Could CyberTerrorism Bring Down The United States

1
Could Cyber-Terrorism Bring Down The United
States?

• Prepared By Scott Andrews
• National Collegiate Conference Presentation
• March 31st 2007

2
Cyber-Terrorism Scenario
3

• Distributed Denial Of Service attacks have began
  to plague American Websites.
• Nine of the 13 DNS root servers that route
  Internet traffic globally have become infected.
• As a result critical nodes have been unable to
  service the Internet backbone.

Source Http//www.citrix.com/.../AA026-BEFORE_vs.
jpg
4

• Within minutes, Internet traffic across most of
  North America has come to a complete standstill.
• The U.S. DoD computers have been crippled.

Source Http//photography-plus.com/images/Pentago
n.jpg
5

• One hour after the cyber attack terrorists launch
  a missile.
• This weapon emits an EMP charge which destroys
  everything with a microchip or integrated
  circuit.
• Everything with an electronic component has been
  damaged without repair.

Source Http//www.navey.mil/navydata/policy/visio
n/vs00/p. 72-a.gif
6
Results From The Attack
7

• Mass hysteria and refuges.

Source Http//www.doublespeakshow.com/images/2006
/04/katrina_victim
8

• Breakdown of the American Economy.
• Potential for the loss of human lives within the
  weeks and months to come.

Source Http//newsimg.bbc.com.uk/media/images/407
56000/jpg/_40756489_stock203getty.jpg
9
Introduction

• Currently, the United States is not equipped to
  deal with a major cyber attack on its homeland.
• For example, look at the chaos during hurricane
  Katrina.

10
Cyber-Terrorism

• This presentation will address
• Cyber-terrorism- What is it?
• What constitutes a critical infrastructure.
• An in depth analysis of cyber-terrorism will be
  explored.
• What can be done to prepare the United States for
  a perspective cyber attack.
• Steps the Federal Government must take to protect
  the country from cyber based attacks.

11
What is Cyber-Terrorism?

• Cyber-Terrorism- according to FEMA
• Unlawful attacks and threats of attack against
  computers, networks, and the information systems
  stored therein when done to intimidate, or coerce
  a government or its people in furtherance of
  political or social objectives.

12
What is a Critical Infrastructure?

• Critical Infrastructure- according to the US
  Patriot Act
• Systems and assets, whether physical or
  virtual, so vital to the U.S. that the incapacity
  or destruction of such systems and assets would
  have a debilitating impact on security, national
  economic security, national public health or
  safety, or any combination of those matters.

13
Source Http//capcog.org/images/911/2ndcritInfrl.
jpg
14
Physical vs. Virtual Boundaries

• The United States has always been protected by
  its isolated existence until the birth of the
  Internet.
• In cyberspace there are no physical or geological
  borders.
• A person in Iran or North Korea for example could
  attack the United States without even touching
  American soil.
• The cyber attack could then pave the way for a
  physical attack on Critical Infrastructures.

Source Http//img.timeinc.net/time/reports/planet
/images/cyberspace.jpg
15
Why Choose A Cyber Attack vs. A Conventional
Attack?

• Terrorists would not need to commit considerable
  resources such as funding or training.
• Only minimal technology is needed. All a
  terrorist would need is a computer and a high
  speed Internet connection.
• There are many online resources available.

Source Http//www.shorrock.dircon.co.uk/images/Te
rror.jpg
16
Documented Cyber Attacks Against The United
States

• In 2001, the Code Red and NIMDA computer viruses
  attacked United States systems in both the public
  and private sectors.
• Research has indicated that it would have taken 2
  to 3 months of security audits to find the
  vulnerabilities that both viruses exploited.
• Code Red infected over 150,000 computer systems
  in only 14 hours (see graphic).
• NIMDA had infected computers in almost every part
  of the globe in less than an hour. Globally the
  damage was estimated at 13 billion.

Source Http//www.nsf.gov/news/mmg/mecia/images/c
aida_codered_f111.jpg
17
Humanity Greatly Depends On The Internet For
Survival

• Information Systems maintain the distribution of
  food and medicine across the supply chain to
  consumers.
• Information Systems regulate the stock market and
  banking systems.
• Information Systems are used by the Department of
  Defense to monitor and maintain U.S. national
  security.
• The breakdown of the Internet and related
  technologies for an extended period of time could
  endanger human lives and could be the downfall of
  our civilization.

18
Could The Breakdown of Critical Infrastructures
Happen By Accident?

• In 2001, a freight train derailed in a Baltimore
  tunnel and started a massive fire while
  underground.
• Fiber optic cabling that serviced the Internet
  backbone ran through the tunnel and was damaged.
• As a result, along the Eastern Seaboard there was
  no Internet Service or the service was
  considerably slow.

Source Http//www.baltimoresun.com/geatures/bal-t
rainfiregallary, 0,1855948.photogallery?index8
19
Who Is To Blame For Cyber-Terrorism?

• Many unfriendly nation states have
  cyber-terrorism and cyber warfare units. These
  include
• Russia, China, Iran and North Korea.
• All of these countries listed could possibly
  bring down civilian and military critical
  infrastructures if given the chance or
  opportunity.
• Think of cyber warfare a a poor mans atomic
  bomb.

Source Http//www.treachery.net/images/the_myth_o
f_cyber-terrorism.jpg
20
Government SimulationEligible Receiver

• In 1997, the NSA implemented a simulation to
  measure the vulnerabilities of the DoD and
  National Security computer systems.
• 35 NSA agents posed as hackers.
• The agents were only allowed to use any online
  resources and not break any U.S. or International
  laws.
• With little effort the agents were able to break
  into the U.S. Pacific Command where they could
  have crippled the entire Pacific Fleet of
  Operations.
• The breeches of security were never detected.

21
Governments Report Card On Cyber Security

• In 2003, the Washington Post printed a story that
  many IT professionals are worried about the
  Governments ability to defend against a major
  cyber attack.
• A survey was conducted by the House Government
  Reform Subcommittee On Technology with disturbing
  results.
• Over ½ of the Federal Agencies surveyed received
  a D or F.
• The DHS that is entrusted to protect the U.S.
  against terrorist attacks received an overall F.

Source Http//troublepholadelphiaweekly.com/archi
vers/report.card.jpg
22
How to Protect the United States?

• Home and small business users must employ
  Internet Security Suites with anti-virus and
  firewall software.
• Large Enterprises (corporations, educational
  institutions, or government organizations) must
  have adequate information security policies in
  place.
• Critical infrastructures (public and private
  sectors) must unite and share information about
  security weaknesses.
• There must be more research and development in
  the area of cyber security.

23
Hardware Software VendorsNeed More Regulation

• For example, CISCO and Microsoft have had
  security vulnerabilities with some of their
  products.
• At times both companies have not released
  information about the proper patches within a
  reasonable amount of time with the of fear of
  loosing any market share.
• The Feds must employ regulations on the reporting
  of such vulnerabilities and their should be
  financial penalties if information is not
  released.

24
What Should the Federal Government Do?

• The Federal Government must set up regulations on
  the reporting of security vulnerabilities in IT
  products.
• IT companies should be obligated to notify the
  DHS if they have any evidence that any security
  vulnerability was exploited by hackers or
  terrorists.
• There should be strong penalties if any
  vulnerability was exploited and not reported
  especially if any personal information was lost
  or stolen.
• Businesses, IT companies, and ISPs must have
  strong and sound computer security policies in
  place.

25
Conclusion

• The United States most likely will face a major
  cyber attack in the next decade.
• Historians have labeled this day an Electronic
  Pearl Harbor.
• Computers and the Internet are two of mankinds
  greatest accomplishments and humanity depends on
  these for its survival.
• If the United States takes the proper steps to
  secure its critical infrastructures and
  cyberspace an attack might not be prevented
  however, its impact and after effects could be
  greatly minimized.

26

• In order to prevent ourselves from creating our
  own extinction, Americans as well as our
  government and its political leaders must
  understand the differences among cultures in the
  world.
• Quote from the late President John F. Kennedy
• Our problems are manmade therefore, they can
  be solved by manNo problem of human destiny is
  beyond human beings
• Our most basic common link is that we all
  inhibit this planet. We breathe the same air.
  We all cherish our childrens future. And we are
  all mortal

27
Cyber-Terrorism Are We Prepared?
Source http//cache.trafficmp.com/tmpad/content/n
etflix/0207/0107_001_A_720300_A_200727181937.htm