1
http://www.businessdayonline.com/wp-content/uploads/2017/06/internet.jpg
Cyber Threats:Implications for the
Present and the Future
84th Annual South Texas County Judges and Commissioners Association Annual Conference
June 13, 2018McAllen, Texas
Dr. Danny W. DavisThe Bush School of Government and Public Service
Texas A&M University
Agenda1. Introduction and Purpose
2. Challenges
3. Definitions
4. Coding 101
5. Trends
6. Attacks, Hacks and Security Events
7. Federal Responsibilities, National Policies and Agencies
8. Threats (Cyber and Physical) to the Texas Election System – A Recent Study
9. Internet of Things – IofT
10.Three Webs - Surface Web Deep Web Dark Web
11.Adversaries
12.Helpful Programs and Tools of Interest
13.Seven Components to Cybersecurity
14.Bottom Line – Learn and Train - Continuously
2
In 1845, how long did it take for the mail to get from the east coast to California?
Six months by sea, around the Tierra del Fuego. Or sail to Isthmus of Panama, then walk or ride a mule across to the Pacific side. Then try to catch a ship headed north.
What was the next improvement?
By 1860, the Butterfield Stage Line was making the trip from St. Louis through El Paso to California in 25 days.
Purpose
A general overview of how cyber threats jeopardize public and private affairs…
…and provide recommendations on how to mitigate negative consequences.
Cyber Comes to the Diplomatic Front
6Pinterest.com
Two Presidents and China's Premier Xi
Theft of US intellectual property One of many topics under discussion
3
Vignette
https://www.youtube.com/watch?v=9SeJJh-a-tg
Questions & Answers
Q: Is the Federal government prepared to defend its cyber borders?
A: Perhaps.
Q: Are State governments prepared to defend their virtual borders?
A: Maybe in some areas (e.g. infrastructure), maybe not in other (e.g. voting systems).
Q: Are Local governments prepared to defend their machines and networks?
A: Answer that for your own county.
Q: Can all jurisdictions respond and recover from cyber attacks?
A: Maybe, but not if it manifests physical destruction (e.g. Stuxnet), or strategically cripples private companies with the intent to destroy economies.
Q: Is a cyber attack grounds for war?
A: Great question!
Q: What does this mean for the public administrator?
A: Learn and prepare!
Issues Challenging US Cybersecurity
1. Uncertainty of
geographic
location of
perpetrators
https://sp.yimg.com/ib/th?id=HN.608042407449332594&pid=15.1&P=0
Issues Challenging US Cybersecurity2. Evolving integration of mobile technology devices
3. Introduction of new vulnerabilities
4. Poorly coordinated federal-private sector coordination
5. Legal ambiguities with respect to US response and offensive actions
4
Definitions
What is cyberspace? “A global domain within the information environment consisting of the interdependent network of IT infrastructures, including the Internet, telecomm networks, computer systems, and embedded processors and controllers.” (DoD, Joint Publication 3-12)
http://wp.production.patheos.com/blogs/asenseofplace/files/2013/09/cyberspace.png
Is there another element of this “space”?
Human Beings
Cyberterrorism, FBI’s definition:
• “premeditated, politically motivated attack against computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine [hidden, illegal] agents.”
• Four requirements to meet definition (according to Dimov):
- use of electronic equipment;
- target critical infrastructure;
- attack is on electronic equipment;
- initiator of the attack must be labeled a terrorist.
12
5
What is Cyberwar?“Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or denial-of-service attacks”. (RAND)
http://www.rand.org/topics/cyber-warfare.html
http://lubyanka.org/news/2011/01
“War is the continuation of politics by other means.”-Carl Von Clausewitz
http://breakinggov.com/2012/07/16/cyber-intelligence-conflict-in-the-5th-domain/
How do we intellectually organize to fight our wars?
