Power

Cyber TerrorismAwareness & Education:: 

Cyber Terrorism Awareness & Education: How to Get Past the Hype & Hoaxes & Deliver the Message NATO Advanced Research Workshop Sofia, Bulgaria (October 2006)

Agenda: 

Agenda Awareness & Education Challenges Beginner’s Mind about Cyber-Terrorism The Who & Why of Cyber-Terrorism The What & How of Cyber-Terrorism Elements of a Successful Program

Dissonant Convergence:21st Century Security Crisis: 

Dissonant Convergence: 21st Century Security Crisis Perspective & Proportionality are Key to Developing Awareness & Education on Cyber Terrorism -- Because They Communicate Credibility Where is Cyber Terrorism on the Scale of Risks & Threats? Global Warming Nuclear Weapons Proliferation Pandemics & Other Health Emergencies Natural Disasters Terrorism Failed States Sustainability Issues (e.g., energy, water, over-population) Organized Crime (e.g., human trafficking, drug trade, counterfeiting) Cyber Crime (w/ “Cyber Terrorism” as a sub-set) Copyright: Richard Power 2006

Bird Flu & Cyber Terror :A Useful Analogy: 

Bird Flu & Cyber Terror : A Useful Analogy Although Bird Flu has been found in almost 50 countries since 2003, it has infected less than 300 people & killed less than 200 Yet many billions of dollars are being spent to prepare for a serious Bird Flu pandemic…Why? Because two out of the three factors that create pandemic are already in play, and if there is a pandemic millions could die Even if Bird Flu does not become a pandemic, the planning, training and preparations will help in coping with whatever health emergencies inevitably befall us The Cyber Terror risk should be viewed & dealt with similarly We cannot afford to assume it won’t happen because it hasn’t (or because it hasn’t been acknowledged)

Awareness & Education:Secrets of Success: 

Awareness & Education: Secrets of Success E3 Engage Enlighten Empower 4E Intriguing Themes Credible Sources Plausible Scenarios Relevant to Both Current Events & Personal Life Copyright: Richard Power 2006

Awareness & Education:Cyber Terrorism: 

Awareness & Education: Cyber Terrorism Get Beyond Hype & Hoaxes FUD (“Fear, Uncertainty, Doubt) & Crayola Crayon Alerts only hurt the cause Deliver The Message on Risks & Realities Who Why What How Copyright: Richard Power 2006

Beginner’s Mind: 

Beginner’s Mind “In the beginner’s mind there are many possibilities, but in the expert’s there are few.” “The goal is always to keep our beginner’s mind.” “If you discriminate too much, you limit yourself.” “If your mind is empty, it is already ready for anything; it is open to everything.” “This is the real secret of the arts: always be a beginner.” Copyright: Richard Power 2006 Shunryo Suzuki-Roshi

Definitions?: 

Definitions? Cyber From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently Copyright: Richard Power 2006 PC Magazine

Definitions?: 

Definitions? Terrorism An anxiety-inspiring method of repeated violent action, employed by (semi-) clandestine individual, group or state actors, for idiosyncratic, criminal or political reasons, whereby -- in contrast to assassination -- direct targets of violence are not main targets…. An act of terrorism is the "peacetime equivalent of a war crime.” Copyright: Richard Power 2006 United Nations

Cyber Terrorism & IO: 

Cyber Terrorism & IO Goals of Information Operations “The objective all IO is to dominate the information battlefield by attacking the enemy’s information resources and decision-making capabilities while protecting your own resources and capabilities from all adversaries. “In other words, IO has two very simple goals: Goal #1: Optimize the decision making of the friendly guys Goal #2: Degrade the decision making of the bad guys That’s IO in a nutshell.” Copyright: Richard Power 2006 Col. Lawrence D. Dietz, US Army (Retired)

Lebanon 2006: 

