Computer-based attacks are being leveraged by miscreants to gain a global economic and informational advantage over others. This is the message presented by ScanSafe’s 2009 Annual Global Threat Report, which was released last week. Over the course of 2009, ScanSafe, which was acquired by Cisco in December, 2009, monitored customer web traffic and blocked malicious content through its cloud-based security service. The results of their analysis uncovered some interesting points, the most widely reported being that 80% of exploits in 2009 were based on malicious PDF files. But the subtexts from the report regarding targeted theft and criminal exploitation deserve a deeper look.
On February 2, Dennis Blair, the new Director of National Intelligence, gave testimony alongside the heads of the CIA, FBI and Defense Intelligence Agency, to warn Congress that malicious cyberactivity is occurring on an unprecedented scale with extraordinary sophistication. With the ever-present threat of an attack on telecommunications and other networks, the U.S. government – and nations around the globe – must increase focus on cybersecurity and take certain action to ensure the safety and security of each nation’s infrastructure and its way of life.
The responsibility to protect a nation frequently requires private sector companies to do their part, and we at Cisco know this very well. I’m pleased to announce that Melissa Hathaway will serve as a senior security adviser for Cisco. Melissa is the former acting Senior Director for Cyberspace within the National Security Council for President Barack Obama’s administration. She is currently working in association with Harvard Kennedy School’s Belfer Center for Science and International Affairs as a senior adviser to its cyber security initiative, Project Minerva, a joint effort between the Department of Defense, Massachusetts Institute of Technology, and Harvard University. Melissa brings a wealth of knowledge and expertise to Cisco from her years of work in cybersecurity.
Sometimes there is a perceived need to perfectly fix a problem, and that need can be the enemy of incremental steps that can reduce a problem to an acceptable level. Let me illustrate this by making one of those physical-to-virtual analogies that never really seem to translate very well:
Saving the whales is a difficult task that we will probably never completely finish. We won’t turn the entire planet into a playground for whales, nor do we need to. But if we take steps to regulate the hunting of whales and to protect their food and environment, that may be all that is both possible and needed.
Similarly, we won’t ever completely stop online crime. Consider how that impacts the current view of IPS and signature-based detection methods. These methods often develop a bad reputation because they can be poorly implemented and evaded, and they don’t always detect or prevent all criminal activities.
We parted ways last time with a discussion of polymorphism that left you tantalized and on the heels of a malware revolution…
From the Greek meta meaning about or self.
From the Greek morphe meaning shape or form.
In 1998, a virus was found in the wild that was able to conceal itself in a different way. Called the Win95/Regswap virus, it was notable because it didn’t use polymorphic decryptors to thwart detection as it evolved. It would actually switch CPU registers from generation to generation (but otherwise retain the same codebase). This would prevent conventional pattern matching from working, but the technique of wildcard pattern matching, which would soon be implemented, would later catch up and nab this guy. This technique of register swapping was a basic form of metamorphism, and it was going to set the stage for an epic battle in the growing malware arms race.
Metamorphism, which can be thought of as “body-polymorphism,” was a major leap forward. Quite simply, the malware is able to reprogram itself as it evolves across generations. This was a quantum leap in viral programing, as the code is effectively becoming pseudo-self-aware, able to parse and mutate its own body as it spreads.
Reflections on 2009
Just over a year ago, I was invited to join ongoing discussions with retired Lt. General Harry Raduege, Scott Charney and Representatives Langevin and McCaul and other industry, academia, and government representatives, and engaged in an impassioned debate. The topic? Cybersecurity strategy and direction for the next President. How would we advise the incoming President about protecting and securing our country’s information systems?
Formulated within the Center for Strategic and International Studies (CSIS), we discussed the evolving online threats, how our current approaches and technologies stack up against these threats, and how these factors – and others – impact the online world in ways that affect U.S. critical infrastructure and our way of life. In late December 2008, we completed and delivered the Securing Cyberspace for the 44th Presidency report, which outlined our recommendations.
When President Barack Obama came into office, he appointed Melissa Hathaway – who chaired a multiagency group called the “National Cyber Study Group” that was instrumental in developing the Comprehensive National Cyber Security Initiative to direct U.S. Federal cybersecurity efforts – leading to a comprehensive “60-Day Review” of the U.S. cybersecurity infrastructure. The ensuing Cyberspace Policy Review published in May 2009 by the Obama administration includes key findings and recommendations from the 60-Day Review. This report examines important cybersecurity challenges and sets the focus and path toward increasing the security of government, critical infrastructure and consumer systems, both domestically and globally.
Fast-forward to this past December 22. President Obama’s appointment of Howard Schmidt as U.S. Cybersecurity Coordinator should regenerate the momentum needed for the U.S. – and the world – to protect national and economic interests online. Mr. Schmidt is faced with the arduous task of reinvigorating and building upon the significant efforts to date, forging new relationships while expanding upon collaborations already underway between the private and public sectors, and international leaders.