Fifth Domain of Warfare - Cyberspace
http://geographicalimaginations.com/tag/cyberspace/http://cco.ndu.edu/News/Article/1020147/special-operations-doctrine-is-it-needed/
6
Cyberinfrasturcure“Cyberinfrastructure consists of computing systems, data storage systems, advanced instruments and data repositories, visualization environments, and people, all linked together by software and high performance networks to improve research productivity and enable breakthroughs not otherwise possible”.Indiana Universityhttp://grids.ucs.indiana.edu/ptliupages/publications/paper_what_is_cyberinfrastructure_penultimate_really.pdf
Layers of cyberspace
infrastructure
data
boxes and wires
Instructions and protocols
the basic equipment and structures (such as roads and bridges) that are needed for a country, region, or organization to function properly
Merriam-Webster
➢Cyber Infrastructure
7
Coding Video
https://video.search.yahoo.com/video/play;_ylt=A2KLqIPuP6BWbQMA8XIsnIlQ;_ylu=X3oDMTByN2RnbHFoBHNlYwNzcgRzbGsDdmlkBHZ0aWQDBGdwb3MDMw--?p=computer+coding&vid=0e05949e8658dc951ce919fbd3584040&turl=http%3A%2F%2Ftse4.mm.bing.net%2Fth%3Fid%3DOVP.V6633021a8061b90776e99be306434822%26pid%3D15.1%26h%3D168%26w%3D300%26c%3D7%26rs%3D1&rurl=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWOhAA0kDtuw&tit=Computer+coding+concepts+explained&c=2&h=168&w=300&l=102&sigr=11bgn8air&sigt=112u21f8t&sigi=13152qc74&age=1441044111&fr2=p%3As%2Cv%3Av&fr=yhs-mozilla-003&hsimp=yhs-003&hspart=mozilla&tt=b
Trends• Artificial Intelligence Machine Learning
• Zero-Day Exploits and Insider Threats
• Social Media Phishing and Identity Theft
• Crypto Currency Anonymous payments; 1,500 coins;
BitCoin, Ripple, Steem, Stellar, LiteCoin
• Dark Fiber Intranet for Infrastructure
• Cloud Services
Sources: Federal Chief Information Officer Council, Microsoft, Future Today Institute, Deloitte
• The FBI’s Internet Crime Complaint Center’s (IC3) analysts review individual complaint data, identifying and grouping complaints with similar information.
• These complaints are collated and referred to state, local, federal, tribal and international law enforcement for potential investigation.
Trends
https://www.fbi.gov/news/stories/ic3-releases-2016-internet-crime-report
8
• Most common goal of hacking is to steal data
- referred to as CNE (computer network exploitation)
-Unauthorized access can
lead to:
1) Disruption
Loss of capacity,
causes errors, etc.
2) Corruption; data and
algorithms changed
Attacks – Hacks – Security Events
Points for Discussion – Attacks – Hacks – Security Events
• Cyberattacks are only possible due to vulnerabilities in systems
• Targets (computers, systems and networks) must be accessible and have vulnerabilities
– And those vulnerabilities must be exploited.
• Cyberattacks can then result as these vulnerabilities are exploited
• Cyberattack / hack effects are temporary
– First priority is to decide if further attacks are coming
– Second‐ make it look like effects were minimal
– Third‐recover, re-establish capability
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack.
Exploit- an attempt to take advantage of a vulnerability to gain access to a system or get it to accept rogue instructions
Distributed Denial of Service - DDoS
9
Types of Attacks
• Denial of service ‐ A method of attack from a single source that denies system access to legitimate users by overwhelming the target computer with messages and blocking legitimate traffic. It can prevent a system from being able to exchange data with other systems or use the Internet.
• Distributed denial of service ‐ A variant of the denial‐of‐service attack that uses a coordinated attack from a distributed system of computers rather than from a single source. It often makes use of worms to spread to multiple computers that can then attack the target.
• Exploit tools ‐ Publicly available and sophisticated tools that intruders of various skill levels can use to determine vulnerabilities and gain entry into targeted systems.
• Source GAO‐05‐434 DHS’s Role in CIP Cybersecurity
Types of Attacks
• Logic bombs - A form of sabotage in which a
programmer inserts code that causes the program
to perform a destructive action when some triggering
event occurs, such as terminating the programmer’s
employment.
