6 D’s Of Cyberwar

Cybersecurity
Popular Science had a interesting article that spelled out the six D’s of Cyberwar:



On the offensive side, you want to destroy, deny, degrade, disrupt, and deceive.



“Unlike World War II code breaking, cyber attacks offer the potential to not just read the enemy’s radio, but to seize control of the radio itself.”



– Step 1: Infiltrate the enemy’s networks and communications and gather/exfiltrate information.



– Step 2:  Compromise the enemy’s information either by:



1) Corrupting the enemy’s information, planting misinformation, sewing erroneous reports, and causing poor decision-making. 

2) Taking control of their networks, disabling or jamming them, and disrupting their command and control or harming their critical infrastructure and causing mass confusion, destruction, and death.



Examples are “not merely to destroy the enemy’s tanks, but to make them drive in circles–or even attack each other” or to cyber attack an enemies control systems for electricity, dams, transportation, banking, and so on. 

With the ability to steal information, sow misinformation, seize control, or even stop the information flow altogether, cyberwar is not just another weapon in our arsenal, but “a tool to help achieve the goals of any given operation.”



On the flip side, you want to defend against the enemy’s use of cyberspace to hurt us.



We need to continue to get serious about cyberwarfare and cybersecurity and become the masters in the information domain, and quickly. 😉



(Source Photo: Andy Blumenthal)

Biowarfare: A Fight At The Molecular Level

Roman_soldiers_guards

There is a fascinating article in The Atlantic (November 2012) on an emerging bioweapons storm that is brewing that could be used in a decapitation strike to harm anyone, even the President of the United States. 

Advances in genetic engineering, biotechnology, and synthetic biology (Synbio) has been seen from decoding human DNA to the development of “magic bullets”, personalized viral therapies that can target and destroy cancer cells.

However, just as most things can be used for good or evil–so too, can this biotechnology be used to target and destroy cancerous cells or perversely to attack healthy ones.

Bioweapons could be targeted to various parts of the body or brain to cause blindness, memory loss, or death itself. More subtly, it can be used to “fabricate evidence” of affairs, crimes, “cast doubt” as to birthplace or heritage, or as supposed markers for genetic diseases, and even mental disability. 

Moreover, while bioweapons of mass destruction can destroy virtually entire civilizations, personalized bioweapons can be engineered based on the manipulation of a specific person’s DNA to attack that person–then just like a sniper, it becomes one shot, one (targeted) kill. 

Personalized bioweapons can be silent and deadly, difficult to detect, hard to pin on a source, and may even be confused with death by natural causes. 

And the cost is coming down…cell-culturing gear “can be had on eBay for as little as $10,000” or “cobbled together for less than $1,000.”

Even non-weaponized use of this technology, can be extremely dangerous. For example, Synbio, can be used to “cut and paste” genetic code from one species to another, can be mixed from multiple species, and new creatures can be created altogether–all this potentially leading to frightening scenarios of “undesired cross-breeding with other organisms, uncontrolled proliferation, crowding out existing species, and threats to biodiversity.” 

Already, “forty nations now host synbio research” and “The Beijing Genomics Institute…is the largest genomic research organization in the world.”

The article speaks to various approaches to counter the personalized bioweapons threat including scientific task forces, bio-detectors, “Clean DNA” (as biological backup system), conducting biological war games, and open/crowdsourcing for solutions. 

It seems clear that the answers of how to defend against these emerging threats are not as good as the questions raised by them–and we will need to be vigilant and fast-track R&D in these areas, as we are still vulnerable. 

Further, I see some similarities between bioweapons, cyberweapons, and even legions of attack drones/droids, as all areas that are non-conventional and developing quickly and quite lethally. 

Unfortunately, we can’t just put on a coat of armor and be safe from attacks at the molecular level, or from malicious code seeking to cripple our national critical infrastructure, or from robots that can stream across a battlespace attacking without fear, pain, or tiring. 

There is no simple paradigm for killing anymore and we better let our imaginations run wild, so we can figure out new ways to protect everyone–from the President and on down to us all.

(Source Photo: Andy Blumenthal)

Amazing Internet Statistics 2012

Star_wars

So what happens in only 1 minute on the Internet–this cool magazine Ideas and Discoveries (October 2012) provides some amazing examples:

– Information Sharing–639,800 gigabytes of data are exchanged

– Information Generation–6 new Wikipedia articles are created

– Information Visualization–20,000,000 photo looked at on Flickr

– eMail–204,000,000 emails are sent

– eCommerce–$83,000 of sales on Amazon

– Social Networking–320 new users on Twitter and 100 on LinkedIn (wonder how many for Facebook…)

– Cyber Crime–20 new victims of identity theft

And in the same month, Harvard Business Review reported on the growing significance to commerce with the Internet contributing to GDP (in 2010) as much as:

– 8.3% in the UK

– 7.3% in South Korea

– 5.5% in China

– 4.7% in the US

– 4.7% in Japan

– 4.1% in India

Moreover in HBR, this is what was reported that people are willing to give up instead of the Internet for a year–and the numbers are pretty startling–check this out:

– 91% of UK would give up fast food

– 89% of Indonesians would give up smoking

– 86% of Japanese would give up chocolate

– 85% of Chinese would give up coffee

– 78% of Indonesians would give up their shower

– 60% of Japanese would give up exercise

– 56% of Chinese would give up their car

– 56% of Japanese would give up sex–go figure! 😉

While this is all sort of light, there is also a very seriousness dimension to this. For example, in the Wall Street Journal today, it quotes Secretary of Defense, Leon Paneta warning that with Iran’s digital assault on the U.S., the concerns of cyberwar are growing with the SecDef going so far as to say “Is there a cyberwar going on? It depends on how you define war.”

