University of Calgary PRISM: University of Calgary's Digital Repository Graduate Studies The Vault: Electronic Theses and Dissertations 2019-06-17 Data-Driven Cyber Prediction in Hybrid Warfare Devereux, Hannah Devereux, H. (2019). Data-Driven Cyber Prediction in Hybrid Warfare (Unpublished master's thesis). University of Calgary, Calgary, AB. http://hdl.handle.net/1880/110505 master thesis University of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission. Downloaded from PRISM: https://prism.ucalgary.ca UNIVERSITY OF CALGARY Data-driven Cyber Prediction in Hybrid Warfare by Hannah Devereux A THESIS SUBMITTED TO THE FACULTY OF GRADUATE STUDIES IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF STRATEGIC STUDIES GRADUATE PROGRAM IN MILITARY AND STRATEGIC STUDIES CALGARY, ALBERTA JUNE, 2019 © Hannah Devereux 2019 2 ABSTRACT Cyberwarfare, despite being a thoroughly discussed tactic, is consistently misunderstood and taken out of context. Cyberattacks, most often committed during hybrid warfare, are often studied apart from the physical attributes of war. There is a lack of literature that studies the interplay of cyber and physical attributes within hybrid warfare. By analyzing and assessing the Ukrainian Crisis, this thesis investigates how physical attributes may be used to predict cyberattacks based on real world data. Using the Axelrod-Iliev equation optimal timing of cyberattack against Ukraine could be determined and, from this, defensive postures could be suggested. To test if the Axelrod-Iliev equation held true, statistical analysis was used. The statistical analysis verified the findings of the Axelrod-Iliev equation and provided groundwork for future research in the subject area. The statistical analysis found a lack of correlation between Military Personnel/Policemen Killed/Wounded and cyberattacks, Civilians/Politicians Killed/Wounded and cyberattacks, Protests and cyberattacks. Conversely it strongly suggested links between Bombings and cyberattack, and Open Firing and cyberattacks, which can be expounded upon to further understand the interplay of cyber and physical attributes in hybrid warfare. Keywords: Hybrid warfare, Cyber, Military, Ukraine, Russia, Data Analytics 3 ACKNOWLEDGEMENTS I would first like to thank my advisor, Ken Barker, for putting up with my continuously panicked emails that often used no periods or way too many exclamation points. I would not have been able to write this thesis without his guidance, his support and his acceptance of my terrible jokes. Secondly, I would like to extend my gratitude to my colleagues at the Centre for Military, Security and Strategic Studies (CMSS), especially John Reyes, as I may never have switched to writing a thesis without his incessant chanting of “one of us.” I would also like to thank my coworkers and boss at Husky Energy, who have been so understanding of my schooling and my inability to graduate on time. Although they may never read this, I am forever grateful for their support of my thesis over this past year and their willingness to discuss current events in Ukraine with me. Finally, I would like to express my thanks and my love to; my parents, Elyse and Pat, for making sure I stay humble by reminding me of my terrible grades in grade school math; my boyfriend, Patrick, for all of his support through the ups and downs of both life and this paper; and my best friends, Alex, Josie and Vicki, without whom I would have gone insane a long time ago. 4 GLOSSARY OF TERMS ATGM- Anti-Tank Guided Missile ATO Zone- Anti-Terrorist Operation Zone. The parts of Donbas occupied by Russia/pro- Russian separatists. BE3- BlackEnergy 3 Berkut- Ukrainian Special Forces C&C- Command and Control Server CAD- Canadian Dollar CCCP- See USSR CERT- Computer Emergency Response Team (Carnegie Melon) CVSS- Common Vulnerability Scoring System DDoS- Distributed Denial of Service DHS- Department of Homeland Security (United States) DLL- Dynamic Library Link DNR- See DPR DOD- Department of Defense DoS- Denial of Service DPR- Donetsk People’s Republic EU- European Union FedCIRC- Federal Computer Incident Response Center (United States) FSB- Federal Security Service of the Russian Federation FY(year)- Fiscal Year GLBA- Gramm-Leach-Bliley Act GRAD- Soviet Truck-mounted 122mm multiple rocket launcher GRU- Main Directorate of the General Staff of the Armed Forces of the Russian Federation H.R.- House of Representatives Resolution HIPAA- Health Insurance Portability and Accountability Act (United States) HMI- Human User Interface ICANN- International Corporation for Assigned Names and Numbers 5 ICS- Industrial Control System IEC- International Electrotechnical Commission IOA- Initial Operational Assessment LNR- See LPR LOAC- Law of Armed Conflict LPR- Luhansk People’s Republic MBR- Master Boot Record MFT- Managed File Transfer MLRS- Multiple Launch Rocket System NATO- North Atlantic Treaty Organization NBS- National Bureau of Standards (United States) NCSC- National Computer Security Center (United States) NIPR- Non-Classified Information Protocol Network NSA – National Security Agency (United States) Oblenergos- Ukrainian Power distribution companies OLE- Object Link and Embedding OPC DA- Open Platform Communication Data Access OPC- Open Platform Communication OSCE- Organization for Security and Cooperation in Europe PfP- Partnership for Peace PLA- People’s Liberation Army of China PMESII- Political, Military Economic, Social, Informational and Infrastructure spectrum RAT- Remote Access Tool RTU- Remote Terminal Unit SBU-Security Services of Ukraine SFX- Self-Extracting Archives SIPR- Secret Information Protocol Router Network SMB- Service Message Block SMS- text message TPEP- Trusted Product Evaluation Program (United States) 6 UAH- Ukrainian Hryvnia UPS- Uninterruptable Power Supplies USAF- United States Air Force US-CERT- United States Computer Incident Response Center USD- United States Dollar USSR- United Soviet Socialist Republic VPN- Virtual Private Network 7 EPIGRAPH “Laws and principles are not for the times when there is no temptation: they are for such moments as this, when body and soul rise in mutiny against their rigour ... If at my convenience I might break them, what would be their worth?” -Jane Eyre “Of course, the fact that States lack definitive guidance on the subject does not relieve them of their obligation to comply with applicable international law in their cyber operations.” -Tallinn Manual on the International Law Applicable to Cyber Warfare, 2013 8 TABLE OF CONTENTS 1 INTRODUCTION ................................................................................................................. 11 1.1 Background .................................................................................................................... 11 1.2 Thesis Topic ................................................................................................................... 14 1.3 Methodology and Analytical Framework ...................................................................... 14 2 DEFINITIONS ...................................................................................................................... 18 2.1 Cyberattack..................................................................................................................... 18 2.2 Information Warfare ....................................................................................................... 20 2.3 Cyber Espionage ............................................................................................................ 21 2.4 Cyber Warfare ................................................................................................................ 23 2.5 Cybercrime ..................................................................................................................... 24 2.6 Hybrid Warfare .............................................................................................................. 25 3 DISTRIBUTION OF CYBER POWER ................................................................................ 29 3.1 Infrastructure .................................................................................................................. 30 United States Power. ............................................................................................... 31 Russian Power. ........................................................................................................ 33 Ukrainian Power. .................................................................................................... 35 3.2 Legislation ...................................................................................................................... 35 United States Legislation. ....................................................................................... 38 Russian Legislation. ................................................................................................ 41 Ukrainian Legislation. ............................................................................................ 42 3.3 Funding........................................................................................................................... 47 United States Funding. ...........................................................................................