Battles in Cyber Space Dr Richard E Overill Department of Informatics
Nature of Warfare - Clausewitz Violent – potentially lethal Instrumental – a means to an end Political – Intention & attribution In addition: a war is usually composed of several battles a battle is usually composed of several attacks
Domains of Warfare Land – tanks, etc. Sea – battleships, submarines, etc. Air – aircraft, helicopters, UAVs, etc. Space – rockets, satellites, etc. Cyber – computers, networks, digital infrastructure, etc. Most wars involve several domains
A definition of Information Warfare “The deliberate, unauthorised and systematic attack on critical information activities to exploit information, deny services to the authorised user, modify and corrupt data.” – UK MoD
Infrastructure Attacks “The most advanced society is really only four meals away from anarchy, and if you could attack a society through its computers to cause a breakdown of the mechanisms, the infrastructure, which cause it to run, you will bring about mass deaths.” – Stephen Badsey Royal Military Academy Sandhurst, UK
Supervisory Control And Data Acquisition (SCADA) Monitoring and controlling: – Water purification and distribution systems – Electricity generation and distribution systems – Nuclear reprocessing plants – etc. Typically connected to the Internet for efficiency of operation.
H(ackers) 2 O 8 November 2011, Springfield, IL, USA. Hackers remotely accessed the online SCADA system of Curran-Gardner Township Public Water District. They burned out a well pump that serviced about 2,200 households by repeatedly turning it on and off. Later reported as a false alarm caused by a contractor remoting into the system while on holiday in Russia. 18 November 2011, Houston, TX, USA. Pr0f hacked into Harris County water plant and took screenshots but did no damage.
“Stuxnet” Discovered in June/July Malicious software (“malware”) intended to sabotage nuclear reprocessing plants in Iran. Targets and reprograms a specific model of Siemens PLC (used to control ultracentrifuges) to operate outside their specified parameters. Replays previously sampled normal ultracentrifuge behaviour to the operators’ console. Propagates itself and hides its code modifications Involved 3-5 skilled person-years’ development
“Duqu” Discovered in September Malicious software (“malware”) intended to gather intel such as system information and user profiles Source code highly similar to Stuxnet yet not specifically targeting SCADA/PLC Unknown whether it is a prequel or a sequel to Stuxnet
US DoE “Aurora” demo (March 2006)
US DoE “Aurora” demo (cont’d)
Questions? Ideas? Contact Dr Richard Overill with any questions on