After completing these activities you should be able to:Cyber Aspects
The cyber domain is a big field that overlaps many disciplines. The August 2009 initial report of the Dean's Cyber Warfare Ad Hoc Committee included the following:
SY110 is an introduction to the technical core described in the excerpt. The material we cover is organized into three sections:
This portion of the course will teach you about the basic components that constitute what is generally called cyberspace. Starting with digital data, the physical computer, operating systems, and programs; and continuing with the Web, the Internet, and both wired and wireless networks.
There are some theoretical underpinnings to what it is we are protecting (or attacking) in the cyber domain, and how we make rational decisions about security in the cyber domain (cyber security). Additionally, there are a few broad categories of tools — firewalls, encryption, hashing, policies and procedures — that we combine in different ways to meet different security goals.
In this portion of the course we study digital forensics, cyber reconnaissance, cyber attack, and cyber defense. The last three labs actually have you and your classmates conducting cyber operations in a controlled environment — i.e. actually mapping out an opponent's network, actually performing and defending against cyber attacks.
Based on your current understanding what do you think comprises the cyber domain? You probably agree that your laptop is a part of the cyber domain, and you are correct. But are there other aspects of the cyber domain beyond computers? The answer is yes. The cyber domain is comprised of much more than just computers connected to a network. The cyber domain also consists of physical systems connected to computers. The location of the those systems is a part of the cyber domain — the system of interest on the USNA grounds, is the system in the U.S., is the system in Australia , is the system in Turkey, is the system in China.
There is a human factor to the cyber domain, and it is not just the geopolitical aspect of the cyber domain. We continually see that the human is the weakest link in the cyber domain. Human nature has driven many technological advances, but human nature has also been the initial attack vector in many cyber security incidents.
The cyber domain is comprised of the users (generally humans at this point) [persona], devices and software that users interact with [interface], logic used by devices and software systems [logic], circuits that provide paths for logic to flow [circuit], and location of the circuits, physical systems, and users [geographic].
The cyber domain is founded in technical principles. The cyber domain is a part of our world. We must be able to operate in the cyber domain as individuals, as organizations, and as defenders of nations. As we become more interconnected we become more dependent on the cyber domain.
Persona Aspects represent users that have a role (persona) in the cyber domain. At different times a single person may have multiple personas in the cyber domain. By the nature of you reading and interacting with this website you are a part of the cyber domain.
Interface Aspects represent the hardware devices and software that users interact with to provide input into other components in the cyber domain. Historical interface devices included keyboards and mice, today touch screens, microphones, and even cameras are common place. In the future the interface may be long term implants inside our bodies.
Data Aspects represent the information that is stored within the information systems; i.e. the meaning of the raw data that are flowing between or stored in systems in the cyber domain.
Network Aspects represent the paths that data flow across between systems or systems that store data; i.e. the raw data.
Geographic Aspects represent the physical location of the user, system, or data paths. Geographic aspects include natural boundaries and geopolitical boundaries (borders separating human defined regions).
In a standard layer model there are clearly defined interactions between adjacent layers, and typically a layer only interacts with the layer directly above or below it. The cyber domain is more complex than a simple layer model. In the cyber domain entities associated with one aspect can have many simultaneous interactions with adjacent aspects. Additionally, interactions can skip traditional layers and interact with non-adjacent aspects.
Furthermore the interactions between the aspects are continually changing in number of interactions, and how the interactions are occurring. The same interaction that was safe yesterday might not be safe today. Nonetheless, we must operate in the cyber domain.
The cyber domain is too complex and large to cover all of the areas in a single course, much less all of the areas in great detail. In this course we will focus on the technical foundations from a cyber security view point. Primarily Persona Aspects, Interface Aspects, and Data Aspects. There will be times when we discuss Network Aspects and Geographic Aspects, but future courses in your time at the Naval Academy will cover those aspects in greater detail.
During the course, we will learn about the Cyber Battlefield — digital data, computers, operating systems, programs, networks, the Internet, systems of programs communicating over networks (with the world wide web as the biggest example). We will see lots of examples of things that can go wrong in the cyber domain — things that we recognize as dangerous, things that we recognize we need to defend against. But what, actually, are we actually defending?
This is a deeper question than it might first appear. Understanding the answer will help us understand what attacks are, how to defend against them, and even help us understand what we really want when we ask for "security".
What then? We have information systems that store, process, and transmit data to different parts of the system in order to provide services — what service depends on the system. For example, Skype is a system that provides video, telephone, and chat services. Security for Skype means the on-going ability to provide their service while maintaining the following key attributes:
These attributes are referred to as the Pillars of Cyber Security (formerly Pillars of Information Assurance). And for almost any information system, they describe the fundamental properties that must be maintained. Essentially, these properties are what we want to protect (or attack, if you're on the other side). Information Assurance (IA) is the practice of managing risks while maintaining these properties. Malicious human threats are not the only kind information assurance considers — a hungry squirrel might gnaw through a cable and bring down a server. Protecting against this is information assurance, though not really cyber security. We'll focus on the cyber security related aspects of IA. [More seriously: IA includes concerns like could extreme weather take down the Internet?]
As with with any domain there are specific definitions for terms; the following are the definitions for the Pillars of Cyber Security.
There is some overlap between the Pillars of Cyber Security. In many cases a defensive measure will protect more than one pillar. In many cases a particular attack will violate more than one. Often the question of what pillars were violated by an action is somewhat subjective, and depends on the viewpoint from which you are asking.
There is a close relationship between non-repudiation and authentication, but they are separate. Authentication is compromised when an attacker has the ability to pose as another individual or system, often by stealing valid authentication credentials. In contrast, non-repudiation reflects our ability to prove later, after the fact, that an action is associated with a specific individual or entity. Very often, log entries or digital signatures of events (which we will cover later) are used to provide non-repudiation, so a violation occurs when the logging or signature mechanism is compromised. One example is the digital signature you can place on a document, using something that is associated with you (a digital certificate, for example). Non-repudiation establishes that, later on, an analysis of the signed document can show, with high certainty, that it must have been signed by someone who possessed that digital certificate.
Some organizations and publications limit their discussion of Cyber Security pillars to confidentiality, integrity, and availability; other organizations list many more. While the overall number of pillars/attributes that must be maintained in supporting information assurance is debated, the inclusion of confidentiality, integrity, and availability is nearly universal. In this course, we also include non-repudiation and authentication as distinct pillars.
Understanding something as an attack requires understanding which of the five pillars are violated — which properties are lost. Let's consider some examples.
Although there aren't many publicized examples of non-repudiation violations, or 'repudiation attacks,' the following are some general examples:
2009. Initial Report of the Dean's Cyber Warfare Ad Hoc Committee. Annapolis: August 21, 2009.
Committee on National Security Systems. 2015. Committee on National Security Systems (CNSS) Glossary. Ft. Meade, MD: April 6, 2015.
Department of Defense. 2014. DodI 8500.01: Cybersecurity. Washington: March 14, 2014.
Fruhlinger, Josh. 2017. "What Is Stuxnet, Who Created It and How Does It Work?" CSO Online, August 22, 2017.
Krebs, Brian. 2013. "Cards Stolen in Target Breach Flood Underground Markets." Krebs on Security, December 20, 2013.
Krebs, Brian. 2013. "Sources: Target Investigating Data Breach." Krebs on Security, December 18, 2013.
Joint Force Development. 2018. Joint Publication 3-12: Cyberspace Operations. June 8, 2018.
Markoff, John. 2008. "Before the Gunfire, Cyberattacks" New York Times, August 12, 2008.
Richmond, Riva. 2011. "The RSA Hack: How They Did It" New York Times, April 2, 2011.
U.S. Code. 2012. Title 44 - Public Printing and Documents Section 3542. Washington: Government Printing Office, January 3, 2012.