05/19/2012

China is a lead cyberattacker of US military computers, Pentagon reports: CSM

On 5/18, Anna Mulrine reported for the Christian Science Monitor on a new DoD report on China.  According to the CSM, that DoD report stated that China is behind "many of the cyberattacks on US military computer systems . . . ."  The report explained that China is looking to acquire better offensive cyber weapons while still improving their network defenses.

I don't think it's really any secret that China is behind most of the cyberattcks on DoD systems.  I do think it's significant that the DoD released a report publicly accusing China of cyberattacks.

You can find that report here.

Posted by on 05/19/2012 at 12:02 AM in cyber attack, warfare | | Comments (0)

| |

05/18/2012

White House's cybersecurity official retiring: WashPo

On 5/16, Ellen Nakashima reported for the Washington Post on how Howard Schmidt, the White House's cybersecurity coordinator, is stepping down from the position at the end of this month.  Over his 2.5 year tenure, Schmidt oversaw the creation of the administration's international strategy for cyberspace, the administration's proposal for cybersecurity legislation, and the National Strategy for Trusted Indentities in Cyberspace (NSTIC).  According to the WashPo article, Michael Daniel (chief of the WH's budget office intelligence branch) will now fill the position.

Posted by on 05/18/2012 at 11:38 PM in Current Affairs, White House | | Comments (0)

| |

05/16/2012

Cyber Roundup (5/15): Gen. Cartwright says U.S. must strut cyber might, Pentagon expands the DIB program, and cyber legislation update

A quick survey . . .

***

Aliya Sternstein reported for Nextgov on remarks made by Gen. James Cartwright (architect of the DoD's current cyber strategy) concerning cybersecurity.  Notably, Gen. Cartwright argued that the U.S. must deter enemies from attacking U.S. networks by signaling the offensive might of the U.S. cyber arsenal.  The Gen. specifically said that "you have to scare them . . . [y]ou have to convince them that there is a price for any action that is counter to good order and discipline . . . [t]hat means you need an offensive capability." 

The Gen. made a number of other interesting remarks, check out the Nextgov article for the rest.

I love the General's thinking on this one.  No one is intimidated by really good network defenses.  If we demonstrate a willingness to hit back in conjunction with proper network defenses, then we have a great 1-2 punch for stopping cyberattacks.

***

Jim Wolf reported for Reuters on the DoD's defense industrial base (DIB) program, an initiative where the DoD shares cyber threat information with defense contractors.  According to the article, the program may dramatically expand to over 8,000 contractors currently doing business with the DoD.  The program was previously capped at 36.  Interestingly, the Reuters article noted that 17 companies allow ISPs to scan all of their incoming traffic with the NSA's help.

***

Brendan Sasso reported for The Hill on cybersecurity legislation.  According to The Hill, a bipartisan group of senators was going to meet to discuss cybersecurity, but postponed the meeting. 

Sort of ho-hum news, but I found it significant that senators are beginning to discuss the issue.  My hope is that passage of CISPA will push things along in the Senate.  A Senate aide had previously signaled that Democrats may be willing to bend on mandatory cybersecurity standards for critical infrastructure.  If that's the case, we may see passage of a cybersecurity bill sooner rather than later.

***

The Economist had an interesting article on CISPA.  The author was strongly against the bill, arguing that the NSA's potential role in the information sharing exchange is a danger to civil liberties. 

Posted by on 05/16/2012 at 12:16 AM in Criticism, Cyber Exploitation, Legislation | | Comments (0)

| |

05/13/2012

Wording in cyberwar bill begs question: Who's in charge? (CNet)

On 5/11, Elinor Mills wrote a very interesting article for CNet on the approval process for U.S. military offensive operations in cyberspace.  The Washington Post previously hinted that the new rules of engagement for offensive U.S. military cyberattacks would require presidential approval.  However, according to the CNet article, there is ambiguity in the language of a recent National Defense Authorization Act that suggests the U.S. military wouldn't need presidential approval.  Essentially, the previous version of the NDAA affirmed that the DoD has the capability to conduct offensive operations with presidential approval.  However, the current version "affirms that the Secretary of Defense is authorized to conduct military activities in cyberspace" with no mention of presidential approval.

The House Armed Services Committee Chairman explained that the NDAA doesn't give the DoD any new authorities.  Nevertheless, the CNet article voiced fears that this loose language might give too much discretion to CyberComm. 

There's more to the article about how the language could apply to stealth operations in cyberspace, you can find that CNet article here.

***

Interesting tidbit from FederalNewsRadio.com . . . CyberComm's director of intelligence said that CyberComm has the "capacity to significantly damage a country's infrastructure if necessary."

Posted by on 05/13/2012 at 10:16 PM in Cyber Command, warfare | | Comments (0)

| |

05/10/2012

Potential China link to cyberattacks on gas pipeline companies: CSM

I don't know if you remember, but the Christian Science Monitor previously reported on how a number of U.S. natural-gas pipeline companies have been suffering a cyberattack.  The cyberattack was more of your run of the mill spear phising/cyber intrustion campaign that probably every major U.S. company and utility has suffered from.  Nevertheless, DHS got involved and the attack got some major publicity.

On 5/10, Mark Clayton updated the story for the Christian Science Monitor and hinted at who is behind the attacks.  Brace yourselves.  In a shocking turn of events, it looks like the Chinese are behind the attacks.  According to the article, a cybersecurity firm has analyzed the attacks and found that they bear a striking resemblance to the attacks on RSA.  If you've been dutifully reading this blog, you'd know that Gen. Alexander (NSA/CyberComm head) told a Senate Committee that China was behind the RSA attack. 

And to think, all of this after the Chinese defense minister asserted that he could "hardly agree with the proposition that the cyber attacks directed to the United States are directly coming from China." 

Posted by on 05/10/2012 at 10:56 PM in cyber attack | | Comments (0)

| |

Cyber Briefings 'Scare The Bejeezus' Out Of CEOs, Cybersecurity Firms Ditch Defense And Learn To 'Hunt': NPR

Two interesting articles written by Tom Gjelten for NPR . . .

The first NPR article concerned the U.S. government's effort to "scare the bejeezus" out of U.S. CEOs.  Apparently top U.S. military officials took CEOs from large U.S. corporations, gave them top-secret clearances for a day, and then showed them some of the cyberweapons the U.S. military has in store.  These same military officials also showed the CEOs how they could "turn your computer into a brick."  The point of the meetings was to scare the CEOs into realizing the severity of the cyberthreat they face.  The meetings may have been successful: one CEO described the event as "a life-changing experience." 

The second NPR article dealt with cybersecurity firms transitioning from offense to defense.  Specifically, the article detailed how the cybersecurity firm Mandiant profiles hacker teams and studies patterns within APTs rather than just updating an attacked company's anti virus software.  Essentially, Mandiant engages in intelligence gathering and has been able to identify specific attacker's hacking "playbook."

***

As for the first NPR article, it's an encouraging sign that at least some CEOs took these dire warnings about cyberattacks to heart.  Yet, as Antone Gonsalves reported for ITWorld, some CEOs are just as likely to ignore evidence that hackers have compromised their networks.  In the case of the ITWorld article, 22 organizations ignored information of a China-based espionage operation that had broken into their systems.  Unfortunately, it's this kind of lackluster response that makes government imposed cybersecurity standards attractive for me.  If the private sector won't take this threat seriously, why should we expect that voluntary incentives will spur action?  This debate over cybersecurity legislation (and the merits of a bill like the CSA) would go a lot differently if the private sector demonstrated some initiative and some ability to protect their own networks.  Until that point, I have no confidence that the private sector can do it without government intervention.  Meh.

That second NPR article got me thinking . . . how long until a cybersecurity firm takes the next step and actively targets hacker groups?  Kinda like a hired gun, a cyber merc if you will.  I have no doubt that a company like Mandiant has the technical ability to go after the people they've profiled.  In fact, I bet they'd be pretty good at it.  Perhaps the U.S. government could award letters of marque for cybersecurity firms going after foreign based hackers.  Perhaps companies could hire these firms to respond with hack-back in "self-defense."  Whatever the case, a U.S. based company doing something like that is probably illegal, but we can always change the laws . . .

Posted by on 05/10/2012 at 10:44 PM in cyber attack, Cyber Exploitation | | Comments (0)

| |

05/08/2012

Chinese General Downplays China’s Role in Cyber Attacks: Bloomberg Businessweek

Gopal Ratnam reported for Bloomberg Businessweek on the Chinese defense minister's visit to Washington.  Specifically, General Liang Guanglie talked with SecDef Leon Panetta about cyberattacks.  When questioned about China-based cyberattacks, the Gen. had this to say:

I can hardly agree with the proposition that the cyber attacks directed to the United States are directly coming from China . . . And during the meetings, Secretary Panetta also agreed on my point that we cannot attribute all the cyber attacks [to China].

I must applaud the Chinese . . . even in the face of almost international recognition that they are one of the worst cyber-offenders out there, they stick to that same line.  I would be delighted to wake up one morning and find a party official saying "yes we engage in intellectual property theft, we don't care what you think, and we probably won't stop."  The U.S. could then admit that its new military strategy is directed towards China.  Both nations could at least be honest with each other.  

Posted by on 05/08/2012 at 09:17 PM in Cyber Exploitation | | Comments (0)

| |

Bill Would Have Businesses Foot Cost Of Cyberwar: NPR

On 5/8, Tom Gjelten reported for NPR on the divide between business leaders and national security leaders over cybersecurity legislation.  According to the article, critical infrastructure owners dislike the stricter bills (like the Senate Dem's Cybersecurity Act of 2012, or CSA) because they would put a "vast regulatory structure" in place.  Those private business owners would then shoulder the brunt of that structure's costs. 

On the other hand, the national security types choose security over avoiding regulation.  Especially, as Stewart Baker put it, "When you've had responsibility and had to live with the possibility that tomorrow you'll wake up and on your watch something very bad has happened, you have a different view about the importance of being able to do something about it."

The article went on to question whether a profit-driven entity is up to the challenge of voluntarily spending enough to ensure proper cybersecurity.  I, for one, doubt it.  I don't know if that means they should be mandated to spend it, however.  

There's more to the NPR article, you can find it here.

Posted by on 05/08/2012 at 08:58 PM in Legislation | | Comments (0)

| |

Turf War Slows New U.S. Cyber ROEs: DefenseNews

On 5/7, Zachary Fryer-Biggs wrote for DefenseNews on cyber rules of engagement (ROEs).  DoD has said that the new ROEs will be coming out in a few month.  The Washington Post previously reported that those ROEs will likely require top-level (i.e. presidential) approval for offensive cyber-attacks on foreign nations.  So what's taking so long?

The DefenseNews article explained that the legal debate over the U.S. military's role in domestic networks is slowing the promulgation of the ROEs.  The article quoted James Cartwright, former vice chairman of the JCS, as saying that this debate is a "turf war", apparently between the DHS and DoD.  This new set of ROEs will consider the DoD's role with regard to critical infrastructure and how the DHS factors in.  The U.S. military obviously handles foreign threats, with the DHS handling domestic threats; however, how can you square that neat division with the ambiguities of cyberspace? 

Of course, there is a legal barrier to the U.S. military operating within the borders of the United Sates, so it's unclear if and how the DoD could protect private systems. 

Interesting article.  Find more of the DefenseNews piece here.

Posted by on 05/08/2012 at 08:30 PM in Cyber Command, warfare | | Comments (0)

| |

Cyber Threat Metrics: Sandia Labs

On 5/8, the Secrecy News blog posted a report from Sandia National Laboratories titled Cyber Threat Metrics.  The authors of the report noted that cyber threats defy effective measurement because they are fluid and difficult to understand.  Of course, we want an effective system of cyber threat measurement because it gets us that much closer to a better policy response.  Thus, the authors proposed a new set of metrics integrated into a new cyber threat model that would give policymakers a better understanding of what's out there. 

The report had a few models, one of which was the cyber threat matrix.  The matrix ranked cyber threats by considering an adversary's commitment (i.e. intensity of attack, stealth, time) and resources (technical personnel, cyber knowledge, kinetic knowledge, and access to restricted systems). 

The authors acknolwedged that the metrics still exhibit a good deal of subjectivity.  Nevertheless, the report was a step towards a consistent threat assessment process.  Worth a look.

You can find the Sandia National Laboratories report titled Cyber Threat Metrics here.

Posted by on 05/08/2012 at 08:07 PM | | Comments (0)

| |

Next »
Subscribe to this blog's feed

Search

Recent Posts

Recent Comments

Pages

Categories

About

More from WCS

cyberwar - Google News

The New New Internet

Share |