Research on Cyber Warfare

Re: Research on Cyber Warfare

As promised, I have made a more organized list of the resources that I've gathered so far. Of course not all of them will be used for the paper, but some provide insight or a different perspective of things. Thanks a bunch! - you guys have been a big help, and if you run across anymore sources, especially newer stuff, please let me know. I may still need some advice here and there as the paper develops.

The list is located here: http://web.mac.com/agentdarkapple/Ag...r_Warfare.html


Also, I was going to throw a few titles out there and see what you guys think. I know some of you think "cyberwarfare" is cliche, but I've found out that my professor actually seems to like the term. I'm trying to find the most relevant title that also appeals to her interest (hey, I want a good grade). Background on her - female, doctorate in Information Systems and Communication, works in law enforcement (cyber crimes, computer forensics, etc.). Here are my ideas, feel free to criticize or add to...

Cyberwarfare: A Threat for the Future

Cyberwarfare: When Information Warfare meets Technology

Network-centric Warfare and the threat of Cyber Terrorism

InfoWars 2.0: The Threat of Cyberwarfare in the 21st Century

Keyboards and Conquests (I hope this one doesn't sound too WoW-ish lol)

Digital Destruction: The Impending Threat of Cyberwarfare

Re: Research on Cyber Warfare

Lol I'd forgotten about that movie...

Re: Research on Cyber Warfare

I think the writers of Ocean's Eleven would beg to differ.

Re: Research on Cyber Warfare

Hah, sorry, I was half asleep when I posted...I know overall it would cause all sorts of problems, but comparing that to a nuke...in that context it would make the EMP not look so bad. I'd still hope that nobody resorts to using either.

Re: Research on Cyber Warfare

An EMP is not a pinch.. it would cause economic collapse, world market shutdown for a while, and (it is estimated) the loss of several ten to hundred million lives. I think the report said imagine life in the USA in the 1920s and 30s. That's the population we could support with minimal infrastructure.

That sounds a little doomsday to me, but honestly the more you look into EMP the more you realize no one knows for sure, just that electronics are more complicate and sensitive than the tubes and basics when the Starfish(prime) test happened. The groups that have the test facilities aren't writing about it.

Re: Research on Cyber Warfare

erehwon, thanks!

xor, I honestly think that if something like that happened, the "rules" of war would have to be redefined. If it was proven to be an act of terrorism or war, I have no doubt that the US would "have" to do something. I don't know that they'd whip out the nukes - you pinch me, I annihilate you? Then again, the US has done some unreasonable stuff in the not so distant past.

Re: Research on Cyber Warfare

Of course it's my specialty, as a matter of fact, I found out today that I'm getting an award.

On the case of the end users, it isn't really stupidity but more ignorance. A sales strumpet walks in and tells management all the wonderful things that can be done with WebHMI, after all, you can get those latest production run numbers right now, at your fingertips. They eat it up and buy it, and next thing you know it's installed by a contractor much to the dismay of local IT.

The entire culture surrounding the implementation of SCADA systems needs to be changed from the ground up. IT and SCADA integrators need to work closely together to make sure that things are done properly.

I was just working with a vendor last week that their product needed access to one of the SCADA SQL databases for historical data, and they were surprised that I had the 'sa' user disabled, as that's what they normally use with their product.

...and if I hear one more contractor/employee say "why do we need all this security, we're not the FBI?", I'll be needing to dig another hole at the plant.

Re: Research on Cyber Warfare

Why did I know that something that involved shit through a pipe, you'd have something to add

I think that's where the risk is for the most part, industries not used to thinking about network security and that kind of infrastructure. I'm reminded of DC....13 I want to say, where the Shmoo group showed an article where a trade magazine was touting the use of wireless in a nuclear plant, much to the fear of the crowd.

I know that we can't, but the real solution is the prosecution of stupidity.

Re: Research on Cyber Warfare

_poke in the ribs_ Are you going to update C4I? The last links are from late 2007.. much like the old (but being refreshed!) book section on defcon.

Re: Research on Cyber Warfare

EMP attacks are very interesting especially from a nationalistic & political perspective. Do you go to war over an attack that only destroys electronic infrastructure? If you are a terrorist, not only do you get notoriety, but by not taking life directly, there is less risk of a global outrage. Certainly there would be loss of life, due to the interruption of services that sustain it. We are hurt much more than say an Iran by such an attack. How do you respond to an attack like that? Do you pull the nuclear trigger?

xor

Re: Research on Cyber Warfare

I'll toot my horn, and then hide again in the bunker...

There is a whole slew of cyberwar and infowar links on C4I.org - http://www.c4i.org

Not to mention whenever someone gets the itch to mess with the SCADA networks after getting fired, if it makes it to the news, we usually have it on InfoSec News and archives of past acts over the years! - http://www.infosecnews.org

Re: Research on Cyber Warfare

streaker69, thanks - got a couple good sources out of those threads!

Dark Tangent, thanks! That was definitely stuff I hadn't found yet. I'd heard of Boyd as a military strategist (my husband is a military history and military strategy buff), but I never realized how much his theories applied to network defense. I'm glad you mentioned EMPs too. I was thinking about that but totally left it out of my research until I read your post.

renderman, thanks, I hadn't seen anything about the Australian sewer incident, I'll have to look into that one.

note: I found a lot more sources today. I still need to sift through them and make an organized list with more detailed categories, but when I do I will add it to the thread. Any more sources or suggestions you guys want to add are greatly appreciated. Even the sources I don't use for my paper can give me insight and can be posted here for the benefit of the curious. And if anyone wants to glance over the list of sources and call BS on some of them, feel free - I don't want to use it if it's bad info.

Re: Research on Cyber Warfare

I looked into that one a good bit when it made the news, and that again was a case where proper procedures weren't followed when an employee left.

The amount of damage that he did, you're right, was minimal, and sewage backups aren't as bad as the general populace believes them to be. Creeks and ponds recover quite nicely from them without much issue. It's only when the spill is stretched over long periods of time that the damage is more permanent.

Our biggest issue we had in the past couple of years was 100,000 gallons and it flowed into a small creek. We cleaned it up within a couple of hours and you couldn't even tell it was there. I think people just see the issue as being gross so it gets blown out of proportion.

Most of the attacks that I've found against SCADA systems have been from insiders. I did some looking into what it would take to actually inject commands directly into the data stream and I didn't really find a way to do it, and I knew the kind of data I was looking for.

I do think what is going to be a big downfall of SCADA systems is the introduction of WebHMI systems where you don't need the SCADA client installed on the machine. Nothing like opening up a browser and having the entire process at your fingertips. We purchased the license for WebHMI for our product and I did not enable it because I couldn't ensure that it's authentication method was secure enough to have it installed.

Re: Research on Cyber Warfare

One case your going to hear about in your travels is the Australian sewer backup hack. The one where they guy tries to extort money from the utility by tinkering with valves to backup sewers Defiantly in the over hyped category since he was a trusted insider for many years and only succeeded in backing up a few swimming pools worth of crap, which is a small amount compared to what can happen purely by accident.

I think the measuring stick to use to gauge if it's actually worth the hype is "Is it worse than what mother nature can achieve". In the case of the Northeast blackouts, yeah it's gonna suck if someone can do it on demand, but we know life can go on and we can deal with it. If someone can shut down phone service to an area, well a tree falling on a substation can do that too.

In all my research for the Zombie talk this past con, the only thing I found that was of any worry was the power grid, mostly as an additional screw you to something else as you said. The biggest damage could be just to drop the hammer in winter, just as a major storm hits and cut power to a big swath of the Northeast

Re: Research on Cyber Warfare

An in depth look at CI vulnerability to and EMP attack, I'd love to read the classified version!

The official EMP Commission homepage:
http://www.empcommission.org/

Obligatory Wiki page on EMP:
http://en.wikipedia.org/wiki/Electromagnetic_pulse

.pdf of Dr. Michael J. Frankel, executive director of the EMP Commission, recently submitted testimony to the U.S. House Homeland Security Committee concerning threats to the nation's power grid and to cyber security:
http://homeland.house.gov/SiteDocume...5419-98752.pdf

If you haven't yet go read all you can about this guy, John Boyd
http://en.wikipedia.org/wiki/John_Bo..._strategist%29
He was a total stud. His people have been applying his theories to network defense, just has they have been applied to air combat, hand to hand combat, business strategies, and nuclear war. He passed away in 2002:
http://www.arlingtoncemetery.net/jrboyd.htm
To Coram and others, including Defence Secretary Donald Rumsfeld, Boyd is "the most influential military thinker since Sun Tzu wrote The Art of War 2400 years ago".