Terminology

•       Cyberspace

•       Network

•       Internet

•       Cyber Warfare

Threats

•       Governments

•       Hacktivists

•       Criminals

•       Terrorists

 What is cyberspace?

According to The National Military Strategy for Cyberspace Operations,cyberspace is:

“A domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures” (CJCS 2006).

From the Department of Defense Strategy for Operating in Cyberspace:

“The security and effective operation of  U.S. critical infrastructure – including energy, banking and finance, transportation, communication, and the Defense Industrial Base – rely on cyberspace, industrial control systems, and information technology that may be vulnerable to disruption or exploitation.” (2)

Cyberspace is about networks

What is a network?

A network consists of two or more computers connected so that they can exchange data and share resources.

A Peer to Peer Network: The simplest network consists of two computers directly connected so that they can share files.

The Local Area Network (LAN)

The next step is a LAN, familiar in most offices and many homes.

LANs allow sharing of both files and devices. The may span several offices or a building.

Connecting networks

Wide Area Networks (WAN)

www.agatefroce.com

In this example, the cloud symbol is used to represent the routers and paths in cyberspace between the two networks.

WANs permit sharing of resources across a wide geographic area.  Examples include financial networks, power grid controls, and military networks sharing a common tactical picture.

WAN communications may traverse any combination of private links, leased lines, or public Internet connections.

  The beginning

The Internet

Sponsored by DOD’s Advanced Research Projects Agency (ARPA), it began in 1969 as an effort to develop a redundant and survivable strategic communications architecture.  Its reliable network protocol became known as TCP/IP (for Transmission Control Protocol/Internet Protocol).

Originally known  as Arpanet, this network began as a connection between main frame computers at several large universities.  Over the next decade, more universities and several government labs were added.  Developed in an atmosphere of open collegiality, the original version included few security features.

The personal computer helped the Internet grow into a giant network of networks, populated by over a billion users today.

Internet Users by Country

https://commons.wikimedia.org/wiki/File:GM_-_Countries_by_Internet_Users.png

Its TCP/IP protocol became so effective and reliable that it found widespread use in common networking applications as well as the web. This made it even easier to create “web-enabled” devices – those which could be readily connected to the Internet if desired for remote control and data access.

The Internet’s Undersea World

https://chromosome.files.wordpress.com/2008/12/2236276483-8c9e6a9529-o.jpg

Businesses and consumers found the web a fast, reliable and low cost medium. Unfortunately, a corresponding increase in cyber attacks brought home an important point – the Internet is a public access network.

During this course, we will examine the ways in which the Internet has both benefited society and exposed some portions of it to increased risk.

Today  

What is cyber warfare?

Researcher Dr. Ivan Goldberg defines cyber warfare and information warfare together as “…the offensive and defensive use of information and   information systems to deny, exploit, corrupt, or destroy,   an adversary’s information, information-based processes,  information systems, and computer-based networks while   protecting one’s own. Such actions are designed to achieve   advantages over military or business adversaries.”

In his book Cyber War, Richard Clark define cyber warfare as: “actions by a nation-state   to penetrate another nation’s computers or networks for the purposes  of causing damage or disruption” (Clark 2010).

The Threat

From The Joint Operating Environment “ …With very little investment, and cloaked in a veil of anonymity, our adversaries will inevitably attempt to harm our national interests. Cyberspace will become a main front in both irregular and traditional conflicts. Enemies in cyberspace will include both states and non-states and will range from the unsophisticated amateur to highly trained professional hackers. …” (Joint Operating Environment 2016).

Who are the attackers?

Hackers – Strictly speaking, a hacker is anyone who attempts unauthorized access to a computer or network.

A.   White Hat.  A term used to describe professionals hired to identify security flaws via authorized network penetration tests.

B.   Black Hat.  Refers to hackers attempting unauthorized access, generally with malicious intent. Sometimes called “crackers” to distinguish them from white hat hackers,  they generally fall into one of the following groups:

(1)       Those engaged in espionage, sabotage or other crimes.

(2)       Those attempting to make a political statement.

(3)       Youthful experimenters hoping to gain bragging rights.

http://commons.wikimedia.org/wiki/

Annual conferences like DEFCON discuss security issues and identified weaknesses. They attract a wide audience ranging from industry and government professionals to those whose interests may be questionable…

Young hackers playing with attack scripts are sometimes derisively referred to as “script kiddies.”

Who employs hackers?

•       Governments

•       Hacktivists

•       Criminals

•       Terrorists

Governments :

Several governments have publicly announced cyber war units as defense strategy. Among them:

The United States: On June 23, 2009, the Secretary of Defense directed the Commander of U.S. Strategic Command to establish USCYBERCOM.  Initial Operational Capability (IOC) was achieved on May 21, 2010. USCYBERCOM was created both in recognition of the importance of cyberspace as a warfighting domain and in response to the growing number of cyber attacks against DoD networks.

The People’s Republic of China (PRC): The PRC maintains an elite cyber warfare unit known as the Blue Army. According to its spokesman, it was established to protect the People’s Liberation Army from outside attacks. Chinese hackers are suspected of numerous espionage attacks against the networks of US government organizations and defense contractors. The PRC denies any government involvement.

https://commons.wikimedia.org/wiki/File:Chinese_military_honor_guard.jpg

Hacktivists

Hacker + Activist = Hacktivist

Hactivists use cyber attacks to convey a political or social message. Common tactics include website defacement and denial of service attaks in which simultaneous rquests from thousands of PCs block access to the site.

http://commons.wikimedia.org/wiki/File:Poolsclosed.jpg

Criminals

Cyber criminals run the gamut from youths running 419 scams out of Nigerian cyber cafes to large criminal syndicates.  Organized cyber crime may be involved in:

• Fraud

• Spamming

• Identity theft info for sale

• Gambling

• Identity Theft

• Botnets for hire

• Use of proxy servers allows

•  Illicit Web Sites

• Deniability

• Pornography

•    What may be state-sponsored cyber attacks, but blamed on “cyber hooligans”

Terrorists

Websites are prime way for terrorists to take advantage of cyber opportunities. They do this in order to get the message out about the groups political message. They can use websites and other social media to claim credit for attacks and now more than ever, they use these tactics to recruit new members to their cause, especially those from the western world. They also use these avenues to solicit funds to continue to support the cause. Communications can be hidden via steganography or via readily available commercial crypto.

Attacks

So far, there have been no confirmed terrorist cyber attacks.  However, a successful attack against a key financial or infrastructure network could gain a terrorist group significant publicity for its cause at relatively little cost. What about the attack against Sony in November 2014? Do you consider that a cyber terror attack?

According to Wired Magazine:

“In the case of the Sony attack, which saw the release of confidential data of employees and their families in November 2014, there are many potential suspects. Regardless of “who dun it”, the damage to Sony is very real. There has been a loss in revenue due to movies being leaked, sensitive employee information was disclosed (including salaries and social security numbers), and executive emails were publicised – shedding a disparaging light on Hollywood executives. With these leaks came brand and other collateral damage, resulting in a long road ahead for Sony to fully recover. As a result, Sony’s potential and current customers are likely to question purchasing Sony products, which could have a devastating long-term impact on the company.” (Holden 2015)

References:

“China Confirms Existence of Elite Cyber-Warfare Outfit ‘The Blue Army,'” Fox News, May 26, 2011,http://www.foxnews.com/scitech/2011/05/26/china-confirms-existence-blue-army-elite-cyber-warfare-outfit/

Chairman of the Joint Chiefs of Staff. 2006. “The National Military Strategy for Cyberspace Operations” Available in pdf format from: http://nsarchive.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-023.pdf

Clark, Richard and Robert Knake. 2010. Cyber Warfare: The Next Threat to National Security and What to Do About It. New York: Harper Collins Publishing.

Department of Defense. 2011. “Department of Defense Strategy for Operating in Cyberspace.” Available in pdf format from http://www.defense.gov/news/d20110714cyber.pdf

Holden, Dan. 2015. “Is Cyber Terrorism the New Normal?” Wired. From:http://www.wired.com/insights/2015/01/is-cyber-terrorism-the-new-normal/

U.S. Joint Forces Command. 2016. “The Joint Operating Environment.” http://www.dtic