Transcript Document

“Ask a Scientist”, 2010-2011
7.00 pm @ Acoustic Café
(except for January’s “Ask a Scientist for Kids”)
Tuesday, October 26
Paul Wagner (UWEC Computer Science) "Computer Security and Cyberwarfare"
Tuesday, November 23 Steve Weiss, M.D. (Luther Hospital)
“Power Issues in the Doctor-Patient Relationship”
[December – no talk]
Saturday, January 22
“Ask a Scientist for Kids”
(Eau Claire Childrens’ Museum, 2-4 pm)
Tuesday, February 22
Winnifred Bryant (UWEC Biology)
“Environmental Estrogens—Potential Risks to Human Health”
Tuesday, March 29
Bev Pierson (Memorial High School)
“Astrobiology: the new science of life in the universe”
Tuesday, April 26
Paul Thomas (UWEC Physics and Astronomy)
“Hot News from Space”
Congratulations!
Dr. Paul Thomas

Recipient of the UW System’s
2010 Regents Teaching
Excellence Award
For career achievements in teaching
Only two individual recipients per
year in UW System
Computer Security
and Cyberwarfare
Dr. Paul Wagner
[email protected]
Messages
Cyberwar is an important evolutionary idea
that has the potential for significant effect
on all USA and world citizens
Cyberattacks at the level of cyberwar have
already occurred, and are occurring with
increasing frequency and effect
Cyberwar may be used as a political lever
for increased governmental controls on
cyberspace
Definition of Cyberwarfare
“Actions by a nation-state to penetrate
another nation's computers or networks for
the purposes of causing damage or
disruption” – Richard A. Clarke, “Cyber
War”
“… a new domain in warfare” – William J.
Lynn, U.S. Deputy Secretary of Defense
Related Terms and Issues
Cyber-terrorism – parallel definition, different
actor

actions by terrorists to penetrate another nation's
computers or networks for the purposes of causing
damage or disruption
Cyber-spying / cyber-espionage

actions by parties outside of a country or organization
to penetrate another nation's computers or networks
for the purposes of stealing information
Increasingly difficult to distinguish countries and
organizations

Countries may be (increasing evidence that they are)
using 3rd parties (organized crime, other
organizations) to do their work
Related Issues
Is the term “cyberwar” appropriate?

Nature of warfare has changed
WW II => Vietnam => Iraq / Afghanistan

Does the term overstate or mis-state the
issue?
We probably haven’t seen true cyberwar yet
Where is the line between war and espionage, war
and terrorism, or war and crime (e.g. theft)?
Malware Terminology
Worms – software that spreads on own
with harmful consequences
Virus – malware attached to other
software (e.g. email attachment)
Trojan Horse – software that appears to
be positive but have harmful effects
Logic bomb – software planted to activate
at a later date/time with harmful
consequences
Relationship to Traditional Warfare
Cyberwar could be additional domain in
traditional warfare

Used as initial stage to reduce command and
control facilities, harm national infrastructure,
spread propaganda, reduce confidence in
government
Could be a standalone approach to
warfare

Potential for significant harm to foreign
country in the information age
Thematic Issues
Convenience vs. Security
Security and Privacy
Evolution of Cyberattacks



At the beginning: Status
More recently: Financial gain
Now: Political gain
Technological Approaches for
Cyberattacks
Three Major Approaches

1) Break in, steal information
From computer systems or networks


2) Directly affect functionality of computers or
related equipment through use of worms,
viruses, logic bombs and/or other malware
3) Denial of Service (DoS) – flood of
messages to computer systems that
overwhelms them and renders them nonfunctional
Infrastructure Subject to Attack
Businesses
Military command and control system
Transportation systems


Air
Rail
Power grid
Manufacturing facilities
Communication systems
…
Scope of Cyberspace
Cyberspace starts with the internet…

Internet = network of networks
Cyberspace (2)
Beyond every computer system that’s connected
by wire, cyberspace also includes:







Isolated networks (private, corporate, military)
Laptop and other personal PCs connected some of
the time (wireless, modems)
Industrial control machinery, including programmable
logic controllers (PLCs)
Industrial robots (connected to PLCs or directly to
computers)
Home control equipment (home appliances and their
control units)
Mobile devices (smart phones, PDAs, …)
USB and other storage devices
Cyberspace (3)
Why Is Everything Connected?
Convenience





Connect to others through email, world-wide
web, social media
Internet service provider can remotelydiagnose problems on your computer
Appliance company can remotely diagnose
problems with equipment in your home
City can read your water meter
You can turn on your oven/lights from work
Systems can interact
Four Examples of Possible
Cyberwar Activity
1.
2.
3.
4.
Titan Rain (2003-on)
Syria (2007)
Estonia (2007)
Stuxnet Worm (2009-2010)
1. Titan Rain (2003-on)
Coordinated attacks on US military and
industrial computer systems
Access gained to computer systems and
networks including Lockheed Martin,
Sandia National Laboratories, and NASA
Purpose and identity of attackers remains
unclear, though origin appears to be
Chinese military

Though could be “through” Chinese military
2) Syria (Sept. 2007)
Israeli aerial bombing of facility in Syria,
alleged nuclear facility being constructed
by North Koreans
Syrian air defense networks saw no
planes; later found Russian-built radar
system screens manipulated to show
nothing
Exact cause not known, but options all
point to manipulation of software
controlling radar system
3) Estonia (April 2007)
Sometimes referred to as “Web War 1”
Followed Estonia relocating the Bronze
Soldier of Talinn, a Russian monument
Sophisticated and large set of denial of
service (DoS) attacks on Estonian
parliament, banks, ministries, newspapers,
other web sites
Severe effect on above institutions for
approximately three weeks
4) Stuxnet Worm
Very complex Windows-specific computer
worm that infects computers and
connected industrial control equipment
(PLCs)

First known worm to attack industrial
infrastructure
Spreads through USB thumb drives as
well as network connections
Utilizes four “zero-day” exploits
Uses stolen valid security certificates
4) Stuxnet Worm (cont.)
Initial high rate of infection in Iran,
specifically found at nuclear facilities


May be government (Israel, US, UK?) attempt
to damage Iranian nuclear facilities
Unclear if delay or damage actually occurred
Worm has spread to many other countries
(including large infection of Chinese
systems)
Political Issues
Is the threat of cyberwar overstated?


Several experts say yes, including Marc Rotenberg
(Electronic Privacy Information Center) and Bruce
Schneier (Chief Technology Officer, BT Counterpane)
Issues:
Much hyperbole, “sexy” news
Little distinction by many between cyberwarfare and
cyberspying; threats today are more from cyber-espionage
Used to generate additional funding for U.S. cyberdefense
efforts
Used to justify efforts to give U.S. government more control
over Internet (e.g. control over encryption)
Difficulties in Defense
Many entry points to internet, most networks
Difficult to trace attacks

Many from robot networks (botnets) of compromised
PCs
Internet created for convenience, not security

Internet technology does not support easy defense
Unknown capabilities of other nations, groups

So, little deterrence exists
“Security is a process, not a product” – Bruce
Schneier
Defenders have to defend against many possible
attacks, but attackers only have to find one hole
Difficulties in Defense for USA
Internet created in USA in an environment of
intellectual freedom, mostly under private (not
government) control


Efforts to change – e.g. “Kill Switch” bill (2010) in
Congress giving government power to take over parts
of internet in national emergency
Other countries can more easily mount defense (e.g.
fewer entry points, government can already control
networks)
US military cyber-capabilities are
significantly focused on offense, not
defense
What To Do?
Suggestions:

1) Enact limited government regulation of
internet, cyberspace
Need international cooperation as well as national
efforts


2) Increase resources for cyber-defense
(government, private)
3) Isolate critical infrastructure (e.g. power
grid) from the internet
Source: Richard A. Clarke, “Cyber War”

4) Investigate cyber-treaties
Disincentives to Cyberwar
Potential for retribution
Harming the internet tends to harm
everyone

Difficult to contain scope of cyberattacks
Non-cyber interests are connected

E.g. China owns significant portion of U.S.
financial structure
Moderating Effects on Cyberwar
Diversity of systems and networks

Many networks, multiple operating systems
Increasing efforts on intrusion detection
and prevention

Early detection may help reduce scope of
effects, though malware can spread quickly
Cyber Treaties?
Benefits


Set ground rules for national cyber behavior
Attempt to avoid collateral damage to citizens
Issues


Enforceability
Use of cyber treaties to limit speech
Current Russian proposal attempts to prohibit any
government from using internet to interfere with
any other government (e.g. promote, encourage or
assist in dissent)
References / More Information
“Cyber War – The Next Threat to National
Security” by Richard A. Clarke (2010)
NPR Morning Edition Two-Part Series


http://www.npr.org/templates/story/story.php?storyId=
130023318
http://www.npr.org/templates/story/story.php?storyId=
130052701
“The Online Threat”, article by Seymour Hersch

http://www.newyorker.com/reporting/2010/11/01/1011
01fa_fact_hersh?currentPage=all
Wikipedia – Cyberwarfare

http://en.wikipedia.org/wiki/Cyberwarfare
Wikipedia – Cyberterrorism

http://en.wikipedia.org/wiki/Cyber_terrorism
Questions / Discussion
Dr. Paul Wagner
Email: [email protected]
http://www.cs.uwec.edu/~wagnerpj