NETWORK SECURITY FOR CYBER WAR Allison Johnson and Matthew Diana James Madison University, Harrisonburg, Virginia 22807-0001 USA Young B. Choi, Department of Computer Information Systems and Management Science, James Madison University, Harrisonburg, Virginia 22807-0001 USA +1 (540) 568-7031, choiyb@jmu.edu Abstract In this paper, we will discuss the emerging dimension of war called cyberwarfare. First, we will study what cyberwar is, and also look into some recent attacks on countries networks that is considered acts of cyberwar. Next, we will look into what weaknesses these attackers are exploiting. It is impossible to fight a war when one does not know where the enemy is coming from and what vulnerabilities the enemy is exploiting. Understanding the weaknesses, we can then discuss how serious of a threat cyberwar is. There are many types of threats with varying levels of significant damage. The government is not the only target either; the private industry and civilians can also be targets. Finally, we will discuss possible ways to reduce the threat of cyber attacks to our networks. This is a very serious issue in a time where technology is becoming a staple in our lives and also a main form of communication.
Introduction Many people do not realize that while we are fighting a war overseas, we are also fighting a war every day in our networks. An emerging issue that the government and private industry are dealing with is cyberwarfare. This is where cyberspace becomes yet another battlefield, which U.S. forces of all kinds must defend against hackers. It is very difficult to monitor all activity on a network, if not impossible. Therefore, many hackers are able to enter a network and steal information undetected. Information, as they say, is power. And valuable information in the wrong hands could be catastrophic, mostly because there is no way of knowing how much information was compromised and when or how the hacker will use it. There are no physical barriers in cyberspace, and the U.S. cannot censor the information that is shared via the Internet. This makes defending our networks and valuable information very difficult. Recognizing this complex issue, President Bush has increased spending in this area in an attempt the keep us and our secrets safe. In order to design solutions to reduce cyber attacks, we need to understand what cyberwar is, how it is typically used, what weaknesses are being exploited, and current technological advances in the making.
What is cyber warfare? Cyber warfare is defined, according to Wikipedia.com, as the use of computers and the Internet in conducting warfare in cyberspace. Cyber warfare can also be used in defending and attacking information along with computer networks throughout cyberspace. Cyberspace is defined as an operational domain of the electromagnetic spectrum spanning the commons, homeland and battle space, bounded and enabled by military and commercial information and communication technology. This can be very dangerous to the receiver due to the fact that cyber warfare has no limitations and almost every time it attacks, it destroys exactly what it wants to. In this day and age, many countries are not up to date with the technology and therefore are more vulnerable to these cyber attacks. Many countries that are attacked don t have these very advanced technologies because many of these technologies are far too expensive. In cyber warfare, it is extremely difficult to locate the origin and even the nature of how powerful the attack was and much damage it caused. Russia, China, Germany, and France are a few countries that are incorporating cyber warfare into their military. Many countries, along with the United States, believe that cyber attacks, if big enough, can be devastating and pose a very real national security threat. After the many terrorism attacks have occurred, many people believe that computers and information technology will be next in line for the terrorists and some even believe that they will disrupt crucial infrastructure such as our transportation, banking/finance, or communications. Straight from one of the Office of Naval Intelligence reports in 2000, A couple of years ago, the Central Intelligence Agency (CIA) only mentioned Russia and China specifically as possible cyber threats. Today, U.S. officials indicate that more than 20 countries have various kinds of information operations (IO) directed against
the United States. The CIA testified more recently that adversaries are incorporating cyberwarfare3 as a new part of their military doctrine. A declassified Navy threat assessment identifies Russia, China, India, and Cuba as countries who have acknowledged policies of preparing for cyber warfare and who are rapidly developing their capabilities. North Korea, Libya, Iran, Iraq, and Syria reportedly have some capability, and France, Japan, and Germany are active in this field. Cyber war can also be the offensive information mounted against an adversary and it s also categorized as denying an adversary to attack a country. There are a few electronic effects of cyber warfare, such as high energy radio frequency guns and electromagnetic pulse generators to overload circuitry. Many cyber effects that occur are penetration of networks, sensor jamming, and destroyed equipment through cyberspace. What are some recent attacks on networks? Air Force Rome Lab (March 1994) - In the month of March, the Rome Lab in New York found themselves under attack so after sending out two Air Force teams, they found that the origin was first in New York then later in Seattle. The hacker was later found in the United Kingdom after boasting about his achievements. Officials later said that the hacker cause over 150 intrusions and from 100 different points of origin. Solar Sunrise (February 1998) This time, the Department of Defense was hit using a UNIXbased computer system known as Solaris. The attackers probed the Department of Defense to see if vulnerability existed then planted a program to record data to later be gathered. The probing originally started at Harvard University and was then reported at United Arab Emirates. More
