The Problem of Cyber Attacks - Case Study Example

I. INTRODUCTION A. Problem There is no organization in today’s world that is immune to cyber attacks, whether they are governmental, nongovernmental or business related. However, the more these organizations depend on technology, the more vulnerable become to cyber attacks. The US government has openly admitted that its cyber-infrastructure is vulnerable to attacks. The fact remains that it is “struggling to keep pace with the growing number of attacks on its computer networks, potentially leaving infrastructure in America vulnerable to overseas hackers” (Gorman, 2009). According to Army Lt. Gen. Keith Alexander, CEO of National Security Agency said "Id like to say that our networks are secure, but that would not be correct. We have vulnerabilities." (Gorman, 2009). The Cyber Threats are Real In the book written by Richard Clark and Robert Knake called the Cyber War: The Next Threat to National Security and What to do about it, they explain how a major cyber attack on the United States could cripple the economy and leave thousands of people dead. In the present scenario, a major cyber attack can be envisioned to have various deleterious consequences as explained in the below fictional situation beginning with the United States being hit by a sophisticated cyber attack and the Director of Defense Information Agency briefing the Secretary of Defense that an unclassified Department of Defense (DOD) network known as NIRPRNET is collapsing. This is soon followed by two of the classified networks of DOD, SIPRNET AND JWICS, coming to a grinding halt. In the following days, two regional offices of the Federal Emergency Management Agency (FEMA) in Philadelphia and Denton report large refinery fires. There are reports of a chlorine gas leak from several chemical plants in New Jersey and Delaware. In addition to the above, the Federal Aviation Administration National Air Traffic Control Center in Herdon, Virginia is experiencing a total collapse of their systems. There are also reports from the alternate center in Leesburg that several regional centers were unable to see the incoming aircrafts. As the situation worsens, the Indianapolis center reports a midair collision of two 737 aircrafts. The federal Railroad Administration has suffered a major freight derailment in Long Beach, Norfolk, Chicago and Kansas City. By 3.15 pm in the afternoon, subways in New York, Oakland and Washington have crashed and the numbers of midair collisions are rapidly increasing. Pipelines carrying natural gas to the Northeast have exploded resulting in a cloud of poisonous gas over several cities. There has been a wipeout of terabytes of information centers freezing the financial system of country. Weather, navigation, and communication satellites are spinning out of their orbits into space. A series of isolated units within the U.S. military are struggling to communicate with each other. Such a cyber attack will leave several thousands of Americans dead leave several others injured. The ineffective functioning of the ATM teller machine and banks are further compounding the situation and leaving the police and emergency services overwhelmed. According to Clark and Knake (2010), a sophisticated cyber war attack by one of the several nation-states could do this today, in fifteen minutes, without a single terrorist or solider ever appearing in the scene. In addition to the comments by Clark and Knake, the former Director of National Intelligence, Mike McConnell, in a 60 minute interview, commented on the Cyber War stating that, “If I was attacker and I wanted to cause strategic damage to the United States, I would either take the cold of winter or the heat of the summer” (Fager, Cyber War, 2010). He further added that he would consider hacking the electric grid on the East coast and probably on the West Coast and that his end result would be to cause a cascading failure in the electric grid network” (Fager, Cyber War, 2010). He reasoned that this would have an impact on the elderly and the disabled who rely on machines for support. Without electricity the disabled or elderly people will eventually die due to the lack of back-up support from generators, air conditioners, or heaters. Hence this prompted me to focus my research mainly on the risks involved for the financial and energy sector when they are exposed to cyber attacks. The financial sector of any country is their major support system for steady economic growth and is vital for all kinds of transactions both within and outside the economy. The financial sector comprises of the central and commercial banks and financial institutions that conduct their business operations via the internet and are hence globally exposed to cyber attacks. Their dependency on IT based technologies and the resultant increased exposure to cyber attacks requires very strict security measures in order protect them from such attacks. As their operations are mainly internet oriented, a cyber attack can cause heavy damages to the financial sector and eventually destroy the progress of the economy. There is a lot of concern shown from the Government and the management authorities on the security aspects of the financial sector in every economy to protect them from cyber attacks. In the case of the energy sector, the operations do not have to extensively rely on the use of internet, like that of the financial sectors, but still some major areas of the energy sector do operate through the internet. The Electric authority has hence expressed concern over the extensive use of software and information technology. Hence, it is quite clear that both the sectors will suffer heavy damages in case of a cyber attack. (Decay, 2004, pp.10-18; Larence & Powner, 2007, pp.14-25) Appendix Infection Statistics on the Stuxnet Virus The Symantec set up a system to monitor traffic at the Stuxnet command and control (C&C) serv­ers on July 20, 2010 (Chien, Falliere, & Murchu, p. 5, 2010). This enabled us to observe the rates of infection and identify the locations of such infected computers and to work along with the CERT and other organizations to help inform the concerned parties (Chien, Falliere, & Murchu, p. 5, 2010). The system, however, only identified the command and control traffic from the computers that were connected to the C&C servers (Chien, Falliere, & Murchu, p. 5, 2010). The data sent back to the C&C servers was encrypted and included information such as the internal and external IP address, name of the computer, OS version, and whether it was running the Siemens SIMATIC Step 7 industrial control software (Chien, Falliere, & Murchu, p. 5, 2010). As of September 29, 2010, the data has revealed that there are approximately 100,000 infected hosts (Chien, Falliere, & Murchu, p. 5, 2010). The follow­ing graph shows the number of infected hosts by country: (Source: Symantec: Chien, Falliere, & Murchu, p. 5, 2010. Figure 3) The increased number of infections in Iran is indicative of the fact that this country was the initial target for the cyber attack and that it was the site where the infections were initially seeded (Chien, Falliere, & Murchu, p. 7, 2010). While Stuxnet was the targeted threat, the use of a variety of propagation techniques has resulted in Stuxnet spreading beyond its initial target (Chien, Falliere, & Murchu, p. 7, 2010). These additional infections are likely to cause “collateral damage” which are unintentional side-effects of the promiscuous initial propagation methodology utilized by Stuxent (Chien, Falliere, & Murchu, p. 7, 2010). While the infection rates will eventually drop as users will try to patch their comput­ers against the vulnerabilities used for propagation; worms of this nature will typically continue to propa­gate via unsecured and un-patched computers (Chien, Falliere, & Murchu, p. 5, 2010) Rate of Stuxnet infection of new IPs by Country (Source: Symantec: Chien, Falliere, & Murchu, p. 7, 2010. Figure 4) Read More