CAN TORN CITY WIN ITS CYBERWAR

Home

TC Newsdesk

Custom Search

Banner Exchange

CAN TORN CITY WIN ITS CYBERWAR

Written by Wollongong

Friday, 04 December 2009 12:24

In the silent storm, the ground shook during the last full moon Torn City attack...and all the people of Torn City wondered .. is this the end or only the beginning?

The Torn City Air Force five star general, and the head of Torn City's cyberwarfare command gave the following speech today at Torn City headquarters to staff.

"Good morning everyone, the following is a brief description of recent events at Torn CIty and our overwhelming response to win the cyberwar at Torn CIty...

This week a secret covert program, detected and deleted stats and itself for all the people of Torn City...millions of hours of work and billions of dollars of experience were lost ...our Mayor only covered up the true details of this covert cyberwar currently in progress at Torn City and this mornings speech is to clarify details and our immediate actions in response. Was the Mayors inaction and forum statements truly for the benefit of all the people of Torn CIty , to keep calm and silence or is the fact that all the secret access codes for Torn City were secretly stolen duting the recent mayor's robbery at his home safe a harbinger of things to come. Can Torn City win this cyberwar?! Who is behind this covert action to attack Torn CIty ?!

The short answer to these questions is , we just do not know at this time.

Our experts in cyberwar defines the following as Torn City's options,"

How do you win the Torn City cyberwar? First the mayor must define what "win" means in this context. Does it mean to destroy the enemy? No, I do not think so. The goals of our cyberwar is to subvert, disable or destroy the enemy. Worthy goals but with today's technology, a cyberwar is a war of mutual destruction. They destroy you, you destroy them. That is not a win, that is a draw and under that definition of "win" that is the best you can hope for. Remember, everyone can afford the technology to stage a cyberwar. It does not require a nation or even great wealth." So can we win? Yes! We change the definition of "win" to 'make all Torn City cyber attacks ineffective at a global level'. Then we can have a definitive win."

What is truly interesting about a Torn City defensive Cyberwar win is that the technology of defense can be universally shared, even with enemies, and everyone becomes stronger. Not just in the way that making encryption algorithms public made it stronger but also in the way that making all of the population immune to a virus can make that virus extinct. The Torn CIty cyberwar is a defense game. Attacks are only a side action. So far all Torn City cyberwars have been skirmishes. Enough to know it is real but not enough to have been a 'war'. None have gone full scale. Once a cyberwar goes full scale you can expect it to become a war of mutual assured destruction. A cyberwar will destroy the Torn City Internet and with it all of the functions that have been moved to the Torn City Internet such as IP-telephone, Internet Banking, stock market transactions, Pay Online, IP-cameras, X-Ray sharing and tele-medicine, International trade, email, web access and everything else that uses the Internet. Worst of all, Torn City people will not have access to their porn and stolen music. The costs to the Torn City economy will be immense. The cost to the technologically advanced, which is more dependent upon the Internet, will be greater than those which are not as heavily integrated into the Internet. Of course, the Internet is not the entire electronic infrastructure. The Torn City global telephone networks, cable television networks, cellular phone networks and traditional broadcasting can all be involved in a cyberwar.

One of the problems of the Torn CIty cyberwar is that most of the attacks are obvious to all parties involved. Denial of service is as good as taking down a system and a lot harder to deal with. Subversion of services is especially important since it can allow the attacker to take control of critical real world actions. Software attacks are easy to formulate to bypass all commercially available virus scanners. Automated software attack 'factories' can generate millions of attacks which can flood a system. Consider each attack to be one attempt. Given millions of different attacks, one of them will succeed. Even if they do not succeed, they will overload the scanning systems to the point of denial of service. Torn City zombie systems can insure that Torn City perimeter defenses will fail since these attacks will originate from the inside.Some of the attacks such as IP flooding causing denial of service attacks are hard to resolve because their nature takes advantage of defense as part of the weapon delivery. That is, systems which are intended to resolve these types of attacks can be overwhelmed by the attack, which then causes further denial of service down line. Most Torn CIty defensive systems are at choke points thereby making them the best targets of attack. Control the choke point and that provides control of everything down line at a reduced cost of effort.

There are a number of interesting things that need to be understood about the Torn City cyberwar and it's differences . First, the number of people directly involved as attacker or defender will be small. The number of people affected as collateral victims will be large. Attacks may be staged with a slow pre-attack followed by a swift and decisive attack or there may be no pre-attack at all. Only a very small percentage of the national network of the defender needs to be damaged for a victory. A Torn City cyberwar may be part of a larger, most likely, hot war. The targets in a cyberwar will, by necessity, be both civilian and military along with governmental. The more havoc the better. The goals of a cyberwar may be very different depending upon what stage the war is in. If the war is hot then the goals will be control of the enemy infrastructure, manipulation of the enemy economy and disruption of normal services.There have been actual small scale Torn City cyberwars. These attacks have been very limited but still instructive, as much by what was not done as by what was. So far, at least publicly, these have been limited to subversion of websites. There did not appear to be any use of standard attacks such as trailing IP packets which can overwhelm systems or much in the way of data flooding attacks. Those attacks appear to have been human operated while other small scale attacks appear to happen below the level of cyberwars. These can be automated attacks and more in the order of probing or research and development. From what I can see, everyone has the same attack tools but no one seems to have really great defense tools. Of course, if someone did I would not know about it!

The one thing we are sure of is that the attacker always has the advantage because they know when and how they are going to attack while the defender has to be on guard all of the time, in every way. Yet, the next cyberwar will not be won by the best attacker. The role of the attacker is important because you have to try and take out the enemy. You don't want to defend forever! The role of the defender, while imperfect, will determine who will win the war. The reason for this is that the definition of winning is the person who has an intact electronic and economic infrastructure during and when the war is over.

It is not enough to harden and prepare just critical governmental systems during a cyberwar. Torn City systems must be afforded some degree of protection in order to avoid economic and emotional disruptions which will affect the men fighting the cyberwar. This is hard for several reasons; the most obvious being the scope of the entire problem. There are, however, simple solutions that could potentially provide a national anti cyberwar umbrella. These solutions are often overlooked because they are simple, take advantage of simple physics and use the tried and true methods of warfare, brute force.

The physics involved is simple. Torn City cyberspace can not exist without physical space. The entire cyberspace construct is imaginary. It is a way of thinking. What is actually happening is that information is flowing electronically over a medium, usually a wire or a radio wave. These wires have to converge in order to make interconnections. The number of places where convergence takes place, while a large number, is always a finite number. In fact, the higher you go in the physical tree of the Internet the smaller the number of connection nodes. It would be a very bad idea to attempt a defense at the trunk of the tree. There are too many branches and leaves above it and they could easily flood the ability of any trunk-based defense into becoming more of the problem. In fact, providing silent defense at the lowest levels of the physical branches of the Internet would reduce the size of the problem significantly and provide for instant, nation wide, brute force defense. What is best is that at the lowest branch-leaf level, the defense becomes reactive and regional.

If these defense systems were then given instruction by private channel such as satellite or any other method that does not rely upon the network being protected, then defenses could be developed and broadcast nationally within minutes. This would allow for instant deployment of tactical changes as the war progressed.

Viruses, Trojan Horses, IP attacks and new previously unknown attacks could all be detected and blocked. Zombie systems would be cut off and ineffective outside of their local area. In newer networks. Even if an attacker converted thousands of home and office computers into zombie systems they would be ineffective since they would be cut off from the remainder of the network.

A defense of this type might not even be noticed by the general public but would be very noticed by the attacker.Where, in fact, do these local nodes exist? Telephone company Local Switching Office locations, cable company Internet control offices, radio WiFi control offices, dialup service providers (national and local) and at the trunk level the national interconnects operated by multiple organizations. This is in addition to the fact that all connections into or out of the country exist physically, these are especially finite and known.

The only way to attempt to proceed with an attack in the face of an Internet Defense With Teeth is stealth. Using encryption or slow and low might allow attacks to bypass pattern analysis but if many of these nodes were then connected to a national aggregate data analysis center even a slow and low attack would be detected. In addition, a national center would allow for syngery and the concentration of the best of the best in an area that allows them to provide the maximum benefit.

Since we are talking about the physical layer of Torn City electronic infrastructures, we should also consider that primary offices such as telephone exchange offices, Internet backbone offices and significant server farms such as Google,are probably not blast proof. One server farm such as may contain thousands of servers each of which may contain hundreds of websites. The loss of one of these centers could be very disruptive to the operation not only of those websites but of thousands of other websites that reply on services from the disabled servers. Making these buildings blast proof is a well known off-the-shelf technology and now reasonably inexpensive. Generally only the building skirt (wall, windows and doors) need to be upgraded to make an existing building blast proof.

It should be pointed out that the Torn City primary communications channels are all co-located in one specific area, traveling thousands of miles above ground in unhardened conduit. This is mostly because the right of way to allow the installation of cables already existed. A small explosive charge could disrupt all telephone and Internet communications. In fact, this has already happened, yet no visible improvement to the security has been made. Armoring the cable in blast proof conduit would be much less expensive than running a secondary backbone or burying the cables.

