4.018 terrorism prevention: cyber - county · 2018-06-08 · security 89 th annual west texas...

89TH ANNUAL WEST TEXAS

COUNTY JUDGES AND

COMMISSIONERS ASSOCIATION

CONFERENCE

Thursday, April 26, 2018

9:50 – 10:40 a.m.

“4.018 Terrorism

Prevention: Cyber

Security”

Dr. Danny W. Davis

Senior Lecturer

Texas A&M University

4/11/2018

1

http://www.businessdayonline.com/wp-content/uploads/2017/06/internet.jpg

Cyber Threats:Implications for the

Present and the Future

89th Annual West Texas County Judges and Commissioners Association Annual Conference

Dr. Danny W. DavisBush School

Texas A&M universityApril 26, 2018Frisco, Texas

Agenda1. Purpose

2. Vignette

3. Definitions

4. National Policy

5. Agencies

6. Trends

7. Events

8. Challenges

9. Programs of Interest

10. International

11. Implications for Texas Counties

12.Summary

In 1845, how long did it take for the mail to get from the east coast to California?

Six months by sea; either by sailing to isthmus of Panama or around the Tierra del Fuego. What/when was the next improvement?

By 1860, the Butterfield Stage Line was making the trip from St. Louis through El Paso to California in 25 days.

4/11/2018

2

Purpose

A general overview of how cyber threats jeopardize public and private affairs…

…and discuss possible recommendations on how to mitigate negative consequences.

Vignette

https://www.youtube.com/watch?v=9SeJJh-a-tg

Vignette

https://www.youtube.com/watch?v=9SeJJh-a-tg

Questions & Answers

Q: Is the Federal government prepared to defend its cyber borders?

A: Perhaps.

Q: Are State governments prepared to defends their cyber borders?

A: Maybe in some areas (e.g. infrastructure), maybe not in other (e.g. voting systems).

Q: Are Local governments prepared to defend their cyber borders?

A: Maybe.

Q: Can all echelons respond and recover from cyber threats?

A: Maybe, but not if it manifests physical destruction (e.g. Stuxnet), or strategically cripples private companies with the intent to destroy economies.

Q: Is a cyber attack grounds for war?

A: Great question!

Q: What does this mean for the public administrator?

A: Learn and prepare!

4/11/2018

3

What is cyberspace? “A global domain within the information environment consisting of the interdependent network of IT infrastructures, including the Internet, telecomm networks, computer systems, and embedded processors and controllers.” (DoD, Joint Publication 3-12)

http://wp.production.patheos.com/blogs/asenseofplace/files/2013/09/cyberspace.png

Is there another element of this “space”?

Human Beings

Cyberinfrasturcure

“Cyberinfrastructure consists of computing systems, data storage systems, advanced instruments and data repositories, visualization environments, and people, all linked together by software and high performance networks to improve research productivity and enable breakthroughs not otherwise possible”.Indiana Universityhttp://grids.ucs.indiana.edu/ptliupages/publications/paper_what_is_cyberinfrastructure_penultimate_really.pdf

Cyber Definitions

➢Cyber infrastructure➢Cyber war

infrastructure

4/11/2018

4

Blowup M4 Sherman tank

The Trojan Hoss

Campfires as deception

Confederate on guard at a “Quaker gun” battery, 1861

The Domains of Warfare

http://geographicalimaginations.com/tag/cyberspace/

Human

What is Cyberwar?“Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation's computers or information networks through, for example, computer viruses or denial-of-service attacks”. (RAND)

http://www.rand.org/topics/cyber-warfare.html

http://lubyanka.org/news/2011/01

“War is the continuation of politics by other means.”-Carl Von Clausewitz

4/11/2018

5

Points for Discussion• Cyberattacks are only possible due to vulnerabilities in systems

• Targets must be accessible and have vulnerabilities

– And those must be exploited.

