Showing posts with label Cyberterrorism. Show all posts
Showing posts with label Cyberterrorism. Show all posts

March 6, 2014

Beware of Botnets



Interesting video demonstration of how botnets work and can literally take over your computer.

In essence, your computer becomes a zombie under the command and control of the botnet sender.

Computers get infected through a trojan or worm, and then the sender has you--they control your computer and information.

Generally, they do this to send spam, steal information, or send out other malware, all under anonymity. 

Once infected, the sender has complete control over your computer and can exfiltrate, delete, or change your data, turn on the keyboard lights, add a tail to your mouse, and even format your hard drive. 

The malware often can even disable your firewall.

The sender can turn on a keylogger and log your keystrokes, and capture your user ids and passwords to banking and financial institutions, and draw out your money. 

The video demos an example of botnets with a variant of the Zeus trojan. 

Worth a watch.

Makes me wonder whether our adversaries are infecting more and more computers, until they have almost everyone--eventually a virtual army.

Then at the time of their choosing, they can conduct one big massive attack, or incremental ones, logging into peoples accounts, stealing their identities and savings, sending out misinformation, destroying data and computers en masse. 

We need to be aware of what's possible, maybe even probable. 

Is your computer infected and you don't even know it yet?
Share/Save/Bookmark

July 23, 2011

Getting To Swift Cyber Justice

Destroyed_computer

The first Department of Defense Strategy for Operating in Cyberspace is out (July 2011).

Of course, like the plans that came before (e.g. Cyberspace Policy Review), it emphasizes the imperative for cyberspace protection. Some highlights:

  • "DoD is particularly concerned with three areas of potential adversarial activity: theft or exploitation of data; disruption or denial or service of access or service..., and the destructive action--including corruption, manipulation, or direct activity that threatens to destroy or degrade network or connected systems."
  • "Cyber threats to U.S. national security go well beyond military targets and affects all aspects of society. Hackers and foreign governments are increasingly able to launch sophisticated intrusions into the networks and systems that control civilian infrastructure."
  • "Every year, an amount of intellectual property larger than that contained in the Library of Congress is stolen from networks maintained by U.S. businesses, universities, and government departments and agencies."

The strategies for cyberspace protection in the DoD plan include treating cyberspace as an operational domain; innovation; partnership; and so on. But we need to leverage our strengths even more.

As the Wall Street Journal pointed out on 15 July 2011: "The plan as described fails to engage on the hard issues, such as offense and attribution." If we can't even identify who's attacking us, and fight back with precision, then we're flailing.

Some may express the concern that we would have all-out war by attacking those who attack us. However, what is the alternative besides confronting our aggressors?

The concept of operations is straightforward: Any computer device that is used to attack us, would immediately be blocked and countered with equivalent or greater force and taken out of play.

This would mean that we are able to get past cyber-bot armies to the root computers that are initiating and controlling them, and dealing with them decisively. This would hold regardless of the source of the attack--individual or nation-state.

The DoD plan acknowledges our own unpreparedness: "Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity."

As in the Cold War, there must be no doubt with Cyber Warfare (as with nuclear) of our ability to inflict devastating second-strike or preemptive attacks with deadly precision.

Until we have unambiguous hunter-killer capability to identify and locate perpetrators of cyber attacks against us and the ability to impose swift justice, we are at the mercy of our aggressors.

We can only have peace in cyberspace when we have the strength to stand up and defend it.

Now we must move with cyber speed to build this capability and stand ready to execute our defenses.

Admiral Mike Mullen was quoted this week (18 July 2011) in Federal Times as saying: "The single biggest existential threat that's out there is cyber...It's a space that has no boundaries. It has no rules."

We must become even better--much better!

(Source Photo: here)

Share/Save/Bookmark

June 19, 2011

Crashing The Internet--Are We Prepared?


Almost week after week, I read and hear about the dangers of cyber attacks and whether "the big one" is coming.

The big one is what some experts have called a pending "digital Pearl Harbor."

Just last week, the Federal Times (13 June 2011) wrote that the "U.S. government computer networks are attacked about 1.8 billion times per month."


The Center for New American Security (CNAS) states that deterring and preventing cyber attacks will require "stronger and more proactive leadership."

Charles Dodd, a cyber security consultant in D.C. warns that "You've bought a stick to a gunfight, and you're arrogant about your capabilities."
So the question is--are we really paying attention to and being realistic about the probability and magnitude of the impact of the cyber threat out there?

