Archive
Preparing for Cyberwar
“At a stroke, computer systems, power grids, industrial production and financial markets could fail, with untold consequences for civil governance and social cohesion: an electronic Pearl Harbor and all without a conventional shot being fired. And this isn’t just academic hypothesis,” warned former Deputy Commanding General of coalition forces in Iraq, Sir Robert Fry, in an article in the Wall Street Journal this morning.
The traditional methods of waging war have shifted, Fry asserted, adding: “Cyber operations are the next weapons of mass effect, or, as more than one wag has put it, ‘weapons of mass disruption.'”
Meanwhile, NPR reports that the US may need to up its ante if it plans to fend off a potential war in such cyberspace.
“We don’t have sufficiently bright people moving into this field to support those national security objectives as we move forward in time,” veteran cybersecurity expert James Gosler, a former member of CIA, the National Security Agency and the Energy Department, told NPR’s Tom Gjelten.
Read more…
Cybersecurity Takes Flight
Good morning, Cybersecurity News readers…
This Cybersecurity News update comes courtesy of US Airways, which, after nearly a week of travel, has allowed me to type this post at about 32,000 feet.
Using the airway’s free wi-fi, I can’t help but wonder what cyber precautions are being taken by the airlines to ensure their networks are protected while they ‘fly high’ boasting their latest air amenity. (More on that later…)
But it seems one major air conglomerate isn’t waiting around to test the waters air. According to Network World, facing a “critical hiring need,” the US Air Force will use a streamlined approach to hire nearly 700 new employees to focus on cybersecurity.
In a statement, the Air Force said the new positions will address: “cyberrisk and strategic analysis; incident handling and malware/vulnerability analysis; cyberincident response; cyberexercise facilitation and management; cybervulnerability detection and assessment; network and systems engineering; enterprise architecture; intelligence analysis; investigation; investigative analysis; and cyberrelated infrastructure interdependency analysis.”
Also ramping up cybersecurity, cyber czar Howard Schmidt noted on the White House Blog late last week that efforts are being made “to reduce risk and build confidence in our critical information and communications infrastructure.”
Read more…
UPDATE: White House Cyber Meeting Today
From the National Journal’s Congress Daily:
The White House is expected to hold a meeting today to assess the Obama administration’s progress on cybersecurity reforms.
The meeting is intended to evaluate where the administration stands just more than a year since completion of a major cybersecurity policy review, said Rand Beers, an undersecretary at the Homeland Security Department. Beers declined to answer further questions about the meeting.
Last year’s review was led by Melissa Hathaway, then the cybersecurity director. But Hathaway, who has since left government service, said in an e-mail she had not been invited to today’s meeting. The session is expected to be led by Howard Schmidt, appointed cybersecurity coordinator last year.
Meanwhile, Senate Majority Leader Reid expects to hold a meeting today of key chairmen to merge competing cybersecurity bills in the chamber, a Reid spokeswoman said.
White House Plans “Mysterious” Cyber Meeting
The White House is expected to meet tomorrow to discuss the economic side to cybersecurity. According to an article from The Hill, Cyber Czar Howard Schmidt, Secretary of Commerce Gary Locke and DHS Secretary Janet Napolitano will plot out options on “how to improve private-sector cybersecurity through economic incentives.”
But an article by The Atlantic is calling the meeting “a mysterious White House cyber event,” as details have not been disclosed to the media. Yet according to the publication, which tracked down a press release from The Internet Security Alliance, “ISA President Larry Clinton has been invited to attend and… The stated purpose of the meeting is a review and discussion of the activities since President Obama released his ‘Cyber Space Policy Review’ last spring.” Stay tuned for more details on tomorrow’s cyber gathering…
Read more…
NSA’s ‘Perfect Citizen’ Not Seen as Perfect
An article in the Wall Street Journal this morning reports on a new project to be launched by the National Security Agency. Hailed as the “Perfect Citizen,” the development would provide the NSA with network surveillance to detect and prevent potential cyber attacks against private companies and government-based organizations in charge of the nation’s critical infrastructure, including the US power grid and nuclear power plants.
A source familiar with the new program told the Wall Street Journal, “The goal is to close the ‘big, glaring holes’ in the US’ understanding of the nature of the cyber threat against its infrastructure.” Yet it’s apparent that Perfect Citizen isn’t so perfect to other cyber experts and tech types.
While some (including: PC World, The Hill, Wireless Week and Federal News Radio) are calling the NSA’s latest development a “Big Brother” approach, Cato Institute’s director of information policy studies, Jim Harper, wrote on his blog this morning that Perfect Citizen may be “Congress’ Perfect Failure.” Harper went on to claim, “Our legislature is utterly supine before the national security bureaucracy, which exaggerates cybersecurity threats and consistently uses the secrecy trump card to defy oversight.”
Meanwhile, CNET’s Lance Whitney takes a look at both sides of the ‘Citizen’ debate, stating, “Some in industry and government see it as an attempt by the NSA to intrude into domestic matters, while others believe it’s a much-needed step in fighting the threat of cyberattacks.”
“For now, Perfect Citizen is not a mandatory program,” noted Clay Dillow of Popular Science, including, “The look of the finalized program is still unclear, as the NSA is working with private companies to persuade them of the gravity of the threat and come to agreeable terms with the government on how best to implement the sensors.”
