Total Pageviews

Friday, April 24, 2015

The U.S. Department of Defense Cyber Strategy 2015

Le Département de la Défense américain vient de publier une nouvelle cyberstratégie (23 avril 2015) (The Department of Defense Cyber Strategy 2015, 17 avril 2015, 33 pages)[1]. Le précédent document de ce type datait de 2011.
Le DoD a trois missions principales dans le cyberespace: défendre les réseaux, les systèmes et l'information du Département de la Défense, défendre le territoire américain et les intérêts nationaux contre toute forme de cyberattaque importante, soutenir les projets opérationnels.
Le document propose 5 objectifs stratégiques principaux:
- Construire et maintenir des forces et capacités pour mener des opérations dans le cyberespace
- Défendre le réseau du Département de la Défense
- Sécuriser les données du Département et réduire les risques
- Se tenir prêt à défendre le territoire américain et les intérêts vitaux du pays contre des cyberattaques perturbatrices ou destructrices, aux conséquences majeures
- Elaborer et préparer des options cyber viables, et planifier leur mise en application, pour contenir l'escalade du conflit et maîtriser l'environnement du conflit à tous les niveaux
- Construire et maintenir des alliances et partenariats internationaux solides, pour dissuader les menaces communes et accroître la sécurité et stabilité internationale.  

Cette nouvelle stratégie ne nous surprend pas: les Etats-Unis sont déterminés à se protéger des cyberattaques, et à faire de l'armée l'un des acteurs de la défense dans le cyberespace des intérêts de la nation, tout en poursuivant le développement capacitaire, matériel (avec notamment une amélioration de la coordination des politiques d'acquisition et développement, pour l'heure non coordonnées, et laissant à chaque branche la responsabilité de ses acquisitions, de ses choix en matière de plates-formes cyber) mais aussi humain (6200 cyber-opérateurs composeront cette force cyber, organisés autour de trois mission: la défense des réseaux du département; la protection du territoire américain et de ses intérêts vitaux; le développement de cybercapacités pour les opérations militaires)[2], utile à toutes ces missions, et à l'intégration totale des cyber-capacités dans les opérations militaires. La dissuasion et l'attribution, la prévision, la détection anticipée des menaces, la résilience des réseaux,  restent des objectifs majeurs, tout comme la coopération, les alliances, les partenariats internationaux. La stratégie désigne plus précisément le Moyen-Orient, l'Asie Pacifique, et les alliés de l'OTAN. Ce vaste programme supposera des investissements sur le long terme importants, et des efforts en R&D mobilisant industrie, monde académique, et défense.



[1] http://www.defense.gov/home/features/2015/0415_cyber-strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf
[2] http://csis.org/publication/2015-dod-cyber-strategy

Wednesday, April 22, 2015

Article Le Point. Cybersécurité: une faille reste toujours possible.

Cybersécurité: une faille reste toujours possible. Le Point. 22 avril 2015. Entretien accordé par Daniel Ventre à Jean Guisnel., à propos des cyberattaques subies par TV5 Monde. 

Appel à contribution pour un numéro thématique de la revue Réseaux : Le crime en ligne

Appel à contribution pour un numéro thématique de la revue Réseaux: Le crime en ligne. 
Bilel Benbouzid et Daniel Ventre (coordonnateurs). 
Les propositions de textes sont à envoyer avant le 15 novembre 2015. Texte de l'appel à contribution. 

Sunday, April 12, 2015

Cyberstratégie

"Cyberstratégie", chapitre rédigé par Daniel Ventre, contribution (pages 333-348) à l'ouvrage collectif "Guerre et Stratégie. Approches, Concepts", publié sous la direction de Stéphane Taillat, Joseph Henrotin, Olivier Schmitt, aux éditions PUF, avril 2015, 530 pages. 

Thursday, April 9, 2015

State, Society and Information Technology in Asia: Alterity between Online and Offline Politics

State, Society and Information Technology in Asia: Alterity between Online and Offline Politics, edited by ALAN CHONG and FAIZAL BIN YAHYA. UK: Ashgate, January 2015). ISBN: 978-1-4724-4380-9

Many maintain that the arrival of computers networked across sovereign borders and physical barriers is a liberating force that will produce a global dialogue of liberal hues but this book argues that this dominant paradigm needs to be supplemented by the perspective of alterity in the impact of Information Technology in different regions. Local experts draw upon a range of Asian cases to demonstrate how alterity, defined here as a condition of privileging the hitherto marginal and subterranean aspects of a capitalist world order through the capabilities of information and communications technologies, offers an alternative to the paradigm of inevitable material advances and political liberalization.
Calling attention to the unique social and political uses being made of IT in Asia in the service of offline and online causes predominantly filtered by pre-existing social milieus the contributors examine the multiple dimensions of Asian differences in the sociology and politics of IT and show how present trends suggest that advanced electronic media will not necessarily be embraced in a smooth, unilinear fashion throughout Asia. This book will appeal to any reader interested in the nexus between society and IT in Asia.
About the Editor: 
- Alan Chong is Associate Professor at the S. Rajaratnam School of International Studies in Singapore. 
Faizal Bin Yahya is a Research Fellow at the Institute of Policy Studies, Lee Kuan Yew School of Public Policy, National University of Singapore

Who is the ISIS group "Cyber Caliphate"?

