Hundreds of Columns Sorted by Topic
Cyber Security: Protection Against Cyberwarfare
by Antonio Nucci, CTO
10/10/2008
Cyberwarfare has been a long time coming, and it will soon affect a computer near you. It goes far beyond the type of college-hijinks hacking seen just a year ago. This phenomenon occurs in a parallel virtual world, and is essentially the "New Cold War." Instead of seeking protection against physical armies using guns and bullets, institutions must guard against virtual armies whose weapons of choice are worms and viruses. With so much of our world's economy dependent upon the Internet to function, cyberwarfare is a very real threat that merits close attention to cyber security.
Unfortunately, many institutions -- including governments -- are still using inadequate security devices to protect their valuable infrastructures. With such threats imminent, a new way of thinking -- and a new brand of security -- is required to adequately protect our world's networks. Cyber security fits this bill. Cyber security is the ability to protect both the physical infrastructure of the Internet and the traffic or content either traversing through the Internet or resident on the Internet.
A Global Issue
The first step in combating cyberwarfare is convincing the world that it is, in fact, a very real threat. Everyone in the world is connected via the Internet, and most are protecting their small pieces. One weak link -- and rest assured, there are many out there -- and an entire country can be brought to its knees.
Converge! One Minute Videos
For a few weeks, the world took note of cyberattacks launched against Estonia, triggered by social unrest. On April 27, 2007, Estonian officials relocated a Soviet-era war memorial commemorating an unknown Russian who died fighting the Nazis. The relocation of the "Bronze Soldier" incited riots by ethnic Russians and the blockading of the Estonian Embassy in Moscow. The move also spurred a DDoS attack on several Estonian national Web sites, including those of government ministries and the prime minister's Reform Party. The country was forced to shut down key computer systems for their own protection. Yet Estonia's albeit brief resulting economic paralysis was not enough to upend the general apathy toward cyberwarfare and take critical cyber security measures.
In reality, any network connected to the Internet is vulnerable -- from networks in the stock market to air traffic control systems in major airports. As broadcast media transitions to IP-based video architectures to keep rapt viewers abreast of global happenings, they, too, make themselves vulnerable to cyber attacks. In fact, with continued coverage of social and political unrest in sensitive Chinese territories, media outlets have already felt a backlash. Last April, it was reported that a group of hackers were going to launch a DDoS attack against CNN for its coverage of China and Tibet. Although this particular attack was called off, the initial intention caused a global volley of retaliation. Reprisals in the form of DDoS attacks plagued pro-Chinese sites, and were traced back to IP addresses in Europe and Spain.
The Estonia and CNN.com attacks are just two examples indicating cyberwarfare is not only a real threat, but also a global issue -- one that must be fought proactively and with ingenuity. However, many in the industry believe that only a major event -- felt globally -- will spark action to take cyber security seriously and adequately secure our world's networks.
The question of whose responsibility it is to secure these networks is still on the table. Some believe a combination of government-provided security and carriers protecting their own infrastructures is the answer. Regardless, given the interconnected nature of the Internet's infrastructure, one thing is certain: International cooperation is essential. Currently, some 70 percent of the world's Internet traffic flows through the United States. That will change over the next several years, as foreign countries enact plans for major distribution points to be set up overseas. This will give rise to an entirely new thought process about protecting borders. One proposal, borne from the Group of Eight summit, was to establish a trusted entity -- a "United Nations of the Internet" -- responsible for ensuring the traffic moving from one country to another is protected and can be trusted.Embodiment of Cyber Security: Real-Time Traffic Intelligence System
Historically, carriers purchased siloed applications and installed them incrementally to address specific needs, each of them deployed to solve a specific problem such as security. These security solutions include firewalls, intrusion detection systems, security event managers and network behavior anomaly detection. Each of these solutions brings something novel and important as a fundamental security shield against an ever-growing number of threats. But a system that leverages the strengths of each can provide the level of protection needed for a carrier-class network. In this new, virtual world, having a firewall or an intrusion-detection system is not good enough. In fact, having both is not good enough. The best protection against cyberwarfare is to initiate a "real-time traffic intelligence system" to guard against attacks -- cyber security that constitutes a cyber command and control center, in essence.
Real-time traffic intelligence is the ability to understand all IP traffic across the entire network, from the lowest layers in the network -- layer 2 -- to the application layer in the network -- layer 7. A comprehensive real-time traffic intelligence system is designed to offer a series of fundamental operational values that ensure a secure network:
- Provides flexible normalization, scalable correlation and sophisticated statistical analysis of multi-typed information. It leverages the network infrastructure to provide network operators with 24/7 traffic monitoring and a prompt detection of traffic abnormalities. Such events are displayed with enriched records of information to enable the operator to carry out a thorough, easy and guided troubleshooting process.
- Provides extensive forensic analysis of traffic abnormalities, facilitated by close interaction with the underlying network infrastructure. It enables the operator to understand the nature of the anomaly, the life-cycle of the anomaly and the impact of the anomaly on protocol and customers.
- Offers the operator a complete view of the anomaly and provides a vast set of actions from which to choose. The system has an inherent ability to identify which actions can be executed on a given network element, which elements the operator should act on, and guides the operator as to what kind of actions to take.
Acting as a coordinated system, real-time traffic intelligence is truly the only cyber security solution available that is sophisticated enough to deflect potential attacks.
In Conclusion
These days, the act of declaring war is not only decided by the head of a disgruntled nation. Modern war is no longer just the physical devastation of participant countries. Declaring war -- cyberwar -- can be decided by any number of the world's computer-savvy, malcontent citizens who have access to the Internet and an ax to grind. Cyberwarfare is clearly a serious threat that has the potential to devastate our global economy. The consequences will be disastrous if adequate cyber security measures are not taken to protect our world's precious networks.
About the Author
In his career, Antonio has published more than 30 papers for international conferences and professional journals, served on several Technical Program Committees (IEEE Infocom 2005/2006, ACM Sigmetrics 2005, IP-QoS 2005, LSNI 2005), and was referee for more than 130 papers from five different professional journals and 10 international conferences. He is a member of the IEEE where he was elected to the grade of Senior for contributions in the area of modeling and analysis of network performance.
Antonio received the Dr. Ing (B.S. and M.S.) and Ph.D. degrees in Electrical Engineering from Politecnico di Torino. He was also a scholar visitor at the Computer Science Department of the University of Montreal leading a project in optical networks.
About Narus
Narus is the leader in real-time traffic intelligence for large IP networks, and is the only company that provides security, intercept and traffic management solutions within a single, flexible system. With Narus, service providers, governments and large enterprises around the world can immediately detect, analyze, mitigate and target any unwanted, unwarranted or malicious traffic. Narus provides its customers with complete, real-time insight into all of their IP traffic from the network to the applications. Combined with the ability to enable numerous actions, Narus customers have the ability to take the most appropriate actions quickly. Narus' system protects and manages the largest IP networks around the world including AT&T, KT (Korea), KDDI (Japan), Telecom Egypt, Reliance (India), Saudi Telecom, US Cellular and Pakistan Telecom Authority. Narus is headquartered in Mountain View, California with regional offices around the world. For more information, please visit www.narus.com.
Send us your response to this article.
Learn How to Get Your Column Published on this Site
