Under Assault
As digital attackers get smarter, so must cybersecurity.
The good old days of network security are over. No longer can agencies protect vital information from clever hackers by building protective fences around their computer systems. Digital attacks are coming faster than ever and are more insidious.
In late 2004, for instance, "phishing" attacks nearly quadrupled from 9 million per week in July to 33 million per week in December, says Jonah Paransky, the senior manager for security product management at Internet defense firm Symantec Corp. Phishing is a form of identity theft that uses e-mails to trick computer users into surrendering personal information. Automated attacks that attempt to take over computers and use them as spamming platforms are being aimed at government systems with increasing frequency, he adds. "The behavior of the attacker looks to be changing." They're getting smarter and more aggressive. For government managers, this means that protecting information networks is more time-consuming than just a few years ago.
Networks and the way they're used have fundamentally changed as well, intensifying the security burden. Three years ago, some agencies didn't use e-mail; today, data nets are ubiquitous, supporting thousands of applications and programs. And as demands for information sharing among levels of government increase, more networks become connected. Consequently, their security is only as strong as their weakest link.
"It was easy to draw boxes around networks" to protect them, says Greg Akers, chief technology officer for global government solutions at San Jose, Calif.-based network builder Cisco Solutions Inc. But today, networks are more complex and accommodate the latest technologies. The bigger and more unique the networks, the harder they are to protect, Akers says.
What are agencies to do? The Bush administration is moving to help network defenders. The Office of Management and Budget wants to standardize information security processes, which could help agencies with fewer resources. But they still will have to get smarter and savvier about protecting their networks. Here's a look at some of the tools and techniques that experts believe will keep government on the cutting edge of security:
Smarter Firewalls
The firewall is probably the most basic network defense. But security designers want to make intelligent barriers that keep out dangerous traffic and let the good kind in.
Smarter firewalls would intercept data as it enters a network and let pass only that which meets certain standards. For example, attackers sometimes try to infect systems by making unusual or anomalous transmissions to servers. They tack a long string of malicious code, the keys to the infection, onto a normal transmission, such as a request for a particular document or access to a Web page. The firewall could be tuned to prevent this extraneous code from entering, effectively halting the infection attempt. The firewall gradually "learns" which data is potentially malicious.
Compare this technique to the size limits that airliners place on carry-on luggage. If a suitcase is outside the standard height and width dimensions, then it's not allowed onboard. Firewalls also reinforce restrictions.
Virtual Patches
The most common way to repair or block an infection is to patch the vulnerability in a system. But it can take security programmers days or weeks to build a patch, and digital attacks are appearing more quickly all the time.
Instead of waiting, a network can be scanned for a known vulnerability, and any malicious transmission that looks to be aimed at the weak spot can be stopped. These virtual patches are probably easier and less expensive to install and can be applied far more rapidly than traditional patches.
Think of virtual patches as the wanted posters of the Internet. If you know what a vulnerability looks like, then you've got a good idea of what the attack that will be used against it looks like, and you can block anything matching its description.
Hashing
A growing array of agencies, particularly those involved in homeland security and counterterrorism, are sharing information electronically. But how do they move data that refers to individuals, ongoing investigations or sensitive intelligence sources across networks securely and confidentially?
Hashing can help. Hashing algorithms, which are built into information-sharing programs, are used to garble an electronic transmission before it's sent and to decipher it when it arrives. Information is literally transformed by the hash function. Its digital signature, used to authenticate the identity of the sender, and the hash value that unencrypts the message are sent separately. When recipients receive the hash value, they can read the message.
These digital decoder rings will crop up more frequently in information-sharing programs and will be most attractive to agencies with a vested interest in preserving privacy and confidentiality.
Threat Intelligence
If monitoring a network is like forecasting the weather, then most computer users today learn only enough to protect themselves when a storm is upon them. That could change as cybersecurity firms do more widespread monitoring of the Internet for signs of trouble.
Threat intelligence entails watching wide swaths of a network for signals of the next vulnerability or attack. Monitors look for anomalous messages sent to particular data ports, for example, which might be telltale signs of a pending attack.
Just as meteorologists gather numerous pieces of intelligence to predict the weather, Internet forecasters try to find storms as they're brewing. Then, they can warn their clients and tell them how to batten down the hatches.
Insider Threats
The biggest threat to networks' security can come from inside an organization-from careless users who let in viruses through e-mail and from those who don't practice safe interactions. As networks become increasingly interconnected, agencies must beef up their own internal security and ensure their partners are working safely.
The most sensitive applications on a network and the points where networks connect will have the strongest security requirements. Users could be blocked from connecting unless they can prove their security procedures are up to snuff. This same technique can be used to control how people are connecting to a network and which data they can see-a good way to minimize information theft.
Digital fitness exams can be conducted automatically and provide the best assurance that the employees who are using a network aren't putting it in danger.
Risk Pool
Hiding in the muck are digital beasts such as worms, phishers and zero-day attackers.
New breeds of worms, viruses and other digital beasts are popping up all the time. Government networks are as vulnerable as any others. Here's a look at some of the biggest threats lurking online today.
Phishing: E-mails, often purporting to be from a bank or other financial institution, ask recipients to give the sender personal information, such as their names, bank account or credit card numbers, or Social Security numbers. Identity thieves can use the data or sell it on the open market.
Phishing is on the rise and takes various forms. In the last six months of 2004, Internet security company Symantec identified 10,310 phishing scams. The firm's researchers also found that more than half of the malicious digital code samples submitted by outsiders were designed to steal personal information.
Mobile worms: When the contents of television star Paris Hilton's personal address book ended up on the Internet, the world was alerted to a new variation of computer hacking. Hilton's combination mobile phone and contacts file was apparently infected with a virus that travels through the air and steals personal information. Viruses and worms once were confined to the Internet. Now, they've sprouted wings and are wriggling into wireless devices, imperiling cell phones, hand-held computers and the ever-popular BlackBerry and other personal digital assistants.
Zero-Day Attacks: The traditional hacker versus defender battle goes something like this: Someone discovers a vulnerability in a system, and users race to patch it before hackers exploit it. Increasingly, though, hackers are finding the holes before users or software makers. In these cases, they launch zero-day attacks. The infected users never know what hit them, because they had no idea they were vulnerable. Security experts warn that zero-day attacks will become more common as hackers discover holes in systems before their victims do.
NEXT STORY: System of Systems