Homeland defence research agency directs attention to cyber security.Fearing the specter of crippling attacks on government and private sector computer systems, federal officials are stepping up efforts to foil cyber terrorism. A recent solicitation from the Department of Homeland Security's advanced research projects agency, HSARPA HSARPA Homeland Security Advanced Research Projects Agency , illustrates the weaknesses of current computer systems, and hints at technologies and approaches to shore up gaping vulnerabilities. A close reading of the solicitation illustrates DHS' concern over the lack of tools available to thwart hostile computer acts, whether it be a terrorist hacker manipulating valves at a natural gas refinery, a domestic agitator ag·i·ta·tor n. 1. One who agitates, especially one who engages in political agitation. 2. An apparatus that shakes or stirs, as in a washing machine. Noun 1. shutting down a government website or a strike at the national electric grid by a foreign power. The HSARPA proposal asks for solutions to a variety of urgent problems facing the entire private sector, as well as specific DHS DHS Department of Homeland Security (USA) DHS Department of Human Services DHS Department of Health Services DHS Demographic and Health Surveys DHS Dirhams (Morocco national currency) agencies. Awards will be given to those who can create tools and methods to measure the security of networks, tighten controls over wireless networks and enhance post-attack forensics See computer forensics. . HSARPA is reviewing research and development proposals, and will award $4.5 million in contracts by the end of this month, with an anticipated total of up to $15 million over three years. Many solutions available today are geared towards marketable products and not to guard critical infrastructure, said Mark Gembicki, program director of DHS' national cyber-security exercise and managing director of critical asset protection for Bearing Point Inc. "We need to listen to the needs of critical infrastructure and not the so-called needs of the vendors," he said. He added that much of the intelligence about terrorist networks indicates that they "are now planning physical and cyber attacks at the same time. We have to be able to defend ourselves against a blended attack." Infrastructure systems are vulnerable, many experts agree, because the focus on availability and accessibility has left the door open to abusers. Supervisory control and data acquisition (application) Supervisory Control and Data Acquisition - (SCADA) Systems are used in industry to monitor and control plant status and provide logging facilities. SCADA systems are highly configurable, and usually interface to the plant via PLCs. (SCADA (Supervisory Control And Data Acquisition) A process control application that collects data from sensors and machines on the shop floor or in remote locations and sends them to a central computer for management and control. ) systems provide real-time information to operators of vast networks that keep infrastructure moving, and nearly all use off-the-shelf, commercially available and therefore easy to hack software. "General purpose computers are increasingly being used for mission-critical tasks within critical infrastructures. Moreover, these systems are increasingly integrated into enterprise networks," according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. HSARPA documents. "These trends permit companies to leverage advances in commercial technology and more closely integrate business and production activities ... However, there is a concern that this has come at the price of increasing the vulnerabilities of these systems to network attack." Interoperability is a buzzword A term that refers to the latest technology or a term that sounds catchy. If not a flash in the pan, new technologies become mainstream. For example, Java was a hot buzzword in the 1990s, but should remain a major topic for decades. in Washington, D.C., but the concept is emerging in a new security environment. This delicate balance between security and accessibility is at the forefront of the government's strategy to secure cyber space for commerce and communication, said Tom Mazich, public sector chief for the computer security firm Symantec. "The days are gone of seeing a dosed, proprietary system," he said. "There's more and more pressure to move to a more open environment." But these open, off-the-shelf systems also must be secure; it's a conundrum that has vexed DHS in its research efforts. "How do you make security and operations come together?" Mazich asked. "These two areas have co-existed, but are now starting to converge." However, some newer technologies have outpaced security so thoroughly that HSARPA is trying hard to catch up. The wide-scale use of wireless networks worries the security-minded. Government has shown an inability to halt unauthorized wireless traffic and, even worse, encryption protocols "have not achieved consistent usage, or have failed to ensure their claimed security requirements," the HSARPA solicitation said. Wireless networks are an increasingly preferred method of controlling far-flung infrastructure systems. In the U.S. railroad system, for example, such devices are preferred to sending crews into remote regions to do hands-on work. Wireless SCADA systems are being used to monitor the health of the heaters that prevent tracks from freezing over during the winter. Wireless technology also is used to link security cameras, relay passenger information and serve as the backbone of the entire communications system In telecommunication, a communications system is a collection of individual communications networks, transmission systems, relay stations, tributary stations, and data terminal equipment (DTE) usually capable of interconnection and interoperation to form an integrated whole. . In other parts of the nation, wireless systems run water and wastewater systems, uranium mining Uranium mining is the process of extraction of uranium ore from the ground. As uranium ore is mostly present at relatively low concentrations, most uranium mining is very volume-intensive, and thus tends to be undertaken as open-pit mining. operations and natural oil pipeline pressure and flow rates. DHS is especially keen on improving wireless security since its inspector general released a report in June that lambasted the agency for a lack of control. "Although DHS security policy requires certification and accreditation for its systems to operate, none of the wireless systems reviewed had been certified or accredited accredited recognition by an appropriate authority that the performance of a particular institution has satisfied a prestated set of criteria. accredited herds cattle herds which have achieved a low level of reactors to, e.g. ," the report determined. "As a result of these wireless network exposures, DHS cannot ensure that the sensitive information processed by its wireless systems are effectively protected from unauthorized accesses and potential misuse." The solicitation seeks better hardware and software solutions to scan for unauthorized users on wireless networks. Also needed are methods to improve signal fingerprint analysis, which uses the signal's profile to locate and identify as it bounces to receivers. The disruptions uniquely mark a signal, much as the disruptions on a fingertip fin·ger·tip n. The extreme end or tip of a finger. can identify a person. The government's role in cyber security is not best geared towards protection, since about 85 percent of U.S. infrastructure is in private hands. What the government can do is punish transgressors--assuming they have the right tools to find them. A case called "Moonlight Maze Moonlight Maze is the U.S. government's designation given to a series of alleged coordinated attacks on American computer systems in 1999. The attacks were traced to a main frame computer in Moscow but it is not known if that is where they originated. " illustrates the limits of post-cyber attack forensics. In 2000, U.S. officials accidentally discovered a pattern of incursions against computer systems at the Pentagon, Energy Department, private universities and research labs. The probes began in 1998, and had been going undetected for nearly two years. The investigations led to dial-up Internet connections near Moscow, but attempts to trace the signal from there were unsuccessful. The classified case remains open, and the signals remain untraced. DHS splits post-attack forensics into two categories: Internet provider Internet provider - Internet Service Provider traceback and attack traceback. Both forms need improving, as current electronic traffic analysis and correlation methods are not robust enough to serve as next generation tracing systems, the report said. In Internet provider traceback, authorities must find computers that are being used for illicit hacking. Attack traceback is needed when one computer relays its commands through others, thus, forming an illicit network. Typical "degrading denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. " attacks use a master computer that controls thousands of other computers, called zombies Zombies Companies that continue to operate even though they are insolvent. Also known as living dead. Notes: It's advisable to avoid investing in zombies at all costs their life expectancies are highly unpredictable. , to flood systems and obscure the attacker's trail. Current IP traceback IP traceback is a name given to any method for reliably determining the origin of a packet on the Internet. The datagram nature of the Internet makes it difficult to determine the originating host of a packet – the source id supplied in an IP packet can be falsified (Internet systems can only identify the zombies. "Attack traceback schemes need to be robust in the face of encrypted traffic between masters and zombies," the solicitation said. HSARPA is seeking methods that can trace 100,000 or more zombies. Denial-of-service attacks are common and costly. In the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. , they can be prosecuted as a federal crime under the National Information Infrastructure Protection Act of 1996, with penalties that include imprisonment Imprisonment See also Isolation. Alcatraz Island former federal maximum security penitentiary, near San Francisco; “escapeproof.” [Am. Hist.: Flexner, 218] Altmark, the German prison ship in World War II. [Br. Hist. . Many other countries have enacted similar laws. Since these attacks use innocent, unaware host computers, creating tools for the entire Internet community is necessary, according to experts. Quality-of-service tools can help detect attacks, explains Xiaobo Zhou, of the department of computer science at the University of Colorado University of Colorado may refer to:
His platform classifies subjects according to their behavior. They are labeled normal, aggressive, suspicious or confirmed malicious. That assessment comes from two parameters: arrival rate and failure rate. "A worm-infected host has a much higher connection-failure rate when it scans the Internet with randomly selected addresses," he noted. "A normal host deals with valid addresses because of the use of domain name system (DNS (Domain Name System) A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. For example, when a Web site address is given to the DNS either by typing a URL in a browser or behind the ), assuming the DNS is not hacked." DNS stores information about host names, unique names by which a computer is known on a network. The hosmame is used to identify a particular computer in email, usenet sites, or other forms of electronic information exchange. "It is not necessary to create individual failure-rate and arrival-rate records for those clients which make a few failed connections occasionally or show temporary aggressiveness behaviors," Zhou said. "The approach will work particularly well in Internet services whose clients involve human interactions, such as e-commerce and web browsing, since there is great distinction among the arrival rate and failure rate of normal clients, aggressive clients, suspicious clients and confirmed attackers." DHS is not the only federal agency seeking advances in cyber security. A slew of other organizations are dedicating money to the effort, including the Air Force, Justice Department and intelligence agencies. The National Science Foundation's cyber trust program alone has dedicated $30 million for research, and NSF NSF - National Science Foundation also supports the effort through a number of other venues, such as its information technology research program. The president's fiscal year 2005 budget for the Department of Homeland Security Noun 1. Department of Homeland Security - the federal department that administers all matters relating to homeland security Homeland Security executive department - a federal department in the executive branch of the government of the United States earmarks $18 million for cyber security research. President Bush created the position of "cyber czar" to focus on the threat. However, the success of the effort has been marred by last year's resignation of the first cyber czar, Amid Yoran, who reportedly left the position in frustration. Under Yoran, DHS established