Future Enterprise: Cyber Warfare

Friday, September 23, 2011

Bill Gerneglia

44fa7dab2a22dc03b6a1de4a35b7834a

Article by David Hunter

The Fortune top 2000 companies as well as Governments across the world are under serious cyber attack and it is likely to get much worse.

Cybercrime is a generic term for the illegal incursion and disruption at the national, enterprise and community level, of both cyber and physical assets. Cyber assets include the key information and knowledge resources, including the data, policies, reports, IP, algorithms and applications, programs and operational procedures, that a modern society in the 21st century relies on to operate and manage its business.

Physical assets include an increasing number of everyday objects and services controlled by computers and increasingly connected to the Internet including- infrastructure, manufacturing and production machinery, industrial control and communication centres, security systems, medical devices, electricity grids and meters, vehicles and transport systems as well as billions of consumer and industrial electronic devices.

Cybercrime is a relatively new phenomenon but because of its recent scale and game-changing implications for both government and industry it is rapidly becoming the dominant risk theme of the 21st century.

The opportunity for cyber attacks grows daily as corporations and governments continue to amass information about individuals in complex networks across the Web and at the same time new generations of cyber activists, some motivated purely by money and others by the desire to expose and destabilise corporations and governments, continue to hack into organisational secrets.

No enterprise, no matter how small or benign, will be safe from attack in the future, with an estimated 250,000 site breaches reported in the last few years including- EMC's RSA Security unit, the Public Broadcaster PBS, Sony's PlayStation network, Apple administration password database, the International Monetary Fund, South Korea's largest banks, the Spanish Police, US Senate, Texas Police Department, the CIA, Turkish and Malaysian governments, Google's Gmail, the Nokia forum site and Citibank's Credit Card accounts.

In the latest Norton Cybercrime Report, it was reported that breaches of various types claimed 431 million adult victims last year, with 73% of adults in the US alone incurring estimated financial losses of $US140 billion. As a criminal activity, cyber incursion is now almost as lucrative as the illegal drug trade. The total cost last year, including lost productivity and direct cash losses resulting from cyber attacks associated with viruses, malware and identity theft is estimated at $US 388 billion.

The security firm McAfee report listed a range of cybercrime technologies deployed including- denial of service attacks, malware, spam, phishing, social site engineering, mobile phone viruses, botnets and phone sms Trojan messages. Also more recently, hacking drones- remote controlled aerial vehicles which can automatically detect and compromise wireless networks, by locating a weak spot in a corporate internet connection have been developed. To make matters worse, the first flaws in the advanced encryption standard used for internet banking and financial transactions as well as Government secure transmission, have been discovered.

But most worrying, security experts from McAfee have now discovered the biggest series of cyber attacks to date, involving infiltration of the networks of 72 organisations around the world including- the UN, the governments of the US, Taiwan, India, South Korea, Vietnam and Canada, ASEAN, the International Olympic committee and an array of companies from defence contractors to high-tech enterprises including Google- with most of the victims unaware of the breaches.

This represents a massive loss of economic advantage- possibly the biggest transfer of IP wealth in history. Currently every company in every industry of significant size, with valuable IP, contracts or trade secrets is potentially under attack and this will inevitably extend to smaller organisations such as strategic hi-tech start-ups in the future. At the national level it involves exposure of sensitive state secrets including- policy intentions and decisions covering all levels and functions of Government such as trade, defence and industry policy.

The stakes are huge; a challenge to economies and global markets. From both an enterprise and State perspective therefore this is an intolerable situation; but because it has exploded at such speed, the response to date has largely been fragmented and ineffective.

But this is about much more than ruthless criminal intent to pillage credit cards, steal trade data or bring down unpopular sites. On a global scale, cybercrime has the potential to morph into full blown Cyberwar!

The main players in this game of cat and mouse currently include three broad groups, each with different motivations, although overlapping to a degree.

First- the State sponsored hackers- China, Iran, Russia, Estonia, Israel- recently upping the cyberwar stakes with its Stuxnet attack on the nuclear facilities of Iran, Indonesia, North Korea and Syria. At the same time dictatorial regimes across the world, from Syria to Saudi Arabia have introduced extreme punitive measures to monitor and control access by dissidents, particularly during the Arab Spring. And they have often coerced US and European technology companies to assist them, including Siemens- in the cross-hairs for assisting the autocratic Government of Bahrain track down dissidents.

Second- the White hats- independent freelance hacker groups such as Anonymous/LulzSec. Their aim according to their manifesto is to expose the corruption and greed inherent in the play-books of big business and rogue regimes powered by hyper-capitalism and intent on plundering the natural resources of the planet. They also support whistle-blower groups such as WikiLeaks and social activist groups in general.

Third- the Black hats- with much more clearly defined goals, from overtly criminal to destructive and anarchistic. They are marshalling their attacks primarily on the Midas riches of credit card and financial databases across the globe, at the same time as China and Russia are hacking other Government's IP, email and trade secrets.

Cyber Hackers now make up a complex substratum of social crime, composed of an ad hoc combination of hackers and security experts, each with a fiercely competitive agenda. But already fragmentation is extending to inter-cyber warfare between these rapidly evolving networks of dysfunctional society, at the same time overlapping with global terrorist groups.

The world's superpowers have already begun to introduce new cyber-policies to desperately protect their intellectual property, infrastructure and financial assets, as well control the flow of information within their populations- but is already bogged down.

