The ThreaT To am

erica’s NeTworks HIDDEN DANGER

The ThreaT To america’s NeTworks

FINDINGs IN BRIEF

•Digitalnetworksarethenervoussystemofourcivilization,essentialtocommerceandculture.Theentireeconomy,frombankingtoutilitiestomanufacturingtohealthcare,reliesoninternet-stylecommunications.Eventhemilitaryhasreorganizedforwhatitcalls“network-centricwarfare.”

•Buttheinternetempowerseverybody,includingcriminalsandforeigngovernmentsintentonweakeningAmerica.Asdigitalnetworkshaveproliferated,sohasmalicioussoftwaredesignedtoexploitthenetworksfordestructivepurposes.Internetpredatorsareincreasinglycapableandsophisticated.

•Cyberthreatsarenowsocommonthattheyposearealdangertonationalsecurity.Networksmustbesecuredagainstintrusion,otherwisethenationriskssevereeconomicdamageandpotentialdefeatatthehandsofothercountries.Buttheanonymityoftheinternetimpedeseffortstodeteranddestroythreats.

•Thefederalgovernmenthastakenanumberofstepsaimedatcombatingthreatstodigitalnetworks,includingaComprehensiveNationalCybersecurityInitiativelaunchedin2008.However,thecurrentfederalframeworkfordealingwithcyberthreatsisfragmented,andcannotkeepupwithemergingdangers.

•Thenewadministrationwillhavetodeterminewhethercurrentcyber-securityeffortsaresufficient,oradditionalresourcesarerequired.Itwillalsohavetodecidewhetherthecurrentfederalframeworkforaddressingcyberthreatscandothejob,andifnothowtotapmoreagilesourcesofexpertiseinthemarketplace.

•ThisreportprovidesaconciseoverviewofemergingthreatstoAmerica’snetworksandthefederalresponse,highlightingkeyissuesforthenewadministration.ItwaswrittenbyDr.LorenThompsonoftheLexingtonInstitutestaff.

1

The ThreaT To am

erica’s NeTworks HIDDEN DANGER

HIDDEN DANGER: THE THREAT To AmERIcA’s NETwoRks

Inthe20yearssincethecoldwarended,theworldhasbecomeconnectedinwaysitneverwasbefore.Abreakthroughcalledtheinternethasintegratedpreviouslyisolatednetworksintoasingleglobalwebthatanyonewithacomputercanenter.Thetechnologythatmadethispossible,calledinternet-protocolcommunications,hastorndownthebarriersthatonceimpededinteractionamongdiverseandscatteredusers.Asaresult,theworldhasbecomeamoreopenandproductiveplace.Peoplewhooncehadlittlesayinhowtheirsocietyoperatedhavebeenempowered,andopportunitiesforenrichmentofeverykindhavemultiplied.

Buttheparadoxoftheinternetisthatindeliveringpowertotheedges,ithasalsodeliveredpowertothefringes.Predatorsofeverypersuasionnowhaveaccessandoptionstheyneverwouldhaveenjoyedinthepast.Someareagentsofforeigngovernmentsseekingtosubvertdemocracy,orstealitssecrets.Othersarecriminals,cultmembers,transnationalterroristsornihilisticvandals.Allhavediscoveredthattheinternetprovidesapotentialpathwaytotheirgoals.Andincreasingly,itisinformationnetworksthemselves--thenervoussystemofourcivilization--thatsuchactorsseektotarget.

Mostinternetusershavesomeawarenessofthisproblem,sincetheyencounteritintheformofspyware,virusesandotheronlinenuisances.Butthemostdisturbing“cyber”threatsarelargelyinvisibletothegeneralpublic,becausetheyinvolveattacksonspecializednetworksusedbythearmedforces,healthcareprofessionals,airtrafficcontrollers,financialinstitutions,publicutilitiesandheavyindustry.Eachofthesevitalcomponentsinmodernsocietynowreliesoninternet-protocolcommunicationstorunefficiently,andinmostcasesthenewtechnologywasassimilatedwithoutacarefulassessmentofitsvulnerabilitytoattackbyoutsiders.

