Homeland Security in the Digital Age
Mar 15, 2006

Cyber crime is an asymmetrical threat that requires defenders to have the right tools and a greater ability to collaborate across traditional boundaries.

Traditionally, a nation under attack defends itself at defined perimeters of land, sea and sky. Now, the growth of digital technology has pushed homeland defence beyond these boundaries into the virtual plane where the Internet is a continuously morphing front.

Financial services, energy, transportation, emergency services, food production and health care industries all rely on computers and digital information exchange, as do governments. All are susceptible to hackers, viruses and worms that can cripple computer networks, and expose critical data to misappropriation.

Last year, a security breach at a payment processing company enabled a hacker to defraud at least 264,000 Visa and MasterCard account holders, according to evidence gathered in the case to date. Foreign intelligence agencies and organized crime have hacked Canadian targets such as the Prime Minister’s Office, the departments of Foreign Affairs and National Defence, and the central bank, “mining” information deemed to be of value.

Such high-profile attacks against government and corporate networks have proliferated over the past few years. The growing incidence of malware and online fraud indicates that organized crime syndicates and terrorist cells are using the pervasiveness and anonymity of the Web to wage war against specific targets. Furthermore, international money laundering investigations have uncovered links between radical power agendas and illicit income from cyber crime, which the FBI estimates has cost the global economy about US$400 billion in 2004.

Lines between criminal and terrorist groups operating on the Internet are blurring. Criminal elements are not only using technology to their advantage, they are also forming illicit partnerships and ­sharing information. This puts legitimate society in the uncomfortable position of having its own tools used against itself. Public and private organizations are therefore natural allies against a shared enemy that seeks to corrupt the digital infrastructure vital to our global economy.

Public-Private Partnerships
Partnerships are one of the five “Ps” of the holistic security approach that has become essential to fend off asymmetrical attacks on the digital front. Working in tandem with the other four elements – policies, processes, people and products – partnerships have proved crucial to achieving an end-to-end security solution that helps ensure networks are continually protected. Together, the five “Ps” form a security framework where the whole is not only greater than the sum of its parts, but each part must be approached as a whole as well.

Policy sets a solid security foundation in place, and defines responsibilities and expectations. Processes are measures that assist in implementing policies, such as compliance inspections or vulnerability assessments. The people aspect involves education and training, so individuals within businesses and government understand their roles and responsibilities regarding computer security.

Products deliver security safeguards through built-in or added features such as firewalls and user authentication. Partnerships – either with vendors, consultants or peers – enable people to share experiences and develop standards based on what works.

With public-private partnerships to encourage best practices, the other steps toward manageable security include:

  • Identify elements that are crucial to the business of the organization;
  • Identify network security threats;
  • Select comprehensive safeguards to address these threats;
  • Measure deployed safeguards to ensure their effectiveness;
  • Encourage information sharing, and facilitate security best practices; and
  • Advise all when there is a breach and/or a remedy.

Government Collaboration
In addition to partnering with the private sector, all levels of government should work together to address homeland security solutions. Traditionally, such collaboration has been hampered by red tape and internal policies that limit the sharing of information on a “need-to-know” basis.

However, the growing number of terrorist attacks proves that malicious users are routinely co-opting technology to share information. Events such as the London bombings and 9/11 are precursors to command and control attacks that blend cyber terrorism with physical terrorism to simultaneously disrupt critical economic infrastructure. Governments must become equally or, preferably, more technologically adept than cyber criminals in order to safeguard against such attacks.

Many governments are now working to become more efficient and effective in addressing threats to national security, economic strength, and public safety through cooperative projects and information sharing. Effective collaboration is focused on computer incident response, attack mitigation, and citizen outreach.

For example, the Canadian federal government is taking steps to protect the country’s critical infrastructure by establishing the Canadian Cyber Incident Response Centre (CCIRC) in Ottawa, as a focal point for dealing with cyber security threats. The agency has been given a ­central role in security operations, with a focus on information exchange between with the private sector and other levels of government. This includes sharing ­operational information, such as incident reports and summaries from various ­jurisdictions defining the types of threats they are seeing, and information about possible new threats on the horizon.

Crisis Response Tools
Technology is evolving to support this essential sharing of information. In the context of holistic security, the “products” element of the equation helps to strengthen the “partnership” and “people” elements by providing the necessary tools for crisis mitigation and response. Web services security, the virtualization of data storage, and federated identity management, which recognizes single users across multiple shared networks, are some of the technologies underpinning government collaboration.

Partnering with companies in the technology sector is helping Defence Research and Development Canada (DRDC) develop innovative products that support Canada’s military personnel and national defence operations. In its most recent annual report, the agency put the value of collaboration with industry at $40.1 million dollars for the fiscal year in 2003-2004.

Among other things, DRDC is developing a computer program in conjunction with Concordia University to calculate the Radar Cross Section (RCS) of Canadian Forces platforms. The ability to model a ship’s RCS can be used to minimize its signature, either at the design stage or by applying patches of radar absorbent material to hot-spot areas that are prone to reflection. This research will ultimately provide Canadian ships with greater protection from detection by unfriendly forces.

Communications technologies, such as voice-over-IP, and video-enabled mobile computing devices, are also becoming valuable rapid response tools during crises. Police ­officers and firefighters can use these capabilities for instant access to information, or to remotely view the scene of a crime or disaster.

Web services are enabling collaboration across wide geographic areas to help restore order in the aftermath of a disaster. For example, Info-Share – a Sri Lankan non-profit organization that uses technology for conflict transformation and virtual negotiations – has created an online repository of information and virtual ­volunteers as a locus for coordinating humanitarian and logistical efforts following the 2004 Asian tsunami.

In the digital era, security is a constant battle that requires both diligence by organizations and collaboration across multiple government and business stakeholders. With a comprehensive security strategy in place, strengthened by solid partnerships and access to the right tools, society will be better prepared to meet attacks that threaten homeland defences on the virtual front.

John Weigelt is the National Technology Officer for Microsoft Canada. John is responsible for advocating the technical needs of local government, education and academic agencies to key Microsoft stake­holders at a regional and corporate level.
© FrontLine Security 2006