Tag Archives: Information Security

What Do New Technologies And Digital Transformation Mean To The Military?

New Technologies, IoT And Cyber Threats Are Changing The Way War Is Fought In The Battlefield

Wearables used to monitor activity level and individuals health state. Collaboration softwares used to create virtual conference rooms and messaging tools connecting people through dynamic software-defined wide area networks. Data increasingly moving from on-premise to Cloud hosting environments. Software and applications provisioned on-the-fly and made available through virtualized remote sessions regardless of connecting device’s originating network and OS (Operating System). Drones feeding real-time videos to their remote operators and aircraft engines streaming TB (Terabyte) of data to remote maintenance systems.

Those mentioned above are just a few examples of how technology influences everyday business and personal life. The impact of “pervasive technologies” on today’s society is often referred to as “Digital Transformation,” part of the so-called “Revolution 4.0,” where fusion of technologies is blurring the lines between the physical, digital, and biological spheres.

Whilst a large mix of digital technologies is making the world fully connected to improve collaboration, learning, information sharing and decision-making, militaries around the world continue to invest in research and development and seek new technologies that can give them an advantage on the battlefield. More or less what their old and new enemies are doing at the same speed, or faster.

Today’s joint operations on the battlefield require reliable information gathered through a wide variety of sensors aboard drones, spyplanes or provided by troops operating in the field around the world to decision makers oceans apart. The digitized information is collected at the tactical edge and delivered via the secure network connections to the data center where it can be “transformed” through analytics and machine learning to generate critical insight. Such insights can be then shared back to the deployed soldiers at the edge in real-time.

Whilst not simple to achieve, the transformation of images and signals to data, data to knowledge, and knowledge to decision, heavily relies on technology and end-to-end secure fabric. A network of networks that APTs (Advanced Persistent Threats) may try to infiltrate by any means including the new devices interconnected at the edge as part of the continued growth of the (IoT) Internet of Things.

For instance, as we have already explained, the F-35 Lightning II leverages IoT capabilities to support Condition-Based Maintenance by proactively identifing maintenance issues and place orders for replacement parts and ground maintenance crew while cruising, so that, when it lands, everything is already in place and ready to be fixed, without affecting the optempo. Moreover, the F-35 is the largest data collection and sharing platform ever produced, or the Number #1 IoT Device that can collect intelligence and battlefield data from several sensors and share it in real-time with other assets as well as commanders.

Moreover, a growing reliance on technology implies new advanced adversaries to face: in fact, the so-called Revolution 4.0 has already completely changed the geopolitical landscape requiring Defense to evolve and include the Cyber domain because even smaller economies, organizations or individuals (backed by some intelligence service or not) can pose a significant threat to larger nations today.

So, Digital Transformation in the Military is today about using mobile devices and remote sensors to collect data at the edge, transfer it to where is needed (including a private cloud), process it to get actionable intelligence, and send the orders back to the soldier deployed abroad in the shortest time possible: a process that requires cutting edge technologies developed by Aerospace, Defense and National Security companies that are today more exposed than ever to the new emerging threats, and increasingly in the need to show their ability to comply with new security standards if they want to continue working on the most advanced (hence targeted) programs.

Attackers have been trying to intrude Government, Aerospace and Defense firms’ networks, often with real cyber weapons, for years. “Software-based” weapons systems, IoT capabilities, Big Data, Cloud Computing and digitization will simply expand the attack surface they can target, making them even more aggressive and dangerous than ever before. Therefore, a Cybersecurity strategy covering the whole technological domain will be the key to address new and existing risks and threats before these can give the enemy an edge both in the cyberspace and in the battlefield. And such strategy will not have to cover cover “defensive” cyber operations only but also “offensive” ones. Companies that have designed and developed “legacy” EW (Electronic Warfare) systems and pods are increasingly working on Cyber EW capabilities too: indeed, EW aircraft are already embedding (or are about to embed) in-flight hacking capabilities to conduct malware attacks by air-gapping closed networks.

U.S. Air Force EC-130H Compass Call aircraft have already been involved in demos where they attacked networks from the air, a kind of mission that is far from new. In 2007, the success of Israeli Air Force’s Operation Orchard against a Syrian nuclear installation was largely attributed to effectiveness of the Israeli Electronic Warfare platforms that supported the air strike and made the Syrian radars blind: some sources believe that Operation Orchard saw the baptism of fire of the Suter airborne network system against Syrian radar systems. Although the details surrounding this capability are a bit fuzzy, the F-35 AESA radar could be able to do the same thing

Top image credit: U.S. Army

 

Salva

Salva

Salva

Salva

Salva

Salva

Salva

Salva

Salva

Salva

Salva

A Cyber attack by Syrian Electronic Army may be Assad’s most dangerous reaction to U.S. air strikes

Considered the current status of the Syrian military, whose capabilities have been consumed by a couple of years of war against the rebels of the Free Syrian Army, a series of cyber attacks by the Syrian Electronic Army is the most serious answer the U.S. can expect from Damascus following an attack on Assad’s Chemical Warfare arsenal.

According to Wikipedia:

“The Syrian Electronic Army, also known as the Syrian Electronic Soldiers, is a collection of pro-government computer hackers aligned with Syrian President Bashar al-Assad. Using denial of service attacks, defacement, and other methods, it mainly targets political opposition groups and western websites, including news organizations and human rights groups. The Syrian Electronic Army (SEA) is the first public, virtual army in the Arab world to openly launch cyber attacks on its opponents, though the precise nature of its relationship with the Syrian government is debated.”

Hackmageddon.com Editor Paolo Passeri (@paulsparrows) explains:

“The SEA is not an Advanced Persistent Threat as we know it. Their attacks are limited, not persistent nor advanced.

They usually conduct social engineering attacks against media with the aim to spread their propaganda messages using compromised Twitter accounts or defaced websites. They send spear phishing emails to their targets in order to get the user credentials needed to get into the accounts and post their messages.

Most of times, once compromised, the targeted media disclosed the (successful) attack describing the hack with specific blog posts, like done by The Onion and Outbrain.”

Hackmageddon.com was one of the first ICT security-focused blogs to follow SEA’s activities and record all their hacks in its attack timelines.

In the last hours SEA attacked NYTimes.com (the media outlet had its DNS redirected to a page displaying the “Hacked by SEA” message) whereas Twitter’s domain registrar was changed.

Since they are a looseknit hacker group loyal to Assad, SEA are likely to react to the air strikes that are about to pound Syria. Even if their assault will be not-persistent, not-advanced it could still cause some pain. If not to Obama or the Pentagon, to one of the media outlets that will be reporting about the U.S. air campaign in Syria.

Enhanced by Zemanta

What is a Cyber Weapon?

We’ve been taking about Militarisation of cyberspace for some time now. This interesting article by Hackmageddon.com provides a model to classify cyber weapons in accordance with four parameters: Precision, Intrusion, Visibility, and Easiness to Implement. Based on these parameters, cyber threats can be compared to smart bombs, handguns, traditional bombs and paintball pistols. Read below to discover why.

What is a Cyber Weapon? At first glance this seems an immediate question to answer, but should anyone try to analyze the meaning of this term more deeply, he would probably be quite surprised and disappointed in discovering that the answer is not so immediate since an exact definition has not been given (at least so far).

A real paradox in the same days in which The Pentagon, following the Japanese Example, has unveiled its new strategy aimed to dramatically accelerate the development of new Cyber Weapons. And do not think these are isolated, fashion-driven examples (other nations are approaching the same strategy), but rather consider them real needs in the post-Stuxnet age, an age in which more and more government are moving their armies to the fifth domain of war [you will probably remember the (in)famous episode, when F-Secure was able to discover Chinese Government launching online attacks against unidentified U.S. Targets].

Recently Stefano Mele, a friend and a colleague of the Italian Security Professional Group, tried to give an answer to this question in his paper (so far only in Italian but it will be soon translated in English) where he analyzes Cyber Weapons from a legal and strategical perspective.

As he points out “Correctly defining the concept of Cyber Weapon, thus giving a definition also in law, is an urgent and unavoidable task, for being able to assess both the level of threat deriving from a cyber attack, and the consequent political and legal responsibilities attributable to those who performed it”. Maybe this phrase encloses the reason why a coherent definition has not been given so far: a cyber weapon is not only a technological concept, but rather hides behind its complex juridical implications.

According to Stefano’s definition: a cyber weapon is:

A device or any set of computer instructions intended to unlawfully damage a system acting as a critical infrastructure, its information, the data or programs therein contained or thereto relevant, or even intended to facilitate the interruption, total or partial, or alteration of its operation.

One could probably argue whether a cyber weapon must necessarily generate physical damages or not, in which case, probably, Stuxnet, would be the one, so far, to encompass all the requirements. In any case, from my point of view, I believe the effects of a cyber weapon should be evaluated from its domain of relevance, the cyberspace, with the possibility to cross the virtual boundaries and extend to the real world (Stuxnet is a clear example of this, since it inflicted serious damages to Iranian Nuclear Plants, including large-scale accidents and loss of lifes).

With this idea in mind, I tried to build a model to classify the cyber weapons according to four parameters: Precision (that is the capability to target only the specific objective and reduce collateral damages), Intrusion (that is the level of penetration inside the target), Visibility (that is the capability to be undetected), and Easiness to Implement (a measure of the resource needed to develop the specific cyber weapon). The results, ranging from paintball pistols to smart bombs, are summarized in the below chart.

Read more…

 

Salva

After latest F-35 hack, Lockheed Martin, BAe Systems, Elbit under multiple cyber attacks….right now.

I have just published a timeline covering the main Cyber Attacks targeting Military Industry and Aviation, but it looks like the latest events will force me to post an update, soon.

Although perpetrated with very different timelines, origins and motivations behind them, the last three days have seen a new wave of attacks against military industry that has unexpectedly become the point of intersection between cybercrime and cyberwar.

