Presentation on theme: "James D. Brown Chief Engineer and Senior Fellow Information Resource Management L-3 Communications."— Presentation transcript:
James D. Brown Chief Engineer and Senior Fellow Information Resource Management L-3 Communications
WE LIVE IN A CYBER WORLD Cyber Addiction Cyber Bullying Cyber Cafe Cyber Crime Cyber Critic Cyber Dating Cyber Espionage Cyber Identity Cyber Porn Cyber Punk
2008 US Commerce Committee Report China is aggressively pursuing cyber warfare capabilities that may provide it with an asymmetric advantage against the United States. In a conflict situation, this advantage would reduce current U.S. conventional military dominance. Cyber space is a critical vulnerability of the U.S. government and economy, since both depend heavily on the use of computers and their connection to the Internet. The dependence on the Internet makes computers and information stored on those computers vulnerable.
The conceptual framework currently guiding PLA IW strategy is called Integrated Network Electronic Warfare a combined application of computer network operations and electronic warfare used in a coordinated or simultaneous attack on enemy networks and other key information systems. The objective is to deny an enemy access to information essential for continued combat operations. Figure 1: General Staff Department of the People's Liberation Army51 Capability of the Peoples Republic of China to Conduct Cyber Warfare and Computer Network Exploitation October 9, 2009
Mandiant Report Chinas economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this piracy. Beijing is waging a massive trade war on us all, and we should band together to pressure them to stop. Combined, the United States and our allies in Europe and Asia have significant diplomatic and economic leverage over China, and we should use this to our advantage to put an end to this scourge. U.S. Rep. Mike Rogers, October, 2011
Mandiant Report Summary APT1 is believed to be the 2nd Bureau of the Peoples Liberation Army (PLA) General Staff Departments (GSD) 3rd Department,which is most commonly known by its Military Unit Cover Designator (MUCD) as Unit APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations, and has demonstrated the capability and intent to steal from dozens of organizations simultaneously. APT1 maintains an extensive infrastructure of computer systems around the world. In over 97% of the 1,905 times Mandiant observed APT1 intruders connecting to their attack infrastructure, APT1 used IP addresses registered in Shanghai and systems set to use the Simplified Chinese language. The size of APT1s infrastructure implies a large organization with at least dozens, but potentially hundreds of human operators. In an effort to underscore that there are actual individuals behind the keyboard, Mandiant is revealing three personas that are associated with APT1 activity. Mandiant is releasing more than 3,000 indicators to bolster defenses against APT1 operations.
Home of APT
Advanced Persistence Threat It was defined by the US Air Force and Mandiant It is a special class of targeted coordinated attacks They are highly specialized and extremely sophisticated Very stealthy (under the radar) Very hard to detect and remove Mainly aimed at US Defense Contractors Used by foreign governments and organized crime (China and Russia) Takes advantage of US companies lackadaisical attitude toward network security Targets are now spreading to areas of the Internet