11-3: Hot to Fix and Not to Fix Vulnerabilities

In the introduction to “Cyberdeterrence and Cyberwar”, Martin Libicki states “Cyberattacks Are Possible Only Because Systems Have Flaws.” While in some sense this is true, it fails to distinguish between the different sources of these flaws. Libicki goes on to describe systems that behave contrary to their design, or that can be forced to do so. However, there are a large number of flaws in systems that arise from design-performance-security trade offs, regardless of implementation. The five vulnerabilities of the Internet that Richard Clarke analyzes in Chapter 3 of Cyber War exhibit this property. Specifically, vulnerability #4, the ability of the Internet to “propagate intentionally malicious traffic designed to attack computers,” is the result of nearly three decades of trying to achieve complete end-to-end design. A naive solution, deep packet inspection (DPI), involves reading the contents of IP packets as they pass through routers and filtering out any that are deemed malicious. Clarke notes that ISPs generally do not want to implement DPI “in part because it is expensive and can slow down the traffic, and also because of privacy concerns.” Even if we deploy DPI network-wide, attackers can disguise malware by encrypting it before sending it across the Internet, bypassing the filters. As a more concrete example, let’s quickly analyze e-mail spam. E-mail was designed to allow any message properly addressed to your account to be accepted and stored, a feature which spammers continue to take advantage of. The current solution is the use of ‘smart’ spam filters, which are sometimes even personalized. But imagine for a second Google filtered an e-mail before it ever reached your account, which it considered spam or malicious, but was actually a legitimate message. If the sender has no other way of contacting you (which probably isn’t the case, but makes more sense when dealing with machine-to-machine communication), filtering e-mail before it reaches your inbox would be a design failure. Though I don’t think we should allow all traffic to freely flow across the Internet, a solution, not just a patch, must be well planned out, and in my opinion, can only result from collaboration between security experts, systems designers, and policy makers. — Craig

2 thoughts on “11-3: Hot to Fix and Not to Fix Vulnerabilities

  1. I like your argument that many vulnerabilities come from trade-offs with performance, I think that really hits the nail on the head with issues like DPI. How do you think this argument comes into play with legislation such as CISPA? CISPA looks to allow the government greater access to users’ personal information through commonly used service providers like Google and Facebook. This is proposed with the logic that more free information sharing between the government and big internet players can help address potential cyber attacks from other countries via the internet. These large companies are under no obligation to anonymize the data they send to the government however, and can include such information as personal email correspondance. I’d be interested to hear the thoughts of the class on this bill: where do we draw the line between protection and privacy, and how is the cyber world different (or not different) from the physical world in that respect?

  2. One interesting feature of the Internet when it comes to combatting cyberattacks is that, though the architects of the Internet chose its design very intentionally at first, it has become its own creature, and the large scale infrastructural and architectural changes that you rightfully propose might be necessary are at best highly improbable under current political circumstances. It is strange that we created the Internet, and yet it can now be used to propagate harmful, anonymous attacks that we can’t seem to defend ourselves from.

    It is this architectural phenomenon that contributes to the concerns Craig and Patrick raise. All of our solutions to cyberattacks are inherently superficial in some sense, causing large tradeoffs and working by making superficial, surface changes to how Internet activity is conducted. I think this will remain the case unless cyberwarfare becomes seriously disruptive in a way that it has not yet.

    As for CISPA, I think it is an interesting discussion whether we should discuss it in the context of cyberwarfare or if it is a whole different more civil liberties-oriented issue.

Leave a Reply