89TH ANNUAL WEST TEXAS
COUNTY JUDGES AND COMMISSIONERS ASSOCIATION
CONFERENCE
Thursday, April 26, 2018
9:50 – 10:40 a.m.
“4.018 Terrorism
Prevention: Cyber
Security”
Dr. Danny W. Davis Senior Lecturer
Texas A&M University
4/11/2018
Cyber Threats: Implications for the Present and the Future
89th Annual West Texas County Judges and Commissioners Association Annual Conference
Dr. Danny W. Davis Bush School Texas A&M university April 26, 2018 Frisco, Texas
http://www.businessdayonline.com/wp-content/uploads/2017/06/internet.jpg
Agenda 1. Purpose 2. Vignette 3. Definitions 4. National Policy 5. Agencies 6. Trends 7. Events 8. Challenges 9. Programs of Interest 10.International 11.Implications for Texas Counties 12.Summary
In 1845, how long did it take for the mail to get from the east coast to California? Six months by sea; either by sailing to isthmus of Panama or around the Tierra del Fuego. What/when was the next improvement?
By 1860, the Butterfield Stage Line was making the trip from St. Louis through El Paso to California in 25 days.
1 4/11/2018
Purpose
A general overview of how cyber threats jeopardize public and private affairs…
…and discuss possible recommendations on how to mitigate negative consequences.
Vignette
https://www.youtube.com/watch?v=9SeJJh-a-tg
Vignette Questions & Answers
Q: Is the Federal government prepared to defend its cyber borders? A: Perhaps.
Q: Are State governments prepared to defends their cyber borders? A: Maybe in some areas (e.g. infrastructure), maybe not in other (e.g. voting systems).
Q: Are Local governments prepared to defend their cyber borders? A: Maybe.
Q: Can all echelons respond and recover from cyber threats? A: Maybe, but not if it manifests physical destruction (e.g. Stuxnet), or strategically cripples private companies with the intent to destroy economies.
Q: Is a cyber attack grounds for war? A: Great question!
Q: What does this mean for the public administrator? A: Learn and prepare! https://www.youtube.com/watch?v=9SeJJh-a-tg
2 4/11/2018
What is cyberspace? “A global domain within the information environment consisting of the interdependent network of IT infrastructures, including the Internet, telecomm networks, computer systems, and embedded processors and controllers.” (DoD, Joint Publication 3-12)
Is there another element of this “space”?
Human Beings
http://wp.production.patheos.com/blogs/ asenseofplace/files/2013/09/cyberspace.png
Cyberinfrasturcure “Cyberinfrastructure consists of computing systems, data storage systems, advanced instruments and data repositories, visualization environments, and people, all linked together by software and high performance networks to improve research productivity and enable breakthroughs not otherwise possible”. Indiana University http://grids.ucs.indiana.edu/ptliupages/ publications/paper_what_is_cyberinfrastructure _penultimate_really.pdf
Cyber Definitions ➢Cyber infrastructure ➢Cyber war
infrastructure
3 4/11/2018
Campfires as deception
Blowup M4 Sherman tank The Trojan Hoss
Confederate on guard at a “Quaker gun” battery, 1861
The Domains of Warfare
Human
http://geographicalimaginations.com/tag/cyberspace/
What is Cyberwar? “Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or denial-of-service attacks”. (RAND)
“War is the continuation of politics by other means.” -Carl Von Clausewitz
http://lubyanka.org/news/2011/01
http://www.rand.org/topics/cyber-warfare.html
4 4/11/2018
Points for Discussion • Cyberattacks are only possible due to vulnerabilities in systems • Targets must be accessible and have vulnerabilities – And those must be exploited. • Cyberwar can then result as these vulnerabilities are exploited • Cyberattack effects are temporary – First priority is to decide if further attacks are coming – Second‐ make it look like effects were minimal – Third‐recover, re-establish capability
Coding PSAA 608 • Any written language uses symbols (A,1,#), but computers send signals in 1s and 0s (bits). • Each written character needs a bit code in order to be used by a computer. A set of these codes for a language is called a coding scheme. • A byte is one character (usually 7‐8 bits) • Main character codes in North America: – ASCII: American Standard Code for Information Interchange, originally used a 7‐bit code (128 combinations), now 8‐bit version is used (256). – EBCDIC: Extended Binary Coded Decimal Interchange Code, an 8‐bit code developed by IBM.
8-bit ASCII – binary conversion PSAA 608 • 01000001 A • 01000010 B • 01000011 C • 01000100 D • 01000101 E
• http://www.tpub.com/neets/book22/94a.htm
5 4/11/2018
Coding Video
https://video.search.yahoo.com/video/play;_ylt=A2KLqIPuP6BWbQMA8XIsnIlQ;_ylu=X3oDMTBy N2RnbHFoBHNlYwNzcgRzbGsDdmlkBHZ0aWQDBGdwb3MDMw-- ?p=computer+coding&vid=0e05949e8658dc951ce919fbd3584040&turl=http%3A%2F%2Ftse4.m m.bing.net%2Fth%3Fid%3DOVP.V6633021a8061b90776e99be306434822%26pid%3D15.1%26h %3D168%26w%3D300%26c%3D7%26rs%3D1&rurl=https%3A%2F%2Fwww.youtube.com%2Fw atch%3Fv%3DWOhAA0kDtuw&tit=Computer+coding+concepts+explained&c=2&h=168&w=300&l =102&sigr=11bgn8air&sigt=112u21f8t&sigi=13152qc74&age=1441044111&fr2=p%3As%2Cv%3Av &fr=yhs-mozilla-003&hsimp=yhs-003&hspart=mozilla&tt=b
National Policies There are dozens of laws, directives, and strategies related to cyber defense in place.
Important ones are; ➢ Quadrennial Defense Review 2014 Establishes a new formalized role for DoD with respect to the cyber domain ➢ The Cybersecurity Act of 2015 ○ Requires federal agencies to work with private entities in order to transform their relationships into partnerships ➢ DHS Strategic Plan 2012-2016 ○ Protection of US cyber domain is one of the top 5 DHS priorities
National Security Strategy December 2017 o IMPROVE ATTRIBUTION, ACCOUNTABILITY, AND RESPONSE o ENHANCE CYBER TOOLS AND EXPERTISE: o IMPROVE INTEGRATION AND AGILITY
Federal laws and policies affecting cybersecurity include: BECAME LAW - Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, May 11th, 2017 - Policy. The executive branch operates its information technology (IT) on behalf of the American people. Its IT and data should be secured responsibly using all United States Government capabilities. The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises. In addition, because risk management decisions made by agency heads can affect the risk to the executive branch as a whole, and to national security, it is also the policy of the United States to manage cybersecurity risk as an executive branch enterprise.
- H.R.1616 — 115th Congress (2017-2018) Strengthening State and Local Cyber Crime Fighting Act of 2017 - This bill amends the Homeland Security Act of 2002 to authorize a National Computer Forensics Institute within the U.S. Secret Service for FY2017-FY2022. The institute shall: (1) disseminate information related to the investigation and prevention of cyber and electronic crime and related threats; and (2) educate, train, and equip state, local, tribal, and territorial law enforcement officers, prosecutors, and judges.
- H.R.3364 — 115th Congress (2017-2018) Countering America's Adversaries Through Sanctions Act - The bill provides sanctions for activities concerning: (1) cyber security, (2) crude oil projects, (3) financial institutions, (4) corruption, (5) human rights abuses, (6) evasion of sanctions, (7) transactions with Russian defense or intelligence sectors, (8) export pipelines, (9) privatization of state-owned assets by government officials, and (10) arms transfers to Syria.
- H.R.244 — 115th Congress (2017-2018) Consolidated Appropriations Act, 2017 - Provides appropriations to the Department of the Treasury for Departmental Offices, including: the Cybersecurity Enhancement Account.
6 4/11/2018
Federal Agencies
cybersecurity
cyberwar
Message Transmission Using Layers PSAA 608
The OSI model is used as an understanding of how computer networks operate and communicate. Using this ISO standard, organizations can understand where vulnerabilities may exist within their infrastructure and apply controls appropriately.
Internet of Things (IoT) – IBM
https://www.youtube.com/watch?v=QSIPNhOiMoE
7 4/11/2018
Smart Things By 2020, experts forecast that up to 28 billion devices will be connected to the Internet with only one third of them being computers, smartphones and tablets.
The remaining two thirds will be other “devices” – sensors, terminals, household appliances, thermostats, televisions, automobiles, production machinery, urban infrastructure and many other “things”, which traditionally have not been Internet enabled.
https://datafloq.com/read/internet-of-things-more-than-smart-things/1060
The National Science Foundation (NSF) is paying for the Taj network that has expanded to the Global Ring Network for Advanced Application Development (GLORIAD), wrapping another ring of light around the northern hemisphere for science and education. Taj now connects India, Singapore, Vietnam and Egypt to the GLORIAD global infrastructure and dramatically improves existing U.S. network links with China and the Nordic region.
The Web
https://www.quora.com/Is-it-safe-to-browse-the-dark-web The Onion Router (ToR) • Gateway to Deep and Dark Web • Prevents people from learning your location or browsing habits. • For web browsers & instant messaging clients. • Free and open source for Windows, Mac, Linux/Unix, and Android
https://www.torproject.org/about/overview.html.en
8 4/11/2018
A Type of Attack
• Watering Hole –
In such an attack, the target is a particular group (company, industry, even a region). The attacker determines the websites most often used by a group of users and infects one or more of them with malware.
Types of Security Events
• Exploit- an attempt to take advantage of a vulnerability to gain access to a system or get it to accept rogue instructions
• Thousands of exploits exist
• A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack.
• To identify, system administrators must look in log files
Types of Security Events • Internal threats – Some consider this to be the most serious – Need inside help to attack closed systems – Two ways to get in closed systems: • Recruit insiders • Manipulate the supply chain to get access to components and manipulate them – 1980s –CIA altered program that controlled system controllers installed to run natural gas network system of Soviets. Programmed malfunction led to huge pipeline explosions – We now worry about other nations since they supply so many electronic components
9 4/11/2018
Hacks, Attacks, or Security Events can have these effects: • Most common goal of hacking is to steal data - referred to as CNE (computer network exploitation)
-Unauthorized access can lead to: 1) Disruption Loss of capacity, causes errors, etc. 2) Corruption; data and algorithms changed
Adversaries
• Criminals
• Hackivistists
• Terrorists
• Insiders
• Nation States
PSAA 608 Cyberterrorism, FBI’s definition:
• “premeditated, politically motivated attack against computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine [hidden, illegal] agents.”
• Four requirements to meet definition (according to Dimov): - use of electronic equipment; - target critical infrastructure; - attack is on electronic equipment; - initiator of the attack must be labeled a terrorist.
30
10 4/11/2018
Centralized and Decentralized – At the Same Time!
Marketing Jihad “It’s not about ideals – 90% of them never subscribe to the ideals – it’s other factors that are a draw. This is the new rock and roll; jihad is sexy.” Abu Muntasir, the “godfather” of the British jihadi movement.
11 4/11/2018
Jihadi Celebrities
ISIS’ social media use glorifies jihad and martyrdom, allowing nobodies to become instant heroes.
Wanted Cyber Criminals
Evgeniy Mikhailovich Nicolae Popescu Alexsey Belan Peteris Sahurovs Bogachev $1,000,000 $100,000 $50,000 $3,000,000
Shaileshkumar P. Jain $20,000
https://www.fbi.gov/wanted/cyber
Anonymous – who are they?
• Anonymous claim that everyone with a voice is anonymous, it is not a group or movement, anonymous is an idea, an idea of exposing corruption within the system.
• An international network of highly skilled hackers that operate on ideas rather than directives, and utilize cyber terrorism as a means to accomplish their political ideology.
• The organization has a completely decentralized command structure.
12 4/11/2018
Anonymous – Ideology and Targets
• Freedom, Justice, against all “oppression”, revolution against corruption.
• Means: Information: End: freedom from corruption and oppression.
• Pro-life tactics; attack without killing, contrasts with modern terrorism.
• Information wants us to be free – the internet is the means to expose corruption and restrict organizations of oppression.
• Targets have included, but are not limited to; government agencies such as FBI and CIA, copyright protection agencies, child pornography websites, Ferguson Police Department, HBGary Federal, Westboro Baptist Church, MasterCard, PayPal, the Vatican, and many others.
Anonymous – Ferguson, MO
• During the aftermath of the Michael Brown shooting in Ferguson, MO, Anonymous released a video warning to the Ferguson Police Department and the KKK.
• The video was published after the group launched a denial of service attacks to take down a site associated with the KKK and seized two Twitter accounts
• The actions were in response to deadly threats the white supremacist group made to demonstrators in Ferguson.
• The video contained the following message; “To the KKK and police, be peaceful or you will face the consequences. To the protesters, do not be afraid. We are here for you and will protect and serve you. We are the law now.”
Lizard Squad
• Only two suspected members have been Identified – Julius Kivimäki, a 16 year-old Finish teenager and Vinnie Omari, a 22 year-old from the United Kingdom.
• Lizard Squad took down the PlayStation and Xbox networks, using a denial of service attack, by breaching Sony and Microsoft networks, then argued online that the companies should do more to protect their systems.
• The attacks occurred on Christmas day 2014, peak time for gamers trying out their new games.
• The attacks eventually paused after Omari and his friends received 'Mega-privacy vouchers' from multimillionaire investor and Mega founder Kim Dotcom. The vouchers could quickly be sold on an underground black market. The estimated value of the vouchers was $300,000
13 4/11/2018
Lizard Squad
• Prior to the Christmas day attacks, the group claimed responsibility for attacks on Blizzard and Playstation Network earlier in 2014, as well as grounding Sony Online Entertainment President John Smedley’s flight after issuing a bomb threat.
• Lizard Squad also took responsibility for taking down North Korea’s Internet, and targeting the Vatican. The group had been teasing plans to target PSN and Xbox Live for months
Chaos Computer Club (CCC)
• The CCC is a part club, part interest group, based in Germany.
• Considered the EU's largest hacker association.
• The 34 year-old group charges dues, holds annual conferences and boasts members who are highly placed in German technology companies.
• Most recently, the CCC received attention for claims that it can breach the new iPhone’s fingerprint security system by taking a photo of a person’s hand.
• Unlike most hacking groups, the CCC has a dedicated website, with information concerning the majority of their activities – http://www.ccc.de/en/
Deep Panda
• The security firm CrowdStrike gave the name 'Deep Panda' to one of the hacking groups supposedly affiliated with the Chinese government.
• The secretive nature of the organization makes attack attribution difficult, however the group has been tied to cyberattacks on U.S policy think tanks and experts on the Middle East and Australian media outlets.
• Deep Panda were reportedly responsible for the Anthem data breach, which exposed the personal information of more than 80 million insurance policyholders. The cyberattack put Anthem customers at risk for identity theft throughout their lives, and exposed many to subsequent phishing attacks from fraudsters around the world.
14 4/11/2018
Syrian Electronic Army (SEA):
• The Syrian Electronic Army claim to be a group of Syrian youths who could not stay passive towards the massive distortion of facts about the current events in Syria.
• The SEA is divided into three areas; Social Media, Hacking Attacks and leaking files of Syrian enemies.
• Although the SEA claim they have enough power and experience to operate independently, it is common belief that the Syrian government provides the group with funding and equipment.
• The vision of the group is to provide useful experiences, so future generations who refuse to kneel to the West can form approaches to protect themselves.
Cyber Attack
Where did the term “robot” originate? R.U.R. (Rossum's Universal Robots) was taken from the Czech word for slave labor, first used by a playwright Where did this robot work? Karl Capek in 1921. Rosie kept house for the Jetsons (1960s TV).
Isaac Asimov first used the word in 1942 in his short story "Runabout.“ He proposed the Three Laws of Robotics. They are? Law One A robot may not injure a human being or, through inaction, allow a human being to come to harm. Law Two A robot must obey the orders given it by human beings except where such orders would conflict with the First Law. Law Three A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.
15 4/11/2018
Trends • The FBI’s Internet Crime Complaint Center’s (IC3) analysts review individual complaint data, identifying and grouping complaints with similar information.
• These complaints are collated and referred to state, local, federal, tribal and international law enforcement for potential investigation.
https://www.fbi.gov/news/stories/ic3-releases-2016-internet-crime-report
Trends • Artificial Intelligence Smart Weapons
• Cyber Security Zero-Day Exploits
• Social Media Phishing and Identity Theft
• Crypto Currency Anonymous payments
• Dark Fiber Intranet for Infrastructure Insider threats
• Cloud Services Not physically secured
Sources: Federal Chief Information Officer Council, Microsoft, Future Today Institute, Deloitte
2017 Hacks and Attacks
Beware of new malware targeting Microsoft Windows vulnerability; 18 May 2017
https://www.staysmartonline.gov.au/alert-service/beware-new-malware-targeting-microsoft- windows-vulnerability Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain
by James Rothwell James Titcomb Cara McGoogan, 27 June 2017http://www.telegraph.co.uk/news/2017/06/27/ukraine-hit- massive-cyber-attack1/
Massive cyberattack targeting 99 countries causes sweeping havoc, by Selena Larson@ selenalarson May 13, 2017 WannaCry hackers still trying to revive attack says accidental hero,
https//www.theguardian.com/technology/ 2017/may/22/wannacry-hackers-ransomware- attack-kill-switch-windows-xp-7-nhs-accidental-hero-marcus-hutchins Cyberattack Hits Ukraine Then Spreads Internationally By NICOLE PERLROTH, MARK SCOTT and SHEERA FRENKELJUNE 27, 2017
Equifax data breach: What you need to know by Kaya Yurieff @kyurieff September 10, 2017:
16 4/11/2018
Hacks and Attacks continued • Summer 2017 – World Hack using WannaCry by North Korea • Summer 2015- 22.1 million people have their Office of Personnel Management records compromised. The attack is thought to come from China. • March 2015- Primera Blue Cross says up to 11 million customers could have been affected by a breach that began May 2014 and was discovered January 2015. • February 2015- Anthem Insurance reported that over 80 million records of current and former customers were accessed through a breach. • November 2014- A November, 2014 malware attack shut down corporate email at Sony Pictures for a week. It has been suggested that the attack have been from North Korean affiliated hackers, given North Korean anger over a then-upcoming Sony film.
Stuxnet: Iran 2009-2010
Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon Copyright © 2014 by Kim Zetter. Published by Crown Publishers, an imprint of Random House LLC.
Issues Challenging US Cybersecurity 1. Uncertainty of geographic location of perpetrators. 2. Evolving integration of mobile technology devices. 3. Introduction of new vulnerabilities. 4. Poorly coordinated federal-private sector coordination. 5. Legal ambiguities with respect to US response and offensive actions.
17 4/11/2018
Helpful Programs and Useful Tools
52
Programs of Interest
• GenCyber - NSA and NSF Summer Program for Students and Teachers
https://www.gen-cyber.com/
• Congressional Cybersecurity Caucus News Round-up; Clips from around the globe, web and Hill…
Leiserson, Nick
• FBI Infragard (Austin and Houston Chapters)
https://www.infragard.org/
• FBI Internet Crime Complaint Center (IC3) https://www.ic3.gov/default.aspx
• IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development
http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2007-12/ISPAB_Dec7-BOldfield.pdf
53
Programs of Interest
• Texas Cybersecurity, Education and Economic Development Council http://dir.texas.gov/View-About-DIR/Pages/Content.aspx?id=23
• Texas Director of Information Resources http://dir.texas.gov/View-About-DIR/Information-Security/Landing.aspx
• Texas A&M Cybersecurity Center, Email: [email protected] 979.845.7398; https://cybersecurity.tamu.edu/about-us/
54
18 4/11/2018
Programs of Interest
• DHS Cybersecurity site https://www.dhs.gov/topic/cybersecurity
• DHS ICS-CERT https://ics-cert.us-cert.gov/
55
Gen Cyber First Principles 6/14/16
https://quizlet.com/143361556/gen-cyber-first-principles-61416-flash-cards/ • Minimization the goal is to simplify and decrease the number of ways the software can be exploited. • Conceptually Simple if something is less complicated, it's less likely to have problems and easier to troubleshoot and fix. • Abstraction a fancy word for summarizing or explaining in a way that can be easily understood. • Data Hiding any attempt to prevent people from being able to see information. • Least Privilege limits what access people have to your resources and what they can do with them. 56
Gen Cyber First Principles 6/14/16
https://quizlet.com/143361556/gen-cyber-first-principles-61416-flash-cards/ • Modularity able to be inserted or removed from a project, each module has its own function, interchangeable with other modules. • Layering multiple layers of defense protect information. If one layer is defeated, the next one should catch it. • Resource Encapsulation resources-hardware, systems objects, or processes-must be separated and used as intended. • Process Isolation a process occurs when a task is executed. Keeping processes separate prevents the failure of one process from negatively impacting another. • Domain Separation separating areas where resources are located prevents accidents and loss of data, keeping information worlds from colliding. 57
19 4/11/2018
Seven Components to Cybersecurity
https://www.pinterest.com/sullivanmcgee/lost-in-space/
- Firewall
- Anti-Malware - First Response Team - Security Policy - Layered Security Measures
- Cybersecurity Training
- Administrative Account Security
http://politicsprose.tumblr.com/post/97584738880/read-banned-books- 58 the-lone-ranger-and-tonto
Implications What Types of Technologies are We Loosing?
Bottom Line • Learn about the threat • Prevent, Protect, Mitigate, Respond, and Recover from the threat
Summary 1. Purpose 2. Vignette 3. Definitions 4. National Policy 5. Agencies 6. Trends 7. Events 8. Challenges 9. Programs of Interest 10.International 11.Implications for Texas Counties 12.Summary
20 4/11/2018
Cyber Threats: Implications for the Present and the Future COMMENTS & QUESTIONS
Danny W. Davis, Ph.D. Professor of the Practice The Bush School of Government and Public Service Texas A&M University 830 556-4069 [email protected]
21