Writing the Rules of Cyberwar Karl Rauscher IEEE Spectrum
December 2013 IS 376 November 11, 2014
Slide 3
Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 2
Just War Doctrine Jus Ad Bellum - The Right To Go To War One of the
first recorded discussions of the concept of a just war was in the
Mahabharata, the Indian epic narrative of the mythological
Kurukshetra War. There must be a just cause for declaring war There
must be comparative justice on the declarers side There must be a
just cause for declaring war There must be comparative justice on
the declarers side Only a competent authority may wage war (no
dictators) There must be a just cause for declaring war There must
be comparative justice on the declarers side Only a competent
authority may wage war (no dictators) Force may be used only with
right intention (w/o ulterior motivations) There must be a just
cause for declaring war There must be comparative justice on the
declarers side Only a competent authority may wage war (no
dictators) Force may be used only with right intention (w/o
ulterior motivations) The probability of success must be reasonably
high There must be a just cause for declaring war There must be
comparative justice on the declarers side Only a competent
authority may wage war (no dictators) Force may be used only with
right intention (w/o ulterior motivations) The probability of
success must be reasonably high War is a last resort after peaceful
options are exhausted There must be a just cause for declaring war
There must be comparative justice on the declarers side Only a
competent authority may wage war (no dictators) Force may be used
only with right intention (w/o ulterior motivations) The
probability of success must be reasonably high War is a last resort
after peaceful options are exhausted There must be proportionality
between benefits and harms
Slide 4
There is a distinction between combatants and non-combatants
who are caught in circumstances they did not create There should be
proportionality between the damage caused by an attack and the
advantage anticipated as a result of the attack There is a
distinction between combatants and non-combatants who are caught in
circumstances they did not create There should be proportionality
between the damage caused by an attack and the advantage
anticipated as a result of the attack Attacks should only occur out
of military necessity, limiting excessive destruction There is a
distinction between combatants and non-combatants who are caught in
circumstances they did not create There should be proportionality
between the damage caused by an attack and the advantage
anticipated as a result of the attack Attacks should only occur out
of military necessity, limiting excessive destruction Prisoners of
war no longer posing threats should receive fair treatment There is
a distinction between combatants and non-combatants who are caught
in circumstances they did not create There should be
proportionality between the damage caused by an attack and the
advantage anticipated as a result of the attack Attacks should only
occur out of military necessity, limiting excessive destruction
Prisoners of war no longer posing threats should receive fair
treatment Inherently evil means of warfare (e.g., mass rape, using
weapons whose effects are uncontrollable, forcing prisoners to
fight against their own side) are forbidden Writing the Rules of
Cyberwar IS 376 November 11, 2014 Page 3 Just War Doctrine Jus In
Bello Right Conduct In War
Slide 5
Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 4
The Geneva Conventions After witnessing the horrors of war, the
Swiss businessman Henry Dunant (1828-1910), proposed: The
establishment of a permanent relief agency for humanitarian aid in
times of war, and An international treaty recognizing the agencys
neutrality and letting it provide aid in a war zone The former led
to the establishment of the Red Cross, while the latter led to the
Geneva Conventions. 1864 The Geneva Convention for the Amelioration
of the Condition of the Wounded and Sick in Armed Forces in the
Field 1906 The Geneva Convention for the Amelioration of the
Condition of the Wounded, Sick, and Shipwrecked Members of Armed
Forces at Sea 1929 The Geneva Convention relative to the Treatment
of Prisoners of War 1949 The Geneva Convention relative to the
Protection of Civilian Persons in Time of War 1899 The Hague
Convention for the Pacific Settlement of International Disputes and
with respect to the Laws and Customs of War on Land 1907 The Hague
Convention regarding the Rights and Duties of Neutral Powers During
War, Prohibiting the Discharge of Projectiles and Explosives from
Balloons, Etc. Dunant was awarded the first Nobel Peace Prize in
1901.
Slide 6
Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 5
Cyberwar
Slide 7
Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 6
Stuxnet Invasion! Stuxnet enters a system via a USB stick and
proceeds to infect all machines running Windows. By using a phony
digital certificate that seems to indicate it came from a
legitimate source, the worm is able to circumvent automated defense
systems. Stuxnet then checks whether a given machine is part of the
target industrial control system made by Siemens. Such systems are
used in Iran to run high-speed centrifuges for nuclear fuel
enrichment. If it is a target machine, Stuxnet tries to access the
Internet and download the latest version of itself. Otherwise, it
does nothing.
Slide 8
Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 7
Stuxnet Sabotage! The worm compromises the target systems logic
controllers. It exploits software weaknesses that have never been
identified by security experts. At first, Stuxnet spies on the
operation of the targeted system Later, it uses the gathered
information to take control of the centrifuges and make them spin
themselves to failure. False feedback is provided to outside
controllers This ensures that they wont know that something is
wrong until its too late.
Slide 9
Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 8
Quantum Dawn 2 In July 2013, numerous financial institutions and
associations worked with various federal contributors (DoT, SEC,
DoHS, FBI) to conduct a simulated cyber-attack on the financial
sector. 1.Creation of an automatic sell-off in target stocks by
using stolen administrator accounts 2.Introduction of malicious
counterfeit telecommunication equipment to divert attention and
slow the investigation into the automatic sell-off 3.Substantiation
of the price drop by issuing fraudulent press releases on target
stocks 4.Disruption of governmental websites and services through a
distributed denial of service (DDOS) attack 5.Corruption of the
source code of a financial application widely used in the equities
market 6.Degradation of the credibility of an industry group by
sending a phishing email to harvest user names and passwords and
submitting false information on the attack 7.Disruption of
technology service by unleashing a custom virus with the goal of
degrading post-trade processing Resulting Recommendations Better
sharing of information between industry and government Clearer
decision-making process on when to open and close markets
Slide 10
Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 9
Dragonfly Of particular concern is the potential for cyberattacks
against the energy grid, as demonstrated in June 2014, when DoHS
issued an alert concerning Dragonfly, a group of attackers whose
campaign against American and European energy firms included...
Sending malware in spear-phishing emails to personnel in target
firms. Watering hole attacks compromising websites likely to be
visited by those working in energy in order to redirect them to
websites hosting an exploit kit that delivered malware to the
victims computer. Trojanizing legitimate software bundles belonging
to three different industrial control system (ICS) equipment
manufacturers. Evidence suggests that Dragonfly is state-sponsored,
originating from Eastern Europe, most likely from Russia.
Slide 11
Writing the Rules of Cyberwar IS 376 November 11, 2014 Page 10
Tallinn Manual In 2009, NATO commissioned an international panel of
legal scholars to interpret international law in the context of
cyberwarfare.