ThisreportprovidesanoverviewofthethreattoAmerica’sinformationnetworks,especiallythenetworksoperatedbythefederalgovernment.Itbeginsbyexplainingthespectrumofcyberthreatsthenationcurrentlyfaces,andthendetailsthepotentialconsequencesformilitary,civilandcommercialnetworks,theavailableremediesfordealingwiththedanger,andthestepsthegovernmenthastakentodateinimplementingsaidremedies.Itconcludeswithaseriesofrecommendations,themostimportantofwhichisthatgovernmentrecognizeitslimitationsandturntotheprivatesectorformostoftheexpertiseneededindefeatingcyberthreats.

Top TEN cyBER sEcuRITy mENAcEs oF 2008 (sANs INsTITuTE)

1.Web-siteattacksonbrowservulnerabilities,especiallybytrustedwebsiteswhereusershaveahighexpectationofeffectivesecurity.

2.Increasinglysophisticateduseof“botnets,”compromisedcomputersthathavebeennetworkedforillegitimatepurposeswithoutuserknowledge.

3.Verylarge-scaledatatheftbywell-resourcedpredators,includingorganizedcrimesyndicatesandforeigngovernments.

4.Attacksonmobilephones,whichbecauseoftheircomputingandnetworkingfeaturesaresusceptibletoviruses,wormsandotherthreats.

5.Insiderattackslaunchedbytrustedemployees,whocancircumventsecuritysystemsdesignedtocopemainlywiththreatsfromoutsiders.

6.Advancedidentitytheftbypersistentbotnets,wheremaliciousprogramscollectpersonalinformationoverextendedperiods.

7.Increasinglycapablespywarethatsecretlymonitorsuseronlinebehavior,whileprotectingitselffromdetectionanddeletion.

8.Exploitationofprogrammingerrorsonwebsites,enablingcriminalstopenetrateorganizationsandillegitimatelygeneratefinancialgains.

9.Sophisticated“socialengineering”attacks,inwhichonlinepredatorsmanipulateusersintodivulgingsensitiveinformationbyexploitingcognitivebiasesorcharacteristics.

10.Supply-chaininfectionofcomputers,resultingfromunwittingdistributionofmalicioussoftwarebyretailersonitemssuchascompactdisksandthumbdrives.

3

The ThreaT To am

erica’s NeTworks HIDDEN DANGER

THE NATuRE oF THE THREAT

Networksofonesortoranotherhaveexistedsincethedawnofcivilization.Digitalnetworks,though,arearelativelynewthing.Whetherwiredorwireless,digitalnetworksalloperateusingbinarycomputercode--thelanguageofonesandzerosthatisthefoundationforsoftware.Thebasicarchitectureoftheinformationageconsistsofcomputernodeswheredigitalinformationisstoredandused,andlinksthatconveythatinformationbetweennodes.Whenagroupofnodesandlinksareorganizedtoaccomplishsomesharedpurpose,theybecomeanetwork.

Theinternetcodesdigitalinformationsothatitcantraversemanydifferentnetworksasiftheywereasingleunifiedweb.Originallyconceivedtomaintainconnectivityinwartime,itgrewintoaworldwidephenomenonwhentoolsbecameavailablethatmadeiteasyforpeopletouseinternet-protocolcommunicationstosendoraccessinformationanywhereanetworkconnectionexisted.Unfortunately,predatorsquicklylearnedhowtoemploythenewtoolsfortheirownpurposes.Thus,fromtheearliestdaysoftheinformationage,therehasbeenconcernaboutsecuringtheinternetagainstthosewhowouldmisuseit.

Concernaboutcybersecuritygrewasinternet-stylecommunicationsbecamethepreferredmeansofconductingcommerce,governanceandotherformsofsocialinteraction.Today,digitalnetworksaresoubiquitousthattheirsuddendisappearancewouldleadtoeconomiccollapse,andyetmanypeoplearebarelyawaretheyarerelyingonnetworkswhentheyturnonthelights,gotothegrocerystoreorseekmedicalcare.Butthesamefeaturesthatmakedigitalnetworkspervasiveineverydaylifealsomakethemreadyconduitsforviruses,wormsandotherformsofmalicioussoftwarethatcandestroythewealthandwelfareofunsuspectingusers.Moreominously,cleverattackerspotentiallycanmanipulatethesystemsoitceasestofunctionentirely,leadingtowidespreaddeprivation,disorderandevendefeatatthehandsofaforeignpower.

Recenttrendsintheevolutionofcyberthreatshaveledmanyexpertstobelievethedangerisgrowingworse.First,malicioussoftwareisproliferatingatsuchanalarmingratethatnewapplicationsmayoutnumberlegitimatesoftwarereleases.Second,asthesemaliciousprogramsaresharedontheinternet,predatorsarebecomingmoresubtleandsophisticatedintheirefforts.Third,attacksincreasinglyseemtobeoriginatingfromwell-resourcedoperatorssuchasgovernmentsratherthandisaffectedfreelancers.Andfourth,thetoolsforcombatingthreats--fordetectingandblockingandtracingattacks--arenotkeepingupwiththedanger.

cyBER sEcuRITy TERms AND coNcEpTs (wIkIpEDIA)

Malicious software,or“malware,”iscomputercodedesignedtoinfectsystemswithouttheinformedconsentofusers.Amongthemostcommontypesofmalicioussoftwarespreadontheinternetarespyware,virusesandworms.Maliciouscodecanpenetrateacomputerthroughbothnetworkconnectionsandplug-indevices,andoncedownloadeditoftenisdifficulttodetectorremove.

Spywareismalicioussoftwaresurreptitiouslyinstalledoncomputersthatmonitorsuserbehaviorandpotentiallyaltersthewayinwhichcomputersfunction.Amongotherthings,spywaremaylogwhichwebsitesarevisited,collectpersonalinformation,installadditionalsoftwarewithoutuserknowledge,redirectbrowseractivityandevenchangecomputersettings.

Virusesareself-replicatingcomputerprogramsthatattachthemselvestootherprogramsandthenspreadamongcomputersvianetworkconnectionsorplug-indeviceswithoutuserawareness.Theirnamederivesfromtheeasewithwhichtheycanbespread,andtheharmfulconsequencestheyoftencauseincomputersonwhichtheyhavebeendownloaded.Themostdestructivevirusesimpairkeyfilesandprogramssuchascomputeroperatingsystems.

Wormsareanotherkindofself-replicatingprogramthatspreadsovernetworkconnectionswithoutuserconsent.Unlikeviruses,wormsdonotneedtoattachthemselvestootherprogramsinordertospread.Beyondtheirabilitytospreadquickly,wormsoftencarrypayloadsofadditionalcodethatenablethemtomodifyinfectedcomputers,forexamplebydeletingfilesorinstalling“backdoors”thatallowremotecontrollerstousethecomputersformaliciouspurposes.

Botnetsarenetworksofsoftwarerobotsthatoperateautonomouslyincompromisedcomputers.Systemsthathavebeeninfectedinthisfashionaresometimescalled“zombie”computers,becausetheyarelinkedtogetherbyremotecontrollersformaliciouspurposeswithoutuserawareness.Atypicalbotnetincludesthousandsofcompromisedcomputersservingsomecommon,illegitimatepurpose,andbotnetscontainingoveramillioninfectedcomputershavebeenuncovered.

Phishingisaformofonlinefraudinwhichsensitiveinformationsuchaspasswordsandcredit-cardnumbersareobtainedbymisleadingusers.Themostcommonformofphishingistosendemailsorinstantmessagesdirectinguserstowebsitesthatelicitpersonaldetailsforcriminalpurposes.Phishingisfrequentlyemployedbypredatorsaspartof“socialengineering”strategiesforexploitingthecognitivebiasesofonlineusers.

5

The ThreaT To am

erica’s NeTworks HIDDEN DANGER

THE mIlITARy DImENsIoN oF DANGER

Inrecentyears,America’sarmedforcesandintelligenceagencieshavefacedrapidlyescalatingattacksontheirinformationnetworksfromcountriessuchasRussiaandChina,andfromavastarrayoflesscapableperpetrators.Thisfacetofthecyberthreatislargelyinvisibletothegeneralpublic,becausethegovernmentisnoteagertoadvertiseitsvulnerabilitiesorhowmuchitknowsaboutwhoismountingtheattacks.Onemeasureofthedanger,though,istheBushAdministration’sdecisiontolaunchaComprehensiveNationalCybersecurityInitiativetoprotectgovernmentnetworksduringitsfinalyearinoffice.Theinitiativewasreportedtobethebiggestnewiteminthefiscal2009intelligencebudget.

