Case studies in cybersecurity strategies
2 likes988 views
The document outlines the spectrum of cyberwarfare, defining key concepts such as cyberwarfare, offensive cyber operations, and cybersecurity strategies. It discusses both offensive techniques, like advanced persistent threats and social engineering, and defensive measures for national cybersecurity strategies. Furthermore, it emphasizes the importance of understanding adversary tactics and outlines essential frameworks for improving national cyber defense.
Case studies in cybersecurity strategies
- 1. 1
- 2. 1. The Spectrum of Cyberwarfare 2. Offensive Cyber Operations 3. The ART of Defense 4. A comparative studies of nation states capabilities PLAN 2
- 3. Key definitions : Cyberwarfare : A set of strategies used by a nation state actor or organization aimed at attacking countries information systems infrastructure with the intention of disrupting , damaging or destroying. Cyberwar : The act of waging war on a nation state or organization to achieve a strategic political , economic or ideological objective. Cybersecurity strategy : A high-level plan that defines how an organization or nation state actor intends to improve the resilience and security of its cyberspace. The Spectrum of Cyberwarfare 3
- 4. A “jus ad bellum” for Cyberwarfare : Military Intelligence gathering Collection of confidential information on current state of military capabilities and operations of a given nation- state in support of current of futur operations. Example : Interception of digital communication to uncover military plans Geopolitical influence Accrued tendency of nation-state to increase their existing capacity of influence & control on other nations from the geophysical domain into the cyberspace through information warfare. Support of Military Operations Cyberwarfare is an enabler in support of tangible warfare operations such as disruption of a military center of operations via a computer virus. Strategic economic warfare Attacks against a nation state using cyber technology with the aim of weakening its economy through acquisition of trade secrets , sabotage of industrial facilities. Cyber counterintelligence Activities designed to prevent or thwart spying, intelligence gathering, and sabotage by an enemy or other foreign entity. The Spectrum of Cyberwarfare 4
- 5. The Spectrum of Cyberwarfare Targets of Interest Example Attribution Military Infrastructure Espionage NSA , FSB , GCHQ , MSS , DGRE Electoral System & Process United States Election (2016) Russia’s FSB Electrical powergrid Ukraine powergrid (2015) Russia’s FSB Nuclear powerplant Iranian nuclear plant Stuxnet virus (2010) NSA & Israel Unit 8200 Communication systems BGP Hijacking Any major global telecom provider Supply chain SolarWinds cyberattack (2020) Russia’s Cozy Bear Any national infrastructure considered critical Colonial pipeline Any nation state actor with accrued geopolitical motivation 5
- 6. The Spectrum of Cyberwarfare 6 A library of known adversary Tactics – the adversary’s technical goals Techniques – how those goals are achieved Procedures – specific implementations of techniques The framework contains 3 Matrices : Enterprise , Mobile and Industrial Control System https://attack.mitre.org/
- 7. Offensive Cyber Operations Into the premise of offensive cyberwarfare : from spies to APTs APT ( Advanced Persistent Threat ) : Sophisticated cyber intrusion technique that exploits a given vulnerability in a system inorder to gain extended persistent foothold with the aim of achieving a specific malicious objective. Lockheed Martin Cyberkill chain : 7
- 8. From Blitzkrieg to Bitskrieg : - An intense german military stategy intended to bring about a swift victory in WW II - Think about a series of swift attacks intended to shutdown a nation’s cyberspace - Example : Shutdown of Ukraine Electrical Power Grid in 2015 by Sandworm - Objective : Render your target’s system unoperational through disruptive intrusion in the shortest possible time frame. - Possibly : Erase disk , encrypt files , corrupt system kernel , change SCADA programming logic Offensive Cyber Operations 8
- 9. DDOS Distributed Denial of Service: Directing malicious traffic to a target by using a range of infected devices controlled by C² Servers. Aim : Disrupt the availability of an online system Examples : ▪ DNS Amplification Attack ▪ MIRAI Botnet Attack Offensive Cyber Operations 9
- 10. Hunting for vulnerabilities & bugs : A zero day (or 0-day) vulnerability is a security risk in a piece of software that is not publicly known about and the vendor is not aware of. A zero- ay exploit is the method an attacker uses to access the vulnerable system. ❑ Active purchase of 0-day exploitsby nation-state to compromise systems ... USA , EU ❑ Advanced vulnerability research program (R&D) ... China ❑ Development of exploits for known vulnerabilities ... Russia Strategic Objective : ✓ Obtain initial access to a foreign nation state’s system ✓ Maintain a tactical advantage on other nation state Example : Kaseya Attack , MSRPC Printer Spooler Relay , Zerologon , Stuxnet Offensive Cyber Operations 10
- 11. Social Engineering & Phishing : Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. Cialdini's 6 Principles of Influence are : Reciprocity , Commitment/consistency, Social proof ,Authority, Liking, Scarcity. Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker Objective : Leakage of confidential information Offensive Cyber Operations 11
- 12. “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” “Sun Tzu The ART of Defense STEP ROAD MAP TO PLANNING A NATION-WIDE DEFENSE STATREGY 1 Assess your national cybersecurity landscape 2 Assess the cyber-risk landscape 3 Produce your national cyber strategy 4 Develop an action plan 5 Monitor and evaluate defined metrics of your strategy 6 Continuous improvement & update 12
- 13. The ART of Defense BLUE PRINT FOR BUILDING A NATIONAL CYBERSECURITY DEFENSE STRATEGY Governance Risk Management Legislation & Regulation ❑ Ensure the highest level of support ❑ Establish a competent cybersecurity authority ❑ Ensure intra-government cooperation ❑ Ensure inter-sectoral cooperation ❑ Allocate dedicated budget and resources ❑ Define a risk-management approach ❑ Identify a common methodology for managing cybersecurity risk ❑ Develop sectoral cybersecurity risk profiles ❑ Establishing cybersecurity policies ❑ Establish cybercrime legislation ❑ Recognise and safeguard individual rights and liberties ❑ Create compliance mechanisms ❑ Promote capacity-building for law enforcement Preparedness & Resilience Capability & Capacity Building Critical Infrastructure services & essential services ❑ Establish cyber-incident response capabilities ❑ Establish contingency plans for cybersecurity crisis management ❑ Promote information-sharing ❑ Conduct cybersecurity exercises ❑ Develop cybersecurity curricula ❑ Stimulate skills development and workforce training ❑ Implement a coordinated cybersecurity awareness-raising programme ❑ Foster cybersecurity innovation and R&D ❑ Establish a risk-management approach to protecting critical infrastructures ❑ and services ❑ Adopt a governance model with clear responsibilities ❑ Define minimum cybersecurity baselines ❑ Establish public-private partnerships 13
- 14. Defending your critical infrastructure The ART of Defense Security best practices and trends Threat Intelligence & Hunting Quantum & Post Quantum Cryptography Vulnerability Management Threat Emulation Compliance Audit Defense in depth EDR ( End-point detection & response) Zero-Trust Architecture Security Awareness Secure Enclaves SIEM ( Security Information &Event Management) ❑ MFA (Multi factor Authentication) SOAR ( Security Orchestration , Automation & Response ) ❑ Risk Management DLP ( Data loss prevention ) ❑ Next Generation Firewall 14
- 15. MITRE DEFEND Framework - https://d3fend.mitre.org/ The ART of Defense 15
- 16. A comparative studies of nation states capabilities 16
- 17. M E R C I ! T H A N K Y O U ! QUESTIONS ? 17