It is a group which claims affiliation to the Islamic State.  It has already led a few remarkable actions: 
  • It hacked the Twitter and YouTube accounts of the US Central Command in January of 2015.  Media insisted, back then, on the American Defense system's vulnerabilities (« it shows the sorry state of cyber security in the US government »), but also on the hackers' level [1].  Messages aired by the hackers were, in substance, the same as those spread today in the TV5 attack: threats to individuals, against soldiers (« American Soldiers, We are Coming, Watch your back ») [2]. Still  in January of 2015, these hackers posted pro-ISIS messages on the Twitter feeds of Fox, CBS and local media [3].
  • Attacks on media are therefore part of a group strategy.  Ian Amit, vice-president of Zero-Fox, declared in January of 2015 that the group probably had a long list of media it intended to attack [4].   
  • Hacking of the Newsweek Twitter account, in February of 2015 [5]
  • In September 2014, articles described development strategies for the Islamic State offensive cyber-capacities, the movement wishing to extend its reach within cyberspace.  The name of a British national was even mentioned, as one of the leaders of the cyber-project [6].  For instance, hackers sign website defacing with the name ISIS [7]. In 2013, website defacing were signed « The Caliphate » [8].




Cyberattacks against TV5

In the night between April 8 and 9, 2015, TV5 was the target of a large cyberattack.  The channel's emitting capacity was impaired for several hours, and its websites, Facebook and Twitter accounts were also targeted.  The attack is signed by agents claiming affiliation to the Islamic State.  This event, which will necessarily receive wide media coverage, given the nature of the target, calls for several immediate comments.
  • The number of cyberattacks hitting various targets in the world has not stopped growing the past decades.  The network implantation accelerated at the turn of the 90s, as society becomes more and more interconnected, computerized and dependant on these systems.  Computerization of our societies has opened breaches hackers haven't stopped using.  The attack suffered by the TV5 channel is therefore surprising, no doubt by its amplitude, its effects, but isn't so much when taken within its context.  Potentially, any connected and computerized system is exposed to such actions. 
  • Is it a first? No. Many media have suffered these past few months cyberattacks, claimed by Cyber Caliphate, pro-ISIS hacker groups (Fox, CBS, Newsweek).
  • Cyberattacks are rarely improvised.  To attack a system, it must be tested, assayed, and such an attack requires preparation.  Unless all of TV5's systems were so fragile that a lucky find opened all the gates.  If the operation was prepared, it may have included a discrete and undetected intrusion beforehand.  The technical investigation will establish whether the hackers left traces and if these traces can talk, provide sufficient clues to ascertain the modus operandi, or even the authors of the attacks.
  • Facing a cyberattack, the stakes are always the same:
    • To whom will the attack be attributed, how will the authors be identified?  Claims and messages posted on hacked websites point towards the Islamic State.  But this isn't enough : where did the authors operate from?  Who are they really?  Are these sympathisers, or are we outright dealing with the Islamic State?This phase of the investigation is no doubt the most difficult, because cyberspace allows for track covering, and trace dissimulation.  Several hypotheses will be looked into : did the hackers act from abroad?  From France?  Should the assailants be sought outside the company?  Did they extensively prepare their operation, did they leave traces, clues?
    • How will we act, or react?  This is a terrorist act (defined as any action  linked to a terrorist movement): which response is appropriate?
    • Which breaches were used by the assailants?  Are there others?  Could the assailants repeat the feat against other media, other companies?  If TV5 was hit, how do we ensure other media aren't hit in hours, days or weeks to come?
  • "Cyber" is part of societies, therefore it is also part of conflicts, and a key part at that.  No doubt has the public been made more aware of this with the media coverage given to the Islamic State on social media (execution footage, namely, but also calls for djihad and recruitment).  The phenomenon was broadly visible when thousands of French websites were hacked the day after the Paris terrorist attacks.  But cyberterrorism, agressive cyber-operations, cyberspace exploitation by terrorists, belligerants and fighters, also extends to operations capable of paralysing systems.  Potentially, the number of targets is infinite.  In this case, media were hit, and the action was engineered to carry a message.  But it can be expected that other types of systems, industrial and critical, may be targeted later on.
  • In cyberspace, adversaries are the same as in the tangible world.  We are not dealing with two worlds, two disconnected spaces, with each their realities, logics, balances and strength ratios.