http://www.gcn.com/print/26_25/45086-1.html By William Jackson GCN Home 09/24/07 issue GCN Interview with Greg Oslan, chief executive officer and president at Narus How close are we to cyberwarfare? Pretty close, said Greg Oslan, chief executive officer and president at Narus, a provider of traffic analysis software for carrier networks. The company helps large IP networks see, analyze and manage traffic from a growing number of dynamic applications. Knowing what traffic is on a network and understanding it is essential to providing adequate security because security cannot be achieved today at the endpoint, he said. Not surprisingly, Oslan has a front-row view of malicious traffic passing through the Internet and efforts to ward off full-scale warfare via the network. GCN: What constitutes cyberwarfare? OSLAN: This is my opinion only, but I think that what would constitute an act of war over the Internet would be something that maliciously, directly cripples a countrys ability to function. If somebody brought down our electrical infrastructure and crippled our economy, I think that would be an act of war. How we could treat that, government to government, is a policy question. You are not using guns and bullets anymore. What is the appropriate response as your armies move from physical entities to virtual entities? GCN: What can you tell us about what you saw of the Estonia attacks? OSLAN: It was the volume and coordination of the attacks that distinguished them. It wasnt just one computer or one Web site that was targeted; this was spread across the entire country from the libraries to government institutions. We have information in this country of other countries trying to gain access to our machines. Its kind of a new Cold War. In the 1950s and 60s, [the Soviets] would send fighters into the Alaskan airspace and see how fast wed respond and of course, wed do the same. The same thing is now occurring on the Internet. One country says, How many different sites can I break into in the U.S.? And then the United States responds, and they want to know how quickly we fill those holes. GCN: What is the likelihood of a cyberwarfare attack against us that goes beyond that tit-for-tat push against the edges? OSLAN: The bigger global issue is [that information technology] as a service medium rather than as a transport medium is in its infancy so far as being understood on a global scale. People are protecting their small pieces, but there are no stand-alone pieces. They are all connected to everything else in the world. Having a firewall is not good enough, or having an intrusion-detection system is not good enough. Having both is not good enough. Systems that manage and protect on a more holistic scale are what are going to be required. GCN: How vulnerable is the United States critical infrastructure to this kind of attack? OSLAN: There are just too many holes. There are so many institutions that people have already penetrated. The [Army] War College Web site was down for two or three weeks, and that was pretty embarrassing because they are the ones who are being taught to protect against cybercrime. Its a safe assumption that were pretty much all in the same boat, and our infrastructure is absolutely susceptible. There is debate over how big of a threat that is. There is no question there are isolated threats, and there are component systems that could be penetrated and brought down. But there is no one who believes they could bring down the entire electrical infrastructure or gain access to nuclear power plants. Whether that is true or not, I dont know. GCN: Given the interconnected nature of the infrastructure and the need for a cooperative approach to securing it, do we have the international cooperation we need to provide this security? OSLAN: This is a huge problem and one that is not well understood. Some 70 percent of the worlds Internet traffic now flows through the United States. Thats going to change over the next several years. Other foreign countries are not comfortable with all of that traffic flowing through the United States, and youre going to see major distribution points being set up overseas and then it gets really complicated. This is going to give rise to a whole new thought process about protecting the borders. GCN: What can be done at the national and carrier infrastructure levels to protect against these threats? OSLAN: It is going to be a fine balance between the carriers requirements to protect their own infrastructure because they need to make money and the governments involvement to provide security. When the telephone networks were originally set up by AT&T 100 years ago, the government clearly stated this is critical, this is how it is going to be used and protected. That doesnt exist on the Internet today. We are going to have to think differently. One of the proposals that came out of the [Group of Eight summit] was for a trusted entity, a kind of [United Nations] of the Internet, that is responsible for making sure that the traffic moving from one country to another is protected and can be trusted. GCN: Given the Internets degree of development and our dependence on it, is it too late to effectively put these kinds of controls into place? OSLAN: It is never too late. I think that we have to acknowledge at a public level that it is a problem. Unfortunately, in most cases it requires a major event to galvanize people and get them to change. The Internet is a commercial means of making money and is also critical national infrastructure. It is hard to go to carriers that are not owned by the government and tell them to invest millions of dollars to protect it. It is an interesting challenge. We went through it with lawful intercept in the United States, when the carriers were mandated to provide to government the ability to tap IP traffic under a court order. There is not a huge motivation for the carriers to do this because they are not making any money off that service. We are going to have this same kind of discussion around security. GCN: You said it would take a major event to get peoples attention. What kind of event? OSLAN: To get this to happen quickly rather than over the next 40 years, I think it will have to be crippling. Another country brings down the stock market for five days: That would probably get everybody interested in making sure that never happens again. Bringing down air traffic control systems to major airports. Whether that is practical or not still is a question. But if it is connected to the Internet, it is technically possible regardless of how many protections you have in place. Far from easy, but technically possible. The more sophisticated we get and more pieces of equipment you put on the network, the more vulnerable you become. The more things you have to manage and the more endpoints, the more openings you have. Copyright 1996-2007 1105 Media, Inc. All Rights Reserved. __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Tue Sep 25 2007 - 22:20:46 PDT