Cyberwar, You’re On

Cyber_warfare

There was significant news this week about the U.S. and Israel making major inroads with cyberwar capabilities.

First, the New York Times today (1 June 2011) writes about alleged Bush and Obama administrations’ “increasingly sophisticated [cyber] attacks on the computer systems that run Iran’s main nuclear enrichment facilities”–sabotaging as many as a 1000 centrifuges, delaying their deadly program by as much as 2 years, as well as conducting cyber espionage to strengthen our negotiating hand.

The cyber offensive program code-named Olympic Games allegedly involved cyber weapons codeveloped by the United States’ National Security Agency and Israel’s advanced cyber corps, Unit 8200.

The malware included such programs such as Stuxnet, Duqu, and The Flame and according to Bloomberg BusinessWeek (30 May 2012) may date as far back to 2007.

These cyber attacks have been viewed as the best hope of slowing the Iranian’s sinister nuclear program while economic sanctions have a chance to bite.

Additionally cyber attacks were viewed preferentially over using traditional kinetic military options and potentially causing a regional war in the Middle-east.

At the same time, the use of cyber weapons is a double-edged sword–if we use it on others, this may encourage cyber proliferation and it’s eventual use on us–and as the NYT writes, “no country’s infrastructure is more dependent on computer systems and thus, more vulnerable to attack than the United States.”

Therefore, it was good to see in The Washington Post yesterday (30 May 2012) that the Pentagon’s Defense Advanced Research Projects Agency (DARPA) is pursuing Plan X–“ambitious efforts to develop technologies to improve its cyberwarfare capabilities, launch effective attacks, and withstand likely retaliation.”

“If they achieve it, they’re talking about being able to dominate the digital battlefield just like they do the traditional battlefield.”
The “five-year $110 million research program” is seeking to accomplish three major goals in arming U.S. Cyber Command at Fort Meade for cyber war:

1) Mapping Cyberspace–create realtime mapping of the entire cyberspace and all its devices for commanders to use in identifying targets and disabling them and seeing enemy attacks.

2) Building A Survivable O/S–Just like DARPA invented the Internet as a survivable messaging and communication system, so too, they want to develop a battle-ready operating system for our computers (like a tank) “capable of launching attacks and surviving counterattacks.”

3) Develop (Semi-)Autonomous Cyber Weapons–so cyber commanders can engage in “speed-of-light attacks and counterattacks using preplanned scenarios that do not involve human operators manually typing in code.”

Just to be clear, with cyber warfare, we are not just talking about computers taking out other computers–and end there, but rather this is where computers take out computers that are controlling critical infrastructure such as the power grid, transportation systems, financial systems, supply chain, command, control, and communications, weapons systems, and more.

Cyberwar could be more humane than pulverizing [targets]…with bombs,” but I doubt it will be.

Imagine, virtually everything you know coming to a complete halt–utter disruption and pandemonium–as well as the physical effects of that which would ensue–that’s what cyber war is all about–and it is already on the way.

So as, Richard M. George, a former NSA cyberdefense official stated: “Other countries are preparing for a cyberwar. If we’re not pushing the envelope in cyber, somebody else will.”

It is good to see us getting out in front of this cyber security monster–let’s hope, pray, and do everything we can to stay on top as the cyberspace superpower.

(Source Photo: Andy Blumenthal taken of mural at National Defense University, Washington D.C.)

A Cyber Security House Of Cards

House_of_cards

Yesterday there were reports of a new “massive cyber attack” called the Flame.

A U.N. Spokespersoncalled it “the most powerful [cyber] espionage tool ever.”

The Flame ups the cyber warfare ante and is “one of the most complex threats ever discovered”–20 times larger than Stuxnet–and essentially an “industrial vacuum cleaner for sensitive information.”

Unlike prior cyber attacks that targeted computers to delete data (“Wiper”), steal data (“Duqu”), or to disrupt infrastructure (“Stuxnet”), this malware collects sensitive information.

The malware can record audio, take screenshots of items of interest, log keyboard strokes, sniff the network, and even add-on additional malware modules as needed.

Kaspersky Labs discovered the Flame visus, and there have been greater than 600 targets infected in more than 7 countries over the last 2 years with the greatest concentration in Iran.

This is reminiscent of the Operation Shady Ratthat was a 5-year cyber espionage attack discovered by McAfee in 2011–involving malware that affected more than 72 institutions in 14 countries.

Separately, an attack on the U.S. Federal government’s retirement investments–the Thrift Saving Plan–impacted the privacy and account information of 123,000 participants and “unathroized access”–and was reported just last week after being discovered as far back as July 2011.

Regardless of where the particular cyber attacks are initiating from, given the scale and potential impact of these, it is time to take cyber security seriously and adopt a more proactive rather than a reactive mode to it.

One can only wonder how many other cyber attacks are occuring that we don’t yet know about, and perhaps never will.

We can’t afford to fumble the countermeasures to the extraordinary risk we face in the playing fields of cyber warfare.

We have to significantly strengthen our cyber defenses (and offenses) — or else risk this “cyber house of cards” come crashing down.

It’s time for a massive infusion of funds, talent, tools, and leadership to turn this around and secure our nation’s cyber infrastructure.

(Source Photo: herewith attribution to Dave Rogers)

Cyberwar–Threat Level Severe

!This video is of an incredible opening statement by Rep. Michael McCaul (R-TX), Subcommittee Chairman on Oversight, Investigations, and Management on the topic–Cybersecurity Threats to the United States.Some of the highlights from his statement:- America’s computers are under attack and every American is at risk.

– The attacks are real, stealthy, persistent, and can devastate our nation.

– Cyber attacks occur at the speed of light, are global, can come from anywhere, and can penetrate our traditional defenses.

– In the event of a major cyber attack, what could we expect? Department off Defense networks collapsing, oil refinery fires, lethal clouds of gas from chemical plants, the financial systems collapsing with no idea of who owns what, pipeliness of natural gas exploding, trains and subways derailed, a nationwide blackout. This is not science fiction scenarios. (Adapted from Richard Clark, former Senior Advisor of Cyber Security)

– It is not a matter of if, but whena Cyber Pearl Harbor will occur.  We have been fortunate [so far]. (Adapted from General Keith Alexander, Director of the NSA).

I believe we must address these threats and our vulnerabilities in at least five main ways:

1) Increase research and developmentfor new tools and techniques–both defensive and offensive–for fighting cyberwar.

2) Establish a regulatory frameworkwith meaningful incentives and disincentives to significantly tighten cybersecurity across our critical infrastructure.

3) Create a cybersecurity corpsof highly trained and experienced personnel with expertise in both the strategic and operational aspects of cybersecurity.

4) Prepare nationwide contingency plansfor the fallout of a cyberwar, if and when it should occur.

5) Create a clear policyfor preventing cyberattacks by taking preemptive action when their is a known threat as well as for responding with devastating force when attacks do occur.

With cyberwar, just as in conventional war, there is no way to guarantee we will not be attacked, but we must prepare with the same commitment and zeal–because the consequences can be just, if not more, deadly.

Taking Down The Internet–Not A Pipe Dream Anymore

Internet

We have been taught that the Internet, developed by the Department of Defense Advanced Research Projects Agency (DARPA), was designed to survive as a communications mechanism even in nuclear war–that was its purpose.

 

Last year, I learned about studies at the University of Minnesota that demonstrated how an attack with just 250,000 botnets could shut down the Internet in only20 minutes.

 

Again last month, New Scientist (11 February 2012) reported: “a new cyberweapon could take down the entireInternet–and there is not much that current defences can do to stop it.”

 

Imagine what your life would be like without Internet connectivity for a day, a week, or how about months to reconstitute!

 

This attack is called ZMW (after its three creators Zhang, Mao, and Wang) and involves disrupting routers by breaking and reforming links, which would cause them to send out border gateway protocol (BGP) updates to reroute Internet traffic.  After 20 minutes, the extreme load brings the routing capabilities of the Internet down–” the Internet would be so full of holes that communication would become impossible.”

 

Moreover, an attacking nation could preserve their internal network, by proverbially pulling up their “digital drawbridge” and disconnecting from the Internet, so while everyone else is taken down, they as a nation continue unharmed.

 

While The Cybersecurity Act of 2012, which encourages companies and government to share information (i.e. cybersecurity exchanges) and requires that critical infrastructure meet standards set by The Department of Homeland Security and industry are steps in the right direction, I would like to see the new bills go even further with a significant infusion of new resources to securing the Internet.

 

An article in Bloomberg Businessweek (12-18 March 2012) states that organizations “would need to increase their cybersecurity almost ninetimes over…to achieve security that could repel [even] 95% of attacks.”

 

Aside from pure money to invest in new cybersecurity tools and infrastructure, we need to invest in a new cyberwarrior with competitions, scholarships, and schools dedicated to advancing our people capabilities to be the best in the world to fight the cyber fight. We have special schools with highly selective and competitive requirements to become special forces like the Navy SEALS or to work on Wall Street trading securities and doing IPOs–we need the equivalent or better–for the cyberwarrior.

 

Time is of the essence to get these cyber capabilities to where they should be, must be–and we need to act now.

 

(Source Photo of partial Internet in 2005: here, with attribution to Dodek)

 

Cyber War – The Art of The Doable

CBS 60 Minutes had a great episode this past June called Cyber War: Sabotaging The System.

The host Steve Kroft lays the groundwork when he describes information or cyber warfare as computers and the Internet that is used as weapons and says that “the next big war is less likely to begin with a bang than with a blackout.”

This news segment was hosted with amazing folks like Retired Admiral Mike McConnell (former Director of National Intelligence), Special Agent Sean Henry (Assistant Director of the FBI’s Cyber Division), Jim Gosler (Founding Director of CIA’s Clandestine Information Technology Office), and Jim Lewis (Director, Center for Strategic and International Studies).

For those who think that cyber war is a virtual fantasy and that we are safe in cyberspace, it’s high time that we think again.

Here are some highlights:

– When Retired Admiral McConnel is asked “Do you believe our adversaries have the capability of bringing down a power grid?”  McConnell responds “I do.” And when asked if the U.S. is prepared for such an attack, McConnell responds, “No.”

