Consider this: Energy distribution in NSW relies on two central power sources, the Snowy Mountains Hydro-Electric Scheme and the coal-powered Hunter Valley Scheme. If some lunatic destroyed the former, the pressures on the latter would likely overwhelm the system. How well would your computers run without power?Or this: Destroy just three telephone exchanges (at Katherine NT, Woomera SA, and Ceduna SA) and you could sever all terrestrial communications between east and west Australia. Knock out the exchange at Camooweal QLD and you could cut the entire centre of the continent off from terrestrial communications with the outside world.
And this: Thanks to outsourcing, the domestic clearance system for Australian banks runs on a computer in Brussels overnight and the results are then transferred back to Australia. The settlement process gets performed between 8 and 8.45 in the morning, just 15 minutes before the opening of the business day. That means the Reserve Bank of Australia (RBA) has just 15 minutes to intervene in cases where a problem emerges.
Trillions of dollars in funds and securities are transferred daily, with the Reserve at the centre of a veritable frenzy of electronic financial interaction. Yet the RBA relies on a single central computing facility with just one backup, located on the outskirts of Sydney on a different telephone and power grid. Almost all the domestic banks and the Government have accounts on the computer at the RBA in downtown Sydney. Successfully attack this relatively fragile system, either from this end, the Brussels end or somewhere in between, and how long would the Australian banking system survive? And then having absorbed all that, take a moment to contemplate this: Had America's "Unabomber" terrorist been a computer science graduate instead of a mathematical whiz, he might easily have wreaked unimaginable havoc on government, commerce and society without blowing up a single thing.
So is Australia vulnerable to criminal or terrorist attack against its information infrastructure? Is the Pope a Catholic? Is the Millennium Bug a headache? You bet your sweet life.
Ask Dr Adam Cobb. He's just completed the first study on Australia's vulnerability to information attack ever to enter the public domain. His findings will be released in a soon-to-be-published book, Australia's Vulnerability to Information Attack: Towards a National Information Policy.
Cobb has served as an officer in the Royal Navy, as a staffer to a member of the US Congress, in the Australian Embassy in Washington DC and on the governing body of Cambridge University. He is currently Visiting Research Fellow, Strategic and Defence Studies Centre, Research School of Pacific and Asian Studies at the Australian National University. And he's a deeply worried man, because he knows just how vulnerable our National Information Infrastructure (NII) is to cyber-terrorism. He also knows that there's no provision for an information attack in any current government disaster plan.
Corporations spend billions each year protecting the confidentiality and integrity of their information. You and your team may excel in using data encryption and key management to protect your secrets and stop your data from being modified. You can create strong user identification and authentication; you put immense effort into ensuring backup and redundancy are in place and fully working; you put firewalls in place or air gap your systems to protect against intrusion. What you can't be expected to defend against is denial-of service-attacks, electromagnetic pulse bombs (EMP) or other deliberate criminal assaults against crucial infrastructure components.
Cobb knows that all the evidence suggests an information attack of a physical or electronic kind could seriously disrupt the telecommunications or energy distribution infrastructure if it were to be prolonged and took place simultaneously at a number of diverse critical nodes. "Even the most basic kind of attack, a denial-of-service attack, could seriously impair the ability of the system to cope with regular traffic," he says.
Moreover, he fears the continued and painful rationalisation of the economy and the associated social impact of the measures might be creating the perfect breeding-ground for a "Unabomber" of our own. After all, he points out, the One Nation Party (ONP) espouses ideas familiar to fascists around the world.
Could a member of an extremist or fundamentalist group get so angry that they might turn to terrorism either by themselves or as part of a small, disaffected group? Cobb very much fears so. In his book he offers up as a hypothetical example: an ONP fanatic, unemployed for the past 10 years and recently forced to hand in all his or her beloved guns under new legislation following the Port Arthur massacre. If such a person was then forced off the land because a bank foreclosed on a loan he or she couldn't repay because of drought, might that person not get frustrated and angry enough to seek vengeance using computers as their new weapon? Banks beware!Cobb's study proves that with adequate resources to fund acquisition of a computer and a modem, and a profound grudge against society, a Unabomber-type terrorist - highly educated, dedicated, motivated and ruthless - could indeed wreak all kinds of damage here in Australia.
"Certainly they would have a motive, could seek an opportunity, easily obtain a capability, whilst already possessing the willpower to act," Cobb says. "If they go undiscovered as the original Unabomber was able to do for so long, the potential implications for the society the terrorist loves to hate could be phenomenal. Such a terrorist would be capable of researching critical nodes (freely available in open sources) and misrepresenting themselves to gain access to codes and passwords (human engineering), thereby gaining access to vital systems used to run the society against which they hold a grudge.
"In the age of downsizing, job insecurity and government cuts to welfare as well as to a range of other services, Unabomber-type terrorism is likely to increase. This is especially so in open societies like Australia and the USA where more than ever before individuals have access to and knowledge of vital NII systems and the means to attack them. It would be all the worse if the proposed Unabomber-type terrorist also happened to be the systems manager of a critically important system."A team of such saboteurs could achieve incalculable damage, and if such an assault began tomorrow, there is precious little we could do about it. Cobb says that with the world looking on and the Year 2000 computer bug providing cover, even a single large-scale terrorist act could ruin the 2000 Olympic games and profoundly damage Australia's reputation.
"And it may not necessarily be an attack against Australia. It could be an attack on any of the other participants, and that has happened at other Olympics in the past. So that's a very serious threat, but while the Olympic committee have been looking at physical security for the Olympics, I am unaware of them looking at cyber security."Nor are terrorists the only threat. While Cobb rates the chances of an attack by other nation states in the region as relatively unlikely, if only in the short term, that still leaves the immense threat of criminal attack.
"Criminals and organised crime groups have been quick to seize the opportunity afforded by new communications technologies and their rapid spread throughout society," Cobb says. "Of the three areas of potential threat - crime is currently the most common area in which to find the active utilisation of information warfare techniques and strategies. In information warfare the techniques for attacking an air traffic control system are essentially the same as those used to attack a bank."Early in 1997 the Office of Strategic Crime Assessment (OSCA) conducted a study on computer crime and security, canvassing a number of Australia's top 500 companies and government. It showed that while in the past most attacks on systems had been by insiders, attacks from the outside are now on the increase.
And while there's a huge difference between defacing a home page and getting inside a critical system, and while a lot of organisations - like the Defence Department - have air-gapped their systems to protect against external intrusion, Cobb knows employees can have very extreme privileges within those systems. He knows that even though systems have been air-gapped, connections are sometimes established that the organisation is unaware of which leave the systems vulnerable to attack.
"I went to an Open Source conference at the Defence Force Academy and a number of people throughout the military hierarchy in this area commented that yes, they'd been attacked," Cobb says. "The key is that we are increasingly reliant on computer systems that are linked to other computer systems, and the linkage is the important thing.
"Now the Government has an interesting record in terms of information being stolen and I think intercept of electronic information in that respect, whether it's leaked by accident or on purpose, electronically leaked or physically leaked, is going to be a thing of the future for any organisation."Cobb's research shows that without adequate recovery plans and established information hierarchies in the event of an attack, even small-scale disruption of key systems could severely affect government, commerce or society.
"There is a lot of hysterical talk of 'electronic Pearl Harbours'. Attacks on the NII are not as easy as that to organise, but they are a lot easier than one might imagine. It all depends on the target and scale of attack envisaged. Mass attack on the NII where all core systems are totally shut down will not be possible without a very high level of planning, intelligence and highly-skilled personnel, only available to advanced states. The fact is that the incredible array of systems and their myriad interlinkages that comprise the NII provide a form of security in their very diversity. It would not be possible to completely disable these systems without detailed knowledge of their weaknesses and the location of critical nodes within and between them. Then only a well-timed and coordinated strike might have a total effect," he says.
"This does not mean that Australia is invulnerable. On the contrary, an attack on critical nodes could bring about a chain-reaction that could have devastating effects for society. The most likely attack would focus on disruption of one or a few key systems. Aside from physical attack, the next easiest form of attack would be denial-of-service attack. This does not require penetration of information systems (which requires password, systems, or source code cracking) but rather overloads key nodes from the outside. It's a form of data overload that overwhelms the system's capabilities to respond, thereby affecting its internal operations as well."Cobb says much current thinking on information warfare is predicated on the assumption that an attacker would seek to completely disable systems. That thinking is somewhat muddled.
"It's not necessary to do that. It's just necessary to create a significant amount of trouble within a certain critical system that degrades its operation.
The question is: Are there plans in place to then prioritise the remaining information that has to get through? For example, if there's a bushfire, we have disaster plans; each State has one and there is a Federal one. There is no contingency for information."Time to actBut the picture isn't entirely bleak. In fact, Cobb insists much can be done to lessen the vulnerability of the NII to attack if only someone - preferably the Government - is prepared to take the lead, and others - preferably the entire corporate community - will work with them. Thus the upshot of the paper is to call for development of a national information policy that integrates schemes for advancing Australia's commercial interests with provision of a comprehensive system of detection and protection from attack on our information infrastructure.
"To a certain extent, this ties in with some of the Goldsworthy recommendations in the sense that we should really maximise our economic potential through this media," Cobb says. "We should not sell off our government IT because to do so means flogging off the infrastructure of the 21st century for a song - infrastructure that is going to be as vital as roads, telegraph and railway have been for the last two centuries.
"[The outsourcing decision] is so incredibly short-sighted it's dumbfounding.
That's not even considering the security issues involved, which I think are relatively significant and as far as I can see have not been addressed adequately at all."According to Cobb, the OSCA survey showed corporations were willing to work with one another and with government on such issues, and he argues doing so will be absolutely critical for the future. To this end, he is calling for urgent action to establish such an information policy. "What I would like to see happen is a core kind of AUSCERT style backbone, where all of these organisations, corporate and government, come together to develop benchmarks for their systems and their operating structures," he says. "This core AUSCERT style grouping can monitor what's happening and then when breaches do occur, an anonymous report can go out to the rest of the operators.
He suggests that within the backbone a wide range of organisations should work together, initially developing benchmarks for their systems, operating structures and the rest, and defining what systems form the NII and how they operate when working effectively.
"Then they need to continually monitor the situation on an anonymous basis.
When breaches do occur, a company that has proprietary information that it doesn't want to get out to its competitors can report what actually happened.
If it is in any way sensitive, an anonymous report can go out to the rest of the operators announcing the kind of attack that has happened somewhere in the system, without necessarily specifying where, when, how or to whom."Cobb insists. such efforts needn't cost large amounts of money. Indeed, he says, while you could easily spend billions on the issue and still not achieve a reasonable level of protection, some of the most effective measures that could actually be taken are relatively inexpensive. He says while too many people are focusing on technological solutions as the only way forward, real dividends may well come from an investment in raising awareness of personal information security issues.
"I think training and awareness exercises will do a tremendous amount, to be really honest with you, and that's also the finding in the United States as well. The key problem is that in the past, the attacks have predominantly been from the inside, and the statistics from the United States and the UK show that that's the case. However the trend is changing to outside attacks. We should be getting together and working to minimise the threat, as a nation.
"And the nice thing about that is that it is within everyone's self-serving self-interest to do so, simply because of the diverse nature of the system," he says.
Dr Adam Cobb knows that there's no provision for an information attack in any current government disaster planIn DenialDenial-of-service attacks aren't usually at the top of an IS manager's list, but they're attacks that can damage a company's reputation. What makes denial of service so insidious is the way it exploits the basic network functions and turns them against users.
Like platform heels and bell-bottoms, denial-of-service attacks are an old idea that has come into vogue again. As with most hacking attacks, they really aren't new but rather old attacks in new packages. Although the techniques that are available are typically quite basic, it's still an area of concern, because several attacks are quick, simple, and all too effective.
For example, a relatively new denial-of-service attack is the so-called Ping o' Death. The attack uses the common PING utility. Normally, a PING command sends a string of data approximately 65K bytes long, which is broken down for transmission. The host receives this data and reassembles it. The Ping o' Death creates a PING with an illegal amount of data. Essentially, an oversize transmission is created, one that the host is not prepared to deal with. When the Ping o' Death is reassembled, it is too large for the buffer that the OS has created and overflows that buffer. This has unpredictable results for the server, ranging from temporary hangs to crashing the system.
The Ping o' Death can also attack other devices besides servers. Routers and printers have been shown to be vulnerable, and essentially any device that can respond to a normal PING would be vulnerable.
Ping o' Death doesn't mean the end o' the world. Most systems' PINGs require a hacker to write the source code, and many OSs - including AIX 3.4, Linux 2.3, HP-UX 9-10, Solaris (x86) 2.5, and The Santa Cruz Operation's OpenServer - have come out with patches for the server side, tweaking the buffer to handle oversize packets. The patches fix the OS's inability to handle oversize PINGs.
One excellent resource for tracking the problem is Mike Bremford's Ping o' Death Web page at http://prospect.epresence.com/ping/. -- Sean Dugan
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.