Cyber Warfare: Surviving an Attack
Total Page:16
File Type:pdf, Size:1020Kb
14 Cyber Warfare: Surviving an Attack By Devabhaktuni Srikrishna Cyberspace is a new domain of warfare. Created to minimize the vulnerability of United States communications networks to a crippling nuclear first strike by the Soviet Union, the Internet that was originally envisioned to enhance U.S. security is turning into a battlefield 1 for nations or sub-national groups to launch virally spreading attacks 2 and induce network failures potentially involving critical infrastructure systems.3 Cyber warfare and cyberoffense 4 have been a part of U.S. military operations for decades.5 Treaties and rules of engagement define what is off-limits during a cyberwar.6 The more vulnerable the system is, the more policy is necessary to deter adversarial nations from launching attacks, and vice-versa. Some cyberattacks are analogous to air forces probing one anotherʼs defenses or perhaps to espionage during the Cold War, which occurred though there was no official war and no physical harm. Cyberespionage largest recent cyberattacks in their book, but due to a gap in theory and practice. operations of China, for example, against the United States and its allies Cyber War: The Next Threat to National Organizations are vulnerable to the extent have been going on for years and will Security and What to Do About It. Once a they want to be and to how much they want never really end.7 virus or malware is inadvertently to spend to address vulnerabilities. 14 And downloaded onto a networked personal cyber vulnerabilities can be completely U.S. Air Force General Kevin Chilton, computer (PC) by a user9, the PC can be eliminated -- unlike conventional, nuclear, former Commander-in-Chief of commandeered to perform cyberattacks chemical, or biological which are permanent Strategic Command, has stated that ranging from electronic banking crimes, vulnerabilities due to laws of nature. every computer system fielded by U.S. servicemen is on the front lines of a politically motivated denial of service virtual battlefield.8 Perhaps all people attacks10, email spam11, and click-fraud12. Aside from keeping individual PCs secure should think of their computer systems and virus-free through antivirus software 15 or (PCs, mobile devices, etc) in this The U.S. Government Accountability Office having Internet providers enforce anti-virus manner, not just as a tool for achieving (GAO) offers a taxonomy of different types of policies on their subscribers,16 several tools personal goals but also as a conduit for attacks in “Cybersecurity for Critical with varying degrees of sophistication exist an enemy attack. Infrastructure Protection,”13 – denial of for identifying and policing unusual behavior This survey of cybersecurity literature service, exploits, logic bombs, sniffers, Trojan in real-time – for individual PCs (Bothunter17), explores answers to the question of how horses, viruses, and worms. Attackers also enterprise networks (Damballa 18), federal to secure the Internet from a cyberwar. employ arbitrary combinations of these government networks (Einstein 19), and attacks as part of an integrated attack plan. critical infrastructure (Perfect Citizen 20). The What is Cyberwar and drawback of such systems is that creative Cyberoffense? Causes of Cyber Vulnerability attackers continue to find ways to circumvent them. Software must be constantly updated Richard A. Clarke and Robert Knake In “Cyberwar and Cyberdeterrence,” Martin and will at some point be outdated when the offer a vivid explanation of some of the Libicki points out that system vulnerabilities next threat emerges. do not result from immutable physical laws, THE FEDERATION OF AMERICAN SCIENTISTS www.FAS.org 15 Another option is to eliminate anonymity Who Are the Cyberattackers? 4. When attribution is localized to on the Internet through end-to-end The same Internet that allows for billions a country or on government authentication in order to prevent of dollars in electronic commerce can networks, it may be someone anonymous attackers from carrying out also empower a single mobile device to operating on behalf of what 21 distributed attacks with impunity. control millions of personal computers they perceive to be state While end-to-end authentication may (PC) around the world for electronic interests without clear prevent cyberattacks and identify the crime. Due to its anonymous and highly authorization from the state. culprits, it would result in the loss of scalable nature, the Internet can also be 5. Organized criminals posing as privacy, individual liberties, and split the used as a weapon to disrupt and governments, or “super- Internet into multiple Internets. commandeer essential services that rely patriots” may be attacking in or connect to the