1.0 INTRODUCTION

Section 1.0 identifies the background related to this report. This section outlines the purpose, scope, sources of information, and organization of this report.

1.1 Background

In 1989, the National Research Council (NRC) prepared the report, Growing Vulnerability of the Public Switched Networks: Implications for National Security Emergency Preparedness. One of the conclusions of the report is that "as network software becomes increasingly accessible, the potential increases for hostile users to disrupt the public switched networks." (NRC89) The report also noted that the shift toward software control of network elements and functions has exposed an increasing number of software-related vulnerabilities.

The NRC report spurred other efforts to address the electronic intrusion threat to National Security and Emergency Preparedness (NS/EP) telecommunications. In 1990, the Network Security Task Force (NSTF) of the President's National Security Telecommunications Advisory Committee (NSTAC) conducted an assessment of the electronic intrusion threat. The report identified the employment of sophisticated technical and operational capabilities by computer criminals as well as known ties of certain computer criminal groups to international adversaries. (NSTF90) In 1992, the NSTF developed a revised risk assessment, which presented the current status of the electronic intruder threat to the public switched network (PSN). That report reaffirmed the existence of a significant threat to the PSN. It went further to state that computer intrusions have adversely affected NS/EP telecommunications. (NSTF92)

1.2 Purpose

This report is intended to increase awareness in the NS/EP telecommunications community about the electronic intrusion threat to the PSN. The report updates and expands upon the findings of the 1993 report of the same name. This report provides a baseline description of the threat posed by electronic intruders who enter telecommunication carriers' systems for fraudulent or unauthorized purposes.

This report specifically focuses on actions that may affect NS/EP telecommunications users who are concerned with the electronic intrusion threat because of their heavy reliance on the PSN to maintain communications in times of national emergency or crisis. More than 90 percent of U.S. Government telecommunication services are provided by commercial carriers. Furthermore, emergency response organizations rely heavily on the PSN to protect public safety and welfare in times of crisis or disaster.

The 1993 edition of this report covered the electronic intrusion threat in a broad sense. This edition updates and expands on the key points and issues from the 1993 report. Some issues are reiterated to assist in the reader's understanding of important or new issues. Other information has not been re-introduced because it has either become dated or less important to NS/EP telecommunications. Along with several new issues, a section on reaction strategies has been added. Readers are encouraged to reference the 1993 edition of this report for additional information on the structure of the computer underground, emerging technologies with undefined NS/EP implications, and specific intrusion case histories.

1.3 Scope

The term threat is defined in this report as the capability of an adversary coupled with their intentions to undertake a set of actions or events that could have detrimental effects to an automated system. The threat posed to the PSN from electronic intrusions could result in any of the following:

Denial or disruption of service Unauthorized monitoring and disclosure of sensitive information Unauthorized modification of network databases and services Fraud and financial loss.

In addition, other related elements that help further define the threat are explored in this report. For example, demonstrated skills and motivations of those who could cause or benefit from a damaged telecommunications infrastructure, and strategies to respond to incidents are discussed.

Because no single term can describe all the components of the nation's telecommunications infrastructure, this document uses PSN as an inclusive term. In addition to the voice switched network, PSN includes public data networks (e.g., X.25, Frame Relay, SMDS, and ATM packet data networks), wireless systems, signaling networks, and associated transmission networks.

1.4 Sources of Information

Industrywide, comprehensive, reliable statistics on the frequency of network intrusions do not exist primarily because the nation's telecommunications infrastructure is composed of many different networks operating in a highly competitive business environment. Therefore, this report uses qualitative analyses to develop its conclusions, including case histories, computer underground files, technical journals, and other readily available data.

There are three reasons for relying exclusively on open source information. First, open source information creates none of the restrictions imposed by the use of classified or proprietary information. Second, members of the computer underground are quite prolific when writing about themselves and have generated hundreds of megabytes of data about their activities, most of which are available electronically. Although the credibility of computer underground member exploits may be questionable, certain information such as interests, motivations, and knowledge is valuable and is used in this analysis. Third, the high level of interest by those outside the computer underground has resulted in a large volume of periodical literature and academic work focused on network security.

1.5 Organization of This Report

Section 2.0 of this document describes the various types of electronic intruders, including members of the computer underground, insiders, industrial spies, and foreign intelligence services, and their skills. Section 3.0 identifies the telecommunication technologies and services targeted by electronic intruders and identifies future technologies that demand consideration by the NS/EP community. The potential impact of the computer intruder threat on NS/EP telecommunication systems and services is analyzed in Section 4.0, including targeting specific government telecommunication systems. Section 5.0 discusses several groups that address reaction strategies to electronic intruder incidents. Conclusions are presented in Section 6.0. References listed in Appendix C are used throughout the report, and can be identified by reference names in parentheses.