DOCSLIB.ORG

Using Deception to Enhance Security: a Taxonomy, Model, and Novel Uses Mohammed H

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Purdue University Purdue e-Pubs Open Access Dissertations Theses and Dissertations January 2015 Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses Mohammed H. Almeshekah Purdue University Follow this and additional works at: https://docs.lib.purdue.edu/open_access_dissertations Recommended Citation Almeshekah, Mohammed H., "Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses" (2015). Open Access Dissertations. 1334. https://docs.lib.purdue.edu/open_access_dissertations/1334 This document has been made available through Purdue e-Pubs, a service of the Purdue University Libraries. Please contact [email protected] for additional information. Graduate School Form 30 Updated 1/15/2015 PURDUE UNIVERSITY GRADUATE SCHOOL Thesis/Dissertation Acceptance This is to certify that the thesis/dissertation prepared By Almeshekah, Mohammed Hamoud Entitled Using Deception to Enhance Security: A Taxonomy, Model, and Novel Uses For the degree of Doctor of Philosophy Is approved by the final examining committee: Eugene H. Spafford Co-chair Mikhail J. Atallah Co-chair Samuel S. Wagstaff, Jr Matt Bishop To the best of my knowledge and as understood by the student in the Thesis/Dissertation Agreement, Publication Delay, and Certification Disclaimer (Graduate School Form 32), this thesis/dissertation adheres to the provisions of Purdue University’s “Policy of Integrity in Research” and the use of copyright material. Eugene H. Spafford Approved by Major Professor(s): William Gorman July 20th, 2015 Approved by: Head of the Departmental Graduate Program Date USING DECEPTION TO ENHANCE SECURITY: A TAXONOMY, MODEL, AND NOVEL USES ADissertation Submitted to the Faculty of Purdue University by Mohammed H. Almeshekah In Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy August 2015 Purdue University West Lafayette, Indiana ii In dedication to my mother, Aljoharh, who has given up so much to make me into who I am; to my wife, Asma, who taught me the meaning of sacrifice; and to my sons, Abdullah and Feras, who provided me the extra motivation to finish my PhD. iii ACKNOWLEDGMENTS I would like to express my heartfelt thanks to my advisors, Prof. Eugene H. Spaf- ford and Prof. Mikhal J. Atallah, for their time, guidance, and invaluable comments throughout the whole span of this dissertation work. I am honored to have the op- portunity to learn from such renowned scientists and highly respected mentors. They taught me the skills that would guide me in my career for years to come. I am forever indebted to them and aspire to follow in their footsteps. I would also like to express my deepest appreciation to my committee members, Prof. Samuel Wagsta↵and Prof. Matt Bishop, for their invaluable advice and help. Without their insights and hard questions, this dissertation would not have been possible. I am also extremely grateful for my beloved wife, Asma, for her continuous encour- agement and unwavering support. She provided light when the rigors of intellectual pursuit were casting a shadow. I would not have finished this dissertation without her by my side. She has sacrificed beyond what I wished for and has done so with love. Also, I am grateful for my parents for their unwavering support and unforgettable endorsement, especially to my dearest mom. She is the pillar I stand by during hard times and I owe her my life for her constant love and encouragement. Special thanks are also due to Northrop Grumman and Saudi Arabian Cultural Mission for supporting me throughout my PhD. Finally, I take this opportunity to record my sincere thanks to all the faculty, sta↵, and friends at the Computer Sci- ence Department and CERIAS; they provided me with one of the best academic environment during my PhD. iv TABLE OF CONTENTS Page LIST OF TABLES ................................ viii LIST OF FIGURES ............................... ix ABBREVIATIONS ................................ xi ABSTRACT ................................... xii 1Introduction.................................. 1 1.1 Motivation and Overview ........................ 1 1.1.1 Thesis Statement ........................ 2 1.1.2 Dissertation Overview ..................... 3 1.2 Terminology ............................... 4 1.3 Dissertation Organization and Contribution ............. 5 2 A Taxonomy of Computer Systems’ Defenses ................ 8 2.1 The Four Categories of Protection Mechanisms ............ 10 2.1.1 Denial and Isolation ...................... 12 2.1.2 Degradation and Obfuscation ................. 13 2.1.3 Negative Information and Deception ............. 13 2.1.4 Attribution and Counter-Operations ............. 16 2.2 Fitting the Pieces Together – Cyber Kill-Chain Model ........ 17 2.2.1 The Role of Deception ..................... 17 2.3 Chapter Summary ........................... 19 3Deception................................... 21 3.1 General Definition of Deception .................... 21 3.2 Deception and the Truth – A Taxonomy ............... 22 3.2.1 Simulation and Dissimulation – Bell and Whaley ...... 22 3.2.2 Linguistic Case Theory ..................... 24 3.3 Deception Maxims ........................... 25 3.3.1 Truth/Reality .......................... 25 3.3.2 Deceit .............................. 26 3.3.3 Denial, Misdirection and Confusion .............. 26 3.4 Deception and Biases .......................... 26 3.4.1 Personal Biases ......................... 28 3.4.2 Cultural Biases ......................... 28 3.4.3 Organizational Biases ...................... 30 v Page 3.4.4 Cognitive Biases ........................ 30 3.5 The Use of Deception in War, Military and Conflicts ........ 31 3.6 General Use of Deception in Computing ............... 32 3.6.1 In Human-to-Human Digital Interaction ........... 32 3.6.2 In Human Computer Interaction (HCI) ............ 32 3.6.3 In Robotics and Human Robot Interaction (HRI) ...... 34 3.6.4 In Computer-to-Computer Interaction ............ 35 3.7 The Use of Deception to Enhance Security .............. 36 3.7.1 Honeypots ............................ 37 3.7.2 Honey–* Tools ......................... 39 3.7.3 Incorporating Deception into Other Security Defenses .... 40 3.8 Deception Operations and Tactics ................... 43 3.9 Chapter Summary ........................... 44 4 A Framework for Using Deception to Enhance Security .......... 45 4.1 Definition ................................ 46 4.2 Limitations of Isolated Use of Deception ............... 46 4.3 The Role of Deception ......................... 47 4.3.1 Advantages of Using Deception in Computer Defenses .... 48 4.4 Related Work of Modeling the Use of Deception in Security ..... 50 4.5 A Framework for Integrating Deception-Based Defenses ....... 51 4.5.1 Planning Deception ....................... 52 4.5.2 Implementing and Integrating Deception ........... 62 4.5.3 Monitoring and Evaluating the Use of Deception ....... 62 4.6 Deception and Related Concepts ................... 63 4.6.1 Kerckho↵’s Principle and Deception .............. 63 4.6.2 Deception and Hacking Back .................. 65 4.6.3 Deception and Consistency ................... 65 4.6.4 Deception and Abstraction ................... 66 4.7 Applying the Framework ........................ 66 4.7.1 To Previous Uses of Deception ................. 66 4.7.2 To the Work in This Dissertation – A Case Study ...... 70 4.8 Chapter Summary ........................... 73 5DeceptiveCovertChannel.......................... 74 5.1 Background ............................... 75 5.1.1 Authentication Schemes .................... 75 5.1.2 Use of Smartphones ....................... 77 5.1.3 Use of Deception and Covert Channels ............ 77 5.2 Creating a Deceptive Covert Channel ................. 78 5.2.1 Threat Model .......................... 79 5.2.2 Scheme’s Setup ......................... 80 5.2.3 Logging In ............................ 81 vi Page 5.2.4 Creating Deceit and Covert Communication ......... 85 5.3 Enhancements .............................. 86 5.4 Security Analysis ............................ 87 5.5 Comparison with Other Schemes ................... 89 5.6 Chapter Summary ........................... 92 6DeceptivePasswords—ErsatzPasswords.................. 93 6.1 Background ............................... 94 6.1.1 Passwords ............................ 94 6.1.2 Password-Related Threats ................... 94 6.1.3 Injecting Deceit ......................... 96 6.2 Technical Specification ......................... 97 6.2.1 Background ........................... 97 6.2.2 One-time Initialization ..................... 99 6.2.3 Login ............................... 101 6.2.4 Password Administration .................... 102 6.3 ErsatzPasswords – The Use of Deception ............... 104 6.3.1 ErsatzPasswords Generation .................. 105 6.3.2 ErsatzPasswords Properties .................. 108 6.4 Implementation and Analysis ..................... 111 6.4.1 Implementation Details ..................... 111 6.4.2 Analysis ............................. 112 6.5 Chapter Summary ........................... 118 7Deceptiver—ACentralizedDeceptiveServer............... 120 7.1 Background ............................... 121 7.2 Overview ................................. 122 7.3 Deceptiver Design ............................ 123 7.3.1 Deceptive Responses ...................... 124 7.3.2 Centralized Deception ..................... 130 7.4 Implementation and Deployment ................... 130 7.4.1 Apache Server Hook ...................... 131 7.5 Security Discussion ..........................
Recommended publications
  • A the Hacker

    A the Hacker

    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
  • Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a Major Difference by Fletcher Schoen and Christopher J

    Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a Major Difference by Fletcher Schoen and Christopher J

    STRATEGIC PERSPECTIVES 11 Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a Major Difference by Fletcher Schoen and Christopher J. Lamb Center for Strategic Research Institute for National Strategic Studies National Defense University Institute for National Strategic Studies National Defense University The Institute for National Strategic Studies (INSS) is National Defense University’s (NDU’s) dedicated research arm. INSS includes the Center for Strategic Research, Center for Complex Operations, Center for the Study of Chinese Military Affairs, Center for Technology and National Security Policy, Center for Transatlantic Security Studies, and Conflict Records Research Center. The military and civilian analysts and staff who comprise INSS and its subcomponents execute their mission by conducting research and analysis, publishing, and participating in conferences, policy support, and outreach. The mission of INSS is to conduct strategic studies for the Secretary of Defense, Chairman of the Joint Chiefs of Staff, and the Unified Combatant Commands in support of the academic programs at NDU and to perform outreach to other U.S. Government agencies and the broader national security community. Cover: Kathleen Bailey presents evidence of forgeries to the press corps. Credit: The Washington Times Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a Major Difference Deception, Disinformation, and Strategic Communications: How One Interagency Group Made a Major Difference By Fletcher Schoen and Christopher J. Lamb Institute for National Strategic Studies Strategic Perspectives, No. 11 Series Editor: Nicholas Rostow National Defense University Press Washington, D.C. June 2012 Opinions, conclusions, and recommendations expressed or implied within are solely those of the contributors and do not necessarily represent the views of the Defense Department or any other agency of the Federal Government.
  • Cyber Counterintelligence - Deception, Distortion, Dishonesty

    Cyber Counterintelligence - Deception, Distortion, Dishonesty

    #RSAC SESSION ID: CYBER COUNTERINTELLIGENCE - DECEPTION, DISTORTION, DISHONESTY Jeff Bardin Dr. Khatuna Mshvidobadze Chief Intelligence Officer Principal Treadstone 71 Cyberlight Global Associates @Treadstone71LLC [email protected] 5 2 Agenda Taxonomy Types of Denial Deception Dimensions of D&D Tactics Deception Chain (see your handout) and Deception Planning D&D Russian Historical Information Criminals & Kids Notable Events Georgia US Election Background Warfare Dis-information / France – Information Complexity of Formation of cyber Troll Factories Major Players TV5Monde Warfare on Social Outsourcing troops Media Forming public Interagency Socio-Cultural Conclusions - opinion Rivalries Differences Recommendations 3 Denial and Deception - Lifecycle Types of Denial and Deception Resource Diversion Uncertainty Intelligence Proactivity Depletion • Direct an • Waste an • Cause the • Monitor and • Use adversary’s adversary’s adversary to analyze deception attention time and doubt the adversary techniques to from real energy on veracity of a behavior detect assets toward obtaining and discovered during previously bogus ones. analyzing vulnerability intrusion unknown false or stolen attempts to attacks that information. information. inform future other defense defensive efforts. tools may miss. 4 Deception Planning Consideration of all critical components of the operation. Deny, deceive, create propaganda RSA Conference - Bardin and Mshvidobadze Western Dogs Dogs Lie Like Dotards - We will hack their sites and bring them down 5 Dimensions
  • Hacks, Leaks and Disruptions | Russian Cyber Strategies

