kevin coleman_presentation_preparing for eday

8/7/2019 Kevin Coleman_presentation_Preparing for eDay

1/32

Preparingfor aCyberAttack

By Kevin G.Coleman

Countdown to eDay!


2/32

Introduction

The world has awakened to a new threat.

China, Russia and North Korea's test of a

cyber weapon, Iran's cyber weapon

ambitions, the renewed defense industrys

emphasis on the use of computers as aweapon have all combined to accelerate the

rate of development of what Ive called the

most destructive weapon on the planet. The

proliferation of cyber weapons has explodedand estimates suggest that over 70% of

countries will have at least a basic level cyber

weapon by the end of 2008.
http://images.google.com/imgres?imgurl=http://www.russian-flag.org/russian-flag-640.jpg&imgrefurl=http://www.russian-flag.org/&h=511&w=640&sz=37&hl=en&start=11&sig2=kQL-3LL1PMbIoePRiI9QPA&um=1&tbnid=st-90XsczCi5OM:&tbnh=109&tbnw=137&ei=ZU6mSNuIO5-geIiatI4B&prev=/images?q=russia+flag&um=1&hl=en&rlz=1G1GGLQ_ENUS243http://images.google.com/imgres?imgurl=http://www.chinese-flag.org/chinese-flag-640.jpg&imgrefurl=http://www.chinese-flag.org/&h=511&w=640&sz=43&hl=en&start=9&sig2=EWFNvH2LCxIcyNbWm_Rhsw&um=1&tbnid=lKPD5rJv4TsFEM:&tbnh=109&tbnw=137&ei=TU6mSNn_BoyWebW68H8&prev=/images?q=China+flag&um=1&hl=en&rlz=1G1GGLQ_ENUS243


3/32

The China Syndrome


4/32

A Bit of History

Back in 1998 when I was Chief Strategist of

Netscape, I became aware of an international

movement that was designed to create software

that could be used for criminal activity as well as

disrupt Internet activity. That was when I began toresearch what we are now calling cyber warfare.

I testified on cyber crime, espionage and security

before a joint Congressional Caucus. At one pointin my live demo, Chris Dodd asked me, Does our

Defense Department know about you?


5/32

Cyber Warfare & CyberTerrorism

Cyber Warfare and Terrorism is one of thefifteen modalities of UnRestricted Warfare(URW) also called asymmetric warfare.

Cyber Warfare & Terrorism

The premeditated use of disruptive

activities, or the threat thereof, against

computers and/or networks, with the

intention to cause harm or further social,

ideological, religious, political or similar

objectives. Or to intimidate any person

in furtherance of such objectives.

ce: U.S. Army Cyber Operations and Cyber Terrorism Handboo


6/32

CounterfeitHardware

February 2008 - U.S. Customs and BorderProtection Assistant Commissioner for theOffice of International Trade Dan Baldwin andDirector-General Robert Verrue, EuropeanCommission Tax and Customs Directorate,

today announced the results of OperationInfrastructure, which took place last Novemberand December.

The Operation resulted in the seizure of more

than 360,000 counterfeit integrated circuitsand computer network components bearingmore than 40 different trademarks.

6


7/32

CounterfeitHardware

February 2008

The Feds have confiscated more than $75

million of counterfeit Cisco networking

gear. The announcement is in a progress

report on a two-year-old investigation,

code named Operation Cisco Raider. In

most cases the fake gear was made in

China and imported into the United Stateswhere unethical resellers passed it off as

legit.


8/32

Impact of a CyberWar

Of those who do perform what we consider dailyactivities online, more than half say they go onlineevery day or several times a week to perform thoseactivities.

There are about 93 billion emails are sent per daythat will not go through.

Millions of VoIP calls per day will not go through.

Over 200 million Google searches per day will notget done.

A reported 33% of Internet users say they makeeCommerce transactions daily.


9/32


Some 88% of online user say the Internet plays a rolein their daily routines.

Some 40% of Internet users who get the news online

say they log on daily.

Some 25% of the online weather bugs will checkweather daily.

Some 20% of online sports fans check sports scoresdaily.


