1.
Is cyberwarfare a serious problem? Why or why not?
Cyberwarfare poses a unique and daunting
set of challenges for security experts, not only in detecting and preventing
intrusions but also in tracking down perpetrators and bringing them to justice.
The most prominent threats so far include:
·
Successful attacks on
the FAA airline system, including one in 2006 that partially shut down air
traffic data systems in Alaska.
·
Intruders successfully
penetrated the Pentagon’s $300 billion Joint Strike Fighter project and stole
several terabytes of data related to design and electronics systems.
·
Cyberspies infiltrated
the U.S. electrical grid in April 2009 and left behind software programs whose
purpose is unclear.
·
In Iraq, insurgents
intercepted Predator drone feeds using software downloaded from the Internet.
·
An act of cyberwar against
a critical resource such as the electric grid, financial system, or
communication systems would likely be devastating.
2.
Assess the people, organizational, and technology factors that have created
this problem.
·
People:
For cybercriminals, the benefit of cyberwarfare is that they can compete with
traditional superpowers for a fraction of the cost of other types of warfare.
Because more and more modern technological infrastructure will rely on the
Internet to function, cyberwarriors will have no shortage of targets at which
to take aim. Users of targeted systems are still too careless about security
and don’t do enough to help protect sensitive systems.
·
Organization:
The U.S. has no clear policy about how the country would respond toa
catastrophic level of a cyberattack. Eventhough the U.S. Congress is
consideringlegislation to toughen cybersecurity standards, the standards will
likely beinsufficient to defend against attacks. The organization of U.S.
cybersecurity ismessy, with no clear leader among intelligence agencies.
·
Technology:
While the U.S. is currently at the forefront of cyberwarfaretechnologies, it’s
unlikely to maintain technological dominance because of therelatively low cost
of the technologies needed to mount these types of attacks.Secret surveillance
software can be installed on unprotected systems and canaccess files and e-mail
thus spreading itself to other systems. Tracing identities ofspecific attackers
through cyberspace is next to impossible, making deniability ofsuspected intruders
simple.
3.
What makes Stuxnet different from other cyberwarfare attacks? How serious a
threat is this technology?
Stuxnet different from other
cyberwarfare attack this is because stuxnet the software uses previously
unknown tricks to worm its way into industrial control systems undetected,
searching for a particular configuration that matches its target—at which point
it wreaks havoc by reprogramming the system, closing valves and shutting down
pipelines.A new software “worm” called Stuxnet (its name is derived from
keywords buried in the code) seems to have been developed to attack a specific
nuclear facility in Iran. Its sophistication suggests that it is the work of a
well-financed team working for a government, rather than a group of rogue
hackers trying to steal secrets or cause trouble. America and Israel are the
obvious suspects. But Stuxnet's origins and effects are unknown.
For security reasons SCADA systems are
not usually connected to the internet. But Stuxnet can spread via infected
memory sticks plugged into a computer's USB port. Stuxnet checks to see if
WinCC is running. If it is, it tries to log in, to install a clandestine “back
door” to the internet, and then to contact a server in Denmark or Malaysia for
instructions. (Analysis of traffic to these servers is continuing, and may
offer the best chance of casting light on Stuxnet's purpose and origins.) If it
cannot find WinCC, it tries to copy itself on to other USB devices. It can also
spread across local networks via shared folders and print spoolers. Stuxnet
seemed to be designed for industrial espionage or to allow hackers to blackmail
companies by threatening to shut down vital systems. WinCC is a rather obscure
SCADA system. And Stuxnet searches for a particular configuration of industrial
equipment as it spreads. It launches an attack only when it finds a match.
In each cyberwarfare incident, the
governments of the government of the countries suspected to be responsible have
roundly denied the charges with no repercussions. The real worry for security
experts and government officials is an act of cyberwarfaceagainst critical
resource, such as the electric grid, financial system, or communication
systems. In April 2009, cyberspies infiltrated the U.S electrical grid, using
weak points where computers on the grid are connected to the Internet, and left
behind software programs whose purpose is unclear, but which presumably could
be used to disrupt the system. The U.S has no clear strategy about how the
county would respond to that level of a cyberattack, and the effects of such an
attack would likely be devastating.
4.
What solutions have been proposed? Do you think they will be effective? Why or
why not?
Proposed solutions include the following
along with an assessment of their effectiveness:
·
Congress is considering
legislation that would require all critical infrastructure companies to meet
newer, tougher cybersecurity standards. As cyberwarfare technologies develop
and become more advanced, the standards imposed by this legislation will likely
be insufficient to defend against attacks.
·
Secretary of Defense
Gates ordered the creation of Cybercom, the first headquarters designed to
coordinate government cybersecurity efforts. It was activated in May 2010. It
will coordinate the operation and protection of military and Pentagon computer
networks. It will coordinate efforts to restrict access to government computers
and protect systems that run the stock exchanges, clear global banking
transactions, and manage the air traffic control system. Its ultimate goal will
be to prevent catastrophic cyberattacks against the U.S. Some insiders suggest
that it might not be able to effectively organize the governmental agencies without
direct access to the President, which it currently lacks.
·
Because spy agencies
like the CIA are prohibited by law from acting on American soil, some people
are proposing to entrust some of the cyberwarfare work to private defense
contractors. There is no effective way for a domestic agency to conduct
computer operations without entering prohibited networks within the U.S. or
even conduct investigations in countries that are American allies. Preventing
terrorist or cyberwar attacks may require examining some email messages from
other countries or giving intelligence agencies more access to networks or
Internet service providers.