Cyberwar and Social Impact

War tends to have significant social impact.  Even back in the days of civilized warfare (civilians from Washington DC went to view the first battle of Bull Run aka Manassas, they were caught in the retreat of the Union forces) there were significant impacts on Society.  In the recent issue of Technology and Society, authors Flowers and Zeadally outline the challenges faced by Cyberwarfare.

When is a cyber abuse an act of war?  The abusers include script-kiddies, criminals, corporate/national espionage, civil protests, up to nation state attacks sometimes accompanied by ‘kinetic’ battles.  Events may go undetected for extended periods, or may take out significant military or economic targets (such as the power grid.)  And identifying the source of an attack can be difficult, particularly if the attackers choose to make it difficult.

This paper outlines nation state attacks ranging back to 1982, when a Soviet pipeline was destroyed, up to fairly recent events.  It also provides a country of origin count for attacks in 2013 — with Russia leading (1.15 million) then the U.S. (.86 million), and in case you were wondering, China comes in at #8 (.25 million) after Germany, Taiwan, Bulgaria, Hungary and Poland. Of course the source country does not mean it is a state sponsored attack, nor does it mean that it is directed at military objectives nor might it damage persons or objects.

The NATO Cyber Defense Center of Excellence have sought to define cyber warfare in the recently published Tallinn Manual on International Law Applicable in Cyberwarfare.  But many of the potential “Perps” are not likely to pay much attention to International Law, and of course the response to a given attack becomes problematic if the source or responsible parties cannot be identified — “beyond a reasonable doubt.”

The paper concludes that cyber attacks are increasing.  Which leads to the question of what might be done … by technologists, by citizens or by nation states.  What evils are creeping across your part of the web?  What might we do about it?

 

7 thoughts on “Cyberwar and Social Impact

  1. In order for the nation to effectively figure out how to safeguard the nation’s critical infrastructure, government agencies, as well as the private sector, must come together to make it happen. Government agencies and the private sector must agencies should ensure that they comply with cyber security policies by training its employees, enhancing cyber security technology, and reporting suspicious computer network activities to the proper law enforcement and intelligence agencies. If the policies and procedures in place are not being followed, our nation will be in a way opening the doors to cyber war. Although not every attack on our nations critical infrastructure can be stopped, the nation can attempt to properly mitigate future attacks. The responsibility should also be placed on the nation’s citizen’s by educating everyone on the importance of the pernicious effects of cyber war. Many on the web take advantage of the easy access of the web, but often fail to take the proper precautions avoid opening those doors to hackers.

  2. In order for the nation to effectively figure out how to safeguard the nation’s critical infrastructure, government agencies, as well as the private sector, must come together to make it happen. Government agencies and the private sector must agencies should ensure that they comply with cyber security policies by training its employees, enhancing cyber security technology, and reporting suspicious computer network activities to the proper law enforcement and intelligence agencies. If the policies and procedures in place are not being followed, our nation will be in a way opening the doors to cyber war. Although not every attack on our nations critical infrastructure can be stopped, the nation can attempt to properly mitigate future attacks. The responsibility should also be placed on the nation’s citizen’s by educating everyone on the importance of the pernicious effects of cyber war. Many on the web take advantage of the easy access of the web, but often fail to take the proper precautions avoid opening those doors to hackers. For example, many do not effectively utilize basic work related flash drives causing major damage to an agencies infrastructure by allowing criminal like minded individuals access to confidential documents. On the other hand, one might not use proper judgement during their personal time outside of work as well such as banking.

  3. Even though cyber attacks are an imminent threat, it is important to know that safeguarding cyber infrastructure is as detrimental as ensuring critical infrastructure protection. The power grid is an asset that requires full protection especially against cyber attacks (Power Grid=Energy Sector). If the power grid is affected, the economy will suffer a great deal, socially, society on a whole will be susceptible to other vulnerabilities.

