A Strategy for Cyber Defense StrategyA Strategy for Cyber Defense Strategy
John C. Mallery (John C. Mallery ([email protected])Computer Science & Artificial Intelligence LaboratoryComputer Science & Artificial Intelligence Laboratory
Massachusetts Institute of TechnologyMassachusetts Institute of Technology
Presentation at the 2010 Workshop on Cyber Security and Global Affairs & Security Confabulation IV, Zurich, July 7-9, 2010.
04/21/23 11:33 AM
John C. Mallery MIT CSAIL2
MessageMessage Decompose the cyber elephant!Decompose the cyber elephant!
Identify attacker business modelsIdentify attacker business models Make prioritized architectural moves to disrupt Make prioritized architectural moves to disrupt
attacker business modelsattacker business models Increase the work factor for attackersIncrease the work factor for attackers Lower the work factor for defendersLower the work factor for defenders
Plan defensive campaigns across life cycles of Plan defensive campaigns across life cycles of attack and defenseattack and defense Disrupt the attacker business model at choke pointsDisrupt the attacker business model at choke points Channel the attacker to more defensible attack Channel the attacker to more defensible attack
surfacessurfaces Seize the initiative Seize the initiative
Change the game to the advantage of defenseChange the game to the advantage of defense Change the incentive structures -> virtuous cyclesChange the incentive structures -> virtuous cycles Align security and mission incentivesAlign security and mission incentives
John C. Mallery MIT CSAIL3
Threat Actors And CapabilitiesThreat Actors And CapabilitiesThreat Actors Motive Targets Means Resources
Nation StatesDuring War Time
PoliticalMilitary, intelligence, infrastructure, espionage, reconnaissance, influence operations
Intelligence, military, broad private sector
Fully mobilized, multi-spectrum
Nation StatesDuring Peace Time
PoliticalEspionage, reconnaissance, influence operations
Intelligence, military, leverages criminal enterprises or black markets
High, multi-spectrum, variable skill sets below major cyber powers
Terrorists, Insurgents
Political Infrastructure, extortion Leverage black markets? Limited, low expertise
Political Activists or Parties
Political Political outcomes Outsourcing? Limited, low expertise
Black Markets ForCyber Crime
Financial
Hijacked resources, fraud, theft, IP theft, illicit content, scams, crime for hire
Tools, exploits, platforms, data, expertise, planning
Mobilizes cyber crime networks
Criminal Enterprises
Financial
Reconnaissance, planning, diverse expertise
Professional, low end multi-spectrum, leverage of black markets
Small Scale Criminals
Financial
Leverages black marketsLow, mostly reliant on black markets
Rogue EnterprisesFinancial
IP theft, influence on sectoral issues
Outsourcing to criminal enterprises?
Sectoral expertise, funding, organization
John C. Mallery MIT CSAIL4
Integration of Technical and Economic PerspectivesIntegration of Technical and Economic Perspectives
Security Engineering defends and attributes
Security Economics analyzes incentives and risks
Value at Risk
ThreatActors
AttackVectors
Value Monetization
Political Return
John C. Mallery MIT CSAIL5
Asymmetries of Asymmetries of Cyber Attack and DefenseCyber Attack and Defense
Mode Attacker Defender
InitiativeChooses the best place, time and means of attack
Must defend everywhere, all the time, against any attack
CommunicationsOrganized around attack
-> GoodOrganized around product ->
Poor
Coordination Small group -> high Non-scalable -> low
Situational Awareness
HighAfter-market bolt-on
-> Low
Software Control HighDepends on supply chain ->
Low
Decision cycle FastMany stake holders
-> Slow
Agility High (apparent) Low
Knowledge Low, narrow High, broad but diffuse
Architectural Control Low High, but slow
Legal/LE Systems Low High, but slow
John C. Mallery MIT CSAIL6
Laws of Information AssuranceLaws of Information Assurance Centralization Risk: Centralization Risk: Concentration of value attracts better Concentration of value attracts better
resourced attackers whenever the attacker work factor does not resourced attackers whenever the attacker work factor does not increase faster than the value at risk.increase faster than the value at risk. Corollary: Attackers can gain economies of scale through common Corollary: Attackers can gain economies of scale through common
mode vulnerability (low diversity)mode vulnerability (low diversity) Corollary: Multiplexing functionality on the same platform aggregates Corollary: Multiplexing functionality on the same platform aggregates
the individual threat modelsthe individual threat models Markowitz’s Law: Markowitz’s Law: A minimal complexity system has fewer attack A minimal complexity system has fewer attack
surfaces.surfaces. Corollary: Eliminate unnecessary functionalityCorollary: Eliminate unnecessary functionality
Gosler’s Law: Gosler’s Law: Architectural change displaces preferred attack Architectural change displaces preferred attack points.points. Corollary: Move attack points to where they can be best defended.Corollary: Move attack points to where they can be best defended.
