National Academies Press: OpenBook

High-Impact Terrorism: Proceedings of a Russian-American Workshop (2002)

Chapter: Computer Terrorism and Internet Security Issues

« Previous: Terrorism: Explosives Threat
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 181
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 182
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 183
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 184
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 185
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 186
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 187
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 188
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 189
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 190
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 191
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 192
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 193
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 194
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 195
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 196
Suggested Citation:"Computer Terrorism and Internet Security Issues." National Research Council. 2002. High-Impact Terrorism: Proceedings of a Russian-American Workshop. Washington, DC: The National Academies Press. doi: 10.17226/10301.
×
Page 197

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

CYBERTERRORISM

Computer Terrorism and Internet Security Issues Valery A. Vasenin and Aleksei V. Galatenko ~ Center for Telecommunications and Internet Technologies M. V. Lomonosov Moscow State University INTRODUCTION The word "terrorism" is derived from the Latin word terror (i.e., fear or horror). It is not a new phenomenon, but for individual countries and the world community the scale and significance of the acts now classified as terrorism have increased considerably in recent years. This fact gives special meaning to the study of the roots (causes) of this phenomenon, as well as of the technologies by which it is carried out and the methods used to do so. Also of urgent impor- tance is the task of creating mechanisms and building tools to effectively counter this type of act. Terrorism can be defined as the aggregate of illegal acts involving persecu- tion, threats of violence, murder, distortion of objective information, and a num- ber of other acts that facilitate the sowing of fear and tension in society for the purpose of gaining advantages (influence) in connection with the resolution of political, economic, or social issues. The methodology, strategy, means of implementation, and mechanisms used by criminals to commit terrorist acts vary. Some of them are more traditional and involve the use of weapons (knives or firearms), radio, and television; others are high-tech and utilize the latest advances in science and technology. Without going into the use of various mechanisms, means, and methods including com- puters to carry out terrorist acts, let us examine those that actively affect com- puter systems and networks. * Translated from the Russian by Rita Kit. 183

184 HIGH-IMPACT TERRORISM Two factors have helped to create a new communications and information environment that is potentially suitable for the commission of terrorist acts. The first is the development of computer networks (especially those using packet communications technology) and information systems, ranging from the agency and corporation level to the national and even transnational level. The second involves the processes of globalization, integration, and convergence that objec- tively accompanied that evolution in the late twentieth century. What are the distinctive characteristics of this new communications and infor- mation environment? What possible areas could criminals exploit, and what are the potential damages? Let us consider some individual objectives and focuses. 1. Destruction of the infrastructure of a network at the corporate, national, or transnational level by disabling its control system or individual subsystems- if a network supports tasks of a strategic nature, the threat of such destruction could be used as blackmail, and the destruction itself could open the door to criminal acts involving information on the network (disruption of the confidenti- ality and noncontradictory nature of the information, not to mention its possible destruction or restriction of access to the information); 2. Unauthorized (illegal) access to network information that is protected by law and is confidential in nature or highly secret, for purposes of blackmail; and 3. Intentional distortion of information in Internet-based mass media for purposes of discrediting, inadequately reflecting reality, and so forth. Criminals might use the following potential strategies of action to achieve the aforementioned objectives separately or in various combinations: the physi- cal seizure of a network control center, penetration of it by accessing control systems, the traditional use of computer software inserts and viruses by mali- cious individuals, the usurpation of superuser rights, et cetera. The material damages from malicious individuals' actions in each of these cases may involve the cost of restoring network control or repairing damage stemming from destructive acts during the violation, or damages involving pos- sible losses from unauthorized use of information that is highly secret or from distortion of information. Moreover, distortion of information in one form or another is demoralizing to the owner of the network infrastructure as well as to the owner of the distorted information resources that it supports. The Internet's present capabilities do not allow the total prevention of its use for terrorist purposes in the areas described above. The reasons are not only and not even largely technological in nature (i.e., involving the TCP/IP stack based on IF v. 4 [20-30 years have passed since its inception in 1973-1983, whereas the life span of network infrastructure is 15-20 years]), but instead are issues of a legislative and administrative nature.) Given these factors, it is essential to make efforts in all areas (and at all