• Cyberwar can then result as these vulnerabilities are exploited

• Cyberattack effects are temporary

– First priority is to decide if further attacks are coming

– Second‐ make it look like effects were minimal

– Third‐recover, re-establish capability

Coding PSAA 608 • Any written language uses symbols (A,1,#), but computers send signals in

1s and 0s (bits).

• Each written character needs a bit code in order to be used by a computer. A set of these codes for a language is called a coding scheme.

• A byte is one character (usually 7‐8 bits)

• Main character codes in North America:

– ASCII: American Standard Code for Information Interchange, originally used a 7‐bit code (128 combinations), now 8‐bit version is used (256).

– EBCDIC: Extended Binary Coded Decimal Interchange Code, an 8‐bit code developed by IBM.

8-bit ASCII – binary conversion PSAA 608

• 01000001 A • 01000010 B • 01000011 C • 01000100 D • 01000101 E

• http://www.tpub.com/neets/book22/94a.htm

4/11/2018

6

Coding Video

https://video.search.yahoo.com/video/play;_ylt=A2KLqIPuP6BWbQMA8XIsnIlQ;_ylu=X3oDMTByN2RnbHFoBHNlYwNzcgRzbGsDdmlkBHZ0aWQDBGdwb3MDMw--?p=computer+coding&vid=0e05949e8658dc951ce919fbd3584040&turl=http%3A%2F%2Ftse4.mm.bing.net%2Fth%3Fid%3DOVP.V6633021a8061b90776e99be306434822%26pid%3D15.1%26h%3D168%26w%3D300%26c%3D7%26rs%3D1&rurl=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWOhAA0kDtuw&tit=Computer+coding+concepts+explained&c=2&h=168&w=300&l=102&sigr=11bgn8air&sigt=112u21f8t&sigi=13152qc74&age=1441044111&fr2=p%3As%2Cv%3Av&fr=yhs-mozilla-003&hsimp=yhs-003&hspart=mozilla&tt=b

National PoliciesThere are dozens of laws, directives, and strategies

related to cyber defense in place.

Important ones are;➢ Quadrennial Defense Review 2014

Establishes a new formalized role for DoD with respect to the cyber domain

➢ The Cybersecurity Act of 2015○ Requires federal agencies to work with private entities in order to

transform their relationships into partnerships➢ DHS Strategic Plan 2012-2016

○ Protection of US cyber domain is one of the top 5 DHS priorities

National Security Strategy December 2017o IMPROVE ATTRIBUTION, ACCOUNTABILITY, AND RESPONSEo ENHANCE CYBER TOOLS AND EXPERTISE:o IMPROVE INTEGRATION AND AGILITY

Federal laws and policies affecting cybersecurity include:

BECAME LAW

- Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, May 11th, 2017

- Policy. The executive branch operates its information technology (IT) on behalf of the American people. Its IT and data should be secured responsibly using all United States Government capabilities. The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises. In addition, because risk management decisions made by agency heads can affect the risk to the executive branch as a whole, and to national security, it is also the policy of the United States to manage cybersecurity risk as an executive branch enterprise.

- H.R.1616 — 115th Congress (2017-2018) Strengthening State and Local Cyber Crime Fighting Act of 2017

- This bill amends the Homeland Security Act of 2002 to authorize a National Computer Forensics Institute within the U.S. Secret Service for FY2017-FY2022. The institute shall: (1) disseminate information related to the investigation and prevention of cyber and electronic crime and related threats; and (2) educate, train, and equip state, local, tribal, and territorial law enforcement officers, prosecutors, and judges.

- H.R.3364 — 115th Congress (2017-2018) Countering America's Adversaries Through Sanctions Act

- The bill provides sanctions for activities concerning: (1) cyber security, (2) crude oil projects, (3) financial institutions, (4) corruption, (5) human rights abuses, (6) evasion of sanctions, (7) transactions with Russian defense or intelligence sectors, (8) export pipelines, (9) privatization of state-owned assets by government officials, and (10) arms transfers to Syria.

