Inside Cyber Warfare - Jeffrey Carr [113]
Hostage 1
The pervasive use of the Microsoft Windows operating system (OS) throughout the federal government but particularly within the Department of Defense, the intelligence community, and privately owned critical networks controlling the power, water, transportation, and communication networks
Hostage 2
The uninterrupted, sustained economic growth of US Internet service providers, data centers, and domain name registrars who profit by selling services to criminal organizations and nationalistic hackers that prefer the reliability and speed of US networks to the ones found in their own countries
In this case, the best solution, bar none, is to metaphorically “shoot the hostage,” thus denying an adversary both of his weapons (1) malware configured for the Windows OS and (2) his attack platform—the most reliable Internet services companies in the world.
Shoot the first hostage by switching from Microsoft Windows to Red Hat Linux for all of the networks suffering high daily-intrusion rates. Red Hat Linux is a proven secure OS with less than 90% of the bugs found per 1,000 lines of code than in Windows. Many decision makers don’t know that it is the most certified operating system in the world, and it’s already in use by some of the US government’s most secretive agencies. Computers are changed out every three to four years on average anyway, so the monetary pain is probably not as great as it might seem. The benefit, however, would be immediate.
The data from Kaspersky Lab in Figure 13-1 shows how few malware have been developed for operating systems other than Windows. Linux certainly has its vulnerabilities, but the math speaks for itself. Shoot Windows and eliminate the majority of the malware threat with one stroke.
Shoot the second hostage by cracking down on US companies that provide Internet services to individuals and companies who engage in illegal activities, provide false WHOIS information, and other indicators that they are potential platforms for cyber attacks.
Figure 13-1. Kaspersky figures on malware distribution by OS
The StopGeorgia.ru forum—whose members were responsible for many attacks against Georgian government websites, including SQL injection attacks that compromised government databases—was hosted on a server owned by SoftLayer Technologies of Plano, TX.
The distributed denial of service (DDoS) attacks of July 2009 that targeted US and South Korean government websites were not controlled by a master server in North Korea or China. The master server turned out to be located in Miami, FL.
ESTDomains, McColo, and Atrivo—all owned or controlled by Russian organized crime—were all set up as US companies with servers on US soil.
The Russian criminal underground prefers to host their web operations outside of Russia to avoid prosecution. And the robust US power grid, cheap broadband, and friendly business environment makes this country the ideal platform for cyber operations against any target in the world, including the US government.
Congress needs to send a strong signal to US Internet hosting and service provider companies that profit must be tempered by due diligence and that they are, effectively, a strategic asset and should be regulated accordingly.
Neither of these recommendations is politically safe. However, the United States is now facing a serious threat from a new domain with so many evolving permutations that senior leadership, both civilian and military, seem to be standing still. And that’s absolutely the wrong strategy to employ.
The United States Should Use Active Defenses to Defend Its Critical Information Systems
By Lieutenant Commander Matthew J. Sklerov [40]
Cyberspace is a growing front in 21st-century warfare. Today, states rely on the Internet as a cornerstone of