CYBERTERRORISM levels) and accordingly take measures and create mechan solve problems on each of the aforementioned levels. 185 . isms that can be used to THE INTERNET, ILLEGAL ACTS, AND TERRORISM The development of the Internet as a transnational network infrastructure has given rise to a number of very complex problems. In the early 1970s, when the Internet's protocol base was taking shape, it was hard to imagine that eventu- ally this "Network of Networks" would extend across more than 170 countries around the world and link approximately 100 million computers, all the while continuing to expand rapidly.2 Many of today's needs were not envisioned in the traditional stack of Internet protocols. For these reasons today's agenda con- tains urgent issues relating to the exhaustion of available addresses, address mobility, and the ability of routers to prevent congestion in trunk channels and also provide the necessary speed of network packet processing. There are also problems with transmission quality for multimedia systems and with the security of information resources. The reason for these problems is that in the early 1980s, when the stack of Internet protocols became the network's technical foun- dation, it was hard to predict the future of the newly emerged network or envi- sion its impact on every aspect of society. For these reasons, the implementation of mechanisms to provide information security and to protect data and network infrastructure were not that urgent. Today, concerns about information protec- tion are not academic on the Internet, which is home to an enormous quantity of information, including information that is confidential or secret and protected by law. Access to it is a violation of the rights of an individual, organization, or agency. Nowadays we are increasingly seeing how network technologies are being used for criminal purposes, including terrorism. Let us illustrate this point with a number of examples. Last year, a large number of computers around the world were infected by the "I Love You" virus (http://www.isec.ru.news). According to Federal Bureau of Investigation (FBI) estimates, total damages were in the range of $10 billion. A program developer for Japan' s naval headquarters turned out to be a mem- ber of the religious sect Aum Shinrikyo, which is known for acts of terrorism. The programs are now being audited. According to documents discovered during a search of the sect's headquarters, Aum Shinrikyo members could control many computers within the military establishment (www.provoslavie.ru.news/04-17/ 09.htm). According to Reuters reports, in February 1999 a hacker group seized con- trol of a British communications satellite (http://inroad.kiev.ua/prob/terror.htm). Another group of hackers called the "Legion of the Underground" has declared cyberwar on China and Iraq (http://inroad.kievualprob/terror.htm). Their reason is the execution of two Chinese hackers accused of financial fraud and Iraq' s manu-

186 HIGH-IMPACT TERRORISM factoring of weapons of mass destruction. The group has declared that it intends to wage war until the enemy' s computing resources are completely destroyed. According to FBI reports, attempts have even been made to use computer networks to physically eliminate individuals. One criminal attempted to get rid of a witness who had consented to testify against him in court. The offender gained access to a hospital's computer network and changed the dosage of a medication to a lethal level (http://www.isec.ru.news). Unfortunately, this list represents only a small selection from the many ex- amples that illustrate the potential threat from illegal terrorist acts utilizing mod- ern network technologies. THE RUSSIAN SEGMENT OF THE INTERNET Before we proceed to outline our views on ways of preventing or interdict- ing use of the Internet for terrorist purposes, let us say a few words about the current state of the Russian segment of the Internet, its place within the Internet as a whole, and potential opportunities for its use for purposes of terrorism. According to a study on the Russian segment of the Internet conducted by the M. V. Lomonosov Moscow State University's Center for Telecommunica- tions and Internet Technologies, the primary (integral) characteristics of its sta- tus as of mid-2001 include the following: · The total number of hosts is approximately 400,000, of which the com- mercial sector accounts for 70% and scientific and educational institutions 30 percent. · The Russian segment of the Internet is served by more than 250 Internet service providers (ISPs). · Growth of channel capacity on the global Internet since 1996 has been exponential. · The rates and trends of development of trunk carrying capacity in Russia are in line with those in other parts of the world. Thus, it may be said that the Russian segment of the Internet has already completed its formative stage. The Russian Internet has all the attributes of anal- ogous national segments abroad necessary for self-development, primary among them being a fairly large number of hosts; the existence of a national trunk infrastructure based on IP-exchanges in Moscow, St. Petersburg, and other re- gions that is comparable in size to average European external capacity into the global Internet; and a balance between incoming and outgoing traffic as the first sign of good information content, including content not in the Russian language. Mechanisms of regulation (in particular self-regulation) that are common practice on the Internet worldwide have begun to be implemented within the Russian Internet, though not to a sufficient extent.

