Thursday, March 7, 2013

If Kinetic and Cyber had a baby, what would ...


I just couldn't resist pointing out this article in Foreign Policy:

http://killerapps.foreignpolicy.com/posts/2013/03/06/dod_panel_recommends_special_bomber_armed_cyber_deterrent_force

The short version is that the Pentagon is talking about building a kinetic force dedicated to responding to cyber needs.  The most obvious mission would be to retaliate for cyber attacks against our infrastructure.

But I think the really interesting thing is that inevitably this force would also have an offensive mission.

This proposal is all about the bleeding of cyber into kinetic, and vice-versa.

Two more thoughts:

  1. A good reason for this force is to have kinetic assets which are off the cyber grid.  In other words, we would have "really" air-gaped assets which are part of an organization dedicated to surviving a cyber attack.  For most of the Pentagon right now, cyber is a buzz-word which either means career advancement, or pain-in-the-butt make work (to be dispatched with as quickly and with as little work as possible.)  I like the idea of an organization which deals with kinetic, but really "gets" cyber.
  2. Cyber has already crossed over into the kinetic "real world".  For example, it's very likely that Stuxnet required somebody on site to deploy it (via its USB attack vector.)  Another example, rumor has it that Israel hacked the Syrian air defense grid for their 2007 raid on suspected nuclear materials -          http://www.wired.com/dangerroom/2007/10/how-israel-spoo/


BTW, the Stuxnet example above points out that despite your best efforts, you can't guarantee the integrity of your air-gap.  A organization which really understand cyber and defense-in-depth would understand that.

Update:  Another example of the bleeding of kinetic and cyber is the tactic of "SWATing" somebody.  SWATing is the trick of social engineering a police SWAT team into making an armed response to some victim's location.  Right now, the state of the art is to spoof caller ID while making a 911 call designed to cause a highly intrusive response - typically the call will claim there's an armed hostage situation - inducing a SWAT team to respond to the victim's house.  The potential for physical  harm is obvious.  This attack is clearly kinetic, although it might be more precisely described as a proxy kinetic attack.

One of the leading security researchers/journalist, Brian Krebs, was just the victim of such an attack.  It's worth noting this kinetic attack was accompanied by a cyber DDOS against the site hosting his blog.   In general, I encourage folks to follow Krebs' blog, his work is excellent - but be especially sure to check out his description of this attack: https://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/