    Hacks, Leaks and Disruptions | Russian Cyber Strategies

    CHAILLOT PAPER Nº 148 — October 2018 Hacks, leaks and disruptions Russian cyber strategies EDITED BY Nicu Popescu and Stanislav Secrieru WITH CONTRIBUTIONS FROM Siim Alatalu, Irina Borogan, Elena Chernenko, Sven Herpig, Oscar Jonsson, Xymena Kurowska, Jarno Limnell, Patryk Pawlak, Piret Pernik, Thomas Reinhold, Anatoly Reshetnikov, Andrei Soldatov and Jean-Baptiste Jeangène Vilmer Chaillot Papers HACKS, LEAKS AND DISRUPTIONS RUSSIAN CYBER STRATEGIES Edited by Nicu Popescu and Stanislav Secrieru CHAILLOT PAPERS October 2018 148 Disclaimer The views expressed in this Chaillot Paper are solely those of the authors and do not necessarily reflect the views of the Institute or of the European Union. European Union Institute for Security Studies Paris Director: Gustav Lindstrom © EU Institute for Security Studies, 2018. Reproduction is authorised, provided prior permission is sought from the Institute and the source is acknowledged, save where otherwise stated. Contents Executive summary 5 Introduction: Russia’s cyber prowess – where, how and what for? 9 Nicu Popescu and Stanislav Secrieru Russia’s cyber posture Russia’s approach to cyber: the best defence is a good offence 15 1 Andrei Soldatov and Irina Borogan Russia’s trolling complex at home and abroad 25 2 Xymena Kurowska and Anatoly Reshetnikov Spotting the bear: credible attribution and Russian 3 operations in cyberspace 33 Sven Herpig and Thomas Reinhold Russia’s cyber diplomacy 43 4 Elena Chernenko Case studies of Russian cyberattacks The early days of cyberattacks: 5 the cases of Estonia,
  • Surprise, Deception, Denial and Warning: Strategic Imperatives

    Surprise, Deception, Denial and Warning: Strategic Imperatives

    Surprise, Deception, Denial and Warning: Strategic Imperatives by Lani Kass and J. Phillip “Jack” London Lani Kass, Ph.D., is a Corporate Strategic Advisor at CACI International. Kass previously served as a Senior Policy Advisor to the Chairman of the Joint Chiefs of Staff. She was the first woman to serve as Professor of Military Strategy at the National War College. J. Phillip London, Ph.D., is Chairman of the Board of CACI International. A graduate of the U.S. Naval Academy, he spent 24 years on active and reserve duty. London is the recipient of numerous industry awards and serves on several boards, including the U.S. Naval Institute and CAUSE. The views presented here are the authors’ alone. This article is a tribute to the National War College’s distinguished graduates, among them Service Chiefs, Combatant Commanders, and literally hundreds of senior diplomats, warriors and statesmen. Abstract: This article frames the highly complex national security challenges of surprise, denial and deception. These ultimate asymmetric threats exploit vulnerabilities, capitalizing on hubris, complacency and self-delusion. Such actions prevent the full and accurate assessment of opponents’ capabilities and intentions, and hinder appropriate actions. The long and frequent history of surprise, denial and deception suggest that these are essentially psychological phenomena. They are effective because they challenge and exploit perceptions that fill the gap between what is known and unknown. The authors present decision superiority as the fusion of information dominance and decisive action. Technology and intelligence can enhance decision superiority by ameliorating, but not eliminating, the limits of human perception.
  • Combating Spyware in the Enterprise.Pdf

