Questions? Call 888-624-8373

PAPERBACK + PDF
your price: $53.00
add to cart

PAPERBACK
list:$45.00
Web:$40.50
add to cart

PDF BOOK
your price: $34.50
add to cart

PDF CHAPTERS
your price: $1.90
select

Rights & Permissions

topleft topright

Terrorism: Reducing Vulnerabilities and Improving Responses: U.S - Russian Workshop Proceedings (2004)

Page
93
bottomleft bottomright
  E-mail
 Facebook
 Digg
 Stumble
 Twitter
More

The following HTML text is provided to enhance online readability. Many aspects of typography translate only awkwardly to HTML. Please use the page image as the authoritative form to ensure accuracy.

Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings

Cyberattacks as an Amplifier in Terrorist Strategy

Lewis M. Branscomb

Harvard University

In modern industrial societies, information technology may be exploited by terrorists as either a target or a weapon or both. Information technology (IT) is also essential in arranging defenses against terror attack. This multifaceted character of IT is unique among the technologies of concern to the counterterrorist.

As a target, not only the telecommunications and data network infrastructures might be subject to a cyberattack, but so might all of the other areas of critical infrastructure whose efficient functioning depends on computer controls, data management, and digital communications. Of particular concern are the Systems Control and Data Acquisition (SCADA) systems that are rapidly replacing operating engineers as the control elements in networked industrial applications. The electric power distribution industry is a particularly sensitive but not unique example. SCADA software is built outside the United States; it is difficult to prove that no trapdoors were implemented in the software. Furthermore, while more advanced power companies use encrypted communications through buried optical fiber to communicate among the SCADA computers, in some cases, unprotected Internet communications were still used after September 11, 2001.

As a weapon, IT is very familiar, for hackers have demonstrated how information systems may be used to defeat themselves since the beginning of the Internet. Most familiar are the viruses, worms, and Trojan horses; less familiar but more destructive are the sophisticated attacks that may allow the attacker to gain control of the software system (key-zero state).

A cyberattack on a nation’s communications and data network systems may be very disruptive and exact large penalties in inconvenience and in burdensome economic cost. Disruption, if repeated, of energy, telecoms, or transportation

 Page
93
Front Matter (R1-R14)
URBAN TERRORISM Analysis of the Threats and Consequences of Terrorist Acts in Urban Settings: Outline of a Protection System (1-14)
Urban Security and September 11, 2001, in New York City: Projection of Threats onto a City as a Target and Measures to Avert Them or Minimize Their Impact (15-25)
Lessons Learned from the Nord-Ost Terrorist Attack in Moscow from the Standpoint of Russian Security and Law Enforcement Agencies (26-34)
Preventing Catastrophic Consequences of Bioterrorism in an Urban Setting (35-38)
Toxic Chemicals and Explosive Materials: Terrorism-Related Issues for the Research Community, Chemical Industry, and Government (39-46)
The Role of the Russian Ministry of Internal Affairs in Combating Terrorism in Urban Conditions (47-57)
The Three R s: Lessons Learned from September 11, 2001 (58-68)
The Role of the Russian Ministry of Emergency Situations and Executive Branch Agencies of the City of Moscow in Dealing with Emergency Situations Arising from Acts of Terrorism (69-74)
CYBERTERRORISM A Perspective on Cybersecurity Research in the United States (75-84)
Analysis of the Threat of Cyberattacks to Major Transportation Control Systems in Russia (85-92)
Cyberattacks as an Amplifier in Terrorist Strategy (93-96)
Cybercrime and Cyberterrorism (97-103)
Protecting Bank Networks from Acts of Computer Terrorism (104-111)
Computer Security Training for Professional Specialists and Other Personnel Associated with Preventing and Responding to Computer Attacks (112-120)
Information Assurance Education in the United States (121-124)
Technical Protection of Electronic Documents in Computer Systems (125-135)
Certain Aspects Regarding the Development of Conditions Favorable to Cyberterrorism and the Main Areas of Cooperation in the Struggle Against It (136-142)
PAPERS PRESENTED TO THE NRC AND RAS COMMITTEES Problems of Combating Terrorism and Possible Areas for Russian-American Scientific Cooperation to Resolve Them (143-148)
Making the Nation Safer: The Role of Science and Technology in Countering Terrorism A Report of the U.S. National Academies (149-159)
International Aspects of Creating a State System for Countering Illegal Circulation of Radioactive Materials in the Russian Federation (160-163)
Medical Aspects of Combating Acts of Bioterrorism (164-167)
Roots of Terrorism (168-175)
The Department of Homeland Security: Background and Challenges (176-184)
A Agendas for the Workshops on Urban and Cyberterrorism and the Meeting of the RAS and NRC Committees, March 2003 (185-193)
B Annex 2 to the Agreement of Cooperation in Science, Engineering, and Medicine Between the Russian Academy of Sciences and the U.S. National Academies: Russian-American Cooperation in Counterterrorism (194-195)
C Comprehensive Training of Specialists to Counter Information Security Threats (196-205)
D Excerpts from Bioterrorism: A National and Global Threat (206-213)
E Biological Terrorism (214-221)
F Top-Priority Problems for Scientific Research on the Information Security of the Russian Federation (222-228)
G Proposal for a Chem-Bio Attack Response Center (CBARC) for Chicago, Illinois, U.S., 2003 (229-240)

Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 93
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings Cyberattacks as an Amplifier in Terrorist Strategy Lewis M. Branscomb Harvard University In modern industrial societies, information technology may be exploited by terrorists as either a target or a weapon or both. Information technology (IT) is also essential in arranging defenses against terror attack. This multifaceted character of IT is unique among the technologies of concern to the counterterrorist. As a target, not only the telecommunications and data network infrastructures might be subject to a cyberattack, but so might all of the other areas of critical infrastructure whose efficient functioning depends on computer controls, data management, and digital communications. Of particular concern are the Systems Control and Data Acquisition (SCADA) systems that are rapidly replacing operating engineers as the control elements in networked industrial applications. The electric power distribution industry is a particularly sensitive but not unique example. SCADA software is built outside the United States; it is difficult to prove that no trapdoors were implemented in the software. Furthermore, while more advanced power companies use encrypted communications through buried optical fiber to communicate among the SCADA computers, in some cases, unprotected Internet communications were still used after September 11, 2001. As a weapon, IT is very familiar, for hackers have demonstrated how information systems may be used to defeat themselves since the beginning of the Internet. Most familiar are the viruses, worms, and Trojan horses; less familiar but more destructive are the sophisticated attacks that may allow the attacker to gain control of the software system (key-zero state). A cyberattack on a nation’s communications and data network systems may be very disruptive and exact large penalties in inconvenience and in burdensome economic cost. Disruption, if repeated, of energy, telecoms, or transportation

OCR for page 94
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings and finance can exact high economic cost and public distress. There are attacks that could create more serious damage to communications, but they are probably more difficult for terrorists to accomplish. Examples might include cumulative delayed action attacks on critical infrastructures (Trojan horses) or backdoor traps in software or hardware, such as were mentioned by Dr. Ignatyev attacks that benefit from a corrupted insider, especially one with access to systems management attacks on soft but important targets such as the Internet; one example is attacks on root name servers, but since these files are replicated on other name servers, all must be successfully attacked The National Academies study Making the Nation Safer: The Role of Science and Technology in Countering Terrorism concluded that most communications systems, while vulnerable to attack, are also resilient and can in most cases be brought back into service in a relatively short time.1 Thus, cyberwarfare is not considered a weapon of mass destruction. However, cybertechnology is accessible to terrorists; it is ubiquitous in target systems, critical to their proper functioning, and attacks can be deployed covertly from anywhere. Indeed, IT systems are also critical in all phases of counterterrorism: intelligence detection of imminent attacks response and damage mitigation when attack occurs forensic analysis and recovery Thus, a cyberattack may be designed to inhibit all of these defensive functions, increasing the risk of attack and aggravating the consequences by inhibiting response and damage mitigation. In this way, a cyberattack may be used to amplify the effect of a more conventional attack using explosives or chemical, biological, or nuclear weapons. The most serious threat from a cyberattack may be the use of the cyberattack to amplify a physical attack. A cyberattack may accomplish this in a variety of ways, for example, interference with emergency services and command/control communications unauthenticated false messages directing inappropriate actions; false information creating confusion and panic attacks on local critical infrastructure on which response and recovery depend

OCR for page 95
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings In each of these examples, the period of effectiveness of the attack need only be for a short time, perhaps a few hours or less, which may be significantly shorter than the time for recovery of the communications system in question. There is another weapon that shares this characteristic: the portable device delivering an electromagnetic pulse (EMP) sufficiently strong to damage the operating condition of electronics systems such as computers, digital telephone switches, and the like, but not strong enough to permanently damage the hardware. It follows that emergency operations centers (EOCs), such as those in all major cities, should be protected against both cyber- and EMP attacks on their information systems. We should be prepared for the likelihood that a well-planned terrorist attack might begin with an attack that removes the EOC from effectiveness for a few hours, during which time a major physical (or biological or chemical) attack occurs. The National Academies study referenced above provided a variety of recommendations, some of which require changes to communications hardware, intended to reduce the effectiveness of cyberattacks. Among them are the following: ensure secure and interconnected communications among first responders and crisis managers develop and apply methods for high-reliability authentication of security messages develop ways to ensure that critical networks degrade slowly and reversibly when attacked devise systems for acquiring a snapshot of system state and preserve the most critical data in critical large systems under attack, to allow them to be recovered in most important respects as quickly as possible Some longer-range research tasks were to develop telecommunications system software so that limited service will continue when in a volume-saturated state design self-adaptive networks that reconfigure automatically when attacked address the security needs of mobile wireless communications create better decision support tools for crisis managers address the security flaws in operating systems and network software Underlying these practical research objectives is the need, at least in the United States, for expanded investments in basic research and advanced research education to address the general lack of strong security in computer operating systems and network software.

OCR for page 96
Terrorism: Reducing Vulnerabilities and Improving Responses - U.S.-Russian Workshop Proceedings The lack of a full effort in computer security research is a consequence of the perception in the commercial world that the research performed in the 1970s and 1980s addressed commercial security concerns to an adequate degree. Consequently, the weak market for very high security resulted in a lack of investment and training in security research and development. Wm. A. Wulf addresses this issue in his paper. NOTE 1.   Making the nation safer: The role of science and technology in countering terrorism. 2002. National Research Council, Washington, D.C. Available online in PDF at: http://books.nap.edu/html/stct/index.html. Hard copies may be ordered from National Academies Press at: (888) 624-8373 or www.nap.edu.

Representative terms from entire chapter:

academies study