ASSIGMENT
Answer the following 3 questions correctly with a minimum of 300 words in each case. You need to
watch the video, read the attachment and further for more resources.
Case:
The Looming Threat of Cyberwarfare.
Each answer need to be involve depth and critical thinking
QUESTIONS:
8-13 is cyberwarfare a serious problem? Why or why not?
8-14 Assess the management, organization, and technology factors responsible for this
problem.
8-15 What solutions are available for this problem? Do you think they will be effective? Why
or why not.
VIDEO:
Zero Days' Documentary Exposes A Looming Threat Of The Digital Age
https://www.npr.org/2016/07/18/486464177/zero-days-documentary-exposes-a-looming-threat-ofthe-digital-age?ft=nprml&f=
Chapter 8 Securing Information Systems 341.
The Looming Threat of Cyberwarfare
CASE STUDY
"Now our enemies are also seeking the ability to sabotage our
power grid, our financial institutions, and our air traffic control
systems. We cannot look back years from now and wonder why
we did nothing in the face of real threats to our security and our
economy."
W
"ith these words in his 2013 State of the
Union address, Barack Obama officially
became the first U.S. cyberwarfare
president Obama was about to sign the
Improving Critical Infrastructure Cybersecurity exec-
utive order, which allows companies associated with
the supervision of electrical grids, dams, and financial
institutions to voluntarily join a program to receive
classified and other cyber security threat informa-
tion previously available only to government contrac-
tors. The main drawback is that legislation can only
enforce minimum security requirements for private
sector companies, which operate most U.S. critical
infrastructure. Unfortunately, Congress, in 2012, had
failed to pass two cyber security bills that were much
stronger, bowing to pressures from business worried
about stepped-up security costs and concerns raised
by privacy advocates,
Cyberwarfare is more complex than conven-
tional warfare. Although many potential targets are
military, a country's power grids, financial systems,
and communications networks can also be crippled.
Non-state actors such as terrorists or criminal groups
can mount attacks, and it is often difficult to tell
who is responsible. Nations must constantly be on
the alert for new malware and other technologies
that could be used against them, and some of these
technologies developed by skilled hacker groups are
openly for sale to interested governments.
The scale and speed of cyber attacks has
escalated in the United States and other parts of the
world. From September 2012 through March 2013,
at least twelve U.S. financial institutions ---Bank
of America, Citigroup, Wells Fargo, U.S. Bancorp,
PNC, Capital One, Fifth Third Bank, BB&T, HSBC,
J.P. Morgan Chase, and American Express-were
targeted in attacks that slowed their servers to a
Crawl and then shut them down. The severity of the
attacks dwarfed previous distributed denial of ser-
vice (DDoS) attacks. The data centers of these orga-
nizations had been infected with a long-available
malware agent named Itsoknoproblembro, which
creates botnets of slave servers, dubbed bRobots
because they are so difficult to trace back to a
command and control (C&C) server. The Robots
inundated the bank Web sites with encrypted data.
A flood of encryption requests immensely intensi-
fies attack effectiveness, enabling the attackers to
take down a site with fewer requests.
The goal of the attacks was to inflict an unprec-
edented level of strain on as many financial institu-
tions as possible. No account information was stolen
and no financial gain sought, leading experts to think
it was a state-sponsored attack. The hacker group
Izzad-Din al-Qassam Cyber Fighters claimed respon-
sibility, stating that it was retaliating for an anti-
Islam video. U.S government officials believe the
perpetrator is actually Iran, retaliating for economic
sanctions imposed to halt its nuclear program and
for what it believes were U.S. cyber attacks.
In August 2012, the Shamoon virus infected 30,000
machines at Saudi Arabian oil company, Aramco. It
destroyed workstations by overwriting the master
boot record (MBR), which stores key information
about a hard disk drive to help a computer system
start up. Shamoon also deleted data on servers, and
overwrote certain files with an image of a burning
American flag. U.S. officials attributed the attack to
Iran
Less than two weeks later, Qatari natural gas
company, Rasgas, was forced to shut down its
Web site and e-mail systems in an attack initially
also attributed to Shamoon. An investigative team
concluded it was likely a copycat attack trying to
look like the same perpetrator. U.S. government
officials blamed Iranian hackers. Israeli officials
attributed both attacks to Iran's Cyber Corps, formed
after Stuxnet.
Believed to have been developed by a secret joint
United States-Israel operation, the Stuxnet worm was
discovered in June 2010. It was designed to disable
the software that controls Seimen centrifuges to
342 Part Two Information Technology Infrastructure
enrich uranium, and it reportedly delayed Iran's
ability to make nuclear arms by as much as five
years. Iran has also been the target of other malware,
The Duqu worm, discovered in September 2011,
steals digital certificates used for authentication to
help future viruses appear as secure software. In
April 2012, other espionage malware closely related
to Stuxnet and Duqu called Flame was discovered
when hard drives at the Iranian Oil Ministry and
National Iranian Oil Company were wiped clean.
Four months later, investigators found that the data
deletion agent they had been looking for when they
discovered Flame was a separate malware agent they
named Wiper Investigators believe that Wiper's first
objective is to eradicate the malware created by this
group
Cyber offensives come with a considerable
downside. Previously released malware is recov-
erable and can be adapted and reused by both
nation-state foes and unaffiliated cyber criminals.
Stuxnet code has been adapted for use in financial
cybercrime. Another drawback is uncontrollability.
About 60 percent of known Stuxnet infections were
in Iran, but 18 percent were in Indonesia, 8 percent
in India, and the remaining 15 percent scattered
around the world. In November 2012, Chevron
admitted that its network had been infected with
Stuxnet shortly after it spread beyond Iran.
TO U.S. officials, these recent Iranian attacks
signaled a shift in Iranian policy from cyber defense
to cyber offense. After investing approximately $1
billion in its Cyber Corps in 2012 (still just a third of
workings of America's power grid, possibly laying
groundwork for acts of sabotage. Cyberattacks from
China and other nations have persisted because the
U.S has difficulty defending its information systems,
cyberspace is not yet subject to international
norms, and years of intrusions have provoked little
American response.
Investigators believe that in September 2012
one of the elite hacking groups from China's
People's Liberation Army (P.L.A.) attacked Telvent
a company that monitors utility companies, water
treatment plants, and over half the oil and gas
pipelines in North America. Six months later, Telvent
and government investigators still didn't know if
the motive was espionage or sabotage. U.S. intelli-
gence experts believe that China's U.S. investments,
particularly new, substantial investments in oil and
gas, deter China from infrastructure attacks. China's
economy could not escape the negative conse-
quences from a significant shutdown of U.S. trans-
portation systems or financial markets. Iran, with no
U.S. investments, is a much greater threat. Moreover,
diplomatic channels are open with China.
Less than a week after Obama's State of the Union
address, security firm Mandiant released details on
a group it dubbed "APTI." Mandiant traced APTI to
a building in Shanghai that documents from China
Telecom indicate was built at the same time as the
General Staff Department's 3rd Department, 2nd
Bureau-the military hacking unit, P.L.A. Unit 61398
Outfitted with a high-tech fiber optic infrastructure,
this 12-story white office tower was said to be the
origin of a six year offensive that infiltrated 141
companies across 20 industries,
The Obama administration's mounting concern
with the economic and national security risks posed
by cyber-intrusions has repeatedly been expressed
to top Chinese officials. In May 2013, the Pentagon's
annual report to Congress for the first time directly
accused the Chinese government and P.L.A. of
attacking U.S. government and defense contrac-
tor networks. In May 2014, the U.S. charged five
Chinese military officials with hacking into six U.S.
steel, solar and nuclear companies and a labor orga-
nization for trade secrets and other information.
'Two months earlier, however, North Korea,
another budding cyberwarfare adversary, was
accused of launching its most damaging attack to
date. Despite obstacles limiting its ability to develop
expertise, including sanctions, which restrict its
access to technology, and a limited talent pool due
to meager Internet penetration and restrictive access
policies, North Korea is believed to have perpetrated
United States expenditures), Iran may have arrived
as a first-tier cyber power.
China has been a first-tier cyber power for years.
U.S. targets of suspected Chinese cyber attacks
include federal departments (Homeland Security,
State, Energy, Commerce); senior officials (Hillary
Clinton, Adm. Mike Mullen); nuclear-weapons
labs (Los Alamos, Oak Ridge); defense contrac-
tors (Northrup Grumman, Lockheed Martin); news
organizations (the Wall Street Journal, the New
York Times, Bloomberg), technology firms (Google,
Adobe, Yahoo), multinationals (Coca-Cola, Dow
Chemical), and just about every other node of
American commerce, infrastructure or authority.
Hackers have obtained sensitive information such as
negotiation strategies of major corporations; designs
of more than two dozen major U.S. weapons systems,
including the advanced Patriot missile system, the
Navy's Aegis ballistic missile defense systems, the
F/A-18 fighter jet, the V-22 Osprey, the Black Hawk
helicopter and the F-35 Joint Strike Fighter; and the
Chapter 8 Securing Information Systems 343
attacks on both South Korean and American
commercial, educational, governmental, and military
institutions. In March 2013, 32,000 computers at
three major South Korean banks and the two largest
television broadcasters were affected. Internet
banking sites were temporarily blocked, computer
screens went blank, ATM machines failed, and
commerce was disrupted.
The attackers used the Chinese-written Gondad
exploit kit to infect PCs with a Trojan horse that
provides an entryway for an attacker to take control
of the machine, creating a bot or zombie computer.
Once the digital backdoor is created, the control-
jer can deposit a malware payload, in this case, a
wiper agent named Dark Seoul. Like Shamoon, Dark
Seoul overwrites the master boot record (MBR).
