Chapter 5
Part III
Introduction to Homeland
Security
Safety & Security:
Cyber Security
Information Security and National
Network Infrastructure Security
♦
Information Security
:
– Techniques used to protect information
assets from deliberate or inadvertent
assets from deliberate or inadvertent
unauthorized acquisition, damage,
disclosure, manipulation, modification,
loss, or use
Information Security and National
Network Infrastructure Security
♦
Network Infrastructure Security
:
– Protection of the physical infrastructure of
data networks and peripherals such as
fiber optic cables routers switches and
fiber optic cables, routers, switches, and
servers
that allow data in digital format to
be transferred from one location to another
one or process it to meet user demands
Terrorism and the Proliferation of
Information Transfer
♦
Alfred Toffler, socio-economist, cited
that the world (most notably the
industrialized world powers) is
experiencing a shift in the basis of its
economy
♦
This new economy, referred to as the
“Third Wave” by Toffler, is one based
primarily on the transfer of information
Terrorism and the Proliferation of
Information Transfer
♦
Due to this evolution from an industry
based economy to that of an information
transfer based economy, there will be
subsequent changes in the means by
subsequent changes in the means by
which society lives, works, and
communicates
♦
Most importantly, there will be a great
increase of reliance on computers, the
networks that link them together, and
the sources that power them
Terrorism and the Proliferation of
Information Transfer
♦
Computers already control and regulate
everything from household appliances
to satellites, air conditioning systems to
nuclear power plants
Terrorism and the Proliferation of
Information Transfer
♦
We must ask ourselves:
– Is this shift in the basis of our economy
without a cost?
– Will this high-technology reliant way of life
bring about new threats?
– What will terrorism be like in the info-age…
and how will it evolve?
Terrorism and the Proliferation of
Information Transfer
♦
With access to the World Wide Web, and
personal computers, individuals across the
globe possess the means to gain access to
highly specific (often private) information
♦
By taking advantage of computers, and the
information systems that connect them,
terrorists now pose a threat on a new
front--cyberspace
Terrorism and the Proliferation of
Information Transfer
♦
Through the use of computers, terrorists
can now:
– Gather intelligence
Communicate globally
– Communicate globally
– Spread their hate via WWW
Terrorism and the Proliferation of
Information Transfer
♦
Moderately-skilled terrorists can steal
valuable information and employ
“
information warfare
” in order to cause
violence and terror in cyberspace
violence and terror in cyberspace
♦
This terror caused in cyberspace has
the potential to cross over into the “real
world” with catastrophic results,
depending on the type of cyber-weapon
used and the tactical applications of its
purveyor
Information Security and National
Network Infrastructure Security
♦
Hacking
: The gaining of unauthorized
access to computer systems for the
purposes of stealing or corrupting data;
also known as
“cracking”
Information Security and National
Network Infrastructure Security
♦
Hacking Incidents:
– 1980s: 6 teenagers gain access to the Los
Alamos National Laboratory computer
system
y
• 2 plead guilty to 2 counts of “making harassing phone calls”
– 1997: Ehud Tenenbaum, AKA “The
Analyzer” hacked into several US
computer systems, including military ones
Information Security and National
Network Infrastructure Security
♦
Hacking Incidents (cont.):
– 2001-2002: Gary McKinnon, AKA “Solo”,
accused of cracking into 97 US military and
NASA computers
p
• US claims $700,000 in damage
• Currently undergoing extradition proceeding in the UK
Information Security and National
Network Infrastructure Security
♦
Hacking Incidents (cont.):
– 7 MAR 2011
– China launched a hacking attack on the South Korean Defense Ministry’s computer systemy p y – Obtained confidential information about the ministry’s plan to buy the U.S.-made Global Hawk reconnaissance drone
– S. Korea reports over 2K hacking attempts per year; most from China
Information Security and National
Network Infrastructure Security
♦
Hacking Incidents (cont.):
– 7 MAR 2011
– The French Finance Ministry confirmed it suffered a cyber attack in December from y hackers targeting documents related to the French presidency of the G-20 and international economic affairs
– Attackers were professional and organized – Attack was the first in its size and scope
against France with 150 ministry computers hacked and several documents pirated
Three Styles of Terrorism
♦
Conventional Terrorism
♦
Technoterrorism
♦
Cyber Terrorism
y
Conventional Terrorism:
♦
Essentially the use of violence or threat of
violence (intimidation/coercion) directed
(normally) toward innocent people in order to
attain a particular (often political) goal
– Conventional terrorists use bombs, guns, and other “conventional” weapons in their attacks – Normally, their attacks are aimed at innocent
civilians, although their targets also include “high profile” individuals and buildings
– In nearly all cases, targets are SYMBOLIC!
Conventional Terrorism
–
An
Example
♦
1983 bombing of the USMC
headquarters in Beirut, Lebanon
– Suicide bombing (conventional weapon) that left 241 military personnel dead, and several hundred others injured (high profile symbolic
hundred others injured (high profile symbolic target)
♦
Resulting media frenzy negatively
influenced public opinion regarding US
policy in Lebanon
♦
US ground forces were subsequently
withdrawn from the area (
desired effect
)
Technoterrorism:
♦
Like conventional terrorism, uses
conventional weapons (i.e. bombs,
guns, etc.) to destroy its targets
♦
Unlike conventional terrorism, its
,
“immediate” targets are not humans
– Technoterrorism targets are the physical
structures that make up the high-tech
infrastructure:
• Electrical grids
• Telecommunications hubs • Information networks
Technoterrorism (cont.)
♦
The effectiveness of a technoterrorist’s
attack is entirely reliant on the public’s
dependence on the high-tech
infrastructure assaulted
– For example, the difference between a
technoterrorist bombing an aviation
communications center in Tanzania vice
that same act in New York City
Technoterrorism (cont.)
♦
The size of the technoterrorist group
does not have to be large in order to
operate efficiently and effectively
♦
Lastly, technoterrorist groups don’t
necessitate much funding, due to the
nature of their weapons and ready
access to their normally stationary
targets
Cyber Terrorism:
♦
The use of computing resources to
intimidate or coerce others via the
medium of cyberspace
♦
Cyber terrorists, like technoterrorists,
generate violence/intimidate/coerce by
manipulating and destroying high-tech
assets
Cyber Terrorism vs.
Technoterrorism
♦
The major difference between cyber
terrorists and technoterrorists:
– Cyberterrorists damage/destroy computer
and telecommunications systems from
and telecommunications systems from
within their software and programming
using computers
– Technoterrorists damage/destroy the
physical structures that house these
systems.
Cyber Terrorism (cont.)
♦
Depending on how cyber terrorists
apply their weapons, they can also
create “real world” effects through the
violence that they create in cyberspace
(similar to the technoterrorist)
Cyber Terrorism Weapons
♦The cyber terrorist has several
software-based weapons that can be employed
anywhere in cyberspace at any time
–Viruses
• Malicious programs that attach themselves to host programs and force the computer to perform actions not intended by its operator
–Trojan Horses
• Programs that perform a normal function (i.e. a downloadable internet browser), but secretly release a destructive secondary program upon their entry into the computer
Cyber Terrorism Weapons (cont.)
–
Worms
• Programs developed to travel across a
network and perform simple tasks (i.e. data
collection)
• When programmed maliciously, they have
p g
y,
y
the ability to destroy information as viruses
do, but they also have the ability to replicate
themselves and spread across an entire
computer network independently
–
Sniffers
• Programs that hide themselves on a host
network and collect information
Cyber Terrorism Weapons (cont.)
–
Electro-magnetic pulse weapons
(EMP’s)
• EMP’s are weapons that generate a large
electro-magnetic pulse that destroys
electronics and computer systems in a
given area, but does not disrupt the
physical surroundings in the area of the
systems
• These can be built from parts available at
electronic parts stores and hobby stores.
