3rd International Conference on Cyber Conflict Agenda available
For the third year in a row, the NATO Cooperative Cyber Defence Centre of Excellence invites experts from the government, military, academia and the private sector to Tallinn to discuss recent trends in cyber security. This year the ICCC takes place on 7-10 June will focus on the topic of Generating Cyber Forces. The initial agenda of the conference is now available.
Keynote speakers include:
Ralph Langner, Langner Communications GmbH
Charlie Miller, Independent Security Evaluators
Major General Jonathan Shaw, Assistant Chief of the Defence Staff for Global Issues UK MoD.
Charlie Miller, Independent Security Evaluators
Major General Jonathan Shaw, Assistant Chief of the Defence Staff for Global Issues UK MoD.
Additionally, the conference features several workshops (Media workshop, CSFI workshop) on 7 June and a book reading by Cyrus Farivar as one of the side events.
At the end of the conference, new developments in cyber defence in NATO will be addressed as the conference takes place at the time when NATO ministers of defence discuss the new NATO cyber defence policy in Brussels.
Please visit the registration form to sign up. The conference fee is €495. Discounts apply to students, IEEE members, CSFI members and partner organisations of the CCD COE.
https://web.archive.org/web/20110806055237/http://www.ccdcoe.org/255.html
--
At the end of the conference, new developments in cyber defence in NATO will be addressed as the conference takes place at the time when NATO ministers of defence discuss the new NATO cyber defence policy in Brussels.
Please visit the registration form to sign up. The conference fee is €495. Discounts apply to students, IEEE members, CSFI members and partner organisations of the CCD COE.
https://web.archive.org/web/20110806055237/http://www.ccdcoe.org/255.html
--
3rd International Conference on Cyber Conflict to Analyse the Nature of Cyber Forces
The NATO Cooperative Cyber Defence Centre of Excellence will hold its annual international cyber defence conference with 300 participants from 37 countries at Tallinn's Drama Theatre from 7-10 June. This year's focus will be the creation and development of national cyber forces. The conference keynote is the President of Estonia, H. E. Toomas Hendrik Ilves.
As in previous years, the conference will explore the technical, legal and political aspects of cyber security. This year's special focus is on generating cyber forces. In other words, the technologies, people and organisations that nations require to mitigate cyber threats. Presentations will highlight a wide range of research, from the perspectives of both cyber attacker and defender, as well as numerous overviews of existing cyber forces.
Ralph Langner, the German computer scientist who conducted much of the ground-breaking research on the Stuxnet worm, will present an analysis of what has been called the world's first cyber weapon. U.S. Special Agent Richard LaTulip will present an insider’s view of Operation Carder Kaos, which led to the disbanding of an extensive Ukrainian credit card fraud network. U.S. hacker Charlie Miller, who created a buzz at last year's conference with a talk on North Korea, will explain why the bad guys are currently winning the infosec war. Other presentations include Estonia's Cyber Defence League, the possibility of compulsory cyber service, and many legal issues related to cyber forces.
The Tallinn conference will coincide with a NATO defence ministers' meeting in Brussels where a new cyber defence policy for NATO will be adopted. An overview of the new policy will be provided via video feed from Brussels on the last day of the conference.
The NATO Cooperative Cyber Defence Centre of Excellence is a Tallinn-based international military organisation whose sponsoring nations include Estonia, Latvia, Lithuania, Germany, Hungary, Italy, Slovakia and Spain. The CCD COE's mission is to improve the cyber defence capabilities, cooperation and information exchange of NATO member states and their partners.
Conference topics and timetable are available at www.ccdcoe.org/ICCC/agenda.html
For press accreditation, please contact Kristiina Pennar (kristiina.pennar-at-ccdcoe.org; tel: +372 717 6811) before 3 June.
For other matters concerning the conference, please contact Liisa Tallinn (liisa.tallinn-at-ccdcoe.org; tel: +372 52 58 654)
--
13 June 2011
The Third International Conference on Cyber Conflict brought together 380 experts from across the world
More than 380 experts gathered in Tallinn, Estonia, to participate in the annual International Conference on Cyber Conflict. Presentations treated the legal aspects of cyber conflict as well as the technical ones, including recent issues such as Stuxnet and iBots.
