Military Strategy in Cyberspace Stuart Staniford Nevis - PowerPoint PPT Presentation

About This Presentation
Title:

Military Strategy in Cyberspace Stuart Staniford Nevis

Description:

Military Strategy in Cyberspace Stuart Staniford Nevis Networks 08/12/04 stuart_at_nevisnetworks.com Introduction to this exercise This is my attempt to predict what ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 39
Provided by: usenixOrg
Learn more at: https://www.usenix.org
Category:

less

Transcript and Presenter's Notes

Title: Military Strategy in Cyberspace Stuart Staniford Nevis


1
Military Strategy in Cyberspace
  • Stuart Staniford
  • Nevis Networks
  • 08/12/04
  • stuart_at_nevisnetworks.com

2
Introduction to this exercise
  • This is my attempt to predict what cyberwar will
    look like in 5-20 years
  • Ie. This is all gross speculation
  • Like trying to think about air war in 1912
  • No real cyberwars have happened
  • Cyberwar will develop rapidly once it starts to
    really happen
  • There will be surprises
  • Useful nonetheless forewarned is forearmed

3
Relevant Expertises
Network security, Network ops, Cryptography,
IDS, Vulnerability Asessment DDOS, worm defense
Military Strategy, Military History
Economics, Management Science, Organizational Psyc
hology
No-one is an expert in all of these
4
Five Levels of Strategy
  • Due to Luttwak, Liddell-Hart
  • Technological
  • Iron swords, longbows, railroads, aircraft,
    tanks
  • Exploits, DDOS, worms, firewalls, IDS
  • Tactical
  • Tanks in formation (WWI/WWII), longbows in
    dismounted ranks behind stakes (Crecy, Agincourt)
  • What we do with a DDOS tool, or an IDS?

5
Five Levels of Strategy
  • Operational (individual battle level)
  • Waterloo, Crecy, Midway, Carshemish
  • Individual organization (utility, bank, ISP,
    carrier battle group)
  • Theatre Strategy
  • WWII Pacific, European, North African
  • Cyberwar same (but opens new theatres for attack)
  • Grand Strategy
  • National level strategy - decisive military
    defeat, econonomic exhaustion, nuclear blackmail,
    erosion of will

6
Scenario China vs US
  • Why did I choose this?
  • Because its fun! Because I can!
  • China finally invades Taiwan
  • Has been sabre-rattling for years
  • Regular exercises in Taiwan straits
  • Taiwan and China have been in consensus that they
    are ultimately one country
  • Just temporarily two administrations with two
    systems
  • Consensus slowly breaking down in Taiwan
    starting to want to be independent
  • Creating great anxiety in China

7
Sequence of Events
  • Chinese troop/naval buildups
  • 2 US carrier groups en route to area
  • Heavy Chinese missile attacks on Taiwanese AF
    bases to suppress air resistance
  • Chinese invasion force sets across straits
  • Establishes beachhead
  • US aircraft inflict substantial damage on
    operation
  • Small US marine expeditionary force flies to
    Taiwan to help reinforce.
  • US involvement can make the difference between
    success and failure for China.

8
Chinese Grand Strategy
  • Inflict enough pain on US to make us go away, so
    they can
  • Reintegrate Taiwan without interference
  • NB China and US both have credible strategic
    nuclear deterrent
  • So neither side can use nuclear weapons except as
    a last resort.

9
Chinese Grand Strategy (II)
  • Suppose for purpose of this exercise
  • They launch a large scale cyberattack on US
    homeland.
  • Opens a North American theater to war
  • In addition to south-east Asian Theater
  • They can only do via cyber-means
  • Goal is to make the war intolerable to us
  • Our choices are nuclear exchange
  • Invade China
  • Counter with cyberattacks on China
  • Give up on Taiwan
  • Last is much the cheapest and most practical
    solution

10
Chinese Theater Strategy
  • Stop two critical infrastructures functioning
  • For a period of weeks
  • They pick
  • Electric power
  • Oil refining and gasoline/diesel distribution
  • US economy pretty much stops without these
  • 2.5 of US population involved in agriculture
  • Food production completely dependent on
    automation/energy.
  • 75 of Chinese population involved in agriculture
  • Food production unaffected by lack of
    oil/electricity

11
Concentration of Force
  • Why doesnt China go after everything?
  • Traditional doctrine of concentration of force
  • Create local huge superiority of forces in favor
    of attackers
  • Win completely at those key points
  • Rest of resistance crumbles
  • If they defeat defense in electric power and oil
    refining/distribution, dont need to win anything
    else
  • Choose both so arent completely dependent on one
    succeeding.

