View
4
Download
0
Category
Preview:
Citation preview
FINDINGs IN BRIEF
•Digitalnetworksarethenervoussystemofourcivilization,essentialtocommerceandculture.Theentireeconomy,frombankingtoutilitiestomanufacturingtohealthcare,reliesoninternet-stylecommunications.Eventhemilitaryhasreorganizedforwhatitcalls“network-centricwarfare.”
•Buttheinternetempowerseverybody,includingcriminalsandforeigngovernmentsintentonweakeningAmerica.Asdigitalnetworkshaveproliferated,sohasmalicioussoftwaredesignedtoexploitthenetworksfordestructivepurposes.Internetpredatorsareincreasinglycapableandsophisticated.
•Cyberthreatsarenowsocommonthattheyposearealdangertonationalsecurity.Networksmustbesecuredagainstintrusion,otherwisethenationriskssevereeconomicdamageandpotentialdefeatatthehandsofothercountries.Buttheanonymityoftheinternetimpedeseffortstodeteranddestroythreats.
•Thefederalgovernmenthastakenanumberofstepsaimedatcombatingthreatstodigitalnetworks,includingaComprehensiveNationalCybersecurityInitiativelaunchedin2008.However,thecurrentfederalframeworkfordealingwithcyberthreatsisfragmented,andcannotkeepupwithemergingdangers.
•Thenewadministrationwillhavetodeterminewhethercurrentcyber-securityeffortsaresufficient,oradditionalresourcesarerequired.Itwillalsohavetodecidewhetherthecurrentfederalframeworkforaddressingcyberthreatscandothejob,andifnothowtotapmoreagilesourcesofexpertiseinthemarketplace.
•ThisreportprovidesaconciseoverviewofemergingthreatstoAmerica’snetworksandthefederalresponse,highlightingkeyissuesforthenewadministration.ItwaswrittenbyDr.LorenThompsonoftheLexingtonInstitutestaff.
1
The ThreaT To am
erica’s NeTworks HIDDEN DANGER
HIDDEN DANGER: THE THREAT To AmERIcA’s NETwoRks
Inthe20yearssincethecoldwarended,theworldhasbecomeconnectedinwaysitneverwasbefore.Abreakthroughcalledtheinternethasintegratedpreviouslyisolatednetworksintoasingleglobalwebthatanyonewithacomputercanenter.Thetechnologythatmadethispossible,calledinternet-protocolcommunications,hastorndownthebarriersthatonceimpededinteractionamongdiverseandscatteredusers.Asaresult,theworldhasbecomeamoreopenandproductiveplace.Peoplewhooncehadlittlesayinhowtheirsocietyoperatedhavebeenempowered,andopportunitiesforenrichmentofeverykindhavemultiplied.
Buttheparadoxoftheinternetisthatindeliveringpowertotheedges,ithasalsodeliveredpowertothefringes.Predatorsofeverypersuasionnowhaveaccessandoptionstheyneverwouldhaveenjoyedinthepast.Someareagentsofforeigngovernmentsseekingtosubvertdemocracy,orstealitssecrets.Othersarecriminals,cultmembers,transnationalterroristsornihilisticvandals.Allhavediscoveredthattheinternetprovidesapotentialpathwaytotheirgoals.Andincreasingly,itisinformationnetworksthemselves--thenervoussystemofourcivilization--thatsuchactorsseektotarget.
Mostinternetusershavesomeawarenessofthisproblem,sincetheyencounteritintheformofspyware,virusesandotheronlinenuisances.Butthemostdisturbing“cyber”threatsarelargelyinvisibletothegeneralpublic,becausetheyinvolveattacksonspecializednetworksusedbythearmedforces,healthcareprofessionals,airtrafficcontrollers,financialinstitutions,publicutilitiesandheavyindustry.Eachofthesevitalcomponentsinmodernsocietynowreliesoninternet-protocolcommunicationstorunefficiently,andinmostcasesthenewtechnologywasassimilatedwithoutacarefulassessmentofitsvulnerabilitytoattackbyoutsiders.
