SlideShare a Scribd company logo

The Revolution in Military Affairs has Set the Stage for Cyberwar

Richard Stiennon
Richard Stiennon

The document discusses how the Revolution in Military Affairs and push for network-centric warfare has left military networks vulnerable to cyber attacks. It outlines several past failures in securing military IT systems and networks that have allowed data theft and malware infections. The document warns that without improved security, future conflicts could involve crippling cyber attacks that undermine military communications, intelligence, and weapon systems like drones and the F-35 fighter. It defines cyberwar as using cyber attacks to support military force and outlines how a "Cyber Pearl Harbor" could involve defeating US forces through gaining information dominance in a conflict.

TechnologyBusinessNews & Politics
1 of 25
Download to read offline
The Revolution in Military Affairs has Set the Stage for Cyberwar
 Richard Stiennon Chief Research Analyst IT-Harvest ! Executive Editor securitycurrent.com ! twitter.com/cyberwar securitycurrent
! twitter.com/cyberwar securitycurrent
1996 Taiwan Straits Crisis "Admiral Clemens was able to use e-mail, a very graphic- rich environment, and video teleconferencing to achieve the effect he wanted", which was to deploy the carrier battle groups in a matter of hours instead of days.” -Arthur Cebrowski USS Nimitz and USS Independence deploy to Taiwan. securitycurrent

 The Revolution in Military Affairs • Roman centuries • Long bow and battle of Crecy • Napoleon’s staff command • Machine guns • Mechanized armor, blitzkrieg securitycurrent
The Modern RMA • Operation Desert Storm leads to: • Russian assessment of precision weapons ISR C&C securitycurrent
Andrew Marshall: Enigmatic Strategist securitycurrent Andrew W. Marshall (born September 13, 1921) is the director of the United States Department of Defense's Office of Net Assessment.

 Arthur Cebrowski: Evangelist securitycurrent “Network Centric Warfare should be the cornerstone of transformation. If you are not interoperable you are not on the net. You are not benefiting from the information age”.
The Dream securitycurrent Total Situational Awareness eliminates “the fog of war”! ! Red Team - Blue Team identification! ! Central Command and Control. Distributed battle command.! ! Networked Intelligence, Surveillance Reconnaissance (ISR)
Network Centric Warfare securitycurrent Everything connected (like the Internet) ! Satellite-Planes-Drones-Ground-Sea based sensor grid ! Instant communication over a Global Grid
IT-Harvest Confidential Deja vu all over again We’ve seen this story payed out before in the enterprise. ! ! First network everything. Take advantage of connectivity and ubiquity to re-invent commerce, social interactions, and communications. ! ! Second: succumb to attacks from hackers, cyber criminals, hacktivists, and nation states.! ! Finally: Layer in security
IT-Harvest Confidential How the Military Failed in Security April 1, 2001 a Navy EP-3E was forced down and captured by China. Top secret OS compromised! ! In 2008 China blatantly flooded communication channels known to be monitored by the NSA with decrypted US intercepts, kicking off a major re-deployment. SEVEN years too late. ! ! ! ! !
IT-Harvest Confidential How the Military Failed in Security Pentagon email servers p0wned 2007! ! Terabytes of data exfiltrated to China from the Defense Industrial Base. The target? Joint Strike Fighter design data.! ! ! !
IT-Harvest Confidential Military IT Security Failures The Wake Up Call ! ! BUCKSHOT YANKEE ! ! Agent.btz introduced via thumb drive in a forward operations command (Afghanistan?) ! ! EVERY Windows machine re-imaged in the entire military (3 million +) at a cost of $1 Billion.
IT-Harvest Confidential Drone madness 1
IT-Harvest Confidential Drone madness 2
IT-Harvest Confidential Drone madness 3
SATCOM Vulns securitycurrent • “We uncovered what would appear to be multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms.” - IOActive
Software Assurance maturity came after most new weapons platforms were sourced. securitycurrent One Air Force study of 3 million lines of code revealed: ! ! One software vulnerability per 8 lines of code ! ! One high vulnerability per 31 lines of code! ! One critical vulnerability for 70 lines of code
The F-35 Joint Strike Fighter securitycurrent ! “JSF software development is one of the largest and most complex projects in DOD history.” ! ! -Michael J. Sullivan, Director Acquisition and Sourcing Management for the DoD:!
The F-35 Joint Strike Fighter • Nine million lines of onboard code could mean 128,000 critical vulns • 15 million lines of logistics code could mean another 214,000 critical vulns • What could possibly go wrong? securitycurrent
Taiwan Straits Crisis. 2015? securitycurrent GPS hacks deflect jets away from tankers ! Mission tasking subverted ! Communications intercepts mislead commander ! Radar jamming masks enemy movement ! Result? ! Military defeat
A Working Definition of Cyberwar securitycurrent The use of network and computer attack to support the operations of a military force.
Cyber Pearl Harbor Defined securitycurrent An overwhelming defeat of US forces due to ! enemy information dominance.
securitycurrent
securitycurrent securitycurrent.com ! ! email: richard@it-harvest.com ! Twitter: twitter.com/cyberwar

Recommended

Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Mikko Hypponen
 
Self Learning Anti Drone System
Self Learning Anti Drone SystemSelf Learning Anti Drone System
Self Learning Anti Drone Systemyovist taufan
 
Drone it is
Drone it isDrone it is
Drone it isAshutosh Singh
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generationTony Lauro
 
White Paper - Countering Drones at Airports 2019 by DGS
White Paper - Countering Drones at Airports 2019 by DGSWhite Paper - Countering Drones at Airports 2019 by DGS
White Paper - Countering Drones at Airports 2019 by DGSDanielCHOU25
 
The dhahram patriot missile failure (1)
The dhahram patriot missile failure (1)The dhahram patriot missile failure (1)
The dhahram patriot missile failure (1)Madushan Sandaruwan
 
The rising chinese threat
The rising chinese threatThe rising chinese threat
The rising chinese threatelopez560
 
Manava project
Manava projectManava project
Manava projectgoutamsinghbisht
 

Recommended

Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Governments As Malware Authors - Mikko Hypponen at Black Hat 2014
Governments As Malware Authors - Mikko Hypponen at Black Hat 2014Mikko Hypponen
 
Self Learning Anti Drone System
Self Learning Anti Drone SystemSelf Learning Anti Drone System
Self Learning Anti Drone Systemyovist taufan
 
Drone it is
Drone it isDrone it is
Drone it isAshutosh Singh
 
Information security in the starbucks generation
Information security in the starbucks generationInformation security in the starbucks generation
Information security in the starbucks generationTony Lauro
 
White Paper - Countering Drones at Airports 2019 by DGS
White Paper - Countering Drones at Airports 2019 by DGSWhite Paper - Countering Drones at Airports 2019 by DGS
White Paper - Countering Drones at Airports 2019 by DGSDanielCHOU25
 
The dhahram patriot missile failure (1)
The dhahram patriot missile failure (1)The dhahram patriot missile failure (1)
The dhahram patriot missile failure (1)Madushan Sandaruwan
 
The rising chinese threat
The rising chinese threatThe rising chinese threat
The rising chinese threatelopez560
 
Manava project
Manava projectManava project
Manava projectgoutamsinghbisht
 
WIA 2017 Conference Series -- Aerospace 2017: The Changing Face of Aerospace
WIA 2017 Conference Series -- Aerospace 2017: The Changing Face of AerospaceWIA 2017 Conference Series -- Aerospace 2017: The Changing Face of Aerospace
WIA 2017 Conference Series -- Aerospace 2017: The Changing Face of AerospaceSpace Foundation
 
Hacking
HackingHacking
HackingNarendraGadde2
 
Everyday Life UAV Drone Applications
Everyday Life UAV Drone ApplicationsEveryday Life UAV Drone Applications
Everyday Life UAV Drone ApplicationsUltimate UAV
 
"Hacking"
"Hacking""Hacking"
"Hacking"Ameesha Indusarani
 
Hacking
HackingHacking
Hackingkill4love
 
DRNE INVESTOR PRESENTATION
DRNE INVESTOR PRESENTATIONDRNE INVESTOR PRESENTATION
DRNE INVESTOR PRESENTATIONRedChip Companies, Inc.
 
