Cybersecurity and Cyberwar - what everyone needs to know

#ethics

Class: PHIL-282
Authors: Allan Friedman, Peter. W. Singer

Notes:

The World Wide What? Defining Cyberspace

Senator Ted Stevens' (2006) explanation: Infamously described cyberspace as a "series of tubes," which was a misinterpretation of the expert analogy of "pipes" for data connections.
William Gibson's (1984) definition: Coined the term "cyberspace" (from "cybernetics" and "space") and defined it as "A consensual hallucination experienced daily by billions of legitimate operators, in every nation... A graphic representation of data abstracted from the banks of every computer in the human system".
US Department of Defense (DoD) definitions: The "godfather of cyberspace" (funding early computing and ARPANET) has struggled to define it, issuing at least twelve different definitions.
- Early definitions rejected:
  - "notional environment in which digitized information is communicated over computer networks" (implied imaginary, only for communication).
  - "domain characterized by the use of electronics and the electromagnetic spectrum" (too broad, included everything from computers to sunlight).
- Latest DoD definition (2008): "the global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the internet, telecommunications networks, computer systems, and embedded processors and controllers".
Book's simple definition: At its essence, cyberspace is "the realm of computer networks (and the users behind them) in which information is stored, shared, and communicated online".
Essential Features of Cyberspace:
- Information Environment: Primarily made of digitized data that is created, stored, and shared. Not a physical place and defies physical measurement.
- Hybrid Nature: Not purely virtual; includes physical components like computers, systems, and infrastructure such as the Internet, closed intranets, cellular technologies, fiber-optic cables, and space-based communications.
- Man-Made and Cognitive: Its systems and technologies are human creations. It encompasses the people using computers and how their connectivity changes society. Defined by the cognitive realm (perceptions, ownership, naming) as much as physical or digital aspects.
- Global but not Stateless: Though global, it is not a "stateless" or "global commons." It relies on physical infrastructure and human users tied to geography, making it subject to human notions like sovereignty, nationality, and property.
- Constantly Evolving: A dynamic hybrid of technology and human use, continuously altering its size, scale, and governing rules. Its "topography is in constant flux".
  - Technological Evolution: From fixed-wire computers to mobile devices (e.g., car phones, iPads).
  - Evolving Expectations: Generates new norms of behavior regarding access and freedom of speech online.
  - Massive Growth & Personalization: Becomes massively larger (quintillions of bytes added daily) and more personalized, with users creating and tailoring sites (e.g., Facebook, RenRen, Twitter, Weibo).
- Critical Infrastructure: Expanded beyond communication and e-commerce (over $10 trillion/year in sales) to include essential sectors of modern civilization like agriculture, banking, healthcare, transportation, water, and power, all linked via information technology.
  - SCADA (Supervisory Control and Data Acquisition) systems: Computer systems that monitor, adjust switching, and control processes of critical infrastructure. The private sector controls roughly 90% of US critical infrastructure and uses cyberspace for these functions.
- Dominant Platform: Described as "the dominant platform for life in the 21st century," central for business, culture, and personal relationships. For many, "it is life".
- Increasing Risk: The Internet is increasingly a place of risk and danger.

How Does the Internet Actually Work?

