Currently viewing the category: "Cyber Offense"

Download (PDF, 190KB)

I happened across the Ocean’s Trilogy (Ocean’s Eleven / Ocean’s Twelve / Ocean’s Thirteen) [Blu-ray]
deal for $13.99
that Amazon has today and remembered the “Pinch” in Ocean’s Eleven.  It also reminded me of one of the discussion points of the recent Security Jam in which I participated.  So with that let’s take a look at a real “Pinch.”

“Electromagnetic Pulse (EMP) is an instantaneous, intense energy field that can overload or disrupt at a distance numerous electrical systems and high technology microcircuits, which are especially sensitive to power surges. A large scale EMP effect can be produced by a single nuclear explosion detonated high in the atmosphere. This method is referred to as High-Altitude EMP (HEMP). A similar, smaller-scale EMP effect can be created using non-nuclear devices with powerful batteries or reactive chemicals. This method is called High Power Microwave (HPM).” – Clay Wilson (report above)

One of the discussion topics argued that an EMP was a Cyber Weapon; I completely disagree.  With that said the following is a quick excerpt of my comments on that argument:

I’d like to point out that previous attacks on Cyberspace have come from the physical medium and will continue to come mainly from that environment, in a Military context, more often than not.  A 500lb kinetic bomb on the power station and backup generators will create a similar effect on a targeted aspect of Cyberspace.  An EMP weapon would be just as difficult to use as a Cyberspace based weapon.  The boundaries of an EMP weapon’s effect are not easily identifiable, the verification of the desired result difficult to determine, and when used poorly can create significant 2nd and 3rd order detrimental effects.

I would list an EMP in the Electronic Warfare (EW) arsenal with potential and probable Cyberspace effects.  Justification for this would be that much of the Cyberspace focus is on Computer Network Attack, Exploitation, and Defense.  An EMP weapon will have significant ramification on the infrastructure to conduct these missions but will also wreak havoc on the Electromagnetic Spectrum.

A focus on adding an EMP capability to the arsenal would foster and require the continued development and implementation of hardened electronic suites.  This is extremely costly and would require reviews of both the DoD infrastructure as well as the National Critical Infrastructure to determine hardening requirements.

EMP is an EW weapon with Cyberspace effects.  A Cyberspace weapon comes from within Cyberspace.  Try not to blur the lines simply because Cyber is the popular term of the moment.

So what do you think?

[Report via FAS]

Incoming search terms:

oceans 13 magnetic pulse

Download (PDF, 2.3MB)

First the obvious disclosure piece.  I’m never comfortable with allowing & receiving reports from those you procure services from.  I’m even less comfortable with Northrop Grumman’s Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage report.  I don’t understand what would possess the U.S.-China Economic and Security Review Commission to accept such a report let alone request and fund it from a Department of Defense contractor with significant interests in this developing area.  I could care less if these information security analysts were the best on the planet this in my mind is a clear conflict of interest and “personnel firewalls” have zero effectiveness.

With all that mentioned let’s see what they put together in this massive document.

The immediate focus of the document is  on “information confrontation.”  They point to a Chinese paper on Infomization Dominance.  Sounds a lot like the U.S. Navy’s Information Dominance Corps focus doesn’t it?  Additionally it discusses China’s Integrated Network Electronic Warfare or INEW strategy.

PLA analysts consistently identify logistics and C4ISR infrastructure as U.S. strategic centers of gravity suggesting that PLA commanders will almost certainly attempt to target these system with both electronic countermeasures weapons and network attack and exploitation tools, likely in advance of actual combat to delay U.S. entry or degrade capabilities in a conflict.

This is of significant concern.  The United States has continued to outsource and outsupply items through every portion of our lives and the result is this has forced the US Military to be dependent upon similar sourcing paths and venues.  Until a shift toward in house production and upfront investments to mitigate supply chain risk this will continue to leave a massive vulnerability through every level of the Department of Defense and Critical Infrastructure of the United States.

At least 50 civilian universities conducting information security research nationwide benefit from one or more of roughly five main national-level high technology grant programs, reflecting what appears to be a broad technology development plan consistent with published national priorities.

My immediate response was that the U.S. has so many more universities conducting information security research that it dwarfs the metric listed.  While true what is more concerning is the number of individuals China has attending our universities which compliments this metric.  The cost is often prohibitive for the US Government and Military to send or acquire personnel from places like Carnegie Mellon University.  However, for a highly resourced entity the ability to integrate with the leading Computer Science and Information Security university and research entities is much more significant.

Without strict control of this complex upstream channel, a manufacturer of routers, switches, or other basic telecommunications hardware is exposed to innumerable points of possible tampering and must rely on rigorous and often expensive testing to ensure that the 11 semiconductors being delivered are trustworthy and will perform only as specified, with no additional unauthorized capabilities hidden from view.

Until the U.S. changes its Research and Development to include Production capabilities this will pose a massive risk which cannot be managed, improved, or worked around.  I’ve seen discussions to make this a responsibility of the GSA or other major government entity but I’m not sure GSA could effectively get this accomplished.  I believe an entity tasked with this would need to be supported heavily by the National Laboratories and Research & Development components of the USG.

Professional state sponsored intelligence collection not only targets a nation’s sensitive national security and policy making information, it increasingly is being used to collect economic and competitive data to aid foreign businesses competing for market share with their U.S. peers.

