Cyber warfare an architecture for deterrence
Download as PPTX, PDF2 likes533 views
This chapter discusses cyber deterrence strategies and architectures. It outlines the objectives of cyber deterrence as preventing attacks, denying enemies freedom in cyberspace, and using cyber space for counterattacks. It discusses challenges like attribution and unpredictability. The chapter summarizes Libicki's cyber deterrence strategy of situational awareness, identification, analysis, attribution assessment, and retaliation considerations. It proposes a solution architecture using military botnets for effective distributed scanning and proposes prototypes and performance benchmarking of threaded and botnet-based scanning.
Cyber warfare an architecture for deterrence
- 1. Chapter 14: Cyber Warfare an Architecture of Deterrence Bikrant Gautam, Ang Sherpa, Savanth Chintoju Saint Cloud State University IA612-MSIA-Fall
- 2. Objective of cyber deterrence ● Prevent an enemy from conducting future attacks. ● Deny enemies “freedom of action in cyberspace” ● Use the internet space for counter-attack.
- 3. Cyber Deterrence and Cyber warfare “The goal of Cyber deterrence is to deny enemies “freedom of action in cyberspace”.“ - Alexander, 2007 “Cyberwarfare has been defined as "actions by a nation- state to penetrate another nation's computers or networks for the purposes of causing damage or disruption” - Wiki, 2015
- 4. Cyber Deterrence Challenges ● Assigning attribution ● Unpredictability of cyber attack impacts ● Potential damage due to counter retaliation ● No legal framework exists
- 5. Cyber Deterrence Strategy ● Useful to understand how cyber deterrence strategies and policies would operate in practice ● Libicki developed policy and strategy analysis under the sponsorship of USAF, which were influential ● A key goal of cyber deterrence is changing the potential attackers mindset, forcing them to reconsider the benefits and consequences of conducting an attack.
- 6. There are several steps in Libicki’s concept ● Situational Awareness (Surveillance) ● Identify if it is a real attack ● Analyse if the attack motive is connected to state actor ● Determine the level of public awareness ● Assess state or non-state attribution ● Strength of the case for public attribution is assessed ● Methods of retaliation are considered
- 7. ● Explicit Deterrence Counter attack policy is disclosed to attacker, possibly by public announcement ● Implicit Deterrence No public or direct disclosure to the attacker about counter attack ● ‘Risky’ factor has both implicit and explicit values to signify the risk of counterattack. ● Libicki suggests Implicit deterrence is best option.
- 8. “We need to develop an early-warning system to monitor cyberspace, identify intrusions, and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options – and we must be able to do this in milliseconds.” (McConnell, 2010)
- 10. Surveillance Capabilities ● ensures that defenders are aware of potential cyber attacks Penetration Capabilities ● understand potential/actual hackers, investigate attribution Integration Capabilities ● to build an understanding of CNE ● populate knowledge base about attackers Advanced Capabilities ● management of military botnets and parallel scanning
- 11. Solution Architecture ● What is the solution for cyber deterrence? ● BOTNETs!!! ● Military botnets developed with bot script deployed in each government computer. ● Effective as large number of computers controlled by single organization. ● Useful on mass hacking or distributed scanning
- 12. Attack Model of Botnet
- 14. Architectural Prototypes ● Prototypes for multithreaded and botnet-like distributed scanning. ● Botnet performance benchmarking
- 15. Threaded Scanning ● Serial scanning in linux ● Then implemented as multi threaded scanning. ● Performance increased. ● Practically feasible for pen testing. Botnet for Distributed Scanning ● Distributed botnet for parallel scans. ● Performed ping sweeps and nmap scans. ● contained the bot-command server architect with different controlling scripts. ● First the script on target machine was run. ● Then this script connected with the machine running command script.
- 16. Performance Benchmarking ● Scripts for both methods were run using python code. ● Threaded scan are faster than botnets.
- 18. Deterministic Models of Performance ● Serial Scan ● Parallel (Threaded) Scan ● Distributed serial Scan ● Distributed Parallel (Threaded) Scan