100% tevredenheidsgarantie Direct beschikbaar na betaling Zowel online als in PDF Je zit nergens aan vast
logo-home
Samenvatting + lecture notes - Espionage and war in cyberspace exam €6,99
In winkelwagen

Samenvatting

Samenvatting + lecture notes - Espionage and war in cyberspace exam

1 beoordeling
 59 keer bekeken  8 keer verkocht

Samenvatting + lecture notes - Espionage and war in cyberspace exam

Voorbeeld 4 van de 61  pagina's

  • 18 december 2023
  • 61
  • 2023/2024
  • Samenvatting
Alle documenten voor dit vak (1)

1  beoordeling

review-writer-avatar

Door: ellensoderberg • 1 maand geleden

avatar-seller
mauritshorst
Cyber Conflict: Conceptual Challenges

Week 4, lecture 1

What is war? Effects, means, actors

War is a continuation of politics by other means. It is intrinsically violent (1), instrumental
(2), and fought by states (3). Carl von Clausewitz.

War must be defined in terms of violence. Taking human life is the primary and dominant
characteristic of war. Sustained combat. Organized armed forces. 1000+ battle related
fatalities in a 12-month period. (Small & Singer).

Sources of state power existed primarily in the physical control of the land, sea, air.

Cyberspace: the interdependent network of information and communications technology
infrastructures that includes the internet  interface with this network of networks is creating
and evolving behavioral space that is initiating social, economic, and political dynamics.

 While much of this behavior is positive, there is a growing negative, even malignant
use = considerations of cybersecurity are becoming more prominent.

Threat actors and vectors multiple across the same interconnected space  diversity of actors
(nation states; conflict + intelligence gathering, terrorists, organized crime, individuals etc.)

Previously, clear distinction between the state of peace and state of war  army across
border, defeat enemy to achieve political objectives  conflict in this Greyzone? The space
between war and peace is not an empty one, but a landscape churning with political,
economic, and security competitions that require constant attention (Schadlow, 2014).

What is cyberwar? Is there cyberwar?

War conducted in and from computers and the networks connecting them, waged by states or
their proxies against other states.

Cyberweapons are not overtly violent, their use is unlikely to fit the traditional criterion of
interstate war; rather the new capability is expanding the range of possible harm and
outcomes between the concepts of war and peace (Lucas Kello).

Cyberspace possess distinct characteristics that make it insecure:

, 1) Cyberspace is a human construction. Highly malleable. Underlying infrastructure is
always changing. It can be manipulated, adapted and abused.
2) Cyberspace spans the physical and digital worlds. Hardware exist in the real world,
but actions occur online. No international agreement on territoriality. Fairly low cost
of entry. Attribution is challenging and time consuming. As it is interconnected it
cannot easily be segmented.

The frontline is everywhere

There is no safe zone in cybersecurity. Everywhere that you operate you can be attacked.
Vector for attack may even be outside of your control.

- Allies are potential vulnerabilities, if your adversary can compromise their networks
- Vulnerabilities in states’ supply chains.
- No distinction between civilians and combatants.
 Cyberspace is a domain of persistent threat where achieving security is an everyday
challenge.

Endemic vulnerability

Modern operating systems and applications are extremely complex programs. Flaws in the
program: exploits, can be used by hackers as entry points.

Zero day attacks: a vulnerability in a piece of software that is unknown by the software
developers.

Even when an exploit is known – patches need to be created and computers need to be
updated. Installing updates are often delayed allowing known exploits to be continually used.
WannaCry attack: disabled over 300k computers. 98% of which was using windows 7.

How do states use cyberspace to compete in the international system?

Computer network exploitation (CNE): enabling operations and intelligence collection
capabilities conducted through the use of computer networks to gather data from target or
adversary information systems or networks (NIST).

Computer network attack (CNA): Operations to disrupt, deny, degrade, or destroy
information resident in computers and computer networks, or the computers and networks
themselves (US, JD for information operations, 1998).

,Offensive cyber capabilities

Types

Deny; to prevent adversary from accessing and using critical information, systems, and
services by a specified level for a specified time.

Destroy; to damage a system or entity so badly that it cannot perform any function or be
restored to an usable condition without being entirely rebuilt

Disrupt; to break or interrupt the flow of information. To completely but temporarily deny
access to, or operation of, a target for a period of time.

Degrade; to deny access to, or operation of, a target to a level represented as a percentage of
capacity

Deceive; to cause a person to believe what is not true. Mislead adversary decision makers by
manipulating their perception of reality. To control or change adversary’s information,
information systems, and/or networks in a desired manner.

Characteristics

Cyberspace operations intended to project power by the application of force in or through
cyberspace.

The combination of technological, individual and organizational capacities that jointly enable
the adversarial manipulation of digital services and networks.

a) Usually involve intrusion or unauthorized access (not always).
b) Usually involve external control of the network over the internet.
c) Can be combined with a range of other techniques (including social engineering,
human sources) to gain access.

Harm

Web defacement – financial gain – denial of key services – disable critical infrastructure

Assist/enable Ios – data deletion – sabotage (military sites) – interfere with nuclear C&C

Cyberwar – cybergeddon

Vulnerability is present in every system and can be exploited by the adversaries. The number
of potential entry points is simply too high to be completely impervious.

, Examples feeding the public imagination of cyberwar

Stuxnet/Olympic Games. Cyber attack in 2007. Physical damage to Iranian centrifuges,
destroying 1-2000. First three years undetected. Attack designed in a way to look like user
error. 2010 discovered unexpectedly after word inadvertently spread outside Iran’s nuclear
facilities. Never intended to be detected, and was set up to stop itself in 2012  randomly
closed exit valves on centrifuges so that gas would be trapped. Caused damage over time and
wasted gas.

- The idea clearly is to try to disrupt operations that could lead to a nuclear weapon and
to make their scientists feel less secure and less capable of doing their work.
- The use of malware as a cyberweapon, designed to infiltrate and damage systems run
by computers – was supposed to make the Iranian think that their engineers were
incapable of running an enrichment facility.

Direct effect: marked decrease in centrifuge activity in 2009
Indirect effect: mistrust in scientific community, fear of inside threat
 Set back Iranian weapon’s program by 2 years.

Limitations: highly customized capability, single use-target, Iran recovered within 6 months
 overall direct impact physical progress nuclear program probably fairly limited (Lindsay,
2013).

Threat inflation?

Exaggerations in the threat perception. Commercial and institutional incentive to hype the
threat. Rhetoric has shifted in recent years.

Voordelen van het kopen van samenvattingen bij Stuvia op een rij:

Verzekerd van kwaliteit door reviews

Verzekerd van kwaliteit door reviews

Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!

Snel en makkelijk kopen

Snel en makkelijk kopen

Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.

Focus op de essentie

Focus op de essentie

Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!

Veelgestelde vragen

Wat krijg ik als ik dit document koop?

Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.

Tevredenheidsgarantie: hoe werkt dat?

Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.

Van wie koop ik deze samenvatting?

Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper mauritshorst. Stuvia faciliteert de betaling aan de verkoper.

Zit ik meteen vast aan een abonnement?

Nee, je koopt alleen deze samenvatting voor €6,99. Je zit daarna nergens aan vast.

Is Stuvia te vertrouwen?

4,6 sterren op Google & Trustpilot (+1000 reviews)

Afgelopen 30 dagen zijn er 56326 samenvattingen verkocht

Opgericht in 2010, al 14 jaar dé plek om samenvattingen te kopen

Start met verkopen
€6,99  8x  verkocht
  • (1)
In winkelwagen
Toegevoegd