CYBERTERRORISM 187 Thus, the Russian Internet has become a factor that actively affects all as- pects of the country's economy, extending not only to the high-tech sectors, education and industry, but also to business, medicine, the media, leisure, and a number of other areas. This Internet's position in Russia makes it a potential arena for the commission of illegal acts, including acts of terrorism. Potential targets of such acts with major consequences could be facilities of strategic importance in the country's defense system, as well as economic com- plexes at the national scale, for example, transportation systems or electric pow- er grids. The facts indicate that the number of illegal acts directed against facili- ties inside Russia and from Russia against facilities outside its borders is increasing in proportion to the growth and development of the Russian segment of the Internet. An example of such an act could be actions by pro-Chechen individuals intending to distort information on the Internet regarding the antiter- rorist operation in Chechnya. GENERAL FORMULATION OF THE PROBLEM AND POSSIBLE SOLUTIONS Accepting the potential objectives outlined above and the methods of terror- ist acts using modern network technologies, one could view the following con- siderations as a foundation upon which to build general approaches to formulat- ing goals for preventing, interdicting in a timely manner, or eliminating the effects of such actions. · Actions that pursue (i.e., are aimed at achieving) goals 1 and 2 outlined above, focusing on destruction of the network infrastructure and unauthorized access to confidential information with a high level of classification, are mali- cious acts that are traditionally viewed through violator models and attack mod- els. These models are an essential prerequisite for the development of a system (program of action) for any organization, company, or corporation that is build- ing (developing) an information security policy in networks under its control. · Actions that pursue objective 3 "the possibility of intentional distortion of information in Internet-based mass media"—can be divided into two categories: 1. Those stemming from the unauthorized and illegal use of rights to the use of an information resource; and 2. Those resulting from the creation of an alternative information source on general-access networks. The methodology for preventing and responding effectively to actions in the first category boils down to the traditional means of maintaining information security in networks and is supported by measures at all levels of implementa- tion. The methodology for preventing actions that fall in the second category is

188 HIGH-IMPACT TERRORISM less traditional and relies mainly on the legislative and administrative level of information security. However, in terms of countermeasures it also correlates with the assessment (evaluation) of the quality and functionality of resources presented on the Internet. This is a separate and complex issue for which no effective solution as yet exists anywhere in the world. To sum up the above, one may conclude that the difference between ap- proaches to prevention of and response to actions of a terrorist nature and other illegal and unauthorized actions on the Internet rests largely in the higher level of demands and losses from this type of malicious action. Let us term actions intended to prevent and effectively interdict terrorist acts using network technologies "ATIS," for antiterrorist information security, in or- der to differentiate it from traditional IS (information security) in a network, whenever the need for such differentiation arises. Note that here and subsequently, we are referring to problems of informa- tion security (in antiterrorist terms as well) in a narrow sense (i.e., only as it applies to network infrastructure [the network transmission medium, technolo- gies, informational and computational resources, et ceteraj). Hence the general definition of ATIS and the goal of acting to prevent and effectively respond to terrorist acts in the network environment and/or through use of information tech- nologies may be formulated as follows: ATIS is the aggregate of mechanisms, tools, methods, measures, and activities that make it possible to prevent; detect; and, in the event of detection, effectively respond to actions intended to . Destroy network infrastructure by disabling control systems; · Gain unauthorized access to information protected by law and confiden- tial or highly classified in nature; and networks. · Create intentional distortion of information presented in general-access The preceding definition reflects the current state of problems in the area of ATIS. It does not claim nor can it claim to be universal, all-encompassing, or complete in its description of possible objectives, areas of malicious action, et cetera. These are defined by the status of development of computer, communica- tions, information technologies, and hosting services, which are developing very dynamically. Note that the fundamental conceptual difference between this definition and the traditional definition of IS rests on the lack of references to reasons (pre- mises) of nonmalicious (unintentional) actions not necessarily caused (or taken) by a human being. Those actions, including natural phenomena, should definite- ly be taken into account when dealing with IS issues. This definition indicates that at its root, the stated goal of providing ATIS boils down, in methodological terms, to the similar stated goal of providing IS in

CYBERTERRORISM 189 the network infrastructure, in which normally the following types of threats are identified: . A threat to confidential information (protection from unauthorized view- ing); · A threat to the integrity of information (the timeliness and non-contradic- tory nature of information, as well as protection against destruction and unautho- rized changes); and . A threat to information access (the ability to obtain information within an acceptable amount of time). The main components of efforts to ensure information security are as follows: 1. Actions to eliminate opportunities to carry out an attack, and thereby prevent damage; and 2. Measures to reduce possible damage by · Reducing the amount of information and resources accessible to a mali- cious individual in the event of an attack, and restoration of systems following an attack; · Ensuring early detection of any attack on a system; and · Implementing measures capable of detecting the perpetrator following an attack. The order of the areas of effort listed above reflects their urgency in terms of protecting users' interests and reducing damages from perpetrators' actions. The multifaceted nature of this goal of ensuring information security, in- cluding antiterrorist information security, defines several areas (or levels), with coordinated actions in each of them capable of supporting a comprehensive solu- tion. These include the legislative, administrative, operational, and programming and hardware levels.4 LEGISLATIVE, ADMINISTRATIVE, AND OPERATIONAL LEVELS The legislative level is fundamental to the creation of a well-designed sys- tem of measures to ensure IS at all the other levels, because it determines the following: . Measures of direct legislative action that allow the categorization of vio- lations and violators and also create a negative attitude in society toward IS violators; and · Measures aimed at coordinating and facilitating better education in the field of IS, and developing and disseminating methods of ensuring IS.

190 HIGH-IMPACT TERRORISM With regard to Russia, among the measures taken in our country in the first category are Chapter 28, "Crimes in the Area of Computer Information," found in Section IX of the latest edition of the Russian Federation Criminal Code, as well as the law "On Information, Provision of Information Services, and Protec- tion of Information" and a number of other laws that are currently under devel- opment ("On the Right to Information," "On Commercial Secrecy," "On Person- al Data," and "On Electronic Digital Signatures". The second group of legislative and regulatory acts includes documents that regulate licensing and certification in the realm of IS (issued by the FAPSI [Federal Government Communication and Information Agency] and the Russian Federation Presidential State Committee on Technology) and ministry and agen- cy regulations (guidelines from the State Committee on Technology regarding protection classes for computer hardware and automated systems, regarding in- ternetwork firewalls, et cetera). However, it should be noted that thus far, only the initial steps have been taken toward bringing this level into compliance with the requirements of to- day's Internet and its role in society and the state. We have repeatedly discussed these issues at Moscow State University roundtables devoted to information se- curity issues. One such standing roundtable discussion group was established at the initiative of M.V. Lomonosov Moscow State University with support from the Russian Security Council. It has been active for more than a year now, with participation in its sessions by scientists, technical specialists from various sci- entific fields, and of course representatives of the humanities. We will not go into this in greater detail. Some issues of legislative sup- port for information security have been discussed previously. We would sim- ply like to focus attention once again on the importance of coordinating these measures with international practices and on the need to bring Russian stan- dards and certification regulations into line with the international level of in- formation technologies. The former stems from the necessity of introducing means of IS in order to interact with partners from abroad. The latter is dictat- ed by the de facto dominance of foreign-made hardware and programs in Rus- sian network infrastructure. At this point in time, it must be acknowledged that not only have issues of international legal regulation not been resolved, they are not even under consid- eration. This is true not only in terms of preventing use of the Internet for terror- ist purposes, but also with regard to broader issues of traditional illegal activities with a direct bearing on ATIS. We find that the international legal aspects of the Internet are lagging behind its infrastructure and technical capacities. Security policy is a system of measures taken by the management of an organization or network at the administrative level. This system of measures represents the aggregate of administrative decisions aimed at protecting both information and the network infrastructure that supports it. Security policy de-

CYBERTERRORISM 191 fines an organization's strategy in this area and is based on an analysis of risks, which are systematized and acknowledged as real for the information system of the organization (or network). Implementation of a security policy may be divided into two groups, name- ly, upper- and lower-level measures. The upper level includes risk management, coordination of efforts, strategic planning, and monitoring of the implementation of information security measures. The lower level is where monitoring of specif- . . . arc security services occurs. The administrative level, or the level at which security policy is developed and monitored, is very important. Coordination of efforts on that level makes it possible to unify approaches and actions by specific implementers to prevent, detect, and interdict in a timely manner violations of IS in general and ATIS in particular and to reduce (minimize) damage from them. As demonstrated by the example of the Aum Shinrikyo programmer cited previously, methods of protec- tion must be tested. There is virtually no one to "watch the watchers," and if a watcher allows terrorists into a facility, the security system is useless. A code audit and certification of the entire complex of measures at the operations level by reliable organizations proves to be very important. Based on my own experience as a network service provider in the Russian segment of the Internet, I would like to direct your attention to a number of issues that are inherent to this level. Unfortunately, despite the existing (although overly general) standards for the purpose of developing security policy, in prac- tice a majority of organizations that have fairly large IF networks do not adhere to those standards. Furthermore, the legislative level does not contain materials that would stimulate activity at the appropriate administrative level (by making this work mandatory). There is a lack of model standards in this area for various organizations (networks) that would take into consideration the specific nature of the goals to be achieved. For instance, in scientific and educational networks the priority is usually to ensure access to information, while ensuring its integrity and confidentiality is a goal at the second level of diagnostics. There is a differ- ent correlation of priorities regarding protection against information security threats in commercial structures' networks, and even more so in the networks of law enforcement-related government institutions. It is essential that at least model standards be developed for the networks of such organizations. The operational level is one of the most important in terms of implementing a general security policy in Internet networks. Operational regulators are focused primarily on people, not on technical means. They are intended to reduce dam- age when attacks are launched, through a timely response and high-quality sys- tem restoration. As our first example, let us examine the threat of penetration into a computer system. It would be hard to exaggerate the seriousness of this threat examples involving attempted murder of a witness and usurpation of control over a communications satellite are sufficiently convincing (and what if

