Week 8 Future of Cyber Warfare, Course Reflection, and Review Future of Cyber Warfare - Ethics: (1) What is the “use of force” in reference to cyber warfare? - Use of Force in cyber warfare can include disruption to a nation’s SCADA system to any of the elements of a critical infrastructure o Conventional warfare the use of force is obvious – troops, fighter jets, bombs, etc. o If cyber warfare is used to crash a plane or shoot down a missile, it is considered “use of force”. Simply if it has the same kinetic attack as conventional warfare, it is considered equivalent use of force. o o o o Our intent, secrecy of the mission, attribution, and military ethics must all equal those of conventional warfare: Intent: What is our intent? Without proper planning, our intent can be misleading and the expected responses can be opposite of what we wanted. Secrecy: We need to make sure our plans are not released to the public (for obvious reasons). Attribution: Obscuring the source of the attack, such as taking steps to cause the attack to be attributed to another country, is considered “bad form” and should not be conducted. Military Ethics: Nation states generally follow certain sets of rules in order to prevent horrific weapons from being used, civilians from being attacked, hospitals from being bombed, ect. In cyber warfare these rules should be followed; however, individual or small group attacks may lead to actions considered an act of war. Nation states should follow these rules as they do with conventional warfare. Future of Cyber War: (1) - In today’s digital age, the intent of our adversaries is not clear. How do we determine intent of a single actor who is out stealing secrets? The worst case scenario is that we consider a cyber attack as an act of war. Results: o We can impose more restrictions o We can take action that causes us damage o We can increase our operations and espionage to the point our national power is impacted - The answer is a Cyber Response Framework. Future of new technologies: (1) Any technological growth has headaches. o As we move into the IPv6 world, security issues will be evident - No more NAT - Current security tools aren’t compatible - Administrators need to be educated - Limited number of vendors who support it o IPv6 has benefits - Address space becomes much larger - Internet Protocol Security Encapsulating Security Payload (IPsec) is designedin - IPsec Authentication Header is embed - VPNs will exist without tunnels - Enhance routing security - - As we move into the future we need to move from buying off-the-shelf technology that is built around the world. Our concern is how the future cyber domain and our national security/interests play a role in any kind of conflict if we are exporting everything about it. (1) International Interactions: (1) International agreements and treaties need to be developed to establish clear lines of responsibility and respect for privacy. As we develop an organizational structure to manage cyber security across various law enforcement, military, and federal agencies, roles need to be clear to avoid overlap, confusion, and miscommunication. (1) As more and more nations become dependent on networks, a new version of an arms race is in progress: the cyber arms race. Of concern is an escalating cyber war transitioning into conventional war. International rules and processes need to be developed and put in place to ensure appropriate reactions. Review CyberSpace is “a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked system and associated physical infrastructures.” - A network is used to exchange data between two or more computers. The simplest form of a network is a peer-to-peer network, which is simply two computers connected together. A LAN is a small network of computers, most likely those found in an office or home. A WAN permits sharing of resources across a wide geographic area. The Internet is a WAN. Cyber Warfare is any offensive or defensive action taken to penetrate other nations or adversary’s information, information-based process, information systems, and computer-based networks. A threat can be anyone from a states and non-states and from amateurs to highly trained professional hackers. - A hacker is anyone who attempts unauthorized access to a computer or network. They can be termed: White Hat – used to describe professionals hired to identify security flaws via network penetration. Black Hat – hackers that attempt unauthorized access, generally with malicious intent. - Hackers are employed by: Governments Hactivists – those that use cyber attacks to convey a political or social message Criminals Terrorists - Potential Targets of hackers include, but are not limited to: Energy resources: refineries and pipelines Utility resources: the power grid Telecommunications: cellular telephone networks Transportation resources: air traffic control Disaster Response: emergency operations Finance resources: financial markets and transactions Research and Development: corporate networks Defense resources: DoD networks Government networks - SCADA communications flow over into: Radio frequency links Private networks Leased lines Internet connections - Tech Topics: A personal computer consists of: o ROM (read only memory) - contains essential configuration data o RAM (random access memory) – temporary storage of information/data o CPU (central processing unit) – the brain of the computer; executes instructions o Hard drive provides nonvolatile storage o Operating system – controls the flow of a computer system/software o NIC (network interface card) – contains a 48 bit address known as a MAC (media access control) address, also known as the physical address or hardware address - Bits & Bytes: information is stored in binary form (1s & 0s) o 8 bits equals 1 byte o Computer words are multiple bytes long (32 or 64 bits) - Networks use IP addresses: IPv4 uses 32 binary bits in four “octets” to form the address. Networks use IP addresses to identify hosts, both local and distant. The next generation is IPv6, which uses 128 bit addresses. - Ports are a number used to identify an individual computer conversation. Ports allow your computer, which has a single IP address, to open multiple web pages or to check email. o Ports that are left open and unsecured represent a security threat. - Routers direct traffic from one network to another based upon the road maps stored in their routing tables. They communicate with each other using “routing protocols”. A cyber attack on a routing could alter or erase those tables, disconnecting networks, or clog networks. - Servers are repositories for shared information. This information may contain access to password protected e-mails or other sensitive information. - DNS (domain name system) is a distributed data base which links numerical IP addresses with a name. - Packet Communications is used by the Internet, known as TCP/IP (transmission control protocol/Internet protocol). Packet communications