Gene Spafford, recent inductee to the Cybersecurity Hall of Fame, has said that the best way to secure a computer server is to disconnect every wire leading to it and cast it into a block of concrete stored in a lead room surrounded by armed guards. While perfectly safe, this technique also renders the server perfectly useless.
In today’s information technology landscape, the real power of computing comes via networking. The connections between people, computers, and information are the real magic in the machines. “The Network Effect,” first posited in the early 1900s when the implications of widespread telephone service became apparent, describes the increasing value that networks deliver as more and more people use them.
With value comes vulnerability, and as the lines of communication become more important to users, they become a focal point of attack for hackers. The dramatic rise of Denial of Service (DoS) attacks cutting communication links is one illustration of this; according to a March 2016 article on Tripwire, a security-industry website, the fourth quarter of 2015 saw the highest incidences of distributed DoS (DDoS) attacks since records have been kept. Further, the attacks struck out at every industry and occurred on a larger scale than ever.
Hackers aren’t only interested in disrupting communications, however; they often gain more value from intercepting them. A 2010 presentation at the annual Defcon security conference in Las Vegas came with demonstrations of cellular radio interception that disabled signal encryption and was transparent to the user, allowing voice and data eavesdropping. And Engadget reported in June 2016 that hackers were able to use social engineering to redirect text messages to arbitrary phone numbers, allowing them to defeat a number of two-factor authentication schemes.
And a microcosm of the threat to the country exists in almost every business, every department, and every agency, making communications a critical domain in the world of cybersecurity.
Many Methods of Communication Mean Many Different Headaches for Cybersecurity Professionals
All the different mechanisms that allow electronic communication between people and devices have been a boon to business productivity and personal interaction. There are more ways than ever for devices to communicate today:
- Fiber optics
- Digital cable
- Digital subscriber lines (DSL)
Each of these communications mediums has its own strengths and vulnerabilities; securing against attacks from each of these angles is the job of network security engineers.
Network Cabling is the Silver Thread of the Internet
No matter how abstracted network traffic becomes, at some point it is going to travel on a physical layer of cabling, which is susceptible to physical incursions that no software can defend against.
Physical cables, as illustrated in the Metcalf incident, are particularly vulnerable to damage. But the logical network architecture can also invite compromise if built out thoughtlessly. Network security engineers and architects are responsible for designing and building networks that are segmented so as to deflect attacks yet allow consistent monitoring and a smooth flow of legitimate traffic.
Although the most common way to tap into network traffic is to do so via software, it is not unheard of for hackers to physically compromise a local area network (LAN) to install packet sniffers. The increasing prevalence of switched networks in corporate installations has reduced the efficacy of this attack, but with so many still-connected, but unused (thanks to the penetration and ease of use of WLANs) LAN ports dotting offices across the country, this gambit has gotten easier and easier to attempt.
Network security engineers have responded by enabling and disabling ports based on approved installations, and segmenting off untrusted ports into a DMZ (Demilitarized Zone) with limited access to secure servers.
Secrets Are in The Air With Wireless Networks
The 2010 Defcon presentation illustrating the ease of compromising cell phone signals was only the most recent of a series of major vulnerabilities in various wireless communications schemes. Wifi, short of wireless fidelity, has been the default linkage for laptops and portable devices since 2000. But as originally deployed, Wifi incorporated almost no security features. The original encryption scheme, Wired Equivalence Privacy (WEP) was an awful misnomer. Despite utilizing the otherwise robust RC4 stream cipher scheme, the implementation was vulnerable to at least four different types of attack which could crack it in less than a day.
Subsequent revisions to the scheme increased the difficulty moderately, but since most wireless access points (WAP) devices shipped for many years with no security whatsoever enabled by default, wifi continued to be a weak spot in many communications networks. Where convenience dictates WLAN (Wifi LAN) but IT departments tarry, savvy users have been known to plug in consumer WAPs to network ports, instantly exposing the LAN to the world.
In addition to educating staff about the dangers of insecure wireless networks, security engineers run periodic scans to detect open networks within their offices. Going by signal strength or judicious disabling of physical network ports, unauthorized access points can be located and disabled.
Cyberterrorism Leaves the Virtual Realm: An All Out Attack on Communications Infrastructure
While identity theft and credit card fraud occupy the minds of many American consumers concerned with computer crime, cybersecurity professionals find there are even more sinister crimes that keep them up at night.
It was in the early morning hours of April 2013 that the most worrisome attack ever recorded on American communications infrastructure occurred at a quiet power substation on the outskirts of San Jose, California.
An unknown number of still unidentified attackers launched a coordinated assault on a set of fiber optic telecommunications vaults and an electrical power substation in the town of Metcalf. Intentionally fraying the cables to make them difficult to repair, the attackers then shot up the transformers at the substation with assault rifles, leaving no fingerprints on the shell casings, and fading silently away only minutes before the first responding sheriff’s deputies arrived.
To cybersecurity professionals, the incident painted a troubling picture of what terrorists could accomplish if they decided to directly attack the nation’s communications infrastructure. Although both power and telecommunications providers quickly routed around the damage, the method of destruction and specialized nature of the equipment that was left ruined meant that fully restoring the substation would take months.
In a scenario with only two or three other attacks occurring simultaneously, it would be possible to imagine Silicon Valley, the center of the country’s technology industry, being put completely out of commission, billions of dollars being lost, millions of lives being affected, and the economic stability of the region being jeopardized.
In the wake of this early morning attack, the communications industry was unsettled by fact that chokepoints in the national communications infrastructure mean that almost any region of the country is vulnerable to a similar disaster.
Yet the incident remains unknown to most Americans.
Within the cybersecurity field, though, the threat is real and significant enough that the Department of Homeland Security has set up a separate office devoted to securing critical national communications infrastructure.