Introduction: The 2008 Pakistan incident, where a false routing claim for YouTube traffic by Pakistan Telecom caused global misdirection and network overwhelming, highlights the importance of understanding how the Internet functions.
Information Flow (Visiting a Website):
- IP (Internet Protocol) number/address: A unique numerical label assigned to an addressable connection on the Internet, used to find servers. Your device gets one from your ISP or network.
- Router: A device that forwards data packets between computer networks, acting as a path to the broader Internet.
- DNS (Domain Name System) server: A server that translates human-memorable domain names (e.g., Brookings.edu) into their corresponding numerical IP addresses (e.g., 192.245.194.172).
  - Global and Decentralized: Organized like a tree hierarchy.
  - Root: The top of the DNS tree, serving as the orientation point.
  - Top-level domains: Categories like .uk, .com, .net, which are further subdivided (e.g., co.uk, ac.uk).
  - ICANN (Internet Corporation for Assigned Names and Numbers): A private, nonprofit organization created in 1998 that controls entry into top-level domains and handles various Internet administration tasks.
  - Registry: Manages each top-level domain and sets its internal policies.
  - Registrars: Intermediaries through which organizations obtain domain names, ensuring uniqueness.
  - Subdomains: Managed by each domain (e.g., mail.yahoo.com).
- DNS Query Process: Your computer queries the DNS system through a series of resolvers, moving up the "tree" (root → top-level domain registry like Educause for .edu → specific organization's internal name server → specific content's IP address).
Packet-Switched Network: The Internet breaks data into small digital "packets" for transmission.
- Header: The "outside" of a packet, containing details like source, destination, and basic content information.
- Delivery: Each packet is delivered independently and decentralized, then reassembled at the destination.
- Benefits: This dynamic architecture provides flexibility and resiliency. It allows multiple conversations to share the same network links and automatically reroutes traffic if a link goes down. (Note: This was developed for efficiency, not specifically for nuclear attack resilience, which is a common myth).
Data Transmission Layers (e.g., Web Page Request):
- Application Layer: Your browser interprets a command (like clicking a link) using HTTP (HyperText Transfer Protocol), which defines how web content is requested and delivered.
- Transport Layer: Responsible for breaking the data into packet-sized chunks, ensuring all chunks arrive correctly, and reassembling them in the right order.
- Network Layer: Responsible for navigating the packets across the Internet to their destination.
- Once at the destination, packets are reassembled, checked, and passed back up to the application (e.g., the web server sending content).
Internet Network Organization (Hierarchy):
- ISP (Internet Service Provider): Organizations (mostly private, for-profit, some government/community-owned) that provide Internet access and related services like email or web hosting.
- AS (Autonomous Systems): Networks forming nodes in the global Internet, defining connection architecture. Traffic is routed locally within an AS according to its policies. Each AS has IP address blocks and connections to other ASes. There are over 40,000 AS nodes globally, with shifting interconnections.
- Routing Process: The Internet uses a dynamic, distributed system. Routers examine incoming packets: if the destination is internal, it's sent to the relevant computer; otherwise, the router consults its routing table to send the packet closer to its destination.
  - Control Plane: Routers share key information (which IP addresses they manage, which networks they connect to) with other routers. This information is passed along to neighbors, allowing each router to build a temporary model of the network for routing traffic.
Trust and Vulnerability: The entire Internet system relies on trust, which can be exploited by accident or malice. The Pakistan YouTube incident showed how false routing information, when trusted, could disrupt global traffic, highlighting the importance of users and gatekeepers behaving properly.

Who Runs It? Understanding Internet Governance

Jon Postel's "First Coup d'État of the Internet" (1998): Postel, an icon in networking, sent an email asking 8 of the 12 organizations controlling the Internet's root name servers to reconfigure them to direct traffic through his computer. This temporarily shifted control away from the US government's server, illustrating the critical role of governance and the community's involvement in the network's maintenance.
Internet Governance Questions: As the Internet grew, the question of "who runs it" became paramount. Google CEO Eric Schmidt famously called the Internet "the first thing that humanity has built that humanity doesn't understand, the largest experiment in anarchy".
Unique Governance Challenges: Unlike traditional resources, digital resources are not "scarce," so governance focuses on interoperability and communication rather than distribution. However, traditional issues like representation, power, and legitimacy still arise.
Key Decision Chokepoints: Technical standards for interoperability, distribution of IP numbers, and management of the Internet's naming system. The naming system has historically caused the most conflict.
Standards Development Process:
- RFCs (Requests For Comments): Early engineers published these to gather feedback on proposed standards.
- IETF (Internet Engineering Task Force): An international, voluntary standards organization that evolved from these early engineers and researchers. It develops and modifies Internet standards and protocols. It operates through open, consensus-based working groups (sometimes using "humming" to vote), with anyone welcome to participate.
  - Security: A primary concern; all proposed standards must include an explicit "Security Considerations" section and are reviewed by a security directorate.
- IESG (Internet Engineering Steering Group): Provides oversight and guidance for the standards process and the standards themselves.
- IAB (Internet Architecture Board): Evolved from the original ARPANET management's technical advisory board, offers further oversight of the IESG.
- ISOC (Internet Society): An international group formed in 1992 that oversees most technical standards processes. It was established as an independent, international organization to safeguard open standards processes as the Internet became global and commercially important. Its power comes from its membership, which elects trustees who appoint IAB leadership.
- This nested structure (informal, semiformal, formal groups) promotes independence while ensuring accountability to the Internet community, fostering shared interest in maintaining a functioning Internet.
Property Rights and Scarce Resources:
- Unique Identifiers: Despite the Internet's apparent vastness, identifiers like IP addresses and domain names must be unique (a "zero-sum game").
- IANA (Internet Assigned Numbers Authority): Originally a collaborative effort between the US government and early researchers to apportion these unique numbers and names. Its control became increasingly important as the Internet grew.
- ICANN (Internet Corporation for Assigned Names and Numbers): Formed in 1998 as an independent, California-chartered nonprofit corporation. It took over the responsibility for distributing IP addresses in a structured way that reflects the Internet's global nature, with regional authorities now performing this role.
Challenges with ICANN:
- Conflict of Interests: Domain names define identity, leading to strong commercial and political conflicts (e.g., new top-level domains like .tech, trademark protection, free speech issues, national identity disputes like Western Sahara's claim to .eh).
- Multi-stakeholder Process: ICANN's governance model, described as "organic, open, yet non-representative," relies on consensus with advisory committees (e.g., for ISPs, intellectual property, governments). However, it's criticized for potentially favoring powerful governments and large commercial interests over less resourced civil society groups.
- Perceived US Control: Many still view ICANN as captive to US interests, as the US Department of Commerce retains overall control and delegates management to ICANN via renewable contract.
- Irreplaceability: Despite criticisms, there's no practical model for an alternative organization that could effectively represent and balance such a broad range of global interests and complex policy issues.
Key Cybersecurity Takeaway: The Internet's growth has relied on trust and open-mindedness, which are now challenged by security concerns. The Internet has always been recognized as a space that defies traditional governance models.
- David Clark's Dictum (1992): "We reject: kings, presidents and voting. We believe in: rough consensus and running code." He also noted a challenge: "What are we bad at? Growing our process to match our size".

On the Internet, How Do They Know Whether You Are a Dog? Identity and Authentication

The Challenge of Digital Identity: Illustrated by Carnegie Mellon professor Alessandor Acquisti's ability to guess Social Security numbers (SSN) from online photos, birthdates, and birth cities, highlighting how easily seemingly private information can be combined.
Identification: The act of mapping an entity (person, object) to some information about that entity.
- SSN Use: SSNs were adopted as unique identifiers in the computer world because every American had one, making it convenient to differentiate individuals in databases, despite not being originally intended for identification and once explicitly stating "not for identification". Organizations incorrectly assumed they were secret because they weren't published.
Authentication: The proof of an identification. Traditionally defined by "something you know, something you have, or something you are".
- Something you know: Typically a password, a secret known presumably only by the correct person.
  - Weaknesses: Can be guessed, broken, requires memorization, and reuse across systems increases vulnerability.
- Something you have: A physical component with limited access (e.g., an ATM card, a mobile phone used to receive a one-time code).
  - Weaknesses: Can be stolen or forged.
- Something you are (Biometric): A recognizable personal trait (e.g., facial recognition, retina scan, fingerprint).
  - Weaknesses: Can be compromised (e.g., forged fingerprints using Gummy Bear candy, or even amputated fingers).
Bolstering Authentication Measures:
- Trusted Friends: Contacting trusted friends to confirm an individual's identity (the "who you know" principle).
- Cost of Exploitation: Factoring in the time and effort an attacker would need to fake an identity or maintain a presence (e.g., on social media).
Authorization: After a system identifies and authenticates a user, authorization determines what that user is permitted to do.
- Scope: In an interconnected world, authorization can grant access to virtually anything, linking technical issues to policy, business, political, and moral questions (e.g., age for online gambling, access to classified military networks).
- Failures: Poor authorization was a key factor in major leaks like Bradley Manning/WikiLeaks (2010) and Edward Snowden (2013), where individuals with excessive access could copy vast amounts of sensitive data.
Anonymity vs. Identifiability ("On the Internet, nobody knows you're a dog"): While the famous cartoon suggests anonymity, private details can still be found.
- IP (Internet Protocol) Address: Every online activity involves data routed from an IP address. For consumers, IP addresses are often dynamic (assigned temporarily by an ISP).
- ISP Data Retention: ISPs can correlate an IP address at a specific date/time to a particular subscriber, providing information about geographic location and access means.
- Privacy Concerns: The concern is the potential to combine IP address data with other online and offline information to make high-probability guesses about an individual's activities (e.g., the Petraeus scandal).
- Limitations of IP as Identity Proof: An IP address is not direct proof of identity; sophisticated users can disguise or hide their IP address.
- Other Identifying Data: Even browsing and clicking patterns can be used to identify users.
Digital Identity Balance: Cybersecurity involves balancing protecting and sharing information. Limiting collected information enhances privacy and prevents sophisticated authentication fraud, but systems are incentivized to maximize data collection for their own goals.

What Do We Mean by 'Security' Anyway?

Definition of a Security Problem: A malfunction where the deviation between expected and actual system behavior is caused by an adversary (rather than a simple error or accident).
Adversarial Component: Security is inherently about the presence of an adversary. A cyber problem only becomes a cybersecurity issue if an adversary seeks to gain something (e.g., private information, system undermining, preventing legitimate use).
- Example: A 2011 FAA airspace shutdown due to a software glitch was not a security issue because no adversary was involved. If it were a hack, it would be.
Canonical Goals of Security (CIA Triad):
- Confidentiality: Keeping data private and protecting valuable information from unauthorized access. This includes internal secrets, sensitive personal data, and transactional data. Supported by tools like encryption and access control, as well as legal protections.
- Integrity: Ensuring that a system and its data have not been improperly altered or changed without authorization. It provides confidence that the system will behave as expected and be available.
  - Sophisticated Attacks: Integrity is often targeted by sophisticated attackers who subvert detection mechanisms (e.g., the Stuxnet virus made compromised systems report normal function while sabotaging them).
- Availability: Ensuring the system can be used as anticipated. It becomes a security concern when an adversary exploits a lack of availability by either depriving users of a system (e.g., GPS loss for military) or threatening its loss, as in a "ransomware" attack.
Resilience (Additional Property): The ability of a system to endure security threats and limited failures in defenses, remaining operational despite continuous attacks. It involves prioritizing resources, protecting key assets, and restoring normal operations following an incident.
Multifaceted Nature of Security: Security issues are not solely technical; they also involve organizational, legal, economic, and social aspects.
Limits and Trade-offs: Achieving security always involves trade-offs (e.g., cost, time, convenience, capabilities, liberties). Absolute security is unattainable short of completely disconnecting a system ("pulling the plug").

How Do We Trust in Cyberspace?

Foundation of Online Trust: Built upon cryptography, the practice of secure communications. Cryptography is crucial for both confidentiality (keeping information private) and integrity (detecting tampering).
Key Cryptographic Building Blocks:
- Hash: A hash function takes any piece of data and maps it to a smaller, fixed-length output.
  - One-way property: Makes it very difficult to determine the original data from the hash output.
  - Collision resistance: Extremely hard to find two different inputs that produce the same hash output.
  - Use: Functions as a "fingerprint" for a document or email to verify its integrity; if a document's fingerprint doesn't match a trusted one, it's been altered.
Introducing Identity for Trust:
- Asymmetric Encryption (Public Key Cryptography): A method that solves the problem of securely exchanging secret keys between parties who have never met.
  - Key Pair: Involves a public key (shared with everyone) and a private key (kept secret). Data encrypted with one key in the pair can only be decrypted with the other.
- Digital Signature: Combines the concept of a digital fingerprint with public key cryptography.
  - Process: A sender (e.g., Alice) creates a fingerprint of a document, encrypts it with her private key (her "signature"), and sends it along with the unencrypted document. The receiver (e.g., Bob) uses Alice's public key to verify the signature and compares it with a fingerprint he generates from the unencrypted document. A mismatch indicates tampering.
  - Benefit: Provides integrity for any data and enables "transitive trust" (trust extending through a chain of verified signatures).
Source of Public Key Trust (Trusted Third Parties):
- Certificates: Asymmetric cryptography requires a way to trust that a public key genuinely belongs to the claimed entity. This is achieved through "digital certificates" issued by trusted third parties.
- CA (Certificate Authority): Organizations that produce and sign these digital certificates, explicitly tying an entity to a public key. Their public keys are widely known to prevent spoofing. Trusting a CA allows you to trust the public key it signs.
- Daily Use: This system is used constantly when visiting HTTPS websites; the browser verifies the secure connection using certificates signed by CAs, ensuring the server's identity and enabling secure communication by exchanging encryption keys.
- Vulnerability of CAs: CAs are critical chokepoints. If a CA's signing key is stolen, attackers can intercept "secure" traffic without detection (e.g., the 2011 interception of Iranian Gmail access). The large number of CAs globally, some in countries with questionable security practices, raises concerns.
Systems Trusting Users (Access Control):
- Access Control: After identification and authentication, a system uses "access control" to determine what a user is authorized to do.
- Access Control Policy: The core of any system, a matrix defining who (subjects) can do what (actions like read, write, execute) to whom (objects like files or systems). Policies can be simple or highly complex.
  - Challenges: Requires a clear understanding of organizational roles, system architecture, and anticipating future needs. Extremely difficult, possibly impossible, for large organizations.
- Failures: Poor access control has led to major cyber scandals, such as Bradley Manning/WikiLeaks (2010) and Edward Snowden (2013). These cases demonstrate issues like granting low-level individuals default access to vast amounts of data and inadequate logging/auditing of access.
- Overprovisioning vs. Underprovisioning: Most organizations either grant too much access (overentitlement, leading to breaches, conflict of interest risks, loss of intellectual property) or too little access (underentitlement, hindering operations, posing risks in critical fields like healthcare and intelligence).
Human Factor in Trust: Even with technology, trust ultimately depends on human psychology and explicit risk calculations. Human decisions, like those that allowed Pac-Man onto a voting machine, have tangible consequences.