Techno-Quiz Finals
Techno-Quiz FinalsTechno-Quiz Finals
Techno-Quiz FinalsPranshu Agarwal
 
Srlc brief
Srlc briefSrlc brief
Srlc briefRashidah Rahim
 
Img overview.2014
Img overview.2014Img overview.2014
Img overview.2014impactwithkangen
 
Mil soft company overview 2012 v2
Mil soft company overview 2012 v2Mil soft company overview 2012 v2
Mil soft company overview 2012 v2milsoftSDC
 
Bg bryant
Bg bryantBg bryant
Bg bryanticemsg
 
Session 8 - Next 100 Years
Session 8 - Next 100 YearsSession 8 - Next 100 Years
Session 8 - Next 100 YearsNavy Webmaster
 
Biz Model for pureLiFi
Biz Model for pureLiFiBiz Model for pureLiFi
Biz Model for pureLiFiJeffrey Funk Business Models
 
Nco Role In Battlefield Management
Nco Role In Battlefield ManagementNco Role In Battlefield Management
Nco Role In Battlefield ManagementNavneet Bhushan
 
There WIll Be Cyberwar
There WIll Be Cyberwar There WIll Be Cyberwar
There WIll Be Cyberwar Richard Stiennon
 
Education and Enculturation of Junior Officers in USN FORCEnet & Network Cen...
Education and Enculturation of Junior Officers in USN FORCEnet & Network Cen...Education and Enculturation of Junior Officers in USN FORCEnet & Network Cen...
Education and Enculturation of Junior Officers in USN FORCEnet & Network Cen...Mark Tempestilli
 
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...Nathaniel Palmer
 
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSSECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
 
Military, Defense and Public Safety Mesh Networks [MeshDynamics]
Military, Defense and Public Safety Mesh Networks [MeshDynamics]Military, Defense and Public Safety Mesh Networks [MeshDynamics]
Military, Defense and Public Safety Mesh Networks [MeshDynamics]MeshDynamics
 
Milcom10 T10 Optical Ethernet Sharma Davari 2010 11 01
Milcom10 T10 Optical Ethernet Sharma Davari 2010 11 01Milcom10 T10 Optical Ethernet Sharma Davari 2010 11 01
Milcom10 T10 Optical Ethernet Sharma Davari 2010 11 01Vishal Sharma, Ph.D.
 
Paul final voip
Paul final voipPaul final voip
Paul final voipPaul Fares
 
Bonchek -Lessons from Network Centric Warfare
Bonchek -Lessons from Network Centric WarfareBonchek -Lessons from Network Centric Warfare
Bonchek -Lessons from Network Centric WarfareMark Bonchek
 

More Related Content

What's hot

WIA 2017 Conference Series -- Aerospace 2017: The Changing Face of Aerospace
WIA 2017 Conference Series -- Aerospace 2017: The Changing Face of AerospaceWIA 2017 Conference Series -- Aerospace 2017: The Changing Face of Aerospace
WIA 2017 Conference Series -- Aerospace 2017: The Changing Face of AerospaceSpace Foundation
 
Everyday Life UAV Drone Applications
Everyday Life UAV Drone ApplicationsEveryday Life UAV Drone Applications
Everyday Life UAV Drone ApplicationsUltimate UAV
 

What's hot (7)

WIA 2017 Conference Series -- Aerospace 2017: The Changing Face of Aerospace
WIA 2017 Conference Series -- Aerospace 2017: The Changing Face of AerospaceWIA 2017 Conference Series -- Aerospace 2017: The Changing Face of Aerospace
WIA 2017 Conference Series -- Aerospace 2017: The Changing Face of Aerospace
 
