Cybersecurity: Difference between revisions

From Cyberlaw: Difficult Issues Winter 2010
Jump to navigation Jump to search
No edit summary
Line 22: Line 22:
This vulnerability considers attacks upon the network itself. A clever hacker could shut down the internet itself in an extreme case, or more conservatively can re-route the internet to prevent users from getting where they need to go.   
This vulnerability considers attacks upon the network itself. A clever hacker could shut down the internet itself in an extreme case, or more conservatively can re-route the internet to prevent users from getting where they need to go.   


The internet is a large-scale decentralized network.  A packet sent from one computer to another may cross multiple networking administrative domains (called Autonomous Systems [AS]).  Internet routing includes two different systems: an intra-domain routing system and an inter-domain routing system. AS routes traffic within its infrastructure any way it likes, but all of the AS's coordinate inter-domain routing by running a [http://en.wikipedia.org/wiki/Border_Gateway_Protocol Border Gateway Protocol] (BGP) on routers that connect the AS's. The BGP computes routes between every AS and every IP address.  
The internet is a large-scale decentralized network.  A packet sent from one computer to another may cross multiple networking administrative domains (called Autonomous Systems [AS]).  Internet routing includes two different systems: an intra-domain routing system and an inter-domain routing system. AS routes traffic within its infrastructure any way it likes, but all of the AS's coordinate inter-domain routing by running a [http://en.wikipedia.org/wiki/Border_Gateway_Protocol Border Gateway Protocol] (BGP) on routers that connect the AS's. The BGP computes routes between every AS and every IP address.<ref name=BGP Background">[http://www.informs-sim.org/wsc04papers/038.pdf]J. Kim et al., A BGP Attack Against Traffic Engineering, PROCEEDINGS OF THE 2004 WINTER SIMULATION CONFERENCE 318 (2004).</ref>


To attack the network itself, however, it is then possible to cause a disconnect in the BGP-AS connection. The best example of an attack on internet as a network is such a BGP  attack: this kind of attack gained publicity through the recent incident in which Pakistan accidentally took down YouTube. See [[BGP Hijacking Pakistan YouTube Example]] for a more in-depth discussion.
To attack the network itself, however, it is then possible to cause a disconnect in the BGP-AS connection. The best example of an attack on internet as a network is such a BGP  attack: this kind of attack gained publicity through the recent incident in which Pakistan accidentally took down YouTube. See [[BGP Hijacking Pakistan YouTube Example]] for a more in-depth discussion.

Revision as of 13:56, 5 November 2009

SCOPE OF THE PROBLEM

According to the U.S. federal government, threats to cyberspace pose one of the most serious economic and national security challenges of the 21st Century.[1] An increasing number of state and non-state actors are now capable of targeting U.S. citizens, financial institutions, critical infrastructure, and government organizations. The Commission on Cybersecurity, established to advice President Obama in his new administration, stated the challenge: "America's failure to protect cyberspace is one of the most urgent security problems facing the new administration."[2] In fact, the intelligence community assessment is that already a number of nations have the capability to conduct crippling attacks against the U.S.[1]

One reason cybersecurity poses such a security threat is that the term 'cybersecurity' applies to almost everything. The White House Cyberspace Policy Review that analyzes the current cybersecurity threat defines the term broadly:

Cybersecurity policy as used in this document includes strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure. The scope does not include other information and communications policy unrelated to national security or securing the infrastructure.[3]

Summarizing, the Policy Review notes that “Cyberspace touches practically everything and everyone.”[3] Given this definition, it is no wonder that cybersecurity is perceived as an almost insurmountable problem. In order to begin approaching solutions, therefore, we will first begin by breaking down our understanding of what cybersecurity means.


ASSESSING VULNERABILITY

The internet is a large-scale decentralized network of generative computers. (For an introduction to how the internet works, read the first two pages of BGP Attack.) This network is vulnerable to attack at several different key points, each with a different result and security concern. The taxonomy below breaks down the security issues according to what part of the network is under attack. Real life examples of attacks are then provided to illustrate the danger of attacks, and the application of this knowledge to cyberwarfare is then considered.

