[LINK] Attacks on crucial systems
stephen at melbpc.org.au
stephen at melbpc.org.au
Tue May 1 05:02:38 AEST 2012
'Bullet time' to stop cyber attacks on power grids 30/4/2012 Paul Marks
IN THE MATRIX, the famous "bullet time" effect showed how Keanu Reeves's
character Neo was able to sway out of the path of incoming bullets, as
time appeared to slow.
Now the film has inspired engineers to develop a way to cope with cyber
attacks on crucial infrastructure, such as electricity grids, water
utilities and banking networks.
The idea, from security engineers at the University of Tulsa in Oklahoma,
is to slow down internet traffic, including malicious data, to give
networks time to deal with attacks.
To do this, when a cyber attack has been sensed, an algorithm sends hyper-
speed signals accelerating ahead of the malicious data packets to
mobilise defences.
"Slowing the malicious traffic by just a few milliseconds will let the
hyper-speed commands activate sophisticated network-defence mechanisms,"
says Sujeet Shenoi at Tulsa.
Such measures are needed because cybercriminals increasingly seem to
target crucial industrial infrastructure.
In 2010, for example, the Stuxnet worm infected Iran's nuclear programme.
It was shown to be not so much a typical computer virus as a
multifunctional weapon that can be reprogrammed to target any crucial
industry. As industrial systems generally go for many years without
software upgrades or password changes, they can often be vulnerable to
such attacks.
Hyper-solution
Hyper-speed signalling could help, says Shenoi, although it would not be
cheap to convert an existing network into one that can run the Tulsa
team's algorithm.
The reason? First, a data pathway has to be reserved for the use of hyper-
speed command-and-control signals during an attack and that could be
seen as an expensive waste of capacity. And, when an attack is sensed by
a scanning firewall-like sensor and the tainted data traffic is slowed
down, more buffers and storage will be needed to cache the slowed data
packets now swilling around on the network, otherwise crucial data could
be lost.
Finally, new defence mechanisms need to be programmed into the network's
routers, including the ability to inspect, tag and track suspicious
packets, quarantine the risky ones and protect targeted devices on the
network (like power grid relays, pump controllers or even hole-in-the-
wall cash machines).
But hyper-speed signalling is only as good as its threat sensors. The
system might sense malware program code disguised as text files, say, but
only if it has prior knowledge of the virus or worm signatures. That
opens the door to variants it has never seen before potentially
allowing a Stuxnet-style attack to be initiated.
One way around this, says Shenoi, is to keep the network in hyper-speed
mode at all times during, say, a period of international tension when
cyber attacks could be launched in an initial bout of sabre-rattling at
any moment. But slowing network speeds is not a great idea for telecoms
networks who sell their services on the back of their speed capabilities,
he says.
Another sensing option has been developed, however with funding from
the US Department of Energy and Department of Homeland Security by
computer scientists at Dartmouth College in New Hampshire and the
University of Calgary in Alberta, Canada.
Led by Dartmouth's Jason Reeves, they have developed a way for
infrastructure to effectively monitor itself. The system is designed to
raise a flag when out-of-the ordinary processor behaviour occurs such
as running a motor too fast, just as Stuxnet did in 2010.
The team's software monitors the kernel a chunk of code that mediates
between the software on one side and the processor and memory on the
other.
"We detect changes in the sequence of code the program runs, ones often
introduced by malicious programs," Reeves says. "We can also verify the
operating system code to see if it has been modified by malware."
Their system, currently set up for power-grid-embedded computers running
the Linux operating system, could feasibly trigger the Tulsa team's hyper-
speed algorithm. "Our system detects the presence of untrustworthy
behaviour and leaves the response up to the administrator," Reeves says.
International Journal of Critical Infrastructure Protection
Volume 5, Issue 1, March 2012, Pages 4052
www.sciencedirect.com/science/article/pii/S1874548212000054
(and)
www.newscientist.com/article/dn21756-bullet-time-to-stop-cyber-attacks-on-
power-grids.html
--
Cheers,
Stephen
Message sent using MelbPC WebMail Server
More information about the Link
mailing list