Oct. 26, 2010

LLNL hosts cyber security workshop

Options for beefing up security on the Internet and whether it is politically feasible or desirable to create an international regime to manage cyber security threats were explored at a recent all-day workshop at LLNL.

The event, called the International Cooperation on Cyber Security Workshop, attracted about 30 researchers and experts from government, academia and Internet companies. It included retired four-star U.S. Gen. Wesley Clark, who now serves as the CEO of his own strategic consulting firm, and the director of the U.S. State Department's Office of Cyber Policy.

Celeste Matarazzo, who directs a Lab cyber security situational awareness effort known as the Supercomputing-Enabled Transformational Analytic Capabilities effort, described the workshop as "fascinating."

"I was unaware of how much work had been done toward international cooperation," Matarazzo said. "Having conducted cyber security R&D from the technical side, I wasn't aware of some of the treaties and agreements that had been reached."

One treaty discussed at the workshop was the Convention on Cybercrime, or the Budapest treaty, the first international agreement seeking to address computer crime and Internet crimes by harmonizing national laws and improving investigations.

Among the lead presenters was Stefan Savage, a computer science professor at U.C. San Diego, who has extensively studied the market for Internet crimes, such as hacking, compromising host systems and money laundering.

"This (Internet) ecosystem is huge...and defending is really tough because we tend to have some fundamental asymmetries around the way the game is set up," Savage said.

"For example, our malware defenses are always behind because any good malware author only releases their work after verifying that it can't be detected by existing anti-malware products. Therefore, by definition, new malware can't be detected when it is first released."

Moreover, Savage explained that since we don't know how to measure defenses, computer users can't judge how much security one solution provides versus another.

During 2004-05, profit-driven applications of Internet crime started to emerge through the use of spam e-mail and the effectiveness of measures blocking these e-mails.

"As we became more effective in blocking spam e-mail, it drove them to create a partnership between those wanting to send e-mail and those writing malware for fun, effectively to launder the origin of the e-mail. And this virtually created an economic cycle, where one didn't exist before," Savage said.

In Internet crime, the price for compromising a person's hotmail account is $100, while 1,000 compromised hosts can be purchased for $6-$8 in China or about $180 in the United States, Savage said. "It is very easy to contract for services to take out a person's computer or g-mail account."

"The bad guys can measure how well they're doing by dollars received. They have this wonderful, positive economic cycle that causes them to get better while we don't."

With digitization and large-scale capabilities, it is possible to take over control of hundreds of thousands to millions of computers, Savage told his fellow workshop participants.

Savage also said that while today's attacks are typically focused on general purpose computers, the same threats exist for embedded systems as well.

Digital systems in the latest cars have 30 to 50 computers. They control everything except for the steering wheel and emergency brake, which are the last mechanical components in some cars. Some of Savage's U.C. San Diego graduate students have conducted experiments to show that car control systems can be compromised.

Another lead presenter was Parney Albright, the Lab's principal associate director for Global Security.

Albright identified three key threats for the Internet -- data integrity, network access and the integrity of the aging control systems.

"Several years ago, people were most concerned about data theft, people taking sensitive but unclassified data from government computers. One of the questions we should be asking is: Are we protecting the data or the computer?"

In large part, the Bush Administration and now the Obama Administration have had a program - the Comprehensive National Cybersecurity Initiative (CNCI) -- aimed at protecting such sensitive but unclassified information on government computers.

The second issue cited by Albright was the issue of denial of service -- can the networks be used when they're needed?

"I think the Department of Defense has taken a sober and proper view of this issue. Their view is much like the notion of sea power. They think in terms of assured access to the networks. They don't think in terms of defending the networks any more than anyone thinks in terms of defending the seas."

LLNL sponsored the all-day workshop and it was co-hosted by the UCLA Burkle Center for International Relations, the U.C. Institute on Global Conflict and Cooperation, and the U.C. San Diego School of International Relations and Pacific Studies.

Participants in the event agreed that follow-on work will continue through smaller groups that will be developed and proposed for sponsorship.

"For LLNL, we will continue to use workshops and conferences to increase our understanding of the complex policy and legal issues surrounding cyber security, while at the same time bringing our technical expertise to the table for the benefit of our policy and law colleagues," said Wes Spain, the Lab's program director for Intelligence and one of the workshop's organizers.