92 HIGH-IMPACT TERRORISM the satellite had been a military ones. After acquiring superuser rights, a mali- cious individual can do virtually anything he likes with a system. Let us focus on the following operational measures: · Personnel management, · Physical control of access and minimization of privileges, and · Maintenance of functionality and restoration of a network or network resources after failures. However, practical implementation of these measures at the operational level in networks within the Russian segment of the Internet also creates a number of difficulties. Personnel management, for example, collides with the absence of clear- cut job descriptions and a lack of qualifications on the part of the specialists called upon to carry out such management. It is possible, out of ignorance, to make a mistake that could be fraught with serious consequences, for example, acquiring a "Trojan horse" program, disclosing a password to an unauthorized individual, and so on. One must be aware of these kinds of mistakes in order to avoid them. The use of measures to physically control access is difficult to carry out within the limits of a large organization's network. Nevertheless, the application of such regulators to a number of key nodes is extremely desirable. This problem applies in particular to ATIS in the case of objective 1, when the cost of the issue is very high and actions taken by a malicious individual could have serious consequences. A criminal who has penetrated a system can spy on a password selected by one of the system's legitimate users and thus gain access to a confi- dential computer (generally speaking, one that is not externally accessible, etc.~. To keep this from happening, it is essential to monitor individuals who penetrate the "security perimeter." Each employee should have the minimum privileges necessary to perform his or her duties. In this way, even if a malicious individual penetrates an organi- zation, that individual cannot cause real damage. Prior development of responses to violations of the network information security regime to a large extent in- volves backup copying and network resource restoration following failures. Maintenance of functionality and restoration of the system following fail- ures remains a trouble spot even for major Russian ISPs because of a lack of clarity in the way interaction with channel operators is set up, short staffing, the lack of midlevel specialists with appropriate qualifications, and a host of other problems. Response to violations of the security regime causes difficulties, usu- ally due to a lack of any rules governing interaction not only with government ministries and agencies involved with information security (the FAPSI, the State Committee on Technology, the Internal Affairs Administration, et cetera), but even with other ISPs, which might not have people to support that kind of inter- action. The current situation can be explained as the initial stage in the develop- ment of the relatively young Russian segment of the Internet. We must find

CYBERTERRORISM 193 approaches that will eliminate the indicated shortcomings in each of the net- works that represent individual organizations. Administrative and operational measures in support of information security, for example, depend to a considerable degree on the structure in place for orga- nizing and specifying goals to be achieved; therefore, the development of gener- al recommendations with regard to a solution in these areas is made much more difficult. However, efforts are being made in that direction. Moscow Universi- ty's Center for Telecommunications and Internet Technologies, for example, has a working group assigned to create a methodology for protecting open scientific and educational networks. This activity addresses both administrative and opera- tional regulators. However, the work is far from complete. THE PROGRAMMING AND HARDWARE LEVEL The Internet or as it is sometimes called, the Meta-Network (a network of networks) is the sum total of interactions between individual networks ranging from the very smallest, local networks to major networks at the corporate, na- tional, or even transnational scale. It is precisely this task of internetwork inter- action that is performed by the TCP/IP protocol stack, and that fact is the main reason for the Internet's unprecedented rapid growth and popularity. Each of these networks has (or should have) its own security policy and, based upon it, apply its own operational regulators and use the programs and hardware needed for that purpose. Of crucial importance in this hierarchy of network infrastruc- tures are the major governmental and corporate networks. It is these that are as a rule the main target of potential attacks by terrorists. In order to build an information security system adequate to the needs of such a network, the following protective means are necessary at the program- ming and hardware level: . Internetwork firewalls (restricted access); · Means of identification and authentication that support the concept of a single entrance into a network (the user proves his or her authenticity once upon entry and then has access to all of a network's services, subject to appropriate authorization); · Anticopying and code audit means to provide monitoring of the network at all levels and to detect suspicious activity and implement a rapid response; · Means of protection incorporated into applications, services and hard- ware or software platforms; and . Centralized network administration tools. The combination of these tools is intended to cover to a significant degree the protection needs of a corporate IP network at the programming and hardware level.5 Let us briefly examine a few of these.

94 HIGH-IMPACT TERRORISM Firewalls. Firewalls are designed to regulate flows between the internal and external parts of a computer system. Examples of this include closing certain parts to outside access, blocking access from certain addresses, and blocking traffic containing "dangerous" commands. Thus, firewalls restrict opportunities for a malicious individual to enter a system and also make it difficult for Trojan horse programs to send information out. Identification and Authentication. Identification allows the subject to indicate his or her name; authentication makes it possible to prove the authentic- ity of the identifier used. There are three main methods of authentication: based on what a person is (for example, using biometric features such as retinal scans or fingerprints), based on what a person possesses (for example, using "smart cards"), or based on what a person knows (for example, using a password). Identification and authentication prevent "strangers" from entering and also make it possible to track each action back to the subject who performed it. Access Control. Access control tools make it possible to specify and mon- itor actions that subject may perform on objects. Thanks to access controls, "underprivileged" users cannot perform actions that could possibly cause signif- icant harm. This is yet another defensive perimeter. Even if a malicious individ- ual penetrates the lower levels, he cannot do serious damage. Cryptography. Cryptography serves to ensure data confidentiality and in- tegrity and is also an auxiliary service for other regulators (for example, authen- tication). Thanks to cryptographic methods, a malicious individual cannot view or alter critically important data. Protocolling and Auditing. Protocolling is defined as the collection and accumulation of information about events occurring in an information system. Auditing refers to analysis of the accumulated information carried out either quickly in real or near-real time or periodically (for example, once a day). Proto- colling keeps users accountable. The psychological factor is important (aware that all actions are being protocolled, some potential criminals could abandon their intentions). Analysis of the recorded logs makes it possible to detect mali- cious activity and take measures in time. One of the important types of attack frequently used by hackers against Internet networks in recent years has been the denial-of-service attack. As a result of this type of attack, a system is unable to provide one or several services with the required level of quality. This is also a very serious threat and could result in the failure of large systems (transportation, power grids, et cetera). In addition to the aforementioned methods of defense, we should also men- tion one common type of access management (i.e., resource quotas). Generally speaking, service failures occur due to exhaustion of some system resource. The use of quotas can limit the amount of resources available to each subject and create a reserve for the superuser, so that he or she will be able to intervene and correct the situation.

CYBERTERRORISM 195 PHYSICAL EFFECTS Physical effects can also disable a computer system. The classic examples of such effects are fires or bombs. Recently, devices have been created that are specifically designed to destroy computer systems.6 The basic principle by which these devices operate is to cause a sharp voltage spike in power supply systems, communications, or other signals, with an amplitude, duration, and energy in the spike capable of shutting equipment down or degrading it completely. The abili- ty to conceal this type of attack is greatly enhanced by the fact that an analysis of the damaged or destroyed equipment will not clearly identify the cause of the damage, since the cause could be either an intentional destructive power effect (an attack) or an unintentional one (for example, lightning-generated induction). As a rule, this kind of device uses one of three methods of creating the effect: 1. Through the power grid (it is estimated that a device costing $10,000- $15,000 can disable up to 20 computers simultaneously); 2. Through wiring conduits (in this case, the devices cost only about one- tenth as much); or 3. Through the air, using short but powerful electromagnetic impulses. effect: Let us examine a few means of defense against this kind of destructive · The security perimeter must be wider than the space occupied by the computer so that a malicious individual cannot approach within the distance required for effective use of his weapon. · When equipment is purchased, priority should be given to products that are more resistant to the destructive effects described above. . Power supply panels, grounding cables, communication lines, and so forth must be closely monitored. · A "normal" picture of the network's operations should be compiled and the network's current status compared periodically with this benchmark (similar to the use of code auditing). · It is desirable to shield both the equipment and the rooms within which the equipment is housed. · Fiber-optic cables should be used as communication channels whenever possible. INTERNATIONAL INFORMATION SECURITY ISSUES Extending as it does to all aspects of countries' affairs, the information revolution is expanding opportunities to develop international cooperation and is

196 HIGH-IMPACT TERRORISM creating an international information space within which information is becom- ing a highly valuable component of national wealth and a strategic resource. In view of this, international cooperation in the information realm is becom- ing timely and promising. On the one hand, this cooperation makes it possible to have access to the latest information technologies and participate in a worldwide division of labor in the fields of information services, information systems, and information-based products. On the other hand, it is becoming obvious that along with the positive aspects of this process there is also emerging a real threat that achievements in the information realm will be used for purposes not compatible with the goals of maintaining world stability and security or abiding by the principles of sovereign equality among nations, peaceful resolution of disputes and conflicts, renunciation of force, nonintervention in internal affairs, and re- spect for human rights and liberties. Among these threats is terrorism employing modern network technologies. This highlights the obvious need for international legal regulation of the processes of international interaction among all subjects involved in the mainte- nance and development of network infrastructure and information resources. It is essential that we have an international platform on the issue of information secu- rity that will correspond to the interests of world security and take antiterrorist considerations into account. The UN General Assembly, in its resolutions 53/70 of December 4, 1998, and 54/49 of December 1, 1999, has already addressed the need to develop international principles aimed at improving the security of global information and telecommunications systems and facilitating the fight against information terrorism and crime. Now the specific points in a program of action must be developed. Within the framework of international (bilateral and multilateral) programs, for example, it would be possible to conduct research aimed at preventing the following threats in the realm of information security: · Actions by international terrorists, extremists, criminal societies, organi- zations, groups, and individual lawbreakers that present a threat to information resources and nations' critically important structures; · The use of information technologies and means to the detriment of hu- man rights and liberties as exercised in the information realm; and · Manipulation of information flows, disinformation, and concealment of information for the purpose of distorting society's psychological and spiritual en- vironment and eroding traditional cultural, moral, ethical, and aesthetic values. NOTES Kroll, E. 1995. Vsyo ob Internet [All About the Internet] (translated from English). BNV Trade and Publishing Bureau, p. 592.

CYBERTERRORISM 197 Cerf, V.G. 1991. Networks. Scientific American 265(September):72 et passim. Kahn, R.E. 2000. Evolyutsiya seti Internet. Vsemirnyy doklad YuNESKO po kommuni- katsiyam i informatsii, 1999-2000 [Evolution of the Internet Network: UNESCO Global Report on Communications and Information, 1999-2000]. Moscow: Biznes-Press. 2. Vasenin, V.A. 1997. Rossiyskiye akademicheskiye seti i Internet (sostoyaniye, problemy, resheniya) [Russian Academic Networks and the Internet (Status, Problems and Solutions)]. V.A. Sadovnichiy, ed. Moscow: REFIA, p. 173. 3. Sadovnichiy, V.A., V.A. Vasenin, A.A. Mokrousov, A.V. Tutubalin. 1999. Rossiyskiy In- ternet v tsifrakh i faktakh [The Russian Internet in Figures and Facts]. Moscow: Moscow University Publishers, p. 148. 4. Galatenko, V.A. 1998. Informatsionnaya bezopasnost: prakticheskiy podkhod [Information Security: A Practical Approach]. Moscow: Nauka Publishers, p. 301. 5. Galatenko, A.V. 1999. Aktivny audit [Active auditing]. Jet Info Newsletter 8(75). 6. Barsukov, V. 2000. Zashchita kompyuternykh sistem ot silovykh destruktivnykh vozdey- stviy [Protecting computer systems from destructive power effects]. Jet Info Newsletter 2(81).

Next: Preventing and Responding to Cybercrime and Terrorism: Some International Dimensions »
High-Impact Terrorism: Proceedings of a Russian-American Workshop Get This Book
×
Buy Paperback | $64.00 Buy Ebook | $49.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

In June 2001 the National Academies and the Russian Academy of Sciences held a bilateral workshop in Moscow on terrorism in a high--technology society and modern methods to prevent and respond to it. The purpose of the workshop was to begin a dialogue on high--impact terrorism that could lead to further U.S.--Russian collaboration. This volume includes papers presented at the workshop by 31 Russian and American experts on various types of high-impact terrorism, including biological and agricultural terrorism, nuclear and electromagnetic terrorism, explosives, chemical, and technological terrorism, and cyber terrorism. The papers also address legal issues, Russian internal affairs, and the future of international cooperation in this area.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!