MIIS’s own Professor Jeffrey Knopf has published an analysis of the possibilities of deterrence theory against the primary security threats of the age, namely; terrorism, WMD use by “Rogue States”, and cyber attacks. He comes down against the application of deterrence theory to cyber attacks and especially against the bombastic statements of some in the defense community of a national policy of responding to catastrophic cyber attack by employing the “Nuclear Triad”. The central problem of attribution of attacks also comes to the fore, and even after attribution has been made more or less conclusively, the problem still remains of demonstrating actual state knowledge and complicity in any given attack. Deterrence by denial, however, remains viable in the cyber context, and hardening infrastructure may go a long way towards discouraging high-impact hacking attacks.
Dan Gifford – MCySec Media Manager
Gabriella Coleman, one of the preeminent researchers of “Hacker” culture and of the nebulous group known as “Anonymous” has published an excellent paper describing the history, origins and and elements of the group. She correctly places the seminal nexus of the group in the various imageboards centered on 4chan.org (and the previous “trolling” groups of somethingawful.com). Importantly, she incorporates the role of various IRC chat rooms as being influential in the development of the activist character that the group took on in the wake of their operations against the Church of Scientology, a character which further developed during the response to the wikileaks blockade, where Anons ddos’d major credit card companies and paypal, and through the “Arab Spring”, during which an interesting internationalist attitude and user base developed.
My only qualms with her characterization of the group is that she does not explicitly state the nature of anonymous as a discardable identity- something assumed by various actors for various purposes to be left behind as soon as its utility is finished. She concentrates on the groups that clung most tightly to the image, while the actual ecosystem of actors using the common identity and ideological schema was much more diverse than the self proclaimed “Anons”. Anonymous was in many ways simply a convenient mask to be worn for political action.
Dan Gifford – MCySec Media Manager
Caitríona H. Heinl has written a working paper on the cyber threats facing the ASEAN nations and the international frameworks necessary to combat them. Developing resilience is a focus of the paper, and against a backdrop of rapidly increasing numbers of internet users in the ASEAN countries this is going to become only more important as time goes on. The paper provides a good review of the existing frameworks and agreements that have been made in this field and lays out recommendations for the future.
Dan Gifford- MCySec Media Manager
Cooper_2009_Thoughts on Cyber Deterrence_Final copy
This paper argues we are now in a non-polar world wherein states and other entities may be in states of collaboration, competition and/or conflict (3 Cs) simultaneously with each other. As a result of this shift in paradigm as well as the impact of the information revolution, Cooper explores how lessons from nuclear deterrence may apply to the cyber realm. In particular, he uses and builds upon the often forgotten principles of containment to address cyber threats in this “3 Cs-world”. This research stems from 2009 Highlands Forum sessions sponsored by the U.S. Office of the Secretary of Defense. The final version was presented to U.S. General Keith Alexander at Highlands Forum, “Cyber Commons, Engagement and Deterrence” moderated by Dr. Itamara Lochard, 10 February 2010 in a closed session at the Center for Strategic and International Studies. Building upon Cooper’s study, Dr. Lochard presented a paper on “Strategies for International Space Stability” at CyCon 2012 in Tallinn, Estonia hosted by the NATO Cooperative Cyber Defense Center of Excellence.
Four researchers from the United States, the Netherlands, Switzerland and Germany have published a paper establishing the feasibility of creating difficult to detect hardware trojans. The trojan is made during the manufacturing process by failing to properly dope a portion of the semiconductor chip used to generate random numbers for cryptography. Unlike previously understood hardware trojans, a practice known colloquially as “Chipping”, no extra hardware must be added to the computer chip in order for the exploit to work. This means that visual inspection of the chip will not be an effective countermeasure in these cases. Additionally, the chips that the researchers altered in this way still passed operational standards, meaning that detection of an affected system will be very difficult.
The result of the exploit is that the encryption codes generated by the hardware are trivially easy for an adversary to crack, potentially exposing sensitive data. This development poses major problems for organizations and nations that rely on distributed and international supply chains to construct their sensitive electronic devices. Much like Project BULLRUN this research demonstrates that the creation of sufficiently random numbers remains a central problem of encryption, and a major area of exposure to outside attack.
Dan Gifford- MCySec Media Manager
Internet security researchers at Symantec have just published an analysis of one of the leading hacking groups that have been classified as “Advanced Persistent Threats”. The “Hidden Lynx” group has been credited with the mass break-in on tech companies such as Google and Adobe that occurred in 2009. Since 2011, the group has targeted hundreds of organizations, primarily in the United States, but with a significant fraction directed against organizations in Taiwan.
The Symantec report suggests that in contrast to such groups as the Comment Crew, also known as APT1 and as “Byzantine Candor” within the intelligence community (and widely suspected to be PLA Unit 61398, based in Shanghai, China) the Hidden Lynx teams are hackers for hire. Their primary target has been on the financial services industry, but they have devoted considerable attention to government and military contractors. In their campaigns, the Hidden Lynx group has attacked so-called “Watering Holes”, which are often locally focused websites with weak security that may be used or visited by users from the organizations they are targeting. In their attack on bit9, they subverted the company’s trust based anti-virus model, signing their trojans with the company’s certificates to give them an edge against other targets who were relying on bit9 trust architecture for protection.
“Hidden Lynx” runs multiple attack campaigns at any given time, and their level of sophistication combined with the ability to construct and run their own tools against this many targets lead the Symantec researchers to assess that the group has at least 50-100 members.
-Dan Gifford MCySec Media Manager/ Graduate Research Assistant.
The Bulletin of the Atomic Scientists has published a special Cyber Issue, concentrating specifically on cyber security challenges. In light of the recent governmental emphasis on the national security priorities of cyber security, this publication is quite timely.
All of the articles are relevant areas of discussion, though the article by Nazli Choucri and David Clark, “Who Controls Cyberspace?” is especially salient given its focus on incorporating the debate into existing international relations theory.
MIIS students and staff should be able to get access to the articles digitally through the library.
Please also see Jeffrey Cooper’s 2009 “New Approaches to Cyber Deterrence: Initial Thoughts on a New Framework,” contract number N65236-08-D-6805, U.S. Under Secretary of Defense for Intelligence, presented to U.S. General Keith Alexander at Highlands Forum, “Cyber Commons, Engagement and Deterrence” moderated by Dr. Itamara Lochard, 10 February 2010 in a closed session at the Center for Strategic and International Studies.
“Defending an Open, Global, Secure, and Resilient Internet”, the June publication of an independent task force organized by the Council on Foreign Relations, is a compelling account of the current status of national and international policy within the field of Cyber Security. The report spends a significant amount of time addressing the many urgent risks that the open internet currently faces. Chief among them is fragmentation into state-controlled intranets through censorship and firewalls as well as the proliferation in recent years of military- and government-designed cyber weapons alongside new postures towards cyber warfare as a form of state conflict.
Many of the recommendations are sound, such as pursuing more focused Cyber Security policies and laws that avoid the Intellectual Property focus which has led to the failure of a number of previous legislative efforts. Some other stances—such as discouraging aggressive export controls on software and hardware that can be used to monitor and stifle civic dissent online—seem less defensible. This is especially salient given the focus on the risks and costs of a more divided and censored global internet.
On the policy side a number of concerns are voiced about the future trajectory of the internet and who will ultimately be responsible for regulating it. In the debate between the Internet Corporation for Assigned Names and Numbers (ICANN) and the nascent International Telecommunications Union (ITU), this report comes down squarely on the side of ICANN and views the movement through the United Nations and the ITU to post ground rules on the internet as an attempt by authoritarian states to limit dissent.
The report is not all doom and gloom, however. One bright spot for potential job seekers is that “80 percent of the federal Cyber Security workforce is over 40 years old.” Impending retirements in the field lead the report to cite estimates that there will be “future shortfalls at between twenty and forty thousand people for many years out”. Cyber Security, at least, remains a seller’s market for professionals, who can expect stiff competition for their services.
by Dan Gifford, Media Manager/Graduate Research Assistant – MCySec