cyber security from military point of view
Post on 21-Jan-2015
711 Views
Preview:
DESCRIPTION
TRANSCRIPT
Cyber security from military
point of view
Chişinău - 2013
chief of e-Transformation service
lieutenant-colonel Alexandru BURUC
Peace really does not exist in the Information Age.Lt. gen. Kenneth Minihan
The advanced capability of the threat has increased
the risk. Understanding the risk allows employment
of defensive measures to mitigate the risk – “Risk
will always be present
In modern language, a shooting war is called kinetic warfare, where “kinetics” is concerned with the relationship between the motion of bodies and its causes.
Recall Clarke’s definition of cyber warfare: “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”
1. Can activity in cyberspace have kinetic consequences such as property damage and loss of lives?
2. Does it have to qualify as an act of war?
Warfare: Cyber and Otherwise
3
THE CHANGE
• Combined capabilities have helped attackers
create weapon systems
Soldier + Rifle + Bullets = (This is a WEAPON SYSTEMS)
• Cyber– State Sponsored, Script Kiddies, Paid Staff
– Laptop, Desktop, Mobile devices
– Metasploit, Backtrak, PoisonIvy, Mpack, other RAT
• Hacker + Laptop + Metasploit = WEAPON SYSTEM
• Attackers, Adversaries, Cyber terrorist are now employing
TTP (Transition to Practice)
Cyber threat sourse continuum
Although many people may think that the military’s only vulnerability is to
command and control systems, it is important to realize that the Department of
Defense uses IT systems for a number of functions, in both
peace and war.
• Commercial transactions;• Payrolls;• Sensitive research data;• Intelligence;• Operational plans;• Procurement sensitive source selection data;• Health records;• Personnel records;• Weapons systems maintenance records;• Logistics operations etc.
Global open Communications
Backbone
Military
infrastructure
Closed foreign
infrastructure
IT infrastructure domain layers
Wardens Rings
• The focus is to attack Centers of Gravity – The Estonian, Georgian attacks – Utilized TTP (Transition to Practice)• Rings – Leadership (Defaced Ministry of Defense, Finance, etc) – Organic/System Essentials – Infrastructure (DDoS against ISP and Wardialing to lock up
POTS network) – Population (News Media) – Fielded Military Forces
• forecast of a growing use of military cyber operations due their major effectiveness and lower costs;
• Geopolitical situation of the Republic of Moldova;
• The growing use of cyber capabilities to achieve strategic goals (James Clapper);
• Threats are more diverse, interconnected, and viral than at any time in history;
Major cyber threats for military
SUPORTING AREAS
National defence
authorities
Internal security
authorities
Crisis management
arrangement
Basic security in
every
organisation
DIPLOMACY
TECHNOLOGY
EDUCATION
LEGISLATION
WAREXTREMISMCRIMINALITYACCIDENTS
CRITICAL SISTEMS
INDIVIDUALS
REGULAR ORGANISATIONS
CYBERSPACE
CONFIDENTIALITY INTEGRITY AVAILABILITY
THREATS
Cyber security – Concept
Activities in cyber security domain• Collaboration with institutions that are involved in
national defence system;
• Implementing PKI technology;
• Use of e-learning platform (ilias) to bring up military personnel;
• Participacion in national and international applications such as Combined Endeavor, Rapid Trident, Vest 2013;
• PARP (Planning and Review Process). One of the aim of PARP is to Enhance/Develop capabilities for protecting critical national defence communication and information systems.
• attack is Global medium: Maritime, Air,
Space, Cyber;
• Relied upon for business globalization;
• More nations, organizations, economies at
risk;
• Rapid capability development, deliberate
legal and global agreement on how to
“Address Cyber Attacks”;
• Some believe there is “No Cyber War”
– Ask Estonia, Brazil, Canada, South Africa, Malaysia .
CONTESTED COMMONS
CONCLUSIONS
• Cyber attacks are serious threat to the
defence sector of the Republic of Moldova
and other states.
• The nature of the Internet makes cyber
attacks powerful,difficult to counter, and
difficult to attribute.
• Treaties and legal frameworks have not kept
pace with the threat.
top related