Lecture Materials for the John Wiley

1
Chapter 14 Cyber Warfare An Architecture for
Deterrence

• Lecture Materials for the John Wiley Sons book
• Cyber Security Managing Networks, Conducting
  Tests, and Investigating Intrusions

2
Introduction to Cyber Warfare and Cyber
Deterrence

• Over 120 countries are actively conducting cyber
  operations, primarily espionage
• It is estimated that the Chinese have over
  100,000 activity duty cyber warriors, and over
  independent 80,000 hackers, who often carry out
  mission in the national interest
• As stated in CNCI 10, cyber deterrence is a
  strategy that will deter interference and attack
  in cyberspace and developing appropriate
  responses by both state and non-state actors.

3
Methodology and Assumptions

• Cyber deterrence is a cutting edge research
  problem, a very difficult one, in particular
  because attributing cyber activities is so
  difficult due to the technology
• This research approach considers
• National Security Goals
• Cyber Warfare Laws Treaties
• Strategic Functions
• Solutions Architecture for Cyber Deterrence
• Technical Functions

4
Methodology Assumptions 2
5
Cyber Deterrence Challenges

• Assigning attribution
• Internet technology makes it relatively easy to
  misdirect attribution to other parties
• Unpredictability of cyber attack impacts
• Potential damage due to counter-retaliation
• Nation states, non-state actors, and individuals
  are at a peer level, all capable of waging
  attacks
• No clear legal framework exists

6
Legal and Treaty Assumptions

• Legality of cyber operations should be clarified
  in national and international treaties (allowing
  for non-disclosure)
• Monitoring of suspected remote servers should be
  allowed,and attacked if they are
  non-life-critical, because servers used for
  attack may belong to unaware 3rd parties
• Use of 3rd party servers should be defined
  unlawful according to the laws of war
• International investigations should be enabled

7
Cyber Deterrence Strategy
Used in the book With permission from The RAND
Corporation Libicki 2010
8
Cyber Deterrence Retaliation Probabilities
(Sample)
Used in the book With permission from The RAND
Corporation Libicki 2010
9
Reference Model
10
Attacker Conceptual Architecture
11
Conceptual Application Architecture Rapid
Attribution
12
Conceptual Information Architecture Sample Record

• RECORD 1
• 'IPv4 Address' '173.201.21.161', 'FTP Open on
  Port' '21', 'RDP Open on Port' '3389', 'Ping
  Response''Alive', 'Attack Organization'
  'Aurora', 'Attack Role' 'Control Server'
• RECORD 2
• 'IPv4 Address' '69.164.192.46', 'Ping
  Response''Alive', 'Attack Organization'
  'Aurora', 'Attack Role' 'Control Server'
• RECORD 3
• 'IPv4 Address' '168.95.1.1', 'Ping
  Response''Alive', 'Attack Organization'
  'Aurora', 'Attack Role' 'Control Server'
• RECORD 4
• 'IPv4 Address' '203.69.66.1', 'Ping
  Response''Alive', 'Attack Organization'
  'Aurora', 'Attack Role' 'Control Server

13
Architectural Prototypes

• Bot with Threaded Scanning
• Botnet with Distributed Scanning

Performance Actuals
Performance Projected
14
REVIEW Chapter Summary

• Cyber Security Managing Networks, Conducting
  Tests, and Investigating Intrusions