Certainly, with so much critical infrastructure--from government, military, and private industry--dependent on the Internet, the effects of a concerted or prolonged cyber attack on our country would be devastating as documented most recently in The Lipman Report (October 2010) on "Threats to the Information Highway: Cyber Warfare, Cyber Terrorism, and Cyber Crime" as follows:

--"There is a great concern regarding the types of destructive attacks that are already occurring, but an even greater concern for the unknown that is yet to happen but is almost certainly even now in development. Cyberspace touches nearly every part of our daily lives."

It is in this regard that I read with serious concern today in ID Magazine (August 2011) that the University of Minnesota has "demonstrated in a simulation how an attack with a large botnet (a network of remotely-controlled PCs) could shut down the Internet."

And it took only 20 minutes to trigger the chain reaction in which "manipulated routers overloaded all other Internet routers worldwide...mak[ing] it impossible for Internet address to be found."
Granted it would take around 250,000 computers to carry out such an attack, but with the billions of people online with computer devices of all sorts...that does not seem like an inordinate amount to press forward with for a coordinated attack.

So the Internet in theory can be crashed!

Just think for a moment about how that would impact you and what you do every day...would anything be the same? Could we even function normally anymore?

As we move more and more of our applications, data, and infrastructure online to the cloud, we need to consider what additional risks does this bring to the individual, the organization, and the nation and how we can respond and recover should something happen to the Internet.

In the Federal government there are many agencies, commands, task forces, and groups working to secure the Internet, and at the same time, there are separate efforts to modernize and reform IT and reduce unnecessary expenditures, so what we need to do is better integrate the drive to the cloud with the urgency of securing our data, so that these efforts are strong and unified.
This is one of the things that I was trying to achieve when I created the CIO Support Services Framework in synthesizing the functions of IT Security with the other strategic CIO functions for Enterprise Architecture, IT Investment Management, Project Management, Customer Relationship Management, and Performance Management.

If the Internet can indeed be crashed, we had all better be prepared and make the right IT investment decisions now, so that we won't be sorry later.
(All opinions are my own)

(Source Photo: Heritage and History.com)

Share/Save/Bookmark

May 15, 2010

What’s Lurking In The Update?

In defense, it is a well-known principle that you determine your critical infrastructure, and then harden those defenses—to protect it.

This is also called risk-based management, because you determine your high impact assets and the probability that they will be “hit” and deem those the high risks ones that need to be most protected.

In buttressing the defenses of our critical infrastructure, we make sure to only let in trusted agents. That’s what firewalls, anti-virus, spyware, and intrusion prevention systems are all about.

In so-called “social engineering” scams, we have become familiar with phony e-mails that contain links to devastating computer viruses. And we are on the lookout for whether these e-mails are coming from trusted agents or people we don’t know and are just trying to scam us.

What happens though when like the Trojan Horse in Greek times, the malware comes in from one of the very trusted agents that you know and rely on, for example, like from a software vendor sending you updates for your regular operating system or antivirus software?

ComputerWorld, 10 May 2010, reports that a “faulty update, released on April 21, [by McAfee] had corporate IT administrators scrambling when the new signatures [from a faulty antivirus update] quarantined a critical Windows systems file, causing some computers running Windows XP Service Pack 3 to crash and reboot repeatedly.”

While this particular flawed security file wasn’t the result of an action by a cyber-criminal, terrorist or hostile nation state, but rather a “failure of their quality control process,” it begs the question what if it was malicious rather than accidental?

The ultimate Trojan Horse for our corporate and personal computer systems are the regular updates we get from the vendors to “patch” or upgrade or systems. The doors of our systems are flung open to these updates. And the strategic placement of a virus into these updates that have open rein to our core systems could cause unbelievable havoc.

Statistics show that the greatest vulnerability to systems is by the “insider threat”—a disgruntled employee, a disturbed worker, or perhaps someone unscrupulous that has somehow circumvented or deceived their way past the security clearance process (or not) on employees and contractors and now has access from the inside.

Any well-placed “insider” in any of our major software providers could potentially place that Trojan Horse in the very updates that we embrace to keep our organizations secure.

Amrit Williams, the CTO of BIGFIX Inc. stated with regards to the faulty McAfee update last month, “You’re not talking about some obscure file from a random third party; you’re talking about a critical Windows file. The fact that it wasn’t found is extremely troubling.”

I too find this scenario unnerving and believe that our trusted software vendors must increase their quality assurance and security controls to ensure that we are not laid bare like the ancient city of Troy.

Additionally, we assume that the profit motive of our software vendors themselves will keep them as organizations “honest” and collaborative, but what if the “payoff” from crippling our systems is somehow greater than our annual license fees to them (e.g., terrorism)?

For those familiar with the science fiction television series BattleStar Galactica, what if there is a “Baltar” out there ready and willing to bring down our defenses to some lurking computer virus—whether for some distorted ideological reason, a fanatical drive to revenge, or a belief in some magnanimous payoff.

“Trust but verify” seems the operative principle for us all when it comes to the safety and security of our people, country and way of life—and this applies even to our software vendors who send us the updates we rely on.

Ideally, we need to get to the point where we have the time and resources to test the updates that we get prior to deploying them throughout our organizations.


Share/Save/Bookmark

March 6, 2010

Overcoming the Obstacles to Cyber Security

There continues to be a significant shortfall in our cyber security capabilities, and this is something that needs our determined efforts to rectify.

Often I hear a refrain from IT specialists that we can’t wait with security until the end of a project, but rather we need to “bake it into it” from the beginning. And while this is good advice, it is not enough to address the second-class status that we hold for IT security versus other IT disciplines such as applications development or IT infrastructure provision. Cyber Security must be elevated to safeguard our national security interests.

Here are some recent statements from some our most respected leaders in our defense establishment demonstrating the dire strait of our IT security posture:

· “We’re the most vulnerable, we’re the most connected, we have the most to lose, so if we went to war today in a cyber war, we would lose.”- Retired Vice Admiral Mike Mullen (Federal Computer Week 24 February 2010)

· The United States is "under cyber-attack virtually all the time, every day” - Defense Secretary Robert Gates: (CBS, 21 April 2009)

· “The globally-interconnected digital information and communications infrastructure known as “cyberspace” underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century.” (White House CyberSpace Policy Review, 2009)

Further, the number of attacks is increasing; for example, SC Magazine 20 November 2009 reported that the number of cyber attacks against the Department of Defense was increasing year-over-year 2009 to 2008 by some 60%!

And the penetration of our critical systems spans our industrial, civilian, and defense establishment and even crosses international boundaries. Most recently reported, these included the following:

· F-35 Joint Strike Fighter $300B program at Lockheed Martin,

· The Space Shuttle designs at NASA

· The joint U.S. South Korean defense strategy

· The Predator feeds from Iraq and Afghanistan and more.

Thankfully, these events have not translated down en-masse and with great pain to the individuals in the public domain. However this is a double-edged sword, because on one had, as citizens we are not yet really “feeling the pain” from these cyber attacks. On the other hand, the issue is not taking center stage to prevent further and future damage.

This past week, I had the honor to hear Mr. James Gossler, a security expert from Sandia National Labs speak about the significant cyber security threats that we face at MeriTalk Innovation Nation 2010 on the Edge Computing panel that I was moderating.

For example, Mr. Gossler spoke about how our adversaries were circumventing our efforts to secure our critical cyber security infrastructure by being adept and agile at:

· Playing strength to weakness

· Developing surprising partners (in crime/terror)

· Changing the rules (“of the game”)

· Attacking against our defenses that are “naïve or challenged”

In short, Mr. Gossler stated that “the current state-of-the-art in information assurance [today] is significantly outmatched” by our adversaries.

And with all the capabilities that we have riding on and depending on the Internet now a days from financial services to health and transportation to defense, we do not want to be outgunned by cyber criminals, terrorists, or hostile nation states threatening and acting in ways to send us back to the proverbial “stone-age.”

Unfortunately, as a nation we are not moving quickly enough to address these concerns as retired Navy vice admiral Mike McConnell was quoted in Federal Computer Week: “We’re not going to do what we need to do; we’re going to have a catastrophic event [and] the government’s role is going to change dramatically and then we’re going to go to a new infrastructure.”

Why wait for a cyber Pearl Harbor to act? We stand forewarned by our experts, so let us act now as a nation to defend cyber space as a free and safe domain for us to live and thrive in.

There are a number of critical obstacles that we need to overcome:

1) Culture of CYA—we wait for disaster, because no one wants to come out first—it’s too difficult to justify.

