This book provides a detailed examination of the threats and dangers facing the West at the far end of the cybersecurity spectrum. It concentrates on threats to critical infrastructure which includes major public utilities. It focusses on the threats posed by the two most potent adversaries/competitors to the West, Russia and China, whilst considering threats posed by Iran and North Korea. The arguments and themes are empirically driven but are also driven by the need to evolve the nascent debate on cyberwarfare and conceptions of ‘cyberwar’. This book seeks to progress both conceptions and define them more tightly. This accessibly written book speaks to those interested in cybersecurity, international relations and international security, law, criminology, psychology as well as to the technical cybersecurity community, those in industry, governments, policing, law making and law enforcement, and in militaries (particularly NATO members).
Author(s): Kristan Stoddart
Series: Palgrave Studies in Cybercrime and Cybersecurity
Publisher: Palgrave Macmillan
Year: 2022
Language: English
Pages: 549
City: Cham
Acknowledgments
Contents
Abbreviations and Concepts
List of Figures
1 Introduction
Cyberwar and Critical Infrastructure
The Threat Actors
The Cyber Context: States as Targets and Attackers
Cybercriminals and Their Usefulness as ‘Proxies’ and ‘Privateers’
The Threat Landscape
Machine Learning, Artificial Intelligence, and High Performance (Quantum) Computing
Critical Infrastructure: ICS and SCADA
Subdue the Enemy Without Fighting
Cyber: The Fifth Domain of Warfare
A Short Guide to Terminology
Malware
Cyber Forensics
Overview
Notes
2 On Cyberwar: Theorizing Cyberwarfare Through Attacks on Critical Infrastructure—Reality, Potential, and Debates
Introduction
The Fog of Cyberwar
What Is Cyberwar(fare)?
Cyberwar Deconstructed
Hybrid Warfare
International Law: JWT and the LOAC
Rules of Engagement
The Tallinn Manuals and the Cyberwarfare Debate
Cyberwar Against Critical Infrastructure as a War Winner
The Failure of Cyber Deterrence and the Attribution Problem
Iran
North Korea
Policy and Debates in the United States
The 2018 U.S. National Cyber Strategy: CISA and the Biden Administration
The U.S. Military and ‘Forward Defense’
Conclusion
Notes
3 Cyberwar: Attacking Critical Infrastructure
Introduction
SCADA Systems and Critical Infrastructure
Proof-of-Concept: Aurora and Stuxnet
The Implications of Aurora and Stuxnet
Real-World Cases
Electricity Generation and Distribution
Electricity Producing Sites Include Nuclear Power Stations
Water Treatment and Sanitation
Dams and Reservoirs
The Oil and Gas Industry: Rigs, Refineries, and Pipelines
Chemical Plants
Ports and Logistics
Merchant Shipping
Road and Rail
Civil Aviation
The Good News
The Bad News
Ukraine and Russia’s 2022 Invasion
Conclusion
Notes
4 Gaining Access: Attack and Defense Methods and Legacy Systems
Introduction
Common Technical Attack Methods
Drive-by Downloads
Watering Hole Attacks
Man-in-the-Middle/Session HIJACKING
Zero-Days
Rootkits
Remote Access Trojans (RATs)
The Use of Mobile/Cellular Devices and Remote Access
Script Kiddies or Nation-States?
Common TTPs
Counters and Defenses
Firewalls
Demilitarized Zones (DMZs)
Intrusion Detection Systems (IDS): HIDS/SIDS/HIPS
Honeypots and Honeytraps
Signature and Behavior-Based Malware Detection
Sandboxing
Packet Sniffers
Application Whitelisting
Security Information and Event Management
Blockchain
Pressing the Reset
The Zero Trust Security Model
Legacy Systems: In-Built Vulnerabilities in Critical Infrastructure
Legacy Systems of the U.S. Government
Industry and the Costs of ‘Keeping the Lights On’
Patching
Targeting Supply Chains
Conclusion
Notes
5 Hacking the Human
Introduction
Social Engineering
Examples of Social Engineering
Exploiting Cognitive and Behavioral Psychology
Hacking the Human
Spear Phishing
Mitigating Spear Phishing
Spear Phishing Attack Tools and Websites
State Intelligence: HUMINT Beyond Social Engineering
The ‘Birds Eye’ Macro View and the Micro Level of HUMINT
Human Sources and Human Agency
Cyber Defense and Offense
Defending Insider Threats
Mitigation and the Insider Threat
Physical Security I
Physical Security II: The CIA Triad and ‘Full Disclosure’
The Cybersecurity Workforce Deficit
Computer Emergency Response Teams
Cyber Threat Intelligence and the Cybersecurity Community
Industry and Government Backed Self-Help Groups
Conclusion
Notes
6 Non and Sub-State Actors: Cybercrime, Terrorism, and Hackers
Introduction
Outsider Threats, Insider Threats, and Target Spotting
Hackers, Hacking Groups, and Social Engineering
Social Network Analysis
SNA as a Law Enforcement and Intelligence Tool
Terrorism
Encryption and the Risk of ‘Going Dark’
State-Backed/State-Sanctioned Cybercrime
Cybercriminals and States
‘Dark Net’ Markets
Organized Crime, Ransomware, and the ‘Dark Net’
WannaCry and Petya/NotPetya
The Cloak of Attribution: The Use of Proxy Actors by States
Conclusion
Notes
7 Conclusion
On Cyberwarfare
Attacking Critical Infrastructure
Pinprick Attacks and First Strike
Cybersecurity Defenses: Risk Management and Legacy Systems
Hacking the Human
Reducing Risk
Risk Management and Resilience
States as Advanced Persistent Threats
The U.S. Intelligence Community and a ‘Whole of Nation’ Effort
Zugzwang
Notes
Bibliography
Index