Cyber War
Foreign and domestic forces are dedicated to the usurpation, vandalism and destruction of the IT resources of innocent organizations domestic and abroad. The nature of computer and Internet technology makes this theater of battle a turbulent landscape. The combatants range of aggressors such as individual private computer hackers vandals, or ad-hoc groups, Crime syndicates, foreign governments or agents. The home team could be a government agency, large corporation, small business, home users, and sometimes a child using his home video game. This war is has no respect of persons.
The advent and prevalence of broadband to the home, and ubiquitous nature of the internet into culture, commerce, and government has opened the battleground to almost everyone. Broadly, there are initiatives and steps that must be taken to defend these resources. In this paper I will address some of the steps possible to change the tide of the war. Technologies currently exist and don’t require invention that will help. These technologies only need some refinement and adoption to mainstream deployment. There will always be more to do, as the nature of technological realm is continually evolving. Since the war is on every Internet doorstop, countermeasure must be put at every doorstep.
Information has become the ultimate commodity, beyond what the books have been to humanity, the Internet represents an increase of dimensions for the ability of communication and record keeping of humanity. Mastering this new technology\ will be as profound as the commercialization of paper was to the world. As of now, we have only seen the beginning, and our choices here will have a profound impact on the future.
Levels of impact
Change is the heart of the Internet. Change as defined by a physics professor at my school, as one of the constants of the universe. The internet is driven by constant innovation on fertile ground, and this changes how things “can be” almost constantly. This makes how Government and Business do things, sometimes incompatible with the best practices of keeping Information technology safe. Everything we do in regards to policy must work to enable the possibilities and future that the Internet presents, and make it safe secondarily. “There's no reward in life without risk.” - Farber, Barry J.
Security is a limiting word, with the infinite potential of the Internet and it’s future, the concept needs to be expanded. Succinctly, we are talking of the Integrity, information flow, and command. Since all the pieces of the internet, interconnect and relate, all the levels of the system effect the integrity of the Internet. Command is the control of a system or data to take an action of some kind. Integrity of the command involves technical accuracy of the actions performed, but also who can give this instruction, and what to effect. Commands can be complex, simple or abstract. What we view as data has developed bewildering complexity in the digital realm. Controlling this is the essence of the ongoing battle. In this view, Security is part of maintaining the whole integrity of the system, and the internet, not just at single points.
Impact to the integrity of the national Internet and infrastructure is dependent on all the components working together to ensure this integrity. The controls must work to also enable the attributes of the internet to continue to thrive. The internet is a dangerous idea, like democracy, electricity and airplanes. The fields in which they grow can be tilled and fertilize, but the weeds must be controlled prudently. Wisdom is needed as sometimes the weeds can be the germ of the next dangerous idea.
Eliminate duplication of effort:
How government acquires it Information Technology (IT) can benefit from efficiencies of scale. Taking model from the Military’s NMCI approach and developing a ongoing solution would give the Government as an organization a better ability to defend itself from the impact of the battles being fought. This also serves to remove the federal IT resources from becoming unwitting accessories for IT assailants. Some of these strategies will also serve to reduce the cost of IT, and increase productivity with it.
The national Internet structure has architectural limitations, and other things that will provide better integrity to the National resource we call the Internet.
Finally the endpoints of the great communication grid need a different paradigms for the future. Some of these things are still developing and some are waiting to be used.
Application’s secure design
While the operating system is part of integrity and secure operation of a IT System. Computer, server, or other network component. Applications that are run on these systems are a weak link in the IT Integrity equation.
Many vendors are having to review their products for vulnerable coding techniques. Building software from with good coding practice is not sufficient, code vulnerabilities to exploit can be well written and follow good practice. Security and vulnerability considerations must also be considered separately, and just as critically important.
Digital Certificates
At the heart of any security system is the concept of Non-repudiation. Repudiation is the concept that I didn't send that, it's not mine. Which is what we see when a vandal, forger, thief burgles a IT resorce. Many computers are used in the flood of unsolicited commercial email (SPAM) on the Internet. The computers and users that send the bulk of the Spam are not willingly involved, their computers have been taken over, or resources stolen. As a indicator in the intent of this, the people who do this, use the word "owned" to indication that have stolen ownership, of the computer and its resourced. It is a term taken from military themed video games. Non-repudiation is the process of showing legitimacy of the transaction, email or information. A digital signature, or other method is used to press a computer version of a wax seal onto the document to authenticate it. Of course its far more sophisticated than wax and a ornate impression, but it server the modern digital equivalent.