Architectural Leverage: Architectural Leverage: Effective security can be achieved Effective security can be achieved through synergistic architectural moves targeting attacker work through synergistic architectural moves targeting attacker work factorsfactors Success is achieved by raising attacker work factor across attack Success is achieved by raising attacker work factor across attack
surfaces beyond the resources available to the attacker, or worthy of surfaces beyond the resources available to the attacker, or worthy of the target.the target.
John C. Mallery MIT CSAIL7
Defensive Complexity AnalysisDefensive Complexity Analysis Meta-metric for security focuses on difficulty of tasks an attacker Meta-metric for security focuses on difficulty of tasks an attacker
or defender must performor defender must perform Work factor is the difficulty of executing tasksWork factor is the difficulty of executing tasks Analogous to computational difficulty in cryptoAnalogous to computational difficulty in crypto Extends beyond the technical designs to domain embeddingsExtends beyond the technical designs to domain embeddings
Dimensions of work factorsDimensions of work factors ResourcesResources
Computational complexityComputational complexity CostCost Expertise and KnowledgeExpertise and Knowledge
Planning, execution and information managementPlanning, execution and information management Cognitive difficulty (non-linear planning)Cognitive difficulty (non-linear planning) Learning difficultyLearning difficulty Organizational effectiveness/dysfunctionOrganizational effectiveness/dysfunction
RiskRisk UncertaintyUncertainty CultureCulture
Make technical or policy moves that cumulativelyMake technical or policy moves that cumulatively Impose hard problems on attackers Impose hard problems on attackers Facilitate coordinated defense Facilitate coordinated defense
John C. Mallery MIT CSAIL8
High Leverage Solutions:High Leverage Solutions:Eliminate Whole Classes Of Vulnerability By DesignEliminate Whole Classes Of Vulnerability By Design
Example: Runtime type checking and array bounds checking eliminates 99% of penetration exploits on COTS operating systems. – Source: Alexander Sotirov (Solved in the 1970s – use it!)
Fixing security vulnerabilities at their source retires an entire attack surface, and its consequences.
Failure to fix the cause results in multiplicative vulnerabilities and multiplicative impacts on defender work factors.
Leverage means fixing the cause rather than the symptoms.
Example: Lack of separation in COTs operating systems means one Trojan in the supply chain can subvert downstream products and systems. (See separation kernels)
Example: Ubiquitous input validation eliminates code injection attacks (e.g., SQL injection) (see CLIM)
Tree Descent Is Exponential
John C. Mallery MIT CSAIL9
Cyber Security Leverage is highest at Cyber Security Leverage is highest at base of IT Innovation Hierarchybase of IT Innovation Hierarchy
John C. Mallery MIT CSAIL10
Attack/Defense Work Factors atAttack/Defense Work Factors atEvery Stage In System Life Cycles Every Stage In System Life Cycles
Evolving Technology Landscape
Requirements
Design
Implementation
Accreditation
Integration
Manufacturing
Shipping
Deployment
Operation
Training
Maintenance
Evolution
The attacker can choose to attack the weakest surface at the most inopportune time for the defender.
The sophisticated attacker can deploy multi-spectrum techniques in a well-resourced coordinated plan.
The sophisticated attacker can attack anywhere along the supply chain.
The defender must protect all attack surfaces at all times, including those in the supply chain
John C. Mallery MIT CSAIL11
Attacker Work Factors at Every Stage in Attacker Work Factors at Every Stage in the Offensive Life Cycle (days)the Offensive Life Cycle (days)
Mode ActionResearch
Target
Conceptualize
Probe
Map networks, apps, files, info
Plan
Penetrate, Develop Persistence
& Collect
Camouflage
Penetrate
Camouflage
Execute
Exfiltrate
Obfuscate
Analysis Data Mine
Analyze
Disseminate& Act
Integrate
Distribute
John C. Mallery MIT CSAIL12
Defender Work Factors at Every Stage Defender Work Factors at Every Stage in The Defensive Life Cycle (years)in The Defensive Life Cycle (years)
Mode ActionModel Anticipate
Attack
Attack Sensing, Warning and Response (ASW&R)
Sense, Warn, Respond
Identify Threat Diagnose
Design Mitigation
Adapt/remediate
Regenerate
Investigate
Develop & Deploy
Develop
Deploy Maintenance Or Upgrade
John C. Mallery MIT CSAIL13
Today’s COTs: Even Partial Solutions Today’s COTs: Even Partial Solutions Can Impact The Attacker Work FactorCan Impact The Attacker Work Factor
Microsoft introduced a series of partial moves Microsoft introduced a series of partial moves against penetration over past 10 yearsagainst penetration over past 10 years Penetration is when the attacker gets his first Penetration is when the attacker gets his first
function to run before he escalates privilegefunction to run before he escalates privilege None of MS counter measures are fully effectiveNone of MS counter measures are fully effective Some break existing code and are not turned on Some break existing code and are not turned on
Yet, the impact on the attacker work factor Yet, the impact on the attacker work factor increased the time to develop an exploit from 3 increased the time to develop an exploit from 3 days in the late 1990s to 3 weeks in 2010days in the late 1990s to 3 weeks in 2010 Assumes exploit development (but not packaging) Assumes exploit development (but not packaging)
must be done by a single personmust be done by a single person Source: Alexander Sotirov, February, 2010Source: Alexander Sotirov, February, 2010
Still not outside the 4 week patch cycle? Still not outside the 4 week patch cycle?
John C. Mallery MIT CSAIL14
Medium-term (3-5 yrs): Medium-term (3-5 yrs): Enhancing Power Grid SecurityEnhancing Power Grid Security
Create secure SCADA cyber infrastructure based on:Create secure SCADA cyber infrastructure based on: Minimal complexity hosts with high assuranceMinimal complexity hosts with high assurance Minimal connectivity overlay networksMinimal connectivity overlay networks
ApproachApproach Separation: Separation: Build on existing platforms like separation kernelsBuild on existing platforms like separation kernels Safety: Safety: Use safe programming languagesUse safe programming languages
Type checking & buffer bounds checkingType checking & buffer bounds checking Correctness: Correctness: Verify critical code, including compilerVerify critical code, including compiler Input Checking: Input Checking: Use comprehensive syntactic input Use comprehensive syntactic input
validationvalidation Example: CLIM presentation systemExample: CLIM presentation system
Model Checking: Model Checking: Build semantic model to validate inputBuild semantic model to validate input Massoud Amin (U. Minn.) claims that 60% of parameter input sets Massoud Amin (U. Minn.) claims that 60% of parameter input sets
could be checked for safetycould be checked for safety Resilience: Resilience: Build in via strong adaptive capacityBuild in via strong adaptive capacity Redundancy: Redundancy: Use physically redundant networking with out Use physically redundant networking with out
of band controlof band control Adapt approach to other critical infrastructuresAdapt approach to other critical infrastructures WF Impact: Major, state of the art security, push the WF Impact: Major, state of the art security, push the
attacks into the supply chain and insidersattacks into the supply chain and insiders
John C. Mallery MIT CSAIL15
Mid-term (3-5 yrs): Prophylactic Mid-term (3-5 yrs): Prophylactic Networking Strategy (HTTP and SMTP) Networking Strategy (HTTP and SMTP)
