CS 462 – CYBERCOM and the NSA

epres010

Read the article What Would a CYBERCOM-NSA Split Mean?: https://www.fifthdomain.com/home/2016/10/10/what-would-a-cybercom-nsa-split-mean

This article was published in 2016. Research on this topic and find out whether there was a split between them. Were there any consequences? Also provide any interesting articles that support your findings.

According to my research, the dual-hat agreement has existed between USCYBERCOM and the NSA ever since CYBERCOM’s inception in 2010. The arrangement itself is about one person leading both organizations and while it was initially for saving costs and was a temporary solution, it has remained in place ever since. However, even with the conversation of a split in 2016, as of September of 2023, the organizations haven’t split. While Congress gave them metrics in 2016 to work toward a split, there are multiple reasons why rushing it isn’t as beneficial. According to Senator Mike Rounds, a split or a lack of the arrangement would “have two separate bureaucracies who would clash on a daily basis about the use of the tools, about the coordination of efforts, about the protection of their own silos.” Furthermore, splitting both organizations would result in more costs, slower decision-making, and lots of time being invested into restructuring the organizations to work separately and train people for that leadership position. The organizations have also helped with their complementary goals, quicker decision-making to prevent cyber-attacks, and have even maintained efficient security with elections and partner nations. But, even with the amount of work done with the dual-hat arrangement, the plan for CYBERCOM is to split from the NSA eventually, but it will most likely be a long time before that happens.

https://securityintelligence.com/articles/why-keep-cybercom-and-nsas-dual-hat-arrangement/

https://fedscoop.com/cyber-command-and-nsa-still-working-to-meet-measures-necessary-to-split/

CS 462 – “The Humanity Behind Cybersecurity Attacks”

epres010

Watch this video on “The Humanity behind Cybersecurity Attacks”: https://www.ted.com/talks/mark_burnette_the_humanity_behind_cybersecurity_attacks

The speaker talks about how he was a kicker for his school football team. He talks about various factors that might affect his kicking and making that score. The same analogy goes to the cybersecurity professionals defending against attackers. These professionals do not always have the perfect conditions to defend against attacks. Provide your opinions on this statement, and ways in which the “Humans Behind cybersecurity” (both attackers and defenders) get around each other.

I agree with the speaker’s point about imperfect conditions for defending against attacks and the human factor. As people, our curiosity, trust, and generally uninformed mindset about cybersecurity create difficult conditions for information to be secure.

For attackers, they have favorable conditions that already circumvent their humanity by recognizing those flaws and then taking advantage of others. Examples mentioned by the speaker, such as scams and social engineering, are meant to take advantage of the curiosity, trust, and uninformed nature of people. However, due to defenders learning about their tactics, attackers need to constantly change their approach to getting in, but this adaptation is how attackers get around defenders.

Conversely, defenders can recognize those same flaws, but they have imperfect conditions to work with. Whether it’s uninformed employees or even mistakes by the security department, the vulnerabilities that people create will always exist and can therefore be exploited by attackers. However, strategies like penetration testing, basic security training, and strong policies can mitigate the risk of the human factor and be the defender’s approach to getting around attackers.

CS 462 – Internet of Things Technology

epres010

In this modern era, IOT or Internet of Things is gaining popularity. However, the question is, are they secure? Or vulnerable? Watch this video on “Internet of Things Security” and give your opinions on the question above: https://www.ted.com/talks/ken_munro_internet_of_things_securityLinks to an external site.

The speaker puts forward an example of how he unlocked a smart padlock using the Bluetooth feature of a smartphone. Do some research and provide another example of how an IOT device had been compromised using a vulnerability.

While there are many benefits to using IoT devices such as convenience, connectivity, and improvements in different industries, they lean much more on the side of vulnerability than security. This can come from those benefits of convenience being a sacrifice for security, and connectivity creating more access to other systems that can have dangerous results. Another reason for vulnerability is due to the sheer amount of different IoT devices and how there are differing levels of security depending on the manufacturer, meaning that not only is the inconsistency an issue but the number of vulnerabilities to account for only grows in number depending on how many devices there are. Finally, a big concern for IoT devices is the potential dangers they present due to their lack of security. For example, in 2015, a Jeep was remotely hacked on the highway, which involved exploiting the OMAP chip’s code in the infotainment head unit of the car. Specified firmware was also developed to allow complete control of the car. While this was a research project, this kind of vulnerability has the potential to affect millions of cars, and result in many injuries or deaths.

https://fractionalciso.com/the-groundbreaking-2015-jeep-hack-changed-automotive-cybersecurity/

CS 462 – Stuxnet Discussion

epres010

The learning material briefly explained about “Stuxnet”. The video below gives an overview of the attack. Watch it and connect it with the topics you learnt this week. https://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyber_weapon/transcript?language=en#t-298947\

Also provide your views on why Stuxnet is actually complicated and any other interesting articles you found online.

