how the revolution in military affairs has set the stage for future cyberwars
Post on 18-Nov-2014
382 Views
Preview:
DESCRIPTION
TRANSCRIPT
IT-Harvest Confidential
The Revolution in Military Affairs has Set the Stage for Cyberwar
Richard Stiennon Chief Research Analyst IT-Harvest !Executive Editor securitycurrent.com ! twitter.com/cyberwar
securitycurrent
IT-Harvest Confidential
1996 Taiwan Straits Crisis "Admiral Clemens was able to use e-mail, a very graphic-
rich environment, and video teleconferencing to achieve the effect he wanted", which was to deploy the carrier battle groups in a matter of hours instead of days.” -Arthur Cebrowski
USS Nimitz and USS Independence deploy to Taiwan.
3
securitycurrent
IT-Harvest Confidential
The Revolution in Military Affairs
• Roman centuries • Long bow and battle of Crecy • Napoleon’s staff command • Machine guns • Mechanized armor, blitzkrieg
securitycurrent
IT-Harvest Confidential
The Modern RMA
• Operation Desert Storm leads to: • Russian
assessment of precision weapons
ISR C&C
securitycurrent
IT-Harvest Confidential
Andrew Marshall: Enigmatic Strategist
6
securitycurrent
Andrew W. Marshall (born September 13, 1921) is the director of the United States Department of Defense's Office of Net Assessment.
IT-Harvest Confidential
Arthur Cebrowski: Evangelist
securitycurrent
“Network Centric Warfare should be the cornerstone of transformation. If you are not interoperable you are not on the net. You are not benefiting from the information age”.
IT-Harvest Confidential
The Dream
securitycurrent
Total Situational Awareness eliminates “the fog of war”!!Red Team - Blue Team identification!!Central Command and Control. Distributed battle command.!!Networked Intelligence, Surveillance Reconnaissance (ISR)
IT-Harvest Confidential
Network Centric Warfare
securitycurrent
Everything connected (like the Internet) !Satellite-Planes-Drones-Ground-Sea based sensor grid !Instant communication over a Global Grid
10IT-Harvest Confidential
Deja vu all over againWe’ve seen this story payed out before in the enterprise. !!First network everything. Take advantage of connectivity and ubiquity to re-invent commerce, social interactions, and communications. !!Second: succumb to attacks from hackers, cyber criminals, hacktivists, and nation states.!!Finally: Layer in security
11IT-Harvest Confidential
How the Military Failed in SecurityApril 1, 2001 a Navy EP-3E was forced down and captured by China. Top secret OS compromised!!In 2008 China blatantly flooded communication channels known to be monitored by the NSA with decrypted US intercepts, kicking off a major re-deployment. SEVEN years too late. !!!!!
12IT-Harvest Confidential
How the Military Failed in SecurityPentagon email servers p0wned 2007!!Terabytes of data exfiltrated to China from the Defense Industrial Base. The target? Joint Strike Fighter design data.!!!!
13IT-Harvest Confidential
Military IT Security FailuresThe Wake Up Call !!BUCKSHOT YANKEE !!Agent.btz introduced via thumb drive in a forward operations command (Afghanistan?) !!EVERY Windows machine re-imaged in the entire military (3 million +) at a cost of $1 Billion.
14IT-Harvest Confidential
Drone madness 1
15IT-Harvest Confidential
Drone madness 2
16IT-Harvest Confidential
Drone madness 3
IT-Harvest Confidential
SATCOM Vulns
securitycurrent
• “We uncovered what would appear to be multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms.” -IOActive
IT-Harvest Confidential
Software Assurance maturity came after most new weapons platforms were sourced.
securitycurrent
One Air Force study of 3 million lines of code revealed: !!One software vulnerability per 8 lines of code !!One high vulnerability per 31 lines of code!!One critical vulnerability for 70 lines of code
IT-Harvest Confidential
The F-35 Joint Strike Fighter
securitycurrent
!“JSF software development is one of the largest and most complex projects in DOD history.” !!-Michael J. Sullivan, Director Acquisition and Sourcing Management for the DoD:!
IT-Harvest Confidential
The F-35 Joint Strike Fighter
• Nine million lines of onboard code could mean 128,000 critical vulns
• 15 million lines of logistics code could mean another 214,000 critical vulns
• What could possibly go wrong?
securitycurrent
IT-Harvest Confidential
Taiwan Straits Crisis. 2015?
securitycurrent
GPS hacks deflect jets away from tankers !Mission tasking subverted !Communications intercepts mislead commander !Radar jamming masks enemy movement !Result? !Military defeat
IT-Harvest Confidential
A Working Definition of Cyberwar
securitycurrent
The use of network and computer attack to support the operations of a military force.
IT-Harvest Confidential
Cyber Pearl Harbor Defined
securitycurrent
An overwhelming defeat of US forces due to !enemy information dominance.
IT-Harvest Confidential
securitycurrent
IT-Harvest Confidential
securitycurrent
securitycurrent.com !!email: richard@it-harvest.com !Twitter: twitter.com/cyberwar
top related