Ares

A Defense Technology Blog

New Tactics For Cyber Combat

Posted by David A. Fulghum at 1/22/2010 1:31 PM CST

The U.S. Air Force has video that shows how a few lines of software can violently destroy a large, sophisticated piece of machinery.

The selectively-shown clip shows a two-megawatt electrical generator being subjected to the strain of having its circuit breakers recycled on and off every three milli-seconds. Within a minute it starts smoking and bursts into flames and, finally, destroys itself.

That conflagration was the result of a network attack by “22 lines of software” launched from about 1,000 miles away, says Lt. Gen. William Lord, the Air Force’s chief of war-fighting integration and chief information officer. The attack was subtle and fast enough that the operator at the electrical generating end of the circuit was unaware anything had happened. Meanwhile the operator at the receiving end was standing in the dark asking what happened, he says.

“That is non-kinetic power producing a kinetic effect,” Lord says. “If you turn out the lights in a building, that’s one way to get all the people out into the street without bombing it. It also illustrates our desire to stop that kind of effect.”

Operators at Creech AFB, Nev. are flying Predator UAVs 9,000 mi. away and -- Air Force officials now know -- generating full-motion video downlinks that an enemy can intercept and use.

“We need to pay attention to that kind of complaint,” he says. “We need to protect and defend parts of the network so that our forces can continue network centric operations [during a cyber attack]. That’s the price of admission. Protecting the network is a ship that sailed 5-6 years ago. Now we have to learn to fight through attacks [while operating on a] network that the enemy is already in. We can’t afford to shut down the network every time it is attacked. We live on the network, so that requires a defense in depth.”

As a result, Air Force cyber warriors are redefining their tactics. Instead of defending the network, they are defending the work that network does – the data and the applications.

“What is an enemy?” Lord asks. “It may be other pieces of the network, a 12 year old hacker, cyber criminals or terrorists. Cyber crime is a $2 trillion per year activity. With stolen identifies they can hide in the noise of millions of pieces of traffic on the network. There are 100,000 to 1 million attempted penetrations of the Pentagon every day. Some of them are generated from within the network.”

Integrated Cyber Operations

The modern military has a broad spectrum of operations. We have the ability to wage war on land, sea, air, in space and now via the Internet. The weaponry and strategies accompanying this spectrum was expanded with the introduction of cyber weapons into the modern day arsenal. From humanitarian assistance and peace keeping operations to unlimited warfare using nuclear weapons, cyber attacks span the entire operational spectrum. The utility of offensive cyber weapons provides conflict commanders with options that are unavailable with conventional and nuclear weapons.

That being said, they do have a significant drawback: reliability. Given the unique capabilities of cyber weapons, current doctrinal development must depart from thinking of warfare in purely linear terms in order to incorporate cyber capabilities into current military strategies.

State and non-​​state actors increasingly have access to advanced cyber weapons technology that makes them more dangerous by giving them global reach. Cyber weapons are easily acquired, inexpensive and strike at the speed of light with little warning. This new class of weapons provide somewhat of a leveling effect across state and non-​​state adversaries as well as activist and terrorist groups, organized crime and even lone actors. Current detection capabilities can only be described as limited to moderate given several attacks have gone undetected for years. However, cyber weapons are not the panacea that many believe. There are shortcomings to this new class of weapons. When launching a cyber weapon (other than DDoS) it is difficult to calculate just when the cyber attack will be effective, if it is effective at all. It is equally as difficult to control the spread of some forms of cyber attack techniques as well.

The status quo is acceptable. The military institution has received a fair amount of criticism for their thinking that has be characterized as preparing to fight the last war. Today’s strategic threat environment is unpredictable. Our threat environment can be accurately characterized as highly complex, rapidly developing and initiated at a moment’s notice. The mindset, doctrines and training programs that were primarily designed to address conflict with Warsaw Pact forces must be radically changed. Therefore, our defense forces and strategies must be able to provide a broad range of viable military capabilities available globally at short notice. The position of the United States and how we achieve broad spectrum influence requires significant examination done within the context of acts of cyber aggression. The U.S. must rapidly develop integrated operational strategies that leverage our digital advantages that will provide support to virtually all aspects of our offensive, defensive and intelligence collection capabilities. The scale and sophistication of the recent cyber attacks on Google (and others) was a watershed event and should be seen as a wake-​​up call. Measuring the effective integration of cyber operations into virtually every aspect of modern military doctrine and continuous updating our doctrine and strategy as cyber weapons rapidly evolve, must become a routine part of senior command activities. Failure to do so could have disastrous consequences.

USAF Stands Up Cyber Unit

By JOHN REED

Published: 25 Jan 2010 17:19

The U.S. Air Force announced Jan. 25 that its cyber fighting arm, the 24th Air Force, reached its initial operating capability (IOC) less than one year after its stand-up at Lackland Air Force Base, Texas.

"This milestone designation means that 24 AF is capable of performing critical elements of its mission," a service announcement said.

The 24th Air Force's IOC is the culmination of years of sometimes controversial work by the service to establish an effective cyber fighting command. In 2007, the service announced that it was aiming to establish a full major command dedicated to cyberwarfare, even releasing television ads depicting the service as the country's only line of defense from cyber attack. Many saw this move as a turf grab by the air service and its former leaders, Air Force Secretary Michael Wynne and Chief of Staff Gen. T. Michael Moseley.

However, soon after Wynne and Moseley were fired by Defense Secretary Robert Gates in the summer of 2008, new Air Force Chief of Staff Gen. Norton Schwartz announced that the service was suspending its pursuit of establishing a cyber MAJCOM. That fall, Schwartz announced that the Air Force would instead establish a numbered air force reporting to Air Force Space Command that would focus on cyber warfare. In August 2009, the service stood up 24th Air Force.

Service leaders say that the numbered air force will serve as the air service's contribution to U.S. Cyber Command when that organization is stood up. For now, however, 24th Air Force reports to AFSPACE.

Although Air Force officials have long acknowledged that 24th Air Force's mission will be to operate and defend Air Force computer networks, they remain cryptic about the unit's offensive mission, saying only that it will "provide full spectrum capabilities for the joint war fighter."

Pentagon Report Calls for Office of ‘Strategic Deception’

By Noah Shachtman January 26, 2010 | 12:54 pm

The Defense Department needs to get better at lying and fooling people about its intentions. That’s the conclusion from an influential Pentagon panel, the Defense Science Board (DSB), which recommends that the military and intelligence communities join in a new agency devoted to “strategic surprise/deception.”

Tricking battlefield opponents has been a part of war since guys started beating each other with bones and sticks. But these days, such moves are harder to pull off, the DSB notes in a January report (.pdf) first unearthed by InsideDefense.com. “In an era of ubiquitous information access, anonymous leaks and public demands for transparency, deception operations are extraordinarily difficult. Nevertheless, successful strategic deception has in the past provided the United States with significant advantages that translated into operational and tactical success. Successful deception also minimizes U.S. vulnerabilities, while simultaneously setting conditions to surprise adversaries.”

The U.S. can’t wait until it’s at war with a particular country or group before engaging in this strategic trickery, however. “Deception cannot succeed in wartime without developing theory and doctrine in peacetime,” according to the DSB. “In order to mitigate or impart surprise, the United States should [begin] deception planning and action prior to the need for military operations.”

Doing that will not only requires an “understanding the enemy culture, standing beliefs, and intelligence-gathering process and decision cycle, as well as the soundness of its operational and tactical doctrine,” the DSB adds. Deception is also “reliant … on the close control of information, running agents (and double-agents) and creating stories that adversaries will readily believe.”

Such wholesale obfuscation can’t be done on an ad-hoc basis, or by a loose coalition of existing agencies. The DSB writes that ”to be effective, a permanent standing office with strong professional intelligence and operational expertise needs to be established.” I wonder: what would you call that organization? The Military Deception Agency? Or something a bit more … deceptive?

Norway Drafts Cyber Defense Initiative

By gerard o'dwyer, HELSINKI

Published: 27 Jan 2010 17:07

Norway has completed the draft phase of a new National Cyber Defense Strategy (NCDS) that is expected to reach the legislative stage by the autumn. A Ministry of Defense (MoD) initiative, the NCDS will be implemented and run under the MoD's jurisdiction.

The NCDS-draft was produced by Nasjonal Sikkerhetsmyndighet (NSM), Norway's national security agency, for the two primary government departments in the project, the MoD and the Ministry of Justice.

The draft strategy recommends the creation of a national cyber defense center that would be operated by the NSM, with funding coming from parent agency MoD.

"In order to strengthen our cyberspace defenses, we need a functional strategy and a coordinated effort between the country's main sectors, including government, business, industry and society in general," Defense Minister Grete Faremo said.

The NCDS proposes a series of measures against the most serious information and communication technologies attacks. "The key is to implement measures that help to strengthen Norway's ability to prevent and handle such events," Faremo said.

The report noted that "the online threat situation" in the last year fluctuated between "an unchanging to a deteriorating picture," with such attacks on the increase, with many directly connected to ongoing "modern conflicts and warfare."

"Our ability to detect and warn of attack must be developed further," said Kjetil Nilsen, NSM's director.

Ares

A Defense Technology Blog

The Tenth Fleet

Posted by John M. Doyle at 1/28/2010 7:42 AM CST

The U.S. Navy will stand up its cyber operations unit, the so-called Tenth Fleet, this week, says Chief of Naval Operations Adm. Gary Roughead. Speaking at a Washington think tank gathering), Roughead said the new entity -- Fleet Cyber Command -- will open for business Friday (Jan. 29) at Fort Meade, Maryland, which is also home of the National Security Agency (NSA).


Navy photo, MCS1stClass Tiffini Jones Venderwyst

Fleet Cyber Command is the Navy's component of U.S. Cyber Command, a joint services subcommand created by Defense Secretary Robert Gates last June as a way of unifying the defense of U.S. military computer systems and networks. However, Senate confirmation hearings have yet to be held for Cyber Comand's designated leader, Army Lt. Gen. Keith Alexander, the director of the NSA.

At a Center for a New American Strategy (CNAS) panel discussion on defending the contested commons -- the planet's commonly-used areas: the high seas, the air, space and cyberspace -- Roughead also said space and cyberspace were both crucial to Navy communications. Roughead noted that the Navy operates "the largest corporate internet in the world with over 700,000 users and 300,000 work stations." He added that the Navy has created an "information dominance corps," bringing intelligence and information technology specialists, cartographers and cryptologists together to keep ahead on information and intelligence.

Roughead was part of a panel, including the Air Force vice chief of staff, Gen. Carol Chandler, discussing the importance of a just-released CNAS report on securing the contested commons. The report states that U.S. dominance, or even access to, the global commons will not be a certainty in the future. The rise of often ruthless non-state actors, the effects of global climate change and easier access for all to potent new technologies threaten the safety and accessibility of the commons.

The 200-page report, available on the CNAS Website, recommends that the U.S.: work with the international community in developing agreements that preserve the openness of the commons; enlist "pivotal" states and non-state actors in the protection of the global commons; and develop capabilities to defend and sustain the global commons including, long range reconnaissance and strike systems combined with cruise-missile equipped attack submarines. It also recommends building up the air forces of allies and partners and pursuing an international no-first use agreement against kinetic strikes on satellites (except to protect Earth's population from out-of-control satellites.).

For more go to today's post at my blog 4GWAR.

US would lose cyberwar: former intel chief

CHRIS LEFKOW

February 24, 2010 - 3:05PM

The United States would lose a cyberwar if it fought one today, a former US intelligence chief has warned.

Michael McConnell, a retired US Navy vice admiral who served as ex-president George W. Bush's director of national intelligence, also compared the danger of cyberwar to the nuclear threat posed by the Soviet Union during the Cold War.

"If we went to war today in a cyberwar, we would lose," McConnell told a hearing Tuesday on cybersecurity held by the Senate Committee on Commerce, Science and Transportation.

"We're the most vulnerable, we're the most connected, we have the most to lose.

"We will not mitigate this risk," added McConnell, now an executive vice president for consulting firm Booz Allen Hamilton's national security business. "And as a consequence of not mitigating this risk, we are going to have a catastrophic event."

Tuesday's hearing came a little over a month after Internet giant Google revealed that it and other US companies had been the target of a series of sophisticated cyberattacks originating in China.

"National security and our economic security are at stake," said Democratic Senator Jay Rockefeller, the panel's chairman and a co-sponsor of a bill seeking to bolster public and private sector cybersecurity cooperation.

"A major cyberattack could shut down our nation's most critical infrastructure -- our power grid, telecommunications, financial services."

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said that government intervention would probably be needed to crack down on the "Wild West" the Internet has become.

The greatest threat to the United States comes from cyber espionage and cyber crime, he said, calling them a "major source of harm to national security."

"We have lost more as a nation to espionage than at any time since the 1940s," Lewis said.

Scott Borg, director of the US Cyber Consequences Unit, also warned of the economic damage from cyberattacks.

"Cyberattacks are already damaging the American economy much more than is generally recognized," said Borg, whose independent research institute investigates the economic and strategic consequences of cyberattacks.

"The greatest damage to the American economy from cyberattacks is due to massive thefts of business information.

"This type of loss is delayed and hard to measure, but it is much greater than the losses due to personal identity theft and the associated credit card fraud," he added.

In his prepared remarks, McConnell said the United States needs a "national strategy for cyber that matches our national strategy that guided us during the Cold War, when the Soviet Union and nuclear weapons posed an existential threat to the United States and its allies."

He pointed to US President Barack Obama's appointment of a cybersecurity coordinator in December and his national cybersecurity initiative as moves in the right direction, but said they were not enough.

"The federal government will spend more each year on missile defense than it does on cybersecurity," he said, despite the potential for attacks that "could destroy the global financial system and compromise the future and prosperity of our nation."

In order to secure cyberspace, McConnell suggested the United States provide a "more robust commitment" in leadership, policies, legislation and resources.

He called for establishing a National Cybersecurity Center modeled after the National Counter Terrorism Center set up after the September 11, 2001 attacks on New York and Washington.

The center would integrate elements of the Pentagon's proposed Cyber Command, the Department of Homeland Security's National Cybersecurity and Communications Integration Center and the cyber operations of the Federal Bureau of Investigation, state and local governments and the private sector.

It would also serve as "the hub of information sharing and integration, situational awareness and analysis, coordination and collaboration," McConnell said.

© 2010 AFP
This story is sourced direct from an overseas news agency as an additional service to readers. Spelling follows North American usage, along with foreign currency and measurement units.

From The Times March 8, 2010

Britain applies military thinking to the growing spectre of cyberwar


The control room at Little Earth Corporation, where staff field 24-hour-a-day, 365 days a year surveillance of cyber attacks against the comuter systems of the company's 450 clients, in Tokyo. In any one day they have to respond to ten attacks deemed to be "critical"


The location of cybergangs, who pose a threat across the world

Anthony Loyd

Harry was a Russian secret service agent who spoke perfect English and wore cowboy boots with his uniform. I never knew what his face looked like because he wore a mask during the lengthy interrogation sessions he put me through during five days of captivity in Federal Security Service (FSB) hands in Chechnya in 1999. The first item taken from me by Harry and his friends was my laptop. I was as much unnerved as relieved when it was returned on my release. “I can have it back?” “Yeah, have it back,” the FSB agent replied, and laughed.

Within 24 hours of arriving home in London the laptop was deluged with spam, pornography and Russian hate mail, eventually crashing completely. The act was more a digital slap on the wrist than the attacks that the Russians would allegedly inflict on entire countries several years later, but it was my first experience of cyberwar.

The incident came to mind eight years later on a February morning in Helmand, southern Afghanistan, when I heard a Royal Marines colonel briefing his officers. He mentioned, almost as an aside, that one of the men’s e-mail accounts had been closed after being compromised by a “hostile intelligence agency”. In other words, someone hacked into a soldier’s computer to see what might be found there. Last December, in Sri Lanka, a senior UN official confided to me that his e-mails were being intercepted by a “key log” program that allowed everything he wrote and received to be read by an intelligence agency.

Today barely a week passes without the phrase “cyberattack” in the news. It is a loose term, incorporating everything from criminal hacking and commercial espionage to attempts to seize control of weapon systems or sabotage national infrastructures. Britain is treating the surge of hostile computer activity seriously enough to have established two organisations last year to co-ordinate, assess and expand its cyber strategy. The Office for Cyber Security (OCS), established by the Cabinet Office, was created in the autumn after a warning by intelligence chiefs that China may have acquired the ability to cripple key points of infrastructure such as telecommunications.

Whitehall departments were allegedly first targeted by Chinese hackers in 2007. Later that year Jonathan Evans, director-general of MI5, wrote to 300 chief executives warning of potential Chinese hacking attacks and data theft. In the year up to November 2009 Britain suffered 300 cyber intrusions — defined as a sophisticated attempt, successful or not, to steal data or sabotage systems — on government and military networks.

The OCS, at present staffed by 14 people, including personnel from the security services and military, is to be fully operational with a strength of 20 later this year. It works closely with a second organisation, the secretive Cyber Security Operations Centre, located within Government Communications Headquarters in Cheltenham. A key part of the approach is establishing rules of engagement for retaliatory cyberstrikes should critical infrastructure be attacked and crippled.

“If I go and bomb someone’s power station, that is an act of war,” Baron West of Spithead, the Permanent Under Secretary of State for Security and Counterterrorism, told The Times. “But if I use a computer to make that power station effectively not work, is that an act of war? That is a simple stark example. There are much more complex examples. These were issues that hadn’t been addressed before, and we are now at the forefront of doing so.”

The majority of attacks have been to obtain funds from commercial organisations, and a full assault on a country’s banks, stock market, energy grid, telecommunications and health systems is more likely if countries are already in a “hot” war. There are several other potential triggers, however. In 2007 Estonian ministries, banks and newspapers were bombarded with denial-of-service attacks — mass requests for information that cause systems to crash — for several days after the Government moved a Soviet war memorial in the capital, Tallinn.

In 2008 Georgia complained of similar attacks during its brief conflict with Russia over the breakaway province of South Ossetia. The Russians were blamed in both cases, although they denied involvement.

The threats and scenarios of cyberwar require some sideways thinking. British assessments conclude, for example, that the risk of a serious attack in this country is still lower than that of a flu pandemic — but that a flu pandemic would be a lot worse if combined with an attack on NHS computer systems involved in vaccine distribution. American academics have predicted that the physical damage from a country shutting the US power grid for three months would be several times greater than the damage done by Hurricane Katrina in Louisiana.

The strategy being developed by Lord West is not limited to risk assessment; retaliation is part of the package. “We could do what these people do [to us] if we wanted to,” he said. “We’re looking at ... the ethics of all of this. If someone dropped a bomb on us, I would have no hesitation in shooting their bloody plane down and giving them a slapping ... So we need to think through how we react to these ‘other things’ and the implications.”

The murky world of cyberwar is inhabited by small-time hackers, criminal syndicates and people operating with the support of their government.

“Everything that happens to us is called an ‘attack’,” said a senior official with a lead role in British cyber operations, “[but] most of what we see on a large scale ... is about the exfiltration of data — theft, not an attack.” There exists, however, an overlap between the interests of hostile state intelligence agencies and cybercriminal syndicates seeking to steal intellectual data for profit. Russian cybercrime syndicates, better known as partnerka, lead commercial espionage in Europe and are known to have links with Harry and his comrades in the FSB. China has its own dedicated cyber operations headquarters within the People’s Liberation Army but also holds top rank in the league of cyberhostile countries — the list used by Western security companies to warn business clients of cyber-threat.

The West’s nuclear strategy was based on deterrence — the assurance that a guaranteed second strike would prevent a first strike from coming. Yet cyberwar is more complex because the attacks have certain things in common: they are fast, cheap and hard to trace.

“Attribution is unbelievably difficult,” admitted Lord West. “These guys could attack [as if it was from] your site — the attacks would come in from different nodes in a strange way that you can’t even identify. Follow the attack back and it gets to you — but it wasn’t you.”

The sophistication of commercial and state-sponsored activity has developed immensely since the attacks on Estonia and Georgia, with denial-of-service operations now considered relatively low-grade. More worrying is “zero-day malware” — an unidentifiable new generation of Trojan programs that are implanted into a host computer and lie dormant until activated.

“Let’s say that someone has received an e-mail that looks like it’s from someone they know, about a subject they feel comfortable with,” said Ian McGurk, associate director for information security at Control Risks, a security consultancy. “As a consequence they trust the material. If there’s an attachment — a photograph, a Word document, whatever — embedded within that attachment is some sort of malicious code that is going to install itself on the machine. That machine is then compromised, and a Trojan is installed that can search for information.”

As well as transmitting information back to its handler, zero-day malware can also hand a computer to outside control before going on to infect an entire system.

Raimund Genes, the chief technical officer ofTrend Micro, said: “We grew up fearing the mushroom cloud, now we should fear a roomful of hackers with their electricity and internet bills paid for by a government.”

Dismantling of Saudi-CIA Web site illustrates need for clearer cyberwar policies

By Ellen Nakashima

Washington Post Staff Writer

Friday, March 19, 2010

By early 2008, top U.S. military officials had become convinced that extremists planning attacks on American forces in Iraq were making use of a Web site set up by the Saudi government and the CIA to uncover terrorist plots in the kingdom.

"We knew we were going to be forced to shut this thing down," recalled one former civilian official, describing tense internal discussions in which military commanders argued that the site was putting Americans at risk. "CIA resented that," the former official said.

Elite U.S. military computer specialists, over the objections of the CIA, mounted a cyberattack that dismantled the online forum. Although some Saudi officials had been informed in advance about the Pentagon's plan, several key princes were "absolutely furious" at the loss of an intelligence-gathering tool, according to another former U.S. official.

Four former senior U.S. officials, speaking on the condition of anonymity to discuss classified operations, said the creation and shutting down of the site illustrate the need for clearer policies governing cyberwar. The use of computers to gather intelligence or to disrupt the enemy presents complex questions: When is a cyberattack outside the theater of war allowed? Is taking out an extremist Web site a covert operation or a traditional military activity? Should Congress be informed?

"The point of the story is it hasn't been sorted out yet in a way that all the persons involved in cyber-operations have a clear understanding of doctrine, legal authorities and policy, and a clear understanding of the distinction between what is considered intelligence activity and wartime [Defense Department] authority," said one former senior national security official.

CIA spokeswoman Marie Harf said, "It's sheer lunacy to suggest that any part of our government would do anything to facilitate the movement of foreign fighters to Iraq."

The Pentagon, the Justice Department and the National Security Agency, whose director oversaw the operation to take down the site, declined to comment for this story, as did officials at the Saudi Embassy in Washington.

Precedent before policy

The absence of clear guidelines for cyberwarfare is not new. The George W. Bush administration was compelled in its final years to refine doctrine as it executed operations. "Cyber was moving so fast that we were always in danger of building up precedent before we built up policy," said former CIA director Michael V. Hayden, without confirming or denying the existence of the site or its dismantling.

Lawyers at the Justice Department's Office of Legal Counsel are struggling to define the legal rules of the road for cyberwarriors, according to current and former officials.

The Saudi-CIA Web site was set up several years ago as a "honey pot," an online forum covertly monitored by intelligence agencies to identify attackers and gain information, according to three of the former officials. The site was a boon to Saudi intelligence operatives, who were able to round up some extremists before they could strike, the former officials said.

At the time, however, dozens of Saudi jihadists were entering Iraq each month to carry out attacks. U.S. military officials grew concerned that the site "was being used to pass operational information" among extremists, one former official said. The threat was so serious, former officials said, that Gen. Ray Odierno, the top U.S. military commander in Iraq, requested that the site be shut down.

The operation was debated by a task force on cyber-operations made up of representatives from the Defense and Justice departments, the CIA, the Office of the Director of National Intelligence, and the National Security Council. Lt. Gen. Keith B. Alexander, who directs the National Security Agency, made a presentation.

The CIA argued that dismantling the site would lead to a significant loss of intelligence. The NSA countered that taking it down was a legitimate operation in defense of U.S. troops. Although one Pentagon official asserted that the military did not have the authority to conduct such operations, the top military commanders made a persuasive case that extremists were using the site to plan attacks.

The task force debated whether to go forward and, if so, under what authority. If the operation was deemed a traditional military activity, no congressional committee needed to be briefed. If it was a covert action, members of the intelligence committees would have to be notified.

The task force weighed possible collateral damage, such as disruption of other computer networks, against the risk of taking no action. Most thought that the damage would be limited but that the gain would be substantial.

"The CIA didn't endorse the idea of crippling Web sites," said a U.S. counterterrorism official. The agency "understood that intelligence would be lost, and it was; that relationships with cooperating intelligence services would be damaged, and they were; and that the terrorists would migrate to other sites, and they did."

Moreover, the official said, "the site wasn't a pipeline for foreign fighters, it was a broad forum for extremists."

But the concerns of U.S. Central Command and other defense officials prevailed. "Once DoD went to the extent of saying, 'Soldiers are dying,' because that's ultimately what the command in Iraq, what Centcom did, it's hard for anyone to push back," one former official said.

The matter appeared settled, ex-officials said. The military would dismantle the site, eliminating the need to inform Congress.

A group of cyber-operators at the Pentagon's Joint Functional Component Command-Network Warfare at Fort Meade seemed ideally suited to the task. The unit carries out operations under a program called Countering Adversary Use of the Internet, established to blunt Islamist militants' use of online forums and chat groups to recruit and mobilize members and to spread their beliefs.

"We were very clear in the meetings" that the goal was to upend the site, one participant said. "The only thing that caught us by surprise was the effect."

Unintended outcomes

A central challenge of cyberwarfare is that an attacker can never be sure that an action will affect only the intended target. The dismantling of the CIA-Saudi site inadvertently disrupted more than 300 servers in Saudi Arabia, Germany and Texas, a former official said. "In order to take down a Web site that is up in Country X, because the cyber-world knows no boundaries, you may end up taking out a server that is located in Country Y," the task force participant explained.

After the operation, Saudi officials vented their frustration about the loss of intelligence to the CIA. Agency officials said the U.S. military had upset an ally and acted outside its authority in conducting a covert operation, former officials said.

Efforts were made to mollify the Saudis and the Germans, they said. "There was a lot of bowing and scraping," one official said.

One early advocate for using cyber-operations against extremists was Gen. John P. Abizaid, former Central Command chief. He told a Senate committee in 2006, "We must recognize that failing to contest these virtual safe havens entails significant risk to our nation's security and the security of our troops in the field."

But some experts counter that dismantling Web sites is ineffective -- no sooner does a site come down than a mirror site pops up somewhere else. Because extremist groups store backup copies of forum information in servers around the world, "you can't really shut down this process for more than 24 or 48 hours," said Evan F. Kohlmann, a terrorism researcher and a consultant to the Nine/Eleven Finding Answers Foundation.

"It seems difficult to understand," he added, "why governments would interrupt what everyone acknowledges now to be a lucrative intelligence-gathering tool."

Staff writers Dana Priest and Karen DeYoung contributed to this report.

Danger Room What’s Next in National Security ‘Business as Usual’ for Military IT? Not So Fast

By Nathan Hodge March 19, 2010 | 9:09 am



Last month the Pentagon lifted a blanket ban on thumb drives and other “removable flash media” on military networks. Well, sorta. In a little-noticed news item, Air Force officials made it clear they considered the ban to still be in place.

“This will not be a return to ‘business as usual,’” said Maj. Gen. Michael Basla, the vice commander of Air Force Space Command. “There will be strict limitations on using flash media devices when the Air Force returns to limited access and use. These limitations will be vital to our cyber security.”

In other words, forget about using USB drives, CDs and other takeaway storage tools to share information, even when bandwidth is scarce or networks are unreliable. But as Noah reported earlier, such sweeping bans often create a Catch-22, especially when military personnel are asked to accomplish tasks that force them to circumvent IT security practices.

It’s part of a larger problem: The military’s sometimes heavy-handed approach to network security, even when it comes to public, nonclassified systems. Danger Room pal Starbuck, an Army aviator who writes the insightful (and often hilarious) Wings Over Iraq blog, posted an amusing rant this week about the Army’s public e-mail service, Army Knowledge Online.

The post, titled “Why I’m Switching to Gmail for All My Work Needs,” documents all the hoops a servicemember has to go through to access an account with a measly 100MB inbox, including putting their Common Access Card (a Department of Defense smart ID) in the computer, entering a pin number, and answering from a series of ridiculous, preprogrammed security questions.

This approach promises to make life difficult for BlackBerry users as well. A military IT specialist tells Danger Room that a push for public key infrastructure and more data encryption on two-way wireless devices may also present problems, especially if the military opts for clunkier solutions like Bluetooth smart card readers.

[PHOTO: U.S. Department of Defense]

Read More http://www.wired.com/dangerroom/2010/03/business-as-usual-for-military-it-not-so-fast/#more-23322#ixzz0idPDGpAi

U.S. Cyber-Combat Needs Rules

Mar 23, 2010



By David A. Fulghum
Washington

The Pentagon and intelligence agencies are at loggerheads about the rules that will control the unleashing of cyber-counterattack, a mission that could, with more investment, be conducted from aircraft against targets a half-world away.

But before airborne cyber-attack becomes a tactical weapon, resolution must be reached on the relationship between warfighters and intelligence and the authority to decide what is a valid target and what is not.

A unique characteristic of cyberwarfare—that weapons effects cannot be seen and often cannot be verified—means that the operator’s location near the battlefield may well become more important. Those implications become increasingly relevant as Congress and the Obama administration are considering the buildup of the U.S. military’s cyber-operations headquarters at Ft. Meade, Md.

Aircraft can create anti-electronic effects such as enforcing “cones of silence” on communications in a limited area or pre-detonation of certain types of buried explosive devices. Networks in other countries, or those employed by non-national irregular, criminal or terrorist organizations, can be monitored, tracked and exploited.

But the dividing line between tactical and strategic cyber- or network attack is a battleground between intelligence and warfighting organizations.

The active, electronically scanned array (AESA) developed for long-range, high-accuracy radar also brings radio frequency-injection (data streams of algorithms fired into an enemy antenna) to the battlefield as a weapon. The radar in the F-22 and F-35 can be used for the task in limited frequency bands. But AESA antennas are being redesigned to cover a far greater frequency range and are expected to be a key element of the U.S. Navy’s Next-Generation Jammer, an example of sophisticated electronic attack entering the tactical battlefield.

The heavy hitters in cyberwarfare, such as the National Security Agency, say that any cyber-network attack for the foreseeable future will have to be analyzed for secondary or cascading network effects and approved by Washington and the NSA.

However, such restrictions are often quickly ignored in wartime. During the North Vietnamese army (NVA) 1972 offensive in South Vietnam, the signals intelligence organization at Phu Bai cut a hole in the security fence so they could feed real-time information to an artillery unit next door. They soon were cutting off intercepted NVA command-and-control signals in midsentence. That kind of intelligence-tactical cooperation has improved over the years, but it is still spotty.

Now the weapon of interest is cyber-attack instead of artillery fire.

“There is a lot of contractor hype,” says a longtime U.S. Air Force airborne electronic attack specialist. “Most of what is described as combining jamming and cyber-attack is nothing more then the subtleties of smart jamming.

“Technology enhancement efforts have been ongoing for many years with retrofits into existing systems and application to the [U.S. Navy’s] nascent Next-Generation Jammer program,” he says. “The challenge is providing ‘mission management’ of the multitude of collectors and jammers on the battlefield to avoid electronic fratricide,” he says. “Someone has to decide whether it makes more sense to exploit, spoof, jam or kill the signal.”

There’s another complicating factor: Fewer and fewer airmen, specialized in electronic attack, will be flying over the battlefield.

Aircrews in tactical electronic attack aircraft have dropped from four members in the EA-6B Prowler to two in the EA*‑18G Growler. Soon the number will drop to one in the F-35 and then to none in unmanned air vehicles and unmanned combat aircraft with an electronic attack (EA) payloads.

“So who is going to be controlling the EA activity?” says Dennis Hayden, director for information operations and electronic attack at Northrop Grumman. The F-35 will be “almost an unmanned [airborne electronic attack] platform. For a pilot[-only aircrew], an expendable [EA] weapon or a UAV, you need some type of coordinated battle management approach. Of course [automated decision aids can be used] from the ground, back home or from a flying platform that are automated [onboard], offboard or a combination.”

It is a given that when conducting cyber-attack or exploitation, the best access is through an Internet connection, say advocates of the intelligence-first approach.

“If this nation does Internet attack, the majority of it will be done from Washington and [NSA at Ft. Meade],” says a senior industry executive and former NSA official. “The only time you need to involve the [military] services is when you need RF injection.”

That means that a radio frequency signal—specially modified to exploit or damage an enemy network—is packaged in a data stream that is fired into an antenna that is connected to the target network.

“There are some cases where you will need it, but I don’t think it will be a major player [except at the] tactical level,” he says. “If you are going to attack a computer, it’s probably part of a command-and-control system. At least for the short and medium term, that will be engineered from Washington because of the need to deconflict all of those types of attacks [and] understand the effects. While I think the jammer capabilities that the services are developing will potentially be useful [for cyber-operations], I don’t think it will be used a lot now.”

“The first step in getting to that organizational structure is to decide who’s in charge,” says Vice Adm. Steve Stanley, director of force structures, resources and assessment for the Joint Chiefs of Staff. “That’s what Cyber Command does. We will then take direction from that commander, through the combatant commander, in this case Strategic Command, to define the way ahead.”

Photo: US Navy

Break Up the NSA!

By Noah Shachtman March 24, 2010 | 11:54 am



When Google called in the National Security Agency to help secure its networks, it made a lot of us queasy. Sure, the NSA has some of the world’s most sophisticated cyber defenders. But the agency’s intelligence arm has a long and ugly history of mass surveillance on American citizens. So when Google teams up with the Puzzle Palace, everyone watching sees it as a package deal. The company wants geeks; the rest of us worry about the spies rummaging through our Gmail.

Fortunately, there’s a relatively straightforward solution: We should break up the NSA.

As I explain in this month’s Wired magazine, the NSA really is two agencies under one roof. There’s the signals-intelligence directorate, the Big Brothers who, it is said, can tap into any electronic communication. And there’s the information-assurance directorate, the cybersecurity nerds who make sure our government’s computers and telecommunications systems are hacker- and eavesdropper-free. In other words, there’s a locked-down spy division and a relatively open geek division. The problem is, their goals are often in opposition. One team wants to exploit software holes; the other wants to repair them. It doesn’t make sense to have both of them on the same playing field.

We need a top-flight cyber security agency that can give companies like Google a hand. But we’ve got to be able to trust that agency, too. That won’t happen until we separate the sysadmins from the spooks. Time to split the NSA.

Illustration: Markus Hofko

Read More http://www.wired.com/dangerroom/2010/03/break-up-the-nsa/#more-23387#ixzz0j8mlGfW3

Report: U.S. Should Offer Cybersecurity Incentives

By ANTONIE BOESSENKOOL

Published: 31 Mar 2010 18:25

The U.S. government should give incentives to businesses that voluntarily adopt cybersecurity measures, the president of the Internet Security Alliance told reporters in Washington, D.C., March 31.

"We believe that government has an important role with regard to improving cybersecurity," Larry Clinton said. "It's just not the traditional regulatory role. That's an outmoded approach."

Instead, the U.S. government "should be determining what works," and offering a "fairly broad list" of incentives to companies that adopt online security measures, because the private sector's position in cybersecurity is crucial to national security and the protection of infrastructure, including the U.S. financial infrastructure.

The Internet Security Alliance and the American National Standards Institute were issuing a report stressing that private companies need to look at online security from a financial perspective rather than a technology perspective.

"What we are calling for is for private organizations to start to make investment decisions based on national-security concerns to some degree," Clinton said. "If we're going to be asking the private sector to fund national security concerns, we need to be providing public-sector incentives for them to do that: tax incentives, liability incentives, insurance incentives."

Clinton said different sectors will want different incentives.

"Military contractors, for example, would be interested in procurement reform whereas small businesses might be interested in an extra amount in an [Small Business Administration] loan," Clinton said. "The insurance industry can be better used. We can use awards programs.

"Basically, we've got dozens of market incentives that we use throughout the rest of the economy, all those other sectors - aviation and ground transportation, environment. We've got tons of market incentives we use to motivate good behavior there. We just haven't applied those yet to cyber security."

The report, which drew on views from about 60 government and industry experts, is directed at chief financial officers in private companies, naming them as the most logical people to lead online security efforts because of the cost of attacks and intellectual property theft.

But, the report says, citing a 2008 study from Deloitte, 95 percent of CFOs aren't involved in managing their companies' information security risks. Citing security software company Symantec, the report said online attacks rose 1,000 percent between 2006 and 2008.

"We're seeing a significant amount of malicious organizations targeting individuals and corporations for intellectual property," said Justin Somaini, chief information security officer at Symantec, one of the sponsors of the report. "It's being leaked out at an alarming and astonishing rate."

Moreover, he said, "Ninety percent of the critical infrastructure is actually being maintained in the private sector. This makes security really more of a private business security issue than a public policy [issue]."

The report sets out guidelines for companies to protect themselves from online attacks and intellectual property theft. Those include adopting a cyber security plan across all departments in a company, rather than relying on the IT department to protect against all risks; preparing and practicing responses when cyber attacks happen and considering the need for insurance that covers online threats.

Defense & Technology Insight

A Defense Industry Viewpoint from Raytheon

Changing the Game: A Cyber Strategy for all of us

Posted by Rebecca Rhoads at 4/5/2010 10:18 AM CDT

By Rebecca Rhoads,Raytheon Vice President and CIO

Last week, I spoke at the Aviation Week Aerospace & Defense Cybersecurity Forum in Washington, D.C. I was asked to talk about how Raytheon protects itself from the Advanced Persistent Threat (APT). Simply put, we have a comprehensive approach with a focus on risk reduction. In this day and age with e-mail and Web surfing, one thing has become increasingly clear. Companies can’t build a wall high enough or dig a deep enough moat to stop every attempted intrusion. It’s no longer enough to rely solely on defense-in-depth perimeter protection. We need to do more. That “a-ha” moment led us to look at adding another layer of protection by blocking, denying and disrupting an intruder’s command and control (C2). If someone does get in, but they can’t operate undetected and they can’t get data out we still win.

There is often a tendency to measure by counting, such as the number of attempted intrusions. We became convinced that we needed to add a new, more powerful metric to the mix. By tracking and measuring dwell time, with a view to limiting exposure, not only are you reducing your risk, but you’re also developing capabilities that help you protect yourself more strategically. While investment and innovation reduce dwell time, they aren’t the only ways to get there. Collaboration or the sharing of intelligence about C2 addresses also helps you reach the same destination. So, Raytheon is advocating for increased public/private collaboration across the industrial base because no single entity can invest its way to full security, but together, we can provide the protection we all need.

Read more in Raytheon’s white paper: A National Model for Cyber Protection

http://www.raytheon.com/newsroom/rtnwcm/groups/public/documents/content/rtn10_cybrsctykey_wp_pdf.pdf

For information sharing on the scale that will be required to counter the APT, it needs to be passive. Recipients of the data must receive it and act on it automatically and trust its validity implicitly. How would that work? Think of the anti-virus architecture that we have today. Organizations with the ability to block C2 would submit their data to a central clearing house. That center would seamlessly share APT information and intelligence in near-real time through proxy vendors to end users. By making it ubiquitous, we leverage the power of our collective network. In essence, we all become sensors and we can combine to defend ourselves against those arrayed against us.

Ares

A Defense Technology Blog

Who's Got the Cyberwar Rule Book

Posted by David A. Fulghum at 4/14/2010 9:16 AM CDT

Congress is struggling to understand the rules of cyberwar, a task that is holding up confirmation of Army Gen. Lt. Gen. Keith Alexander as the first chief of U.S. Cyber Command.

The months of delay in Alexander’s confirmation is making it hard for each of the services to continue planning, decision-making and structuring its own organizations for the pursuit of cyber operations from the air, land, sea and space. Alexander is already head of the National Security Agency which has part of the responsibility for conducting and approving cyber attacks.

The Air Force’s 24th Air Force and Navy’s 10th Fleet, for example, are being stymied in the development and testing of tactical cyber weapons that can analyze, identify and attack command and control as well as strike systems on the battlefield. The Air Force’s F-22 Raptor and F-15E Strike Eagle, the Navy’s EA-18G Growlers and F/A-18F Super Hornets and the F-35 Joint Strike Fighter all have advanced radars that can be upgraded with software packages to generate data streams – packed with algorithms for digital mischief – that can be beamed into antennas associated with enemy networks of interest.

For ground-based cyber operations, the Air Force is planning to start training its first two classes – a total of 60 persons for what will eventually be a force of 1,000 cyber warriors -- this summer that will make up the operational heart of the 6,000 person 24th Air Force. The battlefield will encompass not only desktop personal computers but also laptops, cell phones and whatever replaces the next generation of communication devices.

"It’s about the message," says Lt. Gen. William Lord, the Air Force's chief information officer. "Monkeying around with the network is not just about turning systems on or off. How, when and where do you deliver [the message]-- to [a targeted official's] house of office? [A cyber operation] is an instrument that we could use to change the behavior of a belligerent. A demarche, a well-placed e-mail or a telephone call from a head of state may create that change."

In fact, the combination of cyber operations, non-kinetic weapons and their blending with intelligence, surveillance and reconnaissance is expected to change the conduct of warfare.,

The evolution of technology, information and culture underlies a movement to shift the Air Force, for example, away from the traditional segregation of operations and intelligence to their integration.

"As we move to designing every shooter as a sensor and every sensor as a shooter [including cyber attack and network exploitation], we will also need to merge today’s separate ISR tasking process with the current separate strike [planning]," says Lt. Gen. David Deptula, the Air Force’s deputy chief of staff for ISR. "The [consolidation] will involve dramatic cultural changes and as with any large institution they won’t come easy, but they need to happen sooner rather than later if we intend to operate inside our adversary’s action cycle."

That consolidation also will tie together key ISR, directed energy and cyber attack components as sensors, like the Active Electronically Scanned Array (AESA) radar, becomes become a high-power microwave (HPM) weapon with the ability to infiltrate networks with algorithms embedded in data streams.

"AESA radar and HPM technologies are still maturing and as these technologies are being tested and proven, they are showing great promise," Deptula says. "I’m convinced these are break-through, 'game-changing' technologies that will directly affect the way we think about aircraft, airpower—and frankly—warfare in the future."

ISR will take on the locating of mapping for networks and the geolocation for cyber attack just as it uses video and other imagery to plan conventional bombing attacks.

"The Air Force's ISR Enterprise's role in the Cyber domain parallels ISR's role in the domains of air and space," Deptula says. "[Part of its mission] is to provide the ISR exploitation piece for 24th Air Force cyberspace [attack and defense] operations. Under AF doctrine, computer network exploitation is a part of signals intelligence and given that our AF ISR Agency is already conducting that mission, it is a natural fit for us."

The Dark side of Cyberspace

Cyber Espionage Campaign Uncovered by Canadian Shadow WarriorsIn a report released earlier this month, Canadian based 'Information Warfare Monitor' and the 'Shadowserver Foundation' have warned of an ongoing, massive cyber espionage scheme directed from China against several countries, among them India and Pakistan. The warning was included in the "Shadows in the Cloud: An investigation into cyber espionage 2.0" report.

The study uncovered a complex ecosystem of cyber espionage that systematically targeted computer systems throughout the world, targeting governments individuals, non-state and international organizations, among them the Offices of the Dalai Lama, the United Nations, as well as Indian government officials and Pakistani embassies. Through their investigation the group recovered thousands of official documents obtained by hacking targeted computers being 'harvested' through internet.

A Small Piece of a Big Pie

"This is just a small piece of a very big pie." Said Steven Adair is a security researcher with the Shadowserver Foundation. "This is a problem that goes well beyond those detailed in this report and affects organizations and missions of all sizes all over the globe." According to the researchers, the attackers seemingly targeted specific sensitive and classified material, belonging to government, business, academic, and other computer networks and politically sensitive targets by employing virus-like 'maleware' applications. These shadow worms systematically snoop through the files stored on targeted computers, sending the harvested data through the web to core servers located in the People's Republic of China (PRC).

Among the document recovered by the researchers were "SECRET", "RESTRICTED" and "CONFIDENTIAL" classified encrypted diplomatic correspondence, identified as belonging to the Indian government. The researchers admit that these files may have been harvested unintentionally, as they were transferred to non-secure computers by their owners, not being aware of the underlying harvesting of material from their PCs. Such material includes information originated by the user of that PC, as well as by others, unaware of the data compromising of secure data on by trusted partners.
Although the identity and motivation of the attackers remain unknown, the report provides evidence that the attackers operated or staged their operations from Chengdu, PRC. Although the links to China are clear, Nart Villeneuve, Chief Security Officer at the SecDev Group does not attribute the scheme to official Chinese espionage "There is no direct evidence linking these attacks to the Chinese government. We look forward to working with China CERT to shut down this malware network."

