2nd Australian IW and CS Conference
November 29-30, 2001, Perth, Australia
Review by Vernon Stagg
March 17, 2001
2nd Australian IW and CS Conference Pre-Conference Seminar
Prior to the conference official, the Centre for Information Warfare held a two-day hacking seminar (Hacking 101 and Hacking 102) hosted by Tim Rosenberg of Whitewolf Consulting. Tim provided an entertaining two days, with a mixture of technical and high-level information, along with a number of hands-on exercises. He presented slides concerned with legal, managerial, criminal, physical, national, and international issues. Some of the exercises included sniffing the network, email bombing each other (a popular event!), and capturing network traffic. All the tools used were publicly available hacker tools, and showed many of the attendees the ease with which many hack attacks can be carried out.
2nd Australian IW Conference
The 2nd Australian Information Warfare and Security Conference took place in Perth, Western Australia at the Hotel Rendezvous Observation during November 29-30, 2001. The theme for the conference was "Survival in the e-conomy" and attracted a broad range of speakers, attendees, and participants.
The 2nd AIW conference opened with an introduction by Bill Hutchinson, followed by a keynote presentation from Paul Schapper, Director General of the Department of Industry and Technology, WA. Paul discussed issues of risk, poor security controls, and the high cost of cyber crime ($3 trillion worldwide). He discussed a number of initiatives for dealing with these issues, including the C4IW Centre, GovSecure services, and the role of government in developing, strengthening, and maintaining security issues within Western Australia.
Winn Schwartau, well known IW proponent and maintainer of infowar.com, began the next address by warning us to consider all unknown attacks. He pointed out the government think they know what IW is, base their doctrine on Information Operations (IO), assume a known and expected enemy along with a fortress mentality. Winn then went on to raise a number of important questions relating to IW, being: What factors determine IW; Is an attack an attack; Where is IW on the conflict spectrum; What is an appropriate response; Is IW escalatory; Global issues of borders, international attacks and empowerment; Battle damage assessment issues; Homeland defence; Rights of the private sector in active defence; and Is Infowar War?
Following these addresses, a number of parallel sessions were held. Summaries are provided where possible.
Ian Martinus, Edith Cowan University (ECU), presented "Small Business in the New Battlefield: Government Attempts at Providing a Secure Environment".
Timo Vuori, Murdoch University, presented "Virus Infection: The People Problem".
Greg Robins, ECU, presented "e-Government, Information Warfare and Risk Management: An Australian Case Study". Greg outlined five objectives of the WA Government's security management objectives: Authorisation, Availability, Confidentiality, Integrity, and Non-repudiation. These are based on three levels of control. Level 1 is basic in-house information security practices, Level 2 is protection of information systems, and Level 3 is transmission protection. A security controls matrix was developed to outline these controls with appropriate descriptions and implementation methods. Greg then followed on with a case study of the Department of Sport and Recreation's se curity restructuring according to this matrix.
Mark Williams, ECU, presented "The Need for In-depth Cyber Defence Programmes in Business Information Warfare Environments"
John Fawcett, University of Cambridge, presented "On Wireless Network Security".
Nick Lethbridge, ECU, presented "Impact of Information Warfare on Business Continuity Planning".
Tyrone Busuttil, Deakin University (DU), presented "Intelligent Agents and Their Information Warfare Applications".
John Fawcett, presented "The Autonomous Locksmith".
Craig Valli, ECU, "Automaton Hackers - The New Breed". Craig's presentation was based on a scenario to detect a company's network vulnerabilities and the efforts required to reduce them or remove them. The first step was to conduct a Target Identification diagram, which showed two primary systems for attack. Following construction of an attack tree, a number of attacks were developed using information and tools available from the Internet. Port scanners and sniffer daemons were used to find open ports and various IP addresses. From a series of attacks (internal and external) it was found there was no POP3 or SMTP encryption, many passwords were common dictionary words, and an administration password was obtained. Following this effort a number of recommendations have been implemented to provide, or strengthen existing, security measures.
Christopher Lueg, University of Technology, "Towards a Framework for Analyzing Information-level Online Activities".
Shu Wenhui, Nanyang Technological University, "In-depth Analysis on Web Server Behavior".
Dragan Velichkovich, ECU, "Using the Techniques of Internet Advertising for a Perception Offensive in Information Warfare". Dragan proposed how the Internet could be used as a medium for Offensive IW. He compared broadcast (one-to-many) to narrowcast (one-to-one and interactive) and issues of privacy and customer profiling. Discussing Perception Management (PM), he compared the military's use of broadcast (radio, print, TV) to some methods used by traditional advertising agencies. Dragan identified that PM as a methodology in IW is not fully utilised or effectively instigated, especially with new technologies emerging.
Lars Nicander, Director of the National Office of IO/CIP Studies at the Swedish National Defence College, presented "Information Operations - A Swedish View". Lars discussed the Swedish initiative for Critical Infrastructure Protection. He discussed the taxonomy developed using a top-down approach, and numerous issues faced including policy development, organisational structure, protection, structure and responsibility. Also addressed was the forthcoming implementation of issues raised in a 1999 Swedish Report and White Paper on defence.
Charles McCathieNevile, World Wide Web Consortium, "An Intelligent Agent-based Security Management Architecture for Enterprise Networks". Charles presented an agent-based approach to security and detection. He looked at networks and their increased complexity and features. The need for new solutions to deal with dynamic networks and systems and their evolving security needs was identified. Required characteristics for such solutions include distribution of activity, autonomy, and communication and cooperation. This can be provided through the development of a multi-agent system for security management with high -level policies to determine actions and events.
Terence Love, ECU, "Designing Information Security in Small Businesses: A Qualitative & Quantitative Case Study".
Peter Goldschmidt, University of Western Australia, "Dataveillance and Compliance Verification. Knowledge Management of the True and False Positives".
Wei-Chi Ku, Fu Jen Catholic University, "ID-Based Key Distribution Protocols for Mail Systems". Wei-Chi began by reviewing existing key distribution protocols and the dispatchment process of secret keys, either centralised or distributed. An ID-based system does not require public key certificates and may be interactive or non-interactive. Security issues with existing protocols was outlined, and then it was shown how the proposed protocol addressed these issues, through the use of a formula that to compromise would be equivalent to the discrete logarithm problem.
Lorraine O"Neill Cooper, ECU, "Weaving the Tangled Web - Deception on the Internet, A Travellers Tale?" Lorraine's presentation focused on IW in the travel industry. Based on a preliminary study she developed 3 classification levels: Camouflage atack (perception management), Showing the False (false information, photographs, dishonesty), and Suspect a Scam (online criminals). She stressed the distinction between deception and perception and also pointed out the lack of laws on copyright.
The closing session for this day was Winn Schwartau's discussion on Time Based Security. Winn discussed the shift from unidirectional to bidirectional security issues and the cold war mentality of security models (fortress). Some of the modern needs for security include: simplicity, offer utility, be methodological, quantitative, replicable, and mathematical/provable.
Kim Forrest of ISA Technologies opened the second day discussing the role of ISA and its links with industry and academia. Kim described ISA's development of the Communications Technology Centre in 1998 and the recent Centre for Information Warfare in 2001.
Helen Armstrong, Curtin University, "Denial of Service and Protection of Critical Infrastructure".
Vernon Stagg, DU, "A Business Information Infrastructure". My presentation, based on a model of the National Information Infrastructure for providing IW defense.
Shermin Voshmgir, Vienna University, "Hackers: Criminals or the Drivers of Open-source?".
Craig Valli, ECU, "NIDH - Network Intrusion Detection Hierarchy - A Model for Gathering". The NIDH is a defence mechanism to allow rapid exchange of attack intelligence. It is able to gather attack intelligence from a variety of dispersed hosts and the information stored in RAM as well as hard storage. PKI is used to increase authenticity and the integrity of packets.
Jill Slay, University of South Australia, "Culture and Sensemaking in Information Warfare".
Senthilkumar Krishnaswamy, Arizona State University, "Stateful Intrusion Detection System".
Steve Fall, ECU, "The Role of Security Standards in Electronic Business". Steve looked at the diversity of security products and the need to extend security to all business areas as well as incorporating security awareness into a companies policy and procedures. He compared the ISO17799 and Common Criteria to the TOGAF (a methodology and supporting tools for defining open IT architecture).
David Maguire, ECU, "Desktop Warfare in the Data Gridlocked Information age". This discussion looked at the growth of available information, the democritisation of data, and information overload. David pointed out how this overload of information creates a strategic advantage for competitors especially with reduced time for decision making. In the security sector agencies are trying to cope with too much information, too many targets, and technology that is too sophisticated.
During the lunchtime break Winn Schwartau regaled us with his "General Abdication Rule". This looks at how control has been lost and the need to determine who is in charge. In looking at solutions to this Winn proposes a return to the '2 man rule' along with Time-based security.
Jack Davey, Assistant Director Defence Security Authority, presented an afternoon keynote address on "IW: Another Asymmetric Threat". Jack began by outlining the roles of a number of Australian Defence Departments. He then looked at the ability to handle an incident when it occurs, the issue of operational decisions, how to train IW defenders, and the issues of threat assessments. He discussed problems with traditional measures, considered current trends, and outlined points for required thinking.
Matt Warren, DU, presented on behalf of Steven Furnell, University of Plymouth, "The Problem of Categorising Cybercrime and Cybercriminals". He looked at the increasing problem of cybercrime and how the nature of this activity has changed. By considering a variety of categories of computer crime, Steven has developed a taxonomy to help define cybercrime and develop a standardised set of names and definitions.
Colin Armstrong, ECU, "Security Culture as a Defence Against Information Warfare"
Vernon Stagg and Tyrone Busuttil, DU, held a workshop "The Implication and Impacts of Information Warfare in a Commercial Environment"
Matt Warren, DU, "A Duality Security Risk Analysis Method for E-commerce"
The final session of the conference was an entertaining workshop held by Winn Schwartau based on his popular "Cyber Survivor Game".