Cyberwarfare Information Operations Chapter 1 PDF
Document Details
Uploaded by PromisedBlue
2023
Mike Chapple, David Seidl
Tags
Summary
This is a chapter about cyberwarfare and information operations as a military asset. It describes the importance of information and how warfare has evolved historically. It also gives examples of cyber warfare techniques and incidents, like the Stuxnet Malware and the NotPetya Ransomware Attack.
Full Transcript
CHAPTER 1 Information as a Military Asset Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com. Learning Objective(s) and Key Concepts ▪ Learning Objective(s) ▪ Key Concepts ▪ Explain the importance of...
CHAPTER 1 Information as a Military Asset Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com. Learning Objective(s) and Key Concepts ▪ Learning Objective(s) ▪ Key Concepts ▪ Explain the importance of ▪ Description of cyberwarfare Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com information as a military asset. ▪ How warfare has evolved over the course of history ▪ The role of information in warfare ▪ The domains of warfare including the cyber domain ▪ The techniques of information operations NOTE: Many cyberwarfare attacks and results against US and other countries is not readily available information because much of this information is classified What Is Cyberwarfare? ▪ The combination of activities designed to participate in cyberattacks and cyberespionage, on either side of the attack to ultimately wreak havoc on Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com government and civilian infrastructure and disrupt critical systems, resulting in damage to the state and even loss of life. ▪ Cyberattack: Nonkinetic, offensive operations intended to cause some form of physical or electronic damage ▪ Cyberespionage: Intrusions onto computer systems and networks designed to steal sensitive information that may be used for military, political, or economic gain ▪ Includes a wide range of activities that use information systems as weapons against an opposing force ▪ Threat assessment by the United States Director of National Intelligence (DNI) considers cyberthreat to be a major threat to national security over the coming years. ▪ Cyber Espionage - Cyber espionage, where sensitive information Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com is covertly gathered; ▪ Cyber Sabotage - Cyber sabotage involves deliberate disruption or destruction of digital systems; ▪ Cyber Influence Operations - Cyber influence operations, which aim to manipulate public opinion or political processes; and ▪ Cyber Attacks on Critical Infrastructure - Cyber attacks on critical infrastructure, such as power grids or communication networks, can have far- reaching economic and societal consequences. Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com ▪ What are some examples of Cyberwarfare? ▪ Stuxnet Malware - Examples of cyber warfare include the Stuxnet malware, a sophisticated cyber weapon allegedly developed by nation-states to target Iran’s nuclear facilities. ▪ Fancy Bear - Another notable case is the Russian cyber espionage group Fancy Bear, believed to have orchestrated attacks on various countries for political influence. ▪ NotPetya Ransomware Attack - The NotPetya ransomware attack, widely attributed to Russia, disrupted critical infrastructure and caused significant financial losses. ▪ Wannacry Ransomware Attack - Additionally, the WannaCry ransomware attack, attributed to North Korea, affected organizations worldwide. ▪ These incidents demonstrate the diverse range of cyber warfare tactics used by state and non-state actors to achieve geopolitical, economic, or strategic objectives through digital means. ▪ What is Nation-State Attack? - A nation-state attack, also known as a state-sponsored attack, refers to a cyber operation carried out by a government or its intelligence agencies against another nation, organization, or entity. These attacks involve significant resources, and advanced tactics, and often have strategic or geopolitical motivations. Nation-state attacks can target various sectors, including critical infrastructure, military systems, government agencies, businesses, and even individuals. Such attacks can involve espionage, data theft, disruption of services, or even attempts to influence political or economic landscapes. Nation-state attacks highlight the complex interplay of cybersecurity, international relations, and national security in the digital age. Likelihood of Cyberwarfare ▪ Large-scale catastrophic cyberattacks unlikely in the short term ▪ Smaller-scale cyberattacks occur frequently Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com ▪ Few groups possess ability to wage sophisticated, sustained cyberwarfare ▪ Governments of the United States, China, Iran, North Korea, Israel, and Russia ▪ Cyberespionage is likely and is happening on a large scale every day Likelihood of Cyberwarfare (Cont.) ▪ Many cyberattacks not traceable back to a national government, rather are the Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com work of nonstate actors ▪ Individuals and groups may be extremely motivated to conduct hostile actions to advance their agendas. ▪ Most lack sophistication and technical capability to conduct a sustained cyberwar ▪ Still pose the threat of causing significant damage against a limited scope of targets Cyberwarfare Terminology ▪ Information operations ▪ Actions taken to affect an adversary’s information and information systems while Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com defending your own information and information systems ▪ Includes cyberwarfare activities, such as cyberattacks and cyberespionage ▪ Includes activities, such as psychological operations and military deception, that are not included in cyberwarfare ▪ Information warfare ▪ Information operations conducted during a time of crisis or to achieve specific objectives ASCE 2021 Infrastructure Report Card for the USA and other information ▪ The American Society of Civil Engineers unveiled their 2021 Report Card for America’s Infrastructure on Wednesday, March 3. The nation earned a ‘C-’, up Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com from 2017’s cumulative GPA of ‘D+’. (Reviews are done every 4 years) ▪ https://infrastructurereportcard.org/ ▪ https://www.rand.org/pubs/research_reports/RRA1190-1.html ▪ https://www.dhs.gov/topics/cybersecurity ▪ https://www.whitehouse.gov/briefing-room/statements-releases/2021/07/19/the- united-states-joined-by-allies-and-partners-attributes-malicious-cyber-activity- and-irresponsible-state-behavior-to-the-peoples-republic-of-china/ https://infrastructurereportcard.org/asce-2021-infrastructure- report-card-gives-u-s-c-grade/ The Evolving Nature of War ▪ In 2010, a nuclear enrichment facility in Natanz, Iran, suffered critical problems Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com that caused significant damage to centrifuges critical to the uranium-enrichment process. ▪ Linked to a computer worm known as Stuxnet ▪ Before Stuxnet, the use of computers as weapons was not a mainstream military tactic. ▪ The attack on Natanz marked a bridging of the world of cyberwarfare and conventional warfare. The Role of Information in Armed Conflict ▪ Ancient warfare Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com ▪ World wars ▪ Cold War ▪ Iraq War and weapons of mass destruction Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com The Enigma Machine Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com A U.S. Navy Bombe Machine U.S. Cyber Command (USCYBERCOM) ▪ Per the DoD, USCYBERCOM is required to achieve the following strategic imperatives ▪ Achieve and maintain overmatch of adversary capabilities. Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com ▪ Create cyberspace advantages to enhance operations in all domains. ▪ Create information advantages to support operational outcomes and achieve strategic impact. ▪ Operationalize the battlespace for agile and responsive maneuver. ▪ Expand, deepen, and operationalize partnerships. Exploring the Cyber Domain ▪ Cyber is a domain of warfare; includes: ▪ Offensive information operations: Actions taken to deny, exploit, corrupt, or destroy Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com an adversary’s information or information functions ▪ Defensive information operations: Actions taken to protect your own information and information systems from an adversary’s attempt to deny, exploit, corrupt, or destroy them Offensive Information Operations Objectives ▪ Deny Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com ▪ Adversary’s access to his or her own information or information systems ▪ Exploit ▪ Sensitive information belonging to an adversary for your own military advantage ▪ Corrupt ▪ Information in an adversary’s possession ▪ Destroy ▪ Information or information systems an adversary relies on Defensive Information Operations ▪ Military must defend cyber domain as they would any other domain. Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com ▪ Requires investing in military and civilian personnel with the skills required to operate in the cyber domain and equipping them with the tools necessary to meet their mission ▪ Military and civilian lines are blurred; requires partnerships between government and private sector ▪ Also requires international cooperation between allied countries Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Information Operations Techniques Cyber Warfare: What To Expect in 2022 and beyond ▪ Distributed Denial of Service (DDoS) Attacks Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com ▪ Ransomware Gangs – moving from individual to companies with higher ransom ▪ The Growth of Cryptocurrency - preferred payment method for ransomware attacks and “hacking for hire” businesses ▪ Stolen crypto wallets: In August 2021, hackers stole $600m in the biggest hack ever in the decentralized finance space ▪ Weaponized Operational Technology (OT) Environments - weaponize operational technology (OT) environments to harm or kill humans ▪ Hackers can already shut down critical hardware or software to lock people out of programs and assets or render vital services unusable ▪ Hospital being shut down due to ransomware attacks and not being able to provide medical care for the sick ▪ Deepfake Technology - edited production containing images, video, audio and text content that makes it appear someone has said or done something they never actually said or did https://securityintelligence.com/articles/cyber-warfare-what- to-expect-2022/ Information Operations Techniques (Cont.) ▪ Computer network attack: Actions taken via computer networks to Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com disrupt, deny, degrade, or destroy an adversary's information or information systems ▪ Computer network defense: Activities designed to protect, monitor, analyze, detect, and respond to unauthorized activity ▪ Intelligence gathering: Efforts to gather information about an adversary’s capabilities, plans, and actions ▪ Electronic warfare: All military actions designed to use electromagnetic or directed energy to control the electromagnetic spectrum or attack the enemy Information Operations Techniques (Cont.) ▪ Psychological operations (PSYOPs): Military operations planned to convey Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com selected information and indicators to foreign governments, organizations, groups, and individuals to influence their emotions, motives, objective reasoning, and behavior ▪ Military deception: Actions designed to mislead adversary forces about the operational capabilities, plans, and actions of friendly forces ▪ Operations security: Activities designed to deny an adversary access to information about friendly forces that would reveal capabilities, plans, or actions Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com Operations Security Process Operations Security Process (Cont.) ▪ Identification of critical information: Identify essential information elements that Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com would be valuable to the enemy and cause harm if disclosed ▪ Threat analysis ▪ Who is the adversary? ▪ What are the adversary’s goals? ▪ What is the adversary’s likely course of action? ▪ What critical information does the adversary already know? ▪ What are the adversary’s intelligence-gathering capabilities? ▪ Who will share information with the adversary? Operations Security Process (Cont.) ▪ Vulnerability analysis ▪ Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com What indicators or critical information will be created by friendly activities? ▪ Which of those indicators can the adversary actually collect? ▪ What indicators can the adversary actually collect? ▪ What indicators will the adversary be able to use to the disadvantage of friendly forces? ▪ Will the use of OPSEC countermeasures actually tip the adversary off to more critical information? Operations Security Process (Cont.) ▪ Risk assessment Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com ▪ Analyze vulnerabilities identified during the vulnerability assessment and identify possible OPSEC countermeasures for each ▪ Estimate cost of implementing each OPSEC countermeasure (in terms of time, cost, and impact on operations) and compare it with any harmful effects that would result if an adversary exploits the vulnerability ▪ Select OPSEC countermeasures for execution ▪ Countermeasure implementation ▪ Minimize predictability from previous operations ▪ Identify indicators that may tip the adversary off to the OPSEC activities ▪ Conceal indicators of key capabilities and military objectives ▪ Counter vulnerabilities in mission processes and technologies Summary ▪ Description of cyberwarfare Copyright © 2023 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com ▪ How warfare has evolved over the course of history ▪ The role of information in warfare ▪ The domains of warfare including the cyber domain ▪ The techniques of information operations