10/32

A Recent Poll

43%

47%

10%

Not Prepared

Somewhat Prep

Very Prepared

Source:A collaborative effort between DefenseTech.Org and theTechnolytics Institute with nearly 1,000 respondents to the poll.

How prepared is the U.S. for acyber attack?


11/32


INTELLIGE


12/32


$0

$50

$100

$150

$200

$250

2006 2007 2008 2009 2010

Billion U.S. Retail eCommerce Sales

Thats$425million a

day.


13/32

Cyber MediaWarfare

One can only imagine the psychological impact on the viewers that witnessedthis prank. The TV channel CT2 said that they received frantic phone calls

from viewers who thought a nuclear war had started.http://www.youtube.com/watch?v=MzaN2x8qXcM
http://www.youtube.com/watch?v=MzaN2x8qXcMhttp://www.youtube.com/watch?v=MzaN2x8qXcM


14/32

Think About This

What if the Internet went away: For a day

A week

A month

No eMails

No BlackBerrys

No eCommerce

Virtual business services of all sorts,accounting, payroll and even sales

would come to a halt, as would manycom anies.


15/32

The worst thing to do-

There is no doubt today that VoIP is takingover the telecom market, and every monthincreases penetration into business,government and the consumer sectors.

Almost two-thirds of large organizations in NorthAmerica will be using VoIP products and servicesby year end.

Small Business VoIP adoption will grow to 3 millionby 2010. Revenues are projected to reach $2billion.

Consumer VoIP adoption will drive wholesale VoIPrevenues to $3.8 billion by 2010.

You are putting allyour eggs in one

basket.


16/32

Cyber WeaponsProliferation

The cost to develop this new class of weapon is

within reach of any country, any extremist group,

any criminal organization and tens-of-millions of

individuals The raw materials needed to construct

cyber weapons are not restricted and are widelyavailable. We now have a weapon that can strike

at the speed of light, it can be launched from

anywhere in the world, and it can target anywhere

in the world. This briefing will provide an

understanding of the current state of cyberweapons, current defenses and a unique look at

what the future cyber warfare scenario might

encompass.


17/32

Your Cyber Attack IQTest

If I can give you three pieces of intelligence you did

not have before, would you agree this briefing

provided value?

1. What does EPFC and TEDs stand for?

2. How many of you address CBRNE in you contingency

plans?

3. Why should your organizations have supply-chain

integrated into the security program?


18/32

Modern WeaponsEconomics

$1.5 to $2 billion

$80 to $120 milli

What does a stealth bomber cost?

What does a stealth fighter cost?

$1 to $2 millionWhat does an cruise missile cost?

$300 to $50,000What does a cyber weapon cost?


19/32

19

Find the WeaponsFacility

Nuclear Weapons Facility Cyber Weapons Facility

Wheres the Cyber Weapons Facility?


20/32

Cyber WeaponsProliferation


21/32

Cyber Arms Dealers

RBN and their support units provide scripts and

executables to make cyber weapons undetectable by

antivirus software. Every time a copy of the cyber

weapon is generated, it looks different to the anti-virus

engines and it often goes undetected. The

modularization of delivery platform and maliciousinstructions is a growing design in cyber weapons. RBNs

cyber weapons are very popular and powerful. In June

2007, one was used by a single person to attack and

compromise over 10,000 websites in a single assault.

know RBN leases use/capacity on their 150 million node BotN
http://majarah.jeeran.com/images/hacker.gif


22/32

22

Cyber WeaponsEvolution

Low

High

Basic

Research

Applied

Research

Early

Adopters

Rapid

Advancement

Significant Threat

1994 1998 2002 2004 2008 2012 2016

Basic Weapons

Advanced Weapons


23/32

Interesting Quote

NATO's cyber defense chief has warned that computer-

based terrorism poses the same threat to national

security as a missile attack. He went on to say that

Cyber war can become a very effective global problem

because it is low-risk, low-cost, highly effective and

easily globally deployable. It is almost an ideal weapon

that nobody can ignore.

