Ryan W Smith

Ryan W Smith http://www.ryanwsmith.com Cyber Warfare and International Relations Enthusiast Mon, 22 Jun 2009 01:52:41 +0000 http://wordpress.org/?v=2.7.1 en hourly 1 Military Academy Cyber Defense Exercise http://www.ryanwsmith.com/?p=199 http://www.ryanwsmith.com/?p=199#comments Tue, 12 May 2009 04:07:47 +0000 admin http://www.ryanwsmith.com/?p=199 article about the US military academies' cyber defense exercise. This annual event has taken place since 2000, and has been growing stronger ever since. There are three major categories of teams, the blue teams, the white team, and the red team. The blue teams (the students) are charged with defending the networks they've spent months designing from the relentless attacks of the red team (NSA staffed team). The white team acts as an impartial judge, scoring the teams, and resolving any ambiguities that may arise during the competition. The primary distinguishing feature of this exercise is that the blue teams design their networks from scratch, and are only given a set of requirements and services that their network must provide. The other notable feature is the quality of the red team, as the NSA is widely known to be the best in the business when it comes to Computer Network Exploitation (CNE) and Attack (CNA).

In 2004 a group of mostly academics, including myself and another student from The University of Texas, and representatives from West Point met in San Antonio to discuss the feasibility of an intercollegiate cyber defense exercise. Out of this, members from The University of Texas - San Antonio, The University of Texas - Austin, and Texas A&M met together to lay the foundations of the Collegiate Cyber Defense Competition (CCDC) hosted by The University of Texas - San Antonio. The first competition was held in 2005, and consisted of only 5 teams. Since then it has grown considerably, the competition held held in 2009 consisted of over 40 teams competing in 8 regional competitions all over the US, with the top team from each region moving on to nationals in San Antonio. This competition is a bit different than the military CDX, in that the teams are given a network on the first day and they only have 1 hour to analyze it and secure it before the red team starts attacking. I had the great joy this year of competing on the red team for the northeast region held at RIT. As a participant in the first annual CCDC, I can safely say that it is far more fun and less stressful to be on the red team than the blue team.

It should be noted that both of these competitions have the students focus on defense and defense alone. There are other competitions that do focus on offense as well as defense, notably DEFCON's CTF and Giovanni Vigna's iCTF. Understandably, academics and other officials have been shy when it comes to teaching students the offensive side of computer and network security, but with more and more public talk about the need for more offense coming from on high, I think this will change sooner rather than later. Sun Tzu wrote many years ago that you must not only know yourself, but know your enemy as well. If one is to truly defend themselves against a motivated and skilled attacker, they must first know their enemy's tools, techniques, and motivations.

These types of fast-paced, enhanced real life scenarios are critical for preparing the next generation of cyber defenders for either industry or military positions, and the military academies' CDX has certainly set the bar high.]]> http://www.ryanwsmith.com/?feed=rss2&p=199 Personal Site Branched http://www.ryanwsmith.com/?p=195 http://www.ryanwsmith.com/?p=195#comments Mon, 11 May 2009 04:46:59 +0000 admin http://www.ryanwsmith.com/?p=195 http://www.RyanWSmith.com/personal. Its purpose is mostly to keep family and friends up to date, but feel free to peruse it if you're curious. The upshot is that from this point forward, I'll only post academic links on this site, Enjoy!]]> http://www.ryanwsmith.com/?feed=rss2&p=195 New report on Computer Network Attack (CNA) http://www.ryanwsmith.com/?p=159 http://www.ryanwsmith.com/?p=159#comments Wed, 29 Apr 2009 19:05:25 +0000 admin http://www.ryanwsmith.com/?p=159

The National Academies Have just released a report titled "Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities" at 1pm EST April 29, 2009. The short description from their site is:

"Cyberattack refers to deliberate actions to alter, disrupt, deceive, degrade, or destroy computer systems or networks or the information and/or programs resident in or transiting these systems or networks. This report focuses on the use of cyberattack as an instrument of U.S. national policy."

Essentially this is a guidance document for policy makers on the area of computer network attack (CNA) as a means of offensive capabilities.

I have heard several high level officials recently stating that we need to develop our offensive capabilities since cyber warfare is asymmetric, which by definition means that the offensive side is favored. I've also heard a lot of nuclear analogies like mutually assured destruction, deterrence, first strike, and proliferation, which can be hit or miss. This report is the most comprehensive policy report that I've seen to date on this topic, weighing in at a stout 300+ pages. Of particular interest to me is the inclusion of a legal and ethical perspective. I'm going to a presentation tomorrow night at the Harvard Belfer Center titled "Cyberattacks Through the Lens of International Law" that will discuss this topic at length.

I expect that I'll have much more to say about this when I read it more thoroughly. At first glance the key findings are inline with what I've heard in various places, although it seems to be much more comprehensive and substantiated than others I've seen.

If you have any views or opinions on the matter, feel free to express them here! . ]]> http://www.ryanwsmith.com/?feed=rss2&p=159 Botnets a thing of the past? http://www.ryanwsmith.com/?p=154 http://www.ryanwsmith.com/?p=154#comments Tue, 28 Apr 2009 22:56:29 +0000 admin http://www.ryanwsmith.com/?p=154 Conficker), and will be less detectible. So long as there are large numbers of vulnerable computers, botnets won't die, they'll evolve.]]> CRS reports on illicit cyber activity. These are people who do research and write reports and recommendations for Congress, so they have a relatively large amount of influence in the policy community. It should be noted that this is not a pervasive view, but it is said to be established and growing.

I'm not saying that this view is wrong, but it will take quite a bit of evidence to the contrary to get me to change my opinion. In my opinion botnets aren't going to go away, but they will certainly evolve. No longer will they be used for simple denial of service (although that probably won't go away entirely), but they'll also be used for financial gain, distributed computing, distributed storage, and wide scale subversion. We saw the beginnings of this many years ago when an underground credit card ring was caught by The Honeynet Project. The bottom line is, people will never cease to find new ways to use thousands or millions of computers under their illicit control, and botnets provide them that ability.

That said, botnets of today will wane as the technology progresses, becoming the toys of the script kiddies. New botnets will have better command and control structure, will have diverse methods of propagation, will themselves be more secure (see: Conficker), and will be less detectible. So long as there are large numbers of vulnerable computers, botnets won't die, they'll evolve.

Got something to say? Let it out! ]]> http://www.ryanwsmith.com/?feed=rss2&p=154 Cyber* Scare Tactics http://www.ryanwsmith.com/?p=135 http://www.ryanwsmith.com/?p=135#comments Tue, 28 Apr 2009 04:00:27 +0000 admin http://www.ryanwsmith.com/?p=135 "10 easy steps to writing the scariest cyberwarfare article ever". It's written in a tongue in cheek manner, but there's a lot of truth to it, everywhere you look there's another article about how the boogeymen are going to take over the Internet.... So those of you reading the news, take it with a grain of salt... the sky isn't falling, it's just a little rain (and the occasional tornado :). Those of you with enough knowledge and ability to write about cyberwarfare in an intelligent manner should take it upon yourself to write a factual interpretation of the events to offset the deluge of FUD coming from most major news sources. ]]> "10 easy steps to writing the scariest cyberwarfare article ever". It's written in a tongue in cheek manner, but there's a lot of truth to it, everywhere you look there's another article about how the boogeymen are going to take over the Internet.

The truth of the matter is, there are a lot of highly (and not so highly) skilled people who wish to use our dear Internet for their own nefarious purposes. Despite what the media would make it seem, this is nothing new. This has been going on since two computers were connected to each other, before that people attacked the phone system, and so the story goes for whatever the technology of the time may be. What is new is that nation states are now publicly suspected to be behind some of the larger attacks (like the recect GhostNet that spied on the Dalai Lama, or the attacks on the electrical grid). While I'm not denying that this is a serious concern, I am concerned that the media is sensationalizing the issue, making it harder for the average citizen to separate the true concerns from the FUD.

On the one hand I'm glad that people are finally becoming aware of some of the issues surrounding cyber security, and hopefully they'll also put some resources behind it, but on the other hand I hate to see the lack, twisting, or misuse of facts used just to scare someone into doing what you want them to do. So those of you reading the news, take it with a grain of salt... the sky isn't falling, it's just a little rain (and the occasional tornado :). Those of you with enough knowledge and ability to write about cyberwarfare in an intelligent manner should take it upon yourself to write a factual interpretation of the events to offset the deluge of FUD coming from most major news sources.

Got something to say? Let it out! ]]> http://www.ryanwsmith.com/?feed=rss2&p=135 The Pheonix Rises http://www.ryanwsmith.com/?p=10 http://www.ryanwsmith.com/?p=10#comments Fri, 17 Apr 2009 21:59:06 +0000 admin http://www.ryanwsmith.com/?p=10 Got something to say? Let it out! ]]> http://www.ryanwsmith.com/?feed=rss2&p=10