Written evidence submitted by Raytheon
UK (Malware 15)
1. EXECUTIVE
SUMMARY
Raytheon UK welcomes the opportunity to feed into
the Malware and Cyber Crime inquiry by the House of Commons Science
& Technology Committee.
2. COMMITTEE
OBJECTIVE
"The Committee has decided to gather evidence
on the impact of malware on individuals, the responsibilities
of Government to aid in preventing malware infections and the
economy that has grown up around this industry..."
3. CONSULTATION
QUESTIONS
(1) What proportion of cyber-crime is associated
with malware?
(2) Where does the malware come from? Who is
creating it and why?
(3) What level of resources are associated with
combating malware?
(4) What is the cost of malware to individuals
and how effective is the industry in providing protection to computer
users?
(5) Should the Government have a responsibility
to deal with the spread of malware in a similar way to human disease?
(6) How effective is the Government in co-ordinating
a response to cyber-crime that uses malware?
4. RAYTHEON UK
SOLUTIONS
(1) What proportion of cyber-crime is associated
with malware?
Malware, short for malicious software, consists of
programming (code, scripts, active content, and other software)
designed to disrupt or deny operation, gather information that
leads to loss of privacy or exploitation, gain unauthorized access
to system resources, and other abusive behavior. (Source Wikipedia)
Software is considered to be malware based on the
perceived intent of the creator rather than any particular features.
Malware includes computer viruses, worms, trojan horses, spyware,
dishonest adware, scareware, crimeware, most rootkits, and other
malicious and unwanted software or program. (Source Wikipedia)
The total cost of Cyber Crime in the UK has been
estimated at £1.9 billion. (Norton Cybercrime report 2010.
Note the BBC News is reporting £27 billion loss to Cybercrime.
Nearly 60% of people who reported being victims of cyber crime
experienced malware and "malicious intent". (Source
www.bytecrime .org).
(2) Where does the malware come from? Who
is creating it and why?
There are a multitude of sources that malware can
come from, these include individual efforts, organised criminal
group efforts and those sponsored by States.
Over the past few months there have been sophisticated
organised attacks against some of the world's leading suppliers
of secure solutions to global enterprises, as well as attacks
against major consumer companies providing games and media services
to large multi-national consumer bases. Second level service providers
have also been targeted, with cyber criminals gaining access to
the marketing service provides who maintain customer contact details
and records of customer behaviour. Evidence suggests that the
level (number of) and profile (numbers of users / customers being
affected) of the attacks is increasing. Symantec believe that
in 2008 more malware code was produced than legitimate commercial
and open source code.
Malware designers can and will endeavour to mislead
anyone analysing either the malware or its behaviour using decoy
and beacon hosts in geographically disparate locations.
Factors are motivated by creating malware for a myriad
for reasons, these include economic / financial benefit, collection
of IPR, ideology and political beliefs.
As a Tier 1 defence and aerospace company, Raytheon's
valuable IPR has come under attack from every day threats for
the last 30 years. This has allowed Raytheon to amass a wealth
of experience in protecting our critical IPR and infrastructure
from the most complex and persistent threats. Recently, Raytheon
has also procured a number of high profile enterprises with widely
used secure solutions protecting commercial enterprises and government
agencies all over the world. Amongst the acquisitions are Oakley,
Trusted Computer Systems and the assets of Compucat.
(3) What level of resources are associated
with combating malware?
Raytheon cannot disclose the numbers of resources
associated with combating malware. However, the Raytheon Cyber
team has designed an infrastructure and operational processes
rivalling that of any of the Tier 1 defence providers in the world.
Raytheon has teams of analysts at multiple locations defending
the company's assets from attack and analysing threats found by
Raytheon and on behalf of other significant government and commercial
organisations.
(4) What is the cost of malware to individuals
and how effective is the industry in providing protection to computer
users?
The cost of malware to individuals can be measured
by the estimated number of days taken to resolve an attack. Studies
have shown that on average the resolution of an attack requires
28 hours. If the hourly rate of $30.00 USD is applied, then each
attack costs an average of $840.00 USD or around $1000.00 USD
to resolve. (This calculation is available on the Internet.)
Commercial industry companies providing anti-virus
solutions to the mass market are thought to be around 70% effective
against viruses and malware. It is ironic that the very act of
issuing patches to the mass market alerts the malware designers
that their code has been nullified and begins another cycle of
malware development.
(5) Should the Government have a responsibility
to deal with the spread of malware in a similar way to human disease?
The Cyber threat, sometimes described as the Advance
Persistent Threat is now considered to be one of the most serious
security threats facing the UKit has been categorised as
a tier 1 threat by the National Security Council. The dependence
on software and IT for critical infrastructure elements (eg the
national grid, power stations and the public services) means that
hostile states or organisation need only mount a concerted organised
cyber attack to potentially damage another States economy or infrastructure.
In this respect it is critical that the Government does take responsibility
for educating the wider public on the consequences of malware
and how to detect and deal with it.
Although malware spread in a similar manner to contagious
diseases the analogy does not work well with the containment of
the spread of diseases. Yes, there can be a warning and reporting
process (WARP) to alert to incidents and alerts but malware mitigation
is achieved by good housekeeping. If the government were to have
a responsibility, it would be to inform and educate the public
on cyber security and good information security management.
The Communications Service Providers currently collaborate
to share information on threat actors, to ensure that the risk
to customers (Public and Private) and the national network are
minimised. This model could be implemented between the government
and the cyber industry.
(6) How effective is the Government in co-ordinating
a response to cyber-crime that uses malware?
Many different parts of government and agencies are
now working to support cyber security efforts. The government
needs to show a streamlined approach on the initiatives it is
implementing and how clear authority on roles and responsibilities.
Raytheon Company is not only working to protect its
infrastructure and systems but is working to educate and inform
its employees about information security. Raytheon's Cyber Operations
Training empowers individuals and organisations with the knowledge
and confidence to excel at cyber defence, attack and exploitation.
Within Raytheon we have the professional training skills and Subject
Matter Experts (SMEs) with up to date operational experience to
deliver bespoke education and training in a variety of blended
packages. By using virtual classrooms, Computer Based Training
(CBT) and traditional classroom based activities, employees are
kept informed of how to detect, identify and respond to malwares
as quickly as possible.
September 2011
|