[ISN] Crash strike caution

From: InfoSec News (alerts@private)
Date: Wed Apr 11 2007 - 01:06:02 PDT


http://www.smh.com.au/articles/2007/04/09/1175971018555.html

By Patrick Gray
April 10, 2007
Next

IF MICROSOFT'S Windows operating system crashes and gives you the "blue 
screen of death", it's a pain in the proverbial, but it's hardly 
life-threatening. In 1998, however, a United States Navy destroyer, the 
USS Yorktown, was left stranded and vulnerable when its Windows NT-based 
control system failed.

The tale of the stranding of the Yorktown is a true story former White 
House staffer Richard A. Clarke cites as a warning. "(It) was out on an 
initial shakedown cruise. The Microsoft software that it was running in 
its control system went kafluey, and the entire ship stopped dead in the 
water and they had to send tugs out to pull it back ... (it was running) 
Windows," Mr Clarke told The Age.

Mr Clarke, the former United States National Co-ordinator for Security 
and Counterterrorism, who also served as President George Bush's adviser 
on cyber security until 2003, says the US is becoming too reliant on 
network technology in war-fighting.

The lesson also applies to Australia. The Australian Defence Force's 
"Force 2020" plan spells out a transition to "network-enabled 
operations" which "treat platforms as nodes of a network (which) 
collect, share and access information".

But Mr Clarke's tone is sarcastic. "The Pentagon says 'Oh, good news, 
we're having a revolution in military affairs and we are going to 
net-centric warfare where everything will be netted together', and they 
tout this as progress," he says.

In fact, such networking could be a security risk. Western nations are 
becoming increasingly vulnerable to cyber-attack from hostile nations, 
terrorist groups and criminal syndicates, and an increasing reliance in 
civilian technologies by intelligence and military agencies is having an 
adverse effect on national security.

"It used to be that government, intelligence and defence agencies relied 
on what they called GOTS, Government Off the Shelf products," Mr Clarke 
says. "There are very few, if any, of those left. Almost everything the 
Government relies on, even in the military and the intelligence 
community is, COTS - Commercial Off the Shelf. Which is a way of saying 
that what the Pentagon is running and the CIA is running is the same as 
what you're running on your home computer."

In addition to normal reliability and security concerns, the commercial 
technology sector is also vulnerable to infiltration by agents working 
for hostile nations and terrorist organisations, Mr Clarke says. Agents 
could steal or sabotage proprietary systems, or use insider knowledge to 
gather information on potential security weaknesses in software, or 
perhaps even to plant them.

The security of commercial products, and therefore the companies that 
develop them, is steadily becoming a national security issue in the US. 
"It is of concern when foreign nationals are employed in American 
companies. It's also a concern if Americans are employed in American 
companies and convinced to spy," Mr Clarke says. "(And) there's some 
reason to believe it's going on."

His warning has a local sting: it comes at a time when Australia's 
defence bureaucracy is ramping up its own outsourcing plans.

Several worst-case cyber attack scenarios are described in Mr Clarke's 
most recent book, Breakpoint, which was launched in January. The 
fictional novel, set in 2012, begins with attacks on the fibre-optic 
cables linking the US to the internet. The attacks escalate to include 
assaults on satellites and the United States' ability to wage war is 
severely impaired.

Carrying out such an attack on Australia would be relatively easy, Mr 
Clarke says. "A physical attack on cyberspace, one that tries to cut off 
a country from the rest of cyberspace by hitting physical connections; 
that's probably something that Australia is more vulnerable to than say 
Europe or the United States," he says.

"The United States has a lot of internet entry points into it, probably 
in the order of 20 major entry points, and that's a lot to take down. I 
think Australia's number is probably more in the order of six."

To better prepare, Australia should "try to improve physical security 
around internet nodes, you try to create redundancy," Mr Clarke says. 
"You want to make sure that there are back-up systems, that certain 
functions that don't need to be connected to the internet even 
indirectly, like electrical power, are disconnected."

Mr Clarke says attacks on technology infrastructure, physical or 
virtual, could come from terrorists, criminals or nation states.