Cyber Terrorism vs. Conventional
Terrorism & Technoterrorism
♦
The cyber terrorist has several
advantages over conventional terrorists
and technoterrorists:
Global reach
– Global reach
– The absence of physical harm encountered
in the other styles of terrorism
– The ability to operate totally independently
– Less physical evidence involved in
committing their crimes
Cyber Terrorism vs. Conventional
Terrorism & Technoterrorism
♦
When compared to one another, these
three styles of terrorism share
similarities:
Causing the suffering of innocent victims
– Causing the suffering of innocent victims
– Use of violence/intimidation/coercion to
attain a goal
♦
Though, when observed more closely,
the means, targets, tactics and cost of
the three distinct styles differ greatly
Cyber Terrorism vs. Conventional
Terrorism & Technoterrorism
♦
Since none of the styles of terrorism are
mutually exclusive in their tactical
applications, they can be applied in
conjunction with one another
conjunction with one another
♦
Applications of terrorism are only limited
to the creativity of the terrorist or
terrorists employing them
Information Security and National
Network Infrastructure Security
♦
DHS acts as the coordinating body of
the US govt. to secure the cyberspace
and the network infrastructure of the US
♦
Protection is the responsibility of the
♦
Protection is the responsibility of the
DHS
Office of National Protection and
Programs
– Specifically, the
National Cybersecurity
Division
within the
Office of Cyber
Security and Communications
(CS&C)
National Cyber Security Division
(NCSD)
♦
Mission:
– Work with public, private, and international
entities to secure cyber-space and US
cyber assets
♦
Strategic Objectives:
– To build and maintain an effective national
cyberspace response system
– To implement a cyber-risk management
program for the protection of critical
infrastructure
NCSD Programs – US Computer
Emergency Response Team
(US-CERT)
♦
Partnership between DHS and the
public and private sectors
p
p
♦
Responsible for:
– Analyzing and reducing cyber threats and
vulnerabilities
– Disseminating cyber threat warning info
– Coordinating incident response activities
NCSD Programs – US-CERT
(cont.)
♦
Member of the National Cyber
Response Coordination Group
(NCRCG)
– Made up of 13 federal agencies
p
g
– NCRCG will help to coordinate federal
response to a nationally significant
cyber-related incident
US-CERT Tools – Cyber Security
Preparedness and the National Cyber
Alert System
♦
Provides technical and nontechnical
computer users with:
– Security Alerts
– Security Alerts
• Timely info about current security problems
– Security Tips
• Advice on common security topics such as: – Privacy
– E-mail spam – Wireless protection
NCSD Programs – Cyber Cop
Portal
♦
Coordinates with law enforcement to
help capture and convict those
responsible for cyber attacks
♦
Info sharing and collaboration tool
– Can be accessed by over 5300
investigators worldwide who are involved in
electronic crimes cases
National Strategy to Secure
Cyberspace – Priority 1
♦
A National Cyberspace Security
Program
– Focus on:
• Rapid identification of malicious cyberspace p y p activity
• Rapid information exchange regarding malicious cyberspace activity
• Rapid mitigation of damage done by malicious cyberspace activity
– Emphasis on public-private partnership
– Protect privacy and civil liberties
National Strategy to Secure
Cyberspace – Priority 1 (cont.)
♦A National Cyberspace Security Program –
Identified actions and initiatives
1) Establish a public-private architecture responding to national-level cyber incidents
2) Provide for the development of tactical and 2) Provide for the development of tactical and
strategic analysis of cyber attack vulnerability assessments
3) Encourage the development of a private-sector capability to share a synoptic (same) view of the health of cyberspace
4) Expand the Cyber Warning and Information Network to support the DHS in coordinating crisis management for cyberspace security
National Strategy to Secure
Cyberspace – Priority 1 (cont.)
♦Identified actions and initiatives (cont.)
5) Improve national incident management 6) Coordinate processes for voluntary participation
in the development of national public-private continuity and contingency plans for federal systems
7) Exercise cyber security continuity plans for federal systems
8) Improve and enhance public-private info-sharing involving cyber attacks, threats, and
vulnerabilities
National Strategy to Secure
Cyberspace – Priority 2
♦
A National Cyberspace Security Threat and
Vulnerability Reduction Program
– An organized cyber attack could endanger the security of the US’s critical infrastructure – Vulnerabilities:
• Information assets • External support structures – Vulnerabilities result from:
• Weaknesses in technology
• Improper implementation and oversight of technological products
National Strategy to Secure
Cyberspace – Priority 2 (cont.)
