Entries Tagged "defense"

Page 2 of 2

DARPA Contest for Fully Automated Network Defense

DARPA is looking for a fully automated network defense system:

What if computers had a “check engine” light that could indicate new, novel security problems? What if computers could go one step further and heal security problems before they happen?

To find out, the Defense Advanced Research Projects Agency (DARPA) intends to hold the Cyber Grand Challenge (CGC) — the first-ever tournament for fully automatic network defense systems. DARPA envisions teams creating automated systems that would compete against each other to evaluate software, test for vulnerabilities, generate security patches and apply them to protected computers on a network. To succeed, competitors must bridge the expert gap between security software and cutting-edge program analysis research. The winning team would receive a cash prize of $2 million.

Some news articles. Slashdot thread. Reddit thread.

Posted on October 24, 2013 at 8:45 AMView Comments

Protecting Against Leakers

Ever since Edward Snowden walked out of a National Security Agency facility in May with electronic copies of thousands of classified documents, the finger-pointing has concentrated on government’s security failures. Yet the debacle illustrates the challenge with trusting people in any organization.

The problem is easy to describe. Organizations require trusted people, but they don’t necessarily know whether those people are trustworthy. These individuals are essential, and can also betray organizations.

So how does an organization protect itself?

Securing trusted people requires three basic mechanisms (as I describe in my book Beyond Fear). The first is compartmentalization. Trust doesn’t have to be all or nothing; it makes sense to give relevant workers only the access, capabilities and information they need to accomplish their assigned tasks. In the military, even if they have the requisite clearance, people are only told what they “need to know.” The same policy occurs naturally in companies.

This isn’t simply a matter of always granting more senior employees a higher degree of trust. For example, only authorized armored-car delivery people can unlock automated teller machines and put money inside; even the bank president can’t do so. Think of an employee as operating within a sphere of trust — a set of assets and functions he or she has access to. Organizations act in their best interest by making that sphere as small as possible.

The idea is that if someone turns out to be untrustworthy, he or she can only do so much damage. This is where the NSA failed with Snowden. As a system administrator, he needed access to many of the agency’s computer systems — and he needed access to everything on those machines. This allowed him to make copies of documents he didn’t need to see.

The second mechanism for securing trust is defense in depth: Make sure a single person can’t compromise an entire system. NSA Director General Keith Alexander has said he is doing this inside the agency by instituting what is called two-person control: There will always be two people performing system-administration tasks on highly classified computers.

Defense in depth reduces the ability of a single person to betray the organization. If this system had been in place and Snowden’s superior had been notified every time he downloaded a file, Snowden would have been caught well before his flight to Hong Kong.

The final mechanism is to try to ensure that trusted people are, in fact, trustworthy. The NSA does this through its clearance process, which at high levels includes lie-detector tests (even though they don’t work) and background investigations. Many organizations perform reference and credit checks and drug tests when they hire new employees. Companies may refuse to hire people with criminal records or noncitizens; they might hire only those with a particular certification or membership in certain professional organizations. Some of these measures aren’t very effective — it’s pretty clear that personality profiling doesn’t tell you anything useful, for example — but the general idea is to verify, certify and test individuals to increase the chance they can be trusted.

These measures are expensive. It costs the U.S. government about $4,000 to qualify someone for top-secret clearance. Even in a corporation, background checks and screenings are expensive and add considerable time to the hiring process. Giving employees access to only the information they need can hamper them in an agile organization in which needs constantly change. Security audits are expensive, and two-person control is even more expensive: it can double personnel costs. We’re always making trade-offs between security and efficiency.

The best defense is to limit the number of trusted people needed within an organization. Alexander is doing this at the NSA — albeit too late — by trying to reduce the number of system administrators by 90 percent. This is just a tiny part of the problem; in the U.S. government, as many as 4 million people, including contractors, hold top-secret or higher security clearances. That’s far too many.

More surprising than Snowden’s ability to get away with taking the information he downloaded is that there haven’t been dozens more like him. His uniqueness — along with the few who have gone before him and how rare whistle-blowers are in general — is a testament to how well we normally do at building security around trusted people.

Here’s one last piece of advice, specifically about whistle-blowers. It’s much harder to keep secrets in a networked world, and whistle-blowing has become the civil disobedience of the information age. A public or private organization’s best defense against whistle-blowers is to refrain from doing things it doesn’t want to read about on the front page of the newspaper. This may come as a shock in a market-based system, in which morally dubious behavior is often rewarded as long as it’s legal and illegal activity is rewarded as long as you can get away with it.

No organization, whether it’s a bank entrusted with the privacy of its customer data, an organized-crime syndicate intent on ruling the world, or a government agency spying on its citizens, wants to have its secrets disclosed. In the information age, though, it may be impossible to avoid.

