- Proceedings of the 2001 IEEE Workshop on Information
ASsurance and Security United States Military Academy, West Point, NY,
5-6 June 2001
-
- Candidate Principles of Cyber-Warfare
-
- A. Cyber-warfare must have kinetic world effects
-
- Cyber-warfare is meaningless unless it affects someone
or something in the non-cyber world...
-
- Examples of affecting physical world entities abound
- we have proposed attacks that would manipulate an electrical power-grid
into failure...
-
- B. One can take active steps to hide in the cyber world,
but everything one does is visible; the question is whether someone is
looking.
-
- Any actions that a combatant takes in [the cyber] world
require the movement or manipulation of data. The very fact that one attempts
to conduct cyber-warfare means that some bit in some data stream is changed
to reflect one's presence and actions... this is only useful to the defender
if they are looking; and there's the rub. Our experience can be summed
up in the sound-byte "Sensors don't."
-
- ...the cyber-warfare protagonist must try to hide the
evidence within the existing data streams. Sensors looking for cyber attacks
have to distinguish between bits that are an artifact of the attacker and
the overwhelming majority that are normal activity. This is made more complicated
by using normal activity to conduct an attack. Intrusion detection systems
cannot distinguish between a normal database user and an adversary manipulating
the database as that user.
-
- -----
-
- D. Some entity within the cyber world has the authority,
access, or ability to perform any action an attacker desires to perform.
The attacker's goal is to assume the identity of that entity, in some fashion.
-
- ...there is always something or someone who can do what
the cyber-combatant wishes to do. Most of the steps in any attack in cyber-warfare
are simply intended to assume the identity of the entity that can perform
the desired action...
-
- During the course of many exercises, we have discovered
and stolen the identities of ordinary users, database administrators, system
programs... and developers. In every case, we first found out who or what
could perform the action and then worked to assume that identity.
-
- -----
-
- H. Physical limitations of distance and space to not
apply to the cyber world.
-
- In cyber world, physical distance is not an obstacle
to conducting attacks. A cyber attack can be executed with equal effectiveness
from the other side of the earth as from the next room.
-
- http://www.itoc.usma.edu/Workshop/2001/Authors/Submitted_Abstracts/paperT2C1(10).pdf
|