    Combating Spyware in the Enterprise.Pdf

    www.dbebooks.com - Free Books & magazines Visit us at www.syngress.com Syngress is committed to publishing high-quality books for IT Professionals and delivering those books in media and formats that fit the demands of our cus- tomers. We are also committed to extending the utility of the book you purchase via additional materials available from our Web site. SOLUTIONS WEB SITE To register your book, visit www.syngress.com/solutions. Once registered, you can access our [email protected] Web pages. There you will find an assortment of value-added features such as free e-booklets related to the topic of this book, URLs of related Web site, FAQs from the book, corrections, and any updates from the author(s). ULTIMATE CDs Our Ultimate CD product line offers our readers budget-conscious compilations of some of our best-selling backlist titles in Adobe PDF form. These CDs are the perfect way to extend your reference library on key topics pertaining to your area of exper- tise, including Cisco Engineering, Microsoft Windows System Administration, CyberCrime Investigation, Open Source Security, and Firewall Configuration, to name a few. DOWNLOADABLE EBOOKS For readers who can’t wait for hard copy, we offer most of our titles in download- able Adobe PDF form. These eBooks are often available weeks before hard copies, and are priced affordably. SYNGRESS OUTLET Our outlet store at syngress.com features overstocked, out-of-print, or slightly hurt books at significant savings. SITE LICENSING Syngress has a well-established program for site licensing our ebooks onto servers in corporations, educational institutions, and large organizations.
  • Who Watches the Watchmen? the Conflict Between National Security and Freedom of the Press

    Who Watches the Watchmen? the Conflict Between National Security and Freedom of the Press

    WHO WATCHES THE WATCHMEN WATCHES WHO WHO WATCHES THE WATCHMEN WATCHES WHO I see powerful echoes of what I personally experienced as Director of NSA and CIA. I only wish I had access to this fully developed intellectual framework and the courses of action it suggests while still in government. —General Michael V. Hayden (retired) Former Director of the CIA Director of the NSA e problem of secrecy is double edged and places key institutions and values of our democracy into collision. On the one hand, our country operates under a broad consensus that secrecy is antithetical to democratic rule and can encourage a variety of political deformations. But the obvious pitfalls are not the end of the story. A long list of abuses notwithstanding, secrecy, like openness, remains an essential prerequisite of self-governance. Ross’s study is a welcome and timely addition to the small body of literature examining this important subject. —Gabriel Schoenfeld Senior Fellow, Hudson Institute Author of Necessary Secrets: National Security, the Media, and the Rule of Law (W.W. Norton, May 2010). ? ? The topic of unauthorized disclosures continues to receive significant attention at the highest levels of government. In his book, Mr. Ross does an excellent job identifying the categories of harm to the intelligence community associated NI PRESS ROSS GARY with these disclosures. A detailed framework for addressing the issue is also proposed. This book is a must read for those concerned about the implications of unauthorized disclosures to U.S. national security. —William A. Parquette Foreign Denial and Deception Committee National Intelligence Council Gary Ross has pulled together in this splendid book all the raw material needed to spark a fresh discussion between the government and the media on how to function under our unique system of government in this ever-evolving information-rich environment.
  • ATP 2-33.4 Intelligence Analysis

    ATP 2-33.4 Intelligence Analysis

    ATP 2-33.4 Intelligence Analysis JANUARY 2020 DISTRIBUTION RESTRICTION: Approved for public release; distribution is unlimited. This publication supersedes ATP 2-33.4, dated 18 August 2014. Headquarters, Department of the Army This publication is available at Army Knowledge Online (https://armypubs.army.mil), and the Central Army Registry site (https://atiam.train.army.mil/catalog/dashboard). *ATP 2-33.4 Army Techniques Publication Headquarters No. 2-33.4 Department of the Army Washington, DC, 10 January 2020 Intelligence Analysis Contents Page PREFACE............................................................................................................. vii INTRODUCTION ................................................................................................... xi PART ONE FUNDAMENTALS Chapter 1 UNDERSTANDING INTELLIGENCE ANALYSIS ............................................. 1-1 Intelligence Analysis Overview ........................................................................... 1-1 Conducting Intelligence Analysis ........................................................................ 1-5 Intelligence Analysis and Collection Management ............................................. 1-8 The All-Source Intelligence Architecture and Analysis Across the Echelons ..... 1-9 Intelligence Analysis During Large-Scale Ground Combat Operations ........... 1-11 Intelligence Analysis During the Army’s Other Strategic Roles ........................ 1-13 Chapter 2 THE INTELLIGENCE ANALYSIS PROCESS ..................................................
  • Untitled Essay, 1946 Intelligence Overload These Days

    Untitled Essay, 1946 Intelligence Overload These Days

    CONTENTS OVERVIEW ................................................................. vi INTRODUCTION: The Name of the Game: Let’s Define Our Terms ........... vii CHAPTER 1 HOW TO DECEIVE: Principles & Process 1.1 Deception as Applied Psychology....................................... 1 1.2 The Basic Principle: Naturalness........................................ 6 1.3 The Structure of Deception ............................................ 7 1.4 The Process of Deception............................................ 13 CHAPTER 2 INTERFACE: Deceiver versus Detective 2.1 Weaving the Web .................................................. 16 2.2 Unraveling the Web................................................. 17 CHAPTER 3 HOW TO DETECT: 10 General Principles 3.1 Cognitive Biases that Inhibit Detection .................................. 20 3.2 Overcoming Information Overload...................................... 20 3.3 The Analysts: Minimalists versus Compleatists ........................... 22 3.4 The Analyst’s Advantage............................................. 23 3.5 Categories ........................................................ 24 3.6 Know Your Enemy: Empathy & Inference................................ 32 3.7 Channels ......................................................... 34 3.8 Senses & Sensors.................................................. 35 3.9 Cultural Factors.................................................... 39 3.10 Asymmetries: Technological & Cognitive ................................ 40 CHAPTER 4 HOW TO DETECT: 20
  • Automating Cyber Attacks

    Automating Cyber Attacks

    Automating Cyber Attacks HYPE AND REALITY AUTHORS Ben Buchanan John Bansemer Dakota Cary Jack Lucas Micah Musser NOVEMBER 2020 Established in January 2019, the Center for Security and Emerging Technology (CSET) at Georgetown’s Walsh School of Foreign Service is a research organization fo- cused on studying the security impacts of emerging tech- nologies, supporting academic work in security and tech- nology studies, and delivering nonpartisan analysis to the policy community. CSET aims to prepare a generation of policymakers, analysts, and diplomats to address the chal- lenges and opportunities of emerging technologies. During its first two years, CSET will focus on the effects of progress in artificial intelligence and advanced computing. CSET.GEORGETOWN.EDU | [email protected] 2 Center for Security and Emerging Technology NOVEMBER 2020 Automating Cyber Attacks HYPE AND REALITY AUTHORS Ben Buchanan John Bansemer Dakota Cary Jack Lucas Micah Musser ACKNOWLEDGMENTS The authors would like to thank Perri Adams, Max Guise, Drew Lohn, Igor Mikolic-Torreira, Chris Rohlf, Lynne Weil, and Alexandra Vreeman for their comments on earlier versions of this manuscript. PRINT AND ELECTRONIC DISTRIBUTION RIGHTS © 2020 by the Center for Security and Emerging Technology. This work is licensed under a Creative Commons Attribution- NonCommercial 4.0 International License. To view a copy of this license, visit: https://creativecommons.org/licenses/by-nc/4.0/. Document Identifier: doi: 10.51593/2020CA002 Cover photo: KsanaGraphica/ShutterStock. Contents EXECUTIVE SUMMARY III INTRODUCTION V 1 | THE CYBER KILL CHAIN 1 2 | HOW MACHINE LEARNING CAN (AND CAN’T) 11 CHANGE OFFENSIVE OPERATIONS 3 | CONCLUSION: KEY JUDGMENTS 21 ENDNOTES 29 Center for Security and Emerging Technology i iv Center for Security and Emerging Technology Executive Summary acking is a well-established part of statecraft.
  • The Air Force Can Learn a Lot from What It Has Already Seen in Cyberspace. Old Lessons

