Defending against Advanced Threats and IPv6 attacks

I was listening to a Cyber Intelligence briefing this morning and several things caught my attention. First of all, advanced threats, like Stuxnet are really scary.

What will Cyber Defense systems look like in the near future when threats can self replicate, self heal, avoid detection, are encrypted, use encrypted communication channels, contain several intelligent payloads and can cross from open computer systems to closed secured systems?

Also IPv6 was mentioned several times. The speaker mentioned that the US government wants IPv6 because it encapsulates network packets into a hardened shell so they can’t be read. And that other nations, nations that are not friendly to the US, already have adopted IPv6 and are using this as an attacking platform. While the US lags behind in rolling out IPv6.

According to the speaker, an IPv4 defender is at a disadvantage when being attacked by an IPv6 network. He said that they may not be able to track back the attacker, because IPv6 is more secure.

I don’t think these statements are completely accurate. Granted, I am not a IPv6 guru, but from what I have heard, many of the IP vulnerabilities in IPv4 remain in IPv6. And IPv6 has some of its own issues. Toolkits like the thc-ipv6 Toolkit exist that only attack IPv6. Sniffing, rogue devices, denial of service, man-in-the-middle attacks are all still possible in IPv6.

The NSA has already stated that they are now looking at security from the stand point that the system has already been compromised. This would mean that the attention changes to analyzing internal data flow and network security monitoring.

How much monitoring is needed, and how far will it go? The TSA has already over reacted to terrorist threats by installing invasive full body scanners in airports. Will this mentality be carried over to the electronic world and everything that is done online be recorded, and analyzed for keyword data?

Will this include government monitoring of e-mails, social media, and even cloud computing?  Rumors abound, and overreaction is not the answer.

So what will Cyber Defense look like in the future? I believe the answer will be a mix of high-speed hardware with offensive capabilities (like RSignia’s products), network security monitoring & analysis and a united front from the government, private sector and our allies.

Advertisements

Scientists decry Cyberwar Threat, while Governments Respond

It seems that the nation is still split on deciding if Cyberwar is a real danger to the US, and if we should focus our defensive and offensive capabilities on it.

Recently, TheRegister posted an article titled, Cyberwar hype is obscuring real security threats – The ill-informed leading the ill-informed… According to the article, UK computer scientists for the Organization for Economic Cooperation and Development (OECD) say that the cyber war hype is effecting the government’s ability to develop an accurate cyber defense strategy.

The article has some very good points, for example they believe that we will never have a pure cyber war attack, but it will be mixed in with conventional attacks. And the media’s free use of adding “Cyber” in front of everything vaguely electronic from terrorism to Wikileaks may be clouding the judgment of many.

And according to the report:

“We think that a largely military approach to cybersecurity is a mistake,” Dr Brown said. “Most targets in the critical national infrastructure of communications, energy, finance, food, government, health, transport, and water are in the private sector. Because it is often difficult to be certain who is attacking you from cyberspace, defence by deterrence does not work.”

Though I do agree with what is targeted, and the difficulty of discovering the true source, I disagree with the statement that defense by deterrence does not work. I believe that unified collaboration and response is our best deterrent.

I do find it interesting though that in the same week that OECD released this report, representatives from both the UK and Australian governments met in Sydney to discuss collaborating on cyber war:

Foreign secretary William Hague and defence secretary Liam Fox are on their way to Sydney to meet Australia’s defence minister Stephen Smith and foreign minister Kevin Rudd at the third Australia-United Kingdom Ministerial (Aukmin) talks. As well as conventional security concerns such as the war in Afghanistan, collaboration on cyber warfare will also be on the agenda.

UK’s Defense Minister Nick Harvey wants the UK to develop its offensive cyberwar capabilities and increase its cyber defense:

“We should also be able to prevent, deter, coerce or even intervene in cyberspace… including the capability to exploit the weaknesses of our opponents,” said Harvey.

What does the United States have to say about this?

US President Barack Obama has addressed the strength – and vulnerability – of the country’s military networks, saying at a White House briefing last year that while “technological advantage is a key to America’s military dominance…defense and military networks are under constant …attacks that are harder to detect and harder to defend against.”

US Department of Defense systems are under constant attack by foreign systems. But what about out private sector systems, is this cause for concern for them?

Deputy Secretary of Defense William Lynn wrote in a recent issue of Foreign Affairs that some “100 foreign intelligence organizations are trying to hack into the digital networks that undergird US military operations” and that some “already have the capacity to disrupt US information systems.”

“It’s only a small step to go from disrupting parts of the network to destroying parts of the network,” remarked director of the National Security Agency, and commander of the new US Cyber Command, General Keith Alexander. “If you think of our nation, our financial system, our power grids – all of that resides on the network. All of them are vulnerable to an attack like that. Shutting down that network would cripple our financial systems.”

So if public systems are at risk, is it the responsibility of the government to protect them? Last month Department of Homeland Security Secretary Janet Napolitano saidCyberspace is fundamentally a civilian space, and government has a role to help protect it.”

So how can scientists claim that focusing on cyberwar is a waste of time, when heads of states are saying that it is a top concern?

Well, truth be told, one thing is that the scientists may not have all of the data. According to the FoxNews article, “Senators say military cyber ops not disclosed”:

The Pentagon failed to disclose clandestine cyber activities in a classified report on secret military actions that goes to Congress, according to a Senate document that provides a public peek at oversight concerns surrounding the government’s computer war capabilities.

Much of the data involved with cyber security and cyber war is classified and will not reach the public channels. As a matter of fact, the Army Corp of Engineers is currently building the NSA a $1.5 Billion dollar cyber-security center in Utah. This is the first such center in response to the Comprehensive National Cyber Security Initiative:

A White House document identifies the Comprehensive National Cyber-security Initiative as addressing “one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter.” The document details a number of technology-related countermeasures to the security threat.

The center will employ 100-200 information technology specialists, mechanical and electrical engineers.

Grading work is already under way for the complex, which is scheduled to include 100,000 square feet for the data center and 900,000 square feet for technical support and administrative space. The center is designed to be capable of generating all of its own power through backup electrical generators and will have both fuel and water storage. Construction is designed to achieve environmentally significant LEED Silver certification.

And from an earlier report:

The NSA said the data center is a component of the Comprehensive National Cyber-security Initiative “aimed at securing the United States’ information infrastructure and coordinating its defense with state and local governments, as well as the private sector.” The data center’s mission is to help the intelligence community meet cyber-security objectives.

Though computer scientists may not agree with them, government officials from the UK, Australia and the US are very concerned about cyberwar, and the threat to the public sector and are taking it very seriously.

 

Did China create Stuxnet to Attack India’s Space Program?

At the end of September, cyberwar expert Jeffrey Carr made a very interesting observation that seems to have slipped under the radar.

In his Forbes Firewall post titled, “Did the Stuxnet Worm Kill India’s INSAT-4B Satellite?”, Jeffrey brought up an intriguing theory.

He mentioned that it could have been China, not Israel who created Stuxnet, and the intended target may not have been an Iranian nuclear power plant at all, but India’s space program.

According to the article, in July, India’s Direct-to-Home (DTH) TV Satellite INSAT-4B had a power glitch and shut down. When it did, it affected 70% of DTH customers. To remedy the situation, DTH customer satellite dishes were re-directed to the Chinese run ASIASAT-5 satellite.

The kicker is that India’s INSAT-4B was put in orbit by the Indian Space Research Organization (ISRO). The ISRO provides R&D for India’s Aerospace industry and space resource monitoring. Jeffrey found that the ISRO uses versions of the Siemens software that are susceptible to Stuxnet.

Why would China be interested in an ISRO satellite? China and India are currently locked in a space race. And from all indications it is just as heated as the America-Russian space race of the 60’s and 70’s. Both nations want to land an astronaut on the moon and India is aiming to get there 5 years sooner than China.

In a more recent interview on The Diplomat, Jeffrey was asked to expound why China might be the culprit.  He mentioned that China is one nation of a small few who had both the motive and the technology to create Stuxnet.

“The reason why is that if you look at the states that have been impacted—it has generally been those in Asia or Eurasia—what they have in common is that they are producers of key resources. It might be oil, iron ore, copper, gold—things that are critical to many states, but which are particularly critical to China right now”.

Jeffrey also believes that China is focusing heavily on offensive cyber weapons that could shutdown infrastructure of an attacker that heavily relies on technology like SCADA.

According to Carr, China is a booming technologic nation right now. They have about 1200 R&D Labs that are focusing on absorbing technologies from other countries. China and also Russia are making strong advances in cyber-attack and defense where America seems to be falling behind.

This correlates strongly with the FoxNews article that came out today, “U.S. Could Lose the SciTech Edge to China”, which stated:

We have to compete today against the Chinese and Indians who are graduating tens of thousands more very talented science, math and engineering graduates from their colleges.”

And,

The fastest-growing college majors in America as of 2007 were parks, recreation, leisure, and fitness studies according to the U.S. Department of Education.”

Interesting indeed…

Iran, Russia, and the Upcoming War with Israel

When your dad was an evangelist and a Bible scholar, you learn a few things about Biblical prophecy growing up. He used to tell me all the time about Russia attacking Israel. This is not something that I would normally share on CyberArms, but it has been on my heart and I figured I would share it.

Israel, Iran and Russia have been in the headlines now for a while. Especially with the Stuxnet virus, and Russia helping Iran build nuclear power plants. Israel is a strong US ally, yet, on a lot of the US internet forums, whenever Israel is mentioned, you get a flood of anti-Israel sentiment. 

This is actually very surprising, and not what one would expect. To that end, I just wanted to take a very quick look at what the Bible says about the end times, and Israel’s upcoming war with Russia.

Some of the most amazing prophecy in the Bible can be found in Daniel. God gives Daniel almost a thousand years of step by step history before it even happens. Well, the prophecies in Ezekiel 38 and 39 are also stunning and talk about an upcoming war between Russia, Iran and Israel.

We get the time frame when the prophecy will take place in Ezekiel 38:8 – The land of Israel was desolate, but the people were gathered back to their land. This happened in the 194o’s, when Israel was declared to be a nation again. The land of Israel was a desolate waste for hundreds of years, but God called Israel to rebuild the land.

After this time, a Nation to the far north (All directions in the Bible use Jerusalem as the center point) gathers several nations against Israel. Each nation is listed and here are the translations to the locations in modern English:

  • Magog – Russia, but specifically the Southern Federation area
  • Iran
  • Turkey
  • Egypt, Somalia and Sudan
  • Libya

What do they have in common? All nations are currently Muslim nations except Russia. But, the interesting part is that the prophecy specifically mentions the Southern Federation of Russia, which is currently Muslim. Anyone ever hear of the Chechen rebels?

At no point in history have these nations mentioned ever been united against Israel. Especially Turkey, who once was a supporter of Israel. Things seem to be changing now though. Turkey in the last year or so has been pulling back support for Israel and coming in line with the other Muslim nations mentioned.

So Russia is the key. What does Russia have to do with any of this? Well, look who is in Iran helping them build the nuclear plant? Also, Russia has been very aggressive in acquiring energy reserves. Recently a huge gas field was discovered in Israel.

Well, according to the Bible, this group is called out by God and comes against Israel, and is miraculously destroyed (end of Ezekiel 38, beginning of 39). The Bible says that the day will surely come, and probably sooner than later at this point:

I will make known my holy name among my people Israel. I will no longer let my holy name be profaned, and the nations will know that I the LORD am the Holy One in Israel. It is coming! It will surely take place, declares the Sovereign LORD. This is the day I have spoken of.” – Ez 39:7,8 (NIV)

I have been asked many times if the United States is in end time prophesy. The answer is… maybe, look at Ezekiel 38:13:

Sheba and Dedan and the merchants of Tarshish and all her villages will say to you, “Have you come to plunder? Have you gathered your hordes to loot, to carry off silver and gold, to take away livestock and goods and to seize much plunder?” (NIV)

Though the exact location of Sheba, and Dedan have been debated, it would seem that this relates to Saudia Arabia. And Tarshish, also location unknown, was located far west of Israel. Some bible scholars claim that Tarshish is England and her villages mean all the British colonies. Others say that Tarshish was in Spain.

Either way, unfortunately, Tarshish’s rebuke seems to echo the direction that the US and her Western allies are taking. They issue a mild rebuke against Russia and that is all.

Well, I hope you enjoyed this. Check out Ezekiel 38 and 39 when you get a chance. It is very interesting indeed!