Transcript Countermeasures to consider in the Combat against

Countermeasures to consider in the Combat
against Cyberterrorism
Namosha Veerasamy and Dr. Marthie Grobler
Council for Scientific and Industrial Research
Pretoria, South Africa
Slide 1
© CSIR 2006
www.csir.co.za
Modern Urban Battles
• The US and Iraq
• Middle East unrest
• Georgia and Russia
• Zimbabwe
• India and Pakistan
• China and Tibet
Slide 2
© CSIR 2006
www.csir.co.za
Known Terrorist Groups
•
•
•
•
•
•
•
•
Slide 3
Al Qaeda – Afghanistan
Basque Fatherland and Liberty (ETA), aka Euzkadi Ta
Askatasuna- Spain
HAMAS (Islamic Resistance Movement)
Hezbollah aka Islamic Jihad-Liberation of Palestine
Irish Republican Army (IRA)- Ireland
Kurdistan Workers Party (PKK) – Turkey
Liberation Tigers of Tamil Eelam (LTTE)-Sri Lanka
Revolutionary United Front (RUF) – Sierra Leone
© CSIR 2006
www.csir.co.za
Introduction
•
•
•
•
Slide 4
Convergance of fear-causing world of terrorism with
abstract realm of cyberspace
Use technical security exploits
Stem from social, political and religious views
High-level view of countermeasures in the fight against
terrorism
© CSIR 2006
www.csir.co.za
Other definitions: Pollitt
•
•
•
Slide 5
“Cyberterrorism is the premeditated, politically motivated
attack against information, computer systems, computer
programs, and data which result in violence against
noncombatant targets by sub national groups or
clandestine agents “
Malicious use of Information, Communication and
Technology (ICT) Infrastructure
Cause harm and distress
© CSIR 2006
www.csir.co.za
Most cited definition from Denning:
• “Cyberterrorism is the convergence of terrorism and cyberspace.
…unlawful attacks and threats of attack against computers,
networks, and the information stored …done to intimidate or
coerce a government or its people in furtherance of political or
social objectives. Further, to qualify a cyberterrorism, an attack
should result in violence against persons or property, or at least
cause enough harm to generate fear. Attacks that lead to death
or bodily injury, explosions, plane crashes, water contamination,
or severe economic loss would be examples. Serious attacks
against critical infrastructures could be acts of cyberterrorism,
depending on their impact. Attacks that disrupt nonessential
services or that are mainly a costly nuisance would not.”
Slide 6
© CSIR 2006
www.csir.co.za
Characteristics
Cheap
Anonymous
Varied
Enormous
Remote
Direct Effect
Automated
Replicated
Fast
Operating
Forces
Social Factors
Culture
Beliefs
Political Views
Upbringing
Personality Traits
Techniques
Objectives
Slide 7
Target/Focus
Transportation
Utilities
Financial sector
Telecomms
Emergency Services
Government
Manufacturing
Practices
Deface web sites
Distribute disinformation
Spread propaganda
DOS using worms and
viruses
Disrupt crucial systems
Corrupt essential data
Steal credit card info for
funds
Malicious Goals
Protest
Disrupt
Kill/Maim
Terrify
Intimidate
Meet demands
Sensitive Info
Affect crucial services
Publicity
© CSIR 2006
Solicit money
Types of Terrorism
Religious
New Age
Ethnonationalist
Separatist
Revolutional
Far Right Extremist
Attack Levels
Simply
Unstructured
Advanced
Structured
Complex Coordinated
Capabilities
Education
Training
Skill
Expertise
Financial support
Resources
Intelligence
Insider knowledge
Modes of
Operation
Perception
Management &
Propoganda
Disruptive Attacks
Destructive Attacks
Support Functions
Recruitment
Training
Intelligence
Reconnaissance
Planning
Logistics
Finance
Propaganda
Social Services
www.csir.co.za
Insurgent groups and terrorists
Revolutionary
Ethnonationalist
separists
Religious
Far-right
extremists
New Age
Target
Government
Slide 8
State
Public
© CSIR 2006
www.csir.co.za
Critical
infrastructure
Types of Terrorism
•
•
•
•
•
•
•
Slide 9
Motivation: religious, political and social
Religious- theological beliefs
New Age- usually focus on one issue (eg animals)
Ethnonationalist separatist: establish new political order
based on ethnic dominance
Revolutionary (Terrorism to the left): seize political power
Far-right extremist (Right- wing): certain people are
inferior
“Cyberterror: Prospects and Implications,” published in August 1999 by the Center for the
Study of Terrorism and Irregular Warfare at the Naval Postgraduate School (NPS) in
Monterey, California (2004)
© CSIR 2006
www.csir.co.za
Types of Terrorists (Cont…)
• Religious/Theological beliefs
• Strong quasi-religious fanatical elements for only total certainty
•
•
•
•
•
•
of belief (or total moral relativism) provides justification for taking
lives ¹
Certainly of belief that justifies the taking of lives
Fastest growing type
Unfocussed and target the masses
Sacrifice one’s life
Simple unstructured does not cause mass destruction
Advanced - structured offer rewards and comply with ideology
•
1. Laqueur, W. (1996), "Postmodern Terrorism", Foreign Affairs, Vol. 75, pp. 24.
Slide 10
© CSIR 2006
www.csir.co.za
Types of Terrorists (Cont…)
• Etho-nationalist
• Fighting to establish a new political order based on ethnic
•
•
•
•
•
•
Slide 11
dominance/homogeneity. ²
Public recognition
Have shown violent tendencies but more targets of symbol of
state like public facilities, government representatives
Rely on sympathy from community
Cyberterror attacks that cause interruptions: DoD
Use ICT for propaganda and gathering support
2. Post, J.M. (2005), "The New Face of Terrorism: Socio-Cultural Foundations of Contemporary Terrorism", Behavioral Sciences & the Law,
Vol. 23, No. 4, pp. 451-465.