Internet. advance of what they perceive As an outstanding example of loss of to be government actions. privacy and violation of individual Cyberattacks can be carried out by liberties, cyberattacks on hospital anyone with the know-how and interest, networks are of particular concern as and in many cases the cost of attacking An example of a cyber attack by a they deal with patient-sensitive data. In is disproportionately small compared to country or nation was revealed when the case of medical records, system the potential damage that can be the group WikiLeaks released a design involves backup and distributed inflicted. Groups involved in planning cache of confidential American storage – attacks that involve data and executing attacks range from diplomatic cables to the New York destruction can be recovered if the nations to individuals. Most nations Times among several other news data is routinely backed up in multiple would probably agree that attribution of organizations. Some of these cables independent locations. The lost data a cyberattack is imperfect – whether it described a computer hacking effort can be made accessible quickly and means identifying the nations involved, against Googleʼs computer system 26 reliably after an attack. But unless sub-groups, or motives. 23 Mistakes in by the Chinese Politburo. stronger data protection measures are attribution due to haste or inaccurate in place, the concern remains that a information can lead to collateral This cyber intrusion was part of a cyber thief can steal sensitive data that damage. global campaign to sabotage the could be used to blackmail people with multinational corporation and carried certain medical conditions. While the GAO summarizes potential out by Chinese operatives and attackers and motivations, 24 the range computer hackers hired by the Similarly there ought to be no critical of possible groups and motives is much Chinese government, according to infrastructure connected to the Internet broader: criminal groups, hackers, news stories about the leaked left vulnerable to cyberattack. Curiously, hacktivists, insiders, intelligence cables. the nuclear power industry, known for its agencies, terrorists, and virus writers. fail-safe engineering in reactor design, is The recent Stuxnet PC virus illustrates a sometimes recognized as better Martin Libicki explained that attribution cyberattack by an anonymous agent. prepared than most other industries to is difficult because: 25 The Stuxnet virus spread via PCs and withstand cyber threats. It does this 1. Cyberattacks can launch from was designed by its authors to infect through upfront planning and design for anywhere, and computers do and then destroy or sabotage the isolated or disconnected operation to not leave physical traces operation of a specific type of CPU avoid the worst-case scenario of a behind. made by Siemens and used for reactor being commandeered by a 2. A rogue employee or sysadmin automated control in electric power hacker, “The safety and control systems presents risks similar to those plants worldwide including in North that operate nuclear power plants are of an attacker within the America, Iran, Pakistan, India, isolated from the Internet and are periphery of a closed system. Indonesia, and Germany. 27 22 protected against outside invasion.” 3. Code within the electronics supplied by third parties can bring down a system at a pre- specified time or in response to some system state. FALL 2010 l PUBLIC INTEREST REPORT 16 Cyber Warfare: Surviving an Attack (conʼd) Articles and weblog posts suggest that change so that the devices would spin engineering design principles in different the U.S. and/or Israel 28 targeted Iranʼs out of control. Ivanka Barzashka, a situations such as end-to-end nuclear program.29 Attribution in the research associate at FAS, was one of authentication, behavioral analysis, Stuxnet case is far from straightforward the first analysts to discover this feature distribution (vs. centralization), backup, – unless a link or evidence is found.30 In of Stuxnet.32] redundant routes (vs. single paths), spite of international politics on nuclear fault-tolerance, diversity of supply proliferation, it is difficult to imagine the The attack was facilitated because (hardware, software, and services), and motive of a country like the U.S. to carry systems deployed worldwide are (1) decoupling from the Internet, might out such a sloppy sabotage attack – standardized on a vendorʼs product so eliminate the worst consequences of especially as the cyberattack affects the virus can replicate and (2) use of most vulnerabilities. reactors in many countries including the proprietary code used in the United States. [Editorʼs Note: As this standardized platform – not benefiting Perhaps the biggest challenge is to article was