Title: Preparing for a Cyber Attack
1Preparingfor a Cyber Attack
Countdown to eDay!
By Kevin G. Coleman
2Introduction
- The world has awakened to a new threat. China,
Russia and North Korea's test of a cyber weapon,
Iran's cyber weapon ambitions, the renewed
defense industrys emphasis on the use of
computers as a weapon have all combined to
accelerate the rate of development of what Ive
called the most destructive weapon on the
planet. The proliferation of cyber weapons has
exploded and estimates suggest that over 70 of
countries will have at least a basic level cyber
weapon by the end of 2008.
3The China Syndrome
4A Bit of History
- Back in 1998 when I was Chief Strategist of
Netscape, I became aware of an international
movement that was designed to create software
that could be used for criminal activity as well
as disrupt Internet activity. That was when I
began to research what we are now calling cyber
warfare.
5Cyber Warfare Cyber Terrorism
- Cyber Warfare and Terrorism is one of the
fifteen modalities of UnRestricted Warfare (URW)
also called asymmetric warfare. - Cyber Warfare Terrorism
- The premeditated use of disruptive activities,
or the threat thereof, against computers and/or
networks, with the intention to cause harm or
further social, ideological, religious, political
or similar objectives. Or to intimidate any
person in furtherance of such objectives.
Source U.S. Army Cyber Operations and Cyber
Terrorism Handbook 1.02
6Counterfeit Hardware
- February 2008 - U.S. Customs and Border
Protection Assistant Commissioner for the Office
of International Trade Dan Baldwin and
Director-General Robert Verrue, European
Commission Tax and Customs Directorate, today
announced the results of Operation
Infrastructure, which took place last November
and December. - The Operation resulted in the seizure of more
than 360,000 counterfeit integrated circuits and
computer network components bearing more than 40
different trademarks.
7Counterfeit Hardware
February 2008 The Feds have confiscated more
than 75 million of counterfeit Cisco networking
gear. The announcement is in a progress report on
a two-year-old investigation, code named
Operation Cisco Raider. In most cases the fake
gear was made in China and imported into the
United States where unethical resellers passed it
off as legit.
8Impact of a Cyber War
- Of those who do perform what we consider daily
activities online, more than half say they go
online every day or several times a week to
perform those activities. - There are about 93 billion emails are sent per
day that will not go through. - Millions of VoIP calls per day will not go
through. - Over 200 million Google searches per day will not
get done. - A reported 33 of Internet users say they make
eCommerce transactions daily.
9Impact of a Cyber War
- Some 88 of online user say the Internet plays a
role in their daily routines. - Some 40 of Internet users who get the news
online say they log on daily. - Some 25 of the online weather bugs will check
weather daily. - Some 20 of online sports fans check sports
scores daily.
10A Recent Poll
How prepared is the U.S. for a cyber attack?
Source A collaborative effort between
DefenseTech.Org and theTechnolytics Institute
with nearly 1,000 respondents to the poll.
11Impact of a Cyber War
12Impact of a Cyber War
Billion
U.S. Retail eCommerce Sales
Thats 425 million a day.
13Cyber Media Warfare
One can only imagine the psychological impact on
the viewers that witnessed this prank. The TV
channel CT2 said that they received frantic phone
calls from viewers who thought a nuclear war had
started.
http//www.youtube.com/watch?vMzaN2x8qXcM
14Think About This
- What if the Internet went away
- For a day
- A week
- A month
- No eMails
- No BlackBerrys
- No eCommerce
Virtual business services of all sorts,
accounting, payroll and even sales would come to
a halt, as would many companies.
15The worst thing to do -
- There is no doubt today that VoIP is taking over
the telecom market, and every month increases
penetration into business, government and the
consumer sectors. - Almost two-thirds of large organizations in North
America will be using VoIP products and services
by year end. - Small Business VoIP adoption will grow to 3
million by 2010. Revenues are projected to reach
2 billion. - Consumer VoIP adoption will drive wholesale VoIP
revenues to 3.8 billion by 2010.
16Cyber Weapons Proliferation
- The cost to develop this new class of weapon is
within reach of any country, any extremist group,
any criminal organization and tens-of-millions of
individuals The raw materials needed to construct
cyber weapons are not restricted and are widely
available. We now have a weapon that can strike
at the speed of light, it can be launched from
anywhere in the world, and it can target anywhere
in the world. This briefing will provide an
understanding of the current state of cyber
weapons, current defenses and a unique look at
what the future cyber warfare scenario might
encompass.
17Your Cyber Attack IQ Test
- If I can give you three pieces of intelligence
you did not have before, would you agree this
briefing provided value? - What does EPFC and TEDs stand for?
- How many of you address CBRNE in you contingency
plans? - Why should your organizations have supply-chain
integrated into the security program? -
18 Modern Weapons Economics
1.5 to 2 billion
80 to 120 million
1 to 2 million
300 to 50,000
19Find the Weapons Facility
Nuclear Weapons Facility
Cyber Weapons Facility
Wheres the Cyber Weapons Facility?
