US and Iran Both Focus on Cyber Defense This Week
An article in the Washington Post this morning reports that the White House is reviewing whether to ask Congress for new authorities for government agencies to protect the nation’s critical infrastructure in the event of a major cyber attack.
The news came yesterday following a House Armed Services Committee hearing, where US Cyber Command Chief Gen. Keith Alexander testified on the military’s cyber defense capabilities.
Noting that the White House is working to form a team with the FBI, the US Cyber Command, DHS and other agencies, Alexander said the move would “ensure that everybody has the exact authorities and capabilities that they would need to protect the country,” the Post reported.
But also covering the hearing, Wired magazine noted that a cyber shield would only stretch so far, advising, “If your business gets hacked, don’t bother calling the US military’s new Cyber Command.”
According to the article, after the hearing, Gen. Alexander told reporters that his unit does not have role in civilian network cyber defense. “Within the United States, I do not believe that’s where Cyber Command should or will operate,” he said.
Meanwhile, the New York Times reported that the General did stress the importance in defining those roles needed to protect both private and public sectors in cyberspace. “I believe this is one of the most critical problems our country faces,” Alexander said.
“We need to get that right,” he added. “I think we have to have a discussion about roles and responsibilities: What’s the role of Cyber Command? What’s the role of the ‘intel’ community? What’s the role of the rest of the Defense Department? What’s the role of DHS? And how do you make that team work? That’s going to take time.”
And while time is of the essence for the United States to work out its cybersecurity scope, it seems time has expired for another nation state.
According to Bloomberg, a computer worm that recently infected industrial computers around the world, appears to have been created to target Iran and its Bushehr nuclear power plant, affecting about 60 percent of its systems.
Deemed the Stuxnet worm, one computer security researcher in Berlin advised that the “level of sophistication in the worm’s programming and its ability to hide itself suggest it may have been built by a government-sponsored organization in countries such as the US or Israel.”
And as attribution theories continue to emerge, in an interview with Forbes, cybersecurity expert James Lewis, a fellow at the Center for Strategic and International Studies, affirmed, “The target doesn’t relate to economic espionage or financial crime. There’s a good chance it was a government. And there are only five or six governments in the world that could pull off this kind of stunt.”
Including France, the UK, Israel, Russia, China and the US in his list of potential Stuxnet suspects, Lewis rhetorically asked, “Who would want to do this to Iran?” Following up with: “I don’t think we can rule any of them out.”
Additional cybersecurity news follows:
Former NSC official criticizes cybersecurity policies (Wall Street Journal)
WikiLeaks and hacktivist culture (The Nation)
Clarifying your anti-virus choices (USA Today)
Smart Grid Risks:
Who will become the masters of the smart grid? (New York Times)
An irksome tale: The battle to secure the smart grid (Huffington Post)
NATO Cyber Concerns:
Lynn details threats to US, NATO cybersecurity (Defense.gov)
NATO’s sense of purpose on cybersecurity impresses Lynn (Defense.gov)
Richard Clarke: Obama Administration, DHS have done ‘nothing’ about cyber war, threats (The New New Internet)
Boeing to offer cybersecurity to Japan (Federal News Radio)
FBI hires BAE Systems for information security (Government Computer News)
HP completes deal for Fortify Software (Associated Press)
Wyle nabs piece of $450M award to support USAF with cyber architectures, training, defense (The New New Internet)