Cyber Warfare: Surviving an Attack

Total Page:16

File Type:pdf, Size:1020Kb

Cyber Warfare: Surviving an Attack 14 Cyber Warfare: Surviving an Attack By Devabhaktuni Srikrishna Cyberspace is a new domain of warfare. Created to minimize the vulnerability of United States communications networks to a crippling nuclear first strike by the Soviet Union, the Internet that was originally envisioned to enhance U.S. security is turning into a battlefield 1 for nations or sub-national groups to launch virally spreading attacks 2 and induce network failures potentially involving critical infrastructure systems.3 Cyber warfare and cyberoffense 4 have been a part of U.S. military operations for decades.5 Treaties and rules of engagement define what is off-limits during a cyberwar.6 The more vulnerable the system is, the more policy is necessary to deter adversarial nations from launching attacks, and vice-versa. Some cyberattacks are analogous to air forces probing one anotherʼs defenses or perhaps to espionage during the Cold War, which occurred though there was no official war and no physical harm. Cyberespionage largest recent cyberattacks in their book, but due to a gap in theory and practice. operations of China, for example, against the United States and its allies Cyber War: The Next Threat to National Organizations are vulnerable to the extent have been going on for years and will Security and What to Do About It. Once a they want to be and to how much they want never really end.7 virus or malware is inadvertently to spend to address vulnerabilities. 14 And downloaded onto a networked personal cyber vulnerabilities can be completely U.S. Air Force General Kevin Chilton, computer (PC) by a user9, the PC can be eliminated -- unlike conventional, nuclear, former Commander-in-Chief of commandeered to perform cyberattacks chemical, or biological which are permanent Strategic Command, has stated that ranging from electronic banking crimes, vulnerabilities due to laws of nature. every computer system fielded by U.S. servicemen is on the front lines of a politically motivated denial of service virtual battlefield.8 Perhaps all people attacks10, email spam11, and click-fraud12. Aside from keeping individual PCs secure should think of their computer systems and virus-free through antivirus software 15 or (PCs, mobile devices, etc) in this The U.S. Government Accountability Office having Internet providers enforce anti-virus manner, not just as a tool for achieving (GAO) offers a taxonomy of different types of policies on their subscribers,16 several tools personal goals but also as a conduit for attacks in “Cybersecurity for Critical with varying degrees of sophistication exist an enemy attack. Infrastructure Protection,”13 – denial of for identifying and policing unusual behavior This survey of cybersecurity literature service, exploits, logic bombs, sniffers, Trojan in real-time – for individual PCs (Bothunter17), explores answers to the question of how horses, viruses, and worms. Attackers also enterprise networks (Damballa 18), federal to secure the Internet from a cyberwar. employ arbitrary combinations of these government networks (Einstein 19), and attacks as part of an integrated attack plan. critical infrastructure (Perfect Citizen 20). The What is Cyberwar and drawback of such systems is that creative Cyberoffense? Causes of Cyber Vulnerability attackers continue to find ways to circumvent them. Software must be constantly updated Richard A. Clarke and Robert Knake In “Cyberwar and Cyberdeterrence,” Martin and will at some point be outdated when the offer a vivid explanation of some of the Libicki points out that system vulnerabilities next threat emerges. do not result from immutable physical laws, THE FEDERATION OF AMERICAN SCIENTISTS www.FAS.org 15 Another option is to eliminate anonymity Who Are the Cyberattackers? 4. When attribution is localized to on the Internet through end-to-end The same Internet that allows for billions a country or on government authentication in order to prevent of dollars in electronic commerce can networks, it may be someone anonymous attackers from carrying out also empower a single mobile device to operating on behalf of what 21 distributed attacks with impunity. control millions of personal computers they perceive to be state While end-to-end authentication may (PC) around the world for electronic interests without clear prevent cyberattacks and identify the crime. Due to its anonymous and highly authorization from the state. culprits, it would result in the loss of scalable nature, the Internet can also be 5. Organized criminals posing as privacy, individual liberties, and split the used as a weapon to disrupt and governments, or “super- Internet into multiple Internets. commandeer essential services that rely patriots” may be attacking in or connect to the Internet. advance of what they perceive As an outstanding example of loss of to be government actions. privacy and violation