• Phishing - The creation and use of e-mails and Web sites—designed to look like those of well-known legitimate businesses, financial institutions, and government agencies—in order to deceive Internet users into disclosing their personal data, such as bank and financial account information and passwords.
• Watering Hole - In such an attack, the target is a particular group (company, industry, even a region). The attacker determines the websites most often used by a group of users and infects one or more of them with malware.
http://besser.tsoa.nyu.edu/impact/f96/Projects/smistry/logicbomb.gif
http://4.bp.blogspot.com/-klhVXmHdPj0/T_lh0-HuQtI/AAAAAAAABEE/7Vpd3SWgEYU/s1600/phishing.jpg
Types of Attacks • Sniffer - Synonymous with packet sniffer. A program that
intercepts routed data and examines each packet in search of specified information, such as passwords transmitted in clear text.
• Trojan horse - A computer program that conceals
harmful code. A Trojan horse usually masquerades
as a useful program that a user would wish to execute.
• Virus - A program that infects computer files, usually executable programs, by inserting a copy of itself into the file. These copies are usually executed when the infected file is loaded into memory, allowing the virus to infect other files. Unlike the computer worm, a virus requires human involvement (usually unwitting) to propagate.
http://fc03.deviantart.net/fs70/f/2012/121/a/4/trojan_horse___color_by_jacktzekov-d4y7ly9.jpg
10
Types of Security Attacks
• Internal threats
– Some consider this to be the most serious
– Need inside help to attack closed systems
– Two ways to get in closed systems:
• Recruit insiders
• Manipulate the supply chain to get access to components and manipulate them
– We worry about other nations since they supply so
many electronic components
Federal Responsibilities
.gov and coordination with private sector
.mil and cyberwar
National PoliciesSome Federal laws and directives related to
cybersecurity include:
➢ The Cybersecurity Act of 2015○ Requires federal agencies to work with private entities in order to
transform their relationships into partnerships
➢DHS Strategic Plan 2014-2018○ Protection of US cyber domain is one of the top 5 DHS priorities
National Security Strategy December 2017o IMPROVE ATTRIBUTION, ACCOUNTABILITY, AND RESPONSEo ENHANCE CYBER TOOLS AND EXPERTISE:o IMPROVE INTEGRATION AND AGILITY
11
Federal laws and policies affecting cybersecurity include:
- Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, May 11, 2017
- managing cybersecurity risk is an executive branch enterprise.
- IT and data should be secured responsibly...
- H.R.1616—Strengthening State and Local Cyber Crime Fighting Act of 2017
- authorizes a National Computer Forensics Institute within the U.S. Secret Service. The institute shall: (1) disseminate information related to the investigation and prevention of cyber and electronic crime and related threats; and (2) educate, train, and equip state, local, tribal, and territorial law enforcement officers, prosecutors, and judges.
Federal laws and policies affecting cybersecurity include: BECAME LAW
- H.R.3364—Countering America's Adversaries Through Sanctions Act
- The bill provides sanctions for activities concerning: (1) cyber security, (2) crude oil projects, (3) financial institutions, (4) corruption, (5) human rights abuses, (6) evasion of sanctions, (7) transactions with Russian defense or intelligence sectors, (8) export pipelines, (9) privatization of state-owned assets by government officials, and (10) arms transfers to Syria.
- H.R.244 — Consolidated Appropriations Act, 2017- Provides appropriations to the Department of the Treasury for
Departmental Offices, including: the Cybersecurity Enhancement Account.
Vignette
https://www.youtube.com/watch?v=rg2G0NKfIKY
12
Investigation of Threats (Cyber and Physical) to the Texas Election System
Implications for Texas’ Voters
Presented to the Texas Department of State on May 15, 2018
By Members of the Bush School of Government and Public Service
Texas A&M University
Part A: County Voting Systems
Findings:
1. The major vulnerability of the physical security of DRE machines and the paper ballots is the accessibility of these machines and ballots.
2. Ballot bins on ES&S
3. Election results reporting system.
4. Human error
Part A: County Voting Systems
Recommendations:
1. Limit access to election voting systems.
2. Treat election security as a national security matter. Require that those working directly with machines/paper ballots undergo rigorous and standardized background checks.
3. Evaluate procedures for accepting volunteer poll workers.
13
Part B: Voter Registration System
Findings:
1. Readily available access
2. Voter verification process at the polling locations
3. Lack of physical and electronic security measures
Part B: Voter Registration SystemRecommendations:
1. Develop and implement two-factor authentication for any access to voter registration lists.
2. Tabulate and detail exactly who has access, why they have access, and who is allowed to have access.
3. Work with Department of Homeland Security (DHS) to ensure that the electronic sources being used are secure from cyberattacks.
4. Develop method to verify and hold accountable who is registered at what household.
Internet of Things (IofTs)
The Internet of Things (IoT) is the network of physical objects—devices, vehicles, buildings and other items embedded with electronics, software, sensors, and network connectivity—that enables these objects to collect and exchange data. (Christopher Giles, UT Dallas)
14
https://www.youtube.com/watch?v=QSIPNhOiMoE
Internet of Things (IoT) – IBM
By 2020 - 28 billion devices will be connected to the Internet; only 1/3 being computers, smartphones and tablets.
- 2/3s will be other “devices” – sensors, terminals, household appliances, thermostats, televisions, automobiles, production machinery, urban infrastructure, etc. which traditionally have not been Internet enabled.
https://datafloq.com/read/internet-of-things-more-than-smart-things/1060
Smart Things
https://www.quora.com/Is-it-safe-to-browse-the-dark-web
The Webs
https://www.torproject.org/about/overview.html.en
The Onion Router (ToR)• Gateway to Deep and Dark Web• Prevents people from learning your location or
browsing habits.• For web browsers & instant messaging clients.• Free and open source for Windows, Mac, Linux/Unix,
and Android
15
Adversaries
• Criminals
• Hackivistists
• Terrorists
• Insiders
• Nation States
Wanted Cyber Criminals
https://www.fbi.gov/wanted/cyber
Evgeniy Mikhailovich Bogachev $3,000,000
Nicolae Popescu$1,000,000
Alexsey Belan$100,000
Peteris Sahurovs$50,000
Shaileshkumar P. Jain$20,000
Adversaries
• Criminals
• Hackivistists
• Terrorists
• Insiders
• Nation States
16
• International network of skilled hackers that operateon ideas rather than directives.
• Freedom, Justice, against all “oppression”, revolution against corruption.
• Means: Information: End: freedom from corruption and oppression.
• Information wants us to be free – the internet is the means to expose corruption and restrict organizations of oppression.
• Targets have included, but are not limited to; government agencies such as FBI and CIA, copyright protection agencies, child pornography websites, Ferguson Police Department, HBGaryFederal, Westboro Baptist Church, MasterCard, PayPal, the Vatican, and many others.
Anonymous –
• Only two suspected members have been Identified – Julius Kivimäki, a 16 year-old Finish teenager and Vinnie Omari, a 22 year-old from the United Kingdom.
• Lizard Squad took down the PlayStation and Xbox networks, using a denial of service attack, by breaching Sony and Microsoft networks, then argued online that the companies should do more to protect their systems.
• The attacks occurred on Christmas day 2014, peak time for gamers trying out their new games.
• The attacks eventually paused after Omari and his friends received 'Mega-privacy vouchers' from multimillionaire investor and Mega founder Kim Dotcom. The vouchers could quickly be sold on an underground black market. The estimated value of the vouchers was $300,000
Lizard Squad
Adversaries
• Criminals
• Hackivistists
• Terrorists
• Insiders
• Nation States
17
Jihadi Celebrities
ISIS’ social media use glorifies jihad and martyrdom, allowing nobodies to become instant heroes.
Adversaries
• Criminals
• Hackivistists
• Terrorists
• Insiders
• Nation States
Peoples’ Republic of ChinaAggressively Active in Cyberspace
• Acquire sensitive information – Anthem attack
Gain intelligence to use as leverage
Used to create profiles of potential targets
http://foreignpolicyblogs.com/2011/04/18/trading-with-the-enemy-sino-american-cyber-espionage/
According to Foreign Policy Assoc. as of 2011 “China has(d) over 400 million internet users, more than any other nation”.
18
People’s Liberation Army Unit 61398 (2nd Bureau of the PLA General Staff Department’s (GsD) 3rd Department )
http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf
Mandiant, identified Unit 61398 as the source of thousands of attacks on foreign companies.
Unit’s mission is a state secret.
• The security firm CrowdStrike gave the name 'Deep Panda' to one of the hacking groups supposedly affiliated with the Chinese government.
• The secretive nature of the organization makes attack attribution difficult, however the group has been tied to cyberattacks on U.S policy think tanks and experts on the Middle East and Australian media outlets.
• Deep Panda were reportedly responsible for the Anthem data breach, which exposed the personal information of more than 80 million insurance policyholders. The cyberattack put Anthem customers at risk for identity theft throughout their lives, and exposed many to subsequent phishing attacks from fraudsters around the world.
Deep Panda
Helpful Programs and
Useful Tools
54
19
Programs of Interest
• GenCyber - NSA and NSF Summer Program for Students and Teachers
https://www.gen-cyber.com/
• Congressional Cybersecurity Caucus News Round-up; Clips from around the globe, web and Hill…
Leiserson, Nick <[email protected]>
• FBI Infragard (Austin and Houston Chapters)
https://www.infragard.org/
• FBI Internet Crime Complaint Center (IC3)https://www.ic3.gov/default.aspx
• IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development
http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2007-12/ISPAB_Dec7-BOldfield.pdf
55
Programs of Interest
• Texas Cybersecurity, Education and Economic Development Council
http://dir.texas.gov/View-About-DIR/Pages/Content.aspx?id=23
• Texas Director of Information Resources
http://dir.texas.gov/View-About-DIR/Information-Security/Landing.aspx
• Texas A&M Cybersecurity Center, Email: [email protected]
979.845.7398; https://cybersecurity.tamu.edu/about-us/
56
Programs of Interest
• DHS Cybersecurity site
https://www.dhs.gov/topic/cybersecurity
• DHS ICS-CERT
https://ics-cert.us-cert.gov/
57
20
GenCyber First Principles
https://quizlet.com/143361556/gen-cyber-first-principles-61416-flash-cards/
National Security Agency and National Science Foundation Program developed around 10 cybersecurity principles that can apply to individuals, businesses and government
58
Seven Components to Cybersecurity
- Firewall
- Anti-Malware
- First Response Team
- Security Policy
- Layered Security Measures
- Cybersecurity Training
- Administrative Account Security
59
- Firewall
- Anti-Malware
- First Response Team
- Security Policy
- Layered Security Measures
- Cybersecurity Training
- Administrative Account Security
http://politicsprose.tumblr.com/post/97584738880/read-banned-books-the-lone-ranger-and-tonto
- Firewall
- Anti-Malware
- First Response Team
- Security Policy
- Layered Security Measures
- Cybersecurity Training
- Administrative Account Security
- Firewall
- Anti-Malware
- First Response Team
- Security Policy
- Layered Security Measures
- Cybersecurity Training
- Administrative Account Security
https://www.pinterest.com/sullivanmcgee/lost-in-space/
Bottom LineLearn about the threat
Prevent, Protect, Mitigate, Respond, and Recover from the Threat
1. Introduction and Purpose
2. Challenges
3. Definitions
4. Coding 101
5. Trends
6. Attacks, Hacks and Security Events
7. Federal Responsibilities, National Policies and Agencies
8. Threats (Cyber and Physical) to the Texas Election System – A Recent Study
9. Internet of Things – IofT
10. Three Webs - Surface Web Deep Web Dark Web
11. Adversaries
12. Helpful Programs and Tools of Interest
13. Seven Components to Cybersecurity
14. Bottom Line – Learn and Train - Continuously
21
COMMENTS & QUESTIONS
Cyber Threats: Implications for the Present and the Future
Danny W. Davis, Ph.D.Professor of the PracticeThe Bush School of Government and Public ServiceTexas A&M University830 [email protected]