At several points throughout Breakpoint, Mr Clarke suggests 
Chinese-manufactured technology in the fictional future he describes 
could contain "back doors" designed to allow the country's agents to 
clandestinely access computer and communications networking equipment 
installed throughout the US and Western world.

Such back doors would not be easy to detect, Mr Clarke says. "It's very, 
very difficult to detect things that are embedded in chips, embedded in 
motherboards - I think it would be extraordinarily difficult, especially 
if they're not used until a certain point in time ... (and are) remotely 
activated.

"When IBM stopped making laptops and sold the company to a Chinese 
manufacturer the US Defence Department and State Department immediately 
cancelled all orders for the IBM laptops. That reflects perhaps some 
paranoia, but it may also reflect something else."

Mr Clarke denies that software companies allow US Government agencies, 
such as the CIA and National Security Agency, to plant back-door 
software of their own into their products. "I think American 
manufacturers depend so much now on the world market that they would be 
reluctant to do that because if they ever get caught they'd lose huge 
portions of their market," he says.

While Mr Clarke admits it's possible the CIA and NSA may seek to 
infiltrate US software companies and plant back doors of their own into 
products - without the permission or knowledge of the companies 
themselves - he doubts the Government is engaged in those types of 
activities. "That's possible, (but) it probably gives the United States 
Government more credit for competence than it deserves," he says.

However, Mr Clarke says both the US and Chinese governments have 
admitted they have a cyber-attack capability that could allow them to 
attack network infrastructure and penetrate foreign governments' systems 
to gather intelligence.

Breakpoint has turned out to be somewhat prophetic. Last month Scotland 
Yard detectives claimed to have foiled an al-Qaeda plot to destroy a 
major "internet hub" through which most of Britain's internet traffic is 
reportedly routed.

"There was also an arrest in the United States not long after 9/11 of an 
al-Qaeda operative who was apparently supposed to do a second-wave 
series of attacks, including on internet hubs, so we know al-Qaeda does 
think about that," Mr Clarke says. "To some extent the book is prophetic 
in that it talked a lot about things like Chinese anti-satellite 
attacks, and I think the day the book was published in the United States 
the Chinese did a satellite attack."

The Chinese Government confirmed it shot down one of its satellites in 
January, while insisting it was committed to the "peaceful development 
of outer space".

Mr Clarke's resume is impressive. He served as a special assistant to 
President Bill Clinton for eight years and was the National Co-ordinator 
for Security and Counterterrorism for both Clinton and George W. Bush.

 From 2001 until his retirement in 2003, Mr Clarke was special adviser 
to President Bush on cyber security and chairman of the President's 
Critical Infrastructure Protection Board. Mr Clarke became well known 
around the world when he accused President Bush of mismanaging the "War 
on Terror" in his scathing account of his tenure under the President, 
Against All Enemies, published in 2004.

Today he serves as the chairman of Good Harbor Consulting, a security 
and counterterrorism consultancy. He says he wrote Breakpoint [1] as a 
fictional novel because a more sober warning would have fallen on deaf 
ears. "I write fiction because I think it's a way of telling people 
interesting facts ... that they would never read because most people 
don't read nonfiction," he says. "Because it's a thriller people will 
read it. They'll learn, subliminally perhaps, about ... the issues."

Breakpoint ventures beyond issues involving cyber security and computing 
technology. The book raises concerns around genetic engineering 
technology and the reverse engineering of the human brain.

According to Mr Clarke, developments in genetic technology, artificial 
intelligence, robotics and the fusing of humans and machines will have 
significant consequences for society and national security.

"(Breakpoint is) meant to be a warning. Not only on the computer side 
but on the genetics side, and robotics and artificial intelligence," he 
says.

"What I'm saying is there's not just one technology that's emerging in 
the next 10 years, there are five or six major technologies that are 
going to be mutually supportive and burst on the scene in a big way in 
the next 10 years, and they will drastically change the nature of 
society. That will have political, economic, social and national 
security implications and we haven't thought them through."

To hear Patrick Gray's interview with Richard A. Clarke, download his 
podcast from ITRadio.com.au/security

[1] http://www.amazon.com/exec/obidos/ASIN/0399153780/c4iorg
    http://www.shopinfosecnews.org/



__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Apr 11 2007 - 01:16:54 PDT