There is no conclusive evidence implicating North
Korea, but tensions had been escalating between
the two countries. The Kim Jong-un administra-
tion had expressed fury in the days leading up to
the attack over ongoing, routine joint Korea/United
States military training exercises, exacerbated by
South Korea's participation in U.S.-spearheaded
United Nations sanctions against North Korea for its
nuclear test the month before. Seoul contends that
Pyongyang has committed six previous cyber attacks
since 2009. Security experts at South Korea's newly
formed cyber security command center believe
that North Korea has been assembling and training
a cyberwarrior team of thousands, and the United
States agrees. For North Korea, the threat of cyber
retaliation is negligible. Internet access is only now
extending beyond a privileged few, businesses are
just beginning to adopt online banking, and worth-
while targets are virtually nonexistent.
The Obama administration has begun helping
Asian and Middle Eastern allies build up their
computer network defenses against Iran and North
Korea, including supplying advanced hardware
and software and training programs. Future joint
war games would include simulated cyber attacks.
But deterring cyber attacks is a far more complex
Iran is diplomatically isolated, China depends on it
to meet its energy needs, China walks a tightrope
between exploiting the sanctioned Iranian economy
and following the U.N. sanctions for which it voted.
It just may be that the road to agreements with
both Pyongyang and Tehran runs through Beijing,
Meanwhile, the military command responsible for
most U.S. cyber war efforts, U.S. Cyber Command
(CYBERCOM), is slated for a 500 percent manpower
increase between 2014 and 2016 and all of the major
combat commands in the United States military
will share dedicated forces to conduct cyberattacks
alongside their air, naval and ground capabilities.
Sources: Devlin Barrett and Siobhan Gorman, U.S. Charges Five
in Chinese Army With Hacking." Wall Street Journal, May 19,
2014: John Torrisi, "Cyberwarfare Protecting 'Soft Underbelly' of
USA, CNBC.com, May 15, 2014, Matthew L, Wald, "Report Calls
for Better Backsteps to Protect Power Grid From Cyberattacks."
New York Times, March 2, 2014, David E. Sanger, "N.S.A
Nominee Promotes Cyberwar Units, New York Times, March 11,
2014; Julian Barnes, Siobhan Gorman, and Jeremy Page, U.S.
China Ties Tested in Cyberspace," Wall Street Journal, February
19, 2013, Thom Shanker and David E Sanger, U.S. Helps Allies
Trying to Battle Iranian Hackers," New York Times, June 8, 2013,
Mark Clayton, New Clue in South Korea cyberattack reveals
link to Chinese criminals - Christian Science Monitor, March 21,
2013; Siobhan Gorman and Siobhan Hughes, U.S. Steps Up Alarm
Over Cyberattacks," Wall Street Journal, March 12, 2013, Siobhan
Gorman and Julian E Barnes, "Iran Blamed for Cyberattacks: U.S.
Officials Say Iranian Hackers Behind Electronic Assaults on US,
Banks, Foreign Energy Firms, Wall Street Journal, October 12,
2012; Choe Sang-Hun "Computer Networks in South Korea Are
Paralyzed in Cyberattacks," New York Times, March 20, 2013;
Rachael King, "Stuxnet Infected Chevron's IT Network," Wall
Street Journal, November 8, 2012; Mark Landler and David E.
Sanger, *U.S. Demands China Block Cyberattacks and Agree to
Rules, New York Times, March 11, 2013, Nicole Perlroth, David
E. Sanger and Michael S. Schmidt, "As Hacking Against US Rises,
Experts Try to Pin Down Motive," New York Times, March 3,
2013; Nicole Perlroth and Quentin Hardy, "Bank Hacking Was the
Work of Iranians, Officials Say," New York Times, January 8, 2013;
Nicole Perlroth and David E. Sanger, "Cyberattacks Seem Meant
to Destroy. Not Just Disrupt," New York Times, March 28, 2013;
David E. Sanger, David Barboza and Nicole Perlroth, "Chinese
Army Unit Is Seen as Tied to Hacking Against U.S.,"
New York Times, February 18, 2013; and David E. Sanger and
Nicole Perlroth, "Cyberattacks Against U.S. Corporations Are on
the Rise," New York Times, May 12, 2013.
problem than conventional warfare, and U.S. officials
concede that this effort is an experiment.
While increased diplomatic pressure and the
intertwined nature of the worlds' two largest
economies may yield a practicable agreement
between China and the United States, how to deal
with the so-called "irrational actors," Iran and North
Korea, is thornier. Since China is North Korea's
biggest trading partner and most important ally,
hammering out an agreement with China may be
the first step towards managing North Korea. While
CASE STUDY QUESTIONS
8-13 Is cyberwarfare a serious problem? Why or
why not?
8-14 Assess the management, organization, and
technology factors responsible for this
problem
8-15 What solutions are available for this problem?
Do you think they will be effective? Why or
why not?
Purchase answer to see full
attachment