Cybersecurity News

The Pentagon is not prepared to take on certain adversaries in cyber space and must adopt a new strategy to mitigate looming threats, according to a new report.

The 138-page report, “Resilient Military Systems and the Advanced Cyber Threat,” was compiled by a task force of public and private sector industry experts under the Defense Science Board.

The task force advised that the Department of Defense (DoD) does not have the capabilities to prevent highly sophisticated cyber attacks from penetrating networks that control critical infrastructure and carry out essential military missions.

“DoD’s networks are built on inherently insecure architectures that are composed of, and increasingly using, foreign parts,” James Gosler and Lewis Von Thaer, co-chairs of the task force, wrote in the report. “While DoD takes great care to secure the use and operation of the ‘hardware’ of its weapon systems, the same level of resource and attention is not spent on the complex network of information technology (IT) systems that are used to support and operate those weapons or critical IT capabilities embedded within them.”

The task force noted that two countries in particular, China and Russia, both have the capabilities and resources needed to create vulnerabilities within U.S. networks for the purpose of exploitation.

In one of the task force’s tests, researchers were able to gain access to military networks using only a small team, under a short amount of time. The task force said that an adversary could carry out a similar action and could “significantly disrupt” the military’s networks.

Advising DoD to increase its cyber capabilities, the task force offered up a list of recommendations aiming to reduce the risk of vulnerabilities and threats to U.S. networks.

Recommendations listed by the task force included:

• Determining the mix of cyber, protected-conventional and nuclear capabilities necessary for assured operation in the face of a full-spectrum adversary
• Refocusing intelligence collection and analysis to understand adversarial cyber capabilities, plans and intentions, and to enable counterstrategies
• Creating a counterintelligence capability to directly address the most sophisticated threats using tools and techniques derived from both defensive and offensive U.S. cyber programs
• Developing a capability to model a war game to train for full scale peer-on-peer cyber warfare
• Establishing a policy framework for offensive cyber actions to include who has what authority (for specific actions), under what circumstances, under what controls
• Increasing the number of qualified cyber warriors and enlarging the cyber infrastructure to commensurate with the size of the threat
• Leveraging commercial technologies to automate portions of network maintenance and “real-time” mitigation of detected malware
• Establishing a formal career path for DoD civilian and military personnel engaged in cyber defense

“It will take years for the Department to build an effective response to the cyber threat to include elements of deterrence, mission assurance and offensive cyber capabilities,” advised the task force, adding, “We must start now.”

____

Following are some additional cyber headlines you may have missed:

FEDERAL NEWS:

DHS Sec. Napolitano: Immigration priority tops cyber (Politico)

White House, lawmakers resume cybersecurity bill talks (Reuters)

Cybersecurity should top China trade talks, lawmaker says (Bloomberg)

White House gives agencies low marks for cybersecurity (Federal Times)

FBI looks for partnerships to counter cyber threat (Government Security News)

House Intelligence chairman aims for cybersecurity bill markup in April (The Hill)

DARPA pulls plug on hacker-friendly Cyber Fast Track program (Infosecurity Magazine)

Rep. Smith says he’ll fast track McCaul cybersecurity bill out of committee (FierceGovIT)

INDUSTRY OVERVIEW:

More companies reporting cyber incidents (Washington Post)

Goldman joins Citigroup in expanding cyber threat lists (Bloomberg)

Unisys Corporation says cyber executive order is not enough (Wired)

CrowdStrike says it freed thousands of infected PCs from botnet (Reuters)

Video: McAfee co-president talks latest trends in cybersecurity (Fox News)

Lockheed Martin named commercial cybersecurity provider by DHS (Press Release)

INTERNATIONAL  OUTLOOK:

China doubts US cyber narrative (UPI)

Czech news websites hit by hackers (Reuters)

EU, US go separate ways on cybersecurity (EurActiv)

Romania believes rival nation behind “MiniDuke” cyber attack (Reuters)

Spain to welcome the new Industrial Cybersecurity Center (Infosecurity Magazine)

Norway security officials warn of dramatic cyber espionage increase (The Foreigner)

HACKING HIGHLIGHTS:

Jailed hacker allowed into IT class, hacks prison computers (CNET)

Evernote note-sharing service says hackers stole some user data (Reuters)

‘Anonymous’ hacker explains why he fled the US (San Francisco Chronicle)

Hacker steals $12,000 worth of Bitcoins in brazen DNS-based attack (TechCrunch)

Foreign hackers steal more than a terabyte of data per day, report finds (The Verge)

CYBER INSIGHTS:

Survey: Investors crave more cybersecurity transparency (Fox News)

Return of CISPA: Cybersecurity boon or privacy threat? (Computerworld)

ACLU to Congress: Keep cybersecurity information sharing out of military hands (ACLU Blog)

____

This report is also available on ClearanceJobs.com at: http://www.clearancejobs.com/defense-news/1166/cybersecurity-news-round-up-pentagon-unprepared-to-defend-against-cyber-attacks