Hacking
HackingHacking
Hacking
 
Everyday Life UAV Drone Applications
Everyday Life UAV Drone ApplicationsEveryday Life UAV Drone Applications
Everyday Life UAV Drone Applications
 
"Hacking"
"Hacking""Hacking"
"Hacking"
 
Hacking
HackingHacking
Hacking
 
DRNE INVESTOR PRESENTATION
DRNE INVESTOR PRESENTATIONDRNE INVESTOR PRESENTATION
DRNE INVESTOR PRESENTATION
 
Techno-Quiz Finals
Techno-Quiz FinalsTechno-Quiz Finals
Techno-Quiz Finals
 

Viewers also liked

Mil soft company overview 2012 v2
Mil soft company overview 2012 v2Mil soft company overview 2012 v2
Mil soft company overview 2012 v2milsoftSDC
 
Bg bryant
Bg bryantBg bryant
Bg bryanticemsg
 
Session 8 - Next 100 Years
Session 8 - Next 100 YearsSession 8 - Next 100 Years
Session 8 - Next 100 YearsNavy Webmaster
 
Nco Role In Battlefield Management
Nco Role In Battlefield ManagementNco Role In Battlefield Management
Nco Role In Battlefield ManagementNavneet Bhushan
 
Education and Enculturation of Junior Officers in USN FORCEnet & Network Cen...
Education and Enculturation of Junior Officers in USN FORCEnet & Network Cen...Education and Enculturation of Junior Officers in USN FORCEnet & Network Cen...
Education and Enculturation of Junior Officers in USN FORCEnet & Network Cen...Mark Tempestilli
 
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...Nathaniel Palmer
 
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSSECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSMarco Lisi
 
Military, Defense and Public Safety Mesh Networks [MeshDynamics]
Military, Defense and Public Safety Mesh Networks [MeshDynamics]Military, Defense and Public Safety Mesh Networks [MeshDynamics]
Military, Defense and Public Safety Mesh Networks [MeshDynamics]MeshDynamics
 
Milcom10 T10 Optical Ethernet Sharma Davari 2010 11 01
Milcom10 T10 Optical Ethernet Sharma Davari 2010 11 01Milcom10 T10 Optical Ethernet Sharma Davari 2010 11 01
Milcom10 T10 Optical Ethernet Sharma Davari 2010 11 01Vishal Sharma, Ph.D.
 
Paul final voip
Paul final voipPaul final voip
Paul final voipPaul Fares
 
Bonchek -Lessons from Network Centric Warfare
Bonchek -Lessons from Network Centric WarfareBonchek -Lessons from Network Centric Warfare
Bonchek -Lessons from Network Centric WarfareMark Bonchek
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect usLuis Borges Gouveia
 
Software technology in army defence
Software technology in army defenceSoftware technology in army defence
Software technology in army defenceShivam Jaiswal
 
Software technologies in defence ppt
Software technologies in defence pptSoftware technologies in defence ppt
Software technologies in defence pptSantosh Kumar
 

Viewers also liked (19)

Srlc brief
Srlc briefSrlc brief
Srlc brief
 
Img overview.2014
Img overview.2014Img overview.2014
Img overview.2014
 
Mil soft company overview 2012 v2
Mil soft company overview 2012 v2Mil soft company overview 2012 v2
Mil soft company overview 2012 v2
 
Bg bryant
Bg bryantBg bryant
Bg bryant
 
Session 8 - Next 100 Years
Session 8 - Next 100 YearsSession 8 - Next 100 Years
Session 8 - Next 100 Years
 
Biz Model for pureLiFi
Biz Model for pureLiFiBiz Model for pureLiFi
Biz Model for pureLiFi
 
Nco Role In Battlefield Management
Nco Role In Battlefield ManagementNco Role In Battlefield Management
Nco Role In Battlefield Management
 
There WIll Be Cyberwar
There WIll Be Cyberwar There WIll Be Cyberwar
There WIll Be Cyberwar
 
Education and Enculturation of Junior Officers in USN FORCEnet & Network Cen...
Education and Enculturation of Junior Officers in USN FORCEnet & Network Cen...Education and Enculturation of Junior Officers in USN FORCEnet & Network Cen...
Education and Enculturation of Junior Officers in USN FORCEnet & Network Cen...
 
