New Reports Find More US Cyber Vulnerabilities
A congressional commission is scheduled to release a report this week stating that Internet traffic, including that on US federal and military websites, was redirected through Chinese computer servers back in April.
Receiving an advance look at the report, the Washington Times this morning said that the US-China Economic and Security Review Commission found that almost 15 percent of the world’s Internet traffic, including .gov and .mil websites, “were affected by the 18-minute-long April 8 redirection, including those for the Senate, all four military services, the office of the secretary of defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration ‘and many others,’ as well as commercial websites including those of Dell, Yahoo, Microsoft and IBM.”
According to the report, while it is not yet clear if the redirect was an intentional breach of security, “at the very least, these incidents demonstrate the inherent vulnerabilities in the Internet’s architecture.”
Meanwhile, vulnerabilities may continue to be exploited, as a separate report released Monday by data security firm Imperva predicted that nation-state-led cyberterrorism will rise in 2011.
According to UPI, Imperva’s report found that “state-sponsored hacking will build on concepts and techniques from the commercial hacker industry to create more powerful ‘advanced persistent threats.’”
And from a threat to a reality, Reuters reported this morning that Stuxnet, the computer worm attacking international industrial systems, was created with a direct target in mind: uranium enrichment equipment.
Calling Stuxnet a “first-of-its-kind guided cyber missile,” some security analysts claim that there is evidence to prove that the malicious worm was set up to sabotage Iran’s controversial nuclear program, a move that would put several Western governments at the top of the list of prime suspects for the attack.
Could the US be at fault?
Stay tuned, as I will be covering the Senate Committee on Homeland Security and Government Affairs hearing tomorrow on “Securing Critical Infrastructure in the Age of Stuxnet.”
In the meantime, check out these cybersecurity news headlines you may have missed:
Rep. Davis: No lame-duck vote on infosec (GovInfoSecurity)
TechAmerica urges action by lame-duck Congress on laundry list of IT wants (Washington Technology)
GAO chastises IRS over financial system cybersecurity (GovInfoSecurity)
Air Force grooming cyber wingmen (Federal News Radio)
Russia’s Silicon Valley dreams may threaten cybersecurity (Radio Free Europe)
Public takes a stand on presidential Internet ‘kill switch’ (Government Computer News)
Rep. Rush wants to lead tech panel Dems (Politico)
Government, industry developing a farm system for IT security pros (Government Computer News)
Verizon intros cyber attack information app (eSecurity Planet)
Wounded Warrior Project to train vets in IT, cybersecurity (Raytheon Press Release)