HSEP 314 FINAL EXAM 2019
What are the three different "cyberwar" scenarios?
1) Cyber Blockades: The bronze soldier attack in 2007 which were were a series of cyberattacks which began on 27 April 2007 and targeted websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country's disagreement with Russia about the relocation of the Bronze Soldier of Tallinn, an elaborate Soviet-era grave marker, as well as war graves in Tallinn. 2) Sophisticated Hack of Military Systems: Stuxnet attack from 2010-2011 which was an extremely sophisticated computer worm that exploits multiple previously unknown Windows zero-day vulnerabilities to infect computers and spread. 3) Debilitating Attack on Critical Infrastructure: Black Energy attack from 2014-2015 which was a Trojan that is used to conduct DDoS attacks, cyber espionage and information destruction attacks.
What are the three kinds of attribution?
1) Evidence to convince oneself 2) Evidence to convince the attacker 3) Evidence to convince the public/ international community
Name three hacktivist collectives/groups.
1) Lizard Squad (responsible for cyber-attacks on Malaysia Airlines, DDoS attack on Facebook) 2) Anonymous (hacked Pentagon, declared war on Scientology, attacked PayPal with operation Payback) 3) LulzSec (Anonymous spinoff, hacked Fox.com, Sony Pictures in 2011 and took CIA website offline)
Given the immense resources available to technology developers to find and fix vulnerabilities, why do criminals persist?
Criminals can find zero-day vulnerabilities faster than governments can find and patch them. There is a lot of money to be made in this business as well
Healey & Rattray outline six perspectives on how to think about policy for grappling cybersecurity threats. Name the perspectives and describe two.
1) Technical 2) Criminal; focus on law enforcement; driven by developments in laws in the workforce and forensics 3) Warfare; focus on military capacity; approach defined by notion of cyberspace as a domain as most significant actors are military stakeholders 4) Public health pandemic, 5) Environmental, 6) Irregular warfare
What have traditionally been the three pillars of DOD cyber doctrine?
1. Defending the DoDIN (DoD Info Network) 2. Blunting meaningful threats to nation security through cyberspace 3. Conducting of cyber operations in support of conventional operations
What are the five stages of hack-back?
1. Track: Find who responsible 2.Hack: Access system through initial RAT 3.Sack: Delete stolen data (your stolen data) 4.Jack: exploitation to gain access control 5.Whack: Attack the attacker, and disable their abilities
What is economic warfare and what are the two modes of CEEW?
A hostile strategy involving attacks against a nation using cyber technology with the intent to weaken its economy and thereby reduce its political and military power.
What is meant by a "semi-state" actor? Give examples of different types.
A person using their knowledge for the good of the state; but not state authorized (Patriotic Hackers, Tech. Genius, Major Telecommunications Companies, Security Vendors, and Some Criminal Elements).
What is an APT?
A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period of time. The intention of an APT attack is usually to monitor network activity and steal data rather than to cause damage to the network or organization
What is meant by "attack surface"?
A software environment is the sum of the different points (the "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure.
53. With regards to NSA telephone data collection, what is meant by a system of hops? What is required for each hop?
A system of "HOPS" is a contact chain starting with a person of interest or a suspect. If the POI talks to 10 people, those ten people are considered HOP One, and then if those ten people talk to ten people each we get 100 numbers (contacts) and that's HOP Three and so on.
What is subversion?
Attacks that damage the integrity of computer data and software through non-physical access. Most malware attacks represent subversion. A Power Strategy: Transformation of the normal status quo among a significant community or population characterized by the detachment and transference of prevailing political and social group loyalties to the symbols and institutions of the subversive force.
According to Young, why do Internet-flavored security challenges tend to drive us towards either "nano second" policies or "Ford sedan" policies?
Because of the nature of the internet. Everything has to be extremely fast-paced and quick to adapt.
What is Common Article 3 of the Geneva Convention? Name one challenge in applying this element of international law to cyber conflict?
Common Article 3 of Geneva Convention- No cruel or unusual punishment of people that are detained.
What is the function of CALEA?
Communications Assistance for Law Enforcement Act 1994; to allow law enforcement agencies to conduct lawful interception of telecommunications. Telecommunications providers MUST build an intercept capability into their technologies and provide it to the government.
What organization(s) preceded Cyber Command?
Cyber command is essentially the descendant of Joint Task Forces (CND,CNO,GNO) that began in the late 90s around moonlight maze investigation. The main difference is that the JTF did not have status/ authority to do cyber operations. It could only do cyber operations if command came from a separate service branch. Cyber command changes that entirely. Army, air force, and marine cyber units aren't seconded to the command but- entirely operate under the authority of the head of Cyber Command. Basically went from being run by committee to being an actual combatant command.
When it comes to crisis instability, Gompert & Libicki argue that cyber weapons make a potential standoff between states even more unstable. Why? What is it that cyberspace does? Give me two of the arguments they use.
Cyber weapons create problems underlying crisis instability because: 1. Effects of cyber-attacks are usually short lived Cyber-attacks are difficult to remake after used once The discovery of the attack informs the victim of their weakness.
Why, according to Gartzke, is cyberwar extremely unlikely?
Cyberattacks are unlikely to prove particularly potent in grand strategic terms unless they can impose substantial, durable harm on an adversary. In many, perhaps most, circumstances, this will occur only if cyberwar is accompanied by terrestrial military force or other actions designed to capitalize on any temporary incapacity achieved via the internet. Those initiating cyberattacks must therefore decide whether they are prepared to exploit the windows of opportunity generated by internet attacks through other modes of combat. If they are not willing and able to do so, then in grand strategic terms, there are few compelling reasons to initiate cyberwar. If one cannot foresee circumstances where the terrestrial use of force is plausible independent of cyberwar, then cyberwar is also unlikely to constitute a fundamental threat. This is not to say that cyberattacks will not have an effect, only that they are extremely unlikely to be strategically decisive. A capability to address cyber threats is useful, but planning for cyberwarfare must occur within the larger framework of recognition that this new domain is evolutionary rather than revolutionary. There will not be a cyber Pearl Harbor, except possibly when and if a foreign power has decided it can stand toe-to-toe with conventional U.S. military power.
How is "cyberwar" different from cyber conflict?
Cyberwarfare: A computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state. In these types of attacks, nation-state actors attempt to disrupt the activities of organizations or nation-states, especially for strategic or military purposes and cyberespionage. Although cyberwarfare generally refers to cyberattacks perpetrated by one nation-state on another, it can also describe attacks by terrorist groups or hacker groups aimed at furthering the goals of particular nations. It can be difficult to definitively attribute cyberattacks to a nation-state when those attacks are carried out by advanced persistent threat (or "APT") actors, but such attacks can often be linked to specific nations. Class definition of "cyberwar": Discrete conflict episodes between two (or more) recognizable political entities engaged primarily via cyberspace. Cyber conflict: the use of computational means, via microprocessors and other associated technologies, in cyberspace for malevolent and/or destructive purposes in order to affect, change or modify diplomatic and military interactions between entities. To this point, the discourse on cyber conflict, weapons, policy, and security clearly lacks an engagement of theory and evidence in relation to the international system. Class definition of "cyber conflict": General shape of conflictual actions in international affairs.
How are EINSTEIN 1.0 and 2.0 different from one another?
Einstein 1: Monitors the flow of Network traffic transiting to and from federal civilian executive branch agencies. In technical terms; It records and analyzes netflow records. This allows DHS to identify potentially malicious activity and conduct critical forensic analysis after an incident occurs. Einstein 2: Identifies malicious or potentially harmful computer network activity in Federal Government network traffic based on specific known signatures. In technical terms; it's an intrusion detection system. On a typical day, it's sensors generate about 30,000 alerts about potential Cyber attacks. Which are then evaluated by DHS security personnel to determine whether the alert represents a compromise and if further remediation is needed, if so, DHS works with the victim agency to address the intrusion.
Explain the phrase "the fifth domain."
Fifth Domain is the newest theater of warfare - cyberspace - joining land, sea, air and space. But unlike the other domains, the conflicts in cyberwar are rarely military-on-military. Instead, nation-states, criminal organizations and terrorist groups are going after civilian populations and infrastructure. We have seen this with Russia's influence in the 2016 U.S. elections; China's hack of the Office of Personnel Management; the seven Iranian nationals indicted for breaching a New York dam; and North Korea's devastating attack on Sony. In order to meet this threat, stakeholders from across sectors and industries - public and private; civilian and military; domestic and international - need to come together for a holistic discussion on the challenges and solutions of the budding of cyberwar. Fifth Domain fills that role as a central hub for news, information and collaboration, whether you're a cyber pro or just getting started.
What is the function of FISA?
Foreign Intelligence Surveillance Act of 1978; bars all surveillance of domestic individuals, foreign power or terrorist actors. There are two mechanisms for surveilling "domestic persons." FISA court authorization Presidential authorization w/o court approval only if the AG and Ass't AG verify under oath of eavesdropping on citizens
According to the Department of Justice, does EINSTEIN violate either FISA or the Wiretap Act? Why or why not? (Same thing, there's a bit of nuance here)
From the DOJ statement: "We (DOJ) conclude that as long as executive departments and agencies participating in EINSTEIN 2.0 operations consistently adopt, implement, and enforce the model log-on banner or computer-user agreement—or log-on banners or computer-user agreements with terms that are substantially equivalent to those models—the use of EINSTEIN 2.0 technology to detect computer network intrusions and exploitations against Federal Systems complies with the Fourth Amendment, the Wiretap Act, FISA, the SCA, and the Pen/Trap Act. According to the DOJ"
What are the five categories of cyber policy?
Governance, User ship, Conflict, Management and Infrastructure
According to Hunker, why are public-private partnerships on cyber issues so enduringly doomed to be bad?
Government primarily does not have the authority or resources to control the behavior of private sector entities that own and operate critical infrastructures.
What is a "grey zone" conflict?
Grey zone conflict is competitive interaction among and within state and non-state actors that fall between traditional war and peace duality.
What is meant by "tightly coupled" and "loosely coupled" infrastructural sectors?
If one is hacked or disaster struck: Tightly coupled infrastructure: Would immediately affect more infrastructure nationwide. (Example: Being a major bank or company DoS attack) Loosely coupled Infrastructure: Would be a grocery store or county facility, effects would be felt within that county.
What is hack-back?
Involves turning the tables on a cyber-hacking assailant; stopping the crime, or trying to steal back what was taken.
How did the Protect America Act of 2002 change the legal calculus for intelligence collection as it relates to American persons?
It changed key elements of FISA; such that the monitoring of Americans is NOT illegal provided that the person was (reasonably believed to be located outside the US). This protects NSA from prosecution based on stray collection of Americans' information in packet traffic sifting.
Be able to name and describe (in 1-2 sentences) five major cyber incidents affecting or perpetrated by the United States.
January 2019. The U.S. Democratic National Committee revealed that it had been targeted by Russian hackers in the weeks after the 2018 midterm elections. October 2018. The U.S. Justice Department announces criminal charges against seven GRU officers for multiple instances of hacking against organizations including FIFA, Westinghouse Electric Company, the Organization for the Prohibition of Chemical Weapons, and the U.S. and World Anti-Doping Agencies. September 2018. The U.S. Department of Justice announces the indictment and extradition of a Russian hacker accused of participating in the hack of JP Morgan Chase in 2014, leading to the theft of data from over 80 million customers. July 2018. The U.S. Department of Justice announced the indictments of 12 Russian intelligence officers for carrying out large-scale cyber operations against the Democratic Party in advance of the 2016 Presidential election. The officers' alleged crimes included the theft and subsequent leakage of emails from the Democratic National Committee and Hillary Clinton campaign, and the targeting of election infrastructure and local election officials in an attempt to interfere with the election. February 2016. Hackers breached the U.S. Department of Justice's database, stealing and releasing the names, phone numbers, and email addresses or 30,000 DHS and FBI employees.
What is the Law of Armed Conflict? What are two issues to be resolved when it comes to applying the LOAC to cyber conflict?
LOAC: Basically the prevention of weapons which cause unnecessary suffering during war (flamethrowers, Poison gas, etc.) Two issues with cybersecurity and LOAC: 1) There's no symbol like "The Red Cross" in Cyberspace that keeps you safe from attacks. 2) There's no specific roles of non-state actors in Cyberspace as of right now.
What is meant by fiduciary responsibility?
Legal responsibility to act solely in the best interest of another party
What are the characteristics of the Dark Web that make it attractive for criminals?
Limited access to sensitive information due to general lack of regulation. "The onion" or layers required to uncover information about a user are the base of appeal. Online anonymity (being anonymous) brings criminals, terrorists, freedom fighters and pedophiles to the dark web
What is the difference between the multilateral and multi-stakeholder approaches to Internet governance?
