What Would You Do With a Nation-State Cyber Army?

Wednesday, January 17, 2018 - 9:00 am9:30 am

Greg Conti, Director of Security Research, IronNet Cybersecurity

Abstract: 

How do people with an army-sized cyber force think about cyber operations? One thing is for sure, it is not how we grew up thinking about traditional information security. Information security, while important, fails to capture the scale, audacity, capabilities, and resources of government-backed cyber operations.

Over the past 10 years we have seen the rise of massive nation-state cyber forces and we’ve felt the impact, from catastrophic data spills to destructive cyber attacks to influence on the U.S. presidential election. Like it or not, cyber conflict is raging now and is likely to get worse before it gets better.

From Clausewitz and Jomini to the present, militaries have learned how to fight at scale on the physical battlefield. For example, the United States fielded and coordinated actions of almost 100 divisions of 10,000-15,000 people each to fight around the globe in World War II. Militaries are now organizing, training, and equipping forces and learning to fight at scale in cyberspace. What we’ve experienced so far is only a first taste.

In this talk we will look at time-tested military techniques and study how they may be used to support offensive and defensive cyber operations. We’ll focus on key examples: effects based operations, targeting, deception, center of gravity analysis, command and control, and cyber-enabled information operations, and we’ll provide pointers to many more.

These insights will help prepare network defenders and security researchers for what is coming, help you to better understand the mindset of those attacking you, and convince you we aren’t thinking big enough.

Greg Conti, Director of Security Research, IronNet Cybersecurity

Gregory Conti is Director of Security Research at IronNet Cybersecurity. Formerly he served on the West Point faculty for more than a decade where he led their cybersecurity research and education efforts. During his career in the Army he served in a variety of Signals Intelligence and Cyber Operations assignments, deploying to Iraq as Officer-in-Charge of U.S. Cyber Command's Expeditionary Cyber Support Team and as a Senior Advisor in the U.S. Cyber Command Commander's Action Group where he co-developed the Joint Advanced Cyber Warfare Course. Gregory is the author of the new book, On Cyber: Towards an Operation Art for Cyber Operations (Kopidion Press), as well as approximately 75 articles and papers covering online privacy, usable security, cyber conflict, and security visualization. He has spoken at numerous security conferences, including Black Hat, DEFCON, RSA, ShmooCon, HOPE, Google Ideas, and the NATO Conference on Cyber Conflict. Conti holds a B.S. from West Point, an M.S. from Johns Hopkins University, and a Ph.D. from the Georgia Institute of Technology, all in computer science. He may be found online at www.gregconti.com and on Twitter as @cyberbgone.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {208183,
author = {Greg Conti},
title = {What Would You Do With a {Nation-State} Cyber Army?},
booktitle = {Enigma 2018 (Enigma 2018)},
year = {2018},
address = {Santa Clara, CA},
url = {https://www.usenix.org/node/208184},
publisher = {USENIX Association},
month = jan
}

Presentation Video