The first clamorous attack was disclosed a couple of days ago, when the Sunday Times revealed that alleged Chinese Hackers were able to penetrate into computers belonging to BAE Systems, Britain’s biggest defence company, and to steal details about the design, performance and electronic systems of the West’s latest fighter jet, the costly F-35 Joint Strike Fighter. The hacking attack has raised concerns that the fighter jet’s advanced radar capabilities could have been compromised and comes few weeks after papers about the future British-French drone were stolen in Paris.

Apparently, once again, an APT-based attack, or maybe one of its precursors, since it was first uncovered nearly three years ago. In any case, according to the sources and the little information available, it lasted continuously for 18 months, exploiting vulnerabilities in BAE’s computer defences to steal vast amounts of data. A fingerprint analogous to other similar cyber operations, allegedly generated from China such as Operation Aurora or the controversial operation Shady RAT.

Details of the attack have been a secret within Britain’s intelligence community until they were disclosed by a senior BAE executive during a private dinner in London for cyber security experts late last year.

Curiously the F-35 seems to be a very attracting prey for hackers as it was already the victim of a Cyber Attack in 2009; once again the latest attack is believed to be originated from China, who is showing a restless cyber activity.

Although completely different for impact and motivations, a second attack has just been announced by the infamous hacking collective Anonymous, which, in name of the #OpFreePalestine operation, has published the contact details for senior staff at BAE (hit once again), Lockheed, Gulfstream Aerospace, a division of General Dynamics, and the United States Division Of Israeli Owned Arms Company Elbit Systems. An attempt to embarrass military industry considered involved in the events happening in Palestine.

Although the data dumps apparently contain little valuable information (according to V3.co.uk many of the telephone numbers listed are for company headquarters, while several of the names appear to be out of date), the latest attacks represent a quantum leap in the Middle East Cyber War, after the “reign of terror” threatened by Anonymous against Israel.

The F-35 JSF is not only the most advanced stealthy fighter plane of the next future. It is also the most expensive. That’s why some partners have been compelled to downsize their initial requirements because of cuts imposed by the increasing unit price (with the new contract the total unit cost for an LRIP 5 jet is 205.3 million USD!!).

Apparently these cuts are interesting even the IT Security budgets of the manufacturers.

If you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow the author of this article @paulsparrows on Twitter for the latest updates.

Salva

Exclusive Infographic: all Cyber Attacks on Military Aviation and Aerospace Industry

2011 has been an annus horribilis for information security, and aviation has not been an exception to this rule: not only in 2011 the corporate networks of several aviation and aerospace industries have been targeted by digital storms (not a surprise in the so-called hackmageddon) but, above all, last year will be probably remembered for the unwelcome record of two alleged hacking events targeting drones (“alleged” because in the RQ-170 Sentinel downed in Iran episode, several doubts surround the theory according to which GPS hacking could have been the real cause of the crash landing).

But, if Information Security professionals are quite familiar with the idea that military contractors are primary and preferred targets of the current Cyberwar as the following infographic shows, realizing that malware can be used to target a drone is still considered an isolated episode, and even worse, the idea of a malware targeting the multirole Joint Strike Fighter is still something hard to accept.

However, things are about change dramatically. And quickly.

The reason is simple: the latest military and civil airplanes are literally full of electronics, which play a primary role in managing avionics, onboard systems, flight surfaces, communcation equipment and armament.

For instance an F-22 Raptor owns about 1.7 millions od line of codes , an F-35 Joint Strike Fighter about 5.7 millions and a Boeing 787 Dreamliner about 6.5 millions. Everything with some built in code may be exploited, therefore, with plenty of code and much current and future vulnerabilities, one may not rule out a priori that these systems will be targeted with specific tailored or generic malware for Cyberwar, Cybercrime, or even hacktivism purposes.

Unfortunately it looks like the latter hypothesis is closer to reality since too often these systems are managed by standard Windows operating systems, and as a matter of fact a generic malware has proven to be capable to infect the most important U.S. robots flying in Afghanistan, Pakistan, Libya, and Indian Ocean: Predator and Reaper Drones.

As a consequence, it should not be surprising, nor it is a coincidence, that McAfee, Sophos and Trend Micro, three leading players for Endpoint Security, consider the embedded systems as one of the main security concerns for 2012.

Making networks more secure (and personnel more educated) to prevent the leak of mission critical documents and costly project plans (as happened in at least a couple of circumstances) will not be aviation and aerospace industry’s information security challenge; the real challenge will be to embrace the security-by-design paradigm and make secure and malware-proof products ab initio.

While you wait to see if an endpoint security solution becomes available for an F-35, scroll down the image below and enjoy the list of aviation and aerospace related cyber attacks occurred since the very first hack targeting the F-35 Lightning II in 2009.

Of course aviation and aerospace industries are not the only targets for hackers and cybercriminals. So, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow @pausparrows on Twitter for the latest updates.

Continua a leggere