ThisreportprovidesanoverviewofthethreattoAmerica’sinformationnetworks,especiallythenetworksoperatedbythefederalgovernment.Itbeginsbyexplainingthespectrumofcyberthreatsthenationcurrentlyfaces,andthendetailsthepotentialconsequencesformilitary,civilandcommercialnetworks,theavailableremediesfordealingwiththedanger,andthestepsthegovernmenthastakentodateinimplementingsaidremedies.Itconcludeswithaseriesofrecommendations,themostimportantofwhichisthatgovernmentrecognizeitslimitationsandturntotheprivatesectorformostoftheexpertiseneededindefeatingcyberthreats.
Top TEN cyBER sEcuRITy mENAcEs oF 2008 (sANs INsTITuTE)
1.Web-siteattacksonbrowservulnerabilities,especiallybytrustedwebsiteswhereusershaveahighexpectationofeffectivesecurity.
2.Increasinglysophisticateduseof“botnets,”compromisedcomputersthathavebeennetworkedforillegitimatepurposeswithoutuserknowledge.
3.Verylarge-scaledatatheftbywell-resourcedpredators,includingorganizedcrimesyndicatesandforeigngovernments.
4.Attacksonmobilephones,whichbecauseoftheircomputingandnetworkingfeaturesaresusceptibletoviruses,wormsandotherthreats.
5.Insiderattackslaunchedbytrustedemployees,whocancircumventsecuritysystemsdesignedtocopemainlywiththreatsfromoutsiders.
6.Advancedidentitytheftbypersistentbotnets,wheremaliciousprogramscollectpersonalinformationoverextendedperiods.
7.Increasinglycapablespywarethatsecretlymonitorsuseronlinebehavior,whileprotectingitselffromdetectionanddeletion.
8.Exploitationofprogrammingerrorsonwebsites,enablingcriminalstopenetrateorganizationsandillegitimatelygeneratefinancialgains.
9.Sophisticated“socialengineering”attacks,inwhichonlinepredatorsmanipulateusersintodivulgingsensitiveinformationbyexploitingcognitivebiasesorcharacteristics.
10.Supply-chaininfectionofcomputers,resultingfromunwittingdistributionofmalicioussoftwarebyretailersonitemssuchascompactdisksandthumbdrives.
3
The ThreaT To am
erica’s NeTworks HIDDEN DANGER
THE NATuRE oF THE THREAT
Networksofonesortoranotherhaveexistedsincethedawnofcivilization.Digitalnetworks,though,arearelativelynewthing.Whetherwiredorwireless,digitalnetworksalloperateusingbinarycomputercode--thelanguageofonesandzerosthatisthefoundationforsoftware.Thebasicarchitectureoftheinformationageconsistsofcomputernodeswheredigitalinformationisstoredandused,andlinksthatconveythatinformationbetweennodes.Whenagroupofnodesandlinksareorganizedtoaccomplishsomesharedpurpose,theybecomeanetwork.
Theinternetcodesdigitalinformationsothatitcantraversemanydifferentnetworksasiftheywereasingleunifiedweb.Originallyconceivedtomaintainconnectivityinwartime,itgrewintoaworldwidephenomenonwhentoolsbecameavailablethatmadeiteasyforpeopletouseinternet-protocolcommunicationstosendoraccessinformationanywhereanetworkconnectionexisted.Unfortunately,predatorsquicklylearnedhowtoemploythenewtoolsfortheirownpurposes.Thus,fromtheearliestdaysoftheinformationage,therehasbeenconcernaboutsecuringtheinternetagainstthosewhowouldmisuseit.
Concernaboutcybersecuritygrewasinternet-stylecommunicationsbecamethepreferredmeansofconductingcommerce,governanceandotherformsofsocialinteraction.Today,digitalnetworksaresoubiquitousthattheirsuddendisappearancewouldleadtoeconomiccollapse,andyetmanypeoplearebarelyawaretheyarerelyingonnetworkswhentheyturnonthelights,gotothegrocerystoreorseekmedicalcare.Butthesamefeaturesthatmakedigitalnetworkspervasiveineverydaylifealsomakethemreadyconduitsforviruses,wormsandotherformsofmalicioussoftwarethatcandestroythewealthandwelfareofunsuspectingusers.Moreominously,cleverattackerspotentiallycanmanipulatethesystemsoitceasestofunctionentirely,leadingtowidespreaddeprivation,disorderandevendefeatatthehandsofaforeignpower.