Yes, the Internet is amazing for so many reasons and we can’t take it for granted–we need to be vigilant and defend the Internet (cyber) with the same zeal and commitment as the other domains of war–land, sea, and air–all are vital to national security and for the preservation of life, liberty, and the pursuit of happiness.

This is a lesson we need to learn quickly and decisively–before the old Star Wars is passe and cyberwar turns deadly.

Existential Threats–Real or Imagined

Should we worry about something that hasn’t happened to us yet?

Wired Magazine (Sept. 2012) has an interesting article called Apocalypse Not.

Its thesis is that “people freak out over end-of-the world scenarios” and they should know better because despite all the fear and predictions of catastrophe, nothing ever really happens.
It categorizes the doomsday cataclysms into 4 types:
1) Chemicals–these come form things like pesticides (like DDT), smoking, and CFCs, and result in air pollution, acid rain, ozone depletion, and climate change.
2) Disease–recent fears of pandemics were associated with bird flu, swine flu, SARS, AIDS, ebola, and mad cow disease.
3) People–we can cause our own hell through population explosion and famine and although it didn’t mention this, I would assume the brutality and wars that can wipe entire races out.
4) Resources–Peak oil theory, metals and minerals, and other resource constraints have been causes of consternation leading us to look for alternative energy sources and even recently consider mining minerals on asteroids.
The article goes so far as to poke fun at those who are concerned about these things even stating that “The one thing we’ll never run out of is imbeciles.”
Wired does acknowledge that while “over the past half-century, none of our threatened eco-pocalypses have played out as predicted. Some came partly true; some were averted by action; [and still] some were wholly chimerical.”
What the author, Matt Ridley, has missed here in his logic are a few main things:
Smaller things add to big things–While each individual issue may not have reached the catastrophic tipping point been yet, these issues can certainly progress and even more so, in the aggregate, pose dangerous situations that we may be unable to contain. So you can choose to live with blinders on for today, but the consequences of our choices are inescapable and may only be around the next bend.
Recognizing the future–just because things like death and final judgement haven’t happened to us yet, doesn’t mean that they aren’t in store for us in the future. This sort of reminds me of this Jewish joke that no one leaves this world alive.
Destructive powers are multiplying–many destructive forces were traditionally local events, but are now becoming existential threats to whole civilizations. For example, how many people globally can we kill with weaponized pathogens and how many times over now are we able to destroy the world with our thermonuclear stockpile.
Learn from the past–Apocalypses and terrible events have already befallen humankind, whether the bubonic plague in the middle ages, the destruction of the ice age, the flood in biblical times, and even more recently the Holocaust and the World Wars in the 20th century.
Unfortunately, there is no shortage of bad things that can happen to people–individuals or many people–and if we are not conscious of the things we are doing, their potential impacts, and generally act smart and ethical, then bad things can and will most-definitely happen.
Wired ends by saying that things like policy, technology, and innovation can solve the day. However, while these can surely help and we must always try our best to have a positive impact, some things are also out of our control–they are in G-d hands.
Finally, while not every event is an existential threat, some surely can be–and whether it’s the impact of an asteroid, the death toll from the next horrible plague, natural disaster, cyberwar, or weapon of mass destruction, or even possibly when aliens finally come knocking at your door, it would be awfully stupid to think that bad things can’t happen.
(Source Photo: here with attribution to tanakawho)

Security Advisory For Architecture Drawings

Blueprint

Dark Reading (21 June 2012) came out with security news of a AutoCAD Worm called ACAD/Medre.A that targets design documents.

I also found warnings about this vulnerability at PC magazine (24 June 2012).

This malware was discovered by computer security firm ESET.

This is a serious exploitation in the industry leader for computer-aided design and drafting that is used to create most of our architectural blueprints.

Approximately 10,000 machines are said to have been affected in Peru and vicinity, with documents being siphoned off to email accounts in China.

With information on our architectural structure and designs for skyscrapers, government building, military installations, bridges, power plants, dams, communication hubs, transportation facilities, and more, our critical infrastructure would be seriously jeopardized.

This can even be used to steal intellectual property such as designs for innovations or even products pending patents.

This new malware is another example of how cyber espionage is a scary new reality that can leave us completely exposed from the inside out.

Need any more reason to “air gap” sensitive information and systems?

(Source Photo: here with attribution to Wade Rockett)

Securing Transport To The Cloud

A new article by Andy Blumenthal on cyber security and cloud computing in Public CIO Magazine (June 2012) called Securing Cloud Data Means Recognizing Vulnerabilities.It’s the principle of inertia: An object in motion stays in motion unless disturbed. Just like a car on a highway, everything zips along just fine until there’s a crash. This is similar with information on the superhighway.”Let’s all do our part to secure cyberspace.Hope you enjoy!

(Source Photo: here with attribution to Kenny Holston 21)

Raising The Bar On Cybersecurity

Good video by the The Washington Post (2 June 2012) on the importance and challenges of cybersecurity.

There are 12 billion devices on the Internet today and this is projected to soar to 50 billion in the next decade.

Cybersecurity is paramount to protecting the vast amounts of critical infrastructure connected to the Internet.

There is a lot riding over the Internet–power, transportation, finance, commerce, defense, and more–and the vulnerabilities inherent in this is huge!

Some notable quotes from the video:

– “Spying, intrusions, and attacks on government and corporate networks occur every hour of every day.”

– “Some sort of cyberwar is generally considered an inevitability.”

– “Cyberwar although a scary terms–I think it is as scary as it sounds.”

– “Right now the bar is so low, it doesn’t take a government, it doesn’t take organized crime to exploit this stuff–that’s what’s dangerous!”

We all have to do our part to raise the bar on cybersecurity–and let’s do it–now, now, now.

(Source Photo: here with attribution to University of Maryland Press Releases)