DOCSLIB.ORG

King's College, London: Department of War Studies

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

UNIVERSITY OF READING U.S. Strategic Cyber Deterrence Options Doctor of Philosophy in Politics Department of Politics & International Relations Scott Jasper March 2018 1 Contents Abstract......................................................................................................................... 3 List of Abbreviations..................................................................................................... 4 Introduction................................................................................................................... 7 Section One: Thinking about Deterrence Chapter I: Literature Review........................................................................................59 Chapter II: Global Cybered Conflict...........................................................................120 Chapter III: Theoretical Foundations..........................................................................158 Section Two: Contemporary Deterrence Strategies Chapter IV: Deterrence by Retaliation.........................................................................198 Chapter V: Deterrence by Denial................................................................................. 234 Chapter VI: Deterrence by Entanglement.....................................................................269 Section Three: A New Strategic Option Chapter VII: Active Cyber Defense..............................................................................307 Conclusion.....................................................................................................................343 Appendix.......................................................................................................................381 Bibliography..................................................................................................................406 2 Abstract The U.S. government appears incapable of creating an adequate strategy to alter the behavior of the wide variety of malicious actors seeking to inflict harm or damage through cyberspace. This thesis provides a systematic analysis of contemporary deterrence strategies and offers the U.S. the strategic option of active cyber defense designed for continuous cybered conflict. It examines the methods and motivations of the wide array of malicious actors operating in the cyber domain. The thesis explores how the theories of strategy and deterrence underpin the creation of strategic deterrence options and what role deterrence plays with respect to strategies, as a subset, a backup, an element of one or another strategic choice. It looks at what the government and industry are doing to convince malicious actors that their attacks will fail and that risk of consequences exists. The thesis finds that contemporary deterrence strategies of retaliation, denial and entanglement lack the conditions of capability, credibility, and communications that are necessary to change the behavior of malicious actors in cyberspace. This research offers a midrange theory of active cyber defense as a way to compensate for these failings through internal systemic resilience and tailored disruption capacities that both frustrate and punish the wide range of malicious actors regardless of origin or intentions. The thesis shows how active cyber defense is technically capable and legally viable as an alternative strategy in the U.S. to strengthen the deterrence of cyber attacks. 3 Abbreviations A2/AD Anti-access/Area denial ACD Active Cyber Defense AIS Automated Indicator Sharing APT Advanced Persistent Threat BPHS Bulletproof Hosting Services CBM Confidence-Building Measure CFAA Computer Fraud and Abuse Act CIS Center for Internet Security CISP Cybersecurity Strategy and Implementation Plan CMF Cyber Mission Force CSC Critical Security Controls DCO Defensive Cyberspace Operations DDoS Distributed Denial of Service DHS Department of Homeland Security DIUx Defense Innovation Unit Experimental DNC Democratic National Committee DNS Domain Name System DOD Department of Defense EEZ Exclusive Economic Zone EU European Union FBI Federal Bureau of Investigation FS Financial Services FTP File Transfer Protocol GDP Gross Domestic Product GLACY Global Action on Cybercrime GOP Guardians of Peace G-20 Group of Twenty GPS Global Positioning System 4 GSCI Global Socio-Cyber Infrastructure HM Her Majesty’s HTTP(S) Hypertext Transfer Protocol (Secure) IACD Integrated Adaptive Cyber Defense ICANN Internet Corporation for Assigned Names and Numbers ICMP Internet Control Message Protocol ICS-CERT Industrial Control System – Computer Emergency Response Team ICT Information and Communication Technology IDM Internal Defensive