The Way of the Intercepting Cyber Fist

Last Updated on Saturday, 20 February 2010 08:18 Written by Jeffreycarr Saturday, 20 February 2010 08:17

When it comes to Cyber Warfare: Shoot the Hostage

Last Updated on Tuesday, 15 September 2009 08:02 Written by Jeffreycarr Tuesday, 15 September 2009 08:02

Harry: OK, Airport. Gunman with one hostage, using her for cover. Jack?
Jack: Shoot the hostage.
Harry: What?
Jack: Take her out of the equation.
Harry: You’re deeply nuts, Jack.
-“Speed” (1994), written by Graham Yost

The fun of movie scenarios aside, consider the same strategy when the hostage is not a human being but a piece of technology or a legacy policy that is protected by powerful interests or politics.

Here’s a new scenario. A state or non-state hacker attacks U.S. critical infrastructures and DoD networks at will and without fear of detection or attribution. He is able to do this from behind the protection of two very valuable “hostages” or, more precisely, two politically touchy issues that  U.S. government officials including the Congress are loathe to change – using Microsoft Windows and regulating a segment of private industry.

Hostage 1: The pervasive use of Microsoft Windows Operating System throughout the federal government but particularly within the Department of Defense, the Intelligence Community, and privately owned critical networks controlling the power, water, transportation, and communication networks.

Hostage 2: The uninterrupted, sustained economic growth of U.S. Internet service providers, data centers, and domain name registrars who profit and growth before security by not taking a deep enough look at who they sell their services to (e.g., criminal organizations and nationalistic hackers who prefer the reliability and speed of U.S. networks to the ones found in their own countries).

In this case, the best solution, bar none, is to metaphorically “shoot the hostage”, thus denying an adversary of both his weapons (1) malware configured for the Windows OS and (2) his attack platform – the most reliable Internet services companies in the world.

Shoot the first hostage by switching from Microsoft Windows to Red Hat Linux for all of the networks suffering high daily intrusion rates. Red Hat Linux is a proven secure OS with less than 90% of the bugs found per 1000 lines of code than with Windows. Many decision makers don’t know that it is the most certified operating system in the world and it’s already in use by some of the U.S. government’s most secretive agencies. Computers are changed out every 3 to 4 years on average anyway, so the monetary pain is probably not as great as it might seem. The benefit, however, would be immediate. Further, the exchange of operating systems only on high value boxes would not change the economics equation for virus writers. There would still be about one billion Windows PCs for them to take advantage of.

Shoot the second hostage by cracking down on U.S. companies that provide Internet services to individuals and companies who engage in illegal activities, provide false WHOIS information, and other indicators that they are potential platforms for cyber attacks. The StopGeorgia.ru forum whose members were responsible for many attacks against Georgian government Web sites including SQLi attacks that compromised government data bases was hosted on a server owned by SoftLayer Technologies of Plano, TX.

The DDoS attacks of July, 2009 which targeted U.S. government and South Korean government Web sites were not controlled by a master server in North Korea, or China. The master server turned out to be located in Miami, FL.

ESTDomains, McColo, Atrivo – all owned or controlled by Russian organized crime were all set up as U.S. companies with servers on U.S. soil. The Russian criminal underground prefers to host their Web operations outside of Russia to avoid prosecution. And the robust U.S. power grid, cheap broadband, and friendly business environment makes this country the ideal platform for cyber operations against any target in the world, including the U.S. government.

Congress needs to send a strong signal to U.S. Internet hosting and service provider companies that profit must be tempered by due diligence, and that they are, effectively, a strategic asset and should be regulated accordingly.

Neither of these recommendations are politically safe, however the U.S. is now facing a serious threat from a new domain with so many evolving permutations that senior leadership, both civilian and military, seem to be standing still. And that’s absolutely the wrong strategy to employ.

————————-

The above is an excerpt from Chapter 13 “Advice to Policy Makers” from the forthcoming O’Reilly Media book “Inside Cyber Warfare”.  It still needs a lot of work so comments are appreciated, but the points that I’m trying to deliver in a provocative and memorable way for non-geek policy makers are key issues that, if implemented, will reduce our vulnerability for our high value targets, and reduce the operational effectiveness of Non-state actors engaged in State attacks.

————————–

Here’s your chance to speak directly to policy makers about Cyber Security

Last Updated on Sunday, 23 August 2009 08:35 Written by Jeffreycarr Sunday, 23 August 2009 08:35

My first draft of Inside Cyber Warfare is due to my editor by the end of August. I’ve changed the focus of my final chapter from “A Public Private Partnership” to something that I think is much more vital: “Advice For Policy Makers From The Field“.

This change came about because of two recent events.

The first was when I was invited to dinner and drinks to informally discuss my views on cyber security with a few folks from a well-know DC think tank. To their credit, they acknowledged that they really aren’t well-versed in this area and are trying to get up to speed in anticipation of preparing some policy papers on the subject. While I appreciate the offer, (and I’m looking forward to our dinner) I can’t imagine how they can get from A to Z over drinks and I shudder to think what that policy paper will contain without more substantive input, which I’ll be telling them in person when we meet.

The second event that triggered this change occurred when I skimmed a 300 plus page pre-publication document by the National Academy of Sciences entitled “Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyber Attack Capabilities“. While the scope of the document is impressive, as are the credentials of the committee who drafted it, I found a significant portion of the content to be founded on wrong assumptions and/or a very limited set of lynchpins. And, much to my regret, this will be an influential document that policy makers will rely on for setting cyber policy in the future.

Hence, the change for chapter 13, and now my offer to you.

“Inside Cyber Warfare” is a highly anticipated book within both U.S. and international agencies whose work focuses on the global cyber threatscape. I’m dedicating the final chapter to providing a platform for individuals who do the daily work of combating cyber threats to share their advice to politicians and government officials who will be making the decisions on cyber security and warfare that will impact all of us.

Here’s the deal:

1. You must be professionally engaged in this field. I’ll know that because your submission must be accompanied by a brief bio including your name, your employer, and your job description, sent to me from your work email address with a contact phone number.

2. There’s no restriction on length. Write a paragraph or write 10 pages. It will go through the same copy edit process as the rest of the book, so it may get whittled down a bit. Don’t be offended should that occur. Editors do that to writers all the time.

3. Write fast. You have 72 hours to get your submission to me for inclusion in the book.

Send it as a .doc, .docx, or .odt file, but NOT as a .pdf to this email address.

Good luck and good writing.