– Jim Gosler describes how microchips made abroad are susceptible to tampering and could “alter the functionality” of let’s say a nuclear weapon that needed to go operational, as well as how they “found microelectronics and electronics embedded in applications that shouldn’t be there.”

– Special Agent Henry talks about how thieves were able to steal more than a $100 million from banks in less than half a year, not by holdups but through hacking.

– Jim Lewis tells of the “electronic Pearl Harbor” that happened to us back in 2007, when terabytes of information were downloaded/stolen from our major government agencies–“so we probably lost the equivalent of a Library of Congress worth of government information” that year and “we don’t know who it is” who broke in.

The point is that our computers and communications and all the critical infrastructure that they support–including our defense, energy, water, transportation, banking, and more are all vulnerable to potentially lengthy disruption.

What seems most difficult for people to grasp is that the bits of bytes of cyberspace are not just ephemeral things, but that thy have real impact to our physical universe.

Jim Lewis says that “it doesn’t seem to be sinking in. And some of us call it ‘the death of a thousand cuts.’ Every day a little bit more of our intellectual property, our innovative skills, our military technology is stolen by somebody. And it’s like little drops.  Eventually we’ll drown. But every day we don’t notice.”

Our computer systems are vulnerable and they control virtually all facets of lives, and if the enemy strikes at our cyber heart, it is going to hurt more than most of us realize.

We are taking steps with cyber security, but we need to quickly shift from a reactive stance (watching and warning) to a proactive posture (of prevention and protection) and make cyber warfare a true national priority.

Decloaking The Adversary

Romulan_warbird_decloaking

Yes, we lost a drone in Iran and they won’t give it back–that stinks!

Initially, the word coming out was it was a mishap, an accident, but the Iranians claimed otherwise–that they brought it down.

Who believed that they could actually do that?

Then there was word that the craft being displayed by the Iranians was a fake, a mock-up, only to reversed with a confirmation, as reported in Christian Science Monitor, that the drone “is almostly certainly the one lost by U.S. forces.”

Well now, InformationWeek is reporting (16 December 2011) that Iran really did bring down the stealth drone as well as how they claim to have done it.

First they jammed the communications of the RQ-170 Sentinel, so that with its command, control, and communications (C3) no longer intact, it was forced to go into autopilot and rely on GPS signals to find its way.

Then, the Iranians spoofed the GPS signal making the Sentinel think it was landing at a U.S. base rather than right into hostile territory.

If this is true, then not only is all the captured sensitive technology aboard the craft (such as radar, fuselage, coating, and electronics) in jeopardy of being comprised by reverse engineering, but also as the article states, the Iranians may have demonstrated the means to be able to literally “divert any GPS-guided missiles launched at targets inside its borders.”

Quite a scary thought when according to Reuters reports, Iran is less than a year from going nuclear!

So what is the truth and what is misinformation (PsyOps) to confuse or outwit the enemy and how much does any of that really matter if the Iranians have possession of our advanced technology along with the time and the nefarious partners to study it and use it against us?

Or perhaps, this is a great ruse by us and we intended for the Iranians to get the drone–tick, tick, tick… 😉

We live in a new sophisticated world of electronic and cyber warfare and that combined with nukes makes for some truly dangerous scenarios.

Finally, we should never underestimate the capabilities or intent of our adversaries–surprise may be the the most potent enemy of them all.

(Source Photo: here)

Be Careful What You Point That At

Qr_code

By now many of you may or may not have pointed your smartphones at a QR (“Quick Response”) code to get more information on products, places, events, and so forth.

 

A QR code is a barcode that that generally contains alphanumeric information and takes you to a website when you read the QR code with your smartphone (i.e. by taking a picture of it with a QR reader app).

 

QR codes remind me of the barcodes in the store at the checkout line, but QR codes look more like a squared-off roschach test compared to the barcodes on items you purchase which are rectangular straight lines from top to bottom.

 

By reading the QR code, you don’t have to remember or type any information into your smartphone–your just zipped right off to wherever the QR points you (usually after you confirm on the screen that you are okay with going to the URL).

 

But QR codes like with any information technology, can be used for good or evil — for some reason though people seemed to have been unsuspecting of the sort of innocuous looking QRs.

 

Kaspersky Lab has issued a warning on QR codes after finding consumers in Russia scammed when they thought they were downloading an Android app and where instead infected with malware that caused them to send SMS messages to a premium number that charged for each message sent.

 

So while QR codes can take a reader to a harmless website for information, like other computer code, they can contain instructions that cause you to send email, SMS messages, download applications, etc. 

 

So unless you know what you are QR reading (i.e. you have a high-degree of confidence in whoever placed the advertisement with the QR code)–think twice before scanning that barcode, because you may get a surprise package in your smartphone that you weren’t expecting causing infection of your device, loss of privacy to the information stored on it, or costing you money for things you never wanted or intended to spend on.

 

Scanning a QR code while as simple taking a picture of a sunset–may not have as beautiful consequences.

 

(Source Photo: here)