cyber conflicts - time for reality check
DESCRIPTION
It is time for reality check in Cyber Conflicts and Cyber Warfare.TRANSCRIPT
.
McAfee Confidential
.
Jarno Limnéll | Director of Cyber SecurityProfessor of Cyber Security in Aalto UniversityDoctor of Military ScienceTwitter: @JarnoLim
Cyber Conflicts – Time for Reality Check
“We are about three warm meals away from anarchy/revolution?”
Security FEELING
RESILIENCEREALITY
FEELING: HOW (SECURE) DO WE FEEL?
?
REALITY: HOW THINGS REALLY ARE?
SECURITY ENVIRONMENT – PHYSICAL AND DIGITAL
– IS MORE UNCERTAIN, DYNAMIC AND MORE DEMANDING THAN EVER
RESILIENCE: HOW WE WITHSTAND PHYSICALLY AND MENTALLY INSECURITY – HOW DO WE VALUE OUR SECURITY?
Complete security is a myth,Known – Unknown threats
Instead of (only) building walls,”Defense in depth”
Ability to change and resilience
create security.
Not constancy.
Security under the Cyber Dome
The Digital world is effecting everywhere
Everybody and everything is becoming CONNECTED
Dependence
14
THE DIGITAL WORLD OF BITSDIGITAL AND PHYSICAL BLUR
Returning back to “typewriters age”?No. But security is taken (hopefully) more serious.
The digital world is everywhere.
So must be Security. Like whisked egg in the cake.
There is no issue so important in security – which remains so poorly understood…
Cybersecurity is primarily a strategic issue
GU
IDA
NCE
The importance of combining technological and strategic thinking
- both are needed in order to have
comprehensive approach to cybersecurity,its threats and solutions
Cyber conflict?
“Cyberwar” should be used carefully…
…not separated from the context of War
Cyber is already and will be an element of all crisis we’re going to see in the future
"Every age has its own kind of war, its own limiting conditions and its own peculiar preconceptions.”Carl von Clausewitz
Continuation of politics by other means,
incl. cyber means in ”policy toolbox”
IN THE SHADOWS,3 levels of cyber activities
Lower level cyber activitiesDigital information “war”Strategic cyber attacks
US Department of Defense’s
3 types of Cyber threats:
27
Lack of precedents, Cyber playbook is pretty empty (at the moment)
THE FIFTH DOMAIN or penetrating all levels and dimensions?
LAND SEA
SPACEAIR
CYBER
Cyber needs to be considered as part of broader military strategy
Strategic challenges
How integrate Cyber to other military operations and broader concept?
Outsourcing Cyber attacks – how to respond?
The problem of attribution – who is your enemy?
NATO – Cyber – Article 5
Threat,Resources
1. Cyberattacks, cyber-espionage2. Counterintelligence3. Terrorism4. WMD Profiliferation5. Counterspace
DefenseNews Leadership Poll,January 2014
Threat evaluationWHO (actor/condition) produces the threat?
WHY (motivation)?How serious is the IMPACT?
Cyber arms raceAccelerating
NOT ONLY NATION-STATES
There are 20 to 30 cybercrime groups that have nation-state level capacity
“You are the cyber-war agents and get yourself
ready for such war wholeheartedly.”
Iran's Supreme Leader Ayatollah Ali Khamenei
“Cyber will soon be revealed to be the biggest
revolution in warfare, more than gunpowder and the utilization of air power
in the last century.”Major General Aviv Kochavi, IDF
“We don't need more tanks, we need the latest in cyber
warfare.”
UK Prime Minister David Cameron
“U.S. Cyber Command will number more than 6,000 people by 2016, making it
one of the largest such forces in the world.”
US Secretary of Defense Chuck Hagel
The world is moving towards a greater strategic
use of cyber to persuade adversaries to
change their behavior.
Capability and will.
What restraints the use of strategic cyber capabilities?
Unpredictable side-effectsDo not expose capabilitiesPossible escalation
Resources are needed, but in cyber big brains are more important than big brawn…
“007, I can do more damage on my laptop, sitting in my pajamas, before my first cup of
Earl Grey than you can do a year in the field.”
“Q” on the movie: “007 Skyfall”
5 Strategic Trendsto Follow
1The Role of
Cyber Espionage
WHO’S SPYING ON WHOM?
Does intelligence collection or cyber reconnaissance become an act of war?
2Measuring
Cyber Capabilities
Level of Cyber capabilities?
SUSPICION
Digital dependence - DefensiveInformational - Intelligence
Offensive capabilitiesResilience (physical, mental)
R&D and innovation capabilitiesDoctrine, Policy
A country’s cyber military strength can be judged by six capabilities:
3Grey area
Beginning – End
Our side – Their side
Military – Civilian
Involved – Not-involved
Win – Lose
Violence – Non-violence
Hardware – Software
4Cyber
Deterrence
ELEMENTS OF CYBER
DETERRENCE
RESILIENCEATTRIBUTION
OFFENSE
Countries will expose offensive cyber capabilities more openly – because of deterrence
5Cyber Peace
THE TREND IS OFFENSIVE
The main question is not how to get rid of it but how to live with it!
The most important question in (cyber) security?
TRUST
On the road to distrust?
1990 1995 2000 2005 2010 2015 2020
Internetbecomes a mass
phenomenon
WEB 2.0is born
JOURNEY FROM THE WORLD OF ATOMS TO THE WORLD OF BITS
We are hereWe choose eitherLEADERSHIP or CRISIS…
2014
The zone of distrust
The zone of trust
Familiar, accepted normsOld norms are adjusted to cope with the “brave new world”
The need for new norms and ways of thinking
Are we the last generation to take joy from the global
Internet?
The internet has changed the way we change our
world
Security - Privacy
CYBER SECURITY IS BECOMING MORE PERSONAL
67
It is a right to get work email on a personally owned device
What is already out there?
THANK YOU!