Measures IP Intellectual Property IP Internet Protocol ISAC Information Sharing and Analysis Center ISIS Islamic State of Iraq and Syria NSA National Security Agency NATO North Atlantic Treaty Organization NCCIC National Cybersecurity and Communications Integration Center NIST National Institute of Standards and Technology NTP Network Time Protocol OPM Office of Personnel Management OSCE Organization for Security and Co-operation in Europe PII Personally Identifiable Information PIN Personal Identification Number POS Point-of-Sale PPD Presidential Policy Directive PLA People’s Liberation Army RA Response Actions RAM Remote Access Memory RAT Remote Access Trojan SIEM Security Information and Event Management SSL Secure Sockets Layer 5 STIX Structured Threat Information eXpression SQL Structured Query Language TAXII Trusted Automated eXchange of Indicator Information TTP Tactics, Techniques and Procedures UK United Kingdom UN United Nations UNCLOS UN Convention on Law of the Sea URL uniform resource locator XML Extensible Markup Language 6 Introduction Headlines in May 2017 were dominated by the massive WannaCry ransomware attack that hit 74 countries across Europe and Asia, affecting more than a dozen hospitals in England’s National Health System.1 Even worse than this criminal activity is the threat to critical infrastructure as seen by the malware infections at electrical distribution companies in Ukraine that caused outages to 225,000 customers in late 2015. 2 Furthermore, recent reports on alleged Russian hacks into the U.S. Democratic National Committee and the staff of French candidate Emmanuel Macron, coupled with subsequent release of emails or content in coercive campaigns to apparently influence Presidential Elections have brought national attention to the inadequacy of cyber deterrence. 3 All sectors of the economy rely on the networks, systems, and services that form cyberspace.4 Information and Communication Technologies [ICTs] form the technical backbone of these networks and are equally essential to the defense sector, especially during the conduct of military operations. Yet protecting cyberspace is challenging because it is currently borderless, subject to dynamic change, and open to all comers. The cybered society is probed and penetrated by nation states, hacker groups, criminal organizations, and terrorist groups or lone wolves. These entities called malicious or threat actors can be partially or wholly responsible for 1 Robert McMillian, Jenny Gross, and Denise Roland, “Major Cyberattack Sweeps Globe, Hitting FedEx, U.K. Hospitals, Spanish Companies,” The Wall Street Journal, May 12, 2017. 2 Electrical Information Sharing and Analysis Center, “Analysis of the Cyber Attack on the Ukrainian Power Grid,” March 18, 2016: 1-25. 3 Adam Nossiter, David E. Sanger and Nicole Perlroth, “Hackers Came, But the French Were Prepared,” New York Times, May 10, 2017. 4 The basis of this introduction first appeared in Strategic Studies Quarterly Vol. 9, No. 1 (Spring 2015). The thesis is drawn from recent publication of my book titled Strategic Cyber Deterrence: The Active Cyber Defense Option (New York, Rowman & Littlefield: July 2017). 7 a cyber incident that dramatically reduces an organization’s security.5 Many of these malicious actors seek state secrets, trade secrets, technology, and ideas, or they develop the ability to strike critical infrastructure and harm advanced economies.6 Hacker groups and criminal gangs often work in concert with state actors, under some form of control, direction, incitement or other more nebulous arrangement. That intertwined relationship allows foreign governments to hide their malicious activity and claim innocence if confronted.7 In addition, malicious actors use common tools, techniques and talent, available for purchase at very low prices on illicit web sites on the worldwide underground market.8 This convergence of actor relationships, motivations, tactics, and capabilities complicates attribution of an attack9 and makes using a single option to change the behavior of an individual actor, such as the nation state, impossible and impractical to counter cyber attacks. Malicious actor attacks, via cyberspace, target “an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/ infrastructure; or destroying the integrity of the data or stealing controlled information.”10 Recent incidents show cyber attacks are employed and refined in a systematic, coordinated manner in an effort to achieve actor objectives. Criminal exploitation, military or 5 Ivy Wigmore, “Threat Actor Definition,” Security Threats and Countermeasures Glossary, January 2016. 6 Robert Anderson, Jr. “Cybersecurity, Terrorism, and Beyond: Addressing Evolving Threats to the Homeland,” testimony before the Committee
Recommended publications
  • A the Hacker