The opening address was given by the President of the Republic of Estonia, Toomas Hendrik Ilves, who encouraged nations to develop new strategies and further develop procedures and capabilities. Ilves was followed by Major General Jonathan Shaw, who noted that although cyber awareness has improved, it is important to note that about 80% of cyber problems these days would disappear if people disciplined themselves with what he referred to as "cyber hygiene".
High level speakers warned participants not to over-emphasize any one response mechanism - cyber security is delivered in layers, and the military as the upper layer cannot function without the infrastructure, expertise and lessons learned from intelligence and law enforcement agencies, CERTs and the private sector.
A common theme was the difficulties encountered in the intersection between information sharing and privacy. While Jeff Bardin examined the lack of reciprocity and trust between governments, Hayretdin Bahşi stressed the relevant differences between attackers and defenders in this matter. Attackers have no problem with sharing vital information, but defenders have issues of organisational privacy and potential information loss to contend with.
Another key question is the ability of a nation to purchase the knowledge and skills necessary to combat cyber attacks. While governments cannot afford geniuses, there might be other ways of enlisting private sector brains and assets. Whether the example of the Estonian Cyber Defence league will be followed, or whether other strategies will be used, is a question for the future. On same note, Raoul Chiesa suggested thinking of hackers not only as enemies but as a sort of national resource that could be cultivated.
Charlie Miller, speaking about technical limitations and capabilities, argued that it is quite difficult to produce a completely invulnerable product; and since no regulations exist, it is almost impossible for the consumer to choose the safest product. As Robert Kohn and Charl van der Walt pointed out, the latter is an important issue since attackers often target commonly used applications such as Internet browsers or office software.
Many participants observed that nations will have to rely on help from the private sector, since
cyber warfare capability relies on private sector expertise in information and network architecture, and trust. This reemphasized the importance of public-private partnership and their continuing development; a study consisting of a check-list, national lessons learned and guidelines would be a useful next step.
The underground market for malware and cyber criminals is growing with demand. As Ralph Langner reminded participants in his presentation about Stuxnet, it took a lot of resources and a great mind to create the first nuclear bomb, but copying it was an easy feat. The same principle applies to the cyber world; copying Stuxnet will be easier than creating it was.
The conference concluded with a presentation of the NATO cyber defence policy that was endorsed by the NATO defence ministers on Wednesday. A NATO official stressed that NATO's cyber defence capabilities will focus on the protection of its own networks and those networks CRUCIAL to carrying out critical tasks for the Alliance. A detailed action plan has been approved by the defence ministers together with the policy specifying tasks for all NATO bodies involved in cyber defence and the NATO CCD COE.
The next International Conference on Cyber Conflict will take place in June 2012 in Tallinn, Estonia.
The NATO Cooperative Cyber Defence Centre of Excellence is a NATO-accredited Tallinn-based international military organisation whose sponsoring nations include Estonia, Latvia, Lithuania, Germany, Hungary, Italy, Slovakia and Spain. The CCD COE's mission is to improve the cyber defence capabilities, cooperation and information exchange of NATO member states and their partners.
The opening address was given by the President of the Republic of Estonia, Toomas Hendrik Ilves, who encouraged nations to develop new strategies and further develop procedures and capabilities. Ilves was followed by Major General Jonathan Shaw, who noted that although cyber awareness has improved, it is important to note that about 80% of cyber problems these days would disappear if people disciplined themselves with what he referred to as "cyber hygiene".
High level speakers warned participants not to over-emphasize any one response mechanism - cyber security is delivered in layers, and the military as the upper layer cannot function without the infrastructure, expertise and lessons learned from intelligence and law enforcement agencies, CERTs and the private sector.
A common theme was the difficulties encountered in the intersection between information sharing and privacy. While Jeff Bardin examined the lack of reciprocity and trust between governments, Hayretdin Bahşi stressed the relevant differences between attackers and defenders in this matter. Attackers have no problem with sharing vital information, but defenders have issues of organisational privacy and potential information loss to contend with.
Another key question is the ability of a nation to purchase the knowledge and skills necessary to combat cyber attacks. While governments cannot afford geniuses, there might be other ways of enlisting private sector brains and assets. Whether the example of the Estonian Cyber Defence league will be followed, or whether other strategies will be used, is a question for the future. On same note, Raoul Chiesa suggested thinking of hackers not only as enemies but as a sort of national resource that could be cultivated.
Charlie Miller, speaking about technical limitations and capabilities, argued that it is quite difficult to produce a completely invulnerable product; and since no regulations exist, it is almost impossible for the consumer to choose the safest product. As Robert Kohn and Charl van der Walt pointed out, the latter is an important issue since attackers often target commonly used applications such as Internet browsers or office software.
Many participants observed that nations will have to rely on help from the private sector, since
cyber warfare capability relies on private sector expertise in information and network architecture, and trust. This reemphasized the importance of public-private partnership and their continuing development; a study consisting of a check-list, national lessons learned and guidelines would be a useful next step.
The underground market for malware and cyber criminals is growing with demand. As Ralph Langner reminded participants in his presentation about Stuxnet, it took a lot of resources and a great mind to create the first nuclear bomb, but copying it was an easy feat. The same principle applies to the cyber world; copying Stuxnet will be easier than creating it was.
The conference concluded with a presentation of the NATO cyber defence policy that was endorsed by the NATO defence ministers on Wednesday. A NATO official stressed that NATO's cyber defence capabilities will focus on the protection of its own networks and those networks CRUCIAL to carrying out critical tasks for the Alliance. A detailed action plan has been approved by the defence ministers together with the policy specifying tasks for all NATO bodies involved in cyber defence and the NATO CCD COE.
The next International Conference on Cyber Conflict will take place in June 2012 in Tallinn, Estonia.
The NATO Cooperative Cyber Defence Centre of Excellence is a NATO-accredited Tallinn-based international military organisation whose sponsoring nations include Estonia, Latvia, Lithuania, Germany, Hungary, Italy, Slovakia and Spain. The CCD COE's mission is to improve the cyber defence capabilities, cooperation and information exchange of NATO member states and their partners.
Additional information:
Kristiina Pennar
PR Assistant
+372 717 6811
kristiina.pennar-at-ccdcoe.org
PR Assistant
+372 717 6811
kristiina.pennar-at-ccdcoe.org
Preliminary Agenda |
|---|
Day 0, 7 June | Last updated on 6th ofJune |
|---|
| Time | Event |
8:00-9:00
|
Registration, Nordic Hotel Forum, Hotel Tallink and Hotel Radisson
|
| 9:00-16:00 |
Media Workshop, Drama Theatre, Mirror Hall (pre-registered media only)
|
| CSFI Workshop, Drama Theatre, Small Hall | |
15:00-19:00
| Registration, Radisson and Nordic hotels |
| 18:00-19:00 | Book Reading: "The Internet of Elsewhere" by Cyrus Farivar, Nordic Hotel Forum |
| 19:00- 22:00 |
Ice Breaker Buffet, Restaurant Platz,Dresscode: smart casual (tie optional)
|
Day 1, 8 June
| Time | Concepts, Strategy & Law Main Hall | Technical Challenges & SolutionsSmall Hall |
| 8:20 | Walking to the Drama Theatre from Radisson and Nordic hotels | |
| 8:00-9:00 | Registration, Drama Theatre | |
| 9:00-9:15 | Opening remarks, Col Ilmar Tamm, Director NATO CCD COE | |
| 9:15-9:45 | Keynote address: President of Estonia Toomas Hendrik Ilves | |
| 9:45-10:30 | Keynote address: Major General Jonathan Shaw, Assistant Chief of the Defence Staff for Global Issues UK MoD, Cyber Force From a Nation State Perspective | |
| 10:30-11:00 | Coffee break | |
| 11:00-12:00 | Scene setting session: Moderated by Eneken Tikk, NATO CCD COE The gap between expectation (Policy) and reality (Tech) | |
| 12:00-13:30 | Lunch | |
| 13:30-14:00 | Luc Dandurand (NATO C3 Agency) Rationale and Blueprint for a Cyber Red Team Within NATO |
Keren Elazari (Verint Systems, Israel)
APT Forensic |
| 14:00-14:30 | Keir Giles (Conflict Studies Research Centre, UK) Information Troops - A Russian Cyber Command? | Daniel Bilar, Brendan Saltaformaggio (University of New Orleans, USA) Using a Novel Behavioral Stimuli-Response Framework to Defend against Adversarial Cyberspace Participants |
| 14:30-15:00 | Coffee break | |
| 15:00- 15:30 |
Augmenting cyber forces
Presentations and discussion by Roger Kuhn (US 10th Fleet); Alexander Klimburg (AUT Institute of International Affairs); Rain Ottis (NATO CCD COE); Jeff Bardin (Treadstone71); Jaan Priisalu (Estonian Cyber Defence League); Cyberspace Forum Initiative representatives | Charl van der Walt (Sensepost, South Africa) The more things change, the more they stay the same... |
| 15:30-16:00 | Roberto Saracino (Unicredit) Cyber threat management in ICT banking scvs | |
| 16:00-16:30 | Robert Koch (Universität der Bundeswehr München, Germany) Towards Next Generation Intrusion Detection | |
| 16:30- 17:00 | Jart Armin (HostExploit) Handling Botnets | |
| 17:00- 17:30 | Enn Tyugu (NATO CCD COE) Artificial Intelligence in Cyber Defence | |
| 18:30 | Buses leave from Radisson, Nordic and Tallink hotels to dinner | |
| 19:30- |
Dinner,Viimsi Open Air Museum
Dresscode: casual (open collar) | |
| 23:00 | Buses leave to Radisson and Nordic Hotels | |
Day 2, 9 June
| Time | Concepts, Strategy & Law Main Hall | Technical Challenges & SolutionsSmall Hall |
| 8:00-9:00 | Registration, Drama Theatre | |
| 9:00-10:00 |
Keynote address: Charlie Miller (Accuvant Labs)
Why the Bad Guys are Winning the InfoSec War | |
| 10:00-10:30 | Coffee break | |
| 10:30-11.00 | Tom Wingfield (Marshall Centre, Germany) Manual of International Law Applicable for Cyber Conflict | Hayretdin Bahşi (Turkish National Research Institute of Electronics and Cryptology, Turkey) and Albert Levi (Sabancı University, Turkey) Preserving Organizational Privacy in Intrusion Detection Log Sharing |
| 11:00- 11:30 | Leo Clarke (Washington Federal, Inc., USA), Susan Brenner (University of Dayton, USA) Conscription and Cyber Conflict: Legal Issues |
Raoul Chiesa (Senior Cybercrime Advisor at UNICRI)
Underground of Hacking |
| 11:30- 12:00 | Victoria Ekstedt (Swedish Armed Forces) Is the Swedish Territorial Defence Ordinance applicable on the fourth arena? | Ruslan Smelyanskiy (Moscow State University, Russia) Fine-grained automata-based application behavior control |
| 12:00-13:30 | Lunch | |
| 13:30-14:30 |
Ralph Langner (Langner Communications GmbH)
The first deployed cyber weapon in history: Stuxnet’s architecture and implications | |
| 14:30-15:00 | Coffee break | |
| 15:00-15:30 | Dmitri Alperovich (McAfee) Towards Establishment of Cyberspace Deterrence Strategy | Sachin Deodhar (Cyberconflict Researcher, India) Terrorism and covert channels |
| 15:30-16:00 | Fabio Mulazzani and Salvatore Alessandro Sarcia (ITA Army) Cyber Security on Military Deployed Networks - A Case Study on Information Leakage | Gabriel Klein (Fraunhofer FKIE, Germany), Felix Leder (University of Bonn Germany), Christian Czosseck (NATO CCD COE) On the Arms Race Around Botnets - Setting Up and Taking Down Botnets |
| 16:00-16:30 | Murat Dogrul, Adil Aslan and Eyyup Celik (Turkish Air War College) Developing an International Cooperation on Cyber Defense and Deterrence against Cyber Terrorism | Richard LaTulip (U.S. Secret Service) Operation KarderKaos |
| 16:40-18:00 |
Bus leaves from the Drama Theatre for the NATO CCD COE Tour (pre-registered participants only)
| |
| 19:00 | Groups leave from hotels for the Tallinn Old Town Excursion | |
| 23:00 | Groups leave from hotels for the Tallinn Old Town in the Night Excursion | |
Day 3, 10 June
| Time | Concepts, Strategy & Law Main Hall | Technical Challenges & Solutions Small Hall |
| 8:00-9:00 | Registration, Drama Theatre | |
| 9:00-10:00 | Chris Brown, NetWitness The Failure of Cyber Forces | Iosif Androulidakis (Ioannina University, Greece) PBX Security, Interception and Forensics |
| 10:00-10:30 | Coffee break | |
| 10:30-11:15 | Timothy Bloechl (WISeKey) Civil-Military Operational Implications for Cyber Defense | Mikko Hypponen (Chief Research Officer, F-Secure) Cyber espionage in practice |
| 11:15-11:45 | Mario Golling and Björn Stelte (Universität der Bundeswehr München, Germany) An enhanced Early Warning System Architecture - Cyber Defence in the Internet of the Future | |
| 12:00-13:00 | Presentation and discussion on the new NATO CD policy Conclusions | |
Confirmed Speakers
In 2011 the conference will focus on the combination of defensive and offensive aspects of Cyber Forces and will combine different views on cyber defense and operations in the current and envisaged threat environments.
Following different workshops on 7 June, conference panels start in the morning of Wednesday, 8 June and finish on Friday, 10 June around noon. A detailed agenda will be published in April.
Following different workshops on 7 June, conference panels start in the morning of Wednesday, 8 June and finish on Friday, 10 June around noon. A detailed agenda will be published in April.
Confirmed Speakers
Keynote: Major General Jonathan Shaw, Assistant Chief of the Defence Staff for Global Issues UK MoD.
Maj Gen Shaw will explore the UK's requirement for specialist cyber operators and leaders able to exploit their skills in a cyber-aware future military force.
Maj Gen Shaw will explore the UK's requirement for specialist cyber operators and leaders able to exploit their skills in a cyber-aware future military force.
Keynote: Charlie Miller, Independent Security Evaluators
Mr Miller will discuss why vendors have stopped looking for bugs and how they hope anti-exploitation technologies will save them. This talk will discuss how these technologies work, what platforms and applications use them, and what they mean for attackers and defenders.
Mikko Hypponen, F-Secure
Mr Hypponen will show in practice what cyber espionage looks like. Espionage is about collecting information. Today information is stored on computers and networks, making them potentially accesible from anywhere in the world. As a result, state-sponsored espionage is happening increasingly with computer attacks such as backdoors and remote trojans.
Mr Hypponen will show in practice what cyber espionage looks like. Espionage is about collecting information. Today information is stored on computers and networks, making them potentially accesible from anywhere in the world. As a result, state-sponsored espionage is happening increasingly with computer attacks such as backdoors and remote trojans.
Keren Elazari, Verint Systems
Ms Elazari will present in brief and examine some of the forensic technologies on the network layer explaining how they can be utilized in order to identify, defend against and even preempt sophisticated cyber attacks and those stealthy cyber threats nicknamed "APT".
Ms Elazari will present in brief and examine some of the forensic technologies on the network layer explaining how they can be utilized in order to identify, defend against and even preempt sophisticated cyber attacks and those stealthy cyber threats nicknamed "APT".
Richard LaTulip, Special Agent, United States Secret Service, Operation Carder Kaos.
Mr LaTulip will speak on the undercover operations, logistics and aspects of Operation Carder Kaos. (i.e. TJX/Heartland/Maksik).
Mr LaTulip will speak on the undercover operations, logistics and aspects of Operation Carder Kaos. (i.e. TJX/Heartland/Maksik).
Iosif Androulidakis, Ioannina University.
Mr Androulidakis will give a presentation on PBX Security, Interception and Forensics tutorial with all the necessary theoretical and practical background, plus a demo of PBX hacking.
Mr Androulidakis will give a presentation on PBX Security, Interception and Forensics tutorial with all the necessary theoretical and practical background, plus a demo of PBX hacking.
Raoul Chiesa, United Nations Interregional Crime & Justice Research Institute.
Mr Chiesa will analyze the hacker's roots and the evolution of the so-called "hacking underground" but also nowaday's hacking, driven by money and organized crime, zooming on today's "Underground Economy".
Mr Chiesa will analyze the hacker's roots and the evolution of the so-called "hacking underground" but also nowaday's hacking, driven by money and organized crime, zooming on today's "Underground Economy".
Jart Armin, HostExploit
Mr Armin's presentation and paper examines three crucial steps in handling botnets. Firstly, methods to quantify the numbers of zombies out there. Secondly, understand and apply the methodologies of locating the errant devices. Finally, to consider the infected zombies as we would in a human public health scenario; quarantine and re-mediate.
Mr Armin's presentation and paper examines three crucial steps in handling botnets. Firstly, methods to quantify the numbers of zombies out there. Secondly, understand and apply the methodologies of locating the errant devices. Finally, to consider the infected zombies as we would in a human public health scenario; quarantine and re-mediate.
Charl van der Walt, Sensepost
Mr van der Walt will talk about the fundamental shift in the world of information security during 2010 caused by Stuxnet, "Aurora", "Wikileaks" and "Anonymous". He will stand back from the changes that are currently sweeping our world and offer his observations and thoughts.
Mr van der Walt will talk about the fundamental shift in the world of information security during 2010 caused by Stuxnet, "Aurora", "Wikileaks" and "Anonymous". He will stand back from the changes that are currently sweeping our world and offer his observations and thoughts.
Ralph Langner, Langner Communications GmbH
Mr Langner's deep level analysis of the Stuxnet malware had a large impact on our collective understanding of the real risks to be addressed in critical infrastructure protection.
Mr Langner's deep level analysis of the Stuxnet malware had a large impact on our collective understanding of the real risks to be addressed in critical infrastructure protection.
----
Papers: Concepts, Strategy & Law
Conscription and Cyber Conflict: Legal IssuesSusan W. Brenner, Leo L. ClarkeThis paper examines legal issues that could arise from utilizing a civilian cyber defense corps to defend a nation-state and its assets from cyber attacks. We use Estonia’s Cyber Defense League as an analytical device, and we examine issues that may arise under the CDL as it is currently configured and as it might be configured. Our analysis focuses on ten specific issues. We argue that the nature and inherent ambiguity of cyber war will require a reserve corps of IT specialists who can be conscripted if there is a substantial likelihood that a cyber attack will materially disrupt the public order. We also consider the practical and legal aspects of the criteria to be used to select conscripts and factors that will affect the duration of conscription. […]
Cyber Security on Military Deployed Networks - A Case Study on Real Information LeakageFabio Mulazzani, Salvatore A. Sarcia’This paper reports on real information leakage occurred in a multinational mission. To investigate the nature of the leakage, we performed a survey among the military operators which showed that technical and cultural problems were key elements of the security shortfall. We also show that military deployed networks present some peculiarities with respect to infrastructure homeland networks. Therefore, the former should be managed differently from the latter. In particular, we highlight two reasons concerning either the operators or the networks: (1) Temporary nature of deployed networks and (2) Lack of training and guidance (es. SOPs). Finally, we propose a new approach that would strengthen the defense attitude of signal units and check whether protection activities are effective and reliable.
Developing an International Cooperation on Cyber Defense and Deterrence against Cyber TerrorismMurat Dogrul, Adil Aslan, Eyyup Celik[…] This paper evaluates the importance of building international cooperation on cyber defense and deterrence against cyber terrorism. It aims to improve and further existing contents and definitions of cyber terrorism; discusses the attractiveness of cyber attacks for terrorists and past experiences on cyber terrorism. It emphasizes establishing international legal measures and cooperation between nations against cyber terrorism in order to maintain the international stability and prosperity. In accordance with NATO’s new strategic concept, it focuses on developing the member nations’ ability to prevent, detect, defend against and recover from cyber attacks to enhance and coordinate national cyber defense capabilities. It provides necessary steps that have to be taken globally in order to counter cyber terrorism.
“Information Troops” – a Russian Cyber Command?Keir GilesAppraisals of Russian military performance during the armed conflict with Georgia in August 2008 noted, among other deficiencies, poor performance in Information Warfare (IW). This led to calls in informed commentary for the creation of dedicated “Information Troops” within the Russian armed forces, whose duties would include what we would define as cyber operations. This stemmed from a perception in parts of the Russian Armed Forces that the "information war" against Georgia had been lost.
[…] This paper draws on unclassified open-source media and interviews with serving Russian military officers to consider the Russian military view of cyber operations as a subset of information war, and the prospects for creation of “information troops” (whether given this name or not) in the context of ongoing Russian military transformation. Informal links with volunteer and co-opted cyber forces are also considered.
[…] This paper draws on unclassified open-source media and interviews with serving Russian military officers to consider the Russian military view of cyber operations as a subset of information war, and the prospects for creation of “information troops” (whether given this name or not) in the context of ongoing Russian military transformation. Informal links with volunteer and co-opted cyber forces are also considered.
Is the Swedish Territorial Defence Ordinance applicable on the fourth arena?Victoria EkstedtLike other modern societies, Sweden is highly dependent on its digital infrastructure in order to run vital functions such as electricity, water purification, information and communications. Even though this infrastructure is characterized by transboundary features, it is clearly a part of the Swedish state. In peacetime, the Swedish armed forces are tasked to protect and defend the geographic territory of the state from violations, and the authority to do so is given by the Territorial Defence Ordinance. However, according to the analysis of this paper, the ordinance cannot be applied on the digital parts of the society, by the military called “the fourth arena”. Numerous difficulties rises with an application of the ordinance in its present wording and against this background, it is of interest to clarify the present legal situation and suggest a way forward in order to achieve adequate protection on the same premises as the other arenas. The interdependency between national and international law on this matter is pointed out and international law is used to interpret the national ordinance. […]
Rationale and Blueprint for a Cyber Red Team Within NATOLuc DandurandThis paper provides the rationale and blueprint for a “cyber red team”, a dedicated military capability whose objective is to improve the cyber defence of the Alliance through the controlled execution of cyber attacks. These cyber attacks would be specifically designed to achieve three goals. The first goal is to assess the effectiveness of the existing security measures in providing mission assurance, at both the technical and procedural levels. The second goal is to demonstrate the possible impact of these cyber attacks to senior management and key stakeholders. The third goal is to improve the cyber security staff’s ability to detect and respond to cyber attacks by exposing them to realistic, unannounced attacks in their specific working environment. Details of the proposal cover governance, command and control, modus operandi, organizational structure, skills and experience required for team members as well as recommendations for personnel selection. It also identifies a number of controls that would address concerns related to its implementation.
Towards Establishment of Cyberspace Deterrence StrategyDmitri AlperovitchThe question of whether strategic deterrence in cyberspace is achievable given the challenges of detection, attribution and credible retaliation is a topic of contention among military and civilian defense strategists. This paper presents a taxonomy of cyberattacks that identifies which type of threats present the greatest risk to nation-state economic and military security, including their political and social facets, and must be covered by a broad cyberdeterrence strategy. By applying traditional strategic deterrence theory, a potential cyberdeterrence strategy is put forth that can enhance national security against devastating cyberattacks through a credible declaratory retaliation capability.
Papers: Technical Challenges & Solutions
Artificial Intelligence in Cyber DefenseEnn Tyugu[…] This paper presents a brief survey of artificial intelligence applications in cyber defense (CD), and analyzes the prospects of enhancing the cyber defense capabilities by means of increasing the intelligence of the defense systems. After surveying the papers available about artificial intelligence applications in CD, we can conclude that useful applications already exist. They belong, first of all, to applications of artificial neural nets in perimeter defense and some other CD areas. From the other side – it has become obvious that many CD problems can be solved successfully only when methods of artificial intelligence are being used. For example, wide knowledge usage is necessary in decision making, and intelligent decision support is one of yet unsolved problems in CD.
On the Arms Race Around Botnets –Setting Up and Taking Down BotnetsChristian Czosseck, Gabriel Klein, Felix Leder[…] Based on the analysis of multiple botnet takedowns and the in-depth investigation of various botnet architectures conducted by the authors, this paper provides an analysis of the efforts needed to acquire and set up a botnet. This is followed by a comparison of selected significant botnet countermeasures, which are discussed with regard to their required resources. Legal and ethical issues are also addressed, while a more thorough discussion of these will be left for future work.
Preserving Organizational Privacy in Intrusion Detection Log SharingHayretdin Bahşi, Albert Levi
This paper presents a privacy preserving framework for organizations those need to share their logs of intrusion detection systems with a centralized intrusion log management center. This centralized center may be an out-source company that gives intrusion detection management service to organizations or a system of National Computer Emergency Response Team that probes the attacks targeting organizations having critical information systems. For privacy enhancing reasons, we adopt l-Diversity notion during the collection of intrusion logs from organizations. In our framework, an organization ensures the people in the center cannot deduce the exact originator organization of any intrusion log among other l-1 organizations. […]
This paper presents a privacy preserving framework for organizations those need to share their logs of intrusion detection systems with a centralized intrusion log management center. This centralized center may be an out-source company that gives intrusion detection management service to organizations or a system of National Computer Emergency Response Team that probes the attacks targeting organizations having critical information systems. For privacy enhancing reasons, we adopt l-Diversity notion during the collection of intrusion logs from organizations. In our framework, an organization ensures the people in the center cannot deduce the exact originator organization of any intrusion log among other l-1 organizations. […]
Requirements for a Future EWS – Cyber Defence in the Internet of the FutureMario Golling and Björn Stelte […] In this paper we will show that the proposed requirements for an Early Warning System are a main part of future Cyber Defence. Special attention is given on the challenges associated to the generation of early warning systems for future attacks on the Internet of the Future. The term Cyber War is used frequently but unfortunately with different intends. Therefore, we start with a definition of the term Cyber War focusing on security aspects related to the Internet of the Future, followed by an exemplification of a Cyber War, of its implications and the challenges associated to it. Then we proceed with an analysis of state of the art recent work that has been proposed on the topic. Additionally the weaknesses of these analyzed systems and approaches are presented. Finally we propose guidelines and requirements for future work which will be needed to implement a next generation early warning system for securing the Internet of the Future.
Towards Next-Generation Intrusion DetectionRobert Koch […] With the steadily increasing use of encryption technology, State-of-the-Art Intrusion- as well as Extrusion Detection technologies can hardly safeguard current networks to the full extend. Furthermore, they are not able to cope with the arising challenges of the fast growing network environments.
The paper gives an overview of up-to-date security systems and investigates their shortcomings. Latest security-related threats and upcoming challenges are analyzed. In the end, requirements for a Next-Generation IDS are identified and current research as well as open issues are presented.
The paper gives an overview of up-to-date security systems and investigates their shortcomings. Latest security-related threats and upcoming challenges are analyzed. In the end, requirements for a Next-Generation IDS are identified and current research as well as open issues are presented.
Using a Novel Behavioral Stimuli-Response Framework to Defend against Adversarial Cyberspace Participants
Daniel Bilar, Brendan SaltaformaggioAutonomous Baiting, Control and Deception of Adversarial Cyberspace Participants (ABCD-ACP) is an experimental defensive framework against potentially adversarial cyberspace participants, such as malicious software and subversive insiders. By deploying fake targets (called baits/stimuli) onto a virtualized environment, the framework seeks to probabilistically identify suspicious participants through aggregate suspicious behavior, subvert their decision structure and goad them into a position favorable to the defense. Baits include simulating insertion of readable and writable drives with weak or no password, marked doc/pdf/txt/exe/cad/xls/dat files, processes with popular target names and processes that detect thread injections. This approach bears some similarities to the concept of subverting an enemy's OODA (Observe, Orient, Decide, and Act) loop, an information warfare strategy which seeks to proactively influence and change enemy behavior. By controlling perception of the environment, this approach similarly seeks to influence adversarial participants’ decision complexity, noise levels, effectiveness and ultimately their ability to fulfill their mission. This is a work in progress: The conceptual framework is described, and implemented baits and preliminary empirical results are presented. […]
Daniel Bilar, Brendan SaltaformaggioAutonomous Baiting, Control and Deception of Adversarial Cyberspace Participants (ABCD-ACP) is an experimental defensive framework against potentially adversarial cyberspace participants, such as malicious software and subversive insiders. By deploying fake targets (called baits/stimuli) onto a virtualized environment, the framework seeks to probabilistically identify suspicious participants through aggregate suspicious behavior, subvert their decision structure and goad them into a position favorable to the defense. Baits include simulating insertion of readable and writable drives with weak or no password, marked doc/pdf/txt/exe/cad/xls/dat files, processes with popular target names and processes that detect thread injections. This approach bears some similarities to the concept of subverting an enemy's OODA (Observe, Orient, Decide, and Act) loop, an information warfare strategy which seeks to proactively influence and change enemy behavior. By controlling perception of the environment, this approach similarly seeks to influence adversarial participants’ decision complexity, noise levels, effectiveness and ultimately their ability to fulfill their mission. This is a work in progress: The conceptual framework is described, and implemented baits and preliminary empirical results are presented. […]
© 2010 CCD COE A: Filtri tee 12, 10132 Tallinn, Estonia T: +372 717 6800 F: +372 717 6308 E: iccc
ccdcoe.org
ccdcoe.org