MilitaryplannersandintelligenceanalystshavelongknownthatadversarieswouldseektocompromiseU.S.networksinwartime.Theideaoftargetingkeynodesinenemynetworkshasalonghistorythatpredatestheinformationage,asreflectedintheplanoftheArmyAirForcestotargetelectricalgrids,refineriesandcommunicationnodesinWorldWarTwo.Buttheadventofdigitalnetworkshasaddedanewtwisttothisstrategy.Inthepast,themilitarywasconcernedmainlywith“kinetic”attacksonitsnetworksusinghigh-explosivemunitions,orgross“non-kinetic”effectssuchastheelectromagneticpulsegeneratedbynuclearblasts.Today,itmustalsoworryaboutmoreelusivedangerssuchasmalicioussoftwarethatunderminesthereliabilityandsecurityofvitalsystems.

Likecivilianusers,America’smilitaryhaseagerlyembracedthepromiseofinternet-protocolcommunications,identifyingmyriadwaysinwhichthenewtechnologymightenhancethesurvivabilityandeffectivenessofwarfighters.Butasthejointforcebecomesincreasinglynet-centric,italsobecomesmorevulnerabletocyberthreats.CyberoperativeshaverepeatedlypenetratedPentagonnetworksandothernational-securitysitessuchastheEnergyDepartment’snuclear-weaponslaboratories.Althoughmilitaryandintelligencenetworksaresupposedtobeisolatedfromtheinternet,itonlytakesoneintrusionviaacellphoneorlaptopcomputerforwholeorganizationstobepenetrated,andsuchattackscanbeexecutedanonymouslybypredatorsontheothersideoftheworld.

ThegreatestmilitarydangerraisedbycyberthreatsisthatAmerica’sarmedforcesandintelligenceagencieswilllosewhattheycall“informationdominance,”thecapacitytoassurefriendlyinformationflowswhileimpedingthoseofadversaries.Thatisarealpossibility,becausethebattleformilitarysupremacynowisconductedusingtoolsavailabletomanypotentialadversaries,andmilitaryorganizationsmaylacktheagilitytokeepupwithsuchadiverseandfluidthreat.Itishardtodeterattackswhentheirpointoforigincannotbeidentified,andharderstilltoknowhowcompromisedkeynetworksmaybeuntilthemomentwhentheyaremostneeded.Whatcanbesaidwithcertainty,though,isthatvirtuallyallofAmerica’senemiesgrasphowimportantdigitalnetworksaretotheeffectivenessofthejointforce.

cyBER sEcuRITy mIlEsToNEs

1986:FirsttruecomputervirusoriginatesinLahore,Pakistan.

1988:Firstwell-knownworm,calledInternetWorm.

1997:Presidentialcommissionproducesfirstauthoritativepublicassessmentof cyberthreats.

2000:ClintonAdministrationissuesfirstnationalplantoaddresscyberthreats.

2001:PresidentBushsignsexecutiveordermakingcybersecurityanationalpriority.

2002:Federalcyber-securityactivitiesconsolidatedundertheDepartmentof HomelandSecurity.

2003:WhiteHouseissuesNationalStrategytoSecureCyberspace.

2004:U.S.ComputerEmergencyReadinessTeambeginsEinsteininitiativetotrack cyberthreats.

2005:ChinesePeoplesLiberationArmybeginsincludingnetwork-attacktacticsin militaryexercises.

2006:JointChiefsofStaffpublishesNationalMilitaryStrategyfor CyberspaceOperations.

2007:ChinesehackerspenetratenetworksinPentagonandnationallab;Estonia’s networksdegradedbyRussiancyberattacks.

2008:BushissuesdirectivesestablishingComprehensiveNationalCybersecurity Initiative;RussianinvasionofGeorgiaprecededbycyberattacks.

