How to Fight and Win the New Cyberwar article by Dr. Steve Belovich featured on Infosec Island.

Join in the discussion and view article on Infosec Island here.

How to Fight and Win the New Cyberwar

We are losing the cyberwar. The presentation that you can download below will explain how to fight and win this new war. It will also explain why what we are doing now not only won't work, but it can't work because the net-centric defense approach is fundamentally flawed.

I will begin with the cyberwar "sitrep" which is a snapshot of where we are right now. This includes the offensive and defensive purposes of cyberwar and how new requirements for connectivity greatly increases risk. I'll also list the personnel issues, technical issues, economic issues ad management issues involved on the cyber battlefield. 

Next I'll cover security technology including firewalls and how to hack them, anti-virus software and why it is ultimately ineffective. I'll list various encryption techniques, the most effective of them being CKM (Constructive Key Management). The three basic hacking techniques of footprinting, scanning and enumeration will also be described followed by network hacking for "zombie" creation. 

I'll then describe medical device hacking, automobile hacking which means making your instruments and onboard computers behave erroneously, "on the bus" hacking via SmartPhones, LEO (Law Enforcement Officer) X25 radio hacking through reverse engineering and even non-electronic hacking using the advanced 4GS phones' improved accelerometers and AI techniques for keystroke capture. 

The history of the cyberwar battlefield will then be described because it's important to understand how we got in this mess in order for us to craft an effective solution. A problem that is not understood cannot be solved. 

I will cover software structure, security research results, DoD 5200.28 and ISO15408 secure system standards. I will describe what can be done and what cannot be done in the cyber battle. What objectives are useful and achievable and which objectives are not useful and are unachievable.

I'll wrap up with how to win the cyberwar with existing technologies, an approach and policies that, if properly put in place, will give us all 100% confidence in the security of our data and maintaining our 24-by-7 operational continuity. 

Infosec Island is an online community for network and IT professionals who manage information, security, risk and compliance issues.

  • 2012-08-14