Unformatted text preview: Review for Exam 1 1995 pre-historic Sky Dayton, founder of the Earthlink Network
has described 1995 as "pre-historic" in networking terms the need for network security became obvious. New threats in Information age The advancement of computer tech and networking rapidly
expanded communications and information markets, but this progress comes with costs, both social and economic. The same technology that provides useful services has also been perverted for criminal and terrorist purposed. The Internet is essence, a lawless frontier where bullies, criminals, and terrorists can roam freely with reckless abandon. Computers and networks advanced so quickly, and without adequate regulation and monitoring, that the law of the jungle prevailed. Lawmakers and police officials are still catching up. Information security A new industry emerged with many publications and
products at various aspects of computer security. Can you name some? However, behavioral approaches and descriptions of problems and trends are virtually nonexistent, such as hacker's motivations and behaviors. The computer security industry has grown rapidly without fully understanding the nature of cyber crimes and criminals. Cyber crime, per se, was largely ignored by policy makers and the research community. Warfare Since the beginning of history, warfare has
evolved parallel to the development of tools, weapons and technology. In the last century, warfare developed from hand-to-hand and small weapons combat to sophisticated air combat, and now to the electronic "smart" bombs. Buzzwords Information warfare Cyberterrorism Cyberterrorism is a component of information
warfare, but information warfare is not necessarily cyberterrorism. Information warfare Information warfare is the gathering or use of
information to gain an advantage over another party. "Those actions intended to protect, exploit, corrupt, deny or destroy information or information resources in order to achieve a significant advantages, objective or victory over an adversary." (John Alger, National Defense University) Information warfare Six components: Psychological operations (psy-ops) Electronic warfare Military deception Physical destruction Security measures Information attacks Terrorism Definitions Little agreement among govt or academic analysts Policy intended to strike with terror those against whom it is adopted; policy & methods of intimidation; terrorising or being terrorised [Oxford] Unlawful use or threatened use of force or violence by a person or an organized group against people or property intending to intimidate or coerce societies or govts, often for ideological, religious or political reasons [Am.Heritage] Synonyms: violence, intimidation, unconventional
warfare Four categories of cyber terrorism/information warfare Infrastructure attacks Information attacks Technological facilitation Promotion Information attacks Information attacks focused on demolishing
or altering the content of electronic files or computer systems. Web-site defacement Cyber plagues: viruses, worms Distributed denial of service Unauthorized intrusions Website disruption, unauthorized attacks Technological facilitation The use of cyber communication to distribute
and coordinate plans for a terrorist attack Facilitation of attack Data hiding Cryptography Propaganda and Promotion Recruitment and mobilization Chat rooms and cyber cafes Why Define Critical Infrastructure? Guides Direction of Resources & Investment Risks of Not Defining Inadequate Protection or Response Capability Risks of Defining unclear or unstable understanding leads to inefficient security policy Risks of Fluid Definition Pvt Sector becomes uncompetitive How much CI is under Pvt Sector Control? E.O. 13010 (7.15.96) Pres. Clinton Established Commission on Critical Infrastructure
Protection (PCCIP) "Infrastructure" Framework of interdependent networks and systems comprising identifiable industries, institutions (including people and procedures), and distribution capabilities that provide a reliable flow of products and services essential to the defense and economic security of the U.S., the smooth functioning of government at all levels, and society as a whole E.O. 13010 (7.15.96) What is "Critical?" "certain national infrastructures are so vital that their incapacity or destruction would have a debilitating impact on the defense or economic security of the U.S." EO 13010's provisional list of Critical
Infrastructures: telecommunications; electrical power systems; gas & oil storage & transportation; banking and finance; transportation; water supply systems; emergency services (e.g., medical, police, fire, & rescue) & continuity of government. Which assets of a critical infrastructure need protection? Not all elements of a critical infrastructure are critical. There are number of ways the government can prioritize.
