www..com When Keyboards are drawn - Urban Information Warfare Ofer Shezaf, Xiom February 2003
Definition • Information Warfare (my definition) • “The use of digital technologies to damage the critical infrastructure of a state” • So, • Damage – destruction, demolition, devastation. • Critical infrastructure - no more Web sites breaking • State - no more photo sending “analyzers”. • But, yes, still digital technologies – but not too much. • And, yes, politics – but not today.
Presentation Headlines How is information warfare different? Information Warfare Targets Attacker capabilities The infrastructure organization model Network model Administration networks exposures Operational networks exposures Model Case Studies So, What can we do?
Introduction to IW How is information warfare different from your every day Attack?
Targets • Who? • Infrastructure Companies, including power, water and communication. • Financial institutions. • Government & Army. • What? • Destruction of equipments • Destruction of control systems • How? • Time bombs.
Attacker Capabilities • Financial resources • Technical expertise • Intelligence • Legal flexibility Section: Introduction to IW
Financial & Technical Resources • Hundreds, thousands… of man-years per project. • Duplication of any system at target. • Ability to actively seek vulnerabilities, especially in lesser known systems. • Usage of custom attack code per target. Security by obscurity is no longer an option
Intelligence & legal issues • Human intelligence …. Spies • Best of bread “social engineering”: pay, blackmail, steal. • Operate spies to access internal systems. • Signal intelligence … Communication interception • A global sniffer: clear text password. • Intelligence about systems and topology. • Legal immunity to attacker. License to crack
Presentation Headlines How is information warfare different? Attacker capabilities Information Warfare Targets The infrastructure organization model Network model Administration networks exposures Operational networks exposures Model Case Studies So, What can we do?
Exposures in Infrastructure Networks The common design of networks in infrastructure organization creates similar Vulnerabilities.
Basic Network Topology Operational Networks External Networks Administrative Network
Access to a large number of people Sockets in public offices 3 4 Business Partners ? 2 Internet 1 Cracking the administrative network Administrative Network
Application Security Problem Direct connections to Operational network 4 5 Monitoring 3 Remote Signaling 2 6 Operations Design No Internal Security 1 Cracking the Operational network Operational Networks Admin. Network
Presentation Headlines Introduction to information warfare Attacker capabilities Information Warfare Targets The infrastructure organization model Network model Administration networks exposures Operational networks exposures Model Case Studies So, What can we do?
Examples Is it all for real?
Model Case Studies • Shutting down communication switches, thus preventing phone services. • Destroying power generators. • Derailing trains. • Exploding refineries and other chemical plants. • Crashing air-planes.
Solutions So, What can I do to avoid such disasters?
Solutions • Use layered security. • Deploy stronger intra-organization security mechanisms. • Strengthen complementary security mechanisms such as physical security and employees assurance. • Allocate independent security resources to operational networks. • Strive for world peace.