7

The ThreaT To am

erica’s NeTworks HIDDEN DANGER

THE EcoNomIc DImENsIoN oF DANGER

TheinformationagehasbroughtaboutamassivetransformationoftheAmericaneconomy.Workersaremoreproductive,bordersaremoreopen,relationshipsaremorefluidandthepaceofbusinessactivityismuchfaster.Thefoundationformostofthesechangesisaglobalinfrastructureofinformationnetworksthathasobliteratedgeographical,organizationalandtechnologicalbarrierstoefficiency.Everymajorindustryhasassimilatedinternet-protocolcommunicationsintoitsoperatingproceduresasawayofsavingmoneyandstayingcompetitive.Asaresult,theentireeconomyisnowsodependentondigitallinksthatitcouldnotfunctionwithoutthem.

Becausethistransformationhasunfoldedovertwodecadesinmanydifferentways,mostcitizensdonotgraspjusthowdependenttheyareoninformationsystems.Forexample,iftheinformationinfrastructurewereseverelycompromised,telecommunicationsandelectricitygridswouldceaseoperating,foodsupplieswouldbecomedepleted,financialtransactionswouldbeunexecutable,andairtrafficcontrolwouldbenearlyimpossible.Oneexperthascomparedthefailureoftheinformationinfrastructuretothesimultaneousarrivaloffiftymajorhurricanesintermsofhowdisruptiveitwouldbetothenationaleconomy.

Againstthisbackdrop,therapidproliferationofcyberthreatsandtheapparentadoptionbysomecountriesofinformationwarfareasanationalstrategyisverytroubling.Mostofthenation’seconomicinfrastructureincludingtheinformationgridsisprivatelyowned,andtherearelegalbarrierstodeterminingpreciselyhowvulnerablepartsofitmaybe.ExperimentsconductedbytheDepartmentofHomelandSecurityhavedemonstratedhowinternetpredatorsmightpenetrateutilitiesandshutthemdown,butnoonereallyknowsthedegreetowhichpotentialadversariesarealreadypoisedtodoso.EvenwhenitcanbeproventhatelectronicattacksondomesticnetworkswerelaunchedfromplaceslikeChina,thereisnosurewayofknowingwheretheyactuallyoriginated.

Thechallengeofguardingnetworkssupportingthenationaleconomyisexacerbatedbythemyriadwaysinwhichdigitaloperatingsystemsandapplicationsmightbecompromised.Malicioussoftwareisbeinggeneratedanddisseminatedonsuchavastscalethatevenwhenitisdetected,thereoftenisnoimmediateremedyfortheproblem.Theinternetissoubiquitousandanonymousthatthereisnopracticalwayofsuppressingsuchsoftwarewithoutseverelyimpairingthefunctionalityofthewholesystem,whichitselfcouldbecomeasignificantburdentotheeconomy.Nonetheless,manyexpertsfearthatitisjustamatteroftimebeforecyberpredatorsdoseriousdamagetothenationaleconomy,andsomecontendthatisalreadyhappeningtoday.

cyBER ATTAck cAsE sTuDy (NEw yoRk TImEs)

•Thefederalgovernment’sOakRidgeNationalLaboratory,whichisengagedinnuclearresearch,reportedinDecemberof2007thatitsinformationnetworkshadbeentargetedbyaseriesofsophisticatedcyberattacks.

•Theattacks,whichbeganonOctober29,2007,consistedofsevenseparate“phishing”emailsdisguisedasofficialmessagesandotherprofessionalcommunicationsthatweresenttoatotalof1,100OakRidgepersonnel.

•Whenopened,theemailswouldautomaticallydownloadprogramsontousercomputersthatcollectedspecifictypesofinformationsuchaspasswordsandsenttheinformationtowhoeverinitiatedtheattack.

•ThefraudulentemailsweretracedtowebsitesandinternetaddresseslinkedtoChina,butthosemayhavebeenonlythelast“jump”inaseriesofrelaysdesignedtohidethetruesourceoftheattacks.

•AboutonepercentofOakRidgepersonnelreceivingtheemails--11outof1,100--openedthem,butofficialssaidthosebreachesweresufficienttoallowinfiltrationofnetworksandtheftofdata.

•Noclassifiedinformationappearedtohavebeenstolen,inpartbecausetheattacksweretargetedtoprivate-sectornetworksassociatedwithOakRidgeratherthaninternallaboratorynetworksinsulatedfromtheinternet.

