Presentation on theme: "Cyber Warfare and National

Security."— Presentation transcript:

1 Cyber Warfare and National Security.
IntroductiontoNew MediaCyber Warfare and National Security.Instructor Muhammad
FarrukhLecture 11

2 Cyber Warfare
3 Cyber Security/Warfare
Cyber Warfare is Internet-based conflict involving politically motivated attacks on
information and information systems.Cyber warfare involves the actions by a nation-
state or international organization to attack and attempt to damage another nation's
computers or information networks through, for example, computer viruses or denial-
of-service attacks.

4 Cyber warfare Cyber warfare attacks can

Disable official websites and networksDisrupt or disable essential servicesSteal or
alter classified datacripple financial systems -- among many other possibilities.

5 NEW Wars New ToolsIt has become abundantly clear that the next great frontier of
threats for nation states across the globe exists in the cyber realm. From government
and military to the private sector, various nations, industries, groups and agencies
have been the targets (and in some cases the ones who carry out) cyber attacks.

6 Impacts of Cyber Warfare.

In recent years, the number of cyber-attacks that hit private companies and
government entities has rapidly increased. The damage caused by sabotage and by the
theft of intellectual property amounts to several billion dollars each year.In the
majority of cases victims of attacks can only find losses relating to the raids of the
opponents. Law enforcement and private companies are publicly discussing the
possibility to define new strategies to defend their assets from the attacks.

7 Impacts of Cyber Warfare.

It is getting complicated as there is no longer any realistic expectation of a single
solution or even a single family of solutions that can provide a comprehensive
approach to the problem space.It is personal as cyber security issues now impact every
individual who uses a computer. It is no longer science fiction – millions of people
worldwide are the victims of cyber-crimes.It is a business as almost every business
today is dependent on information and vulnerable to one or more types of cyber-
attacks -
8 approaches to cyber security
Two Most Common ApproachesDefensiveOffensiveDefensive: Currently Most
Countries have Adopted Defensive approach but fact is the security community is
aware of the growth of cyber threats and the current defensive approach is showing its
limit to tone down the menace from cyberspace. The cyber threats are dynamic and
their attacks are asymmetrical and difficult to predict.

9 Defensive ApproachThe success of recent attacks conducted by cybercriminals and

state-sponsored hackers led security experts to believe that a defensive approach
waiting for the attackers it totally inappropriate.

10 Offensive: (Proactive)
In many cases victims discovers the attacks many years, after they occurred when it is
too late to apply mitigation measures and the consequences are dramatic.For this
reason law enforcement and private companies are questioning the possibility to adopt
offensive techniques to mitigate cyber threats such as, the use of intrusive malware to
track the intruders or malicious code to spread in targeted “spear-phishing” campaigns
against those actors suspected to have originated the offensives.

11 Offensive Approach The Best Defense is a Good Offense

The most plausible hypothesis is the adoption of an offensive approach to cyber
security, both entities witnesses attended a Senate Judiciary Committee hearing on
proposal of taking the fight to the attackers.The debate on offensive cyber security is
focused on the possibility to install backdoors and other malicious codes into popular
web services and applications to spy on a wide audience of internet users for
investigative purposes, a clear violation of citizens’ privacy.

12 Next Cold warIt is war; in fact it is already becoming the next Cold war. Cyber
operations are also becoming increasingly integrated into active conflicts.The US
President Obama remarked on May 29, 2009 at 60-Day Cyber Space Policy Review,
“Our interconnected world presents us, at once, with great promise but also great peril
(Threat).

13 Cyber Active Countries:

Major powers increasingly rely on digital networks for critical services. The US turns
to a cyber-arms race, quite similar to the nuclear arms race, is building up stockpiles
of software and malware to attack computer systems of rival states. China, Iran, North
Korea, and Russia have demonstrated an ability to conduct robust cyber activity.

14 Pakistan and Cyber Warfare:

The Internet security company McAfee stated in its 2007 annual report that
approximately 120 countries have been developing ways to use the internet as a
weapon and target financial markets, government computer systems and
utilities.Indian hackers often hacked and penetrated the government websites of
Pakistan and left derogatory messages. In “Operation Hangover” against Pakistan,
cyber analysts in Norway claimed that hackers based in India have been targeting
government and military agencies in Pakistan since 2010 and extracting information
of national security interest to India.

15 Indian Cyber Intervention

“Black Dragon Indian Hackers Online Squad” defaced official websites of Pakistan
People’s Party (PPP), apparently annoyed by PPP Chairman Bilawal Bhutto-Zardari’s
remarks about Kashmir

16 Pakistan’s digital infrastructure:

Pakistan’s digital infrastructure is vulnerable. About cyber espionage, one knows who,
how, where, and why it matters? But there is paucity of knowledge about “what to
do”?Pakistan does have cyber-crime law but unfortunately it is not being implemented
effectively. There is also a lack of awareness about the law

17 Pakistan’s digital infrastructure:

More over Laws regulating cyber-crimes in Pakistan have never been
impressive.People of Pakistan hardly have any idea about the existence of such laws.
There had been an “Electronic Transactions Ordinance 2002”, which mostly dealt
with banking. But the first ever pertinent law, i.e. “Pakistan’s Cyber Crime Bill 2007”,
which focuses on electronic crimesi.e. cyber terrorism, criminal access, electronic
system fraud, electronic forgery, misuse of encryption etc has been there. But if one
sees its implementation, the statistics are poor.

