An Early Warning Predictive System for Knowledge Cities
Zaitun A. B.1 and M. S. Termanini2, Department of Information Science1, Fac. of Comp. Sc. and Information Technology, University of Malaya, Kuala Lumpur, Malaysia. Tel: +603 79676432 Email: zab@um.edu.my MERIT International Security Consultants, 1 Bloomfield Avenue, Newark, New Jersey 07104, USA Tel: +97336482255 Fax: +9734813985 rocky@termanini.com
Abstract: The rapid development of the Internet technology, complemented with other hardware and software advancements have contributed to the development of knowledge cities. In these knowledge cities knowledge repositories is regarded as the most valuable asset. Organizations within these knowledge cities have taken security measures to protect their information systems and their associated databases. Systems within knowledge cities are integrated and therefore information security should not only be the concern of individual organizations but be addressed as a national issue that requires a holistic approach to manage. In knowledge cities, we have knowledge repositories that facilitate both the private and public sectors to create, share, disseminate, nurture and use knowledge to develop products and services that add value and wealth. Millions have been allocated and spent on these knowledge repositories, but the question is; how secure are they from cyber attacks? Cyber attacks pose a serious threat to our critical infrastructure, and can paralyze our digital economy and can hamper the advancement of global collaboration and cooperation in all areas of human endeavor. Conventional security tools have made a significant impact on fighting malware, but they will not win the battle against Cyber attacks. In this paper we present our approach to combat cyber attacks on knowledge cities through an Early Warning Predictive System. The system uses Grid computing and autonomic computing. We first introduce the reader to the concept of knowledge cities its objectives and components. We then focus on the knowledge repositories and describe possible threats and attacks that they are exposed to. The focus of the paper is then directed to describing the early warning predictive systems architecture. To illustrate how the system will respond to a cyber attack, we describe a possible scenario. Finally we conclude with some recommendations that can be adopted by policy makers and the relevant authorities interested in developing and adopting an early warning predictive system to protect their knowledge cities.
1
�Keywords:
Intelligent cities, Cyber attack, Information System Security, grid computing, and autonomic computing 1.0 Introduction There is no question that the use of Information Technology (IT) in business, education, healthcare and governance presents major security challenges, poses serious ethical questions and affects society in significant ways. IT can be regarded as the main enabler of Knowledge Cities. The introduction of new technologies such as grid computing, autonomic computing, honeypot computing and the advancement in communications technology, namely the broadband, has triggered off the development of knowledge cities. The terms Knowledge cities and Intelligent cites have been used interchangeably. An "Intelligent City" is also sometimes called a Wired City, an Intelligent or Smart Community, or an e-City. Whatever we may call the phenomena; they are those cities that view communications bandwidth as the new essential utility, as vital to economic growth and public welfare as clean water and dependable electricity. Intelligent Cities view broadband communications and information technology as the new keys to prosperity. A knowledge city (KC) is defined as “a city that is purposefully designed to encourage the nurturing of knowledge" (Edvinsson, 2003). KC is one that searches for the creation of value in all its areas and develops high standards of life, cultural support and economic development, among other aspects. Compared to other cities in advanced economies, KCs invest significantly more of the community‟s income in education, training and research. A KC will typically exhibit the following characteristics; A city that has instruments to make knowledge accessible to citizens. A network of public libraries that is compatible with the European standards. Access to the new communication technologies for all citizens. All cultural facilities and services with a central educational strategy. A city that has a newspaper- and book-reading level that is similar to the average European level. A city that has a network of schools connected with artistic instruction throughout its territory. A city that is respectful of the diversity of cultural practices of its citizens. A city that places the streets at the service of culture. A city that simplifies, through the provision of spaces and resources, the cultural activity of the community collectivities and associations. A city with civic centers that are open to diversity and that foster face-to-face relations. A city that makes available to citizens from other territories all the tools required for them to express themselves. There are already several cities across the world that identify themselves as a knowledge city or have strategic plans to become one (KBD, 2007). The activities in a knowledge city will very much be dependent on the efficiencies of information systems to manage its commercial, administrative and social activities of its community. These information systems are said to be mission critical. These mission critical systems are automated
2
�systems that are essential to the organizations in the city to complete required legal obligations or legislatively mandated business functions. If any of the systems fail to function properly, the health, safety, or financial well being of the citizens could be jeopardized. These mission critical systems include systems that are responsible for the administration of benefits to the public, the exchange of data with other governmental jurisdictions and business taxpayers. It is therefore imperative that the security of these mission critical systems be guarded seriously. The Internet has made many positive things possible and at the same time it has been abused by hackers to commit cyber crimes. Hackers have launched cyber attacks on computer systems and have paralyzed mission critical systems before. The Institute of Security Technology Studies (2007) defines cyber attacks as computer to computer attacks that undermines the confidentiality, integrity or availability of a computer or information resident on it. The next question that comes to mind is; 'How vulnerable are we to a cyber attack?' Nash (2004) pointed out that Cyber attacks target IT in three different ways: A direct attack against an information system 'through the wires' alone (i.e. hacking) A physical assault against a critical IT element. An attack from the inside as a result of compromising a trusted party with access to the system. The Computer Emergency Response Team (CERT) at Carnegie Mellon University, stated that the number of incidents of cyber attacks reported in 2002 have increased 20 fold than what was reported in 1998. Security is everyone's business and therefore the responsibility of maintaining computer security should not be entrusted to the IT division/ department only but the whole organization. Teenage hackers, industrial spies, corporate insiders, agents of foreign governments and criminal elements are potential parties that can launch cyber attacks. How can we protect our mission critical systems in knowledge cities? What defense mechanism can we use? The next section focuses on the idea of a smart vaccine to counter cyber attacks. 2.0 Information Security Threats and Attacks A cyber attack is an anonymous and unauthorized attack triggered from Internet. Cyber attacks pose a serious threat to our critical infrastructure, and can paralyze our digital economy and can hamper the advancement of global collaboration and cooperation in all areas of human endeavor. Conventional security tools have made a significant impact on fighting malware, but they will not win the battle against Cyber attacks. Reavis (1999) suggested that on the whole, cyber attacks are still unsophisticated becau se it lacks the massive coordination of military operations and are instead the actions of a single operation or a small group. By using compromised servers in different time zones as launch points, they sometimes appear to be more coordinated than they really are. The hackers do not show a lot of talent in exploiting Internet servers. They are not developing their own exploits but are simply running preprogrammed exploit code and often do not understand the technical details of what they are doing. Social engineering has been
3
�identified as an important element of security exploits. Increasingly, virus authors are not only writing elegant codes, but are spending more time on the human side of the equation and are getting better at finding ways to exploit a user‟s trust. In future cyber attacks, we can anticipate a more coordinated attacks using the distributed computing model. The power gained by harnessing thousands or even millions of CPUs creates the ability to crack keys and overwhelm e-commerce websites with denial-ofservice attacks. We will also see more sophisticated social engineering. Viruses developed will target specific industries and companies. We will greater involvement in cyber attacks by foreign governments and traditional criminal organizations. Information warfare is simply another means to gain political and financial advantages. As the course of history shows, all means are used once they are understood. In the wake of September 11, devastating terrorist attacks against the World Trade Center and the Pentagon, the US security experts are debating not only whether these attacks will continue, but also whether they will spill over into cyberspace (Weisman, 2001). Everyone remembers the highlights of history on Pearl Harbor. On December 7, 1941, one of the largest American military defeats occurred. An entire naval fleet was destroyed; thousands were killed, all before 0900 hours on a Sunday. The US did not have any knowledge of this attack, partially because of ignorance. The Japanese attack on the US naval base of Pearl Harbor was a classic case of “It will never happen to me!”.. The electronic Pearl Harbor is what could happen again, but this time the attack will be on Internet. The attack will be launched from some unknown location in cyberspace (Isenberg, 2000). Our critical infrastructure that needs protection will include: Another form of attack is what we term as the “Virus Rain”. It is a fictitious scenario but the technologies behind it are real. Such an attack should never happen, but it could happen. Even if it did, we should be able to stop it with a robust immune system. Virus Rain consists of a shower of hundreds of thousands of smart viruses launched from an unknown location and destined to systematically paralyze with massive potent payloads, many of the critical infrastructures in the country. 1. Energy generating plants 2. Water treatment plants 3. Agriculture and Food processing plants 4. Information and Telecom 5. Government 6. Public Health 7. Emergency Services 8. Transportation 9. Defense Industries 10. Banking and Finance 11. Chemical Plants 12. Postal and Shipping 13. Schools/Academic Research
4
�What we need is an early warning predictive mechanism to alert critical systems of the incoming danger. This mechanism can act as a radar system, issuing warning when illegal intrusion is detected. In the next section we describe our proposed solution to develop an early warning predictive system. 3.0 The Architecture of the Early Warning Predictive System (EWPS)
The architecture of EWPS is simple yet very strategic. The main components of the system are: a grid of real-time raw-data trappers and collectors, a versatile knowledge engine to develop hacking patterns and analytics and inoculation models, a decision workflow constructor to draft the best route for the vaccine, a vaccine prescriber and assembler, and finally a dispatcher. Figure 1 describes the components of the EWPS. The Trapper: A grid of mock-production servers are set up to attract hackers, where all their attack activities are monitored, and logged. All scripts, exploits, Trojans, and virus codes are quarantined and analyzed. Hackers are also profiled and added to the most wanted list. The Collector: A real-time tagging platform that will collect and tag relevant entities, profiles, and events about all attacks on trappers. Other intelligence information on past cyber crime episodes will also be gathered from other sources will be filtered, tagged, indexed, and parameterized.
Trapper1 Trapper2 Trapper3 Trapper4
The Collector
Knowledge Engine Vaccine Generator
The Dispatcher
Critical Infrastructure and Systems
The Smart Vaccine’s Early Warning Predictive System
Figure 1: Components of the EWPS The Knowledge Engine: It is the brain of EWPS. It models the logic and behavior of cyber crime experts and predicts complex outcomes based on patterns and collected intelligence data, and previous cyber crime episodes. Call it “reverse-engineering 101”
5
�where hacker‟s ingenuity is decomposed to its atomic level, re-assembled into an intricate component of Early Warning Predictive System (EWPS). The best counter-attack “Smart Vaccine” is prescribed and forwarded for assembly to the Vaccine Generator. The Virus Generator: A potent component of the Early Warning Predictive System, which provides a full visual workflow on how to deploy the anti-hacking “Smart Vaccine.” Screens are dispatched in real-time mode to the production system administrators. The Dispatching Engine: A sophisticated visual “911-like” workbench shows detailed maps and topologies of the entire network. The dispatching engine gets an early cyber attack signal, which gets routed to the knowledge engine and the proper workflow is processed and sent to the target system. The Smart Vaccine is then at work. 4.0 The Smart Vaccine The Smart Vaccine approach is based on our amazing human body immune system. The same concept is replicated in order to “immunize” completely any critical infrastructures or mission-critical enterprise system. Another amazing defense model is a nation‟s offensive military superiority, where detailed information about enemy positions, logistics, supply movements, and attack habits is complemented by incredible intelligence systems. By mirroring these two strategic defense systems, the Smart Vaccine will offer a real-time immunity to any critical system at the highest level. The Smart Vaccine is not a smart vaccine, the engineering behind it is. No science will ever conquer a disease or solve problem without reverse engineering it. If we go back to the basics and review how the human body fights disease, we conclude that immunity is defense by offense. There is a striking similarity between cyber attack and body disease. Both are pathogenic agents that sneak unexpectedly into infrastructure and internal systems, creating genetic and nutritional disorders, toxic agents, and spreading physical damage. All we know is that the human body immunity is the only robust barrier that protects us from falling at the mercy to ruthless invisible organisms. Leveraging the medical knowledge that leads us to immunity vaccines, we could follow the same trail to launch a new chapter in enterprise systems immunity. The Smart Vaccine is more than the sum of its parts. The Smart Vaccine is the intelligence behind the Early Warning Predictive System (EWPS). We have, for example, intelligent network of computers that carry their own paramedic modules that fix defective parts on the fly and evade disastrous crashes. Launching the proper vaccine, based on predefined alert analytics and decision workflows, to inoculate critical systems before attacks is the only way to prevent a disaster and maintain business continuity. It is an interactive closed-loop, self-balancing, knowledge-processing system that detects and predicts the occurrence of a cyber attack. Figure 2 describes the components of the Smart Vaccine
6
�Reasoner
Actuator
Paramedics
Outcome
Components of the Smart Vaccine™
Figure 2: Components of the Smart Vaccine 5.0 A scenario from the EWPS
Our nation‟s offensive military superiority is complemented by incredible intelligence systems about enemy positions, logistics and supply movements, and attack habits. All this intelligence information is collected and transformed into knowledge “views” about the battlefield. The same technique is being implemented in EWPS to deter and nullify attacks, and at the same time increase the immunity of critical infrastructures and system against cyber attacks with the help of the Smart Vaccine. Figure 3 describes a scenario from EWPS. There is a great concern with potential for terrorists to use the Virus Rain™ attack on our critical infrastructure and systems such as Power grids, the Water system, hospital systems, metro systems and other crucial computer-driver distribution systems. Cyber attacks are usually followed by physical attacks. To win the war on cyber terrorism and crime requires an EWPS which addresses two critical issues: First, an early warning alert to increase the preparedness of the public, the government, and private business. Second, Inoculate critical systems with the Smart Vaccine in case of a surprise intrusion or stealth attack.
7
Navigator
Performatives
�Fingerprint Trapper
Booby-trapped Hacker
Crime Space Attack is nullified
Intelligence Collector
Attempted Strike detected Match Symptoms to template
Hacking Analytics
Vaccine Knowledge Engine
Surveillance Systems
Send Attack Log to Knowledge DB
Attack Log
Early Alert Dispatcher
Offensive Security Systems
Defensive Security Systems
Vaccine Generator
Generate Workflow
Vaccine Dispatcher
Dispatch Vaccine Inoculate Systems
Vaccine Dose
Workflow Charter Workflow Charter Workflow Charter Workflow Charter
Enterprise Systems
How The Early Warning Predictive System prevents Cyber Attack
Figure 3: A scenario from EWPS. We start our scenario with an attempted attack from some unknown location in cyber space. This attack is caught by one of the trappers on the trapping grid. The attack object is quietly intercepted by a stealth hacking logger. The attacker completes the “scouting” process and leaves for the next step. Meanwhile, Information is collected and sent to the collector for assimilation and conversion to an intelligent structure. The next destination is the Knowledge engine, where information is converted into a complex interrelationship analytical document prescribing the proper vaccine for the upcoming attack. An alert has already been sent that a vaccine is on its way. The Vaccine Generator starts acting on the prescription and assembles the vaccine. A stealth wrapper prepares the vaccine to be dispatched to the target system. At the receiving end, the defensive security system inoculates all the critical applications with the Smart Vaccine. The offensive systems get ready to destroy the attack. More importantly, all system logs and event workflows about the inoculation are routed back to Knowledge Factory for analysis and re-engineering. This makes the Smart Vaccine more smart and potent the second time around. 6.0 Discussion and Conclusion It is the pride of every government to be able to develop first class infrastructure to its country and citizens. These infrastructure needs to be protected from possible threats and danger that could cripple its operational functions. Knowledge cities/ intelligent cities are exposed to such cyber attacks, the electronic Pearl Harbor and cyber rain attacks and it is only wise that a proactive approach be taken to protect their mission critical systems.
8
�In this paper we have described the architecture of our proposed solutions to build an early warning predictive system to protect knowledge cities. The project is huge and has many challenges. For a successful implementation of the system, we proposed the following approach; • • • Get sponsorship for the development of the system. The most appropriate will be the Technofund under the Ministry of Science, Technology and Innovation. Approach Potential Technology Partners to implement the system Approach potential user (with mission critical systems) to install and test the system and measure its benefits.
Like any other huge IT projects, this proposal will also require a champion and the political willpower to be implemented and succeed.
References: Edvinsson, Leif ( 2003), The Knowledge City, Available at : http://www.bcn.es/accentcultura/angl/webang.doc , last access date: 15 January 2007. KBD (2007), Available at : http://www.knowledgecities.com/kbd_initiatives.html, last access date: 15 January 2007. Institute of Security Technology Studies (2007), Institute of Security Technology Studies, Dartmouth College, USA. Available at : www.istc.dartmouth.edu/library/cai0503.pdf, , last access date: 15 January 2007. Nash E. (2004), 'How Vulnerable are we to a cyber attack?', Computing, 15 April 2004. Available at: www.vnunet.com/computing/features/2072400/vulnerable-cyberattack, last access date: 15 January 2007. Weisman R. (2001), „Prepare for 'Electronic Pearl Harbor', NewsFactor.com, September 12, 2001, Available at: http://www.newsfactor.com/perl/story/13479.html, last access date: 15 January 2007 Isenberg D.(2000), „Electronic Pearl Harbor? More Hype than threat‟, available at http://www.cato.org/dailys/01-03-00a.html, last access date: 15 January 2007
9
