Strife

The Academic Blog of the Department of War Studies, King's College London

You are here: Home / Archives for Cybersecurity

Cybersecurity

Cybersecurity in Practice (Part IV): Realities and Importance of effective Cyber Crisis-Management infrastructures

by

By: Nicolas Castellon

computer-detail
Photo of a server room that allows for seamless storage and control of data.

We are now witnessing the beginning of the digital age. In the last couple of years, we have witnessed a hyper-digitization of society as the number of users online has risen to nearly 3.5 billion from 1.2 billion just ten years ago. Beyond people having a presence online, our devices are also increasing becoming connected, as there are currently 6.4 billion connected devices and estimates show that there will be around 20 billion by 2020. These numbers show promise of increased innovation, productivity and connectivity in ways we have not yet discovered. Our critical infrastructures will become “smarter” and will increase in efficiency providing more sustainable output. This interconnectivity, however, comes with risks. The reliance of organizations on the digital domain means that new risks are on the horizon, and companies, universities, and the government might not be prepared to face them.

These risks are currently seen as access breaches, ransomware, and malware that infect devices within our organizations. These risks lead to data breaches, extra spending, loss of intellectual property and espionage. Knowing how to avoid these dangers can make or break an organization’s reputation in the digital age. Well-prepared organizations should have proprietary or outsourced digital fences in the form of firewalls, Intrusion Detection Systems, and Security Operating Centers to name a few security measures. With these defense layers in place, organizations tend to forget the human factor, the management of the crisis.

When an organization is struck by a cyber-attack that affects business beyond a tolerable threshold, a designated team is usually appointed to handle the situation. If in place, this crisis team has the ability to contain the issue, frame the incident towards stakeholders, and -most importantly- learn from the incident. Though not all forms of cyber-attack are worthy of activating a crisis team, some are. Companies operating critical processes for their own business or for their clients -such as a large data center provider – will require restoring operations within a tolerable time before financial losses are felt or contract obligations are broken. Handling the crisis appropriately can prevent poor financial projects for the next quarter and reputational costs for the company.

Most organizations should have in place contingencies to assist the crisis team in handling the incident. These documents are normally found in the form of Business Continuity Plans and Disaster Recovery Plans. Thorough crisis management, however, goes beyond the following of prescribed procedures. Crisis Management in the digital era means that a lot more is at stake and that we have less time to handle it. It is important to highlight two major overseen factors of crisis management: crisis communication, and stress coping.

Crisis communication is just as important as incident handling. Crisis communication is the conveying of messages to stakeholders to frame the incident in a contained manner. In this way, the organization facing the crisis “owns” the story portrayed by the outside world. With the massive growth of social media, crisis teams can also expect unflattering coverage if the crisis is perceived outside of the meeting room by consumers. We can imagine this to be most true in the case of telco providers, online banking and payment systems, public transport and the energy grid. Diving into the example of Telcos, a loss in the network will be felt almost immediately by users and thus might gather unwanted media attention. In this case, effective crisis communication would mean that the users and the media outlets are presented with an organizational method acknowledging the disruption, commentary if possible, and a generous estimate of when the problem should be resolved. Effective crisis communication is a continuous dialogue meant to put the stakeholders at ease. The message should be clear, concise and should not make promises that cannot be met.

Stress coping is easily the most overlooked aspect of effective crisis management. The crisis team consists of a team of people from different branches or teams of an organization, depending on the organization’s size. These teams have the habit of changing given the rotation of staff, and the members of the team have mostly never experienced a major incident. The stress suffered during a major incident has a different effect on the team member depending on their personality and resistance. Everyone in this team, however, should know how to work under pressure and stress. It is important for the crisis team to turn the stressful incident into an increase of awareness and perception that will lead to clearer thinking and thoroughly thought out decision making. Familiarity with a major incident leads the team members to build better-coping mechanisms, as enough familiarity with major incidents will grow their tolerance.

Organizations can easily overcome these thresholds with education. Crisis teams can be trained to follow contingencies more accurately and efficiently; they can be trained to communicate effectively and deal with the stress of the major incident. Organizations should train their crisis team members and should run periodic simulations. Simulations of major incidents will engrain the crisis team with a hands-on experience that dry-runs will not be able to deliver. For these reasons, it is recommended to experience the stress generated during a major incident and operate within the same time-windows as a real incident.

Though crisis management is not the first line of defense against cyber-attacks that may lead to great financial loss or reputational costs for an organization, it should be perceived as the organized execution of a company’s effort to contain the incident. With the rise of digital technologies over the last 20 years and their exponential growth over the next years, more organizations will experience a crisis where digital systems will impact their daily business. Crisis management does not prevent organizations from cyber-attacks, but it does ensure that the organization survives them.

Nicolas is a Cyber Security Specialist at CGI Group in Rotterdam, the Netherlands. He is currently working in the Space, Defense and Intelligence sector on Cyber Security Governance and Crisis Management Consulting. He holds and MSc (cum laude) from Leiden University in Crisis and Security Management.

Image credit: http://www.lexantronix.com/?p=33

Cybersecurity in Practice (Part III): PWNED Maritime Systems

by

By: Cheng Lai Ki

Internet based Maritime Traffic Map detailing the positions of types of vessels off the coast of the United Kingdom
Internet based Maritime Traffic Map detailing the positions of types of vessels off the coast of the United Kingdom

Russian cybersecurity firm Kaspersky suggested in a May 2015 report that the current cybersecurity capabilities of the maritime industry make it ‘easy meat for cyber criminals’. Commercially, the maritime industry remains a critical component of national development, supporting state expansion, national economic growth, and international trade. The sector has steadily modernized alongside the emergence of new technologies. Now we are seeing larger commercial vessels (i.e. Quantum of the Seas) and more advanced warships (i.e. USS Zumwalt DDG 1000) cruising into the great blue. Nowadays, all maritime platforms critically depend on functional navigational systems to ensure their maneuvers are both safe and legal. However, just how safe are maritime navigational systems to cyberattacks?

Automated Identification Systems

Historically with maritime navigation, mankind has utilized instruments like the sextants and naval chars to calculate distances between two objects/points. This depended critically on the navigational abilities of the naval officer and is still taught today to midshipmen – naval officer cadets. However, these navigational elements have been progressively replaced by electronic platforms such as Radar (Radio Detection and Ranging) and space-based systems (i.e. GPS; GLONASS).

All categorical platforms utilize the Automated Identification System (AIS) to coordinate all maritime maneuvers and other operations dependent on navigational data. On a technical level, the AIS is a broadcast system that acts like a transponder (on the VHF Maritime Band) that is able to handle large amounts of data through a Self-Organizing Time Division Multiple Access (SOTDMA) technology to meet the demands of larger vessels and busy ports.[1] Modern AIS operates on High-Level Data Link Control that utilizes bit-orientated synchronous data-link layer protocols from different modulation techniques of ‘AM, FM, Phase-Modulation, QAM, Trellis-Code’.[2]

Within naval domains, there are other popular systems such as the Maritime Safety and Security Information System (MSSIS), a non-classified data-sharing system for the exchange of maritime information and currently used by over 75 nations. However, the AIS is still the mainstream data resource available to everyone ‘carrying an AIS transponder and is within range to receive the AIS signal’.

You have been PWNED

In 2014, senior threat researchers Marco Balduzzi and Kyle Wilhoit from the cybersecurity company TrendMicro built their own AIS transponder, connected to a laptop and subsequently manipulated various components within the intercepted AIS data.[3] Through manipulating the intercepted AIS data-stream, they were able to fool critical safety mechanisms (i.e. collision detection) and alter digital identifiers on online/internet AIS databases. Perhaps more terrifying, the researchers were able to effectively intercept, access and manipulate the navigational data and (albeit jokingly) generated a ‘fictional [but] generic ship spelling “PWNED” in the Mediterranean Sea’.[4]

While their tomfoolery of writing ‘PWNED’ in the middle of the Mediterranean may be amusing to some, there are significantly greater and more catastrophic ramifications associated with a compromised navigational system that could lead to loss of life – or even war.

TrendMicro Researches manipulated AIS data and created a fictional vessel was created to spell ‘PWNED’, a computer nomenclature to indicate an adversary has been beaten.
TrendMicro Researches manipulated AIS data and created a fictional vessel was created to spell ‘PWNED’, a computer nomenclature to indicate an adversary has been beaten.

Let us contextualize TrendMicro’s discoveries through this internet-based AIS manipulation.

First, the researchers revealed that accurate locations (and even the existence) of vessels can be falsified. To a malicious actor (i.e. a maritime smuggler or pirate), malicious actors could disguise their vessels with this digital camouflage to evade authorities or ambush unsuspecting targets. The amount of information embedded within AIS data (vessel classification, size, type, movement characteristics and location) provides malicious actors more or less all the intelligence required for an effective kinetic attack.

Second, the researchers also managed to manipulate systems that critically depend on accurate AIS data. A tampered or comprised collision warning system could have costly ramifications and cause significant loss of lives if triggered on a large vessel (i.e. Luxury Cruise Liners). In addition, shore-based platforms also depend on AIS data to manage maritime safety through a AIS compatible Global Maritime Distress and Safety System (GMDSS). If a vessel’s AIS transponder has been masked or spoofed by attackers, the exploitation could be used as a distraction. Easily deployed for follow-on attacks or stretching the search and respond resources of authorities.

Third, is how would the attackers get in? While not all attackers are going to build and use their own AIS transponder, this does not limit their possible attack vectors. They (malicious actors) could easily use various cyber espionage tactics (i.e. JavaScript Injection) to infect staff networks to monitor or manipulate computer activity. Once in the system, attackers could hijack the transponder of their targeted vessel as a proxy.

However, all attack vectors target the most recognised vulnerability within the entire cybersecurity sector, the human element.

What Now?

At the 2016 IP Expo Europe, Eugene Kaspersky (CEO of Kaspersky) and Rik Ferguson (Head of Global Research at TrendMicro) both highlighted two key points at a panel discussion. Kaspersky, a giant within the industry has stated our increasing need to ensure the cybersecurity of our command and control networks within National Critical Infrastructures (NCI); a point he has been preaching long before his engagement with StuxNet in the early 2000s. In addition, Ferguson highlighted that a pan-industry (and sector) need to return to basics; that despite their sophistication, most attacks are fundamentally targeting and exploiting basic security flaws within our systems. The lack of cybersecurity awareness of employees, limited penetration testing, and weak information security systems is what ultimately undermines even the most sophisticated of cybersecurity developments.

The maritime industry is essentially a collection of multiple co-dependent and densely interlinked programmable computer networks. As more of these services join the internet community for reasons of convenience and accessibility, it significantly increases their exposure to malicious actors. As Kaspersky mentioned, we need to pay more attention as to how secure our command and control are. These systems are the foundational building blocks that ensure our industries and services operates smoothly, safely and most importantly, securely. To ships traveling on the high-seas, navigational systems are essential to prevent tragedies and ship detentions that could have dire consequences on the commercial maritime sector.

About the Author:

Cheng is a graduate from the MA Intelligence and International Security program at King’s College London, his Master’s thesis examined the characteristics and trends defining China’s emerging cybersecurity and cyberwarfare capabilities. He was a finalist at the 2016 Cyber 9/12 Student Challenge in Geneva, contributed to other security journals such as IHSJane’s Intelligence Review and was a Former Managing Editor (Blog) at Strife.

Notes:

[1] For a more detailed analysis of the SOTDMA, see: Gaugel, T. & Hartenstein, H., ‘In-Depth Analysis and Evaluation of Self-Organizing TDMA’, IEEE Vehicular Conference, (2013), [Online], Available from: https://pdfs.semanticscholar.org/c927/b0ad1cf0b02a0e2ef259cec938d4e3552702.pdf (Accessed October 1 2016).

[2] Slide 5, Vienna University of Technology, https://www.ict.tuwien.ac.at/lva/384.081/infobase/L03-HDLC_v4-4.pdf, (Accessed October 12 2016)

[3] Access Balduzzi’s presentation slide deck from the Blackhat conference Asia (2014) for more information: https://www.blackhat.com/docs/asia-14/materials/Balduzzi/Asia-14-Balduzzi-AIS-Exposed-Understanding-Vulnerabilities-And-Attacks.pdf

[4] Balduzzi, M., Wilhoit, K., ‘Vulnerabilities discovered in Global Vessel Tracking Systems’, Trend Micro [Online], (15 Oct 2013).

Image 1 source: http://www.marinetraffic.com/en/ais/home/centerx:-0/centery:51/zoom:8

Image 2 source: http://go.portvision.com/hs-fs/hub/240131/file-354089208-jpg/images/pwned-ais-hacking-resized-600.jpg 

Cybersecurity in Practice (Part II): Cybersecurity of Unmanned Autonomous Vehicles

by

By: Arthur Laudrain

Thales' Stratobus - autonomous stratospheric platform between a drone and a satellite
Thales’ Stratobus – autonomous stratospheric platform between a drone and a satellite

The resilience of aerial and space platforms are not the first issue that oomes to mind when cybersecurity is generally discussed. Yet, they increasingly constitute the backbone of our societies, both in the civilian and military worlds.[1] We will address two categories of aerospace platforms: unmanned or otherwise increasingly autonomous vehicles,[2] and geosynchronous objects, such as satellites.

Satellites: a too-often forgotten critical infrastructure

If satellites are not significant components within our mass-communications infrastructure,[3] they are crucial when it comes to meteorology, GPS navigation, high-resolution mapping or outer space surveillance. Satellites are also important for military-specific purposes such as the dissemination of encrypted command and control or espionage. They are, as a consequence, high-value targets through the eyes of cyber-attackers.

If a vulnerability was to be discovered on a geosynchronous object,  it is both technically difficult and expensive to fix or upgrade the hardware. In other words, they are rarely future-proof, especially when it comes to cybersecurity.[4] Thus, the resilience of satellite systems during cyber-attacks is highly dependent on their security by design. This explains why the old GPS satellite constellation of the United States is much less secure than its recent European counterpart Galileo.[5]

Fixing the satellite’s software is significantly easier, since it can potentially be achieved through remote firmware and software updates. However, enabling such a feature raises the challenge of controlling remote access to the core of the system.[6]

The case of military drones and increasingly autonomous weapon systems

Contrary to civilian technologies, one could think that military assets are designed first with security in mind. Yet, cases of either military drones or their supporting infrastructures being hacked are numerous.[7]

For both remotely piloted and autonomous vehicles or missiles, the risks related to cyber threats can be classified as disruption of the system’s availability, compromised confidentiality of sensitive data, and attack on the physical integrity of the system.

Basically, attacks can take on different forms depending on the purpose in which they seek to achieve. Those on availability will attempt to jam or otherwise disrupt communications or control of the vehicle. Attackers seeking to breach the confidentiality of the system will look for vulnerabilities that would allow them to steal or manipulate the data exchanged or stored on the platform. Attacks on the physical integrity of the vehicle usually involve hijacking attempts, which involves actually taking control of its navigation commands. This could be for the purpose of using it as a weapon, or stealing the vehicle for retro-engineering, as it was done by the Iranians when they allegedly jammed the navigation system of a United States RQ-170 drone on December 4th, 2011.[8]

Finally, the internal system of drones can also be targeted with the aim of using the vehicle as a proxy to gain access to its supporting communication ecosystem. Once the attackers gain access,  they can continue their attack by using a remote malware injection to further disrupt or compromise ground command and control stations. Perhaps this was what happened at the Creech Air Force Base in Nevada in 2011, when their ground command and control computers were infected by a persistent key-logger which may have compromised classified information.[9]

Emerging technologies and platforms

Mirroring the diversity and ingenuity of the threats faced, security answers will increasingly be a mix of hardware and software solutions, designed from their inception to work together. Among them, three stand out: ground-breaking encryption technology, new C4-ISR (Communication, Command, Control, Computer for Intelligence, Surveillance and Reconnaissance) platforms, and artificial intelligence.

Firstly, we are witnessing the rise of new game-changing technologies in the field of encryption and secure communications. One of them, the quantum satellite, is becoming a reality after decades of research. In a few words, it consists of two special onboard lasers that share the quantum property of entanglement, which makes the satellite and the communication flow it handles eavesdrop-proof.[10] The first of its kind, Micius, was launched by China in August 2016.[11] Another example is block-chain technology, which brings the promise of unspoofable virtual signatures and identities, among many other things.

Second, new C4-ISR vehicles are currently in development, namely pseudolites. They are aerial or space platforms with a limited lifeespan ranging from a few days up to five years, and they are aimed at complementing drones and satellites in tasks such as intelligence gathering and dissemination. They can take the forms of large high-altitude solar drones or space zeppelins and are referred as Very High Altitude Long Endurance (VHALE) vehicles.[12] The rise of their development, especially in the US (VULTURE programme) and the EU (Thales’ Stratobus), reflects the need among the armed forces to obtain more persistent yet versatile ISR platforms. Their advantage lies not only in terms of pure technological or tactical superiority. Cybersecurity wise, they can be easily and rapidly fixed or upgraded with new hardware.

Third, the progress of artificial intelligence and deeplearning techniques continues to empower traditional cybersecurity solutions. The cyber-aware sentinel is a combined software-hardware solution deployed both onboard the vehicle and the ground station dedicated to the detection of and protection against cyber-attacks. It is able, amongst other things, to analyse the consistency and integrity of data and navigation orders and to detect unusual or illogical behaviours.[13]

Regardless of the platform or operational sector, cybersecurity is as much a matter of policy and organisational management than it is a technical issue.

2LT(R) Arthur Laudrain graduated from the University of Montreal, CA, with a BSc in international studies in 2015, after attending the Graduate School of International Studies (GSIS) at Seoul National University, ROK, in 2014. In 2014, he volunteered with the United Nations. He is currently at the end of his curriculum as an MA candidate in International Peace and Security at the Department of War Studies, King’s College London in UK.

Notes:

[1]Rosenzweig (2016), Lawfare

[2]Which includes manely UAVs, but also munition-based platforms such as ballistic missiles.

[3]Valerie C. Coffey (2014), « Sea Change: The Challenges Facing Submarine Optical Communications », Optics & Photonics News, p.31.

[4]David Livingstone and Patricia Lewis (2016), “Space, the Final Frontier for Cybersecurity ?”, Chatham House Research paper.

[5]Ibid.

[6]UK HM Governement (2014), “National Space Security Policy”, UKSA/13/1292, p.2.

[7] http://smallwarsjournal.com/blog/the-‘palestinian-idol’-that-hacked-into-israel’s-drones

[8]Greg Jaffe and Thomas Erdbrink (2011), « Iran says it downed U.S. stealth drone; Pentagon acknowledges aircraft downing », The Washington Post

[9]Unless it came from a simple USB stick, which would be a bit embarassing to admit for USAF. See Brian Prince (2011), “Mysterious Keylogger Infects U.S. UAV Fleet”. Security Week.

[10]Robert Young (2016), « China’s quantum satellite could make data breaches a thing of the past ». Phys.org.

[11]Unclassified briefing by an analyst of the NVAD, the Netherlands’ security services, at Rotterdam, in August 2016.

[12]Joseph Henrotin (2016).

[13]Barry M. Horowitz and D. Scott Lucero (2016), « System-Aware Cyber Security: A Systems Engineering Approach for Enhancing Cyber Security », Insight Journal, Vol. 19, Iss. 2. p.39-42.

Image Credit: Thales Alenia Space – Photo presented by Jean-Philippe Chessel during a conference talk on 2016-03-01 available at https://commons.wikimedia.org/wiki/File:Stratobus_artiste.jpg

Cybersecurity In Practice (Part I): Software Power

by

By Marcelo A. O. Malagutti[1]

Software increases its importance on a daily basis. Could it come to affect the balance of power among nations?
Software increases its importance on a daily basis. Could it come to affect the balance of power among nations?

‘Might an army of software wizards use insidious electronic means to dislocate the support systems of modern societies, such as transport, banking, and public health?’

This question, posed by Sir Lawrence Freedman,[2] brings together the two elements of cyber-power: software (whose wizards would use, or command, insidious electronic means) or hardware (physical creations built to achieve their goals).

In an industrial era society, there is a clear perception of the materiality of stuff. The same is clearly perceived in industrial-era warfare: planes, tanks, missiles, battalions. This is what we perceive and thus value, as power. Regarding cyber, this is easily represented as hardware power.

However, a much harder element to perceive is the importance of knowledge, the fuel of the post-industrial era. It is immaterial: no shape, no color, no weight, no smell. It cannot be touched. In cyber terms, this is known as software.[3],[4]

The term cyber-power has been defined in many different ways, having become ‘part of a terminological lineage that includes “airpower” and “seapower” to describe the operations of national-principally military-coercive power in particular environmental domains’.[5] To avoid this broad (un)definition, and to emphasize the increasing importance of software in comparison with hardware, the term Software Power should designate:

Software tools used on behalf of a state to exploit, deny, degrade, disrupt, destroy or defend computer networks, its connected devices, and information systems or data resident on them.

In practical terms, software defensive and offensive capabilities related to coercive operations originated by states.

This definition congregates all three subsets of Computer Network Operations (CNO): Computer Network Exploitation (CNE), Computer Network Attack (CNA), and Computer Network Defence (CND).[6] It also extends them to include connected devices, and not only the computer networks, and the systems and data resident in the targeted networks. Finally, it specifies state sponsored software use, incorporating and extending Libicki’s definition of cyber attack as ‘the deliberate disruption or corruption by one state of a system of interest to another state’.[7]

Limiting the scope of cyber power, war or warfare, it excludes PsyOps (psychological operations) or propaganda through Social Media Networks (i.e. Twitter or Facebook) as occurred during the Arab Spring. It also avoids futile discussion about cyber having shadowing areas related to electronic warfare. Thus, exploiting a network breach by means of software, and hijacking an unmanned aerial vehicle (or drone) is a software power operation, while using radio signals to interfere with the drone’s communication and control capabilities is not. It also excludes non-military ends (even if politically intended), as the Distributed Denial of Service (DDoS) often reported as having occurred in Estonia in 2007 and Georgia in 2008.

However, this does not mean to say that hardware power is irrelevant.

Which country possesses the world’s fastest computer matters as much to policymakers now as which country possessed the fastest or longest-range aircraft in the interwar period, and for the same reason. They are thought to be indicative of military potential as well as prestige.[8]

The unit for measuring the processing power of supercomputers is named PFLOPS (PetaFLOPS), meaning 1015 Floating-point Operations Per Second. In November 2015, the top 500 list of largest supercomputers was led by the following supercomputers:[9]

Table 1: List of large supercomputers

Ranking Country Computer Power (PLOPS)
1 China Tianhe-2 (MilkyWay-2) 33.9
2 U.S. Titan 17.6
3 U.S. Sequoia 17.2
4 Japan RIKEN 10.5

In the last update of the list, in June 2016, a new Chinese computer, the Sunway TaihuLight, figured in the first place, with 93.0 PFLOPS of processing power, almost three times faster than the also Chinese Tianhe-2 and five times faster than U.S. Titan.[10]

In addition to the huge processing power of TaihuLight, the Chinese have one more reason to be proud of: it is based on a Chinese designed and built 256-core processor.[11] While the Chinese might and should be proud of their dual achievement, the Americans also have theirs. That same June, the Americans announced the development of the first known kilo-core processor (1,024 cores).[12]

Superior processing capabilities are essential for tasks of military or economic importance, like cryptanalysis or the accurate simulation of chemical reactions at the molecular level. These capabilities are the promise of the research in the new quantum computers.[13],[14] Meanwhile, existing supercomputers have been used to achieve these and other security purposes, as in the recently announced new project for IBM’s Watson: fighting cybercrime.[15],[16]

Nevertheless, our emphasis in software has many objective reasons.

First, to date, all relevant cyber offenses relate to software capabilities more than hardware features. In general, cyber attacks consist of the transmission of software or data to an enemy network to exploit, or damaging the network itself or the systems or data in it.[17]

Second, as implicit in Sir Freedman’s question, it is software that controls hardware, be it at the application (or App) level, be it at the drivers that connect the devices to the operating systems or be it the firmware that runs on the circuit boards themselves. Additionally, although ‘hardware can be switched off or destroyed, deliberately or accidentally’, this requires physical (in loco) presence, while remotely ‘its software can be altered, allowing actions that were once precluded or vice versa’.[18]

Third, in the process of technical evolution, as electronics has replaced mechanics in a broad range of uses, in a similar way software is replacing hardware. Parallel computing algorithms implemented through software have made standard (or commodity) computers (networked in clusters) capable of processing massive amounts of data at unprecedented speed. The British signals intelligence agency Government Communications Headquarters (GCHQ), for instance, uses the open source software Hadoop platform inspired by Google’s MapReduce, for metadata analysis.[19] It has been designed to provide ‘distributed processing of large data sets across clusters of computers using simple programming models’.[20] ‘With hundreds of hard disks working simultaneously multiple gigabytes can be read per second. This allows the processing of the multi-terabyte datasets we intercept’.[21] In 2008, it’s American counterpart, the National Security Agency (NSA), developed Accumulo, also based on Google’s technology.[22],[23] And then, in 2011, has made it open source also.[24]

While the above platforms are capable of dealing with large amounts of data concerning simple processing operation needs, experiences like that of the SETI@home (Search for Extraterrestrial Intelligence at Home), run by Berkeley University, have produced the Berkeley Open Infrastructure for Network Computing (BOINC) platform for volunteer grid computing. This platform has created a virtual supercomputer from thousands of interconnected computers worldwide, with an average of 11.2 PFLOPS.[25] Thus, the computing power provided by BOINC is larger than that of the world’s sixth supercomputer.

Lastly, the development of hardware capabilities has a high entry barrier, due not only to the cost of designing components but also to that of the production plants, and given that its market is very limited. Importing supercomputers is also a difficult task since hardware may fall under arms control restrictions of its exporters. Brazil, for instance, has always found difficult importing computers and other sensitive materials, and even buying computers made in Brazil by U.S. companies.[26] The largest supercomputer in Brazil is ranked 200th on the list, with only 0.2 PFLOPS of processing power, being U.S. made.[27] Besides, restrictions on acquisitions apply not only to complete computers but also to their components. The Chinese Tianhe-2 uses U.S.-produced processors. Due to alleged use of the computer for nuclear tests, U.S. agencies have restricted the exportation of those processors to China.[28] The Chinese answer, clearly planned ahead, was to only use Chinese processors in the construction of TaihuLight.

Not less relevant is the fact that, in the creative economy of the Third Wave, software becomes an increasingly important part of both scientific, technological, economic, and military expressions of national power.[29]

Marcelo, an MA candidate in War Studies at King’s College London (KCL), possesses a BSc in Scientific Computing from Universidade de Brasília (UnB); an MBA in Corporate Strategies from Fundação Getúlio Vargas (FGV); and a Specialization in High Studies, Policies and Strategies from the Brazilian War College (ESG). He is also the founder and shareholder of Fóton Informática S.A., a Brazilian software company specializing in Banking Automation.

Notes:

[1] BSc in Scientific Computing by Universidade de Brasília (UnB); MBA in Corporate Strategies by Fundação Getúlio Vargas (FGV); Specialization in High Studies, Policies and Strategies by Brazilian War College (ESG); Founder and shareholder of Fóton Informática S.A., a Brazilian software company specialized in Banking Automation; MA candidate in War Studies at King’s College London (KCL).

[2] Freedman, Lawrence. 2015. Strategy: A History. United States: Oxford University Press, p. 228

[3] Toffler, Alvin. 1980. The Third Wave. New York: William Morrow & Company.

[4] Toffler, Alvin, and Heidi Toffler. 2006. Revolutionary Wealth: [how It Will Be Created and How It Will Change Our Lives]. New York: Alfred A. Knopf.

[5] Betz, David, and Timothy Stevens. 2011. Cyberspace and the State: Towards a Strategy for Cyberpower. London, U.K: Routledge for the International Institute for Strategic Studies (IISS), p. 43

[6] European Parliament. 2011. Study Cybersecurity and Cyberpower: Concepts, Conditions and Capabilities for Cooperation for Action Within the EU. Brussels: Directorate-General for External Policies of the Union. http://www.europarl.europa.eu/RegData/etudes/etudes/join/2011/433828/EXPO-SEDE_ET%282011%29433828_EN.pdf, p. 7

[7] Libicki, Martin. 2009. Cyberdeterrence and Cyberwar. Santa Monica, CA: Rand Corp., p. 23

[8] Betz and Stevens (2011), p. 86

[9] TOP500.org. 2015. “TOP500 Supercomputer Sites.” TOP500 Supercomputer Sites. November 17. http://www.top500.org/lists/2015/11/.

[10] TOP500.org. 2016. “TOP500 Supercomputer Sites.” TOP500 Supercomputer Sites. June 20. https://www.top500.org/lists/2016/06/.

[11] Fu, Haohuan, Junfeng Liao, Jinzhe Yang, Lanning Wang, Zhenya Song, Xiaomeng Huang, Chao Yang, et al. 2016. “The Sunway TaihuLight Supercomputer: System and Applications.” Science China Information Sciences 59 (June). Springer Nature. doi:10.1007/s11432-016-5588-7.

[12] UC Davis. 2016. “World’s First 1, 000-Processor Chip.” UC Davis. UC Davis. June 24. https://www.ucdavis.edu/news/worlds-first-1000-processor-chip.

[13] The Economist. 2016. “After Moore’s Law.” The Economist, March 12.

[14] MIT. 2015. “IBM Shows off a Quantum Computing Chip.” MIT Technology Review. April 30. https://www.technologyreview.com/s/537041/ibm-shows-off-a-quantum-computing-chip/.

[15] http://www.ibm.com/watson/what-is-watson.html

[16] Barrett, Brian. 2016. “IBM’s Watson Has a New Project: Fighting Cybercrime.” Security. WIRED. May 10. https://www.wired.com/2016/05/ibm-watson-cybercrime/.

[17] Lukasik, Stephen J. 2010. “A Framework for Thinking About Cyber Conflict and Cyber Deterrence with Possible Declaratory Policies for These Domains.” In Proceedings of a Workshop on Deterring Cyberattacks, edited by National Research Council (U.S.). Committee on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, 99–121. Washington, D.C: National Academies Press. http://www.nap.edu/openbook.php?record_id=12997&page=99.

[18] Betz, David, and Timothy Stevens. 2013. “Analogical Reasoning and Cyber Security.” Security Dialogue 44 (2): 147–64.

[19] Dean, Jeffrey, and Sanjay Ghemawat. 2004. “MapReduce: Simplified Data Processing on Large Clusters.” In OSDI’04: Sixth Symposium on Operating System Design and Implementation. San Francisco: 137-149.

[20] http://hadoop.apache.org

[21] GCHQ. 2011. HIMR Data Mining Research Problem Book. GCHQ. https://fveydocs.org/document/hmr-data-mining/, p. 60

[22] Metz, Cade. 2012. “NSA Mimics Google, Pisses off Senate.” Business. WIRED. July 17. http://www.wired.com/2012/07/nsa-accumulo-google-bigtable/.

[23] Harris, Shane. 2014. @War: The Rise of the Military-Internet Complex. United States: Eamon Dolan/Houghton Mifflin Harcourt., p. 36

[24] http://accumulo.apache.org/

[25] http://boinc.berkeley.edu/. On 04 June 2016 it indicated 421,945 volunteers with 901,422 computers, providing a 24-hour average of 11.174 PFLOPS.

[26] Angelo, Cláudio. 2007. “‘Eixo Do Mal’ Científico: Ministério Pede Explicações à Dell Sobre Exigências a Físicos – 14/09/2007.” Folha de São Paulo. September 2. http://www1.folha.uol.com.br/fsp/ciencia/fe1409200703.htm.

[27] TOP500.org (2015)

[28] Clark, Don. 2015. “U.S. Agencies Block Technology Exports for Supercomputer in China.” The Wall Street Journal, April 9. http://www.wsj.com/articles/u-s-agencies-block-technology-exports-for-supercomputer-in-china-1428561987.

[29] Toffler (1980)

Image credit: https://lionandpanda.com/rubyhaus-scott-salyer-a-k-a-slayer/

Cybersecurity in Practice (Introduction): Outside the Mainstream

by

By: Cheng Lai Ki

‘In theory, theory and practice are the same. In practice, they are not.’ – Anonymous (not the hacktivist group)
‘In theory, theory and practice are the same. In practice, they are not.’
– Anonymous (not the hacktivist group)

Over the last century, human experiences have progressively benefited from continuously advancing information technology (IT) systems. Within civilian domains, advanced IT services have facilitated the globalized sharing of commercial and financial information critical to the prosperity of private conglomerates. Within governmental domains, IT enabled technologies have supported the distribution and transference of essential diplomatic intelligence critical in the function of national security and international relationships. Collectively, the nexus of civilian and governmental IT systems forms a new spatial environment known as ‘cyberspace’.[1] Like other dimensions of Land, Sea, Air, and Space; cyberspace has progressively been recognized as a new domain of warfare, conflict and thus securitization.[2]

As global commercial and military dependencies on advanced IT systems increase, humankind has witnessed the rise of several new high-function sensory and reconnaissance platforms (i.e. Unmanned Aerial Vehicles) that are critically dependent effective IT systems interacting with geosynchronous space-based platforms (i.e. Satellites). As such, cybersecurity has become the centrepiece of security sector discussions within both commercial and state domains. Nations and non-state actors are accumulating cyberspace enabled tactics and strategies for offensive and defensive operations.  Guided by these broad considerations, most contemporary literature regarding cybersecurity often focus on the technical elements of computer network exploitations (CNEs), the implications for national level topics (i.e. Political Security; Economic Stability) and technical advisories.[3]

While it is important to understand the technical and national security implications, it is also equally important to understand the vulnerabilities and security implications in more specified sectors, such as maritime security as well. These areas remain relatively under-researched and receive minimal media coverage. This four-part series attempts to illuminate and provide insight into these areas within the cybersecurity studies by drawing upon the knowledge of practitioners and academics from cybersecurity and military sectors. This Strife Series analyses these topics from a practitioner’s perspective. What does the cyber landscape mean to them – does it differ from security-scholars? What concerns and issues are faced by practitioners from the various (i.e. commercial; security) sectors? The objective of this article is to illuminate the reality of cybersecurity considerations beyond the theoretical and provide readers with an insight into its practice.

First in the series is Marcelo Malagutti who is the founder and former Projects Director from Fóton Informática, a Brazilian software company specializing in banking automation. Marcelo will kick off the series by presenting ‘software power’ as a complement and alternative to the processing power of supercomputers. Utilizing various practical examples, Marcelo illuminates the software-hardware relationship and the vitality of effective software platforms running on clusters of ‘commodity hardware’ in processing large amounts of information.

Secondly, we have Arthur Laudrain from the French Military who will be exploring cyber-related vulnerabilities of unmanned remote-control and autonomous platforms. The article explores the cybersecurity vulnerabilities of drones and other aerospace platforms. He specifically relates his discoveries to C4ISR (Command, Control, Communication, Cyber for Intelligence, Surveillance and Reconnaissance) platforms and the ever evolving landscape of cyber-augmented platforms utilized by intelligence and military organizations.

The third author in the series is Cheng Lai Ki who will be examining the cybersecurity vulnerabilities of maritime platforms, ranging from seafaring vessels (i.e. Naval Frigates; Cargo Freighters) to oceanic installations (i.e. Oil Rigs). The globalized maritime sector is critical to state expansion, global economies, and national naval capabilities.[4] Here, he specifically explores how navigational systems could be exploited by attackers and the ramifications for maritime operations.

The fourth article is written by Nicolas Castellon, a cybersecurity specialist with the CGI Group who will be discussing the importance of understanding and developing a comprehensive crisis-management infrastructure for cyber incidents. As commercial and national infrastructures are progressively brought online, we need to cultivate effective and rapidly deployable teams for scenarios where entire computerised systems are compromised. As a practitioner himself, Nicolas’ article provides an incredible insight into the operational sides of cybersecurity within the commercial world today.

The fifth article, also contributed by Cheng Lai Ki, concludes the series by examining and outlining the current cybersecurity landscape within professional sectors. In this final article, he aims to firstly addresses emerging threats that are simultaneously affecting the government, commercial and civilian sectors. Subsequently, he will reveal emerging security development trends currently being developed by various companies within the cybersecurity sector utilizinging information gathered from his experiences at the IP Expo Europe 2016[5].

According to Jason Healey, the future of cyberspace ‘is a jump ball, undecided, and it may be more sensitive to state-sponsored technological disruptions than many governments currently understand’.[6] Equipped with new cyber-enabled tools, criminals, militaries and grand-spymasters are potentially able to exploit computer network vulnerabilities in an unrestrained fashion. This could lead to systematic disruptions within critical national infrastructures or obstruct kinetic operations that could have disastrous implications on our physical security. Therein lies the importance to understand practical aspects of cybersecurity outside the general technical and generalized cybersecurity narratives.

 

About the Author:

Cheng is a graduate from the MA Intelligence and International Security program at King’s College London, his Master’s thesis examined the characteristics and trends defining China’s emerging cybersecurity and cyberwarfare capabilities. He was a finalist at the 2016 Cyber 9/12 Student Challenge in Geneva, contributed to other security journals such as IHSJane’s Intelligence Review and was a Former Managing Editor (Blog) at Strife.

Notes:

[1] Byrant, R. ‘What kind of space is Cyberspace’, MinervaAn Internet Journal of Philisophy, 5, (2001); 138 – 155.

[2] Even, S. & Siman-Tov, D. Cyber Warfare: Concepts and Strategic Trends, (Tel Aviv: Institute for National Security Studies), May 2012.

[3] Anderson, R. J. Security Engineering: A Guide to Building Dependable Distributed Systems, (2nd Eds.), (Indianapolis, IN: Wiley), 2008.

[4] Dutta, S. ‘Securing the Sea Frontier: China’s Pursuit of Sovereignty Claims in the South China Sea’, Strategic Analysis, 29(2), 2015 pp. 269 – 294.

[5] The IP Expo Europe 2016 was an event held in at the London Expo Centre near Greenwich (LDN) that featured multiple tech companies within the areas of Cybersecurity, DevOps and InfoSec. Although fundamentally a sales environment, the event hosted several discussions and keynote speeches by experts within the sector and thus providing valuable insight into the workings of the cybersecurity industry today.

[6] Healey, J. A Fierce Domain: Conflict in Cyberspace, 1986 to 2012, (Vienna:VA, Cyber Conflict Studies Association), 2013; ISNB-10: 0-9893274-0-X; pp. 11.

Image Credit: https://i.vimeocdn.com/video/540928465_1280x720.jpg (Accessed 28 October 2016)