Introduction to Homeland Security Chapter 5 Part III Safety & Security: Cyber Security Information Security and National Network Infrastructure Security Information Security: Techniques used to protect information assets from deliberate or inadvertent unauthorized acquisition, damage, disclosure, manipulation, modification, loss, or use Information Security and National Network Infrastructure Security Network Infrastructure Security: Protection of the physical infrastructure of data networks and peripherals such as fiber optic cables, routers, switches, and servers that allow data in digital format to be transferred from one location to another one or process it to meet user demands 1
Terrorism and the Proliferation of Information Transfer Alfred Toffler, socio-economist, cited that the world (most notably the industrialized world powers) is experiencing a shift in the basis of its economy This new economy, referred to as the Third Wave by Toffler, is one based primarily on the transfer of information Terrorism and the Proliferation of Information Transfer Due to this evolution from an industry based economy to that of an information transfer based economy, there will be subsequent changes in the means by which society lives, works, and communicates Most importantly, there will be a great increase of reliance on computers, the networks that link them together, and the sources that power them Terrorism and the Proliferation of Information Transfer Computers already control and regulate everything from household appliances to satellites, air conditioning systems to nuclear power plants. 2
Terrorism and the Proliferation of Information Transfer We must ask ourselves: Is this shift in the basis of our economy without a cost? Will this high-technology reliant way of life bring about new threats? What will terrorism be like in the info-age and how will it evolve? Terrorism and the Proliferation of Information Transfer With access to the World Wide Web, and personal computers, individuals across the globe possess the means to gain access to highly specific (often private) information By taking advantage of computers, and the information systems that connect them, terrorists now pose a threat on a new front-- cyberspace Terrorism and the Proliferation of Information Transfer Through the use of computers, terrorists can now: Gather intelligence Communicate globally Communicate globally Spread their hate via WWW 3
Terrorism and the Proliferation of Information Transfer Moderately-skilled terrorists can steal valuable information and employ information warfare in order to cause violence and terror in cyberspace This terror caused in cyberspace has the potential to cross over into the real world with catastrophic results, depending on the type of cyber-weapon used and the tactical applications of its purveyor Information Security and National Network Infrastructure Security Hacking: The gaining of unauthorized access to computer systems for the purposes of stealing or corrupting data; also known as cracking Information Security and National Network Infrastructure Security Hacking Incidents: 1980s: 6 teenagers gain access to the Los Alamos National Laboratory computer system 2 plead guilty to 2 counts of making harassing phone calls 1997: Ehud Tenenbaum, AKA The Analyzer hacked into several US computer systems, including military ones Received 18 mos. in prison, served 8 4
Information Security and National Network Infrastructure Security Hacking Incidents (cont.): 2001-2002: Gary McKinnon, AKA Solo, accused of cracking into 97 US military and NASA computers US claims $700,000 in damage Currently undergoing extradition proceeding in the UK Information Security and National Network Infrastructure Security Hacking Incidents (cont.): 7 MAR 2011 China launched a hacking attack on the South Korean Defense Ministry s computer system Obtained confidential information about the ministry s plan to buy the U.S.-made Global Hawk reconnaissance drone S. Korea reports over 2K hacking attempts per year; most from China Information Security and National Network Infrastructure Security Hacking Incidents (cont.): 7 MAR 2011 The French Finance Ministry confirmed it suffered a cyber attack in December from hackers targeting documents related to the French presidency of the G-20 and international economic affairs Attackers were professional and organized Attack was the first in its size and scope against France with 150 ministry computers hacked and several documents pirated 5
Three Styles of Terrorism Conventional Terrorism Technoterrorism Cyber y Terrorism Conventional Terrorism: Essentially the use of violence or threat of violence (intimidation/coercion) directed (normally) toward innocent people in order to attain a particular (often political) goal Conventional terrorists use bombs, guns, and other conventional weapons in their attacks Normally, their attacks are aimed at innocent civilians, although their targets also include high profile individuals and buildings In nearly all cases, targets are SYMBOLIC! Conventional Terrorism An Example 1983 bombing of the USMC headquarters in Beirut, Lebanon Suicide bombing (conventional weapon) that left 241 military personnel dead, and several hundred others injured (high profile symbolic target) Resulting media frenzy negatively influenced public opinion regarding US policy in Lebanon US ground forces were subsequently withdrawn from the area (desired effect) 6