♦A National Cyberspace Security Threat and
Vulnerability Reduction Program –
Identified actions and initiatives
1) Enhance law enforcement’s capabilities for preventing and prosecuting cyberspace attacks preventing and prosecuting cyberspace attacks 2) Create a process for national vulnerability
assessments to better understand the potential consequences of threats and vulnerabilities 3) Secure the mechanisms of the Internet, improving
protocols and routing
4) Foster the use of trusted digital control systems/supervisory control and data acquisition systems
National Strategy to Secure
Cyberspace – Priority 2 (cont.)
♦Identified actions and initiatives (cont.)
5) Reduce and remediate software vulnerabilities 6) Understand infrastructure interdependencies and
improve the physical security of cyber systems and telecommunications
and telecommunications
7) Prioritize federal cyber security research and development agendas
8) Assess and secure emerging systems
National Strategy to Secure
Cyberspace – Priority 3
♦A National Cyberspace Security
Awareness and Training Program
– Many cyber vulnerabilities exist because of lack of awareness on the part of:
• Computer users • System administrators • Technology developers • Procurement officials • Auditors
• Chief Information Officers (CIOs) • Chief Executive Officers (CEOs) • Corporate boards
– Such awareness-based vulnerabilities present serious risks to infrastructure whether or not they exist within the infrastructure itself
National Strategy to Secure
Cyberspace – Priority 3 (cont.)
♦A National Cyberspace Security
Awareness and Training Program –
Identified actions and initiatives
1) Promote a comprehensive national awareness program to empower all Americans, businesses,
p g p , ,
the general workforce, and the general population to secure their own parts of cyberspace
2) Foster adequate training and education programs to support the nations cyber security needs 3) Increase the efficiency of existing federal cyber
security training programs
4) Promote private-sector support for well-coordinated, widely recognized professional cyber security certifications
National Strategy to Secure
Cyberspace – Priority 4
♦Securing Governments’ Cyberspace
– Govt.s only administer a minority of the nation’s critical infrastructure, butgovt.s at all levels perform essential functions in:
• Agriculture • Food
• Information and telecommunications • Energy • Water • Public health • Emergency services • Defense • Social welfare
– Govt.s need to lead by example in cyberspace security and foster a marketplace for more secure technologies
Energy • Transportation • Banking and finance • Chemicals • Postal shipping
National Strategy to Secure
Cyberspace – Priority 4 (cont.)
♦Securing Governments’ Cyberspace –
Identified actions and initiatives
1) Continuously assess threats and vulnerabilities to federal cyber systems
2) Authenticate and maintain authorized users of federal cyber systems
3) Secure federal wireless local-area networks (LANs)
4) Improve security in govt outsourcing and procurement
5) Encourage state and local govt.s, consider establishing information technology security programs, and participate in info sharing and analysis centers with similar govt.s
National Strategy to Secure
Cyberspace – Priority 5
♦
National Security and International
Cyberspace Security Cooperation
– America’s cyberspace links the US to the
rest of the world
– Cyber attacks can quickly come from
anywhere
– Determining source of attacks can be
difficult
– International cooperation required to:
• Facilitate info-sharing • Reduce vulnerabilities • Deter malicious actors
National Strategy to Secure
Cyberspace – Priority 5 (cont.)
♦National Security and International
Cyberspace Security Cooperation –
Identified actions and initiatives
1) Strengthen cyber-related intelligence efforts) g y g 2) Improve capabilities for attack attribution and
response
3) Improve coordination for responding to cyber attacks within the US national security community
National Strategy to Secure
Cyberspace – Priority 5 (cont.)
♦Identified actions and initiatives
(cont.)4) Work w/industry and through international organizations to facilitate dialogue and partnerships among international public and private sectors focused on protecting info infrastructures and promoting global “culture of infrastructures and promoting global culture of security”
5) Foster the establishment of national and international watch-and-warning networks to detect and prevent cyber attacks as they emerge 6) Encourage other nations to accede to Council of Europe Convention on Cyber Crime or to ensure that their laws and procedures are at least as comprehensive