2) Security is seen as an impediment, rather than a facilitator—security is often viewed by some as annoying and expensive with a undefined payback, and that it “gets in our way” of delivering for our customers, rather than as a necessity for our system to work

3) We’ve become immune from being in a state of perpetual bombardment—similar to after 9-11, we tire as human beings to living in a state of fear and maintaining a constant state of vigilance.

Moreover, to increase our cyber security capabilities, we need to elevate the role of cyber security by increasing our commitment to it, funding for it, staffing of it, training in it, tools to support it, and establishing aggressive, but achievable goals to advance our capabilities and conducting ongoing performance measurement on our initiatives to drive results.


Share/Save/Bookmark

December 19, 2009

How $26 Can Buy You A Billion-Dollar Surveillance System

If $26 software can give our enemies on the ground access to our drone feeds and cyber warfare can inflict indefinite havoc on our critical infrastructure, we need to rethink what technological superiority means and how we keep it.

No defense system is foolproof. That’s why we build redundancy into the system and layer our defenses with “defense in depth,” so that just because the enemy infiltrates one layer, doesn’t mean that our defenses are laid bare.

When in fact, we become aware that our systems have been compromised, it is only responsible for us to re-secure them, bolster them with additional defenses, or take those systems out of commission.

It was shocking to learn this week in multiple reports in the Wall Street Journal that our UAV drones and their surveillance systems that have been so critical in our fight against terror in Iraq and Afghanistan were compromised, and the feeds intercepted by $25.95 software sold over the Internet. These feeds were found on the laptops of the very militants we were fighting against. Reportedly, we knew about this vulnerability ever since the war in Bosnia.

It is incredible to imagine our massive multi-billion dollar defense investments and technological know-how being upended by some commercial-off-the-shelf software bought online for the price of a family dinner at McDonalds. But what makes it even worse is that we knew for nearly two decades that the enemy had compromised our systems, yet we did not fix the problem.

A number of reasons have been circulated about why the necessary encryption was not added to the drones, as follows:

- It would have resulted in an increase in cost to the development and deployment of the systems.

- There would be a detriment to our being able to quickly share surveillance information within the U.S. military and with allies.

- There was immediate battlefield need for the drones because of the immediate concern about roadside bombs and therefore there was apparently no time to address this issue.

Based on the above, one may possibly be able to understand why the Joint Chiefs “largely dismissed” the need to repair the drones’ security flaw. However, it also seems that they were overconfident. For any “Are You Smarter Than A Fifth Grader” contestant can tell you that if the enemy can see and hear what we see and hear, then they can take action to subvert our military and intelligence resources, and the critical element of surprise is gone—the mission is compromised.

Of course as civilians we are not privy to all the information that our leaders have. And one can say that if all you have are compromised drones, then those are what you must use. Nevertheless, officials interviewed by the Journal point to the hubris that influenced the decision in this situation – as the report states:

“The Pentagon assumed that local adversaries [in Iraq and Afghanistan] wouldn’t know how to exploit” the vulnerability. So, the result was that we kept building and deploying the same vulnerable systems, over a long period of time!

This is not the first time that we have both been overconfident in our technological superiority and underestimated competitors and opponents in foreign countries—with disastrous results. There are the human tragedies of Pearl Harbor and 9/11, to name just two. And then there are the economic challenges of global competition, such as in the automobile industry and overseas manufacturing in general.

And if some terrorist cells on the run can so clearly compromise our technical know-how, shouldn’t we be even more concerned about established nations who are well financed and determined to undermine our security? For example, just this week, a group calling itself the “Iranian Cyber Army” hacked and defaced Twitter and we were helpless to prevent it. Also noteworthy is that this same week, it was reported that our defense plans with respect to South Korea, including operational details, were hacked into and stolen by North Korea.

Unfortunately, however, we do not even seem to take threats from other nations as seriously as we should: As the Journal reported, “senior U.S. military officers working for the Joint Chiefs of Staff discussed the danger of Russia and China intercepting and doctoring video from the drone aircraft in 2004, but the Pentagon didn’t begin securing signals until this year.”

I am deeply respectful of our military and the men and women who put their lives on the line for our nation. It is because of that deep respect that I reach out with concern about our overconfidence that we are technologically superior, and about our dismissal and underestimation of the resolve of our enemies.



Share/Save/Bookmark

December 7, 2009

Let's Not Understate the Cyber Threat

Wow. I read with some surprise and consternation an article in Government Computer News, 4 December 2009. In this article, the author portrays the fears of a “digital Pearl Harbor” or overwhelming cyber attack on the United States as overblown—almost as if it’s of no real possibility or significant impact. In short, the article states:

“What good would it do an attacker to take down the vital U.S. networks? While the damage to this country could be great, the benefit to an attack would be nil if it could not be followed up. The real threat of cyber warfare is not in stand-alone attacks, but in attacks coordinated with military action.”

While, I agree that a coordinated attack is obviously more dangerous than a cyber attack alone, the threat and potential damage of a cyber attack could potentially be devastating—with or without military action.

Let’s think for a second about how the military traditionally projects force around the world through conventional warfare—taking control of the air, land, and sea. Control the sea-lanes and you have power over 90%+ of international commerce. Control the land and you have power over people’s daily lives—including their ability to satisfy even basic needs for food, clothing, and shelter, their personal safety, and even their ability to govern themselves. Control the air and you control freedom of movement on the ground, people’s basic comings and goings. Traditional military power can affect just about every facet of people’s lives including ultimately the taking of life itself i.e. paying “the ultimate price.”

Now think for a second, about what a massive cyber attack could potentially do to us. At this stage in history, we have to ask ourselves not what elements could be affected by cyber attack, but what elements of our lives would not be impacted? This is the case since virtually our entire civil and elements of the military infrastructure are dependent on the Internet and the computers that are connected to them. If you “pull the plug” or corrupt the interconnected systems, “watch out” seems apropos.

The same areas that are vulnerable to traditional military attack are threatened by cyber attack: Commerce, Energy, Transportation, Finance, Health, Agriculture, (Defense)…are all deeply interwoven and dependent on our interconnected computer systems—and this is the case more and more.

Think e-Commerce, online banking and finance, manufacturing production systems, transportation systems, food production and safety, the energy grid, electronic health records, C4ISR, and so on.

While thank G-d, we have been spared a really devastating attack to date (if you exclude the massive data compromised/stolen in recent cyber attacks), we would be derelict in responsibilities for ensuring safety and security if we thought that was it.

Further, while unpleasant as it may be, we should consider the impact in terms of potential for physical harm or loss of life in the event of a serious cyber attack?

While many brush aside this possibility, there is certainly the potential. Even putting aside the potential public panic/chaos and ensuing loss of life and property that could occur in a serious attack, how about just taking out a single, major facility—like a dam, power plant, reservoir, electrical hub, transportation system, and so on. This is an important focus of efforts to ensure critical infrastructure protection, a public-private sector partnership initiative.

Rep. Lamar Smith, R-Texas said "Until we secure our cyber infrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives.”

Sure, a severe and consequential attack would require ample skills, knowhow, resources, and sophistication—it is no small feat—but with the hosts of cyber criminals, terrorists, and hostile nation states out there increasingly trying to hack our systems, there is valid cause for concern.

This recognition of what’s possible does not mean it is probable or imminent. However, the awareness and understanding of our increasing dependence on the Internet and related systems and the acknowledgement that there are those out there—as in 9-11—who seek to do our country harm, should not blind us with fear, but rather spark us to constructively deal with the challenge and take proactive actions to secure the ever expanding realm of cyberspace.

The Executive Summary in the CyberSpace Policy Review that was conducted by the White House in 2009 sums it up, this way:

“The globally-interconnected digital information and communications infrastructure known as “cyberspace” underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century.”

We should not and cannot understate the possible threats against our nation, but rather we need to act responsibility and rationality, with resolve to protect our nation, before and not only after. As the CyberSpace Policy Review states:

“The Nation’s approach to cybersecurity over the past 15 years has failed to keep pace with the threat. We need to demonstrate abroad and at home that the United States takes cybersecurity-related issues, policies, and activities seriously.”

Fortunately, our nation has recognized the potential threat and is acting, as Security Focus reported on June 24, 2009: “The U.S. Secretary of Defense ordered the military to create a unified command to act as the nation's central hub for cyber capabilities and commanded the Pentagon to develop a policy framework for cyberspace operations.”

On a personal note, I am grateful for the many good, hardworking people in our military, civilian and private sector that are working to secure cyberspace for us, and believe we need to do this with vigor and resolve. It’s necessary in order to safeguard our future that is ever reliant on technology.


Share/Save/Bookmark

June 27, 2009

Now We All Have Skin In The Game

It used to be that cybersecurity was something we talked about, but took for granted. Now, we’re seeing so many articles and warnings these days about cybersecurity. I think this is more than just hype. We are at a precipice, where cyberspace is essential to each and every one of us.

Here are some recent examples of major reviews in this area:

  • The White House released its 60-days Cyberspace Policy Review on May 29, conducted under the auspices of Melissa Hathaway, the Cybersecurity Chief at the National Security Council; and the reports states: “Cybersecurity risks pose some of the most serious economic and national security challenges of the 21st century…the nation’s approach to cybersecurity over the past 15 years has failed to keep pace with the threat."
  • The Center for Strategic and International Studies’ Commission on Cybersecurity for the 44th President wrote in a December 2008 report: “America’s failure to protect cyberspace is one of the most urgent national security problems facing the new administration…It is a battle we are losing.”

Cyberspace is becoming a more dangerous place as the attacks against it are growing. Federal Computer Week, June 2009, summarized the threat this way:

“Nation states are stealing terabytes of sensitive military data, including some of the most advanced technology. Cybercrime groups are taking hundreds of millions of dollars from bank accounts and using some of that money to buy weapons that target U.S. soldiers. The attacks are gaining in sophistication and the U.S. defenses are not keeping up.

Reviewing the possibilities as to why this is happening: Have we dropped our guard or diverted resources or knowhow away from cybersecurity in a tight budgetary environment and now have to course correct? Or, have our adversaries become more threatening and more dangerous to us?

I believe that the answer is neither. While our enemies continue to gain in sophistication, they have always been tenacious against us and our determination has never wavered to overcome those who would threaten our freedoms and nation. So what has happened?

In my view the shift has to do with our realization that technology and cyberspace have become more and more vital to us and underpins everything we do--so that we would be devastated by any serious disruption. As the Cyberspace Policy Review states definitively: “The globally-interconnected digital information and communications infrastructure known as “cyberspace” underpins almost every facet of modern society and provides critical support for the U.S economy, civil infrastructure, public safety, and national security.”

We rely on cyberspace in every facet of our lives, and quite honestly, most would be lost without the connectivity, communications, commerce, productivity, and pleasure we derive from it each and every day.

The result is that we now have some serious “skin in the game”. We have something to lose--things that we deeply care about. Thus, we fear for our safety and survival should something bad happen. We think consciously or subconsciously how would we survive without the technology, Internet, and global communications that we have come to depend upon.

Let’s think for a second:

What if cyberspace was taken down or otherwise manipulated or controlled by hostile nation states, terrorists, or criminals?

Would there be a breakdown in our ability to communicate, share information, and learn? Would there be interruptions to daily life activities, disruptions to commerce, finance, medicine and so forth, concerns about physical safety or “accidents”, risks to critical infrastructure, and jeopardy to our ability to effectively protect ourselves and country?

The point here is not to scare, but to awaken to the new realities of cyberspace and technology dependence.

Safeguarding cyberspace isn’t a virtual reality game. Cyberspace has physical reality and implications for all of us if we don’t protect it. Cyberspace if a critical national asset, and we had better start treating it as such if we don’t want our fear to materialize.


Share/Save/Bookmark

May 2, 2008

Cyber Warfare and Enterprise Architecture

Security is a cross-cutting perspective in Enterprise Architecture, but I treat it as its own EA perspective because of its importance. And this is especially true in a law enforcement and defense readiness organization.

While security in EA is generally of a defensive nature, we must remember that as a nation, we must be ready to not only defend ourselves, but also to launch offensive operations and take out the enemy.

According to Military Information Technology Magazine, 9 April 2008, in an interview with Major General William T. Lord, the Department of Defense is standing up a new Cyberspace Command in the U.S. Air Force.

Why do we need this new Cyberspace Command?

There are many threats to us that emanate from cyberspace that include:

  • Cyber-criminals—looking to steal your identity or your money
  • Cyber-terrorists—“wants to disrupt, dissuade, or deter us from doing something
  • Nation States—“some of which are out to interrupt U.S. interests anywhere in the world.”

Cyberspace is a dangerous place, especially if you’re DoD; they “get about 3 million attempted penetrations” a day!

This is why defense in depth is so important, so that if an enemy manages to get through the perimeter of our network security, we can still stop them at the second or third tiers of our defensive capabilities.

In terms of offensive capabilities, sometimes you have to take the battle to the enemy. At times, it is necessary to “disrupt an enemy prior to the conduct of kinetic combat operations, [so] that the enemy could not figure out what its command and control system was, had false data, could not see an attacking force, and was making decisions based on information systems that been manipulated in advance of combat operations.”

To architect the defensive and offensive cyberspace capabilities necessary to combat our enemies, it is imperative to continuously build information sharing and partnership between the parties involved, such as the Departments of Defense, Homeland Security, Justice and the Director of National Intelligence. This is a core tenet of user-centric EA.

Just as we invest in the latest and greatest kinetic weapons to defeat our enemies, we must also invest in non-kinetic weapons including “our electronic warfare, space systems, and cyber-systems. As Major General Lord, stated: “it’s not always about destroying things, but about changing behavior, so that an enemy concludes that the costs of whatever they had in mind is too great and will stop. [Then again,] sometimes you have to be able to whack somebody in the nose.”


Share/Save/Bookmark

January 26, 2008

Doomsday and Enterprise Architecture

Enterprise architecture is about planning and transitioning from the baseline to the target state.

However, as architects, there are times when we need to plan for the worst and hope for the best, as the saying goes.

As the price of oil has reached and exceeded $100 a barrel and significant new findings of oil are becoming a rarity, some people are starting to get nervous and are planning for a day when oil will be scarce, pricey, and society as we have come to know will cease to exist. Yikes, doomsday!

Are these people simply uninformed, pessimists, or non-believers that technological progress will outpace the demands we are placing on this planet’s resources?

The Wall Street Journal, 26 January 2008, reports about everyday people, like the Aaron Wissner in Middleville, Michigan, a school computer teacher with a wife and infant son, who became “peak-oil aware.” This term refers to his “embracing the theory that world’s oil production is about to peak.

These people fear the worst; “Oil supplies are dwindling just as world demand soars. The result: oil prices ‘will skyrocket, oil dependent economies will crumble, and resource wars will explode.’” Mr. Wissner’s forebodings include, “banks faltering” and “food running out.”

And they believe that we cannot stop this from happening. “no techno-fix was going to save us. Electric cars, biodiesel, nuclear power, wind and solar—none of it will cushion the blow.”

So Mr. Wissner and his family are preparing and transitioning themselves for the worst, they “tripled the size of his garden…stacked bags of rice in his new pantry, stashed gold…and doubled the size of his propane tank.”

According to the article there are thousands of people that adhere to the peak-oil theory.

Of course, there are many doomsday scenarios out there that end in war, famine, disease, and so on. During the cold war, people built bomb shelters in their back yards, and school children had drills hiding under their desks. These days, many fear that globalization will drive this country to economic ruin. Al Gore and other environmentalists espouse the global warming theory. And since 9/11, fears are heightened about terrorists hitting us with nuclear, biological, chemical, or radiological agents. Even Hollywood has entered the fray with movies such as Armageddon about meteors hitting the Earth or The Day After Tomorrow with the greenhouse effect sending us back to the ice-age.

Whether you adhere with any of these various doomsday scenarios or visions of the future (their believed target architecture, not necessarily their desired one) and how they are preparing (transitioning) to it or you think they are just a bunch of nut-balls, it seems important as an enterprise architect to recognize that targets are not always rosy pictures of growth and prosperity for an organization, and the transition plans are not always a welcome and forward movement. Sometimes as architects, we must plan for the worst--hoping, of course that it never comes--but never-the-less preparing, the best we can. As architects, we don’t have to put all the enterprise’s eggs in one basket. We can weigh the odds and invest accordingly in different scenarios. Our organization’s resources are limited, so we must allocate resources carefully and with forethought. Of course, no architecture can save us from every catastrophe.


