Information Warfare Midterm Overview

Lectures Covered Everything until (including) March 2 nd Reading: – All lecture slides – Denning book: Chapters 1, 2, 3, 4, 5, 7, 13 (access control), 14 (Risk management, Incident handling) – Additional reading materials (next slide) CSCE Farkas2

Additional reading Familiarity with CSCE 522 lecture notes, 2013 Fall, as needed, Denning, D. E. Stuxnet: What Has Changed? Future Internet 2012, 4, (.pdf)Future Internet 2012, 4, pdf Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisition, and Operations, NSA revelations hobble pursuit of a comprehensive cyberdefense initiative, Homeland Security News Wire, 08/16, 2013, revelations-hobble-pursuit-of-a-comprehensive-cyberdefense-initiativehttp:// revelations-hobble-pursuit-of-a-comprehensive-cyberdefense-initiative Expert calls for “surveillance minimization” to restore public trust, Homeland Security News Wire, 01/27/2014, calls-for-surveillance-minimization-to-restore-public-trusthttp:// calls-for-surveillance-minimization-to-restore-public-trust CSCE Farkas3

Additional Reading Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law. Thoughts on a Normative Framework., 37 Colum. J. Transnat'l L. 885, 1999, NIST special publications, Incident Handling Updated Guidelines, (general understanding only) Roger C. Molander, Peter A. Wilson, B. David Mussington, Richard Mesic: What is Strategic Information Warfare?, 1996, Information Security Policy - A Development Guide for Large and Small Companies, security-policy-development-guide-large-small-companies_ security-policy-development-guide-large-small-companies_1331 CSCE Farkas4

5 Information Security (INFOSEC) Protection of information against intentional or unintentional unauthorized –Disclosure (confidentiality) –Modification (integrity) –Destruction (availability) Concerned mainly with owned resources

CSCE Farkas6 Security Tradeoffs COST Security Functionality Ease of Use

CSCE Farkas7 Information Assurance Information security (prevention) plus –Authenticity and non-repudiation –Detection and reaction capabilities –Additional threats, like perception managements and exploitation of public media Addresses intentional or unintentional threats

CSCE Farkas8 Information Warfare Addresses only intentional attacks Information in any form and transmitted over any media Defensive operations: – Protection against attacks – Concerned with non-owned and owned resources Offensive operations: – Exploit vulnerabilities in information resources – Motives, means, opportunities WIN-LOSE NATURE OF OPERATIONS

CSCE Farkas9 Gain-Loss Nature of IW defenseoffense ensure availability prevent availability ensure integrity increase availability decrease availability decrease integrity From: Denning Figure 2.1

CSCE Farkas10 Activities Play: hackers vs. owners Crime: perpetrators vs. victims Individual rights: individuals vs. individuals/organizations/government National security: national level activities – State activities – Terrorism

CSCE Farkas11 Intention of Attackers Defensive IW Difficult to guess Determines response and incident handling

Offensive Information Warfare

CSCE Farkas13 Win-Lose Activity Alter availability and integrity of resources to benefit the offense Old vs. new methods Areas: 1.Open source and competitive intelligence 2.Psyops and perception management 3. Signal intelligence Not yet covered : 1. Insiders threat 2. Computer attacks 3. Malicious software

CSCE Farkas14 1 Open Source Intelligence Protected information: readily available in public domain, can be inferred from public data, or deduced from aggregated public data Goal: answer specific question in support of some mission Advantages: no risk for collector, provides context, mode of information acquisition, cover for data discovery by secret operations Disadvantages: may not discover important information, assurance of discovery(?)

CSCE Farkas15 1 Privacy and Copyright Piracy –Copyright Infringement Acquisition of protected work without the owner’s permission Human perception: not serious crime Significant loss for marketing/manufacturing/owner –Trademark Infringement Intellectual property disputes Domain name disputes

CSCE Farkas16 2 Psyops and Perception Management Information operations that aim to affect perception of others Goal: influence actions Means: influence emotions, reasoning, decisions Target: individuals, groups, nation, World Censorship –Offensive: denies population access to certain materials –Defensive: protect society from materials that would undermine its culture or governance

CSCE Farkas17 4 Signal Intelligence Operations that involves interception and analysis of signals across electromagnetic spectrum Intelligence report, criminal investigations, employee monitoring U.S. Federal wiretap restrictions Foreign intelligence Privacy rights

Defensive Information Warfare

CSCE Farkas19 Defensive Information Warfare Protect information resources from attacks Preserve the value of resource or recover lost value Security Policy Methods Response

CSCE Farkas20 Vulnerability Monitoring Identify security weaknesses Methods: automated tools, human walk- through, surveillance, audit, background checks Red team: organized group of people attempting to penetrate the security safeguards of the system

CSCE Farkas21 Incident Handling Not all incidents can be prevented  Incident handling –Prevention and preparedness –Detection and analysis –Containment and recovery –Post-incident activity Benefits: –Systematic and appropriate response to incidents –Quick response  reduce loss and damage –Strengthen security –Satisfy legal requirements Federal agency requirements

Sample tests Posted on class website Will be discussed on March 16, Monday CSCE Farkas22