SPAWAR Expert Discusses Getting Ahead of the Growing Cyber Threat

SAN DIEGO (NNS) -- The Navy must beef up its arsenal to protect today's warfighters from the growing menace of cyber attacks, said Kevin McNally, one of Space and Naval Warfare Systems Command's (SPAWAR) program managers, at a symposium Oct. 10-11 in San Diego.

A SPAWAR cybersecurity expert, McNally was the plenary speaker at the Securing Our eCity (SOeC) Cybersecurity Symposium. McNally oversees the acquisition of information assurance and cybersecurity solutions for Navy tactical networks.

"My goal is to move us more toward rapid detection and response," said McNally. "I want to stop cyber terrorists before they cause more damage, not fix the problem after the fact."

The two-day symposium brought together some of the nation's cybersecurity experts and key contributors to San Diego's cybersecurity community for a series of speaker and panel sessions on industry best practices.

"As a result of recent cyber activity, including Stuxnet and Flame, many more countries are preparing for cyber warfare," said McNally. "We spend a lot of money on prevention; we have to do that. We would be foolish not to. However, that course of action will not be 100 percent effective. We must also detect and respond in a rapid manner"

There are more than two billion Internet users worldwide. The Department of Defense (DOD) makes more than one billion Internet connections daily, passing 40 terabytes of data. DoD networks are scanned and probed on average six million times per day. McNally claims that the improvements in malware and toolkits, combined with the slow acquisition process for Navy technology, make his job of helping protect defense systems somewhat of a challenge.

According to McNally, more effort should be put into situation awareness and monitoring.

"We currently have signature-based detection systems, but modern malware has the ability to change its signature," said McNally. "We need to be able to detect anomalies in our network conditions, in addition to scanning for malware signatures. If we can do that, we can stop attacks as they are occurring and before much damage has been done."

Since 2009, supervisory control and data acquisition (SCADA) attacks have risen more than 1,000 percent. During Conficker attacks, more than 50,000 personal computers a day are attacked. The threat is real, pervasive and ongoing. As in the civilian world, the Navy continues to operate in a highly interactive environment regarding global networks, interconnected applications and services. To help combat the threat, the Department of the Navy routinely interacts with the other services, government agencies, allied/coalition partners, commercial organizations and universities to combat many of the security challenges in the world of networks and cyberspace.

McNally said it can be challenging to identify or classify a typical hacker because they can run the gamut from non-professional to nation-state sponsored hackers. Whether unintentional or malicious, the threat is never static and the complexity of today's systems and networks presents significant security challenges for producers and consumers of information technology, including the Navy.

The availability of programs that create malware, trojans and botnets can make anyone with unsavory morals and values and some technical acumen a prime customer for products aimed at infiltrating firewalls and bringing down systems. The reality is you do not even have to be an expert in cyber warfare. It is as simple as buying a toolkit said McNally and creating a targeted attack using something like ZeuS, a trojan horse crimeware product that enables hackers to steal banking information by keystroke logging and form grabbing.

The ease with which some hackers are able to wreak havoc on network systems is best exemplified in the ZeuS-based attacks against U.S. and U.K. bank account holders. In 2010, more than 30 people were arrested for their part in the attacks on financial institutions.

"In the case of ZeuS, you didn't even have to be an expert in cyberwarfare," said McNally. "For $3-4 thousand dollars, you could buy your own private version; a virtual network computing module cost ten. In the end, the ZeuS author earned a cool $15 million commission from licensing rights."

External attacks are greater in volume, but insider threats can cause more damage. An insider is more likely to be successful; bypass traditional security boundaries; know the organizations policies and procedures; and know where the most valuable information resides.

Cybersecurity is a serious issue for the Navy. McNally and his team are committed to building and supporting a strong and integrated computer network defense system.

"We're dedicated to continuous process improvement and are looking for ways to improve the acquisition of information assurance products and services for our warfighters," said McNally. "As the Navy's information dominance systems command, we do that by building new partnerships across government, industry and academia and by providing support to organizations like the eCity Foundation and today's cybersecurity symposium."

For more information, visit www.navy.mil, www.facebook.com/usnavy, or www.twitter.com/usnavy.

For more news from Space and Naval Warfare Systems Command, visit www.navy.mil/local/spawar/.