PROTECTING THE SYSTEM

[David Farber <farber () central cis upenn edu>]

Peter gave me approval to send this around.


   Jim
----- Forwarded Message


Date: 06 Nov 93 17:32 GMT
From: D1371 () applelink apple com (Xiphias, Peter Black,PRT)
Subject: NLW
To: OPFER () radiomail net


Jim


Here's an Op-Ed piece I just finished for a rag called Washington Technology.
Thought you'd like to see it. It's on the premise of Soft Kill.


PROTECTING THE SYSTEM


At the outset of his story of the gulf war, Crusade, Rick Atkinson tells an
interesting tale. A new, highly classified, warhead for the Tomahawk cruise
missile is ready to go. It the product of a concerted effort to build
non-lethal weapons.


Its purpose is remarkably simple. The warhead spools out carbon-fiber wire as
it passes over power lines. When it makes contact, the lines short out, and
turbines freeze. The lights go out. Noone is immediately hurt, but things come
to an utter standstill.


Some of America's top policy makers do not want to use the weapon. Not that
they doubt that the thing will work. Rather, they fear it will work exceedingly
well. They know how vulnerable the US is to a similar attack. They know the US
has no adequate defense.


In fact, the whole of the American infrastructure - communication,
transportation, power, water and computing systems - is largely unguarded
against attack.


The last twenty years have brought a startling increase in the complexity of
the systems which service our society, with a parallel increase in our
dependency upon  those systems.


Aqueducts, oil and gas pipelines, canals, bridges, antennas, coax and fiber
optic cables - these are the outward manifestations of critical systems. More
invisible, more vulnerable, and far more important are the software driven
systems. From GPS dependent weapons to funds transfer, from frequency agile
secure communications to air traffic control, from massively data-based
military logistics to everyday phone calls; all of these are systems with
software underbellies.


This stuff is the new geography, and as such dictates a new kind of warfare.
Clausewitz, the famous 19th century war theorist, posited two forms of warfare.
In one, the intent is to penetrate and take command over someone else's
territory. In the other, the point is the obliteration of the enemy.


The modern means of obliteration are quite good - so good that noone is likely
to use them. The attempt to gain some marginal control over someone else's
territory is more likely behaviour, if the US can be kept from interfering.


There is now a terrific way to keep the US out of the picture - making war on
America's infrastructure. Unlike the weapons of mass terror and destruction -
nuclear, chemical and biological - I-war techniques can be rendered in shades
of gray. The force of the attack can be dialed in for effect. Two example:


A quiet attack: The electronic switching system for telephones outside of Fort
Bragg is penetrated by sophisticated hackers. A subroutine is added to the
operating system of the switch. All it does is watch a selected set of phones
for evidence that the Delta force is being mustered. When the traffic analysis
detects the right pattern of phone calls, the bad guys are notified. Cost:
minimal. Requirements: several hackers for several months.


A noisy attack: Two critical aqueducts, Highways 5, 10 and 15, and several
critical power grids serving the Los Angeles area are rendered inoperable by a
combination of both software and physical attack. LA suffers the equivalent of
a myocardial infarct. Panic ensues, and the US is utterly preoccupied with
getting Los Angeles back on its feet. In the meantime, an aggressive gulf state
takes control of a critical port near the straits of Hormuz. The US simply
doesn't have the bandwidth to deal with it. Cost: $1,000,000. Several special
operations people, several hackers for several months.


Unlike conventional 20th century techniques of making war, a state of the art
attempt to attenuate the US ability to respond to challenges need not require
the politically incorrect destruction of human beings, buildings and weapons.


It can be as simple as arranging to turn out the lights, cut off the water, and
screw up the computers. In the resulting chaos, it's pretty easy to raid the
chicken coop.


This stuff can and will happen. The Department of Defense has developed a
non-lethal warfare initiative, but its emphasis is on offensive tactical
battlefield techniques. The bag of tricks includes carbon-fiber warheads,
electro-magnetic pulse devices to fry electronic systems, chemicals to turn
truck tires to jelly, and viruses to infect computers.


Little or nothing is being done, however, to protect American Infrastructure.
Some who are aware of the threat shrug their shoulders and assert that the
scale of the problem is too great, the funding required impossible.


Other than evidencing a failure of nerve, this response indicates a bankruptcy
of intellect. The underlying assumption is that defense against infrastructure
warfare must be preemptive. One imagines armed guards along aqueducts,
sophisticated sensors lining power lines and highways, and vast cadres of
people actively monitoring computer networks. But a preemptive defense is the
dumb way to do it.


The smart way is to prepare to bounce back after the attack - quick. Smart
computer folk only suffer the misery of a hard disk crash on their computers
once. After that, they back up their data. It has become customary to
automatically back up data in the past few years, and the really careful ones
cycle their backups offsite. Just to be safe.


Five years ago, Robert Morris let loose his attack on Internet. An ad hoc team
of computer scientists at Carnagie Mellon was on the case within hours. Within
days they had stopped the virus and disseminated the proper recovery techniques
to network users.


This team formalized into CERT, the Computer Emergency Response Team. They are,
in effect, the first digital fire department. In the intervening years, similar
teams have reportedly been established at the NSA, CIA, DOD, DOE and Justice
Department.


The conclusion is this: an agile response by the fire department is just about
as good, and much cheaper than a vast cadre of arson guards and a gigantic
network of heat sensors. An inexpensive, practical defense depends on several
things. First, people must be made aware of the vulnerability and its
implications. In pure self-interest, they will begin to think of means of
defense.


Second, each instance of attack must be publicized. The style and degree of
success of the response must be subject to free discussion. In effect, version
1.0 of the response will be modified to a more bug-free version 2.0 of the
response.


This can only happen if the community as a whole has the ability to think and
comment freely. This kind of agility is precisely what makes for great software
companies. In this new world where the systems upon which we depend are founded
upon software, our strength is founded in our flexibility, and the haste with
which we can respond.