2. 1. The Spectrum of Cyberwarfare
2. Offensive Cyber Operations
3. The ART of Defense
4. A comparative studies of nation states capabilities
PLAN
2
3. Key definitions :
Cyberwarfare :
A set of strategies used by a nation state actor or organization aimed at attacking countries
information systems infrastructure with the intention of disrupting , damaging or destroying.
Cyberwar :
The act of waging war on a nation state or organization to achieve a strategic political , economic or
ideological objective.
Cybersecurity strategy :
A high-level plan that defines how an organization or nation state actor intends to improve the
resilience and security of its cyberspace.
The Spectrum of Cyberwarfare
3
4. A “jus ad bellum” for Cyberwarfare :
Military Intelligence gathering
Collection of confidential information on current state of military capabilities and operations of a given nation-
state in support of current of futur operations. Example : Interception of digital communication to uncover
military plans
Geopolitical influence
Accrued tendency of nation-state to increase their existing capacity of influence & control on other nations from
the geophysical domain into the cyberspace through information warfare.
Support of Military Operations
Cyberwarfare is an enabler in support of tangible warfare operations such as disruption of a military
center of operations via a computer virus.
Strategic economic warfare
Attacks against a nation state using cyber technology with the aim of weakening its economy
through acquisition of trade secrets , sabotage of industrial facilities.
Cyber counterintelligence
Activities designed to prevent or thwart spying, intelligence gathering, and sabotage by an enemy or
other foreign entity.
The Spectrum of Cyberwarfare
4
5. The Spectrum of Cyberwarfare
Targets of Interest Example Attribution
Military Infrastructure
Espionage
NSA , FSB , GCHQ , MSS , DGRE
Electoral System &
Process
United States Election (2016) Russia’s FSB
Electrical powergrid Ukraine powergrid (2015) Russia’s FSB
Nuclear powerplant Iranian nuclear plant
Stuxnet virus (2010)
NSA & Israel Unit 8200
Communication systems BGP Hijacking Any major global telecom provider
Supply chain SolarWinds cyberattack (2020) Russia’s Cozy Bear
Any national infrastructure
considered critical
Colonial pipeline Any nation state actor with accrued geopolitical
motivation
5
6. The Spectrum of Cyberwarfare
6
A library of known adversary
Tactics – the adversary’s technical goals
Techniques – how those goals are achieved
Procedures – specific implementations of techniques
The framework contains 3 Matrices : Enterprise , Mobile and Industrial Control System
https://attack.mitre.org/
7. Offensive Cyber Operations
Into the premise of offensive cyberwarfare : from spies to APTs
APT ( Advanced Persistent Threat ) : Sophisticated cyber intrusion technique that exploits a
given vulnerability in a system inorder to gain extended persistent foothold with the aim of
achieving a specific malicious objective.
Lockheed Martin Cyberkill chain :
7
8. From Blitzkrieg to Bitskrieg :
- An intense german military stategy intended to bring about a swift victory in WW II
- Think about a series of swift attacks intended to shutdown a nation’s cyberspace
- Example : Shutdown of Ukraine Electrical Power Grid in 2015 by Sandworm
- Objective : Render your target’s system unoperational through disruptive intrusion in the shortest
possible time frame.
- Possibly : Erase disk , encrypt files , corrupt system kernel , change SCADA programming logic
Offensive Cyber Operations
8
9. DDOS Distributed Denial of Service:
Directing malicious traffic to a target by using a range of infected devices controlled by C² Servers.
Aim : Disrupt the availability of an online system
Examples :
▪ DNS Amplification Attack
▪ MIRAI Botnet Attack
Offensive Cyber Operations
9
10. Hunting for vulnerabilities & bugs :
A zero day (or 0-day) vulnerability is a security risk in a piece of software that is not publicly known
about and the vendor is not aware of. A zero- ay exploit is the method an attacker uses to access the
vulnerable system.
❑ Active purchase of 0-day exploitsby nation-state to compromise systems ... USA , EU
❑ Advanced vulnerability research program (R&D) ... China
❑ Development of exploits for known vulnerabilities ... Russia
Strategic Objective :
✓ Obtain initial access to a foreign nation state’s system
✓ Maintain a tactical advantage on other nation state
Example : Kaseya Attack , MSRPC Printer Spooler Relay , Zerologon , Stuxnet
Offensive Cyber Operations
10
11. Social Engineering & Phishing :
Social engineering is the psychological manipulation of people into performing actions or divulging
confidential information.
Cialdini's 6 Principles of Influence are : Reciprocity , Commitment/consistency, Social proof
,Authority, Liking, Scarcity.
Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or
otherwise deceptive) message designed to trick a person into revealing sensitive information to the
attacker
Objective : Leakage of confidential information
Offensive Cyber Operations
11
12. “If you know the enemy and know yourself, you need not fear the result of a
hundred battles. If you know yourself but not the enemy, for every victory
gained you will also suffer a defeat. If you know neither the enemy nor
yourself, you will succumb in every battle.”
“Sun Tzu
The ART of Defense
STEP ROAD MAP TO PLANNING A NATION-WIDE DEFENSE STATREGY
1 Assess your national cybersecurity landscape
2 Assess the cyber-risk landscape
3 Produce your national cyber strategy
4 Develop an action plan
5 Monitor and evaluate defined metrics of your strategy
6 Continuous improvement & update
12
13. The ART of Defense
BLUE PRINT FOR BUILDING A NATIONAL CYBERSECURITY DEFENSE STRATEGY
Governance Risk Management Legislation & Regulation
❑ Ensure the highest level of support
❑ Establish a competent cybersecurity
authority
❑ Ensure intra-government cooperation
❑ Ensure inter-sectoral cooperation
❑ Allocate dedicated budget and resources
❑ Define a risk-management approach
❑ Identify a common methodology for
managing cybersecurity risk
❑ Develop sectoral cybersecurity risk profiles
❑ Establishing cybersecurity policies
❑ Establish cybercrime legislation
❑ Recognise and safeguard individual rights and
liberties
❑ Create compliance mechanisms
❑ Promote capacity-building for law enforcement
Preparedness & Resilience Capability & Capacity Building Critical Infrastructure services & essential
services
❑ Establish cyber-incident response
capabilities
❑ Establish contingency plans for
cybersecurity crisis management
❑ Promote information-sharing
❑ Conduct cybersecurity exercises
❑ Develop cybersecurity curricula
❑ Stimulate skills development and workforce
training
❑ Implement a coordinated cybersecurity
awareness-raising programme
❑ Foster cybersecurity innovation and R&D
❑ Establish a risk-management approach to
protecting critical infrastructures
❑ and services
❑ Adopt a governance model with clear
responsibilities
❑ Define minimum cybersecurity baselines
❑ Establish public-private partnerships
13
14. Defending your critical infrastructure
The ART of Defense
Security best practices and trends
Threat Intelligence & Hunting Quantum & Post Quantum Cryptography
Vulnerability Management Threat Emulation
Compliance Audit Defense in depth
EDR ( End-point detection & response) Zero-Trust Architecture
Security Awareness Secure Enclaves
SIEM ( Security Information &Event Management) ❑ MFA (Multi factor Authentication)
SOAR ( Security Orchestration , Automation & Response ) ❑ Risk Management
DLP ( Data loss prevention ) ❑ Next Generation Firewall
14