Recenttrendsintheevolutionofcyberthreatshaveledmanyexpertstobelievethedangerisgrowingworse.First,malicioussoftwareisproliferatingatsuchanalarmingratethatnewapplicationsmayoutnumberlegitimatesoftwarereleases.Second,asthesemaliciousprogramsaresharedontheinternet,predatorsarebecomingmoresubtleandsophisticatedintheirefforts.Third,attacksincreasinglyseemtobeoriginatingfromwell-resourcedoperatorssuchasgovernmentsratherthandisaffectedfreelancers.Andfourth,thetoolsforcombatingthreats--fordetectingandblockingandtracingattacks--arenotkeepingupwiththedanger.
cyBER sEcuRITy TERms AND coNcEpTs (wIkIpEDIA)
Malicious software,or“malware,”iscomputercodedesignedtoinfectsystemswithouttheinformedconsentofusers.Amongthemostcommontypesofmalicioussoftwarespreadontheinternetarespyware,virusesandworms.Maliciouscodecanpenetrateacomputerthroughbothnetworkconnectionsandplug-indevices,andoncedownloadeditoftenisdifficulttodetectorremove.
Spywareismalicioussoftwaresurreptitiouslyinstalledoncomputersthatmonitorsuserbehaviorandpotentiallyaltersthewayinwhichcomputersfunction.Amongotherthings,spywaremaylogwhichwebsitesarevisited,collectpersonalinformation,installadditionalsoftwarewithoutuserknowledge,redirectbrowseractivityandevenchangecomputersettings.
Virusesareself-replicatingcomputerprogramsthatattachthemselvestootherprogramsandthenspreadamongcomputersvianetworkconnectionsorplug-indeviceswithoutuserawareness.Theirnamederivesfromtheeasewithwhichtheycanbespread,andtheharmfulconsequencestheyoftencauseincomputersonwhichtheyhavebeendownloaded.Themostdestructivevirusesimpairkeyfilesandprogramssuchascomputeroperatingsystems.
Wormsareanotherkindofself-replicatingprogramthatspreadsovernetworkconnectionswithoutuserconsent.Unlikeviruses,wormsdonotneedtoattachthemselvestootherprogramsinordertospread.Beyondtheirabilitytospreadquickly,wormsoftencarrypayloadsofadditionalcodethatenablethemtomodifyinfectedcomputers,forexamplebydeletingfilesorinstalling“backdoors”thatallowremotecontrollerstousethecomputersformaliciouspurposes.
Botnetsarenetworksofsoftwarerobotsthatoperateautonomouslyincompromisedcomputers.Systemsthathavebeeninfectedinthisfashionaresometimescalled“zombie”computers,becausetheyarelinkedtogetherbyremotecontrollersformaliciouspurposeswithoutuserawareness.Atypicalbotnetincludesthousandsofcompromisedcomputersservingsomecommon,illegitimatepurpose,andbotnetscontainingoveramillioninfectedcomputershavebeenuncovered.
Phishingisaformofonlinefraudinwhichsensitiveinformationsuchaspasswordsandcredit-cardnumbersareobtainedbymisleadingusers.Themostcommonformofphishingistosendemailsorinstantmessagesdirectinguserstowebsitesthatelicitpersonaldetailsforcriminalpurposes.Phishingisfrequentlyemployedbypredatorsaspartof“socialengineering”strategiesforexploitingthecognitivebiasesofonlineusers.
5
The ThreaT To am
erica’s NeTworks HIDDEN DANGER
THE mIlITARy DImENsIoN oF DANGER
Inrecentyears,America’sarmedforcesandintelligenceagencieshavefacedrapidlyescalatingattacksontheirinformationnetworksfromcountriessuchasRussiaandChina,andfromavastarrayoflesscapableperpetrators.Thisfacetofthecyberthreatislargelyinvisibletothegeneralpublic,becausethegovernmentisnoteagertoadvertiseitsvulnerabilitiesorhowmuchitknowsaboutwhoismountingtheattacks.Onemeasureofthedanger,though,istheBushAdministration’sdecisiontolaunchaComprehensiveNationalCybersecurityInitiativetoprotectgovernmentnetworksduringitsfinalyearinoffice.Theinitiativewasreportedtobethebiggestnewiteminthefiscal2009intelligencebudget.
MilitaryplannersandintelligenceanalystshavelongknownthatadversarieswouldseektocompromiseU.S.networksinwartime.Theideaoftargetingkeynodesinenemynetworkshasalonghistorythatpredatestheinformationage,asreflectedintheplanoftheArmyAirForcestotargetelectricalgrids,refineriesandcommunicationnodesinWorldWarTwo.Buttheadventofdigitalnetworkshasaddedanewtwisttothisstrategy.Inthepast,themilitarywasconcernedmainlywith“kinetic”attacksonitsnetworksusinghigh-explosivemunitions,orgross“non-kinetic”effectssuchastheelectromagneticpulsegeneratedbynuclearblasts.Today,itmustalsoworryaboutmoreelusivedangerssuchasmalicioussoftwarethatunderminesthereliabilityandsecurityofvitalsystems.
Likecivilianusers,America’smilitaryhaseagerlyembracedthepromiseofinternet-protocolcommunications,identifyingmyriadwaysinwhichthenewtechnologymightenhancethesurvivabilityandeffectivenessofwarfighters.Butasthejointforcebecomesincreasinglynet-centric,italsobecomesmorevulnerabletocyberthreats.CyberoperativeshaverepeatedlypenetratedPentagonnetworksandothernational-securitysitessuchastheEnergyDepartment’snuclear-weaponslaboratories.Althoughmilitaryandintelligencenetworksaresupposedtobeisolatedfromtheinternet,itonlytakesoneintrusionviaacellphoneorlaptopcomputerforwholeorganizationstobepenetrated,andsuchattackscanbeexecutedanonymouslybypredatorsontheothersideoftheworld.
ThegreatestmilitarydangerraisedbycyberthreatsisthatAmerica’sarmedforcesandintelligenceagencieswilllosewhattheycall“informationdominance,”thecapacitytoassurefriendlyinformationflowswhileimpedingthoseofadversaries.Thatisarealpossibility,becausethebattleformilitarysupremacynowisconductedusingtoolsavailabletomanypotentialadversaries,andmilitaryorganizationsmaylacktheagilitytokeepupwithsuchadiverseandfluidthreat.Itishardtodeterattackswhentheirpointoforigincannotbeidentified,andharderstilltoknowhowcompromisedkeynetworksmaybeuntilthemomentwhentheyaremostneeded.Whatcanbesaidwithcertainty,though,isthatvirtuallyallofAmerica’senemiesgrasphowimportantdigitalnetworksaretotheeffectivenessofthejointforce.
cyBER sEcuRITy mIlEsToNEs
1986:FirsttruecomputervirusoriginatesinLahore,Pakistan.
1988:Firstwell-knownworm,calledInternetWorm.
1997:Presidentialcommissionproducesfirstauthoritativepublicassessmentof cyberthreats.
2000:ClintonAdministrationissuesfirstnationalplantoaddresscyberthreats.
2001:PresidentBushsignsexecutiveordermakingcybersecurityanationalpriority.
2002:Federalcyber-securityactivitiesconsolidatedundertheDepartmentof HomelandSecurity.
2003:WhiteHouseissuesNationalStrategytoSecureCyberspace.
2004:U.S.ComputerEmergencyReadinessTeambeginsEinsteininitiativetotrack cyberthreats.
2005:ChinesePeoplesLiberationArmybeginsincludingnetwork-attacktacticsin militaryexercises.
2006:JointChiefsofStaffpublishesNationalMilitaryStrategyfor CyberspaceOperations.
2007:ChinesehackerspenetratenetworksinPentagonandnationallab;Estonia’s networksdegradedbyRussiancyberattacks.
2008:BushissuesdirectivesestablishingComprehensiveNationalCybersecurity Initiative;RussianinvasionofGeorgiaprecededbycyberattacks.
