Waging A Cyber War

Q & A session - DK Matai & Financial Journalists

Increasing vulnerability of businesses & financial institutions

Q: What is Cyber War?
A: Cyber War is the capacity of an individual with relatively simple computer capability to act via the internet in a manner which could impact economic infrastructure, social utilities and national security.

The Internet was developed during the cold war climate of the 1960s to protect communications in the event of a nuclear strike. The main strength of the internet is that if parts of the network are destroyed information automatically re-routes. This strength can also be used for malevolent activities as there is no Central Control. It is this very anonymity and the anarchy of the Internet that leaves organisations open to attack.

Today, in the Information Age, the launch pad for war is no longer a runway but a computer. The attacker is no longer a pilot or soldier but a civilian Hacker. This is the problem we face in moving from the industrial world to the Information Age, which is the essence of Cyber War.

Q: What are the Potential Targets of a Cyber War?
It is possible to attack and interrupt any electronic network, which would naturally include power stations, emergency services, stock market and air traffic control systems, with devastating consequences. The consequences are so serious that the American Government tried to suppress a report titled 'Cyberwar is Coming' by researchers at RAND, an American think tank, in 1992.

The dangers of Cyber attack lie in the Information Age allowing individuals, who choose to conceal their identity, to access something valuable electronically without being detected. A business could be shut down or severely damaged through this covert access. In May 1998 the L0pht Collective, a group of computer hackers in Boston USA, testified to a US Senate Committee studying network security:

'The seven of us could very trivially take down the entire Internet for the United States......Great Britain......basically stopping communications between all the major network access providers. That would cause overloads on to the other transit routes for communication, regular phone lines. It would cause problems for people trying to move large sums of money that are doing it over networks......Take about thirty minutes......if that'.

Q: Have there been any Cyber War Incidents?
A: The Sunday newspaper, Sunday Business, reported in their issues on 28th February and 7th March 1999 a specific incident about hackers taking control of a British military communications satellite.

In the last ten days, The Department of Defence (DoD) in the US and the NATO command in Europe have confirmed that Serbian hackers have attacked their computer network, thereby causing a Denial of Service. This was achieved by flooding their network with empty ping packets and despatching new variants of the Melissa and Papa viruses. The DoD's Joint Task Force for Computer Network Defence confirmed that the US Army and Airforce had to take their e-mail servers, across the world, out of action over the weekend to disinfect them from the Melissa Virus.

Q: What is the most valuable asset that businesses and financial institutions have today?
A: In the knowledge economy, the value of corporations is not buildings, machinery or even products, but intangibles such as intellectual property, electronic infrastructures, the ability to collaborate with strategic partners, the know-how of employees and customer loyalty. These intangibles are 'intellectual capital' and are collectively responsible for the generation of wealth.

Q: What role do the financial institutions play?
A: The financial institutions of the City of London are one of the main groups of service companies comprising the knowledge economy and account for a large percentage of the UK's invisible earnings.

Q: How secure are businesses and financial institutions today?
A: All businesses and financial institutions that have internet access have a potential security risk. The reason being, that internet access allows both inward and outward information flow.

Between July 1997 and January 1999 mi2g found that most of the European organisations have domains which are at high risk. It is possible to bring down most of the network with very little effort. All of the machines on the external network are capable of being crashed with potential data loss and attendant hazards. It is also possible to steal, copy, reroute or delete files from any of the machines - especially Windows and Windows NT. With Cisco tunneling and a socially engineered User ID and password in place, it is possible to gain access to the main server computers. Even without a User ID and password it is possible to deny access to the main server computers.

Incoming and outgoing email can be read, rerouted, copied, intercepted, altered or deleted at will. This requires urgent attention. The ability to inject forged emails into the outgoing mail queues is also potentially highly disruptive to a bank or business's operation both in terms of commercial deception or anti-spam attacks. Similarly, the ability to read, copy and sell-on the organisation's valid software licences and registrations from the software configuration files could precipitate costly investigation or damaging litigation.

Q: What do we mean by security?
A: As a generic term, it means the measures that are taken to ensure that items of value are not accessible to unauthorised persons. Security is similar but distinct from "Data Protection", which is addressed by each respective jurisdiction under their statutes. The item of value in a knowledge economy is 'intellectual capital'.