The shadow network maintained persistent control over the network through facades of service providers, unaware of the scheme they were assisting. These networks were established of multiple, redundant cloud computing systems, social networking platforms, and free web hosting services. The attackers exploited freely available social media systems, like Twitter, Google Groups, Blogspot, Baidu Blogs, blog.com and Yahoo! Mail as the command-and-control infrastructure for their worldwide scheme, leveraging these cloud-based social media services to establish tiered command and control infrastructure, and maintain persistence over the whole network. Exploiting these services by 'phishing', disguised as innocent message activities, directing compromised computers to accounts on free web hosting services, where disabled routed to the targeted computers to a stable core of command and control servers located in the PRC.

"The Shadow report shows that the social media clouds of cyberspace we rely upon today have a dark, hidden core" warns Ron Deibert, Director of the Citizen Lab at the Munk School of Global Affairs, University of Toronto. "There is a vast, subterranean ecosystem to cyberspace, within which criminal and espionage networks thrive. The Shadow network we uncovered was able to reach into the upper echelon of the Indian national security establishment, as well as many other institutions, and extract sensitive information from unwitting victims. Networks such as these thrive because of a vacuum at the global level. Governments are engaged in a competitive arms race in cyberspace, which prevents cooperation on global cyber security."

A Wake Up Call
The Shadow report should offer a wakeup call to governments, to establish cyber security strategies and implement a foreign and security policy addressing cybersecurity challenges. Unless governments take action, we may find that we are the next victim of the Shadows and GhostNets of cyberspace. Deibert warned.
"Cyber espionage has gone industrial" warns Rafal Rohozinski, CEO of the SecDev Group and Psiphon Inc., and the co-founder and principal investigator of the OpenNet Initiative and Information Warfare Monitor, and a senior research advisor at the Citizen Lab, Munk School of Global Affairs, University of Toronto. "We are witnessing cloud-based techniques and tradecraft from cybercrime being repurposed to target government systems and computers belonging to officials entrusted with state or commercial secrets."

Whether the attackers are working for state agencies, or freelancing and selling stolen data or tradecraft on the global graymarket, the recent report is a clear wake-up call that the threat of advanced persistent threats is very real and requires measured international action. "First and foremost, we need an agreement on the norms that should govern cyberspace similar to the treaties we presently have for outer space, the sea or other domains where we have international agreements." Rohozinski added, "We must take care to preserve the openness of the global commons without precipitating an overreaction that could diminish or even roll back the very real gains in knowledge, empowerment, and to democratization that cyberspace has catalyzed over the last 20 years. We must balance the need to create policies and practices appropriate to information security in a global networked age, while preventing unnecessary overreaction to what we fear as the dark side of the net."

About the Researcher Collaboration:

This investigation is a result of a collaboration between the Information Warfare Monitor and the Shadowserver Foundation. The Information Warfare Monitor (infowar-monitor.net) is a joint activity of the Citizen Lab, Munk School of Global Affairs, University of Toronto, and the SecDev Group, an operational consultancy based in Ottawa specialising in evidence-based research in countries and regions under threat of insecurity and violence. The Shadowserver Foundation (shadowserver.org) was established in 2004 and is comprised of volunteer security professionals that investigate and monitor malware, botnets, and malicious attacks. Both the Information Warfare Monitor and the Shadowserver Foundation aim to inform the field of cyber security through accurate, evidence-based assessments and investigations

© Copyright 2010 - Defense Update, Lance & Shield Ltd.

Cyber Warfare is Here and Now!

In recent years network attacks have grown dramatically, not only by sheer number but in their sophistication and precision. Converging computers and mobile phones, the global network absorb us through billions of computer-embedded devices that monitor, control and operate our infrastructure, health, commerce and trade.

They manage our privacy and interaction with the world, protect us from crime and maintain our national security.
However, that same infrastructure is also providing subversive elements with the means and access to compromise our security. These are ranging from rogue nations, hostile takeovers by corporations, to illusive, non-state organizations and anarchists.
Even individuals, with powerful tools, previously accessible only at the national security level have become security perils

These tools are not limited to irritating E-mail spams, or obnoxious group messages, but also to endanger powerful encryption, adequately protecting information-exchange for tactical applications, and 'logic weapons'. They are empowering individuals and groups to conduct stealthy, precision attacks against high-profile cyber-entities, causing effects which have potential lethality and damage, equal or exceeding notorious the 9-11 attacks.

Attacking strategic infrastructure networks such as electricity, gas and water is relatively easy" admits Eyal Yudasin, IT manager at C4 Security, a 'Red Team' that hacks into such networks in an attempt to uncover security gaps. "Such networks can be easily discovered and compromised, utilizing reverse-engineering of rootkit and protocols, to gain control of specific nodes, or even the entire network. "We can hack military network in the same way" Yudashin adds. "While companies are investing ever growing funds in securing their networks, many solutions are protecting the front gate, but leave many back-door accesses uncovered. The process cannot be considered complete, before verifying that the system can now successfully resist an attack."

Yudassin and his team are certainly not the "bad guys", as they purposely challenge the networks, by permission from their customers. Yet, equally capable terror hackers are also lurking online, using the same methodologies to seek out the weak spots, which they can exploite, to gain information and access to meaningful targets, to create 'high profile attacks'.

Media coverage of one such attempt that successfully compromised several nuclear power stations in the U.S, was suppressed by the authorities, to deny potential terrorists access to media leaks, they were hoping for.

World CyberWarriors – Unite!

"Repairing the damages caused by potential cyber terror attacks could be extremely expensive" warnes Brig. General (Res) Nitzan Nuriel, head of the counter terror bureau at the Israel National Security Council, "Cyber Security authorities around the world should join together, establishing a network that can fight back against this network of cyber-terror." Nuriel suggests that such a network could be deployed similar to the U.S. Defense Support Program, a network of satellites providing early warning on missile launches throughout the world. "Such a network should also develop the capability to counterattack these threats as they develop, through almost instantaneous action, thus taking toll of every attempt" he added.

Cross-national cooperation among piers in the different member countries should also contribute to better preparedness, as all member nations will have better knowledge and warning on imminent threats, sometime enabling them to take preventive action or preempting an attack.

"This is not a battle a nation or a single organization can fight alone" Gemeral Nuriel said. He agrees that cyber warfare is a powerful tool for the national authorities in fighting terror and crime, but such capabilities remain within the national realm. "nations should negate the access of non-state actors to these tools and capabilities." He added.

Exploiting the persistence, anonymity and widescale reach of the modern computerized world, Cyber terror and cyber crime are today becoming the fastest growing threat, "almost every type of criminal behavior has a parallel in the cyberworld" said Israel Police Chief Superintendent Izhak Shopen, head of the
cyber crime unit.

Cyber crime and espionage are already wide-spread in the global network, and the next wave, targeting the 'web apps', becoming so popular in social networks and mobile phones, has already arrived.

According to Joseph Tal, a member of IBM Security Services (ISS), almost half of the known vulnerabilities that exist today are somehow related to these apps that have minimal (if any) security measures. One of the most widely used and fastest growing threats existing today is the 'botnet', a stealthy, compact code, planted in a targeted device through a deceptive approach (fake email from a friend, for example). Once contaminated with the botnet, the computer is at the mercy of a remote user, taking control of that device, without the user's awareness. By taking over the victim, a hacker can use that computer to carry on further attacks, directed at other computers, penetrate into protected networks, (for example, when the unsuspecting victim, has access to his organization's protected intranet compromised by alien elements) Hackers can actually 'mine' for information from the victim, or launch attacks against critical nodes connected to the system. Frequently, these planted botnets are also offered to other hackers for rent, at rates ranging from few hundred to several thousand dollars for operation.



The Cyber Attacker's Dillema

Shai Blitzbau, technical director at Magelan information defense and intelligence services describes typical attacks simulated by his company, providing threat assessment audit for government, security and commercial organizations.
In recent exercises Magelan performed a threat simulation, that targeted an essential national infrastructure network responsible for the production and distribution of a vital product, considered as basic necessity for the entire population. The simulation demonstrated how, after 96 hour preparation, the team could bring a network,
producing and distributing critical goods to a standstill, and keep it idle for at least two weeks. The aggressor team that started with zero access to, or knowledge of the target, managed to study the target, write malicious code, penetrate the network and execute his attack in less than four days.

There are other means the intelligence can use to gather high quality information. A cyber attack should be executed only when the gain expected significantly exceeds the potential cost one could pay for such act. Blitzbau explains that a cyber espionage act
point-out the person and the information it targets, thus identifying the attackers and their interest.

Professional attacks are stealthy and deceptive, thus masking the true identity, intensions or cause of their perpetrators. For example, a wide-scale campaign launched in 2009 known as 'Operation Aurora' was attributed to Chinese hackers (or Chinese authorities?) although the code was allegedly 'signed' in Taiwan... The targets were unknowingly exposed to this 'Advanced persistent Threat' (APT) seemingly directed at specific source- codes of critical applications, developed and operated by mega companies in the U.S., like Google and Yahoo. What the hackers were after is still unknown. Maybe this phase was only the beginning, and the next phase will exploit the codes already having being compromised?

The fact remains that the attackers penetrated the most inner circles of these companies, and obtained highly sensitive data deliberately. This brute aggression caused Google to decide on leaving China, and brought a serious political rift between the USA and Beijing.

In another attack, directed at the Ford Company, the alien operators recruited in the U.S. company were found and indicted, but the actual targets were intercepted inside the organization and the final destination of the information stolen through the cyber scheme remains a mystery.

Network Intelligence is a powerful tool that is widely used as part of every modern intelligence campaign, yet, the cyber intelligence, in its common form poses major challenges for intelligence organizations, since it has the potential to point directly at the perpetrators, their senders and their targets. Once compromised, such means are instantly shut down, wiping out years of developments and untapped exploitations that could take advantage of such dormant assets. "Compromising such dormant 'logic weapon' represents the biggest risk for the hackers, whether they represent themselves, criminals or terrorists, or an intelligence agency." Blitzblau said. He describes such a weapon recently uncovered by the Maglan team as an 'innocent looking' piece of code, only 8Kb in size, that has the potential to do much damage on the computer it was planted on and even beyond it. "Inserted into the targeted computer, this malicious code was acting on commands received from the remote computer through a maze of pathways hiding the source. Although it wasn't highly sophisticated it was quite difficult to spot" he said.

According to Blitzbau, the most common type of attack known as 'Defacement' is still taken too lightly by security personnel and executives, measuring their effect only by the superficial damage they cause, by replacing the home page with humorous messages or political propaganda. 'Almost 30% of defacement hits, commonly considered as the work of amateur hackers, are actually an act of deception, where the attackers hide a malicious code somewhere in the computer being compromised, hitting the home page to hide their tracks. Most webmasters being attacked simply reload the original data and consider the case closed, although their website now becomes a 'zombie', contaminating the site, while users remain unaware about the risk being hit with the stealthy, malicious codes.

Cyber Warfare was the theme discussed at the Tel Aviv Workshop for Science, Technology and Security, April 13, 2010.

© Copyright 2010 - Defense Update, Lance & Shield Ltd.

Danger Room What’s Next in National Security Pentagon Networks Targeted by ‘Hundreds of Thousands’ of Probes (Whatever That Means)

By Nathan Hodge April 15, 2010 | 10:56 am



U.S. military networks are seeing “hundreds of thousands of probes a day,” according to alarming new statistics revealed this morning by the Army general nominated to head the U.S. military’s new Cyber Command. But beyond that scary headline, it’s not clear if the threat is what it’s cracked up to be.

In a Senate Armed Services Committee confirmation hearing today, Lt. Gen. Keith Alexander said the Pentagon was “alarmed by the increase, especially this year,” in the number of attempts by outsiders to scan military networks for potential weaknesses and vulnerabilities.

As Wired.com’s Threat Level has noted, that kind of language is certain to grab the attention of senators, and top policymakers. But the reality is a bit more prosaic. Those probes don’t necessarily translate into hostile action, Alexander added: “They may scan the network to see what kind of operating system you have to facilitate … an attack.”

Still, the confirmation hearing for Alexander, who has been tapped to lead the Pentagon’s new Cyber Command is also shaping up as a fascinating discussion of the potential rules of engagement in cyberwarfare. But it’s also likely to help drum up business for more scare-mongering government IT consultants.

Among other things, senators are discussing some of the hypothetical scenarios for how the U.S. military might respond if its networks — or civilian networks — came under online assault. Sen. Carl Levin (D-Michigan), the chairman of the committee, quizzed Alexander on how the military might respond if an adversary launched an attack through a neutral country — or through computers owned by U.S. entities. Would the U.S. military have the authority to mount a defense, or stage a possible counterattack?

Alexander said the command has established rules of engagement that spell out what it can do to defend its networks, where it can go and how it can block attacks. It would rely on an “execute order” from the combatant commander (i.e., the four-star geographic commander) to block an attack in an overseas theater.

A domestic attack, however, might complicate matters. The hearing is also raising some important (and very sticky) legal issues, such as the extent to which the Department of Defense would have to step in to defend government civilian networks or private U.S. networks.

The general said the Department of Homeland Security would have the lead, but the military’s Cyber Command would have a supporting role. However, the legal issues surrounding an attack that was routed through U.S. domestic entities, he conceded, would be “more complex” because of civil liberties and privacy issues.

[Image: Senate Armed Services Committee]

Read More http://www.wired.com/dangerroom/2010/04/pentagon-networks-targeted-by-hundreds-of-thousands-of-probes/#more-23708#ixzz0lD7FqaiB

Prospective U.S. Cyber Commander Talks Terms of Digital Warfare

By Nathan Hodge April 15, 2010 | 9:57 am



For years, the military has worried about the vulnerability of the United States to cyberattack — and how and when to return fire in digital warfare. Now, the issue is taking center stage, as the Senate considers the nomination of an Army general to head the military’s first four-star Cyber Command.

In a hearing this morning, the Senate Armed Services Committee will review the nomination of Army Lt. Gen. Keith Alexander to be the head of the Pentagon’s new Cyber Command. It’s a chance to get a closer look at the kind of capabilities for waging network warfare the Pentagon thinks it needs. But it’s also likely to raise questions about just how far the military is willing to go in attacking foreign networks.

Last year, Secretary of Defense Robert Gates ordered the creation of U.S. Cyber Command to coordinate all of the military’s online activities. Alexander is in many ways a logical pick. He comes from the world of electronic intelligence: He is director of the National Security Agency (NSA), the super-secretive military and intelligence outfit at Fort Meade, Maryland, that is charged with code-cracking and foreign communications interception. And he will head an organization that, in large part, will be an important line of defense against cyberspying. (He’s a classmate of Gen. David Petraeus, West Point class of ‘74.)

But Alexander will also have to answer questions about how the United States might retaliate if it comes under online attack. Military planners are mindful of incidents like the massive cyberassaults against Georgia in 2008 and Estonia in 2007. In both cases, fingers pointed to Russia, but experts questioned whether the Russian government had a direct hand in events, and pointed instead to the role played by patriotic volunteers (or “cybermilitias”) who orchestrated the online assaults.

In both of those cases, cyberattacks threatened civilian networks and the financial system. It’s unclear if the military could retaliate in kind. In a series of written answers to questions from senators (.pdf), Alexander said, “It is difficult for me to conceive of an instance where it would be appropriate to attack a bank or a financial institution, unless perhaps it was being used solely to support enemy military operations.”

And the scope of responsibility for the new commander is also quite sweeping (Alexander will also be “dual-hatted,” staying on as head of the NSA). In written answers, Alexander said the organization’s new missions would include “integrating cyberspace operations and synchronizing warfighting effects across the global-security environment; providing support to civil authorities and international partners; directing global-information grid operations and defense; executing full-spectrum military cyberspace operations; serving as the focal point for deconfliction of DOD offensive cyberspace operations; providing improved shared situational awareness of cyberspace operations, including indications and warning.”

In other words, everything but the kitchen sink. We’ll be watching the hearing, and will hope to get more answers on Alexander’s vision for the new command.

Photo: U.S. Department of Defense

Read More http://www.wired.com/dangerroom/2010/04/pentagons-prospective-cyber-commander-talks-terms-of-digital-warfare/#more-23700#ixzz0lD7j6ynd

Top Officer Fears Cyberwar, Hearts Karzai, Tweets With Help

By Noah Shachtman April 21, 2010 | 12:07 pm



ANDREWS AIR FORCE BASE, Maryland — America’s top military officer believes there’s a cyberwar already in progress. He believes that the Defense Department’s controversial new Cyber Command should become the “engine” of our national network security — not just the builder of better Pentagon firewalls. He believes it’s time to end Afghanistan’s drug war. He believes in the battered presidency of Hamid Karzai; “there is no plan B” in Afghanistan, Joint Chiefs of Staff Chairman Admiral Mike Mullen tells Danger Room. And he believes in tweeting for himself (well, with a little help from his staff).

Those are just some of the surprising answers the Mullen provided in a wide-ranging interview with Danger Room, as we flew from Morgantown, West Virginia to Washington.

Danger Room: I’ve been following the creation of the military’s new Cyber Command for — ugh — almost three years now. And I still can’t figure out what the heck it’s really supposed to do: protect military networks, logic bomb other countries, handle civilian cybersecurity, or all of the above. Help?

Michael Mullen: It is focused most centrally on having a command that spends its time addressing a very, very significant challenge of our day: the whole cyberwar. It’s become such a large-scale concern that the Secretary of Defense and the President and others, including myself, thought it absolutely critical to stand up a command that devotes itself full-time to this challenge. [New White House network security czar Howard Schmidt, on the other hand, says "there is no cyberwar" -- ed.] I think initially, principally, it’ll be focused on defending. But there’s a blurring, if you will, in the speed of cyber between defense and offense. And so I think you’ll see that, as well.

But more than anything else, I believe Cyber Command will be the engine for us as a country to look a how we meet this challenge. [Others have described Cyber Command as focused almost exclusively on securing .mil domains -- ed.] And all of us — the senior leadership, the senior military leadership — recognize the growing threat that’s out there. And that’s why we think this new command is so critical to set up.

Danger Room: That new command is based at Ft. Meade, Maryland, the headquarters of the National Security Agency. It’s headed up by the NSA’s director, Lt. Gen. Keith Alexander. So how can Americans feel comfortable about what seems like the arm of an intelligence agency becoming the “engine” of our network defense?

Mullen: There’s no better agency or commander — there’s no better commander, there’s nobody who understands this better than Lt. Gen. Keith Alexander …

I understand the concern. I can only say that this command is stood up in full disclosure of everything that we’re doing. And it is focused on a threat that’s very real. We’re being attacked today, from other countries. I’m confident that both in its stand-up and in its oversight that we’ll be able to execute the mission successfully and keeping in mind those concerns you expressed in your question. Not just keeping in mind, but regarding them, paying an awful lot of attention, making sure we’re fully complying.

Danger Room: I’m almost as confused about Afghanistan as I am about Cyber Command. In a recent speech, you talked about wartime victories being “iterative.” So what would the next one or two iterations looks like over there? Because I have a hard time imagining what they might be.


Mullen: Well, I think the strategy that the president laid out — that we are now executing — is reversing the momentum of the Taliban. That’s really the goal this year. I think the operation in Kandahar, which ha[s] commenced, will go a long way towards doing that. So that’s sort of the next big step for me, is Kandahar.

But it’s not just the security aspect. It’s the governance piece. Y’know, I was in a shura with the governor of Kandahar and 60 or 70 elders three or four weeks ago, my last trip. They’re asking for goods and services. They want security, safety. They want their government to deliver for them. I think in the near term, that’s the next big step. Not to say that there aren’t significant operations going on in the east — there are, as well as [in] the north and the west. [Kandahar] is the next big one.

Danger Room: The Army recently commissioned a poll in Kandahar. It found that the people there trusted the Taliban more than the government. You’ve said in the past that we need the local people’s support before any big operation can start there. Is that still your thinking?

Mullen: We know what we need to do. Clearly, even in the shuras that I sat in, the governance issue was a significant issue. And I think that’s really key. And that’s been a big part of strategy from the beginning — not just the governance in Kabul, but how do you get down to the provinces, to the districts, and to the subdistricts. That’s very much part of the strategy. We know we’ve got to do that. And we have to do that, quite frankly, because of the backdrop you just described, where that hadn’t been in case, as evidenced by that poll.

Danger Room: So do you need have the elders’ or the people’s buy-in before an operation starts?

Mullen: I think you’ll see the same kind of approach that General McChrystal used in Marja [before the offensive there began]. They are going to meet with a lot of leaders before the operation. That approach worked there, and I think you’ll see it again.

Danger Room: I’m also mystified to our approach to drug policy over there. Do we have a single approach to narcotics there?

Mullen: The overall strategy is to replace the poppies with crops that will provide a standard of living for the farmers. I was there in Helmand [province] the other day … with a full-blown poppy crop sitting there. At the high level, the strategic approach is to create an agriculture capability that moves to what it used to be. Y’know, there was a time a few decades ago where they fed their own people and actually exported agriculture. So I think from an overall strategic approach, that’s where we’re headed. There are some tactical things that we’ve got to work our way through. But, as ambassador [Richard] Holbrooke said, we are out of the eradication business. That’s not the strategy any more.

Danger Room: And you agree with that?

Mullen: Yes, I do. I think it’s got to be a standard of living issue, be an income issue. These farmers, they’ve got to be able to feed their families.

Danger Room: There’s been a lot of talk lately about Karzai and whether he’s really a reliable partner. Do we have an alternative to him if he makes good on his threat to join the Taliban, or doesn’t clamp down on the corruption in his government?

Mullen: President Karzai is the duly elected leader of Afghanistan, and we support him.

Danger Room: Well, maybe he’s not so duly elected.

Mullen: We’ve been through the elections, he’s duly elected, he’s their president, we are very supportive of him. And at the same time, it is also clear that there are things in governance and in corruption, rule of law and security, quite frankly, that he has his ministers have to execute. We know that. We’re very supportive of that. And awfully lot of people are working very hard to try to make sure that that all heads in the right direction.

Danger Room: So what’s plan B if he’s plan A?

Mullen: The plan is to work with president Karzai. There is no plan B.

Danger Room: You’ve talked a lot about the need to minimize civilian casualties in both Afghanistan and Pakistan. But those casualties are on the rise in Afghanistan. And, if the reports are to be believed, they’ve been high for a long time in Pakistan. Is this good counterinsurgency?

Mullen: I think low civilian casualties is critical in counterinsurgency. We’ve worked it hard. There has been an uptick in Afghanistan. Some of that’s ties to an increased level of operations — we’ve got thousands of more troops there. But it’s an area we continue to focus on and that we have to get right. We cannot win this war if we keep killing Afghan civilians.

Danger Room: And how about Pakistani civilians?

Mullen: Well, I think there underlying principle of counterinsurgency is there. I know it’s a concern [Chief of Staff of the Pakistani Army] General [Ashfaq Parvez] Kiyani has, as well. He and I have talked about this.

Danger Room: Okay, finally: As the highest-ranking Twitter user in the military, folks want to know: Is that really you, or is it an aide tweeting? Or is it really you?

Mullen: I tweet. I personally tweet, yeah. But the staff also put tweets up.

Photo: Specialist Chad J. McNeeley

Read More http://www.wired.com/dangerroom/2010/04/top-officer-fears-cyberwar-hearts-karzai-tweets-with-help/#more-23829#ixzz0ln5Lc5Mk

Researchers Seek DNA Of Cyber-Attacks

May 4, 2010

By Sharon Weinberger
Washington

In March 2009, a senior Defense Department information technology official e-mailed employees in the Pentagon’s Office of the Secretary of Defense warning of a “cyber-exploration” threat. “There are currently targeted e-mail attacks toward Defense Department users,” the e-mail read.

The offending e-mail’s subject line was labeled U//FOUO, the Defense Department’s abbreviation for “unclassified/for official use only,” and claimed that North Korea had “carried out [a] nuclear missile attack on Japan.” The e-mail was falsely attributed to the “Officer of the Director of National Intelligence.”

“The attacks use e-mail messages attempting to fool Defense Department users into clicking on imbedded links and opening e-mail attachments,” the warning e-mail noted. “E-mail has historically been a very successful attack mechanism. Studies indicate that a success rate of user compromise is about 70% during the initial attack phase.”

In the case of the fake North Korean e-mail, the Pentagon declined to comment, but such cyber-attacks reflect a growing concern among cyber-security experts about threats targeting the national security community (see p. 16).

But even when such attacks are identified, it’s almost impossible to track down the perpetrators—particularly if they’re adept at hiding their identities. Attacks can be routed through different servers, even making it appear as if they originated from different countries. And those involved in computer forensics point to the proliferation of advanced “anti-forensic” tools—software programs designed to scrub evidence of an attacker’s identity.

The challenge of tracking down cyber-attackers underpins a new project sponsored by the Defense Advanced Research Projects Agency (Darpa), which cites the “rapid proliferation of cyber-attacks, malicious software and spam e-mail.” The $43-million program, appropriately called Cyber Genome, aims to find ways of identifying cyber-attackers.

Darpa seeks to develop revolutionary advances in cyber-forensics and attribution by looking at various approaches, including “cyber-genetics,” “cyber-anthropology and -sociology,” and “cyber-physiology.” The goal, says Darpa, is to develop the “cyber-equivalent of fingerprints or DNA.”

That’s a tall order, say experts, who point to the inherent anonymity of the Internet and proliferating methods for hiding the identity of users.

Darpa’s work on cyber-security is closely held, and the agency declined interview requests on its Genome project and other cyber-security programs.

“A purely technical solution to attribution does not exist,” says Jeffrey Carr, founder of GreyLogic, a company that analyzes cyber-warfare. That doesn’t mean attribution is impossible, adds Carr, who says he is interested in bidding on the Darpa project. “A smoking gun seems to be the goal people are looking for in attribution, but you have to look at it from other angles.”

For Carr, the answer is combining technical and non-technical approaches to come up with circumstantial evidence. “Criminal cases are built on circumstantial evidence all the time; every piece of evidence is considered circumstantial, or indirect, unless it’s from an eyewitness,” he says. “Even DNA is indirect.”

The idea of combining anthropology and sociology with more traditional computer forensics is precisely what is needed, says Joseph Giordano, who spent 27 years at the Air Force Research Laboratory of Rome, N.Y., a hub of the service’s cyber-work. “I think it’s brilliant,” he says. “What I like about this is they’re looking at bringing in different disciplines.”

Giordano, who teaches at Utica (N.Y.) College and is director of its Computer Forensics Research and Development Center, says there is a lot of risk to Darpa’s approach, “but this is going to be the only way we can make a breakthrough in cyber-attack attribution and forensics.”

In court cases, forensics, including computer forensics, are critical for establishing civil or criminal liability, but in cases where cyber-attacks are sponsored or conducted by agents of foreign governments, attributing them can prove critical to national security. In recent years, there’s been a proliferation of seemingly politically motivated cyber-attacks, some of which are attributed to states, or non-state actors sponsored by states. Estonia, for example, blamed a massive cyber-attack on Russia, as did Georgia (see sidebar).

More recently, Google fingered China for trying to hack its computer systems, prompting the company’s decision to leave the mainland. Nevertheless, there is scant proof the government was behind the attacks.

“Based on what they’ve released, it’s all circumstantial,” says Carr. “Frankly, [the evidence] is not very good.”

Ares

A Defense Technology Blog

Army Embraces Airborne Electronic and Cyber-warfare

Posted by Sean Meade at 5/9/2010 2:57 PM CDT

David A. Fulghum writes:

The cyber world is a new battlefield for the U.S. Army, and those who plan network and electronic attack are quickly becoming major users of intelligence, surveillance and reconnaissance (ISR).

The U.S. Army has grasped the idea that to give digital weapons a chance for success in the battlefield, ISR must be available to find emitters, identify them, map the networks they operate with and precisely locate the nodes of importance for digital or electronic attack or exploitation.

That transformation is already underway at Fort Monmouth, N.J., the Army’s incubator for electronic attack and warfare. One example is development of the CREW anti-IED devices that are mounted on ground vehicles. These devices are designed to counter and defeat IEDS or roadside bombs.

But there are problems involved with the introduction of digitally-based, electronic defense an attack.

“We need an education process within the force to define with commanders how you use this Buck Rogers stuff,” says Col. Rodney Mentzer, project manager for electronic warfare at Fort Monmouth, N.J. “We are engaging the professional development community about how to educate the managers and even to understand the technology.

“Even today, if we give people a choice between a device to put on top of the vehicle that will save their lives through the electronic spectrum or a .50 caliber machine gun, they will take the machine gun,” Mentzer says. “And how do you educate senior officers that [they will face] a 360 degree attack against our forces all the time,” he says.

Clues about the fusion of ISR, cyber operations and electronic warfare are emerging even from unsophisticated environments such as 2008’s conflict between Russia and Georgia.

“[The conflict] demonstrated cyber and electronic warfare preceding an [armed] attack into a country,” Mentzer says. “They had a cyber-guerrilla army working for them. So what are our concepts of operations going to be – a special operations cyber-guerrilla force or are we going to embed it in every tactical brigade? I don’t know, but I think it would probably be the first option because of the complexity of what we’re trying to do and the need to assemble a trained work force that can do it.”

U.S. responses are being pushed by the rush of cyber-weapons into active use by foreign governments as well as non-state groups (that include terrorists, criminals and freelance digital pranksters). This new environment has dramatically increased the breadth of operations of and need for rapid, tactical ISR.

“We’re good at major combat operations; for example, we’ve figured out how to attack the communications piece of the [Russian-built] SA-20 [high-altitude, surface to air missile],” says Air Force Maj. Gen. David Scott, director of operational capability requirements and deputy chief of staff for operations, plans and requirements. What is more difficult for the U.S. is identifying and manipulating the command and control capability – based on secure, off-the-shelf communications – used by Somali pirates. “How do we get into that?”

An increasingly important segment of ISR is being dedicated to electronic surveillance that involves lightly used parts of the electro-magnetic spectrum. However, there are still many standards and protocols to develop. The Army – like the Navy and Air Force – still has to define their areas of authority, draw the boundaries with intelligence organizations like the National Security Agency and outline a network architecture that lets them operate in commonality with the other services and agencies.

The Army is in the midst of re-energizing its interest in the intersection of communications and electronic warfare. The growing use of digital communications has created a new target set that Army planners want to listen to, alter and otherwise manipulate.

“In some cases, technology is ahead of doctrine in that you can build systems, but we [do not] have the specialists, expertise or slots for them,” says Charlie Maraldo, director of the Communications-Electronics Research, Development and Engineering Center (CERDEC) flight activity at Lakehurst, N.J. – the aviation arm of the Army’s intelligence and information Warfare Directorate (I2WD) Nonetheless, work on the new discipline is underway.

“I2WD is developing schemes to network electronic warfare and self-protection assets,” Maraldo says. “We are deeply [invested] in experts on cyber warfare. We supply signals intelligence expertise for most of the Army programs. We build all the airborne and some of the ground-based radars and run R&D for [those programs].

The group works across all the spectrums of ISR, EW, cyber and information operations and cooperates on projects that network operations in the air and on the ground simultaneously.

“Cyberwarfare may drive us into some new areas,” Maraldo says. “We are at a point with modern datalinks, internet protocols and structuring of the data-streams so that where ever the [electronic or cyber attack] equipment is located – on aircraft, in buildings or aboard ground vehicles -- we can design the system so that they are on the same network.”

The Army is re-engaging in the airborne EW arena after several years during which the Air Force and Navy had proponency for the discipline. As it gets back into the mission, it will have to create an organization and a core competency to create new integrated EW solutions.

Some specialists have suggested that if emissions from a field radio register on an intelligence-gathering network, either destructive or non-destructive effects could be launched against any target on the globe. In looking at the Army’s inventory, the attack platform could be a Multiple-Launch Rocket System or a Predator unmanned aircraft.

But there are some staggering demands in creating such a system. For example, the acquisition process is designed for peacetime.

“That is not useful when a new threat pops up in theater and we have to have a counter next week,” Mentzer says. As a result, “We’re seeing a lot of informality in the introduction of new equipment. People are buying their own because it is better than what they can build [themselves] and its easier to get.”

One bright spot in that picture may be a new staffing paradigm that comes from having reservists involved in cyber operations.

“If they can log in here at Fort Monmouth and affect events in Afghanistan, they are combat multipliers that are just waiting to be told to execute, [but only] if we are truly networked,” Mentzer says.

Ares

A Defense Technology Blog

Joint Cyber War -- Not Yet

Posted by David A. Fulghum at 5/11/2010 12:08 PM CDT

“We want to make sure that cyber is integrated into the operational planning process from the beginning,” says Brig Gen. Charles Shugg, vice commander of the 24th Air Force. “We’ve got to learn how to fight through cyber-attacks.”

For example the Air Force wants to demonstrate that it can continue flying its Remotely Piloted Aircraft fleet even while assailed by a range of cyber-weaponry.

“We need mission assurance all the way through the [RPA’s] flight and extending through the supply chain, stateside flight control, satellite communications, the air operations center and distributed ground stations,” Shugg says. “We need to pre-plan alternatives and redundancies so that the warfighter never realizes that there is a cyber-attack going on.”

The Air Force will have another focus on the integration of cyber- and electronic warfare.

Getting approval for a tactical cyber-attack “will depend on the type of target, what the effects are and the potential collateral damage,” Shugg says. “Those answers could move decision-making from the tactical to the national level. It’s extremely complex.”

To keep coalition members abreast of U.S. cyber-activities, 24th AF also is setting up an exchange program with the Royal Air Force and the Royal Australian Air Force. The Army joins in advocating early integrations with allies.

“[Warfighting] Commanders don’t want to manage five networks,” says Maj. Gen. Steven Smith, the Army’s chief cyber-officer. “They would like to manage one, so that means you have to connect your coalition partners.”

Moreover, a large bureaucratic obstacle was removed with the May 7, Senate confirmation of the promotion of Keith B. Alexander, director of the National Security Agency since 2005, to the rank of four-star general and to leadership of U.S. Cyber Command. The new command is expected to be operational late this year, possibly in Oct., a year after Alexander was nominated to the new post.

Delays in confirmation were created by the lack of knowledge among lawmakers about what cyber-warfare is, who approves cyber-attacks, how cyber-weapons are developed and how warfighting fits with civilian cyber-activities like those conducted by the Dept. of Homeland Security.

Each of the service’s subordinate cyber-commands, such as the Navy’s 10th Fleet and the USAF’s 24th Air Force, have been awaiting this decision – delivered by a voice vote in the Senate May 7th – to formalize their missions and begin an intensive training program to develop and man their computer attack and defense capabilities. Cyber Command will be a component of U.S. Strategic Command at Offutt AFB, Neb., and it will be located with NSA at Fort Meade, Md. NSA will help provide training for the first regularized classes for training cyber-warriors.

The organizational framework for planning and launching U.S. cyber-attacks and defending military networks now appears to be complete, but many unknowns remain about how attacks will be conducted and who will approve them. It is a murky area that has hindered their operational use of cyber-weapons for 20 years, beginning with planning for the war with Iraq in 1990.

“Given the title authorities [defining who is and is not a combatant] and [rules about] who can do what to whom, how do you share the [cyber-]picture with the Army, Navy, Air Force and Marine Corps,” says Vice Adm. Bernard McCullough, III, commander of the cyber-war-fighting 10th Fleet. “We have yet to define how we do that in cyber-operations. How do you develop target folders for non-kinetic effects in support of operational planning?”

Another sticking point is the undefined border between electronic and cyber-warfare.

“When inside a defined combat theater of operations, if the [electronic or cyber-]effect is generated and the target is confined to that theater, I think we have pretty clear command and control,” McCullough says. “The real issue is if you go outside the theater, who owns the authority, how is it delineated and what is the national policy? That’s being worked at the highest level. A lot of it isn’t understood.”

U.S. military cyber-forces will be pulled into managing cyber-attack-triggered catastrophes just as they support large-scale natural disasters, predicts former CIA chief James Woolsey.

“It is not a Defense Dept. obligation to protect the national power grid,” Woolsey says. “The problem is that nobody is responsible, at least nobody that is doing anything effective. We have an infrastructure that is privately owned and resists government regulation even on matters of security and safety. I wager as the vulnerabilities of the grid [to cyber-attack] become more apparent, unless somebody gives responsibility to a new entity, there will be pressure in one way or another for the military to protect the power grid.”

Pentagon: Military Response To Cyber Attack Possible

AGENCE FRANCE-PRESSE

Published: 12 May 2010 16:01

WASHINGTON - The Pentagon would consider a military response in the case of a cyber attack against the United States, a U.S. defense official said May 12.

Asked about the possibility of using military force after a cyber assault, James Miller, undersecretary of defense for policy, said: "Yes, we need to think about the potential for responses that are not limited to the cyber domain."

But he said it remained unclear what constituted an act of war in cyberspace.

"Those are legal questions that we are attempting to address," Miller said at a conference in Washington, adding that "there are certainly a lot of gray areas in this field."

He said hostile acts in cyberspace covered a wide range, from digital espionage to introducing false data into a network, that did not necessarily represent full-blown war.

But he said the threat to U.S. networks from terrorists, criminals and others was real and growing.

"Over the past decade, we've seen the frequency and the sophistication of intrusions into our networks increase," he said. "Our systems are probed thousands of times a day."

The Defense Department has about 90,000 employees and troops using computer networks, with about 7 million computer devices, he said.

The U.S. military recently created a new cyber command that will be led by Army Lt. Gen. Keith Alexander, head of the National Security Agency. Alexander was confirmed in his post by the U.S. Senate last week.

In written testimony to Congress, Alexander said that the cyber command would be prepared to wage offensive operations as well, despite the risk of sustaining damage to U.S. networks.

He told lawmakers that he expected digital operations to take place as part of a wider military campaign, but that special legal authority would be required to respond to a cyber attack staged from a neutral country.

Hackers Are Internet Shock Troops

May 13, 2010



By Sharon Weinberger
Washington

Cyber-attack is an ever-present threat that can result in major damage to government and business web sites, as the following examples show.

U.S. and South Korea, 2009: Officials in both countries reported attacks in the summer, aimed mainly at government web sites, as well as financial services sites.

How it happened: The perpetrators used a virus to infect computers, enlisting hundreds of thousands of unwitting computer users in several countries to launch distributed-denial-of-service (DDOS) attacks, which overwhelmed targeted web sites.

Suspects: U.S. and South Korean officials linked the attack to North Korea, but no evidence was ever presented. Some cyber-security experts scoffed at the allegations, saying that even if true, it would be nearly impossible to definitely trace the attacks to North Korea, since a sophisticated attacker could make it seem as if they originated from almost anywhere.

Kyrgyzstan, 2009: Two of the country’s main Internet service providers—ns.kg and domain.kg—came under a massive denial-of-service attack. Some reports stated the assault shut down 80% of the country’s bandwidth.

How it happened: Information security firm SecureWorks said the attack left just two smaller Internet service providers handling Kyrgyzstan’s online traffic, “knock[ing] most of the small, Central Asian republic offline.”

Suspects: Some observers suspected Russian influence, noting that attacks were from Russian IP addresses, and that the Kyrgyz government was under pressure to close Manas Air Base, a key supply hub for U.S. forces in Afghanistan. Domestic politics were at work as well: During the country’s “Tulip Revolution” in 2005, demonstrators used cell phones and text messages to organize, and some observers believed the interruption in Internet service was part of an effort to thwart political opposition.

Georgia, 2008: Georgia and Russia engaged in a conflict in August that was touched off by a Georgian offensive to recapture the separatist republic of South Ossetia. But the shooting war was preceded by an online assault. In the weeks before the war, Georgian government web sites came under sustained attack, and Georgian commercial Internet providers were also hit with denial-of-service attacks. Web traffic slowed to a crawl, and many government sites were taken out of commission.

How it happened: Initially, it looked like a DDOS attack, in which hackers used malicious software to hijack thousands of computers, which simultaneously inundated and overloaded Georgian servers with requests. The more likely explanation, however, is that individual attackers disabled sites by exploiting the vulnerabilities in software used to manage web site databases. Hackers injected junk queries into targeted databases, forcing sites to shut down.

Suspects: Fingers pointed at Russia, but Project Grey Goose, an open-source intelligence initiative, concluded that “there was no external involvement or direction from state organizations.” After scanning and analyzing posts on Russian nationalist hacker forums such as Xaker.ru and StopGeorgia.ru, Grey Goose analysts concluded that nationalist hackers had honed a “cyber-kill chain,” which involved recruiting novices by posting patriotic rhetoric and images; publishing and sharing a list of target web sites; discussing malware to use in the attack; and evaluating results for follow-on attacks.

Estonia, 2007: Cyber-attacks hit Estonian web sites in April. Tactics included spamming and defacing of web sites; ping attacks (in which hackers timed requests to overload individual websites); and DDOS attacks. Newspapers, bank sites and government portals came under siege, and the country’s bandwidth was squeezed. The attacks occurred during a controversy over Estonia’s plans to relocate a Soviet World War II memorial. Relocation of the statue heightened tensions between Russia and Estonia, and between Estonians and its ethnic Russians.

How it happened: Hackers used various tactics, from teaming up to overload servers to defacing web sites. Suspects: Estonia claimed the attacks originated in Russia, but as in Georgia, nationalist Russian hackers (or “cyber-militias”) seemed to have done most of the work. Members of Nashi, a private pro-Kremlin youth group, also claimed to have had a hand in launching attacks. Direct involvement by Russia seems unlikely, although state-controlled media helped whip up anti-Estonian fervor that may have recruited hackers to the cause. An ethnic Russian man (and Estonian citizen) was, however, convicted and fined for an attack that crashed the web site of an Estonian political party.


—Sharon Weinberger

Credit: NATO

3,000 officers switch to cyberspace specialty

By Bruce Rolfsen - Staff writer Air Force Times

Posted : Monday May 17, 2010 8:59:31 EDT

About 3,000 communications officers are now cyberspace officers.

In all, 30,000 airmen have been shifted to the front lines of cyber warfare. The officers made the switch in April; the changeover for 27,000 enlisted airmen happened in November.

The Air Force Specialty Code for officers is now 17D. It had been 33S. For enlisted, the 2E, 3A and 3C AFSCs — communications and electronic maintenance jobs — have been merged into the 3DX category

With the standing up of 17D, the officers face stiffer educational requirements and the expectation to see their job as operational and not strictly mission support.

“It’s not just spray paint, it’s a new mindset,” said Brig. Gen. David Cotton, director of cyberspace transformation and strategy at the Air Staff.

Communications officers often saw themselves as others saw them: airmen who made sure the base computer network worked, said Cotton, who began his career a computer programmer.

Cyberspace officers will continue to provide support but they also will be the go-to experts on how a computer or communication network can improve war-fighting capabilities.

The transformation is part of the service’s larger emphasis on cyberspace operations and merging most computer system operations and network warfare functions under Space Command’s 24th Air Force, based at Lackland Air Force Base, Texas.

While wing-level communications squadrons continue to be under the wing’s chain of command, overall policy for operating the systems is set by 24th Air Force.

Specialized communications units, such as combat communications groups, also answer to 24th leaders.

Right now, the officers have the 17D AFSC designator. Some eventually will be classified with the 17A designator for focusing on cyberspace defense, Cotton said.

Officer training

Newly commissioned cyberspace officers will attend a course at Keesler Air Force Base, Miss., that lasts 115 training days. The old communications officer course ran 26 days.

“It will raise the bar on technical competency,” the general said.

The new course is a permanent change of station. The old one was a temporary duty assignment.

Classroom time will include the use of simulators so airmen can learn how to set up secure networks in the field and how to integrate systems into operations.

About 400 students, including civilians and foreign officers, are expected to attend the class annually, said Lt. Col. C.J. Sovada, cyberspace officer career field manager.

After graduates arrive at their operational units, they will continue to get on-the-job training, becoming mission qualified just as new pilots do.

Officers who graduated from the old communications course must take an online 40-hour course. They have until Oct 1, 2011, to complete the Cyberspace Operations Transition Course.

Additional training for officers comes as they gain experience and seniority.

Captains with six to nine years of service will attend a three-week graduate level program called the “200 course,” and majors with 12 to 15 years in uniform will go the “300 course” lasting two weeks. The Air Force Institute of Technology helped develop the curriculums.

Before the creation of the 200 and 300 courses, there was no advanced course for the officers.

In the long term, Cotton said, there is the possibility that cyberspace officers will have a Weapons School course, similar to those for rated officers, but a decision on that is years off.

Cyberwar Cassandras Get $400 Million in Conflict Cash

By Noah Shachtman May 17, 2010 | 11:24 am



Coincidences sure are funny things. Booz Allen Hamilton — the defense contractor that’s become synonymous with the idea that the U.S. is getting its ass kicked in an ongoing cyberwar — has racked up more than $400 million worth of deals in the past six weeks to help the Defense Department fight that digital conflict. Strange how that worked out, huh?

Everyone in the Pentagon from Defense Secretary Bob Gates on down says that the military needs to cut its reliance on outside contractors. But few firms are as well-connected as Booz Allen, the one-time management consultancy that today pulls in more than $2.7 billion in government work. And few firms sound the alarm as loudly about a crisis that they’re in the business of fixing. Back in February, for instance, former National Security Agency director and Booz Allen Hamilton executive vice president Mike McConnell declared that “the United States is fighting a cyber-war today, and we are losing.” The White House’s information security czar is one of many experts who calls such rhetoric overheated, at best. That hasn’t stopped Booz Allen from pocketing hundreds of millions of dollars from Washington to wage those battles.

Booz Allen’s latest awards were announced last Thursday — nine contracts with the Air Force, totaling over $150 million. One deal gives the firm $24 million to “provide combat-ready forces to conduct secure cyber operations in and through the electromagnetic spectrum.” A $19.8 million contract asks Booz Allen to “define information assurance scientific and technical analysis to be applied to future military satellite communication systems development.” Earlier in the month, the company got $14 million to “provide threat monitoring, detection, characterization, and actionable information for the computer network operations in order to help advance Department of Defense Global Information Grid initiative and nationally oriented cyber security priorities.”

That sounds not dissimilar to what McConnell asked for in February. “We need to develop an early-warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options — and we must be able to do this in milliseconds,” he wrote.

I asked Booz Allen spokesman James Fisher what the government was really getting for all that cash. His response: “I’m sorry but I don’t have any additional information on these beyond what’s been issued publicly.”

And what, if anything, do these contracts have to do with Mike McConnell’s um, inflated, estimation of network war? “Admiral Mike McConnell has become well versed in the seriousness of the cyberthreat in public service during the last 15 years, and as Director of National Intelligence he delivered the same messages of concern about the vulnerability of our cyber infrastructure to President George W. Bush and presidential candidate Barack Obama — well before McConnell’s more recent public comments on the subject,” Fisher e-mailed. “As a longstanding intelligence professional, McConnell has an awareness across the full spectrum of classification, and sees it as his duty in public service to foster the right kind of discussion so the nation’s leadership can debate and mitigate the risks.”

Photo: USAF

Read More http://www.wired.com/dangerroom/2010/05/cyberwar-cassandras-get-400-million-in-conflict-cash/#more-24889#ixzz0oEqP8QBd

Spotting Malware By Its Signature

Digital DNA Compares RAM, Stored Data To Find Viruses

By WILLIAM MATTHEWS

Published: 17 May 2010

One piece of malware that turned up recently was designed specifically to search for and steal "ITAR information" - that is, defense-related documents, spreadsheets and other data so sensitive it requires an export license issued under the International Traffic in Arms Regulations before it can be shown to foreigners.

Another bit of malware was created to comb through military networks and extract information about supply routes, said Penny Leavy, president of HBGary, a firm that makes software to spot online threats.

"Malware is the single greatest problem in computer security today," HBGary warns. "Information is being stolen and sold online in unprecedented levels, and professionally written malicious code is behind most of this data theft."

The problem for defense agencies, defense companies, universities, researchers, banks and others is that computer and network security technology does not evolve nearly fast enough to keep up with the malware being written to attack, said Rich Cummings, the chief technology officer of HBGary.

"If the health care industry was run like the malware detection industry, most of us would be dead today," Cummings said. "The current model for detecting malware is broken."

It's being overwhelmed.

The first real computer virus appeared in 1987, Cummings said. By 2007, there were about 700,000 pieces of malware. That year, though, the number more than doubled to about 1.5 million. It doubled again in 2009 to about 3 million.

"Now, it's a huge deluge," Cummings said.

Most defensive software relies on "signatures" - strings of computer code particular to viruses, worms and other malware - to recognize and then block dangerous software.

The problem with this approach is that the malware has to be known so that its signature can be added to a database of signatures to be blocked.

Increasingly, networks are beset by "zero-day" attacks - assaults by malware so new their signatures are unknown. The name "zero-day" indicates that the attack occurs before anyone is aware that the malware exists.

Signature-based defenses do not recognize this new malware or stop it from searching for military secrets or stealing corporate marketing plans, copying Social Security numbers, or pilfering passwords, encryption keys and other valuable information.

"We needed to come up with a new approach," Cummings said. So instead of searching for signatures, HBGary developed a way to spot malware by the way it behaves.

New technology called Active Defense spots malicious code by searching a computer's memory, its operating system and its storage areas to see what programs are there, what programs are running and what programs have been running.

If data is in the memory, but not in the operating system or on the disk, "then there's a problem," Leavy said.

A characteristic of malware is that it's often designed to hide itself as it installs itself on a computer.

"Malware is able to fool Windows into thinking it is doing one thing when actually doing something else," Leavy said. "Windows tells you what's going on, but it is easily tricked."

The computer's memory is a more reliable source.

"Any time a program goes to execute, it has to run in the memory," Leavy said. "So we take information directly from memory."

For example, a rootkit - malicious software that tries to gain administrator-level control over a computer without being detected - will install itself in a computer, but will disguise itself so that the operating system doesn't know that it's there, she said.

Query the operating system, and no problem shows up. But in the memory, the malware "sticks out like a sore thumb because the harder it tries to hide, the more of it stands out," she said.

The hard disk of a computer system also provides additional information; it keeps track of when programs have started and stopped.

When data from the three sources is compared, inconsistencies and irregularities stand out. To find out what the inconsistencies are, Active Defense uses technology it developed earlier, Digital DNA, to analyze what's in the memory.

For example, "there are only about 12 ways to write a keystroke logger," Cummings said. That's true even though there are more than 100,000 keystroke loggers that can run on Windows operating systems.

The keystroke logger writers use many techniques to compile, pack and try to disguise their loggers, "but ultimately, when it executes on the CPU or processor, the assembly code instructions for execution are largely the same," he said.

And that's how Digital DNA identifies keystroke loggers it has never seen before. It compares the logger's code against a database of 2,800 "digital DNA traits" linked to malware behaviors, Cummings said.

That database is quickly expanding. HBGary expects to identify about 10,000 DNA traits by the end of the year. At that point, the rate at which new traits are added to the database should slow. "There are only so many ways you can write malware," he said.

'Good, But Not A Cure-all'

HBGary's approach involves "memory forensics" and is "very good at detecting malware," said Paul Roberts, an enterprise security analyst at 451 Group in Boston.

Still, Active Defense is not perfect. For example, it doesn't prevent malware infections, but it can spot them promptly enough to prevent damage, such as passwords being collected by keystroke loggers or information stolen by exfiltration programs.

"It's a powerful tool but not a cure-all," Roberts said.

"HBGary are really smart people," said Alan Paller. But Active Defense "is not a silver bullet. It's not even a bullet" in the relentless war waged by cyber criminals, said Paller, the director of research at the SANS Institute cyber security training school.

Active Defense is "another useful piece of code that should be part of a comprehensive anti-malware program. It should be part of the portfolio of tools that you have," he said.

But don't expect it to be effective for long, he said. "The bad guys will look at it and say, 'Cool. We will just do this, and this, and this'" to change their malware, and Active Defense "will not work any more," Paller said.

Many anti-malware companies are developing similar products, and all face the same overwhelming challenge, he said.

There are no cure-alls "as malware companies wrestle with what post-signature threat identification is," agreed Roberts.

Cyber Warfare is the New Gen Security Threat: Antony

(Source: Press Information Bureau India; issued May 17, 2010)

The Defence Minister Shri AK Antony today asked the top brass of the Armed Forces to work in unison and make cyber systems 'as secure and as non-porous as possible'. Addressing the Army Commanders here, Shri Antony said cyber-warfare is becoming a serious threat to security.

"The paradigms of security in the age of Information Technology are seldom constant. The evolving security matrix is complex and calls for co-operation and coordination of the highest level. Today, no single service can work in isolation. Cyber warfare and threats to cyber security are fast becoming the next generation of threats. We need to make our cyber systems as secure and as non-porous as possible", he said.

Shri Antony made a strong plea for synergy among the three Forces and said the future security matrix calls for a high-degree of cooperation and inter-dependence among the Services. He said the primary area of focus should be to develop as a force capable of operating in joint network – centric environment. Besides these the other emerging areas that warrant synergised development are space, NBC, Cyber Warfare capabilities, Air Defence, Rotary Wing Assistance, precision munitions, standoff targeting and missiles, communication systems, logistics and joint training.

"Though significant progress has been made towards accomplishing jointness in various operational training and administrative facets among the three Services, there are a number of areas congruence that need to be strengthened further", he said.

Referring to the Modernisation Plans of the Armed Forces, the Defence Minister said it is in our long term national interest that we become self reliant in the field of critical defence equipment. He said modernisation plans of the Armed Forces encompass force modernisation and development of critical combat capabilities, not only against potential adversaries, but across the spectrum of conflict. Modernisation of the Armed Forces wholly depends upon the capital acquisition plan.

However, the acquisition of critical technologies from foreign countries is subject to various technology denial regimes and the prevailing global geo-political situation. Shri Antony said the Defence Public Sector Undertakings are today at a threshold, capable of undertaking design and development work as also to come up with product upgrades on their own.

Despite these achievements we must guard against complacency and must ceaselessly work towards more value addition, product support and serviceability of the supplies made to the end-users – the Services. "It is the collective responsibility of all DPSUs to optimize cost-effectiveness and must adhere to time and cost targets", Shri Antony said.

-ends-

Cyber Command: We Don’t Wanna Defend the Internet (We Just Might Have To)

By Noah Shachtman May 28, 2010 | 9:44 am



OMAHA, Nebraska – Members of the military’s new Cyber Command insist that they’ve got no interest in taking over civilian Internet security – or even in becoming the Pentagon’s primary information protectors. But the push to intertwine military and civilian network defenses is gaining momentum, nevertheless. At a gathering this week of top cybersecurity officials and defense contractors, the Pentagon’s number two floated the idea that the Defense Department might start a protective program for civilian networks, based on a deeply controversial effort to keep hackers out of the government’s pipes.

U.S. Cyber Command (“CYBERCOM“) officially became operational this week, after years of preparation. But observers inside the military and out still aren’t quite sure what the command is supposed to do: protect the Pentagon’s networks, strike enemies with logic bombs, seal up civilian vulnerabilities, or some combination of all three.

To one senior CYBERCOM official, the answer is pretty simple: nothing new. Smaller military units within U.S. Strategic Command coordinated and set policies for the armed forces’ far-flung teams of network operators and defenders. Those coordinators and policy-makers have now been subsumed into CYBERCOM. They’ll still do the same thing as before, only more efficiently. “Doesn’t expand any authorities. It doesn’t have any new missions,” the official told Danger Room. “It really doesn’t add any significant funding… And really, it’s not a significant increase in personnel; we just reorganized the personnel have we had in a smarter and more effective way.”

That may soon change, however. A 356-page classified plan outlining CYBERCOM’s rise is being put into action. A team of about 560 troops, headquartered at Ft. Meade, Maryland, will eventually grow to 1093. Each of the four armed services are assembling their own cyber units out of former communications specialists, system administrators, network defenders, and military hackers. Those units – Marine Forces Cyber Command, the 24th Air Force, the 10th Fleet, and Army Forces Cyber Command – are then supposed to supply some of their troops to CYBERCOM as needed. It’s similar to how the Army and Marines provide Central Command with combat forces to fight the wars in Afghanistan and Iraq. Inside the military, there’s a sense that CYBERCOM may take on a momentum of its own, its missions growing more and more diverse.

Most importantly, perhaps, procedures are now being worked out for CYBERCOM to help the Department of Homeland Security defend government and civilian networks, much like the military contributed to disaster recovery efforts after Hurricane Katrina and the Gulf of Mexico oil spill.

In those incidents, it took days, even weeks for the military to fully swing into action. In the event of an information attack, those timelines could be drastically collapsed. “There’s probably gonna have a very temporal element to it. It’s gonna need to be pretty quick,” the CYBERCOM official said.

Exactly what kind of event might trigger CYBERCOM’s involvement isn’t clear. “From our perspective the threshold is really easy: it’s when we get a request from DHS,” the official noted. “What’s their threshold? I couldn’t tell you what their threshold is.”

The Pentagon might not even wait for an information disaster to move in. The National Security Agency is developing threat-monitoring systems for government networks dubbed Einstein 2 and Einstein 3. Deputy Secretary of Defense William Lynn believes those programs ought to extended to cover key private networks, as well.

“We are already using our technical capabilities… to protect government networks,” Lynn announced at the Strategic Command Cyber Symposium here. “We need to think imaginatively about how this technology can also help secure a space on the Internet for critical government and commercial applications.”

Einstein 2 is supposed to inspect data for threat signatures as it enters federal networks. Einstein 3 goes even further — alerting DHS and the NSA before the attacks hit. “You’re starting to anticipate intrusions, anticipate threat signatures, and try and preventing things from getting to the firewalls rather than just stopping at the firewalls,” Lynn told Danger Room after his Cyber Symposium speech. (Full disclosure: I ran a panel at the event, and the military paid my travel costs.)

Given the NSA’s history of domestic surveillance, civil liberties groups fear that the Einstein programs could become a new way to snoop on average Americans’ communications. Lynn said not to worry: “Individual users who do not want to enroll could stay in the ‘wild, wild west’ of the unprotected internet.”

“I think it’s gonna have to be voluntary,” he added. “People could opt into protection – or choose to stay out. Individual users may well choose to stay out. But in terms of protecting the nation’s security, it’s not the individual users [that matter most]. I mean, they have to worry about their individual [data], their credit rating, and all that. But it’s the vulnerability of certain critical infrastructure – power, transportation, finance. This starts to give you an angle at doing that.”

Privacy rights organizations and military insiders also wonder whether CYBERCOM is just another way to extend the NSA’s reach. After all, both organizations are headquartered at Ft. Meade. And both are headed by Lt. Gen. Keith Alexander.

The CYBERCOM official swears that won’t happen. “It’s not NSA taking over military cyber,” he said. “And it’s not military cyber taking over NSA.”

[Photo: USAF]

Cyber Conflict Embroils U.S. Industry, Government

Agencies Steadily Strengthen Defenses

By WILLIAM MATTHEWS

Published: 31 May 2010

Most of the news from the front isn't good.

The United States is losing terabytes of valuable information to criminal gangs and hackers, warns James Miller, principal deputy undersecretary of defense for policy.

Terrorist organizations are using the Internet to recruit members, incite terrorist acts and, more recently, attack U.S. websites, said FBI Director Robert Mueller.

Financial losses to cyber crime exceed $1 trillion annually, reports Tom Conway, director of federal business development at the cybersecurity company McAfee.

"The ability of our adversaries is increasing," said Ed Amoroso, chief security officer at internet provider AT&T.

U.S. reliance on the Internet is growing - from military communications to smart electrical grids, U.S. government and commerce are increasingly wired. But so are U.S. adversaries.

"We are playing the cyber equivalent of cat-and-mouse, and unfortunately the mouse seems to be one step ahead most of the time," Mueller said at a cybersecurity conference this spring.

The view from the Pentagon: More than 100 foreign intelligence agencies are trying to break into U.S. Defense Department computer systems, Miller told a cyberwarfare conference in mid-May. So are criminal gangs and hackers.

"Our networks are scanned thousands of times an hour," he said.

The U.S. Congress has also been targeted. So have most U.S. government agencies, defense companies, banks, utilities, universities, government laboratories - practically any organization with a connection to the Internet and something valuable to steal, damage or disrupt.

"Hackers actively target our government networks," Mueller said. "They seek our technology, our intelligence and our intellectual property, even our military weapons and strategies.

"Some in the industry have likened this to death by a thousand cuts. We are bleeding data, intellectual property, information and source code, bit by bit, and in some cases, terabyte by terabyte," Mueller said.

Denial-of-service attacks that occurred once or twice a year a decade ago now occur daily, even hourly, Amoroso said. Viruses and worms have been supplanted by botnet armies. And malware that once could be readily recognized and blocked by software now is indistinguishable from legitimate Internet traffic, he said.

The United States is fighting back. It was just a year ago the White House published its Cyberspace Policy Review. In December, President Barack Obama appointed a cybersecurity coordinator, Howard Schmidt. On May 21, Defense Secretary Robert Gates activated Cyber Command.

The Air Force has begun building a 38,000-square-foot cyberwarfare command center - "the first of its kind in the nation, as well as the first step in the new warfare: cyberwarfare," the Air Force said.

The FBI has trained more than 1,000 agents, analysts and digital forensic examiners, Mueller said. And it tackles cyber crime with help from the National Cyber Investigative Joint Task Force, which includes 17 law enforcement and intel agencies.

Cyber defense capabilities at the Department of Homeland Security "are maturing," said Conway. So are the capabilities of the commercial sector. "Organizationally, we're starting to come together."

"At the same time, the adversary is not resting," he said.

Some experts, including Richard Clarke, warn that cyberwar is impending and that the United States remains woefully unprepared for it. In a book published this spring, Clarke describes a massive cyberattack in which blackouts strike more than 100 major U.S. cities. Subway trains and airplanes crash. Chemical plants release toxic clouds and pipelines explode. Bank data vanishes, critical military networks stop working.

Others said Clarke's scenario is exaggerated and that the United States isn't quite the sitting duck he depicts, Amoroso said.

"If attackers do X, defenders will do Y," Amoroso contends. Companies and agencies have taken proactive steps and planned reactive steps to defend themselves. There are, for example, "a lot of controls in place at AT&T that we would never talk about to a reporter."

Not every apparent vulnerability is an actual weakness, he said. If a hacker poking around the Internet discovers an open maintenance port, it may provide access to a U.S. power plant's control system. Or it may be a trap designed to lure an attacker in, Amoroso said.

Such "honeypots" give system defenders an opportunity to watch live attacks unfold and study the attackers' tactics, Amoroso said. "The U.S. military is pretty good in this area."

Between government and industry, there are a lot of countermeasures and security solutions in place, Amoroso said. Even in cyberwarfare, it is unlikely that U.S. systems would completely fail.

Meanwhile, defenses are improving. More sophisticated malware has rendered signature-based anti-virus software and firewalls substantially less effective, but anomaly detection is providing new forms of defense, Amoroso said.

Conway's company, McAfee, has several hundred cyber experts developing behavioral algorithms to identify suspicious network activity. The algorithims notice software that begins acting in unexpected ways, and it warns of activity that falls outside the norm, such as mass quantities of data exiting the system at unusual hours, or unauthorized users entering accounting systems.

Anomaly detection is more complicated than anti-virus software and firewalls, but as threats become more sophisticated, it is being more widely adopted, he said.

And there's another source of optimism: "The infrastructure is going to change. At AT&T, we're very bullish about the shift toward cloud computing," Amoroso said.

In cloud computing, individual computers tap into programs that are stored on the Internet - the cloud - rather than in the computers themselves. The security advantage is that software is managed by security professionals who are better able to defend it against cyber attacks, Amoroso said.

For McAfee, the cloud offers a convenient way to distribute security software more automatically, Conway said. But the cloud may also have an ominous lining.

"Your data is all out there" on the cloud, he said. Can it be viewed by other people? Is it secure? Is it duplicated so that if one part of the cloud crashes, it isn't lost?

"Your information may be more accessible to you" on the cloud, but is it also more accessible to others, he asked. ■

E-mail: bmatthews@defensenews.com

Italy Weighs Cyber-Defense Command

By TOM KINGTON

Published: 31 May 2010

ROME - Italy soon could create its first command structure to counter cyber threats, an Italian senator has told Defense News.

The Italian parliament's intelligence commission is sounding out experts on the best way to counter cyber attacks against Italian national security, and is set to deliver a packet of proposals to legislators, said the commission's vice president, Sen. Giuseppe Esposito.

Italian efforts to stem cyber threats are divided among the military, police forces and government departments, but they have yet to coordinate an overall vision of what those threats are, observers said.

"We are listening to experts on all aspects of this problem, from cyberwar to cyber crime to threats to infrastructure to malware, and will present proposals to parliament within 40 days for legislation," Esposito said.

"We could see the creation of one or two controlling structures," he added. "If it's two, one could be military, with links to intelligence agencies and the other civilian, set up to defend individual citizens."

Analysts said that awareness of the danger of cyber threats is still limited among decision-makers because there have been few major attacks.

"Italy does not have a long history of cyberattacks," said Andrea Margelletti, chairman of the Centre for International Studies, here.

A second expert said that discussion about protecting key infrastructure focuses more on accidents than attacks.

"Natural disasters are seen as the big danger right now, from the chance of Mount Vesuvius erupting to the effects of climate change," said Salvatore Tucci, a professor of computer engineering and co-founder of an Italian think tank promoting infrastructure protection.

But other experts claimed that probing cyberattacks had occurred in Italy, even if proof was short. A 2003 power outage that crippled Italy was attributed by more than one analyst to hackers.

"Italian industry is also being attacked every day," warned Raoul Chiesa, an expert on hacking who works for the U.N. crime office UNICRI. "Just look at the cars and clothes coming out of Asia, and compare them to Italian designs."

An Italian military official said the defense establishment is working to protect its networks and collaborating with NATO efforts to combat cyber threats such as those in the 2007 attacks on Estonia. But observers said it is not actively involved in homeland security-type work.

Last year, a unit run by the Italian state police was officially launched to combat cyber crime and terrorism. "But what is missing is an organization tackling cyber espionage and cyberwar-type attacks," said Domenico Vulpiani, a senior police official who headed the police's fight against online crime for 10 years.

"It would need to be an organization coordinating with the military and intelligence services," he added.

"It's up to us to create structures that can really protect critical infrastructure," said Luisa Franchina, the director of a task force set up in January, which is listing Italy's crucial infrastructure as part of an EU drive to identify what makes the continent tick and to protect it.

While working under the military adviser to the prime minister's office, Franchina doubles as an adviser on nuclear, biological and chemical attacks to an Italian civil protection agency, which she said could give her the right mix of military and civil links to aid a cyber command.

At first glance, police officers cracking down on cyber crooks would not appear to have much in common with fighting cyber assaults launched by a nation. More-over, police work starts when a crime is committed; cyber defenders try to prevent an attack from occurring.

But analysts have long suspected that when China launches hacking attacks as part of state policy, it relies on the skills of the same breed of private hackers that police forces now tackle every day.

"Online techniques used in criminal activity are similar to those used, for instance, in the cyber attacks on Estonia," Vulpiani said. "Many police officials frequent hacker forums and know the enemy," he added.

"If we start a national command, we need to draw on the knowledge that is already out there and police work to date has been excellent," analyst Margelletti said.

Besides state police efforts, Italy's tax police have built up experience in tackling cyber crime thanks to a small unit formed in 2001, which has worked with the U.S. intelligence community on halting attacks on the Pentagon originating from Italy.

"Cyber crime is the fuel for cyberwar, which is state sponsored but not always state controlled," said the unit's head, Umberto Rapetto.

Meanwhile, Italy had proved attractive to cyber crooks, with the number of victims of online crime growing by 30 percent every year over the last five years, Rapetto said. Apart from Eastern European and Russian gangs preying on Italy, homegrown mafia clans are finding the web a lucrative target, he said.

But Rapetto agreed that preventing attacks is often beyond the remit of police forces.

"We need a hacker regiment, run by the Ministry of Defense, with the involvement of the police," he said.■

E-mail: tkington@defensenews.com

Bolster U.S. Cyber Defenses

Make Comprehensive Push Against Global Threats

By LARRY WERTZEL and RANDY FORBES

Published: 31 May 2010

With the recent confirmation of Army Gen. Keith Alexander as commander of U.S. Cyber Command, America now faces the daunting task of coordinating its military efforts to protect against and respond to cyberattacks. In February, former Director of National Intelligence Mike McConnell warned that "the United States is fighting a cyberwar, and we are losing."

To effectively face this challenge, we must identify the attackers and develop responses in terms of policy, legislation and military preparedness.

During the first half of 2009, there were reported at least 43,785 incidents of malicious cyber activity directed against the U.S. Department of Defense. These incursions came from a variety of sources, ranging from criminal hackers to foreign governments, and remediation alone cost the Defense Department more than $100 million. That figure does not account for the significant cost of data lost to cyber espionage.

The most egregious actions - and potentially the most dangerous to U.S. security - have come out of China. Chinese military thinkers believe the United States is far more vulnerable to cyberwar than Beijing, arguing that because U.S. forces rely heavily on computers, satellites and space sensors; operate over vast distances; and depend on supply networks and force projection designed to get supplies and parts where they are needed "just on time," they can be seriously weakened by computer network attacks.

Efforts by the Chinese People's Liberation Army (PLA) to develop its cyberwarfare capabilities began by examining and replicating U.S. computer network operations in the two wars in Iraq and operations in the Balkans. Today, however, China's military is actively developing an indigenous doctrine adapted to the needs of its forces.

We know from the cyberattacks on Google and users of its Internet services that some computer exploitations by the Chinese government are attempts to strengthen domestic control over the population and suppress human rights activists. In other cases, Chinese use cyber spying to complement traditional espionage, as has been the case with gathering information related to combat aircraft such as the B-1 and B-2 bombers, naval propulsion and electronics systems, a U.S. space shuttle and perhaps the F-35 Lightning II fighter.

The most serious threat the United States faces from China's cyberwar efforts is the attempt to impede the flow of U.S. forces and supplies to a crisis area. According to Marine Corps Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, some of the computer penetrations of the Department of Defense were a reconnaissance effort to map out U.S. government networks in order to cripple America's military command-and-control systems in the event of a future attack.

Indeed, some of the more sophisticated military analyses from China's armed forces propose to enhance the ability to attack an adversary's satellite communications and sensor systems, critical transportation and energy infrastructure, ports of air and sea embarkation, and military command systems.

China is not the only cyber threat faced by American military forces, but it has the fastest-growing and most active approach to cyberwarfare. And while the political climate across the Taiwan Strait has improved recently, Beijing continues to threaten the use of force and has developed military strategies to counter any U.S. effort to employ forces to maintain peace in the case of China-Taiwan conflict.

There are other potential flashpoints that drive Beijing to develop offensive cyber capabilities, as well, such as the disagreement over freedom of navigation in the Pacific outside China's territorial waters.

From a policy standpoint, the United States must clarify how it views a cyberattack and explain that it reserves the right to respond by force.

Furthermore, with the recent confirmation of Alexander, we must stand up U.S. Cyber Command and ensure that its service components have the manpower and equipment to wage effective cyber defenses and, if necessary, undertake offensive operations. We also should be working with Australia, Japan, NATO and South Korea to address cyber penetrations.

We also must know the origin of the software and hardware in our computer systems and our satellites. It doesn't make much sense to have a computer system built with chips and run on software created in the country that is the most active cyber espionage adversary we face.

Defense Department supply chains for computer systems and electronic components must come from trusted foundries and use trusted software. Our satellites should be remotely reprogrammable in the event of a cyberattack.

With a concerted effort by the executive branch, Congress, our defense establishment, industry and allies, we can harden ourselves to cyberattack and ensure that our adversaries know they cannot act with impunity.

---

Larry Wortzel is a commissioner and former chairman of the U.S.-China Economic and Security Review Commission. U.S. Rep. Randy Forbes, R-Va., is a member of the House Armed Services Committee, and founder and co-chairman of the Congressional China Caucus.

Lieberman Bill Gives Feds ‘Emergency’ Powers to Secure Civilian Nets

By Noah Shachtman June 2, 2010 | 2:07 pm



Joe Lieberman wants to give the federal government the power to take over civilian networks’ security, if there’s an “imminent cyber threat.” It’s part of a draft bill, co-sponsored by Senators Lieberman and Susan Collins, that provides the Department of Homeland Security broad authority to ensure that “critical infrastructure” stays up and running in the face of a looming hack attack.

The government’s role in protecting private firms’ networks is one of the most contentious topics in information security today. Several bills are circulating on Capitol Hill on how to keep power and transportation and financial firms running in the event of a so-called “cybersecurity emergency.”

Last week, Deputy Defense Secretary William Lynn floated the idea of extending a controversial cybersurveillance program to hacker-proof the firms. Meanwhile, the military’s new Cyber Command is readying itself to march to these companies’ aid.

Lieberman and Collins’ solution is one of the more far-reaching proposals. In the Senators’ draft bill, “the President may issue a declaration of an imminent cyber threat to covered critical infrastructure.” Once such a declaration is made, the director of a DHS National Center for Cybersecurity and Communications is supposed to “develop and coordinate emergency measures or actions necessary to preserve the reliable operation, and mitigate or remediate the consequences of the potential disruption, of covered critical infrastructure.”

“The owner or operator of covered critical infrastructure shall comply with any emergency measure or action developed by the Director,” the bill adds.

These emergency measures are supposed to remain in place for no more than 30 days. But they can be extended indefinitely, a month at a time.

The DHS cybersecurity director has to ensure that the emergency measures “represent the least disruptive means feasible” and that “the privacy and civil liberties of United States persons are protected,” according to the bill. It also allows the private firms to handle network threats on their own — if DHS approves of the measures.

Senate staffers familiar with the bill acknowledge that it grants broad powers over private businesses; the staffers couldn’t think of an analog in the physical world, except for the Federal Aviation Administration’s authority to ground air traffic after 9/11. But the staffers say that the emergency powers will only apply to a relatively small number of companies, and only in the most extreme cases — when an electronic exploit might cause “catastrophic regional or national damage” resulting in “thousands of lives or billions of dollars” lost.

In order for the President to declare such an emergency, there would have to be knowledge both of a massive network flaw — and information that someone was about to leverage that hole to do massive harm. For example, the recent “Aurora” hack to steal source code from Google, Adobe and other companies wouldn’t have qualified, one Senate staffer noted: “It’d have to be Aurora 2, plus the intel that country X is going to take us down using that vulnerability.”

A second staffer suggested that evidence of hackers looking to leverage something like the massive Conficker worm — which infected millions of machines and was seemingly poised in April 2009 to unleash something nefarious — might trigger the bill’s emergency provisions. “You could argue there’s some threat information built in there,” the staffer said.

The Lieberman/Collins bill is hardly the the most extreme cybersecurity proposal that’s circulated on Capitol Hill in recent years. That dubious distinction belongs to a bill from Senators Jay Rockefeller and Olympia Snowe that empowered the feds to “order the disconnection of any Federal Government or United States critical infrastructure information systems or networks in the interest of national security.” That provision was neutered after a public outcry. Now, it calls on the U.S. government to “develop and rehearse detailed response and restoration plans” in the event of a major network threat.

[Photo: DHS]

Read More http://www.wired.com/dangerroom/2010/06/lieberman-bill-gives-feds-emergency-powers-to-secure-civilian-net/#more-25547#ixzz0pkIfOYlC

Security Firm: 2009 Cyber Attack Stretched Over Months

By WILLIAM MATTHEWS

Published: 2 Jun 2010 17:50

Last winter's cyber attack against Google and about 30 other companies shed new light on how future offensive cyber campaigns might be carried out: with great stealth, one target at a time.

The attack, believed to be linked to the Chinese government, began last summer , increased in intensity in November, but was not discovered until late December or early January, said George Kurtz, chief technology officer of the cybersecurity company McAfee.

By then, companies from Google to Intel to Adobe to Yahoo had been robbed of source code, industrial secrets and other valuable intellectual property.

"It's not surprising the attack took that long to detect," Kurtz said. The malware used in the attack was specifically tailored to quietly invade and compromise each company.

The pieces of malware were very sophisticated, highly targeted and designed to hide themselves while exfiltrating, he said. Kurtz describes this new malware as "advanced persistent threats."

The attack, which McAfee investigated earlier this year, "was a watershed event," Kurtz said. Governments have attacked governments since the beginning of civilization. But a "government attacking the commercial sector is a new situation," he said.

That's assuming that the Chinese government was involved in or sponsored the attack. "We're not certain that it was the Chinese government," he said. "But Google felt pretty strongly that it was" - strongly enough that Google shut down it search service in China in March in retaliation for the attack.

The attack marked another turning point, Kurtz said. Google and a few other victims went public about the attack. Before that, companies were loath to admit cyber vulnerabilities, and most of those struck in the Aurora attack still are. The targets are believed to include U.S. financial firms, defense companies, technology companies and research institutions.

"We know intellectual property was compromised. A lot of times it was source code - that's the core intellectual property for many of these companies," Kurtz said.

But there's another aspect of the attack that worries the U.S. military.

"It's one thing if source code is stolen. In the defense world, there's concern that source code may have been modified and no one knows about it," he said. "That's one of the biggest areas government is focused on: Could anyone get in and modify systems and use it to their advantage in time of war?"

There's also concern that Chinese hackers may have discovered unknown vulnerabilities in operating systems, web browsers and other software and could use them against the military - or any other computer users, Kurtz said.

While McAfee has moved on from the Aurora investigation, the company is still looking at advanced persistent threats, Kurtz said.

"There's no silver bullet against them," he said.

The best defense is a layered one.

"You can't just rely on antivirus software - and we're an antivirus company. And firewalls alone don't provide adequate protection," he said.

Antivirus, firewalls and intrusion detection are a start. But "white listing" offers a stronger defense. That is, essentially locking computers down so that only trusted programs are allowed to run. Nothing can be changed or added or updated, except by a system administrator.

McAfee believes "that's where the future is going," Kurtz said.

The Dangers of Turning Spies into Generals (and Vice Versa)

By Noah Shachtman June 3, 2010 | 6:56 pm



In his speech today, NSA director and U.S. Cyber Command chief General Keith Alexander told the audience that he’s in kind of a tricky position, as the head of both a super-secret intelligence organization and a military unit devoted to “securing the nation’s cyber infrastructure.”

For one thing, there are some legal issues still to be worked out. Alexander is now spending a bunch of his time operating under Title 10 of the U.S. code, which governs the military, and Title 50, which covers intelligence operations. The blending of those two roles — not just by Alexander, but by all sorts of officials through the national security apparatus — unnerves Peter Singer, my new new boss at the Brookings Institution. Take the drone war in Pakistan. The Title 50 CIA has become a de facto air force there; that’s a job normally reserved for Title 10 types, Singer writes in the current issue of Armed Forces Journal.

Titles 10 and 50 were meant to be something different, and that difference remains very important both politically and legally. Double-hatting the NSA and military Cyber Command has raised deep concerns about the militarization not just of cyberspace, but of an intelligence agency’s core function of collection and analysis. By contrast, double-hatting the CIA into an operational air war command means its director (a former congressman from California) and his general counsels now handle not only weapons of war, but also issues of war, such as operational concept and strategy, rules of engagement, etc., that they do not have the background or mandate to perform. Indeed, if we are honest, the CIA has created the 21st century equivalent of the equally not-so-covert fleet of repainted B-26 bombers it sent to the Bay of Pigs invasion — and we remember how that one turned out.

[Photo: STRATCOM]

Read More http://www.wired.com/dangerroom/#ixzz0pq8aiLQA

CyberCom: U.S. Lacks Online Situational Awareness

By WILLIAM MATTHEWS

Published: 3 Jun 2010 15:38

The U.S. military operates 7 million computers and 15,000 computer networks and has virtually "no situational awareness" that would enable it to know when a cyber attack is underway, the new head of the U.S. Cyber Command said June 3.

The lack of "real-time situational awareness" puts the military at risk, said Gen. Keith Alexander, who heads the command and is director of the National Security Agency.

Situational awareness refers to the ability to understand what's going on around you. On a battlefield it means knowing where allied and enemy forces are and what they're doing. In cyberspace it means understanding who is on particular networks and what they are doing.

"We have no situational awareness – it's very limited," Alexander said in an address at the Center for Strategic and International Studies.

That puts the military at risk because it depends increasingly on computer networks for maintaining command and control, for communicating, for intelligence operations and for logistics, Alexander said.

Military computer networks are "probed 250,000 times an hour - 6 million times a day," he said.

And too often, the military discovers through forensics that network probes have been successful. As a consequence, response becomes "policing up after the fact versus mitigating it real time," Alexander said.

"The requirement from my perspective is that we need real-time situational awareness in our networks to see where something bad is happening and to take action there at that time," Alexander said in his first public address since becoming Cyber Command chief May 11.

The military is not alone in lacking cyber situational awareness. Other government agencies don't have it, and "many in industry would say they are working toward that but they don't have that," Alexander said.

That's a dangerous situation in cyberspace, which Alexander described as ever more perilous.

Citing a 2009 Verizon investigation of data breaches, Alexander said criminals using custom-made malware are able to break into "virtually every single organization they choose."

The main limitation on criminal organizations were time and resources - "they simply did not have the time and the wherewithal to breach all the high-value targets they could have," he said.

But foreign governments have substantially more resources, and more worrisome motives for attacking U.S. networks, he said.

There is evidence that some penetrations of U.S. networks were carried out with sabotage in mind, Alexander said.

Other attacks were designed to steal intellectual property, he said. That's serious because "it's the future of our country, the future of our industry. It will make up the future wealth of this nation. We've got to protect it."

Intellectual property is almost any valuable knowledge, from how to build advanced weapons such stealth aircraft, to trade secrets, advanced manufacturing processes to software code. And much of it is vulnerable to theft over the Internet.

Preventing such theft, though, is not the job of the Cyber Command or the U.S. military, Alexander said.

The Homeland Security Department is the lead agency for defending government websites. Law enforcement agencies such as the FBI help defend the private sector. The Cyber Command will offer technical assistance if asked for it, Alexander said.

And if the Cyber Command develops a good situational awareness tool, it would share it with other government agencies and the private sector, he said.

Cyber Command chief says military computer networks are vulnerable to attack

By Ellen Nakashima
Washington Post Staff Writer

Friday, June 4, 2010

The U.S. government is seeing "hints" that adversaries are targeting military networks for "remote" sabotage, the head of the Pentagon's recently launched Cyber Command said in his first public remarks since being confirmed last month.

"The potential for sabotage and destruction is now possible and something we must treat seriously," said Gen. Keith B. Alexander, who also heads the National Security Agency, the nation's largest intelligence agency. "Our Department of Defense must be able to operate freely and defend its resources in cyberspace."

Alexander spoke Thursday before more than 300 people at the Center for Strategic and International Studies in Washington.

In remarks afterward, Alexander said he is concerned about the safety of computer systems used in war zones. "The concern I have is when you look at what could happen to a computer, clearly sabotage and destruction are things that are yet to come," he said. "If we don't defend our systems, people will be able to break them."

James A. Lewis, director of CSIS's Technology and Public Policy Program, said advanced militaries are capable of destroying U.S. computer systems. "That wasn't true four years ago, but it's true now and Cyber Command will have to deal with it," he said.

The Cyber Command, launched last month at Fort Meade, was created by Defense Secretary Robert M. Gates to streamline the military's capabilities to attack and defend in cyberspace, supported by NSA's intelligence capabilities.

Alexander stressed that the Command will focus on protecting the U.S. military's 15,000 computer networks under oversight of the special Foreign Intelligence Surveillance Court, Congress and the administration. His remarks were aimed at assuaging concerns over the NSA's role in helping to protect civilian and private-sector networks, as well as fears of a "militarization" of cyberspace.

"We spend a lot of time with the court, with Congress, the administration, the oversight committees to ensure they know what we're doing and why we're doing it," Alexander said.

This is done in classified settings, he said, including before the surveillance court, set up as part of the effort to protect Americans from unwarranted government surveillance.

"The hard part is, we can't go out and tell everybody exactly what we did or we give up capability that may be extremely useful in protecting our country and our allies," he said.

Alexander's confirmation was delayed for months by congressional concerns over the command's role and scope of action, how its operations would affect Americans' privacy, and a lack of clarity over rules of the road in cyber warfare.

The rules are still being debated and formulated, he said. So are the rules of engagement for working with the Department of Homeland Security and private industry in protecting the private sector's systems, which is perhaps the most difficult challenge.

But Alexander has his hands full just hardening the military's systems. DOD systems are probed by unauthorized users more than 6 million times a day.

"While our front-line defenses are up to this challenge, we still have to devote too much of our time and resources to dealing with relatively mundane problems," such as poorly engineered software and missing patches, he said.

Top U.S. Commander in Iraq Raises Internet Concerns

(Source: US Department of Defense; issued June 4, 2010)

WASHINGTON --- Army Gen. Raymond T. Odierno, reflecting on lessons learned and the way ahead as the outgoing top commander in Iraq, voiced concerns today about how the ease of Internet communications sometimes undermine military operations.

“One of the things we have continued to work hard at is the change in global communications and its impact on warfare,” Odierno said during a Pentagon press briefing. “It’s absolutely essential that we take a hard look at how we’re going to address this issue.”

Odierno, who commanded the Army’s 3rd Corps in Iraq from May 2006 until taking over U.S. Forces Iraq in September 2008, is not the first military leader to voice concerns about how the unregulated and ubiquitous nature of Internet communications undermine security efforts. Army Gen. David H. Petraeus, commander of Multinational Force Iraq before becoming commander of U.S. Central Command in October 2008, voiced similar concerns during budget hearings on Capitol Hill earier this year.

Odierno and others have raised concerns about al-Qaida and other terrorist groups’ recruiting and public relations efforts on the Internet. Even as military operations chip away at the groups’ insurgencies in Iraq and Afghanistan – killing or capturing 34 of 42 al-Qaida in Iraq leaders in the past three months – militant websites don’t reflect that.

“What they’re telling people on their website is completely different than what is happening on the ground,” the general said.

Odierno, whom President Barack Obama has nominated to head the Norfolk, Va.-based U.S. Joint Forces Command after rotating out of Iraq at the end of summer, endorsed the Defense Department’s new Cyber Command to work on such Internet issues.

The U.S. military has been the target of numerous e-mail scams, Odierno said, including the social networking site, Facebook. His own Facebook site has been used in schemes to extort money, he said.

“These are real challenges to us that we really have to get after,” he said.

Army Lt. Gen. Lloyd Austin has been chosen to replace Odierno as commander of U.S. Forces Iraq.

-ends-

NATO Ponders Returning Fire



By Kevin Coleman
Defense Tech Cyber War Correspondent

Multiple cyber intelligence sources have warned for some time now of the growing cyber threat from Russia, China and others. The Albright Group recently released a report that stated that a cyber attack targeting the critical infrastructure of a NATO country or countries could equate to an armed attack, justifying retaliation. The warnings appear to now have come true. Recently, NATO members were the target of a series of cyber attacks said to be linked back to Russian hackers.

That appears to be exactly what is on the mind of NATO Commanders. Multiple sources say NATO is now considering the use of military force against enemies who launch cyber attacks on its member states. Many world leaders now fear that future cyber attacks will escalate up into a full blown cyber war and possibly evolve into a conventional form of conflict. Just recently, security and military advisors around the world have expressed their concern that a successful cyber attack on the critical infrastructure of a NATO country could lead to defense measures under article 5.
Reference: NATO: Article V and Collective Defense

Article 5 is a key component of the 1949 NATO Charter and states that any armed attack on one or more NATO countries would be considered an attack against all NATO countries. One thing is certain, the cyber threat situation is very dynamic and the proliferation of cyber weapons persists and capabilities of cyber weapons continue to increase. Once again the international rules of cyber conflict need to be developed and agreed upon.

Read more: http://defensetech.org/#ixzz0qCkRWL8N
Defense.org

Cyber Security Cheat Sheet

By Noah Shachtman June 9, 2010 | 5:11 pm | Categories: Paper Pushers, Beltway Bandits, Politicians

Last week, Danger Room provided a sneak peak at Senator Joe Lieberman’s bill to give the federal government “emergency” powers over civilian networks’ security, if there’s an “imminent cyber threat.”

Tomorrow, Senators Lieberman and Susan Collins officially introduce that legislation, the “Protecting Cyberspace as a National Asset Act of 2010.” It’s one of a half-dozen such measures kicking around Congress. Here’s a handy cheat sheet, provided by a friend on Capitol Hill, for what’s in each bill.

http://www.wired.com/images_blogs/dangerroom/2010/06/2010_06_09_13_45_47.pdf

Read More http://www.wired.com/dangerroom/#ixzz0qPhEBURd

DHS Geek Squad: No Power, No Plan, Lots of Vacancies

By Noah Shachtman June 16, 2010 | 2:46 pm



Looking at this pic from Homeland Security I think I can spot the problem. The people shown are too old, too Yuppie and not Nerdy enough..........looks like professional Civil Servants trying to do what is a Geek function. Could it be they are approaching this completely from the wrong direction? Nah, couldn't be, they'd never do something so fundamental............ :jerkit

The federal government still sucks at protecting its networks. One big reason why: The agency that’s supposed to tighten up Washington’s information security has neither the authority nor the manpower to respond effectively to the threat of electronic attacks.

Back in 2003, the Department of Homeland Security set up with U.S. Computer Emergency Readiness Team (US-CERT) to spot vulnerabilities in the government’s networks, and coordinate responses when those flaws are exploited. But seven years later, US-CERT is still “without a strategic plan,” DHS Inspector General Richard Skinner tells the House Homeland Security Committee.

The group is working at less than half-strength, with 45 of 98 positions filled. And when US-CERT finds holes in the networks, all it can do is gently suggest recommendations to other federal agencies. Those other groups don’t have to listen.

In theory, DHS is in charge of dot-gov network defenses. Under a new bill proposed by Senator Joe Lieberman, the department would also assume control of certain civilian networks’ security in the event of an “imminent cyber threat.”

In reality, DHS’ geek squads are not nearly as big or as well-equipped as the ones in the Pentagon and in the intelligence agencies. Functionally, that puts the secretive National Security Agency and the military’s new Cyber Command in charge when cyber attacks get serious. “That is the structure of the cyber policy plan that the president announced, so we absolutely intend to use the technical resources, the substantial ones that NSA has,” Homeland Security chief Janet Napolitano told Danger Room last year.

Richard Bejtlich, a former Air Force cybersecurity officer now with General Electric, puts it a little more pithily: “When you’re in trouble, you go to the guys who actually have a clue.”

Even Napolitano’s most technically adroit troops are having trouble keeping tabs on the traffic inside government networks.

“US-CERT does not have an automated correlation tool to identify trends and anomalies,” Skinner observed. So it takes them a long time before they can spot vulnerabilities. DHS recent bought “an automated correlation tool to analyze the vast amount of data…. However, US-CERT is currently experiencing problems with reconfiguring the tool to collect data and understand the overall data flow. US-CERT management stated that it may be six months before the problems are corrected and the benefits of the system can be seen.”

Photo: Department of Homeland Security

Read More http://www.wired.com/dangerroom/2010/06/dhs-geek-squad-understaffed-with-no-juice-and-no-plan/#more-26140#ixzz0r4Na2E1x

Ares

A Defense Technology Blog

Cyber War In Focus

Posted by Robert Wall at 6/17/2010 2:46 AM CDT

Estonia’s Cooperative Cyber Defense Center of Excellence is hosting a meeting of over 200 specialists looking at various aspects of cyber war.

In 2007, Estonia gained first hand experience with cyber conflict. When the country removed a Soviet-era war memorial, computer attacks originating in Russia took down much of the country’s digital infrastructure, serving also as a wake-up call to other European countries the new threat needs to be taken seriously.

Legal aspects are to be looked at, as well as technical considerations. Defense ministry, academic and business representatives are being hosted.

But what is still lacking is a more concerted discussion in Europe about exercising cyber warfare skills and, possibly, setting up a test range to train personnel and develop procedures.

Protecting the SMART Grid From Cyber Attack

By Kevin Coleman
Defense Tech Cyber Warfare Analyst

Acts of cyber aggression and physical attacks against our critical infrastructure would be catastrophic events. Many believe a successful attack is inevitable, while others believe the threat is over-blown. One thing everyone agrees on is the fact that protection against cyber and physical attacks must be in place.

As discussed on this blog earlier the CIA and others have long warned of cyber threats against the nation’s critical infrastructure. Recent alarm bells have focused on the SMART GRID, which has been the rage as of late. Many point to these SMART devices as yet another exposure to acts of cyber aggression; efforts are underway to address SMART GRID security.

The Wall Street Journal (April 2009) cited intelligence sources that claim the power grid has already been compromised by Russia and China. Both of these countries were said to have installed malicious code that they could activate and disrupt or destroy portions of the grid at their command. If you believe this report and others from members of our intelligence sources, our grid is already compromised and it looks like Washington is now taking action.

Read more: http://defensetech.org/#ixzz0r9Axy6gn
Defense.org

Experts to NATO Nations: Prepare Now For Cyberwar

AGENCE FRANCE-PRESSE

Published: 18 Jun 2010 14:28

TALLINN, Estonia - NATO governments and the public must wake up to the threat of cyberattacks, which could paralyze a nation far more easily than conventional warfare, experts warned June 18.

"Cybercrime and cyber espionage are topics that can't be ignored," said Melissa Hathaway, former U.S. cyber czar, at a conference in Estonia organized by NATO's IT defense unit.

"Key infrastructure, including power stations, have become vulnerable due to their dependence on Internet connections," Hathaway said.

"There is no national security in the modern world without economic security, and both companies and private citizens should also realize the depth of the problem."

Charlie Miller, a security expert who launches test assaults on IT systems, emphasized that cyberwar is far easier than a conventional attack.

"It would take two years and cost less than $50 million a year to prepare a cyberattack that could paralyze the United States," Miller warned.

Such an attack could involve fewer than 600 hackers, he added.

Estonia is home to a unit known in NATO jargon as the Cooperative Cyber Defence Centre of Excellence.

Bitter experience taught Estonia, one of the world's most wired nations and a NATO member since 2004, all about cyberattacks.

The Baltic state of 1.3 million people suffered an assault in 2007 that paralyzed key business and government Internet services for days.

It came as Estonian authorities shifted a Soviet-era war memorial from central Tallinn to a cemetery site. The monument, erected when Moscow took over after World War II, became a flashpoint following independence in 1991 for rallies by Estonia's ethnic-Russian minority.

Estonia blamed Moscow for stoking riots in Tallinn as the memorial was moved, and said the cyberattacks were traced to Russian official servers. Russia denied involvement.

Despite Estonia's experience, people elsewhere have not woken up, said British Defence Ministry expert Gloria Craig.

"It's still hard to convince the public that a cyberattack is an attack, when people don't see a smoking gun," Craig said. "As of now NATO is not prepared for a global cyberattack."

U.S. specialist Bruce Schneier, however, said the current threat should not be overplayed.

"Building tanks does not mean you fear you could be overrun by a military force right now. It pays to build tanks and it pays to prepare for cyberwar, but I don't believe that's a fear we should worry about right now," Schneier said.

"It's very easy to invent scare scenarios but this does not mean we should actually be scared by them," he said.

Schneier said, however, that it time to prepare now so that sci-fi style scenarios never become reality.

Ares

A Defense Technology Blog

Cyber-warriors Say Darpa is Too Slow

Posted by David A. Fulghum at 6/18/2010 3:33 PM CDT

Defense and aerospace industry officials say they love the work that Darpa does, but in the cyber-world, the organization is proving itself too slow to be relevant.

The military and intelligence agencies are frustrated by the prospect of a multi-year development time for a cyber range proposed by the Defense Advanced Research Projects Agency (Darpa) where cyber-offense and defense can be practiced in a full-scale, electronically sterile environment. So they have already started building their own.

“When cyber-ranges became a topic of interest, [the desire for access] exploded across the services,” says a senior official involved in the project. “Everybody wanted a range, but Darpa’s program was a 6-7 year effort to put a national cyber-range in place. That’s why support eroded. Everybody wanted it quicker.”

In May 2008, Darpa announced a four-phase National Cyber-Range (NCR) project. Seven teams were picked to prepare plans for phase one – the initial designs, concepts of operation and system demonstrations. The competitors were later pared in Feb. 2010 to two prime contractors – Johns Hopkins University’s Applied Physics Laboratory and Lockheed Martin’s Simulations, Training and Support division – for phase two that will see the building and evaluation of prototype ranges.

“Darpa is committed to phase two,” the official says. “But they appear to be backing away from phase three, the actual building of the range. They got a lot of pushback from the military [and intelligence agencies].”

These potential customers want a bigger role in determining how and how much they could use the ranges. A historical complaint about Darpa has been its problems with transitioning technology from the laboratory into operational use.

“The services didn’t want to wait around for Darpa,” the official says. “The Navy’s 10th Fleet cyber-command wants to expand a small range at Network Warfare Command in Little Creek, Va. The National Security Agency wants a range at Fort Meade, Md. And the 24th Air Force wants its own capabilities.”

In fact, the U.S. Air Force’s Big Safari organization – that for 50 years has quietly built classified intelligence, surveillance and reconnaissance systems on a fast reaction basis – has begun planning and designing a new capability that is being referred to as “Cyber-safari.”

Big Safari was responsible for creating aircraft like the RC-135W Rivet Joint signals intelligence aircraft, the RC-135S Cobra Ball long-range, infrared, ballistic missile surveillance aircraft, U-2 payloads and put weapons on the Predator A and B remotely piloted aircraft. That kind of fast-moving acquisition structure is considered a requirement for success in the cyber-world.

Battle For Cyber-Range: Military Dumps Darpa

Jun 21, 2010



By David A. Fulghum

The establishment of a National Cyber-Range looks likely to become yet another victim of Moore’s Law, which says digital technology become antiquated in about 18 months.

U.S. military and intelligence agencies—put off by the years-long development time line for a cyber-range proposed by the Defense Advanced Research Projects Agency (Darpa)—are building their own.

“When cyber-ranges became a topic of interest, [the desire for access] exploded across the services,” says a senior official involved in the project. “Everybody wanted a range, but Darpa’s program was a 6-to-7-year effort to put a national cyber-range in place. That’s why support eroded. Everybody wanted it quicker.”

In May 2008, Darpa announced a four-phase National Cyber Range project. Seven teams were selected initially to prepare plans for phase one—the initial designs, concepts of operation and system demonstrations (Aerospace DAILY, Jan. 9, 2009).

The competitors were later pared in February 2010 to two prime contractors—Johns Hopkins University’s Applied Physics Laboratory and Lockheed Martin’s Simulations, Training and Support division—for a second phase that will see the building and evaluation of prototype ranges.

“Darpa is committed to phase two,” the official says. “But they appear to be backing away from phase three, the actual building of the range. They got a lot of push back from the military [and intelligence agencies].”

These potential customers want a bigger role in determining how and how much they could use the ranges. A historical complaint about Darpa has been its problems with transitioning technology from the laboratory into operational use.

“The services didn’t want to wait around for Darpa,” the official says. “The Navy’s 10th Fleet cyber-command wants to expand a small range at Network Warfare Command in Little Creek, Va. The National Security Agency wants a range at Ft. Meade, Md., and the 24th Air Force wants its own capabilities.”

In fact, the U.S. Air Force’s Big Safari organization—which for 50 years has quietly built classified intelligence, surveillance and reconnaissance systems on a fast-reaction basis—has begun planning and designing what is being referred to as “Cyber Safari.”

Big Safari was responsible for creating systems like the RC-135W Rivet Joint signals intelligence aircraft, the RC-135S Cobra Ball long-range, infrared, ballistic missile surveillance aircraft and U-2 payloads. The group also put weapons on the Predator A and B remotely piloted aircraft. That kind of fast-moving acquisition structure is considered a requirement for success in the cyber-world.

Photo credit: U.S. Air Force

NSA Gets Geeky After Dark, New Docs Show

By Katie Drummond June 21, 2010 | 2:40 pm



It’s an agency staffed by some of the government’s top hackers, brainiest cryptographers, and most sophisticated network defenders. But when employees at the NSA aren’t playing Big Brother, pwning foreign networks or coming to the aid of hacked companies, it turns out they’re (surprise!) up to some exceptionally geeky business in their spare time.

Government Attic has a collection of documents, finally obtained two years after the organization filed a Freedom of Information Request, that detail the super-secret spy agency’s various extracurricular activities. The 64-page release describes, mostly in newsletters and group announcements, the goings-on of 12 different “Learned Organizations” formed by NSA staff members.

Most of the clubs revolve around cryptoanalysis, communications analysis and language translation. Which is pretty much what employees at the NSA do from 9 to 5 — and, it seems, still shell out $15 in annual fees to do on evenings and weekends, too.

But at least on evenings and weekends, snacks are involved. Members of the Crypto-Linguistics Association (CLA), a club that’s devoted to “engag[ing] its members in language-related activities,” also have a flair for fine global cuisine. The documents include a photo of the “CLA International Cookbook: A Collection of International Delights,” which must boast some 5-star recipes: it was classified as “top secret” until Government Attic’s 2008 request.

In their Tales from the KRYPT newsletter, one member of the KRYPTOS Society (“established in 1981 to promote interest in cryptoanalysis”) offers a summary of the group’s annual awards luncheon, held at Ft. Meade’s “Club Meade,” where prizes were doled out to winners of the annual KRYPTOS Literature Contest (top prize went to: “Fast Identification of Particular Features in a Specific Application Generated by a Particular Algorithm”).

And then there’s the Crypto-Mathematics Institute (CMI), which seems kinda like the more exclusive version of KRYPTOS. The club’s manifesto includes six pages on entry-application requirements and the complex process of electing the club’s president, president-elect and executive director. They’ve also got a serious thing for word puzzles, with a fun nine-page test (some of which, they confess, was cribbed from the “Kryptos Kristmas Kwiz”) that includes such brain-busters as “Although it might ‘pain’ you to hear it, HEADACHE cannot follow. What word could follow and why?”

Uptight, sure, but CMI’s not above a good party. The group’s newsletter advertises a June tea social and a movie night, and it hawks 50th Anniversary Commemorative Puzzle Books. (“It will take another fifty years for you to solve these puzzles. So get to it!”) And like any club worth its membership dues, they’ve also got T-shirts. (“Short-sleeved and breezy cotton. Just right for the outdoor season. Be the envy of Princeton and La Jolla.”)

For the NSA’s artistic types, the Pen & Cursor Society (P&CS) sponsors “creativity seminars,” where members are invited to “explore childhood memories,” “break rules!” and “fertilize the garden in which you grow ideas.” And ideas seem welcome among P&CS members — the group’s newsletter includes a feisty editorial, “Combo-Words: When Will They End?” deriding terms like “Eurotrash, psychobabble [and] infotainment” that “permanently sully any words beginning with the same forms.”

Alas, Wired nerds need not apply. The clubs are all restricted to NSA staffers, although the agency opted to protect the geeky parties, by omitting club member names and club websites throughout the documents. “Certain information … has been deleted from the enclosures,” the NSA’s letter to Government Attic reads, “[where] its disclosure could reasonably be expected to cause exceptionally grave damage to national security.”

Photo: 2006 NSACSS Director’s Trophy via U.S. Marine Corps

Read More http://www.wired.com/dangerroom/2010/06/nsa-gets-geeky-after-dark-new-docs-show/#more-26277#ixzz0rWtt3PS4

Our own home-grown stupidity in the name of Cyber Combat..............:doh

'Secure your PC or lose the net'

ASHER MOSES

June 22, 2010 - 4:12PM

Australians would be unable to access the internet without having anti-virus and firewall programs installed and a virus-free machine under a new plan put forward by a year-long parliamentary cyber-crime inquiry.

A prominent cyber-security consultant, Alastair MacGibbon, who is a former director of the AFP's Australian High Tech Crime Centre and eBay's former security chief, has called for the proposal to be taken a step further by forcing ISPs to monitor the security of users' machines and block them from connecting if their browsers, security and operating system software are not up to standard.

But Peter Coroneos, chief executive of the Internet Industry Association (IIA), has questioned whether such ideas are practical and says the government would not be able to enforce the content of ISPs' contractual relationships with customers.

Other recommendations put forward in the report by the House of Representatives Standing Committee on Communications - titled Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime - include the establishment of an Office of Online Security and 24-hour hotline where people could report cyber crime without having to go to a police station.

It also suggests a mandatory obligation on ISPs to inform users when their machines are infected and, if necessary, disconnect them from the internet until the affected machine is fixed.

Users would also have contractual obligations requiring them to install anti-virus software and firewalls before their internet connection is activated. They would have to keep their e-security software updated and take reasonable steps to inoculate their computers when notified of a suspected malware compromise.

"The Internet Service Providers should not shoulder a disproportionate amount of the cyber crime burden, but ISPs are in a unique position to inform consumers if their computer is infected," said committee chairwoman Belinda Neal.

"End users must also take responsibility for protecting themselves online to prevent the spread of computer viruses to the rest of the community."

This goes a step beyond the IIA's voluntary code of practice, which does not include anything about forcing users to have security software installed. The code provides a range of responses to users with infected machines, including temporary quarantining on the ISP's network, but all of it is voluntary.

"For a start there's a jurisdictional question here. You can't dictate to ISPs what ought to go in their contracts," Coroneos said in a phone interview.

"We've put forward what we consider to be workable guidelines for the industry. There's always a balance between the ideal and the practical ... people have argued that people shouldn't be on the internet without the equivalent of a driver's licence. Some might say that's a good idea, but is that practical?"

MacGibbon argues for an even stronger process than was recommended by the inquiry, saying ISPs should be required to monitor whether people going online have security software installed and prevent them from connecting to the net if they don't.

He said this requirement could possibly be hitched to people subscribing to the upcoming National Broadband Network.

"There is software available, which could be on end-user machines, that would allow my ISP, as I log in, to check that I have my firewall turned on, that I have an antivirus that [it] approves or recommends installed on my computer, and that my operating system and browser are patched. And if those things aren't met, then [my ISP would not] give me [access]," MacGibbon said.

Colin Jacobs, chairman of the online users' lobby group Electronic Frontiers Australia, complained that this would be the equivalent of installing "spyware" on users' computers.

MacGibbon acknowledged the measure might sound harsh but noted that we expect this level of regulatory approach in the offline world, likening it to car safety regulations such as those forcing people to wear seatbelts.

"We know that anti-virus and firewalls and patching systems and all those other things reduce the likelihood of things going wrong; if we know that those things will protect us, why is it that as a nation we aren't mandating those systems be installed on computers and maintained?" he said.

MacGibbon applauded the recommendations to set up a 24-hour cyber-crime hotline and to conduct a "public health style" education campaign. He said today it was difficult for victims of cyber crime to get help.

"You've essentially been forced down the path of going to your local police service, maybe the AFP, maybe ACMA [the Australian Communications and Media Authority], and, unless it fitted exactly with their interpretation of their jurisdictional responsibilities and priorities, it's very unlikely that you could get any help," he said.

The committee placed particular emphasis on the proliferation of "botnets", the use of a network of computers to launch attacks, host websites or scan for vulnerabilities in other networks.

More than 10,000 Australian computers a day were affected in this way last year, ACMA told the inquiry.

"The trouble with botnets is previously if your computer was infected it would be obvious, but botnets can be in control externally and you may be completely unaware," said Neal.

MacGibbon said he was "very supportive" of the bulk of the 34 recommendations contained in the inquiry report, which is several hundred pages long.

"It's a pleasantly insightful report in an area where it's too easy for politicians and bureaucrats to say that it's all the responsibility of the end user and we should just run an education campaign," he said.

The Communications Minister, Stephen Conroy, did not respond to questions asking which recommendations from the inquiry he would adopt and implement.

Senator Conroy was not one of the 13 MPs on the parliamentary committee but the Opposition communications spokesman, Tony Smith, was.

- with Dylan Welch

Obama internet 'kill switch' bill approved

ASHER MOSES

June 25, 2010


The architect of the bill ... US Senator Joe Lieberman. Photo: AP

The US senators pushing a controversial new bill that some fear would give President Barack Obama the powers to seize control of and even shut down the internet have rejected claims it would give Obama a net "kill switch".

The bill, titled Protecting Cyberspace as a National Asset Act, has been unanimously approved by the US Homeland Security committee and will be put to a vote on the Senate floor shortly.

Lobby groups and academics quickly rounded on the bill, which seeks to grant the President broad emergency powers over the internet in times of national emergency.

Any internet firms and providers must "immediately comply with any emergency measure or action developed" by a new section of the US Department of Homeland Security, dubbed the "National Centre for Cybersecurity and Communications".

The critics said that, rather than combat terrorists, it would actually do them "the biggest favour ever" by terrorising the rest of the world, which is now heavily reliant on cyberspace.

Australian academics criticised the description in the bill's title of the internet as a US "national asset", saying any action would disrupt other countries as most of the critical internet infrastructure is located in the US.

This week, 24 privacy and civil liberties groups sent a letter raising concerns about the legislation to the sponsors, including that it could limit free speech and free inquiry, Computerworld reported.

"We are concerned that the emergency actions that could be compelled could include shutting down or limiting internet communications," the letter reads.

But the architects of the plan, committee chairman Senator Joe Lieberman and Senator Susan Collins, have this week released a "Myth v. Reality" document that hits back at these criticisms.

They say the threat of a catastrophic cyber attack is real and not a matter of "if" but "when". Cyber crime was also costing the US economy billions of dollars annually and the bill would "modernise the government's ability to safeguard the nation's cyber networks from attack and will establish a public/private partnership to set national cyber security priorities".

The senators rejected the "kill switch" claim, arguing that the President already had authority under the Communications Act to "cause the closing of any facility or station for wire communication" when there is a "state or threat of war".

They said under the new bill the President would be far less likely to use the broad authority he already has under current law to take over communications. It would provide "a precise, targeted and focused way for the President to defend our most sensitive infrastructure".

Any action would be limited to 30-day increments and the President must use the "least disruptive means feasible" to respond to the threats. Action extended beyond 120 days would need Congressional approval.

The bill would not give the President the authority to take over the entire internet, target specific websites or conduct electronic surveillance.

"Only specific systems or assets whose disruption would cause a national or regional catastrophe would be subject to the bill's mandatory security requirements," the senators wrote.

Ares

A Defense Technology Blog

A Roach Motel for Malware?

Posted by Bill Sweetman at 6/30/2010 6:57 AM CDT



Talk about a black box solution. Start-up company InZero Systems appeared last week in Washington DC to present its solution to cybersecurity problems, which is literally a black box with a couple of switches, a few indicator lights and power, network and USB connections.

The company claims that it is unhackable. At last week's demo, Philip Zimmermann, the inventor of the PGP encryption tool, described InZero as "like nothing else I have seen" and said that he hadn't seen a way to break into it. The audience included Google's chief "evangelist" Vint Cerf, regarded as one of the founders of the internet, and senior advisors to the administration.

InZero founder Louis Hughes said that the company had issued a public challenge to hackers to break through it and recover data files - called "flags" - on a specially constructed network. Hughes pointed out that this is a "bet the company" move: a success would be the end of the road. As of last week, InZero reported two million attacks, including 250,000 out of China, with no successes.

InZero is the invention of Ukrainian computer engineer Oleksiy Shevchenko, and what makes it different is that it is based on hardware, not software. The black box contains a second computer, operating system and apps that you would normally use to access the web, all stored in read-only memory and remotely controlled from the protected computer. Result: the operator can read and access anything on the net, but malware cannot spread to the PC and the protected network.

Optionally, the user can download data from trusted sites, or store a file from an untrusted site in an encrypted form that prevents malware from executing. That file can still be viewed and edited but only on the secure side of the InZero platform.

Cerf seemed impressed but not totally convinced, pointing out that the first edition of the device protects only desktop PCs and not mobile devices, and that proper protection and management of these devices would require a great deal of support. Although InZero is designing laptop hardware (which replaces the DVD drive) Cerf notes that "it's an operational challenge to maintain software on laptops" which is one reason for the move to cloud computing, where apps reside on the internet and are updated without reference to individual computers.

Another question: how do we know that the InZero box is safe? Hughes says that the company "has been quite paranoid" about that issue. The software, designed in the Ukraine and Siberia, has been independently checked for backdoors. Although most of the hardware is commercial off-the-shelf, he says, there are "several secret chips that control everything, and a killer chip if you try to disassemble the device."

Congress Looks to Tackle Cyber Threats

July 06, 2010

San Jose Mercury News

WASHINGTON -- Amid amplifying alarms that the U.S. is unprepared for a cyberattack that could cripple electricity grids, shut down water and sewage systems or freeze up the financial system, momentum is building in Congress to pass major legislation to boost the country's cyber defenses.

But as lawmakers appear poised to act within months, privacy advocates are concerned about how much control a new law would vest in the federal government to monitor communications over private networks or to control the Internet in the event of an attack. Yet with CIA Director Leon Panetta recently calling a potential cyberattack one of the most underappreciated national security dangers, the need to do something is not in dispute.

"A full-scale cyberattack," Sen. Joe Lieberman, chairman of the Senate Homeland Security and Governmental Affairs Committee, said at a June hearing, "could lead to the death and injury of thousands of people, and could cost our economy billions of dollars."

Counterterrorism experts warn that sophisticated cyberattacks could disable aviation systems, force subways to crash, create massive blackouts and cause dams to fail.

After years of discussions about the nation's vulnerabilities, the debate in Washington has gathered steam in recent months, driven in part by the December cyberattack originating from China on Google and dozens of other companies. The fundamental worry is this: With so much of the nation's critical

infrastructure -- from electricity grids to financial systems -- run by computers over the Internet, there is no coordinated plan in place to monitor cyber threats or respond to a major attack. Exacerbating the challenge, experts say, is that the vast majority of that infrastructure is controlled by private companies, all having different cybersecurity measures of varying effectiveness.

"A lot of the country's assets that used to be just physical are now" controlled by computers "and the government is struggling with how to make that transition," said Kevin Richards, a senior manager for Symantec, the computer security firm.

One of the main bills pending in Congress would establish a cybersecurity chain of command in the federal government and create a clearinghouse for private owners of critical infrastructure to share information about intrusions or threats to their computer networks. A new agency within the federal Department of Homeland Security would implement cybersecurity measures for government agencies and key private sector firms alike.

Sponsored by Sens. Lieberman, Susan Collins, R-Maine, and Thomas Carper, D-Del., and approved in late June by the homeland security panel, the bill, S3480, is one of many cybersecurity measures pending in Congress. Senate Majority Leader Harry Reid, D-Nev., wants the authors to meld their ideas into one bill that could come to the Senate floor possibly this summer or fall.

But controversy is simmering over key issues. Some critics have accused Lieberman of attempting to give the president a "kill switch" to turn off the Internet after a cyberattack. The senator denied the charge, noting that his bill would actually narrow the president's powers over the Internet in the event of a cyberattack compared with what he's authorized to do under current law.

Debates remain about how much control to hand the president and federal government to respond to a cyber emergency, whether that power could threaten privacy and civil liberties, and what information owners of critical infrastructure should be required to share with the government in the name of cybersecurity. Lieberman's bill would allow the president to declare an emergency and compel owners of key infrastructure to take actions -- including shutting off Internet communications if another less intrusive measure was not available -- in response to an attack. The emergency powers would last 120 days at most and would have to be renewed by Congress to extend beyond that.

"The biggest concern is that the government not be put in the middle of private networks so that it monitors private communications for cybersecurity purposes," said Gregory Nojeim, senior director at the Center for Democracy & Technology.

Another key provision focuses on developing cybersecurity expertise, an area in which the U.S. lags far behind countries such as China, said Alan Paller, director of research for the SANS Institute, a cybersecurity training school.

"There's a radical shortage of cybersecurity talent," he said. "It's probably the main ingredient we have not done anything about."

Contact Mike Zapler at 202-662-8921.

chain of command and control

A bill approved in late June by a Senate committee would allow the president to declare an emergency and compel owners of key infrastructure to take actions "" including shutting off Internet communications if another less intrusive measure was not available "" in response to an attack. Debates remain about how much control to hand the president and federal government to respond to a cyber emergency, whether that power could threaten privacy and civil liberties, and what information owners of critical infrastructure should be required to share with the government in the name of cybersecurity.

© Copyright 2010 San Jose Mercury News. All rights reserved.

Major Cyber Security Conference Set for Singapore

By WENDELL MINNICK

Published: 8 Jul 2010 07:11

TAIPEI - Singapore will host the first Regional Collaboration in Cyber Security conference from July 13-14 at the Shangri-La Hotel. The conference will cover cyber terrorism, information operations, cyber warfare, wireless hacking and cyber crime.

The U.S. National Defense University (NDU) Information Resources Management College (NDU iCollege) and the National University of Singapore (NUS) Institute of Systems Science (ISS) are jointly hosting the conference.

The theme of the conference is "Securing the Cloud, Web, and Virtual Networks," with a keynote speech by Jaak Aaviksoo, Estonia's Defense Minister. Aaviksoo was invited specifically to talk about the 2007 Estonian cyber war, said Robert Childs, NDU iCollege senior director.

The Estonian incident has sometimes been referred to as "Web War I" and Estonian officials blamed Russia for the intrusions.

The conference will have over 24 speakers and panelists, including John Grimes, former U.S. assistant secretary of defense for networks and information integration; Brigadier General Mark Perrin, U.S. Army, J-2, U.S. Forces Korea; Brigadier General Brett Williams, director, C4 Systems/J-6, U.S. Pacific Command; Brigadier General David Koh, director of military security, Ministry of Defense, Singapore; James Heath, technical director, U.S. Forces Korea, special advisor for cyber operations; and David Aucsmith, senior director, Institute for Advanced Technology in Governments, Microsoft.

"The ISS is known for its broad-based advanced professional continuing education in information technology (IT) specializing in software technology and engineering practice and provides industry with strategic IT management, e-business and knowledge management expertise," said a conference press release.

NDU iCollege and NUS-ISS are coordinating with the U.S. Pacific Command, the Asia-Pacific Center for Security Studies (APCSS) and Singapore's Ministry of Defense to put on the conference. Over 400 attendees are expected for the conference. APSCC is a U.S. Defense Department academic institute based in Honolulu, Hawaii.

Attendees will be a mix of senior-level government and private-sector representatives from Asia and the U.S. needing to form relationships and collaborate on cyber security issues, Childs said.

Singaporean speakers and panelists will also include Meng-Chow Kang, co-chair, Regional Asia Information Security Exchange (RAISE); Lim Swee Cheang, director, NUS-IISS; Derek Kiong, NUS-ISS, a specialist on wireless tracking; and Thomas Kok, NUS-ISS, a specialist on e-Crime management.

"We are now planning other conferences on the same topic at regional locations around the world," Childs said. "This is the first one and we envision it will be the start of an annual series of conferences on cyber security issues."

How To Stop Cyberattacks: Diplomacy. Well, Maybe.

By Spencer Ackerman July 8, 2010 | 3:35 pm



If you attended today’s still-unfolding big cybersecurity confab in Washington, sponsored by the Armed Forces Communications & Electronics Association, you heard a parade of military officers and Obama administration officials say — well, not a whole lot.

It’s hard to defend against a cyberattack… Everyone — civilian and military, public and private sector — needs to work together and pool resources and information… Incentivize cooperation… The supply chain is vulnerable… U.S. Cyber Command is developing integrated planning and operational frameworks…

And then there was Bruce Held.

Held is the Department of Energy’s intelligence chief and he said he spoke from the perspective of a longtime intel hand. His answer to the cybersecurity problem: diplomacy.

Well, sort of. For Held, it’s a probability issue. “A static cyber defense can never win against an agile cyber offense,” he told a panel this morning discussing the prevention of catastrophic cyberattacks. “You beat me 99 times, I will come after you 100 times. Beat me 999 times, I will come after you 1000 times, and we will beat you.” If you want to protect the nation’s electricity grid, beefing up security for it — physical security, cybersecurity, etc. — quickly becomes prohibitively expensive. “You need a protection strategy,” he said, and that means you have to change the game.

How? For starters, don’t compartmentalize cybersecurity as a job for the military’s new U.S. Cyber Command or the guardians of civilian networks at the Department of Homeland Security. Treat cybersecurity as component of a broad national defense strategy, rather than a techie-driven deviation from it. Unleash the diplomats and prepare the economic sanctions packages, in other words, if you want to prevent your servers from getting fried.

To take it a step further: it’s about making an adversarial foreign power reconsider launching an attack. “If you wish to influence my behavior, you have to impose risks and consequences on me,” Held continued. “It does not have to be perfect. You just have to impact my behavior.” Someone’s been playing Diplomacy

Can you spot the presumptions behind Held’s contention? Sure you can. One: we’ll be able to attribute attacks to specific state actors. Well, will we? You can launch a cyber attack from proxy servers in third countries to conceal your identity. Brigadier General John Davis, the director of current operations for Cyber Command, said forthrightly during the same panel discussion that his “number-one challenge” was developing “situational awareness” of the cyberthreats that the U.S. faces.

As an intel guy, Held said he thought the “cyber people tend to make it impossible” to figure out who’s going after your networks. “You don’t need the specific computer it’s coming from. You need to know what country it’s coming from.” But what about those third-country servers?

Two: big cyberattacks are instruments of state power. Bands of hackers and cybercrooks aren’t diplomatic problems. They’re law enforcement problems. So Held at least implicitly reserved his remarks for something like a hypothetical bot attack that took out tens of millions of cellphone subscribers and then followed up with a strike on part of the nation’s electricity grid. That’s a nightmare scenario dreamed up by the Bipartisan Policy Center, an inoffensive Washington think tank earlier this year, for a kind of breathless dramatization of the threat, called Cyber Shockwave. Take a look:



Something like that is unlikely to be “just a hacker,” Held said. “It’s close to a very unfriendly act. Some might say an act of cyber war.”

General Davis indicated that Cyber Command is on a similar wavelength. One of the challenges for the new command is to “wipe some of the routine threats off the radar,” he said, thereby allowing “the intelligence community to focus on the sophisticated threats.” Whoa, say what? Does that mean that the new military command co-located within the National Security Agency is going to leave the most challenging cyber-defense — and offense – tasks to the spooks?

Davis later clarified to Danger Room that he meant that the command wanted to “put the basic cyber standards in place” across users of the military’s networks (you know, the sites ending in .mil) so the command wouldn’t waste time responding to phishing efforts. “Don’t click on unknown or malicious software,” Davis said. “Basic blocking and tackling.” CYBERCOM: your military tech support. Unfortunately, I wasn’t able to draw Davis out on what he meant by leaving the intel folks to focus on the “sophisticated threats.” Cybercom remains something of a military/intelligence cipher text.

Held, though, capped his point with an analogy. “We never secured New York City from a Soviet nuclear attack,” he observed, “but we protected it very well through the use of broader national deterrent powers.” In other words: Get ready for a Cyber Cold War.

Credit: DoD

Read More http://www.wired.com/dangerroom/2010/07/how-to-stop-cyberattacks-diplomacy-well-maybe/#more-27226#ixzz0t8dXz3U9

15 nations agree to start working together to reduce cyberwarfare threat

By Ellen Nakashima
Washington Post Staff Writer

Saturday, July 17, 2010

A group of nations -- including the United States, China and Russia -- have for the first time signaled a willingness to engage in reducing the threat of attacks on each others' computer networks.

Although the agreement, reached this week at the United Nations, is only recommendations, Robert K. Knake, a cyberwarfare expert with the Council on Foreign Relations, said it represents a "significant change in U.S posture" and is part of the Obama administration's strategy of diplomatic engagement.

Among other steps, the group recommended that the U.N. create norms of accepted behavior in cyberspace, exchange information on national legislation and cybersecurity strategies, and strengthen the capacity of less-developed countries to protect their computer systems.

When the group last met in 2005, they failed to find common ground. This time, by crafting a short text that left out controversial elements, they were able to reach a consensus.

"It is a step forward," said an Obama administration official familiar with the discussions, who was not authorized to comment on the record and spoke on the condition of anonymity. "There's been an increased understanding of the international need to address the risk."

For about the past decade, U.S. efforts to work with global partners in cyberspace have centered on combating crimes online. This left aside the more sensitive issues of state involvement in or responsibility for cyber intrusions into critical computer systems.

The Russians proposed a treaty in 1998 that would have banned the use of cyberspace for military purposes. But the United States has not been willing to agree to that proposal, given that the difficulty in attributing attacks makes it hard to monitor compliance.

Others in the group are Britain, France, Germany, Estonia, Belarus, Brazil, India, Israel, Italy, Qatar, South Korea and South Africa.

Exclusive: Google, CIA Invest in ‘Future’ of Web Monitoring

By Noah Shachtman July 28, 2010 | 7:30 pm



The investment arms of the CIA and Google are both backing a company that monitors the web in real time — and says it uses that information to predict the future.

The company is called Recorded Future, and it scours tens of thousands of websites, blogs and Twitter accounts to find the relationships between people, organizations, actions and incidents — both present and still-to-come. In a white paper, the company says its temporal analytics engine “goes beyond search” by “looking at the ‘invisible links’ between documents that talk about the same, or related, entities and events.”

The idea is to figure out for each incident who was involved, where it happened and when it might go down. Recorded Future then plots that chatter, showing online “momentum” for any given event.

“The cool thing is, you can actually predict the curve, in many cases,” says company CEO Christopher Ahlberg, a former Swedish Army Ranger with a PhD in computer science.

Which naturally makes the 16-person Cambridge, Massachusetts, firm attractive to Google Ventures, the search giant’s investment division, and to In-Q-Tel, which handles similar duties for the CIA and the wider intelligence community.

It’s not the very first time Google has done business with America’s spy agencies. Long before it reportedly enlisted the help of the National Security Agency to secure its networks, Google sold equipment to the secret signals-intelligence group. In-Q-Tel backed the mapping firm Keyhole, which was bought by Google in 2004 — and then became the backbone for Google Earth.

This appears to be the first time, however, that the intelligence community and Google have funded the same startup, at the same time. No one is accusing Google of directly collaborating with the CIA. But the investments are bound to be fodder for critics of Google, who already see the search giant as overly cozy with the U.S. government, and worry that the company is starting to forget its “don’t be evil” mantra.



America’s spy services have become increasingly interested in mining “open source intelligence” — information that’s publicly available, but often hidden in the daily avalanche of TV shows, newspaper articles, blog posts, online videos and radio reports.

“Secret information isn’t always the brass ring in our profession,” then CIA-director General Michael Hayden told a conference in 2008. “In fact, there’s a real satisfaction in solving a problem or answering a tough question with information that someone was dumb enough to leave out in the open.”

U.S. spy agencies, through In-Q-Tel, have invested in a number of firms to help them better find that information. Visible Technologies crawls over half a million web 2.0 sites a day, scraping more than a million posts and conversations taking place on blogs, YouTube, Twitter and Amazon. Attensity applies the rules of grammar to the so-called “unstructured text” of the web to make it more easily digestible by government databases. Keyhole (now Google Earth) is a staple of the targeting cells in military-intelligence units.

Recorded Future strips from web pages the people, places and activities they mention. The company examines when and where these events happened (“spatial and temporal analysis”) and the tone of the document (“sentiment analysis”). Then it applies some artificial-intelligence algorithms to tease out connections between the players. Recorded Future maintains an index with more than 100 million events, hosted on Amazon.com servers. The analysis, however, is on the living web.

“We’re right there as it happens,” Ahlberg told Danger Room as he clicked through a demonstration. “We can assemble actual real-time dossiers on people.”

Recorded Future certainly has the potential to spot events and trends early. Take the case of Hezbollah’s long-range missiles. On March 21, Israeli President Shimon Peres leveled the allegation that the terror group had Scud-like weapons. Scouring Hezbollah leader Hassan Nasrallah’s past statements, Recorded Future found corroborating evidence from a month prior that appeared to back up Peres’ accusations.

That’s one of several hypothetical cases Recorded Future runs in its blog devoted to intelligence analysis. But it’s safe to assume that the company already has at least one spy agency’s attention. In-Q-Tel doesn’t make investments in firms without an “end customer” ready to test out that company’s products.

Both Google Ventures and In-Q-Tel made their investments in 2009, shortly after the company was founded. The exact amounts weren’t disclosed, but were under $10 million each. Google’s investment came to light earlier this year online. In-Q-Tel, which often announces its new holdings in press releases, quietly uploaded a brief mention of its investment a few weeks ago.

Both In-Q-Tel and Google Ventures have seats on Recorded Future’s board. Ahlberg says those board members have been “very helpful,” providing business and technology advice, as well as introducing him to potential customers. Both organizations, it’s safe to say, will profit handsomely if Recorded Future is ever sold or taken public. Ahlberg’s last company, the corporate intelligence firm Spotfire, was acquired in 2007 for $195 million in cash.

Google Ventures did not return requests to comment for this article. In-Q-Tel Chief of Staff Lisbeth Poulos e-mailed a one-line statement: “We are pleased that Recorded Future is now part of IQT’s portfolio of innovative startup companies who support the mission of the U.S. Intelligence Community.”

Just because Google and In-Q-Tel have both invested in Recorded Future doesn’t mean Google is suddenly in bed with the government. Of course, to Google’s critics — including conservative legal groups, and Republican congressmen — the Obama Administration and the Mountain View, California, company slipped between the sheets a long time ago.

Google CEO Eric Schmidt hosted a town hall at company headquarters in the early days of Obama’s presidential campaign. Senior White House officials like economic chief Larry Summers give speeches at the New America Foundation, the left-of-center think tank chaired by Schmidt. Former Google public policy chief Andrew McLaughlin is now the White House’s deputy CTO, and was publicly (if mildly) reprimanded by the administration for continuing to hash out issues with his former colleagues.

In some corners, the scrutiny of the company’s political ties have dovetailed with concerns about how Google collects and uses its enormous storehouse of search data, e-mail, maps and online documents. Google, as we all know, keeps a titanic amount of information about every aspect of our online lives. Customers largely have trusted the company so far, because of the quality of their products, and because of Google’s pledges not to misuse the information still ring true to many.

But unease has been growing. Thirty seven state Attorneys General are demanding answers from the company after Google hoovered up 600 gigabytes of data from open Wi-Fi networks as it snapped pictures for its Street View project. (The company swears the incident was an accident.)

“Assurances from the likes of Google that the company can be trusted to respect consumers’ privacy because its corporate motto is ‘don’t be evil’ have been shown by recent events such as the ‘Wi-Spy’ debacle to be unwarranted,” long-time corporate gadfly John M. Simpson told a Congressional hearing in a prepared statement. Any business dealings with the CIA’s investment arm are unlikely to make critics like him more comfortable.

But Steven Aftergood, a critical observer of the intelligence community from his perch at the Federation of American Scientists, isn’t worried about the Recorded Future deal. Yet.

“To me, whether this is troublesome or not depends on the degree of transparency involved. If everything is aboveboard — from contracts to deliverables — I don’t see a problem with it,” he told Danger Room by e-mail. “But if there are blank spots in the record, then they will be filled with public skepticism or worse, both here and abroad, and not without reason.”

Photo: AP/Charles Dharapak

Read More http://www.wired.com/dangerroom/2010/07/exclusive-google-cia/#more-28394#ixzz0v1upttol

Cyber Attacks on Business – A National Security Threat?

By Kevin Coleman
Defense Tech Cyber Warfare Analyst



This pic is a gem! According to one of the comments on this article it's a Government computer removed two years ago.............the content of the article however is oh so very true...........

Cyber attacks on businesses have risen in frequency and sophistication and the monetary damages that accompany these incidents are rising as well. America’s corporations are under constant attack from cyber criminals, terrorists and rogue nation states. The devastating consequences of a cyber attack on our business community have now risen to a level where it must be considered a threat to our nation’s security.

So why has the U.S. Military and Homeland Security not moved to address this threat head on? The answer is easy – it is the private sector! There are regulations that come into play as well as the availability of resources to help; but the biggest reason is the private sector has not asked for help. Many in the private sector believe they “know more” or are “better at defending” themselves than the government entities. Those beliefs are no longer true.

For a decade now I have had one foot on each side (private vs. Gov/Military). The rapid growth of techniques, tools, capabilities, experience and cyber intelligence on the government /military side has now placed them well ahead of every private sector cyber security organization I know of. Of course, that doesn’t include private sector cyber mercenaries that routinely called upon and illustrate superior offensive and defensive cyber capabilities in support of U.S. defense forces and the intelligence community.

These capabilities must be brought to the defense of our critical infrastructure and in support of private sector research and development efforts that will produce the next generation of security products needed to address the increasing threats we are seeing in cyberspace. Working together is the answer. Working disjointedly will ultimately lead to falling short of what we need in the near future and beyond.

So – does the current level of attacks on the U.S. business community rise to the level of a national security threat?

Read more: http://defensetech.org/2010/08/02/cyber-attacks-on-business-%e2%80%93-a-national-security-threat/#more-8500#ixzz0vUsRSRlz
Defense.org

Wikileaks Fiasco Exposes Gaping Holes in Cyber Domain



By Kevin Coleman

Defense Tech Cyber Warfare Analyst

Is the Wikileaks fiasco the first defeat for the United States in the cyber warfare domain? Exploring this question shows just how little we have planned for, created doctrine for, and are ready, able and willing to respond to threats to the United States in the cyber domain.

Interesting Data Points:

• General Keith Alexander, the newly appointed head of Cyber Command and Director of the National Security Agency who is now responsible for all military information and communications security, traveled to Afghanistan just two days after the Wikileaks first dump of classified data on their web site.

• We polled several security professional (several with active security clearances) as to the severity of this incident. On a scale of 1 being low and 5 being high, the impromptu survey resulted in a score of 4.2 – a rather concerning score you would have to say.

• Lt. Gen William Lord, Air Force Chief Information Officer (CIO) also serves as Air Force chief of warfighting integration last week spoke at LandWarNet 2010 and said, “Wire power is firepower.”

• Many people looking at this issue wonder why we just don’t hack and take down the site. That is short cited and would only inflame the situation. Others wonder if one or more members of the security organization of the countries mentioned in these documents are looking for those involved and question if we will hear from them again.

Planning for and response to cyber threats is a complex international issue with little or no empirical information. Tehran Times published the following – “The drumbeat of calls for repression and violence against WikiLeaks and Private Bradley Manning is a major threat to democratic rights. All sections of the U.S. political establishment, Democratic and Republican, liberal and conservative, are seeking to retaliate against those who are exposing atrocities by the U.S. military in Afghanistan and Iraq, and intimidate all critics of these wars of aggression by American imperialism.”

We can only hope this is used as a learning experience by our military, intelligence community and Cyber Command and they rapidly address ALL issues this serious breach has brought to light.

Read more: http://defensetech.org/#ixzz0w89iIEce
Defense.org

India threatens to ban Blackberry email, messaging

PENNY MACRAE

August 13, 2010 - 12:04PM

We need Blackberry to be secure BUT at the same time that very security works to the good of any Terrorist or their orgnsiation.........that is the crux of the problem.

India said it would cut off BlackBerry email and instant messaging unless the smartphone's Canadian makers allowed security forces access to the services by the end of the month.

India's Ministry of Home Affairs told the country's mobile operators they would have to close down the corporate email and messenger services if Research in Motion, BlackBerry's Canadian makers, did not comply with its demands.

"If a technical solution is not provided by August 31, 2010, the government will review the position and take steps to block" the email and messenger services, a home ministry statement said.

New Delhi, battling insurgencies ranging from Kashmir in the northwest to the far-flung northeast, has raised fears that the heavily encrypted BlackBerry services could be used by militants.

Islamic militants used mobile and satellite phones to coordinate the 2008 Mumbai attacks that killed 166 people.

Telecom operators such as Bharti Airtel and Vodafone, which offer BlackBerry services, have a responsibility under Indian law to ensure security agencies can access all services carried on their networks.

The ministry noted services like BlackBerry Internet and voice calls had already been made available to security agencies for monitoring but said that did not go far enough.

Responding Thursday to the Indian government's statement, RIM said it tried to be as cooperative as possible with governments "in the spirit of supporting legal and national security requirements."

But it also wanted to preserve "the lawful needs of citizens and corporations," a company statement said.

"RIM maintains a consistent global standard for lawful access requirements that does not include special deals for specific countries," the statement said.

Officials have complained the encrypted messaging system operated by RIM prevents them monitoring content.

But RIM has said earlier it could not open up its technology to Indian authorities.

It has also said that it did not possess a "master key" to gain "unauthorised access" to data transmitted on its devices and there is no "back door" in the system that would allow RIM or any third party to gain access.

All corporate wireless message services have strong encryption, not just BlackBerry, it has said.

However a senior RIM executive paid what a government official described as a "courtesy" call Thursday afternoon on Home Minister P. Chidambaram.

Earlier in the day, India's home ministry and the intelligence agencies held a high-level meeting to discuss halting BlackBerry's services.

A home ministry spokesman said the telecommunications department had been told "to convey to service providers and RIM that the BES (Blackberry Enterprise Service) and messenger services must be made accessible to legal enforcement agencies".

The threatened ban comes as RIM is seeking to boost its market share in India, which is the world's fastest-expanding cellular market and has a million BlackBerry customers.

If the ban is imposed, BlackBerry corporate or "enterprise" customers would only be able to use their handsets for phone calls and Web browsing.

The Indian announcement came after Saudi Arabia postponed indefinitely on Tuesday imposing a BlackBerry ban as the ultra-conservative Muslim country reported progress in solving its security concerns.

The United Arab Emirates has said it will ban BlackBerry messenger, email and web browsing services from October 11 for security reasons.

© 2010 AFP
This story is sourced direct from an overseas news agency as an additional service to readers. Spelling follows North American usage, along with foreign currency and measurement units.

Ares

A Defense Technology Blog

Hardware Hacks Scare McAfee CTO

Posted by Bill Sweetman at 8/13/2010 7:56 AM CDT

Day two of US Strategic Command's Deterrence Symposium in Omaha included the role of deterrence in cybersecurity, and took us into some deep waters.

McAfee chief technology officer for the Americas Eric Cole - who learned cybersecurity at the CIA - was the most hawkish panelist, not stopping short of pointing the finger at the Chinese government as the source of the so-called Advanced Persistent Threat, the cyber-espionage operation aimed at US defense and industrial technology. But, he warned, the "very, very focused weapons" used by the APT are not the most severe threat.

"If China wants to play a role in cyber-attacks - and they are actively doing that today - while we are focusing on software, they could look at hardware," Cole told the Omaha audience. "That's what sends chills up and down my back. Open up your laptop and look at the critical components and you see the same three frightening words - Made in China."

Both Cole and fellow panelist Elaine Bunn - director of the future strategic concepts program at the Institute for National Strategic Studies, part of National Defense University - talked about a seldom discussed subject - the US capability to engage in its own cyberwarfare offensive.

"If you're only defending yourself and there is no punishment, cyber-attacks are a free ride", Bunn said. And while attribution - knowing who hit you - is a challenge in cyber-deterrence, Bunn asks, "how certain do you have to be? It's a political judgment. It varies as to whether it's someone with whom we have a good relationship or someone to whom we're itching to give a switching."

Bunn observed that the US - officially and in the media - tends to downplay its forensic and offensive capabilities. "The government hates it when we write papers about messing with people, but is that a bad thing?"

But, Cole followed up, cyber-attack is not like a physical weapon in that "the only way to prove your point 100 per cent is to use it against an adversary." His recommendation: "Pick an action. Use the cyber weapons that we have, and then publicly disclose that we did it."

The Mad Scramble



By Kevin Coleman
Defense Tech Cyber Warfare Analyst

Malicious code was discovered and disclosed in late July that appears to target infrastructure control systems. The code is called Stuxnet and is designed to exploit a Zero Day flaw in Windows and targets SCADA controllers and systems.

Definition: SCADA is the acronym that stands for — Supervisory Control And Data Acquisition. It refers to industrial control systems aka a computer system used for monitoring and controlling a process or process control equipment. These industrial systems are typically used to control critical processes and equipment at power generating and distribution facilities, manufacturing facilities, water treatment plants, and even nuclear power plants. Many of the systems are relatively old and are thought to contain numerous vulnerabilities.

The exploit seeks out and steals industrial data from SCADA systems running Siemens Simatic WinCC or PCS 7 software. So far the malware is thought to have infected around 20,000 computers worldwide, mostly in Iran, Indonesia and India.

As you may recall Congressman Jim Langevin, who chaired a subcommittee on cyber security, had called representatives of the nation’s electric utilities to Washington to find out what they were doing to address cyber security and defend against cyber attacks. This was part of a 60 Minutes special investigation into cyber security that aired in November of 2008.

If you saw the piece then you may recall his committee was told that the problem was being addressed. However, at a subsequent hearing that took place almost seven months later, the committee found out that was not to be the case! Now it is a mad scramble to address the cyber security of not just the power grid but the entire U.S. critical infrastructure.

Read more: http://defensetech.org/2010/08/17/the-mad-scramble/#more-8707#ixzz0wudbfNY7
Defense.org

CANES Competitors Pass Preliminary Design Reviews

By CHRISTOPHER P. CAVAS

Published: 19 Aug 2010 19:12

Both industry teams competing to build a major U.S. Navy computer network program have passed significant milestones in developing the system.

Northrop Grumman and Lockheed Martin teams each passed the preliminary design review (PDR) portion of the competition to build the CANES network, or Consolidated Afloat Networks and Enterprise Services. CANES is intended to consolidate and enhance five shipboard legacy network programs and provide a common computing infrastructure for Navy ships.

The PDRs were completed on schedule, said the Navy's Space and Naval Warfare Systems Command (SPAWAR) in San Diego. Northrop's team completed its PDR during the two days allotted for the review, while the Lockheed team completed its review in one day.

Lockheed "received zero requests for actions from SPAWAR following our review," company spokesman Jack Papp said in an e-mail. The lack of immediate follow-up was "highly unusual, especially in light of the complexity of designing the CANES solution," he added. "Typically, receiving requests for actions from the customer are common following most preliminary design reviews."

The PDR "verified plug-and-play modularity through extensive testing and demonstrated the ability of multiple commercial-off-the-shelf and open source products to meet CANES current and future requirements," Northrop said in a statement.

The teams are working under development contracts awarded in March. The cumulative value of Northrop's contract, if all options are exercised, is $775 million, while the value of Lockheed's award could reach $936 million.

The CANES effort now moves to a detailed engineering and manufacturing development phase, with the next milestone to be completion of a critical design review in the fall.

The selection of one team to be awarded a low-rate initial production contract is expected to come in 2011.

US Takes Aim at China Cyber Threat

August 20, 2010

Associated Press

WASHINGTON -- The U.S. for the first time is publicly warning about the Chinese military's use of civilian computer experts in clandestine cyber attacks aimed at American companies and government agencies.

In a move that is being seen as a pointed signal to Beijing, the Pentagon laid out its concerns this week in a carefully worded report.

The People's Liberation Army, the Pentagon said, is using "information warfare units" to develop viruses to attack enemy computer systems and networks, and those units include civilian computer professionals.

The assertion shines a light on a quandary that has troubled American authorities for some time: How does the U.S. deal with cyber espionage emanating from China and almost certainly directed by the government -- despite the fact that U.S. officials do not have or cannot show proof of those ties?

Asked about the civilian hackers, a Defense Department spokesman said the Pentagon is concerned about any potential threat to its computer networks. The Pentagon, said Cmdr. Bob Mehal, will monitor the PLA's buildup of its cyberwarfare capabilities, and "will continue to develop capabilities to counter any potential threat."

The new warning also comes as U.S. and other international leaders are struggling to improve cooperation on global cybercrime and set guidelines for Internet oversight.

"The Chinese government, particularly the PLA, has sought to tap into the hacker community and take advantage of it," said cybersecurity expert James Lewis, a senior fellow at the Center for Strategic and International Studies. "One of the things that the Defense Department has been looking for is a way to start signaling potential opponents about activities that might cross the line in cyberspace."

The China report, he said, is one way to send that signal to Beijing.

The Pentagon report says that last year "numerous computer systems around the world, including those owned by the U.S. government, continued to be the target of intrusions that appear to have originated within" the People's Republic of China.

Those attacks, the report said, "focused on exfiltrating information, some of which could be of strategic or military utility."

The Pentagon also pointed to an alleged China-based computer spying network -- dubbed GhostNet -- that was revealed in a research report last year. The report said the spy ring stole sensitive information from nearly 1,300 computer hard drives, including networks belonging to embassies, government offices, and the Dalai Lama and his exiled Tibetan government. Chinese officials denied any involvement.

U.S. government agencies and major corporations have repeatedly complained about cyber attacks targeting sensitive defense programs and other high-tech industries. Computer security experts say they are often called to companies to dissect computer network intrusions that contain Chinese code or can be tracked to Internet addresses in that country.

But experts acknowledge it is difficult to precisely determine if the cyber intrusions are directed or sanctioned by the Chinese government or its military.

The use of civilian cyber mercenaries gives countries such as China deniability, said Jerry Dixon, former director at the Department of Homeland Security's Computer Emergency Readiness Team.

"It really makes it more complex. They can use multiple groups to carry out cyber espionage," he said. "If you want to have deniability, you use a firm through covert channels to carry out some action for you, on behalf of your country."

The civilian hackers or front companies, he added, often may have particular expertise, such as knowledge about certain defense contractors, critical industries or government agencies.

"It's a great dodge," said Lewis. "You, the government, isn't responsible because it was some civilian that did it."

He and others noted, however, that there are hackers in China who are not connected to the Chinese military or government but are also targeting U.S. companies and agencies. And officials acknowledge it is difficult to determine what percentage of those civilian cyber criminals have ties to the PLA.

Still, the fact that U.S. officials are talking more openly about the problem now than they were just a year or two ago suggests U.S. authorities have amassed more proof of PLA involvement than they are willing to reveal.

U.S. officials tread very carefully when talking about China's cyber activities, mindful of the impact it could have on America's roller-coaster relations with the communist giant.

Pentagon leaders -- from Defense Secretary Robert Gates to the commanders at U.S. Pacific Command -- have worked to improve military ties with Beijing. But tensions spiked again earlier this year, when Beijing suspended contacts with the U.S. in retaliation for the Obama administration's $6.4 billion arms sale to Taiwan, the self-governing island that China claims as its own territory.

China also was unhappy with recent U.S and South Korean joint military exercises in the Yellow Sea.

Chinese officials have warned that the new Pentagon report could further damage ties between the two nations, but they did not speak directly to the cyber issues.

© Copyright 2010 Associated Press. All rights reserved.

Insiders Doubt 2008 Pentagon Hack Was Foreign Spy Attack (Updated)

By Noah Shachtman August 25, 2010 | 4:02 pm



In the fall of 2008, a variant of a three year-old, relatively-benign worm began winding its way through the U.S. military’s networks, spread by troops using thumb drives and other removable storage media. Now, the Pentagon says the infiltration — first reported by Danger Room — was a deliberate attack, launched by foreign spies. It’s a claim that some of the troops who worked to contain the worm are finding hard to back up.

In the upcoming issue of Foreign Affairs, Deputy Defense Secretary William Lynn writes that the worm entered the military’s classified systems “when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East. The flash drive’s malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command.”

“That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control,” Lynn adds. “It was a network administrator’s worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary.”

The worm, dubbed agent.btz, caused the military’s network administrators major headaches. It took the Pentagon nearly 14 months of stop and go effort to clean out the worm — a process the military called “Operation Buckshot Yankee.” The endeavor was so tortuous that it helped lead to a major reorganization of the armed forces’ information defenses, including the creation of the military’s new Cyber Command.

But exactly how much (if any) information was compromised because of agent.btz remains unclear. And members of the military involved in Operation Buckshot Yankee are reluctant to call agent.btz the work of a hostile government — despite ongoing talk that the Russians were behind it.

“Some guys wanted to reach out and touch someone. But months later, we were still doing forensics. It was never clear, though,” one officer tells Danger Room. “The code was used by Russian hackers before. But who knows?” Left unsaid is a second question: Why would an intelligence agency launch a limp attack?

Agent.btz is a variant of the SillyFDC worm that copies itself from removable drive to computer and back to drive again. Depending on how the worm is configured, it has the ability (as Lynn notes) to scan computers for data, open backdoors, and send through those backdoors to a remote command and control server.

But the methods for containing it are relatively straightforward. To keep SillyFDC from spreading across a network, you can ban thumb drives and the like, as the Pentagon did from November 2008 to February 2010. Or you can disable Windows’ “autorun” feature, which instantly starts any program loaded on a drive. In 2007, the security firm Symantec rated SillyFDC as “Risk Level 1: Very Low.”

What’s more, agent.btz’s ability to compromise classified information is fairly limited. SIPRNet, the military’s secret network, and JWICS, its top secret network, have only the thinnest of connections to the public internet. Without those connections, “intruders would have no way of exploiting the backdoor, or, indeed, of even knowing that agent.btz had founds its way into the CENTCOM network,” as our sister blog Threat Level observed in March.

The havoc caused by agent.btz has little to do with the worm’s complexity or maliciousness — and everything to do with the military’s inability to cope with even a minor threat. “Exactly how much information was grabbed, whether it got out, and who got it — that was all unclear,” says an officer who participated in the operation. “The scary part was how fast it spread, and how hard it was to respond.”

U.S. Strategic Command, which is supposed to play a key role in military network defense, couldn’t get simple answers about the number of infected computers — or the number of computers, period.

“We got into Buckshot Yankee and I asked simple questions like how many computers do we have on the network in various flavors, what’s their configuration, and I couldn’t get an answer in over a month,” U.S. Strategic Command chief Gen. Kevin Chilton told a conference last May.

“Buckshot Yankee was a seminal event because we understood that we weren’t as protected as we thought we were. And we weren’t paying attention as well as we should’ve been,” another officer involved in the operation tells Danger Room.

As a result, network defense has become a top-tier issue in the armed forces. “A year ago, cyberspace was not commanders’ business. Cyberspace was the sys-admin guy’s business or someone in your outer office when there’s a problem with machines business,” Chilton noted. “Today, we’ve seen the results of this command level focus, senior level focus.”

Implementation of a new, Host-Based Security System was accelerated, for better threat detection. Information security training and patch updates are mandatory. The Defense Department has a better sense of what’s connected to its networks. And, in what may prove to be the most significant move, there’s now a Cyber Command under Chilton that’s responsible for coordinating threat monitoring, network defense, and information attack. The Pentagon brass was already considering such a consolidation before November of 2008. Operation Buckshot Yankee turbo-charged that process — no matter who was responsible for the worm.

Update: Spencer and I just got off of the phone with Lynn. I asked him about his claim that agent.btz was an intelligence operation. His answer: “It was tied to a foreign intelligence service. I’m not going to go in to any further detail on the forensics that we’ve done in terms of where the intrusion came or how it occurred beyond what I said in the article.”

But what spy service would launch such a lame attack?

“It isn’t the most capable threat, I agree with that,” Lynn replies. “But that kind of makes the point. If you had something of the kind of capability you described and we suffered a compromise as the result of it, it clearly means that we need to have a new strategic approach and that’s what started a couple years ago. I’ve tried to lay out where we’re going going forward.”

OK, so Lynn wouldn’t specify which intelligence service he considers responsible for agent.btz. But did the United States take any retaliatory measures after it established culpability? “I’m going to have to keep resisting,” Lynn replies. “The reason to talk about that was to highlight the policy responses that we’ve taken to it.”

Photo: Tech. Sgt. Erik Gudmundson / U.S. Air Force

Read More http://www.wired.com/dangerroom/2010/08/insiders-doubt-2008-pentagon-hack-was-foreign-spy-attack/#more-29819#ixzz0xfgAOXwk

India BlackBerry ban averted for 60 more days


In this photo taken on Friday Aug. 27, 2010, a shopkeeper displays BlackBerry mobile phones in his shop in Ahmadabad, India. Indian authorities are scheduled to meet Monday evening, Aug. 30, to decide whether to ban some BlackBerry services in India, an official said, one day ahead of a government-imposed deadline for BlackBerry maker Research In Motion Ltd. to give security agencies access to encrypted data or face a ban. (AP Photo/Ajit Solanki) (Ajit Solanki - AP)


In this photo taken on Friday Aug. 27, 2010, a man chats on his mobile as he walks past the hoarding of BlackBerry mobile in Ahmadabad, India. Indian authorities are scheduled to meet Monday evening, Aug. 30, to decide whether to ban some BlackBerry services in India, an official said, one day ahead of a government-imposed deadline for BlackBerry maker Research In Motion Ltd. to give security agencies access to encrypted data or face a ban. (AP Photo/Ajit Solanki) (Ajit Solanki - AP)

The Associated Press

Monday, August 30, 2010; 10:10 AM

MUMBAI, India -- India says it won't ban BlackBerry services for at least 60 days, easing up on the threat leveled over access to encrypted data.

The Ministry of Home Affairs says it will "review the situation in 60 days," after telecom authorities examine Research In Motion's proposals to give security agencies greater access to corporate e-mail and instant messaging.

RIM is facing widespread concern over its strong data encryption, which is beloved by corporate customers eager to guard secrets but troublesome for some governments in the Middle East and Asia, which worry it could be used by militants to avoid detection.

Indian authorities are scheduled to meet Monday evening to decide whether to ban some BlackBerry services in India, one day ahead of a government-imposed deadline for the device's maker Research In Motion Ltd. to give security agencies access to encrypted data.

Home Secretary G.K. Pillai will meet officials from the Department of Telecommunications, the Intelligence Bureau and the National Technical Research Organization - a cyber intelligence organization - to discuss BlackBerry security issues, Home Ministry spokesman Onkar Kedia said by phone from New Delhi.

He declined to discuss details of the talks, which will determine whether some one million BlackBerry users in India will be able to use their corporate e-mail and instant messaging services after Tuesday.

A decision on whether to ban service is "likely" to be reached tonight, Kedia said.

RIM has shown few signs of capitulating to New Delhi's demands for real time access to encrypted corporate e-mail, which the Canadian company maintains is technically impossible for it to provide.

Government officials, speaking anonymously to local media, have suggested that India may be willing to extend the deadline.

The decision of Nokia - RIM's major competitor in India - to install a server in the country to facilitate government monitoring may weaken RIM's bargaining position.

Nokia India managing director D. Shivakumar told reporters Monday that Nokia will install a server in India in November to ensure government access to data.

"We are launching the server on November 5 in compliance with all the rules and regulation in the country," he was quoted by the Press Trust of India as saying. "It is for hosting mail and ensuring that the government has access."

Nokia could not be reached for immediate comment.

RIM is facing widespread concern over its strong data encryption, which is beloved by corporate customers eager to guard secrets but troublesome for some governments in the Middle East and Asia, which worry it could be used by militants to avoid detection.

The controversy, which reaches across Saudi Arabia, the United Arab Emirates, Indonesia, Lebanon and India, sent RIM's stock price to a 16-month low Friday.

Striking the right balance between national security and corporate privacy is especially important to Indian outsourcing companies eager to protect client data.

"India is termed an outsourcing hub for the U.S. and Europe so data security is a primary issue. If there is any data leakage, we lose business," said Chetan Samant, 35, a manager at a software association as he thumbed his BlackBerry waiting for a flight from Mumbai to Nagpur recently.

He believes BlackBerry usage is so widespread in India now that it would be politically difficult for the government to enact a ban.

He, for one, would be sad to part with his BlackBerry.

"Once you get used to it, it's an addiction," he said.

Indian officials say that while they're not eager to ban the BlackBerry, they won't compromise on national security.

Security concerns flared after the terror attack on Mumbai in November 2008, which was coordinated using mobile phones, satellite phones and voice over internet phone calls.

Fear that the Commonwealth Games - a major sporting event to be held in New Delhi in October - could be a target for attacks have added to pressure on the Home Ministry, which is responsible for national security, to step up surveillance.

India also faces worsening violence in the disputed region of Kashmir and a rising Maoist insurgency in a mineral-rich swath of the East, which the government is eager to control.

RIM last week sought to broaden the debate over security, saying that singling it out for scrutiny was "ineffective and counterproductive."

"Anyone perpetrating the misuse of the technology would continue to have easy access to other wireless and wireline services that utilize strong encryption and are readily available in the market today," it said in a statement late Thursday.

But its proposal to lead an industrywide forum on security issues received a weak response from Indian telecom groups.

Indian officials have also raised concerns about Skype and Google, though both companies say they've yet to receive formal notice of an inquiry.

Some analysts say BlackBerry's super-encrypted corporate e-mails are unlikely to be used by militants, who prefer more anonymous technologies, like Gmail.

Others, however, caution that it would be easy for a militant group to set up a front corporation, which could then establish its own uncrackable BlackBerry corporate e-mail, considered by many to be the gold standard for data security.

Darpa’s Star Hacker Looks to WikiLeak-Proof Pentagon

By Spencer Ackerman August 31, 2010 | 3:29 pm



Tomorrow’s WikiLeakers may have to be sneakier than just dumping military docs onto a Lady Gaga disc. The futurists at Darpa are working on a project that would make it harder for troops to funnel classified material to WikiLeaks — or to foreign governments. And that means if you work for the military, get ready to have your web, email and other network usage monitored even more than it is now.

Darpa’s new project is called CINDER, for Cyber Insider Threat. It’s lead by a legendary hacker-turned-Darpa-manager. CINDER may have preceded Pfc. Bradley Mannings’ alleged disclosure of tens of thousands of documents about the Afghanistan war from Defense Department servers. But the idea is to find someone just like him. By hunting for poker-like “tells” in people’s use of Defense Department computer networks, Darpa hopes to find indications of indicate hostile intent or potential removal of sensitive data. “The goal of CINDER will be to greatly increase the accuracy, rate and speed with which insider threats are detected and impede the ability of adversaries to operate undetected within government and military interest networks,” according to the defense geeks’ request for contractor solicitations on the project.

That took on an increased urgency last month after WikiLeaks dropped 77,000 Afghanistan field reports into the public domain. While Admiral Mike Mullen’s furious blood-on-its-hands reaction got all the press coverage, Defense Secretary Robert Gates’ response appears to have been the more lasting one, policy-wise. Gates fretted that a casualty of WikiLeaks’ document dump would be the Defense Department’s years-long initiative to push vital information down to the front lines, so lower ranking officers and enlisted men had the sort of high-level battlefield views that used to be the province of their commanders. All that’s been jeopardized by Manning, he said, the soldier accused of being WikiLeaks’ inside man.

“We want those soldiers in a forward operating base to have all the information they possibly can have that impacts on their own security, but also being able to accomplish their mission,” Gates mused in a July press conference. “Should we change the way we approach that, or do we continue to take the risk” of future leaks? Gates partially answered his own question — however cryptically — by adding, “There are some technological solutions,” though “most of them are not immediately available to us.”

That’s where CINDER comes in. But the program Darpa envisions would establish patterns of malign behavior, distinct and quietly detectable from the normal Defense Department information user, to “expose hidden operations within networks and systems.” That carries with it the likelihood of a big data or meta-data-mining operation. Or, as Steve Aftergood, an intelligence-policy expert at the Federation of American Scientists puts it, “a sort of system-wide surveillance of Pentagon networks.” After all, how else to tell normal network usage from abnormal usage?

Indeed, Darpa expressly recognizes CINDER’s likelihood of intercepting false positives. So Darpa doesn’t want CINDER from focusing on any individual user — it wants the program’s as-yet-unbuilt algorithms to uncover the “malicious missions” that they undertake. “If we were looking for the insider actor himself, we might not detect someone who performs a single, isolated task and we run the risk of being inundated with false positives from events being triggered without context of a mission,” Darpa explains. It gives instructions for would-be designers to expressly identify the kinds of missions its detectors will hunt so as to minimize inundation with a glut of benign data.

But some of the examples Darpa gives of those fiendish activities sound difficult to distinguish from normal usage. “Anomalous missions [may] be comprised of entirely ‘legitimate’ activities, observables and the data sources they will be derived from,” Darpa notes. So CINDER researchers should “make use of logs and accounting information that tracks allowed activities rather than depending entirely on alerts from monitoring systems focused on anomalous or disallowed activities.” Feel any more comfortable executing your boss’ order to find him information on roadside bombs in your area?

Then again, Darpa has people on hand who know the difference between benign and malicious online actions. In February, the agency hired Peiter “Mudge” Zatko –one of the hackers of Boston’s L0pht collective, who famously told a congressional committee in 1998 that they could shut down the internet in 30 minutes — as a program manager for cybersecurity. “I don’t want people to be putting out virus signatures after a virus has come out,” he told CNet when Darpa hired him. “I want an active defense. I want to be at the sharp pointy end of the stick.” Next month, Zatko, CINDER’s program manager, holds a pair of conferences with potential researchers.

And not all traditional privacy advocates are so concerned about CINDER, since it’s not hunting the private Internet. CINDER’s might indeed “involve the automated collection of lots of benign, incidental data about individual users in order to establish a baseline of ‘normal’ activity,” notes Aftergood, an anti-secrecy critic of WikiLeaks). “But I would think that the privacy implications are limited, since most employees should not be conducting personal business on classified or other official networks anyway.”

A full-blown CINDER application is still years away. But at least one precursor effort will be the Defense Department’s forthcoming cybersecurity strategy, due out, according to Deputy Secretary William Lynn, before year’s end. How much internal monitoring will that strategy’s “active defense” authorize?

Photo: USAF

Read More http://www.wired.com/dangerroom/2010/08/darpas-star-hacker-looks-to-wikileak-proof-the-pentagon/#more-30052#ixzz0yEdriqbP

Cyber Task Force Passes Mission to Cyber Command

(Source: U.S Department of Defense; issued September 7, 2010)

ARLINGTON, Va. --- After spending the better part of the past decade defending the Defense Department’s computer networks, the Joint Task Force Global Network Operations command cased its colors.

The task force was deactivated in a ceremony today here at the Defense Information Systems Agency. The task force’s operations and personnel now fall under U.S. Cyber Command at Fort Meade, Md.

Air Force Gen. Kevin P. Chilton, commander of U.S. Strategic Command, presided over the ceremony. Although the ceremony marked the end of the task force’s tenure, its mission continues, he said.

“Today we’re rolling the flag at JTF-GNO, but we’re not rolling the mission,” Chilton said. “This mission will continue on at U.S. Cyber Command and will be as essential tomorrow as it is today to the United States of America.”

The task force was short-lived, but it was the product of 12 years of initiatives and foresight to develop the best ways to operate on the cyber battlefield. JTF Computer Network Defense was created in 1998 under the U.S. Space Command.

That task force had a dual mission to conduct offensive and defensive cyber operations. It was reorganized to fall under Stratcom in 2003. By 2004 the task force was redesignated as JTF Computer Network Operations to assume the offensive role. The JTF Global Network Operations also was established.

The new task force’s mission was to direct the operation and defense of the global information grid throughout the full spectrum of war fighting, intelligence and business missions within the department.

Since its activation, JTF Global Network Operations has ensured support to Operation Iraqi Freedom, Operation Enduring Freedom in Afghanistan, Operation Noble Eagle and the overall global war on terror.

Cybercom was activated in May. The JTF Computer Network Operations followed soon after. JTF Global Network Operations’ deactivation culminates years of work and effort to integrate Cybercom into its operations, Chilton said.

“It was clear that our missions needed to come together, and we’ve done that,” the general said. “The transition began this year, and it’s going to continue today.”

Chilton praised JTF Global Network’s final commander, Army Lt. Gen. Carroll F. Pollett, who he said changed the culture of network accountability within the department and got leaders involved in cyber security.

“The command and control was not as tight as it needed to be to confront the threats of today,” Chilton said. “[Pollett] made our networks commanders’ business. You brought that focus to every service and DoD agency.”

Pollett assumed command of JTF Global Network Operations and duties as director of the Defense Information Systems Agency in November 2008. He remains director of DISA.

JTF has played a significant role “in setting the conditions for the future” of the department, cyberspace operations and the nation, Pollett said.

As the JTF Global Network Operations colors are retired for the final time, Pollett said he’s reminded of the historical significance of the transition of the task force to Cybercom.

The information environment, he said, has evolved dramatically, and today the information grid is more than something that enhances capabilities.

“[Information] has become an operational imperative in our ability to deliver decisive capabilities to warfighters and our national leaders,” the general said. “Cyberspace has evolved into a new warfighter domain.

“[Cyberspace has proven equal and just as important as air, sea, land and space as a domain,” he continued. “It’s clear that it must be defended and operationalized.”

Pollett praised the people under his command for their efforts, calling them “pioneers” on the cyber domain front.

“It’s an honor to recognize the [JTF Global Network Operations] men and women, past and present, for their extraordinary accomplishments in working in the cyber domain,” Pollett said. “You led the way for dramatic changes in the Department of Defense as the mission, requirements and threats evolved.”

-ends-

Jihadist Makes Cyber Attack

By Kevin Coleman — Defense Tech Cyber Warfare contributor



Last week’s rapidly spreading computer virus has been traced back to a cyber-jihad group called Tariq ibn Ziyad. Information security company SecureWorks was able to link this cyber jihad group to the ‘Here you have’ malicious worm. The worm was able to crash systems, computer networks and bring down email servers. IDG reported the worm was able to disrupt large U.S. organizations including Disney, Proctor and Gamble, AIG, Wells Fargo, Comcast and NASA.

Analysis indicated a back-door established by the worm that could be used by the cyber terrorists to remotely log into any infected system. The worm also has functionality that attempts to disable anti-virus and security software that is installed and operational on the infected computer. In addition, the worm tries to establish a connection to a computer that uses the Tariq ibn Ziyad name. Further analysis focusing on the worm’s Digital DNA indicates it is identical to a piece of malicious code released last month. This analysis indicates that both pieces of code refers to a Libyan hacker who is said to use the name Iraq Resistance. This name has also been associated with efforts that are trying to form a hacking group called Brigades of Tariq ibn Ziyad, according to cyber intelligence provided by SecureWorks.

Further intelligence indicates Tariq ibn Ziyad’s objective is to “penetrate U.S. agencies belonging to the U.S. Army.” All of this taking place as the United Nation’s Telecommunications chief issues a warning and calls for nations to join together in developing a coherent global cyber security peace treaty or face the very real possibility of an all-out cyber war.

Read more: http://defensetech.org/#ixzz0zTLqbqeY
Defense.org

U.S. Urges NATO to Build 'Cyber Shield'

AGENCE FRANCE-PRESSE

Published: 15 Sep 2010 17:17

BRUSSELS - NATO must build a "cyber shield" to protect the transatlantic alliance from any Internet threats to its military and economic infrastructures, a top U.S. defense official said Sept. 15.

Cyber security is a "critical element" for the 28-nation alliance to embrace at its summit of leaders in Lisbon on November 19-20, U.S. Deputy Defense Secretary William Lynn said in Brussels.

"The alliance has a crucial role to play in extending a blanket of security over our networks," Lynn said.

"NATO has a nuclear shield, it is building a stronger and stronger defense shield, it needs a cyber shield as well," he said at a forum hosted by the Security & Defense Agenda think-tank.

The Pentagon's number two called for adopting the Cold War-era strategy of "collective defense" in the cyber arena.

"The Cold War concepts of shared warning apply in the 21st century to cyber security. Just as our air defenses, our missile defenses have been linked so too do our cyber defenses need to be linked as well," Lynn said.

The U.S. government estimates that more than 100 foreign intelligence agencies or governments try to hack into U.S. systems "on a daily basis," he said, highlighting the magnitude of the challenge.

"I think they see the asymetric advantage that can be gained through cyber technology," Lynn said.

The threat of cyber attacks was highlighted in Estonia, a NATO member, in 2007 when it suffered an assault that paralyzed key business and government web services for days.

The Pentagon was forced to review its own digital security in 2008 after the most serious cyber attack on the U.S. military's networks, which came from a tainted flash drive that was inserted in a military laptop in the Middle East.

Lynn said the Pentagon strategy has identified "five pillars" to cyber security: recognizing cyberspace as the next domain of warfare; the need for active defenses; the protection of critical infrastructure; enhancing collective defense; and the need to "marshal our technological prowess."

Lynn stressed that any cyber security strategy needs to take into account threats to critical infrastructure for economies such as power grids, transport systems and financial markets.

"NATO indeed needs to take decisive action to defend its networks," he said.

"I think at Lisbon we will see the kind of high-level leadership commitment to cyber defense. It's the foundation for any alliance effort," he said.

Lynn said he discussed cyber security at a meeting with NATO's decision-making body, the North Atlantic Council, in Brussels on Sept. 15.

"I was very impressed with the unity of purpose and the similar vision that most nations in the alliance seem to have towards the cyber threat," he said.

Defence Review: Cyber-war – another new frontier for conflict opens

Armed forces began using cyberspace long before the term was invented, for purposes of battlefield communications and surveillance. Electronic warfare was developed in order to degrade an adversary’s use of the electromagnetic spectrum.

By Paul Cornish, UK Daily Telegraph

Published: 11:05AM BST 17 Sep 2010


Keyboards at the ready: computers are now a key weapon in the US Army's arsenal So far, so familiar: the classic action/reaction cycle in the development of weapons and military doctrine, while the central idea of warfare remains constant. But in the past decade cyberspace has been seen as a battlefield in its own right and as the venue for a new type of warfare. What is cyber warfare and what are governments doing about it?

In spring 2007, during a dispute over a Russian war memorial, Estonian government and banking websites were the targets of sustained computer attacks. It was not clear who was responsible – a “flash mob” of Russian computer users, or the Russian government itself?

The “Clickskrieg” was especially disabling for a country that was a pioneer of electronic government and prompted the creation of Nato’s cyber defence centre in Tallinn. During the Russo-Georgian conflict over South Ossetia in 2008 it again became clear that private computing power had been coordinated for strategic effect.

Other cyber-warfare events have involved Belarus, Canada, Israel, South Korea, Syria and the United States. China’s intentions and capabilities feature more prominently than most in discussions concerning cyber warfare. A growing number of electronic “intrusions” are reported to originate in China, although it is unclear how far this activity is officially approved. China is believed to allocate large resources to computer network operations to enable the People’s Liberation Army to dominate the electromagnetic spectrum from the start of any conflict.

According to a US Congress policy review panel in November 2008 : “China is aggressively developing its power to wage cyber warfare and is now in a position to delay or disrupt the deployment of America’s military forces around the world, potentially giving it the upper hand in any conflict.”

How bad could it get? For some this is all digital scare-mongering (remember the Millennium bug?), with a dash of xenophobia. Others are less relaxed. By one estimate, if a computer attack on the US could shut down power and other services for a period of three months, the damage would be devastating, equivalent to dozens of hurricanes striking at the same time.

Three things cannot be denied. First, society is increasingly dependent upon a globalised communications and information infrastructure, and this dependence brings vulnerability. Second, this infrastructure is a global technological commons, open to any user for good or ill. Third, cyber warfare would be far cheaper than the traditional model. The US defence budget is about $700 billion, while the UK spends just short of £40 billion, annually. Yet one analyst has claimed that, for just $50 million and with 600 people working for two years, the US could be “paralysed” by a cyber attack.

If cyberspace is becoming a battlefield in which to settle inter-state conflict, then a number of political, technological and ethical questions arise. In what sense could this be war? Would the United Nations Charter and the Nato Treaty apply? Is cyber technology neutral and harmless, or should it be regarded as something which can be used to destroy and kill, in the same way as artillery guns? Should there be a cyber-Geneva Convention of some sort? Is it reasonable to regard cyber weapons as equivalent in magnitude to weapons of mass destruction? What is the best form of defence?

There are also practical difficulties. Cyber warfare is clean, cheap, deniable and asymmetric, making it hard to know when it has begun and who started it, and difficult to defend against. Then there is the problem of motive. When the methods of attack are the same, how can governments distinguish a state-on-state attack from terrorism, organised criminality, espionage and even nuisance hacking?

For some, cyber warfare gives teenage hackers a strategic significance they do not deserve and makes the case for an electromagnetic version of the military-industrial complex that is not needed. Digital optimists argue, furthermore, that the potential of a digitised world is being overlooked. In Being Digital (1996), Nicholas Negroponte described the “region of combat” as “most definitely physical” and saw it being consigned to history by a new generation, for whom “digital technology can be a natural force drawing people into greater world harmony”.

Sadly, recent evidence points in a different direction. Cyberspace is being used for aggressive purposes and, given society’s reliance upon digital processing and communications, governments are right to take it seriously. The Australian government has created a Cyber Security Operations Centre (CSOC), while the United States has established a cyber command which will eventually employ up to 1,100 people. The UK has a CSOC within the Government Communications Headquarters and has set up an Office of Cyber Security (OCS) within the Cabinet Office to be a policy hub.

But there is more to do. Cyber warfare can sensibly only be handled at the national level, alongside other cyber-security activities involving critical infrastructure industries, intelligence and security agencies and the police. The best place for a cross-governmental cyber effort is within the Cabinet Office, albeit with a much larger staff (the OCS employs just 15 people) and a budget to match. But increasing its investment in cyber security and defence is probably the last thing on the Government’s mind.

Dr Paul Cornish is Carrington Professor of International Security at Chatham House

A NATO Cyber Alliance

By Kevin Coleman — Defense Tech Cyberwarfare correspondent



Last week U.S. Deputy Secretary of Defense William Lynn IIIdiscussed the five-pillar strategy with NATO leaders in Europe in efforts to promote joint cyber security initiatives.

According to a press services report, Lynn held the discussion with NATO Secretary General Anders Fogh Rasmussenbefore delivering a briefing to the alliance’s North Atlantic Council on U.S. cyber initiatives. This came on the heels of NATO’s Military Committee discussion of their updated strategy.

The updated strategy addresses the new threats NATO faces — cyber attacks, missiles and terrorism. While the topic of cyber conflict was discussed in detail, no specific outcomes resulted nor were they expected. NATO has already stood-up their Cyber Incident Response Center and there are plans to bring it to full operational capability shortly.

This is all taking place as the U.S. Department of Defense has expressed concern over China’s rapidly evolving cyber warfare capabilities. Add that concern to the rare comment by the head of British MI5 about the threat of terrorism and cyber terrorism and a concerning mental picture comes into focus.

Finally, Harry Raduege, former director at the Pentagon agency responsible for the computer network and currently the chairman of the Deloitte Centre for Cyber Innovation, said cyber attacks were growing in intensity and sophistication.

“We have experienced a number of attacks against the financial sector, on the power grid and against our defense capability,” he said.

The warnings are out there, but the progress being made to defend against acts of cyber aggression is slow. Many believe it will take what they call a “Cyber Pearl Harbor” before governments and their militaries step up to the critical task of defending their computers, networks and devices that make up the critical infrastructure.

Read more: http://defensetech.org/#ixzz10A6IGMc3
Defense.org

Ares

A Defense Technology Blog

Crowd Sourcing

Posted by Paul McLeary at 9/27/2010 6:14 AM CDT

In an effort to define just what it is the Pentagon needs to do to recruit and train an effective workforce to staff its new Cyber Command (USCYBERCOM), Lt. Col. Gregory Conti, director of West Point's Cyber Security Research Center and a PhD in computer science, took to the Internet. Conti logged on to noted techie site Slashdot.org and posed the question, “How has the military treated you and your technical friends?” Of the 415 messages posted in response, the majority were negative, with complaints ranging from lack of leadership, to the inability of the defense department to find innovative ways to train and retain talented techies.

Just a few of the comments – which Conti reprinted in an article in the Small Wars Journal co-written with Lt. Col. Jen Easterly, a member of the US Cyber Command Commander's Action Group -- showed how the very culture of the military can at times work against it attracting and retaining the right people to work on the most complex technological issues. “The very things that make us valuable,” one commenter noted, “the ability to think critically, take the initiative, and not be weighed down by conventional thinking is exactly the thing the military seems to weed out.” Another complained about what they considered the overly rigid and standardized promotion system in the military, writing that “the system itself isn't designed to handle individuals that have technical ability, but who aren't ready/don't want to command lower level troops.”

In a separate article published last year in the Department of Defense’s IA newsletter, Conti came up with a creative, dynamic, and at the present time almost certainly unworkable solution: create a fourth branch of the military, dedicated solely to conducting the cyber mission. The two articles do bring up an important topic that the Pentagon has not spent a lot of time addressing: the trouble that the military faces in training—and more importantly, retaining—a competent cyber workforce when the freewheeling culture of the IT crowd so often clashes with the more formal structures of a traditional military career.

Earlier this summer Gen. Keith B. Alexander, dual-hatted as both the head of the Cyber Command as well as the National Security Agency, noted that USCYBERCOM’s workforce is made up of the staffs of two previously existing shops, the Joint Functional Component Command for Net Warfare and the Joint Taskforce Global Network Operations, which have been combined to form the Cyber Joint Operations Center. While the command has also brought in staffers from the Army Forces Cyber Command, the Marine Forces Cyber Command, the 24th Air Force and the Navy’s 10th Fleet, Fleet Cyber Command, Alexander also noted that “one of our greatest challenges will be successfully recruiting, training and retaining our cyber cadre to ensure that we can sustain our ability to operate effectively in cyberspace for the long term.” He also called cybersecurity a “team sport” that requires the help of private industry and academia.

Air Force Brig. Gen. Gregory L. Brundidge, deputy director of cyber for U.S. European Command, speaking at an Armed Forces Communications and Electronics Association event in July, said that while it is critical for the services to “harmonize” their efforts, there is also a need “for us to understand how to harmonize our efforts with civilian agencies and private industry.” Part of the issue is speed. While the military has been working the cyber security problem for some time, threats evolve faster than solutions, and as USAF Maj. Gen. Paul F. Capasso of the Office of Information Dominance told the AFCEA crowd, “we’re in uncharted territory in cyber policy, cyber law and cyber doctrine,” and while “we’re pretty good at buying things…We are terrible at deployment.”

'Cyber Storm III' tests US on cyber attack

Chris Lefkow

September 28, 2010 - 3:04PM

US keyboard warriors were doing battle Tuesday with a simulated cyberattack on government and private computer networks that undermines basic trust in the Internet.

The "Cyber Storm III" exercise involves participants from seven US government departments, including the Pentagon, 11 US states, 60 private companies and 12 international partners.

The biennial exercise is being staged by the Department of Homeland Security and is the first test of the new National Cybersecurity and Communications Integration Center based in an office building in this Washington suburb.

The NCCIC booted up in October 2009 to serve as the coordinating center for US cybersecurity operations and houses US government computer experts and their private sector counterparts under one roof.

Briefing reporters ahead of "Cyber Storm III," Brett Lambo, the director of DHS's Cyber Exercise Program, stressed that the exercise, which is expected to last three days, is "completely simulated."

"We're not attacking any real networks," Lambo said. "We're not taking down a network. We're not injecting any real malware."

The thousands of participants in the exercise will receive more than 1,500 "injects" of simulated events that they will have to react to as unknown adversaries seek to exploit known vulnerabilities in cyber infrastructure.

Potential consequences of the simulated cyberattacks could include "loss of life and the crippling of critical government and private sector functions" such as communications networks and power grids, according to the DHS.

Lambo outlined the general scenario of the exercise for reporters at the high-security NCCIC facility in Arlington but was careful not to give away too much to avoid tipping off the participants.

"In Cyber Storm III, we're kind of using the Internet to attack itself," Lambo said, by compromising the system of encrypted digital certificates that verify identities on the Internet.

"At a certain point the operation of the Internet is reliant on trust -- knowing where you're going is where you're supposed to be," Lambo said.

"We're going to try to compromise that chain of trust by attacking something that's fundamental to the operation of the Internet," he said.

"We'll also be introducing issues in the DNS world," he said of the Domain Name System that assigns easily understandable website names to the string of numbers known as IP addresses.

Lambo said the Pentagon and National Security Agency, the super secret US surveillance agency, were involved in the planning process for the exercise, which will be controlled from US Secret Service headquarters in Washington.

"They'll be arm and arm in the fight with us," he said.

Lambo said there were multiple goals for "Cyber Storm III," including evaluating information-sharing among the participants, assessing their preparedness and evaluating their response to the various threats.

"What we're looking to do is really stress ourselves," he said.

Randy Vickers, director of the US Computer Emergency Readiness Team, said "Cyber Storm III" will be the first meaningful test of the NCCIC center intended to bring together the various components of US cyber defenses.

"In the past we had bubbles of influence," Vickers told reporters in the NCCIC "watch room," which features five huge wall screens displaying threat data and other information in real-time and dozens of computer work stations.

"All of that has been integrated now into one room," he said.

The international partners taking part in the exercise are from Australia, Britain, Canada, France, Germany, Hungary, Japan, Italy, the Netherlands, New Zealand, Sweden and Switzerland.

© 2010 AFP
This story is sourced direct from an overseas news agency as an additional service to readers. Spelling follows North American usage, along with foreign currency and measurement units.

Harris Introduces USB Thumb Drive Designed for U.S. Government Cyber Security Missions


Device Rapidly Probes, Identifies and Extracts Digital Computer Data, Leaving No Footprint

15:01 GMT, September 27, 2010 WASHINGTON, DC

Harris Corporation (NYSE:HRS), an international communications and information technology company, has introduced a highly customizable USB thumb drive that quickly extracts targeted data from computers. The device — called BlackJack — is designed for military, intelligence, and law enforcement cyber security missions, where speed, stealth and accuracy are paramount considerations.

The BlackJack device boots in less than three seconds. It automatically scans and copies data by prioritizing search criteria and securely partitions search results for analysis. Unlike other search devices, it has LED indicators that immediately alert to the presence or absence of targeted data, so users can be certain whether they have indeed located and extracted information of interest.

"This is a true breakthrough for the military, intelligence, and law enforcement communities that provide advanced computer forensics in the field without leaving a telltale footprint behind," said Richard White, vice president, Advanced Information Solutions, Harris Government Communications Systems. "The BlackJack solution is lightning-fast, durable and has the potential for application in other markets, including corporate computer forensics."

Harris is a world leading cyber provider, combining the latest in technology assessment techniques and architecture engineering expertise to define and operate secure networks supporting nationally important programs. The company supports, owns, or operates several of the nation's largest secure networks. Additionally, the company's technology countermeasures and monitoring capabilities are proactively safeguarding vital information assets that support the critical missions of U.S. military, intelligence, transportation, and law enforcement customers.

Ares

A Defense Technology Blog

Cyber Attacks No Longer Non-kinetic

Posted by David A. Fulghum at 9/28/2010 10:11 AM CDT

The evidence is clear. Not only have long-range, cyber-weapons capable of creating physically damage been invented, they have already been used both in tests and operationally.

And while many analysts contend that only a few countries have the capability to build such mechanically-lethal cyber-bombs, the top Pentagon cyber-chief says that’s not so.

The U.S., China, Russia and Israel are not the only countries that write sophisticated algorithms and design them into computer worms and viruses, U.S. Army General Keith Alexander said in testimony to the House Armed Services Committee.

“Attribution [of a cyber-attack] – saying specifically if the problem was caused by one nation-state or another – is difficult,” Alexander says. Asked to evaluate peer competitors of the U.S., he pointed out that, “In cyberspace it’s not the size of the country as it is the [skills of the people] creating the software. There are a number of countries that are near-peers to us in cyberspace and it is a concern. Others can have an asymmetric capability and advantage.

“Non-nation states actors are also a concern,” Alexander says. “There are others that are just as capable as us and in some areas more capable. When people create cyber-tools, the unintentional distribution of some of those tools can cause the most problems. We have to cover the spectrum [because] most of the modern nations have [cyber-skills that] are near to us and in some areas may exceed our capabilities. We’re going to see that one country may be best at developing worms or viruses. Another maybe the best at building tools for exploitation that are stealthy. A third may be best at designing tools that can attack specific systems that are in their national interest. It is an asymmetric advantage over us that some may have.”

Idaho National Laboratory created a 21-line piece of software code for an “Aurora test” that introduced destructive instructions into a closed computer network that “caused the generator to blow up,” said Rep. Jim Langevin (D-RI) during testimony by military officials during a second HASC hearing, this time by the subcommittee on terrorism, unconventional threats and capabilities hearing. The test, in 2007, indicates that this kind of cyber-weapon “is not just sitting around on a shelf somewhere,” he said.

Langevin quizzed the heads of the military’s primary cyber-warfighting organizations about whether, for example, the electrical supplies to U.S. bases are adequately protected. They all confirmed that most bases are dependent on civilian power companies and virtually none have a backup system for critical operations. Both the Navy and Air Force officials testified that they have established relationships with national laboratories and industry to identify critical nodes and single source electrical providers, and agreed that most civilian operations are not secure from cyber-attack. Many powerplants are decades old and many have computer networks that are linked to other unprotected cyber systems, witnesses said.

The Aurora test’s target was a $1 million, diesel-powered, industrial electrical generator. The software caused the machine’s circuit breakers to cycle on and off rapidly which caused vibrations so pronounced that the machine spewed black smoke and ground to a halt.

In June of this year a malicious code named “Stuxnet” -- designed to attack precise elements of very specific pieces of equipment perhaps even operating in closed networks -- was identified by German researchers. In at least one press story, the worm was said to have attacked operating systems by exploiting a vulnerability in some versions of Microsoft Window that has since been patched.

Homeland Security Dept. teams have been assessing vulnerabilities in industrial control systems since the Aurora test, say agency officials, and they plan to increase the number of investigative teams to 10 by 2011.

The code has infected thousands of machines in Pakistan, Iran, Indonesia and India, but has not been associated with any actual damage. The cyber-worm has not been identified in any U.S. systems says a Department of Homeland Security official.

DHS officials have judged that recent press accounts concerning Stuxnet contain a great deal of speculation. Doubts surround discussion of the possible target – Iranian defense industries – and the author of the cyber-worm – Israel’s cyber-warfare organization which is a closely guarded operation within the General Staff.

Stuxnet is “definitely not the world’s first” known cyber-super weapon designed to destroy Scada [supervisory control and data acquisition] networks like those that run factories, refineries, pipelines, utilities and nuclear power plants,” says a veteran cyber-warrior with insight into current operations. “Some of the techniques described [in a recent Christian Science Monitor story] are not feasible given how SCADA systems are or are not connected to other networks. [As a better model] you need to look at the [Aurora] test that was done to destroy power generators a few year back.”

From the Sydney Morning Herald..............

Cyber breaches investigated by Defence

Dylan Welch

October 1, 2010

Defence investigated about 250 ''serious, sophisticated'' cyber intrusions into government networks in the first eight months of the year, and the threat is so severe the department is considering designating cyberspace as a fifth domain of warfare.

The admission comes weeks after a US defence bureaucrat warned that the frequency and sophistication of cyber intrusions were increasing ''exponentially''.

''In the first eight months of this year, approximately 1000 cyber incidents affecting government networks were reported,'' a Defence spokesman said.

A quarter of those incidents - about 250 - were so serious they warranted investigation by Defence's new Cyber Security Operations Command. Those figures represent a rise on figures from previous years, the spokesman said.

There were as many as 2400 other attempted intrusions last year, according to the former defence minister John Faulkner, who made the statement during the launch of the command in January.

The Attorney-General, Robert McClelland, said this week: ''It's very difficult to identify the source of attacks; often they can be routed through other countries or other players.''

In cyber war 'you're on your own': government

October 1, 2010 - 3:59PM


Mike Rothery, who works in the Attorney-General's Department, is a senior advisor in protecting the national infrastructure against attacks. Photo: Penny Bradfield

A senior bureaucrat has warned big business it would have to defend itself if a major cyber attack hit Australia.

As major cyber war games involving Australia, the United States and 14 other nations continue, Attorney-General's Department assistant secretary Mike Rothery called for all organisations to look at their own defensive capabilities.

"To be honest, we struggle to defend our own systems from the current threats," Mr Rothery told ZDNet.com.au.

"The idea that we can extend the envelope to protect the mining industry's SCADA (Supervisory Control and Data Acquisition) or the banking industry just doesn't fly."

His comments come despite the government spending millions on cyber security development including opening the Cyber Security Operations Centre in Canberra.

Attorney-General Robert McClelland has also created the Computer Emergency Response Team (CERT) to help with any cyber attack.

"The people that will defend Westpac will be from Westpac, and Telstra will use people from Telstra," Mr Rothery said.

"It won't be the Australian Army or Signals Corps."

AAP

Cyberattack Becomes More Sophisticated

Oct 7, 2010

By David A. Fulghum
Washington



Talk over the last several years concerning Iran, Israel, the U.S.—and whether Tehran’s nuclear program might be bombed—may have been a canard or a purposeful bit of misdirection.

In fact, the real attack—using cyberweapons instead of bombs—may have been underway during the last year, given the admission of Iranian officials that many of their automated industrial processes—such as those that control nuclear materials and processing—have fallen victim to a cyberworm. But the question of authorship of the attack—despite immediate claims from Iranian officials that it was Israel—is unresolved. It may have been an accident, the action of a surrogate or a cyber-“hired gun,” or a warning of what cyberweaponry can do to the unprepared.

“When people create cybertools, the unintentional distribution of some of those tools can cause the most problems,” says U.S. Army Gen. Keith Alexander, the chief of U.S. Cyber Command. “We have to cover the spectrum [of threats because] most modern nations have [cyberskills] that are near to us and in some areas may exceed our capabilities.

“We’re going to see that one country may be best at developing worms or viruses,” he says. “Another may be the best at building stealthy exploitation tools. A third may be the best at designing tools that can attack specific systems that are in their national interest.” An example of the last might be the U.S. or Israel taking down computers employed in the Iranian nuclear program.

Mahmud Liai, an official of Iran’s industries and mines ministry, says 30,000 computers have been invaded and the attack is considered part of an electronic war against his country. It is widely known that Iran’s nuclear program has been running into technical problems.

For years, an important question has been “whether Israel will one day try to stop the project by its own means,” Maj. Gen. (ret.) Giora Eiland former head of Israel’s National Security Council, tells Aviation Week. “Can we do it? That depends. Can you count on tacit cooperation of others in the region [and America]. What is the physical damage you will cause? The most important question is how much delay in the program do you cause—a few months or years? Months are useless, decades may do.”

Perhaps the decision was already made and acted upon by the U.S., Israel or a third party. Regardless of who inserted the worm, advanced cyberattacks should have been expected. Warnings have been voiced during the last several years. Among those who have suffered increasingly sophisticated cyberattacks are Estonia, Georgia and Syria. Now it appears that Iran and other countries in the region have been made members of that increasingly less-exclusive club of the cyberexploited.

The attack was successful enough to shut down some of Iran’s digitally controlled industrial capabilities, including systems in its nuclear power plant, confirms a senior U.S. defense official. Perhaps reflecting security compartmentalization, “the question is still open about who created the worm and who is infected,” he says. The official says about 60% of the infected sites are in Iran.

“The worm is spread via USB, and it targets administrative access vulnerabilities to locate Siemens-built supervisory and control data acquisition [Scada] management programs that remotely observe and manage large systems,” the official says. “It appears to be able to take control of the automated factory control systems it infects and do whatever it was programmed to do.”

Iranian agencies that run defense facilities say they are trying to undo the potential damage of the Stuxnet worm, which is a self-replicating set of algorithms.

The U.S. has been studying and testing associated capabilities. In the “Aurora Test” conducted by Idaho National Laboratory in early 2007, a 21-line package of software code sent from 100 mi. away caused a $1-million commercial electrical generator to generate self-destructive vibrations by rapidly recycling its circuit breakers.

“It introduced destructive instructions into a closed computer network that “caused the generator to blow up,” said Rep. Jim Langevin (D-R.I.) during testimony by military officials at a House Armed Services subcommittee hearing Sept. 23. Aurora indicates that this kind of physically destructive cyberweapon “is not just sitting around on a shelf somewhere.”

In another example, Israel shut down Syria’s integrated air defenses in late 2007 with cyberattack and electronic warfare long enough to bomb and destroy a nuclear processing plant.

Moreover, many nations that do not have the international and industrial power of Russia, China, South Korea, Japan, Germany, the U.S., U.K. and Israel have matched and in some cases surpassed the larger nations’ cyberexpertise in key specialty areas.

“In cyberspace it’s not the size of the country as much as it is the [skills of the people] creating the software,” Alexander says. “There are a number of countries that are near-peers to us in cyberspace, and that is a concern. Others have an asymmetric capability and advantage [is specific areas].

A key goal of professional cyberwarriors is to penetrate networks that are protected or isolated from other networks. Of particular interest are Scada networks that run factories, refineries, pipelines, utilities and nuclear facilities.

It is no secret that the U.S. also wants to put such weapons on aircraft for airborne electronic attack.

One such device seen by Aviation Week is a software framework for locating digital weaknesses. It combines cybersleuthing, technology analysis and tracking of information flow. It then suggests to the operator how best to mount an attack, and it later reports on the success of the effort. The heart of the attack device is its ability to tap into satellite communications, voice-over-Internet protocol and Scada proprietary networks—virtually any wireless network.

“If you think about the explosion of capability in commercial electronics, it’s obvious that for not too much money, anybody can set up a fairly robust WiFi capability and just ride the backbone of the Internet,” says a U.S.-based network-attack researcher. Stuxnet seems to differ from this concept in that it apparently works autonomously, without direction, and relentlessly searches for predetermined targets.

In the unclassified arena, there are algorithms such as Mad WiFi, Air Crack and Beach. Industry teams have their own toolbox of proprietary, cyberexploitation algorithms. But the unclassified tools give a sense of what can be done. In fact, they resemble some of the characteristics attributed to Stuxnet.

Air Crack, for example, is used to decipher the encryption key for a wireless network. Some are quick but require injecting a lot of data into the network, which makes the attack noisy and easy to trace. Others are passive and slow. It takes days or even months, but no one is aware of the intrusion—as for months was the case with Stuxnet.

Cryptoattack uses sophisticated techniques to attack passwords. It runs fast and gives good results but the operators have to take an active role, capture different types of data and send the right information to get a proper response.

A deauthorization capability can kick all the nodes off a network temporarily so that the attack system can watch them reconnect, which provides information for quickly penetrating the system.

[I]Photo: USAF

Military faces huge cyber threat

Dylan Welch

October 9, 2010

AUSTRALIAN military networks are under siege from soaring levels of cyber strikes by foreign intelligence agencies, according to the country's top electronic spy unit.

In a rare glimpse at the threat the military faces from cyber espionage, figures from the Defence Signals Directorate show the military has experienced 700 attempts a month this year, up from 200 a month last year.

And while Defence will not specify who is behind the intrusions - given the anonymity of the web it is often impossible - there has been a wealth of evidence to indicate dozens of countries are prying.

In August the US Deputy Secretary of Defence, William Lynn, revealed more than 100 foreign intelligence organisations were trying to breach US networks.

It is only the second time DSD has released figures on military network intrusions. These have been gathered by an elite unit within the directorate, the Cyber Security Operations Centre.

It is staffed by defence officers and staff from the federal police, the Attorney-General's Department and the Australian Security Intelligence Organisation.

At the centre's opening in January, the then defence minister, John Faulkner, revealed there had been 2400 ''electronic security incidents'' on Defence networks last year.

In the new information, obtained exclusively by the Herald, DSD reveals 5551 incidents between January and August - a 250 per cent rise.

While Defence says no ''operations'' have been disrupted by the intrusions, it would not comment on whether information had been stolen.

''The very nature of the internet makes it difficult to attribute malicious activity to particular sources,'' a spokesman said.

''[But] it is reasonable to assume that intelligence services of foreign governments would seek to exploit the ubiquity of internet connectivity.''

Numerous countries have used the web for espionage, and China, Russia and North Korea have become particularly adept.

dwelch@fairfax.com.au

Strategic defence review to prioritise cyber security

Resources earmarked to fight internet attacks as a matter of national interest and state security

Richard Norton-Taylor guardian.co.uk, Wednesday 13 October 2010 19.03 BST


'Cyberspace lowers the bar for the espionage game', Iain Lobban warns. Photograph: Getty

A major increase in resources devoted to combating the threat posed by internet attacks will feature in next week's strategic defence and security review, the government's cyber tsar signalled today.

Neil Thompson, director of the Office for Cyber Security, spoke of a "step change" in the government's approach to the threat. Cyber attacks were "cheap, quick, and deniable", he said.

Thompson was addressing a Royal United Services Institute conference on the future of the "critical national infrastructure" – utilities such as gas, water and the National Grid – a day after Iain Lobban, director of GCHQ, the government's eavesdropping and encoding centre, warned of a "real and credible" threat of cyber attack on Britain's infrastructure.

In an unprecedented public speech published today, Lobban said: "Just because I, as a national security official, am giving a speech about cyber, I don't want you to take away the impression that it is solely a national security or defence issue. It goes to the heart of our economic well-being and national interest."

He said there had already been "significant disruption" to government computers by internet worms" -– both those that had been deliberately targeted and others picked up accidentally. "Cyberspace lowers the bar for entry to the espionage game, both for states and for criminal actors," he told the International Institute for Strategic Studies (IISS).

Nigel Inkster, a former senior British intelligence officer and now IISS director, said the problem with cyber attacks was the "complete absence of strategic notice". When they happen "you don't know who's doing it", he said. He added: "And what constitutes an act of aggression?" General Sir David Richards, the new chief of the defence staff, warned in discussions on the strategic and defence review of the danger of "proxy attacks" through cyberspace.

Government officials first told the Guardian three years ago that Chinese hackers, believed to be from the People's Liberation Army, had attacked the computer networks of the Foreign Office, and other Whitehall departments.

Though Britain's armed forces, security, and intelligence agencies are expected to get more resources to combat cyber warfare, officials today emphasised the need for co-operation with the private sector, including internet service providers.

Thompson today stressed the importance of international co-operation. Anders Rasmussen, Nato secretary general, warned earlier this month that the alliance's systems were being attacked "a hundred times a day" by hackers. He added: "Cyberattacks can take down a country's air traffic control system, shut down the banks, paralyse government services and cripple an economy ... they can reach a level that threatens the fundamental security interests of the allies."

Nato spokesman James Appathurai told the Guardian today: "There is a clear general consensus that the Alliance needs to upgrade its cyber defence role and capabilities, for obvious reasons. I think that that will be clearly set out in the Strategic Concept."

A big question is whether under the alliance's New Strategic Concept, a cyber attack will be covered by Article 8 of the Nato treaty which states that an attack on one member would be considered an attack on all.

Ares

A Defense Technology Blog

GCHQ Chief Calls For Closer Cyber Ties With Allies, Industry

Posted by Robert Wall at 10/13/2010 6:54 AM CDT

In a rare public appearance, Iain Lobhan, the boss of the U.K.’s primary signals intelligence organization, GCHQ, has raised some key issues related to cyber security.

The discussion comes at a critical time, since cyber warfare is expected to be one of the winners in the U.K. Strategic Defense and Security Review – due out next week – and also is a topic NATO wants to embrace more fully next month at its Lisbon summit.

Speaking at the International Institute of Strategic Studies, Lobhan notes that “there are over 20,000 malicious emails on government networks each month, 1,000 of which are deliberately targeting them.” How much money is lost in cybercrimes, he notes, is hard to estimate, but the figure runs in the billions.

But there is more to Lobhan’s comments than scare tactics. He notes that “as our national abilities to defend our networks grow, the need for consensus amongst partners and allies on the right way to address specific threats will be ever more essential. We mustn’t let differences between jurisdictions create a weak spot for attackers to exploit.”

Furthermore, Lobhan suggests the intelligence community may need to be more directly tied into industrial infrastructure to help mitigate attacks. Noting that expert advice is already provided to industry, Lobhan argues that “we must continue to strengthen these capabilities and be swifter in our response, aiming to match the speed at which cyber events happen.” To do so, he adds “we need to consider the value of receiving in return a direct feed of information from operators with that same sort of timeliness so that we are aware of the attacks that they are seeing on their systems as they happen.”

Wrong thread!

Doc of the Day: NSA, DHS Trade Players for Net Defense

By Spencer Ackerman October 13, 2010 | 8:29 pm



The military keeps saying that it only wants to defend its own networks — not yours, civilian. Only if the Department of Homeland Security, which safeguards the civilian internet, comes calling will they help out, the generals insist. Today, the Departments of Homeland Security and Defense started to lay the ground work for how to come calling. And to make the whole thing easier, DHS and the National Security Agency, the super-secret military-intelligence hybrid, will station officials at each other’s headquarters.

Defense Secretary Robert Gates and Homeland Security Secretary Janet Napolitano today released a recently-inked joint accord trying to clarify each department’s roles in the event of a cyber attack. Neither department changed the rules for who protects the dot-com and dot-gov networks (Homeland Security) and who protects the dot-mil domain (Defense). But the document — our Doc of the Day, which you can read below — does establish that the military chocolate is in the civilian peanut butter when it comes to cybersecurity.

Basically, the memo orders a big bureaucratic exchange of personnel. The Department of Homeland Security is going to embed some of its people at the National Security Agency, which already runs telecom surveillance dragnets and works to keep hackers and spies out of government networks. It’ll send over a new Director for Cybersecurity Coordination and a bunch of privacy lawyers and civil-rights officials to ensure that neither NSA nor its military twin, the U.S. Cyber Command, cross any legal boundaries.

But other boundaries are more porous. The new director will send and receive requests for NSA and Cyber Command to collaborate on “joint planning” and “information sharing between the public and private sectors to aid in preventing, detecting, mitigating, and/or recovering from the effects of an attack.” For its part, the NSA will create a “Cryptologic Services Group” inside Homeland Security’s National Cybersecurity and Communications Integration Center.

Then there’s Cyber Command, the new unit responsible for protecting military networks from cyberattack. Its chief, General Keith Alexander, who’s also the NSA’s leader, has said “that’s all our authorities allow us to do — defend and operate within our networks” and that he sees “no role” for Cyber Command in the civilian internet. But Gates and Napolitano see some role. Cyber Command will send personnel to the DHS cyber integration center, where they’ll receive “requests for cybersecurity support” for “operational planning and mission coordination.”

The agreement doesn’t actually specify what each agency will actually do in the event of a cyberattack on civilian networks. But it’s understandable that DHS and the Pentagon would want to get closer. When a hole is found in Windows or Apache or Internet Explorer, both civilian and military machines are compromised. Besides, the Pentagon’s operations rely today on unclassified networks to coordinate supplies, schedule transportation, and share information. In other words, the seemingly bright line between dot-com and dot-mil gets fuzzier and fuzzier the longer you look.

But some privacy advocates aren’t comfortable with the new Gates-Napolitano agreement. Although it says that existing legal authorities won’t change, “the NSA can exert great influence in technical standard-setting that will lead to greater surveillance of network communications,” says Marc Rotenberg, the executive director of the Electronic Privacy Information Center. EPIC has filed Freedom of Information Act requests for an array of classified cybersecurity documents, including President Bush’s secret directive, known as NSPD-54, clarifying NSA’s cyber-surveillance authority. “We would be a little more confident about the NSA’s role in cybersecurity if they were a little more transparent,” he says.

Read the agreement here:

http://www.scribd.com/doc/39284773/DOD-DHS-Cybersecurity-Memorandum-of-Agreement

Read More http://www.wired.com/dangerroom/2010/10/doc-of-the-day-nsa-dhs-trade-players-for-net-defense/#more-33143#ixzz12L8Ni4DL

US eyes Australian government web plan

Lolita Baldor

October 16, 2010 - 9:14PM

The US government is reviewing an Australian program that will allow internet service providers to alert customers if their computers are taken over by hackers and could limit online access if people don't fix the problem.

Obama administration officials have been meeting with industry leaders and experts to find ways to increase online safety, as they try to strike a balance between securing the internet and guarding Americans' privacy and civil liberties.

Cyber experts and US officials are interested in portions of the plan slated to go into effect in Australia in December. But any move towards internet regulation or monitoring by the US government or industry could trigger fierce opposition from the public.

Advertisement: Story continues below The discussions come as private, corporate and government computers across the US are increasingly being taken over and exploited by hackers and other computer criminals.

White House cyber coordinator Howard Schmidt told The Associated Press that the US was looking at a number of voluntary ways to help the public and small businesses better protect themselves online.

Possibilities include provisions in the Australia plan that enable customers to get warnings from their internet providers if their computer gets taken over by hackers through a botnet.

A botnet is a network of infected computers that can number in the thousands, and that network is usually controlled by hackers through a small number of scattered PCs.

Computer owners are often unaware that their machine is linked to a botnet and is being used to shut down targeted websites, distribute malicious code or spread spam.

If a company is willing to give its customers better online security, the American public will go along with that, Schmidt said.

"Without security you have no privacy, and many of us that care deeply about our privacy look to make sure our systems are secure," Schmidt said in an interview.

Internet service providers, he added, can help"make sure our systems are cleaned up if they're infected and keep them clean".

But officials are stopping short of advocating an option in the Australian plan that allows internet providers to wall off or limit online usage by customers who fail to clean their infected computers, saying this would be technically difficult and likely run into opposition.

"In my view, the US is probably going to be well behind other nations in stepping into a lot of these new areas," said Prescott Winter, former chief technology officer for the US National Security Agency, who is now at the California-based cybersecurity firm ArcSight.

In the US, he said, the internet is viewed as a technological wild west that should remain unfenced and unfettered. But he said this open range isn't secure, so "we need to take steps to make it safe, reliable and resilient".

"I think that, quite frankly, there will be other governments who will finally say, at least for their parts of the internet, as the Australians have apparently done, we think we can do better," Winter said.

In Australia, internet providers will be able to take a range of actions to limit the damage from infected computers, from issuing warnings to restricting outbound email. They could also temporarily quarantine compromised machines while providing customers with links to help fix the problem.

© 2010 AP

Spy fears as Chinese firm eyes NBN deal

Maris Beck

October 17, 2010

Marc has asked me to post this. It brings up a number of points: -

1) Many of the larger Chinese firms are part or wholly-owned by the Chinese Military, THAT is a fact of life, so no specific reason to necessarily throw your hands up in shock and horror.
2) There are Security concerns with this company controlling major aspects but we need to:
a) Be precise and consistent as a Nation as to what is or is not acceptable for the Chinese to acquire
b) Be prepared to accept their acquisition with specific controls over what they can or cannot do with their acquisition technically.............

Its a potential Minefiled BUT they should face it now and stop "wringing their hands in anxiety" so much..............

SECURITY experts are alarmed that a company with links to the Chinese military is bidding to supply equipment to the national broadband network, warning that the equipment could be used to spy or launch cyber attacks on Australian governments and businesses.

The United States' National Security Agency intervened to block Huawei Technologies' bids to supply equipment to AT&T last year, threatening to withdraw government business if Huawei was chosen, The Washington Post reported.

The company also has faced opposition from Indian and British intelligence agencies and Australian security experts are voicing similar concerns as Huawei seeks a slice of the $43 billion broadband roll-out.

Advertisement: Story continues below As the rate of cyber attacks on Australian interests intensifies, an intelligence expert at the Australian National University's Strategic and Defence Studies Centre, Desmond Ball, said he didn't want to sound alarmist ''but this is the highest order risk that I would see with regard to network vulnerability''.

Bids by Huawei ''would have to be subject to the closest scrutiny but in the end it would be the government's responsibility to reject such an involvement''.

He said the cyber security debate focused on malicious software but more attention should be paid to hardware, which could carry digital trapdoors. Professor Ball said even the most secure cable systems were vulnerable.

Over the next decade, he said, the US-China relationship would become the most likely source of major international conflict and Australia was a key ally of the US.

Retired air commodore Gary Waters, a former senior official in the Defence Department who now works for consultancy firm Jacobs Australia, said the government appeared not to be taking cyber security seriously enough. ''The threat is increasing and I think this is one of those threats,'' he said, adding that an independent private-sector audit would be required of any foreign company ''where alarm bells could sound on cyber security''.

Alan Dupont, director of the Centre for International Security Studies at the University of Sydney, called for a robust discussion of the NBN's security risks, saying: ''This is the critical piece of infrastructure that is going to go down over the next 30 or 40 years … there needs to be a broader discussion of the national security implications.''

The executive director of national security policy at Verizon in Washington, DC, Marcus Sachs, said malicious software was easy to hide in hardware and any risk assessment should focus on how much a company could be trusted.

Huawei lost a bid to supply the NBN's ethernet aggregation equipment and the gigabit passive optical network in June. The contract went to Alcatel-Lucent, a French company.

Huawei, the world's second-largest telecommunications network provider, is believed to be preparing bids to supply almost all the equipment the NBN needs. Former Victorian minister Theo Theophanous is lobbying Canberra on Huawei's behalf.

Huawei emphasises that it is privately owned and has released details that show its employees own its shares. But links with the military are persistently reported. According to The New York Times, Huawei's founder and chief executive, Ren Zhengfei, was an officer in the People's Liberation Army. China analysts say loan credits from China Construction Bank, which were granted to small companies that wanted to buy Huawei equipment, were not necessarily repaid.

Jeremy Mitchell, public affairs director for Huawei Australia, denied the company was linked to the Chinese government.

He said Huawei guaranteed that its equipment was safe. Despite intelligence resistance, Huawei has supplied equipment to British Telecom. He said Optus and Telstra already used Huawei's equipment and about 50 per cent of Australians relied on it. A spokeswoman for Communications Minister Senator Stephen Conroy said the government would ensure that ''national security and resilience issues are addressed in the design and operation of the NBN''.

Cyber attack threat 'could be next Pearl Harbor'

Terrorist cyber attacks on government computer systems and businesses could be “the next Pearl Harbor”, the head of Britain’s Intelligence and Security Committee (ISC) has warned.

By Murray Wardrop and Duncan Gardham, UK Daily Telegraph

Published: 10:02AM BST 18 Oct 2010


The document will also highlight the threat from cyber attacks on government infrastructure Photo: ALAMY

The claim comes as a Government report identifies the “growing threat” of computer hackers to Britain as a key priority for the security and intelligence services.

The National Security Strategy, to be unveiled by David Cameron, lists cyber attacks alongside violent terrorism as the most important challenges faced.

It is named ahead of natural disasters and military attacks from other countries in a list of the four most pressing concerns to national security.

The strategy is a key precursor for the Strategic Defence and Security Review, to be published tomorrow, which will explain how Britain will defend itself against such attacks.

It will also form the basis for spending decisions to be announced this week, including a £500 million boost to cyber defence, sources told The Daily Telegraph.

Speaking ahead of the Prime Minister’s announcement, Sir Malcolm Rifkind, chairman of the ISC, said cyber attacks could pose “very massive problems”.

He told BBC Radio 4’s Today programme: “It’s not people hacking into private citizens’ computers.

“What we’re talking about is terrorists being able to actually use cyber methods, for example, to interrupt the National Grid to prevent proper instructions going to power stations, which are under computer control.

“I was in the United States a few months ago and a very senior intelligence figure said to me that cyber attacks, he feared, were going to be the United States’ next Pearl Harbor.

“That’s the kind of severity that could happen if we don’t get it right.”

The security and intelligence services and counter-terrorism police are to escape major cuts in this week’s public spending review due to the threats identified by the strategy.

The primary threat remains al-Qaeda in Pakistan and its associates in Somalia, Yemen and North Africa, who continue to plan attacks against targets in Britain, the security strategy will say.

That is likely to mean that MI5, MI6, GCHQ and the Metropolitan Police counter-terrorism command will escape the worst of the cuts. But the document will also highlight the threat from cyber attacks on government infrastructure.

While not naming individual states, GCHQ, which is responsible for cyber defence, has been concerned for some time that states such as China and Russia are unlikely to use conventional or nuclear weapons in an attack on Britain and are more likely to attempt to shut down essential systems used to run the country.

Similar attacks have been seen when Russia has been in disputes with Estonia and Georgia, leading to problems with their internet and even cash machines.

A third risk that will be highlighted is the threat of small-scale wars in foreign countries that may escalate out of control, drawing in neighbouring countries and creating havens for terrorists.

That threat is likely to have a major bearing on the defence review tomorrow, which is likely to emphasise the need for mobile forces involving a combination of aircraft carriers and special forces.

The fourth element will be the risk from natural disasters such as pandemic flu, where strategies have been developed over recent years.

Iain Lobban, the head of GCHQ, said in a speech last week that the Government was receiving 20,000 malicious emails a month, of which 1,000 were deliberate attacks.

Theresa May, the Home Secretary, insisted that the four threats were not listed in any particular order, however, in interviews on Monday, she stressed the seriousness of terrorist and cyber attacks.

"We are absolutely clear that we do have a very serious threat from international terrorism – that is why the threat level here in the UK is at severe," she told ITV1's Daybreak.

"That means that an attack is highly likely, so everybody does need to be vigilant.

"What we see today is more diverse sources of threat, but we are absolutely clear that we do have that very serious threat from international terrorism."

Speaking on Today, she later added: "Cyber security is a very growing threat. It's a threat to government, to business and indeed to personal security.

"We have identified this as a new and growing threat to the UK and you just have to look at some of the figures.

"In fact, about 51 per cent of the malicious software threats that have ever been identified were identified in 2009."

The expected focus on terrorism of the strategy will underpin moves towards mobile military units, intelligence-gathering and special forces and away from the tank brigades and jet fighters which dominated defence thinking in the Cold War.

This strategic shift is certain to be reflected in the SDSR, which is expected to pave the way for manpower cuts in all three services, the closure of RAF bases and the withdrawal of Army tanks and RAF jets.

A personal intervention by Mr Cameron spared the MoD the 10 -20 per cent cuts demanded by the Treasury, and a £5 billion project to build two new aircraft carriers for the Royal Navy will go ahead.

Cyberspace is the New Domain of Warfare

(Source: U.S Air Force; issued October 18, 2010)

WASHINGTON --- With the creation of the U.S. Cyber Command in May and last week's cybersecurity agreement between the departments of Defense and Homeland Security, DOD officials are ready to add cyberspace to sea, land, air and space as the latest domain of warfare, Deputy Defense Secretary William J. Lynn III said Oct. 14.

"Information technology provides us with critical advantages in all of our warfighting domains, so we need to protect cyberspace to enable those advantages," Secretary Lynn said.

Adversaries may be able to undermine the military's advantages in conventional areas by attacking the nation's military and commercial information technology, or IT, infrastructure, Secretary Lynn said.

This threat has "opened up a whole new asymmetry in future warfare," the deputy defense secretary said.

DOD's focus on cyberdefense began in 2008 with a previously classified incident in the Middle East ,in which a flash drive inserted malware into classified military networks, Secretary Lynn said.

"We realized we couldn't rely on passive defenses and firewalls and software patches, and we've developed a more-layered defense," he said.

Secretary Lynn laid out a draft cyberstrategy in the September/October issue of "Foreign Affairs" magazine. He said DOD officials are working to finalize the strategy.

"There's no agreed-on definition of what constitutes a cyberattack," Secretary Lynn said. "It's really a range of things that can happen, from exploitation and exfiltration of data to degradation of networks, to destruction of networks or even physical equipment, (or) physical property. What we're doing in our Defense cyberstrategy is developing appropriate responses and defenses for each of those types of attacks."

One element of the strategy, working with Homeland Defense to protect critical military and civilian IT infrastructure, was put into place Oct. 13, when Defense Secretary Robert M. Gates and Homeland Security Secretary Janet Napolitano announced a new agreement to work together on cybersecurity.

The agreement includes a formal mechanism for benefiting from the technical expertise of the National Security Agency which is responsible for protecting national security systems, collecting related foreign intelligence and enabling network warfare.

Another element is what Lynn calls a "layered defense, where you have intrusion detection and firewalls, but you also have a ... layer that helps defend against attacks."

In his draft strategy, Secretary Lynn described the defense-layer component of cybersecurity in terms of NSA-pioneered systems that "automatically deploy defenses to counter intrusions in real time. Part sensor, part sentry, part sharpshooter, these active defense systems represent a fundamental shift in the U.S. approach to network defense."

And, since no cyberdefense system is perfect, DOD officials require "multiple layers of defense that give us better assurance of capturing malware before it gets to us," Secretary Lynn said.

"We need the ability to hunt on our own networks to get (intruders who) might get through, and we need to continually improve our defenses," he said. "We can't stand still. The technology is going to continue to advance, and we have to keep pace with it."

Envisioned attacks on military networks could impair military power, national security and the economy, Secretary Lynn said.

Enemy cyberattacks could deprive the military of the ability to strike with precision and communicate among forces and with headquarters, he said. It could impair logistics or transportation networks and eliminate advantages that information technology has given military forces.

"Beyond that, cyberattacks conceivably could threaten the national economy if (adversaries) were to go after the power grid or financial networks or transportation networks, and that, too, would be a national security challenge," Secretary Lynn said. "And over the long run, there's a threat to our intellectual property ... basically a theft of the lifeblood of our economy."

Working more closely with allies is an important element of the strategy to ensure a shared defense and an early warning capability, he said.

The NATO 2020 report identified the need for the alliance's new 10-year strategic concept to further incorporate cyberdefense concepts Secretary Lynn wrote about in Foreign Affairs.

U.S. technological advantages are a critical part of the cyberstrategy, and the Pentagon already is working with industry and with the Defense Advanced Research Projects Agency to put these to work, Secretary Lynn said.

As part of a public-private partnership called the Enduring Security Framework, Secretary Lynn wrote, chief executive officers and chief technology officers of major IT and defense companies meet regularly with top officials from the DOD, Homeland Security, and the Office of the Director of National Intelligence.

DARPA also is working on the National Cyber Range, a simulated model of the Internet that will enable the military to test its cyberdefenses before deploying them in the field.

The Pentagon's IT acquisition process also has to change, Secretary Lynn wrote.

It took Apple Inc. 24 months to develop the iPhone, he said, and at DOD, it takes on average about 81 months to develop and field a new computer system after it is funded.

"The Pentagon is developing a specific acquisition track for information technology," Secretary Lynn wrote, and it also is bolstering the number of cyberdefense experts who will lead the charge into the new cyberwar era.

The military's global communications backbone consists of 15,000 networks and 7 million computing devices across hundreds of installations in dozens of countries, Secretary Lynn wrote.

More than 90,000 people work full time to maintain it, he said, but more are needed.

Through the establishment of U.S. Cyber Command and the bolstering of cybersecurity at other defense agencies, "we've greatly increased the number of cyber professionals we have at DOD and will continue to increase that," Secretary Lynn said.

-ends-

Ares

A Defense Technology Blog

Cyber Sins and Digital Damnation

Posted by David A. Fulghum at 10/21/2010 9:45 AM CDT

Former senior Pentagon officials are stunned to hear that Defense Secretary Gates’ office is separating command, control and computers oversight from its intelligence responsibilities in a restructuring of responsibilities.

The plan would kill the of Asst. Sec. of Defense for networks and information integration (ASD-NII) and disperse functions of the Joint Staff’s J-6 office. And it's a flawed concept, says a former senior Pentagon civilian.

The change will open the door to inter-service misunderstanding, fragmentation of software/ cyberoperations and electronic warfare and ensure a lack of influence over command, control and communications (C3) issues at the highest level joint-service debates, says Don Latham, a former asst. sec. of defense for C3I who has since then served as a participant in Defense Science Board studies.

“It is almost unbelievable,” said a second former official. “I am not sure what is behind this but [the] SecDef and DOD will rue the day that they let all of this out of their grasp.” A third trashed the lack of process, saying, “This whole thing -- abolishing NIT, BTA, and J-6 without prior detailed discussion about how the missions get covered – is very discouraging.”

The administration of C3 and intelligence were combined in the 1980s, just in time for the Persian Gulf War in 1990.

“Now [in 2010] we’re separating the pieces and distributing them to organizations that don’t have a seat at the [Defense Secretary Office’s] resources table and no voice in the operations mafia about how to maximize the C3I capability in combat,” Latham says. “If it is so important to get rid of the ASD-NII, why not create an under-secretary of defense position for C4ISR [C3 and computers and intelligence, surveillance and reconnaissance] position that puts C3 and I back together as it should be?”

A recent series of memoranda from Gates is organizing the transfer of the Pentagon’s Chief Information Officer, C2 in Joint Forces Command and NII to the Defense Information Systems Agency. In addition, NII information assurance functions go to Cyber Command. A final plan is to be in place by Dec. 15.

The reorganization was planned by deputy defense secretary William Lynn, who heads the Pentagon’s cybersecurity efforts. Gates goal is to cut cost and Lynn’s task is to redistribute assets. Critics fear that cross-service communications and operational input to cyberplanning will be degraded.

Other former Defense Dept. officials expressed concern about Lynn’s lack of technical background and the loosening of OSD control.

Lynn’s plans stress protection rather than communications. He contends that current U.S. military advantages result from information technology including precision strike, transportation and logistics.

“If you compromise that technology, if you can get inside it, you can blunt all of those advantages,” Lynn said recently. “Secretary Gates has asked me to take the lead in terms of pulling the threats together and trying to develop a coherent strategy to defend our military networks.”

Critics say that compartmentalization of effort within the U.S. military is an equal threat.

Latham provides a series of examples of how not having technology advocates and centralized OSD leadership in such discussions can hinder the introduction of new technology and interoperability.

“In the 1980s, [the joint tactical information distribution systems] JTIDS could have been put into large-scale production for F-15s and F-16s,” he says. “It was rejected by then Defense Secretary Caspar Weinberger and senior Air Force officials because they wrongly judged that JTIDS -- the first time-division multiple-access communications system -- would be too expensive. Yet at the same time similar equipment was being developed for installation in the F-22. The result was a delay of several years in getting the JTIDS capability into operational tactical aircraft as well as Army and Navy platforms.”

Around the same time there was a similar debate about whether to approve or kill GPS. This time there was a C3 advocate who ensured the navigation capability was available for many by the time the Persian Gulf war started in 1990.

Shortly after, the Army was deciding whether to put the single-channel ground and airborne radio system (Sincgars) in its vehicles. The argument was won by a pair of C3 specialists who assured that the Army was ready for Sincgars and eventually the software radio technology which is now a military standard for all the services.

If the current plan to cut spending by disestablishing the ASD(I) position is carried out, “No one is left with enough stature as part of the OSD structure to argue and defend C3,” Latham says. “The C3 budget is in the $10 of billions. How do you disperse this important capability with no OSD or J6 oversight? Instead we should create an OSD C3ISR office [like the Air Force did over the last three years].”

One suggestion is to merge ASD(NII) with the existing USD(I) office to create a joint USD(C4ISR)office in OSD.

Moreover, the move also removes the need for technical and operational integration of C3 and Cyberwarfare.

“Who [at the joint level] is going to speak for that void of knowledgeable people that could advocate and shepherd the technology for software and hardware systems through the bureaucracy,” he asked.

Meanwhile, the services are building their own version of NII. A pioneer was Lt. Gen. (ret.) Dave Deptula who expanded the role of U.S. Air Force intelligence chief to include ISR. The Navy did something similar by combining its N2 (intelligence) and N6 (networks and communications) offices.

Now OSD has seemingly reversed the process.

“The services will now get their own way in developing these capabilities because they won’t have to go through OSD to get [new] C3 approved which includes for offensive and defensive electronic warfare and all the networks,” Latham says.

The development of communications satellites is an example of how inter-service problems have cropped up because of the absence of strong Defense Secretary Office oversight to resolve cross-service issues.

“When we started MilStar [satellite communications system], there were big fights between the Air Force and Navy over what characteristics the satellite would have,” Latham says. For example, “The Air Force launched a major effort to task each service to pay a share of the cost of satellite system use. We could never settle that issue. The Navy developed their own unique UHF system.”

There is the possibility of breakthrough technologies that could produce a compromise for Lynn and his critics.

“It’s clear there is enormous potential in the concept of cloud computing,” Lynn says. “Because you are able to put your defense around the cloud in a way that you can’t put it around individual computers, you are less dependent on individual users taking the right steps to protect their hard work.”

The Pentagon is looking at a number of technologies in fact.

“Cloud [computing] provides the opportunity to build service-oriented applications that allow flexibility in storing and providing mission assurance, says Robert Butler, deputy assistance secretary of defense for cyberpolicy. “Within the cloud, security is [derived] from the implementation of the cloud and how it works. The technology scheme is to study the integration of architectures and capabilities over time. There is a step toward partitioning within the cloud, but it also is looking at ideas that allow us to assure missions from a security standpoint while encouraging the availability of applications.”

Another option among a series of operating concepts under consideration is a separate defense/government network – called “dot-secure” that is walled off from the rest of the internet.

“If we are faced with a significant, large-scale threat, what else can be done?” Butler says. “Creation of a dot-secure arena may mean ensuring that operations continue” within the Defense Dept. even while it is under attack.

Critics contend that the protected network would become the number one target and that no system is completely secure. Even government officials say a “Maginot Line” mentality toward cyberwar is doomed.

Ares

A Defense Technology Blog

Cyber Policy Creeps Toward Reality

Posted by David A. Fulghum at 10/21/2010 2:49 PM CDT

News from the cyberfront has been universally bad for the last several years, but there is now hope of progress “in the next several months,” as the Defense Dept. rolls out its plans for organizing the cybersphere, says Robert Butler, deputy assistant secretary of defense for cyberpolicy.

“We have a strategy moving forward and a series of operating concepts under consideration that will come together inside a planning and progressing discussion over the next several months,” Butler says.

However, the list of tasks still to complete is daunting.

“We need to find more ways to operate effectively in cyberspace,” he says.

The emerging strategy has five pillars.

* Cyberspace is a separate operational domain and Cyber Command is a manifestation of that.

* New operational concepts are needed that provide active defense, resiliency and the ability to ensure military forces can deploy no mater what happens in the cybersphere.

* There has to be partnering with the Homeland Security Dept., other government agencies and the private sector.

* Cybernetwork capacity and international partnerships need to be built – not only traditional allies – to ensure best behavior in cyberspace.

* To stay ahead of adversaries, there has to be innovation, technology solutions, development of a cybercadre and workforce and maintenance of a technology scan to know what advances are coming such as cloud computing, wireless systems and advanced mobile devices.

A key element of the Pentagon’s strategy is development of “active defense” instead of offensive cyberwarfare.

“Active defense is a bundling of capabilities that is tied together with sensing [that is done] outside the network,” Butler says. “It’s the ability to take those bundled services and tool sets that allow you to prevent things from coming inside your network.”

Another requirement for cybersuccess will be international partnerships based on shared awareness and warning as well as collective response which will lay the foundation for deterrence in cyberspace, he says.

“There is such a variety of threats in scale and diversity, and the amount of activity [in cyberspace] has increased so much, that a situational awareness picture is hard to create,” Butler says.

International sharing is considered part of the solution. Attribution of attack is another part of the puzzle that international sharing may help solve.

“It is a perplexing issue because of the anonymous nature of cyberspace,” Butler says. “It is analytically intensive. We’re making progress and getting a better sense of understanding signatures that we can put into protection and intrusion prevention systems. But as the complexity within cyberspace continues to mount, we need different models. We don’t have the fidelity we need. We’re trying to characterize the levels of harmful intrusion. That’s difficult because the context of cyberactivity is not always clear.”

Another tool to thwart cyberattack is to ensure that everyone understand the taxonomy of cyberwar, cyberattack, hostile intent and hostile acts.

“When you see activity building, can you determine if is it a threat or harmful?” Butler says. “We’re trying to find ways to tie people together so they will see the same picture. Even if you are able to sense an anomaly, especially with the new variants of worms and viruses, it’s still very hard to figure out what the anomaly is. What does a marshalling of botnets really mean? There are good botnets and bad ones. And once you’ve determined it’s malicious, who’s going to do something about it?”

Time to reboot our push for global Internet freedom

By Jackson Diehl
Monday, October 25, 2010

Last Tuesday 215,646 Internet users in Iran evaded their regime to visit sites such as Facebook, Twitter and RadioFarda.com, the U.S.-funded Persian-language news service. In Syria, 14,886 people freely surfed; in Vietnam, 10,612; in Saudi Arabia, 14,691; in China, 18,000.

I know this because I saw the internal logs of a company called UltraReach, which created and manages a firewall-breaching system that is allowing as many as half a million people a day to visit Web sites banned by their governments, and circumvent or avoid detection. To watch the traffic stream through the company's servers is to see a parade of the world's most oppressed people. In the few minutes I watched I also saw Cubans, Burmese, Uzbeks, Belarusians, Algerians, Cambodians and Libyans traveling via an Internet link to Northern California, where they were able to visit any non-pornographic site without being blocked or identified.

That the technology created by UltraReach and an affiliated company called Freegate works is not a matter of debate. Its success has been recognized from the State Department to the Chinese government, which has devoted enormous resources to trying to defeat it, so far unsuccessfully. The question is what is to be done. The companies' volunteer founders and operators say that if they could get $30 million in funding they could ramp up their server networks to accommodate millions more users -- and effectively destroy the Internet controls of Iran and most other dictatorships.

Since 2007, a few in Congress have been trying to get that funding by putting earmarks into the State Department budget -- a total of $50 million so far. Yet the firewall-busting firms, which have formed an entity called the Global Internet Freedom Consortium, have yet to receive a dime. In fact, $35 million of the funds has yet to be spent, even though it was included in State's budgets for 2009 and 2010.

You'd think State would be eager to act. After all, Hillary Clinton gave a major speech last January saying that the promotion of Internet freedom would be a top priority. Her senior aide for human rights and democracy, Assistant Secretary Michael Posner, says that defeating Internet censorship could be "a game-changer" in countries like Iran.

So why has nothing happened? The answer appears to be a mix of bureaucratic slowness, confusion over policy and -- just possibly -- a desire to avoid offending the Chinese government, which has denounced the Internet coalition as "anti-China forces engaged in anti-China activities."

In fact, the founders of UltraReach are members of the Falun Gong movement, which has been banned and heavily persecuted by Beijing. Its chief technologist, who met with me last week, left China for Silicon Valley after the 1989 Tiananmen square massacre. This man, who spoke on the condition of anonymity because he has relatives in China, said that the circumvention program was written in 2001-02 to help Chinese get around the regime's powerful firewall. But the software, which can be carried on a thumb drive, quickly spread. How much so became clear in June 2009, when Iranians erupted in protest over a stolen presidential election. More than 1 million Iranians tried to use UltraReach's system, causing its servers to crash. Since then about half of the system's users have been Iranian.

The Bush administration received the first $15 million put in State's budget for this technology through the efforts of Rep. Frank Wolf (R-Va.) and Sen. Sam Brownback (R-Kan.), among others. It gave most of the money to a company that specializes in training journalists. The next appropriation, of $5 million, was inherited by the Obama administration; it took more than 18 months to dispose of it. Of that funding, $1.5 million was given in August to the Broadcasting Board of Governors for distribution to the Global Internet Freedom Consortium. But the BBG has yet to turn over the funds. Meanwhile, State has not even begun the process of distributing the $30 million in its budget for fiscal 2010, which ended three weeks ago.

Posner says that's because State has been busy developing a detailed strategy for implementing Clinton's Internet freedom goals. It will, he said, be aimed not just at busting Internet firewalls but also at heading off governments' moves to regulate the Internet. So while funding for circumvention "will be an important piece" of the program, so will research into technologies and training, including of State's own personnel. Posner told me, "the money should follow the strategy."

That sounds reasonable. Yet while State is polishing its policy and preparing yet more training programs, Iranians and people from dozens of other countries are trying to get free access to the Internet. The technology exists to give it to them. State has the money in hand to pay for it. Yet after years of delay, the agency still hesitates to act. Posner says this has nothing to do with fear of offending China; but last year The Post quoted an unidentified State Department official saying the opposite. Either way, it's a poor record.

Air Force manual describes shadowy cyberwar world

By DAN ELLIOTT
The Associated Press

Monday, October 25, 2010; 4:01 AM

DENVER -- A new Air Force manual for cyberwarfare describes a shadowy, fast-changing world where anonymous enemies can carry out devastating attacks in seconds and where conventional ideas about time and space don't apply.

Much of the 62-page manual is a dry compendium of definitions, acronyms and explanations of who reports to whom. But it occasionally veers into scenarios that sound more like computer games than flesh-and-blood warfare.

Enemies can cloak their identities and hide their attacks amid the cascade of data flowing across international computer networks, it warns.

Relentless attackers are trying to hack into home and office networks in the U.S. "millions of times a day, 24/7."

And operating in cyberspace "may require abandoning common assumptions concerning time and space" because attacks can come from anywhere and take only seconds, the manual says.

The manual - officially, "Cyberspace Operations: Air Force Doctrine Document 3-12" - is dated July 15 but wasn't made public until this month. It is unclassified and available on the Internet.

It dwells mostly on protecting U.S. military computer networks and makes little mention of attacking others. That could signal the Pentagon wants to keep its offensive plans secret, or that its chief goal is fending off cyberattacks to keep its networks up and running, analysts said.

"Their primary mission is in some ways defensive," said James Lewis, a cybersecurity expert and a senior fellow at the Center for Strategic and International Studies.

Lewis said the government still hasn't decided whether offensive cyberwarfare is the province of the military or intelligence agencies.

"Who gets to do it? Is it a military operation?... An intel operation?" Lewis said. "They've made a lot of progress in the last year but they're still sorting out the doctrine."

Noah Shachtman, a contributing editor to Wired magazine and a fellow at the Brookings Institute think tank, said even the limited mention of offensive operations in the manual surprised him.

The manual cites one example of a cyberwar objective as "shutting down electrical power to key power grids of enemy leadership."

"That's usually not the kind of thing we talk about doing to others," Shachtman said. "The offensive stuff is supersecret."

Much of the manual is entry-level material, Shachtman said, citing an appendix listing 10 things Air Force personnel should know, including a warning not to open attachments in e-mails from unknown senders.

"The equivalent appendix would be like, 'This is a gun. Guns are unsafe. Please do not point them at your face,'" Shachtman said.

The manual explains how dependent the military and civil society have become on computer networks for communication, banking, manufacturing controls and the distribution of utilities.

It also outlines the vulnerabilities of the Internet, including the relatively low cost of computers that could give an adversary a way to block, manipulate, damage or destroy a network.

It describes a 2005 incident when a hacker or hackers got access to personal information of more than 37,000 Air Force personnel.

The manual points out that much of the Internet's hardware and software are produced and distributed by private vendors in other countries who "can be influenced by adversaries to provide altered products that have built-in vulnerabilities, such as modified chips."

Defending the entire U.S. military network is unnecessary and probably impossible, the manual says. Just as the Air Force doesn't try to defend every square mile of airspace around the globe, it won't try to defend the whole of cyberspace.

"Whether used offensively or defensively ... conducting particular cyberspace operations may require access to only a very small 'slice' of the domain," the manual says.

Overall U.S. military cyberwarfare operations will be the job of the U.S. Cyber Command, which began limited operations in May. It will have components from the Army, Air Force, Navy and Marines.

The Air Force component - the 24th Air Force at Lackland Air Force Base, Texas - is part of the Air Force Space Command at Peterson Air Force Base, Colo.

Lewis said the Cyber Command had a hand in the content of the Air Force manual.

"I see it as the first step in assigning special missions to the services. It's a division of labor among the services," he said.

The Marine Corps' cyberspace operation document is still in development, a spokeswoman said. Army and Navy officials didn't immediately respond to Associated Press questions about their planning.

Responsibility for civilian and government cybersecurity is less clear. Congress is debating between giving more power to the Homeland Security Department or the White House and the National Institute of Standards and Technology.

Homeland Security and the National Security Agency announced this month they would cooperate to strengthen the nation's cybersecurity.

---

Online:

The Air Force cyberwarfare manual is on the website of the LeMay Center for Doctrine Development and Education:http://www.cadre.au.af.mil/main.htm

Armed with new treaty, Europe amplifies objections to U.S. data-sharing demands

By Edward Cody
Washington Post Foreign Service

Tuesday, October 26, 2010; 6:46 PM

BRUSSELS - The Obama administration has encountered mounting resistance in Europe to its demands for broad sharing of airline passenger data and other personal information designed to spot would-be terrorists before they strike.

Europe's objections, based on privacy considerations, worry U.S. counterterrorism officials because computer scrutiny of passenger lists has become an increasingly important tool in the struggle to prevent terrorists from entering the United States or traveling to and from their havens. The would-be Times Square bomber was hauled off a Dubai-bound airliner in May, a senior U.S. counterterrorism official said, after his name on the manifest produced a ding in Department of Homeland Security computers.

European privacy advocates have long criticized the U.S. effort to scoop up as much information as possible on U.S.-bound travelers, saying it violates Europe's traditionally stringent data privacy laws. But their power to criticize was boosted recently to the power to block. Since Dec. 1, the Lisbon Treaty has given authority over such accords to the European Parliament, where privacy concerns are embraced.

"The administration can't just stiff-arm them anymore," said Marc Rotenberg, who heads the Washington-based Electronic Privacy Information Center and testified at a European Parliament hearing in Brussels on Monday.

As a result of lawmakers' concerns, the European Union executive has demanded a renegotiation of the four-year-old agreement laying out the conditions under which European airlines can supply passenger data. The move amounts to a recognition that the current accord, renegotiated after the European Court of Human Rights struck down the first version, could never be approved in the European Parliament as it stands.

The negotiations for a new deal, due to get underway in coming weeks, will be conducted by the European Union's executive commission, which in the past has been more amenable than the parliament to U.S. concerns. The 27 E.U. heads of state are scheduled to approve the commission's negotiating mandate at a summit conference in December. But privacy advocates have said that regardless of what the heads of state decide, there is a majority in parliament that will reject any accord that does not meet their concerns.

"Now we have the power, and they have to deal with us," said Sophie in 't Veld, a Dutch privacy advocate and European Parliament member who is vice chairman of the Committee on Civil Liberties, Justice and Home Affairs.

Recognizing the new reality, the U.S. mission to the European Union has strengthened its team focused on the parliament. Ambassador William E. Kennard, a recent Obama appointee, was among those testifying at Monday's hearing, emphasizing the history of U.S.-European cooperation and shared values.

Nevertheless, he said, "while we share the same values, we implement them in different ways."

Kennard said that the United States would oppose any attempt to make the new agreement invalidate the dozens of agreements, most of them secret, that the United States has concluded with individual European governments. But several European Parliament members said that leaving those accords intact would make no sense if they violate the pan-European agreement, insisting they would have to be updated.

"We will not be easy to deal with," one of them told Kennard.

"I would like to say this is just a bump in the road," the counterterrorism official in Washington said, speaking on the condition of anonymity because of the sensitivity of the subject. "But if the negotiating mandate contains some constraints on the commission that would eviscerate the agreement, then we're obviously concerned."

European privacy advocates have also raised objections to U.S. "data fishing," or combing through data to shake out suspects without a cause for suspicion; U.S. attempts to use passenger data to create profiles of likely terrorists; and data sharing among U.S. agencies, some of which might have nothing to do with counterterrorism.

"The whole collection of data, it's getting to a point where it's almost hysterical," in 't Veld said.

Parliament members expressed concern Monday about the lack of a reliable legal channel for Europeans to challenge what U.S. government agencies do with, and conclude from, data collected on them. U.S. citizens have such a right under the 1974 Privacy Act, but it excludes non-Americans.

Along with the specific objections, however, ran a current of irritation that Europeans are being asked to cooperate in a U.S. anti-terrorism campaign that many of them say has more than once veered off course - leading to torture, black prisons, extraordinary rendition and Guantanamo.

"Rather than the Americans dragging the European standards down, we should insist that the Americans live up to their own decent standards," said Douwe Korff of London Metropolitan University, one of a dozen expert witnesses.

The undercurrent of irritation swelled in January when the United States began requiring U.S.-bound travelers from countries covered by a visa waiver program to register first with the Department of Homeland Security. Failure to register on a U.S. Web site at least two days before a planned flight can result in an airline refusing to allow a passenger to board, a prospect that limits last-minute travel.

The irritation was compounded by a recent announcement that as of last month, European travelers would be charged $14 to register. Some European officials have described the registration and fee system as a visa by another name and threatened to impose a visa requirement on U.S. travelers to Europe in retaliation.

"We're getting fed up with the U.S. imposing its legislation on us," in 't Veld said.

Iranian Cyber Army running botnets, researchers say

By Jeremy Kirk

October 25, 2010 07:45 AM ET

IDG News Service - A group of malicious hackers who attacked Twitter and the Chinese search engine Baidu are also apparently running a for-rent botnet, according to new research.

The so-called Iranian Cyber Army also took credit last month for an attack on TechCrunch's European website. In that incident, the group installed a page on TechCrunch's site that redirected visitors to a server that bombarded their PCs with exploits in an attempt to install malicious software.

Researchers with a security startup called Seculert have traced the malicious server behind those attacks and found indications that the Iranian Cyber Army may also be running a botnet.

They've found an administration interface where people who want to rent the botnet can describe the machines they would like to infect and upload their own malware for distribution by the botnet, said Aviv Raff , CTO and co-founder of Seculert. The company runs a cloud-based service that alerts its customers to new malware, exploits and other cyber threats.

"You provide the number of machines and their region," Raff said. "You then provide the malware download URL, and they will do the malware installation for you."

There are many computer crime gangs that create botnets, or networks of compromised computers, that can then be rented to other players in the cybercrime industry, such as spammers.

Raff said Seculert was able to see the administration panel as it was left unprotected. His company has since notified the provider where the page is hosted and contacted law enforcement.

The Iranian Cyber Army is believed to be behind the botnet since the administration panel showed the same e-mail address that was displayed after the Twitter and Baidu defacement attacks. Also, a page displaying statistics on the number of infected machines showed the group's name in its HTML source code, according to screenshots posted by Seculert.

The statistics page showed that as many as 14,000 PCs were being infected per hour. Since the server has been active since August, Seculert estimates it may have successfully infected as many as 20 million PCs.

The administration console also shows that the exploit kit used to deliver malware has exploits targeting the Java runtime environment, products from Adobe Systems, and Microsoft's operating systems and Internet Explorer browser.

None of the vulnerabilities used by the exploit kit appear to be unknown or, in some cases, even revealed recently. For example, one vulnerability dates from 2006.

"It's scary to see that people are still getting infected because of this vulnerability," Raff said.

The botnet has been used to distribute some of the more notorious malicious software programs including Zeus, which is used to hack into online banking accounts, and the data-stealing Trojans called Gozi and Carberp, Raff said.

An e-mail address links the botnet to earlier attacks claimed by the Iranian Cyber Army.

When Twitter was attacked in December 2009, users were direct to a different website bearing a green flag and the message "This site has been hacked by Iranian Cyber Army," along with the group's supposed e-mail address.

The attack against Twitter, and another against Baidu.com, involved tampering with DNS (Domain Name System) records, which can cause users to be redirected to another website even if the correct domain name is typed.

Despite Scare Talk, Attacks on Pentagon Networks Drop in 2010

By Noah Shachtman October 28, 2010 | 7:00 am



Listen to the generals speak, and you’d think the Pentagon’s networks were about to be overrun with worms and Trojans. But a draft federal report indicates that the number of “incidents of malicious cyber activity” in the Defense Department has actually decreased in 2010. It’s the first such decline since the turn of the millennium.

In the first six months of 2010, there were about 30,000 such incidents, according to statistics compiled by the U.S.-China Economic and Security Review Commission. Last year, there were more than 71,000. “If the rate of malicious activity from the first half of this year continues through the end of the year,” the commission notes in a draft report on China and the internet, “2010 could be the first year in a decade in which the quantity of logged events declines.”

The figures are in stark contrast to the sky-is-falling talk coming out of the Beltway.

“Over the past ten years, the frequency and sophistication of intrusions into U.S.military networks have increased exponentially,” Deputy Defense Secretary William Lynn wrote in a recent issue of Foreign Affairs.

In his April Senate Armed Services Committee confirmation hearing, U.S. Cyber Command and National Security Agency chief Lt. Gen. Keith Alexander said he was “alarmed by the increase, especially this year” in the number of attempts to scan military networks for potential vulnerabilities. His NSA predecessor, retired Adm. Mike McConnell, took things three steps further, writing: “the United States is fighting a cyber-war today, and we are losing.”

The report cautioned that the drop in “malicious activity … may or may not represent a decrease in the volume of attempts to penetrate defense and military networks.” Instead, the Pentagon seems to be doing a little better job in securing its networks, ever since a relatively-unsophisticated worm made its way onto hundreds of thousands of military computers in late 2008.

During “Operation Buckshot Yankee,” the subsequent clean-up effort, military leaders found that they were unable to gather even the most basic information about how their computers were configured — and what programs might be living in their networks.

In response, implementation of a new, Host-Based Security System was accelerated, for better threat detection. Information security training and patch updates are mandatory. And there’s now a Cyber Command responsible for coordinating threat monitoring, network defense and information attack. Leaders now have “greater visibility of threat activity, vulnerability, and ultimately risk” into network threats, the report says. “Greater resources, enhanced perimeter defenses, and the establishment of U.S. Cyber Command” have all helped, as well.

Does that mean the Pentagon is suddenly safe from hack attacks? Of course not. Could some adversaries be on the process of trading malware quantity for malware quality? Of course they could. But, at least in this most basic of measures, there are indications that the threat to Defense Department networks may not be quite as overwhelming and unstoppable as some in the military brass have lead us to believe.

Illo: DoD

Read More http://www.wired.com/dangerroom/2010/10/despite-scare-talk-attacks-on-pentagon-networks-drop-in-2010/#more-33768#ixzz13eoQ4x5T

Cyber Command Achieves Full Operational Capability

(Source: US Department of Defense; issued Nov. 3, 2010)

Department of Defense announced today that U.S. Cyber Command has achieved full operational capability (FOC).

Achieving FOC involved U.S. Cyber Command completing a number of critical tasks to ensure it was capable of accomplishing its mission. U.S. Cyber Command is responsible for directing activities to operate and defend DoD networks.

“I am confident in the great service members and civilians we have here at U.S. Cyber Command. Cyberspace is essential to our way of life and U.S. Cyber Command synchronizes our efforts in the defense of DoD networks. We also work closely with our interagency partners to assist them in accomplishing their critical missions,” said Gen. Keith Alexander, commander of U.S. Cyber Command.

Some of the critical FOC tasks included establishing a Joint Operations Center and transitioning personnel and functions from two existing organizations, the Joint Task Force for Global Network Operations and the Joint Functional Component Command for Network Warfare.

U.S. Cyber Command’s development will not end at FOC, and the department will continue to grow the capacity and capability essential to operate and defend our networks effectively. There are also enduring tasks that will be on-going after FOC, such as developing the workforce, providing support to the combatant commanders, and efforts to continue growing capacity and capability.

U.S. Cyber Command is a sub-unified command under the U.S. Strategic Command. It reached its “initial operational capability” on May 21, 2010.

-ends-

Pentagon's Cyber Command seeks authority to expand its battlefield

By Ellen Nakashima
Washington Post Staff Writer

Saturday, November 6, 2010; 12:41 AM

The Pentagon's new Cyber Command is seeking authority to carry out computer network attacks around the globe to protect U.S. interests, drawing objections from administration lawyers uncertain about the legality of offensive operations.

Cyber Command's chief, Gen. Keith B. Alexander, who also heads the National Security Agency, wants sufficient maneuvering room for his new command to mount what he has called "the full spectrum" of operations in cyberspace.

Offensive actions could include shutting down part of an opponent's computer network to preempt a cyber-attack against a U.S. target or changing a line of code in an adversary's computer to render malicious software harmless. They are operations that destroy, disrupt or degrade targeted computers or networks.

But current and former officials say that senior policymakers and administration lawyers want to limit the military's offensive computer operations to war zones such as Afghanistan, in part because the CIA argues that covert operations outside the battle zone are its responsibility and the State Department is concerned about diplomatic backlash.

The administration debate is part of a larger effort to craft a coherent strategy to guide the government in defending the United States against attacks on computer and information systems that officials say could damage power grids, corrupt financial transactions or disable an Internet provider.

The effort is fraught because of the unpredictability of some cyber-operations. An action against a target in one country could unintentionally disrupt servers in another, as happened when a cyber-warfare unit under Alexander's command disabled a jihadist Web site in 2008. Policymakers are also struggling to delineate Cyber Command's role in defending critical domestic networks in a way that does not violate Americans' privacy.

The policy wrangle predates the Obama administration but was renewed last year as Obama declared cyber-security a matter of national and economic security. The Pentagon has said it will release a national defense cyber-security strategy by year's end.

Cyber Command's mission is to defend military networks at home and abroad and, when requested, to help the Department of Homeland Security protect critical private-sector networks in the United States. It works closely with the NSA, the intelligence agency that conducts electronic eavesdropping on foreign targets, which has its headquarters at Fort Meade on the same floor as NSA Director Alexander's office.

In a speech at the Center for Strategic and International Studies in June, Alexander said that Cyber Command "must recruit, educate, train, invest in and retain a cadre of cyber experts who will be conducting seamlessly interoperability . . . across the full spectrum of network operations."

"We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us," Alexander told a cyber convention in August.

And in testimony to Congress in September, Alexander warned that Cyber Command could not currently defend the country against cyber-attack because it "is not my mission to defend today the entire nation." If an adversary attacked power grids, he added, a defensive effort would "rely heavily on commercial industry."

"The issue . . . is what happens when an attacker comes in with an unknown capability," he said.

To counter that, he added, "we need to come up with a more . . . dynamic or active defense."

Alexander has described active defense as "hunting" inside a computer network for malicious software, which some experts say is difficult to do in open networks and would raise privacy concerns if the government were to do it in the private sector.

A senior defense official has described it as the ability to push "out as far as we can" beyond the network perimeter to "where the threat is coming from" in order to eliminate it.

But, the official said, "we need to wait until we get some resolution on just how far we can go with regards to marrying the technology and operational concepts with law and the interagency process."

The sort of threats that Alexander and other officials worry about include the computer worm Stuxnet, which experts say was meant to sabotage industrial systems - though exactly whose system and what type of sabotage was intended is unclear.

NSA experts "have looked at it," Alexander told reporters in September. "They see it as essentially very sophisticated."

Officials have not resolved what constitutes an offensive action or which agency should be responsible for carrying out attacks. The CIA has argued that such action is covert, which is traditionally its turf. Defense officials have argued that offensive operations are the province of the military and are part of its mission to counter terrorism, especially when, as one official put it, "al-Qaeda is everywhere."

"This infuriating business about who's in charge and who gets to call the shots is just making us muscle-bound," said retired Adm. Dennis C. Blair, who resigned in May as the director of national intelligence after a tenure marred by spy agencies' failures to preempt terrorist plots and political missteps that eroded the White House's confidence in him.

Blair decried an "over-legalistic" approach to the issue. "The precedents and the laws on the books are just hopelessly inadequate for the complexity of the global information network," he said.

The Justice Department's Office of Legal Counsel, whose opinions are binding on the executive branch, prepared a draft opinion in the spring that avoided a conclusive determination on whether computer network attacks outside battle zones were covert or not, according to several officials familiar with the matter who were not authorized to speak for the record.

Instead, it said that permission for specific operations would be granted based on whether an operation could be, for instance, guaranteed to take place within an area of hostility. Operations outside a war zone would require the permission of countries whose servers or networks might be implicated.

The real issue, said another U.S. official, is defining the battlefield. "Operations in the cyber-world can't be likened to Yorktown, Iwo Jima or the Inchon landing," he said. "Defining the battlefield too broadly could lead to undesired consequences, so you have to manage the potential risks. Getting to the enemy could mean touching friends along the way."

Senior defense officials are now inclined to "stay conservative" in line with the draft opinion, one senior military official said. He said it is probable that policymakers will have Cyber Command propose specific operations in order to test the boundary lines.

But Alexander, a 58-year-old career intelligence officer, is not conservative by nature. He rose through the Army ranks by pushing to make intelligence available on the front lines . As NSA director during the Iraq war, he developed ways to allow soldiers to read useful data culled almost in real time from insurgents' communications.

Although he told reporters that he would prefer to have Cyber Command's authority clarified rapidly, he also acknowledged that to "race out and get authorities" only to be told, "Stop, stop, stop, you can't do it," makes no sense.

Stewart A. Baker, a former NSA general counsel, said calling cyber-operations, such as dismantling terrorist Web sites, "covert action" incorrectly implies they carry the same risks.

"There are lots of hackers in lots of countries who regularly break into computers, regularly disguise their identities," he said. "No one would think that discovering the U.S. had done that would lead to a scandal comparable to . . . the funding of Nicaraguan contras with secret Iranian arms sales, which are the kind of activities the covert action law was written for."

Taiwan NSB gets half million cyber attacks a month

November 15, 2010 - 7:20PM

Taiwan's top security unit said Monday it received nearly half a million cyber attacks a month, only a minority from China and around 60 percent from the island itself.

In the 10 months to October hackers launched 4.99 million attacks on the National Security Bureau's website, making it one of the government's most heavily targeted, the bureau's chief told lawmakers.

"Despite the awesome amount of attacks, no hacker has ever broken into the website," Director General Tsai Teh-sheng told parliament, in reply to a question tabled by legislator Lin Yu-fang.

Advertisement: Story continues below During the 10-month period, hackers from China launched 598,000 attacks, or 12 percent of the total, while six in 10 attacks came from within Taiwan.

Tsai did not explain why the great majority of attacks, numbering 3.04 million, originated from within Taiwan.

Taiwan's government websites have frequently come under cyber-attacks from China, usually during disputes between the island and the mainland.

The two sides split in 1949 at the end of a civil war, but Beijing still claims the island as part of its territory.

Ties have improved markedly since Ma Ying-jeou of the China-friendly Kuomintang party won a presidential election in 2008 on a platform of ramping up trade and allowing in more Chinese tourists.

© 2010 AFP
This story is sourced direct from an overseas news agency as an additional service to readers. Spelling follows North American usage, along with foreign currency and measurement units.

China Denies Hijacking U.S. Web Traffic

Published November 17, 2010
Reuters


AFP/Reuters
When 15 percent of the world's Internet traffic -- including the Pentagon, Defense Secretary Robert Gates office, the Senate and several U.S. government agencies — was redirected last April onto computer routers in China, it also may have left the sites vulnerable to surveillance — or worse.

China Telecom denied on Wednesday that it had "hijacked" U.S. Internet traffic in April, after a U.S. congressional advisory group said the company had sent incorrect routing information.

The incident resulted in Internet traffic to major corporate websites and U.S. military and government sites being sent through China for 18 minutes, according to the report, a draft copy of which was obtained by Reuters.

"The spokesman of China Telecom Corporation Limited denied any hijack of internet traffic," the state-controlled company said in a brief statement emailed to Reuters.

A report from the U.S.-China Economic and Security Review Commission said the Web traffic, much of which originated in the United States and was directed toward U.S. corporate and government websites, should have travelled by the shortest available route, and not through China.

The incident was one of several discussed by the U.S.-China Economic and Security Review Commission.

Some of the traffic was headed to sites owned by the U.S. Senate, the office of the Secretary of Defense, NASA and the Commerce Department, the draft said.

The commission said it was unclear whether the hijacking was intentional or whether any data was collected or stopped, or if the massive amount of data affected concealed a targeted attack.

The body which wrote the report was set up in 2000 to advise the U.S. Congress on the economic and national security implications of the U.S.-China relationship.

Ares

A Defense Technology Blog

China's Growing Cyberprowess

Posted by KristinMajcher at 11/18/2010 12:44 PM CST

Today The U.S.-China Economic and Security Review Commission released the final draft of an annual report to Congress on United States-China security relations. The 324-page document touches on a broad range of issues such as the two countries' trade relationships, proliferation practices and energy, but the report is getting a lot of press for confirming what we’ve pretty much known all along: China has the capability to hijack data from U.S. government organizations such as the Department of Defense, NASA and the U.S. Army, and could use it maliciously.

http://www.uscc.gov/annual_report/2010/annual_report_full_10.pdf

“China might seek internationally to leverage these abilities to assert some level of control over the internet … Any attempt to do this would likely be to counter the interests of the United States and other countries,” the report says.

The same document also confirms that "2010 could be the first year in a decade in which the quantity of logged events declines" for malicious activity recorded for U.S. defense and military networks but it also indicates that Chinese government has a hand in cyberantics, such as the infamous attack on Google servers in January. Again, not particularly surprising, but now it's on the books.

One example of China's foul play the report notes is an incident on April 8 when China Telecom Corp. routed traffic from U.S. military and government sites to a Chinese server. Although the commission did not find out if the Chinese used the "hijacked" information, the report says the capability could lead to problems when users attempt to access to these Web sites or even allow for the Chinese to keep tabs on specific users and glean confidential information.

A spokesperson for the Chinese Embassy in the U.S. told Bloomberg the report is based on "unfounded, groundless information" and reaches "unacceptable conclusions."

IDF installs new information security safeguards

By YAAKOV KATZ, Jerusalem Post

11/30/2010 02:32


Photo by: Courtesy

Measures aim to prevent Wikileaks-type revelations; one safeguard: alarm will go off when disc-on-key inserted in IDF computer.

The IDF has instituted a number of new security measures over the past year aimed at preventing major leaks of sensitive information, such as what was published by WikiLeaks on Sunday.

The new safeguards were developed by the IDF’s Information Security Unit and include a system that will track every document classified as top secret by the military, whom it is sent to, who printed it and who burned it onto a CD.

The new system will not allow a document that is classified as top secret, for example, to be transferred to someone who does not have security clearance to view such documents.

“This does not mean that something like WikiLeaks cannot happen in Israel, but it would be more difficult,” a former officer involved in information security said on Monday.

The tightening of regulations has taken place over the past year and gained importance after Anat Kam was arrested for leaking thousands of top secret and classified documents to a Haaretz reporter.

Kam, who served as an assistant to OC Central Command Maj.-Gen.

Yair Naveh’s bureau chief during her IDF service, was exposed to classified and sensitive military information.

Over a period of what appears to be a year, she allegedly copied the documents into a folder she had created on a computer in the office and then burned them all onto a CD during her last week of service.

Other steps taken by the IDF have included thorough background checks of soldiers serving in sensitive positions and the cataloging of every IDF soldier according to their level of clearance. Sources said on Monday that the IDF has increased the number of polygraphs it conducts on soldiers and officers by 50 percent in the past year.

In addition, if a disc-on-key is attached to an IDF computer, it will immediately set off an alarm at the IDF Information Security Unit, alerting soldiers there of a possible security breach.

Military Bans Disks, Threatens Courts-Martial to Stop New Leaks

By Noah Shachtman December 9, 2010 | 7:02 pm | Categories: Info War



It’s too late to stop WikiLeaks from publishing thousands more classified documents, nabbed from the Pentagon’s secret network. But the U.S. military is telling its troops to stop using CDs, DVDs, thumb drives and every other form of removable media — or risk a court martial.

Maj. Gen. Richard Webber, commander of Air Force Network Operations, issued the Dec. 3 “Cyber Control Order” — obtained by Danger Room — which directs airmen to “immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET,” the Defense Department’s secret network. Similar directives have gone out to the military’s other branches.

“Unauthorized data transfers routinely occur on classified networks using removable media and are a method the insider threat uses to exploit classified information. To mitigate the activity, all Air Force organizations must immediately suspend all SIPRNET data transfer activities on removable media,” the order adds.

It’s one of a number of moves the Defense Department is making to prevent further disclosures of secret information in the wake of the WikiLeaks document dumps. Pfc. Bradley Manning says he downloaded hundreds of thousands of files from SIPRNET to a CD marked “Lady Gaga” before giving the files to WikiLeaks.

To stop that from happening again, an August internal review suggested that the Pentagon disable all classified computers’ ability to write to removable media. About 60 percent of military machines are now connected to a Host Based Security System, which looks for anomalous behavior. And now there’s this disk-banning order.

One military source who works on these networks says it will make the job harder; classified computers are often disconnected from the network, or are in low-bandwidth areas. A DVD or a thumb drive is often the easiest way to get information from one machine to the next. “They were asking us to build homes before,” the source says. “Now they’re taking away our hammers.”

The order acknowledges that the ban will make life trickier for some troops.

“Users will experience difficulty with transferring data for operational needs which could impede timeliness on mission execution,” the document admits. But “military personnel who do not comply … may be punished under Article 92 of the Uniformed Code of Military Justice.” Article 92 is the armed forces’ regulation covering failure to obey orders and dereliction of duty, and it stipulates that violators “shall be punished as a court-martial may direct.”

But to several Defense Department insiders, the steps taken so far to prevent another big secret data dump have been surprisingly small. “After all the churn…. The general perception is business as usual. I’m not kidding,” one of those insiders says. “We haven’t turned a brain cell on it.”

Tape and disk backups, as well as hard drive removals, will continue as normal in the military’s Secure Compartmented Information Facilities, where top-secret information is discussed and handled. And removable drives have been banned on SIPRNET before.

Two years ago, the Pentagon forbade the media’s use after the drives and disks helped spread a relatively unsophisticated worm onto hundreds of thousands of computers. The ban was lifted this February, after the worm cleanup effort, dubbed “Operational Buckshot Yankee,” was finally completed. Shortly thereafter, Manning says he started passing information to WikiLeaks.

Specialists at the National Security Agency are looking for additional technical ways to limit, disable or audit military users’ actions. Darpa, the Pentagon’s leading-edge research arm, has launched an effort to “greatly increase the accuracy, rate and speed with which insider threats are detected … within government and military interest networks.”

But, like all Darpa projects, this one won’t be ready to deploy for years — if ever. For now, the Pentagon is stuck with more conventional methods to WikiLeak-proof its networks.

Photo: USAF

What idiots. Officially warranted thumb drives should be encrypted regardless, with decryption possible only on authorized hardware. Do it properly and there's no reason that the end user would ever even know it's happening.

This isn't rocket science, and the ban will only harm operational efficiency.

DARPA Goal for Cybersecurity: Change the Game

09:01 GMT, December 21, 2010



WASHINGTON | Self-proclaimed “technogeeks” at the Defense Advanced Research Projects Agency, after determining the nature of the cybersecurity threat, have devised programs to tackle the problem and, most importantly, surprise their adversaries, DARPA’s deputy director said.

Kaigham “Ken” Gabriel spoke here at the Dec. 16 Cyber Security Forum, sponsored by The Atlantic and Government Executive magazines, and afterward spoke with American Forces Press Service.

He said the agency’s sole mission since its inception in 1958 has been to prevent and create technology surprises. Two of the agency’s recent cybersecurity programs, called CRASH and PROCEED, were created for that purpose.

CRASH, the Clean-slate Design of Resilient, Adaptive, Secure Hosts program, seeks to build new computer systems that resist cyberattacks. After successful attacks they would adapt, learn from the attack and repair themselves, Gabriel said.

CRASH evolved from a workshop DARPA held earlier this year where they pulled together cybersecurity and operating-system experts and infectious-disease biologists, he said.

“The first couple of hours, someone who was there described it as being like a junior high school dance,” he added. “All the biologists were on one side of the room, the computer scientists on the other. Finally one of them walked over and began talking, and they all started mixing.”

Some interesting ideas came out of the workshop, Gabriel said. One was that biology starts from the supposition that attackers -- bacteria or viruses -- will get through the body’s defenses. The body doesn’t even try to stop them; biology just deals with it.

The body doesn’t care how many times things get in, he added. And bodies are genetically diverse; viruses or bacteria that infect one body won’t necessarily infect all the others, or infect them in the same way.

This concept applies to computer vulnerabilities because most computer hardware is built the same way, Gabriel said.

“The idea is to look at the structure of computers, which are identical and have no security in the hardware … because performance was king 15 or 20 years ago,” he said. “Transistors and computer performance were precious and you didn’t give up any of it to security. Now, the world is different.”

Today, security could be added to computer hardware, giving computers a sort of genetic diversity that would make them less vulnerable to cyber infections.

Getting such new, more robust hardware architecture into the market will take some time, Gabriel said, noting that the reason for programs like CRASH is to create something he calls convergence between cyberthreats and cybersecurity.

To analyze the problem of convergence, DARPA compared the number of lines of source code written over 20 years in security software and the number of lines of code in malware written over the same period.

Over 20 years, he said, the lines of code in security software increased from about 10,000 to 10 million lines. The number of lines of code in malware was surprisingly constant at about 125 lines.

This analysis and others “led us to understand that many of the things we’re doing are useful, but they’re not convergent with the problem,” Gabriel said. “We’re never going to catch up [with malware], so how do we change the game? How do we essentially create surprise for our adversaries in this challenge area?”

Along with CRASH, another way is PROCEED, or Programming Computation on Encrypted Data, he said.

“Encryption is one way of protecting things, but if you want to operate on encrypted data -- process it, do something with it -- you have to decrypt it first. You operate on it while it’s in a decrypted state, then take your result, encrypt that again and send it on,” Gabriel said.

For the past 20 or 30 years, people have been debating about whether it’s possible to do operations on encrypted data without decrypting it first.

“It was considered to be such a difficult problem that people were mathematically trying to prove it couldn’t be done,” he said. “Then, about a year and a half ago, someone proved that it could be done. That’s the good news. The bad news is, it’s very inefficient right now -- 12 orders of magnitude less efficient than it needs to be.”

PROCEED is working to improve that efficiency, he said.

“If we were able to do relevant sorts of operations without ever having to decrypt, that would be a tremendous gain because … whenever you decrypt into the open, you create vulnerability,” Gabriel said.

Convergence is the objective of both programs, he added. “They are aggressive programs; they may or may not be successful. That’s the nature of DARPA. But we have high hopes.”

----
Cheryl Pellerin
American Forces Press Service

Navy Intel Chief: Information Dominance Must Balance Firepower

(Source: U.S Department of Defense; issued January 5, 2011)

WASHINGTON --- “Information as warfare” requires operational commanders to employ intelligence, surveillance and reconnaissance to dominate the information realm even as they direct combat actions, the Navy’s senior intelligence officer said today.

Vice Adm. David J. “Jack” Dorsett, the director of naval intelligence and deputy chief of naval operations for information dominance, spoke to defense writers about what he called a shift from an Industrial Age military force to an Information Age force.

“We’re great at strike warfare -– dropping bombs. It’s now time for the Navy, and frankly the U.S. joint forces, to step up and start dealing with information in a much more sophisticated manner than they have in the past,” Dorsett said.

Adm. Gary Roughead, chief of naval operations, announced in October 2009 the Navy was combining its intelligence directorate, communications networks and related information technology capabilities into the information dominance organization.

Dorsett said as leader of that organization he serves as the Navy’s “banker” for information capabilities.

“I do resources, I do requirements, I do policies,” he said. “Tenth Fleet is the operational commander for our cyber forces and our network forces, and our Navy’s information operational capabilities.

“Tenth Fleet is a three-star operational commander,” he continued. “The [chief of naval operations] this past year also created Navy Cyber Command, a two-star commander, and he’s responsible for manning, training and equipping the fleet.”

In just over a year since the Navy reorganized its intelligence and technology communities, Dorsett said, the service has made great progress in organizing its work force and developing sensors and networks, but hasn’t accomplished as much in analyzing collected intelligence.

“Managing data, making sense of the information, is one of our largest challenges,” Dorsett said. “Part of the job dealing with information dominance is looking at information from one end to the other: from sensors to networks to transport to exploitation dissemination.

“One area this past year we haven’t made as much progress on was on processing, exploitation and dissemination,” he continued. “It’s high on our list for this upcoming year.”

Within the Defense Department, the Navy is primarily partnering with the Air Force in “tackling imagery exploitation first, as something … easier to get our hands around,” Dorsett said.

“But we’re also partnering with agencies like the National Security Agency on their cloud computing initiatives, their cyber pilot initiatives, and … how you manage information, how do you get it to flow from one point to another,” he added.

Effectively processing intelligence imagery –- managing data -– requires combining automated tools with skilled human analysis, Dorsett said.

“An awful lot can be automated,” he said. “You don’t need to look at every single piece of electro-optical imagery that comes in, necessarily. You need tools to alert you to the key issues that you can then apply an analyst to.”

But if those analysts aren’t well-trained and experienced in looking at data from signals intelligence to imagery to open-source data, Dorsett said, some of the available information will be lost.

“We look at things holistically,” he said. “If you just look at the data and technology and tools and you forget to apply energy to training your people, you won’t get to the right solution set.”

A major emphasis over the past year, he said, has been to increase the number of sensors gathering imagery in the “battle space.”

“But I think more needs to be applied to this issue of processing, exploitation and dissemination, especially as all of the services bring more sensors to bear in our future capabilities,” Dorsett said. “That’s part of our game plan.”

In replacing legacy weapons systems with new capabilities, he said, a one-for-one substitution isn’t the most effective approach.

The Navy is taking a “family of systems” approach to balance information and firepower requirements, he said, noting the approach includes incorporating signals intelligence capability on surface ships.

“One of the principles for information dominance is, every platform needs to be a sensor and every sensor needs to be networked,” Dorsett said.

While increasing the intelligence-gathering capability of weapons systems is critical, he said, the military also needs to maintain its other combat capabilities.

The Navy’s P-8 Poseidon aircraft is an example, he said. The aircraft, now in development as an anti-submarine and shipping interdiction platform, is “a primary warfighting tool for the Navy,” Dorsett said.

“We don’t want to optimize it for [signals intelligence] at the expense of [asymmetric warfare],” he said. “We’ll deal with spiral approaches to a variety of our systems and platforms and plug-and-play in the years ahead, so I wouldn’t preclude the P-8 from having a [signals intelligence] or [multi intelligence] payload, but at this point we’re going to focus on primarily on [asymmetric warfare].”

Historically, the U.S. military has emphasized combat power over intelligence activities, Dorsett said.

“I think you see, with the Department of Defense and the creation of [U.S.] Cyber Command, the recognition by the secretary of defense and the seniors within the department that the nonkinetic, the cyber, the information side of the house is really critical,” he said. “You need a combatant commander that is dealing in that arena as his primary mission area.”

Commanders in Iraq and Afghanistan have seen the value of integrating intelligence, surveillance and reconnaissance capabilities with operations over the last five years, he said.

“Ops-intel integration was the 2000-2010 era improvement we made in joint war-fighting,” Dorsett said. “2010-2020, it needs to be this elevation of non-kinetic information capabilities.”

The Navy has integrated intelligence and surveillance capabilities, electronic warfare, cyber, networks, oceanography and meteorology –- knowledge of the environment –- to break down barriers in warfighting, Dorsett said.

“Out of balance? We have been,” he said. “I think … DOD is taking a variety of steps to make improvements in this non-kinetic, information side of the house.”

-ends-

German Cyber-Defense Center to Launch In 2011

(Source: Deutsche Welle German radio; published Dec. 28, 2010)

An Interior Ministry spokesperson says cyber-attacks against Germany are on the rise, primarily from China. A new center will open next year, and will follow the example laid out by NATO, the United States and Britain.

The German government announced on Monday that it will create a new cyber-defense center in 2011.

Addressing reporters gathered in Berlin, Interior Ministry spokesperson Stefan Paris said online espionage and cyber-attacks against German interests were becoming more common.

"There has been a sharp rise in so-called electronic attacks on the networks of German government and local authorities," he said. "Germany is a very high-tech country with considerable experience and know-how, so of course others will naturally try to get hold of this knowledge - China is playing a large role in this."

Paris added that in the first nine months of 2010, there were around 1,600 such attacks, compared with 900 for all of 2009.

Germany following UK, US and NATO examples

Many nations around the world have already begun similar types of large-scale cyber-defense policies.

In October, the United Kingdom announced it would spend 650 million pounds ($1 billion) on improved cyber security, while the United States opened up its own Cyber Command as part of the military in 2009.

Over three years ago, NATO fast-tracked the opening of the Cooperative Cyber Defense Centre of Excellence in Tallinn, following cyber-attacks against Estonian political websites, banks and newspapers

Paris also noted that Germany's new cyber-defense centre will combine resources from various government agencies, including the federal police and Germany's foreign intelligence agency (BND).

-ends-

With Stuxnet, Did The U.S. And Israel Create a New Cyberwar Era?

By Spencer Ackerman January 16, 2011 | 1:58 pm



Remember the years-long controversy about whether the U.S. or the Israel would bomb Iran’s nuclear program? It appears they just did — virtually. And if they did, they also may have expanded our sense of how nations wage war in cyberspace.

For all the hype, “cyberwar” has been a bush-league affair so far. Websites get defaced or taken offline, or an adversary’s software gets logic-bombed into a malfunctioning mess. Analysts warn that future assaults could fry an electrical grid (if it’s networked too well) or cause a military to lose contact with a piece of its remotely-controlled hardware. But that’s about the extent of the damage. Only the Stuxnet worm may point to a huge innovation for cyberwar: the mass disablement of an enemy’s most important strategic programs.

Stuxnet’s origin is unknown. Attributing credit for Stuxnet is rightly the subject of geopolitical intrigue. As our sister blog Threat Level has exhaustively reported, the worm eats away at a very specific kind of industrial control system: a configuration of the Siemens-manufactured Supervisory Control and Data Acquisition (SCADA) system that commands the centrifuges enriching uranium for Iran’s nuclear program, the key step for an Iranian bomb. But the Stuxnet whodunit may be solved: it appears to be a joint U.S.-Israeli collaboration — and a cyberwarfare milestone.

The New York Times doesn’t have definitive proof, but it has fascinating circumstantial evidence, and Threat Level’s Kim Zetter will publish more on Tuesday. In 2008, Siemens informed a major Energy Department laboratory of the weaknesses in its SCADA systems. Around that time, the heart of Israel’s nuclear-weapons complex, Dimona, began experimenting on an industrial-sabotage protocol based on a model of the Iranian enrichment program. The Obama administration embraced an initiative begun by the Bush administration to “bore into computers” and disable the nuclear effort. Motive, meet opportunity. By late 2009, Stuxnet was popping up globally, including in Iran.

Iran denies that Stuxnet did any major damage to its nuclear program. But last week, the outgoing chief of Israel’s Mossad spy agency publicly asserted that Iran wouldn’t be capable of making a bomb before 2015, adding four years to a fearsome nuclear schedule. It’s possible that’s just ass-covering spin: for years, both Israel and the U.S. have repeatedly pushed back their estimates of when Iran would go nuclear. But both countries also have long track records of covertly sabotaging Iranian nuke efforts, whether it’s getting scientists to defect or… other means. (Some scientists are getting killed in the streets by unknown assailants.) Stuxnet would be a new achievement for a long-running mission.

And what an achievement. The early stages of cyberwar have looked like a component effort in a broader campaign, as when Georgia’s government websites mysteriously went offline during its 2008 shooting war with Russia. The Navy’s information chief recently suggested that jamming capabilities will be increasingly important to Chinese military doctrine. The difference between that and Stuxnet is the difference between keying someone’s car and blowing up her city.

With Stuxnet, there’s no broader conventional assault, but an adversary’s most important military asset gets compromised. The mission of an aerial bombardment of Iran would be to set Iran’s nuclear program back; to at least some degree, Stuxnet has done precisely that. Only Stuxnet didn’t kill anyone, and it didn’t set off the destabilizing effect in the region that a bombing campaign was likely to reap.

In other words, Stuxnet may represent the so-called “high end” of cyberwarfare: a stealthy, stand-alone capability to knock an opponent’s Queen off the board before more traditional military hostilities can kick in. It wouldn’t be taking out a particular ship’s radar system or even a command-and-control satellite. All of that could still happen. But this would be the first instance of cyberwarfare aimed at a truly strategic target.

That’s not to say we’re there yet, since we don’t really know how many years of a non-nuclear Iran Stuxnet provided. But it is to say that we may be getting there. North Korea’s uranium enrichment efforts have similar industrial control mechanisms, and if Stuxnet couldn’t take them down, a son-of-Stuxnet might. And just consider what kinds of other major cyberwar programs are out there — the ones really hidden in secrecy, not like the winks-and-nods that U.S. and Israeli officials have given to their possible authorship of Stuxnet.

All this has major implications for U.S. military doctrine. There isn’t any for cyberwarfare, for instance. The new U.S. Cyber Command describes its primary mission as protecting military networks from incoming assault, and says very little about what its offensive mission might be. Writing malicious code and transmitting it into enemy networks, up to and including nuclear controls, even in advance of conventional hostilities, could be CYBERCOM’s next big step. It would represent an update to the old Air Force dream of strategic bombing (.pdf), in which bombing an enemy’s critical infrastructure compels him to give up the fight.

That also points to the downside. Just as strategic bombing doesn’t have a good track record of success, Stuxnet hasn’t taken down the Iranian nuclear program. Doctrine-writers may be tempted to view cyberwar as an alternative to a shooting war, but the evidence to date doesn’t suggest anything of the sort. Stuxnet just indicates that high-level cyberwarfare really is possible; it doesn’t indicate that it’s sufficient for achieving national objectives.

The Times has an irresistible quote from Ralph Langner, a German expert who decoded Stuxnet. Langner wrote that “Stuxnet is not about sending a message or proving a concept. It is about destroying its targets with utmost determination in military style.” Maybe so. But that certainly does send a message. And if it doesn’t exactly prove a concept, it points a way forward to just how powerful cyberwarfare can become.

[I]Photo: Via Arms Control Wonk

As Egypt goes offline US gets internet 'kill switch' bill ready

Ben Grubb and Asher Moses

January 31, 2011 - 1:20PM

As Egypt's government attempts to crackdown on street protests by shutting down internet and mobile phone services, the US is preparing to reintroduce a bill that could be used to shut down the internet.

The legislation, which would grant US President Barack Obama powers to seize control of and even shut down the internet, would soon be reintroduced to a senate committee, Wired.com reported.

It was initially introduced last year but expired with a new Congress.

Senator Susan Collins, a co-sponsor of the bill, said that unlike in Egypt, where the government was using its powers to quell dissent by shutting down the internet, it would not.

“My legislation would provide a mechanism for the government to work with the private sector in the event of a true cyber emergency,” Collins said in an emailed statement to Wired. “It would give our nation the best tools available to swiftly respond to a significant threat.”

The proposed legislation, introduced into the US Senate by independent senator Joe Lieberman, who is chairman of the US Homeland Security committee, seeks to grant the President broad emergency powers over the internet in times of national emergency.

Last year, Lieberman argued the bill was necessary to "preserve those networks and assets and our country and protect our people".

He said that, for all its allure, the internet could also be a "dangerous place with electronic pipelines that run directly into everything from our personal bank accounts to key infrastructure to government and industrial secrets".

US economic security, national security and public safety were now all at risk from new kinds of enemies, including "cyber warriors, cyber spies, cyber terrorists and cyber criminals".

Although the bill was targetted at protecting the US, many have said it would also affect other nations.

One of Australia's top communications experts, University of Sydney associate professor Bjorn Landfeldt, had previously railed against the idea, saying shutting down the internet would "inflict an enormous damage on the entire world".

He said it would be like giving a single country "the right to poison the atmosphere, or poison the ocean".

The scale of Egypt's crackdown on the internet and mobile phones amid deadly protests against the rule of President Hosni Mubarak is unprecedented in the history of the web, experts have said.

US President Barack Obama, social networking sites and rights groups around the world all condemned the moves by Egyptian authorities to stop activists using mobile phones and cyber technology to organise rallies.

"It's a first in the history of the internet," Rik Ferguson, an expert for Trend Micro, the world's third biggest computer security firm, said.

Julien Coulon, co-founder of Cedexis, a French internet performance monitoring and traffic management system, added: "In 24 hours we have lost 97 per cent of Egyptian internet traffic".

Despite this, many Egyptians are finding ways to get access, some using international telephone numbers to gain access to dial-up internet.

According to Renesys, a US Internet monitoring company, Egypt's four main internet service providers cut off international access to their customers in a near simultaneous move at 2234 GMT on Thursday.

Around 23 million Egyptians have either regular or occasional access to the internet, according to official figures, more than a quarter of the population.

"In an action unprecedented in internet history, the Egyptian government appears to have ordered service providers to shut down all international connections to the internet," James Cowie of Renesys said in a blog post.

Link Egypt, Vodafone/Raya, Telecom Egypt and Etisalat Misr were all off air but Cowie said one exception was the Noor Group, which still has 83 live routes to its Egyptian customers.

He said it was not clear why the Noor Group was apparently unaffected "but we observe that the Egyptian Stock Exchange (www.egyptse.com) is still alive at a Noor address."

Mobile telephone networks were also severely disrupted in the country on Friday. Phone signals were patchy and text messages inoperative.

British-based Vodafone said all mobile operators in Egypt had been "instructed" Friday to suspend services in some areas amid spiralling unrest, adding that under Egyptian law it was "obliged" to comply with the order.

Egyptian operator ECMS, linked to France's Telecom-Orange, said the authorities had ordered them to shut them off late Thursday.

"We had no warning, it was quite sudden," a spokesman for Telecom-Orange told AFP in France.

The shutdown in Egypt is the most comprehensive official electronic blackout of its kind, experts said.

Links to the web were cut for only a few days during a wave of protests against Myanmar's ruling military junta in 2007, while demonstrations against the re-election of Iranian president Mahmoud Ahmadinejad in 2009 specifically targeted Twitter and Facebook.

Egypt – like Tunisia where mass popular unrest drove out Zine El Abidine Ben Ali earlier this month – is on a list of 13 countries classed as "enemies of the internet" by media rights group Reporters Without Borders (RSF).

"So far there has been no systematic filtering by Egyptian authorities – they have completely controlled the whole internet," said Soazig Dollet, the Middle East and North Africa specialist for RSF.

Condemnation of Egypt's internet crackdown has been widespread.

Obama and Secretary of State Hillary Clinton called on Cairo to restore the internet and social networking sites.

Facebook, the world's largest social network with nearly 600 million members, and Twitter also weighed in.

"Although the turmoil in Egypt is a matter for the Egyptian people and their government to resolve, limiting Internet access for millions of people is a matter of concern for the global community," said Andrew Noyes, a Facebook spokesman.

Twitter, which has more than 175 million registered users, said of efforts to block the service in Egypt: "We believe that the open exchange of info & views benefits societies & helps govts better connect w/ their people."

US digital rights groups also criticised the Egyptian government.

"This action is inconsistent with all international human rights norms, and is unprecedented in internet history," said Leslie Harris, president of the Center for Democracy and Technology in the United States.

- With AFP

William Hague proposes cyber warfare rules

Foreign Secretary William Hague appealed today for governments to come together to agree a set of rules amid growing fears of ''cyber war'' between states.


Mr Hague said that the increasing reliance on computer networks has created new vulnerabilities Photo: AP

3:59PM GMT 04 Feb 2011

Addressing the Munich Security Conference, Mr Hague disclosed that as recently as last month the UK had come under attack from a ''hostile state intelligence agency'' seeking to penetrate the Foreign Office IT system.

He offered to host an international conference in Britain later this year to discuss ''norms of acceptable behaviour'' in cyberspace, backed by mechanisms that would give them ''real political and diplomatic weight''.

Mr Hague said that the increasing reliance on computer networks - controlling activities from the supply of electricity to the flow of money into high street cash machines - had created new vulnerabilities.

''It has opened up new channels for hostile governments to probe our defences and attempt to steal our confidential information or intellectual property. It has promoted fears of future 'cyber war','' he said.

He described how last month, three of his staff were sent an innocent-looking email, purportedly from ''a UK colleague outside the Foreign Office'', about a forthcoming visit to the region they were working on.

''In fact, it was from a hostile state intelligence agency and contained computer code embedded in the attached document that would have attacked their machine. Luckily, our various automated systems identified it and stopped it from ever reaching my staff,'' he said.

In another case last year, a ''malicious file posing as a report on a nuclear Trident missile'' was sent to a UK defence contractor by someone masquerading as the employee of another defence contractor.

Again it was detected and blocked, although its purpose ''was undoubtedly to steal information relating to sensitive defence projects''.

Mr Hague said Government systems were also being targeted by organised criminals - including the Zeus ''malware'' designed to steal bank details and other sensitive personal information.

In December, spoofed emails claiming to come from the White House were sent to large numbers of international recipients who were directed to a link which downloaded a variant of Zeus.

''The UK Government was targeted in this attack and a large number of emails bypassed some of our filters. Our experts were able to clear up the infection, but more sophisticated attacks such as these are becoming more common,'' Mr Hague said.

He suggested that a new international protocol should underline the need for governments to work together to combat the threat from criminals acting online.

It should also commit states to acting ''proportionately'' in cyberspace in accordance with national and international laws, while at the same time ensuring it remained open to ''the free flow of ideas, information and expression''.

''As liberal democracies, we also have a compelling interest in supporting democratic ideals in cyberspace, and working to convince others of this vision,'' he said.

'' When we talk about defending ourselves against cyber threats, we also mean the threat against individual rights to freedom of expression that is posed by states blocking internet communications. The free flow of ideas and information is an essential underpinning of liberty.''

Defence staff get IT security crash course

By Luke Hopewell, ZDNet.com.au on February 7th, 2011 (1 day ago)

The Department of Defence is gearing up to provide personnel at all levels with new ICT security training and awareness courses.


(Studying image by Stephen S, CC2.0)

According to tender documents issued today, the Department of Defence under the Defence Information Security Improvement program will identify personnel in need of further ICT security training via a department-wide survey.

Following the survey, a list of weak areas will be compiled and a set of training modules will be developed.

"A list of topics and training modules will be created, which will allow Defence to prioritise and choose those topics and modules that need to be made available to Defence personnel," Defence said in its tender documentation.

The project is designed to develop security-conscious personnel within Defence.

"The project will contribute to defence and government security by supporting strategies to raise security awareness, establish a strong security culture and improve security management," Defence outlined in its tender documents.

The department is looking for a vendor to provide training to Defence personnel electronically through half-hour modules on the department's CAMPUS training system.

Tenderers must also develop training material for use in posters, pamphlets and face-to-face training modules for other Defence personnel.

Too Much Hysteria Over Cyber Attacks

Experts say that hyping incidents as warfare distracts computer security champions from safeguarding power grids, financial systems and medical networks..

Wed Feb 16, 2011 04:32 AM ET

Content provided by Glenn Chapman, AFP

THE GIST
- In reality, attacks on computer networks have been unsophisticated and short in duration.
- Hyping cyber war could hamper real security efforts.


The National Cybersecurity and Communications Integration Center facility is designed to help protect the technical infrastructure of the United States.
Win McNamee/Getty Images

Overblown talk of full-on cyber war between nations fueled by recent attacks like the computer worm Stuxnet could hamper Internet security efforts, officials and experts warned Tuesday.

Serious attention should be paid to threats of cyber attacks from hackers, spies and terrorist groups but not to the extent of mass hysteria, speakers at the premier RSA computer security conference in San Francisco said.

"Cyber war is a terrible metaphor," said White House cybersecurity czar Howard Schmidt. "Don't make it something it's not."

Online espionage and hacking are not new, and hyping incidents as warfare distracts computer security champions from critical jobs such as safeguarding power grids, financial systems, and medical networks, he contended.

"We are in the midst of a cyber war of words," Schmidt said. "Let's quit pointing fingers and start cleaning up the infrastructure."

Renowned computer security specialist Bruce Schneier of BT Group said that use of warlike tactics in online conflicts is fueling hysteria that has the world on the brink of a "cyber arms race."

"We are not necessarily seeing cyber war, but increasing use of warlike tactics in more general cyber conflicts," Schneier said. "I think that is what's confusing us."

He cited a Stuxnet computer virus evidently crafted to find and disrupt an Iranian nuclear facility as an Internet Age attack that smacks of warfare but arguably falls short.

"It is not war," Schneier said. "It is in the middle somewhere."

Fears of cyber war are driving a needless cyber arms race that brings with it the danger that software weapons might accidentally be released, he argued.

"We haven't seen offensive cyber weapons companies, but they are coming," Schneier said. "Big defense contractors are working on this; you know they would be dumb not to."

The most prevalent cyber threat has been theft of information from networks, U.S. Deputy Secretary of Defense William Lynn said in a keynote address to the gathering.

Foreign spy agencies have accessed military plans and weapons systems designs, while source codes and intellectual property have been swiped from businesses and universities, according to Lynn.

Attacks on computer networks have thus far been "relatively unsophisticated" and short in duration, the defense official said.

An emerging threat is that cyber tools will cause real-world damage, according to Lynn.

"The threat is moving up a ladder of escalation, from exploitation to disruption to destruction," he said.

Foreign spies have focused on mining U.S. networks instead of disrupting them, according to Lynn.

"Although we cannot dismiss the threat of a rogue state lashing out, most nations have no more interest in conducting a destructive cyber attack against us than they do a conventional military attack," Lynn said.

"The risk for them is too great."

U.S. defense officials are more worried about an accidental release of "toxic malware," he explained.

"Perhaps the greatest concern in our judgment is a terrorist group that gains the level of disruptive and destructive capability currently possessed by nation-states," Lynn said.

Terrorist groups could craft their own cyber weapons or buy them on the black market, he added.

"As you know better than I, a couple dozen talented programmers wearing flip-flops and drinking Red Bull can do a lot of damage," Lynn told the gathering of software savants.

"We have to assume that if they have the means to strike, they will do so."

Cyber commandos are being trained in the military, and the United States is reaching out to allies to form collective online defenses, he said.

Lynn called on specialists in the computer security industry to team with the military to defend the nation's networks.

"The government cannot protect our nation alone," Lynn said. "It is going to take a public-private partnership to secure our networks."

'Cyberwar' talk invades world's top high-tech fair

Aurelia End

March 3, 2011 - 7:05PM

In the wake of the Stuxnet virus, the topic of international "cyberwar" split IT experts at the world's top tech fair, some seeing the idea as fanciful, others warning it was already here.

"'Cyberwar' has already left the pages of the science-fiction books and has become a reality," August-Wilhelm Scheer, president of BITKOM, Germany's high-tech lobby group, told AFP on the sidelines of the CeBIT exposition.

Natalya Kaspersky, president of the Russian IT security firm of the same name, said: "Of course the time of the cyberwar has come. Physical war is very expensive, it costs much less to launch attacks over the Internet."

The idea of "cyberwar" -- or countries attacking each other over the web -- has been around for decades but shot to prominence in 2007 when Internet sites were hit in Estonia, at the time embroiled in a diplomatic spat with Russia.

And the concept really hit the headlines last year with the Stuxnet worm, which damaged Iranian nuclear facilities. Media reports in the United States later said the virus was created with the collaboration of the US and Israel.

Many experts at the time concluded the code of the worm was so complex, it could only have been the work of a nation state.

"Stuxnet is going to go down in history as the first cyberweapon of mass destruction," said Ralph Langner, a German cybersecurity specialist and one of the first scientists to analyse the crippling virus.

"It did not attack virtual targets but rather caused material damage to military objectives, in the same way a bomb attack might," he told AFP.

Sandro Gaycken, a researcher at Berlin's Free University, summed up the idea of "cyberwar" in a recent article: "Attacks are no longer coming from teen tech addicts or delinquents, but from states, armies and secret services."

Others however dismissed the idea of virtual "war" as overblown.

Michael Hange, president of the German government's IT security agency (BSI) said: "'Cyberwar' is a strong word that is nice for the media but I like to be more cautious."

"In cyberattacks, a country doesn't exactly leave its calling card. The classical model of war simply does not apply," added Hange.

This view was shared by international cyberdefence expert Katharina Ziolkowski, who wrote in a recent editorial in the Sueddeutsche Zeitung daily that cyberwar had "nothing to do with military conflict."

"One day maybe we could have things happening on the Internet that have such serious consequences in the real world that one could talk of armed conflict. But I think we will be safe from this for the next 100 years," she added.

Nevertheless, governments and some organisations are beginning to take the idea of international cyberwarfare very seriously.

In the United States, legislation has been drafted giving the president the power to disconnect the country from the Internet in the case of a major cyberattack.

And in Germany, the home of the CeBIT, the government last week announced the creation of a new national centre for cyberdefence to protect the country in the event of a virtual attack on, for example, its nuclear power stations.

Showing the potential damage a successful cyberattack could wreak, the American think-tank EastWest has envisaged the creation of "cyberwar rights", based on the Geneva Convention, to protect civilians in the case of Web war.

© 2011 AFP
This story is sourced direct from an overseas news agency as an additional service to readers. Spelling follows North American usage, along with foreign currency and measurement units.

Gen.: Grim Assessment of Cyber Security

March 17, 2011

Associated Press



WASHINGTON -- The U.S. military does not have the trained personnel or the legal authorities it needs to respond to a computer-based attack on America or its allies, and a crisis would quickly strain the force, the Pentagon's cyber commander said.

Gen. Keith Alexander, head of the Defense Department's Cyber Command, told Congress on Wednesday that he would give the military a grade of "C" in its ability to protect Pentagon networks, but said things are much better than they were a few years ago and continue to improve.

"We are finding that we do not have the capacity to do everything we need to accomplish. To put it bluntly, we are very thin, and a crisis would quickly stress our cyber forces," Alexander said. "We cannot afford to allow cyberspace to be a sanctuary where real and potential adversaries can marshal forces and capabilities to use against us and our allies. This is not a hypothetical danger."

The U.S. government has said its networks are probed and attacked millions of times a day, and that cyber criminals, terrorists and other nations are getting more adept at penetrating government and private networks to spy, steal critical data or affect critical infrastructure such as the electrical grid.

Alexander's grim assessment of America's abilities to fend off cyber threats was echoed earlier in the day by homeland security officials and analysts.

"Whatever we are doing now is not working," said James Lewis, a cybersecurity expert and senior fellow at the Washington-based Center for Strategic and International Studies. "We need to rethink our approach." He said if an enemy launched a cyberattack, "we are unprepared to defend ourselves."

Homeland Security Department Undersecretary Phil Reitinger told the House of Representatives Homeland Security Committee that the ongoing budget deadlock will trigger funding cuts and hurt the agency's effort to install the Einstein 3 program across the federal networks. Einstein 3 is a sophisticated system that will detect and automatically block intrusions.

Alexander and James Miller, the principal defense undersecretary for policy, said the Pentagon is working steadily to better harden its networks and work with the administration to figure out what authorities the military needs in order to respond to cyberattacks against the government and critical infrastructure, which is generally owned and operated by private companies.

The Pentagon is preparing a cybersecurity strategy, and observers have said it must answer key questions about how the military will define cyber war, describe its offensive operations in cyberspace and lay out the steps it can take in response to an attack.

Miller told members of the House Armed Services Subcommittee on Emerging Threats and Capabilities, that U.S. officials are making progress working with other countries on an international understanding and guidelines for cyber activities, including Russia. But, he said, "we have not had the same level of conversations with China."

U.S. officials have been cautious when talking about the cyber threat from China, but have generally acknowledged that a number of the network intrusions emanate from there, although it is difficult to tell whether they are endorsed or orchestrated by the Beijing government.

The military, said Alexander, does not have the cyber force it needs to defend its networks or to ensure its ability to plan and operate in cyberspace. And he said that other nations have cyber weapons that can cripple infrastructure as powerfully as bomb blasts do.

He pointed to recent events across the Middle East, which show that governments can easily block Internet access in order to disrupt civilian protests.

Alexander warned that all future conflicts around the world will have a cyber aspect to them. He said the U.S. military is prepared to conduct computer-based attacks to protect critical infrastructure or respond to an assault on the homeland or American allies. But, he said, the administration and Congress need to better define what the military can do under certain circumstances, including how and when it can take steps to protect civilian networks.

© Copyright 2011 Associated Press. All rights reserved

Iran Fingered For Fraudulent Comodo SSL Certificates

Gmail, Hotmail, and Skype are among the domains affected by fraudulently obtained digital certificates, said Comodo.

By Mathew J. Schwartz InformationWeek

March 24, 2011 01:07 PM

On Wednesday, digital certificate issuer Comodo released a security warning that its European affiliate had issued nine fraudulent SSL certificates. The certificates -- used by Web sites to confirm the identity of end users -- were issued without sufficient identity validation, and were apparently obtained by the government of Iran.

All certificates have been revoked by Comodo. They involve seven domains: Firefox extensions (addons.mozilla.org), Global Trustee, Gmail (mail.google.com), Google (www.google.com), Skype (login.skype.com), Windows Live including Hotmail (login.live.com), and Yahoo (login.yahoo.com -- 3 certificates).

As companies look for ways to deploy applications, both internally and as services to their customers, they worry about scale, performance & visibility. Startup Sonoa Systems offers a solution.

Microsoft on Thursday said that as a result of the fraudulent SSL certificates, it had updated Windows to prevent them from being used. In addition, it said, "browsers which have enabled the Online Certificate Status Protocol (OCSP) will interactively validate these certificates and block them from being used."

What's the threat posed by real security certificates being issued to the wrong party? According to Microsoft, "these certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer."

Or to gather intelligence. "If you are a government and able to control Internet routing within your country, you can reroute all, say, Skype users to [a] fake https://login.skype.com and collect their usernames and passwords, regardless of the SSL encryption seemingly in place," said Mikko Hypponen, chief research officer at F-Secure, in a blog post."Or you can read their email when they go to Yahoo, Gmail, or Hotmail. Even most geeks wouldn't notice this was going on."

Who would try to obtain fraudulent certificates? Comodo says that circumstantial evidence points to a state-backed operation run by Iran, due to the speed and accuracy of the operation, as well as the focus. "The perpetrator has focused simply on the communication infrastructure -- not the financial infrastructure as a typical cyber-criminal might," according to Comodo's incident report.

More clues: The one attack seen so far that used the fraudulent certificates targeted an ISP in Iran. Furthermore, looking at all of the issued certificates, "the domains targeted would be of greatest use to a government attempting surveillance of Internet use by dissident groups," said Comodo's Phillip Hallam-Baker in a blog post.

Then again, it could be a diversion. "While the involvement of two IP addresses assigned to Iranian ISPs is suggestive of an origin, this may be the result of an attacker attempting to lay a false trail," he said. But on the other hand, "the perpetrator can only make use of these certificates if it had control of the DNS infrastructure."

Cyber Breach May Have Exposed DoD Networks

March 31, 2011

Stars and Stripes|by Chris Carroll

WASHINGTON -- Some Pentagon computer networks might have been laid open to intruders as a result of a recent electronic break-in at one of the nation’s most prominent cybersecurity firms.

Earlier this month, RSA announced that an unknown attacker had launched an “extremely sophisticated” intrusion that snared information about its widely distributed SecurID token. It’s a device that generates random numbers designed to confirm identities of users logging into secured networks -- so-called “two-factor authentication,” similar to a military Common Access Card.

Many government agencies, including the Department of Defense, rely on SecurID or other RSA security services. So do businesses around the world, including some defense-industry firms.

The Defense Department won’t say what may be at risk, but said investigators are working with the Department of Homeland Security and FBI to investigate, according to a Pentagon spokeswoman.

“While the Department does not rely heavily on [RSA’s] product solutions, we are determining the impact within the department,” Pentagon spokeswoman Lt. Col. April Cunningham said in a prepared statement.

The government’s former top cybersecurity official said such attacks can have a broad-ranging effects.

“It’s a flanking attack -- not a direct attack to steal information -- but an attack to steal the keys that unlock a lot of people’s information,” said Joel Brenner, national counterintelligence executive from 2006 to 2009. “I don’t think the public understands yet how grave this attack is. It ranks up there with the worst we’ve seen.”

RSA itself is shedding little light. Among the mysteries: when it happened, how it was carried out and what was stolen.

RSA executive chairman Art Coviello said the stolen information on its own won’t unlock networks.

“While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack,” he said in a statement on RSA’s website.

But experts said hackers with the RSA information plus additional login information such as a user name and password might be able to break into networks. The relative ease of stealing such information led to the rise of two-factor authentication products like SecurID in the first place.

A spokeswoman said in an email the company is “very actively communicating with customers and will share more publicly when we can.”

SecurID users should continue using the product, although those in charge of information security need to be vigilant, said cybersecurity expert Jerry Dixon, former director of national cybersecurity for DHS.

“By the same token, you can’t just drop all Microsoft products because there’s a security hole,” said Dixon, now director of analysis for a nonprofit cybersecurity firm Team Cymru.

Luckily for the Pentagon, Dixon said, “I’m absolutely positive U.S. Cyber Command is on top of this and looking for any problems that may come from it.”

A spokesman for Cyber Command, established by the Pentagon in 2009 in the wake of other high-profile attacks, would not comment on the command’s involvement.

High-tech firm drops its defences

Tom Reilly

April 10, 2011 .

A COMPANY that provides high-tech electronic components to the Australian military and multinational firms allowed its customers' financial details to be accessed on the internet in an embarrassing security lapse.

Credit card numbers, addresses and the mobile phone numbers of hundreds of clients could be viewed on the web after electronics firm Rojone failed to secure the sensitive information kept on its databases.

Information from Defence, Foreign Affairs and Trade, and the Australian Federal Police, Victoria Police and Western Australia Police were also accessible.

Among the companies affected by the breach are Rio Tinto, Channel Seven, Telstra, Boeing and weapons manufacturer BAE Systems.

One customer, contacted by The Sun-Herald after the information was viewed last month without providing any password or security details, described the lapse as a ''disgrace''.

''Given the areas Rojone are working in, defence and security, it's pretty amazing and highly embarrassing that they can't even secure records of their own customers,'' said the Melbourne businessman, who asked not to be named.

''It's a disgrace, really, and I'm certainly concerned that somebody could use my credit card details to commit fraud.''

Rojone, based in Ingleburn, near Campbelltown, supplies high-end electronic equipment and develops much of its own technology, including antennas and components used in missile and weapons systems.

On the Defence Department website Rojone is described as: ''Proudly one of Australia's top 100 professional and military electronics, GPS, RF and telecommunications companies.''

NSW police confirmed they began investigating the breach but said they were referring all inquiries to the federal police.

Rojone's owner and managing director Livia Grabowski would not answer questions about the security lapse but lawyers acting on the company's behalf said the firm had improved its online security.

In a letter in response to The Sun-Herald's inquiries, lawyer Chris Nicholls wrote: ''On 14 March our client extensively fire-walled and upgraded its security in respect of its database and since that date it is not possible for third parties to access the database and any information pertaining to customers contained upon it without security passwords and appropriate authorisation.''

But neither he nor Rojone would say how long the databases were not secure or if the company was investigating the lapse.

A spokesman for Rio Tinto said the mining giant was disappointed that the details of some its credit cards had been made public ''after one of our suppliers encountered a recent database security breach''.

''We have cancelled those credit cards,'' the spokesman said. ''We will provide full assistance to the relevant authorities as part of any investigation into this matter.''

Michael Fraser, head of the Communications Law Centre at the University of Technology, Sydney, said criminal gangs would pay for the type of information available on the databases.

''There are very sophisticated criminals that would certainly seek this sort of information and would harvest it to commit all types of fraud and identity theft, and there are groups who trade this information,'' Professor Fraser said.

A Defence spokeswoman confirmed the department was aware of the ''situation'' but would not comment further.

Federal police said they were aware of the security breach but would not say whether an investigation was taking place.

Whooooops... without knowing the details, an unsecured database sounds like a bit of a rookie error for a company like that to be making...

You'd be surprised. I see files daily coming across my desk like this. Companies don't spend on security, run un-encrypted databases and SSL/TLS technology on their websites that aren't regularly patched or updated. No intrusion detection systems at all and firewall products that aren't maintained after initial setup. They allow remote access via un-secure FTP, maintain no corporate IT policy on regularly updating passwords and usernames and all other sorts of nonsense and then regularly purge their own server logs, so even they fail to detect the majority of the intrusions they are suffering. On top of which, they record all credit card details, expiry dates, CVV/CVV2 numbers that users of their sites volunteer them but for some reason DON'T purge that information...

Then they come to us to complain. Yeah, sure. We'll catch those Ukrainian hackers who YOU allowed to hack you, because of your own stupidity. I can't wait for Visa/Mastercard etc to start suing these companies for using their services but failing to take basic online security precautions...

Defense Should Be In Charge of U.S. Cybersecurity, Says Former Joint Chiefs Chairman



COLORADO SPRINGS, Colo. — Retired Marine Corps Gen. Peter Pace, former chairman of the joint chiefs of staff, would hand over the Department of Homeland Security's cybersecurity responsibilities to the head of the newly created U.S. Cyber Command.

"The number of 10-pound brains in any nation is limited, he said, referring to the the difficulties the government has had in hiring cyber-experts. Speaking at the Cyber 1.1 conference held the day before the annual Space Symposium on April 11, Pace said the United States does not need to "replicate" the National Security Agency.

Army Gen. Keith Alexander wears two hats, one as commander of the new U.S. Cyber Command under the secretary of defense and the second as the director of the NSA, under the director of national intelligence. He should wear a third hat and answer to the secretary of DHS, Pace said.

There would be privacy concerns and misgivings about the U.S. military working in the domestic realm, but "it needs to be done," Pace said.

Both the NSA and Cyber Command are located at Fort Meade, Md. Cybercom is a subunified command under the U.S. Strategic Command. The NSA is a Defense Department agency whose leader answers to the Director of National Intelligence. The NSA specializes in cryptology and eavesdropping but is also responsible for protecting U.S government communication systems.

DHS has also been given the responsibility of protecting federal government computer networks as well. The Defense Department, meanwhile, only oversees its own cyber-realms.

DHS announced two years ago that it would hire 1,000 cybersecurity experts. It has fallen far short of that goal and brought on less than 300, it was revealed at the GovSec conference in Washington, D.C. last week.

Roger Cressey, senior vice president at Booz Allen Hamilton, and a cybersecurity specialist, said that the federal government is having a hard time hiring network security professionals. The pool of graduates who have computer science degrees is small, and they are being lured into private sector jobs.

He agreed that putting all the responsibility for the federal government's Internet security needs would help the talent shortage by consolidating the responsibilities under one roof. The real expertise in the government that is capable of protecting networks currently lies in the NSA, he told National Defense.

However, the NSA might be wary of taking on new responsibilities. It "has a lot on its plate right now," he added.

Defence IT 2011: UK focuses on information security

April 13, 2011

Secure information sharing is a prime concern for the UK government in this time of ‘huge challenge’ for security considerations to be included in the recent strategic defence review, the 2011 Defence IT conference was told on 13 April.

Speaking at the conference in Bristol, Derek Marshall, managing director of policy and public affairs for trade organisation A/D/S, outlined industry’s point of view of the hotly-discussed Strategic Defence and Security Review (SDSR) released in October.

Marshall said one often overlooked fact was that this was the first review of its kind that included security, and not just defence.

‘Perhaps less talked about is the fact that there was a second ‘s’there for security. It’s the first time that we’ve had a defence and security review,’ Marshall stated.

He argued that since the new UK coalition government came into power in May 2010, there has been a ‘very new government, learning a very new trade in a dramatically different market’.

For example, there are now some 110 public sector customers in the security market, opposed to one for defence.

Marshall commented that while secure information sharing was a prime concern, the ‘implications of that have not really been worked through’. However, it was understood that the government aimed to form a new counter-terrorism strategy, which would encompass information security, and a new document would be released in due course.

Although the financial deficit residing over the UK’s defence budget is of key concern, Marshall pointed to prime minister David Cameron’s statement that spending on defence will be allowed to rise in real terms after 2015 to help develop the capabilities desired under the ‘Future Force 2020’ concept.

‘I can guarantee that A/D/S will be doing its best to remind the Prime Minister and the government of that statement.’

The security of the information shared within the defence industry was a key theme of the conference. One industry representative argued that the controversy surrounding the recent Wikileaks scandal is making a lot of people think twice about information sharing.

‘We have laptops where we can’t actually store our presentations. The consequence of that is we have memory sticks, which people can then lose, and so the consequence of actually trying to secure things by making them more secure on the laptop, all you’ve actually done is make them much more vulnerable,’ the industry representative said.

Beth Stevenson, Bristol, UK

You'd be surprised. I see files daily coming across my desk like this. Companies don't spend on security, run un-encrypted databases and SSL/TLS technology on their websites that aren't regularly patched or updated. No intrusion detection systems at all and firewall products that aren't maintained after initial setup. They allow remote access via un-secure FTP, maintain no corporate IT policy on regularly updating passwords and usernames and all other sorts of nonsense and then regularly purge their own server logs, so even they fail to detect the majority of the intrusions they are suffering. On top of which, they record all credit card details, expiry dates, CVV/CVV2 numbers that users of their sites volunteer them but for some reason DON'T purge that information...

Then they come to us to complain. Yeah, sure. We'll catch those Ukrainian hackers who YOU allowed to hack you, because of your own stupidity. I can't wait for Visa/Mastercard etc to start suing these companies for using their services but failing to take basic online security precautions...

Jesus mate, that's full on. The online company I work for is pretty good in that regard - our main security guy is this Russian mathematician who was earmarked to work on the space program over there before he decided to bail to Australia and move into IT. One of the cleverest and sneakiest (in a good way) guys I've ever met. We try to keep all our systems as tight as possible, but if anything goes wrong it's a huge deal - and our data is probably downright pedestrian compared to what Rajone would have in their databases. Someone will be copping a flogging for that...

Report: US Nuke Lab Needs More Cyber Controls

April 20, 2011

Associated Press

SAN FRANCISCO - Lawrence Livermore National Laboratory failed to set up adequate cyber security controls for classified information, including details about the nation's nuclear stockpile, according to a federal report released Tuesday.

Livermore is one of the federal government's top science labs and maintains several national security systems, including supercomputers that process sensitive and classified information about the safety and reliability of nuclear weapons along with homeland security matters.

Rickey R. Hass, deputy inspector general for audits and inspections at the Energy Department, said in the report that outside contractors had made changes to one system meant to monitor nuclear explosions without first getting approval from the proper federal officials.

That and other site-level problems have persisted in part because the government hasn't ensured that changes to its information systems are in line with potential risks, the department's internal watchdog's office said.

"Without improvements, the weaknesses identified may limit program and site-level officials' ability to make informed risk-based decisions that support the protection of classified information and the systems on which it resides," the audit concluded.

No classified information was compromised, said Damien LaVera, a spokesman for the Energy Department's National Nuclear Security Administration, which operates the labs.

In a written response to the inspector general, a top ranking administration official said the paper-based compliance review did not factor in the lab's additional strategies to counter a constantly changing set of threats.

"We do not believe conclusions documented in this report can be extrapolated to determine the state of the entire risk management program," wrote Gerald Talbot, Jr., the administration's associate director for management and administration. "Furthermore, the general recommendations made by the IG were already in place."

Lawrence Livermore has long served as one of the nation's key labs for nuclear research. More recently the lab has focused on monitoring radiation from the ongoing nuclear crisis in Japan and on devising measures to counter possible chemical and biological terrorist attacks.

"We feel we have a good strong cyber security system at the lab," said Don Johnston, a spokesman for the lab. "That said, we're always looking to improve it and make it better."

© Copyright 2011 Associated Press. All rights reserved.

Ares

A Defense Technology Blog

Cyber-Recruiters Looking For Cross-Trained Specialists

Posted by David A. Fulghum at 4/21/2011 9:55 AM CDT

Training and organizing military cybertroops will demand monumental changes, not the least of which is creating a mindset that leaps beyond current laws, policies, agreements and borders.

Advanced cybertraining is being shaped by rapid advances in intelligence, surveillance and reconnaissance (ISR) gathering, information fusion and the resulting availability of data. The rapid availability of intelligence makes real-time military operations as the norm, while long-gestation targeting plans become a thing of the past.

Evolution in the ability of Cyber Command to think about the future, such as the power of the 'cloud', having immediate access to all data and the ability to find digital fingerprints is crucial, says Maj. Gen. David Senty, chief of staff for U.S. Cyber Command.

“The fact that there is now a borderless society, means that we need to recognize that the role of government is still defined by policies that stop at borders,” Senty says. “Whether it’s [changes] in authorities or policies, [the government and Cyber Command] need to be as adroit as the technology we’re living with. We have to be evolving as we go and anticipate the complexities that we’re working with.”

The master key for making all that happen with the necessary dispatch is a “special, operations-like career field,” he says. “A skilled, selected, distinctive cadre [must] operate in cyberspace with the same hubris as our combat arms do today.”

As an operational philosophy, cyberoperators cannot wait for threats to appear.

“I don’t defend my network,” says Gordon Snow, assistant director of the FBI’s cyberdivision. “What I do is threat pursuit.” Since a Presidential mandate in 2008 he has been conducting cyberthreat identification, the task has been to determine the plans of persons, groups or entities to find ways to neutralize a threat.

Starting at the top, the Air Force needs to certify its senior leaders to operate on the network, says Maj. Gen. Ronnie Hawkins, vice director of the Defense Information Systems Agency. Moreover, if commanders make significant mistakes, they should be decertified and receive additional training before they can resume operating and commanding the network.

“In a flying unit, the commander gets certification, standardization and evaluation training and gets qualified as a mission commander,” notes Lt. Gen. William Lord, the Air Force’s chief information officer. “I don’t know why we wouldn’t do that with our cyber-folks.”

At the NCO and junior officer level, “all airmen should be conversant in cyberspace like they are in describing air operations – including vulnerabilities,” says Lt. Gen. Michael Basla, vice commander of Air Force Space Command.

Basla calls for a common cyberlanguage and understanding across the service and joint forces. He also supports rewarding airmen to increase their cyberknowledge similar to giving foreign language pay and to get cybercertification whatever their jobs. By developing the entire force, commanders can find those best suited for even more specialized cybertraining.

“We need cyberguards to watch network traffic, look for abnormalities and investigate attacks,” Basla says. “We need [forensic] types that work in the code of a virus to decipher it and then figure out how to reverse engineer it and use it against our adversaries.”

In addition to cyber-operators and defenders, the cybercareer field needs intelligence, acquisition and engineering professionals that are domain-focused for the majority of their careers.

“Lets consider better processes to let people cross flow into cyber that have demonstrated skills or knowledge outside of traditional Air Force training, especially in our Air National Guard and Reserve component,” Basla says. “We need to get our [cyber-]ranges up. We need the networks to be modeled. And we need to use that modeling and simulation to train. Then we need our cyberprofessionals to continually train on networked ranges and continually reeducate themselves.”

The problem of creating a training program is discovering what operators need to work in a domain where the platform – the cybersphere – is unstable and constantly changing.

Industry officials predict a big challenge to Western militaries as they try to build their ranks of offensive and defensive cyberwarriors, assure they have the right skills, and that those skills go beyond just understanding computers and networks.

“We need people who have a good understanding of the domain they are working in,” says Robert Brammer, chief technology officer at Northrop Grumman. “How do I secure a powerplant if I don’t really understand the powerplant?”

Cyber-Security System Mimics Human Immune Response

In the future, a computer virus may be wiped out in much the same fashion that humans overcome a cold.

By Eric Niiler

Thu Apr 21, 2011 01:35 PM ET

THE GIST



Cyber-security experts hope that computers in the future will be able to monitor their own health just like the cells inside our bodies.

The security system could include a "healthy ecosystem&quo