Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by J. Andress and S. Winterfeld.
Cyber warfare is real. That’s why each Friday I will post a review on this book: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, and today I am sharing what I am reading in…
Chapter 6: Physical Weapons.
Chapter 6 it’s all about physical weapons. A key point is how both the physical and logical worlds are tied together in cyberspace. Computers and networks need buildings, utilities, electricity, cooling, etc. to operate. But it is also true that software and applications are what run and manage this infrastructure. These two worlds have a symbiotic relationship. Therefore, the strategy in cyber warfare, as in conventional, is understanding all aspects of a system and determining where are the vulnerabilities.
The logical world requires physical utilities to operate. That is why sometimes the best offense is not attacking the computers directly but rather the utilities and supporting infrastructure. As any general will tell you and any military strategy book with teach, supply lines can be the Achilles heel of any army. Computes and networks are no different. The attack can be physically from cutting wires to detonating EMP weapons. Attacks can also be logical from infecting a utility company’s computers to taking down an entire Supervisory Control and Data Acquisition (SCADA) system.
Probably the best example of a SCADA attack was with the Stuxnet malware. This piece of code was injected into Siemens controllers and other parts of the Siemens SCADA. Stuxnet is part worm, Trojan Horse, spyware and rootkit. It is designed to find a specific type of SCADA system, spread throughout, capture passwords and/or change application files, while all the time covering up its tracks to prevent detection.
The authors cite a number of different examples of supply chain disruption. These disruptions can be in the form of inferior components, compromising hardware, or even simple non-technical means. An attack can be something as simple as defective electronic components like a capacitor being sold to vendors to purposely inserting malware into software that you know your enemy is trying to steal and in turn infecting their entire network when they succeed. The attack could even be on the people with something like food contamination.
Finally, there is the outright physical attack. This might include sophisticated signal jamming, vandalism, Denial of Service, access into the building, eavesdropping or electronic “man-in-the-middle” message manipulation. Physical attacts are usually less covert but they can also introduce a level of fear that had not existed before. Even forcing people to change the usual habits can have devistating effects.
Overall, the message here is that anti-virus, firewalls and encryption is not enough to protect computer networks. Sometimes the best attack is simple and indirect. If security was simple then no nation or individual would spend the money they do to protect their valued assets. Even some of the most sophisticated systems can still be made useless with a simple pair of wire cutters two miles away. Security is an ongoing effort and that is why if your business has information that requires hardened protection, bring in experts to suggest the best ways of securing the information. Sometimes bring in more than one team.