7
The ThreaT To am
erica’s NeTworks HIDDEN DANGER
THE EcoNomIc DImENsIoN oF DANGER
TheinformationagehasbroughtaboutamassivetransformationoftheAmericaneconomy.Workersaremoreproductive,bordersaremoreopen,relationshipsaremorefluidandthepaceofbusinessactivityismuchfaster.Thefoundationformostofthesechangesisaglobalinfrastructureofinformationnetworksthathasobliteratedgeographical,organizationalandtechnologicalbarrierstoefficiency.Everymajorindustryhasassimilatedinternet-protocolcommunicationsintoitsoperatingproceduresasawayofsavingmoneyandstayingcompetitive.Asaresult,theentireeconomyisnowsodependentondigitallinksthatitcouldnotfunctionwithoutthem.
Becausethistransformationhasunfoldedovertwodecadesinmanydifferentways,mostcitizensdonotgraspjusthowdependenttheyareoninformationsystems.Forexample,iftheinformationinfrastructurewereseverelycompromised,telecommunicationsandelectricitygridswouldceaseoperating,foodsupplieswouldbecomedepleted,financialtransactionswouldbeunexecutable,andairtrafficcontrolwouldbenearlyimpossible.Oneexperthascomparedthefailureoftheinformationinfrastructuretothesimultaneousarrivaloffiftymajorhurricanesintermsofhowdisruptiveitwouldbetothenationaleconomy.
Againstthisbackdrop,therapidproliferationofcyberthreatsandtheapparentadoptionbysomecountriesofinformationwarfareasanationalstrategyisverytroubling.Mostofthenation’seconomicinfrastructureincludingtheinformationgridsisprivatelyowned,andtherearelegalbarrierstodeterminingpreciselyhowvulnerablepartsofitmaybe.ExperimentsconductedbytheDepartmentofHomelandSecurityhavedemonstratedhowinternetpredatorsmightpenetrateutilitiesandshutthemdown,butnoonereallyknowsthedegreetowhichpotentialadversariesarealreadypoisedtodoso.EvenwhenitcanbeproventhatelectronicattacksondomesticnetworkswerelaunchedfromplaceslikeChina,thereisnosurewayofknowingwheretheyactuallyoriginated.
Thechallengeofguardingnetworkssupportingthenationaleconomyisexacerbatedbythemyriadwaysinwhichdigitaloperatingsystemsandapplicationsmightbecompromised.Malicioussoftwareisbeinggeneratedanddisseminatedonsuchavastscalethatevenwhenitisdetected,thereoftenisnoimmediateremedyfortheproblem.Theinternetissoubiquitousandanonymousthatthereisnopracticalwayofsuppressingsuchsoftwarewithoutseverelyimpairingthefunctionalityofthewholesystem,whichitselfcouldbecomeasignificantburdentotheeconomy.Nonetheless,manyexpertsfearthatitisjustamatteroftimebeforecyberpredatorsdoseriousdamagetothenationaleconomy,andsomecontendthatisalreadyhappeningtoday.
cyBER ATTAck cAsE sTuDy (NEw yoRk TImEs)
•Thefederalgovernment’sOakRidgeNationalLaboratory,whichisengagedinnuclearresearch,reportedinDecemberof2007thatitsinformationnetworkshadbeentargetedbyaseriesofsophisticatedcyberattacks.
•Theattacks,whichbeganonOctober29,2007,consistedofsevenseparate“phishing”emailsdisguisedasofficialmessagesandotherprofessionalcommunicationsthatweresenttoatotalof1,100OakRidgepersonnel.
•Whenopened,theemailswouldautomaticallydownloadprogramsontousercomputersthatcollectedspecifictypesofinformationsuchaspasswordsandsenttheinformationtowhoeverinitiatedtheattack.
•ThefraudulentemailsweretracedtowebsitesandinternetaddresseslinkedtoChina,butthosemayhavebeenonlythelast“jump”inaseriesofrelaysdesignedtohidethetruesourceoftheattacks.
•AboutonepercentofOakRidgepersonnelreceivingtheemails--11outof1,100--openedthem,butofficialssaidthosebreachesweresufficienttoallowinfiltrationofnetworksandtheftofdata.