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
The “Predictive” Battlespace: Leveraging the Power of Event-Driven Architect...
 
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMSSECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
SECURITY IN LARGE, STRATEGIC AND COMPLEX SYSTEMS
 
Military, Defense and Public Safety Mesh Networks [MeshDynamics]
Military, Defense and Public Safety Mesh Networks [MeshDynamics]Military, Defense and Public Safety Mesh Networks [MeshDynamics]
Military, Defense and Public Safety Mesh Networks [MeshDynamics]
 
Milcom10 T10 Optical Ethernet Sharma Davari 2010 11 01
Milcom10 T10 Optical Ethernet Sharma Davari 2010 11 01Milcom10 T10 Optical Ethernet Sharma Davari 2010 11 01
Milcom10 T10 Optical Ethernet Sharma Davari 2010 11 01
 
Paul final voip
Paul final voipPaul final voip
Paul final voip
 
Bonchek -Lessons from Network Centric Warfare
Bonchek -Lessons from Network Centric WarfareBonchek -Lessons from Network Centric Warfare
Bonchek -Lessons from Network Centric Warfare
 
4 g wfinal (2)
4 g wfinal (2)4 g wfinal (2)
4 g wfinal (2)
 
The Information Warfare: how it can affect us
The Information Warfare: how it can affect usThe Information Warfare: how it can affect us
The Information Warfare: how it can affect us
 
Software technology in army defence
Software technology in army defenceSoftware technology in army defence
Software technology in army defence
 
Software technologies in defence ppt
Software technologies in defence pptSoftware technologies in defence ppt
Software technologies in defence ppt
 

Similar to The Revolution in Military Affairs has Set the Stage for Cyberwar

The Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be CyberwarThe Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be CyberwarRichard Stiennon
 
Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Avirot Mitamura
 
Computer Attack Stratagems
Computer Attack StratagemsComputer Attack Stratagems
Computer Attack StratagemsKarl Wolfgang
 
Port security
Port securityPort security
Port securityborepatch
 
Surviving Cyber War April09
Surviving Cyber War April09Surviving Cyber War April09
Surviving Cyber War April09Richard Stiennon
 
Lesson2.9 m u2l6 secret keys
Lesson2.9 m u2l6 secret keysLesson2.9 m u2l6 secret keys
Lesson2.9 m u2l6 secret keysLexume1
 
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...Pukhraj Singh
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINALNicholas Poole
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsLove Steven
 
From SIMNET to the Metaverse - Why is it taking so long?
From SIMNET to the Metaverse - Why is it taking so long?From SIMNET to the Metaverse - Why is it taking so long?
From SIMNET to the Metaverse - Why is it taking so long?Andy Fawkes
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Cisco Canada
 

Similar to The Revolution in Military Affairs has Set the Stage for Cyberwar (20)

The Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be CyberwarThe Internet of Military Things: There Will Be Cyberwar
The Internet of Military Things: There Will Be Cyberwar
 
Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186Cybersecurity and-cyberwar-singer-en-22186
Cybersecurity and-cyberwar-singer-en-22186
 
Is the us engaged in a cyber war
Is the us engaged in a cyber warIs the us engaged in a cyber war
Is the us engaged in a cyber war
 
Computer Attack Stratagems
Computer Attack StratagemsComputer Attack Stratagems
Computer Attack Stratagems
 
Port security
Port securityPort security
Port security
 
Surviving Cyber War April09
Surviving Cyber War April09Surviving Cyber War April09
Surviving Cyber War April09
 
Lesson2.9 m u2l6 secret keys
Lesson2.9 m u2l6 secret keysLesson2.9 m u2l6 secret keys
Lesson2.9 m u2l6 secret keys
 
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...In cyber, the generals should lead from behind - College of Air Warfare - Puk...
In cyber, the generals should lead from behind - College of Air Warfare - Puk...
 
