Embed Size (px)
Citation preview
SNDC/CATS 0802 LN
Presentation at the Symposium “Threats from the Net”Presentation at the Symposium “Threats from the Net”
New asymmetric threats in modern New asymmetric threats in modern information societiesinformation societies
TallinnTallinnFebruary 29, 2008February 29, 2008
Dir. Lars D. Nicander, Center for Asymmetric Threat Studies, Swedish National Defence College
Terrorism Studies
Dr. MagnusDr. MagnusRanstorpRanstorp
IO Studies
Dr. Dan KuehlDr. Dan Kuehl
Intelligence Studies
Dr. Greg Dr. Greg TrevertonTreverton (+ Wilhelm (+ Wilhelm Agrell)Agrell)
Asymmetric ThreatsAsymmetric Threats
SynergySynergy
SNDC/CATS 0802 LN
The Swedish Concept of IO*The Swedish Concept of IO*Information operations are joint and coordinated measures in peace, crises and war Information operations are joint and coordinated measures in peace, crises and war in support of political or military goals by affecting or using information and in support of political or military goals by affecting or using information and information systems owned by the opponents or other foreign parties. This can be information systems owned by the opponents or other foreign parties. This can be done by using own information and information systems, which also at the same done by using own information and information systems, which also at the same time must be protected. One important feature is to affect the processing of time must be protected. One important feature is to affect the processing of decisions and decision making.decisions and decision making.
There are both offensive and defensive information operations, which are carried There are both offensive and defensive information operations, which are carried out in political, out in political, economiceconomic and military relations. Examples of information and military relations. Examples of information operations are information warfare, media manipulation, psychological warfare operations are information warfare, media manipulation, psychological warfare and intelligence operations.and intelligence operations.
Defensive information operations are joint and coordinated measures in peace, Defensive information operations are joint and coordinated measures in peace, crises and war regarding policy, operations, personnel and technology to protect crises and war regarding policy, operations, personnel and technology to protect and defend information, information systems and the ability for rational decision and defend information, information systems and the ability for rational decision making. making.
*MoTIC-bill 99/00:86MoTIC-bill 99/00:86
SNDC/CATS 0802 LN
Strategic/Economic Environment
IO/IW SynergyIO/IW Synergy
Information Systems,Infosec
Information,IntelligencePerceptions
JointOperations
IO/IW
SNDC/CATS 0802 LN
TaxonomyTaxonomy
Defensive Information Operations (IO-D)/Defensive Information Warfare (IW-D)
Critical Infrastructure Protection
Information Assurance
SNDC/CATS 0802 LN
The Asymmetric CharacterThe Asymmetric Character
Coalitions
Nations
Organisations
Individuals
Coalitions
Nations
Organisations
Individuals
Classes
III
II
I
SNDC/CATS 0802 LN
The DilemmasThe Dilemmas
Anonymous attacksAnonymous attacks– How to detect an attack?How to detect an attack?– Who is at the other end? Who is at the other end?
» A teenage hacker? A teenage hacker?
» A corporation/organisation?A corporation/organisation?
» A nation?A nation?
» Mix of these?Mix of these?
What is an Act of War in Cyberspace?What is an Act of War in Cyberspace?
SNDC/CATS 0802 LN
Information/CyberterrorismInformation/Cyberterrorism
SNDC/CATS 0802 LN
Continuity of gov.(incl. media comm.)PowerTelecom/ISPFinancial systemsATC
CIIPCritical Information
Infrastructure Protection
SNDC/CATS 0802 LN
Home Made Home Made HERF/EMP HERF/EMP DeviceDevice
20MWatts20MWatts30m Soft Kill 30m Soft Kill RangeRange
SNDC/CATS 0802 LN
Cyber/Information TerrorismCyber/Information Terrorism
Aum Shinryko Aum Shinryko E-Jihad 2000-2001E-Jihad 2000-2001 Arrest of an AQ-hacker in USArrest of an AQ-hacker in US Al-Qaida IPB vs CaliforniaAl-Qaida IPB vs California ATC – Boston and SchipolATC – Boston and Schipol
– Proliferation of DEW-weapons?Proliferation of DEW-weapons?
SNDC/CATS 0802 LN
Physical DigitalTarget
Tool
Physical
EM(DEW+ digital)
(a) Conventional Terrorism(Oklahoma City Bombing)
(b) IRA attack plan on London Power Grids, July 1996
(c) Spoof (or HPM) Air Traffic Control to crash plane
(d) “Pure” Cyber Terrorism (Trojan horse in public switched networks)
Infrastructure ThreatMatrix
Critical Infrastructure Threat Critical Infrastructure Threat MatrixMatrix
Cell (d) the most difficult to detect and counter
SNDC/CATS 0802 LN
A scenarioA scenario
Airbus over Schipol or LAXAirbus over Schipol or LAX DEW or ”can-bomb”DEW or ”can-bomb” TV-camera or ”celluar-camera”TV-camera or ”celluar-camera”
9/11-effect…!9/11-effect…!
