Parsing Cyberwar – Part 4: The Best Defense is A Good Defense

Summary: In this series, Marcus Ranum, walks us through the basics of cyberconflict, in its various forms: the nature of the battlefield, logistics, and dynamics. Today he looks at methods of defense. While offense gets most of the attention, most organisations play only defense. So read and learn.


Article deleted at author’s request.


(6) Other chapters in the Parsing Cyberwar series

  1. The Battlefield
  2. The Logistical Train
  3. Synergies and Interference
  4. Patch #1 – Lessons from the Gauss malware
  5. The Best Defense is a Good Defense

(7)  For More Information

(a)  On the FM website see the FM Reference Page about Cyber-espionage and Cyber-war!, with links to Marcus Ranum’s other posts and a wide range of other resources.

(b)  Other articles about cyber:

  1. Get Internet Access When Your Government Shuts it Down, PC World, 28 January 2011 — “Does your government have an Internet kill-switch? Read our guide to Guerrilla Networking and be prepared for when the lines get cut.”
  2. Obama: Companies Must Step Up Cybersecurity Efforts, Russia Times, August 2012
  3. Pentagon Announces New Strategy: Rapidly Develop Cyberweapons to Attack Specific Targets, Popular Science, April 2012
  4. The Pentagon is Developing Cyberweapons that Launch Without Human Intervention, New American, June 2012
  5. Wikipedia entry on Basil Zaharoff
  6. With Plan X, Pentagon Seeks to spread US Military Might to Cyberspace, Washington Post, 30 May 2012 — turning to game companies and private developers.



13 thoughts on “Parsing Cyberwar – Part 4: The Best Defense is A Good Defense”

    1. That’s a really interesting story! We see several things:

      • Government tipped its hand by using government-oriented commercial malware
      • The malware that was used has now been identified and the targets have been conclusively shown that they are, indeed, targets. I expect they might get a bit more careful about how they use their computers. (Hint, guys: get a tosser laptop or an iPad to open attachments on and fill it with lots of random stuff culled from right-wing websites, fake emails between yourself and Dick Cheney, and thousands of copies of the FBI logo renamed with kidporn filenames. Then watch the traffic in and out of that laptop carefully.)
      • Anyone else who may be a target, who has half a brain, will realize that this is a real threat
      • The attack on the journalists was depressingly amateurish, for a spear-phish attack. Whatever government agency was behind it are keystone kops not well-trained scions of big brother
  1. Pingback: Latest Internet Security A News | Let's Talk About Business Firewall Software

  2. Marcus: “Expect the government to deal with it”

    Oh, yes, I expect that government will deal with it. In all four targets! Licensing internet access for all is the first measure in the line.

    1. I didn’t say that anyone in their right mind would actually expect the government to successfully deal with it!

      Licensing internet access for all? The only proposal I’ve heard along that line applies only to the plan to license internet access for the tinfoil hat brigade.

  3. Wired: "Darpa Looks to Make Cyberwar Routine With Secret ‘Plan X’"

    Darpa Looks to Make Cyberwar Routine With Secret ‘Plan X’“, Noah Shachtman, Wired, 21 August 2012:

    The Pentagon’s top research arm is unveiling a new, classified cyberwarfare project. But it’s not about building the next Stuxnet, Darpa swears. Instead, the just-introduced “Plan X” is designed to make online strikes a more routine part of U.S. military operations. That will make the son of Stuxnet easier to pull off — to, as Darpa puts it, “dominate the cyber battlespace.”

    Darpa spent years backing research that could shore up the nation’s cyberdefenses. “Plan X” is part of a growing and fairly recent push into offensive online operations by the Pentagon agency largely responsible for the internet’s creation. In recent months, everyone from the director of Darpa on down has pushed the need to improve — and normalize — America’s ability to unleash cyberattacks against its foes.

    That means building tools to help warplanners assemble and launch online strikes in a hurry. It means, under Plan X, figuring out ways to assess the damage caused by a new piece of friendly military malware before it’s unleashed. And it means putting together a sort of digital battlefield map that allows the generals to watch the fighting unfold, as former Darpa acting director Ken Gabriel told the Washington Post: “a rapid, high-order look of what the Internet looks like — of what the cyberspace looks like at any one point in time.”

    It’s not quite the same as building the weapons themselves, as Darpa notes in its introduction to the five-year, $100 million effort, issued on Monday: “The Plan X program is explicitly not funding research and development efforts in vulnerability analysis or cyberweapon generation.” (Emphasis in the original.)

    But it is certainly a complementary campaign. A classified kick-off meeting for interested researchers in scheduled for Sept. 20.

    The American defense and intelligence establishment has been reluctant at times to authorize network attacks, for fear that their effects could spread far beyond the target computers. On the eve of the Iraq invasion of 2003, for instance, the Bush administration made plans for a massive online strike on Baghdad’s financial system before discarding the idea out of collateral damage concerns.

    It’s not the only factor holding back such operations. U.S. military chiefs like National Security Agency director Gen. Keith Alexander have publicly expressed concern that America may not be able to properly respond to a national-level attack unless they’re given pre-defined battle plans and “standing rules of engagement” that would allow them to launch a counterstrike “at net speed.” Waiting more than a few moments might hurt the American ability to respond at all, these officers say.

    “Plan X” aims to solve both problems simultaneously, by automatically constructing mission plans that are as easy to execute as “the auto-pilot function in modern aircraft,” but contain “formal methods to provably quantify the potential battle damage from each synthesized mission plan.” Then, once the plan is launched, Darpa would like to have machines running on operating systems that can withstand the rigors of a full-blown online conflict: “hardened ‘battle units’ that can perform cyberwarfare functions such as battle damage monitoring, communication relay, weapon deployment, and adaptive defense.”

    The ability to operate in dangerous areas, pull potential missions off-the-shelf, and assess the impact of attacks — these are all commonplace for air, sea, and land forces today. The goal of Plan X is to give network-warfare troops the same tools. “To get it to the point where it’s a part of routine military operations,” explains Jim Lewis, a long-time analyst of online operations at the Center for Strategic and International Studies.

    Of course, many critics of U.S. policy believe the deployment of cyberweapons is already too routine. America’s online espionage campaign against Iran has been deeply controversial, both at home and abroad. The Russian government and its allies believe that cyberweapons ought to be banned by international treaty. Here in the U.S., there’s a fear that, by unleashing Stuxnet and other military-grade malware, the Obama administration legitimized such attacks as a tool of statecraft — and invited other nations to strike our fragile infrastructure.

    The Darpa effort is being lead, fittingly, by a former hacker and defense contractor. Daniel Roelker helped start the intrusion detection company Sourcefire and the DC Black Ops unit of Raytheon SI Government Solutions. In a November 2011 presentation (.pdf), Roelker decried the current, “hacker vs. hacker” approach to online combat. It doesn’t scale well — there are only so many technically skilled people — and it’s limited in how fast it can be executed. “We don’t win wars by out-hiring an adversary, we win through technology,” he added.

    Instead, Roelker continued, the U.S. needs a suite of tools to analyze the network, automate the execution of cyberattacks, and be sure of the results. At the time, he called these the “Pillars of Foundational Cyberwarfare.” Now, it’s simply known as Plan X.

  4. Panetta: "cyber attack could virtually cripple this country"

    Remarks by Secretary Panetta Aboard the USS John C. Stennis, Bremerton, Wash.

    We’ve got cyber threats. We live in a world now where we are receiving literally hundreds of thousands of cyber attacks every day. That’s the battlefield of the future. A cyber attack — we now live in a time when a cyber attack could virtually cripple this country, take down our grid system or power grid, take down our financial systems, take down our government system. And that’s another real threat that we confront as we face the future.

  5. Good to recognize how corporations have, as you put it, “nothing more that’s practical to do.”, because this is precisely the root of problem. This has been the status quo for too long, as long term strategies are now being created based on the assumption this will continue to be the case. I argue, that security products are around the corner which would dramatically change the necessary approaches. Imagine if drive-by hacking were a thing of the past, and all security professionals needed to be concerned about were directed attacks on your physical infrastructure or social engineering. Man, that’d be cool. Might even make the infosec job a lot more fun.

  6. NYRB reviews new books about cybercrime & cyberwar

    NYRB reviews new books about cybercrime & cyberwar – new frontiers of the 21st century, so far unexplored.

    Are Hackers Heroes?“, Sue Halpern, New York Review of Books, 27 September 2012

    • DarkMarket: Cyberthieves, Cybercops and You by Misha Glenny
    • Ghost in the Wires: My Adventures as the World’s Most Wanted Hacker by Kevin Mitnick with William L. Simon
    • We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency by Parmy Olson
    • Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power by David E. Sanger
  7. Dropping a country off the internet – not as easy as it sounds: “Updated: Paint it black—How Syria methodically erased itself from ‘Net“, Ars Technica, 1 December 2012 — “Now over (for the moment) Syria’s blackout was carefully planned, with no leaks”.

    It’s interesting to see that the Syrian Government had to do a test, first, to see if their blocks worked. An attacker preparing to drop a country off the internet wouldn’t have that luxury – they’d have to get it right the first time. (And, as the Ars Technica article indicates, they’d need to coordinate it with taking down land lines that could used for dialup access)

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top
%d bloggers like this: