kevin coleman_presentation_preparing for eday
TRANSCRIPT
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
1/32
Preparingfor aCyberAttack
By Kevin G.Coleman
Countdown to eDay!
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
2/32
Introduction
The world has awakened to a new threat.
China, Russia and North Korea's test of a
cyber weapon, Iran's cyber weapon
ambitions, the renewed defense industrys
emphasis on the use of computers as aweapon have all combined to accelerate the
rate of development of what Ive called the
most destructive weapon on the planet. The
proliferation of cyber weapons has explodedand estimates suggest that over 70% of
countries will have at least a basic level cyber
weapon by the end of 2008.
http://images.google.com/imgres?imgurl=http://www.russian-flag.org/russian-flag-640.jpg&imgrefurl=http://www.russian-flag.org/&h=511&w=640&sz=37&hl=en&start=11&sig2=kQL-3LL1PMbIoePRiI9QPA&um=1&tbnid=st-90XsczCi5OM:&tbnh=109&tbnw=137&ei=ZU6mSNuIO5-geIiatI4B&prev=/images?q=russia+flag&um=1&hl=en&rlz=1G1GGLQ_ENUS243http://images.google.com/imgres?imgurl=http://www.chinese-flag.org/chinese-flag-640.jpg&imgrefurl=http://www.chinese-flag.org/&h=511&w=640&sz=43&hl=en&start=9&sig2=EWFNvH2LCxIcyNbWm_Rhsw&um=1&tbnid=lKPD5rJv4TsFEM:&tbnh=109&tbnw=137&ei=TU6mSNn_BoyWebW68H8&prev=/images?q=China+flag&um=1&hl=en&rlz=1G1GGLQ_ENUS243 -
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
3/32
The China Syndrome
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
4/32
A Bit of History
Back in 1998 when I was Chief Strategist of
Netscape, I became aware of an international
movement that was designed to create software
that could be used for criminal activity as well as
disrupt Internet activity. That was when I began toresearch what we are now calling cyber warfare.
I testified on cyber crime, espionage and security
before a joint Congressional Caucus. At one pointin my live demo, Chris Dodd asked me, Does our
Defense Department know about you?
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
5/32
Cyber Warfare & CyberTerrorism
Cyber Warfare and Terrorism is one of thefifteen modalities of UnRestricted Warfare(URW) also called asymmetric warfare.
Cyber Warfare & Terrorism
The premeditated use of disruptive
activities, or the threat thereof, against
computers and/or networks, with the
intention to cause harm or further social,
ideological, religious, political or similar
objectives. Or to intimidate any person
in furtherance of such objectives.
ce: U.S. Army Cyber Operations and Cyber Terrorism Handboo
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
6/32
CounterfeitHardware
February 2008 - U.S. Customs and BorderProtection Assistant Commissioner for theOffice of International Trade Dan Baldwin andDirector-General Robert Verrue, EuropeanCommission Tax and Customs Directorate,
today announced the results of OperationInfrastructure, which took place last Novemberand December.
The Operation resulted in the seizure of more
than 360,000 counterfeit integrated circuitsand computer network components bearingmore than 40 different trademarks.
6
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
7/32
CounterfeitHardware
February 2008
The Feds have confiscated more than $75
million of counterfeit Cisco networking
gear. The announcement is in a progress
report on a two-year-old investigation,
code named Operation Cisco Raider. In
most cases the fake gear was made in
China and imported into the United Stateswhere unethical resellers passed it off as
legit.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
8/32
Impact of a CyberWar
Of those who do perform what we consider dailyactivities online, more than half say they go onlineevery day or several times a week to perform thoseactivities.
There are about 93 billion emails are sent per daythat will not go through.
Millions of VoIP calls per day will not go through.
Over 200 million Google searches per day will notget done.
A reported 33% of Internet users say they makeeCommerce transactions daily.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
9/32
Impact of a CyberWar
Some 88% of online user say the Internet plays a rolein their daily routines.
Some 40% of Internet users who get the news online
say they log on daily.
Some 25% of the online weather bugs will checkweather daily.
Some 20% of online sports fans check sports scoresdaily.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
10/32
A Recent Poll
43%
47%
10%
Not Prepared
Somewhat Prep
Very Prepared
Source:A collaborative effort between DefenseTech.Org and theTechnolytics Institute with nearly 1,000 respondents to the poll.
