Friday, December 04, 2009

Lying in Wait: Cyber Pearl Harbor...

The Operational Risks associated with the corporate battle against "Conficker" are still a true threat to our cyber infrastructure and maybe more than we could have ever imagined. Is this "Botnet" lying in wait for some future 4th Generation Warfare master plan?

Speaking at an end of year wrap, F-Secure chief research officer, Mikko Hypponen, said 2009 was an exceptional year in IT security.

“We never see huge malware outbreaks anymore — except this year we did,” he said “Conficker peaked with over 10 million infected computers around the world and at the end of 2009 is still in millions of computers.

“This was very advanced malware using several tricks we have never before seen. [It was] a massive botnet not being used by the malware operators for anything useful and we still don’t the real story behind Conficker and that makes it one of the biggest mysteries in the history of malware.”

DHS CyberStorm III is scheduled for September 2010 and will leverage the lessons learned from I and II. What are some of the major "Wake-up Calls" in the CSII Final report:

  • Finding 1: Value of Standard Operating Procedures (SOPs) and Established Relationships.
  • Finding 2: Physical and Cyber Interdependencies. Cyber events have consequences outside the cyber response community, and non-cyber events can impact cyber functionality.
  • Finding 3: Importance of Reliable and Tested Crisis Communication Tools.
  • Finding 4: Clarification of Roles and Responsibilities.
  • Finding 5: Increased Non-Crisis Interaction.
  • Finding 6: Policies and Procedures Critical to Information Flow.
  • Finding 7: Public Affairs Influence During Large Scale Cyber Incidents.
  • Finding 8: Greater Familiarity with Information Sharing Processes.
  • Source: CyberStorm II Final Report - Page 3-4 - July 2009
The Homeland Security Department's third large-scale cybersecurity drill in September 2010 will test the national cyber response plan currently being developed by the Obama administration, said industry and government participants in the simulation exercise during a conference on Tuesday.

Cyber Storm III will build upon the lessons learned in the two previous exercises that took place in February 2006 and March 2008, and provide the first opportunity to assess the White House strategy for responding to a cyberattack with nationwide impact.


You are not going to hear very many people talking about "Conficker" being the beginning of a "Cyber Pearl Harbor" sneak attack and for good reason. SEE FINDING 2.

Physical and cyber attacks are rarely mutually exclusive. Physical attacks impact cyber infrastructure and cyber disruptions can have acute physical impact. This is why an "All Threats and All Hazards" approach has been adopted by many, including this blogger.

The 20+ page report from DHS took thirteen months to produce. Exercise in March 2008 and report in July 2009.

Yet the realistic future scenario is not too much of a stretch to imagine. At some point after the "Conficker" malicious code is put into action, a "Stall" warning light comes on at US-CERT. The Internet is the mechanism for the delivery of a lethal payload never before experienced in any previous tests, or real events. William Jackson has this to say:

"Dec. 7 is the anniversary of the Japanese attack against Pearl Harbor that crippled the U.S. Pacific fleet and brought this country into World War II. What have we learned in the 68 years since that world-changing day?

The threat in our age is less to ships and aircraft than to the technology that controls so many aspects of our lives. Many observers have warned that our defenses are not adequate to protect our nation’s critical infrastructure, and the phrase Electronic or Digital Pearl Harbor has been commonly used to describe a surprise cyber attack that could cripple our military and commercial capabilities. Dire as these warnings are, we should take them with a grain of salt.

Although cyber threats are real, the chances of a Digital Pearl Harbor remain small. This is due not so much to the success of our cyber defenses, which in many places remain inadequate, but to the realities of warfare and networking."

Perhaps there really is an "E-Qaida" as Brian Krebs of the Washington Post has alluded to in his Security Fix column. An insurgency from non-state actors and not China as many would say is our largest cyber enemy from a non-nations state. If this is true and the "E-Qaida" are out there, then you can quickly make the leap to counter insurgency, irregular warfare and other metaphors in the wars of Iraq and with the drug cartels of Latin America. Fourth Generation Warfare (4GW) insurgencies can't be compared to traditional insurgency models in that they do not intend merely to replace the existing government. The target is the state itself.

Physical weapons are not the only tools of the insurgents. Recently, the internet and satellite television have increased the opportunities for insurgent groups to recruit, communicate, and wage war to win the opinions of their target populations whether they are the local populace, foreign governments or the world public at large. In 4GW environments, physical weapons may be counterproductive to the cause of the insurgents. The prodigious use of propaganda may be all that is needed to achieve their goals. Source: FMFM 3-25
So if you are reading this now, is it working?