Preventing a 'Cyber-Pearl Harbor'

Uploaded by PBSNewsHour on 16.04.2012

bjbjLULU JEFFREY BROWN: And now to our second look at privacy online and a story about protecting
computers from cyber-attacks. NewsHour correspondent Tom Bearden reports. MAN: Utahans' Social
Security numbers, names, addresses, birth dates. TOM BEARDEN: Nine hundred thousand
people had their names, addresses, and Social Security numbers stolen when the Utah Health
Department's server was hacked. This kind of thing happens more often than most people
realize: Web sites taken down, high-tech secrets stolen, intellectual property rights violated,
and individuals swindled. But Douglas Maughan says there's much more at stake than just
crime. He heads the Department of Homeland Security's Cyber Security Division. DOUGLAS
MAUGHAN, Department of Homeland Security Cyber Security Division: The infrastructure that
needs to be protected are those critical infrastructures, not just the Internet, but the finance sector,
electric sector, oil and gas. And all of the major critical infrastructures are running
systems that are commodity and subject to attack. TOM BEARDEN: Those sectors are increasingly
vulnerable because they're now connected to outside systems. People can directly access
their bank accounts, for example. Clifford Neuman is the director of the University of
Southern California's Center for Computer System Security. CLIFFORD NEUMAN, director,
University of Southern California Center for Computer System Security: If we interconnect
more and more, it means that an adversary that is able to compromise one part of the
system, a part that we might not have thought of as being critical, is able to have impact
on other parts of the system. TOM BEARDEN: Even a prank like changing a highway sign
reveals vulnerability. Computer scientist Alefiya Hussain. ALEFIYA HUSSAIN, computer
scientist: There are several reports of how people have actually infiltrated these networks
and -- by changing these overhead signs created incidences on these highways. TOM BEARDEN:
All these scientists work at DETERlab, a 500-computer government-funded testing facility where students,
researchers and security companies can try out hardware and software to prevent and defeat
cyber-attacks. TERRY BENZEL, Information Research Institute: I'm working on the annual plan.
I need to make sure that we get that updated. TOM BEARDEN: Deputy Director Terry Benzel
says there's plenty of work to do. TERRY BENZEL: Despite, you know, millions and millions of
dollars of government investment in cyber-security and industry investment in cyber-security,
we are still as a nation wholly vulnerable, no question about it. TOM BEARDEN: If we're
so vulnerable, are you surprised we haven't suffered more serious attacks on infrastructure?
TERRY BENZEL: Yes. So, all of us in my community, we talk about cyber-Pearl Harbor. And it's
not if. It's when. TOM BEARDEN: And DETER network research director John Wroclawski
says it's not just hackers and would-be terrorists. JOHN WROCLAWSKI, network research director:
The other half of the problem and in fact the much more common thing is just some untoward
event, you know, when you think about the major power grid failures that we occasionally
have, you know, the blackouts, things like that. TOM BEARDEN: So how does DETERlab help?
TERRY BENZEL: So, here by having a fixed facility that you run your experiments in, you can
run multiple what-if scenarios, collect your data, repeat those and share your results
with the rest of the research community. TOM BEARDEN: I'm reminded of a guy who built a
race car and take to it the track and see if it works. TERRY BENZEL: Exactly. Right.
TOM BEARDEN: Wroclawski says it's a very special racetrack. JOHN WROCLAWSKI: The racetrack
that can create all sorts of conditions that the car would face and also has a lot of instrumentation
to understand what happens when that car faces them. TOM BEARDEN: DETERlab was started in
2003 with money from the National Science Foundation, which is a also funder of the
NewsHour, and the Department of Homeland Security. Benzel says one of DETERlab's most powerful
features is the ability to provide accurate simulations of very large computer networks.
TERRY BENZEL: When we want to run our tests, we need a secure, safe environment to run
those tests on that we can't run if it's going to break the Internet. If what we're trying
to do is test something which breaks the Internet or breaks network security in an enterprise,
we give you an environment to be able to do that in a safe way. TOM BEARDEN: DETERlab
runs simulations of cyber-attacks, like one called a distributed denial of service. Attackers
secretly plant software on personal and corporate machines and then use those computers to send
an avalanche of messages to a website. The servers under attack are overwhelmed and the
site shuts down. MAN: And so we're studying the various components of the experiment.
TOM BEARDEN: Ted Farber and Mike Ryan showed us how they simulate, then defeat such an
attack. MAN: See, the attack represents itself as the infections happen as explosions. That
lets the researcher know qualitatively that the worm is spreading. You will see a representation
of the attack as it sort of focuses across the network forming. TOM BEARDEN: The simulation
goes on to show how the software being tested reroutes the traffic to other parts of the
network and takes the pressure off the targeted site. DETERlab also allows companies to simulate
their own internal or enterprise networks and see how various attack scenarios play
out. ALEFIYA HUSSAIN: So our goal is to sort of add security by design, to enable you to
design your networks in a way so that you can actually, rather than add security as
an afterthought, you can actually design security into your system right from the start. YOUNG
CHO, University of Southern California: Today's lecture, lecture four. TOM BEARDEN: DETERlab
has also revolutionized how cyber-security is taught. USC assistant professor Young Cho
says he used to teach these classes in rooms full of equipment that had to be shared, severely
limiting student access. They also couldn't do experiments that posed any danger to the
equipment. YOUNG CHO: By transitioning this class into using DETER, we now can do several
different kinds of experiments and destroy whatever is happening in that network. And
yet you could just swap out the image. TOM BEARDEN: Now students can log in to DETERlab
from practically anywhere to run and monitor their experiments remotely. UCLA student Erik
Kline runs a lot of experiments that way. I would think it's a feeling of power to have
500 machines under your control. ERIK KLINE, UCLA student: Sometimes it is. But I can't
get those machines to do anything that one might call evil. So, I mean, it's nice to
-- for example, when you're doing a denial of service defense attacks, I mean, defense
measurements, you can get 500 machines to attack one of the machines and you are like,
oh, yeah. But I can't get them to attack anything outside the test bed, which of course is a
good thing from, you know, a legal standpoint. TOM BEARDEN: From society's standpoint, yes.
ERIK KLINE: Yes, exactly. But it's kind of fun to be able to go, oh, that guy, I don't
like him. Let me just send my 500 minions after him. But I guess that's what I'm trying
to fix, not cause. TOM BEARDEN: At DETERlab, they want to encourage more and even younger
students to use the facility. But they also see their mission as educating utilities and
others who they think are the most at risk. Do you get pushback from companies who say
this just isn't worth my time? DOUGLAS MAUGHAN: Sure. A lot of this is an unfunded mandate.
They may not have -- security is not necessarily a primary concern for them. They're -- especially
in critical infrastructure, they're more worried about things like availability of service.
So, again, it's an education problem to try to help them understand the nature of the
threat and the criticality of what would happen if they were compromised and try to get them
to provide those services and those capabilities in their infrastructure. TOM BEARDEN: The
people who run DETERlab hope the lesson is learned before a future cyber-attack causes
massive disruption. JEFFREY BROWN: Tom has more on this story in a blog post you can
find on our website, urn:schemas-microsoft-com:office:smarttags PlaceType urn:schemas-microsoft-com:office:smarttags
PlaceName urn:schemas-microsoft-com:office:smarttags place JEFFREY BROWN: And now to our second
look at privacy online and a story about protecting computers from cyber-attacks Normal Microsoft
Office Word TEu3 JEFFREY BROWN: And now to our second look at privacy online and a story
about protecting computers from cyber-attacks Title Microsoft Office Word Document MSWordDoc