Eliminate exploitable vulnerabilities from the network Eliminate exploitable vulnerabilities from the network application stack so as to deny botnets and bad actors a application stack so as to deny botnets and bad actors a vector through which to subvert COTs OSes.vector through which to subvert COTs OSes. Reimplement the TCP/IP and SSL stacks in a safe language. Reimplement the TCP/IP and SSL stacks in a safe language. Reimplement HTTP and SMTP servers and clients in safe languages. Reimplement HTTP and SMTP servers and clients in safe languages. Provide a competent security model and sandboxing for mobile code Provide a competent security model and sandboxing for mobile code
(e.g., JavaScript). (e.g., JavaScript). Use virtualized COTS OS + app (e.g. word, multimedia code) in a Use virtualized COTS OS + app (e.g. word, multimedia code) in a
one-shot-then-reset mode to view embedded media or attachments. one-shot-then-reset mode to view embedded media or attachments. Parse and rewrite any media or attachments that are returned to the Parse and rewrite any media or attachments that are returned to the
primary host environment.primary host environment. Industry knows how to implement these systemsIndustry knows how to implement these systems For probably $1B, the HTTP and SMTP range of software could For probably $1B, the HTTP and SMTP range of software could
be reimplemented within 2-3 years.be reimplemented within 2-3 years. Some legal requirements for “network safety” would incentivize Some legal requirements for “network safety” would incentivize
the development and update.the development and update. Spear phishing eliminated by design (maybe spam too)Spear phishing eliminated by design (maybe spam too) Drive-by Web site attacks eliminated by designDrive-by Web site attacks eliminated by design
WF Impact: Significant, push attacker on to other penetration WF Impact: Significant, push attacker on to other penetration vectors, make him do R&Dvectors, make him do R&D
John C. Mallery MIT CSAIL16
Long-term (5-10 yrs): Long-term (5-10 yrs): Transformational ArchitecturesTransformational Architectures
Eliminate single point failures leading to collapse of Eliminate single point failures leading to collapse of security in:security in: System architectures (e.g., monolithic privileged kernel)System architectures (e.g., monolithic privileged kernel) Crypto (e.g., secret key leakage)Crypto (e.g., secret key leakage) ID management (e.g., insider)ID management (e.g., insider) Application architecturesApplication architectures
Principles:Principles: Bake in securityBake in security
Eliminate vulnerabilities by designEliminate vulnerabilities by design Enforce strong fine-grained separationEnforce strong fine-grained separation Factor componentsFactor components
Ground trust in multiple separate ways forcing an attack to Ground trust in multiple separate ways forcing an attack to compromise all simultaneouslycompromise all simultaneously
Enhance resilience through adaptive software forcing an Enhance resilience through adaptive software forcing an attacker to impair all functional variants simultaneouslyattacker to impair all functional variants simultaneously
Raise productivity dramatically based on semi-automatic Raise productivity dramatically based on semi-automatic program synthesis using verified and composable componentsprogram synthesis using verified and composable components
WF Impact: Dramatic, over the horizon, push attacks WF Impact: Dramatic, over the horizon, push attacks into the supply chaininto the supply chain
John C. Mallery MIT CSAIL17
Work Factor Analysis Work Factor Analysis Can Help Guide Policy FormationCan Help Guide Policy Formation
Non-technical architectures have an impact on attacker Non-technical architectures have an impact on attacker and defender work factorsand defender work factors International Law: International Law: Distinguish attack rising to “armed force” Distinguish attack rising to “armed force”
from espionagefrom espionage Separate exploitation targets from CSeparate exploitation targets from C22 architecturally to enable architecturally to enable
clear response?clear response? Design component sourcing so that supply chain attacks must Design component sourcing so that supply chain attacks must
compromise multiple branches to succeed.compromise multiple branches to succeed. Eliminate single point supply chain vulnerabilitiesEliminate single point supply chain vulnerabilities Multiply suppliers and randomize component sourcingMultiply suppliers and randomize component sourcing
Technical architectures interact with policy choicesTechnical architectures interact with policy choices Isolation: Isolation: Separate functions across systems so that Separate functions across systems so that
compromise of a single system does not compromise multiple compromise of a single system does not compromise multiple systemssystems
Costs more moneyCosts more money Self-knowledge: Self-knowledge: Map systems to build situational awareness Map systems to build situational awareness
of functions at risk to infer attacker goals and business modelof functions at risk to infer attacker goals and business model Layout systems so they can be used to instrument attacker objectivesLayout systems so they can be used to instrument attacker objectives
Work factors can clarify leverage to help prioritize Work factors can clarify leverage to help prioritize policy movespolicy moves
John C. Mallery MIT CSAIL18
Legal Moves: Legal Moves: Black Markets For Cyber CrimeBlack Markets For Cyber Crime
Black markets provide:Black markets provide: Scalable cyber crimeScalable cyber crime Empower low-end state actors (over 100)Empower low-end state actors (over 100)
A number of activities may not be illegal!A number of activities may not be illegal! Target reconnaissanceTarget reconnaissance Attack toolsAttack tools Cryptographic supportCryptographic support
Extend legal system to cover support activities for Extend legal system to cover support activities for cyber crimecyber crime Outlaw activities without non-criminal applicationsOutlaw activities without non-criminal applications Control “dual use” activities with high criminal leverageControl “dual use” activities with high criminal leverage
WF Impact: Increase work factor by raising legal riskWF Impact: Increase work factor by raising legal risk LE focus on high leverage supply activitiesLE focus on high leverage supply activities Increase scarcity & price of high leverage ingredientsIncrease scarcity & price of high leverage ingredients
John C. Mallery MIT CSAIL19
Legal Moves: Legal Moves: Separate Cyber Crime From TerroristsSeparate Cyber Crime From Terrorists
Terrorist may seek cyber attack capabilities in criminal Terrorist may seek cyber attack capabilities in criminal black marketsblack markets
Cyber criminals are economic actorsCyber criminals are economic actors Pursue a business modelPursue a business model Seek to reduce risk to continuity of operationsSeek to reduce risk to continuity of operations
Make legal moves against transfer of cyber attack Make legal moves against transfer of cyber attack data, tools or expertise to terrorist organizationsdata, tools or expertise to terrorist organizations Raise response to national security level using military and Raise response to national security level using military and
intelligence resourcesintelligence resources Institute exceptionally severe penalties, especially for critical Institute exceptionally severe penalties, especially for critical
infrastructure attacksinfrastructure attacks Channel activity away from terrorismChannel activity away from terrorism
Make the risk reward calculus uneconomicMake the risk reward calculus uneconomic WF Impact: Reinforce incentives against aid to WF Impact: Reinforce incentives against aid to
terroriststerrorists
John C. Mallery MIT CSAIL20
Economics: Monetizing Cyber Security Economics: Monetizing Cyber Security & Modernizing the IT Sector& Modernizing the IT Sector
Success: Success: Market forces spread reasonably high assurance throughout society and Market forces spread reasonably high assurance throughout society and
continue to innovate (continue to innovate (Precedent: 1990s build out of civilian Internet)Precedent: 1990s build out of civilian Internet) Requirements:Requirements:
Ability to accurately measure and compare system security characteristicsAbility to accurately measure and compare system security characteristics Predictive metricsPredictive metrics Historical data seriesHistorical data series
Ability of buyers of IT to reliably understand & measure riskAbility of buyers of IT to reliably understand & measure risk Anticipate and measure threat levelsAnticipate and measure threat levels Estimate losses due to potential cyber attacks Estimate losses due to potential cyber attacks Determine commensurate levels of investment in securityDetermine commensurate levels of investment in security
Transformation of the IT technology plane for security and agilityTransformation of the IT technology plane for security and agility Strongly bias work factors in favor of defender against attackerStrongly bias work factors in favor of defender against attacker Dramatically harden systems Dramatically harden systems Architect for adaptive resilience and rapid recoveryArchitect for adaptive resilience and rapid recovery Radically increase productivity of secure system development, certification, Radically increase productivity of secure system development, certification,
accreditation, and operationaccreditation, and operation Align security with functionality by making it inherent and largely transparentAlign security with functionality by making it inherent and largely transparent Deliver faster development cycles and superior total ownership cost than current Deliver faster development cycles and superior total ownership cost than current
generation COTSgeneration COTS Alignment of market incentives for uptake – ultimately next gen COTSAlignment of market incentives for uptake – ultimately next gen COTS
Stratify markets according to assurance needs to provide a learning curve Stratify markets according to assurance needs to provide a learning curve and a path to scaleand a path to scale
Phased introduction of safety regulations, liability and meaningful cyber insurance Phased introduction of safety regulations, liability and meaningful cyber insurance as industry is genuinely able to respond based on transformational technologiesas industry is genuinely able to respond based on transformational technologies
Attenuate rigidities in IT capital goods ecosystem that impede technical evolutionAttenuate rigidities in IT capital goods ecosystem that impede technical evolution
John C. Mallery MIT CSAIL21
MessageMessage Decompose the cyber elephant!Decompose the cyber elephant!
Identify attacker business modelsIdentify attacker business models Make prioritized architectural moves to disrupt Make prioritized architectural moves to disrupt
attacker business modelsattacker business models Increase the work factor for attackersIncrease the work factor for attackers Lower the work factor for defendersLower the work factor for defenders
Plan defensive campaigns across life cycles of Plan defensive campaigns across life cycles of attack and defenseattack and defense Disrupt the attacker business model at choke pointsDisrupt the attacker business model at choke points Channel the attacker to more defensible attack Channel the attacker to more defensible attack
surfacessurfaces Seize the initiative Seize the initiative
Change the game to the advantage of defenseChange the game to the advantage of defense Change the incentive structures -> virtuous cyclesChange the incentive structures -> virtuous cycles Align security and mission incentivesAlign security and mission incentives
AppendixAppendix
John C. Mallery MIT CSAIL23
Received Notions Of SustainabilityReceived Notions Of Sustainability Developmental Economics: Developmental Economics: Growth based on resources Growth based on resources
available in sufficient supply in the futureavailable in sufficient supply in the future Foreign exchange bottleneckForeign exchange bottleneck Environmental degradationEnvironmental degradation Sustainable development -> appropriate resource usageSustainable development -> appropriate resource usage
Green Technology: Green Technology: Reduced impact on environment (output) Reduced impact on environment (output) and improved utilization of depletable resources (input)and improved utilization of depletable resources (input) Renewable resources -> sustainabilityRenewable resources -> sustainability Clean energy sources to reduce COClean energy sources to reduce CO22 emissions and climate impact emissions and climate impact Efficient resource utilization (inputs & outputs/externalities)Efficient resource utilization (inputs & outputs/externalities)
Computational Sustainability: Computational Sustainability: Use of computation to improve Use of computation to improve resource utilization (e.g., resource utilization (e.g., Smart Grid)Smart Grid)
Core notion is Core notion is continuity of dissipative systemscontinuity of dissipative systems Non-equilibrium thermodynamics Non-equilibrium thermodynamics (Prigogine) looks at how living (Prigogine) looks at how living
systems maintain themselves in the face of entropy via matter energy systems maintain themselves in the face of entropy via matter energy exchange with their environmentsexchange with their environments
Living System Living System (autopoesis): a network of component producing (autopoesis): a network of component producing processes that recreate the network over timeprocesses that recreate the network over time
John C. Mallery MIT CSAIL24
Cyber As A Cyber As A Computational Sustainability ConundrumComputational Sustainability Conundrum
