIPPINES
DOST HACK
•
Breach of Department of Science and
Technology (DOST) systems
•
Locked DOST out of their systems
•
2-terabyte worth of data, including
research plans, designs and schematics
•
2
nd
attack defaced websites
•
DICT deployed NCRT, National Computer
Response Team
•
Blamed on hacktivist groups #opEDSA and
Hulksec
DISCUSSION: WHAT DO YOU THINK ABOUT
THESE INCIDENTS AND RESPONSES
•
1. Vietnam Airport
•
2.SingHealth
•
3.Indonesia Ransomware Attack
•
4. Philippines DOST hack
THESE INCIDENTS AND RESPONSES
•
1. Vietnam Airport
•
2.SingHealth
•
3.Indonesia Ransomware Attack
•
4. Philippines DOST hack
WHAT LESSONS CAN
WE LEARN FROM
RECENT CYBER/INFO
DOMAIN CONFLICT?
WE LEARN FROM
RECENT CYBER/INFO
DOMAIN CONFLICT?
CASE STUDY: RUSSIA V UKRAINE
•
Source: Fog of war: how the Ukraine conflict transformed the cyber threat landscape, published
by Google TAG (Threat Analysis Group)
•
Overview
•
1. Russian government-backed attackers have engaged in an aggressive, multi-pronged effort
to gain a decisive wartime advantage in cyberspace, often with mixed results.
•
2. Moscow has leveraged the full spectrum of IO –from overt state-backed media to covert
platforms and accounts –to shape public perception of the war.
•
3. The invasion has triggered a notable shift in the Eastern European cybercriminal ecosystem
that will likely have long term implications for both coordination between criminal groups and
the scale of cybercrime worldwide.
•
Source: Fog of war: how the Ukraine conflict transformed the cyber threat landscape, published
by Google TAG (Threat Analysis Group)
•
Overview
•
1. Russian government-backed attackers have engaged in an aggressive, multi-pronged effort
to gain a decisive wartime advantage in cyberspace, often with mixed results.
•
2. Moscow has leveraged the full spectrum of IO –from overt state-backed media to covert
platforms and accounts –to shape public perception of the war.
•
3. The invasion has triggered a notable shift in the Eastern European cybercriminal ecosystem
that will likely have long term implications for both coordination between criminal groups and
the scale of cybercrime worldwide.
1. MULTI-
PRONG CYBER
TACTICS
•
Russian government-
backed attackers have
engaged in an aggressive,
multi-pronged effort to
gain a decisive wartime
advantage in cyberspace,
often with mixed results.
9/17/2024 24
PRONG CYBER
TACTICS
•
Russian government-
backed attackers have
engaged in an aggressive,
multi-pronged effort to
gain a decisive wartime
advantage in cyberspace,
often with mixed results.
9/17/2024 24
MULTI-TACTIC
AND TARGET
•
Spear phishing (targeted emails) up 250% in Ukraine,
up 300% in NATO countries in 2022
•
Destructive attacks on gov / mil / critical
•
Hack and leak (of sensitive info)
•
Android apps pretending to be DDOS weapons
9/17/2024 Sample Footer Text25
AND TARGET
•
Spear phishing (targeted emails) up 250% in Ukraine,
up 300% in NATO countries in 2022
•
Destructive attacks on gov / mil / critical
•
Hack and leak (of sensitive info)
•
Android apps pretending to be DDOS weapons
9/17/2024 Sample Footer Text25
MULTI TACTIC
AND TARGET
Media: To plant false information
Energy provider, shipping and trains: To disrupt
Drone manufacturer: To disable weapons
26
AND TARGET
Media: To plant false information
Energy provider, shipping and trains: To disrupt
Drone manufacturer: To disable weapons
26
MULTI COUNTRY
Targets included think tanks,
nuclear research labs, NGOs
27
Targets included think tanks,
nuclear research labs, NGOs
27
MULTI-PHASE TIMELINE
2019 –JAN
2022
2019 –JAN
2022
•Cyber
espionage +
Pre-
positioning
FEB –APR 2022FEB –APR 2022
•Destructive
ops (wipers)
+ Military
invasion
MAY –JUL 2022MAY –JUL 2022
•Sustained
targeting
(wipers)
AUG –SEP 2022AUG –SEP 2022
•Maintaining
footholds
OCT –DEC 2022OCT –DEC 2022
•Renewed
destructive
attacks
(ransomware,
wipers)
28
Attackers need months
to setup access before
launch attacks, then
they lose access
2019 –JAN
2022
2019 –JAN
2022
•Cyber
espionage +
Pre-
positioning
FEB –APR 2022FEB –APR 2022
•Destructive
ops (wipers)
+ Military
invasion
MAY –JUL 2022MAY –JUL 2022
•Sustained
targeting
(wipers)
AUG –SEP 2022AUG –SEP 2022
•Maintaining
footholds
OCT –DEC 2022OCT –DEC 2022
•Renewed
destructive
attacks
(ransomware,
wipers)
28
Attackers need months
to setup access before
launch attacks, then
they lose access
MICROSOFT
STOPS
STRONTIUM
The Strontium group was
targeting Ukrainian institutions,
media organizations, and
government institutions and think
tanks in the United States and the
European Union
Microsoft got court orders 16
times to redirect internet traffic
from Strontium domains into a
‘sinkhole’
Sample Footer Text29
STOPS
STRONTIUM
The Strontium group was
targeting Ukrainian institutions,
media organizations, and
government institutions and think
tanks in the United States and the
European Union
Microsoft got court orders 16
times to redirect internet traffic
from Strontium domains into a
‘sinkhole’
Sample Footer Text29
DISCUSS: WHAT LESSONS CAN WE LEARN
ABOUT CYBER DOMAIN CONFLICT?