of individual Cyberattacks can be carried out by liberties, cyberattacks on hospital anyone with the know-how and interest, networks are of particular concern as and in many cases the cost of attacking An example of a cyber attack by a they deal with patient-sensitive data. In is disproportionately small compared to country or nation was revealed when the case of medical records, system the potential damage that can be the group WikiLeaks released a design involves backup and distributed inflicted. Groups involved in planning cache of confidential American storage – attacks that involve data and executing attacks range from diplomatic cables to the New York destruction can be recovered if the nations to individuals. Most nations Times among several other news data is routinely backed up in multiple would probably agree that attribution of organizations. Some of these cables independent locations. The lost data a cyberattack is imperfect – whether it described a computer hacking effort can be made accessible quickly and means identifying the nations involved, against Googleʼs computer system 26 reliably after an attack. But unless sub-groups, or motives. 23 Mistakes in by the Chinese Politburo. stronger data protection measures are attribution due to haste or inaccurate in place, the concern remains that a information can lead to collateral This cyber intrusion was part of a cyber thief can steal sensitive data that damage. global campaign to sabotage the could be used to blackmail people with multinational corporation and carried certain medical conditions. While the GAO summarizes potential out by Chinese operatives and attackers and motivations, 24 the range computer hackers hired by the Similarly there ought to be no critical of possible groups and motives is much Chinese government, according to infrastructure connected to the Internet broader: criminal groups, hackers, news stories about the leaked left vulnerable to cyberattack. Curiously, hacktivists, insiders, intelligence cables. the nuclear power industry, known for its agencies, terrorists, and virus writers. fail-safe engineering in reactor design, is The recent Stuxnet PC virus illustrates a sometimes recognized as better Martin Libicki explained that attribution cyberattack by an anonymous agent. prepared than most other industries to is difficult because: 25 The Stuxnet virus spread via PCs and withstand cyber threats. It does this 1. Cyberattacks can launch from was designed by its authors to infect through upfront planning and design for anywhere, and computers do and then destroy or sabotage the isolated or disconnected operation to not leave physical traces operation of a specific type of CPU avoid the worst-case scenario of a behind. made by Siemens and used for reactor being commandeered by a 2. A rogue employee or sysadmin automated control in electric power hacker, “The safety and control systems presents risks similar to those plants worldwide including in North that operate nuclear power plants are of an attacker within the America, Iran, Pakistan, India, isolated from the Internet and are periphery of a closed system. Indonesia, and Germany. 27 22 protected against outside invasion.” 3. Code within the electronics supplied by third parties can bring down a system at a pre- specified time or in response to some system state. FALL 2010 l PUBLIC INTEREST REPORT 16 Cyber Warfare: Surviving an Attack (conʼd) Articles and weblog posts suggest that change so that the devices would spin engineering design principles in different the U.S. and/or Israel 28 targeted Iranʼs out of control. Ivanka Barzashka, a situations such as end-to-end nuclear program.29 Attribution in the research associate at FAS, was one of authentication, behavioral analysis, Stuxnet case is far from straightforward the first analysts to discover this feature distribution (vs. centralization), backup, – unless a link or evidence is found.30 In of Stuxnet.32] redundant routes (vs. single paths), spite of international politics on nuclear fault-tolerance, diversity of supply proliferation, it is difficult to imagine the The attack was facilitated because (hardware, software, and services), and motive of a country like the U.S. to carry systems deployed worldwide are (1) decoupling from the Internet, might out such a sloppy sabotage attack – standardized on a vendorʼs product so eliminate the worst consequences of especially as the cyberattack affects the virus can replicate and (2) use of most vulnerabilities. reactors in many countries including the proprietary code used in the United States. [Editorʼs Note: As this standardized platform – not benefiting Perhaps the biggest challenge is to article was
Recommended publications
  • Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress
    Order Code RL32114 Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Updated January 29, 2008 Clay Wilson Specialist in Technology and National Security Foreign Affairs, Defense, and Trade Division Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress Summary Cybercrime is becoming more organized and established as a transnational business. High technology online skills are now available for rent to a variety of customers, possibly including nation states, or individuals and groups that could secretly represent terrorist groups. The increased use of automated attack tools by cybercriminals has overwhelmed some current methodologies used for tracking Internet cyberattacks, and vulnerabilities of the U.S. critical infrastructure, which are acknowledged openly in publications, could possibly attract cyberattacks to extort money, or damage the U.S. economy to affect national security. In April and May 2007, NATO and the United States sent computer security experts to Estonia to help that nation recover from cyberattacks directed against government computer systems, and to analyze the methods used and determine the source of the attacks.1 Some security experts suspect that political protestors may have rented the services of cybercriminals, possibly a large network of infected PCs, called a “botnet,” to help disrupt the computer systems of the Estonian government. DOD officials have also indicated that similar cyberattacks from individuals and countries targeting economic,
    [Show full text]
  • A Taxonomy of Computer Worms ∗
    A Taxonomy of Computer Worms ∗ † ‡ § ¶ Nicholas Vern Stuart Robert Weaver Paxson Staniford Cunningham UC Berkeley ICSI Silicon Defense MIT Lincoln Laboratory ABSTRACT 1. INTRODUCTION To understand the threat posed by computer worms, it is A computer worm is a program that self-propagates across necessary to understand the classes of worms, the attackers a network exploiting security or policy flaws in widely-used who may employ them, and the potential payloads. This pa- services. They are not a new phenomenon, having first per describes a preliminary taxonomy based on worm target gained widespread notice in 1988 [16]. discovery and selection strategies, worm carrier mechanisms, We distinguish between worms and viruses in that the worm activation, possible payloads, and plausible attackers latter infect otherwise non-mobile files and therefore require who would employ a worm. some sort of user action to abet their propagation. As such, viruses tend to propagate more slowly. They also have more Categories and Subject Descriptors mature defenses due to the presence of a large anti-virus industry that actively seeks to identify and control their D.4.6 [Operating Systems]: Security and Protection—In- spread. vasive Software We note, however, that the line between worms and viruses is not all that sharp. In particular, the contagion worms General Terms discussed in Staniford et al [47] might be considered viruses Security by the definition we use here, though not of the traditional form, in that they do not need the user to activate them, but Keywords instead they hide their spread in otherwise unconnected user activity. Thus, for ease of exposition, and for scoping our computer worms, mobile malicious code, taxonomy, attack- analysis, we will loosen our definition somewhat and term ers, motivation malicious code such as contagion, for which user action is not central to activation, as a type of worm.
    [Show full text]
  • "New Energy Economy": an Exercise in Magical Thinking
    REPORT | March 2019 THE “NEW ENERGY ECONOMY”: AN EXERCISE IN MAGICAL THINKING Mark P. Mills Senior Fellow The “New Energy Economy”: An Exercise in Magical Thinking About the Author Mark P. Mills is a senior fellow at the Manhattan Institute and a faculty fellow at Northwestern University’s McCormick School of Engineering and Applied Science, where he co-directs an Institute on Manufacturing Science and Innovation. He is also a strategic partner with Cottonwood Venture Partners (an energy-tech venture fund). Previously, Mills cofounded Digital Power Capital, a boutique venture fund, and was chairman and CTO of ICx Technologies, helping take it public in 2007. Mills is a regular contributor to Forbes.com and is author of Work in the Age of Robots (2018). He is also coauthor of The Bottomless Well: The Twilight of Fuel, the Virtue of Waste, and Why We Will Never Run Out of Energy (2005). His articles have been published in the Wall Street Journal, USA Today, and Real Clear. Mills has appeared as a guest on CNN, Fox, NBC, PBS, and The Daily Show with Jon Stewart. In 2016, Mills was named “Energy Writer of the Year” by the American Energy Society. Earlier, Mills was a technology advisor for Bank of America Securities and coauthor of the Huber-Mills Digital Power Report, a tech investment newsletter. He has testified before Congress and briefed numerous state public-service commissions and legislators. Mills served in the White House Science Office under President Reagan and subsequently provided science and technology policy counsel to numerous private-sector firms, the Department of Energy, and U.S.
    [Show full text]
  • Wikileaks and the Institutional Framework for National Security Disclosures
    THE YALE LAW JOURNAL PATRICIA L. BELLIA WikiLeaks and the Institutional Framework for National Security Disclosures ABSTRACT. WikiLeaks' successive disclosures of classified U.S. documents throughout 2010 and 2011 invite comparison to publishers' decisions forty years ago to release portions of the Pentagon Papers, the classified analytic history of U.S. policy in Vietnam. The analogy is a powerful weapon for WikiLeaks' defenders. The Supreme Court's decision in the Pentagon Papers case signaled that the task of weighing whether to publicly disclose leaked national security information would fall to publishers, not the executive or the courts, at least in the absence of an exceedingly grave threat of harm. The lessons of the PentagonPapers case for WikiLeaks, however, are more complicated than they may first appear. The Court's per curiam opinion masks areas of substantial disagreement as well as a number of shared assumptions among the Court's members. Specifically, the Pentagon Papers case reflects an institutional framework for downstream disclosure of leaked national security information, under which publishers within the reach of U.S. law would weigh the potential harms and benefits of disclosure against the backdrop of potential criminal penalties and recognized journalistic norms. The WikiLeaks disclosures show the instability of this framework by revealing new challenges for controlling the downstream disclosure of leaked information and the corresponding likelihood of "unintermediated" disclosure by an insider; the risks of non-media intermediaries attempting to curtail such disclosures, in response to government pressure or otherwise; and the pressing need to prevent and respond to leaks at the source. AUTHOR.
    [Show full text]
  • Strategies of Computer Worms
    304543_ch09.qxd 1/7/05 9:05 AM Page 313 CHAPTER 9 Strategies of Computer Worms “Worm: n., A self-replicating program able to propagate itself across network, typically having a detrimental effect.” —Concise Oxford English Dictionary, Revised Tenth Edition 313 304543_ch09.qxd 1/7/05 9:05 AM Page 314 Chapter 9—Strategies of Computer Worms 9.1 Introduction This chapter discusses the generic (or at least “typical”) structure of advanced computer worms and the common strategies that computer worms use to invade new target systems. Computer worms primarily replicate on networks, but they represent a subclass of computer viruses. Interestingly enough, even in security research communities, many people imply that computer worms are dramatically different from computer viruses. In fact, even within CARO (Computer Antivirus Researchers Organization), researchers do not share a common view about what exactly can be classified as a “worm.” We wish to share a common view, but well, at least a few of us agree that all computer worms are ultimately viruses1. Let me explain. The network-oriented infection strategy is indeed a primary difference between viruses and computer worms. Moreover, worms usually do not need to infect files but propagate as standalone programs. Additionally, several worms can take con- trol of remote systems without any help from the users, usually exploiting a vul- nerability or set of vulnerabilities. These usual characteristics of computer worms, however, do not always hold. Table 9.1 shows several well-known threats. Table
    [Show full text]
  • Wikileaks, the First Amendment and the Press by Jonathan Peters1
    WikiLeaks, the First Amendment and the Press By Jonathan Peters1 Using a high-security online drop box and a well-insulated website, WikiLeaks has published 75,000 classified U.S. documents about the war in Afghanistan,2 nearly 400,000 classified U.S. documents about the war in Iraq,3 and more than 2,000 U.S. diplomatic cables.4 In doing so, it has collaborated with some of the most powerful newspapers in the world,5 and it has rankled some of the most powerful people in the world.6 President Barack Obama said in July 2010, right after the release of the Afghanistan documents, that he was “concerned about the disclosure of sensitive information from the battlefield.”7 His concern spread quickly through the echelons of power, as WikiLeaks continued in the fall to release caches of classified U.S. documents. Secretary of State Hillary Clinton condemned the slow drip of diplomatic cables, saying it was “not just an attack on America's foreign policy interests, it [was] an attack on the 1 Jonathan Peters is a lawyer and the Frank Martin Fellow at the Missouri School of Journalism, where he is working on his Ph.D. and specializing in the First Amendment. He has written on legal issues for a variety of newspapers and magazines, and now he writes regularly for PBS MediaShift about new media and the law. E-mail: [email protected]. 2 Noam N. Levey and Jennifer Martinez, A whistle-blower with global resonance; WikiLeaks publishes documents from around the world in its quest for transparency, L.A.
