Or did one already occur?
Oslan - "One of the proposals that came out of the [Group of Eight summit] was for a trusted entity, a kind of [United Nations] of the Internet, that is responsible for making sure that the traffic moving from one country to another is protected and can be trusted."
"Unfortunately, in most cases it requires a major event to galvanize people and get them to change."
"To get this to happen quickly rather than over the next 40 years, I think it will have to be crippling. Another country brings down the stock market for five days: That would probably get everybody interested in making sure that never happens again. Bringing down air traffic control systems to major airports. Whether that is practical or not still is a question. But if it is connected to the Internet, it is technically possible regardless of how many protections you have in place. Far from easy, but technically possible."(emphasis added by moi)
How close are we to cyberwarfare? Pretty close, said Greg Oslan, chief executive officer and president at Narus, a provider of traffic analysis software for carrier networks. The company helps large IP networks see, analyze and manage traffic from a growing number of dynamic applications. Knowing what traffic is on a network and understanding it is essential to providing adequate security because security cannot be achieved today at the endpoint, he said. Not surprisingly, Oslan has a front-row view of malicious traffic passing through the Internet and efforts to ward off full-scale warfare via the network.
GCN: What constitutes cyberwarfare?
OSLAN: This is my opinion only, but I think that what would constitute an act of war over the Internet would be something that maliciously, directly cripples a country's ability to function. If somebody brought down our electrical infrastructure and crippled our economy, I think that would be an act of war. How we could treat that, government to government, is a policy question. You are not using guns and bullets anymore. What is the appropriate response as your armies move from physical entities to virtual entities?
GCN: What can you tell us about what you saw of the Estonia attacks?
OSLAN: It was the volume and coordination of the attacks that distinguished them. It wasn't just one computer or one Web site that was targeted; this was spread across the entire country from the libraries to government institutions.
We have information in this country of other countries trying to gain access to our machines. It's kind of a new Cold War. In the 1950s and '60s, [the Soviets] would send fighters into the Alaskan airspace and see how fast we'd respond ' and of course, we'd do the same. The same thing is now occurring on the Internet. One country says, 'How many different sites can I break into in the U.S.?' And then the United States responds, and they want to know how quickly we fill those holes.
GCN: What is the likelihood of a cyberwarfare attack against us that goes beyond that tit-for-tat push against the edges?
OSLAN: The bigger global issue is [that information technology] as a service medium rather than as a transport medium is in its infancy so far as being understood on a global scale. People are protecting their small pieces, but there are no stand-alone pieces. They are all connected to everything else in the world. Having a firewall is not good enough, or having an intrusion-detection system is not good enough. Having both is not good enough. Systems that manage and protect on a more holistic scale are what are going to be required.
GCN: How vulnerable is the United States' critical infrastructure to this kind of attack?
OSLAN: There are just too many holes. There are so many institutions that people have already penetrated. The [Navy] War College Web site was down for two or three weeks, and that was pretty embarrassing because they are the ones who are being taught to protect against cybercrime. It's a safe assumption that we're pretty much all in the same boat, and our infrastructure is absolutely susceptible. There is debate over how big of a threat that is. There is no question there are isolated threats, and there are component systems that could be penetrated and brought down. But there is no one who believes they could bring down the entire electrical infrastructure or gain access to nuclear power plants. Whether that is true or not, I don't know.
GCN: Given the interconnected nature of the infrastructure and the need for a cooperative approach to securing it, do we have the international cooperation we need to provide this security?
OSLAN: This is a huge problem and one that is not well understood. Some 70 percent of the world's Internet traffic now flows through the United States. That's going to change over the next several years. Other foreign countries are not comfortable with all of that traffic flowing through the United States, and you're going to see major distribution points being set up overseas ' and then it gets really complicated. This is going to give rise to a whole new thought process about protecting the borders.
GCN: What can be done at the national and carrier infrastructure levels to protect against these threats?
OSLAN: It is going to be a fine balance between the carrier's requirements to protect their own infrastructure because they need to make money and the government's involvement to provide security. When the telephone networks were originally set up by AT&T 100 years ago, the government clearly stated this is critical, this is how it is going to be used and protected. That doesn't exist on the Internet today. We are going to have to think differently. One of the proposals that came out of the [Group of Eight summit] was for a trusted entity, a kind of [United Nations] of the Internet, that is responsible for making sure that the traffic moving from one country to another is protected and can be trusted.
GCN: Given the Internet's degree of development and our dependence on it, is it too late to effectively put these kinds of controls into place?
OSLAN: It is never too late. I think that we have to acknowledge at a public level that it is a problem. Unfortunately, in most cases it requires a major event to galvanize people and get them to change. The Internet is a commercial means of making money and is also critical national infrastructure. It is hard to go to carriers that are not owned by the government and tell them to invest millions of dollars to protect it. It is an interesting challenge. We went through it with lawful intercept in the United States, when the carriers were mandated to provide to government the ability to tap IP traffic under a court order. There is not a huge motivation for the carriers to do this because they are not making any money off that service. We are going to have this same kind of discussion around security.
GCN: You said it would take a major event to get people's attention. What kind of event?
OSLAN: To get this to happen quickly rather than over the next 40 years, I think it will have to be crippling. Another country brings down the stock market for five days: That would probably get everybody interested in making sure that never happens again. Bringing down air traffic control systems to major airports. Whether that is practical or not still is a question. But if it is connected to the Internet, it is technically possible regardless of how many protections you have in place. Far from easy, but technically possible. The more sophisticated we get and more pieces of equipment you put on the network, the more vulnerable you become. The more things you have to manage and the more endpoints, the more openings you have.
source
The article is almost two years old and imho what Oslan says about us being "pretty close" to a cyber war no longer stands true today. It was far from the truth in Sept. 2007 as a matter of fact.
ReplyDeleteGlobal Carriers will certainly object to many security-based ideas regarding the backbone. Here we are witness to Globalisation biting its own self in the arse by going global and then realising it's a risky business.
WORM defeats CRUD
ReplyDeleteDatabases more or less have the same vulnerability as "pencil technology." There are four things that you can do with a database record (which is just like a cubbyhole for information): create it, read it, update it, delete it. As developers say it, "CRUD." (Create, Read, Update, Delete)
Think about what you can do with a pencil on a piece of paper. You can write something (create). You can read what you wrote. You can erase and change (update) what you wrote. Or, you can erase (delete) what you wrote.
If one cares about the integrity of the information, then a pen beats out a pencil. "Pen technology" defeats the pencil eraser.
Similarly, WORM technology defeats CRUD. WORM stands for Write Once, Read Many. Think about what happens when you burn a (non-rewritable) CD or DVD with data. Then you have a read-only disc of stored data. Read only means that you cannot do CRUD. You can only do 'R,' read.
Problem solved. :)
John,
ReplyDeleteproblem solving requires the problem first be defined. Which definition do you choose to best fit the solution you delivered?
curt
Well, destructive intruders at their worst are adding bogus data (C) or changing existing data (U) or deleting data (D). To the extent that you (or authorities at national infrastructure) can make data be read-only, then CRUD is reduced to R, thereby removing opportunities for C, U, and D.
ReplyDeleteThe only remaining problem would be unauthorized reading, as of classified, confidential, or privileged data.
If you cut out the CUD, then remaining complaints might be too much reading, and too much traffic. But really, if the data is locked down to be read only, then it's not going to be hurt by reading or traffic. A strong BOTNET could still create a denial-of-service attack, but countermeasures already exist to ameliorate such conditions.
On the whole, if the data is safe (which also means a good backup is on hand), then our services are not going to evaporate in a cyber attack.
(There continues to be the problem of social engineering. Insiders with access can always spy, and perhaps sabotage. It's a question of who does an organization trust. But, spies, sabateurs, flaky loyalty, etc. existed long before computers. The human element of this is not a "cyber" issue per se. Any organization has those risks, simply by being an organization.)
Of course, my worry was data corruption / wrong information moreso than a different worry, outage of service. That can happen.
ReplyDeleteBut, if you're thinking of a false flag attack, then it does not require an actual cyber attack/er. The government could simulate one, by doing like Iran and cutting off cell phones and internet.
The artificial disruption could be talked up and pinned on anybody as a cyber attack, but I bet if we looked at the server logs, there's no actual attack to go along with that event.
Thinking of the private sector, "business data" is stored everywhere, all around the country. There's no central repository for an attacker to go after. The telecom and cable companies are the closest thing there is to a central chokepoint / bottleneck for data in transmission (the internet). But still, there's a wide array of those places. It's unimaginable that an attack could take all of them down simultaneously.
Therefore, if they all go down simultaneously, it's got to be directed by our government. Really, I worry about cyber attackers less, and about rogue elements of the U.S. government more, on this topic.
John, you're a brilliant person. But you missed my point, probably because I failed to spell it out.
ReplyDelete1) we see an almost identical repetition of the wording used in PNAC's "The Rebuilding of America's Defenses", the document we the choir (truthers oh my!) point to when claiming 9/11 was planned or at least beckoned for well in advance of the event. Having said that,
2) Oslan calls for tighter regulation of the internet or the backbone if I may and the installation of a sort of internet UN......and
3) he points out that (GCN) "Internet’s degree of development and our dependence on it" (Oslan) "is a problem".
You seem to have read what Oslan said without looking into what I held in front of us all to see. Like I said, you're a brilliant person but your idea does not apply to traffic traversing the backbone in any way, shape or form. It solely applies to storage devices and the data that is stored there, even for shorter periods of time.
Nonetheless, thank you for your comments.
doesnt matter what the soft and hardware is..if someone cuts the undersea cables. as happened 2x? already.
ReplyDeletesatellite is slow and ratshit here, dunno bout in usa?
I am saving books, and printing a lot more, of the stuff I think will be needed for when the lights go out..or at least dim.
as to the rest, Not enough knowledge by me to comment.
oz, the undersea cables link regions and continents. During the last outage, traffic with India was nearly cut off. I have a map of some of but not all of the undersea cables, worldwide and if what it shows is true, the cables are redundant, i.e., set in in a manner to provide redundancy. Billions are currently being invested in upgrading / replacing the cables we now have in place and would you believe it?; The most modern mesh network of undersea cabling was taken online around Singapore only a few months ago. As it stands today, Singapore has a much more stable backbone than Europe does. Any system has its weak spots. I still don't see it all coming to a halt at the hand of a hacker, a severed undersea cable or anything we've seen thus far. But believe you me, the military already has its own backbone, satellites and mobile transmitters. Plus, they have the know-how and capability to kill any part of the backbone at most any time....i.e. cut a complete continent off at the flip of a switch. Lites out, game over. Anyone who knows the history of the internet should also know the military considers the internet and the backbone it rides as their baby. In their eyes, we're unwelcome scavangers. On the other hand, we're tolerated. Just look at all the info they can grab off us.
ReplyDeletenews, of a sort (remain critical);
ReplyDeletehttp://128.100.171.10/
[...] You may recall my recent entry titled “Another False Flag Op In The Pipeline?” in which I raised the hypothesis of another false flag op, this time as a cyber attack on [...]
ReplyDelete