    A the Hacker

    A The Hacker Madame Curie once said “En science, nous devons nous int´eresser aux choses, non aux personnes [In science, we should be interested in things, not in people].” Things, however, have since changed, and today we have to be interested not just in the facts of computer security and crime, but in the people who perpetrate these acts. Hence this discussion of hackers. Over the centuries, the term “hacker” has referred to various activities. We are familiar with usages such as “a carpenter hacking wood with an ax” and “a butcher hacking meat with a cleaver,” but it seems that the modern, computer-related form of this term originated in the many pranks and practi- cal jokes perpetrated by students at MIT in the 1960s. As an example of the many meanings assigned to this term, see [Schneier 04] which, among much other information, explains why Galileo was a hacker but Aristotle wasn’t. A hack is a person lacking talent or ability, as in a “hack writer.” Hack as a verb is used in contexts such as “hack the media,” “hack your brain,” and “hack your reputation.” Recently, it has also come to mean either a kludge, or the opposite of a kludge, as in a clever or elegant solution to a difficult problem. A hack also means a simple but often inelegant solution or technique. The following tentative definitions are quoted from the jargon file ([jargon 04], edited by Eric S. Raymond): 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary.
  • Recent Developments in Cybersecurity Melanie J

    Recent Developments in Cybersecurity Melanie J

    American University Business Law Review Volume 2 | Issue 2 Article 1 2013 Fiddling on the Roof: Recent Developments in Cybersecurity Melanie J. Teplinsky Follow this and additional works at: http://digitalcommons.wcl.american.edu/aublr Part of the Law Commons Recommended Citation Teplinsky, Melanie J. "Fiddling on the Roof: Recent Developments in Cybersecurity." American University Business Law Review 2, no. 2 (2013): 225-322. This Article is brought to you for free and open access by the Washington College of Law Journals & Law Reviews at Digital Commons @ American University Washington College of Law. It has been accepted for inclusion in American University Business Law Review by an authorized administrator of Digital Commons @ American University Washington College of Law. For more information, please contact [email protected]. ARTICLES FIDDLING ON THE ROOF: RECENT DEVELOPMENTS IN CYBERSECURITY MELANIE J. TEPLINSKY* TABLE OF CONTENTS Introduction .......................................... ..... 227 I. The Promise and Peril of Cyberspace .............. ........ 227 II. Self-Regulation and the Challenge of Critical Infrastructure ......... 232 III. The Changing Face of Cybersecurity: Technology Trends ............ 233 A. Mobile Technology ......................... 233 B. Cloud Computing ........................... ...... 237 C. Social Networking ................................. 241 IV. The Changing Face of Cybersecurity: Cyberthreat Trends ............ 244 A. Cybercrime ................................. ..... 249 1. Costs of Cybercrime
  • Hacking the Web

    Hacking the Web

    Hacking the Web (C) 2009-2020 Arun Viswanathan Ellis Horowitz Marco Papa 1 Table of Contents } General Introduction } Authentication Attacks } Client-Side Attacks } Injection Attacks } Recent Attacks } Privacy Tools 2 (C) 2009-2020 Arun Viswanathan Ellis Horowitz Marco Papa Why secure the Web? } The Web has evolved into an ubiquitous entity providing a rich and common platform for connecting people and doing business. } BUT, the Web also offers a cheap, effective, convenient and anonymous platform for crime. } To get an idea, the Web has been used for the following types of criminal activities (source: The Web Hacking Incidents Database (WHID) http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database) } Chaos (Attack on Russian nuclear power websites amid accident rumors (5Jan09) } Deceit (SAMY XSS Worm – Nov 2005) } Extortion (David Aireys domain hijacked due to a CSRF (cross site request forgery) flaw in Gmail – 30Dec2007) } Identity Theft (XSS on Yahoo! Hot jobs – Oct 2008) } Information Warfare (Israeli Gaza War - Jan 2009 / Balkan Wars – Apr 2008 ) } Monetary Loss (eBay fraud using XSS) } Physical Pain (Hackers post on epilepsy forum causes migraines and seizures – May 2008) } Political Defacements (Hacker changes news release on Sheriffs website – Jul 2008) (Obama, Oreilly and Britneys Twitter accounts hacked and malicious comments posted – Jan 09) } Chinese Gaming sites hacked (Dec. 2011) 3 Copyright(C) 2009 (c) -20092020- 2019Arun Arun Viswanathan Viswanathan Ellis HorowitzEllis Horowitz Marco Marco Papa Papa
  • 2016 8Th International Conference on Cyber Conflict: Cyber Power

    2016 8Th International Conference on Cyber Conflict: Cyber Power

    2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 31 MAY - 03 JUNE 2016, TALLINN, ESTONIA 2016 8TH International ConFerence on CYBER ConFlict: CYBER POWER Copyright © 2016 by NATO CCD COE Publications. All rights reserved. IEEE Catalog Number: CFP1626N-PRT ISBN (print): 978-9949-9544-8-3 ISBN (pdf): 978-9949-9544-9-0 CopyriGHT AND Reprint Permissions No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence ([email protected]). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, and for personal or educational use when for non-profit or non-commercial purposes, providing that copies bear this notice and a full citation on the first page as follows: [Article author(s)], [full article title] 2016 8th International Conference on Cyber Conflict: Cyber Power N.Pissanidis, H.Rõigas, M.Veenendaal (Eds.) 2016 © NATO CCD COE Publications PrinteD copies OF THIS PUBlication are availaBLE From: NATO CCD COE Publications Filtri tee 12, 10132 Tallinn, Estonia Phone: +372 717 6800 Fax: +372 717 6308 E-mail: [email protected] Web: www.ccdcoe.org Head of publishing: Jaanika Rannu Layout: Jaakko Matsalu LEGAL NOTICE: This publication contains opinions of the respective authors only. They do not necessarily reflect the policy or the opinion of NATO CCD COE, NATO, or any agency or any government.
  • Cyber-Conflict Between the United States of America and Russia CSS

    Cyber-Conflict Between the United States of America and Russia CSS

    CSS CYBER DEFENSE PROJECT Hotspot Analysis: Cyber-conflict between the United States of America and Russia Zürich, June 2017 Version 1 Risk and Resilience Team Center for Security Studies (CSS), ETH Zürich Cyber-conflict between the United States of America and Russia Authors: Marie Baezner, Patrice Robin © 2017 Center for Security Studies (CSS), ETH Zürich Contact: Center for Security Studies Haldeneggsteig 4 ETH Zürich CH-8092 Zurich Switzerland Tel.: +41-44-632 40 25 [email protected] www.css.ethz.ch Analysis prepared by: Center for Security Studies (CSS), ETH Zürich ETH-CSS project management: Tim Prior, Head of the Risk and Resilience Research Group; Myriam Dunn Cavelty, Deputy Head for Research and Teaching; Andreas Wenger, Director of the CSS Disclaimer: The opinions presented in this study exclusively reflect the authors’ views. Please cite as: Baezner, Marie; Robin, Patrice (2017): Hotspot Analysis: Cyber-conflict between the United States of America and Russia, June 2017, Center for Security Studies (CSS), ETH Zürich. 2 Cyber-conflict between the United States of America and Russia Table of Contents 1 Introduction 5 2 Background and chronology 6 3 Description 9 3.1 Tools and techniques 9 3.2 Targets 10 3.3 Attribution and actors 10 4 Effects 11 4.1 Social and internal political effects 11 4.2 Economic effects 13 4.3 Technological effects 13 4.4 International effects 13 5 Consequences 14 5.1 Improvement of cybersecurity 14 5.2 Raising awareness of propaganda and misinformation 15 5.3 Observation of the evolution of relations between the USA and Russia 15 5.4 Promotion of Confidence Building Measures 16 6 Annex 1 17 7 Glossary 18 8 Abbreviations 19 9 Bibliography 19 3 Cyber-conflict between the United States of America and Russia Executive Summary Effects Targets: US State institutions and a political The analysis found that the tensions between the party.
  • The Botnet Chronicles a Journey to Infamy

    The Botnet Chronicles a Journey to Infamy

    The Botnet Chronicles A Journey to Infamy Trend Micro, Incorporated Rik Ferguson Senior Security Advisor A Trend Micro White Paper I November 2010 The Botnet Chronicles A Journey to Infamy CONTENTS A Prelude to Evolution ....................................................................................................................4 The Botnet Saga Begins .................................................................................................................5 The Birth of Organized Crime .........................................................................................................7 The Security War Rages On ........................................................................................................... 8 Lost in the White Noise................................................................................................................. 10 Where Do We Go from Here? .......................................................................................................... 11 References ...................................................................................................................................... 12 2 WHITE PAPER I THE BOTNET CHRONICLES: A JOURNEY TO INFAMY The Botnet Chronicles A Journey to Infamy The botnet time line below shows a rundown of the botnets discussed in this white paper. Clicking each botnet’s name in blue will bring you to the page where it is described in more detail. To go back to the time line below from each page, click the ~ at the end of the section. 3 WHITE
  • The Iranian Cyber Threat

