Cyber Warfare

Techniques, Tactics and Tools for Security Practitioners

By

  • Jason Andress, (ISSAP, CISSP, GPEN, CEH) is a seasoned security professional with a depth of experience in both the academic and business worlds.
  • Steve Winterfeld, (CISSP, PMP, SANS GSEC, Six Sigma) has a strong technical and leadership background in Cybersecurity and Military Intelligence.

Cyber Warfare Techniques, Tactics and Tools for Security Practitioners discusses the strategic, operational, and tactical aspects of cyber warfare. The book provides information that organizations can use to develop a strategic vision for cyber security, but it is also designed to spur national debate on the direction of cyber warfare. Starting with a definition of cyber warfare, the book’s 15 chapters discuss the following topics: the cyberspace battlefield; cyber doctrine; cyber warriors; logical, physical, and psychological weapons; computer network exploitation; computer network attack and defense; non-state actors in computer network operations; legal system impacts; ethics in cyber warfare; cyberspace challenges; and the future of cyber war. This book is a valuable resource to those involved in cyber warfare activities, including policymakers, penetration testers, security professionals, network and systems administrators, and college instructors. The information provided on cyber tactics and attacks can also be used to assist in developing improved and more efficient procedures and technical defenses. Managers will find the text useful in improving the overall risk management strategies for their organizations.
View full description

Audience

Information security practitioners, network security administrators, computer system administrators, security analysts

 

Book information

  • Published: June 2011
  • Imprint: SYNGRESS
  • ISBN: 978-1-59749-637-7

Reviews

"…aimed at a military audience, this book offers concepts and examples largely from the U.S. Military."--Security Management, January 2013, page 60
"This book of around 300 pages and some 15 chapters, with a ‘cyber timeline’ appendix, provides an adequate coverage of the topics given that the whole area is subject to rapid change in both technical and policy terms. The foreword to the book again sets the scene. It asks the question ‘just what should teaching on this vital subject involve and how should it be done?’. It then sets out the aim of the book as, to quote, ‘to cover the strategic, operational, and tactical aspects of the conflicts in cyberspace today.’ This ambitious aim is partially met but mainly from an intensely USA perspective even though some reviews are done of international policy settings as of the date of writing."--Computers & Security
"The book is also crammed with details that keep it from being too dry a treatise - right from the foreword, where the president of security experts The SANS Institute confesses to being fooled into friending a fake Facebook persona (luckily for him, set up by a security researcher). The short final section of perspectives from a range of security experts is thought-provoking, but mostly this is a rigorous analysis of every aspect of cyber-war and defences against it…. At the end of Cyber Warfare you won't have a definitive answer on whether a true cyber-war is imminent. What you will have is a far better idea of the complexity of the situation, and a clear view of where to start evaluating threats to your infrastructure and how to protect against them."--ZDNet UK
"Regardless of where the definition of cyber warfare finally settles, be it simply a war waged over the Internet, a technological cold war, network-based hostilities or simply another theater of war, there are without doubt activities that transpire over the wire that require much closer scrutiny not only by the security community but also by governments, businesses and the general public. The authors accurately and adeptly take the reader from the headlines to the front lines with frequent stops in underground communities, legislative halls and anywhere hackers (ethical or otherwise) are in high demand. This book serves as a report on the current cyber state of affairs on a global scale, as a career guide to those looking to enter this burgeoning field, and, most importantly, as a reference on protecting assets that are unmistakably in the field of battle...whether intended or not."--Donald C. Donzal, Editor-In-Chief, The Ethical Hacker Network
"A fifth domain of war has been added to land, air, sea and space: cyber. Malware capable of taking a nuclear program offline was science fiction 5 years ago: Stuxnet demonstrates that information security is now a matter of national security. This timely and necessary book provides an assessment of the current state of cyber warfare, and more importantly, where the conflict is heading. Highly recommended for information security professionals."--Eric Conrad, Lead Author, CISSP Study Guide, President, Backshore Communications
"Now another view on cyber security comes from Steve Winterfeld, co-author of the recently published book on the subject, Cyber Warfare, Techniques, Tactics and tools for Security Practitioners, who believes the answer lies in punishing the hackers. ‘Somewhere along the line we are going to have to change the cost/benefit equation,’ said Winterfeld, "arresting and going after the individual, that’s how we change the costs." But on state sponsored cyber warfare Winterfeld admits that is very difficult, and says he covers it thoroughly in chapter 14 of his book. Both Winterfeld and Oates spoke by phone on the ScienceNews Radio Network program, the Promise of Tomorrow with Colonel Mason."--News Examiner
"Cyber Warfare explores the battlefields, participants and the tools and techniques used during today’s digital conflicts.  The concepts discussed in this book will give those involved in information security at all levels a better idea of how cyber conflicts are carried out now, how they will change in the future and how to detect and defend against espionage, hacktivism, insider threats and no-state actors like organized criminals and terrorists.  Every one of our systems is under attack from multiple vectors-our defenses must be ready all the time and our alert systems must detect the threats every time."--The Journal (of Law Enforcement)




Table of Contents


Acknowledgments

About the Authors

About the Technical Editor

Foreword

Introduction

Chapter 1 What is Cyber Warfare?

What is Cyber Warfare?

Definition for Cyber Warfare

Tactical and Operational Reasons for Cyber War

Cyber Strategy and Power

Cyber Arms Control

What is the United States Doing About the Threat of a Cyber War?

Have We Seen a Cyber War?

Case Studies

The Debate (Is it Real?)

Why Cyber Warfare is Important

Summary

Endnotes

Chapter 2 The Cyberspace Battlefield

Boundaries in Cyber Warfare

Defense in Depth

Physical Infrastructure

Organizational View

Where Cyber Fits in the War-fighting Domains

Land

Sea

Air

Space

Cyber Domain

Threatscape

Most Active Threats

Most Dangerous Threats

Motivations

Fielding Systems at the Speed of Need

Summary

Endnotes

Chapter 3 Cyber Doctrine

Current U.S. Doctrine

U.S. Forces

U.S. Air Force

U.S. Navy

U.S. Army

DoD INFOCONs

Sample Doctrine/Strategy from Around the World

Chinese Doctrine

Other Key Nations Developing Doctrine

Translating Traditional Military Doctrine

IPOE

JMEM

MOE

BDA

CAS

COIN

Guidance and Directives

CNCI

DHS

HSPD

NIST

Academia and Industry Associations

Operations and Exercises

Federal Exercises

DoD Exercises

Educational Exercises

Sample MESLs

Summary

Endnotes

Chapter 4 Cyber Warriors

What Does a Cyber Warrior Look Like?

Certifications

Education and Training

Experience and Skills

Differences from Traditional Forces

Age

Attitude

Physical Condition

Credentials

Present Cyber Warfare Forces

U.S.

China

Russia

France

Israel

Brazil

Singapore

South Korea

North Korea

Australia

Malaysia

Japan

Canada

United Kingdom

Other Countries with Cyber Forces

Corporate

Criminal

Staffing for Cyber War

Sources of Talent

Training the Next Generation

Summary

Endnotes

Chapter 5 Logical Weapons

Reconnaissance Tools

General Information Gathering

Whois

DNS

Metadata

Maltego

Defense

Scanning Tools

Nmap

Nessus

Defense

Access and Escalation Tools

Password Tools

The Metasploit Project

Immunity CANVAS

Defense

xfiltration Tools

Physical Exfiltration

Encryption and Steganography

Using Common Protocols

Out of Band Methods

Defense

Sustainment Tools

Adding “Authorized” Access

Backdoors

Defense

Assault Tools

Meddling with Software

Attacking Hardware

Defense

Obfuscation Tools

Location Obscuration

Log Manipulation

File Manipulation

Defense

Summary

Endnotes

Chapter 6 Physical Weapons

How the Logical and Physical Realms are Connected

Logical Systems Run on Physical Hardware

Logical Attacks Can Have Physical Effects

Infrastructure Concerns

What is SCADA?

What Security Issues are Present in the World of SCADA?

What are the Consequences of SCADA Failures?

Supply Chain Concerns

Compromised Hardware

Deliberately Corrupted Components

Non-Technical Issues

Tools for Physical Attack and Defense

Electromagnetic Attacks

Covert Activity

Summary

Endnotes

Chapter 7 Psychological Weapons

Social Engineering Explained

Is Social Engineering Science?

SE Tactics Techniques and Procedures (TTPs)

Types of SE Approaches

Types of SE Methodologies

How the Military Approaches Social Engineering

Army Doctrine

How the Military Defends Against Social Engineering

How the Army does CI

An Air Force Approach

Summary

Endnotes

Chapter 8 Computer Network Exploitation

Intelligence and Counter-Intelligence

Sources of Cyber Attacks

Attackers and Sponsors of Attacks

Reconnaissance

Open Source Intelligence

Passive Reconnaissance

Surveillance

Justifications for Surveillance

Advanced Persistent Threat

Voice Surveillance

Data Surveillance

Large-Scale Surveillance Programs

Uses of Surveillance Data

Summary

Endnotes

Chapter 9 Computer Network Attack

Waging War in the Cyber Era

Physically

Electronically

Logically

Reactively vs. Proactively

Time as a Factor

The Attack Process

Recon

Scan

Access

Escalate

Exfiltrate

Assault

Sustain

Obfuscate

Summary

Endnotes

Chapter 10 Computer Network Defense

What We Protect

Confidentiality, Integrity, Availability

Authenticate, Authorize, and Audit

Security Awareness and Training

Awareness

Training

Defending against Cyber Attacks

Policy and Compliance

Surveillance, Data Mining, and Pattern Matching

Intrusion Detection and Prevention

Vulnerability Assessment and Penetration Testing

Disaster Recovery Planning

Defense in Depth

Summary

Endnotes

Chapter 11 Non-State Actors in Computer Network Operations

Individual Actors

Script Kiddies

Malware Authors

Scammers

Blackhats

Hacktivists

Patriot Hackers

Corporations

Motivation for Corporations to Act in Cyber Warfare

Cyber Terrorism

Reasons for Cyber Terrorist Attacks

What Will Happen When We See a Cyber Terrorist Attack?

Organized Cyber Crime

Motivations for Criminal Organizations

Autonomous Actors

Exploratory Systems

Attack Systems

Defensive Systems

Summary

Endnotes

Chapter 12 Legal System Impacts

Legal Systems

International

United States Laws

Criminal Law

Key U.S. Laws

International Trafficking in Arms Regulations

U.S. Cyber Related Laws

Privacy Impacts

Electronic Communications Privacy Act

Digital Forensics

Certification

Summary

Endnotes

Chapter 13 Ethics

Ethics in Cyber Warfare

Use of Force

Intent

Secrecy

Attribution

Military Ethics

Bellum Iustum (Just War Theory)

Jus ad Bellum (The Right to Wage War)

Jus in Bello (Proper Conduct in War)

Jus Post Bellum (Justice after War)

Summary

Endnotes

Chapter 14 Cyberspace Challenges

Cybersecurity Issues Defined

Policy

Processes

Technical

Skills

People

Organization

Core (Impacting All Areas)

Interrelationship of Cybersecurity Issues

Way Ahead

Summary

Endnotes

Chapter 15 The Future of Cyber War

Near Term Trends

Most Likely and Most Dangerous Courses of Action

New Technologies and New Problems

International Interactions

Summary

Endnotes

Appendix: Cyber Timeline

Index