SNDC/CATS 0802 LN
The International ContextThe International Context
SNDC/CATS 0802 LN
Three ChallengesThree Challenges
Management issues (”bending pipes”)
InternationalCo-operation,Regimes etc
Internationallaw (”use of force”) etc
Domestic tasks
International tasks
SNDC/CATS 0802 LN
Some examplesSome examples
Conflict between East Timor and Indonesia in the Conflict between East Timor and Indonesia in the end of 1997-99end of 1997-99– The website (the ”.tp”-domain) of the East Timor The website (the ”.tp”-domain) of the East Timor
independence movement located in Ireland was ”shot independence movement located in Ireland was ”shot down” 990119. Indonesian Intelligence service down” 990119. Indonesian Intelligence service suspected.suspected.
““e-Jihad” 2000-2001e-Jihad” 2000-2001– Attack on the Israeli Land Register Authority routed Attack on the Israeli Land Register Authority routed
over Berlin and Londonover Berlin and London Estonia Spring 2007Estonia Spring 2007 Who´s law applies?Who´s law applies? What are the ROE`s for governments and LEA?What are the ROE`s for governments and LEA?
SNDC/CATS 0802 LN
Collective Security in Collective Security in CyberspaceCyberspace
There are no borders in Cyberspace!There are no borders in Cyberspace! A cyber-intrusion could be routed from country A A cyber-intrusion could be routed from country A
through country B, C and D before it ends up in through country B, C and D before it ends up in country E. country E.
How can we trace back these intrusions?How can we trace back these intrusions?– Today: International Law Enforcement or private Today: International Law Enforcement or private
initiatives (FIRST etc)initiatives (FIRST etc)
– Tomorrow: ”Fishwebs” between national CERT:s for Tomorrow: ”Fishwebs” between national CERT:s for tracing intrusions back in real time?tracing intrusions back in real time?
SNDC/CATS 0802 LN
Country XCountry E
Country C Country D
Country A Country B
Country Y
Country Z
Building “fishwebs” in CyberspaceBuilding “fishwebs” in Cyberspace
UN, ITU etc
SNDC/CATS 0802 LN
How to get an IA outreach? How to get an IA outreach?
Closed technical and other arrangements Closed technical and other arrangements (Five-eyes etc) has limited relevance when (Five-eyes etc) has limited relevance when IT-attacks could pass through 192 countriesIT-attacks could pass through 192 countries
Global approach needed Global approach needed – How to deny “safe havens”?How to deny “safe havens”?– What kind of incentives (“sticks and carrots”)? What kind of incentives (“sticks and carrots”)? – Could the Stanford Treaty be a model?Could the Stanford Treaty be a model?
SNDC/CATS 0802 LN
Three ChallengesThree Challenges
Management issues (”bending pipes”)
InternationalCo-operation,Regimes etc
Internationallaw (”use of force”) etc
Domestic tasks
International tasks
SNDC/CATS 0802 LN
Conclusions of the Estonian case for Conclusions of the Estonian case for Crisis ManagementCrisis Management
Enhancement of the security policy toolbox?Enhancement of the security policy toolbox?– A state actor (with big resources) can act through cyber attacks A state actor (with big resources) can act through cyber attacks andand
still conceal it's involvement. still conceal it's involvement. Cyber attacks can be used in several ways:Cyber attacks can be used in several ways:
– As an add-on to economic sanctions or other non-miltary means of As an add-on to economic sanctions or other non-miltary means of power projection (The Estonia Case) power projection (The Estonia Case)
– As a force multiplier (taking out emergency systems after bomb As a force multiplier (taking out emergency systems after bomb attacks)attacks)
To improve preparedness and contingency planning in this To improve preparedness and contingency planning in this area there is a need for:area there is a need for:– Operational experienceOperational experience (More of Red Team exercises to detect (More of Red Team exercises to detect
critical vulnerabilities i societal networks, a GovCERT working 24/7 critical vulnerabilities i societal networks, a GovCERT working 24/7 etc)etc)
– Cooperation – between agencies, private-public and internationalCooperation – between agencies, private-public and international
SNDC/CATS 0802 LN
Swedish IO and International Law*
The use of cyber-weapons to attack information systems does not constitute violence in terms of international law but it may nevertheless contravene international law. At the same time it should be possible to make use of such weapons within the provision of the UN Charter (Article 41) – given an appropriate UN Resolution and consequent legal mandate – in order to uphold sanctions or for other conflict prevention measures even though this has hitherto not happened. A more flexible arsenal of non-violent measures of this type would be in line with traditional Swedish policy in this field.
Another legal question is how, using measures permitted under international law, it is possible to bring to book, for example, terrorists who make use of such weapons. An international review of the provision of international law would be of interest to Sweden, with regard both to cyber-attacks perpetrated by states or individuals and to the possibility of using such a weapon as an instrument of sanction enforcement.
*Parliament Decision 1999 (99/00:30)
SNDC/CATS 0802 LN
ConclusionConclusion
Areas of international co-operationAreas of international co-operation Doctrines concerning use of IO/IW under Doctrines concerning use of IO/IW under
UN or other international legal auspices UN or other international legal auspices (international operations, upholding (international operations, upholding sanctions etc.) sanctions etc.)
Principles of building Regimes for Principles of building Regimes for defensive actions taken in Cyberspace defensive actions taken in Cyberspace (tracing, counterhacking etc.) (tracing, counterhacking etc.)
SNDC/CATS 0802 LN
Q&A
www.fhs.se/cats