•Noclassifiedinformationappearedtohavebeenstolen,inpartbecausetheattacksweretargetedtoprivate-sectornetworksassociatedwithOakRidgeratherthaninternallaboratorynetworksinsulatedfromtheinternet.
•TheU.S.ComputerEmergencyReadinessTeam(US-CERT)thatinvestigatedtheincidentsissuedanadvisorystatingthattheattackswerehighlysophisticatedintheirtargetingandcoordination.
•However,privateexpertsnotedthatsuchphishingincidentsareextremelycommonontheglobalinternet,andthatperpetratorshavebecomeverycleverinconstructingdeceptivemessagesandprograms.
•Nodefinitivedeterminationwasevermadepublicconcerningwholaunchedtheattacksandwhattheirmotivewas,leavingobserverstospeculatewhetheritwastheChinesegovernment,someothergovernmentorinternetcriminals.
9
The ThreaT To am
erica’s NeTworks HIDDEN DANGER
DEFENsEs AGAINsT cyBER ATTAck
Findinglastingsolutionstothedangerposedbycyberthreatsisanextremelycomplicatedchallenge.Thethreatstakemanyforms,andareconstantlyevolving.Thecyberspacedomaininwhichtheyunfoldisanarchicandanonymous,sprawlingacrosspoliticalandgeographicalboundariesinamannerthatdefiesregulation.Manyoftheremediesproposedtolimitabusesalsolimitthefreedomofusers.However,ifthefederalgovernmentcannotfindaworkableapproachtodeterringanddefeatingcyberthreats,thenAmericamaybeunabletosustainitsmilitaryandeconomicedgeintheinformationage.
Mostexpertsagreethatafewbasicprinciplesarecentraltoanyeffectivedefense.First,usersmustbeawareofthedangerandtrainedtoavoidcreatingvulnerabilitiesthatcanbeexploitedbypredators.Second,accesstosensitivenetworksmustbecontrolledbylimitingpointsofentry,blockingorfilteringtrafficthroughthosepoints,andinstitutingrigorousauthenticationproceduresforlegitimateusers.Third,networksoftwareandproceduresmustbecontinuouslyupdatedtoeliminateweaknesses,andtestedtoassuregapshavebeensuccessfullyclosed.Fourth,theremustbeamechanismamongnetworkadministratorsforsharinginformationaboutthreatsthatprovidestimelyandusefulwarningofdanger.Fifth,defensivemeasuresmustbesensitivetothemissionsofusers,sothattheydonotimpairnetworkfunctionalityintheprocessofprovidingprotections.
TherespectedSANSInstituteusesasix-stepframeworkforexplaininghowcyberincidentsshouldbeaddressedthatbeginswithbeingprepared,andthenproceedsthroughidentificationofdanger,containmentofthethreat,eradicationofthethreat,systemrecoveryandfollow-up.Eachofthesestepsmayentaildozensofdiscreteactionsaimedatdetecting,characterizing,isolatingandsuppressingthedanger,andthenrestoringthenetworktoitsbeginningstate.Expertstypicallystresstheimportanceofbeingpreparedbeforeanattackoccurs,andconductingpost-mortemstoderiveusefullessonsabouthowdangerscanbeminimizedinthefuture.Militaryexpertsalsoemphasizetheimportanceofdevelopingoffensivecybercapabilitiesasawayofdeterringorcounteringattacks.
Whilethegenericmeasuresnecessarytocopewithcyberaggressionareeasyenoughtoidentify,applyingthemtospecificthreatsandmissionareascanbedevilishlydifficult.Effortstodosohaverevealedanumberofchronicproblemsthatpolicymakersmusteventuallyaddress.First,vitalnationalnetworksaresobalkanizedamongmilitary,civilandcommercialoperatorsthatitisdifficulttoenforceanyparticularstandardwithregardtocyberdefense.Second,theinabilitytotraceattacksmadeovertheinternettotheirpointoforiginseverelyhamperseffortstodeterorpunishpredators.Third,networkadministratorsseldomhavethesortofenterprise-wideviewoftheirinformationassetsneededtofashionadurableandcompletesecurityregime.Finally,governmentbyitsnatureisnotwellequippedtokeepupwithsuchafluidandmultifacetedchallenge.