18 Prevention of Electronic Crimes Bill 2015

The current government’s first ever comprehensive law, i.e. “Prevention of Electronic
Crimes Bill 2015”, which is struggling and facing lot of criticism on its content.As per
critics, there are many ambiguities in definitions of certain sections/clauses.It focuses
more on moral aspects of internet use than cyber-crime itself.The Section 31of the
proposed bill says that the govt could block access to any website “in the interest of
the glory of Islam or the integrity, security or defense of Pakistan or any part thereof,
friendly relations with foreign states, public order, decency or morality….”

19 ConfusionNow the question arises who is to decide what undermines the integrity
of Pakistan, or its relations with other states? Who exactly are the “friendly foreign
states”, and where would countries with which Pakistan has fluctuating ties such as
the United States (US) be placed?

20 Difference Btw US & PAK Law

The government should see whether it is in line with the implementation of the
National Action Plan to counter terrorism? Because, soon after 9/11, to fight terrorism
effectively at home, the US Congress passed the “Patriot Act”, which curtailed certain
rights given by the US Constitution under the bill of rights (first ten amendments).
21 Recommendations:Pakistan government should also introduce such laws that
could not only address cyber-crimes but cyber terrorism. Because, in modern terrorist
environment, terrorists/non-state actors make full use of internet for fund raising,
propaganda, threats and recruitment, etc. The new law must be crystal clear in its
definitions so that it could not be used for or against through different interpretations
of the sections/clauses

22 Recommendations:There is need of holding workshops and seminars to create

awareness among the masses.There must be severe actions against criminals.Anti-
virus and anti-spam soft wares should be installed.Vulnerability assessment of famous
Apps for smart phone may be done.“National cyber security awareness day” be
organised to make people aware of this.

23 Recommendations:With hyperactive social media in Pakistan, it is critical to study

the potential and limitations of the internet.It is crucial academics to try and better
understand the landscape of internet in Pakistan.Cyber-attacks and defiance should
eventually be part of Pakistan’s military strategy.Cyber defense, elevation of the role
of the private sector, and support research need improvement.“Bureau of Internet and
Cyberspace Affairs” should be established in the Ministry of Information Technology.

24 Recommendations:Emergency mechanisms for dealing with internet attacks be

developed. Formation of a Cyber Working Group (CWG) between Pakistan and India
should be discussed with India to make it part of the “Composite Dialogue” to have
regular discussions on the subject to avert the possibility of resorting to cyber warfare

25 References:mysteriousuniverse.org/2015/05/cyber-security-the-best-defense-is-a-
good-offense

Presentation on theme: "Cyber-Warfare: The Future is Now!"— Presentation transcript:

1 Cyber-Warfare: The Future is Now!

2 Agenda BLUF - Bottom Line Up Front Cyber-Warfare - 5Ws

Cyber-Threats and TargetsEconomic Impact and Cyber-LawQuestions

3 BLUF (Bottom Line Up Front)

Significantly increased over the last decadeFrequency, scale, sophistication, and severity of
impactThousands of attacks daily~240 New forms of Malware released each dayRequires
minimal cost and effortMalicious Tools easily found on the “DarkNet” at minimal costCan
impose a tremendous amount damage and confusion on a global scale.Reliant on technology,
even minor attacks can be catastrophic and debilitating
4 What is Cyber-Warfare 5th Dimension of War
Probing or penetration attackOn an individual computer or a computer network system
through the InternetExploit weakness, steal information, or conduct sabotage.

5 Who is the Enemy Individual Hackers Hacktivist Groups

Criminal OrganizationsCorrupt BusinessesTerroristsForeign Military or Government

6 Types of Threat External: Most Likely

Insider Threats: (Difficult to Identify)Malicious / Intentional / Unintentional / Consequential

7 Types of Attack Point of Sale Attacks: 28.5% Crimeware: 18.8%

Computer Espionage: 18.0%Privilege Misuse: %Web Applications: %Miscellaneous:
%Malicious CodeDenial of ServiceTheft / FraudEspionageSabotage / DestructionSOURCE:
Verizon Data Breach Investigations Report (DBIR) 2015

8 Cyber-Targets Medical / Healthcare - 129 / 100 Mil

# Breaches / # RecordsMedical / Healthcare / 100 MilGovernment / Military / 47
MilEducation / Research / 724KBanking / Financial / 408KSmall, Medium, Large Business /
121KEnergy / Utilities /

9 Previous Attacks 2007: Russia / Estonia - DDOS - Sabotage

2010: U.S. / Iran - Stuxnet Worm- Sabotage2013: Iran / U.S - Natanz - Retaliation - Theft /
Fraud

10 Recent Attacks 2014: Anthem / Unknown 2015: China / U.S - OPM - Theft
Theft 80 mil medical records2015: China / U.S - OPM - TheftOutsourced Domain
Administration Support to Foreigners:System Administrators from: China and ArgentinaBoth
had ROOT Privileges.NO HACKING REQUIRED!Encryption Would NOT have helped!

11 Economic Impact Cost of Cyber-Crime Lost profits

Minimal public spending due to lost trustDestruction of the Financial System

12 Cyber-Law Domestic Law International Law Laws of War

Rules of Engagement - Kinetic / Electronic

13 Take Away Increase cyber education and training

Increase budgets and fundingIncrease vigilanceMalicious CodeDenial of ServiceTheft /
FraudEspionageSabotage / Destruction

14 Questions