Information Warfare: Good Robots Versus Bad Robots

Archives

August 17, 2011: As government and military organizations seek to improve their Internet defenses, they are finding that there are not enough qualified people available (at any price) to obtain the degree of protection desired. The current solution is automation and layers of protection, but even making these obvious solutions work has proved to be difficult.

The personnel shortage is particularly acute in the United States. There, the Department of Defense not only invented the Internet, they are also the single largest user. That also makes the Department of Defense the most vulnerable target for Cyber War attack. For that reason, the Department of Defense is again reorganizing its Internet defenses.

 The Department of Defense has nearly 2,000 networks, although not all are connected to the public Internet. There are two private Internets. NIPRNET is unclassified, but contained only traffic from Department of Defense users. Same with SIPRNET, but on this one, everything is encrypted, and you can discuss highly classified material, and even transmit it freely. The vast size and scope of the Department of Defense networks is actually a source of strength. An attack on these networks would have to be massive if it were to do any serious damage. That's because there is no central nerve center, no "Internet headquarters" you could take out. But wargames have been conducted, to play out various types of attacks on the Department of Defense networks, and much vulnerability has been noted. The latest efforts attempt to plug as many of these vulnerabilities as possible. But the wargames also noted that an attack large enough to trash the Department of Defense networks, could also cause enormous damage to the Internet as a whole.

 Thus the interest in using more automation to help sysadmins (systems administrators, who take care of the networks at the lowest level). Take, for example, the task of reviewing system logs. This is where one can find evidence of hacking attempts, or even successes that were not even noticed. Automated monitoring of the logs is increasingly common, as is the application of fixes for common problems. Automation, which can also be hacked, is seen as more of a help, than a potential vulnerability. The automated updates of the Windows operating system have proved to be a major source of trouble for hackers, undoing damage on a large scale, and doing it constantly.  The bad guys also use lots of automation to constantly sniff around the net for vulnerable targets.

All this is necessary because, after a slow start, the Internet has become a major tool for increasing productivity, and boosting morale in the American military. Once these benefits became apparent in the late 1990s, there was no going back. Thus the Department of Defense has become a major customer for anti-virus and other network protection software, and hardware. There's so much bad stuff prowling around the Internet these days, some of it controlled by foreign military and intelligence organizations, that the need to reduce the American vulnerability has been an ongoing high priority project. Part of the defense plan has been to loudly and officially forbid users from doing many common Internet tasks. For example, you cannot use your personal email account while on a Department of Defense PC (or at least most of them). No file sharing (P2P, Bit Torrent, Etc.), no unauthorized software or hardware on those machines either. And, definitely, absolutely, no forwarding of messages or files using a Department of Defense computer, unless authorized to do so. In other words, no playing around with your Department of Defense PC, unless you have permission to do so. Users are also getting more information on potential Internet dangers. Ignorance has proved to be a major liability in this area. So ignorance is being attacked with more education, more rules, and harsh punishments for those who break them.

The prohibitions and rules vary somewhat from service to service, and even within a service. The Department of Defense doesn't expect to eliminate all vulnerability, but to reduce it as much as possible. The next stage of the defense plan includes a lot more automated vulnerability testing, repair and updating. This is already common for many commercial users, but the Department of Defense wants to extend the process to cover just about everything.  The Department of Defense has also been getting customized versions of programs and operating systems, designed for military use and maximum protection.

The Department of Defense believes that every major nation on the planet has some offensive Cyber War capability, and is pretty certain that U.S. military networks have already undergone major attacks from China (probing, and collecting classified information), as well as Russia and even North Korea. There are also criminal gangs, specializing in cybercrime, hacking Department of Defense networks for a fee, or just doing it on spec, planning to sell anything valuable. The danger is growing, and if you don’t stay ahead of it, your Internet advantage turns into a liability.