Sunday, December 13, 2009

NY Times reports on Russian/US security talks; implications for home users

The New York Times is reporting, on Sunday Dec. 13, improved communication between the US and Russia in talking about cybersecurity. The paper copy front page title is “In reversal, U.S. talks to Russia on Web Security; Rise of Cyberweapons; Goal is to strengthen network defenses against attacks”, link here. It's true that a lot of the substance of the talk comes from the hacker attacks on US government facilities last summer, with shocking effectiveness. Will bad guys focus on large, obvious targets (like governments and banks) or possibly try to undermine confidence at the grass roots level (which worms already do as they make machines into zombies)?

Nevertheless, the importance of the story to the typical home or small business user is in its elaboration of the three main threats: (1) logic bombs (2) botnet attacks, recruiting home machines as zombies, and (3) microwave EMP weapons.

“Logic bombs” were a security issue well known in the “mainframe era”, particularly in financial systems, and are prevented by properly using source and elevation management software (to ensure that load modules and source code match). The same concept should be used with any systems on a small business where programs are compiled or linked into executables (we could get into the security questions around java byte code if we took the time).

The Botnet issue, sometimes associated with DOS attacks, raise the question of how much legal responsibility we should expect of the home and small business user to properly protect his computers from viruses and worms. The proper use of firewalls in a wireless environment has now complicated the issue and the answers (how to use different companies in combination with what Microsoft provides) are a bit murky; I hope Windows 7 is going to help settle this.

The EMP issue is known in conservative talk circuits as a doomsday terror scenario, but the microwave would be a smaller scale version of this (explored in the movie “Oceans 11”). There is little that the home user could do besides make offsite backups and optical device (CD) rather than magnetic backups. It’s possible that innovation will lead to commercial development (by security companies) and home use Faraday cages to protect personal installations. The article may have been motivated by a generally obscure Washington Times story last spring about an Aberdeen Proving Grounds engineer who back in 2001 showed how a truck-mounted microwave could be designed to be driven through an areas and disable it. Our own government constantly plays with deadly scenarios.

No comments: