[ISN] Greg Oslan | The new war machine

From: InfoSec News (alerts@private)
Date: Tue Sep 25 2007 - 22:02:27 PDT


http://www.gcn.com/print/26_25/45086-1.html

By William Jackson
GCN Home 
09/24/07 issue

GCN Interview with Greg Oslan, chief executive officer and president at 
Narus
	
How close are we to cyberwarfare? Pretty close, said Greg Oslan, chief 
executive officer and president at Narus, a provider of traffic analysis 
software for carrier networks. The company helps large IP networks see, 
analyze and manage traffic from a growing number of dynamic 
applications. Knowing what traffic is on a network and understanding it 
is essential to providing adequate security because security cannot be 
achieved today at the endpoint, he said. Not surprisingly, Oslan has a 
front-row view of malicious traffic passing through the Internet and 
efforts to ward off full-scale warfare via the network.


GCN: What constitutes cyberwarfare?

OSLAN: This is my opinion only, but I think that what would constitute 
an act of war over the Internet would be something that maliciously, 
directly cripples a countrys ability to function. If somebody brought 
down our electrical infrastructure and crippled our economy, I think 
that would be an act of war. How we could treat that, government to 
government, is a policy question. You are not using guns and bullets 
anymore. What is the appropriate response as your armies move from 
physical entities to virtual entities?


GCN: What can you tell us about what you saw of the Estonia attacks?

OSLAN: It was the volume and coordination of the attacks that 
distinguished them. It wasnt just one computer or one Web site that was 
targeted; this was spread across the entire country from the libraries 
to government institutions. We have information in this country of other 
countries trying to gain access to our machines. Its kind of a new Cold 
War. In the 1950s and 60s, [the Soviets] would send fighters into the 
Alaskan airspace and see how fast wed respond and of course, wed do the 
same. The same thing is now occurring on the Internet. One country says, 
How many different sites can I break into in the U.S.? And then the 
United States responds, and they want to know how quickly we fill those 
holes.


GCN: What is the likelihood of a cyberwarfare attack against us that 
goes beyond that tit-for-tat push against the edges?

OSLAN: The bigger global issue is [that information technology] as a 
service medium rather than as a transport medium is in its infancy so 
far as being understood on a global scale. People are protecting their 
small pieces, but there are no stand-alone pieces. They are all 
connected to everything else in the world. Having a firewall is not good 
enough, or having an intrusion-detection system is not good enough. 
Having both is not good enough. Systems that manage and protect on a 
more holistic scale are what are going to be required.


GCN: How vulnerable is the United States critical infrastructure to this 
kind of attack?

OSLAN: There are just too many holes. There are so many institutions 
that people have already penetrated. The [Army] War College Web site was 
down for two or three weeks, and that was pretty embarrassing because 
they are the ones who are being taught to protect against cybercrime. 
Its a safe assumption that were pretty much all in the same boat, and 
our infrastructure is absolutely susceptible. There is debate over how 
big of a threat that is. There is no question there are isolated 
threats, and there are component systems that could be penetrated and 
brought down. But there is no one who believes they could bring down the 
entire electrical infrastructure or gain access to nuclear power plants. 
Whether that is true or not, I dont know.


GCN: Given the interconnected nature of the infrastructure and the need 
for a cooperative approach to securing it, do we have the international 
cooperation we need to provide this security?

OSLAN: This is a huge problem and one that is not well understood. Some 
70 percent of the worlds Internet traffic now flows through the United 
States. Thats going to change over the next several years. Other foreign 
countries are not comfortable with all of that traffic flowing through 
the United States, and youre going to see major distribution points 
being set up overseas and then it gets really complicated. This is going 
to give rise to a whole new thought process about protecting the 
borders.


GCN: What can be done at the national and carrier infrastructure levels 
to protect against these threats?

OSLAN: It is going to be a fine balance between the carriers 
requirements to protect their own infrastructure because they need to 
make money and the governments involvement to provide security. When the 
telephone networks were originally set up by AT&T 100 years ago, the 
government clearly stated this is critical, this is how it is going to 
be used and protected. That doesnt exist on the Internet today. We are 
going to have to think differently. One of the proposals that came out 
of the [Group of Eight summit] was for a trusted entity, a kind of 
[United Nations] of the Internet, that is responsible for making sure 
that the traffic moving from one country to another is protected and can 
be trusted.


GCN: Given the Internets degree of development and our dependence on it, 
is it too late to effectively put these kinds of controls into place?

OSLAN: It is never too late. I think that we have to acknowledge at a 
public level that it is a problem. Unfortunately, in most cases it 
requires a major event to galvanize people and get them to change. The 
Internet is a commercial means of making money and is also critical 
national infrastructure. It is hard to go to carriers that are not owned 
by the government and tell them to invest millions of dollars to protect 
it. It is an interesting challenge. We went through it with lawful 
intercept in the United States, when the carriers were mandated to 
provide to government the ability to tap IP traffic under a court order. 
There is not a huge motivation for the carriers to do this because they 
are not making any money off that service. We are going to have this 
same kind of discussion around security.


GCN: You said it would take a major event to get peoples attention. What 
kind of event?

OSLAN: To get this to happen quickly rather than over the next 40 years, 
I think it will have to be crippling. Another country brings down the 
stock market for five days: That would probably get everybody interested 
in making sure that never happens again. Bringing down air traffic 
control systems to major airports. Whether that is practical or not 
still is a question. But if it is connected to the Internet, it is 
technically possible regardless of how many protections you have in 
place. Far from easy, but technically possible. The more sophisticated 
we get and more pieces of equipment you put on the network, the more 
vulnerable you become. The more things you have to manage and the more 
endpoints, the more openings you have.

Copyright 1996-2007 1105 Media, Inc. All Rights Reserved.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Tue Sep 25 2007 - 22:20:46 PDT