20Cyber Weapons Proliferation
21Cyber Arms Dealers
- RBN and their support units provide scripts and
executables to make cyber weapons undetectable by
antivirus software. Every time a copy of the
cyber weapon is generated, it looks different to
the anti-virus engines and it often goes
undetected. The modularization of delivery
platform and malicious instructions is a growing
design in cyber weapons. RBNs cyber weapons are
very popular and powerful. In June 2007, one was
used by a single person to attack and compromise
over 10,000 websites in a single assault.
Did you know RBN leases use/capacity on their 150
million node BotNet?
22Cyber Weapons Evolution
BasicResearch
AppliedResearch
EarlyAdopters
Rapid Advancement
Significant Threat
Low High
1994 1998 2002 2004 2008
2012 2016
23Interesting Quote
- NATO's cyber defense chief has warned that
computer-based terrorism poses the same threat to
national security as a missile attack. He went on
to say that Cyber war can become a very
effective global problem because it is low-risk,
low-cost, highly effective and easily globally
deployable. It is almost an ideal weapon that
nobody can ignore. - Using this as a framework, we can put into
context the evolving architecture for cyber
weapons.
24Cyber Weapons Design
- Cyber Weapon Architecture
- A missile is comprised of three basic elements.
The first is a delivery vehicle (rocket engine),
followed by a navigations system (tells it how to
get to the target) and finally the payload (the
component that causes harm). As it turns out,
the same three elements now appear in the design
of cyber weapons.
25Cyber Weapons Design
- Cyber Weapon Delivery Vehicle
- There are numerous methods of delivering cyber
weapons to their targets. Emails with malicious
code embedded or attached is one mechanism of
delivery. Another delivery vehicle is web sites
that can have malicious links and downloads.
Hacking is a manually delivery vehicle that
allows a cyber soldier to place the malicious
payload on a target computer, system or network.
Counterfeit hardware, software and electronic
components can also be used as delivery vehicles
for cyber weapons.
26Cyber Weapons Design
- Cyber Weapon Delivery Vehicle
- Just as a navigation system guides a missile, it
allows the malicious payload to reach a specific
point inside a computer, system or network.
System vulnerabilities are the primary navigation
systems used in cyber weapons. Vulnerabilities
in software and computer system configurations
provide entry points for the payload of a cyber
weapon. These security exposures in operating
systems or other software or applications allow
for exploitation and compromise. Exploitation
of these vulnerabilities may allow unauthorized
remote access and control over the system.
27Cyber Weapons Design
- Cyber Weapon Delivery Vehicle
- The payload of a missile is sometimes called a
warhead and is packed with some type of
explosive. In a cyber weapon the payload could
be a program that copies information off of the
computer and sends it to an external source. It
can also be a program that begins to ease or
alter information stored on the system. Finally,
it can allow remote access so that the computer
can be controlled or directed over the internet.
A bot (a component of a botnet) is a great
example of a payload that allows remote use of
the computer by an unauthorized individual or
organization.
28Cyber Weapons Design
- Cyber Weapon Architecture
- This three element architecture demonstrates
how advanced and sophisticated cyber weapons are
becoming. The architecture creates reusability
and reconfiguration of all three components. As
one software or system vulnerability is
discovered, reported and patched, that component
can be removed and replaced while the other two
components are still viable. This not only
creates flexibility but also significantly
increase the productivity of the cyber weapons
developers.
29Conclusion
- Our nation is increasingly vulnerable to cyber
attacks that could have catastrophic effects on
critical infrastructure as well as severely
damage the countrys economy. Whether the attack
is focused on stealing our business and
technology secrets, disrupting our financial
systems or worse, the threat is real. Countries,
terrorists and extremists around the world are
developing and implementing cyber warfare
doctrine, strategies and weapons.
30Conclusion
- The Cold War may be over, but the cyber arms
race has just begun. The threat is eminent. We
must rapidly develop offensive and defensive
cyber weapons capabilities as well as the
military doctrine and regeulations necessary to
govern their use. In the cyber arms race we
cannot finish anyplace but first.
31QUESTIONS
32Biography
- Kevin G. Coleman is a Senior Fellow and
Strategic Management Consultant with the
Technolytics Institute. He is the former Chief
Strategist of Netscape and was a member for the
Science and Technology Advisory Panel at the
Johns Hopkins University Applied Physics Lab. He
has briefed defense contractors and other
organization on cyber warfare and is a highly
published professional covering cyber security
and writes regularly for Eye Spy Magazine and
authors the Cyber Warfare Blog for DefenTech.org.
- The Technolytics Institute
- 4017 Washington Road
- Mail Stop 348
- McMurray, PA 15317
- P 412-818-7656
- F 412-291-1193
- I www.technolytics.com
- E kgcolman_at_technolytics.com