Presentation from 2019 CYBERWARCON covering layered/sequenced use of different disciplines of information operations (including cyber attacks) for critical infrastructure disruption.
18. • Use lots of zero days!
• Destroy centrifuges!
• Eliminate Iranian nuclear enrichment activity
Popular
Conception
• Increase operational variation in centrifuges, increasing
failure rate
• Form a contributing part to a wider campaign to increase
cost/reduce effectiveness of Iranian enrichment program
Reality
19. Direct Impact
• Some process disruption
• Equipment failure
Indirect
Impact
• Operators could no longer
trust the process
• Leadership no longer trusted
scientists, supply chain
Additional Efforts to
Impact Leadership
Decision-Making
• Sanctions, diplomatic Efforts
• Covert action, sabotage
(Olympic Games)
Result
• Uranium still enriched
• Trust in process reduced
• Cost of program significantly
increased
20. Increase cost of enrichment program
Combined with physical & IO measures,
emphasized risk of current activity
Likely facilitated JCPOA negotiations,
alter NCA decision calculus
21. General Conception
• Turn the lights off
• Enable the Zombie
Apocalypse
Additional
Opportunities
• Undermine public
confidence in
infrastructure
• Create economic
“friction”
29. Gain access to
target utility
networks or
physical
infrastructure
Induce outage,
interruption, or
other noticeable
effect
Follow up
disruption with
magnification to
increase
perception, reach
Allow victim
responses to
produce negative
consequences
36. • JCS JP 3-13 – Information Operations (https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp3_13.pdf)
• Stuxnet to CRASHOVERRIDE to TRISIS: Evaluating the History and Future of Integrity-Based Attacks on Industrial
Environments (https://dragos.com/wp-content/uploads/Past-and-Future-of-Integrity-Based-ICS-Attacks.pdf)
• Analysis of the Cyber Attack on the Ukrainian Power Grid – (https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf)
• Defend Forward (https://pylos.co/2019/06/05/defend-forward/)
• Kicked While Down: Critical Infrastructure Amplification and Messaging Attacks (https://pylos.co/2019/08/13/kicked-while-
down-critical-infrastructure-amplification-and-messaging-attacks/)