Cyber refers to the embedding or integration of computation and Cyber refers to the embedding or integration of computation and communication within human organizations and social systemscommunication within human organizations and social systems Human systems are understood as living systemsHuman systems are understood as living systems Dissipative structures face Dissipative structures face perpetual challenge of continuityperpetual challenge of continuity
Must repair internal failures of essential componentsMust repair internal failures of essential components Must adapt to changing environmentsMust adapt to changing environments Usually face intelligent competitorsUsually face intelligent competitors
Cyber impacts continuityCyber impacts continuity Benefits: Benefits: Greater adaptive potential through better information and Greater adaptive potential through better information and
computationcomputation Challenges: Challenges: Environmental change driven by cyber Environmental change driven by cyber
Requires internal and external adaptationRequires internal and external adaptation Entropy: Entropy: Cyber attack/exploitation consume resourcesCyber attack/exploitation consume resources
Direct impact Direct impact of lost information or degraded operationof lost information or degraded operation Indirect cost Indirect cost of recovery or investment in cyber securityof recovery or investment in cyber security Social costs Social costs of cyber pollution - export of risk, externalitiesof cyber pollution - export of risk, externalities
Cyber sustainability involves:Cyber sustainability involves: Designing for reliability Designing for reliability to manage complexity to manage complexity Adapting to changes Adapting to changes in the environment, often cyber fueledin the environment, often cyber fueled Resisting cyber attack and exploitationResisting cyber attack and exploitation
Dialectic of computation: benefits come with vulnerabilitiesDialectic of computation: benefits come with vulnerabilities
John C. Mallery MIT CSAIL25
Focus: Cyber Focus: Cyber Attack/ExploitationAttack/Exploitation
Cyber attack/exploitation undermines organizational Cyber attack/exploitation undermines organizational autonomyautonomy Computers become disloyal to owners, working against themComputers become disloyal to owners, working against them Reduced organizational integrity impairs goal seeking Reduced organizational integrity impairs goal seeking
behavior and weakens adaptive capacitybehavior and weakens adaptive capacity Everyday cyber impacts – death by 1000 cutsEveryday cyber impacts – death by 1000 cuts
Economic: Economic: Drag on GNP of cyber crime, recovery, cyber Drag on GNP of cyber crime, recovery, cyber security investmentsecurity investment
Innovation: Innovation: Loss of intellectual property, trade secrets, know-Loss of intellectual property, trade secrets, know-how, planshow, plans
National security: National security: Degraded systems, loss of classified Degraded systems, loss of classified informationinformation
Potential existential threats via cyberPotential existential threats via cyber Industrial espionage: Industrial espionage: Loss of commercial or national Loss of commercial or national
advantageadvantage Economic disruption: Economic disruption: Degradation of critical infrastructuresDegradation of critical infrastructures Cyber war: Cyber war: Impairment of national security functionsImpairment of national security functions
John C. Mallery MIT CSAIL26
Moderate Frequency
High Frequency
Low Frequency Low Frequency
Attacker ResourcesHighLow
High
Low
Espionage
Cyber War with Peers
Cyber Terrorism?
Interdiction of Global Communication
Industrial Espionage
Cyber War
Major Critical Infrastructure Attacks
Cyber Crime
Interception of Global Communication
Attacker Resources Attacker Resources Required for Cyber ImpactsRequired for Cyber Impacts
MostCyber Data
John C. Mallery MIT CSAIL27
Strategy DecompositionStrategy Decomposition Cyber technology baseCyber technology base
IT capital goods industryIT capital goods industry Computers, embedded, mobileComputers, embedded, mobile NetworkingNetworking
Telecommunications operatorsTelecommunications operators Identity management & crypto industriesIdentity management & crypto industries
Defense domainsDefense domains Military & intelligence systemsMilitary & intelligence systems Defense industrial baseDefense industrial base Critical infrastructureCritical infrastructure Government systemsGovernment systems Research infrastructureResearch infrastructure Supply ChainSupply Chain
Major enterpriseMajor enterprise EnterpriseEnterprise
ConsumerConsumer International cooperationInternational cooperation
AlliesAllies Trading partnersTrading partners GlobalGlobal