Author Topic: Cyberwar, Cyber Crime, and American Freedom  (Read 277502 times)

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Re: Cyberwar and American Freedom
« Reply #150 on: June 20, 2012, 10:18:00 PM »
Quote
Fascinating stuff!

Forgive me the moment of Captain Obvious but "It is difficult to know who is attacking a network. Once the identity of the attackers is verified, and if they are indeed a nation-state, then the (attacked state) must decide if retaliation is necessary."

So, thanks to Pravda on the Hudson working in conjunction with CiC Obama and his inner circle, the Iranians now have confirmation stuxnet was us AND they have been publicly humiliated


I know right? Way to go!!
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 72319
    • View Profile
tin foil or not?
« Reply #151 on: June 27, 2012, 07:47:38 AM »



C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Re: Cyberwar and American Freedom
« Reply #154 on: July 26, 2012, 11:43:14 AM »
SRC: http://online.wsj.com/article/SB10000872396390444330904577535492693044650.html?KEYWORDS=Obama+cybersecurity#printMode

Taking the Cyberattack Threat Seriously
In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home..

Last month I convened an emergency meeting of my cabinet and top homeland security, intelligence and defense officials. Across the country trains had derailed, including one carrying industrial chemicals that exploded into a toxic cloud. Water treatment plants in several states had shut down, contaminating drinking water and causing Americans to fall ill.

Our nation, it appeared, was under cyber attack. Unknown hackers, perhaps a world away, had inserted malicious software into the computer networks of private-sector companies that operate most of our transportation, water and other critical infrastructure systems.

Fortunately, last month's scenario was just a simulation—an exercise to test how well federal, state and local governments and the private sector can work together in a crisis. But it was a sobering reminder that the cyber threat to our nation is one of the most serious economic and national security challenges we face.

Enlarge Image

CloseAssociated Press
 .So far, no one has managed to seriously damage or disrupt our critical infrastructure networks. But foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day. Last year, a water plant in Texas disconnected its control system from the Internet after a hacker posted pictures of the facility's internal controls. More recently, hackers penetrated the networks of companies that operate our natural-gas pipelines. Computer systems in critical sectors of our economy—including the nuclear and chemical industries—are being increasingly targeted.

It doesn't take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home. Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we've seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill.

This is the future we have to avoid. That's why my administration has made cybersecurity a priority, including proposing legislation to strengthen our nation's digital defenses. It's why Congress must pass comprehensive cybersecurity legislation.

We all know what needs to happen. We need to make it easier for the government to share threat information so critical-infrastructure companies are better prepared. We need to make it easier for these companies—with reasonable liability protection—to share data and information with government when they're attacked. And we need to make it easier for government, if asked, to help these companies prevent and recover from attacks.

Yet simply sharing more information is not enough. Ultimately, this is about security gaps that have to be filled. To their credit, many of these companies have boosted their cyber defenses. But many others have not, with some lacking even the most basic protection: a good password. That puts public safety and our national security at risk.

The American people deserve to know that companies running our critical infrastructure meet basic, commonsense cybersecurity standards, just as they already meet other security requirements. Nuclear power plants must have fences and defenses to thwart a terrorist attack. Water treatment plants must test their water regularly for contaminants. Airplanes must have secure cockpit doors. We all understand the need for these kinds of physical security measures. It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries.

This approach stays true to our values as a society that cherishes free enterprise and the rights of the individual. Cybersecurity standards would be developed in partnership between government and industry. For the majority of critical infrastructure companies already meeting these standards, nothing more would be expected. Companies needing to upgrade their security would have the flexibility to decide how best to do so using the wide range of innovative products and services available in the marketplace. Moreover, our approach protects the privacy and civil liberties of the American people. Indeed, I will veto any bill that lacks strong privacy and civil-liberties protections.

This is exactly the kind of responsible, collaborative approach to an urgent national-security challenge that Americans expect but that Washington too rarely provides. It reflects the insights and ideas of industry and civil libertarians. It is sponsored by a bipartisan group of senators. It is supported by current and former homeland security, intelligence and defense leaders from both Republican and Democratic administrations.

Today we can see the cyber threat to the networks upon which so much of our modern American lives depend. We have the opportunity—and the responsibility—to take action now and stay a step ahead of our adversaries. For the sake of our national and economic security, I urge the Senate to pass the Cybersecurity Act of 2012 and Congress to send me comprehensive legislation so I can sign it into law.

It's time to strengthen our defenses against this growing danger.

Mr. Obama is president of the United States.

A version of this article appeared July 20, 2012, on page A11 in the U.S. edition of The Wall Street Journal, with the headline: Taking the Cyberattack Threat Seriously.

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
NSA chief asks hackers at Defcon for help securing cyberspace
« Reply #155 on: July 31, 2012, 04:52:58 PM »
SRC: http://www.computerworld.com/s/article/9229756/NSA_chief_asks_hackers_at_Defcon_for_help_securing_cyberspace?taxonomyId=17

NSA chief asks hackers at Defcon for help securing cyberspace
NSA Director General Keith B. Alexander called the Defcon attendees the world's best cybersecurity community
By Lucian Constantin
July 29, 2012 12:20 AM ET3 Comments. .IDG News Service - National Security Agency Director General Keith B. Alexander addressed the attendees of the Defcon hacker conference in Las Vegas on Friday and asked for their help to secure cyberspace.

"This is the world's best cybersecurity community," said Gen. Alexander, who also heads the U.S. Cyber Command. "In this room right here is the talent our nation needs to secure cyberspace."

Hackers can and must be part, together with the government and the private industry, of a collaborative approach to secure cyberspace, he said.

Hackers can help educate other people who don't understand cybersecurity as well as they do, the NSA chief said. "You know that we can protect networks and have civil liberties and privacy; and you can help us get there."

Gen. Alexander congratulated the organizers of Defcon Kids, an event dedicated to teaching kids how to be white-hat hackers, and described the initiative as superb. He called 11-year-old Defcon Kids co-founder CyFi to the stage and said that training young people like her in cybersecurity is what the U.S. needs.

The NSA director stressed the need for better information sharing between the private industry and the government and noted that the Congress is currently debating legislation to address this.

NSA's and U.S. Cyber Command's roles are to protect the nation from cyberattacks and foreign intelligence, Gen. Alexander said. The issue is that if you don't see a cyberattack you can't defend against it and at the moment, the NSA has no insight if Wall Street is going to be attacked, for example, he said.

Gen. Alexander pointed out that if the industry could share some limited pieces of information from their intrusion detection systems in real time, the NSA could take it from there.

The next step from information sharing is jointly developing standards that would help secure critical infrastructure and other sensitive networks, he said.

He encouraged hackers to get involved in the process. "We can sit on the sidelines and let others who don't understand this space tell us what they're going to do, or we can help by educating and informing them" of the best ways to go forward.

"That's the real reason why I came here. To solicit your support," he said. "You have the talent. You have the expertise."

At the Aspen Security Forum conference on Thursday, Gen. Alexander revealed that there's been a 17-fold increase in cyberattacks against U.S. infrastructure between 2009 and 2011, the New York Times reported.

The hacker community has built many of the tools that are needed to protect cyberspace and should continue to build even better ones, he said during his keynote at Defcon. He gave the example of Metasploit and other penetration testing tools.

"Sometimes you guys get a bad rap," he said. "From my perspective, what you're doing to figure out vulnerabilities in our systems is great. We have to discover and fix those. You guys hold the line," he said.

Gen. Alexander's presence at Defcon was a rare event. Before introducing him to the stage, Defcon founder Jeff Moss, who is the chief security officer of ICANN and a member of the U.S. Homeland Security Advisory Council, revealed that he has tried for the past 20 years to get a high-ranking NSA official to speak at the conference.

"Like magic, on our 20th anniversary and NSA's 60th anniversary it's all come together," Moss said. "For me it's really eye-opening to see the world from their [NSA's] view."

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
U.S. cyber coordinator moves on
« Reply #156 on: August 02, 2012, 02:31:31 PM »
What does the nation's first cyber security coordinator do for an encore on leaving government service?

First, one would believe that Howard Schmidt (right), a 40-year veteran of the discipline, will be penning another book, this one detailing the three years he spent serving in the Obama administration as the United States' top computer security adviser. He stepped down at the end of May.

One knows for a fact, however, that he has joined the board of security and compliance firm Qualys, where his main role will be advising on governance, strategic direction for the company and providing guidance to Philippe Courtot, the chairman and CEO. “It's all about being part of a team as opposed to an individual effort,” Schmidt said.

And, it's more than simply contacts in the government that Courtot expects. “Howard is technical enough, he knows the problems very well,” he said. “It's more about, ‘How do you present and package, where should we focus our energy so we can essentially play a bigger role with the federal government.' So, having Howard, it's very welcome and timely.”


The two also plan to revive an initiative they co-founded in 2004, the CSO Interchange, which brings security chiefs together from all sectors to discuss problems they are facing. “It's really an environment to bring CSOs together to make things move forward, as opposed to a meeting where people just want to sell something,” Schmidt said.

When they first began the international series of roundtables and breakfasts, there was a lot of resistance from the government sector in applying cloud technologies, as they wanted to control the data, Courtot recalled. “But today, we're at the point where necessity and the growth of attacks have become more pervasive,” he said. “They are now looking for solutions that work and that are cost effective as well, because you can't throw millions of dollars at the problem.”

Speaking of his time at the White House, Schmidt said, “Like any security position, it takes a lot of work. There's a lot of stuff that needs to be discussed. What works for one company, may have less than a positive impact on another one.”

His role, he said, was to bring everybody together to look for solutions. He points to the National Strategy for Trusted Identities in Cyberspace, or NSTIC, a White House initiative to foster collaboration between the government and private sector to better the privacy, security and convenience of online transactions, as one of the administration's major successes. The point, he said, was to look at ways to move away from an environment of user IDs and passwords and get something the private sector can build – an ecosystem where users can migrate to systems that are less likely to be compromised.

He also oversaw advancements in international cyber strategy. “Working with a great team across the government and with international partners, the International Strategy for Cyberspace [a policy document that sets an agenda for partnering with other nations] was looking at several things – from prosperity to economics to military action to peaceful activity,” he said.

It's very difficult to stop the threats, Schmidt said. “What you can do is stop the threats from being successful. And that's making sure everything that you're doing – in the cloud, on the desktop, browser, server environment – you can reduce the vulnerabilities so that no matter what someone throws at you, it's less likely to be successful.”
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Danger within: Insider threat
« Reply #157 on: August 02, 2012, 02:34:26 PM »
SRC: http://www.scmagazine.com/danger-within-insider-threat/article/245432/

Danger within: Insider threat
David CotrissJuly 02 2012The theft or misuse of corporate assets by a trusted individual  poses challenges, but there are strategies and tools to put in place, reports David Cotriss.

How big a problem is the threat from insiders?

“Bigger than most people realize because many times they can't tell if they have an issue,” says Craig Shumard, principal of Philadelphia-based Shumard and Associates, a strategic security consulting firm, and former vice president of security at Cigna Insurance. Insider threats are often under-reported, he says, because companies do not want it known that they've become victims of such attacks. At other times, an enterprise may be unaware it has been compromised.

There's a widely reported mythology that insider-spawned breaches occur far less frequently than external attacks, says James Quin, lead research analyst at Ontario, Canada-based Info-Tech Research Group. When his organization interviewed companies about the issue, the survey found that the accepted wisdom proved not to be true. Quin says that while the prevalence of malicious insider incidents is indeed quite low, erroneous or accidental breaches are “happening with alarming frequency.” That is, although insiders are to blame for some malicious activity, add to that the high rate of employees unintentionally causing a data leakage incident, and the tally for insider culpability mounts.

The problem is exacerbated by the fact that companies are not prepared or equipped to deal with such incidents. “We're finding that organizations don't have an insider threat program in place,” says Dawn Cappelli, technical manager at the Computer Emergency Response Team (CERT) Insider Threat Center, a research-and-development entity at Carnegie Mellon University's Software Engineering Institute in Pittsburgh. CERT is working with the federal government and private companies to design a prevention and mitigation program. Most corporations, she says, are focused on protecting their networks from outside threats, but they don't yet have anyone in charge for insider threat mitigation. This situation must change, with one person given authority and responsibility for dealing with insider threats. To succeed, that person must have the backing of general counsel because of privacy issues, and they must work well with IT and human resources.

Cappelli adds that in last year's “Cyber Security Watch” survey from Deloitte, 46 percent of respondents said insider attacks were more costly to their organization than external attacks. Yet most companies that have purchased software tools that are marketed as internal attack mitigation solutions are using them only to address external attacks.

“What you need to worry about is how to keep your employees happy.”



– Andy Ellis, CSO, Akamai Technologies 

While the incidence of insider incidents has stabilized over the past few years, the opportunities have increased because of greater use of third-party contractors, the bring-your-own-device (BYOD) phenomenon, and the co-mingling of personal and business data spurred by the popularity of smartphones and tablets. Today, attacks can be launched at handheld devices, and this vector has become a major source of data leakage. Furthermore, despite all the new tools that have been developed over the past few years, “25 to 30 percent of threats cannot be controlled by technology,” says Shumard.

It is not feasible to completely stop malicious data leakage, agrees Quin. “Technology cannot address everything,” he says. “You can't stop people writing things down with a pencil and a piece of paper.”

As well, privileged users can insert malicious code almost anywhere without it being flagged as anomalous activity, he says. They have the ability to override system controls without detection.

“You can't stop insider threats,” says Andy Ellis, CSO at Cambridge, Mass.-based Akamai Technologies, which provides a platform for conducting business online. “What you need to worry about is how to keep your employees happy. What are you doing for employee retention? A lot of insider threats come from unhappy employees. How do you prevent the trusted insider from doing something that threatens the company?”

For Ellis, the threat fell close to home. Akamai was the victim of a foiled attempt by a former employee to spy on the company. Elliot Doxer pleaded guilty last year to a charge of foreign economic espionage for providing trade secrets to an FBI agent posing, over a two-year period, as an Israeli intelligence officer. When Doxer contacted the Israeli consulate and offered to give it confidential information in exchange for money, the consulate contacted the FBI.
To best thwart the malicious attacker, Shumard recommends looking at anomalous behavior. “Take people who hold the same position who have the same job rules and access,” he says. “Why does one employee log-on at 4 in the morning and log-off at 10 at night, while other employees log on at 8 in the morning and log off at 4 in the afternoon? Why would one person download 2,400 documents in a day while the others are downloading 20 or 30? There might be a valid reason for this, such as a special project, but these are indicators of possible malicious behavior.”

Meanwhile, many companies tend to ignore accidental data leaks, even though they can prove costly. Two-thirds of all insider threats are unintentional, says Quin. For example, sending an email to an entire list instead of one intended recipient, or hitting “reply all” instead of “reply,” could have severe consequences.

“Companies have to start contemplating solutions to correct this,” he says. “We haven't done a good job of educating employees about appropriate custodial care of data.”

Shumard agrees. “Sometimes it's just people not understanding proprietary information or a highly sensitive piece of information,” he says. He recommends that companies hold security awareness training for all employees. “Education is important because people have to understand the rules and abide by them.”

Be proactive, says Ellis. He follows Akamai employees on LinkedIn because if there is suddenly a flurry of new connections, it's likely that an individual is looking for a new job. Depending on the access that person has to sensitive information, he says the prudent approach is to take some preventative action.

However, Ellis also says organizations must weigh the cost of prevention tools versus the value of the potentially leaked information. And, he says sometimes a corporation is paying for technology that slows down the speed of innovation.

The sensible methodology, according to CERT, is to use a combination of technical and non-technical potential indicators of malicious activity to identify individuals who may be more likely to commit an unauthorized act. By monitoring and controlling outbound traffic, an organization can greatly increase its chances of mitigating malicious activity.

Data leakage: Prevention


To thwart the inevitability of attacks from within, CERT recommends that companies log all downloads and set alerts when critical information is copied to removable media. Other recommended actions are:

■Implement continuous logging
■Audit individual actions in logs for privileged accounts
■Audit logs for activity of resigning or terminated employees
■Log anytime a device or peripheral is attached; alert if an unidentified device is attached, i.e., a keystroke logger
■Alert of suspicious traffic
■Monitor for unauthorized accounts
■Review user accounts on a regular basis to ensure that active accounts are valid and configured properly
■Monitor privileged users
■Don't give users more privileges than they need
 

Photo: Inside the network operations command center at Akamai in Cambridge, Mass., Nicole Fusco, network operations engineer, looks for anomalous activity, perhaps indicating inappropriate employee practice.


.
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Obama vs. Romney on cybersecurity
« Reply #158 on: September 18, 2012, 01:29:09 PM »

By Amber Corrin
Sep 05, 2012
In their respective platforms, the Republicans and Democrats each briefly touch on what they both describe as a paramount threat facing the U.S.: cybersecurity. In keeping with the partisan divides that prevented lawmakers from passing cybersecurity legislation this year, each side offers a different – but decidedly familiar – take on the issue.


While neither party goes in-depth in its platform summary addressing cybersecurity, they both include plans that include basic tenets that were part of  cybersecurity bills that failed in Congress. While there isn’t much in the way of cyber-policy revelations, there are hints of action that could come – including a possible executive order.

The platforms include a handful of similarities: Both sides recognize the significance of the issue, the importance of collaboration within government and with industry, and the need for investment in cyber research and development.

Like proposed legislation that came before, that’s about where the parallels end.

The Republicans call for a hands-off approach that echoes the SECURE IT Act championed by Sen. John McCain (R-Ariz.) earlier this year. The emphasis is on the public and private sectors working together, allowing for “the free flow of information” between network managers and the within industry. It also places the onus on the government to better protect their own systems.

The GOP platform also takes swipes at the current cybersecurity policies, saying that the Barack Obama administration is “overly reliant on the development of defensive capabilities and has been unsuccessful in dissuading cyber-related aggression.” The Republican plank criticizes Obama’s approach as “costly and heavy-handed” and says it will “increase the size and cost of the federal bureaucracy and harm innovation in cybersecurity.”

On the other hand, the Democrats’ platform notes some of the cybersecurity steps taken in Obama’s term, and includes vows to continue by investing in research and development, promoting awareness and strengthening public-private partnership.

“The President and the administration have taken unprecedented steps to defend America from cyber attacks, including creating the first military command dedicated to cybersecurity and conducting a full review of the federal government's efforts to protect our information and our infrastructure,” the Democrats’ platform states.

The platform also notes that “going forward, the president will continue to take executive action to strengthen and update our cyber defenses.”


FCW (http://s.tt/1mAm7)



Many, including cybersecurity expert Jim Lewis, say the statement is a strong suggestion of an executive order in the works.

Lewis, director and senior fellow at the Center for Strategic and International Studies, said a presidential directive from Obama likely would aim to compensate for the Congress’s failure to pass legislation protecting critical infrastructure.

But which party’s approach would be more effective? Lewis had criticism for both sides, noting that neither offers any novel ideas.

“The Democratic plank says the right things; it just doesn't say anything new other than the [executive order] hint. The Republican plank also doesn't say anything new, but we know what they propose won't work,” Lewis said, noting that the Republican references to deterrence and information-sharing, among others, are particularly troublesome.

“Cyber deterrence doesn’t work. This is a creaky retread from the Cold War,” he said. As for voluntary information-sharing, central to the Republican approach, “it’s legislation, not regulation, that blocks sharing, and Congress failed to fix it.”

