When Keyboards are drawn - Urban Information Warfare

When Keyboards are drawn - When Keyboards are drawn - Urban Information WarfareUrban Information Warfare

Ofer Shezaf, XiomFebruary 2003

wwwwww.. ..cocomm

2w

ww

ww

w.. .. c

oco

mmDefinitionDefinition

Information Warfare (my definition)“The use of digital technologies to damage the critical infrastructure of a state”

So,Damage – destruction, demolition, devastation.

Critical infrastructure - no more Web sites breaking

State - no more photo sending “analyzers”.

But, yes, still digital technologies – but not too much.

And, yes, politics – but not today.

3w

ww

ww

w.. .. c

oco

mmPresentation HeadlinesPresentation Headlines

How is information warfare different?

Information Warfare Targets

Attacker capabilities

The infrastructure organization model

Network model

Administration networks exposures

Operational networks exposures

Model Case Studies

So, What can we do?

4w

ww

ww

w.. .. c

oco

mmIntroduction to IWIntroduction to IW

How is information warfaredifferent from your every dayAttack?

5w

ww

ww

w.. .. c

oco

mmTargetsTargets

Who?Infrastructure Companies, including power, water and communication.

Financial institutions.

Government & Army.

What?Destruction of equipments

Destruction of control systems

How?Time bombs.

6w

ww

ww

w.. .. c

oco

mmAttacker CapabilitiesAttacker Capabilities

Financial resources

Technical expertise

Intelligence

Legal flexibility

Section: Introduction to IW

7w

ww

ww

w.. .. c

oco

mmFinancial & Technical ResourcesFinancial & Technical Resources

Hundreds, thousands… of man-years per project.

Duplication of any system at target.

Ability to actively seek vulnerabilities, especially in lesser known systems.

Usage of custom attack code per target.

Security by obscurity is no longer an option

8w

ww

ww

w.. .. c

oco

mmIntelligence & legal issuesIntelligence & legal issues

Human intelligence …. SpiesBest of bread “social engineering”: pay, blackmail, steal.

Operate spies to access internal systems.

Signal intelligence … Communication interceptionA global sniffer: clear text password.

Intelligence about systems and topology.

Legal immunity to attacker.

License to crack

9w

ww

ww

w.. .. c

oco

mmPresentation HeadlinesPresentation Headlines

How is information warfare different?

Attacker capabilities

Information Warfare Targets

The infrastructure organization model

Network model

Administration networks exposures

Operational networks exposures

Model Case Studies

So, What can we do?

10w

ww

ww

w.. .. c

oco

mmExposures in Infrastructure NetworksExposures in Infrastructure Networks

The common design of networksin infrastructure organizationcreates similar Vulnerabilities.

11w

ww

ww

w.. .. c

oco

mmBasic Network Topology Basic Network Topology

ExternalNetworks

AdministrativeNetwork

OperationalNetworks

12w

ww

ww

w.. .. c

oco

mmCracking the administrative networkCracking the administrative network

AdministrativeNetwork

Internet

1

Business Partners ?

2

Sockets in public offices

3

Access to a large number of people

4

13w

ww

ww

w.. .. c

oco

mmCracking the Operational networkCracking the Operational network

OperationalNetworks

Admin.Network

Operations Design

1

Remote Signaling

2

Monitoring

3

ApplicationSecurityProblem

4

Direct connections to Operational network

5

No InternalSecurity

6

14w

ww

ww

w.. .. c

oco

mmPresentation HeadlinesPresentation Headlines

Introduction to information warfare

Attacker capabilities

Information Warfare Targets

The infrastructure organization model

Network model

Administration networks exposures

Operational networks exposuresModel Case Studies So, What can we do?

15w

ww

ww

w.. .. c

oco

mmExamplesExamples

Is it all for real?

16w

ww

ww

w.. .. c

oco

mmModel Case StudiesModel Case Studies

Shutting down communication switches, thus preventing phone services.

Destroying power generators.

Derailing trains.

Exploding refineries and other chemical plants.

Crashing air-planes.

17w

ww

ww

w.. .. c

oco

mmSolutionsSolutions

So, What can I do to avoid suchdisasters?

18w

ww

ww

w.. .. c

oco

mmSolutionsSolutions

Use layered security.

Deploy stronger intra-organization security mechanisms.

Strengthen complementary security mechanisms such as physical security and employees assurance.

Allocate independent security resources to operational networks.

Strive for world peace.