  4. As citizens many of the general population are not up to date on the internet. There will always be hackers and that something we can not help. We have to protect ourselves the best way we know how. Private companies need to be more cautious in how they handle our data. The governement and the private sector need to join each other in order to mitigate the situation for telecommunication purposes.

  5. As citizens many of the general population are not up to date on the internet. There will always be hackers and that something we can not help. We have to protect ourselves the best way we know how. Private companies need to be more cautious in how they handle our data. The governement and the private sector need to join each other in order to mitigate the situation for telecommunication purposes.

  6. The role of individual citizens as it relates to their individual and professional capacities in protecting against cyberwar attacks:

    In response to the question of what governments, the military, the private sector, and individual citizens have to do in protecting against cyberwar attacks, I would like to focus on what citizens can do. As individual citizens, we do have a responsibility to do our part in safeguarding the internet through protection of our personal computers and electronic devices at home, and compliance with established cyber-protection practices at work. Individual citizens should and must implement established computer practices such as utilizing effective cyber-protection programs on home computers and other personal devices.

    Additionally, in the professional arena, at work, employees must exercise strict adherence to cyber protection protocols in order to safeguard against cyber-attacks and disruption in the work environment. With regard to individual and professional practices, success in these areas is dependent upon effective training, cyber-awareness and actively following agency protocols on cyber-protection as well as applying the applicable principles of cyber-protection at home.

  7. Since ~2011, Cyber attacks have been examined through the Lockheed Martin “Intrusion Kill Chain” framework. This framework suggests that there are 7 critical phases in a cyber attack:

    • Reconnaissance: research, identification and selection of targets
    • Weaponization: joining remote access malware with delivery payload (overwhelmingly, Adobe & Microsoft Office vulnerabilities)
    • Delivery: transmission of malware via email, web browser or USB drives
    • Exploitation: code triggering within a proprietary network
    • Installation: creation of an exit strategy for external file dumps/downloads
    • Command & Control: external manipulation of internal malware
    • Actions on Objective: achievement of goals- exfiltration or destruction

    I would add another phase/step in the intrusion chain: trace skip erasure- the ability and activities of the perpetrators to cloak their identities and mask their electronic footprint. Through the relatively simple processes of proxy server usage and stolen/falsified credentials, many of the cyber attacks ascribed to “location” are largely decoy sites.

    For example, two well-known Black-POS exploits are RAM-scraping and Citadel. Ram-scrapper programs essentially decrypt information on “point of sale” system memory before transmission to third-party processors, collecting credit card information; Citadel steals password information. Collectively, these malware programs are responsible for some of the largest known and recent data breaches: Target, Home Depot and Staples. Once this information is accessed, the data become available for sale to the cyber criminal community on sites such as Rescator (rescator.c.c.). Rescator is an alleged Ukraine-hosted black site that is among the currently operating websites linked to this cyber crime enterprise. Other versions of Rescator still functioning, including rescator.co, are sites that bounce around cyberspace and ultimately point toward another site, octavian.su. At least one of these Rescator sites includes data dumps to virtual machines with ip addresses in the Maldives.

    What can be done? For starters, proprietary networks must adopt the strategies of their enemies: do not expose endpoints that reside in a protected network- especially SCADA systems. Every network should have a proxy network “out front”, in a virtual DMZ layer that will execute every network request and perform deep packet inspections to search for malware. Advanced Intrusion Detection algorithms, multi-factored authentication access to the proxy site and device registration requirements within this DMZ area, would further diminish the likelihood of a successful cyber attack.

    Following this DMZ/proxy installation, internal networks must be stratified. Operations and SCADA networks must be completely inaccessible from non-essential network traffic, and should ideally be “fronted” by a DMZ of their own. Lastly, networks should instantiate a security practice that requires the establishment of user credentials, network access permissions and behavioral analytics. By moving toward a policy whereby (1) every service request is (2) generated by a known user on (3) a registered device (4) for a particular “set” of services, an additional barrier would be established to safeguard against malicious attacks.

Leave a Reply