cyBER DEFENsE pRoDucTs AND pRocEssEs (lockHEED mARTIN)
Security ASSeSSment
•Dataanalysis•Penetration&vulnerabilitytesting•Certification&accreditation•Compliancemanagement•Riskassessment
intruSion Deterrence
•Awareness&training•Identity&accessmanagement•Authenticationprocedures•Biometrics•Encryption
intruSion Detection
•Networkmonitoring•Modeling&simulation•Datafusion•Intrusiondetection•Command&control
intruSion reSponSe
•Forensicanalysis•Reverseengineering•Disassemblers•Informationoperationsmetrics•Tracing&attribution
SyStem reconStitution
•Systembackup•Loadbalancing•Designredundancy•Recoverable&self-healingsystems•Virtualization
11
The ThreaT To am
erica’s NeTworks HIDDEN DANGER
FEDERAl oRGANIzATIoN FoR cyBER DEFENsE
Thefederalgovernmentacquiredmostofitsinformationnetworksonapiecemealbasis,withoutmuchthoughtastohowthepartsmightonedayfittogetherorhowenemiesmighttrytoexploitthem.Thegovernment’srecenteffortstoorganizeforcyberdefensehavebeenhamperedbythefragmentedcharacteroffederalinformationsystems.Thisproblemiscompoundedbythefactthatmanynetworksvitaltotheeconomyareintheprivatesector,andthelegalauthoritiesforimplementingsecuritymeasuresthereareincompleteatbest.
Withinthefederalgovernment,mostofthefundingallocatedtoinformationsecurityandoffensivecyberoperationsisspentbyagenciesoftheDepartmentofDefense.ThebiggestplayeristheNationalSecurityAgency(NSA)atFortMeade,Maryland,whichsincetheearlydaysofthecoldwarhasbeenengagedincollectingandanalyzingsignalsintelligence.NSAappearstohaveleadresponsibilityforsecuringallintelligencenetworks,anditsharesexpertisewiththeDefenseInformationSystemsAgencythatoverseesmilitarynetworks.U.S.StrategicCommandistheleadcombatantcommandresponsibleforinformationoperationsandcybersecurity.Inaddition,eachofthemilitarydepartments--theArmy,NavyandAirForce--hasadedicatedcommandformanaginginformationnetworksandassuringtheirsecurity.
Althoughitreceivesmuchlessmoneyfornetworkoperationsandsecuritythanthedefensedepartment,theDepartmentofHomelandSecurity(DHS)istheleadfederalagencyforcoordinatingnationalcyber-defenseinitiatives.DHSmaintainsaNationalCyberspaceResponseSystemthatincludestheU.S.ComputerEmergencyReadinessTeam,orUS-CERT,thebestknowndomesticrespondertocyberincidents.ANationalCyberSecurityCenterwasrecentlyestablishedwithinDHStooverseetheComprehensiveNationalCybersecurityInitiativebegunbytheBushAdministrationinearly2008.Thatinitiative,whichextendsovermanyyearsandentailsdozensofdifferentprojects,issupposedtointegratethesecurityeffortsofbothdefenseandcivilagenciesinaddressingallofthegovernment’scybervulnerabilities.
However,asthisbriefdescriptionoffederalorganizationforcyberdefensedemonstrates,thestructureofthegovernmentdoesnotlenditselftotimelyandconsistentimplementationofnetwork-securitymeasures.Thethreatisevolvingtoofast,andontoomanyfronts.Clearly,nosingleagencycanaddresstheentirecyberchallenge,becauseitcrossesallorganizationalandoperationalboundaries.Variousdepartmentsoragenciesmaywishtoleadthecyber-securityeffort,buttheylacktheauthoritytodirectactionsbyorganizationsoutsidetheirbudgetorchainofcommand.OnlytheWhiteHousehasthepowertoleadsuchamultifacetedundertaking,andtheNationalSecurityCouncilisthelogicalmechanismwithintheWhiteHouse.WithoutWhiteHouseleadership,bipartisansupportandpublicawareness,itisunlikelythatAmericacandefeatthedangertoitsvitalinformationnetworks.
cyBER INsIGHTs
In the last century, geographic isolation helped protect the United States from a direct physical invasion. In cyberspace national boundaries have little meaning. Information flows continuously and seamlessly across political, ethnic, and religious divides. Even the infrastructure that makes up cyberspace -- software and hardware -- is global in its design and development. Because of the global nature of cyberspace, the vulnerabilities that exist are open to the world and available to anyone, anywhere, with sufficient capability to exploit them.