How prepared is the U.S. for acyber attack?
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
11/32
Impact of a CyberWar
INTELLIGE
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
12/32
Impact of a CyberWar
$0
$50
$100
$150
$200
$250
2006 2007 2008 2009 2010
Billion U.S. Retail eCommerce Sales
Thats$425million a
day.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
13/32
Cyber MediaWarfare
One can only imagine the psychological impact on the viewers that witnessedthis prank. The TV channel CT2 said that they received frantic phone calls
from viewers who thought a nuclear war had started.http://www.youtube.com/watch?v=MzaN2x8qXcM
http://www.youtube.com/watch?v=MzaN2x8qXcMhttp://www.youtube.com/watch?v=MzaN2x8qXcM -
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
14/32
Think About This
What if the Internet went away: For a day
A week
A month
No eMails
No BlackBerrys
No eCommerce
Virtual business services of all sorts,accounting, payroll and even sales
would come to a halt, as would manycom anies.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
15/32
The worst thing to do-
There is no doubt today that VoIP is takingover the telecom market, and every monthincreases penetration into business,government and the consumer sectors.
Almost two-thirds of large organizations in NorthAmerica will be using VoIP products and servicesby year end.
Small Business VoIP adoption will grow to 3 millionby 2010. Revenues are projected to reach $2billion.
Consumer VoIP adoption will drive wholesale VoIPrevenues to $3.8 billion by 2010.
You are putting allyour eggs in one
basket.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
16/32
Cyber WeaponsProliferation
The cost to develop this new class of weapon is
within reach of any country, any extremist group,
any criminal organization and tens-of-millions of
individuals The raw materials needed to construct
cyber weapons are not restricted and are widelyavailable. We now have a weapon that can strike
at the speed of light, it can be launched from
anywhere in the world, and it can target anywhere
in the world. This briefing will provide an
understanding of the current state of cyberweapons, current defenses and a unique look at
what the future cyber warfare scenario might
encompass.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
17/32
Your Cyber Attack IQTest
If I can give you three pieces of intelligence you did
not have before, would you agree this briefing
provided value?
1. What does EPFC and TEDs stand for?
2. How many of you address CBRNE in you contingency
plans?
3. Why should your organizations have supply-chain
integrated into the security program?
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
18/32
Modern WeaponsEconomics
$1.5 to $2 billion
$80 to $120 milli
What does a stealth bomber cost?
What does a stealth fighter cost?
$1 to $2 millionWhat does an cruise missile cost?
$300 to $50,000What does a cyber weapon cost?
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
19/32
19
Find the WeaponsFacility
Nuclear Weapons Facility Cyber Weapons Facility
Wheres the Cyber Weapons Facility?
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
20/32
Cyber WeaponsProliferation
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
21/32
Cyber Arms Dealers
RBN and their support units provide scripts and
executables to make cyber weapons undetectable by
antivirus software. Every time a copy of the cyber
weapon is generated, it looks different to the anti-virus
engines and it often goes undetected. The
modularization of delivery platform and maliciousinstructions is a growing design in cyber weapons. RBNs
cyber weapons are very popular and powerful. In June
2007, one was used by a single person to attack and
compromise over 10,000 websites in a single assault.
know RBN leases use/capacity on their 150 million node BotN
http://majarah.jeeran.com/images/hacker.gif -
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
22/32
22
Cyber WeaponsEvolution
Low
High
Basic
Research
Applied
Research
Early
Adopters
Rapid
Advancement
Significant Threat
1994 1998 2002 2004 2008 2012 2016
Basic Weapons
Advanced Weapons
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
23/32
Interesting Quote
NATO's cyber defense chief has warned that computer-
based terrorism poses the same threat to national
security as a missile attack. He went on to say that
Cyber war can become a very effective global problem
because it is low-risk, low-cost, highly effective and
easily globally deployable. It is almost an ideal weapon
that nobody can ignore.
Using this as a framework, we can put into context the
evolving architecture for cyber weapons.
http://images.google.com/imgres?imgurl=http://www.securitysweepblog.org/wp-content/uploads/2008/01/nato.png&imgrefurl=http://www.securitysweepblog.org/category/preventive-war/&h=600&w=800&sz=23&hl=en&start=13&sig2=M83cjQwrtGRo3WttYpWP4Q&um=1&tbnid=uN7aWjnKvFbmGM:&tbnh=107&tbnw=143&ei=p0mmSNCPCoueefH88ZIB&prev=/images?q=NATO&um=1&hl=en&rlz=1G1GGLQ_ENUS243&sa=N -
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
24/32
Cyber Weapons Design
Cyber Weapon Architecture
A missile is comprised of three basic
elements. The first is a delivery vehicle
(rocket engine), followed by a navigationssystem (tells it how to get to the target)
and finally the payload (the component that
causes harm). As it turns out, the same
three elements now appear in the design ofcyber weapons.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
25/32
Cyber Weapons Design
Cyber Weapon Delivery Vehicle
There are numerous methods of delivering cyber
weapons to their targets. Emails with malicious code
embedded or attached is one mechanism of delivery.
Another delivery vehicle is web sites that can havemalicious links and downloads. Hacking is a
manually delivery vehicle that allows a cyber soldier
to place the malicious payload on a target computer,
system or network. Counterfeit hardware, software
and electronic components can also be used asdelivery vehicles for cyber weapons.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
26/32
Cyber Weapons Design
Cyber Weapon Delivery VehicleJust as a navigation system guides a missile, it
allows the malicious payload to reach a specific
point inside a computer, system or network. System
vulnerabilities are the primary navigation systems
used in cyber weapons. Vulnerabilities in software
and computer system configurations provide entry
points for the payload of a cyber weapon. These
security exposures in operating systems or other
software or applications allow for exploitation andcompromise. Exploitation of these vulnerabilities
may allow unauthorized remote access and control
over the system.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
27/32
Cyber Weapons Design
Cyber Weapon Delivery Vehicle
The payload of a missile is sometimes called a
warhead and is packed with some type of
explosive. In a cyber weapon the payload could
be a program that copies information off of thecomputer and sends it to an external source. It
can also be a program that begins to ease or alter
information stored on the system. Finally, it can
allow remote access so that the computer can be
controlled or directed over the internet. A bot (a
component of a botnet) is a great example of a
payload that allows remote use of the computer
by an unauthorized individual or organization.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
28/32
Cyber Weapons Design
Cyber Weapon Architecture
This three element architecture demonstrates how
advanced and sophisticated cyber weapons are
becoming. The architecture creates reusability and
reconfiguration of all three components. As onesoftware or system vulnerability is discovered,
reported and patched, that component can be
removed and replaced while the other two
components are still viable. This not only creates
flexibility but also significantly increase theproductivity of the cyber weapons developers.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
29/32
Conclusion
Our nation is increasingly vulnerable to
cyber attacks that could have catastrophic
effects on critical infrastructure as well as
severely damage the countrys economy.
Whether the attack is focused on stealingour business and technology secrets,
disrupting our financial systems or worse,
the threat is real. Countries, terrorists and
extremists around the world aredeveloping and implementing cyber
warfare doctrine, strategies and weapons.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
30/32
Conclusion
The Cold War may be over, but the cyber
arms race has just begun. The threat is
eminent. We must rapidly develop
offensive and defensive cyber weapons
capabilities as well as the military doctrine
and regeulations necessary to govern their
use. In the cyber arms race we cannot
finish anyplace but first.
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
31/32
31
QUESTIONS
?
?
??
??
?
??
?
??
?
??
?
? ?
?
?
?
?
?
??
?
?
?
?
?
?
?
? ?
?
?
?
?
?
?
-
8/7/2019 Kevin Coleman_presentation_Preparing for eDay
32/32
Biography
Kevin G. Coleman is a Senior Fellow andStrategic Management Consultant with
the Technolytics Institute. He is the
former Chief Strategist of Netscape and
was a member for the Science and
Technology Advisory Panel at the JohnsHopkins University Applied Physics Lab.
He has briefed defense contractors and
other organization on cyber warfare and
is a highly published professional covering
cyber security and writes regularly for EyeSpy Magazine and authors the Cyber
Warfare Blog for DefenTech.org.
The Technolytics Institute4017 Washington Road
Mail Stop #348
McMurray, PA 15317
P 412-818-7656
F 412-291-1193
I www.technolytics.com
http://www.technolytics.com/http://www.technolytics.com/