““Ask a Scientist”, 2010-2011Ask a Scientist”, 2010-20117.00 pm @ Acoustic Café7.00 pm @ Acoustic Café
(except for January’s “Ask a Scientist for Kids”) (except for January’s “Ask a Scientist for Kids”)
Tuesday, October 26Tuesday, October 26 Paul Wagner (UWEC Computer Science) "Computer Security and Cyberwarfare" Paul Wagner (UWEC Computer Science) "Computer Security and Cyberwarfare"
Tuesday, November 23Tuesday, November 23 Steve Weiss, M.D. (Luther Hospital) Steve Weiss, M.D. (Luther Hospital)““Power Issues in the Doctor-Patient Relationship” Power Issues in the Doctor-Patient Relationship”
[December – no talk] [December – no talk]
Saturday, January 22Saturday, January 22““Ask a Scientist for Kids”Ask a Scientist for Kids”(Eau Claire Childrens’ Museum, 2-4 pm) (Eau Claire Childrens’ Museum, 2-4 pm)
Tuesday, February 22Tuesday, February 22Winnifred Bryant (UWEC Biology)Winnifred Bryant (UWEC Biology)““Environmental Estrogens—Potential Risks to Human Health” Environmental Estrogens—Potential Risks to Human Health”
Tuesday, March 29Tuesday, March 29Bev Pierson (Memorial High School)Bev Pierson (Memorial High School)““Astrobiology: the new science of life in the universe” Astrobiology: the new science of life in the universe”
Tuesday, April 26Tuesday, April 26Paul Thomas (UWEC Physics and Astronomy)Paul Thomas (UWEC Physics and Astronomy)““Hot News from Space”Hot News from Space”
Congratulations!Congratulations!
Dr. Paul ThomasDr. Paul Thomas Recipient of the UW System’s Recipient of the UW System’s
2010 Regents Teaching 2010 Regents Teaching
Excellence AwardExcellence AwardFor career achievements in teachingFor career achievements in teaching
Only two individual recipients per Only two individual recipients per
year in UW Systemyear in UW System
Computer Security Computer Security and Cyberwarfareand Cyberwarfare
Dr. Paul WagnerDr. Paul Wagner
[email protected]@uwec.edu
MessagesMessages
Cyberwar is an important evolutionary idea Cyberwar is an important evolutionary idea that has the potential for significant effect that has the potential for significant effect on all USA and world citizenson all USA and world citizens
Cyberattacks at the level of cyberwar have Cyberattacks at the level of cyberwar have already occurred, and are occurring with already occurred, and are occurring with increasing frequency and effectincreasing frequency and effect
Cyberwar may be used as a political lever Cyberwar may be used as a political lever for increased governmental controls on for increased governmental controls on cyberspacecyberspace
Definition of CyberwarfareDefinition of Cyberwarfare
““Actions by a nation-state to penetrate Actions by a nation-state to penetrate another nation's computers or networks for another nation's computers or networks for the purposes of causing damage or the purposes of causing damage or disruption” – Richard A. Clarke, “Cyber disruption” – Richard A. Clarke, “Cyber War”War”
“… “… a new domain in warfare” – William J. a new domain in warfare” – William J. Lynn, U.S. Deputy Secretary of Defense Lynn, U.S. Deputy Secretary of Defense
Related Terms and IssuesRelated Terms and IssuesCyber-terrorism – parallel definition, different actorCyber-terrorism – parallel definition, different actor actions by actions by terroriststerrorists to penetrate another nation's to penetrate another nation's
computers or networks for the purposes of causing computers or networks for the purposes of causing damage or disruptiondamage or disruption
Cyber-spying / cyber-espionageCyber-spying / cyber-espionage actions by actions by parties outside of a country or organizationparties outside of a country or organization to to
penetrate another nation's computers or networks for the penetrate another nation's computers or networks for the purposes of stealing informationpurposes of stealing information
Increasingly difficult to distinguish countries and Increasingly difficult to distinguish countries and organizations organizations Countries may be (increasing evidence that they are) using Countries may be (increasing evidence that they are) using
33rdrd parties (organized crime, other organizations) to do their parties (organized crime, other organizations) to do their workwork
Related IssuesRelated Issues
Is the term “cyberwar” appropriate?Is the term “cyberwar” appropriate? Nature of warfare has changedNature of warfare has changed
WW II => Vietnam => Iraq / AfghanistanWW II => Vietnam => Iraq / Afghanistan Does the term overstate or mis-state the Does the term overstate or mis-state the
issue?issue?We probably haven’t seen true cyberwar yetWe probably haven’t seen true cyberwar yet
Where is the line between war and espionage, war Where is the line between war and espionage, war and terrorism, or war and crime (e.g. theft)?and terrorism, or war and crime (e.g. theft)?
Malware TerminologyMalware Terminology
Worms – software that spreads on own with Worms – software that spreads on own with harmful consequencesharmful consequences
Virus – malware attached to other software Virus – malware attached to other software (e.g. email attachment)(e.g. email attachment)
Trojan Horse – software that appears to be Trojan Horse – software that appears to be positive but have harmful effectspositive but have harmful effects
Logic bomb – software planted to activate Logic bomb – software planted to activate at a later date/time with harmful at a later date/time with harmful consequencesconsequences
Relationship to Traditional WarfareRelationship to Traditional Warfare
Cyberwar could be additional domain in Cyberwar could be additional domain in traditional warfaretraditional warfare Used as initial stage to reduce command and Used as initial stage to reduce command and
control facilities, harm national infrastructure, control facilities, harm national infrastructure, spread propaganda, reduce confidence in spread propaganda, reduce confidence in governmentgovernment
Could be a standalone approach to Could be a standalone approach to warfare warfare Potential for significant harm to foreign Potential for significant harm to foreign
country in the information agecountry in the information age
Thematic IssuesThematic Issues
Convenience vs. SecurityConvenience vs. Security
Security and PrivacySecurity and Privacy
Evolution of CyberattacksEvolution of Cyberattacks At the beginning: StatusAt the beginning: Status More recently: Financial gainMore recently: Financial gain Now: Political gainNow: Political gain
Technological Approaches for Technological Approaches for CyberattacksCyberattacks
Three Major ApproachesThree Major Approaches 1) Break in, steal information1) Break in, steal information
From computer systems or networksFrom computer systems or networks 2) Directly affect functionality of computers or 2) Directly affect functionality of computers or
related equipment through use of worms, related equipment through use of worms, viruses, logic bombs and/or other malwareviruses, logic bombs and/or other malware
3) Denial of Service (DoS) – flood of 3) Denial of Service (DoS) – flood of messages to computer systems that messages to computer systems that overwhelms them and renders them non-overwhelms them and renders them non-functionalfunctional
Infrastructure Subject to AttackInfrastructure Subject to AttackBusinessesBusinesses
Military command and control systemMilitary command and control system
Transportation systemsTransportation systems AirAir RailRail
Power gridPower grid
Manufacturing facilitiesManufacturing facilities
Communication systemsCommunication systems
……
Scope of CyberspaceScope of Cyberspace
Cyberspace starts with the internet…Cyberspace starts with the internet… Internet = network of networksInternet = network of networks
Cyberspace (2)Cyberspace (2)
Beyond every computer system that’s connected by Beyond every computer system that’s connected by wire, cyberspace also includes:wire, cyberspace also includes: Isolated networks (private, corporate, military)Isolated networks (private, corporate, military) Laptop and other personal PCs connected some of the Laptop and other personal PCs connected some of the
time (wireless, modems)time (wireless, modems) Industrial control machinery, including programmable logic Industrial control machinery, including programmable logic
controllers (PLCs)controllers (PLCs) Industrial robots (connected to PLCs or directly to Industrial robots (connected to PLCs or directly to
computers)computers) Home control equipment (home appliances and their Home control equipment (home appliances and their
control units)control units) Mobile devices (smart phones, PDAs, …)Mobile devices (smart phones, PDAs, …) USB and other storage devicesUSB and other storage devices
Cyberspace (3)Cyberspace (3)
Why Is Everything Connected?Why Is Everything Connected?
ConvenienceConvenience Connect to others through email, world-wide web, Connect to others through email, world-wide web,
social mediasocial media Internet service provider can remotely-diagnose Internet service provider can remotely-diagnose
problems on your computerproblems on your computer Appliance company can remotely diagnose Appliance company can remotely diagnose
problems with equipment in your homeproblems with equipment in your home City can read your water meterCity can read your water meter You can turn on your oven/lights from workYou can turn on your oven/lights from work
Systems can interactSystems can interact
Four Examples of PossibleFour Examples of PossibleCyberwar ActivityCyberwar Activity
1.1.Titan Rain (2003-on)Titan Rain (2003-on)
2.2.Syria (2007)Syria (2007)
3.3.Estonia (2007)Estonia (2007)
4.4.Stuxnet Worm (2009-2010)Stuxnet Worm (2009-2010)
1. Titan Rain (2003-on)1. Titan Rain (2003-on)
Coordinated attacks on US military and Coordinated attacks on US military and industrial computer systemsindustrial computer systems
Access gained to computer systems and Access gained to computer systems and networks including Lockheed Martin, networks including Lockheed Martin, Sandia National Laboratories, and NASASandia National Laboratories, and NASA
Purpose and identity of attackers remains Purpose and identity of attackers remains unclear, though origin appears to be unclear, though origin appears to be Chinese militaryChinese military Though could be “through” Chinese militaryThough could be “through” Chinese military
2) Syria (Sept. 2007)2) Syria (Sept. 2007)
Israeli aerial bombing of facility in Syria, Israeli aerial bombing of facility in Syria, alleged nuclear facility being constructed by alleged nuclear facility being constructed by North KoreansNorth Koreans
Syrian air defense networks saw no planes; Syrian air defense networks saw no planes; later found Russian-built radar system later found Russian-built radar system screens manipulated to show nothingscreens manipulated to show nothing
Exact cause not known, but options all point Exact cause not known, but options all point to manipulation of software controlling radar to manipulation of software controlling radar systemsystem
3) Estonia (April 2007)3) Estonia (April 2007)
Sometimes referred to as “Web War 1”Sometimes referred to as “Web War 1”
Followed Estonia relocating the Bronze Followed Estonia relocating the Bronze Soldier of Talinn, a Russian monumentSoldier of Talinn, a Russian monument
Sophisticated and large set of denial of Sophisticated and large set of denial of service (DoS) attacks on Estonian service (DoS) attacks on Estonian parliament, banks, ministries, newspapers, parliament, banks, ministries, newspapers, other web sitesother web sites
Severe effect on above institutions for Severe effect on above institutions for approximately three weeksapproximately three weeks
4) Stuxnet Worm4) Stuxnet WormVery complex Windows-specific computer Very complex Windows-specific computer worm that infects computers and connected worm that infects computers and connected industrial control equipment (PLCs)industrial control equipment (PLCs) First known worm to attack industrial infrastructureFirst known worm to attack industrial infrastructure
Spreads through USB thumb drives as well as Spreads through USB thumb drives as well as network connectionsnetwork connections
Utilizes four “zero-day” exploitsUtilizes four “zero-day” exploits
Uses stolen valid security certificatesUses stolen valid security certificates
4) Stuxnet Worm (cont.)4) Stuxnet Worm (cont.)
Initial high rate of infection in Iran, Initial high rate of infection in Iran, specifically found at nuclear facilitiesspecifically found at nuclear facilities May be government (Israel, US, UK?) attempt May be government (Israel, US, UK?) attempt
to damage Iranian nuclear facilitiesto damage Iranian nuclear facilities Unclear if delay or damage actually occurredUnclear if delay or damage actually occurred
Worm has spread to many other countries Worm has spread to many other countries (including large infection of Chinese (including large infection of Chinese systems)systems)
Political IssuesPolitical Issues
Is the threat of cyberwar overstated?Is the threat of cyberwar overstated? Several experts say yes, including Marc Rotenberg Several experts say yes, including Marc Rotenberg
(Electronic Privacy Information Center) and Bruce (Electronic Privacy Information Center) and Bruce Schneier (Chief Technology Officer, BT Counterpane)Schneier (Chief Technology Officer, BT Counterpane)
Issues:Issues:Much hyperbole, “sexy” newsMuch hyperbole, “sexy” news
Little distinction by many between cyberwarfare and Little distinction by many between cyberwarfare and cyberspying; threats today are more from cyber-espionagecyberspying; threats today are more from cyber-espionage
Used to generate additional funding for U.S. cyberdefense Used to generate additional funding for U.S. cyberdefense effortsefforts
Used to justify efforts to give U.S. government more control Used to justify efforts to give U.S. government more control over Internet (e.g. control over encryption)over Internet (e.g. control over encryption)
Difficulties in DefenseDifficulties in DefenseMany entry points to internet, most networksMany entry points to internet, most networks
Difficult to trace attacksDifficult to trace attacks Many from robot networks (botnets) of compromised PCsMany from robot networks (botnets) of compromised PCs
Internet created for convenience, not securityInternet created for convenience, not security Internet technology does not support easy defenseInternet technology does not support easy defense
Unknown capabilities of other nations, groupsUnknown capabilities of other nations, groups So, little deterrence existsSo, little deterrence exists
““Security is a process, not a product” – Bruce SchneierSecurity is a process, not a product” – Bruce Schneier
Defenders have to defend against many possible Defenders have to defend against many possible attacks, but attackers only have to find one holeattacks, but attackers only have to find one hole
Difficulties in Defense for USADifficulties in Defense for USA
Internet created in USA in an environment of Internet created in USA in an environment of intellectual freedom, mostly under private (not intellectual freedom, mostly under private (not government) controlgovernment) control Efforts to change – e.g. “Kill Switch” bill (2010) in Efforts to change – e.g. “Kill Switch” bill (2010) in
Congress giving government power to take over parts of Congress giving government power to take over parts of internet in national emergencyinternet in national emergency
Other countries can more easily mount defense (e.g. Other countries can more easily mount defense (e.g. fewer entry points, government can already control fewer entry points, government can already control networks)networks)
US military cyber-capabilities are US military cyber-capabilities are significantly focused on offense, not defensesignificantly focused on offense, not defense
What To Do?What To Do?Suggestions:Suggestions: 1) Enact limited government regulation of internet, 1) Enact limited government regulation of internet,
cyberspacecyberspaceNeed international cooperation as well as national effortsNeed international cooperation as well as national efforts
2) Increase resources for cyber-defense 2) Increase resources for cyber-defense (government, private)(government, private)
3) Isolate critical infrastructure (e.g. power grid) 3) Isolate critical infrastructure (e.g. power grid) from the internetfrom the internet
Source: Richard A. Clarke, “Cyber War”Source: Richard A. Clarke, “Cyber War” 4) Investigate cyber-treaties4) Investigate cyber-treaties
Disincentives to CyberwarDisincentives to Cyberwar
Potential for retributionPotential for retribution
Harming the internet tends to harm Harming the internet tends to harm everyoneeveryone Difficult to contain scope of cyberattacksDifficult to contain scope of cyberattacks
Non-cyber interests are connectedNon-cyber interests are connected E.g. China owns significant portion of U.S. E.g. China owns significant portion of U.S.
financial structurefinancial structure
Moderating Effects on CyberwarModerating Effects on Cyberwar
Diversity of systems and networksDiversity of systems and networks Many networks, multiple operating systemsMany networks, multiple operating systems
Increasing efforts on intrusion detection Increasing efforts on intrusion detection and preventionand prevention Early detection may help reduce scope of Early detection may help reduce scope of
effects, though malware can spread quicklyeffects, though malware can spread quickly
Cyber Treaties?Cyber Treaties?
BenefitsBenefits Set ground rules for national cyber behaviorSet ground rules for national cyber behavior Attempt to avoid collateral damage to citizensAttempt to avoid collateral damage to citizens
IssuesIssues EnforceabilityEnforceability Use of cyber treaties to limit speechUse of cyber treaties to limit speech
Current Russian proposal attempts to prohibit any Current Russian proposal attempts to prohibit any government from using internet to interfere with any government from using internet to interfere with any other government (e.g. promote, encourage or assist other government (e.g. promote, encourage or assist in dissent)in dissent)
References / More InformationReferences / More Information““Cyber War – The Next Threat to National Security” by Cyber War – The Next Threat to National Security” by Richard A. Clarke (2010)Richard A. Clarke (2010)NPR Morning Edition Two-Part SeriesNPR Morning Edition Two-Part Series http://www.npr.org/templates/story/story.php?storyId=130023318 http://www.npr.org/templates/story/story.php?storyId=130023318 http://www.npr.org/templates/story/story.php?storyId=130052701http://www.npr.org/templates/story/story.php?storyId=130052701
““The Online Threat”, article by Seymour HerschThe Online Threat”, article by Seymour Hersch http://www.newyorker.com/reporting/http://www.newyorker.com/reporting/
2010/11/01/101101fa_fact_hersh?currentPage=all 2010/11/01/101101fa_fact_hersh?currentPage=all
Wikipedia – CyberwarfareWikipedia – Cyberwarfare http://en.wikipedia.org/wiki/Cyberwarfarehttp://en.wikipedia.org/wiki/Cyberwarfare
Wikipedia – CyberterrorismWikipedia – Cyberterrorism http://en.wikipedia.org/wiki/Cyber_terrorismhttp://en.wikipedia.org/wiki/Cyber_terrorism
Questions / DiscussionQuestions / Discussion
Dr. Paul WagnerDr. Paul Wagner
Email: [email protected] Email: [email protected]
http://www.cs.uwec.edu/~wagnerpj http://www.cs.uwec.edu/~wagnerpj