ebook img

DTIC ADA554311: A Cyberworm that Knows no Boundaries PDF

0.73 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview DTIC ADA554311: A Cyberworm that Knows no Boundaries

CHILDREN AND FAMILIES The RAND Corporation is a nonprofit institution that helps improve policy and EDUCATION AND THE ARTS decisionmaking through research and analysis. ENERGY AND ENVIRONMENT This electronic document was made available from www.rand.org as a public service HEALTH AND HEALTH CARE of the RAND Corporation. INFRASTRUCTURE AND TRANSPORTATION INTERNATIONAL AFFAIRS LAW AND BUSINESS Skip all front matter: Jump to Page 16 NATIONAL SECURITY POPULATION AND AGING Support RAND PUBLIC SAFETY Browse Reports & Bookstore SCIENCE AND TECHNOLOGY Make a charitable contribution TERRORISM AND HOMELAND SECURITY For More Information Visit RAND at www.rand.org Explore the RAND National Defense Research Institute View document details Limited Electronic Distribution Rights This document and trademark(s) contained herein are protected by law as indicated in a notice appearing later in this work. This electronic representation of RAND intellectual property is provided for non- commercial use only. Unauthorized posting of RAND electronic documents to a non-RAND website is prohibited. RAND electronic documents are protected under copyright law. Permission is required from RAND to reproduce, or reuse in another form, any of our research documents for commercial use. For information on reprint and linking permissions, please see RAND Permissions. Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE 3. DATES COVERED 2011 2. REPORT TYPE 00-00-2011 to 00-00-2011 4. TITLE AND SUBTITLE 5a. CONTRACT NUMBER A Cyberworm That Knows No Boundaries 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATION RAND Corporation,National Security Research Division,1776 Main REPORT NUMBER Street, PO Box 2138,Santa Monica,CA,90407-2138 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR’S ACRONYM(S) 11. SPONSOR/MONITOR’S REPORT NUMBER(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF 18. NUMBER 19a. NAME OF ABSTRACT OF PAGES RESPONSIBLE PERSON a. REPORT b. ABSTRACT c. THIS PAGE Same as 55 unclassified unclassified unclassified Report (SAR) Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18 This product is part of the RAND Corporation occasional paper series. RAND occa- sional papers may include an informed perspective on a timely policy issue, a discussion of new research methodologies, essays, a paper presented at a conference, a conference summary, or a summary of work in progress. All RAND occasional papers undergo rigorous peer review to ensure that they meet high standards for research quality and objectivity. A Cyberworm that Knows no Boundaries Isaac R. Porche III, Jerry M. Sollinger, Shawn McKay Prepared for the Office of the Secretary of Defense Approved for public release; distribution unlimited NATIONAL DEFENSE RESEARCH INSTITUTE The research described in this report was prepared for the Office of the Secretary of Defense (OSD). The research was conducted within the RAND National Defense Research Institute, a federally funded research and development center sponsored by OSD, the Joint Staff, the Unified Combatant Commands, the Navy, the Marine Corps, the defense agencies, and the defense Intelligence Community under Contract W74V8H-06-C-0002. The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors. R ® is a registered trademark. © Copyright 2011 RAND Corporation Permission is given to duplicate this document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND documents to a non-RAND website is prohibited. RAND documents are protected under copyright law. For information on reprint and linking permissions, please visit the RAND permissions page (http://www.rand.org/publications/ permissions.html). Published 2011 by the RAND Corporation 1776 Main Street, P.O. Box 2138, Santa Monica, CA 90407-2138 1200 South Hayes Street, Arlington, VA 22202-5050 4570 Fifth Avenue, Suite 600, Pittsburgh, PA 15213-2665 RAND URL: http://www.rand.org To order RAND documents or to obtain additional information, contact Distribution Services: Telephone: (310) 451-7002; Fax: (310) 451-6915; Email: [email protected] Preface The report that a sophisticated cyberworm called Stuxnet had been planted on the comput- ers of an Iranian nuclear facility and had damaged processing equipment sent a tremor across many governments and industries. Although many computing technology experts had known that such an attack was theoretically possible and that less-capable versions had been demon- strated, Stuxnet served notice on the world that a threshold had been crossed. The event raised numerous questions about the ability of the U.S. government and commercial firms to defend their networks against assaults by worms, viruses, and other malware. This paper explores some of the issues raised by sophisticated yet virulent malware, including the nature of these threats, the vulnerabilities they exploit, and the characteristics that make defending against them so difficult, especially the knotty problems posed by orga- nizational and legal restrictions. It also provides a brief assessment of where U.S. defensive capabilities stand and what needs to be done to improve them. Although this paper considers cyberspace from a U.S. military perspective—that is, as a so-called “warfighting domain”— the considerations presented here translate easily to a broader view of cyberspace as a global commons. This research was conducted within the Acquisition and Technology Policy Center of the RAND National Defense Research Institute, a federally funded research and development center sponsored by the Office of the Secretary of Defense, the Joint Staff, the Unified Com- batant Commands, the Navy, the Marine Corps, the defense agencies, and the defense Intel- ligence Community. For more information on the Acquisition and Technology Policy Center, see http://www.rand.org/nsrd/ndri/centers/atp.html or contact the director (contact informa- tion is provided on the web page). Questions and comments about this research are welcome and may be directed to the lead author, Isaac Porche ([email protected]). iii Contents Preface ........................................................................................................... iii Figures and Tables .............................................................................................vii Summary ........................................................................................................ ix Acknowledgments ............................................................................................xiii Abbreviations ...................................................................................................xv A Cyberworm That Knows No Boundaries ................................................................ 1 The Difficulty of Defending Cyberspace ...................................................................... 2 How to Identify an Attack ...................................................................................... 5 What Was Needed to Carry Out the Attack ................................................................. 6 The Implications of Stuxnet and Similar Worms ............................................................ 7 Implications of the Success of Stuxnet ........................................................................ 8 What Is Needed to Defend Against Stuxnet and Similar Worms ......................................... 9 How Organizational Boundaries Hinder Efforts to Mount an Effective Defense ......................10 Intragovernmental Limitations ..............................................................................10 Intersectional Limitations ....................................................................................11 Conclusions ......................................................................................................12 The Threat of and Opportunity for Real Damage from Cyberspace Is Increasing ...................12 Not All Attacks Can Be Prevented .........................................................................13 The Best Defense Includes an Offense .....................................................................13 Current Organizational Boundaries Hinder Identification and Mitigation ...........................14 Recommendations ..............................................................................................15 Future Work .....................................................................................................16 APPENDIXES A. The Cyberspace Domain ................................................................................19 B. Worms ......................................................................................................21 C. Einstein Intrusion Detection and Protection .......................................................25 D. Federal Cyber Legislation .............................................................................. 27 Bibliography ....................................................................................................33 v Figures and Tables Figures A.1. Cyberspace Today ..................................................................................19 A.2. Cyberspace and Social Networking ............................................................ 20 B.1. Conficker Worm Progression .................................................................... 23 Tables 1. Selected Relevant U.S. Organizational Initiatives, Laws, and Reviews .....................11 2. Organizational Strengths and Weaknesses of Federal Agencies in Defending U.S. Cyberspace Infrastructure ..................................................................14 3. Examples of Proposed Legislation Regarding the Assignment of Federal Roles in Cyberspace ..........................................................................................16 D.1. Federal Cyber Legislation ........................................................................ 28 vii

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.