Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Warfare Summary. Information Security Information Assurance Information Warfare Information Dominance.

Similar presentations


Presentation on theme: "Information Warfare Summary. Information Security Information Assurance Information Warfare Information Dominance."— Presentation transcript:

1 Information Warfare Summary

2 Information Security Information Assurance Information Warfare Information Dominance

3 CSCE 727 - Farkas3 Information Warfare Addresses only intentional attacks Information in any form and transmitted over any media Defensive operations: – Protection against attacks – Concerned with non-owned and owned resources Offensive operations: – Exploit vulnerabilities in information resources – Motives, means, opportunities WIN-LOSE NATURE OF OPERATIONS

4 CSCE 727 - Farkas4 Gain-Loss Nature of IW defenseoffense ensure availability prevent availability ensure integrity increase availability decrease availability decrease integrity From: Denning Figure 2.1

5 CSCE 727 - Farkas5 Activities Play: hackers vs. owners Crime: perpetrators vs. victims Individual rights: individuals vs. individuals/organizations/government National security: national level activities – State activities – Terrorism

6 CSCE 727 - Farkas6 Intention of Attackers Defensive IW Difficult to guess – International Conflict in Cyber Space – Schmitt Analysis Determines response and incident handling – NIST guideliness

7 Offensive Information Warfare

8 CSCE 727 - Farkas8 Win-Lose Activity Alter availability and integrity of resources to benefit the offense Technical Aspect of offensive actions Areas of activities 1.Critical infrastructure attacks 2.Psyops and perception management – soft power 3.Intelligence Domestic intelligence Foreign intelligence - open source and competitive 4.Computer attacks – insiders threat 5. Risk Management

9 CSCE 727 - Farkas9 9 Cyber Terrorism Protection of national infrastructure SCADA systems – Stuxnet Electric grid, finance, etc. Traditional: – Intelligence collection – Psyops and perception management New forms: – Exploitation of computer technologies Internet propaganda via social networking Untraditional targets, e.g., media organizations

10 CSCE 727 - Farkas10CSCE 727 - Farkas10 Scope of Intelligence Government – national security – Range from peace time to war time intelligence – Type of government Domestic Intelligence – depends on nature of regime Business corporations – competitive advantage Economics and Intelligence – Government-run economy – Economic well-being of nation Non-traditions Intelligence – Environmental issues

11 CSCE 727 - Farkas11CSCE 727 - Farkas11 Intelligence and Information Age Increased amount of digital data – How to collect – How to analyze Technology: dependency on computing technologies – Who is vulnerable? Behavioral and institutional change: information as the key of organizational activities Intelligent Services vs. competing organizations

12 CSCE 727 - Farkas12 Open Source Intelligence Protected information: readily available in public domain, can be inferred from public data, or deduced from aggregated public data Goal: answer specific question in support of some mission Advantages: no risk for collector, provides context, mode of information acquisition, cover for data discovery by secret operations Disadvantages: may not discover important information, assurance of discovery(?)

13 CSCE 727 - Farkas13 Insider Threat Employees working for an organization –Generally trusted –Easy access to resources –Know how the system works Domains –State and military espionage –Economic espionage –Corporate espionage –Privacy compromises Motivation of offense – Financial gain, ideology, revenge

14 CSCE 727 - Farkas14 Psyops and Perception Management Information operations that aim to affect perception of others Goal: influence actions Means: influence emotions, reasoning, decisions Target: individuals, groups, nation, World Censorship –Offensive: denies population access to certain materials –Defensive: protect society from materials that would undermine its culture or governance

15 CSCE 727 - Farkas15 Computer Attacks Passive vs. active attacks Attack phases: –Intelligence gathering –Planning –Attack –Inside the system: Hiding Future attacks Types of attacks

16 CSCE 727 - Farkas16Information Warfare - Farkas16 Risk Management Framework (Business Context) Understand Business Context Identify Business and Technical Risks Synthesize and Rank Risks Define Risk Mitigation Strategy Carry Out Fixes and Validate Measurement and Reporting

17 Defensive Information Warfare

18 CSCE 727 - Farkas18 Defensive Information Warfare Protect information resources from attacks Preserve the value of resource or recover lost value Security Policy Methods Response

19 CSCE 727 - Farkas19 Vulnerability Monitoring Identify security weaknesses Methods: automated tools, human walk- through, surveillance, audit, background checks Red team: organized group of people attempting to penetrate the security safeguards of the system

20 CSCE 727 - Farkas20 Secure System Development National Computer Security Center (NCSC): Rainbow Series Common Criteria (with Canada and Europe) National Information Assurance Partnership (NIAP) Security Awareness and Training

21 CSCE 727 - Farkas21 Incident Handling Not all incidents can be prevented  Incident handling –Prevention and preparedness –Detection and analysis –Containment and recovery –Post-incident activity Benefits: –Systematic and appropriate response to incidents –Quick response  reduce loss and damage –Strengthen security –Satisfy legal requirements Federal agency requirements

22 National Level Information Warfare

23 CSCE 727 - Farkas23 National Level Security Domestic –Posse Commitatus (military involvement for counter terrorism) –Information sharing and intelligence oversight International –Jus in Pace (law of peace) –Jus ad Bellum (law of conflict management) –Jus in Bello (law of war)

24 Next Class Project Evaluations CSCE 727 - Farkas24

25 Proposal Evaluation Each reviewer writes a short evaluation of each proposal based on: – Intellectual merit (Strength, weakness) – Broader impact (Strength, weakness) – General comments – Summary of recommendations Upload reviews via dropbox by noon, April 24 Bring hard copy of your reviews with you to the class CSCE 727 - Farkas25

26 Panel Evaluation Maximum10 minutes per proposal: One of the reviewers briefly describe the proposal Other reviewers compare and debate their evaluation Rest of the class participates in ranking the proposal based on the reviews Create final ranking of the proposal CSCE 727 - Farkas26

27 Schedule April 24: – Evaluate groups 5, 8, 9, 10, 11, 12 April 29: – Evaluate group 1, 2, 3, 4, 6, 7 – Rank all proposals CSCE 727 - Farkas27


Download ppt "Information Warfare Summary. Information Security Information Assurance Information Warfare Information Dominance."

Similar presentations


Ads by Google