is cyber-offence the new cyber-defence?
DESCRIPTION
honestly, i don't like the 'cyber' hype. oh, well.. the old men prefer that way :-/TRANSCRIPT
Is Cyber-offence the New Cyber-defence?Jim GeovediNational Defence Information Technology Seminar 2010
Background
Cyber-warfare• Government warfare conducted over the Internet.
• Actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption.
• Cyber-warfare is a relatively new type of weaponry with various effects on the target. It doesn't have any limitations of use and can achieve most of the goals set.
3
Cyber-defence• Purely defensive posture poses signi!cant risks.
• If we apply the principle of warfare to the cyber-domain, the defence of the nation is better served by capabilities enabling us to take the "ght to our adversaries, when necessary, to do counter-attack.
• In warfare, the notion of counter-attack is extremely powerful.
4
Cyber-attack• De!nition: e compromise of targets without destruction
or disruption, but rather through covert means, for the purposes of accessing information or modifying it or preparing such access for future use in exploitation or attack.
• A serious cyber-attack is almost unavoidable. It is cheaper and easier for a foreign country or a terrorist group than a physical attack.
• Cyber-attack could result in military response. Attackers or terrorists could gain access to the digital controls for the nation's utilities, power grids, air traffic control systems and power plants.
5
Revenge vs. Justice• In warfare, revenge is appealingly straightforward.
• Treating the whole thing as a military problem is easier than working within the legal system.
• In peacetime, justice in cyberspace can be difficult (and dangerous).
• It can be hard to "gure out who is attacking you, and it can take a long time to make them stop.
• It can be even harder to prove anything in court. Anyone accused of a crime deserves a fair trial.
6
Various Case Histories
In 1982, computer code stolen from a Canadian company by Soviet spies cause a Soviet gas pipeline to explode. e code had been modi"ed by the CIA to include a logic bomb which changed the pump speeds to cause the explosion.
In the 2006 war against Hezbollah, Israel alleges that cyber-warfare was part of the con#ict, where the Israel Defense Force, (IDF) intelligence estimates that several countries in the Middle East used Russian hackers and scientists to operate on their behalf. As a result, Israel has attached growing importance to cyber-tactics, and has become, along with the U.S., France and a couple of other nations, involved in cyber-war planning. Many international high-tech companies are now locating research and development operations in Israel, where local hires are often veterans of the IDF's elite computer units.
In April 2007, Estonia came under cyber attack in the wake of relocation of the Bronze Soldier of Tallinn. e largest part of the attacks were coming from Russia and from official servers of the authorities of Russia. In the attack, ministries, banks, and media were targeted.
On March 28, 2009, a cyber spy network, dubbed GhostNet, using servers mainly based in China has tapped into classi"ed documents from government and private organisations in 103 countries, including the computers of Tibetan exiles, but China denies the claim.
In December 2009 through January 2010, a cyber attack, dubbed Operation Aurora, was launched from China against Google and over 20 other companies. Google said the attacks originated from China and that it would "review the feasibility" of its business operations in China following the incident. According to Google, at least 20 other companies in various sectors had been targeted by the attacks. McAfee spokespersons claim that "this is the highest pro"le attack of its kind that we have seen in recent memory."
In September 2010, Iran was attacked by the Stuxnet worm, thought to speci"cally target its Natanz nuclear enrichment facility. e worm is said to be the most advanced piece of malware ever discovered and signi"cantly increases the pro"le of cyber-warfare.
Cyber-warfare Readiness in Indonesia
Indonesia’s ICT• Indonesia’s Information Communication Technology
(ICT) grow rapidly and enter all sectors of human life.
• Indonesia’s central bank raised its 2011 economic growth forecast to as much as 6.5% from an earlier forecast of as much as 6% as consumer spending accelerates 1.
• Indonesia has adopted ICT as a tool for governance and development. Its national ICT vision: “to bring into reality a modern information society, prosperous and high competitive, with strong supported by ICT”.
1. Novrida Manurung, Indonesia Raises 2011 Economic Growth Forecast to 6%-6.5%. Retrieved on 7 November 2010 from http://www.businessweek.com/news/2010-03-11/indonesia-raises-2011-economic-growth-forecast-to-6-6-5-.html
15
http://www.cablemap.info/
.co.id — 2,042 of which 500 single ip and 1,542 mass defacements
.go.id — 2,932 of which 1,071 single ip and 1,861 mass defacements
.net.id — 83 of which 31 single ip and 52 mass defacements
ere has been a high volume of detections in Asia, and Iran (52.2%), Indonesia (17.4%) and India (11.3%) seem to have been particularly hard hit,
compared to, say, the USA (0.6%), ranked 11th in our statistics.
Defence Strategy & Tactics• Reactive behaviour. It reacts upon with the appropriate
response by increasing the awareness on weakness.
• ere will be always several successful penetrations at the beginning.
• Planned behaviour. Appropriate security planning well thought of and implemented appropriately.
• e plan can’t cover all scenarios.
• Proactive behaviour. Concentrates on identifying and covering its own potential weaknesses.
• Needs highly skilled people and very tight security system in place.
23
Security Aspects• Security is based on 3
aspects: people, process and technology. As process and technology are developed by people, human resources are the key to cyber-security de"nes initiative.
24
Cyber-attack Methodology
25
VulnerabilityExamination IntrusionProfiling
AttackInitiation
CoveringTracks
12 3 4
5
Information Gathering
Intelligence Survey and Scouting
Perimeter Mapping
Asset Identification
Vulnerability Analysis
Exploitation Planning
Exploitation
Propagation
Hackers as National Security Resource
Hacker Motivations
29
MONEY
ENTERTAINMENT
EGO
CAUSE
ENTRANCE TO SOCIAL GROUP
STATUS
Indonesia IT Salary 2008/2009
Local Hacker Community• Kecoak Elektronik
• Hackerlink
• Antihackerlink
• Jasakom
• ECHO
• Binus Hacker
• etc.
32
Conclusion• Government must understand how important computers
are to defending the nation.
• Playing defence is often more difficult than playing offence.
• Computer-savvy patriots are required to defend the country from spies, terrorists, and other criminals.
• e local hacker community is our ally, and we need to pay attention to what they're doing out there.
35