    The Air Force Can Learn a Lot from What It Has Already Seen in Cyberspace. Old Lessons

    The Air Force can learn a lot from what it has already seen in cyberspace. Old Lessons, “New”By Rebecca Grant Domain Cape Cod radar tower in Massachusetts was a prototype for the SAGE air defense system. SAGE needed computers with memory, digital relays linking radar sites, and systems engineering to bring them together. 86 AIR FORCE Magazine / September 2013 ashington is once again strategic challenges, such as continental wrestling with how to tack- air defense in the 1950s and real-time le the military challenges command and control in the 1980s, of cyberspace. “The rise of fueled progress in the exploitation of Photos via MITRE Corp. cyber is the most striking cyberspace. development in the post-9/11 national In its infancy, the domain of cyber- Wsecurity landscape,” Chairman of the space did not look much like the clouds Joint Chiefs of Staff Army Gen. Martin and commons known around the globe E. Dempsey said in a June 27 speech at today. The special qualities of cyberspace the Brookings Institution. Dempsey said emerged only when computers gained about 4,000 new military cyber positions more memory and power and networks could be created. Perhaps 1,000 of those linked them together. may be within the Air Force. Responding to new growth in the In the (Cyber) Beginning cyber mission poses a challenge to the Back before social media, the World Air Force. Over the past decade, the Wide Web, the fi rst emails, and even USAF position has swung from taking before ARPAnet, the fi rst closed cy- a vigorous lead in the mission area to berspace system was the Air Force’s going slow on cyber—to avoid a po- Semi-automatic Ground Environment, tential “black hole” as Air Force Chief or SAGE.
  • Cyber Conflicts in International Relations: Framework and Case Studies

    Cyber Conflicts in International Relations: Framework and Case Studies

    Cyber Conflicts in International Relations: Framework and Case Studies Alexander Gamero-Garrido Engineering Systems Division Massachusetts Institute of Technology [email protected] | [email protected] Executive Summary Overview Although cyber conflict is no longer considered particularly unusual, significant uncertainties remain about the nature, scale, scope and other critical features of it. This study addresses a subset of these issues by developing an internally consistent framework and applying it to a series of 17 case studies. We present each case in terms of (a) its socio-political context, (b) technical features, (c) the outcome and inferences drawn in the sources examined. The profile of each case includes the actors, their actions, tools they used and power relationships, and the outcomes with inferences or observations. Our findings include: • Cyberspace has brought in a number of new players – activists, shady government contractors – to international conflict, and traditional actors (notably states) have increasingly recognized the importance of the domain. • The involvement of the private sector on cybersecurity (“cyber defense”) has been critical: 16 out of the 17 cases studied involved the private sector either in attack or defense. • All of the major international cyber conflicts presented here have been related to an ongoing conflict (“attack” or “war”) in the physical domain. • Rich industrialized countries with a highly developed ICT infrastructure are at a higher risk concerning cyber attacks. • Distributed Denial of Service (DDoS) is by far the most common type of cyber attack. • Air-gapped (not connected to the public Internet) networks have not been exempt from attacks. • A perpetrator does not need highly specialized technical knowledge to intrude computer networks.