Research paper: "Development of a Cyber Warfare Training Prototype for Current Simulations"

One of my research directions I'm taking is simulation of security incidents and cyber security conflicts.  So, I'm searching for research papers that present work about that particular topic and one of them is the paper "Development of a Cyber Warfare Training Prototype for Current Simulations". I found out for this paper via announcement made on SCADASEC mailing list. The interesting thing is that the given paper couldn't be found on Google Scholar at the time this post was written. Anyway, it was presented on Fall 2014 Simulation Interoperability Workshop organized by Simulation Interoperability Standards Organization (SISO). All papers presented on the Workshop are freely available on SISO Web pages. The given workshop is, according to papers presented, mainly oriented towards military applications of simulation. Note that cybersecurity simulations only started to appear but the use of simulations in military are old thing.

Reading the paper Development of a Cyber Warfare Training Prototype for Current Simulations was valuable experience because I met for the first time a number of new terms specific to military domain. Also, there are references worth taking a look at, what I'm going to do.

In the end, I had the following conclusions about the paper:

1. The paper talks about integrating cyber domain into  existing combat simulation tools. So, they are not interested in having a cybersecurity domain specific/isolated simulation tool. It might be extrapolated that this is based on the US military requirements.
2. When the authors talk about cyber warfare training what they are basically describing is a cyber attack on command and control (C&C) infrastructure used on a battlefield.
3. The main contribution of the paper is a description of requirements gathering phase based on use cases (section 3) and proposed component that would allow implementation of proposed scenarios (section 4).

Nortel security breach...

This story is unbelievable example of doing security totally wrong and being totally irresponsible to customers and shareholders but also to one's own country!

What happened is that attackers (supposedly, but very probably, from China) obtained passwords of Nortel's seven top executives and used them to gain access into corporate network. Once in, they installed rootkits that allowed them to monitor everything what happened within the company! After some employees detected that there is a breach, top executives apparently didn't do anything to stop it, asses damages and introduce controls to prevent it. Not only that, but they (according to some comments) were the first ones to blame for a breach as a directly responsible because of their careless behavior.

What is basically even more serious is that Nortel, as well as any other company, has obligation towards its customers to keep them safe! Namely, by compromising Nortel it is highly likely, especially with a breach of such a size, that Nortel's products were compromised and that attackers had access to them. By gaining access to those products attackers certainly gained access to vulnerabilities which allowed them to endanger Nortel's customers too! This is unbelievable, and I have no words to express how I feel about it. It's like being in a Twilight Zone!

Also, shareholders were also victims because top management didn't properly protect company's assets and thus, they indirectly incurred damages to the company!

I believe that there have to be laws regulating such behavior as those are damaging to everyone, as I tried to explain. And without laws, nothing can be done to prosecute those responsible for such behavior!

Sigurnosni problemi u susjedstvu...

Vrlo zanimljivo kako naši novinari nisu popratili probleme u susjedstvu s kompromitiranjem kreditnih kartica, tim više što su u cijelu priču uključene i banke koje djeluju i na teritoriju Republike Hrvatske. Ova vijest je već i dosta stara, s obzirom da je od objave prošlo već dva mjeseca, a od samog incidenta vjerojatno i više.

Jako malo informacija je dostupno što se točno desilo te se sve svodi na nagađanje. Čini se kako je došlo do kompromitiranja nekog procesora (nije objavljeno kojega) te da su ugrožene samo Visa kartice (nekih 20-tak tisuća). Da li je problema bilo i u HR ne znam, ali moguće je jer se očito radi o međunarodnom incidentu.

Interesantno je kako bi svi procesori morali biti usklađeni s PCI DSS preporukama, te da bi to trebalo umanjiti mogućnost uspješnog napada. No, u konačnici ovo pokazuje kako ipak problema ima te da smo daleko od pravog rješenja, ako ga uopće ikada i ostvariom.