As attacks increase, U.S. experts struggle to keep the virtual domain open yet secure
Havoc
The potential devastation from a cyber attack could equal the damage from a weapon of mass destruction.
* The possible consequences keep the director of national intelligence "up at night."
* Officials fear encryption and codes are becoming less effective defenses.
* The new National Cyberspace Response System is beefing up its threat analysis and incident response system.
* One roadblock: Quickly obtaining access approval from civil authorities.
Cyberspace is the virtual space where communications and computers operate, but there is nothing virtual about the imminent threat it poses to military and intelligence communities.
Cyberspace provides a medium for organized attacks on U.S. infrastructure from a distance, and enables attackers to cover their identity, location and method of attack. And as the sophistication and availability of cyber technologies grow, so does the concern of senior U.S. officials about the potential devastation a cyber attack may pose.
In fact, this worry literally keeps Mike McConnell, director of national intelligence, "up at night."
The damage likely to be wrought by a cyber attack is comparable to an attack on U.S. interests by a weapon of mass destruction, McConnell said at an April government employee conference in Washington, D.C.
To build an effective national cyberspace response system, the Department of Homeland Security (DHS) and Department of Defense (DoD) are engaging in unprecedented information sharing and coordination among dozens of federal agencies to work with public, private and international entities to secure cyberspace and, in consequence, America's cyber assets.
Monitoring the cyber domain creates a paradox for government authorities.
"Information is considered power, and power is not something to be yielded freely," John G. Grimes, assistant secretary of defense for networks and information integration, told the House Armed Services Committee March 28. "To operate our enterprise network we must ensure that data is accessible, reliable and available whenever and wherever it is needed - while at the same time protecting our network against an adversary who is determined to exploit the cyberspace arena."
"It's a growing threat every day in the cyber domain," Navy Rear Adm. Kendall Card, director of Command and Control Systems for the North American Aerospace Defense Command (NORAD) and U.S. Northern Command (NORTHCOM), said at the Navy League's Sea-Air-Space Exposition last month. "Plain hackers and folks from outside our country are definitely interested in gaining information from our networks."
Though the bulk of cyber assaults are against commercial interests, an increasing number of attacks against government networks are shedding light on the lethality virtual tools could have on the physical world. Although financial consequences are the most immediate and observable impact of cyber assaults, McConnell said, "the right time, right place, right reason" for a cyber attack on national security would have an even more "overwhelming and devastating impact."
NORTHCOM and NORAD are partnering with the Coast Guard, National Guard and other military agencies to track cyber attacks as they relate to potential kinetic attacks.
Similar to police sting operations, all agencies have contributed cyber security experts to monitor and investigate minor cyber incidents, look for trends or patterns, and determine the intention of cyber attackers, their identity and purpose for exploiting cyberspace in relation to national and homeland security.
But a key limitation to predicting and preventing cyber incidents is the relative nascence of the cyber domain and sensitivity of information gathering. Much of the research and trend analysis is classified, but a senior intelligence official speaking to Seapower on the condition of anonymity, said encryption, securing data with passwords and hard-to-decipher codes, is the primary method used to prevent cyber attacks.
The frequency of attacks on government networks is increasing exponentially, the official said, and "the sheer quantity and diversity of attacks" makes encryption techniques less effective than tracking and backing up information to provide a timely response option to the modern cyber threat.
The uniqueness of tracked attacks creates multiple dilemmas for federal authorities trying to patrol the cyber domain. Military authorities are primarily concerned about highly coordinated and organized attacks capable of destroying the nation's critical infrastructure and national security. The official said the ability of a cyber attacker to carry out such an attack requires extremely high technical sophistication.
"This is an area where things are changing day to day," he said. "We need to keep it classified because when we know about vulnerabilities they're used against us."
Take, for instance, the April conviction of former Navy contractor Richard Sylvestre, who programmed and launched malicious code to shut down the Navy's Naples, Italy, command center last May.
Disgruntled by the rejection of his proposal to provide network administration services for the Navy European Planning and Operations Command Center, Sylvestre, according to court documents, sabotaged the center's network, causing three computers to shut down before an administrator prevented the attack from reaching two other computers.
Sylvestre's code targeted computers used to monitor locations of ships, submarines, cargo and underwater obstructions. Though his actions caused no injuries, a large-scale cyber attack on the maritime domain command-and-control infrastructure could cause vessel collisions, jeopardize secure communications between ships or, ultimately, provide the opportunity for kinetic attacks to be waged on military or civilian populations.
DHS and DoD are combining efforts to "think ahead" on cyber security for government networks, but attacks on civil and commercial networks have a profound effect on national security and government operations, said Rich Affeld, NORTHCOM deputy director for information and operations.
Disgruntled by the rejection of his proposal to provide network administration services for the Navy European Planning and Operations Command Center, Sylvestre, according to court documents, sabotaged the center's network, causing three computers to shut down before an administrator prevented the attack from reaching two other computers.
Sylvestre's code targeted computers used to monitor locations of ships, submarines, cargo and underwater obstructions. Though his actions caused no injuries, a large-scale cyber attack on the maritime domain command-and-control infrastructure could cause vessel collisions, jeopardize secure communications between ships or, ultimately, provide the opportunity for kinetic attacks to be waged on military or civilian populations.
DHS and DoD are combining efforts to "think ahead" on cyber security for government networks, but attacks on civil and commercial networks have a profound effect on national security and government operations, said Rich Affeld, NORTHCOM deputy director for information and operations.
DHS stood up its National Cyber Security Division to protect cyber infrastructure. The division has two overarching objectives: to build and maintain a cyber response system and implement a cyber-risk management program for protection of critical infrastructure.
The division created the National Cyberspace Response System for around-the-clock coordination of leadership, processes and protocols to determine the federal response as cyber incidents arise.
Key resources include a cyber preparedness and alert system, allowing computer users to receive current information about patches and solutions to exploitable vulnerabilities in their computer system, an operations program responsible for analyzing and reducing cyber threats by disseminating information and coordinating response activities, and a Cyber Cop Portal, which coordinates with law enforcement to capture and convict those responsible for cyber attacks. More than 5,300 investigators worldwide use Cyber Cop.
Additionally, the cyber security division has included 13 federal agencies to act as a principal mechanism for cyber incident response. In the event of a cyber attack disrupting national infrastructure, this group will lead federal coordination, including information dissemination, law enforcement and the intelligence community, Affeld said.
A cyber attack would cascade across the economy, imperil public safety and endanger public safety, according to Crosscutting Programs, a perspective paper analyzing President Bush's 2008 budget proposal. As technology advances for the sake of efficiency, the vulnerabilities for exploitation also increase, the paper said.
The present problem in mitigating the impact of cyber attacks is "we know we're going to be late," Affeld said. "We can't do anything to respond to attacks without the appropriate permissions from civil authorities.
"The military doesn't have any responsibility for civil or commercial networks, even though it's our backbone," he said.
DHS stood up its National Cyber Security Division to protect cyber infrastructure. The division has two overarching objectives: to build and maintain a cyber response system and implement a cyber-risk management program for protection of critical infrastructure.
The division created the National Cyberspace Response System for around-the-clock coordination of leadership, processes and protocols to determine the federal response as cyber incidents arise.
No comments:
Post a Comment