Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/1283033
be much wider than what has traditionally been considered acceptable in terms of collateral damage. Furthermore, best practices in the com- puter industry demand that systems are updated in a timely and regular way to ensure that the systems are current across an organization's entire scope. Organiza- tions (the military being no exception) seek to minimize high software/hardware maintenance costs by exploiting as much homogeneity as possible in their deployed systems because this simplifies and stream- lines the updating process so is often a requirement in the procurement decision. However, this homogeneity also means that a cyberweapon meant to exploit a vulnerability found in one system can also attack other systems in the organization that have the same vulnerability. Unintended consequences potentially impacting the attacker: A cyberweapon is generally victim-agnostic, so it is just as threatening to the attacker's cyber-systems as it is to the victim's. The question of how to deploy a cyberattack that cannot subse- quently impact on your own systems is an open one. To consider how this might be addressed we consider a number of options: • Explicitly identify which machines will allow the cyberattack to be performed. It is extremely difficult to identify the victim's machine and to ensure that changes in hardware do not disable the efficacy of the attack. This "white list" approach, which specifies where a cyber- attack is allowed to occur, is not feasible in a cyberwar scenario. The alternative is a "blacklist" that states where the Most cyberweapons have a virus-like nature to them where they seek to infect as many systems as possible to maximize their impact. cyberattack is not allowed to execute. This will only work if a complete list of all of the attacker's assets could be pro- duced and could then be deployed with the cyberweapon to limit its functional- ity. • Protecting the attackers from their own weapons. This essentially requires an update to the attacker's vulnerability to the cyberweapon. This can be done in two ways: 1. Use the appropriate vendor's update mechanism: The mechanism is likely to be the only truly universal way to update all of the potentially vulnerable systems within a state's critical infra- structure. However, the solution is, by definition, universal, so it would be nearly impossible to convince a vendor to selectively update specific systems to a particular vulnerability. In fact, this would likely lead to a very expensive lawsuit for the vendor if it knowingly left vulnerabilities in software that it sold to its customers, so there would be virtually no incentive for a vendor to do so. 2. Secretly update all of the attackers' own systems' vulnerabilities: Since the attacker knows the vulnerability, de- veloping a patch would likely be pos- sible, if not straightforward, even if it required some reverse engineering of proprietary software. Assuming, for the moment, that this is possible, the question of how to distribute the patch to only a single organization in a con- fidential way is critical. If such a patch was to become known, any potential victims would likely immediately seek to determine how to protect their own systems. Even if they were not aware that a cyberweapon had been deployed on their system, the desire to patch their systems would be extremely high and, once accomplished, it would dis- able the attacker's cyberweapon. • Protecting the attacking state's non-mil- itary infrastructure. The cyberweapons are exploiting vulnerabilities that also exist in "everyone's" systems. All public and private organizations and their infra- structures have an important stake in the use of any cyberweapons. No state will want to deploy a cyberattack that quickly comes back and shuts down key national institutions, such as banking systems, financial markets, transportation and power systems, non-military communi- cation systems, etc. Finally, consider the challenge of disman- tling a cyberweapon. Several issues must be considered: • If a cyberweapon has been deployed but a decision is made to withdraw it, a key question is: Can these deployment sites be accessed again? It is unlikely that a cyberattacker would be willing to notify the victim about the latent weapons bur- ied within its system, so the only way to remove it is to once again get access to it. One potential solution would be to send the victim a "friendly patch" that the attacker strongly encourages them to apply, but this will likely raise suspicion, at best, and could lead to the need to deploy the cyberweapon anyway because 28 AUGUST/SEPTEMBER 2020 www.vanguardcanada.com CYBER