Lets now discuss the physical properties of all electronic infrastructures. First, they all exist in the physical world. Secondly, they are finite and mostly fixed. A website might move from one server to another server with just the automatic change of a Domain Name Service address but the physical server is not going anywhere without someone disconnecting it and carrying it away. The same thing can be said for all of the cables. Almost all telephone and Internet communications exist on cables. Metal, fiber, string it does not matter, the conduit exists physically. Even electronic communications such as satellite exists physically. While the satellite is not within easy reach the ground stations are. If a radio link exists between two building, it can be disrupted using a battery operated device. Easier still, just cut down the attenna or charge the attenna with 120 volts AC which will burn out the transmitter. Again, the cables and antenna can be armored but rarely are. Doors to the rooftop of buildings are normally protected with locks that can be opened in less than 15 seconds with little skill by someone who knows how to use bumpkeys.

So all communications exists on conduits which physically exist and therefore can be physically disrupted. Disruption however, is a doubled edged sword. While an attack can disrupt conduits, the owner of the conduits can also deliberately disrupt them. For example, by careful mapping of the physical layer of the Internet, locally geographic areas can be surgically disrupted to isolate attackers into undesirable topography. This is especially true of International communications which have the additional advantage of being carried by a revelatively small and well known number of conduits. Basically you are isolating the well so it does not affect the rest of the network.

In addition to disruption of service, there is a great deal of intelligence that can be learned by listening to the unmolested information flow. Cell phone communications are trivial to intercept at the local level. Still, anyone can modify off-the-shelf radio receivers to receive cell phone conversations. This is a problem that is actually easy to resolve. Encrypt all cell phone conversations. This would not stop legitimate wire taps but it would stop an enemy from automated collection of cell phone conversations in areas of interest. Encryption of normal off-the-shelf cell phones is available.

Now we turn our conversation back to the defense of individual computers. We already established that we can defend all Torn City computers by deliberate isolation of leafs of the Internet by severing. We discussed that we can protect the electronic infrastructure by blast proofing and changing locks. We discussed protection of cell and even normal phone line conversations by encryption. All of these are potential rich targets for a cyberwar but subversion of our computer infrastructure can be more devastating. Expect an enemy to produce a target list. That is computer systems and network segments they want to either eliminate or control. There is no reason why a defender could not develop the same list and then move to harden the systems on that list, either transparently or with the corroperation of the system owners. There are precedents for when entire lines of production were protected in order to insure some required system down line was protected. In the case of the Internet, the protection could even be transparent to the target, however, the very best defense is knowledge. Knowledge is something that is in short supply in the computer industry. One of the reasons for that is that computer systems have become so complex that no one person can understand everything. There may be many thousands of files as part of the operating system or installed applications. A slow and low attack might modify one of these files via some unknown flaw in the system which, in effect creates a back door. Who would notice one normally operating file hidden out in the open among thousands of files? Any baseline control system would. The knowledge of how to create and use baseline control systems has been around for a long time, yet they are rare which are self healing systems, which is another type of baseline control where the system automatically corrects any problems with the baseline is a defense that can be implemented at any level. It can be put on every desktop, in every printer or network appliance, every server, every router and firewall. In short, if it is connects to a network then it has a baseline and that baseline can be controlled. Baseline control can breath life back into a zombie system, it can make a virus infection moot. For a very tightly controlled system, it can remove or replace trojans and makes the existence of unsuspected flaws moot. A system under strict baseline control will always repair itself and in doing so make most attacks against it moot. What good is a slow and low attack if it is detected at every system the attack is directed to? None. System integrity and operations capability is preserved by baseline control making all forms of attack other than denial of service and destruction of the file system attacks moot. Denial of service attacks are made moot by surgical severance of the network segment generating the attack. Mostly, all of this is automated and protection can happen faster than human decision making speeds. All of the above is detected, and if necessary coordinated by a national aggregate data center. The national aggregate data center is necessary to defend against attacks of the baseline and severance systems themselves. The automated defenses become the number one target because of their effectiveness so these systems then need protection and that protection is provided by aggregate data and self healing. When the baseline of a baseline control defense system is modified, that fact is recorded at the center. The baseline is corrected and then highly monitored. If a pattern is detected, then corrective action can be made. Even if no pattern is detected the fact that a Torn City defense system was modified triggers a threat level advance that can be used to prepare. Think of this as a prediction system, except that the attacks being predicted is a cyberwar. The advantage of a Torn City aggregate common distributed datacenter is that the longer it operates the smarter it gets so that eventually a prediction of the start of a Torn City cyberwar becomes possible and a complete defense gives the win. Most, except for the Torn City distributed datacenter, is common off-the-shelf.

Can Torn City win the cyberwar..the answer is , Yes !! Applause !!

Tune in next time for critical clues of a Torn City extortion scheme...
**END ARTICLE 9.1**

[D

Comments

Add New