Saturday, December 29, 2012

Red Sky Weekly - LOST: Confidentiality. Integrity. Availability.

The term “war zone” elicits images of tanks, gunfire and military personnel. However, as technology evolves, so do the weapons associated with the art of warfare[1]. The battleground has moved online.

Confidentiality of our information has been lost. While this article talks about Flame as a threat, Red Sky Alliance (and others) track hundreds of pieces of malware, all aimed at stealing data. In even the most sophisticated environments data gets stolen daily. On that, the natural progression beyond espionage is use of the stolen data. I was reading Popular Science yesterday (Jan 13 edition). I find it no surprise that the new Chinese unmanned aerial vehicle (CH-4 UAV) looks a lot like the US’s Reaper drone, or that the frontal view of the J-20 looks a hell of a lot like the frontal view of the F-35. While much of the information on size, shape, etc., may be found in the open press, much cannot. That which cannot is acquired via human intelligence (HUMINT) or cyber. Cyber is cheap and (compared to HUMINT) easy and significantly lower risk. Confidentiality of our information has been lost and it’s cost the US billions in stolen research and development, and competitive advantage.

Availability is lost. Distributed Denial of Services (DDoS) attacks have rendered small countries unavailable; Banks have been hit repeatedly. Nobody is safe from being taken offline temporarily. DDoS is an easy way to sent a ton of packets down range to a specific target, disallowing use of the target until those packet floods stop. While no long term damage (as far as I know) has been reported showing DDoS taking down a global bank to the point of bankruptcy. Availability is lost (at least in short spurts --for now).

So what’s next for cyber? Integrity loss. Beyond exploitation of intellectual property, it seems there would be plans for suspected longer term application of destroying data, or more simply, corrupting data to the point where its use creates a lack of confidence in the operator using it. How will companies protect the integrity of their data? When source code lands on the last server or storage, before going into production --on that chip, in the car, or computers heading out for general distribution, how can we be sure the code that lands on those end-use systems won’t do bad things when plugged in? How do we know today that massive auto-stock trading computers are not being manipulated? What about stock indexes and futures? What must we do to ensure future cyber won’t allow power to be turned on and off at adversarial will, or ensuring that air traffic controllers actually maintain control over air traffic.

How does a company protect itself when espionage and warfare rules apply?

I don’t believe the sky is falling. I’m an old Navy guy. I believe we’re learning to fight submarines. During World War I U-boats ravaged Allied shipping. It wasn’t until much later that we figured out how to detect them, thus saving the lives of untold numbers of sailors. Eventually we learned to detect the German U-boats, build them ourselves, and fight back with great success during WWII. This new cyber era is much the same. We’re facing new threats. The new tools, tactics and procedures are becoming commonplace in our world, and we will (WILL) learn to combat the growth in both numbers and complexity. As these new tactics and threats grow to ubiquity (and public awareness), Cyber will become just another weapon... Just another weapon that we’ll deal with in the future. Until then, many of us will still flounder in trial and error. Others (smart ones) will take the lessons from others and use them successfully to learn to deal with cyber in today’s new environment.

Red Sky Alliance members help each other learn. It’s about sharing information in real time about real events in a world where both Confidentiality and Availability has already been lost, and Integrity remains (currently) up for grabs.

We’ve pre-published our first Annual Report to members of our Advisory Board with the expectation of having it published more broadly very soon. It’s amazing to see some of the kinds of technologies exploited for economic gain, but equally amazing to see that Information Operations are most definitely being used to identify and manipulate those who shape policy, economic futures, and build our new tech... and I’m probably only just scratched the surface.

Hang onto your hats folks. 2013 is going to be a wild ride!

Until next year!
(Happy New Year!)