HCI Project Summary

Homeland Cyber-(In)Security

Group Members: Becky Chen, Jonathan Weinberg, Jeremy Chiu, Tim Pevzner

Project Description and Summary

The recent war on terror has ushered in with it a heightened awareness of cyber insecurity. Barry Colin of the Institute for Security and Intelligence defines cyber terrorism as "the union of cyberspace and terrorism in politically or socially motivated efforts to cause grave harm including but not limited to loss of life or serious economic damage." Cyber terrorism has drawn real concern by both politicians and computer scientists. Even the 9/11 attackers made devastating use of technology in the form of email encryption and internet networking to coordinated their attack. This brief will address several topics in cyber terrorism including an introduction to the area, technology and internet use by terrorist organizations, an analysis of threats to critical national infrastructure, and security concerns introduced by modern outsourcing trends.

Introduction: Real Threat or Hype?

Cyber terrorism was on the mind of President Bill Clinton, when in 1997, he created the President's Commission on Critical Infrastructure Protection. This commission found:

1. As computers become more powerful and prevalent, the country is relying more heavily on computer critical infrastructure.
2. Regarding cyber threats, the commission found that as the prevalence of computer knowledge increases, the likelihood of a cyber attack also increases, especially given the standardization of protocols. A cyber attack will require much less knowledge and expertise to perpetrate than an equally damaging physical attack if the attack is directed towards the critical infrastructure of the country. An attacker can use a computer located anywhere in the world to disrupt America’s communications or energy infrastructure at little to no cost at all.
3. As the country expands its energy and communications requirements, integrated systems makes an attack ever more likely to create a cascading failure effect.

The commission concluded that a cyber attack is a lot more likely to happen if perpetrated by an enemy nation than a physical attack and recommended a number of steps to help protect the US from potential cyber attacks, including isolating critical systems, better access control, and better accountability through logging usage and access. Another recommendation was to increase sharing of information among the various agencies regarding cyber threats. The Department of Homeland Security was established for this purpose. However it has given very little notice to the vulnerability of the country’s cyber infrastructure. Part of this paper will discuss potential improvement to cyber security and further identify the threats that have gone unaddressed from the 1997 presidential commission.

Internet/Technology Use by Terrorist Organizations

Increasingly terrorists are becoming internet savvy. Groups ranging from those like Hamas and Al Qaida to white supremacist groups have found that the internet provides a multitude of advantages over traditional terrorist methods. Their activities range from simple propaganda to information sharing or gathering to planning to direct attacks. Compounding the problem is that a cyber operative tends to last longer than traditional operatives. In the old world, terrorists would be trained, would go out on a mission, and with some probability they would not return. Cyber operatives have a much higher chance of return and reuse. This means that training and resources spent on a cyber operative yield a much higher return to the terrorist group. As a part of this paper we will survey the benefits terrorists gain from the internet, how they exploit them, and how their usage of the internet in turn can make them vulnerable. We know that they communicate via the internet. Can we trace their communications or even read them? We know they post propaganda online. Can we use the hosts of such sites as leads to finding the criminals themselves? If they share software and information can we not plant faulty or bugged tools in places where such software is shared and exchanged? These are some of the things we will discuss in this chapter of the paper.

Critical National Infrastructure at Risk

On the other hand, Information infrastructure with significant economic, political or symbolic value is mostly likely target for cyber attacks. Power grids, dams and other industrial facilities monitored by SCADA (Supervisory Control and Data Acquisition systems) should be carefully protected since any failure to these system will result in panic and mass hysterical among the population in addition to the significant economic lost. Many reports have indicated that SCADA systems such as water supply, wastewater and similar systems are particularly vulnerable as they have been “outside” the realm of consideration as critical protection. With 40% of SCADA were connected to the Internet, and 60% of them being accessible by modem, the system could possibly be hacked by insider or attacked through computer worms or virus. Previously, computer worms and virus are normally developed by hobbyists who are seeking fun to see other computer users suffer. However, computer worms and virus with political agenda are slowly showing up on the horizon. In 2001, the Code Red worm had quickly inflected many web servers around the world to conduct an organized Denial of Service (DOS) attack against the White House web site to disable a political symbol of the American government. A worm similar to Code Red could easily be modified to do much more serious damage, and worms are cost effect way to significantly disrupt the United State national information infrastructure. Government and private companies should be better prepared against any break-in or destruction to their information systems. In this paper we will survey different potential threads to our information infrastructures. How can we protect ourselves from malicious hackers? How can we make sure that the system would be break-in by insiders? Can we protect the systems from computer worms and virus? How do we determined whether the system has been compromised? How do we recover from destruction?

Homeland Security and IT Outsourcing

In order to compete in today’s high-tech markets, private sector as well as government institutions are increasingly turning to outsourcing as a means by which to reduce operating cost and sharpen focus on core competencies. Inherent in this practice is a vulnerability to cyber terrorist threats in the form of deliberate software or hardware sabotage, backdoor exploits, ill-controlled intellectual property leaks, and the inadvertent introduction of security vulnerabilities stemming from deteriorated quality assurance practices. In this brief we will survey and categorize the threats to national cyber-infrastructure introduced by IT outsourcing (particularly offshore), current practices and contracting policies employed by government agencies dealing with sensitive security information, the benefits, shortcomings, omissions, and effectiveness of those policies, and the degree to which such practices can or should be extended to private sector organizations dealing in critical national infrastructure.