    The Iranian Cyber Threat

    The Iranian Cyber Threat May 2021 0 Contents Introduction .............................................................................................................................................. 2 Cyber Retaliation ..................................................................................................................................... 2 Iran’s National Security Strategy .............................................................................................................. 4 Laying the Groundwork ........................................................................................................................... 5 Structure ................................................................................................................................................... 5 Defense ................................................................................................................................................... 6 Offense .................................................................................................................................................... 6 History of Iranian Cyber Attacks and Incidents ........................................................................................... 7 The Attacks .............................................................................................................................................. 8 Iranian Cyber Army .................................................................................................................................
  • Mobile Financial Fraud April 2013

    Mobile Financial Fraud April 2013

    White Paper: Mobile Financial Fraud April 2013 Mobile Threats and the Underground Marketplace Principal Investigator and Corresponding Author Jart Armin Contributing Researchers Andrey Komarov, Mila Parkour, Raoul Chiesa, Bryn Thompson, Will Rogofsky Panel & Review Dr. Ray Genoe (UCD), Robert McArdle (Trend Micro), Dave Piscitello (ICANN), Foy Shiver (APWG), Edgardo Montes de Oca (Montimage), Peter Cassidy (APWG) APWG Mobile Fraud web site http://ecrimeresearch.org/wirelessdevice/Fraud/ Table of Contents Abstract ..................................................................................................................................... 2 Introduction and Starting Position ........................................................................................ 2 A Global Overview .................................................................................................................. 3 Vulnerabilities Overview ....................................................................................................... 3 The Underground Mobile Market ....................................................................................... 13 Mobile DNS & Traffic ........................................................................................................... 15 iBots & the Pocket Botnet ..................................................................................................... 18 Mobile Intrusion ...................................................................................................................
  • Hacking for ISIS: the Emergent Cyber Threat Landscape

    Hacking for ISIS: the Emergent Cyber Threat Landscape

    Hacking for ISIS: The Emergent Cyber Threat Landscape By Laith Alkhouri, Alex Kassirer, & Allison Nixon April 2016 Hacking For ISIS Contents Click on a title to navigate to the page Introduction ...........................................................................................................................................2 Cyber Caliphate ...................................................................................................................................3 Islamic State Hacking Division .......................................................................................................6 Islamic Cyber Army ............................................................................................................................9 Rabitat Al-Ansar ................................................................................................................................ 12 Sons Caliphate Army ...................................................................................................................... 15 United Cyber Caliphate .................................................................................................................. 17 Techniques, Tactics, & Procedures (TTPs) .............................................................................. 20 The Future of ISIS’s Cyber Capabilities .................................................................................... 24 Conclusion .........................................................................................................................................
  • View/Open (13.5MB)

    View/Open (13.5MB)

    Open-Access-Publikation im Sinne der CC-Lizenz BY-NC-ND 4.0 © 2017, V&R unipress GmbH, Göttingen ISBN Print: 9783847107620 – ISBN E-Lib: 9783737007627 ContemporaryIssues in International Security and Strategic Studies Volume 1 Edited by James Bindenagel, Matthias Herdegen and Karl Kaiser Open-Access-Publikation im Sinne der CC-Lizenz BY-NC-ND 4.0 © 2017, V&R unipress GmbH, Göttingen ISBN Print: 9783847107620 – ISBN E-Lib: 9783737007627 James Bindenagel /Matthias Herdegen / Karl Kaiser (eds.) International Securityinthe 21st Century Germany’s International Responsibility With 2figures V&Runipress Bonn UniversityPress Open-Access-Publikation im Sinne der CC-Lizenz BY-NC-ND 4.0 © 2017, V&R unipress GmbH, Göttingen ISBN Print: 9783847107620 – ISBN E-Lib: 9783737007627 Bibliographic information published by the Deutsche Nationalbibliothek The Deutsche Nationalbibliothek lists this publication in the Deutsche Nationalbibliografie; detailed bibliographic data are available online: http://dnb.d-nb.de. ISSN 2513-1591 ISBN 978-3-7370-0762-7 You can find alternative editions of this book and additional material on our website: www.v-r.de Publications of Bonn University Press are published by V& R unipress GmbH. 2017, V&R unipress GmbH, Robert-Bosch-Breite 6, 37079 Gçttingen, Germany / www.v-r.de This publication is licensed under a Creative Commons Attribution-Non Commercial- No Derivatives 4.0 International license, at DOI 10.14220/9783737007627. For a copy of this license go to http://creativecommons.org/licenses/by-nc-nd/4.0/. Any use in cases
  • View Final Report (PDF)

