Re: President's advisor predicts cyber-catastrophes unless security improves

[InfoSec News <isn () c4i org>]

Forwarded from: Russell Coker <russell () coker com au>

On Wed, 10 Jul 2002 14:20, you wrote:
> "By 2009, there will be over 2 billion Internet-enabled devices,
> each with an IP address, in the U.S. alone, and 6 billion
> altogether," predicted Schmidt, vice chair of the President's
> Critical Infrastructure Protection Board, in his keynote before the
> 30th annual international conference of the Information Systems
> Audit and Control Association (ISACA). The conference was attended
> by nearly 300 security professionals from 37 countries.

6 billion, that's a lot more than the IPv4 address space.  So these
machines will presumably be mostly running in private networks without
routing to the Internet.  From what we've seen so far it's doubtful
that IPv6 will really take off before 2009.

> The devices on the IP packet-based network of the future, predicted
> Schmidt, will include not just computers, but also traffic lights,
> elevators, appliances and even pacemakers. But the IP networks of
> 2009 will be unstable, subject to "constant security outages,"
> unless both

This leads people to imagine pace-makers being stopped, elevators
going into free-fall, lights turning all-green, etc.

Elevators have a variety of emergency breaking mechanisms to prevent
them going too fast, the maximum speed is designed to be slow enough
that you can survive a sudden stop.  Elevators can't move with the
doors open (the doors have steel bars attached that extend into the
sides of the lift shaft and prevent movement when open).  Preventing
traffic lights in both directions turning green at the same time via
relays shouldn't be too difficult, and it's not THAT much of a problem
when lights just stop entirely.

The problems that will occur from such things won't be as great as
some people seem to expect.

> "The routing tables of the future will be unmanageable; there will
> slowdown and failures, and malicious and criminal activity between
> 2002 and 2009 all mean the Internet quits working," warned Schmidt.
> He even forecast a future in which "special aircraft will be flying
> the routing tables" physically to servers after periodic network
> brownouts.

Can someone who actually runs core routers debunk this silly idea?  I
could write about theoretical solutions to theoretical network
problems, but it would probably be better if someone who has the
practical experience could describe how they fixed their last major
router crash.

> In addition, computer viruses, the "zero-day viruses and affinity
> worms," will be surreptitiously entering IP devices, causing
> widespread devastation by wiping out business records.
>
> "In a major brokerage house, it will enter through the CEO's house
> by infecting the CEO's PC, then the corporate network, and
> scrambling the brokerage house trading records," said Schmidt, who
> was formerly chief of security at Microsoft before joining the
> President's Critical infrastructure Protection Board in December.

So you sack the CEO and the CIO and replace them with competant
people.

> Electrical power grids, controlled by networks, could collapse in
> 2005 due to distributed denial-of-service attacks that block traffic
> to IP-based management devices, Schmidt said. Economically, all
> these

Why would an electrical company want to use public IP networks when
their entire business is about laying cables around the country?  
Putting a few optic fibers in the same cable run is easy enough,
apparently some electricity companies are considering also becomming
commercial data carriers for this reason...

> The federal government is monitoring a situation that arose during
> the past year in which it was discovered that vulnerabilities in the
> Simple Network Management Protocol (SNMP) would allow attackers to
> take over SNMP-based routers, switches, applications and firewalls.
> This vulnerability, detailed by Finnish researchers, has been traced
> back to what's called ASN.1 encoding, which caused dozens of network
> and applications vendors to issue software patches in a race to fix
> networks before hackers exploited the vulnerability.

What we need is mandatory access control systems on all systems that
matter.  Then when a snmpd is exploited it won't have access to do any
damage or disclose any significant amount of secret data.


Russell Coker



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.