National Security and Cyber Security

CYBERCRIME: HOW IT AFFECTS NATIONAL SECURITY

How Safe is your Money: Rethinking Cybersecurity

National Defense College of the Philippines27 February 2012

SCOPE OF PRESENTATIONS

Cybercrime: A National Security Issue National Security Policy National Security Strategic Directions

In Addressing Cybercrime

Transportation

Administration Distribution

Education

Banking and Finance

CYBERSPACE

SOURCE : National Telecommunications Commission (NTC)

Information and Communi-

cation

PHILIPPINE CYBERSPACE

TELECOMMUNICATIONS SYSTEMS Telecommunications Systems –

The telephone, television, satellite and broadcasting systems that are the communications nodes that provide information to society.

Due to advances in technology, this sector is quickly converging and integrating to Internet Protocol (IP) based networks.

CYBER INFRASTRUCTURES

BANKING AND FINANCE Banking and Finance

Institutions highly dependent on cyberspace - The very nature of a nation-state’s existence relies on its ability to function economically.

Threats to the financial systems will have dire consequences for a nations ability to operate effectively and efficiently.


TRANSPORTATION SYSTEMS

Transportation – Provides the mechanism by which people and commerce are moved to disparate locations.

Individuals and cargo are moved by trucks, ships, railroads, aviation, etc.

The vast majority of transportation is managed by networked computer systems.


WATER SYSTEMS The water facilities, plants

and dams that contain and provide water to communities.

These facilities are controlled by Supervisory Control and Data Acquisition Systems (SCADA).


POWER SYSTEMS Power systems have become

extremely interconnected. The interdependencies are

widespread as these systems are connected to a network.

Network assessments should be conducted to identify and assess risk.


Crimeware Business Environment

CYBER ECOSYSTEM

Threat Source Motivation Threat Action

Industrial Spies(companies, governments)

Competitive advantageEconomic espionage

Economic exploitationInformation TheftAccess to classified, proprietary, and/or technology related information

Insiders(poorly trained, disgruntled, malicious employees)

CuriousityEgoIntelligenceMonetary gainRevengeSin of omissions and commisions

Assault on an employeeBlackmailComputer AbuseFraud nd TheftFalsified and Corrupted dataUnauthorized system access

CYBER ECOSYSTEM

Threat Source Motivation Threat Action

Hacker, Cracker ChallengeEgoRebellion

HackingSocial EngineeringSystem intrusionUnauthorized system access

Computer Criminal Destruction of informationIllegal information disclosureMonetary gainUnauthorized data alteration

MalwareSpoofingCyber stalkingInformation bribery

Terrorist BlackmailDestructionExploitatonRevenge

Bomb/TerrorrismInfo warfareDenial of servieSystem penetrationSystem tampering

CYBER ECOSYSTEM

CYBER INCIDENTS IN THE PHILIPPINES

US FBI recently estimated that the “LOVEBUG”, made by a Philippine student in 2000, has caused a worldwide damage of approximately US$ 12Billion.

NBI handled 30 various cyber crime cases as of 2005NBI CYBERCRIMES STATISTICS JAN - DEC 2005

TYPE OF CASE NO. OF CASES

1. Computer Fraud 8

2. Internet Pornography 3

3. Hacking 5

4. Computer E-mails 10

5. Violation of the E-Commerce Law 4

6. Verification 0

TOTAL 30


20032004

20052006

2007

National Govt

Local Gov't

118 28

390

2333

21 45 56

11

0

50

100

150

200

250

300

350

400

Defaced Government Websites, 2003 -2007Source: 2007 PNP-CIDG Report

National Govt 33 21 45 56 11

Local Gov't 11 8 28 390 23

2003 2004 2005 2006 2007


Source: Philippine Honeynet (www.philippinehoneynet.org)

More than 700 events occur by

day when cyber at-tacks are fierce.

http://www.philippinehoneynet.org/

Top 10 Source Attacks

Canada 3%

Hong Kong 2%

Taiwan 3%

India 3%

Philippines 3%

Thailand 4%

Korea-KR 7%

Japan 10%

United States 30%

China 35%

CN (China) US (United States) JP (Japan) KR (Korea-KR)

TH (Thailand) PH (Philippines) IN (India) TW (Taiwan)

CA (Canada) HK (Hong Kong)


Source: Philippine Honeynet (www.philippinehoneynet.org)

US and China are the major attack

sources

http://www.philippinehoneynet.org/

CYBER TERRORISM

psychological warfare publicity propaganda networking sharing of information coordination fundraising recruitment

TERRORISTS USE OF INTERNET

CYBER TERRORISM

CASE STUDY: OPLAN BOJINKA

Oplan Bojinka was a 1995 plan by Al-Qaeda to simultaneously destroy 11 passenger aircraft over the Pacific Ocean

Reports indicate that Oplan Bojinka is the earlier version of 9/11 plot

If the operation had been successful, Al-Qaeda would have murdered thousands of airline passengers

CYBER TERRORISM

The plot was discovered after a fire broke out in the Philippines apartment of Ramzi Yousef, a Kuwaiti of Pakistani extraction and member of Al-Qaeda

Yousef was involved in the first World Trade Center bombing in 1993


CYBER TERRORISM

Philippines police found bomb making material and a laptop computer in his apartment

The laptop computer contained encrypted messages that could not be read by the police or intelligence officials


CYBER TERRORISM

Extensive analysis of the computer by law enforcement and intelligence officials eventually broke the encryption on the messages

The unencrypted messages detailed Yousef’s plans to destroy the airliners and messages to his fellow co-conspirators

Ramzi Yousef was sentenced to 240 years in prison in the United States


CYBER TERRORISM

22

Plotters of the Oplan Bojinka used the Philippines as a “launching pad” for terrorist acts by providing training bomb making and logistical support the violent local terrorist group, Abu Sayyaf (ASO).

In April 2000, the ASO demanded the release of Yousef from jail in the United States.


CYBER TERRORISM

Lessons Learned Computer forensics was critical to this investigation

The computer investigation allowed Philippine officials to analyze and decrypt the messages on the laptop

The information acquired was important in thwarting a deadly terrorist attack


CYBER TERRORISM

Conclusion

The use of the Internet by terrorist organizations will increase as these groups acquire the skills to conduct offensive operations

The interdependence of the critical infrastructure used by nation-states will allow terrorist groups attack these facilities with deadly results


CYBER TERRORISM

25

PH-CERT The first CERT in the Philippines Localized assistance Funding from membership fees and sponsorships No permanent staff – purely voluntary Provides

Email and phone based technical assistance (No on-site services) Coordination with law enforcement agencies Technical training

However, the operation of PH-CERT encountered difficulty due to lack of financial support and human resources

ASSESSMENT: CURRENT EFFORT

National Bureau of Investigation - Anti Fraud and Cyber Crime Division

Feb 1997: NBI-AFCCD created, through an Administrative Order, in order to address all computer related crimes and other offenses using technology

Supported by the US-FBI to set up it Forensic Laboratory The NBI-AFCCD needs legislation in order to empower it,

organizationally and financially to make it effective in responding to cyber crime incidents


27

PNP-CIDG/GSIRT (Government Computer Security Incident Response Team)

Detect and investigate computer network intrusions and other related internet or computer crimes

Projected capability: digital analysis, log file analysis, forensic media analysis, etc.

Issues: lack of specific legislation, overlapping roles of IT government bodies, need extensive training of law enforcers, public awareness, etc.


28

Other Organizations ISSSP (Information Systems Security Specialists of the

Philippines) involved in the effort of creating awareness and raising the level of

information security practice security management in the Philippines

PH-CISSP (Philippine Certified Information Systems Security Professionals) CISSP certified Filipinos with security professional work experience

ISACA (Information Systems and Audit and Control) Manila Chapter sponsors local educational seminars and

workshops, engages in IT research projects, conducts regular chapter meetings, and helps to further promote and elevate the visibility of the IS audit, control and security professional


29

PH Computer Emergency Response Teams (CERTs) Lack of human resource and systems to address cyber

emergencies. Korea: More than 80 major CERTs CONCERT: Consortium of CERTs in Korea (http://concert.or.kr)

Requires national management to encourage development of CERTs and production of critical mass of cyber security professionals.


30

Legislation RA 8792 Philippine E-Commerce Law - not particular about

emergency readiness but it does set the legal framework for recognition of electronic documents and transactions.

Hacking and cracking Piracy or the unauthorized copying Violations of the Consumer Act or Republic Act (No. 7394)

Bangko Sentral ng Pilipinas, BSP (Central Bank of the Philippines) Circulars that apply to banks and financial institutions that dictate:

Financial systems stability and service levels Connectivity security and redundancy requirements Presence of disaster recovery site and systems


31

Legislation (cont’d) Pending laws including provisions for cyber security and ICT

readiness HB 1246 Anti-Cyber Crime Act of 2001 HB 2251 Convergence Policy Act of the Philippines of

2004 SB 428 The Anti-Telecommunications Fraud Act of 2004 SB 2073 Data Protection Act of 2005 HB 3777 Cybercrime Prevention Act of 2005

A new Consolidated Cyber-Crime Prevention bill is now under deliberation


Vandalism

Child Porn

CYBERCRIME: A NATIONAL

SECURITY ISSUE

Cyber Terrorism

CYBERCRIMES

In fulfilling our foremost mission and constitutional duty, it is the policy of this

administration that the State shall undertake the necessary steps to

ensure the protection and enhancement of the Filipinos’

common welfare, well being, way of life, institutions, and territory and

sovereignty.

THE STATE SHALL UNDERTAKE THE NECESSARY STEPS TO ENSURE THAT THE FILIPINO NATIONAL COMMUNITY’S WELFARE, WELL BEING, WAYS OF LIFE, INSTITUTIONS, AND TERRITORY AND SOVEREIGNTY ARE ENHANCED

AND PROTECTED.PROMOTE INTERNAL SOCIO-

POLITICAL STABILITY

CAPACITATE THE PHILIPPINES TO EXERCISE FULL SOVEREIGNTY OVER ITS TERRITORY AND

TO PROVIDE PROTECTION TO ITS MARITIME AND OTHER STRATEGIC INTERESTS

1. CREATE THE ENABLING ENVIRONMENT IN ORDER TO ENSURE THE EFFECTIVE DELIVERY OF BASIC SERVICES, PROTECT OUR NATURAL RESOURCES, AND PROMOTE ECONOMIC RECONSTRUCTION & SUSTAINABLE DEVELOPMENT TO WIN THE HEARTS AND MINDS OF THOSE WITH VALID GRIEVANCES AND RETAIN THE ALLEGIANCE OF THE REST OF THE CITIZENRY

2. STRENGTHEN THE INTEGRITY OF NATIONAL INSTITUTIONS AND PROMOTE GOOD GOVERNANCE THROUGH REFORMS IN THE SECURITY SECTOR

3. PROMOTE THE PEACE PROCESS AS THE CENTERPIECE OF OUR INTERNAL SECURITY PROGRAM

4. LAUNCH A HOLISTIC PROGRAM TO COMBAT TERRORISM



POLITICAL STABILITY









POLITICAL STABILITY



DENIAL OF CYBER SERVICES may lead to destitution and social unrest government takes the necessary steps to ensure the safe delivery of these

basic services free from interference by lawless elements, subversives, terrorists and

parochial political interests.



POLITICAL STABILITY









POLITICAL STABILITY



STRENGTHENING CYBER DEFENSE, FORENSIC, EMERGENCY RESPONSE The military and the law enforcer have to rebuild themselves as institutions

by way of reorganizing, retooling, and reorienting their approaches in order to be more responsive to the challenges brought by the cyberspace.

Strengthening of the government’s coordinative and integrative mechanisms



POLITICAL STABILITY









POLITICAL STABILITY



multi-level and multi-disciplinary approach and the enlisting of support from domestic and international allies

puts into operation a three-tiered cyber defense system that involves strengthening of our intelligence capabilities securing vulnerable targets enhancing our preparedness in the event of a successful terrorist attack.



POLITICAL STABILITY



1. PROMOTE EXTERNAL HARMONIOUS RELATIONSHIPS WITH OUR NEIGHBORS AND THE WORLD AT LARGE

2. PURSUE REGIONAL COOPERATION IN VARIOUS AREAS3. ENHANCE OUR COOPERATIVE SECURITY ARRANGEMENTS WITH

ALLIES AND NEIGHBORS4. DEVELOP A DEFENSE CAPABILITY TO PROTECT OUR

SOVEREIGNTY AND STRATEGIC MARITIME INTERESTS



POLITICAL STABILITY



1. PROMOTE EXTERNAL HARMONIOUS RELATIONSHIPS WITH OUR NEIGHBORS AND THE WORLD AT LARGE

2. PURSUE REGIONAL COOPERATION IN VARIOUS AREAS3. ENHANCE OUR COOPERATIVE SECURITY ARRANGEMENTS WITH

ALLIES AND NEIGHBORS4. DEVELOP A DEFENSE CAPABILITY TO PROTECT OUR

SOVEREIGNTY AND STRATEGIC MARITIME INTERESTS



POLITICAL STABILITY



The government believed that the war against cybercrime can also be fought at the international level. Cooperation between disparate and worldwide law enforcement agencies is

crucial due to the anonymous nature of the Internet. the government shall take both bilateral and multilateral tracks

WAY FORWARD

It is not an end state, it is a journey It is not only about implementing the best and

most advanced technologies It is a dynamic and spontaneous effort where

everybody must be involved The governments, the business communities, and the

private sectors play significant roles in this particular effort

ADDRESSING CYBERCRIME

WAY FORWARD

Identify and create point of contacts for purposes of simplifying the information exchange and emergency response

Foster collaborative effort of strengthening capabilities of developing a homegrown incident response team

Conduct collaborative research activities to monitor and detect

Continue the effort of strengthening the mutual thrust among the private and public entities

CONSIDERATIONS

CYBERCRIME: HOW IT AFFECTS NATIONAL SECURITY

End of Presentation

Technology

National Security and Cyber Security