NationalStrategytoSecureCyberspace,2003
Our information infrastructure -- including the internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries -- increasingly is being targeted for exploitation and potentially for disruption or destruction, by a growing array of state and non-state adversaries. Over the past year, cyber exploitation activity has grown more sophisticated, more targeted, and more serious. The Intelligence Community expects these trends to continue in the coming year.
DirectorofNationalIntelligenceAdm.MichaelMcConnell,2008
We need to prevent terrorists or spies from hacking into our national security networks. We need to build the capacity to identify, isolate and respond to any cyber attack. And we need to develop new standards for the cyber security that protects our most important infrastructure -- from electrical grids to sewage systems, from air traffic control to our markets.
President-ElectBarackObama,2008
13
The ThreaT To am
erica’s NeTworks HIDDEN DANGER
PRINTEDINTHEUNITEDSTATESOFAMERICA
NOVEMBER2008
IssuEs FoR THE NEw ADmINIsTRATIoN
In2008,theBushAdministrationbeganaComprehensiveNationalCybersecurityInitiativethatwilleventuallyspendover$10billionstrengtheningdefensesofgovernmentnetworks.Duringthatyear’spresidentialcampaign,SenatorMcCainnotedthegrowingmilitaryroleofinformationoperations,whileSenatorObamastatedthatthegovernmentneededtobuild“thecapacitytoidentify,isolateandrespondtoanycyberattack.”Itappearsthatnationalleadersgrasptheimportanceofnetworksecurityandinformationassurance.Butseeingtheproblemisn’tthesamethingassolvingit.Beforethatcanoccur,thereareeightbasicquestionsthenewadministrationneedstoanswer.
1.Docurrenttrendsincyberthreatsindicatethenationfacesarealcrisisofconfidenceinitsnetworks,orareeffortslikethecomprehensivecyber-securityinitiativesufficienttodealwiththechallenge?
2.Givenhowimportantglobalconnectivityistoinformationsuperiority,isitpossibletosecureessentialnetworkswhilestillmaintaininglinkstotheanarchicandanonymousinternet?
3.Willtheinternetinitscurrentformeverpermituserstotracesophisticatedattackstotheirsource,sothatabusescanbeeffectivelydeterredand/ordefeated?
4.Whatlegalauthoritiesarerequiredsothatthegovernmentcanovercomebarrierstodealingwithattacksoncriticalprivate-sectornetworks,andestablishconsistentsecuritystandards?
5.Whatistheproperrelationshipwithinthegovernmentbetweennetworkdefenseandoffensiveinformationoperationsinformulatinganintegratedcyber-securityposture?
6.Howcanthegovernmentencourageaholistic,enterprise-wideunderstandingofitsnetworkresourcesandchallenges,sothatsolutionsaredevelopedinatrulycomprehensiveratherthanpiecemealfashion?
7.IstheDepartmentofHomelandSecurityanappropriatevehicleformanaginggovernment-widecyber-securityefforts,orisamorefocusedorganizationbettersuitedtothetask?
8.Ifthegovernmentistooslowordecentralizedtokeepupwiththerapidproliferationofcyberthreats,howcanittapmoreagilesuppliersofnetworksecurityinthemarketplace?
Thesequestionsneedtobeansweredbeforethenationsuffersthedigitalequivalentofa9-11attackthatsomanyexpertshavebeenpredicting.Despitethegrowingarrayofproblemsassociatedwithusingandsecuringinternet-stylenetworks,virtuallynobodyinthegovernmentthinksitisdesirabletoreturntoapre-internetwayofdoingbusiness.Sotherealissuepolicymakersfaceinmeetingthecyber-securitychallengeisn’twhethertheycanlivewithoutdigitalnetworks,buthowtheypreventAmerica’senemiesfromusingthosenetworksagainstus.
Recommended