Share/Save/Bookmark

January 13, 2008

Fire Sale Attack and Enterprise Architecture

Fire Sale─“Matt Farrell (Justin Long), a character in the movie Live Free or Die Hard, used this term to describe the plot by Thomas Gabriel (Timothy Olyphant) to systematically shut down the United States computer infrastructure. The plan crashes the stock market, communications and utilities infrastructure, crippling America's economy and causing nation-wide chaos. The term was coined because of the phrase "everything must go" meaning all of the world's technology based off of a computer system, virtually everything.” (Wikipedia)
The New York Times, 4 June 2007, in an article titled, “When Computers Attacks,” states how governments are preparing for the worst in terms of cyber attacks.
Anyone who follows technology or military affairs has heard the predictions for more than a decade. Cyberwar is coming. Although the long-announced, long-awaited computer-based conflict has yet to occur, the forecast grows more ominous with every telling: an onslaught is brought by a warring nation, backed by its brains and computing resources; banks and other businesses in the enemy states are destroyed; governments grind to a halt; telephones disconnect.”
What systems are at risk?
All computers are at risk that connect “to the Internet through the industrial remote-control technologies known as Scada systems, for Supervisory Control and Data Acquisition. The technology allows remote monitoring and control of operations like manufacturing production lines and civil works projects like dams. So security experts envision terrorists at a keyboard remotely shutting down factory floors or opening a dam’s floodgates to devastate cities downstream.
But how bad would a cyberwar really be — especially when compared with the blood-and-guts genuine article? And is there really a chance it would happen at all? Whatever the answer, governments are readying themselves for the Big One.
For example, “China, security experts believe, has long probed United States networks.Congress, China’s military has invested heavily in electronic countermeasures and defenses against attack, and concepts like “computer network attack, computer network defense and computer network exploitation.” According to a 2007 Defense Department annual report to
What are we doing?
The United States is arming up, as well. Robert Elder, commander of the Air Force Cyberspace Command, told reporters in Washington at a recent breakfast that his newly formed command, which defends military data, communications and control networks, is learning how to disable an opponent’s computer networks and crash its databases.
How serious is the threat of cyber attack?
An all-out cyberconflict could ‘could have huge impacts,’ said Danny McPherson, an expert with Arbor Networks. Hacking into industrial control systems, he said, could be ‘a very real threat.’”
Is our nation’s architecture prepared to secure our enterprises and this country from a fire sale-type or other cyber terrorism attacks? Here are some actions that have been taken based on a CRS Report for Congress on “Computer Attacks and Cyber Terrorism” (17 October 2003)
  • In 2002, The Federal Information Management Security Act (FISMA) was enacted giving the office of OMB responsibility for coordinating information security and standards developed by civilian federal agencies.
  • In 2003, The National Strategy to Secure Cyberspace was published by the administration to encourage the private sector to improve computer security for critical infrastructure.
  • DHS has established the National Cyber Security Division (NSCD) to oversee the Cyber Security National Tracking and Response Center to conduct analysis of threats and vulnerabilities, issue alerts and warnings, improve information sharing, and respond to major cyber security incidents.
  • The Cyber Warning and Information Network (CWIN) is an early warning system for cyber attacks.
  • In 2003, there was established a new Terrorist Threat Integration Center (TTIC) to monitor and analyze threat information (composed of CIA, FBI, DOD, DHS, and Department of State officials)
Additionally, “The United States Computer Emergency Readiness Team (US-CERT) is a partnership between the Department of Homeland Security and the public and private sectors. Established in 2003 to protect the nation's Internet infrastructure, US-CERThttp://www.us-cert.gov/) coordinates defense against and responses to cyber attacks across the nation.
According to the CRS Report For Congress, in July 2002, The U.S. Naval War College hosted a three day seminar style war game called ‘Digital Pearl Harbor;” 79% of participants believed that a strategic cyber attack was likely within 2 years.
While the dreaded cyber attack did not occur as feared by the war game participants, the scenario of a devastating cyber attack remain a real possibility that we must be prepared to confront and defeat.
As in the movie Live Free or Die Hard, a major cyber attack on this country could quickly bring us to our knees, if successful. We have become a nation born and bred on computers and automation. I challenge you to think of many things that you do that does not in some way involve these. We have formed a day-to-day dependency on all things computers, as individuals and as a nation.
In our enterprise architecture, we must continue to focus on comprehensive security frameworks for our organizations that address technical, managerial, and operational security areas. While the Federal Enterprise Architecture treats Security as a cross-cutting area, I believe that Security should be its own perspective (even though it crosses all domains), so that it can be given focus as an area that each and every agency and organization addresses. We must do more than create alerts, warning, and reporting capabilities. We need both “computer vaccines” that can quickly cure and rid us from the encroachment of a cyber attack, as well as hunter-killer offensive capabilities that can paralyze any warring nation or terrorist organization that would dare to attack us.
I remember hearing a saying that once something is created, it is bound to eventually be used. So it was with the atomic bomb. So it will be with cyber warfare, and we must be prepared to defend this nation.

Share/Save/Bookmark