12
Tel El Kebir (1882)
  • Egyptians 23000 under Col Ahmed Arabi
  • 70 field artillery pieces
  • British 17000 under Lieutentant General Sir
    Garnet Wolseley
  • 36 field pieces
  • About 3000 cavalry

13
Tel El Kebir
Egyptians
British
14
Lessons of Tel El Kebir
  • Victory of smaller force
  • Deception
  • Maneuver
  • Surprise
  • Concentration of force
  • All these factors will be critical too
  • Challenge for defense in cyberdomain
  • Defense has to protect all critical
    infrastructures
  • Attackers get to pick 1-2 to throw all their
    resources against.

15
How Many Operations in Theater
  • Have to pick enough companies/organizations
  • That infrastructures cant function except in
    small pockets
  • SWAG O(100) largest energy companies
  • Simultaneous surprise attacks on them
  • Forces required are 100x forces for one
  • Now move down to operational level

16
Is the Vulnerability There?
  • Almost certainly
  • SCADA done over IP/Windows these days
  • Developers not used to a hostile environment
  • Labor in obscurity
  • So just about certain to be plenty of
    vulnerabilities
  • Machinery trusts its control system to look after
    it

Internet
Corporate
Scada
17
Is the Attack Trivial Then?
  • Could a small band of hackers pull this off?
  • No!
  • Huge amounts of obscurity
  • Great diversity in SCADA systems
  • Need vulnerabilities in most of them
  • Lots of testing needed
  • No public community working on this to help
  • Great diversity in deployments
  • Which IP range is power station XYZ?
  • Attackers know none of this ab-initio
  • Either reconnoiter up front
  • Or find out on fly

18
Attacker Information Needs
  • For each of O(100) operational targets, need
  • Fairly detailed map of network/organization
  • What assets are where on network?
  • What software is in use for most critical
    purposes?
  • Brand/version
  • Where defenders are?
  • Where key operational execs are?
  • To have developed vulnerabilities
  • For all key software systems in use
  • Requires being able to get copies of them
  • Pretend to be a customer

19
Advance Reconnaissance Options
  • Insiders
  • Get spies jobs as (preferably) IT staff.
  • Over time, stealthily map network and
    organization
  • Ideally want several in different areas for 1-2
    yrs
  • Gives layer 8 view.
  • Cyber-surveillance
  • Remotely compromise some desktops internally
  • Use them to map network at layer 2-7
  • Capture keystrokes etc
  • Must be stealthy and untraceable
  • No Chinese strings in Trojan
  • Communication path home must be convoluted

20
Cyber Battalion (1 operation)
21
During Attack
  • All major teams must deploy quickly from small
    beachhead
  • Backdoor team (highest priority)
  • Compromises utility systems for other teams to
    use
  • Installs backdoors, remote dial-ups, etc to get
    back in later
  • Owns RAS servers, access routers etc
  • Preferably 100s-1000s of systems so every system
    in enterprise must be thoroughly cleaned
  • Defense Suppression Team
  • DOS, disabling, and destruction of systems used
    by defenders
  • Firewalls, IDSs, desktops and laptops used by
    sysads
  • Offensive operations groups
  • Cripple actual infrastructure assets (turbines,
    pumps, etc, etc)
  • Physical damage where possible,
  • Disable/corrupt control systems
  • Logic bomb group inserts logic bombs in many
    systems and turns them off

22
Balance of Force in operations
  • Attackers 150-1000 attackers
  • Defenders (today)
  • Security group 1-10
  • Network group 10-20
  • End-host sysads 100s-1000s
  • Attackers have
  • surprise,
  • superior organization
  • Defenders
  • know terrain better
  • Have physical access (sort of)
  • Could your organization survive this kind of
    assault?

23
Defense Response (today)
  • Reboot the company
  • Disconnect from network
  • Turn everything off
  • Unplug every phone cable
  • Bring things up and clean and fix them one at a
    time
  • A single Trojan left untouched lets attacker
    repeat the performance
  • Likely to take weeks
  • Cannot have confidence that we fixed all the
    vulnerabilities the attacker knows.