Read more…
Cracking Code and Taking Cyber Heat
Calling all coding gurus and cyber geeks: Wired’s Danger Room this afternoon is asking readers to attempt to crack an embedded military code. According to the report, the US military’s new Cyber Command has created a logo for its organization, which includes the code “9ec4c12949a4f31474f299058ce2b22a” around the logo’s inner ring.
On the topic, a source close to CyberCom told Wired, “It is not just random numbers and does ‘decode’ to something specific.” Although Wired has yet to explain the code’s exact meaning, the article has generated over 125 comments and translation attempts, including several suggestions that the message says “Poder Cybernetico,” meaning “Cyber Power.”
And while ‘cyber power’ may be turning up in a security logo, it’s apparently missing from a security office — That is, the Department of Homeland Security. Continuing to catch heat for its mismanagement, DHS is “missing the mark,” Rep. Bennie Thompson (D-MS), chairman of the House Homeland Security Committee, said in a statement published by Homeland Security Today.
According to the report, a Bottom Up Review (BUR) conducted by DHS and yet to be released to the public, has five missions: “preventing terrorism and enhancing security, securing and managing US borders, enforcing and administering US immigration laws, safeguarding and securing cyberspace, and ensuring resilience to disasters.”
Read more…
Recapping the July 4 Attack and Calling for a Cyber Step-Up
Welcome back Cybersecurity News readers…
Over the long weekend, the AP reported that US officials have ruled out the idea that North Korea was behind last year’s July 4 denial-of-service (DoS) cyber attacks on US and South Korean government and corporate websites.
The origin of the attacks, which hit sites including the US Treasury Department and the Federal Trade Commission, was declared a “dead end” by Don Jackson, director of threat intelligence for cybersecurity consulting firm SecureWorks.
According to Jackson, the hackers “pulled it off so well, managed it so well — this was someone who has experience at running these types of attacks.” Jackson further noted that, with its cyber insight, South Korea may have been the disguised delinquent.
Meanwhile, retired Gen. Wesley Clark advised, “There are a number of national intelligence agencies who are creating cybercapabilities. It’s a natural area of exploration.” Not ruling out North Korea, Gen. Clark warned, “I wouldn’t underestimate North Korea’s potential in this space.”
Read more…
More Senate Cyber Legislation and House Smart Grid Cyber Concerns
The National Journal is reporting this afternoon that seven key Senate Democrats sent a letter to President Obama last night expressing their concerns for the nation’s cybersecurity and calling for “an urgent need for action.”
In the letter, Senators Harry Reid (NC), John Rockefeller (WV), Joe Lieberman (CT), Dianne Feinstein (CA), Carl Levin (MI), Patrick Leahy (VT) and John Kerry (MA) wrote: “We must ensure that the federal government is organized and integrated to facilitate cross-government coordination, broad situational awareness, and agile, effective responses to cyber threats. We must also ensure that the government has adequate authorities to protect U.S. critical infrastructure and has the institutions in place to ensure effective cooperation and information sharing with key government and private sector actors.”
The senators went on to note that they are “working to develop comprehensive cyber legislation that will endow the federal government with the capabilities and authorities it needs to effectively meet the tremendous challenges of cybersecurity.” An expected date for the new legislation was not provided.
Over in the House, cybersecurity was also a topic of discussion, as the Committee on Science and Technology’s Subcommittee on Technology and Innovation held a hearing yesterday to discuss smart grid standards and technologies. A press release on the hearing included the mention of cybersecurity measures to protect the nation’s power grid, which, according to Subcommittee Chairman David Wu (D-OR), “has often been called the biggest machine on Earth.”
Read more…
US-Russia Cyber Ties and Spies Seen as “Real Threat”
Earlier this month, the Wall Street Journal reported that Gen. Keith Alexander, head of the new US Cyber Command, was backing talks with Russia “over a proposal to limit military attacks in cyberspace, representing a significant shift in US policy.”
And just last week, the Associated Press reported that President Obama sat down with Russian President Dmitry Medvedev, claiming to have “succeeded in resetting the relationship between the former Cold War adversaries that had dipped to a dangerous low in recent years.”
But today, as news continues to trickle in on the FBI’s Sunday investigation and arrest of [now 11] Russian spies living in Yonkers, Boston and northern Virginia, it appears that the US may need to reexamine its relationship with the ‘Bear’ in the room.
According to the New York Times, living in the States for more than a decade, the deemed “espionage ring” was collecting information on the CIA, US intelligence, nuclear weapons, US ties to Iran and, all the while, recruiting new members into its group.
Read more…
Cyber Bills: Creating Concerns and Competition
There are “five critical flaws” in the Lieberman-Collins-Carper cybersecurity legislation. That’s according to Jeffrey Carr, who, in an article in Forbes today, said the bill, which passed in the Senate Homeland Security and Governmental Affairs Committee last week, should have us “very concerned.”
According to Carr, a cyber intelligence consultant for the US government, the bill: puts the power grid in the private sectors’ hands, leaving it vulnerable to an attack; provides the President with cyber authority after an attack occurs, in lieu of being proactive; provides specific power to the US-CERT, which was recently criticized for its lack of
manpower and authority; enables energy companies to report, on their own time, if/when they have been attacked, further delaying government response and repair; and fails to examine all potential sources, internally and internationally, capable of attacking the US.
The solution? Another cybersecurity bill…
Though it may not be the right answer, Republican Senators Kit Bond and Orrin Hatch have introduced new legislation, the National Cyber Infrastructure Protection Act of 2010.
Read more…
Cybersecurity News 