If you need background on how the internet works and is related, watch JZ's background video about internet and law.

In order to help us understand cybersecurity, we can break down our analysis of vulnerable points in cyberspace by separating out the point of attack.

I. Vulnerability in the Network Itself

This vulnerability considers attacks upon the network itself. A clever hacker could shut down the internet itself in an extreme case, or more conservatively can re-route the internet to prevent users from getting where they need to go.

The internet is a large-scale decentralized network. A packet sent from one computer to another may cross multiple networking administrative domains (called Autonomous Systems [AS]). Internet routing includes two different systems: an intra-domain routing system and an inter-domain routing system. AS routes traffic within its infrastructure any way it likes, but all of the AS's coordinate inter-domain routing by running a Border Gateway Protocol (BGP) on routers that connect the AS's. The BGP computes routes between every AS and every IP address.[4]

To attack the network itself, however, it is then possible to cause a disconnect in the BGP-AS connection. The best example of an attack on internet as a network is such a BGP attack: this kind of attack gained publicity through the recent incident in which Pakistan accidentally took down YouTube. See BGP Hijacking Pakistan YouTube Example for a more in-depth discussion.

II. Vulnerability in the Network Endpoints

The internet as a network joins together numerous end point computers. These endpoints are all vulnerable targets in and of themselves, though the nature of the end point changes some of the ramifications of its attack.

A. SCADA Systems

SCADA systems (SCADA stands for supervisory control and data acquisition) are computer systems that oversee industrial computer systems. Generally the term is used to refer to governmental systems such as the computer systems that regulate dams, traffic lights, and other components of civilian infrastructure. One of the most public issues has been concern that a hacker could shut down public power grids or that terrorists could utilize the SCADA systems to destroy infrastructure. See SCADA System Attacks Examples for more in-depth discussion.

B. Servers

Rather than targeting individual computers, attackers can target servers and providers. Once a server is infected, it propagates the infection and compromises other internal computers and sensitive servers incorrectly thought to be protected from unauthorized access by external entities. This infection can also result in servers being shut down by regulators in order to prevent the spread of infection, thereby effectively stopping business at that site. This can have significant implications depending on the nature of the site. See a more in-depth discussion of this at Chuckroast Server Attack Example.

C. Personal Computers

Generativity v security

The term personal computers is meant broadly to apply to individual computers rather than larger servers or systems. However, the use of these computers - whether for government application, industrial business, or private personal use - has a significant impact on the nature of the security concern.

http://bostonreview.net/BR33.2/zittrain.php

http://www.ericjohnolson.com/blog/2007/08/31/saving-the-web-should-we-sacrifice-generativity-for-safety-and-security/

http://www.temple.edu/lawschool/dpost/Zittrain.pdf

http://www.emergentchaos.com/archives/2008/04/generativity_emergent_cha.html

1. Government Computers

Government Computer Attack Examples

2. Industrial Computers

Industrial / Financial Computer Attack Examples

3. Private Individual Computers

Application in Cyberwarfare

NEXT STEPS

White House Action Plans

White House Cyber Security Review Near Term Action Plan[5]

White House Cyber Security Review Mid-Term Action Plan[5]

REFERENCES

  1. 1.0 1.1 [1]Dennis Blair, Director of National Intelligence, Annual Threat Assessment of the Intelligence Services Committee, Statement for the Record, March 10, 2009, at 39.
  2. [2]CSIS Commission on Cybersecurity, Security Cyberspace for the 44th Presidency, Dec. 2008.
  3. 3.0 3.1 [3] White House Cyberspace Policy Review, p2 (March, 2009).
  4. [4]J. Kim et al., A BGP Attack Against Traffic Engineering, PROCEEDINGS OF THE 2004 WINTER SIMULATION CONFERENCE 318 (2004).
  5. 5.0 5.1 [5] White House Cyberspace Policy Review, p37-38 (March, 2009).