.

McAfee Confidential

.

Jarno Limnéll | Director of Cyber SecurityProfessor of Cyber Security in Aalto UniversityDoctor of Military ScienceTwitter: @JarnoLim

Cyber Conflicts – Time for Reality Check

“We are about three warm meals away from anarchy/revolution?”

Security FEELING

RESILIENCEREALITY

FEELING: HOW (SECURE) DO WE FEEL?

?

REALITY: HOW THINGS REALLY ARE?

SECURITY ENVIRONMENT – PHYSICAL AND DIGITAL

– IS MORE UNCERTAIN, DYNAMIC AND MORE DEMANDING THAN EVER

RESILIENCE: HOW WE WITHSTAND PHYSICALLY AND MENTALLY INSECURITY – HOW DO WE VALUE OUR SECURITY?

Complete security is a myth,Known – Unknown threats

Instead of (only) building walls,”Defense in depth”

Ability to change and resilience

create security.

Not constancy.

Security under the Cyber Dome

The Digital world is effecting everywhere

Everybody and everything is becoming CONNECTED

Dependence

14

THE DIGITAL WORLD OF BITSDIGITAL AND PHYSICAL BLUR

Returning back to “typewriters age”?No. But security is taken (hopefully) more serious.

The digital world is everywhere.

So must be Security. Like whisked egg in the cake.

There is no issue so important in security – which remains so poorly understood…

Cybersecurity is primarily a strategic issue

GU

IDA

NCE

The importance of combining technological and strategic thinking

- both are needed in order to have

comprehensive approach to cybersecurity,its threats and solutions

Cyber conflict?

“Cyberwar” should be used carefully…

…not separated from the context of War

Cyber is already and will be an element of all crisis we’re going to see in the future

"Every age has its own kind of war, its own limiting conditions and its own peculiar preconceptions.”Carl von Clausewitz

Continuation of politics by other means,

incl. cyber means in ”policy toolbox”

IN THE SHADOWS,3 levels of cyber activities

Lower level cyber activitiesDigital information “war”Strategic cyber attacks

US Department of Defense’s

3 types of Cyber threats:

27

Lack of precedents, Cyber playbook is pretty empty (at the moment)

THE FIFTH DOMAIN or penetrating all levels and dimensions?

LAND SEA

SPACEAIR

CYBER

Cyber needs to be considered as part of broader military strategy

Strategic challenges

How integrate Cyber to other military operations and broader concept?

Outsourcing Cyber attacks – how to respond?

The problem of attribution – who is your enemy?

NATO – Cyber – Article 5

Threat,Resources

1. Cyberattacks, cyber-espionage2. Counterintelligence3. Terrorism4. WMD Profiliferation5. Counterspace

DefenseNews Leadership Poll,January 2014

Threat evaluationWHO (actor/condition) produces the threat?

WHY (motivation)?How serious is the IMPACT?

Cyber arms raceAccelerating

NOT ONLY NATION-STATES

There are 20 to 30 cybercrime groups that have nation-state level capacity

“You are the cyber-war agents and get yourself

ready for such war wholeheartedly.”

Iran's Supreme Leader Ayatollah Ali Khamenei

“Cyber will soon be revealed to be the biggest

revolution in warfare, more than gunpowder and the utilization of air power

in the last century.”Major General Aviv Kochavi, IDF

“We don't need more tanks, we need the latest in cyber

warfare.”

UK Prime Minister David Cameron

“U.S. Cyber Command will number more than 6,000 people by 2016, making it

one of the largest such forces in the world.”

US Secretary of Defense Chuck Hagel

The world is moving towards a greater strategic

use of cyber to persuade adversaries to

change their behavior.

Capability and will.

What restraints the use of strategic cyber capabilities?

Unpredictable side-effectsDo not expose capabilitiesPossible escalation

Resources are needed, but in cyber big brains are more important than big brawn…

“007, I can do more damage on my laptop, sitting in my pajamas, before my first cup of

Earl Grey than you can do a year in the field.”

“Q” on the movie: “007 Skyfall”

5 Strategic Trendsto Follow

1The Role of

Cyber Espionage

WHO’S SPYING ON WHOM?

Does intelligence collection or cyber reconnaissance become an act of war?

2Measuring

Cyber Capabilities

Level of Cyber capabilities?

SUSPICION

Digital dependence - DefensiveInformational - Intelligence

Offensive capabilitiesResilience (physical, mental)

R&D and innovation capabilitiesDoctrine, Policy

A country’s cyber military strength can be judged by six capabilities:

3Grey area

Beginning – End

Our side – Their side

Military – Civilian

Involved – Not-involved

Win – Lose

Violence – Non-violence

Hardware – Software

4Cyber

Deterrence

ELEMENTS OF CYBER

DETERRENCE

RESILIENCEATTRIBUTION

OFFENSE

Countries will expose offensive cyber capabilities more openly – because of deterrence

5Cyber Peace

THE TREND IS OFFENSIVE

The main question is not how to get rid of it but how to live with it!

The most important question in (cyber) security?

TRUST

On the road to distrust?

1990 1995 2000 2005 2010 2015 2020

Internetbecomes a mass

phenomenon

WEB 2.0is born

JOURNEY FROM THE WORLD OF ATOMS TO THE WORLD OF BITS

We are hereWe choose eitherLEADERSHIP or CRISIS…

2014

The zone of distrust

The zone of trust

Familiar, accepted normsOld norms are adjusted to cope with the “brave new world”

The need for new norms and ways of thinking

Are we the last generation to take joy from the global

Internet?

The internet has changed the way we change our

world

Security - Privacy

CYBER SECURITY IS BECOMING MORE PERSONAL

67

It is a right to get work email on a personally owned device

What is already out there?

THANK YOU!

jarno_limnell@mcafee.com