There is no longer a difference between national security information and economic and competitive data information.  Intellectual Property is part of a Cyber War and this includes the piracy of information and data.  The difficult part of this is discerning the difference between Cyber Warfare and  Cyber Crime.  Where does this get handed to Cyber Command or the Department of Homeland Security?  This is something that is currently being debated in the U.S. Congress.  There are a couple of Information Security Bills being tossed around;  Senator McCain’s Bill and Senator Lieberman’s Bill.

Media and industry reports portray some of the incidents attributed to China as advanced but the reality is that many successful penetrations are “advanced” only because the targeted organization was unable to stop them or detect the presence of the operators on their networks.

This is simply the complex media spin that exists in the United States.  It makes it more interesting and sexy if it was complex.  The story isn’t as valuable (yes advertisements run everything) to the news venue with out this interesting and sexy spin on it.  Not bad to note that this is the case but if you don’t understand that this is occurring you aren’t paying enough attention.

Activities attributed to state sponsored operators often appear to target data that is not easily monetized in underground criminal online auctions or markets but highly valuable to foreign governments. Highly technical defense engineering information, operational military data, or government policy analysis documents rarely if ever appear to be a priority for cybercriminal groups.

This is well executed obfuscation of the intent of the adversary.  If it is difficult to determine why certain information was ex-filtrated then it provides less alarm to the victim.  This allows further ex-filtration from other entities to compliment the data and turn it into very valuable and actionable information.

To date, the former joint venture between Huawei Shenzhen Technology Company Ltd and Symantec, Inc. is the only major partnering between a Western information security firm and a Chinese high technology company.

This has since been disolved as of 26 March 2012.  The New York Times did a quick piece called Symantec Dissolves a Chinese Alliance.  So we’re starting to see significant implications of a quiet and cold Cyber War that is well underway both in the private and public sectors.

The PLA is to prepare for “Local wars under informationized conditions.”

PLA leaders included additional responsibilities under the third role that identified not only space and distant ocean areas as domains vital to Chinese national security interests, but also included the electromagnetic spectrum—a change that is likely already driving PLA investment in the development of more sophisticated information warfare capabilities. 

And

The PLA Daily described warfare under informationized conditions as being characterized by opposing sides using complete systems of ground, naval, air, space, and electromagnetic forces.

This essentially reflects the exact move the U.S. Navy made in 2009 when Admiral Roughead formed the U.S. Navy’s Information Dominance Corps.  It effectively recognized the Electromagnetic Spectrum as the 5th domain.  This has also been echoed via General Michael Hayden (USAF, Ret), former Director of NSA and CIA.  So who started this operationalization of Cyberspace?

Information Confrontation Theory: The strategic imperative for the PLA to operate in the electromagnetic domain is driving the formulation of a new approach to information warfare, termed information confrontation (xinxi duikang; 信息对抗), that applies system of systems operations theory to information warfare, viewing it as a macro-system comprised of discrete capabilities linked together under a single command structure and fully integrated into the overall campaign plan.

Information confrontation theories currently being developed and refined within the PLA today seek to address these gaps, particularly the need for more coherent command infrastructure.

With this section I see absolutely no difference compared to the initiatives the USG and its Military is pursuing.  Remind you of anything?  Maybe the Cold War?  The “adversary has developed this so I must” paradigm.  Locks everyone in a continuous do-loop until someone finally gives up.

PLA had created a “super-elite unit of cyberwarriors” designed to carry out network exploitation of foreign networks.

There have been continued reports on this network exploitation team formed in China and in other countries which now includes the United States Military.  Unlike the United States China has denied existence of this type of unit even though numerous evidence, videos, and other indicators continue to validate it’s existence.   But at this point this fact doesn’t matter.  Most are operating under the assumption that it does exist and that most countries with the ability will form a similar cadre with cyber expertise.

Much of the remainder of the document stipulates and speculates on what-ifs and could happen items.  This can be chalked up to “cyber marketing.”  This brings me back to the disclosure  piece.  The document isn’t that bad but since Northrop Grumman produced it you must rightfully discount it.  This then devalues the tax dollars that were spent on it.  I have nothing against Northrop Grumman.  I simply believe this could have been produced in a much better fashion from one of the dedicated Federally Funded Research and Development Centers (FFRDC), like SEI or MITRE vice a services and production based contractor such as Northrop Grumman.

[via USCC]

Download (PDF, 1.01MB)

I find it wise to keep on top of developments of key regions and partners.  One of those areas is in the Naval Conference arena.  DIMEX 2012 started yesterday.  You’ll invariably notice the  “platform” focus of the show and it’s first day’s newsletter.  There are a few notes on Combat and Weapon Systems but the significant draw for the region is still a patrolling maritime asset.

If you take a look at the information in the newsletter you can see significant information on what nation uses what shipyard or country to provide it’s maritime capability.  From there I’ll let you infer the easily target-able, with some focused effort, supply chain risk.  You could go the “maritime SCADA” route or numerous other paths of exploitation.

About DIMDEX 2012:

Hosted in Qatar DIMDEX 2012 is the pre-eminent maritime event in the Middle East and North Africa (MENA) region.  It draws 150 exhibitors that feature Warships, Maritime Patrol Aircraft and Helicopters, Marine Communication Systems, Coastal Surveillance, Total Ship Self Defence Systems, Naval Weapon Systems, Search and Rescue Equipment, and Naval Defence Supplies.

This year 14 warships from 11 navies are participating with an expected draw of 9,000 Maritime and Naval industry participants.

[via DIMDEX]

Set your Twitter account name in your settings to use the TwitterBar Section.