The cyber world is buzzing this week with the latest news and comments made at the annual Black Hat USA conference in Las Vegas. And as the media continue to report on the event, it seems that one man in particular has already stolen the security show.
Retired US Air Force General Michal Hayden, former director of the National Security Agency and the Central Intelligence Agency, at the conference on Thursday, spoke of cyber attacks and cyber warfare, as well as the government’s current plans in regards to both.
According to Wired, Hayden, now a principal at security firm the Chertoff Group, in a keynote discussion said that “Ideas have been raised about forming the cyber equivalent of demilitarized zones for sensitive networks, such as the power grid and financial networks, that would be off-limits to attack from nation states,” all the while acknowledging that the idea “contradicts the view in kinetic warfare where attacks on power grids and other infrastructures are considered legitimate targets.”
This week has proved to be busy for the cyber world and those with a close eye on security.
Kicking off the week with the Wikileaks case that exposed more than 90K secret US military documents, the Washington bureau of the Agence France Presse reported that “WikiLeaks highlights the security challenges of the digital age, when gigabytes of sensitive data can be exposed with a single click.”
And while the source for the documents has not yet been identified, James Lewis, cybersecurity expert for the Center for Strategic and International Studies, told the AFP, “You’ve got to rethink how you secure information.”
But it appears another group may already be rethinking security this week, as Black Hat USA 2010, a conference on all things information security, kicked off yesterday in Las Vegas, NV.
In an op-ed in the Wall Street Journal this morning, FCC commissioner Robert McDowell warned that the United Nations may soon have jurisdiction over parts of the Internet.
According to McDowell, “At two meetings of the UN’s World Summit on the Information Society in 2003 and 2005, the US found itself in the lonely position of fending off efforts by other governments to exert UN or other multilateral control over the Internet.”
Noting that several UN member states have backed the idea of controlling Internet governance, Web domain registries and cybersecurity, McDowell went on to advise: “We should continue to rely on the ‘bottom up’ nongovernmental Internet governance bodies that have a perfect record of keeping the Web working. Changing course now could trigger an avalanche of irreversible international regulation.”
Independently aiming to step up its cyber control, eWeek Europe is reporting that the UK this week launched a Cyber Security Challenge program to address its current IT security skill shortage.
“At a stroke, computer systems, power grids, industrial production and financial markets could fail, with untold consequences for civil governance and social cohesion: an electronic Pearl Harbor and all without a conventional shot being fired. And this isn’t just academic hypothesis,” warned former Deputy Commanding General of coalition forces in Iraq, Sir Robert Fry, in an article in the Wall Street Journal this morning.
The traditional methods of waging war have shifted, Fry asserted, adding: “Cyber operations are the next weapons of mass effect, or, as more than one wag has put it, ‘weapons of mass disruption.'”
Meanwhile, NPR reports that the US may need to up its ante if it plans to fend off a potential war in such cyberspace.
“We don’t have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,” veteran cybersecurity expert James Gosler, a former member of CIA, the National Security Agency and the Energy Department, told NPR’s Tom Gjelten.
Good morning, Cybersecurity News readers…
This Cybersecurity News update comes courtesy of US Airways, which, after nearly a week of travel, has allowed me to type this post at about 32,000 feet.
Using the airway’s free wi-fi, I can’t help but wonder what cyber precautions are being taken by the airlines to ensure their networks are protected while they ‘fly high’ boasting their latest air amenity. (More on that later…)
But it seems one major air conglomerate isn’t waiting around to test the waters air. According to Network World, facing a “critical hiring need,” the US Air Force will use a streamlined approach to hire nearly 700 new employees to focus on cybersecurity.
In a statement, the Air Force said the new positions will address: “cyberrisk and strategic analysis; incident handling and malware/vulnerability analysis; cyberincident response; cyberexercise facilitation and management; cybervulnerability detection and assessment; network and systems engineering; enterprise architecture; intelligence analysis; investigation; investigative analysis; and cyberrelated infrastructure interdependency analysis.”
Also ramping up cybersecurity, cyber czar Howard Schmidt noted on the White House Blog late last week that efforts are being made “to reduce risk and build confidence in our critical information and communications infrastructure.”
From the National Journal’s Congress Daily:
The White House is expected to hold a meeting today to assess the Obama administration’s progress on cybersecurity reforms.
The meeting is intended to evaluate where the administration stands just more than a year since completion of a major cybersecurity policy review, said Rand Beers, an undersecretary at the Homeland Security Department. Beers declined to answer further questions about the meeting.
Last year’s review was led by Melissa Hathaway, then the cybersecurity director. But Hathaway, who has since left government service, said in an e-mail she had not been invited to today’s meeting. The session is expected to be led by Howard Schmidt, appointed cybersecurity coordinator last year.
Meanwhile, Senate Majority Leader Reid expects to hold a meeting today of key chairmen to merge competing cybersecurity bills in the chamber, a Reid spokeswoman said.
The White House is expected to meet tomorrow to discuss the economic side to cybersecurity. According to an article from The Hill, Cyber Czar Howard Schmidt, Secretary of Commerce Gary Locke and DHS Secretary Janet Napolitano will plot out options on “how to improve private-sector cybersecurity through economic incentives.”
But an article by The Atlantic is calling the meeting “a mysterious White House cyber event,” as details have not been disclosed to the media. Yet according to the publication, which tracked down a press release from The Internet Security Alliance, “ISA President Larry Clinton has been invited to attend and… The stated purpose of the meeting is a review and discussion of the activities since President Obama released his ‘Cyber Space Policy Review’ last spring.” Stay tuned for more details on tomorrow’s cyber gathering…