- H.R.244 — 115th Congress (2017-2018) Consolidated Appropriations Act, 2017

- Provides appropriations to the Department of the Treasury for Departmental Offices, including: the Cybersecurity Enhancement Account.

4/11/2018

7

Federal Agencies

cyberwar

cybersecurity

The OSI model is used as an understanding of how computer networks operate and communicate. Using this ISO standard, organizations can understand where vulnerabilities may exist within their infrastructure and apply controls appropriately.

Message Transmission Using Layers PSAA 608

https://www.youtube.com/watch?v=QSIPNhOiMoE

Internet of Things (IoT) – IBM

4/11/2018

8

By 2020, experts forecast that up to 28 billion devices will be connected to the Internet with only one third of them being computers, smartphones and tablets.

The remaining two thirds will be other “devices” – sensors, terminals, household appliances, thermostats, televisions, automobiles, production machinery, urban infrastructure and many other “things”, which traditionally have not been Internet enabled.

https://datafloq.com/read/internet-of-things-more-than-smart-things/1060

Smart Things

The National Science Foundation (NSF) is paying for the Taj network that has expanded to the Global Ring Network for Advanced Application Development (GLORIAD), wrapping another ring of light around the northern hemisphere for science and education. Taj now connects India, Singapore, Vietnam and Egypt to the GLORIAD global infrastructure and dramatically improves existing U.S. network links with China and the Nordic region.

https://www.quora.com/Is-it-safe-to-browse-the-dark-web

The Web

https://www.torproject.org/about/overview.html.en

The Onion Router (ToR)• Gateway to Deep and Dark Web• Prevents people from learning your location or

browsing habits.• For web browsers & instant messaging clients.• Free and open source for Windows, Mac, Linux/Unix,

and Android

4/11/2018

9

A Type of Attack

• Watering Hole –

In such an attack, the target is a particular group (company, industry, even a region). The attacker determines the websites most often used by a group of users and infects one or more of them with malware.

Types of Security Events

• Exploit- an attempt to take advantage of a vulnerability to gain access to a system or get it to accept rogue instructions

• Thousands of exploits exist

• A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack.

• To identify, system administrators must look in log files

Types of Security Events

• Internal threats

– Some consider this to be the most serious

– Need inside help to attack closed systems

– Two ways to get in closed systems:

• Recruit insiders

• Manipulate the supply chain to get access to components and manipulate them

– 1980s – CIA altered program that controlled system controllers installed to run natural gas network system of Soviets. Programmed malfunction led to huge pipeline explosions

– We now worry about other nations since they supply so

many electronic components

4/11/2018

10

Hacks, Attacks, or Security Events can have these effects:

• Most common goal of hacking is to steal data

- referred to as CNE (computer network exploitation)

-Unauthorized access can

lead to:

1) Disruption

Loss of capacity,

causes errors, etc.

2) Corruption; data and

algorithms changed

Adversaries

• Criminals

• Hackivistists

• Terrorists

• Insiders

• Nation States

Cyberterrorism, FBI’s definition:

• “premeditated, politically motivated attack against computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine [hidden, illegal] agents.”

• Four requirements to meet definition (according to Dimov):

- use of electronic equipment;

- target critical infrastructure;

- attack is on electronic equipment;

- initiator of the attack must be labeled a terrorist.

30

PSAA 608

4/11/2018

11

Centralized and Decentralized – At the Same Time!

Marketing Jihad“It’s not about ideals – 90% of them never subscribe to the ideals – it’s other factors that are a draw. This is the new rock and roll; jihad is sexy.”

Abu Muntasir, the “godfather” of the British jihadi movement.

4/11/2018

12

Jihadi Celebrities

ISIS’ social media use glorifies jihad and martyrdom, allowing nobodies to become instant heroes.

Wanted Cyber Criminals

https://www.fbi.gov/wanted/cyber

Evgeniy Mikhailovich Bogachev $3,000,000

Nicolae Popescu$1,000,000

Alexsey Belan$100,000

Peteris Sahurovs$50,000

Shaileshkumar P. Jain$20,000

• Anonymous claim that everyone with a voice is anonymous, it is not a group or movement, anonymous is an idea, an idea of exposing corruption within the system.

• An international network of highly skilled hackers that operate on ideas rather than directives, and utilize cyber terrorism as a means to accomplish their political ideology.

• The organization has a completely decentralized command structure.

Anonymous – who are they?

4/11/2018

13

• Freedom, Justice, against all “oppression”, revolution against corruption.

• Means: Information: End: freedom from corruption and oppression.

• Pro-life tactics; attack without killing, contrasts with modern terrorism.

• Information wants us to be free – the internet is the means to expose corruption and restrict organizations of oppression.

• Targets have included, but are not limited to; government agencies such as FBI and CIA, copyright protection agencies, child pornography websites, Ferguson Police Department, HBGary Federal, Westboro Baptist Church, MasterCard, PayPal, the Vatican, and many others.

Anonymous – Ideology and Targets

• During the aftermath of the Michael Brown shooting in Ferguson, MO, Anonymous released a video warning to the Ferguson Police Department and the KKK.

• The video was published after the group launched a denial of service attacks to take down a site associated with the KKK and seized two Twitter accounts

• The actions were in response to deadly threats the white supremacist group made to demonstrators in Ferguson.

• The video contained the following message; “To the KKK and police, be peaceful or you will face the consequences. To the protesters, do not be afraid. We are here for you and will protect and serve you. We are the law now.”

Anonymous – Ferguson, MO

• Only two suspected members have been Identified – Julius Kivimäki, a 16 year-old Finish teenager and Vinnie Omari, a 22 year-old from the United Kingdom.

• Lizard Squad took down the PlayStation and Xbox networks, using a denial of service attack, by breaching Sony and Microsoft networks, then argued online that the companies should do more to protect their systems.

• The attacks occurred on Christmas day 2014, peak time for gamers trying out their new games.

• The attacks eventually paused after Omari and his friends received 'Mega-privacy vouchers' from multimillionaire investor and Mega founder Kim Dotcom. The vouchers could quickly be sold on an underground black market. The estimated value of the vouchers was $300,000

Lizard Squad

4/11/2018

14

• Prior to the Christmas day attacks, the group claimed responsibility for attacks on Blizzard and Playstation Network earlier in 2014, as well as grounding Sony Online Entertainment President John Smedley’s flight after issuing a bomb threat.

• Lizard Squad also took responsibility for taking down North Korea’s Internet, and targeting the Vatican. The group had been teasing plans to target PSN and Xbox Live for months

Lizard Squad

• The CCC is a part club, part interest group, based in Germany.

• Considered the EU's largest hacker association.

• The 34 year-old group charges dues, holds annual conferences and boasts members who are highly placed in German technology companies.

• Most recently, the CCC received attention for claims that it can breach the new iPhone’s fingerprint security system by taking a photo of a person’s hand.

• Unlike most hacking groups, the CCC has a dedicated website, with information concerning the majority of their activities – http://www.ccc.de/en/

Chaos Computer Club (CCC)

• The security firm CrowdStrike gave the name 'Deep Panda' to one of the hacking groups supposedly affiliated with the Chinese government.

• The secretive nature of the organization makes attack attribution difficult, however the group has been tied to cyberattacks on U.S policy think tanks and experts on the Middle East and Australian media outlets.

• Deep Panda were reportedly responsible for the Anthem data breach, which exposed the personal information of more than 80 million insurance policyholders. The cyberattack put Anthem customers at risk for identity theft throughout their lives, and exposed many to subsequent phishing attacks from fraudsters around the world.

