Week 8
Future of Cyber Warfare,
Course Reflection,
and
Review
Future of Cyber Warfare
-
Ethics: (1)
What is the “use of force” in reference to cyber warfare?
-
Use of Force in cyber warfare can include disruption to a nation’s SCADA
system to any of the elements of a critical infrastructure
o Conventional warfare the use of force is obvious – troops, fighter jets,
bombs, etc.
o If cyber warfare is used to crash a plane or shoot down a missile, it is
considered “use of force”. Simply if it has the same kinetic attack as
conventional warfare, it is considered equivalent use of force.
o
o
o
o
Our intent, secrecy of the mission, attribution, and military ethics must all
equal those of conventional warfare:
Intent: What is our intent? Without proper planning, our intent can be
misleading and the expected responses can be opposite of what we wanted.
Secrecy: We need to make sure our plans are not released to the public
(for obvious reasons).
Attribution: Obscuring the source of the attack, such as taking steps to
cause the attack to be attributed to another country, is considered “bad
form” and should not be conducted.
Military Ethics: Nation states generally follow certain sets of rules in order
to prevent horrific weapons from being used, civilians from being attacked,
hospitals from being bombed, ect. In cyber warfare these rules should be
followed; however, individual or small group attacks may lead to actions
considered an act of war. Nation states should follow these rules as they do
with conventional warfare.
Future of Cyber War: (1)
-
In today’s digital age, the intent of our adversaries is not clear. How do we
determine intent of a single actor who is out stealing secrets? The worst
case scenario is that we consider a cyber attack as an act of war. Results:
o We can impose more restrictions
o We can take action that causes us damage
o We can increase our operations and espionage to the point our national
power is impacted
-
The answer is a Cyber Response Framework.
Future of new technologies: (1)
Any technological growth has headaches.
o As we move into the IPv6 world, security issues will be evident
- No more NAT
- Current security tools aren’t compatible
- Administrators need to be educated
- Limited number of vendors who support it
o IPv6 has benefits
- Address space becomes much larger
- Internet Protocol Security Encapsulating Security Payload (IPsec) is designedin
- IPsec Authentication Header is embed
- VPNs will exist without tunnels
- Enhance routing security
-
-
As we move into the future we need to move from buying off-the-shelf
technology that is built around the world. Our concern is how the future
cyber domain and our national security/interests play a role in any kind of
conflict if we are exporting everything about it. (1)
International Interactions: (1)
International agreements and treaties need to be developed to establish
clear lines of responsibility and respect for privacy. As we develop an
organizational structure to manage cyber security across various law
enforcement, military, and federal agencies, roles need to be clear to avoid
overlap, confusion, and miscommunication. (1)
As more and more nations become dependent on networks, a new version
of an arms race is in progress: the cyber arms race. Of concern is an
escalating cyber war transitioning into conventional war. International rules
and processes need to be developed and put in place to ensure appropriate
reactions.
Review
CyberSpace is “a domain characterized by the use of electronics and the
electromagnetic spectrum to store, modify, and exchange data via
networked system and associated physical infrastructures.”
-
A network is used to exchange data between two or more computers.
The simplest form of a network is a peer-to-peer network, which is
simply two computers connected together.
A LAN is a small network of computers, most likely those found in an
office or home.
A WAN permits sharing of resources across a wide geographic area. The
Internet is a WAN.
Cyber Warfare is any offensive or defensive action taken to penetrate other
nations or adversary’s information, information-based process, information
systems, and computer-based networks.
A threat can be anyone from a states and non-states and from amateurs to
highly trained professional hackers.
-
A hacker is anyone who attempts unauthorized access to a computer or
network. They can be termed:
White Hat – used to describe professionals hired to identify security flaws
via network penetration.
Black Hat – hackers that attempt unauthorized access, generally with
malicious intent.
-
Hackers are employed by:
Governments
Hactivists – those that use cyber attacks to convey a political or social
message
Criminals
Terrorists
-
Potential Targets of hackers include, but are not limited to:
Energy resources:
refineries and pipelines
Utility resources:
the power grid
Telecommunications:
cellular telephone networks
Transportation resources: air traffic control
Disaster Response:
emergency operations
Finance resources:
financial markets and transactions
Research and Development: corporate networks
Defense resources:
DoD networks
Government networks
-
SCADA communications flow over into:
Radio frequency links
Private networks
Leased lines
Internet connections
-
Tech Topics:
A personal computer consists of:
o ROM (read only memory) - contains essential configuration data
o RAM (random access memory) – temporary storage of information/data
o
CPU (central processing unit) – the brain of the computer; executes
instructions
o Hard drive provides nonvolatile storage
o Operating system – controls the flow of a computer system/software
o NIC (network interface card) – contains a 48 bit address known as a MAC
(media access control) address, also known as the physical address or
hardware address
- Bits & Bytes: information is stored in binary form (1s & 0s)
o 8 bits equals 1 byte
o Computer words are multiple bytes long (32 or 64 bits)
-
Networks use IP addresses: IPv4 uses 32 binary bits in four “octets” to
form the address. Networks use IP addresses to identify hosts, both local
and distant. The next generation is IPv6, which uses 128 bit addresses.
-
Ports are a number used to identify an individual computer
conversation. Ports allow your computer, which has a single IP address, to
open multiple web pages or to check email.
o Ports that are left open and unsecured represent a security threat.
-
Routers direct traffic from one network to another based upon the road
maps stored in their routing tables. They communicate with each other using
“routing protocols”. A cyber attack on a routing could alter or erase those
tables, disconnecting networks, or clog networks.
-
Servers are repositories for shared information. This information may
contain access to password protected e-mails or other sensitive information.
-
DNS (domain name system) is a distributed data base which links
numerical IP addresses with a name.
-
Packet Communications is used by the Internet, known as TCP/IP
(transmission control protocol/Internet protocol). Packet communications
allows automatic message routing over the most reliable and least congested
paths. One packet message may follow one route and the next a different
route, depending on network conditions at that time.
-
MALWARE (malicious software): Most cyber weapons are designed to
attack a network’s confidentiality, integrity, or availability. These weapons
take the form of:
Botnets: these are computers that have been infected with malware
allowing them to be remotely controlled over a network. These are known as
zombie computers. They lie dormant until a specified command is given
sending the entire group into mass action as part of the “botnet”.
-
Virus: these require user action, such as an unsuspecting user opening an
infected e-mail.
-
Worms can self-replicate without user action. Worms target hosts and
web servers.
-
Spyware looks for confidential information on the user’s PC and reports it
to the spymaster covertly over the network. Identity theft and financial
account information are prime targets.
-
Trojan: malware hidden in innocent pieces of software. Name comes from
the Trojan Horse.
RAT (remote access tool): many operating systems have remote access
capability. If the computer is not properly secured, remote access can be
used by hackers.
Spoofed E-mail: Spoofed e-mails are a major source of infected
attachments. These are e-mails that appear to come from someone other
than the originator. It is easy to modify the header to make it appear to
come from someone else.
-
Cyber Tactics:
Denial of Service (DoS) attack harnesses hundreds or thousands of PCs
to simultaneously access the victim web server. This is similar to
communications jamming where the huge volume traffic prevents legitimate
users from access the web site.
-
Social Engineering uses various confidence tricks to manipulate people
into revealing confidential information, such as user names, passwords, or
identity theft information.
-
Phishing sends many similar e-mail lures to a wide audience. These
bogus e-mails or web pages to lure the victim into revealing account
information. One common trick is an e-mail that says his/her financial
account may have been compromised and that his user name and password
is needed to confirm their account.
-
Spearphishing is similar to phishing, but they focus in on specific targets
(people, businesses, etc.)
-
SQL Injection targets large databases, such as flight reservations,
intelligence data, etc. SQL commands are entered in the fields of the online
query form. If the database server has not been hardened against attacks, it
may execute those commands.
-
Trojan software conceals a threat inside an innocuous looking object,
such as a free screen saver download or in spearphishing emails. Trojans are
often used to install backdoors for the hacker to enter.
-
Trojan hardware, such as USB drives, are common. Hackers will leave
the infected hardware lying around for someone to find and hope they plug
into their computer, which then will install the Trojan software.
-
Wireless LANs are susceptible to intrusion via:
o
o
o
War driving: driving around in a car looking for unsecured wireless LANs.
Surreptitious entry through a weak password or weak encryption.
Anonymous communications: unsecured wireless LANs can provide a
convenient way for criminals to gain access to the network and carry out
their activities.
-
Public WiFi Hotspots are hotspots for hackers. They can easily gain
access to your information, login/passwords, or other criminal activities
through packet sniffers and “evil twins”, which is an identical login page to
the real one.
-
Network Reconnaissance (Port Scanner) can be used to scan a server
to see which ports are open and obtain information useful for exploitation.
o
Once determining the server’s operating system, searching the Internet can
review vulnerabilities and information on how to exploit them.
-
Physical security can also be compromised through social engineering or
other means giving access to computers and networks.
Cyber Defense
How to secure a nation:
o The Comprehensive National Cybersecurity Initiative
- Manage the Federal Enterprise Network as a single network enterprise
- Deploy an intrusion detection system of sensors across the Federal enterprise
- Connect current cyber operations centers to enhance situational awareness
- Develop and implement a government-wide cyber counterintelligence plan
- Increase the security of our classified networks
- Define the Federal role for extending cybersecurity into critical infrastructure
domains
o US-CERT (United States Computer Emergence Readiness Team)
- Mission to improve the nation’s cybersecurity posture, coordinate cyber
information sharing, and proactively manage cyber risks to the nation while
protecting the rights of Americans
- Located in Washington DC under the Department of Homeland Security
o US Cyber Command
- Responsible for planning, coordinating, integrating, synchronizing, and
directing activities to operate and defend the DoD information networks and
conduct cyberspace activities.
- Sub-unified command subordinate to the US Strategic Command
·
Army Cyber Command
·
24 AF / Air Force Cyber Command
·
Fleet Cyber Command
·
Marine Forces Cyber Command
o
o
o
How to secure a network:
Training: clear policies, initial and recurring training
Firewalls: Hardware, software, packet inspections
IDS / IPS (intrusion detection systems / intrusion prevention systems): take
a big picture of your network and look for abnormal behavior patterns.
o
o
How to secure a PC:
Security software: Antivirus software, firewall software, etc
Use strong passwords: at least six alphanumeric/symbols characters
long. Avoid generic passwords, dictionary words, reverse spellings, common
sequence, and personal info.
o
How to secure communications:
Private key encryption: sender and receiver share a common secret key
which is used for encryption and decryption
o Public key encryption: sender and receiver each have a private key and a
public key. Public keys are openly listed and may be used by anyone to send
a message to the respective key’s owner.
o Hash functions: produces a unique encrypted output in response to a
plaintext input. No two inputs will produce the same output.
o Steganography: hiding a secret message within a larger one, such as
photos.
-
-
Security issues:
Tempest: compromising emanations are unintentional intelligence-bearing
signals, which if intercepted and analyzed can disclose national security
information. These signals can come from monitors, printers, cables, and
other network components.
Malware Tricks
Hiding malware in encrypted files
Hiding malware in compressed files
Malware can morph itself to evade signature based detection
Malware can disguise its communications as routine DNS requests and be
permitted past the firewall.
Bibliography:
Andress, Jason, and Steve Winterfeld. Cyber Warfare: Techniques, Tactics
and Tools for Security
Practitioners. Syngress Publishing, 2011. APUS Online Library
Purchase answer to see full
attachment