Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010

Issues Protection of Infrastructure Protection of Resources ◦ Governments ◦ Industry ◦ Individuals Protection of Intellectual Property Identity Theft Enabling Criminal Investigation

Malware Malicious Software ◦ Viruses ◦ Worms ◦ Trojans ◦ Root Kits ◦ Spyware

Malware

US-CERT Incident Categories CAT 1: Unauthorized Access CAT 2: Denial of Service (DoS) CAT 3: Malicious Code CAT 4: Improper Usage (based on Policy) CAT 5: Scans, Probes, or Attempted Access CAT 6: Under Investigation

US-CERT Reported Cyberspace Security Incidents by Category Quarterly Trends FY09 Q1 (June 2009) Quarterly Trends FY06 Q3 (June 2006)

US-CERT Reported Cyberspace Security Incidents Quarterly Trends FY09 Q1 (June 2009) Quarterly Trends FY07 Q4 (December 2007)

DDoS Attacks DDoS Attacks (Last Two Years)

Infection Rates Code Red ◦ 150,000 computers in 14 hours NIMDA ◦ Nationwide in 1 hour

Example: Spread of the Witty Worm Figure 2: The exponential spread of the Witty worm. The number of active machines in five minutes (green line) stabilized after 45 minutes, indicating that almost all of the vulnerable machines had been compromised. After that point, dynamic addressing (e.g. DHCP) caused the cumulative IP address total (the red line) to continue to rise. We estimate the total number of hosts infected by the Witty worm to be 12,000 hosts at most. Shannon, Colleen and David Moore. “The Spread of the Witty Worm”, CAIDA,

Uses of Botnets Distributed Denial of Service Attacks Spamming Sniffing Traffic Keylogging Spreading New Malware Leveraging Advertising Manipulating Polls and Games Mass Identity Theft

Spam by Botnet Type

Example: Rustock

Botnet Statistics September 2006: Botnets capable of generating10-20Gbps of junk data Davos 2007: Up to 25% (150 million hosts) may be participants in a botnet Last two year trends [ShadowServer]

Hosts on the Internet

Quality of Software US CERT [ Through Q3 2008

Zero AV Detection

IPV4 Network Routing

IPV4 Packet Fields

IPV4 Infrastructure RIPE NCC (January 2010)

National Policy National Strategy to Secure Cyberspace, 2003 ◦ Public-private engagement through DHS ◦ Federal Priorities I.A National Cyberspace Security Response System II.A National Cyberspace Security Threat and Vulnerability Reduction Program III.A National Cyberspace Security Awareness and Training Program IV.Securing Governments’ Cyberspace V.National Security and International Federal Information Security Management Act, 2002 (FISMA)

National Strategy to Secure Cyberspace, p. 9

Guiding Principles A national effect Use government to facilitate / communicate Protect privacy and civil liberties Regulations and market forces Leverage market forces Accountability and responsibility Ensure flexibility Multiyear planning

Government Involvement II. A National Cyberspace Security Threat and Vulnerability Reduction Program Include efforts to ◦ Identify and remediate existing vulnerabilities ◦ Develop systems with fewer vulnerabilities With goals and objectives including ◦ Securing mechanisms of the internet ◦ Improving the security and resilience of key internet protocols ◦ Promoting improved internet routing ◦ Improve management (of the internet)

DHS NIPP-Cyber Security (National Infrastructure Protection Plan) Industry-specific partnership: IT Sector ◦ IT SCC Sector Coordinating Council ◦ IT GCC Government Coordinating Council ◦ IT ISAC Information Sharing and Analysis Center ◦ US-CERT U.S. Computer Emergency Readiness Team

Security Industry 2005: $4 billion with 13.6% Growth (Gartner)