activity was reported in Germany, Israel, France, and Taiwan, and all total, over 500 computer systems were attacked, including educational and governmental systems. Estonian Cyber war (April 2007) There were a series of attacks against the Estonian parliament and various Estonian organizations on April 27, 2007. A criminal investigation was opened a week after the attacks, and it was found that most of the attacks were just distributed denial of service to the users. Many attacks were used for spam distribution and expensive rentals of botnets. The Estonian Reform Party, however, had bigger spam news portals and defacements on their website. As of January of this year, one person has been convicted. Taiwan vs. China (June 2006) On June 17, 2006, a press release revealed a bribery in Taiwan s Defense Ministry Network, but it was later said to be false. The operation may have been on a much larger scale and the attack was originated in China. Once traced down, officials found out that the attack was of great precision because it was aimed to be so quick and aimed to cause massive amounts of damage to networks. Luckily for the Taiwanese government, there had been some leaks. Both countries have been fighting for quite some time though, with the stealing of data and manipulation of media. This shows that both countries have been hiring private hackers for years, and recently has shown that there are more web based attacks between the countries. Israel and Hezbollah Cyber War When fighting between Israel and Palestine turned over into cyberspace; hackers immobilized 15 Arab websites and 24 Israeli websites. Attacks were also launched through e-mail and discussion groups and the cyber war was initiated when the hackers abducted three Israeli soldiers. Hizbollah.org was then crippled by so many millions of American
and Israeli users and on the site, the hackers had one button to click before a chain reaction of hits crippled the website. Over a month later, Hezbollah recovered and retaliated by creating mirror sites on various different servers trying to confuse the hackers from further crippling their networks. What weaknesses are these attackers exploiting? First off, hackers are looking for an interconnected network, that is mutually joined networks, because once the hackers hinder the network, more people will be affected. These networks include public and private ones, which clearly has many more users than just one or the other. The problem with interconnected networks is that since they are so large, they normally don t have as much security behind their development. The second weakness that attackers exploit is weak boundaries. Many hackers try and find out who a domestic threat is, but also who a foreign threat is. If hackers know who their weak countries are, they will try that much harder to exploit their networks. Another weakness is the various different media outlets that each nation has. The media is involved in many different networks so if indeed a hacker could get into and cripple a media outlet, many others would be greatly affected. Of course, unknown or misunderstood vulnerabilities are another type of weakness because if they are unknown, our programmers would not know how to solve the problem until after they were hacked into. There are various attacks that are made to look like accidents also making it that much harder for our security technicians to detect whether or not they should act upon a certain threat. Certain hackers know how to program an attack much faster than a reaction time, so some attacks can cause much damage. They cause so much damage because our defenses
don t have enough time to react to an attack and by the time we do fix the problem, many networks could have been already hit. How much of a threat is cyber warfare? Now, a natural question is, how much of a threat is this? There are some threats that have more serious consequences than others because of the potential damage that could be done. For example, there are physical attacks where our adversaries destroy buildings or bridges, or there are attacks where human lives are targeted. Buildings can be rebuilt and the attacks on human lives are usually relatively small. The difference between those attacks and cyber attacks is that information is compromised in the latter, which can be used to plan multiple attacks. Lani Kass, a senior adviser to U.S. Air Force Chief of Staff Gen. Michael Moseley said, "If we drop a bomb on a house, we have a pretty good idea of what the collateral damage will be; if we take down a server somewhere, the possible results are a lot less clear." Our military makes use of the best technology we have, which includes sophisticated communication devices. During war, communication is essential, and if hackers compromise the communication lines, either our military cannot communicate with each other or sensitive information ends up in the wrong hands. Gen. Robert Elder, the military officer in charge of the U.S. Air Force's day-to-day cyberspace operations said, "When we talk about the speed range and flexibility of air power -- to deliver satellite-guided strikes to effect the outcome of a battle on the ground for example -- the thing that enables this for us is the fact of our cyber-dominance, the ability to move data and control signals through cyberspace -- which as the Air Force defines it is the entire electromagnetic spectrum.
