Several recent technologies impacted and continue to impact cyber operations. We will cover some of the main ones and examples of how they can impact cyber operations.
Fig. 7.5 Classification of cyber operations (Hilfiker 2013)
151
Internet of Things (IoT)
In the IoT world, not only our computers, laptops, and smart phones are going to be connected to the Internet, have their own IP addresses, and be data receiving and sending nodes, but this can be extended to almost all entities or objects around us.
This will include, for example, our cars, houses, refrigerators, beds, toys, camera systems, garage doors, monitoring gadgets, utilities, and many others. How is that going to impact cyber operations?
From a cyber defense perspective, this can seriously complicate the cyber defense task and effort as adversaries can now have not only control on our laptops, desk- tops, or phones, but they can control things that can have more serious and direct impact on our life, safety, etc. This is particularly true as with the expansion of IoT applications and domains, IoT is deployed in hardware and physical components/
objects with very lightweight computing resources. This means that such objects are typically (1) slow in terms of how frequent updates they will go through. In other words, the cycle to discover and patch vulnerabilities in those objects is very long if compared with the cycle to do that with computing machines, servers, etc. This means also that (2) such objects typically have limited computing resources that limit defender options of security controls and mechanisms that can be deployed on those objects. For example, encryption methods are the most popular mechanism in security to protect confidentiality, privacy, etc. However, employing reliable and robust encryption schemes in many IoT environments can cause serious perfor- mance and efficiency issues. Typically, IoT networks contain IoT agents on the field for monitoring and collecting data and communicating such data with centralized servers or cloud services. Targeting the telecommunication channel between IoT agents and servers in any form of Man in the Middle (MiM) attacks will expose private or sensitive data and cause serious data breaches, privacy, or integrity issues.
On the cyber operation offense side, cyber warriors can deploy attacks that impact physical systems. One early example of malwares that impacted physical rather than software components was the virus: CIH, also known as Chernobyl or Spacefiller that targeted computers BIOSes. Stuxnet is another example of a mal- ware or specifically a worm that targeted SCADA systems, specifically Programmable Logic Controllers (PLC) in Iran nuclear program starting from the year 2010. Some of the recent action movies show cyber operations to control traffic lights, utility systems, etc. and those may not be far from reality.
Clearly, legal, confidentiality and privacy concerns are already serious issues in cyber operations. With the IoT and the fact that those objects can be part of all human life aspects and activities such concerns are getting even more serious.
Table 7.1 D&D methods matrix (Heckman et al. 2015) Facts/
fiction Deception revealing on our side Denial concealing on adversary side Facts Methods to show facts and truth after
adversary deceptions
Methods to conceal our facts from adversaries
Fiction Methods to reveal false information spread by adversary
Method to spread false information to adversaries
K0442: Knowledge of How Converged Technologies Impact Cyber Operations…
Safety is a key driver to security concerns in industrial control systems as they expand in terms of their network and Internet connectivity.
Availability of services in IoT environment is also important. Most of those IoTs or SCADAs can be deployed to monitor critical human life or infrastructure-related networks (e.g., water or power utilities). A denial of service attack that can bring such infrastructures down for several hours or days can impact directly human lives.
Timeliness and information availability when requested especially in critical sys- tems (e.g., health and aviation systems) is very critical. Denying the access to such information when requested will impact those critical system and result in serious life-threatening consequences.
Cloud Computing
Cloud computing offers users with infrastructure, computing, network, and data services online as an alternative to local assets. Cloud computing brings opportuni- ties to cyber operations as well as challenges. Cloud computing offers access to data from the cloud, from anywhere, lowering the risk of data loss or corruption, and the costs associated with hosting and maintaining locally the data and infrastructure.
For cyber operations training, students can have access to training portals and labs from anywhere and can attend and participate in all courses and trainings virtually, from home, or while they are deployed in the field. Brining all resources and facili- ties to the soldier in the battlefield is possible on their lightweight portable equip- ment. This same advantage can be a disadvantage if such information is also available (e.g., through hacking or illegal methods) to adversaries to either acquire and take advantage of or destroy and deprive us from utilizing.
From a defense perspective, as more and more public and private infrastructures and assets are moving to the cloud, the concerns are that hackers and adversaries can now have more targets to attack and impact our systems and infrastructure.
Security is the biggest concern in cloud computing. In the USA, most government contracts for cloud services have restrictions on who, how, and where cloud services can be provided and data can be hosted. In 2012, US DoD issues a cloud strategy to take advantage of cloud computing services while ensure only certified public or private providers are allowed to offer such services. In 2016, DOD finalized the defense federal acquisition regulation supplement rule on network penetration reporting that standardizes infrastructure requirements (GAO 2017).
Smart Phones
Currently, mobile phones provide services beyond the classical phone calls. Those services are gradually converging to the same services can be offered by computing desktops or laptops. On the other hand, as smart phones accompany users almost everywhere, they can provide valuable location-based information.
153
Wireless transmissions are not always encrypted. Information such as emails sent by a mobile device is usually not encrypted while in transit. In addition, many applications do not encrypt the data they transmit and receive over the network, making it easy for the data to be intercepted. For example, if an application is trans- mitting data over an unencrypted WIFI network using http (rather than secure http), the data can be easily intercepted. When a wireless transmission is not encrypted, data can be easily intercepted by eavesdroppers, who may gain unauthorized access to sensitive information (e.g., host computers) without the need to be host adminis- trators, power users, or even users in those local hosts. Their root level role implies having an administrator privilege in all network or system resources.
You could connect to an unsecured network, and the data you send, including sensitive information such as passwords and account numbers, could potentially be intercepted. Many attackers can possibly create “free WIFI” networks to be used as honeypots. They can provide users with free Internet access while intercepting and spying on their sensitive data. In mobile operating systems, it is unconventional to allow users to have “root” access to the operating system. This “privilege elevation to root” is called jail-breaking. Users are not recommended to try to perform jail- breaking, using certain methods or tools. This may open the operating system for several possible vulnerabilities and break the pre-designed operating system secu- rity architecture (Alsmadi et al. 2018).
A user of an Apple mobile phone can have the ability to wipe their phone remotely using a mobile device management (MDM) server and iCloud or ActiveSync. All files will be then inaccessible and new user may need to create a new encryption with their new OS installation. System can also be automatically wiped after several unsuccessful PIN attempts. They can also lock their phones. In recent investigations, there were some cases that FBI requested access to credentials of iPhone that were locked (e.g., see CBS 2016). On the other hand, black market provides all types of support and mechanisms to jail-break phones and counter acti- vation or service provider locks.
Using smart phones is convenient and no one can afford abandoning them these days. On the other hand, they can be a weak point through which hackers or adver- saries can target or track humans and their data. Their weakness does not only arise from the fact that they can be always used to track human targets, but also because they tend to have weaker overall security controls when compared with desktops or laptops (Underwood 2018).
Smart phones most popular attack types include: scams, phishing, data stealing and spying apps, malware and ransomware.
Online Social Networks
Online social networks (OSNs) provide a wealth source of information for cyber operations. They allow each individual in the world to be an information source.
Users share different types of information, activities, articles, and also contribute
K0442: Knowledge of How Converged Technologies Impact Cyber Operations…
to others’ activities. Users can be source of news and not only news receivers.
From a security intelligence perspective, the ability to communicate with any individual around the world became very easy. Given that it is impossible to hire a large number of security intelligence personnel to be able to track all types of information from OSNs, outsourcing this to a large open network of volunteers is possible. We described earlier, different attempts to build open channels of secu- rity intelligence and operations around the world to exchange cyber threats’
information.
Smart phones are now available all over the world and the use of OSNs is also popular even in regions where income levels are low, so there are few barriers to using this technology to share information. The speed to transfer the intelligence or the information is also very short (NATO 2016).
With the continuous increase of using different OSNs by humans all over the world, tasks to collect human intelligence and aggregating such intelligence with location, activities, interests, etc. became easier and handier to acquire.
The wealth of information provided by OSNs is available for friends as well as foes or adversaries. Several studies showed serious concerns of private or sensitive information leakage through OSNs. Those may not be as a direct exposure from government or military personnel, but through their families and spouses (Cho et al.
2016).
In cyber offensive operations, accounts in OSNs can be targets to expose and steal private information. In some other cases, cyber attackers may try to intrude those accounts and post activities on behalf of account owner. Other offensive goals in OSNs can be simply preventing legitimate users from the ability to access and use their accounts in those OSNs, typically temporarily, Fig. 7.6: (NATO 2016).
Fig. 7.6 A sample of OSN cyber-attack (NATO 2016)
155