Using this as a framework, we can put into context the

evolving architecture for cyber weapons.
http://images.google.com/imgres?imgurl=http://www.securitysweepblog.org/wp-content/uploads/2008/01/nato.png&imgrefurl=http://www.securitysweepblog.org/category/preventive-war/&h=600&w=800&sz=23&hl=en&start=13&sig2=M83cjQwrtGRo3WttYpWP4Q&um=1&tbnid=uN7aWjnKvFbmGM:&tbnh=107&tbnw=143&ei=p0mmSNCPCoueefH88ZIB&prev=/images?q=NATO&um=1&hl=en&rlz=1G1GGLQ_ENUS243&sa=N


24/32

Cyber Weapons Design

Cyber Weapon Architecture

A missile is comprised of three basic

elements. The first is a delivery vehicle

(rocket engine), followed by a navigationssystem (tells it how to get to the target)

and finally the payload (the component that

causes harm). As it turns out, the same

three elements now appear in the design ofcyber weapons.


25/32


Cyber Weapon Delivery Vehicle

There are numerous methods of delivering cyber

weapons to their targets. Emails with malicious code

embedded or attached is one mechanism of delivery.

Another delivery vehicle is web sites that can havemalicious links and downloads. Hacking is a

manually delivery vehicle that allows a cyber soldier

to place the malicious payload on a target computer,

system or network. Counterfeit hardware, software

and electronic components can also be used asdelivery vehicles for cyber weapons.


26/32


Cyber Weapon Delivery VehicleJust as a navigation system guides a missile, it

allows the malicious payload to reach a specific

point inside a computer, system or network. System

vulnerabilities are the primary navigation systems

used in cyber weapons. Vulnerabilities in software

and computer system configurations provide entry

points for the payload of a cyber weapon. These

security exposures in operating systems or other

software or applications allow for exploitation andcompromise. Exploitation of these vulnerabilities

may allow unauthorized remote access and control

over the system.


27/32


Cyber Weapon Delivery Vehicle

The payload of a missile is sometimes called a

warhead and is packed with some type of

explosive. In a cyber weapon the payload could

be a program that copies information off of thecomputer and sends it to an external source. It

can also be a program that begins to ease or alter

information stored on the system. Finally, it can

allow remote access so that the computer can be

controlled or directed over the internet. A bot (a

component of a botnet) is a great example of a

payload that allows remote use of the computer

by an unauthorized individual or organization.


28/32


Cyber Weapon Architecture

This three element architecture demonstrates how

advanced and sophisticated cyber weapons are

becoming. The architecture creates reusability and

reconfiguration of all three components. As onesoftware or system vulnerability is discovered,

reported and patched, that component can be

removed and replaced while the other two

components are still viable. This not only creates

flexibility but also significantly increase theproductivity of the cyber weapons developers.


29/32

Conclusion

Our nation is increasingly vulnerable to

cyber attacks that could have catastrophic

effects on critical infrastructure as well as

severely damage the countrys economy.

Whether the attack is focused on stealingour business and technology secrets,

disrupting our financial systems or worse,

the threat is real. Countries, terrorists and

extremists around the world aredeveloping and implementing cyber

warfare doctrine, strategies and weapons.


30/32

Conclusion

The Cold War may be over, but the cyber

arms race has just begun. The threat is

eminent. We must rapidly develop

offensive and defensive cyber weapons

capabilities as well as the military doctrine

and regeulations necessary to govern their

use. In the cyber arms race we cannot

finish anyplace but first.


31/32

31

QUESTIONS

?

?

??

??

?

??

?

??

?

??

?

? ?

?

?

?

?

?

??

?

?

?

?

?

?

?

? ?

?

?

?

?

?

?


32/32

Biography

Kevin G. Coleman is a Senior Fellow andStrategic Management Consultant with

the Technolytics Institute. He is the

former Chief Strategist of Netscape and

was a member for the Science and

Technology Advisory Panel at the JohnsHopkins University Applied Physics Lab.

He has briefed defense contractors and

other organization on cyber warfare and

is a highly published professional covering

cyber security and writes regularly for EyeSpy Magazine and authors the Cyber

Warfare Blog for DefenTech.org.

The Technolytics Institute4017 Washington Road

Mail Stop #348

McMurray, PA 15317

P 412-818-7656

F 412-291-1193

I www.technolytics.com

[email protected]
http://www.technolytics.com/http://www.technolytics.com/

kevin coleman_presentation_preparing for eday

Documents