The Stuxnet Virus FINAL
The Stuxnet Virus FINALThe Stuxnet Virus FINAL
The Stuxnet Virus FINAL
 
Cyberwar Update2010
Cyberwar Update2010Cyberwar Update2010
Cyberwar Update2010
 
Honeypots in Cyberwar
Honeypots in CyberwarHoneypots in Cyberwar
Honeypots in Cyberwar
 
Why Risk Management Fails
Why Risk Management FailsWhy Risk Management Fails
Why Risk Management Fails
 
Titan Rain
Titan RainTitan Rain
Titan Rain
 
Afcea cyber 11.2.2010_v1.0
Afcea cyber 11.2.2010_v1.0Afcea cyber 11.2.2010_v1.0
Afcea cyber 11.2.2010_v1.0
 
Cyber pakistan
Cyber pakistanCyber pakistan
Cyber pakistan
 
Exp r35
Exp r35Exp r35
Exp r35
 
technical disaster
technical disastertechnical disaster
technical disaster
 
Information warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectorsInformation warfare, assurance and security in the energy sectors
Information warfare, assurance and security in the energy sectors
 
From SIMNET to the Metaverse - Why is it taking so long?
From SIMNET to the Metaverse - Why is it taking so long?From SIMNET to the Metaverse - Why is it taking so long?
From SIMNET to the Metaverse - Why is it taking so long?
 
Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles Ot ics cyberattaques dans les organisations industrielles
Ot ics cyberattaques dans les organisations industrielles
 

More from Richard Stiennon

Cyber security industry trends
Cyber security industry trendsCyber security industry trends
Cyber security industry trendsRichard Stiennon
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is ImpossibleRichard Stiennon
 
Stiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, OrlandoStiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, OrlandoRichard Stiennon
 
How the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security ForeverHow the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security ForeverRichard Stiennon
 
Cybercrime and Business Process Hacking
Cybercrime and Business Process HackingCybercrime and Business Process Hacking
Cybercrime and Business Process HackingRichard Stiennon
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismRichard Stiennon
 
What makes the IT industry tick?
What makes the IT industry tick? What makes the IT industry tick?
What makes the IT industry tick? Richard Stiennon
 

More from Richard Stiennon (9)

Cyber security industry trends
Cyber security industry trendsCyber security industry trends
Cyber security industry trends
 
Why Risk Management is Impossible
Why Risk Management is ImpossibleWhy Risk Management is Impossible
Why Risk Management is Impossible
 
Stiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, OrlandoStiennon Keynote at Trusted Computing Conference 2013, Orlando
Stiennon Keynote at Trusted Computing Conference 2013, Orlando
 
How the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security ForeverHow the Surveillance State Changes IT Security Forever
How the Surveillance State Changes IT Security Forever
 
Cybercrime and Business Process Hacking
Cybercrime and Business Process HackingCybercrime and Business Process Hacking
Cybercrime and Business Process Hacking
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber Realism
 
What makes the IT industry tick?
What makes the IT industry tick? What makes the IT industry tick?
What makes the IT industry tick?
 
New definition for APT
New definition for APTNew definition for APT
New definition for APT
 
Surviving Cyber War
Surviving Cyber WarSurviving Cyber War
Surviving Cyber War
 

Recently uploaded

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 

Recently uploaded (20)