•TheU.S.ComputerEmergencyReadinessTeam(US-CERT)thatinvestigatedtheincidentsissuedanadvisorystatingthattheattackswerehighlysophisticatedintheirtargetingandcoordination.

•However,privateexpertsnotedthatsuchphishingincidentsareextremelycommonontheglobalinternet,andthatperpetratorshavebecomeverycleverinconstructingdeceptivemessagesandprograms.

•Nodefinitivedeterminationwasevermadepublicconcerningwholaunchedtheattacksandwhattheirmotivewas,leavingobserverstospeculatewhetheritwastheChinesegovernment,someothergovernmentorinternetcriminals.

9

The ThreaT To am

erica’s NeTworks HIDDEN DANGER

DEFENsEs AGAINsT cyBER ATTAck

Findinglastingsolutionstothedangerposedbycyberthreatsisanextremelycomplicatedchallenge.Thethreatstakemanyforms,andareconstantlyevolving.Thecyberspacedomaininwhichtheyunfoldisanarchicandanonymous,sprawlingacrosspoliticalandgeographicalboundariesinamannerthatdefiesregulation.Manyoftheremediesproposedtolimitabusesalsolimitthefreedomofusers.However,ifthefederalgovernmentcannotfindaworkableapproachtodeterringanddefeatingcyberthreats,thenAmericamaybeunabletosustainitsmilitaryandeconomicedgeintheinformationage.

Mostexpertsagreethatafewbasicprinciplesarecentraltoanyeffectivedefense.First,usersmustbeawareofthedangerandtrainedtoavoidcreatingvulnerabilitiesthatcanbeexploitedbypredators.Second,accesstosensitivenetworksmustbecontrolledbylimitingpointsofentry,blockingorfilteringtrafficthroughthosepoints,andinstitutingrigorousauthenticationproceduresforlegitimateusers.Third,networksoftwareandproceduresmustbecontinuouslyupdatedtoeliminateweaknesses,andtestedtoassuregapshavebeensuccessfullyclosed.Fourth,theremustbeamechanismamongnetworkadministratorsforsharinginformationaboutthreatsthatprovidestimelyandusefulwarningofdanger.Fifth,defensivemeasuresmustbesensitivetothemissionsofusers,sothattheydonotimpairnetworkfunctionalityintheprocessofprovidingprotections.

TherespectedSANSInstituteusesasix-stepframeworkforexplaininghowcyberincidentsshouldbeaddressedthatbeginswithbeingprepared,andthenproceedsthroughidentificationofdanger,containmentofthethreat,eradicationofthethreat,systemrecoveryandfollow-up.Eachofthesestepsmayentaildozensofdiscreteactionsaimedatdetecting,characterizing,isolatingandsuppressingthedanger,andthenrestoringthenetworktoitsbeginningstate.Expertstypicallystresstheimportanceofbeingpreparedbeforeanattackoccurs,andconductingpost-mortemstoderiveusefullessonsabouthowdangerscanbeminimizedinthefuture.Militaryexpertsalsoemphasizetheimportanceofdevelopingoffensivecybercapabilitiesasawayofdeterringorcounteringattacks.

Whilethegenericmeasuresnecessarytocopewithcyberaggressionareeasyenoughtoidentify,applyingthemtospecificthreatsandmissionareascanbedevilishlydifficult.Effortstodosohaverevealedanumberofchronicproblemsthatpolicymakersmusteventuallyaddress.First,vitalnationalnetworksaresobalkanizedamongmilitary,civilandcommercialoperatorsthatitisdifficulttoenforceanyparticularstandardwithregardtocyberdefense.Second,theinabilitytotraceattacksmadeovertheinternettotheirpointoforiginseverelyhamperseffortstodeterorpunishpredators.Third,networkadministratorsseldomhavethesortofenterprise-wideviewoftheirinformationassetsneededtofashionadurableandcompletesecurityregime.Finally,governmentbyitsnatureisnotwellequippedtokeepupwithsuchafluidandmultifacetedchallenge.

cyBER DEFENsE pRoDucTs AND pRocEssEs (lockHEED mARTIN)

Security ASSeSSment

•Dataanalysis•Penetration&vulnerabilitytesting•Certification&accreditation•Compliancemanagement•Riskassessment

intruSion Deterrence

•Awareness&training•Identity&accessmanagement•Authenticationprocedures•Biometrics•Encryption

intruSion Detection

•Networkmonitoring•Modeling&simulation•Datafusion•Intrusiondetection•Command&control

intruSion reSponSe

•Forensicanalysis•Reverseengineering•Disassemblers•Informationoperationsmetrics•Tracing&attribution

SyStem reconStitution

•Systembackup•Loadbalancing•Designredundancy•Recoverable&self-healingsystems•Virtualization

11

The ThreaT To am

erica’s NeTworks HIDDEN DANGER

FEDERAl oRGANIzATIoN FoR cyBER DEFENsE

Thefederalgovernmentacquiredmostofitsinformationnetworksonapiecemealbasis,withoutmuchthoughtastohowthepartsmightonedayfittogetherorhowenemiesmighttrytoexploitthem.Thegovernment’srecenteffortstoorganizeforcyberdefensehavebeenhamperedbythefragmentedcharacteroffederalinformationsystems.Thisproblemiscompoundedbythefactthatmanynetworksvitaltotheeconomyareintheprivatesector,andthelegalauthoritiesforimplementingsecuritymeasuresthereareincompleteatbest.

Withinthefederalgovernment,mostofthefundingallocatedtoinformationsecurityandoffensivecyberoperationsisspentbyagenciesoftheDepartmentofDefense.ThebiggestplayeristheNationalSecurityAgency(NSA)atFortMeade,Maryland,whichsincetheearlydaysofthecoldwarhasbeenengagedincollectingandanalyzingsignalsintelligence.NSAappearstohaveleadresponsibilityforsecuringallintelligencenetworks,anditsharesexpertisewiththeDefenseInformationSystemsAgencythatoverseesmilitarynetworks.U.S.StrategicCommandistheleadcombatantcommandresponsibleforinformationoperationsandcybersecurity.Inaddition,eachofthemilitarydepartments--theArmy,NavyandAirForce--hasadedicatedcommandformanaginginformationnetworksandassuringtheirsecurity.

Althoughitreceivesmuchlessmoneyfornetworkoperationsandsecuritythanthedefensedepartment,theDepartmentofHomelandSecurity(DHS)istheleadfederalagencyforcoordinatingnationalcyber-defenseinitiatives.DHSmaintainsaNationalCyberspaceResponseSystemthatincludestheU.S.ComputerEmergencyReadinessTeam,orUS-CERT,thebestknowndomesticrespondertocyberincidents.ANationalCyberSecurityCenterwasrecentlyestablishedwithinDHStooverseetheComprehensiveNationalCybersecurityInitiativebegunbytheBushAdministrationinearly2008.Thatinitiative,whichextendsovermanyyearsandentailsdozensofdifferentprojects,issupposedtointegratethesecurityeffortsofbothdefenseandcivilagenciesinaddressingallofthegovernment’scybervulnerabilities.

However,asthisbriefdescriptionoffederalorganizationforcyberdefensedemonstrates,thestructureofthegovernmentdoesnotlenditselftotimelyandconsistentimplementationofnetwork-securitymeasures.Thethreatisevolvingtoofast,andontoomanyfronts.Clearly,nosingleagencycanaddresstheentirecyberchallenge,becauseitcrossesallorganizationalandoperationalboundaries.Variousdepartmentsoragenciesmaywishtoleadthecyber-securityeffort,buttheylacktheauthoritytodirectactionsbyorganizationsoutsidetheirbudgetorchainofcommand.OnlytheWhiteHousehasthepowertoleadsuchamultifacetedundertaking,andtheNationalSecurityCouncilisthelogicalmechanismwithintheWhiteHouse.WithoutWhiteHouseleadership,bipartisansupportandpublicawareness,itisunlikelythatAmericacandefeatthedangertoitsvitalinformationnetworks.

cyBER INsIGHTs

In the last century, geographic isolation helped protect the United States from a direct physical invasion. In cyberspace national boundaries have little meaning. Information flows continuously and seamlessly across political, ethnic, and religious divides. Even the infrastructure that makes up cyberspace -- software and hardware -- is global in its design and development. Because of the global nature of cyberspace, the vulnerabilities that exist are open to the world and available to anyone, anywhere, with sufficient capability to exploit them.

NationalStrategytoSecureCyberspace,2003

Our information infrastructure -- including the internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries -- increasingly is being targeted for exploitation and potentially for disruption or destruction, by a growing array of state and non-state adversaries. Over the past year, cyber exploitation activity has grown more sophisticated, more targeted, and more serious. The Intelligence Community expects these trends to continue in the coming year.

DirectorofNationalIntelligenceAdm.MichaelMcConnell,2008

We need to prevent terrorists or spies from hacking into our national security networks. We need to build the capacity to identify, isolate and respond to any cyber attack. And we need to develop new standards for the cyber security that protects our most important infrastructure -- from electrical grids to sewage systems, from air traffic control to our markets.

President-ElectBarackObama,2008

13

The ThreaT To am

erica’s NeTworks HIDDEN DANGER

PRINTEDINTHEUNITEDSTATESOFAMERICA

NOVEMBER2008

IssuEs FoR THE NEw ADmINIsTRATIoN

In2008,theBushAdministrationbeganaComprehensiveNationalCybersecurityInitiativethatwilleventuallyspendover$10billionstrengtheningdefensesofgovernmentnetworks.Duringthatyear’spresidentialcampaign,SenatorMcCainnotedthegrowingmilitaryroleofinformationoperations,whileSenatorObamastatedthatthegovernmentneededtobuild“thecapacitytoidentify,isolateandrespondtoanycyberattack.”Itappearsthatnationalleadersgrasptheimportanceofnetworksecurityandinformationassurance.Butseeingtheproblemisn’tthesamethingassolvingit.Beforethatcanoccur,thereareeightbasicquestionsthenewadministrationneedstoanswer.

1.Docurrenttrendsincyberthreatsindicatethenationfacesarealcrisisofconfidenceinitsnetworks,orareeffortslikethecomprehensivecyber-securityinitiativesufficienttodealwiththechallenge?

2.Givenhowimportantglobalconnectivityistoinformationsuperiority,isitpossibletosecureessentialnetworkswhilestillmaintaininglinkstotheanarchicandanonymousinternet?

3.Willtheinternetinitscurrentformeverpermituserstotracesophisticatedattackstotheirsource,sothatabusescanbeeffectivelydeterredand/ordefeated?

4.Whatlegalauthoritiesarerequiredsothatthegovernmentcanovercomebarrierstodealingwithattacksoncriticalprivate-sectornetworks,andestablishconsistentsecuritystandards?

5.Whatistheproperrelationshipwithinthegovernmentbetweennetworkdefenseandoffensiveinformationoperationsinformulatinganintegratedcyber-securityposture?

6.Howcanthegovernmentencourageaholistic,enterprise-wideunderstandingofitsnetworkresourcesandchallenges,sothatsolutionsaredevelopedinatrulycomprehensiveratherthanpiecemealfashion?

7.IstheDepartmentofHomelandSecurityanappropriatevehicleformanaginggovernment-widecyber-securityefforts,orisamorefocusedorganizationbettersuitedtothetask?

8.Ifthegovernmentistooslowordecentralizedtokeepupwiththerapidproliferationofcyberthreats,howcanittapmoreagilesuppliersofnetworksecurityinthemarketplace?

Thesequestionsneedtobeansweredbeforethenationsuffersthedigitalequivalentofa9-11attackthatsomanyexpertshavebeenpredicting.Despitethegrowingarrayofproblemsassociatedwithusingandsecuringinternet-stylenetworks,virtuallynobodyinthegovernmentthinksitisdesirabletoreturntoapre-internetwayofdoingbusiness.Sotherealissuepolicymakersfaceinmeetingthecyber-securitychallengeisn’twhethertheycanlivewithoutdigitalnetworks,buthowtheypreventAmerica’senemiesfromusingthosenetworksagainstus.

1600WilsonBoulevard•Suite900•Arlington,Virginia22209

tel703.522.5828•fax703.522.5837

www.lexingtoninstitute.org•mail@lexingtoninstitute.org