Stuxnet has several connections to the topics from this week. It’s biggest connection to the topics from this week is that of physical and personnel vulnerabilities. As Ralph Langner mentioned, the worm managed to get in via a USB stick being taken in. This method of attack relies not only on someone taking in the infected USB stick but also on being unaware of the dangers of bringing random technology into an organization.  Another connection comes from its multiple zero-day vulnerabilities, which therefore accounts for multiple exploits in the system. However, having multiple zero-day attacks is only one part of Stuxnet’s complexity. I see Stuxnet as complicated in its functionality when and when not interacting with its target. Ralph noted that when Stuxnet was being experimented on in labs, it “sniffed, but didn’t want to eat.” It was a worm that was able to only spread under certain conditions. However, when it had those conditions, it not only was able to spin the centrifuges and change valves at the same time, but it was also able to feed operators false input data along the actual code. This kind of functionality is why I believe that Stuxnet is a complex worm. For additional information, I found an article that details how it quickly spread throughout the facility in two waves and used vulnerabilities to move but stay hidden.

https://control.com/textbook/instrumentation-cyber-security/stuxnet/

CS 462 – Encryption Discussion

epres010

Watch this video titled “Can we make Encryption that’s Unbreakable?” https://www.ted.com/talks/john_prisco_can_we_make_encryption_that_s_unbreakable

The speaker shows a diagram at (2:09) of the records stolen since 2013 from the many famous companies around the world. What are your thoughts about it and the general idea of making encryption “Foolproof”? Share some other articles you searched online that gives any detailed information on the many attacks on those companies.

After seeing the graphic in the TEDx talk, I was taken aback not only at the scale of these attacks but also by the fact that this has been a decade-long issue for businesses. Data breaches that result in hundreds of millions of accounts being compromised come from practices like a lack of encryption or little to no layers of protection for data. However, while the idea of encryption being “foolproof” is optimistic, it’s not a realistic goal. It isn’t realistic due to challenges like cybercriminals eventually learning exploits, quantum computing cracking the keys in minutes, and any security feature having foundational vulnerabilities.

An example of a company having foundational vulnerabilities is Yahoo. The company had a data breach in 2013 that compromised 3 billion accounts. The group of attackers got in by exploiting poor cookies to impersonate anyone they wanted and steal all of the data. This attack resulted in a cost of $4.48 billion for Verizon when buying Yahoo.

https://bpbonline.medium.com/yahoo-data-breach-what-actually-happened-54cf8f3f7c93

CS 462 – The Five Laws of Cybersecurity

epres010

Watch this TED talk: https://www.ted.com/talks/nick_espinosa_the_five_laws_of_cybersecurity?language=en

The presenter talks about his own 5 laws of cybersecurity. Do you agree with them all? Do you propose any changes you would like to bring in?

I feel that the presenter’s cybersecurity laws provide a good foundation for helping people to have a foundation of cybersecurity and how it connects with their everyday online lives. Understanding that all technology has vulnerabilities that can and will be exploited, tackling the concept of trust on the Internet, and knowing that there is always an opportunity for hacking with each new piece of technology are all valuable for the everyday person to know while using the Internet. However, while the presenter felt that Law 5 of referring back to Law 1 wasn’t a copout, I feel that it was, despite how it’s a reinforcement of acknowledging the existence of vulnerabilities. The change I would make is always to stay up-to-date with cybersecurity. This change applies to reading security news, patching devices to keep them protected, and informing others about cybersecurity so that they can stay knowledgeable as well. It’s a law that offers a bit more guidance rather than just going back to another one.

CS 462 – Vehicle Security

epres010

Pick one of the following three articles about attacks on vehicle security:

Answer both of the following questions:

  • What are the implications of vehicle hacking for autonomous vehicles? Today’s vehicles have complex computer code and autonomous vehicles will have even more complex code. Do you think we will ever have widespread use of safe autonomous vehicles? Why or why not?
  • One of the suggestions to improve vehicle security is for car manufacturers to release their code open source to allow for public scrutiny. Do you think this would help improve vehicle security? Why or why not? 

There are several implications for autonomous vehicles (AV) being hacked. First, as cars become more and more integrated with technology that connects to the Internet, it creates more holes that need to be patched to remain secure. Second, the over-the-air electronic communication capability of AV is a large risk due to the potential reach it can give hackers if compromised. Finally, electronic communications like vehicle-to-vehicle (V2V) and vehicle-to-everything (V2X) will also be vulnerabilities that need to be addressed due to potential exploitation by hackers.