24
Attacker Requirements
  • Discipline, training
  • Hard to get hundreds of people to execute a
    complex plan.
  • Everyone must understand the plan
  • Everyone must be extensively trained on
    tactics/technology so its second nature
  • Must follow plan and replans flawlessly
  • And yet be creative enough to improvise
  • Plan never survives contact with the enemy
  • Fog of War
  • These issues have always been critical in
    military operations
  • And have to repeat this for O(100) simultaneous
    operations

25
Crecy (1346)
  • French 60,000 under Phillip VI
  • 15000 armored knights
  • 8000 Genoese Crossbowmen
  • English 11,000 under Edward III
  • 6000 longbowmen

26
Crecy
Stream
English
Crecy Forest
French
27
Lessons of Crecy
  • Victory of vastly smaller force
  • Technology (longbow)
  • Tactics
  • Ranks of longbowmen behind stakes
  • Fight on defensive
  • Training (indenture)
  • Organization (single military command)
  • Discipline (extensive experience)
  • All these factors will be critical in cyberwar

28
Total Chinese Effort Required
  • Force of about 50,000 attackers
  • Strong shared culture of how to fight
  • Disciplined and trained
  • Detailed planning
  • Takes 10 years to develop this institution
  • Maybe 3 years as all-out effort during a war
  • Strong visionary leadership required
  • Hard to do with no in-anger experience
  • Internal war-gaming only
  • Would much prefer a Spain, but reveals
    capability

29
Cyberwar Myths (I)
  • Small teams can do enormous damage
  • Best hope of a small team is O(10b) in worm
    damage
  • Cannot target anything other than commonly
    available systems
  • Cannot manage broad testing of attacks
  • Only penetrate lt10 of enterprise systems
  • Cannot seriously disrupt the economy
  • Takes large sophisticated institution to cause
    serious economic disruption
  • Only nation states can play at this level

30
Cyberwar Myths (II)
  • Attacks in cyberspace can be anonymous
  • True at micro-scale of individual technological
    attack
  • Not true at macro-scale
  • Will be completely clear in grand strategic
    context who is conducting attack
  • Will be very large amounts of control traffic
    that will be hard to miss
  • 50,000 Chinese all doing something in US will get
    noticed
  • Attacker will generally want to be known

31
Cyberwar Myths (III)
  • Cyberspace erases distance
  • Mobility is more like land/sea than air
  • Contrast to other thinkers
  • Battlefield is all information/knowledge
  • Expertise on disabling power turbines
  • Takes years to acquire
  • Is not instantly transferrable to, say, crippling
    banks transactional systems
  • Similarly defenders need deep understanding of
    the networks they defend.
  • First day on new network, will be pretty useless
  • True for attackers and defenders

32
Defensive Implications
  • The networks of critical organizations will need
    to be run as a military defense at all times.
  • Constant alertness
  • Well staffed
  • Regular defensive drills
  • Standing arrangements for reinforcement under
    attack
  • Extensive technological fortification
  • Excellent personnel and information security

33
Hygiene
  • Patches, AV, external firewalls etc
  • Failsafe design of critical machinery
  • Not just idiot-proof but enemy-proof
  • All critical, but
  • There will still be a way in
  • There will still be vulnerabilities
  • Current paradigm will be inadequate

34
Preventing reconnaissance
  • An attacker who can develop a detailed
    well-informed plan at leisure will win.
  • Personnel security
  • Background checks for power company staff should
    be
  • Comparable to security clearances for
    military/intel
  • Prevent scans
  • Critical information is on a need-to-know basis
  • (Turbine manuals are not on internal web)
  • Extensive internal deception/honeynet efforts
  • Reconnaissance will find all kinds of bogus
    things
  • Force attack to be extemporized.

35
Segmentation
  • Network must be internally subdivided
  • Contain worms
  • Loss of some systems does not lead to loss of
    everything
  • Networks within network within networks
  • Critical resources must be proxied everywhere
  • (not DOSable)
  • Network must give highly deceptive appearance
  • Subdivisions small!

36
Recovery
  • Software damage
  • Integrity checkers
  • Backup/rollback systems
  • Hardware damage
  • Supply of spares and spare parts
  • Distributed appropriately
  • Military logistics approach

37
Cyberwar defense system
  • Must exist throughout network
  • Enforce segmentation
  • Quantitative resistance to worms/DDOS/etc
  • Provide deceptive view of anything IP is not
    allowed to see
  • Proxy critical resources
  • Facilitate recovery
  • Allow management of all this
  • Allow for defensive extemporization

38
Implications
  • Defending nation in cyberspace is a military
    problem.
  • Will require militarizing critical
    infrastructures.
  • Will require new paradigms and tools
  • Critical infrastructure is in private hands.
  • Huge tension - not a good outcome for civil
    society
  • Deeply ironic that this is result of network
    promoting openness
  • Luttwaks Paradoxical logic of strategy
Write a Comment
User Comments (0)
About PowerShow.com