Many Internet protocols have an inherent anonymous trust. The computers don't check to see who its from, only that it conforms to it's software requirements. Packets of information that get on the internet get sent to their destination very reliably, most traffic is accepted blindly and delivered to its destination. Except only for intentional roadblocks and protection technologies that destroy unsolicited or undesirable packets of information, most traffic is accepted blindly and delivered. Special protocols have been created to overcome this and use methods to validate the source of the information. They use non-repudiation to insure that the information comes from a valid source. IPSec, Virtual Private Networks, Secure Shell, and HTTPS (SSL) protocols provide varying levels of protection.
Certificate technologies have been developed as a method to add a level of trust to the protocols and the internet. Computer and User certificates will enhance computer integrity and security by refusing or restricting unsigned information or data. This serves to harden the communications technology from attack, and provide traceability against hostile computer activity. This technology has gained wide use, has proven very reliable. Has extended to new application. There are many areas that could benefit from adoption of this technology.
System Integrity
Many strategies have been developed to protect computers from malware. Malware are, Computer Virus, worms and othetr similar such destructive code. All of these strategies should be continued to be advanced. It is one mater to have the technology and another to deploy it. Three fundamental strategies are:
Detecting Malware -. This has a solid track record, but is reactive in nature, Signature updates, must be distributed before software can detect the ever alarming rate of new variants. In many situations this is the only available option, and is highly successful in cleaning Data received from the Internet. Heuristic approaches, that analyze computer code for suspicious signs, have gained some ground over the years, but have proven technically challenging to implement, they still hold much promise. This detecting for malware is widely used and for the most part successful. It does have as a prerequisite that the software is known to be malignant, sleeper code is a difficult threat.
Integrity monitoring – This is the opposite approach, detecting and verifying known good signatures. The challenge here is maintaining a database of what is good or safe code, and minimizing false alerts.
Signed Code -- Techniques
It is becoming obvious that another strategy will become vital, that is that should be considered, and developed is the signed code algorithm. Personal computer software is constructed from the most of the same building blocks as the next software Program files, and other related files. An integrity algorithm should be deployed to government computers to minimize the load time and performance degradation that is involved with scaning strategies. This technique protects systems from rare, but file corruption problems, which can be difficult to find.
Secure by Default
Many PC’s are sold on the market that are not patched or secured, in the belief that the manufacturer and vendor will not have liability due to a security breach. Consumer and small business computer should be sold and provided in the opposite mode. Personal computer should be deployed in a secure condition. Services and functionality should be secure and disabled by default, and the new owner user should be given an easy to use utility to enable what features he needs. The idea that features and functions for computers should be enabled as needed is wise policy and should be advanced on to prevent malware from getting a foothold. The Federal Agency (DISA) already produces Vulnerability scanning software; this technology could be advanced and made more available. Standards and advances in this technology would enable computer companies to evolve this to a common practice.
Internet Version 6
The current version of the Internet that is use in the USA is based on an old protocol standard. While this was suitable for much of the growth of the internet, The Cyber IT needs of the have outgrown it. As a security measure IPv6 will serve us well, however as a strategic mater, the USA is falling behind the world in capability by delaying the upgrade. The global internet is only completely accessible via IPv6 network now. There are parts of the internet, that the US in its myopic way has lost, and as time goes on that portion of the internet that is inaccessible to the majority of businesses and households is growing.
The current standard the rest of the world is using is a new architecture and design. This new version is Internet Protocol version 6 (IPv6) The US Agencies, companies and organizations need to convert their systems to this new protocol. Major changes were made that eliminate the weaknesses of the antiquated protocol. As much as possible, and as rapidly as feasible the IPv4 systems should be upgraded or replaced. This strategically increase the accessibility to the Entire Internet and keep the US at least in step with the rest of the IT world.
Signed email
Email presents a common vector for the distribution of Malware, virus, scams, and other despicable email. Unsolicited Commercial Email (UCE) Malware and take advantage of the anonymity of the standard Internet Email protocol. And advancement that should be adopted to eliminate this weakness would be the wide spread adoption of Cryptographic signatures for email. All email could be processed much more efficiently if a Signature is placed on legitimate email that can be nearly instantly validated and delivered. We are granted free speech by the constitution, but not anonymous speech. Other better methods exist for legitimate Anonymous speech.
Retire antiquated IT
Agencies are still deploying PC’s with Windows XP, and have delayed plans almost indefinitely to upgrade. While Windows XP is a solid reliable old workhorse, it was written and developed well before the war of data was near the level it is today. This product is EOL in 2013. Newer technologies, as well as methods of backwards compatibility exist, that make this dithering fertile ground for exploitation.
Newer operating systems have been designed and created with a security designed at the core, and potentiality for the future.
Secure baseline computers.
Redundant work is done to secure PC’s computers when the are purchased, and many agencies have their own way of securing systems, many best practice time and effort is wasted to reproduce the same product. Secure standard system images should be centrally developed and made available for agencies to work with. By aggregating the resources and knowledge, a much superior secure IT platform could be established for the Federal government and other agencies that would benefit from the power to purchase at scale that would enable manufacturers to better serve a common platform of millions, rather than many thousands of different diverse configurations. This would also allow for rapid response to new threats.
Having a common platform and hardware control is a necessary as advanced techniques such as JTAG hacks, Thumb drive and other Cyber-attacks Develop, and mature.
DOD has fallen victim once already of thumb drive vulnerabilities, and responded by banning a useful technology. This is a strategy that has limit to it, and exacts a price on the productivity. While ultimately this is the only wise choice the DOD could make, it is a destructive choice if adopted on a larger scale.
IT secret service (ITSS)
Enforcement is in many regards reactive, and needs to become much more proactive. Much as postal mail fraud has inspectors to investigate and correct suspicious activities, the internet in its international scope needs to have a Supranational Internet Inspector General, to provide enforcement of the integrity of the internet in the interest of humanity. Respecting the sovereignty of nations is crucial, while maintain political neutrality to the organizations of the world. They should facilitate the ongoing patrol and sentry of the Internet. Assist in the technical enforcement and identification of offenders and collaborators. Offenders that are complicit, unwitting, computer, or human.
Sanction against IT terror hosting Organizations.
Internet sanctions have happened before with devastating effects, such actions must be considered, in ways that prudently serve the integrity and progression of technology and the internet. These actions should be performed with prudent deliberation and with sound judgment as possible.
New strategies exist that take this idea and leverage it for proactive control of the integrity of the network. They work on the action of licensure and leasing. A computer applies for the permission to connect to the internet, and this is granted after the pre-requisite conditions are met.
There are technologies that could leverage a lesser level of sanction, for network immunity. This system, blocking and reaction to malevolent or unapproved behaviors could go a long way to provide a intelligent self-protecting capability to the internet. Such technology could serve organizations of all sizes, and would benefit from the advice of the ITSS above.
The Great Firewall question
China has taken the bold move to enforce censorship on the internet, and has established the ethical quandaries for the corporations free societies, how to respect Chinese sovereignty, while maintaining the ethics of a company from a democratic republic.
The Chinese government is trying to block information which is computer data that they see as dangerous. This is a seed for something greater. There are hostile entities attacking the US, and infrastructure technology needs to be implemented to protect the US network infrastructure. There are systems on the internet, that necessarly perfom these functions, and have been evolving. It's not simply a matter of supression of information, but defense of infrastructure.
What can Technology and systems develop to protect against the dangerous and destructive information and hackers communicating across political boundaries. This is a hard problem that could if prudently designed guard against terrorist and malevolent forces.
The future
New concepts and methodologies concepts are developed constantly in the IT realm. Wisdom and insight is needed to cultivate new IT paradigms, as Computer technologies have repeatedly proven to the scientific realm, to consistently defy conceived limitations, and be one of the dangerous ideas.
Conclusion
We stand at the horrible crossroads of an indescribable amazing future, or a tragedy of a dark age. The choices we make now need to be prudent and wise, and provide a nurturing environment for the innovation of the Internet and a hindrance to the evils. Wisdom and constructive imbalance towards supporting innovation are paramount to achieving a great destiny.
A great hope is that many organizations, out of self-preservation have deployed and developed some of the technologies above, and evolution and improvement of them is well underway. As the cyber battleground changes and grows, all who depend on computer technology will need to be ever better soldiers. The war will never be won, but the price of the future is eternal vigilance.