ABOUT CYBER DOMAIN CONFLICT?
2. FULL SPECTRUM
INFORMATION
OPERATIONS
•
Moscow has leveraged the
full spectrum of IO –from
overt state-backed media
to covert platforms and
accounts –to shape public
perception of the war
1.
Undermine the Ukrainian
government
2.
Fracture international
support for Ukraine; and
3.
Maintain domestic
support in Russia for the
war.
9/17/2024 32
INFORMATION
OPERATIONS
•
Moscow has leveraged the
full spectrum of IO –from
overt state-backed media
to covert platforms and
accounts –to shape public
perception of the war
1.
Undermine the Ukrainian
government
2.
Fracture international
support for Ukraine; and
3.
Maintain domestic
support in Russia for the
war.
9/17/2024 32
TYPES OF INFO OPS
Russian IO focused
on domestic
audiences
•Spikes before
military activity
•Narrative of
“De-Nazification”
IO actors using
overt and covert
methods
•Fake accounts,
news sites,
YouTube
•Telegram groups
•Duplicate sites
Resurgence of
hacktivists
•Linked to Russian
intelligence
Russian IO focused
on domestic
audiences
•Spikes before
military activity
•Narrative of
“De-Nazification”
IO actors using
overt and covert
methods
•Fake accounts,
news sites,
YouTube
•Telegram groups
•Duplicate sites
Resurgence of
hacktivists
•Linked to Russian
intelligence
DEEPFAKES
CYBER CRIMINALS
INVOLVED
Ransomware gangs leaked Personal
Identification Information (PII) of soldiers
and government officials
9/17/2024 35
INVOLVED
Ransomware gangs leaked Personal
Identification Information (PII) of soldiers
and government officials
9/17/2024 35
MSN, META, TIKTOK BLOCK SPUTNIK
DISCUSS: WHAT LESSONS CAN WE LEARN
ABOUT INFORMATION DOMAIN CONFLICT?
ABOUT INFORMATION DOMAIN CONFLICT?
WRAP UP
DEFENDING THE CYBER/INFO DOMAIN
•
Sources: Defending Ukraine: Early Lessons from
the Cyber War (Microsoft)*
1.
Defenseagainst a military invasion now
requires for most countries the ability to
disburse and distribute digital operations
and data assets across borders and into
other countries.
2.
Recent advances in cyber threat intelligence
and end-point protection have helped
Ukraine withstand a high percentage of
destructive Russian cyberattacks.
3.
As a coalition of countries has come together
to defend Ukraine, Russian intelligence
agencies have stepped up network penetration
and espionage activities targeting allied
governments outside Ukraine.
4.
In coordination with these other cyber
activities, Russian agencies are conducting
global cyber-influence operations to support
their war efforts.
5.
This calls for a coordinated and
comprehensive strategy to strengthen
defensesagainst the full range of cyber
destructive, espionage, and influence
operations.
DEFENDING THE CYBER/INFO DOMAIN
•
Sources: Defending Ukraine: Early Lessons from
the Cyber War (Microsoft)*
1.
Defenseagainst a military invasion now
requires for most countries the ability to
disburse and distribute digital operations
and data assets across borders and into
other countries.
2.
Recent advances in cyber threat intelligence
and end-point protection have helped
Ukraine withstand a high percentage of
destructive Russian cyberattacks.
3.
As a coalition of countries has come together
to defend Ukraine, Russian intelligence
agencies have stepped up network penetration
and espionage activities targeting allied
governments outside Ukraine.
4.
In coordination with these other cyber
activities, Russian agencies are conducting
global cyber-influence operations to support
their war efforts.
5.
This calls for a coordinated and
comprehensive strategy to strengthen
defensesagainst the full range of cyber
destructive, espionage, and influence
operations.
DEFENCE LESSONS, IN DEPTH
Distribute digital
ops and assets
globally
•Attackers bombed
data centres
Good defences can
stop cyberattacks
•Cyber threat
intelligence
•Connected end-point
protection
Allies also need
defence
•NATO countries
•Denmark, Norway,
Finland, Sweden,
Turkey
Distribute digital
ops and assets
globally
•Attackers bombed
data centres
Good defences can
stop cyberattacks
•Cyber threat
intelligence
•Connected end-point
protection
Allies also need
defence
•NATO countries
•Denmark, Norway,
Finland, Sweden,
Turkey
DEFENCE LESSONS, IN DEPTH
New tools are
needed to stop IO
•AI, new analytics
tools, data sets, and
experts to track and
forecast
Coordinated
response needed
•Governments
•Tech companies
•Civil society
•Academia
ACICE (ADMM
Cyber Info Centre
of Excellence) and
Digital Defence
Symposium (DDS)
New tools are
needed to stop IO
•AI, new analytics
tools, data sets, and
experts to track and
forecast
Coordinated
response needed
•Governments
•Tech companies
•Civil society
•Academia
ACICE (ADMM
Cyber Info Centre
of Excellence) and
Digital Defence
Symposium (DDS)
DEFENDING FROM INFO OPS
•
Public coverage and exposure
•
Clear counter-messages
•
Legislation
•
Build media and digital literacy
•
Work with citizens, influencers
•
Detect and expose fake accounts
Active measures
•
Work strategically, not reactively
•
Build a strong narrative that is more
attractive than the adversary
•
Public coverage and exposure
•
Clear counter-messages
•
Legislation
•
Build media and digital literacy
•
Work with citizens, influencers
•
Detect and expose fake accounts
Active measures
•
Work strategically, not reactively
•
Build a strong narrative that is more
attractive than the adversary
WHAT ARE YOUR
TAKEAWAYS?
TAKEAWAYS?
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 64
- Slides 44
- Age 440 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views