The European Convention on Cybercrime is moving at glacial speed because EU governments are reluctant to share sovereign IT information with other powers, even if friendly. The new US Cyber Manifesto has also been stymied. The policy aims to support open access to the Internet while at the same time pursuing a policy of aggressive physical deterrence against any foreign powers such as China and Iran or organisations like WikiLeaks, which attempt to penetrate US computer systems. But this policy is meeting resistance from vested US business interests on issues of regulatory control and government surveillance of business system security.

China on the other hand appears to be going for the jugular. It has established The State Internet Information Office with the express purpose of regulating and controlling its vast Internet population and had even considered building an alternative Internet to sidestep the US controlled ICAAN.

Cybercrime may also be made a lot easier by the ubiquitous application of Cloud technology in the future. Most major corporations and government agencies will be using at least one Cloud to store and process its operational data, leased from Google, Cisco, IBM, Amazon, Microsoft, HP etc. Already several of these clouds including Amazon have been breached and others have had outages. Gaining access to data from a dozen major information sources would be a lot easier than penetrating thousands of individual databases.

Even though most Cloud installations had incorporated security software easily able to ward off rudimentary distributed denial-of-service and hacker attacks, future Cybergent technologies would be much more effective because of superior forensic intelligence.

So the race is on to co-opt the most advanced cyber technology both to gain advantage, but also for prevention. Present day cybercrime technologies however will appear largely primitive within the next few years. The emphasis will shift to the application of much more sophisticated Cyberagent software technology.

The first generation of software agents appeared in the nineties and was used to trawl the Web, applying basic search procedures to locate information resources such as online shopping or travel sites and locating the best prices.

The second generation emerged around five years later. These programs were smarter, incorporating artificial intelligence that enabled them to make decisions more autonomously to meet their operational goals. They were deployed mainly in simulations of interactive population behaviour and interaction in a variety of environments- shopping malls, supply chains as well as disaster and conflict areas. In addition, they possessed superior negotiation and decision logic skills, using Game theory and semantic inferencing techniques.

But the third generation agents will be something else again. These will be based on complementary combinations of advanced AI techniques such as- ‘evolutionary algorithms', that allow them to constantly improve their skills; 'neural networks' for superior pattern recognition and learning; ‘bayesian logic' for powerful inferencing capabililty; ‘ant foraging' to help find the most efficient paths through complex network environments and ‘swarm' technology, allowing individual agent intelligence to be amplified by working cooperatively in large groups.

They will increasingly also be capable of tapping into the enormous computational intelligence of the Web, including the public databases of mathematical and scientific algorithms, eventually allowing their intelligence to be amplified by a factor of a hundredfold over previous agent capabilities.

Such agent swarms will also be equipped behaviourally and cognitively to focus on their missions with laser or Zen-like concentration, to the exclusion of everything else, until they have chased down their quarry; whether corporate strategic plans, government covert secrets or nuclear missile blueprints.

This Uber-level of intelligence will transform Agent swarms into formidable cyber strike forces, which could operate under deep cover or in sleeper mode, transforming into harmless chunks of code until a cell and attack was activated and could also replicate rapidly if additional forces were required.

Although this might sound like science fiction, the AI techniques involved, such as evolutionary algorithms, neural networks and swarm architectures have been in common use in business and industry for over ten years. The capacity to harness them in cyber strike force mode is only a matter of time.

But all parties now beginning to understand that the nature of conflict and the balance of world power is shifting with lightning speed, obsoleting overnight the nature of war and traditional economic dominance in a globalised cyber-world. Future conflicts will not be about destroying an enemy armed with billion dollar hi-tech armaments such as tanks, jets and warships, but will be played out largely in future cyberspace.

What value a sophisticated weapons system if it can be disabled by an elite cyber hacker with a Stuxnet-type virus?

What value armies of highly trained soldiers if their command and control centres can be disabled with a few keyboard strokes and a swarm of smart software agents?

What value the trillions of dollars spent on containing Al-Qaeda if the economic and logistical systems supporting the attack can be thrown into disarray by a powerful artificial intelligence algorithm?

But the CEOs of major corporations and military commanders of the major powers are still coming to terms with the mind-blowing ramifications of Cyberwar. Not only would their systems soon be obsolete but so would their command structures.

Adding to the pressure is the impact of global warming and the overuse of the planet's finite natural resources. Cyberwars are more likely to flourish in times of food and critical resource shortages, with countries and enterprises desperate for inside knowledge to secure access to critical supply information. That time is not far off, with estimates of critical food shortages and rising prices as early as 2013, with a follow on spike in global conflict highly likely. 

One thing is certain. From now on Cyberspace will be the new corporate and state battleground and Cybercrime the main risk protagonist.

The threat of all out Cyber war is now an urgent issue that transcends lines between individual enterprises or governments. Unless a global cyber security framework, binding both the private and public sectors can be engineered, a world of disorder will rapidly emerge - a turbulent world, where change has ceased to be beneficial and becomes ultimately destructive.

Cross-posted from CIO Zone

Possibly Related Articles:
21662
Network->General
Information Security
malware Botnets Cyber Crime Stuxnet Cyber Warfare Cyber Defense
Post Rating I Like this!
C4363f41d25c216c53c8d71a1ac44a90
Matthijs R. Koot Regarding the Norton Cybercrime Report: there seems to be some discussion about that report. See:

http://www.stuff.co.nz/technology/digital-living/5662934/Exposing-Nortons-cybercrime-scare-campaign

The (in)accuracy of the contended claims does not impact this article, fortunately.
1316791772
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.