Deep Panda

4/11/2018

15

• The Syrian Electronic Army claim to be a group of Syrian youths who could not stay passive towards the massive distortion of facts about the current events in Syria.

• The SEA is divided into three areas; Social Media, Hacking Attacks and leaking files of Syrian enemies.

• Although the SEA claim they have enough power and experience to operate independently, it is common belief that the Syrian government provides the group with funding and equipment.

• The vision of the group is to provide useful experiences, so future generations who refuse to kneel to the West can form approaches to protect themselves.

Syrian Electronic Army (SEA):

Cyber Attack

Where did the term “robot” originate?

Where did this robot work?Rosie kept house for the Jetsons(1960s TV).

Law OneA robot may not injure a human being or, through inaction, allow a human being to come to harm.

Law TwoA robot must obey the orders given it by human beings except where such orders would conflict

with the First Law.

Law ThreeA robot must protect its own existence as long as such protection does not conflict with the First

or Second Law.

He proposed the Three Laws of Robotics. They are?

R.U.R. (Rossum's Universal Robots) was taken from the Czech word for slave labor, first used by a playwright Karl Capek in 1921.

Isaac Asimov first used the word in 1942 in his short story "Runabout.“

4/11/2018

16

• The FBI’s Internet Crime Complaint Center’s (IC3) analysts review individual complaint data, identifying and grouping complaints with similar information.

• These complaints are collated and referred to state, local, federal, tribal and international law enforcement for potential investigation.

Trends

https://www.fbi.gov/news/stories/ic3-releases-2016-internet-crime-report

Trends• Artificial Intelligence Smart Weapons

• Cyber Security Zero-Day Exploits

• Social Media Phishing and Identity Theft

• Crypto Currency Anonymous payments

• Dark Fiber Intranet for Infrastructure Insider threats

• Cloud Services Not physically secured

Sources: Federal Chief Information Officer Council, Microsoft, Future Today Institute, Deloitte

2017 Hacks and Attacks

Beware of new malware targeting Microsoft Windows vulnerability; 18 May 2017

https://www.staysmartonline.gov.au/alert-service/beware-new-malware-targeting-microsoft-

windows-vulnerability

Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain

by James Rothwell James Titcomb Cara McGoogan, 27 June 2017http://www.telegraph.co.uk/news/2017/06/27/ukraine-hit-

massive-cyber-attack1/

Massive cyberattack targeting 99 countries causes sweeping havoc, by Selena Larson@

selenalarson May 13, 2017

WannaCry hackers still trying to revive attack says accidental hero,

https//www.theguardian.com/technology/ 2017/may/22/wannacry-hackers-ransomware-

attack-kill-switch-windows-xp-7-nhs-accidental-hero-marcus-hutchins

Cyberattack Hits Ukraine Then Spreads InternationallyBy NICOLE PERLROTH, MARK SCOTT and SHEERA FRENKELJUNE 27, 2017

Equifax data breach: What you need to knowby Kaya Yurieff @kyurieff September 10, 2017:

4/11/2018

17

• Summer 2017 – World Hack using WannaCry by North Korea

• Summer 2015- 22.1 million people have their Office of Personnel Management records compromised. The attack is thought to come from China.

• March 2015- Primera Blue Cross says up to 11 million customers could have been affected by a breach that began May 2014 and was discovered January 2015.

• February 2015- Anthem Insurance reported that over 80 million records of current and former customers were accessed through

a breach.

• November 2014- A November, 2014 malware attack shut down corporate email at Sony Pictures for a week. It has been suggested that the attack have been from North Korean affiliated hackers, given North Korean anger over a then-upcoming Sony film.

Hacks and Attacks continued

Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon Copyright © 2014 by Kim Zetter. Published by Crown Publishers, an imprint of Random House LLC.

Stuxnet: Iran 2009-2010

Issues Challenging US Cybersecurity 1. Uncertainty of geographic location of perpetrators.

2. Evolving integration of mobile technology devices.

3. Introduction of new vulnerabilities.

4. Poorly coordinated federal-private sector coordination.

5. Legal ambiguities with respect to US response and offensive actions.

4/11/2018

18

Helpful Programs and

Useful Tools

52

Programs of Interest

• GenCyber - NSA and NSF Summer Program for Students and Teachers

https://www.gen-cyber.com/

• Congressional Cybersecurity Caucus News Round-up; Clips from around the globe, web and Hill…

Leiserson, Nick <[email protected]>

• FBI Infragard (Austin and Houston Chapters)

https://www.infragard.org/

• FBI Internet Crime Complaint Center (IC3)https://www.ic3.gov/default.aspx

• IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development

http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2007-12/ISPAB_Dec7-BOldfield.pdf

53


• Texas Cybersecurity, Education and Economic Development Council

http://dir.texas.gov/View-About-DIR/Pages/Content.aspx?id=23

• Texas Director of Information Resources

http://dir.texas.gov/View-About-DIR/Information-Security/Landing.aspx

• Texas A&M Cybersecurity Center, Email: [email protected]

979.845.7398; https://cybersecurity.tamu.edu/about-us/

54

4/11/2018

19


• DHS Cybersecurity site

https://www.dhs.gov/topic/cybersecurity

• DHS ICS-CERT

https://ics-cert.us-cert.gov/

55

Gen Cyber First Principles 6/14/16

https://quizlet.com/143361556/gen-cyber-first-principles-61416-flash-cards/

• Minimization

the goal is to simplify and decrease the number of ways the software can be exploited.

• Conceptually Simple

if something is less complicated, it's less likely to have problems and easier to troubleshoot and fix.

• Abstraction

a fancy word for summarizing or explaining in a way that can be easily understood.

• Data Hiding

any attempt to prevent people from being able to see information.

• Least Privilege

limits what access people have to your resources and what they can do with them.

56

Gen Cyber First Principles 6/14/16

https://quizlet.com/143361556/gen-cyber-first-principles-61416-flash-cards/

• Modularity

able to be inserted or removed from a project, each module has its own function, interchangeable with other modules.

• Layering

multiple layers of defense protect information. If one layer is defeated, the next one should catch it.

• Resource Encapsulation

resources-hardware, systems objects, or processes-must be separated and used as intended.

• Process Isolation

a process occurs when a task is executed. Keeping processes separate prevents the failure of one process from negatively impacting another.

• Domain Separation

separating areas where resources are located prevents accidents and loss of data, keeping information worlds from colliding.

57

4/11/2018

20

Seven Components to Cybersecurity

- Firewall

- Anti-Malware

- First Response Team

- Security Policy

- Layered Security Measures

- Cybersecurity Training

- Administrative Account Security

58

- Firewall

- Anti-Malware


- Security Policy




http://politicsprose.tumblr.com/post/97584738880/read-banned-books-the-lone-ranger-and-tonto

- Firewall

- Anti-Malware


- Security Policy




- Firewall

- Anti-Malware


- Security Policy




https://www.pinterest.com/sullivanmcgee/lost-in-space/

What Types of Technologies are We Loosing?Implications

Bottom Line• Learn about the threat• Prevent, Protect, Mitigate, Respond,

and Recover from the threat

Summary1. Purpose

2. Vignette

3. Definitions

4. National Policy

5. Agencies

6. Trends

7. Events

8. Challenges

9. Programs of Interest

10. International

11. Implications for Texas Counties

12.Summary

4/11/2018

21

COMMENTS & QUESTIONS

Cyber Threats: Implications for the Present and the Future

Danny W. Davis, Ph.D.Professor of the PracticeThe Bush School of Government and Public ServiceTexas A&M University830 [email protected]

4.018 terrorism prevention: cyber - county · 2018-06-08 · security 89 th annual west texas...

Documents