Thursday, February 21, 2013

Cyber Security Needs to Cover All Threats

US computer security company Mandiant released a detailed 76 page report "APT1: Exposing One of China’s Cyber Espionage Units" (18 February 2013). This alleged that numerous cyber attacks on governments and companies around the world were undertaken by a specialist unit of the Chinese army (PLA GSD 3rd Department, 2nd Bureau MUCD Unit 61398). However, the existence of state sponsored cyber espionage should not come as a surprise. It is to be expected that nations will attempt to extract secrets from others for commercial and strategic reasons, even ones they have friendly relations with (as has been routine in the pre-Internet age). In addition, it is to be expected that nations will have in place plans for conducting offensive cyber warfare to disrupt the military operations, government and civil infrastructure of potential opponents. Pointing out that other nations are planning, or carrying out, cyber attacks is not an effective form of defense.

The US Army Intelligence and Information Warfare Directorate (I2WD) hosted a planning day for the "Tactical Electromagnetic Cyber Warfare Demonstrator" (Tec-WD, pronounced "Tech-wood") in late 2012. The Australian Prime Minister, Julia Gillard,  visited the Australian Defence Department's Cyber Security Operations Centre (CSOC) at the Defence Signals Directorate in Canberra to announce an "Australian cyber security centre to be established". This followed the launch of the  "Strong and Secure: A Strategy for Australia’s National Security". US President Obama signed a "Presidential Policy Directive -- Critical Infrastructure Security and Resilience" on 14 February.

However, a military cyber-center cannot protect a government or civilian computer system which has lax security measures. All companies and government agencies should have in place defenses to protect against on-line attack. Mandiant describe "spear phishing" as the most commonly used attack. With this a message is sent which appears to be from within an organization. The message has an attachment which exploits security flaws in the computer operating system. The example given shows an executable program (.EXE) file disguised as a PDF document. However, any organization which allows arbitrary executable programs to pass through its firewalls and then allows such code to be executed on its computers has a very low level of security. Every government agency and company of any size should have procedures in place to prevent this form of attack. A common problem is old software with known security flaws, which has not been updated. If the organization cannot afford to install new versions of commercial software, then there are free open source software packages, with government security ratings, available for use.

No comments: