Why all the hype? Is cyberwarfare really something enterprise information security professionals should be concerned about?
The botnet that made headlines last month was tame, but in general, the potential for damage due to cyberwarfare (or cyberaccidents) is huge -- not because of sophisticated enemies, but because our infrastructure is weak and not well maintained. Cyberwarfare is just a small component of a much bigger problem: the need to design a stable, global IT infrastructure. Even purely accidental network outages have caused major damage to critical infrastructure.
It's hard to know what the next cyber crisis will be, but here are a few best practices that enterprise security teams should consider to avoid becoming victims.
®
Pocket E-Guide
Cyberwarfare and the
enterprise: Is the threat
real?
by Sherri Davidoff
In early July, there was a great deal of press about a "massive cyber-attack" supposedly originating from North Korea, targeting high-profileSouth Korean and U.S. websites. The attacks were reportedlylaunched by "tens of thousands" of infected computers "around theglobe," which were used to launch a distributed denial-of-service(DDoS) attack. Oh, and the infected systems were supposed toself-destruct (presumably taking the world with them).
Most security geeks just scratched their heads and wondered how anaverage-size, rather unsophisticated botnet attack with relatively lowimpact managed to make it above the fold on the front page of theWall Street Journal. A few public-facing government websites wereslow or inaccessible for a few days, but there were no reports offinancial damage or any serious service interruptions.
Sponsored By:Cyberwarfare and the enterprise: Is the threat real?
Why all the hype? Is cyberwarfare really something enterprise information security professionals should beconcerned about?
The botnet that made headlines last month was tame, but in general, the potential for damage due to cyberwarfare(or cyberaccidents) is huge -- not because of sophisticated enemies, but because our infrastructure is weak and notwell maintained. In the U.S., critical infrastructure has come to depend on IT in ways that most people neverrealize. Skyscraper heating, cooling and access systems can be controlled via the Internet. Hospitals request hearttransplants over VoIP phones. Those are just two examples, but there are many others that make it clear that asophisticated, targeted cyberattack really could cause widespread chaos and even loss of life.
Cyberwarfare is just a small component of a much bigger problem: the need to design a stable, global IT infrastruc-ture. Thoughtless teenagers have wreaked havoc on the Internet countless times without even trying. The MorrisWorm of 1988, for example, caused greater devastation than the recent overhyped DDoS attacks, infectingthousands of major Unix machines. Our biggest problem is not that terrorists are out to kill us all, but that eventwenty-three years after Morris, our networked infrastructures are about as structurally sound as a Jenga tower.
Even purely accidental network outages have caused major damage to critical infrastructure. Back in 2002, BethIsrael Deaconess Medical Center's network was flooded and brought to a standstill due to an accidental spanningtree loop. Suddenly doctors and lab technicians could not view patient charts, lab results or fill prescriptions overthe network. Eventually the emergency room was shut down and patients had to be shuttled to other hospitals.What would happen if someone actually tried to disrupt critical systems using the Internet?
Last year at the SourceBoston security conference, security researcher Dan Geer explored what could havehappened with a piece of malware from 2001 called the Nimda virus. Just a few days after September 11, 2001,Nimda spread across the Internet using five different infection vectors, infecting hundreds of thousands of comput-ers within its first day. There is also another, older virus called E911, which caused infected systems to dial 911over their modems repeatedly. Geer commented that, had the authors of Nimda considered including that function-ality in their virulent code, Americans would have "gotten up the morning of Sept. 19 only to find there was noemergency service nationwide; it would have been turned off everywhere and all at once, like a light switch." Thatwould have been just a few days after the nation was already reeling from a crisis.
How to defend against cyberattacks and cyberaccidents
It's hard to know what the next cyber crisis will be, but here are a few best practices that enterprise security teamsshould consider to avoid becoming victims.1. Prepare for outages. Map your organization's information flow. Understand what systems/servicesdepend on having critical network functionality. In many cases, companies simply cannot function withoutthe network anymore. We don't have physical pens and paper or staff training to process all of our informa-tion. Develop communication and fallback plans for short-term (i.e. 1-hour), medium-term (i.e. 24-hour),and long-term (ie. multiple-day) network outages... [download for more]