Q: Is security an absolute science?
A: Achieving security is not an absolute science or a black and white issue; it is a matter of degree. Deciding whether a particular system is sufficiently secure involves postulating threats, assessing risks and then conducting a risk management exercise, the aim of which is to decide whether a particular risk is acceptable.

Q: How has security changed and how will it change further in the 21st century?
A: The usage of the internet by organisations has fundamentally altered the security landscape. Via the internet, it is possible to effect changes and make copies at a distance by remote control, even outside the jurisdiction of the organisation.

In the 21st century, the reliance on computers both within the organisation and at customer level is going to carry on increasing. This is going to result in greater security threats as more and more sensitive information can be accessed at any time from anywhere.

Q: What are security threats?
A: A threat refers to potential actions by malevolent persons aimed at breaching system security for whatever reason. A threat exists to the security of a system if there is a feasible mechanism by which a malevolent person or organisation could copy or corrupt some of the secure data in a time-scale that would be unacceptable to the owner(s) of that data.

Q: What are those threats?
A: The most common security threats take the form of penetration, falsification, disruption and sabotage. These threats are commonly termed piracy, surrogacy, denial of service and hazards within the industry.

Q: What is Piracy?
A: Piracy is the copying, by a third party, of sensitive information through utilising unauthorised on-line connections and is the most commonly cited threat.

Q: What is surrogacy?
A: Surrogacy is the unauthorised adoption and usage of an organisations good name and internet facilities to carry out business. It is one of the greatest emerging threats.

Q: What is Denial of Service?
A: Denial of Service is the malicious act of hindering or stopping an organisation from offering goods and services or carrying out its daily business. When exercised it is a fatal blow to a business and is likely to become the biggest concern at board level as organisations increasingly rely on computer networks.

Q: What are hazards?
A: Hazards are the creation, via remote internet access, of fire or other unsafe happenings within a business premises through the central services computer.

Q: Is security a local issue?
A: As the world wide web and the internet on which it sits is a global information exchange systems, any entity connected to this system can be made accessible to another entity within the system if left undetected. These entities may be connected anywhere in the world.

Q: Why is the security issue so important now?
A: Social and economic interaction is relying more and more on the deployment of communication technology. This impacts on security.

Q: Is there an inherent problem in the corporate culture which keeps the security issue separate from the decision makers?
A: The role of an IT department has traditionally been that of managing the administrative requirements of the organisation which are computer dependent. It has not been to create or to protect the intrinsic value of the business. The board of directors have traditionally not been technologically aware and typically do not have the IT department represented at board level but does expect it to deal with security issues relating to IT and to develop an information security policy.

Q: Do financial institutions have an "information security policy"?
A: The majority of medium to large financial institutions do have some form of an information security policy in place. The problem is that in this dynamic market place it becomes obsolete in the space of months rather than years. The industry has defined its own calendar for change, which is one web year, is equal to 60 human days.

Q: How do security conscious businesses and financial institutions currently protect their information?
A: Most medium to large businesses and financial institutions invest in off-the-shelf branded firewalls.

Q: What are the issues surrounding firewalls?
A: Off the shelf - branded product - firewalls are not a fail-safe solution. The techniques to enter standard package firewalls, exploiting loopholes and default settings are available on the internet to anybody. Just type "Hacking Firewalls" into Yahoo, Altavista or Lycos and see how many hundreds of thousands of solutions get listed.

Given that the hacking community regards all insurmountables as a challenge, any new version of a branded firewall comes under scrutiny and ends up having some loophole posted on the internet.

Q: What is the most common view of firewalls?
A: The premise of a branded firewall or layers of branded firewalls as the "be all and end all" of security is a common one. There are organisations that regard the implementation of their information security policy as the acquisition of a branded firewall product with or without proper installation. It is not common policy for organisations to have an external penetration test on a regular basis.

Q: Does mi2g have a solution?
A: Prevention of piracy, surrogacy, denial of service and hazards can be achieved by a combination of bespoke or customised security architectures - such as the type that mi2g specialises in.

The solution deployed in financial institutions today is similar to a standard Yale lock, which is easy to buy and install. What mi2g offers is a bespoke construction of moats, ramparts, port culluses and watch towers that surround the client's information system.

Our customised security architecture combines mi2g's LINUX based firewall system, data mining detection of intrusion software and proper monitoring with human resource verification procedures at an integrated administration level.

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy