As with any project, financial support is required; this was provided through the UKZN Doctoral Grant and LEDGER Program of Armscor and the Department of Defence, through the Cyber Defense Research Group under the Defense, Peace, Security and Security Council for Scientific and Industrial Research. The overall objective of the study is to provide a vulnerability assessment of the mobile communications infrastructure to information warfare attacks; this study has a South African focus. The mobile infrastructure was chosen as the infrastructure and mobile devices incorporate the majority of modern ICT technologies, namely social networks, wireless connectivity and mobility, mass storage as well as the telecommunication elements.
Use the information gathered in a vulnerability assessment to assess the vulnerability of mobile infrastructure and connected devices and services. Primary and secondary data show that attacks on confidentiality are most prevalent in both computer networks and mobile infrastructure. Key aspects of vulnerabilities in mobile infrastructure are highlighted; the apparent heavy load on mobile infrastructure in South Africa can be considered a high-risk vulnerability.
268 Table 7.6: Time to network saturation (minutes) for various initial infections and additional uploads, with hardware limits of 2500 messages/s.
List of Abbreviations
Introduction
- Introduction
- Background
- Problem Statement
- Objectives and Methodologies
- Develop a Vulnerability Assessment Framework
- Data Gathering on Incidents and Attack Trends
- Establish the Mobile Infrastructure as Critical
- Application of the Framework to the Mobile Infrastructure
- Secondary Objectives
- Relevance of the Study
- Layout of the Thesis
- Research Output from the Thesis
- Writing Conventions
- Conclusion
Due to the prevalence of the mobile infrastructure, it can be considered critical and a vulnerability assessment should be carried out. The main aim of the thesis will be to provide a vulnerability assessment of a generic mobile infrastructure in a South African environment. The expert interviews will provide insight into their perceptions of the relevance of the mobile infrastructure to the critical information infrastructure.
Secondary data and incidents from the trend and incident analysis will also provide insights into the criticality of the mobile infrastructure. Therefore, a holistic vulnerability assessment of the mobile infrastructure can be considered relevant to South Africa's defensive IW concerns and socio-economic prospects. This is related to the objectives of collecting data on trends and determining the criticality of the mobile infrastructure.
The critical aspects of the mobile infrastructure are summarized, the threats, vulnerabilities, impacts and risks are assessed and evaluated.
Literature Review
- Introduction
- Information, Data, and Knowledge / Information Theory
- Information Warfare
- Definitions
- Models
- Information Warfare Domains, Arenas and Constructs
- Strategic Information Warfare
- The Application of Information Warfare
- Network Warfare
- Network Warfare Attack
- Network Warfare Defence
- Network Warfare Framework
- Cyber-Conflict Spectrum
- Electronic Warfare
- Electronic Attack
- Electronic Support
- Electronic Protection
- Signal Detection and Interception
- Jamming of Radio Communications
- Critical Infrastructure Protection
- Defining Critical Infrastructures
- Critical Infrastructure Interdependencies
- Critical Information Infrastructure Protection
- Critical Infrastructure Protection and Information Warfare
- Risk and Vulnerability Management
- Vulnerability and Risk Assessment Techniques
- Frameworks and Processes
- Relating Risk and Vulnerabilities to Critical Infrastructure Protection and Information Warfare Information Warfare
- Modern Information and Communications Technology
- Universal Serial Bus
- Wireless Networking
- Mobile Phone Infrastructure
- Cloud Computing
- Chapter Summary
The value of the information can also be used in risk calculations, which are discussed in section 2.7. The models discussed are relevant to the proposal for the new IW model in Chapter 4. However, the availability of information can be attacked, as will be discussed in Section 2.3.2.2; therefore, it remains as part of the CIA triad for the purposes of this thesis.
Authenticity can be considered part of integrity, as misattribution reduces the quality of the information. Electronic Warfare: "Communication battles in the areas of the physical transmission of information (radioelectronic) and the abstract formats of information (cryptographic)". Deception can be used to actively influence the integrity of an adversary's intelligence gathering efforts.
Finding the balance between the sensitivity of the IDS can be difficult (Pfleeger & Pfleeger, 2003). Electronic warfare is the use of electromagnetic (EM) energy to disrupt or deny an adversary's use of the EM spectrum (EMS) and ensure the availability of the EM spectrum for their own use. Where ERPj is the effective radiated power of the jammer (in dBm), ERPs is the effective radiated power of the desired signal transmitter (in dBm), Lj is the propagation loss from the jammer to the receiver (in dB), Ls is the propagation loss of the jammer desired signal (in dB), Grj is the gain of the receiver in the direction of the jammer (in dBi), and Gr is the gain of the receiver in the direction of the desired transmitter (in dBi).
This has also resulted in a reorganization of the main sectors (Department of Homeland Security, 2010). This is related to the will component of IW as discussed in Section 2.3.3; destroying or damaging these monuments can affect the morale and will of the public. One of the more common calculations for determining risk is that it is the product of the probability of an event occurring (ie, the probability of a threat exploiting a vulnerability) and the magnitude of the impact or loss (Boehm, 1991) , as illustrated in Equation 2.16.
These frameworks are relevant to the development of the new vulnerability assessment framework proposed in Chapter 4. MEII, however, was proposed in response to the threat of a cyberattack on the United States' information infrastructure. Vulnerability – the likelihood that an asset will succumb to a threat that has been implemented;.
For the purposes of the treatise, the SDCCH will be the primary channel considered in Chapter 7.
Methodology
- Introduction
- Administrative Process
- Ethical Clearance
- Desk-Based Research
- Creating the Models
- Applying the Proposed Models
- Trend and Incident Analysis
- Mathematical Calculations
- Simulations
- Conclusions and Recommendations
- Interviews
- Workshop
- Survey
- Chapter Summary
Several research methodologies are designed to fulfill the four main objectives of the research study. This will be based primarily on desk work and will be an extension of the discussions on vulnerability and risk assessment from the literature review. This will primarily be office work where the proposed IW model will be integrated into the analysis of vulnerability and risk assessment frameworks.
The chapter is structured as follows: Section 3.2 describes the administrative process, especially the defense and acceptance of the research proposal, and the ethical clearance process. A primary objective of the study was to develop and propose a vulnerability assessment framework from an IW perspective. The information warfare lifecycle model was also used in the development of the vulnerability assessment framework by relating IW characteristics to components of vulnerability and risk assessments.
The application of the proposed framework for vulnerability assessment constitutes one of the main goals of the research. The proposed IW model is used to analyze these events (as described in the documents) and categorize the event characteristics. The conclusions are drawn from the analysis of the collected data and from the results of the vulnerability assessment.
Where necessary, the organizations of the potential respondents were approached to obtain permission from the gatekeeper. Five of the confirmations came from international experts and ten from South African experts. The importance of the different topics was inferred from the amount of time spent on that topic.
The full study was not completed due to the acceptance of the proposal, which required limiting the study to the most promising aspects. The information is triangulated through the implementation of the proposed vulnerability assessment; from this, conclusions can be drawn regarding the vulnerability of the mobile infrastructure.
New Models
- Introduction
- Information Warfare Model
- Information Warfare Definition
- Extended Model for Information Relationships
- Information Warfare Domains
- Information Warfare Constructs and Spheres
- An Offensive and Defensive Information Warfare Model
- Application of the IW Lifecycle Model
- Infrastructure Vulnerability and Risk Assessment Framework
- Infrastructure Vulnerability Framework
- Framework Application Example
- Chapter Summary
Following the discussion in Section 2.3.3, the following model is proposed that describes the IW construct of the SANDF in the spheres of IW. The enabling domain consists of IW functional areas that can be used to perform or influence the application domain. Mobile phones and online social media again appeared to be crucial for organizing demonstrations (Hendawi, 2011).
The framework results in a single metric or number for infrastructure vulnerability and risk. For each of the modified SWOT elements, some variables must be evaluated for the IW situation. Examples of risk matrices used in the process are presented in Table 4.4 and Table 4.5.
Up to this point, the identified vulnerabilities and the risks associated with them have been assessed; vulnerability and risk assessments of the entire infrastructure must be determined. The social impact can be considered low, due to the origin of rumours. Since the cloud connection depends on the operation of the gateway, this can be considered a feature or a focal point.
Should the organization's gateway be exposed to a DoS attack, the availability of the cloud services will be severely hampered. The required capacity can therefore be assessed as medium; using table 4.5, the vulnerability assessment is seen to be high. According to Hayden's priorities (described in section 4.3.2.2), the impact of a breach of confidentiality or integrity can be assessed as very high.
The functioning of cloud services is dependent on the correct functioning of the organization's Internet Service Provider (ISP). Using the modified FAIR method (Table 4.3) and the risk matrix (Table 4.4), the risk rating is determined.
Trend and Incident Analysis
- Introduction
- Information as a Strategic Asset
- A History of Strategic Information
- Conflict and Competition in an Asymmetric and Unconventional Environment
- The Application of Trend Analysis to Information Warfare and Security
- Summary
- Trends in Conflicts and the Impact on Information Warfare
- Background to the Sample Conflicts
- Conflict Trends
- The Impact on Information Warfare, and its Future Roles in Conflict
- The Weaponisation of the Internet
- Solar Sunrise
- Maroochy Water Services
- Titan Rain
- Estonia
- Georgia
- The GhostNet Cyber-Espionage Attacks
- DDoS Attacks on South Korea and the United States
- DDoS Attacks on Twitter
- The Shadow Network: Cyber-Espionage 2.0
- Operation Aurora: Cyber-Espionage on Google
- Myanmar/Burma
- Malware
- Other Incidents
- Discussion of Incident Trends
The fall of the old gods in Norse mythology was due to the use of information by the trickster god Loki. A trend line was then fitted to the data points using the trend line option in Microsoft Excel and the trend line equation was plotted. The chronological order of conflicts and incidents is shown in Figure 5.4; however, they will be discussed in groups according to the topics in section 5.3.1.
The potential use of such an attack was seen in the Georgian conflict, where a DoS attack disrupted Georgian communications during the initial stages of the Russian invasion. The use of the broadcast media for the dissemination of hate speech illustrates a convergence of psychological operations with electronic warfare, as the transmissions may be intercepted. IIW – Information Infrastructure Warfare PSYOPS – Psychological Operations Figure 5.6: The Convergence of the IW Functional Areas.
The timing and source of the attacks led experts to believe that they were state sponsored (Cordesman, 2000). Using the IW lifecycle model, the motive for the attacks is political espionage in the context of political tensions between the Dalai Lama's office and China. This means using freely available online public communication and social applications as part of a spy network.
As with the GhostNet spy network, attackers can gain complete control of infected computers (South African Press Association, 2010). This further illustrates the use of the Internet as a vector for espionage; and the increasing number of such attacks coming from China is resulting in growing concern. Anti-government websites hosted abroad were targeted by DDoS attacks as early as 2010 (Labovitz, 2010).
The motivation of the attacks seemed political; Due to the scale of the attack, it can be assumed that a large botnet was used to effectively deny international connectivity. These attacks resulted in the websites of media, non-governmental organizations and political parties becoming inaccessible.
