Saturday, May 19, 2007

Cyber Terrorism: Attack on a Nations State...

The attack on the Critical Infrastructure of the nation state of Estonia over the past few weeks should be a wake-up call to governments across the globe. The facts are coming out in the mainstream media this week about the origins of the attack and the magnitude of the event. Yet the real lesson to be learned here goes deep into the chasm of having "Cried Wolf" too many times and the resulting ignorance of a major threat in the making.

Young men paying cash to learn how to fly large Boeing airliners and not worried about landings. Does this ring a bell?

Peter Finn of the Washington Post Foreign News Service has identified much of the real issue at stake here:

This small Baltic country, one of the most wired societies in Europe, has been subject in recent weeks to massive and coordinated cyber attacks on Web sites of the government, banks, telecommunications companies, Internet service providers and news organizations, according to Estonian and foreign officials here.

Computer security specialists here call it an unprecedented assault on the public and private electronic infrastructure of a state. They say it is originating in Russia, which is angry over Estonia's recent relocation of a Soviet war memorial. Russian officials deny any government involvement.


How many more of these "Botnet" attacks will be necessary for the public, the media and the government to realize that this is the beginning of a new generation of warfare that will be fought using "Zeros and Ones" as increasing effective ammunition against your enemy. Whether it be a nation state or your business competitor, large Distributed Denial of Service (DDOS) attacks can be rented on the Internet by the hour. So how big a network of "Bots" is necessary to disrupt a nation state like Estonia?

Roughly 1 million unwitting computers worldwide were employed, said Jaak Aaviksoo, Estonia's minister of defense. Officials said they traced bots to the United States, China, Vietnam, Egypt and Peru. By May 1, Estonian Internet service providers were forced to disconnect all customers for 20 seconds to reboot their networks.

Disruptions of all kinds are giving Chief Security Officers (CSO) head aches and heart attacks as the economic impact of spoof e-mail and DDOS attacks wreak havoc beyond the network to the financial markets. The attacks could be the work of competitors or more likely the coordinated, well planned and funded mission of a worthy criminal or terrorist adversary:

Apple (Quote) shares dropped 3 percent to $104.63 in afternoon trading as ultimately false rumors of iPhone and Mac OS X Leopard delays spread across the Internet.

The plummet started when technology news blog Engadget.com reported Apple pushed iPhone's launch from June to October and Mac OS X Leopard from October to January. Ryan Block, the post's author, cited an "authority" for a source.

It turns out that "authority" was a forged e-mail sent to thousands of Apple employees at 9:09 a.m. this morning. It was eventually leaked to Block who posted at 11:49.


What impact does the media and information leaks have on the market value of your company? How do you as a CSO, CEO or Chief Risk Officer mitigate the risk of this kind of "Social Engineering" ploy to manipulate your stock price? The answer is not more software or some kind of fancy new device for analyzing network traffic.

The answer is education and enhanced monitoring of information. It's also making sure that your institution has prepared for and tested the resiliency of the organization for such a scenario. The Department of Homeland Security has been exercising for major incidents of the magnitude described against Estonia for years. The next event is scheduled for the spring of 2008 and is know as CyberStorm II. In this exercise the scenario will involve both physical disruption and the digital origin of vulnerability exploits. The lessons learned will be a public and private partnership discussion for years to come.

The Case Studies of the Estonia attack and the Apple spoof are being written as we speak and the output is what any CSO should be seeking. Increased awareness and education of it's employees, customers and suppliers. Without effective learning, the resiliency of the enterprise is in jeopardy.