Multilateral Approach: Supported by Russia, China and partners. Countries are main actors. Major support for central role of the (ITU) International Telecommunications Union. Western concern is integrity of foreign abilities to defect from government Multi-Stakeholder Approach: Supported by the U.S. Japan, South Korea, and many EU countries. NGOs are main actors. About the rights of companies and need for transparency leads to the U.S to being nominally in charge of sharing international cyber regimes.
What is the purpose of the NIST Cyber Security Framework?
Provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.
Why do Internet technologies challenge the strength of CALEA? And what is it about encryption that presents a problem for traditional law enforcement abilities to intercept the communications of terrorists, criminals, etc? (Think about the San Bernadino case)
Regardless of CALEA, encryption is a single use key system, to access one device. For example; All key would have to be broken therefore rewritten. In San Bernadino case, Apple "did not comply" with the government unlocking the suspected terrorists' iPhone because all iPhones would be vulnerable. Apple would have had to rewrite an entirely new code/key.
What's the difference between a script kiddy and a hacker?
Script kiddies use scripts designed by hackers but don't know how to use actual hacking tools Hacker: People with their own special knowledge of computer systems interested in subtle details of software, algorithms, and system configurations
What is information warfare?
Similar to psychological warfare; is a concept involving the battlespace use and management of information and communication technology (ICT) in pursuit of a competitive advantage over an opponent. Information warfare is the manipulation of information trusted by a target without the target's awareness, so that the target will make decisions against their interest but in the interest of the one conducting information warfare.
According to the Department of Justice, does EINSTEIN violate the 4th Amendment? Why or why not? (Be warned, this is a nuanced argument)
Since there's no better option yet, it's legal. At worst seen as a minimal burden upon legitimate privacy rights. The use of IDS is a "reasonable search". Standards adopted by courts have actually focused on whether searches are "unreasonable" because of difficulty with sometimes non-voluntary conditions of federal service. Furthermore obtaining warrants would be impractical, the technology itself makes lawful actions infeasible.
Surface web, Deep Web, Dark Web...what's the difference?
Surface Web: (Open Internet) Websites freely accessible to all users over the internet (example: google) Deep Web (invisible web): Information contained in the databases that some websites use to generate their dynamic web pages. NOT INDEXED IN SEARCH ENGINES BUT DOES REQUIRE AUTHENTICATION such as a password. (ex- email) Dark Web: Internet content that can't be indexed by Google and other search engines. MUST NEED SPECIAL CONFIGURATIONS TO ACCESS. (Tor The Onion)
What is Cyber Command's Mission Force? What does it look like?
The Cyber Command's Mission Force is Cybercom's action arm, and its teams execute the command's mission to direct, synchronize, and coordinate cyberspace operations in defense of the nation's interest
What happened in the United States vs. Warshak case?
The government agents violated the defendant's Fourth Amendment rights by compelling his Internet service provider (ISP) to turn over his emails without first obtaining a search warrant based on probable cause. However, constitutional violation notwithstanding, the evidence obtained with these emails was admissible at trial because the government agents relied in good faith on the Stored Communications Act (SCA). The court further declared that the SCA is unconstitutional to the extent that it allows the government to obtain emails without a warrant
What is meant by Net Neutrality?
The principle that Internet service providers should enable access to all content and applications regardless of the source, and without favoring or blocking particular product or websites.
What is the security dilemma and what two factors determine how it manifests?
The security dilemma relies on perception and the offense-defense balance. 1) Perception meaning of the actors' offense-defense balance by strategic planners and decision makers. 2) Offense-defense balance is where 2 actors' nature of military tech advantage the attacker or defender. Bringing forth the Security Dilemma itself- Efforts to enhance the ability of one state's lead on one or more foreign states to mobilize their own security in response.
How does Healey (in Fierce Domain) label the three phases of developing focus on cyber issues in the experience of the U.S. government?
The three phases discussed are: Realization, Takeoff and Militarization
What happened in the Katz vs. United States case? What is the OCCSSA?
This 1967 Supreme Court case prohibited illegal eavesdropping and extended the zone of privacy to include the home, office, person, and immediate public arena. Public phone booth phone tapped by FBI. OCCSSA: (1968) Omnibus Crime Control and Safe Streets Acts. Codified the Katz decision in law, under title 3 of the act- sets rules for obtaining wiretap orders in the United States.