    View Final Report (PDF)

    TABLE OF CONTENTS TABLE OF CONTENTS I EXECUTIVE SUMMARY III INTRODUCTION 1 GENESIS OF THE PROJECT 1 RESEARCH QUESTIONS 1 INDUSTRY SITUATION 2 METHODOLOGY 3 GENERAL COMMENTS ON INTERVIEWS 5 APT1 (CHINA) 6 SUMMARY 7 THE GROUP 7 TIMELINE 7 TYPOLOGY OF ATTACKS 9 DISCLOSURE EVENTS 9 APT10 (CHINA) 13 INTRODUCTION 14 THE GROUP 14 TIMELINE 15 TYPOLOGY OF ATTACKS 16 DISCLOSURE EVENTS 18 COBALT (CRIMINAL GROUP) 22 INTRODUCTION 23 THE GROUP 23 TIMELINE 25 TYPOLOGY OF ATTACKS 27 DISCLOSURE EVENTS 30 APT33 (IRAN) 33 INTRODUCTION 34 THE GROUP 34 TIMELINE 35 TYPOLOGY OF ATTACKS 37 DISCLOSURE EVENTS 38 APT34 (IRAN) 41 INTRODUCTION 42 THE GROUP 42 SIPA Capstone 2020 i The Impact of Information Disclosures on APT Operations TIMELINE 43 TYPOLOGY OF ATTACKS 44 DISCLOSURE EVENTS 48 APT38 (NORTH KOREA) 52 INTRODUCTION 53 THE GROUP 53 TIMELINE 55 TYPOLOGY OF ATTACKS 59 DISCLOSURE EVENTS 61 APT28 (RUSSIA) 65 INTRODUCTION 66 THE GROUP 66 TIMELINE 66 TYPOLOGY OF ATTACKS 69 DISCLOSURE EVENTS 71 APT29 (RUSSIA) 74 INTRODUCTION 75 THE GROUP 75 TIMELINE 76 TYPOLOGY OF ATTACKS 79 DISCLOSURE EVENTS 81 COMPARISON AND ANALYSIS 84 DIFFERENCES BETWEEN ACTOR RESPONSE 84 CONTRIBUTING FACTORS TO SIMILARITIES AND DIFFERENCES 86 MEASURING THE SUCCESS OF DISCLOSURES 90 IMPLICATIONS OF OUR RESEARCH 92 FOR PERSISTENT ENGAGEMENT AND FORWARD DEFENSE 92 FOR PRIVATE CYBERSECURITY VENDORS 96 FOR THE FINANCIAL SECTOR 96 ROOM FOR FURTHER RESEARCH 97 ACKNOWLEDGEMENTS 98 ABOUT THE TEAM 99 SIPA Capstone 2020 ii The Impact of Information Disclosures on APT Operations EXECUTIVE SUMMARY This project was completed to fulfill the including the scope of the disclosure and capstone requirement for Columbia Uni- the disclosing actor.
  • Potential Human Cost of Cyber Operations

    Potential Human Cost of Cyber Operations

    ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS REPORT ICRC EXPERT MEETING 14–16 NOVEMBER 2018 – GENEVA THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Report prepared and edited by Laurent Gisel, senior legal adviser, and Lukasz Olejnik, scientific adviser on cyber, ICRC THE POTENTIAL HUMAN COST OF CYBER OPERATIONS Table of Contents Foreword............................................................................................................................................. 3 Acknowledgements ............................................................................................................................. 4 Executive summary ............................................................................................................................. 5 Introduction....................................................................................................................................... 10 Session 1: Cyber operations in practice .………………………………………………………………………….….11 A. Understanding cyber operations with the cyber kill chain model ...................................................... 11 B. Operational purpose ................................................................................................................. 11 C. Trusted systems and software supply chain attacks ...................................................................... 13 D. Cyber capabilities and exploits ..................................................................................................