With the number of potential exploits that AV has, I don’t think that AV will be completely safe for widespread use. Still, by the time that reality happens, the hope is that a majority of these features are mostly if not completely addressed and patched. There may still be security incidents and regular accidents in the infancy of AV but I do think over time, it will improve immensely.

Furthermore, the notion of making the manufacturing code open source will have both positives and negatives. The positive of open-source code is providing opportunities to constantly improve security flaws via a large community experimenting with it. On the other hand, it also provides malicious hackers with a blueprint for improving hacking tools to infect more cars. However, the feedback from people, security experts, and other coding professionals could make sizeable improvements in vehicle security despite the potential risk of hackers.

“Serious Concerns That AI Self-Driving Cars Cybersecurity Will Be A Hacker Leak Like An Open Sieve”, Forbes, August 25, 2021, https://www.forbes.com/sites/lanceeliot/2021/08/25/serious-concerns-that-ai-self-driving-cars-cybersecurity-will-be-a-hacker-leak-like-an-open-sieve/?sh=5930e4c7477f

CS 462 – “Plan B” TED Talk

epres010

Watch this video, This was a TED talk by Danny Hills. The topic was “The internet could crash. We need a Plan B.” According to him, “From each according to their ability to each according to their need” was the concept about IP in the olden days. Discuss how it has changed in the present, preferably giving examples like he has talked about (Router bug causing flight to ground). Also feel free to comment on the favorite parts from the video.

Internet Protocol (IP) and the Internet as a whole have gone through many changes in the past few decades. An example was In Danny Hillis’ TED Talk when he showed a book that had the information of the 20 people who were on the Internet in 1982. It was a means of small communication for sending and receiving messages. Over the years, it continued to grow in scale, hosting many applications and websites, having protocols that were developed for more messaging capabilities, and having security protocols developed for holding the structure together. However, as the Internet has grown, it’s still fragile in overall protection. This is proven in the video with events like Stuxnet and the Mississippi planes where despite the assumption being that nuclear facilities and planes don’t rely on the Internet, they were still large events that occurred due to a small connection to the Internet. This is why I like Hillis’ point of a Plan B for the Internet in the case of a cybercriminal or mistake taking out the entire system, affecting most forms of infrastructure.

Also, my favorite part of the video was when he brought up how things like planes and pumping gas seem to not be using the Internet but are starting to. As the Internet of Things (IoT) industry continues to grow in what can be connected to the Internet, there needs to be more focus on how to protect not only the individual systems of these devices themselves but also the Internet itself which IoT devices are connected to.

CS 462 – Protocol Analysis

epres010

We have learnt a few protocols in this module like HTTP, FTP, SMTP. Search for any other well-known protocols and answer the following:

  1. Full form
  2. Port number
  3. What it does / Functionality
  4. Any interesting news articles about them, like a security breach or vulnerabilities
  1. Full Form – Internet Group Management Protocol (IGMP)
  2. Port Number – 465 (UDP)
  3. Functionality – IGMP is a protocol that allows for communication and establishes multicast groups. Multicast allows for groups of users to receive requested data at the same time on an IP network. The protocol is connectionless, so it’s used for situations that require fast responses. IGMP focuses on maintaining communication and quick data responses in groups, as well as managing data going to where it needs to.
  4. Interesting News – This post by the CQR Company goes in depth with not only the vulnerabilities of IGMP but also mitigation strategies for improving the protocol. Some of the vulnerabilities are IGMP flooding, spoofing, the multiple versions of IGMP, and a lack of encryption. A few of the mitigation strategies for IGMP are enabling snooping, firewalls, multicast rate limiting, and using the newest version of IGMP which is version 3 or IGMPv3. The article by Cloudflare also provides useful general information on IGMP and multicast.

https://cqr.company/wiki/protocols/internet-group-management-protocol/

https://www.cloudflare.com/learning/network-layer/what-is-igmp/

CYSE 201S – Journal Entry 15

epres010

Watch this video and think about how the career of digital forensics investigators relate to the social sciences. Write a journal entry describing what you think about the speaker’s pathway to his career.

Digital Forensics | Davin Teo | TEDxHongKongSalon – YouTube

I feel that the speaker’s pathway to becoming a digital forensics investigator was very logical in its steps. His first career was in the social science of economics, and he grew up with a technological background that flowed easily into the cybersecurity workforce. The field of digital forensics involves sociology and psychology with how interactions work with clients. Analyzing computer information can derive not only data but also how the people in question act when using computers and devices. Overall, the career path of a digital forensics investigator worked out well for the speaker because he was already analyzing data and numbers before he took the opportunity that would change his life.