Chapter 14:Cyber Warfare an Architecture ofDeterrence

Bikrant Gautam, Ang Sherpa,Savanth ChintojuSaint Cloud State UniversityIA612-MSIA-Fall

Objective of cyber deterrence● Prevent an enemy from conducting future attacks.● Deny enemies “freedom of action in cyberspace”● Use the internet space for counter-attack.

Cyber Deterrence and Cyber warfare

“The goal of Cyber deterrence is to deny enemies “freedom of action in cyberspace”.“- Alexander, 2007

“Cyberwarfare has been defined as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption”- Wiki, 2015

Cyber Deterrence Challenges● Assigning attribution● Unpredictability of cyber attack

impacts● Potential damage due to counter

retaliation● No legal framework exists

Cyber Deterrence Strategy● Useful to understand how cyber deterrence

strategies and policies would operate in practice● Libicki developed policy and strategy analysis

under the sponsorship of USAF, which were influential

● A key goal of cyber deterrence is changing the potential attackers mindset, forcing them to reconsider the benefits and consequences of conducting an attack.

There are several steps in Libicki’s concept● Situational Awareness (Surveillance)● Identify if it is a real attack● Analyse if the attack motive is connected to state actor● Determine the level of public awareness● Assess state or non-state attribution● Strength of the case for public attribution is assessed● Methods of retaliation are considered

● Explicit DeterrenceCounter attack policy is disclosed to

attacker, possibly by public announcement

● Implicit DeterrenceNo public or direct disclosure to the attacker

about counter attack

● ‘Risky’ factor has both implicit and explicit values to signify the risk of counterattack.

● Libicki suggests Implicit deterrence is best option.

“We need to develop an early-warning system to monitor cyberspace, identify intrusions, and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options – and we must be able to do this in milliseconds.” (McConnell, 2010)

Reference Model

Surveillance Capabilities● ensures that defenders are aware of potential

cyber attacksPenetration Capabilities● understand potential/actual hackers, investigate

attributionIntegration Capabilities● to build an understanding of CNE● populate knowledge base about attackers

Advanced Capabilities● management of military botnets and parallel

scanning

Solution Architecture● What is the solution for cyber deterrence? ● BOTNETs!!!

● Military botnets developed with bot script deployed in each government computer.

● Effective as large number of computers controlled by single organization.

● Useful on mass hacking or distributed scanning

Attack Model of Botnet

Defense/attribution Model

Architectural Prototypes● Prototypes for multithreaded and botnet-like distributed

scanning.● Botnet performance benchmarking

Threaded Scanning● Serial scanning in linux● Then implemented as multi threaded scanning.● Performance increased.● Practically feasible for pen testing.

Botnet for Distributed Scanning

● Distributed botnet for parallel scans.● Performed ping sweeps and nmap scans.● contained the bot-command server architect with

different controlling scripts.● First the script on target machine was run. ● Then this script connected with the machine running

command script.

Performance Benchmarking● Scripts for both methods were run using python code.● Threaded scan are faster than botnets.

Benchmarking continued...

Deterministic Models of Performance

● Serial Scan● Parallel (Threaded) Scan● Distributed serial Scan● Distributed Parallel (Threaded) Scan

Projection for Military Botnets

Thanks,Any Questions?