This report identifies and analyzes the threat that electronic intrusion represents to the Public Switched Network (PSN), and it serves to update and expand upon the findings of the 1993 report with the identical title.
The threat that contemporary electronic intruders pose to the PSN is rapidly changing and is significant. As a result of their increasing knowledge and sophistication, electronic intruders may have a significant impact upon national security and emergency preparedness (NS/EP) telecommunications because more than 90 percent of U.S. Government telecommunications services are provided by commercial carriers.
The possible effects of the threat to the PSN include denial or disruption of service, unauthorized monitoring or disclosure of sensitive information, unauthorized modification of network databases/services, and fraud/financial loss. Each effect may disrupt or degrade NS/EP telecommunications services in the United States.
Traditionally, the electronic intrusion threat to the PSN has come from individuals exhibiting both surprising ingenuity and a penchant for self-promotion. In the past, electronic intruders from the computer underground have been motivated primarily by curiosity. These individuals have shown less concern about law enforcement and have spent more effort spreading vulnerability information among their peers. Law enforcement personnel have made substantial progress over the past several years in the detection and prosecution of computer criminals.
In contrast, the modern breed of electronic intruders from the computer underground appears to have different motives and techniques. What once was intellectual curiosity and a desire to understand the PSN is now being replaced by greed; electronic intruders are discovering that they can sell their services and skills. Although they display the same ingenuity as the previous generation, the new intruders also tend to be more technologically proficient, to use more sophisticated technology in their attacks, and to be increasingly active in their efforts to compromise the PSN.
Similarly, the identities of the electronic intruders have changed with the shifting domestic and international political and socioeconomic climates. Some foreign allies are reportedly using their intelligence resources to gather information by compromising electronic networks in the United States and elsewhere. Also, technical research concerning information warfare has been observed in 30 countries, and the capability to intentionally disrupt information systems as an information warfare technique has also been displayed by terrorists and anarchists.
At the same time, technological changes and market forces in the domestic telecommunications industry are fueling a trend toward increasing automation and downsizing of staff. Consequently, there are now greater numbers of current and former telecommunications employees who may be disgruntled than at any time in recent years. These individuals should be viewed as a potential threat to NS/EP telecommunications.
Identifying an intruder's group affiliation (i.e., member of the computer underground, foreign intelligence agent, industrial spy, insider) or motivation is difficult. Intruders from different groups may work together, which helps to mask the true motive behind specific attacks. It is also possible for an intruder to be a member of more than one group. Therefore, identifying the true motive of the intruder is difficult, if not impossible.
Intruders have compromised nearly all categories or types of PSN elements, including switching systems; operations, administration, maintenance, and provisioning (OAM&P) systems; and packet data networks. Also, intruders have regularly attacked all types of networks linked to the PSN, including carriers' corporate networks and private branch exchange (PBX) systems.
Intruders have demonstrated a great deal of skill in manipulating data networks. These skills become more notable as both government and nongovernment users become more reliant on networks such as the Internet. There is also concern by the NS/EP community that these skills may be easily adapted by intruders to attack other emerging data network technologies such as Asynchronous Transfer Mode (ATM) networks and Synchronous Optical Networks (SONET).
The potential impacts of the threat are as varied as the types of intruders. In the past, intentional denial or disruption of service on the PSN has not been a significant problem for NS/EP users. Rather, such service interruptions were caused primarily by individual intruders accidentally bringing down network elements. In the future, the possibility exists for orchestrated attacks on the PSN with the explicit intent of denying or disrupting service. This could result in significant degradations of the Nation's NS/EP telecommunications capabilities.
The possibilities for unauthorized monitoring and disclosure of sensitive information from the PSN pose an immediate concern to NS/EP missions. Specifically, they raise concerns regarding the sensitivity of information residing in network elements and databases. In the coming years, such information could become even more vulnerable than today due to the well-financed efforts of foreign intelligence services.
Finally, unauthorized modification of network databases/services continues to be a significant concern to NS/EP users. PSN intruders have demonstrated that they can add and modify user services, forward calls, and turn off billing on specific circuits. It is thought that this illegal modification of databases/services will continue to be a concern to both the PSN and NS/EP services in the future because such intrusions do not require large-scale technical resources.
Although all users of the PSN are at risk from these effects, the targeting of government services is considered to be high on the agenda of the electronic intruders. In the past, successful efforts to access E-911 systems have been highly publicized. Other targeted attacks have occurred, but have not received widespread publicity. Regardless of past incidents, the same electronic intrusion threat faced by nongovernment services threatens any government service that transits or resides on PSN facilities. This may have significant implications for NS/EP telecommunications planning.
The types of government and nongovernment services that generate the highest levels of concern for NS/EP users based on electronic intruder activities are as follows:
Access codes and other sensitive data stored by NS/EP services on vulnerable network elements
E-911 and other emergency response services
Systems that support DoD command, control, communications, and computers (C4) functions
Wireless services supporting government systems
Functions being performed through access to the public data networks
Unprotected voice and data traffic that are susceptible to electronic monitoring
Call detail records and other service-related information that are stored on vulnerable network elements
New telecommunications technologies that have not undergone adequate security testing (e.g., SONET, ATM, Cellular Digital Packet Data [CDPD], Personal Communications Service [PCS]).
In summary, the threat to the PSN, due to advances in the technology and sophistication of electronic intruders, is significant. The threat itself is changing due to the increasing number and variety of adversaries employing electronic intrusion techniques to target United States telecommunication and information systems. The results of electronic intrusions may have serious ramifications for both the PSN and the NS/EP telecommunications that rely upon it.