Date post: | 09-Jan-2017 |
Category: |
Engineering |
Upload: | bikrant-gautam |
View: | 85 times |
Download: | 3 times |
Chapter 14:Cyber Warfare an Architecture ofDeterrence
Bikrant Gautam, Ang Sherpa,Savanth ChintojuSaint Cloud State UniversityIA612-MSIA-Fall
Objective of cyber deterrence● Prevent an enemy from conducting future attacks.● Deny enemies “freedom of action in cyberspace”● Use the internet space for counter-attack.
Cyber Deterrence and Cyber warfare
“The goal of Cyber deterrence is to deny enemies “freedom of action in cyberspace”.“- Alexander, 2007
“Cyberwarfare has been defined as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption”- Wiki, 2015
Cyber Deterrence Challenges● Assigning attribution● Unpredictability of cyber attack
impacts● Potential damage due to counter
retaliation● No legal framework exists
Cyber Deterrence Strategy● Useful to understand how cyber deterrence
strategies and policies would operate in practice● Libicki developed policy and strategy analysis
under the sponsorship of USAF, which were influential
● A key goal of cyber deterrence is changing the potential attackers mindset, forcing them to reconsider the benefits and consequences of conducting an attack.
There are several steps in Libicki’s concept● Situational Awareness (Surveillance)● Identify if it is a real attack● Analyse if the attack motive is connected to state actor● Determine the level of public awareness● Assess state or non-state attribution● Strength of the case for public attribution is assessed● Methods of retaliation are considered
● Explicit DeterrenceCounter attack policy is disclosed to
attacker, possibly by public announcement
● Implicit DeterrenceNo public or direct disclosure to the attacker
about counter attack
● ‘Risky’ factor has both implicit and explicit values to signify the risk of counterattack.
● Libicki suggests Implicit deterrence is best option.
“We need to develop an early-warning system to monitor cyberspace, identify intrusions, and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options – and we must be able to do this in milliseconds.” (McConnell, 2010)
Reference Model
Surveillance Capabilities● ensures that defenders are aware of potential
cyber attacksPenetration Capabilities● understand potential/actual hackers, investigate
attributionIntegration Capabilities● to build an understanding of CNE● populate knowledge base about attackers
Advanced Capabilities● management of military botnets and parallel
scanning
Solution Architecture● What is the solution for cyber deterrence? ● BOTNETs!!!
● Military botnets developed with bot script deployed in each government computer.
● Effective as large number of computers controlled by single organization.
● Useful on mass hacking or distributed scanning
Attack Model of Botnet
Defense/attribution Model
Architectural Prototypes● Prototypes for multithreaded and botnet-like distributed
scanning.● Botnet performance benchmarking
Threaded Scanning● Serial scanning in linux● Then implemented as multi threaded scanning.● Performance increased.● Practically feasible for pen testing.
Botnet for Distributed Scanning
● Distributed botnet for parallel scans.● Performed ping sweeps and nmap scans.● contained the bot-command server architect with
different controlling scripts.● First the script on target machine was run. ● Then this script connected with the machine running
command script.
Performance Benchmarking● Scripts for both methods were run using python code.● Threaded scan are faster than botnets.
Benchmarking continued...
Deterministic Models of Performance
● Serial Scan● Parallel (Threaded) Scan● Distributed serial Scan● Distributed Parallel (Threaded) Scan
Projection for Military Botnets
Thanks,Any Questions?