© CSIR 2006
www.csir.co.za
Types of Terrorists (Cont…)
• Social-revolutionary
• Terrorism of the left
• Seek to overthrow the capitalist economic and social order 3
• Change structures and rules
• Focussed attacks on governments and corporations to
protest against commercial and capitalist regimes
•
Slide 12
3. Post, J.M. (2005), "The New Face of Terrorism: Socio-Cultural Foundations of Contemporary Terrorism", Behavioral Sciences &
the Law, Vol. 23, No. 4, pp. 451-465.
© CSIR 2006
www.csir.co.za
Types of Terrorists (Cont…)
• New Age
• The vulnerability of modern societies to unconventional attacks 4
• Use violence when traditional forms of campaigning to not yield
•
•
results sufficiently fast
Examples animal rights groups targeting pharmaceutical
companies using arson and sabotage
Anti-abortion and environmental groups
Disrupt e-commerce and web-based advertising
•
4. Gearson, J. (2002), "The Nature of Modern Terrorism", The Political Quarterly, Vol. 73, No. s1, pp. 7-24.
•
Slide 13
© CSIR 2006
www.csir.co.za
Types of Terrorists (Cont…)
• Right Wing
• Outsider” (eg. foreigners, ethnic and religious minorities) is
•
targeted as well as state itself, as they are seen as ineffective or
worse under the sway of the outsiders 5
Can be racist
Violence is acceptable form of demonstration
ICT for propaganda and disruption, selling survivalist gear or
distribution of material
Strong psychological roots of superiority
•
5. Michael, G. 2003, Confronting Right Wing Extremism and Terrorism in the USA, Routledge
•
•
•
Slide 14
© CSIR 2006
www.csir.co.za
Considerations
• Gangs, tribes, religious and ethnic groups yield power
• Blurred lines between civilian and military boundaries
• Consider at a high-level how people’s opinions are shaped
• Help show growth of insurgency in groups
• Cyberterrorism merge of terrorism and technology
• Countermeasures: psychological and technical
perspectives
Slide 15
© CSIR 2006
www.csir.co.za
Legal
Laws
Perception
management
Religious
Protocols
Media
Treaties
Fusion centres
Charities
Cultural centres
Policies
Peace-keeping
Education
Military response
Analysis
Humanitarian aid
Social
Slide 16
Economic
© CSIR 2006
Technology countermeasures
www.csir.co.za
Political
Legal and Political
•
•
•
Major focus should be law enforcement and military
response 1
Treaties, protocols, regulations and acts can ensures fair
conduct of relations between nations
Laws can help promote acceptable forms of protest and
consistent way of dealing with political and religious
fanaticism
1 A.K. Cronin, "The diplomacy of counterterrorism lessons learned, ignored and disputed," International Research Group on Political
Violence (IRGPV), pp. 1-8, 2002.
Slide 17
© CSIR 2006
www.csir.co.za
Legal and political
•
•
•
Slide 18
International presence eg. Interpol and Council of
European Convention on Cyber Crime combating
cyberterrorism
Military force to retaliate against attacks can also cause
group to hide and conduct underground operations
No longer simple task to target hierarchical groupsgeographically dispersed
© CSIR 2006
www.csir.co.za
Fusion Centres
• Intelligence
• cultural specialists
• security personnel
• linguists
• political military specialists
• engineers
• psychological operations
• media relations
• economic advisors
Slide 19
© CSIR 2006
www.csir.co.za
Humanitarian and peace-keeping
•
•
•
Slide 20
Assistance to people suffering from famine, repressions,
natural disasters and violence can help with conflict
resolution
Favourable response from the provision of money, food,
medicine, education, fuel and employment
Charity and education shows the effort to uplift the
community
© CSIR 2006
www.csir.co.za
Analysis
• Patterns
• Links
• Forensics
• Cultural
• Tribal
• Religious
• Communications linguistics
• Intelligence gathering from fusion and cultural centres
Slide 21
© CSIR 2006
www.csir.co.za
Technical Countermeasures
• Protective, detective and reactive
• CSIRTs
• Intrusion prevention
• Network monitoring
• Interception and blockage
• Disaster Recovery
• Forensics
Slide 22
© CSIR 2006
www.csir.co.za
CSIRTs
•
•
•
•
Slide 23
Computer Security Incident Response teams
Proactive: assistance with info to prepare and protect
systems, technology watch
Detective: Identify attack patterns, audits
Reactive: Service announcements, incident handling
© CSIR 2006
www.csir.co.za
Network monitoring
•
•
•
Slide 24
Detective
Jan 2008, Bush signed directive to monitor Internet traffic
on federal computers in response to large no. of attacks
Detection of suspicious behaviour: block web site, IP
address or port
© CSIR 2006
www.csir.co.za
Disaster Recovery Plan
•
•
•
•
Slide 25
Contact information for appropriate people
Critical devices
Procedures
Chain-of-command
© CSIR 2006
www.csir.co.za
Forensics
•
•
Slide 26
Cyberterrorism First Responders
Reactive to handle incident
© CSIR 2006
www.csir.co.za
Conclusion…
•
•
•
•
•
Slide 27
Cyberspace potential means through which terrorists
could cause chaos
Affect psyche of communities
Underlying political, social, religious reasoning for violent
and extremist behaviour
Summary of political, religious, legal, economic, social and
technical issues to combat
Include countermeasures like laws, fusion centres,
education, treaties, network monitoring and CSIRTs
© CSIR 2006
www.csir.co.za
Discussion…
Slide 28
© CSIR 2006
www.csir.co.za