allows automatic message routing over the most reliable and least congested paths. One packet message may follow one route and the next a different route, depending on network conditions at that time. - MALWARE (malicious software): Most cyber weapons are designed to attack a network’s confidentiality, integrity, or availability. These weapons take the form of: Botnets: these are computers that have been infected with malware allowing them to be remotely controlled over a network. These are known as zombie computers. They lie dormant until a specified command is given sending the entire group into mass action as part of the “botnet”. - Virus: these require user action, such as an unsuspecting user opening an infected e-mail. - Worms can self-replicate without user action. Worms target hosts and web servers. - Spyware looks for confidential information on the user’s PC and reports it to the spymaster covertly over the network. Identity theft and financial account information are prime targets. - Trojan: malware hidden in innocent pieces of software. Name comes from the Trojan Horse. RAT (remote access tool): many operating systems have remote access capability. If the computer is not properly secured, remote access can be used by hackers. Spoofed E-mail: Spoofed e-mails are a major source of infected attachments. These are e-mails that appear to come from someone other than the originator. It is easy to modify the header to make it appear to come from someone else. - Cyber Tactics: Denial of Service (DoS) attack harnesses hundreds or thousands of PCs to simultaneously access the victim web server. This is similar to communications jamming where the huge volume traffic prevents legitimate users from access the web site. - Social Engineering uses various confidence tricks to manipulate people into revealing confidential information, such as user names, passwords, or identity theft information. - Phishing sends many similar e-mail lures to a wide audience. These bogus e-mails or web pages to lure the victim into revealing account information. One common trick is an e-mail that says his/her financial account may have been compromised and that his user name and password is needed to confirm their account. - Spearphishing is similar to phishing, but they focus in on specific targets (people, businesses, etc.) - SQL Injection targets large databases, such as flight reservations, intelligence data, etc. SQL commands are entered in the fields of the online query form. If the database server has not been hardened against attacks, it may execute those commands. - Trojan software conceals a threat inside an innocuous looking object, such as a free screen saver download or in spearphishing emails. Trojans are often used to install backdoors for the hacker to enter. - Trojan hardware, such as USB drives, are common. Hackers will leave the infected hardware lying around for someone to find and hope they plug into their computer, which then will install the Trojan software. - Wireless LANs are susceptible to intrusion via: o o o War driving: driving around in a car looking for unsecured wireless LANs. Surreptitious entry through a weak password or weak encryption. Anonymous communications: unsecured wireless LANs can provide a convenient way for criminals to gain access to the network and carry out their activities. - Public WiFi Hotspots are hotspots for hackers. They can easily gain access to your information, login/passwords, or other criminal activities through packet sniffers and “evil twins”, which is an identical login page to the real one. - Network Reconnaissance (Port Scanner) can be used to scan a server to see which ports are open and obtain information useful for exploitation. o Once determining the server’s operating system, searching the Internet can review vulnerabilities and information on how to exploit them. - Physical security can also be compromised through social engineering or other means giving access to computers and networks. Cyber Defense How to secure a nation: o The Comprehensive National Cybersecurity Initiative - Manage the Federal Enterprise Network as a single network enterprise - Deploy an intrusion detection system of sensors across the Federal enterprise - Connect current cyber operations centers to enhance situational awareness - Develop and implement a government-wide cyber counterintelligence plan - Increase the security of our classified networks - Define the Federal role for extending cybersecurity into critical infrastructure domains o US-CERT (United States Computer Emergence Readiness Team) - Mission to improve the nation’s cybersecurity posture, coordinate cyber information sharing, and proactively manage cyber risks to the nation while protecting the rights of Americans - Located in Washington DC under the Department of Homeland Security o US Cyber Command - Responsible for planning, coordinating, integrating, synchronizing, and directing activities to operate and defend the DoD information networks and conduct cyberspace activities. - Sub-unified command subordinate to the US Strategic Command · Army Cyber Command · 24 AF / Air Force Cyber Command · Fleet Cyber Command · Marine Forces Cyber Command o o o How to secure a network: Training: clear policies, initial and recurring training Firewalls: Hardware, software, packet inspections IDS / IPS (intrusion detection systems / intrusion prevention systems): take a big picture of your network and look for abnormal behavior patterns. o o How to secure a PC: Security software: Antivirus software, firewall software, etc Use strong passwords: at least six alphanumeric/symbols characters long. Avoid generic passwords, dictionary words, reverse spellings, common sequence, and personal info. o How to secure communications: Private key encryption: sender and receiver share a common secret key which is used for encryption and decryption o Public key encryption: sender and receiver each have a private key and a public key. Public keys are openly listed and may be used by anyone to send a message to the respective key’s owner. o Hash functions: produces a unique encrypted output in response to a plaintext input. No two inputs will produce the same output. o Steganography: hiding a secret message within a larger one, such as photos. - - Security issues: Tempest: compromising emanations are unintentional intelligence-bearing signals, which if intercepted and analyzed can disclose national security information. These signals can come from monitors, printers, cables, and other network components. Malware Tricks Hiding malware in encrypted files Hiding malware in compressed files Malware can morph itself to evade signature based detection Malware can disguise its communications as routine DNS requests and be permitted past the firewall. Bibliography: Andress, Jason, and Steve Winterfeld. Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners. Syngress Publishing, 2011. APUS Online Library
Purchase answer to see full attachment