Date post: | 02-Jan-2016 |
Category: |
Documents |
Upload: | cory-sharp |
View: | 214 times |
Download: | 0 times |
Lectures CoveredLectures Covered
Everything until (including) March 2nd
Reading: – All lecture slides– Denning book: Chapters 1, 2, 3, 4, 5, 7, 13
(access control), 14 (Risk management, Incident handling)
– Additional reading materials (next slide)
CSCE 727 - Farkas 2
Additional readingAdditional reading
Familiarity with CSCE 522 lecture notes, 2013 Fall, as needed, http://www.cse.sc.edu/~farkas/csce522-2013/lecture.htm
Denning, D. E. Stuxnet: What Has Changed? Future Internet 2012, 4, 672-687. (.pdf)
Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisition, and Operations, http://www.fas.org/irp/eprint/oss980501.htm
NSA revelations hobble pursuit of a comprehensive cyberdefense initiative, Homeland Security News Wire, 08/16, 2013,http://www.homelandsecuritynewswire.com/dr20130816-nsa-revelations-hobble-pursuit-of-a-comprehensive-cyberdefense-initiative
Expert calls for “surveillance minimization” to restore public trust, Homeland Security News Wire, 01/27/2014, http://www.homelandsecuritynewswire.com/dr20140127-expert-calls-for-surveillance-minimization-to-restore-public-trust
CSCE 727 - Farkas 3
Additional ReadingAdditional Reading
Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law. Thoughts on a Normative Framework., 37 Colum. J. Transnat'l L. 885, 1999,http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA471993
NIST special publications, Incident Handling Updated Guidelines, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf (general understanding only)
Roger C. Molander, Peter A. Wilson, B. David Mussington, Richard Mesic: What is Strategic Information Warfare?, 1996,http://www.rand.org/content/dam/rand/pubs/monograph_reports/2005/MR661.pdf
Information Security Policy - A Development Guide for Large and Small Companies, http://www.sans.org/reading_room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies_1331
CSCE 727 - Farkas 4
CSCE 727 - Farkas 5
Information Security (INFOSEC)Information Security (INFOSEC)
Protection of information against intentional or unintentional unauthorized – Disclosure (confidentiality) – Modification (integrity)– Destruction (availability)
Concerned mainly with owned resources
CSCE 727 - Farkas 7
Information AssuranceInformation Assurance
Information security (prevention) plus – Authenticity and non-repudiation– Detection and reaction capabilities– Additional threats, like perception
managements and exploitation of public media
Addresses intentional or unintentional threats
CSCE 727 - Farkas 8
Information WarfareInformation Warfare Addresses only intentional attacks Information in any form and transmitted over any
media Defensive operations:
– Protection against attacks– Concerned with non-owned and owned resources
Offensive operations: – Exploit vulnerabilities in information resources– Motives, means, opportunities
WIN-LOSE NATURE OF OPERATIONS
CSCE 727 - Farkas 9
Gain-Loss Nature of IWGain-Loss Nature of IW
defense offense
ensure availability
prevent availabilityensure integrity
increase availability
decrease availability
decrease integrity
From: Denning Figure 2.1
CSCE 727 - Farkas 10
ActivitiesActivities
Play: hackers vs. ownersCrime: perpetrators vs. victimsIndividual rights: individuals vs.
individuals/organizations/governmentNational security: national level activities
– State activities– Terrorism
CSCE 727 - Farkas 11
Intention of AttackersIntention of Attackers
Defensive IWDifficult to guessDetermines response and incident handling
CSCE 727 - Farkas 13
Win-Lose ActivityWin-Lose Activity Alter availability and integrity of resources to
benefit the offense Old vs. new methods Areas:
1. Open source and competitive intelligence 2. Psyops and perception management3. Signal intelligence
Not yet covered:1. Insiders threat2. Computer attacks3. Malicious software
CSCE 727 - Farkas 14
1 Open Source Intelligence1 Open Source Intelligence
Protected information: readily available in public domain, can be inferred from public data, or deduced from aggregated public data
Goal: answer specific question in support of some mission
Advantages: no risk for collector, provides context, mode of information acquisition, cover for data discovery by secret operations
Disadvantages: may not discover important information, assurance of discovery(?)
CSCE 727 - Farkas 15
1 Privacy and Copyright1 Privacy and Copyright
Piracy– Copyright Infringement
Acquisition of protected work without the owner’s permission
Human perception: not serious crime Significant loss for marketing/manufacturing/owner
– Trademark Infringement Intellectual property disputes Domain name disputes
CSCE 727 - Farkas 16
2 Psyops and Perception 2 Psyops and Perception ManagementManagement
Information operations that aim to affect perception of others
Goal: influence actions Means: influence emotions, reasoning, decisions Target: individuals, groups, nation, World Censorship
– Offensive: denies population access to certain materials– Defensive: protect society from materials that would
undermine its culture or governance
CSCE 727 - Farkas 17
4 Signal Intelligence4 Signal Intelligence Operations that involves interception and analysis
of signals across electromagnetic spectrum
Intelligence report, criminal investigations, employee monitoring
U.S. Federal wiretap restrictions
Foreign intelligence
Privacy rights
CSCE 727 - Farkas 19
Defensive Information WarfareDefensive Information Warfare
Protect information resources from attacksPreserve the value of resource or recover
lost valueSecurity PolicyMethodsResponse
CSCE 727 - Farkas 20
Vulnerability MonitoringVulnerability Monitoring
Identify security weaknessesMethods: automated tools, human walk-
through, surveillance, audit, background checks
Red team: organized group of people attempting to penetrate the security safeguards of the system
CSCE 727 - Farkas 21
Incident HandlingIncident Handling Not all incidents can be prevented Incident
handling– Prevention and preparedness – Detection and analysis– Containment and recovery– Post-incident activity
Benefits:– Systematic and appropriate response to incidents– Quick response reduce loss and damage– Strengthen security– Satisfy legal requirements
Federal agency requirements