This essay previously appeared on Bloomberg.com.

EDITED TO ADD 8/22: A commenter on the Bloomberg site added another security measure: pay your people more. Better paid people are less likely to betray the organization that employs them. I should have added that, especially since I make that exact point in Liars and Outliers.

Posted on August 26, 2013 at 1:19 PMView Comments

Switzerland National Defense

Interesting blog post about this book about Switzerland’s national defense.

To make a long story short, McPhee describes two things: how Switzerland requires military service from every able-bodied male Swiss citizen — a model later emulated and expanded by Israel — and how the Swiss military has, in effect, wired the entire country to blow in the event of foreign invasion. To keep enemy armies out, bridges will be dynamited and, whenever possible, deliberately collapsed onto other roads and bridges below; hills have been weaponized to be activated as valley-sweeping artificial landslides; mountain tunnels will be sealed from within to act as nuclear-proof air raid shelters; and much more.

[…]

To interrupt the utility of bridges, tunnels, highways, railroads, Switzerland has established three thousand points of demolition. That is the number officially printed. It has been suggested to me that to approximate a true figure a reader ought to multiply by two. Where a highway bridge crosses a railroad, a segment of the bridge is programmed to drop on the railroad. Primacord fuses are built into the bridge. Hidden artillery is in place on either side, set to prevent the enemy from clearing or repairing the damage.

Further:

Near the German border of Switzerland, every railroad and highway tunnel has been prepared to pinch shut explosively. Nearby mountains have been made so porous that whole divisions can fit inside them. There are weapons and soldiers under barns. There are cannons inside pretty houses. Where Swiss highways happen to run on narrow ground between the edges of lakes and to the bottoms of cliffs, man-made rockslides are ready to slide.

[…]

McPhee points to small moments of “fake stonework, concealing the artillery behind it,” that dot Switzerland’s Alpine geology, little doors that will pop open to reveal internal cannons and blast the country’s roads to smithereens. Later, passing under a mountain bridge, McPhee notices “small steel doors in one pier” hinting that the bridge “was ready to blow. It had been superceded, however, by an even higher bridge, which leaped through the sky above — a part of the new road to Simplon. In an extreme emergency, the midspan of the new bridge would no doubt drop on the old one.”

The book is on my Kindle.

Posted on June 20, 2012 at 7:27 AMView Comments

Book Review: Cyber War

Cyber War: The Next Threat to National Security and What to do About It by Richard Clarke and Robert Knake, HarperCollins, 2010.

Cyber War is a fast and enjoyable read. This means you could give the book to your non-techy friends, and they’d understand most of it, enjoy all of it, and learn a lot from it. Unfortunately, while there’s a lot of smart discussion and good information in the book, there’s also a lot of fear-mongering and hyperbole as well. Since there’s no easy way to tell someone what parts of the book to pay attention to and what parts to take with a grain of salt, I can’t recommend it for that purpose. This is a pity, because parts of the book really need to be widely read and discussed.

The fear-mongering and hyperbole is mostly in the beginning. There, the authors describe the cyberwar of novels. Hackers disable air traffic control, delete money from bank accounts, cause widespread blackouts, release chlorine gas from chemical plants, and — this is my favorite — remotely cause your printer to catch on fire. It’s exciting and scary stuff, but not terribly realistic. Even their discussions of previous “cyber wars” — Estonia, Georgia, attacks against U.S. and South Korea on July 4, 2009 — are full of hyperbole. A lot of what they write is unproven speculation, but they don’t say that.

Better is the historical discussion of the formation of the U.S. Cyber Command, but there are important omissions. There’s nothing about the cyberwar fear being stoked that accompanied this: by the NSA’s General Keith Alexander — who became the first head of the command — or by the NSA’s former director, current military contractor, by Mike McConnell, who’s Senior Vice President at Booz Allen Hamilton, and by others. By hyping the threat, the former has amassed a lot of power, and the latter a lot of money. Cyberwar is the new cash cow of the military-industrial complex, and any political discussion of cyberwar should include this as well.

Also interesting is the discussion of the asymmetric nature of the threat. A country like the United States, which is heavily dependent on the Internet and information technology, is much more vulnerable to cyber-attacks than a less-developed country like North Korea. This means that a country like North Korea would benefit from a cyberwar exchange: they’d inflict far more damage than they’d incur. This also means that, in this hypothetical cyberwar, there would be pressure on the U.S. to move the war to another theater: air and ground, for example. Definitely worth thinking about.

Most important is the section on treaties. Clarke and Knake have a lot of experience with nuclear treaties, and have done considerable thinking about how to apply that experience to cyberspace. The parallel isn’t perfect, but there’s a lot to learn about what worked and what didn’t, and — more importantly — how things worked and didn’t. The authors discuss treaties banning cyberwar entirely (unlikely), banning attacks against civilians, limiting what is allowed in peacetime, stipulating no first use of cyber weapons, and so on. They discuss cyberwar inspections, and how these treaties might be enforced. Since cyberwar would be likely to result in a new worldwide arms race, one with a more precarious trigger than the nuclear arms race, this part should be read and discussed far and wide. Sadly, it gets lost in the rest of the book. And, since the book lacks an index, it can be hard to find any particular section after you’re done reading it.

In the last chapter, the authors lay out their agenda for the future, which largely I agree with.

  1. We need to start talking publicly about cyber war. This is certainly true. The threat of cyberwar is going to consume the sorts of resources we shoveled into the nuclear threat half a century ago, and a realistic discussion of the threats, risks, countermeasures, and policy choices is essential. We need more universities offering degrees in cyber security, because we need more expertise for the entire gamut of threats.
  2. We need to better defend our military networks, the high-level ISPs, and our national power grid. Clarke and Knake call this the “Defensive Triad.” The authors and I disagree strongly on how this should be done, but there is no doubt that it should be done. The two parts of that triad currently in commercial hands are simply too central to our nation, and too vulnerable, to be left insecure. And their value is far greater to the nation than it is to the corporations that own it, which means the market will not naturally secure it. I agree with the authors that regulation is necessary.
  3. We need to reduce cybercrime. Even without the cyber warriors bit, we need to do that. Cybercrime is bad, and it’s continuing to get worse. Yes, it’s hard. But it’s important.
  4. We need international cyberwar treaties. I couldn’t agree more about this. We do. We need to start thinking about them, talking about them, and negotiating them now, before the cyberwar arms race takes off. There are all kind of issues with cyberwar treaties, and the book talks about a lot of them. However full of loopholes they might be, their existence will do more good than harm.
  5. We need more research on secure network designs. Again, even without the cyberwar bit, this is essential. We need more research in cybersecurity, a lot more.
  6. We need decisions about cyberwar — what weapons to build, what offensive actions to take, who to target — to be made as far up the command structure as possible. Clarke and Knake want the president to personally approve all of this, and I agree. Because of its nature, it can be easy to launch a small-scale cyber attack, and it can be easy for a small-scale attack to get out of hand and turn into a large-scale attack. We need the president to make the decisions, not some low-level military officer ensconced in a computer-filled bunker late one night.

This is great stuff, and a fine starting place for a national policy discussion on cybersecurity, whether it be against a military, espionage, or criminal threat. Unfortunately, for readers to get there, they have to wade through the rest of the book. And unless their bullshit detectors are already well-calibrated on this topic, I don’t want them reading all the hyperbole and fear-mongering that comes before, no matter how readable the book.

Note: I read Cyber War in April, when it first came out. I wanted to write a review then, but found that while my Kindle is great for reading, it’s terrible for flipping back and forth looking for bits and pieces to write about in a review. So I let the review languish. Finally, I borrowed a paper copy from my local library.

Some other reviews of the book Cyber War. See also the reviews on the Amazon page.

I wrote two essays on cyberwar.

Posted on December 21, 2010 at 7:23 AMView Comments

Cyber-Offence is the New Cyber-Defense

This is beyond stupid:

The Pentagon is contemplating an aggressive approach to defending its computer systems that includes preemptive actions such as knocking out parts of an adversary’s computer network overseas—but it is still wrestling with how to pursue the strategy legally.

The department is developing a range of weapons capabilities, including tools that would allow “attack and exploitation of adversary information systems” and that can “deceive, deny, disrupt, degrade and destroy” information and information systems, according to Defense Department budget documents.

But officials are reluctant to use the tools until questions of international law and technical feasibility are resolved, and that has proved to be a major challenge for policymakers. Government lawyers and some officials question whether the Pentagon could take such action without violating international law or other countries’ sovereignty.

“Some” officials are questioning it. The rest are trying to ignore the issue.

I wrote about this back in 2007.

Posted on September 2, 2010 at 7:33 AMView Comments

UK Defense Security Manual Leaked

Wow. It’s over 2,000 pages, so it’ll take time to make any sense of. According to Ross Anderson, who’s given it a quick look over, “it seems to be the bureaucratic equivalent of spaghetti code: a hodgepodge of things written by people from different backgrounds, and with different degrees of clue, in different decades.”

The computer security stuff starts at page 1,531.

EDITED TO ADD (10/6): An article.

Posted on October 5, 2009 at 3:10 PMView Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.