Team 1 Sec1

From CyberSecurity
Jump to: navigation, search

At the request of the Department of Homeland Security, a team composed of six engineers and policy professionals has tested cyber-security vulnerabilities in the US economy. In particular, the “red team” exercise is a simulation of a cyber-attack conducted by a terrorist group. For the cyber-attack to be considered an act of terrorism, it should be conducted by a non-state sponsored, highly organized, skilled and dedicated network of individuals, with the objective of disrupting the US economy and in turn its society by spreading fear and intimidation.

The terrorist network to be simulated intends to conduct a combined cyber-attack that would affect homes, corporations (example Walmart) and the financial sector (corporations dealing with the Stock Exchange Market). The type of attack in this exercise is a relatively simple case of limited scope, only using information technology (IT). A plausible terrorist plot would combine an IT attack with other physical components; in that case, the physical action would be worsened by the use of IT, for example by decreasing quick responses to the attack, or providing false information through the Internet to spread fear in the population.

The main attack technique in this red-team exercise is to exploit the “buffer overflow vulnerability”. This section includes: (1.1) the vulnerabilities exposed, (1.2) the estimated difficulty and (1.3) the estimated feasibility of defending against other similar attacks in the future. Policy implications of (1.1) through (1.3) are presented in (1.4).

Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Team_1_Sec1&oldid=2134"