bbkirk@intrepidnetcomputing.com


Rapid Response in a CyberSecurity Emergency: dealing with faulty technology while rapidly improving security

Announcements

More recent announcements will be at the top. This information is organized similar to the notes for a college course. Dr. Kirkpatrick will endeavor to date each announcement and use bold/italics to indicate the most important ones.

Organization

Disclaimer: This content is the result of my having survived several emergencies of varying effect sizes. Most of these ideas are rules of thumb, and not canned answers. As in any emergency your best outcome will be if you keep calm, consider many options, and flow from plan to backup plan as required. Always use your best judgment, clearest logic, and all your people skills.

Disclaimer: I do not claim to be the only contributor. I might be the individual who has typed these pages and who updates them. However, I have accessed the wisdom of the crowd and my respective communities while I write.

Disclaimer: I am not a security expert. Nor am I a first responder. The infromation presented was gathered in the attempt to pursue non-security research and protect my own health.

The primary audience of this tutorial is people live in, travel to, or travel from an area with greater cybersecurity risk than other places.

Here, we take a holistic view on cybersecurity by considering the security of the user, their health, and their machine. This means that health care, emergency planning and physical security are crucial. Additionally, security is a continuum from more to less secure, and it should not be viewed as a false dichotomy.

We are all responsible for security. Please respect your communities as much as possible. Please understand that there are no guarantees with cybersecurity, as Turing long ago proved that the halting problem is undecidable, meaning there is no algorithm that can tell you whether an arbitrary computer program will ever stop running. This means that computer code cannot be verified, and that security exists on a continuum in which there are no absolute guarantees.

Emergency Basics: tailored for South Florida

  1. Water
  2. Food
  3. Shelter
  4. Communication
  5. Technology
When in doubt, rely on word-of-mouth communication. Trust your senses and observe your surroundings. Many pets can serve as sentinel animals, i.e. if they drink the same water as you, you might observe water quality issues faster if you notice that your pet stops drinking and eating.

Some of the hardest emergencies are on-going emergencies that seem to have no beginning or end. In these cases, people do their best to carry on with daily life while protecting their family and helping their neighbors.

In any cyber emergency, the safest forms of communication are the old-fashioned ones, roughly in the following priority order: word-of-mouth, postal mail, analog telephones, cell phones, email, radio, static web pages (i.e. this one), dynamic web pages (i.e. wikipedia). Please keep in mind that an emergency may not be officially announced or officially coordinated. As always, use your best judgment.

Keep in mind that the authorities may be too busy with their local situation to properly announce an emergency or to coordinate a response. In these cases, crowd sourcing both the alert and the coordination will likely provide the most rapid response. This crowd-sourcing method is typically chosen for dealing with cybersecurity.

For crowd-sourcing to work properly, everyone needs to make independent choices and find independent solutions while continuing to work with the community for the betterment of all. Describing and quantifying such an approach has deep connections to complexity theory, statistical physics, and dynamical systems. Suffice it to say that while we cannot yet mathematically analyze these systems, many researchers think that these approaches provide the most rapid response. Basically, keep doing what you are doing. The rest of us silly academics like to talk about what other people just do naturally.

In a cybersecurity emergency, one would need to watch out for:

  1. food/water distribution errors
  2. systematic health errors
  3. fraud
  4. identity theft
  5. theft
  6. panic
  7. other technology errors

In a cybersecurity emergency, having a compromised computer is like holding a loaded gun; it could go off at any moment. Compromised computers can be used to incite fear, carry out crime, and induce technology errors. All of these could add up to cost the economy billions of dollars.

As a responsible computer user, we should each be aware of the major vulnerabilities in our lives and know the various recovery options. A large portion of exploits involve social engineering, so it is important to discuss the vulnerabilities of life: health, physical security, and cybersecurity. For each vulnerability, we should be aware of multiple solutions, share brainstorming with friends, and independently choose the best solution for ourselves.

It is possible that there is a natural upper limit on the number of devices that a single person can both keep secure and use. As responsible computer users, we need to be responsible for the security of every computer we use: laptop, cellphone, car, wireless router, smart-appliances, calculator, watches, elevators, etc. We should also be aware of power consumption (i.e. a boosted wireless signal requires a great deal of power), as being responsible users of the environment also heavily relates to cybersecurity.

This tutorial will focus explicitly on personal computers, as these are often considered the most secure of the various devices that I have listed.

Goals

This is a graduate-level tutorial in computer science. You are assumed to begin the tutorial with a less-than-secure life and machine that has data that you would like to save. You will hopefully end the tutorial with more health and a clean(er) machine that still has a copy of your data.

All attendees are expected to contribute to brainstorming vulnerabilities and solutions. All attendees are expected to share openly with the goal of learning the skills to improve their cybersecurity while also working with the community to improve the cybersecurity of the local infrastructure.

Please judge your own progress in the tutorial. If you manage to improve your health, to save your data, clean your computer, and keep your computer clean during routine use and updates, you will have satisfied the requirements of the tutorial. Accomplishing this may require learning which doctors can treat you without relying on computers, which networks you can get trusted updates from and the vulnerabilities of various backup options.

Anyone who discovers a city infrastructure problem should alert the authorities. Any one who discovers a vulnerability in the health care system should alert their doctor. Any one who discovers a network vulnerability should alert the local network administrator.

The major operating systems that we discuss will be Linux, BSD, and Mac OS X as these are all variants of the UNIX operating system. If someone starts a web-page discussing Microsoft Windows, I can post a link.

Pre-requisites

Some background in computer science is advised. In particular, background in algorithms, operating systems, networks, and systems administration would be helpful. For any students not having background in these areas, they are expected to learn the necessary material to keep pace with the tutorial. Since the tutorial is self-paced, it is open to learners of all backgrounds. Please remember to use all your learning tools: conversations with other students, conversations with faculty and other professionals, online resources, printed books, research papers, etc. All the faculty, IT people, and community professionals have invaluable experience on these topics.

Tutorial Content

This tutorial will be delivered entirely online. As this is a graduate class, students are expected to do the homework assignments on their own. The only subjective grade that will be given is the success each student obtains by improving their own health, security and the community's security.

Note: The professor is currently dealing with health and security issues, and will endeavor to deliver the tutorial content in a timely manner, subject to the availability of computers secure enough to post the content. Students are expected to participate in a similar manner. This tutorial works best if no one person is 'the expert' and everyone contributes their best ideas and best solutions that work for them. This web-site should not be considered a single-point of failure (which is a major security vulnerability), and all student are expected to promote distributed coordination in person and "on the ground".

Topics of Discussion

  1. Acknowledgments
  2. Philosophy and Politics
  3. Health options
  4. Physical security
  5. Financial security
  6. First response
  7. Relief workers
  8. Containing a compromised computer
  9. Psychological attacks (a.k.a. social engineering)
  10. Cyber attacks
  11. Main work-around is OS reinstall
    1. Backup options (USB, fixed media, thunderbolt, firewire, NAS, etc)
    2. Recovery media for OS (USB, fixed media, network, etc)
    3. Computer Configuration and Firewalls
  12. Network Configurations
  13. Major Vulnerabilities:
    1. Passwords (computer accounts and internet accounts)
    2. Encryption
    3. Trojans & Worms (network and USB)
    4. DNS & safe installs/updates
    5. Watering holes

Expectations

In keeping with the emergency basics, everyone is expected to look after their health first. Remember that graduate students should have access to medical and dental insurance. As your health allows, please contribute to the rest of the tutorial. All of us will follow this rule, including the professor.

Should the professor be unable to continue delivering content, the students should form their own community and continue in the spirit of the tutorial. A good way to form this community would be for the students to meet during the regular scheduled tutorial time, and discuss their progress. If the professor is able to meet during any of the scheduled lectures periods, they will announce this on this web site.


© 2015, 2016, 2017 Intrepid Net Computing. All rights reserved.