2007 Aurora Test Cyberwarfare is generally state-on-state action - - PowerPoint PPT Presentation

▶

Oct 31, 2023 105 likes •237 views

2007 Aurora Test Cyberwarfare is generally state-on-state action equivalent to an armed attack or use of force in cyberspace that may trigger a military response with a proportional kinetic use of force. Cyberterrorism can be considered

SLIDE 1

2007 Aurora Test

SLIDE 2

Cyberwarfare is generally state-on-state action equivalent to an

armed attack or use of force in cyberspace that may trigger a military response with a proportional kinetic use of force.

Cyberterrorism can be considered “the premeditated use of

disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.”

Cybercrime includes unauthorized network breaches and theft
f intellectual property and other data; it can be financially

motivated, and response is typically the jurisdiction of law enforcement agencies.

Cyberactivism is when individuals perform cyberattacks for

pleasure, philosophical, political, or other nonmonetary reasons

SLIDE 3

Saudi-Aramco 2012

In August 2012 a series of cyberattacks were directed

against Saudi Aramco, the world’s largest oil and gas producer.

The destructive attacks compromised 30,000 computers

and the code was apparently designed to disrupt or halt

il production.
Numerous groups, some with links to nations with
bjectives counter to Saudi Arabia, have claimed credit

for this incident.

SLIDE 4

IEEE Spectrum, Feb 2013

SLIDE 5

Russia v. Ukraine 2015-2016

SLIDE 6

WannaCry (2017)
$4B-$8B
NotPetya (2017)
$10B
Most devastating

cyberattack (so far)

Ransomware (2018+)
Atlanta $10M

Destructive malware attacks == Cyberwar ?

Mike McQuade

SLIDE 7

Full detail: https://csis-prod.s3.amazonaws.com/s3fs-public/

190904_Significant_Cyber_Events_List.pdf

CSIS Technology Policy Program | Source: CSIS & Hackmageddon

SLIDE 8

Hackmageddon Statistics

September 2020

SLIDE 9

SLIDE 10

Smith’s proposed "Digital Geneva Convention" requirements

1. No targeting of tech companies, private sector, or critical infrastructure.
2. Assist private-sector efforts to detect, contain, respond to, and recover

from events.

3. Report vulnerabilities to vendors rather than stockpile, sell, or exploit

them.

4. Exercise restraint in developing cyberweapons and ensure that any

developed are limited, precise, and not reusable.

5. Commit nonproliferation activities to cyberweapons.
6. Limit offensive operations to avoid a mass event.

Microsoft President Brad Smith's RSA 2017 Keynote

SLIDE 11

Lawmakers worldwide want to "do something"

They need to ensure any new policies/regulations are CREME-y: Cooperative – they work together, rather than interfere with each

ther

Relevant – addressing a problem that really matters Enforceable – preventing violations or enabling detection and prosecution of violators Meaningful – addressing the identified problem in an effective manner Empowering – encouraging a culture of security

SLIDE 12