First, not all elements of a critical infrastructure are critical. Additional study will be necessary to identify those elements that are the most critical. Other approaches include focusing on vulnerabilities that cut across more than one infrastructure, interdependencies where the attack on one infrastructure can have adverse effects on others, geographic locations where a number of critical infrastructure assets may be located, or focusing on those infrastructure belonging solely to the federal government or on which the federal government depends. Categories of Terrorist Groups Separatist Ethnocentric Nationalistic Revolutionary Political Religious Social General Organizational Forms for Terrorist Groups Hierarchical & Centralized Older form Consistent w/ traditional centralized control & structure Enhances enforcement of cease-fire EX: Political - Marxist, Leninist, Maoist Newer form Consistent w/ distributed creation & independence Accommodates scalability & cross-cultural/crossborder ties May assume cadre or cellular structure Numerous, small, dense clusters Networked & Cellular Social network analysis Social network analysis views social relationships in terms of nodes and
ties. Nodes are the individual actors within the networks, and ties are the relationships between the actors. There can be many kinds of ties between the nodes. Research in a number of academic fields has shown that social networks operate on many levels, from families up to the level of nations, and play a critical role in determining the way problems are solved, organizations are run, and the degree to which individuals succeed in achieving their goals. In its simplest form, a social network is a map of all of the relevant ties between the nodes being studied. The network can also be used to determine the social capital of individual actors. These concepts are often displayed in a social network diagram, where nodes are the points and ties are the lines. Terrorists & SNA? Terrorist organizations are well-suited to study using social
network analysis, as they consist of networks of individuals that span countries, continents, and economic status, and form around specific ideology. Terrorist organizations are different from hierarchical, state-sponsored appointments in characteristics such as leadership and organizational structure. Social network analysis can provide important information on the unique characteristics of terrorist organizations, ranging from issues of network recruitment, network evolution, and the diffusion of radical ideas. Specifically, social network analysis can be used to understand terrorist networks, inform U.S. homeland security policy, and form the basis of a more effective countermeasure to net war. Six degrees of separation The origin of contemporary social network analysis
can be traced back to the work of Stanley Milgram. In his famous 1967 experiment, Milgram conducted a test to understand how people are connected to others by asking random people to forward a package to any of their acquaintances who they thought might be able to reach the specific target individual. In his research, Milgram found that most people were connected by six acquaintances. This research led to the famous phrase "six degrees of separation," which is still widely used in popular culture. Weak ties
Another important step in the development of social network analysis was the work of Mark Granovetter on network structures. In his widely-cited 1973 article "The Strength of Weak Ties," Granovetter argues that "weak ties" your relationships with acquaintances are more important than "strong ties" your relationships with family and close friends when trying to find employment. Granovetter's article and subsequent research extended this argument by positing that more disperse, nonredundant, open networks have greater access to information and power than smaller, denser, and more interconnected networks because they supply more diversity of knowledge and information Data collection Despite their many strengths, Krebs' and Sageman's works have a few
key drawbacks. By dealing with open sources, these authors are limited in acquiring data. With open sources, if the author does not have information on terrorists, he or she assumes they do not exist. This can be quite problematic as the data analysis may be misleading. If one cannot find an al Qaeda operative in the U.S. in publicly available sources, the researcher could assume there is no al Qaeda network. However, it is highly probable this is not the case, since terrorists generally try to keep a low profile before committing an attack. The data collectors can also be criticized because their work is more descriptive and lacks complex modeling tools. Fostering relationships with modelers could augment the work being conducted by data collectors, as statistical analysis might be able to take into account some of the limitations of the data and provide an additional analytical framework. Link analysis Despite the seeming novelty of social network analysis, the
federal government has used link analysis, a predecessor of SNA, for nearly fifty years. Karl Van Meter describes the two main types of link analysis: the village survey method and traffic analysis. The village survey method was created and used by Ralph McGehee of the CIA in Thailand in the 1960s to understand family and community relationships. He conducted a series of open-ended interviews and in a short time was able to map out the clandestine structure of local and regional Communist organizations and associated "sympathetic" groups. Traffic analysis Traffic analysis (also known as communication link analysis)
began during World War II and its importance continues to this day. This technique consists of the study of the external characteristics of communication in order to get information about the organization of the communication system. It is not concerned with the content of phone calls, but is interested in who calls whom and the network members, messengers, and gatekeepers. Traffic analysis was used by the British MI5 internal security service to combat the IRA in the 1980s and 1990s and continues to be used across the world by law-enforcement agencies including the U.S. Defense Intelligence Agency (DIA) Office of National Drug Control Policy ...
View Full Document
This note was uploaded on 03/31/2008 for the course SRA 211 taught by Professor Luyong during the Spring '08 term at Penn State.
- Spring '08