2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 

The Revolution in Military Affairs has Set the Stage for Cyberwar

  • 1. The Revolution in Military Affairs has Set the Stage for Cyberwar
 Richard Stiennon Chief Research Analyst IT-Harvest ! Executive Editor securitycurrent.com ! twitter.com/cyberwar securitycurrent
  • 3. 1996 Taiwan Straits Crisis "Admiral Clemens was able to use e-mail, a very graphic- rich environment, and video teleconferencing to achieve the effect he wanted", which was to deploy the carrier battle groups in a matter of hours instead of days.” -Arthur Cebrowski USS Nimitz and USS Independence deploy to Taiwan. securitycurrent
  • 4. 
 The Revolution in Military Affairs • Roman centuries • Long bow and battle of Crecy • Napoleon’s staff command • Machine guns • Mechanized armor, blitzkrieg securitycurrent
  • 5. The Modern RMA • Operation Desert Storm leads to: • Russian assessment of precision weapons ISR C&C securitycurrent
  • 6. Andrew Marshall: Enigmatic Strategist securitycurrent Andrew W. Marshall (born September 13, 1921) is the director of the United States Department of Defense's Office of Net Assessment.
  • 7. 
 Arthur Cebrowski: Evangelist securitycurrent “Network Centric Warfare should be the cornerstone of transformation. If you are not interoperable you are not on the net. You are not benefiting from the information age”.
  • 8. The Dream securitycurrent Total Situational Awareness eliminates “the fog of war”! ! Red Team - Blue Team identification! ! Central Command and Control. Distributed battle command.! ! Networked Intelligence, Surveillance Reconnaissance (ISR)
  • 9. Network Centric Warfare securitycurrent Everything connected (like the Internet) ! Satellite-Planes-Drones-Ground-Sea based sensor grid ! Instant communication over a Global Grid
  • 10. IT-Harvest Confidential Deja vu all over again We’ve seen this story payed out before in the enterprise. ! ! First network everything. Take advantage of connectivity and ubiquity to re-invent commerce, social interactions, and communications. ! ! Second: succumb to attacks from hackers, cyber criminals, hacktivists, and nation states.! ! Finally: Layer in security
  • 11. IT-Harvest Confidential How the Military Failed in Security April 1, 2001 a Navy EP-3E was forced down and captured by China. Top secret OS compromised! ! In 2008 China blatantly flooded communication channels known to be monitored by the NSA with decrypted US intercepts, kicking off a major re-deployment. SEVEN years too late. ! ! ! ! !
  • 12. IT-Harvest Confidential How the Military Failed in Security Pentagon email servers p0wned 2007! ! Terabytes of data exfiltrated to China from the Defense Industrial Base. The target? Joint Strike Fighter design data.! ! ! !
  • 13. IT-Harvest Confidential Military IT Security Failures The Wake Up Call ! ! BUCKSHOT YANKEE ! ! Agent.btz introduced via thumb drive in a forward operations command (Afghanistan?) ! ! EVERY Windows machine re-imaged in the entire military (3 million +) at a cost of $1 Billion.
  • 17. SATCOM Vulns securitycurrent • “We uncovered what would appear to be multiple backdoors, hardcoded credentials, undocumented and/or insecure protocols, and weak encryption algorithms.” - IOActive
  • 18. Software Assurance maturity came after most new weapons platforms were sourced. securitycurrent One Air Force study of 3 million lines of code revealed: ! ! One software vulnerability per 8 lines of code ! ! One high vulnerability per 31 lines of code! ! One critical vulnerability for 70 lines of code
  • 19. The F-35 Joint Strike Fighter securitycurrent ! “JSF software development is one of the largest and most complex projects in DOD history.” ! ! -Michael J. Sullivan, Director Acquisition and Sourcing Management for the DoD:!
  • 20. The F-35 Joint Strike Fighter • Nine million lines of onboard code could mean 128,000 critical vulns • 15 million lines of logistics code could mean another 214,000 critical vulns • What could possibly go wrong? securitycurrent
  • 21. Taiwan Straits Crisis. 2015? securitycurrent GPS hacks deflect jets away from tankers ! Mission tasking subverted ! Communications intercepts mislead commander ! Radar jamming masks enemy movement ! Result? ! Military defeat
  • 22. A Working Definition of Cyberwar securitycurrent The use of network and computer attack to support the operations of a military force.
  • 23. Cyber Pearl Harbor Defined securitycurrent An overwhelming defeat of US forces due to ! enemy information dominance.