Embed Size (px)
DESCRIPTION
What is the difference between a hacking attack and a cyberwar attack? What do current militaries consider an attack vs. exploitation or just «normal operations»? Kevin will present an overview on the cyber warfare topic and the current understanding of Advanced Persistent Threats in the context of cyber defense. Referent: Kevin Kirst
Citation preview
Cyber Security Services
www.pwc.com
Cyber Warfare Realities
Kevin KirstPwC Switzerland
Agenda
• Background
• Cyber Warfare
• National Cyber Investments
• The Components
PwC
• Recent Activity
• Why hasn’t it happened yet?
2One Security
My Background
US Military Officer (Pacific Area of Operations)
• Comms & IT Infrastructure
• Military Satellites
• Cyber Operations
PwC
KPMG
• DoD Consulting
Booz Allen Hamilton
• DoD Cyber Threat Intelligence & Operations
PwC Switzerland
• OneSecurity – Cyber Security
One Security3
Oktober 2012
Background
“The use of electronic means makes it possible to steal large quantitiesof data at once or within a short time. Such cases of sophisticatedelectronic espionage are regularly recorded.”
-Federal Intelligence Services Switzerland 2013
PwC
“The FIS has clear indications that the authorities of various countrieshave been directly or indirectly involved in cyber attacks.”
-Federal Intelligence Services Switzerland 2013
One Security4
Federal Intelligence Services 2013
PwCOne Security
5
Cyber Threats
What is cyber warfare?
PwCOne Security
6Oktober 2012
Who is investing in Cyber?
PwCOne Security
7
China
PwCOne Security
8
APT1: Unit 61398 (2013)
PwCOne Security
9
Cyber Warfare components
Computer Network Operations (CNO)
• Computer Network Exploitation (CNE)
• Computer Network Defense (CND)
• Computer Network Attack (CNA)
PwCOne Security
10
Exploit to Attack?
“Any cyber operation that results in death or significant damage toproperty qualifies as an armed attack.” –Talinn Manual
The Tallinn Manual
• States may not knowingly allow cyber infrastructure located intheir territory to be used for acts that adversely affect other States.
• States may be responsible for cyber operations directed against otherStates, even though those operations were not conducted by thesecurity agencies. (i.e. hacktivist)
PwC
• The International Group of Experts agreed that cyber operations thatmerely cause inconvenience or irritation do not qualify as usesof force.
• States may respond to unlawful cyber operations that do not rise tothe level of a use of force with countermeasures.
• A State that is the victim of a cyber “armed attack” may respond byusing force. The force may be either cyber or kinetic.
One Security11
Oktober 2012
Activity Quick Look
Recent Activity:
PwCOne Security
12
Why hasn’t it happened yet?
PwCOne Security
13Oktober 2012
Obfuscation
Definitions
Attribution
Confidence
These are easier to respond too….and to use
PwCOne Security
14Oktober 2012
Obfuscation Definitions
Attribution Confidence
Conclusion
“....the risk of misattribution and escalation is real, and we always haveto consider the broad foreign policy implications of our actions.”
- Michael Daniel, White House Cybersecurity Coordinator
PwCOne Security
15
Questions?
PwCOne Security
16
PwC’s Cyber Security Services
Current Service Offerings:
• Cyber Threat Assessment
• Cyber Intelligence Assessment
PwC
• Cyber Stress Tests
17
Antoine Berthaut
Avenue Giuseppe-Motta 50
1211 Genève
Direct: +41 58 792 [email protected]
Contact us
Robert Metcalf
Avenue Giuseppe-Motta 50
1211 Genève
Direct: +41 58 792 9242
PwC
Thomas Koch
Birchstrasse 160Postfach, 8050 Zürich
Direct: +41 58 792 2954
Holger Greif
Birchstrasse 160Postfach, 8050 Zürich
Direct: +41 58 792 1386
18Gianfranco Mautone
Birchstrasse 160Postfach, 8050 ZürichDirect: +41 58 792 1760
Juergen Mueller
Avenue avenue C.-F. -Ramuz 45Case postale, 1001 Lausanne
Direct: +41 58 792 8141
