Forum: Detection important to wage cyber-war defense

Lt. Col. Damian Donahoe, Miguel Penarada, and Joe Reynoldson discuss cyber warfare during Monday’s noon international forum held on the USD campus. (Photo by David Lias)

Lt. Col. Damian Donahoe, Miguel Penarada, and Joe Reynoldson discuss cyber warfare during Monday’s noon international forum held on the USD campus. (Photo by David Lias)

By Travis Gulbrandson

As more data is uploaded to computer networks around the world, more of modern warfare may be conducted in cyberspace.

However, while cyber warfare may have an effect, it won’t necessarily have an enduring result, said Lt. Col. Damian Donahoe, senior military science instructor at the University of South Dakota.

“(Cyber warfare) has a method that may be used to prevent something from happening or slow something down, but in and of itself, it usually doesn’t out and out destroy something,” Donahoe said.

These statements were made during an international forum called, “Are We Ready for Global Cyber War?” which took place at USD Monday afternoon.

One recent example of cyber war took place in Iran, where an attempt was made to slow down that nation’s uranium enrichment project.

“What we’ve seen with Iran is, obviously, they’ve done some things and worked around it, and they’re starting to rebuild their capability. That’s one of the things,” Donahoe said. “Cyber warfare is kind of a support function. In and of itself, it’s not the end, it’s the means that might help you get some immediate results.”

Part of the reason for this is expense, said Joe Reynoldson, information technology security officer for the University of South Dakota.

“It turns out that that’s not a cheap way of doing things, and it’s certainly not the way that things are tackled most often,” he said. “Most often, it’s these simple attacks against users. Instead of trying to launch a frontal assault against our servers, they simply get into a user account … do some reconnaissance and knock that system out.”

Even though much of what could be termed “cyber warfare” has limited long-term effects, Miguel Penarada, cyber security analyst for the state of South Dakota, said major problems can still arise due to the sheer volume of data that is stored electronically – including Social Security information, user names, passwords and e-mail addresses.

“Data can be collected very easily,” Penarada said.

This illegal data collection becomes easier as advances in technology helps modern computer viruses go through the “air gaps” created to protect servers, Reynoldson said.

“Modern malware can cross the air gap these days, so just because the system is not plugged into the Internet doesn’t mean that it can’t still get infected,” Reynoldson said.

The U.S. government has collected approximately 20 security controls to protect against these kinds of attacks, some of which are used at USD, Reynoldson said.

“There are a number of things on there, including keeping an inventory of devices, keeping secure configurations of your devices, performing boundary defense,” he said. “The important thing in the training that I did recently that they brought up time and again is that the offense has to inform the defense.

“The idea is that you need to be watching … in order to defend against it,” he said.

Donahoe agreed, saying the military is constantly looking for cracks which could compromise its computer systems.

For example, USB drives are not permitted for use on military computers, and their networks are detected by the computers automatically, Donahoe said.

To this point, Reynoldson added, “Prevention is ideal, but detection is a must.”

“The idea is not that you expect to block all possible attacks,” he said. “The idea is that you at least know an attack is happening or succeeding against you so that you can react to it.”

One thing Reynoldson hears complaints about in his position is the number of spam e-mails people on the USD server receive.

While many of the messages pass through the spam firewall, most do not, he said.

“If you were to see the graphs and could see a day where we have 250,000 inbound e-mail messages,” Reynoldson said. “We delivered less than 20,000 messages that day. We’re delivering less than 10 percent of the e-mail that’s actually coming in. The rest of it’s being blocked.

“Essentially, you can consider each one of those messages to be an attack, because it is possible that any one of those might be a phishing message designed to steal your ID and your password,” he said.

USD recently implemented some new network access controls to prevent this kind of activity.

“It’s actually able to look at traffic on the network and determine if a system is unhealthy,” Reynoldson said. “In particular, we pick out any systems that have Trojans, (which) are designed to steal your information, and possibly control of your system. So we have systems in place to watch for that kind of traffic and block it from the network.”

The international forum was sponsored by the Beacom School of Business, and was moderated by Benno Wymar.

Tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>