Lebanon 2006 “What Hezbollah did was to monitor our radio and immediately send it to their Al-Manar TV, which broadcast it almost live, long before the official Israeli radio.” Hezbollah appears to have divided a three mile-wide strip along the Israeli-Lebanese border into numerous “killing boxes”. Each box was protected in classic guerrilla fashion with booby-traps, land mines, and even CCTV cameras to watch every step of the advancing Israeli army. (London Times, 8-27-06) Israel…hacked into the television station of Hezbollah, emblazoning images on the screen showing pictures of corpses and claiming the Shiite militant group's leader Hassan Nasrallah was a liar….Israel also hacked into FM radio stations and instead of normal programs a two-minute recording was repeatedly broadcast… (Agence France-Presse, 8-2-06) Hezbollah monitors Israeli and international television news footage of scenes from rocket landings inside Israel and has used the broadcasts the past few weeks to more accurately target installations in the Jewish state…(World Net Daily, 8-14-06) Copyright: Richard Power 2006

Who & Why:Usual (& Unusual) Suspects?: 

Who & Why: Usual (& Unusual) Suspects? Jihadists Economic & Psychological Blow Nation States (Hegemons & Rogues) Distract & Debilitate Adversary Bizarro World (Cults & Loners) Hasten Apocalypse, Tear Down Social Order Criminal Elements Extortion, Reprisal Corporate and/or Internal Political Enemies Foil Competitors, Subvert Democratic Institutions Copyright: Richard Power 2006

Who & Why? Jihadists: 

Who & Why? Jihadists Why? Economic Blow, Psychological Impact Attacks Target Civilians & Economy Financial Districts (NYC, Istanbul, Mumbai), Hotels (Jakarta, Amman), Nightclubs (Bali, Casablanca), Trains (Madrid, London, Mumbai) No cyber dimension to these attacks yet, but… Copyright: Richard Power 2006

Who & Why? Jihadists: 

Who & Why? Jihadists Imagine if… On 911, the last image people saw on their TVs was the WTC collapsing and then the phones went dead and the power grid failed Imagine if… On 911, after the initial attacks, as all flights were grounded, those planes still in the air could not land because of a series of attacks on the air traffic control system Copyright: Richard Power 2006

Slide15: 

Copyright: Richard Power 2006 Al-Qaeda Targets Infrastructure? “Routed thru switches in Saudi Arabia, Indonesia and Pakistan “Studied emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants and gas facilities. “Some probes suggested planning for a conventional attack. But others homed in on a class of digital devices that allow remote control of services such as fire dispatch and of equipment such as pipelines. “More information about those devices -- and how to program them -- turned up on al Qaeda computers seized this year. “Most significantly, perhaps, U.S. investigators have found evidence in the logs that mark a browser's path through the Internet that al Qaeda operators spent time on sites that offer software and programming instructions for the digital switches that run power, water, transport and communications grids.” (Washington Post, 6-26-02)

Who & Why? Hegemons & Rogue States: 

Who & Why? Hegemons & Rogue States Why? Disorientate & debilitate adversary Hegemons, would-be hegemons & rogue states have been developing cyber war capabilities for the last decade Rand’s “The Day After…” At a time of heightened tensions in both Central Asia and the Taiwan Straits, a series of significant cyber attacks on US infrastructure targets (power, telecom, financial system, etc.) causes chaos…. Think “2010” All of you should play this game Copyright: Richard Power 2006

Who & Why? AUM Cult: 

Who & Why? AUM Cult “On 20 March 1995 members of the Aum Shinrikyo (Supreme Truth) cult carried six packages onto Tokyo subway trains and punctured the packages with umbrella tips, releasing deadly Sarin gas killing 12 persons and injuring more than 5,000. The incident involved six devices; disguised as a soft drink can, a briefcase, a white plastic bag, and a gas can wrapped in newspaper. These were set to go off on five different subway cars on three different lines… “This was the first major attack using chemical weapons by a terrorist organisation and shocked the world that a terrorist organisation would not only have the will but the capability to mount a chemical weapon attack on a populated urban target.” Copyright: Richard Power 2006 (History of War -- www.historyofwar.org)

Who & Why? AUM Cult : 

Who & Why? AUM Cult “In 1984, guru Shoko Asahara had a one-room yoga school, a handful of devotees, and a dream: world domination. A decade later, Aum Supreme Truth boasted 40,000 followers in six countries and a worldwide network that brought it state-of-the-art lasers, lab equipment, and weaponry. Aum's story moves from the dense cities of postindustrial Japan to mountain retreats where samurai once fought, and then overseas - to Manhattan and Silicon Valley, Bonn and the Australian outback, and finally to Russia. It is there, in the volatile remains of the Soviet empire, that the cult found ready suppliers of military hardware, training, and, quite possibly, a nuclear bomb.” Copyright: Richard Power 2006 (David E. Kaplin, Cult At The End of the World)

Who & Why? AUM Cult: 

Who & Why? AUM Cult Japan’s Defense Agency delayed deployment of a new computer system after discovering that it used software developed by members of the Aum Shinri Kyo cult. The Defense Agency was only one of 90 government organizations and private companies that unknowingly ordered software produced by the cult. (BBC, 3-1-00) Japanese security officers today raided 25 offices of the doomsday cult behind the 1995 Tokyo subway nerve gas attacks, after its founder lost a last appeal against his death sentence. ﾒSince his death sentence was finalised, we are afraid that his followers may possibly plan something illegal,ﾓ said a Public Security Intelligence Agency spokesman....(The Australian, 9-16-06) Copyright: Richard Power 2006

Who & Why? Imagine a Cyber Unabomber: 

Who & Why? Imagine a Cyber Unabomber “The Industrial Revolution and its consequences have been a disaster for the human race….The industrial-technological system may survive or it may break down…If the system breaks down the consequences will still be very painful. But the bigger the system grows the more disastrous the results of its breakdown will be, so if it is to break down it had best break down sooner rather than later. We therefore advocate a revolution against the industrial system. This revolution may or may not make use of violence; it may be sudden or it may be a relatively gradual process spanning a few decades….” (UNABOMBER Manifesto) Copyright: Richard Power 2006

Who & Why?Unabomber Timeline : 

Who & Why? Unabomber Timeline May 25-26, 1978
Northwestern University, Evanston, Illinois May 9, 1979
Northwestern University, Evanston Illinois November 15, 1979
American Airlines Flight 444, Chicago to Washington, D.C. June 10, 1980
Lake Forest, Illinois October 8, 1981
University of Utah, Salt Lake City May 5, 1982
Vanderbilt University, Nashville, Tennessee July 2, 1982
University of California, Berkeley May 15, 1985
University of California, Berkeley June 13, 1985
Boeing Aircraft Company, Auburn, Washington November 15, 1985
Ann Arbor, Michigan December 11, 1985
Road Way, Sacramento, California February 20, 1987
CAAMS Inc, Salt Lake City, Utah June 22, 1993
Private Home, Tiburon, California June 24, 1993
Yale University, New Haven, Connecticut December 10, 1994, Private Home,
North Caldwell, New Jersey April 24, 1995, Office
Sacramento, California (BBC) Copyright: Richard Power 2006

Who & Why? Unabomber Timeline: 

Who & Why? Unabomber Timeline April 24, 1995
New York City: The New York Times received a letter from the Unabomber, calling himself "the terrorist group FC,". The author promises to stop sending bombs if a 29,000- to 37,000-word article written by the group is printed in a national periodical such as the Times, Newsweek or Time magazine. September 19, 1995
Washington, D.C.: The Washington Post printed the Unabomber's 'manifesto' in an eight-page supplement. April 3, 1996
Lincoln, Montana: Theodore Kaczynski, a former UC Berkeley professor, living as a recluse in a one-room cabin, was arrested at his Montana home for possession of bomb components. He was turned in by his brother who thought Kaczynski's writings bore a striking resemblance to the Unabomber's manifesto. (BBC) Copyright: Richard Power 2006

Who & Why? Organized Crime: 

Who & Why? Organized Crime “Cyberscams are increasingly being committed by organized crime syndicates out to profit from sophisticated ruses rather than hackers keen to make an online name for themselves, according to a top U.S. official….Christopher Painter, deputy chief of the computer crimes and intellectual property section at the Department of Justice…. “The FBI estimates all types of computer crime in the U.S. costs industry about $400 billion while in Britain the Department of Trade and Industry said computer crime had risen by 50 percent over the last two years… “A growing worry is that cybercrooks could target emergency services for extortion purposes or that terrorists may be tempted to attack critical utility networks like water and electricity.Painter said there was a recent case in the U.S. where two young hackers inadvertently switched off all the lights at the local airport.” Copyright: Richard Power 2006 (Reuters, 9-15-06)

Who & Why? Corporate Enemies: 

Who & Why? Corporate Enemies Recent high-profile cases of Information Age Espionage underscore possibility of corporate cyber war: Haephrati: Top Israeli blue chip companies, including a high-tech giant that trades in New York, are suspected of using illicit surveillance software to steal information from their rivals and enemies. The list of victims is equally impressive…(MSNBC, Associated Press, 6-1-05) HP: With Hewlett-Packard insiders and contractors facing fraud and conspiracy charges, a spotlight is being shone on the shady world of corporate intelligence.A month after HP principals admitted to conducting a boardroom leak investigation that involved spying, accessing phone and fax records using false pretenses, and running a sting operation on a reporter, former HP chairwoman Patricia Dunn and four others were charged last week with fraud and conspiracy. (Information Week, 10-9-06) Copyright: Richard Power 2006

Who & Why? Political Enemies: 

Who & Why? Political Enemies Increasing reliance is being placed on electronic voting machines, even though cyber security experts have proven them to be extremely vulnerable to attack Numerous studies, conducted by the US GAO, Princeton University and NYU Law School and other institutions, reveal significant opportunity for cyber war Copyright: Richard Power 2006 "There are many things that we teach in Security 101 that were not understood by the developers of these machines…Within an hour of looking at the source code in the Diebold machines, we knew were looking at very bad code…. " (Avi Rubin on CBS, 1-3-03)

Who & Why?Political Enemies: 

Who & Why? Political Enemies Examples of problems reported by GAO include… Computer systems that fail to encrypt data files containing cast votes, allowing them to be viewed or modified without detection by internal auditing systems; Systems that could allow individuals to alter ballot definition files so that votes cast for one candidate are counted for another; Weak controls that allowed the alteration of memory cards used in optical scan machines, potentially impacting election results. (US GAO, 10-05) Copyright: Richard Power 2006 Three fundamental points emerge from the Brennan Center threat analysis… All three voting systems have significant security and reliability vulnerabilities, which pose a real danger to the integrity of national,state,and local elections. The most troubling vulnerabilities of each system can be substantially remedied if proper countermeasures are implemented at the state and local level. Few jurisdictions have implemented any of the key countermeasures that could make the least difficult attacks against voting systems much more difficult to execute successfully. (Brennan Center, NYU, 6-06)

What?Critical Infrastructure : 

What? Critical Infrastructure Mostly Privately Owned, But Relied On for the Public Good… Information & Communications: Phones, Internet Physical Distribution: Air traffic, rail, pipelines Energy: Gas, oil, electric power industries Banking & Finance: Banks, financial services, mutual funds, stock & commodities exchanges Vital Human Services: Water supply, emergency services, vital records Copyright: Richard Power 2006

How?: 

How? Same Skills, Exploits, Modus Operandi, Opportunities Seized by Common Cyber Criminals Only Better Financed, Better Equipped, And With Relative Impunity Badly Designed Software Lack of Preparedness at Both Government and Corporate Levels

How?: 

How? Bad Software (Microsoft is Not the Evil Empire, But…) 2006: Bill Gates -- Man of The Year (Again) Microsoft perceives its customers to be developers, Apple perceives it customers to be end users Only one US corporation that existed in 1900 still existed in 2000 (GE), but in 3000, there will be two (GE & Microsoft) Bill Gates belongs on TIME cover for his humanitarian efforts Bill Gats does not belong keynoting RSA Conference -- three years in a row 2003: CTO Loses Job for Blast at Microsoft Dan Geer, CTO for @Stake (which consults for Microsoft) fired for report calling Windows a national cyber security threat Signed by seven researchers, report said dominance of Microsoft software on PCs has made networks susceptible to "massive, cascading failures," & that the complexity of the software made it particularly vulnerable to virus & other attacks

How?: 

How? Lack of Preparedness in Government & Industry: “Last year CSIA encouraged Congress & the Administration to raise the profile of information security; improve information sharing, threat analysis, & contingency planning; & to prioritize & fund research & development….Unfortunately there is no forward momentum or clear set of priorities for action in 2006.” (CISA, 2006) “For Chertoff to create a high-level cybersecurity position but neglect to fill that position after a year indicates that the Bush administration places a higher value on physical security than it does on the nation's information infrastructure. Meanwhile, the country lacks a leader with the clout to coordinate communications in the event of a massive IT disruption.” (Information Week, 7-06) “The Homeland Security Department is not ready for a cyberattack or a natural disaster that causes a major Internet disruption, according to a Government Accountability Report released today.” (FCW, 7-28-06)

Slide31: 

Awareness & Education: Secrets of Success E3 Engage Enlighten Empower 4E Intriguing Themes Credible Sources Plausible Scenarios Relevant to Both Current Events & Personal Life Copyright: Richard Power 2006

Awareness & Education:Model for A Global Program: 

Awareness & Education: Model for A Global Program Five Subject Areas: Cyber Crime Information Age Espionage Cyber Terrorism Emergency Preparedness & Response Personnel Security Physical Security Four Target Groups: Total Workforce IT Professionals Human Resources & Operations Executives & Support Staff Copyright: Richard Power 2006

Awareness & Education: Model for A Global Program: 

Awareness & Education: Model for A Global Program Practical Message for Entire Workforce Practical Help for Both Work & Home Life E-mail Newsletter New Hire Orientation Presentation E-Learning Module Global Security Day Translated into Local Languages Copyright: Richard Power 2006 Intensive Technical Training for IT Professionals Quarterly Regional Expert Instructors from Outside Attacks & Countermeasures Incident Response, IDS, etc. Certification Training

Awareness & Education: Model for A Global Program: 

Awareness & Education: Model for A Global Program Intensive Training for Human Resources & Operations Professionals Quarterly Regional Expert Instructors from Outside Crisis Management Business Continuity Copyright: Richard Power 2006 Executive Leadership & Staff Executive Security Standards Information Security Personnel Security Physical Security Bi-Weekly Intel Briefing One page organized into five sections Europe, Middle East & Africa Asia-Pacific Americas Global Cyberspace Includes threats & relevant initiatives

Awareness & Education: Model for A Global Program: 

Awareness & Education: Model for A Global Program Adaptable to All Industries & Sectors Delivery System & Format for Guidance on All Aspects of an Organization’s Security: Personnel, Physical, Cyber, etc. E3 II Economic Efficient Effective Copyright: Richard Power 2006

Conclusion: 

Conclusion In the Shadows of Cyberspace, Your Most Dangerous Adversary is Not the Hacker or the Spy or the Cyber Criminal or the Disgruntled Insider or even the Cyber Terrorist. Whether You Operate in the Corporate World or in the Government, Your Most Dangerous Adversary is Weak Leadership. Copyright Richard Power 2006

Conclusion: 

Conclusion If Your Leaders are Small-Minded and Self-Serving, No Amount of Timely Intelligence, Sophisticated Technology, and World-Class Expertise Will Protect Your People, Your Secrets, Your Organizations, or Your Country. Copyright Richard Power 2006

Richard Power: 

Richard Power GS(3) Intelligence & Words of Power Consulting, Writing & Speaking on Security, Sustainability & Spirit For More Information WWW: http://www.wordsofpower.net Blog: http://words-of-power.blogspot.com Contact E-Mail: richardpower@wordsofpower.net Mobile #: 1-415-902-3555 Copyright Richard Power 2006