BuzzNet Tags:
Worms,
Viruses,
ASN.1,
Critical Infrastructure,
Energy,
Telecommunications,
IT Security,
Cyber-Warfare,
Legislation,
Id Theft,
Interoperability,
Financial Markets,
DDoS,
Zombies While most of the uses of viruses and worms are typically malicious or at least inconvenient in today's environment, this will change over time. Worm technologies are currently being viewed as a potential method to distribute critical security patches to systems on networks. Viruses can be used to distribute applications on some modern operating systems. Some countries have introduced legislation to outlaw all use of viruses and worms in all forms. This is a short-sighted and a simplex application of laws to a complex issue as the same technologies are being looked at, very seriously, for use in good - not evil.
With the conditions for development of viruses and worms remaining as-is, I expect the following situations to develop in the near future:
-
Infestations of "invisible" infrastructures. Most of us don't think about the software inside a cell phone, automotive electronic system, DVD player, radio frequency ID tag systems, parking lot gate attendant systems, toll booths, wireless luggage bag-to-passenger matching systems, point of sale terminals, automatic door openers, letter sorters, printing presses and many others. As these technologies become more sophisticated, so do their connectivity methods and operating environments. Companies that produce such products migrate towards general-use commercial off-the-shelf (COTS) technologies, which allow greater opportunities for attack.
-
Worm, virus and hybrid attacks against communications infrastructures due to lack of security controls in base networking protocols and "building block" protocols such as Abstract Syntax Notation.1 (ASN.1). Much of the communications infrastructure of the world is built on protocol security concepts developed in the 1970's which do not translate well into today's technical security needs.
-
Use of viruses and worms by terrorist organizations as a way to deteriorate, disrupt and disable economic and social support systems in use by countries dedicated to anti-terrorist efforts. As horrible and malicious as the various physical attacks have been by terrorists against the United States, those effects are minimal compared to a debilitating attack by a worm against our financial, transport or utility infrastructures.
-
Accelerated sponsorship by hostile nation-states where the use of cyber attack is a rapid method of furthering a country's political and economic goals (cyber warfare and information operations methodologies).
-
Worms/viruses that "jump" between operating environments and applications. Some have shown this capability already and it's a rapidly growing trend.
While there are many disturbing trends in virus and worm development, there are certain issues which experts are particularly concerned about:
1. Companies that provide critical services, such as utilities, transport and petrochemical entities are interconnecting historically isolated networks with Internet facilities. This results in such networks being attacked and infested with viruses and worms that cause the networks to become disabled and this can critically affect infrastructure.
2. Home consumer PCs are being increasingly targeted by viruses, worms and hybrids harnessed for use as part of world-wide malicious "chains" of attack systems (known as Zombies) to effect Distributed Denial of Service (DDoS) and worm attacks against Internet connected entities
3. Research and development into new security encoding and methods in base network protocols needs to be accelerated to help offset the continued development of malicious code used to attack infrastructure
4. Lack of law enforcement actions, globally, in the prosecution and arrest of virus and worm developers. An extremely low number of persons involved in the development and distribution of malicious code are ever identified or prosecuted due to a lack of technical tools, skills and personnel in most law enforcement organizations.
5. Inclusion of basic system and application protection methodologies by developers of same. Basic technologies such as polymorphic checksums and cryptographic signature methods are well known and available. Such technologies could be used by all manner of developers to stop infestations and propagation of these malicious code segments.
6. Lack of senior corporate management to act properly, responsibly, rationally and quickly in the deployment of security technologies to prevent infestations and propagation of malicious code. Too many companies still do not invest in the basics.
7. Acknowledgement that viruses and worms are truly a multinational problem. While leadership by technologically advanced countries is crucial, introduction of viruses and worms into network infrastructure is easily done by the "weakest link" in connectivity - a small country with no laws on cyber-crime, no assets to protect, and no national will or means to prosecute perpetrators becomes the entry point for the world to be attacked. Remember that access to a small country's infrastructure does not require a physical presence - even a dial-up connection from anywhere on the planet will do just fine.
The "cure" for infestations is a long way off and will require partnership with industry and government to solve. Base research in network security improvements, deployment of security technologies, legislative efforts to prevent criminal use of worms and viruses, improvement in operating systems to stop infestations, application-level security technologies, law enforcement prosecution of cyber criminals involved in the creation and distribution of virus and worm technologies, improvement in base critical infrastructure and education and training through all levels of corporations, government and society will need to be combined to come up with effective eradication solutions.
Perhaps the most ironic aspect of viruses and worms is not just the cost to repair or prevent infestation - it's not like biological, chemical or nuclear terrorism where thousands or millions of dollars are required to make such an attack happen. It's just the entry cost necessary to create and distribute worms and viruses:
A PC with an Internet connection.
Copyright © 2008 - Kevin M Nixon. All Rights Reserved. This document may be reprinted in part or whole with appropriate citation.