Technoterrorism: Like conventional terrorism, uses conventional weapons (i.e. bombs, guns, etc.) to destroy its targets Unlike conventional terrorism, its immediate targets are not humans Technoterrorism targets are the physical structures that make up the high-tech infrastructure: Electrical grids Telecommunications hubs Information networks Technoterrorism (cont.) The effectiveness of a technoterrorist s attack is entirely reliant on the public s dependence on the high-tech infrastructure assaulted For example, the difference between a technoterrorist bombing an aviation communications center in Tanzania vice that same act in New York City Technoterrorism (cont.) The size of the technoterrorist group does not have to be large in order to operate efficiently and effectively Lastly, technoterrorist groups don t necessitate much funding, due to the nature of their weapons and ready access to their normally stationary targets 7
Cyber Terrorism: The use of computing resources to intimidate or coerce others via the medium of cyberspace Cyber terrorists, like technoterrorists, generate violence/intimidate/coerce by manipulating and destroying high-tech assets Cyber Terrorism vs. Technoterrorism The major difference between cyber terrorists and technoterrorists: Cyberterrorists damage/destroy computer and telecommunications systems from within their software and programming using computers Technoterrorists damage/destroy the physical structures that house these systems. Cyber Terrorism (cont.) Depending on how cyber terrorists apply their weapons, they can also create real world effects through the violence that they create in cyberspace (similar to the technoterrorist) 8
Cyber Terrorism Weapons The cyber terrorist has several softwarebased weapons that can be employed anywhere in cyberspace at any time Viruses Malicious programs that attach themselves to host programs and force the computer to perform actions not intended by its operator Trojan Horses Programs that perform a normal function (i.e. a downloadable internet browser), but secretly release a destructive secondary program upon their entry into the computer Cyber Terrorism Weapons (cont.) Worms Programs developed to travel across a network and perform simple tasks (i.e. data collection) When programmed maliciously, they have the ability to destroy information as viruses do, but they also have the ability to replicate themselves and spread across an entire computer network independently Sniffers Programs that hide themselves on a host network and collect information Cyber Terrorism Weapons (cont.) Electro-magnetic pulse weapons (EMP s) EMP s are weapons that generate a large electro-magnetic pulse that destroys electronics and computer systems in a given area, but does not disrupt the physical surroundings in the area of the systems These can be built from parts available at electronic parts stores and hobby stores. 9
Cyber Terrorism vs. Conventional Terrorism & Technoterrorism The cyber terrorist has several advantages over conventional terrorists and technoterrorists: Global reach The absence of physical harm encountered in the other styles of terrorism The ability to operate totally independently Less physical evidence involved in committing their crimes Cyber Terrorism vs. Conventional Terrorism & Technoterrorism When compared to one another, these three styles of terrorism share similarities: Causing the suffering of innocent victims Use of violence/intimidation/coercion to attain a goal Though, when observed more closely, the means, targets, tactics and cost of the three distinct styles differ greatly Cyber Terrorism vs. Conventional Terrorism & Technoterrorism Since none of the styles of terrorism are mutually exclusive in their tactical applications, they can be applied in conjunction with one another Applications of terrorism are only limited to the creativity of the terrorist or terrorists employing them 10
Information Security and National Network Infrastructure Security DHS acts as the coordinating body of the US govt. to secure the cyberspace and the network infrastructure of the US Protection is the responsibility of the DHS Office of National Protection and Programs Specifically, the National Cybersecurity Division within the Office of Cyber Security and Communications (CS&C) National Cyber Security Division (NCSD) Mission: Work with public, private, and international entities to secure cyber-space and US cyber assets Strategic Objectives: To build and maintain an effective national cyberspace response system To implement a cyber-risk management program for the protection of critical infrastructure 11
NCSD Programs US Computer Emergency Response Team (US- CERT) Partnership between DHS and the public and private sectors Responsible for: Analyzing and reducing cyber threats and vulnerabilities Disseminating cyber threat warning info Coordinating incident response activities NCSD Programs US-CERT (cont.) Member of the National Cyber Response Coordination Group (NCRCG) Made up of 13 federal agencies NCRCG will help to coordinate federal response to a nationally significant cyberrelated incident US-CERT Tools Cyber Security Preparedness and the National Cyber Alert System Provides technical and nontechnical computer users with: Security Alerts Timely info about current security problems Security Tips Advice on common security topics such as: Privacy E-mail spam Wireless protection 12
NCSD Programs Cyber Cop Portal Coordinates with law enforcement to help capture and convict those responsible for cyber attacks Info sharing and collaboration tool Can be accessed by over 5300 investigators worldwide who are involved in electronic crimes cases Cyberspace Priority 1 A National Cyberspace Security Program Focus on: Rapid identification of malicious cyberspace activity Rapid information exchange regarding malicious cyberspace activity Rapid mitigation of damage done by malicious cyberspace activity Emphasis on public-private partnership Protect privacy and civil liberties Cyberspace Priority 1 (cont.) A National Cyberspace Security Program Identified actions and initiatives 1) Establish a public-private architecture responding to national-level cyber incidents 2) Provide for the development of tactical and strategic analysis of cyber attack vulnerability assessments 3) Encourage the development of a private-sector capability to share a synoptic (same) view of the health of cyberspace 4) Expand the Cyber Warning and Information Network to support the DHS in coordinating crisis management for cyberspace security 13
Cyberspace Priority 1 (cont.) Identified actions and initiatives (cont.) 5) Improve national incident management 6) Coordinate processes for voluntary participation in the development of national public-private continuity and contingency plans for federal systems 7) Exercise cyber security continuity plans for federal systems 8) Improve and enhance public-private info-sharing involving cyber attacks, threats, and vulnerabilities Cyberspace Priority 2 A National Cyberspace Security Threat and Vulnerability Reduction Program An organized cyber attack could endanger the security of the US s critical infrastructure Vulnerabilities: Information assets External support structures Vulnerabilities result from: Weaknesses in technology Improper implementation and oversight of technological products Cyberspace Priority 2 (cont.) A National Cyberspace Security Threat and Vulnerability Reduction Program Identified actions and initiatives 1) Enhance law enforcement s capabilities for preventing and prosecuting cyberspace attacks 2) Create a process for national vulnerability assessments to better understand the potential consequences of threats and vulnerabilities 3) Secure the mechanisms of the Internet, improving protocols and routing 4) Foster the use of trusted digital control systems/supervisory control and data acquisition systems 14
Cyberspace Priority 2 (cont.) Identified actions and initiatives (cont.) 5) Reduce and remediate software vulnerabilities 6) Understand infrastructure interdependencies and improve the physical security of cyber systems and telecommunications 7) Prioritize federal cyber security research and development agendas 8) Assess and secure emerging systems Cyberspace Priority 3 A National Cyberspace Security Awareness and Training Program Many cyber vulnerabilities exist because of lack of awareness on the part of: Computer users System administrators Technology developers Procurement officials Auditors Chief Information Officers (CIOs) Chief Executive Officers (CEOs) Corporate boards Such awareness-based vulnerabilities present serious risks to infrastructure whether or not they exist within the infrastructure itself Cyberspace Priority 3 (cont.) A National Cyberspace Security Awareness and Training Program Identified actions and initiatives 1) Promote a comprehensive national awareness program to empower all Americans, businesses, the general workforce, and the general population to secure their own parts of cyberspace 2) Foster adequate training and education programs to support the nations cyber security needs 3) Increase the efficiency of existing federal cyber security training programs 4) Promote private-sector support for wellcoordinated, widely recognized professional cyber security certifications 15
Cyberspace Priority 4 Securing Governments Cyberspace Govt.s only administer a minority of the nation s critical infrastructure, but govt.s at all levels perform essential functions in: Agriculture Information and telecommunications Food Energy Water Transportation Public health Banking and finance Emergency services Chemicals Defense Postal shipping Social welfare Govt.s need to lead by example in cyberspace security and foster a marketplace for more secure technologies Cyberspace Priority 4 (cont.) Securing Governments Cyberspace Identified actions and initiatives 1) Continuously assess threats and vulnerabilities to federal cyber systems 2) Authenticate and maintain authorized users of federal cyber systems 3) Secure federal wireless local-area networks (LANs) 4) Improve security in govt outsourcing and procurement 5) Encourage state and local govt.s, consider establishing information technology security programs, and participate in info sharing and analysis centers with similar govt.s Cyberspace Priority 5 National Security and International Cyberspace Security Cooperation America s cyberspace links the US to the rest of the world Cyber attacks can quickly come from anywhere Determining source of attacks can be difficult International cooperation required to: Facilitate info-sharing Reduce vulnerabilities Deter malicious actors 16
Cyberspace Priority 5 (cont.) National Security and International Cyberspace Security Cooperation Identified actions and initiatives 1) Strengthen cyber-related intelligence efforts 2) Improve capabilities for attack attribution and response 3) Improve coordination for responding to cyber attacks within the US national security community Cyberspace Priority 5 (cont.) Identified actions and initiatives (cont.) 4) Work w/industry and through international organizations to facilitate dialogue and partnerships among international public and private sectors focused on protecting info infrastructures and promoting global culture of security 5) Foster the establishment of national and international watch-and-warning networks to detect and prevent cyber attacks as they emerge 6) Encourage other nations to accede to Council of Europe Convention on Cyber Crime or to ensure that their laws and procedures are at least as comprehensive 17