a new cyber alert system, which sends e-mails to subscribers about major virus outbreaks and other Internet attacks as they occur, along with detailed instructions to help computer users protect themselves. It also mapped the government's universe of connected electronic devices, which is the first step toward scanning them systematically for weaknesses that could be exploited by hackers or foreign governments. The classified nature of the threat and the inability to assess blame has led to doubters. Indeed, a subculture subculture /sub·cul·ture/ (sub´kul-chur) a culture of bacteria derived from another culture. sub·cul·ture n. has grown in the tech world that states that the threat has been ginned up to exert government control over the Internet. But since 9/11, cyber terror has been treated as a more credible threat, and although there has been no organized assault, the intention to cause havoc via computer is documented. "Your systems are being attacked," observed Lt. Gen. Steven Boutelle, the Army's chief information officer, at a recent industry conference. In Islamic chat rooms, al Qaeda sympathizers swap "cracking" tools used to search computers, scan for security flaws and exploit them to gain entry. In testimony before the Senate, FBI employees stated that terrorist groups show great interest in developing basic hacking skills and predict that well-financed groups might hire experts to hack U.S. systems. In the summer of 2001, an FBI investigation found multiple intrusions of sites in major U.S. cities. Hackers looked up information about city utilities, government offices and emergency systems. The FBI believes the reconnaissance probes came from the Middle East and South Asia This article is about the geopolitical region in Asia. For geophysical treatments, see Indian subcontinent. South Asia, also known as Southern Asia . The seizure of computers in Pakistan revealed signs that terrorists are interested in using computer network disruptions to supplement conventional strikes, or as low-risk alternatives to physical attacks. Threats to cyber space include foreign powers. Since so much of the military's might relies on civilian run infrastructure, asymmetric warfare Asymmetric warfare originally referred to war between two or more actors or groups whose relative power differs significantly. Contemporary military thinkers tend to broaden this to include asymmetry of strategy or tactics; today "asymmetric warfare" can describe a military is a concern. Anthony Tether tether to tie an animal up by the head or neck so that it can graze but not move away. See also barton tether. , director of the Defense Advanced Research Projects Agency Defense Advanced Research Projects Agency (DARPA), U.S. government agency administered by the Department of Defense (see Defense, United States Department of). , said that, in today's battlefield, networks are becoming as important as weapons. "If anyone can take our network down, our effectiveness is down to zero," he told industry executives. In a 2004 report to Congress on the military power of China, Pentagon experts said that, before an attack on Taiwan, Chinese information operations Actions taken to affect adversary information and information systems while defending one's own information and information systems. Also called IO. See also defensive information operations; information; offensive information operations; operation. personnel or espionage agents would gain access to communication nodes for intelligence exploitation and disrupt critical infrastructure. High on the list, the report said, were the U.S. and Taiwanese power grids and vulnerable civilian telecommunications. "Exploiting other portions of the information operations spectrum through electronic warfare Noun 1. electronic warfare - military action involving the use of electromagnetic energy to determine or exploit or reduce or prevent hostile use of the electromagnetic spectrum EW military action, action - a military engagement; "he saw action in Korea" and denial and deception also could disrupt Taiwan's defenses, and attacks against unclassified un·clas·si·fied adj. 1. Not placed or included in a class or category: unclassified mail. 2. Defense Department computer networks related to logistics could delay U.S. efforts to intervene," the report stated. Such unconventional methods are part of the defense policy of China, with a proposed battalion-sized "Net Force" of computer experts who are trained for disruption and information gathering. The U.S. military has groups dedicated to protecting its cyber space. Network Enterprise Technology Command (Netcom) oversees the operation and protection of Army networks. When a vulnerability is exposed, either through diligence or by a hacker attack, a team from the Army's computer emergency response team at Fort Belvoir Fort Belvoir is a United States military installation and a census-designated place (CDP) in Fairfax County, Virginia, United States. The population was 7,176 at the 2000 census. , Va., is called into action. But since the attacks would be aimed at infrastructure, the private sector would be on the front lines. "DHS bears the responsibility of helping to secure a substantial portion of our nation's critical infrastructure but does not own or control it," the report said. Nudging chief operating officers Chief Operating Officer (COO) The officer of a firm responsible for day-to-day management, usually the president or an executive vice-president. to improve cyber security and increase the cost of doing business is a hard sell because it entails asking them to point out current weaknesses. Those weaknesses could be used in civil litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. , appear in Securities Exchange Commission documents, raise insurance rates, lower investment ratings and even result in fines for non-compliance, said Gembicki. The solution could be public-private partnerships that give companies some cover. The model for this, Gembicki said, is the Chesapeake Innovation Center, in Annapolis, Md., which provides business startups services and facilities, including cyber security solutions. Companies can come to the center and match their needs with a supplier, without reporting directly to the government. In the end, security has to take a back seat to private sector profitability. DHS' position is that a solution that hurts business is no solution at all. "When you look at cyber security, corporate security takes precedence over national security," Gembicki said. "I know it's a jagged pill that is hard to swallow, but it's true." |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion