Cyberwar, Cybersecurity and Critical Infrastructure Protection
Cyber War and Cyber Power: Issues for NATO Doctrine
NATO Defense College, Rome November 2010
The term 'cyber war is misleading. To draw an analogy from naval thinking, since the writings of Alfred Mahan sea power rather than naval war has been the preferred strategic frame of reference for the projection of state power on the oceans. Like 'naval war', cyber war conjures up legal, policy, military, and diplomatic considerations that inappropriately narrow the scope of relevant issues. Cyber space is better thought of as a new theatre for states to exercise cyber power and not just to conduct cyber war. The projection of cyber power with both offensive and defensive elements must be a component of national and NATO security doctrine for the future.
US International Policy for Cybersecurity: Five Issues That Won't Go Away
Journal of National Security Law and Policy, 2010
To date, international aspects have been among the least developed elements of U.S. policy for cybersecurity. This article aims to begin to fill in some of these blanks by exploring in depth five issues that demand special attention from the United States and its allies.
Insiders and Insider Threats: An Overview of Definitions and Mitigation Techniques
Jeffrey Hunker and Christian W. Probst
Journal of Wireless Mobile Networks, Ubiquitous Computing and Dependable Applications Vol. 2, No. 1 2011
Insider Threats in Cybersecurity
Edited by C. Probst, J. Hunker, D. Gollmann and M. Bishop
With an introductory essay by Christian Probst and Jeffrey Hunker
Insider Threats in Cyber Security is a cutting edge text presenting IT and non-IT facets of insider threats together. This volume brings together a critical mass of well-established worldwide researchers, and provides a unique multidisciplinary overview
Dagstuhl Seminar: Insider Threats: Strategies for Prevention, Mitigation, and Response
Dagstuhl, Germany 22-26 August 2010
Eds: M. Bishop, L. Coles-Kemp, D. Gollman, J. Hunker, C.W. Probst
Attribution for Cyber Attacks (and other purposes)
The Sisterhood of the Travelling Packets
Matt Bishop, Carrie Gates and Jeffrey Hunker
From a cyber-security perspective, attribution is considered to be the ability to determine the originating location for an attack. However, should such an attribution system be developed and deployed, it would provide attribution for all traffic, not just attack traffic. This has several implications for both the senders and receivers of traffic, as well as the intervening organizations, Internet service providers and nation-states. In this paper we examine the requirements for an attribution system, identifying all of the actors, their potential interests, and the resulting policies they might therefore have. We provide a general framework that represents the attribution problem, and outline the technical and policy requirements for a solution. We discuss the inevitable policy conflicts due to the social, legal and cultural issues that would surround such a system.
Copyright Notice :© ACM, 2009. This is the author’s version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in Proceedings of the 2009 Workshop on New Security Paradigms, Sep. 2009, and is available at http://doi.acm.org/10.1145/1595676.1595678.
Workshop on Governace of Technology, Information and Policy (GTIP)
Can Technology Solve Governance?
Keynote presentation at the Workshop on Governace of Technology, Information and Policy (GTIP), Austin, Texas December 2010.
2nd International Symposium on Global Internet Governance
Prague, Czech Republic September 2009
Think your computer is safe? Think again
reviewed by jeffrey hunker
From Saturday's Globe and Mail
Published Friday, Nov. 04, 2011
Worm: The First Digital World War. By Mark Bowden. Atlantic Monthly Press, 245 pages, $27.50
DarkMarket: Cyberthieves, Cybercops and You. By Misha Glenny. House of Anansi, 296 pages, $29.95
With an almost metronomic regularity, events occur demonstrating that our gleaming cyber-world may not be as safe as we would like. Consider headlines in the past month: “stolen credentials were used to eavesdrop on the Gmail accounts of 300,000 people,” or, “Chinese military suspected in hacker attacks on U.S. satellites.” And so on.
Now, two insightful and entertaining books – Dark Market: Cyberthieves, Cybercops, and You, by Misha Glenny, and Worm: The First Digital World War, by Mark Bowden – detail critical but different episodes in the recent history of growing cyber-insecurity. Both are written by accomplished authors. Both are highly readable, based on interviews with participants and, while providing clear discussions of the relevant technology, focus on the actions and personalities of the actors: criminals and the computer scientists, engineers and law enforcement trying to stop them.
In this way, both differ from almost all other recent books on cyber-threats (including that of this reviewer). They are a welcome addition to the body of publications on cyber-security for anyone desiring to know more than generalities about why effective computer security remains so elusive. But in the fast-evolving world of cyber-security, keep in mind that both books are histories; they do not capture what is going on now. What they do capture is the sense of the people involved, both good and bad, while providing understandable discussions of the underlying technologies.
Dark Market is British writer Glennie’s history of how cyber-crime went from being the domain of lone-wolf hackers to becoming a highly organized criminal underworld – a multinational transmogrification that was started in 2000 in Ukraine by a small group of visionary criminals, and continues to this day, although most of the story told here ends in 2008. The cyber-underworld today is a potent economic force, and may, many experts think, evolve in tandem with terrorism. Dark Market examines its origins.
In many ways, Dark Market is as much about criminal psychology as about cyber-security, and should be read as such. The eponymous Dark Market was for much of the past decade an invitation-only Web-based marketplace for assisting in the theft of and subsequent monetization of stolen credit cards. It organizers were an amazingly diverse and largely virtual group of hackers with monikers like Cha0, Freddybb, and Matrix001. Agent Keith Mularski (American) and Inspector Bilal Sen (Turkish) are key players in the police pursuit, but the chase involves Canadian, British, German and French law enforcement. “The Law” here is presented not in administrative generalities but as individuals with their own strengths and foibles.
In relating this history, Dark Market makes any number of insightful diagnoses, as in the personal competitions between hackers, or the reasons why law-enforcement agencies have such difficulty working together. There are many entertaining stories – for instance, that the lack of co-operation between the U.S. Secret Service and the Federal Bureau of Investigation in their international investigations was such that eventually someone in the British government had to call the White House to complain.
While Dark Market is about the decades-long history of cyber-criminals building new organizations, with law enforcement largely trying to catch up, Worm is a history of one critical episode in the cyber-security arms race. The Conflicker Worm emerged in November, 2008, and from the beginning was a leap in computer threats, very efficiently and automatically taking over control of large numbers of vulnerable computers on the Internet.
Such “botnets” give control to someone – who knows who? – perhaps many continents away. Such was Conflicker’s speed and sophistication that it threatened to crash the Internet by the very volume of messages it generated. But who designed Conflicker, and why? And how to stop it? These were the issues that a small group of very nerdish good guys sought to answer. Worm is their story. It gives away nothing from the book to say that at the end they had only partial success in dealing with a threat that to this day remains an enigma.
The story told by distinguished U.S. journalist Mark Bowden (Black Hawk Down) does not have the breadth and scope of Dark Market. We don't know, and possibly never will, who created Conflicker, or even why it was built. Consequently, we see only one side of the story. Worm is told from the perspective of a very small number of self-styled American geeks coming together in a haphazard way to stop a threat to the networks they cared about.
But Worm is not a sanitized history; these men eventually fought bitterly among themselves, some even possibly betraying the effort. By documenting the group in part through their e-mails, Worm presents a vivid blow-by-blow account. Based on my personal experience (while at the White House, I spent several weeks in January, 2000, involved in a much smaller-scale equivalent to what Bowden describes), the narrative has the ring of truth.
In relating what really happens in fighting computer threats, Worm also discusses, in an understandable but complete way, the underlying technology. And, like Dark Market, it is filled with insights. For instance, an underlying theme throughout is why “the Glaze” – the look non-techies give when any computer subject comes up – is so omnipresent yet so harmful to real progress in computer security.
I did note some errors and distortions. The title is misleading; Conflicker does not represent the first digital world war. The Commerce Department is not responsible for U.S. government computer security. And I know some of the federal officials described, and they are not quite as feckless and bumbling as presented.
Which points to a more serious limitation of both books. Any narrative based even partly on individual recollections of events years in the past runs the risk of a slanted perspective, despite the best intentions of the author.
Note too that cyber-security is made up of a fast-moving and multifaceted set of issues. The last pages of Dark Market caution that a criminal organization such as the one described is already today an anachronism; the criminal world moves as quickly as any Silicon Valley firm. I suspect the same is true of the threat described in Worm.
Still, both these books are worth reading and vastly entertaining. Cyber-insecurity is a growing threat, and deserves a far more informed public than the issue has had yet.
Jeffrey Hunker is the author of Creeping Failure: How We Broke the Internet and What We Can Do to Fix It. He was a senior director at the White House National Security Council in the Clinton administration, responsible for national cyber security policy. He currently does research, consults and writes on issues of cyber and national security. He lives in Pittsburgh, Pa., and likes the Steelers.
Trouble in Cybercity: What Canada Can Do
The Globe and Mail
Tuesday 4 January 2011
Canada as a country is well positioned to lead the world in network reforms, in institutional infrastructure and incentives to promote privacy and security on the Internet, and in launching a new alternative security/privacy network.
Our Brave New Cyber World: It's a Jungle Out There
Pittsburgh Post-Gazette June 7 2009
Cyber Targart USA?