The cyber world is buzzing this week with the latest news and comments made at the annual Black Hat USA conference in Las Vegas. And as the media continue to report on the event, it seems that one man in particular has already stolen the security show.
Retired US Air Force General Michal Hayden, former director of the National Security Agency and the Central Intelligence Agency, at the conference on Thursday, spoke of cyber attacks and cyber warfare, as well as the government’s current plans in regards to both.
According to Wired, Hayden, now a principal at security firm the Chertoff Group, in a keynote discussion said that “Ideas have been raised about forming the cyber equivalent of demilitarized zones for sensitive networks, such as the power grid and financial networks, that would be off-limits to attack from nation states,” all the while acknowledging that the idea “contradicts the view in kinetic warfare where attacks on power grids and other infrastructures are considered legitimate targets.”
This week has proved to be busy for the cyber world and those with a close eye on security.
Kicking off the week with the Wikileaks case that exposed more than 90K secret US military documents, the Washington bureau of the Agence France Presse reported that “WikiLeaks highlights the security challenges of the digital age, when gigabytes of sensitive data can be exposed with a single click.”
And while the source for the documents has not yet been identified, James Lewis, cybersecurity expert for the Center for Strategic and International Studies, told the AFP, “You’ve got to rethink how you secure information.”
But it appears another group may already be rethinking security this week, as Black Hat USA 2010, a conference on all things information security, kicked off yesterday in Las Vegas, NV.
In an op-ed in the Wall Street Journal this morning, FCC commissioner Robert McDowell warned that the United Nations may soon have jurisdiction over parts of the Internet.
According to McDowell, “At two meetings of the UN’s World Summit on the Information Society in 2003 and 2005, the US found itself in the lonely position of fending off efforts by other governments to exert UN or other multilateral control over the Internet.”
Noting that several UN member states have backed the idea of controlling Internet governance, Web domain registries and cybersecurity, McDowell went on to advise: “We should continue to rely on the ‘bottom up’ nongovernmental Internet governance bodies that have a perfect record of keeping the Web working. Changing course now could trigger an avalanche of irreversible international regulation.”
Independently aiming to step up its cyber control, eWeek Europe is reporting that the UK this week launched a Cyber Security Challenge program to address its current IT security skill shortage.
“At a stroke, computer systems, power grids, industrial production and financial markets could fail, with untold consequences for civil governance and social cohesion: an electronic Pearl Harbor and all without a conventional shot being fired. And this isn’t just academic hypothesis,” warned former Deputy Commanding General of coalition forces in Iraq, Sir Robert Fry, in an article in the Wall Street Journal this morning.
The traditional methods of waging war have shifted, Fry asserted, adding: “Cyber operations are the next weapons of mass effect, or, as more than one wag has put it, ‘weapons of mass disruption.’”
Meanwhile, NPR reports that the US may need to up its ante if it plans to fend off a potential war in such cyberspace.
“We don’t have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,” veteran cybersecurity expert James Gosler, a former member of CIA, the National Security Agency and the Energy Department, told NPR’s Tom Gjelten.
Good morning, Cybersecurity News readers…
This Cybersecurity News update comes courtesy of US Airways, which, after nearly a week of travel, has allowed me to type this post at about 32,000 feet.
Using the airway’s free wi-fi, I can’t help but wonder what cyber precautions are being taken by the airlines to ensure their networks are protected while they ‘fly high’ boasting their latest air amenity. (More on that later…)
But it seems one major air conglomerate isn’t waiting around to test the waters air. According to Network World, facing a “critical hiring need,” the US Air Force will use a streamlined approach to hire nearly 700 new employees to focus on cybersecurity.
In a statement, the Air Force said the new positions will address: “cyberrisk and strategic analysis; incident handling and malware/vulnerability analysis; cyberincident response; cyberexercise facilitation and management; cybervulnerability detection and assessment; network and systems engineering; enterprise architecture; intelligence analysis; investigation; investigative analysis; and cyberrelated infrastructure interdependency analysis.”
Also ramping up cybersecurity, cyber czar Howard Schmidt noted on the White House Blog late last week that efforts are being made “to reduce risk and build confidence in our critical information and communications infrastructure.”
From the National Journal’s Congress Daily:
The White House is expected to hold a meeting today to assess the Obama administration’s progress on cybersecurity reforms.
The meeting is intended to evaluate where the administration stands just more than a year since completion of a major cybersecurity policy review, said Rand Beers, an undersecretary at the Homeland Security Department. Beers declined to answer further questions about the meeting.
Last year’s review was led by Melissa Hathaway, then the cybersecurity director. But Hathaway, who has since left government service, said in an e-mail she had not been invited to today’s meeting. The session is expected to be led by Howard Schmidt, appointed cybersecurity coordinator last year.
Meanwhile, Senate Majority Leader Reid expects to hold a meeting today of key chairmen to merge competing cybersecurity bills in the chamber, a Reid spokeswoman said.
The White House is expected to meet tomorrow to discuss the economic side to cybersecurity. According to an article from The Hill, Cyber Czar Howard Schmidt, Secretary of Commerce Gary Locke and DHS Secretary Janet Napolitano will plot out options on “how to improve private-sector cybersecurity through economic incentives.”
But an article by The Atlantic is calling the meeting “a mysterious White House cyber event,” as details have not been disclosed to the media. Yet according to the publication, which tracked down a press release from The Internet Security Alliance, “ISA President Larry Clinton has been invited to attend and… The stated purpose of the meeting is a review and discussion of the activities since President Obama released his ‘Cyber Space Policy Review’ last spring.” Stay tuned for more details on tomorrow’s cyber gathering…
An article in the Wall Street Journal this morning reports on a new project to be launched by the National Security Agency. Hailed as the “Perfect Citizen,” the development would provide the NSA with network surveillance to detect and prevent potential cyber attacks against private companies and government-based organizations in charge of the nation’s critical infrastructure, including the US power grid and nuclear power plants.
A source familiar with the new program told the Wall Street Journal, “The goal is to close the ‘big, glaring holes’ in the US’ understanding of the nature of the cyber threat against its infrastructure.” Yet it’s apparent that Perfect Citizen isn’t so perfect to other cyber experts and tech types.
While some (including: PC World, The Hill, Wireless Week and Federal News Radio) are calling the NSA’s latest development a “Big Brother” approach, Cato Institute’s director of information policy studies, Jim Harper, wrote on his blog this morning that Perfect Citizen may be “Congress’ Perfect Failure.” Harper went on to claim, “Our legislature is utterly supine before the national security bureaucracy, which exaggerates cybersecurity threats and consistently uses the secrecy trump card to defy oversight.”
Meanwhile, CNET’s Lance Whitney takes a look at both sides of the ‘Citizen’ debate, stating, “Some in industry and government see it as an attempt by the NSA to intrude into domestic matters, while others believe it’s a much-needed step in fighting the threat of cyberattacks.”
“For now, Perfect Citizen is not a mandatory program,” noted Clay Dillow of Popular Science, including, “The look of the finalized program is still unclear, as the NSA is working with private companies to persuade them of the gravity of the threat and come to agreeable terms with the government on how best to implement the sensors.”
Calling all coding gurus and cyber geeks: Wired’s Danger Room this afternoon is asking readers to attempt to crack an embedded military code. According to the report, the US military’s new Cyber Command has created a logo for its organization, which includes the code “9ec4c12949a4f31474f299058ce2b22a” around the logo’s inner ring.
On the topic, a source close to CyberCom told Wired, “It is not just random numbers and does ‘decode’ to something specific.” Although Wired has yet to explain the code’s exact meaning, the article has generated over 125 comments and translation attempts, including several suggestions that the message says “Poder Cybernetico,” meaning “Cyber Power.”
And while ‘cyber power’ may be turning up in a security logo, it’s apparently missing from a security office — That is, the Department of Homeland Security. Continuing to catch heat for its mismanagement, DHS is “missing the mark,” Rep. Bennie Thompson (D-MS), chairman of the House Homeland Security Committee, said in a statement published by Homeland Security Today.
According to the report, a Bottom Up Review (BUR) conducted by DHS and yet to be released to the public, has five missions: “preventing terrorism and enhancing security, securing and managing US borders, enforcing and administering US immigration laws, safeguarding and securing cyberspace, and ensuring resilience to disasters.”
Welcome back Cybersecurity News readers…
Over the long weekend, the AP reported that US officials have ruled out the idea that North Korea was behind last year’s July 4 denial-of-service (DoS) cyber attacks on US and South Korean government and corporate websites.
The origin of the attacks, which hit sites including the US Treasury Department and the Federal Trade Commission, was declared a “dead end” by Don Jackson, director of threat intelligence for cybersecurity consulting firm SecureWorks.
According to Jackson, the hackers “pulled it off so well, managed it so well — this was someone who has experience at running these types of attacks.” Jackson further noted that, with its cyber insight, South Korea may have been the disguised delinquent.
Meanwhile, retired Gen. Wesley Clark advised, “There are a number of national intelligence agencies who are creating cybercapabilities. It’s a natural area of exploration.” Not ruling out North Korea, Gen. Clark warned, “I wouldn’t underestimate North Korea’s potential in this space.”