    [Show full text]
  • Communication & Media Studies
    COMMUNICATION & MEDIA STUDIES BOOKS FOR COURSES 2011 PENGUIN GROUP (USA) Here is a great selection of Penguin Group (usa)’s Communications & Media Studies titles. Click on the 13-digit ISBN to get more information on each title. n Examination and personal copy forms are available at the back of the catalog. n For personal service, adoption assistance, and complimentary exam copies, sign up for our College Faculty Information Service at www.penguin.com/facinfo 2 COMMUNICaTION & MEDIa STUDIES 2011 CONTENTS Jane McGonigal Mass Communication ................... 3 f REality IS Broken Why Games Make Us Better and Media and Culture .............................4 How They Can Change the World Environment ......................................9 Drawing on positive psychology, cognitive sci- ence, and sociology, Reality Is Broken uncov- Decision-Making ............................... 11 ers how game designers have hit on core truths about what makes us happy and uti- lized these discoveries to astonishing effect in Technology & virtual environments. social media ...................................13 See page 4 Children & Technology ....................15 Journalism ..................................... 16 Food Studies ....................................18 Clay Shirky Government & f CognitivE Surplus Public affairs Reporting ................. 19 Creativity and Generosity Writing for the Media .....................22 in a Connected age Reveals how new technology is changing us from consumers to collaborators, unleashing Radio, TElEvision, a torrent
    [Show full text]
  • LGST 642X Q2 2016 Syllabus 101816
    LGST 642x Big Data, Big Responsibilities: The Law and Ethics of Business Analytics Q2 2016 | MW 10:30am-12pm | JMHH F65 Overview Significant technologies always have unintended consequences, and their effects are never neutral. A world of ubiquitous data, subject to ever more sophisticated collection, aggregation, analysis, and use, creates massive opportunities for both financial gain and social good. It also creates dangers in areas such as privacy and discrimination, as well as simple hubris about the effectiveness of management by algorithm. This course introduces students to the legal, policy, and ethical dimensions of big data, predictive analytics, and related techniques. It then examines responses—both private and governmental—that may be employed to address these concerns. Instructor Associate Professor Kevin Werbach Department of Legal Studies and Business Ethics 673 Huntsman Hall (215) 898-1222 [email protected] (best way to reach me) Office Hours: Monday 12:30-2pm, or by appointment Learning Objectives Good data-driven decision-making means not just generating solutions, but understanding how to use them. Some of the most sophisticated firms in terms of data science expertise have already gotten into trouble over concerns about privacy, security, manipulation, and discrimination. Failure to anticipate such issues can result in ethical lapses, public relations disasters, regulatory sanctions, and even legal liability. My goal is to help you develop the skills to use analytics in the most responsible way, while remaining focused on your business objectives. After completion of the course, you should be able to: 1. Identify where algorithms depend on human judgments or assumptions. 2.
    [Show full text]
  • An Oft Overlooked Response Option to Hostile Cyber Operations
    The Plea of Necessity: An Oft Overlooked Response Option to Hostile Cyber Operations Louise Arimatsu and Michael N. Schmitt 97 INT’L L. STUD. 1171 (2021) Volume 97 2021 Published by the Stockton Center for International Law ISSN 2375-2831 The Plea of Necessity Vol. 97 The Plea of Necessity: An Oft Overlooked Response Option to Hostile Cyber Operations Louise Arimatsu∗ and Michael N. Schmitt∗∗ CONTENTS I. Introduction ........................................................................................... 1172 II. Uncertainty and Limitations in the Law of Self-Defense ............... 1175 III. Uncertainty and Limitations in the Law of Countermeasures ....... 1179 IV. Necessity as a Response Option ......................................................... 1181 A. Threshold .................................................................................... 1183 B. Limitations................................................................................... 1191 C. Assistance by Other States? ...................................................... 1194 D. Geography ................................................................................... 1197 V. Concluding Thoughts ........................................................................... 1198 ∗ Distinguished Policy Fellow, Centre for Women, Peace and Security, London School of Economics. ∗∗ Professor of International Law, University of Reading; Francis Lieber Distinguished Scholar, U.S. Military Academy at West Point; Charles H. Stockton Distinguished Scholar- in-Residence,
    [Show full text]
  • Stuxnet, Schmitt Analysis, and the Cyber “Use-Of-Force” Debate
    Members of International Telecommunications Union and UN Institute for Training and Research confer on cyber security UN (Jean-Marc Ferré) UN (Jean-Marc Stuxnet, Schmitt Analysis, and the Cyber “Use-of-Force” Debate By ANDREW C. FOLTZ All Members shall refrain in ne of the many seemingly advance the specific criteria states will use in intractable legal issues sur- making such determinations. their international relations rounding cyberspace involves As discussed in this article, several ana- from the threat or use of force O whether and when peacetime lytic frameworks have been developed to help against the territorial integ- cyber operations constitute a prohibited use of assess when cyber operations constitute a use force under Article 2(4) of the United Nations of force.3 One conclusion these frameworks rity or political independence (UN) Charter. Notwithstanding a significant share is that cyber operations resulting in of any state, or in any other body of scholarly work on this topic and physical damage or injury will almost always manner inconsistent with extensive real-world examples from which to be regarded as a use of force. When these draw, there is no internationally recognized frameworks were developed, however, there the Purposes of the United definition of a use of force.2 Rather, what has were few, if any, examples of peacetime, state- Nations. emerged is a general consensus that some sponsored cyber coercion. More importantly, cyber operations will constitute a use of force, the prospect of cyber attacks causing physical —Article 2(4), Charter of the but that it may not be possible to identify in damage was largely theoretical.4 Beginning United Nations1 Lieutenant Colonel Andrew C.
    [Show full text]
  • Compromised by Design? Securing the Defense Electronics Supply Chain
    Compromised By Design? Securing the Defense Electronics Supply Chain John Villasenor November 2013 Executive Summary Electronic “chips” are found everywhere—not just in critical defense systems, but John Villasenor is a also in the broader infrastructure for power, finance, communications, and nonresident senior fellow transportation. All of these systems function effectively only when the electronic in Governance Studies circuits at their heart can be trusted to operate as intended. and the Center for Technology Innovation at Brookings. He is also a Unfortunately, ensuring trust has become much more difficult in recent years. professor of electrical Concern over the growth of counterfeit electronics (parts that have been harvested from discarded systems, relabeled, and sold as new to unsuspecting buyers) has engineering and public 1 policy at UCLA. grown in recent years. These parts can fail prematurely, with potentially disastrous consequences. Thanks to recent congressional attention, improved detection methods, and heightened screening requirements for parts destined for defense systems, however, the threat of counterfeits is being actively addressed. Yet the supply chain is almost completely unprotected against a threat that may turn out to be more significant in the long term: Chips could be intentionally compromised during the design process, before they are even manufactured. If placed into the design with sufficient skill, these built-in vulnerabilities would be extremely difficult to detect during testing. And, they could be exploited months or years later to disrupt—or exfiltrate data from—a system containing the compromised chip. As chips have gotten more complex and design teams have grown larger and more globalized, the opportunities to insert hidden malicious functionality have increased.
    [Show full text]
  • The New Investor Tom C.W
    The New Investor Tom C.W. Lin EVIEW R ABSTRACT A sea change is happening in finance. Machines appear to be on the rise and humans on LA LAW LA LAW the decline. Human endeavors have become unmanned endeavors. Human thought and UC human deliberation have been replaced by computerized analysis and mathematical models. Technological advances have made finance faster, larger, more global, more interconnected, and less human. Modern finance is becoming an industry in which the main players are no longer entirely human. Instead, the key players are now cyborgs: part machine, part human. Modern finance is transforming into what this Article calls cyborg finance. This Article offers one of the first broad, descriptive, and normative examinations of this sea change and its wide-ranging effects on law, society, and finance. The Article begins by placing the rise of artificial intelligence and computerization in finance within a larger social context. Next, it explores the evolution and birth of a new investor paradigm in law precipitated by that rise. This Article then identifies and addresses regulatory dangers, challenges, and consequences tied to the increasing reliance on artificial intelligence and computers. Specifically, it warns of emerging financial threats in cyberspace, examines new systemic risks linked to speed and connectivity, studies law’s capacity to govern this evolving financial landscape, and explores the growing resource asymmetries in finance. Finally, drawing on themes from the legal discourse about the choice between rules and standards, this Article closes with a defense of humans in an uncertain financial world in which machines continue to rise, and it asserts that smarter humans working with smart machines possess the key to better returns and better futures.
    [Show full text]