Preparing
for a
Cyber Attack
Countdown to eDay!
By Kevin G. Coleman
Introduction
The world has awakened to a new threat. China,
Russia and North Korea's test of a cyber weapon,
Iran's cyber weapon ambitions, the renewed defense
industry’s emphasis on the use of computers as a
weapon have all combined to accelerate the rate of
development of what I’ve called “the most destructive
weapon on the planet.” The proliferation of cyber
weapons has exploded and estimates suggest that
over 70% of countries will have at least a basic level
cyber weapon by the end of 2008.
The China Syndrome
A Bit of History
Back in 1998 when I was Chief Strategist of
Netscape, I became aware of an international
movement that was designed to create software
that could be used for criminal activity as well as
disrupt Internet activity. That was when I began to
research what we are now calling cyber warfare.
I testified on cyber crime, espionage and security
before a joint Congressional Caucus. At one point
in my live demo, Chris Dodd asked me, “Does our
Defense Department know about you?”
Cyber Warfare & Cyber Terrorism
Cyber Warfare and Terrorism is one of the fifteen
modalities of UnRestricted Warfare (URW) also called
asymmetric warfare.
– Cyber Warfare & Terrorism
• “The premeditated use of disruptive activities, or
the threat thereof, against computers and/or
networks, with the intention to cause harm or
further social, ideological, religious, political or
similar objectives. Or to intimidate any person in
furtherance of such objectives.”
Source: U.S. Army Cyber Operations and Cyber Terrorism Handbook 1.02
Counterfeit Hardware
• February 2008 - U.S. Customs and Border
Protection Assistant Commissioner for the Office
of International Trade Dan Baldwin and DirectorGeneral Robert Verrue, European Commission
Tax and Customs Directorate, today announced
the results of Operation Infrastructure, which
took place last November and December.
• The Operation resulted in the seizure of more
than 360,000 counterfeit integrated circuits and
computer network components bearing more
than 40 different trademarks.
6
Counterfeit Hardware
February 2008
The Feds have confiscated more than $75 million of
counterfeit Cisco networking gear. The
announcement is in a progress report on a two-yearold investigation, code named Operation Cisco
Raider. In most cases the fake gear was made in
China and imported into the United States where
unethical resellers passed it off as legit.
Impact of a Cyber War
• Of those who do perform what we consider “daily” activities
online, more than half say they go online every day or several
times a week to perform those activities.
• There are about 93 billion emails are sent per day that will not
go through.
• Millions of VoIP calls per day will not go through.
• Over 200 million Google searches per day will not get done.
• A reported 33% of Internet users say they make eCommerce
transactions daily.
Impact of a Cyber War
• Some 88% of online user say the Internet plays a role in their daily
routines.
• Some 40% of Internet users who get the news online say they log
on daily.
• Some 25% of the online weather bugs will check weather daily.
• Some 20% of online sports fans check sports scores daily.
A Recent Poll
How prepared is the U.S. for a cyber attack?
43%
Not Prepared
Somewhat Prepared
Very Prepared
47%
10%
Source: A collaborative effort between DefenseTech.Org and the
Technolytics Institute with nearly 1,000 respondents to the poll.
Impact of a Cyber War
INTELLIGENCE BRIEFING
Impact of a Cyber War
The political fallout
of a cyber attack will
be high, but this will
Physical Impact
pale in comparison
to the financial and
Social Impact
economic impact!
Political Impact
The financial and
economic impact
could be as high
as $30 billion a day!
Financial Impact
0
1
Low
Copyright 2003 – 2007 All Rights Reserved
2
3
Medium
4
5
High
2
Impact of a Cyber War
Billion
U.S. Retail eCommerce Sales
$250
That’s
$425 million
a day.
$200
$150
$100
$50
$0
2006
2007
2008
2009
2010
Cyber Media Warfare
One can only imagine the psychological impact on the viewers that witnessed this prank. The TV
channel CT2 said that they received frantic phone calls from viewers who thought a nuclear war
had started.
http://www.youtube.com/watch?v=MzaN2x8qXcM
Think About This
• What if the Internet went away:
– For a day
– A week
– A month
• No eMails
• No BlackBerrys
• No eCommerce
Virtual business services of all sorts, accounting, payroll
and even sales would come to a halt, as would many
companies.
The worst thing to do There is no doubt today that VoIP is taking over
the telecom market, and every month increases
penetration into business, government and the
consumer sectors.
– Almost two-thirds of large organizations in North
America will be using VoIP products and services by
year end.
– Small Business VoIP adoption will grow to 3 million by
2010. Revenues are projected to reach $2 billion.
– Consumer VoIP adoption will drive wholesale VoIP
revenues to $3.8 billion by 2010.
You are putting all
your eggs in one
basket.
Cyber Weapons Proliferation
The cost to develop this new class of weapon is within
reach of any country, any extremist group, any criminal
organization and tens-of-millions of individuals The raw
materials needed to construct cyber weapons are not
restricted and are widely available. We now have a
weapon that can strike at the speed of light, it can be
launched from anywhere in the world, and it can target
anywhere in the world. This briefing will provide an
understanding of the current state of cyber weapons,
current defenses and a unique look at what the future
cyber warfare scenario might encompass.
Your Cyber Attack IQ Test
If I can give you three pieces of intelligence you did not have
before, would you agree this briefing provided value?
1.
What does EPFC and TEDs stand for?
2.
How many of you address CBRNE in you contingency plans?
3.
Why should your organizations have supply-chain integrated into the
security program?
Modern Weapons Economics
What does a stealth bomber cost?
$1.5 to $2 billion
What does a stealth fighter cost?
$80 to $120 million
What does an cruise missile cost?
$1 to $2 million
What does a cyber weapon cost?
$300 to $50,000
Find the Weapons Facility
Nuclear Weapons Facility
Cyber Weapons Facility
Where’s the Cyber Weapons Facility?
19
Cyber Weapons Proliferation
Cyber Arms Dealers
RBN and their support units provide scripts and
executables to make cyber weapons undetectable by
antivirus software. Every time a copy of the cyber
weapon is generated, it looks different to the anti-virus
engines and it often goes undetected. The
modularization of delivery platform and malicious
instructions is a growing design in cyber weapons.
RBN’s cyber weapons are very popular and powerful. In
June 2007, one was used by a single person to attack
and compromise over 10,000 websites in a single
assault.
Did you know RBN leases use/capacity on their 150 million node BotNet?
High
Cyber Weapons Evolution
Basic
Research
Applied
Research
Early
Adopters
Rapid
Advancement
Significant Threat
Low
Advanced Weapons
Basic Weapons
1994
22
1998
2002
2004
2008
2012
2016
Interesting Quote
NATO's cyber defense chief has warned that computerbased terrorism poses the same threat to national
security as a missile attack. He went on to say that
“Cyber war can become a very effective global problem
because it is low-risk, low-cost, highly effective and
easily globally deployable. It is almost an ideal weapon
that nobody can ignore.“
Using this as a framework, we can put into context the
evolving architecture for cyber weapons.
Cyber Weapons Design
Cyber Weapon Architecture
A missile is comprised of three basic elements. The
first is a delivery vehicle (rocket engine), followed by a
navigations system (tells it how to get to the target)
and finally the payload (the component that causes
harm). As it turns out, the same three elements now
appear in the design of cyber weapons.
Cyber Weapons Design
Cyber Weapon – Delivery Vehicle
There are numerous methods of delivering cyber
weapons to their targets. Emails with malicious code
embedded or attached is one mechanism of delivery.
Another delivery vehicle is web sites that can have
malicious links and downloads. Hacking is a manually
delivery vehicle that allows a cyber soldier to place the
malicious payload on a target computer, system or
network. Counterfeit hardware, software and electronic
components can also be used as delivery vehicles for
cyber weapons.
Cyber Weapons Design
Cyber Weapon – Delivery Vehicle
Just as a navigation system guides a missile, it allows the
malicious payload to reach a specific point inside a
computer, system or network. System vulnerabilities are
the primary navigation systems used in cyber weapons.
Vulnerabilities in software and computer system
configurations provide entry points for the payload of a
cyber weapon. These security exposures in operating
systems or other software or applications allow for
exploitation and compromise. Exploitation of these
vulnerabilities may allow unauthorized remote access and
control over the system.
Cyber Weapons Design
Cyber Weapon – Delivery Vehicle
The payload of a missile is sometimes called a warhead
and is packed with some type of explosive. In a cyber
weapon the payload could be a program that copies
information off of the computer and sends it to an
external source. It can also be a program that begins to
ease or alter information stored on the system. Finally, it
can allow remote access so that the computer can be
controlled or directed over the internet. A “bot” (a
component of a botnet) is a great example of a payload
that allows remote use of the computer by an
unauthorized individual or organization.
Cyber Weapons Design
Cyber Weapon – Architecture
This three element architecture demonstrates how
advanced and sophisticated cyber weapons are becoming.
The architecture creates reusability and reconfiguration of
all three components. As one software or system
vulnerability is discovered, reported and patched, that
component can be removed and replaced while the other
two components are still viable. This not only creates
flexibility but also significantly increase the productivity of
the cyber weapons developers.
Conclusion
Our nation is increasingly vulnerable to cyber attacks
that could have catastrophic effects on critical
infrastructure as well as severely damage the
country’s economy. Whether the attack is focused on
stealing our business and technology secrets,
disrupting our financial systems or worse, the threat
is real. Countries, terrorists and extremists around
the world are developing and implementing cyber
warfare doctrine, strategies and weapons.
Conclusion
The Cold War may be over, but the cyber arms race
has just begun. The threat is eminent. We must
rapidly develop offensive and defensive cyber
weapons capabilities as well as the military doctrine
and regeulations necessary to govern their use. In
the cyber arms race we cannot finish anyplace but
first.
QUESTIONS
?
?
?
?
?
?
?
?
?
?
?
?
?
?
31
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
?
Biography
Kevin G. Coleman is a Senior Fellow and
Strategic Management Consultant with the
Technolytics Institute. He is the former Chief
Strategist of Netscape and was a member for
the Science and Technology Advisory Panel at
the Johns Hopkins University Applied Physics
Lab. He has briefed defense contractors and
other organization on cyber warfare and is a
highly published professional covering cyber
security and writes regularly for Eye Spy
Magazine and authors the Cyber Warfare Blog
for DefenTech.org.
The Technolytics Institute
4017 Washington Road
Mail Stop #348
McMurray, PA 15317
P 412-818-7656
F 412-291-1193
I www.technolytics.com
E kgcolman@technolytics.com