Success of our military relies on secure lines of communication. For example, Lockheed Martin has recently developed the Space Based Infrared System (SBIRS) geosynchronous orbit (GEO) spacecraft (Figure 1 below), which is designed to warn us against missile launches earlier than we were capable of before. According to Space War newsletter, An integral component of the spacecraft's command and data handling subsystem, the fault management system responds when an anomaly is detected in normal operations, putting the satellite into a safe state while operators on the ground analyze the situation and take corrective action. This is an innovative tool that could save millions of lives. However, if a hacker attempting a cyber attack compromises it, the SBIRS could be rendered useless or even somehow used against us. Figure 1. SBIRS GEO spacecraft What are the effects on other industries? The government and military agencies are not the only ones at risk. Private industry is also a target of cyber attacks. The infamous computer hacking group Cult of the Dead Cow (CDC) has reportedly created a program called Goolag Scanner, which supposedly allows anyone to
download the program and scan any website or Internet domain for weaknesses in the site s security that hackers can exploit. CDC spokesman Oxblood Ruffin said, "If I were a government, a large corporation, or anyone with a large web site, I'd be downloading this beast and aiming it at my site yesterday. Even with this warning, many security specialists warn users to check this program for malicious code, which many hackers use to mine information off of the very computer trying to use their program. The point is that cyber attacks can target anyone on the web, and they can come from anywhere. Since there are so many kinds of hackers and cyber attacks, the consequence of a successful attack affects everyone: the military, government, private industry, and civilians. The government agencies are beginning to partner up with the private sector in order to gain the best advantage in preventing cyber attacks on crucial networks. Recently, the Department of Homeland Security (DHS) conducted its second biannual cyberwar exercise codenamed Cyber Storm II. This exercise is designed to test the ability of federal agencies and their partners in state, local and foreign governments and the private sector to respond to and recover from cyberattacks on their computer networks, according to Cyber Wars newsletter on March 10, 2008. This exercise is said to simulate physical and cyberattacks on communication systems and various transportation infrastructure. In a past exercise, the hackers penetrated heath care databases and defaced newspaper websites, all of which are very plausible threats. The article said that as in the real world, the attackers are from states, terrorist groups and criminal enterprises.
Even though the federal government and the private sector are trying to work together, communication between the two is often very difficult, and it is an obstacle that many are trying to overcome. Former DHS preparedness chief George Foresman said, It's all about the information. The ability to communicate highly technical information in real-time between government officials without a common vocabulary had been a major challenge identified by Cyber Storm I. Collaboration between the government and the private sector was something planners continued to wrestle with. We haven't mastered that piece yet." What can we do to eliminate the threat of cyber attacks? We can never eliminate the threat because we cannot control everything that happens on the Internet or on networks. The hardest asset to control and keep safe is human activity. For example, people in important government positions still open attachments with viruses or fall for a phishing scam. The only way to prevent scams like phishing is to educate everyone who uses a computer, especially those computers with sensitive defense information, how phishing works. Many of the hackers are very clever in tricking people into giving up their personal information, such as recreating an e-mail that appears to come from the person s bank stating that he or she should type in his or her personal bank information in order to fix a problem with his or her account. It is surprising how easy it is to recreate an official looking e-mail and it is even more surprising how many times it works. For example, one can easily obtain Bank of America s HTML instructions used to display the bank s homepage (Figure 2 below). From this, the hacker can recreate an official looking e-mail to trick users. So conducting exercises and searching for vulnerabilities are necessary to do, but it is all-futile if the everyday people using the systems and networks are not educated and careful about information transfer over the Internet.
Figure 2. Bank of America HTML instructions Educating users is a step in the right direction, but as mentioned before, we need new technology to help scan for attacks because the cyber war battlefield is so vast. In an attempt to reduce the threat of cyber attacks, researchers at George Mason University s Center for Secure Information Systems have been developing software called Couldron that provides real-time situational awareness, which allows users to see possible attack paths into a network in real-time. "Currently, network administrators must rely on labor-intensive processes for tracking network configurations and vulnerabilities, which requires a great deal of expertise and is error prone because of the complexity, volume and frequent changes in security data and network configurations," said Professor Sushil Jajodia. "This new software is an automated tool that can analyze and visualize vulnerabilities and attack paths, encouraging 'what-if analysis.'"
Another program recently developed, but still not completely error-free, is called Einstein, and is a result of the classified multibillion-dollar cybersecurity initiative President Bush signed in February 2008. This program, according to Cyber Wars newsletter is, an intrusion detection system that will automatically monitor and analyze Internet traffic into and out of federal computer networks in real time -- allowing officials at the Department of Homeland Security to scan for anomalies that might represent hackers or other intruders trying to gain access or steal data. Many people are skeptical of the system and say it is too passive and the information Einstein delivers is not really in real-time. Others also argue that Einstein is nothing new in the private sector and this technology is useful, but not groundbreaking by any means. Casey Potenzone, chief information officer of computer security firm Uniloc, said that programs like Einstein "are absolutely standard in the private sector. It is not revolutionary or state of the art. [The program across federal networks is] very logical and something that should have been done a long time ago." There is a lot of work to be done in creating a low-threat cyber environment. To get there, it will take a lot of manpower and cooperation between the government and the private sector. And we will also need a lot of money. President Bush has requested $154 billion in funding to track cyber threats on government and private networks, and that is just a taste of what we should expect in the future for this war in cyberspace.
Conclusion We have studied cyberwarfare, when it has been used in the past, the weaknesses the hackers are exploiting, and new improvements attempting to reduce the threat of cyber attacks. If we intend to keep automating our information processes and creating new technologies to communicate, this war in cyberspace is truly inevitable. As long as we communicate sensitive information, there will always be someone trying to gain unauthorized access to the information. This is not new in our time, for Julius Caesar needed to encrypt his messages sent on paper to prevent his valuable information from falling into the wrong hands. Now, we are communicating through the internet and satellites and radio waves. We need to be aware that every time we use these devices, we are putting our information at risk of being compromised by a hacker. Because of this, we need to educate all users of intelligence or defense data of the risks in cyberspace. We also need to create new programs and systems that can monitor activity and reliably alert users when a network is not secure. We hope this paper will educate people on this issue and perhaps everyone will be more cautious when transferring information to each other.
References Bishop, M. (2004). Introduction to Computer Security. New York: Addison-wesley Professional. Carr, H., & Snyder, C. (2006). Data Communications and Network Security. New York: McGraw-Hill/Irwin. Magnuson, S. (2006). Cyber war: network vulnerabilities worry pentagon.(cyber SECURITY): An article from: National Defense. Chicago: Thomson Gale. Swetnam, M. (1999). Cyber Terrorism and Information Warfare (Terrorism: Documents of International and Local Control, Second Series.Volumes 5-8.). New York: Oxford University Press, USA. Antolin-Jenkins, V. (2005). Defining the Parameters of Cyberwar Operations: Looking for Law in All the Wrong Places. Naval Law Review, 10(51), 132. Retrieved Apr. 11, 2008, from http://scholar.google.com/scholar?hl=en&lr=&q=info:l1szbqj2euqj:scholar.go ogle.com/&output=viewport. Kshetri, N. (2005). Pattern of global cyber war and crime: A conceptual framework.
Journal of International Management, 11(4), 541-562. Retrieved Apr. 11, 2008, from sciencedirect.com. Lesk, M. (2007). The New Front Line: Estonia under Cyberassault. Security & Privacy, IEEE, 5(4), 76-79. Retrieved Apr. 11, 2008, from http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4288051. Rowe, N. (2007). Ethics of Cyber War Attacks. Cyber Warfare and Cyber Terrorism, 1. Retrieved Apr. 11, 2008, from http://books.google.com/books?hl=en&lr=&id=6cj-av9dh- QC&oi=fnd&pg=PA105&dq=conference+articles- +cyberwar&ots=qkxzhd_jsl&sig=ip3ooqcmtzgcxm-6jpvqgs0jbi0. Cooper, M. (2006). Pre-empting Emergence: The Biological Turn in the War on Terror. Theory Culture Society, 23(4), 113-135. Dowd, P., & Mchenry, J. (1998). Network security: it's time to take it seriously. Computer, 31(9), 24-28. Hack attack.(brief Article). New Scientist 168.2264 (Nov 11, 2000): p.27. (85 words) From Academic OneFile. Update on the war against cyber crime. Computers & Security 23.5 (July
2004): p.356(2). From General OneFile. 2007 cyberattacks on Estonia - Wikipedia, the free encyclopedia. (n.d.). Retrieved Apr. 9, 2008, from http://en.wikipedia.org/wiki/cyberattacks_on_estonia_2007. CRS Report for Congress. (n.d.). Retrieved Apr. 9, 2008, from http://64.233.169.104/search?q=cache:u34dkl6- gbsj:www.fas.org/irp/crs/rl30735 Hackers use Google to find website vulnerabilities. (2008, Feb. 22). Retrieved Apr. 13, 2008, from http://www.spacewar.com/reports/hackers_use_google_to_find_website_vulnera bilities_999.html. Lockheed Martin Team Completes Flight Software Design Review For Space-Based Missile Warning System. (2008, Apr. 10). Retrieved Apr. 13, 2008, from http://www.spacewar.com/reports/lockheed_martin_team_completes_flight_so ftware_design_review_for_space_based_missile_warning_system_999.html. Posey, B. (2005, January 27). How to Avoid Phishing Scams. Retrieved Apr. 13, 2008, from http://www.windowsecurity.com/articles/avoid-phishing.html?printversion. Software protects against cyberattacks. (2008, Mar. 18). Retrieved Apr. 13, 2008, from
http://www.spacewar.com/reports/software_protects_against_cyberattacks_999.ht ml. Waterman, S. (2007, October 17). Analysis: A new USAF cyber-war doctrine. Retrieved Apr. 13, 2008, from http://www.spacewar.com/reports/analysis_a_new_usaf_cyberwar_doctrine_999.html. Waterman, S. (2008, Mar. 10). Analysis: DHS stages cyberwar exercise. Retrieved Apr. 13, 2008, from http://www.spacewar.com/reports/analysis_dhs_stages_cyberwar_exercise_999.html. Waterman, S. (2008, Mar. 3). Analysis: Einstein and U.S. cybersecurity. Retrieved Apr. 13, 2008, from http://www.spacewar.com/reports/analysis_einstein_and_us_cybersecurity_999. html.