But the Democratic approach could be costly – and not necessarily effective, given the government’s notorious bureaucracy and the rapidly evolving nature of cyber.

“The Democratic platform calls for greater government engagement and involvement, but the imposition of mandates would be less effective because the government is not nimble enough to regulate in this area,” said Paul Rosenzweig, visiting fellow at the Heritage Foundation. “How much would the Democratic platform cost? Nobody knows. The Democrats couldn’t tell you before when [the bipartisan Cybersecurity Act of 2012] was being considered, and the same questions are being asked now.”


FCW (http://s.tt/1mAo9)
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Web attacks on big US banks originated in Iran, unconfirmed reports say
« Reply #159 on: September 25, 2012, 05:09:01 PM »
http://arstechnica.com/security/2012/09/web-attacks-us-banks-originated-in-iran/?comments=1#comments-bar


Web attacks on big US banks originated in Iran, unconfirmed reports say
Two reports say a series of denial-of-service attacks were launched from Iran.
by Dan Goodin - Sept 21 2012, 1:30pm +1000

Black Hat33 Iranians have mounted a series of denial-of-service attacks over the past year that target major US banks and other companies, according to two published reports that cite unnamed US officials.

The reports, published on Friday by The Washington Post and Reuters, came a few days after websites for both Bank of America and JPMorgan Chase experienced unexplained service disruptions. US Senator Joseph Lieberman, chairman of the Senate Homeland Security Committee, said on Friday that he believes a unit of Iran's Revolutionary Guard Corps is behind the disruptions, but provided no evidence to support the claim. Neither bank has confirmed that the disruptions were the result of attacks, so it's possible equipment failure or other internal causes are responsible.

According to the Washington Post, US officials suspect that Iran was behind similar denial-of-service attacks, which bring websites to a crawl or make them completely unavailable by overwhelming them with garbage traffic. One such attack was carried out in August, and was aimed at disrupting the websites of oil companies in the Middle East "by routing their efforts through major US telecommunications companies, including AT&T and Level 3," the publication reported, citing US intelligence and industry officials. It was the largest attempted DoS attack against AT&T "by an order of magnitude," an industry official said. The sources spoke on condition of anonymity because they weren't authorized to speak to the press.

According to Reuters, Citigroup has also been targeted in the campaigns, which it said are likely in retaliation for their enforcement of Western economic sanctions against Iran. Reuters also said while the attacks originated in Iran "it is not clear if they were launched by the state, groups working on behalf of the government, or 'patriotic' citizens." The attacks may be intended to distract victims from other, more destructive breaches, the news organization added.

Security experts have long said that it's difficult or impossible to determine the origin or source of many DoS and other computer-based attacks. In the absence of technical evidence that supports claims attacks are coming from Iran, it's not possible to verify them.

.
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

G M

  • Power User
  • ***
  • Posts: 26643
    • View Profile
Computer Viruses Are "Rampant" on Medical Devices in Hospitals
« Reply #160 on: October 17, 2012, 04:39:24 PM »
http://www.technologyreview.com/news/429616/computer-viruses-are-rampant-on-medical-devices/

Computer Viruses Are "Rampant" on Medical Devices in Hospitals
A meeting of government officials reveals that medical equipment is becoming riddled with malware.

 
David Talbot

Wednesday, October 17, 2012
 
Health scare: Much hospital equipment uses software that can be vulnerable to viruses.
PR Newswire

Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable.

While no injuries have been reported, the malware problem at hospitals is clearly rising nationwide, says Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, who took part in the panel discussion.

Software-controlled medical equipment has become increasingly interconnected in recent years, and many systems run on variants of Windows, a common target for hackers elsewhere. The devices are usually connected to an internal network that is itself connected to the Internet, and they are also vulnerable to infections from laptops or other device brought into hospitals. The problem is exacerbated by the fact that manufacturers often will not allow their equipment to be modified, even to add security features.


In a typical example, at Beth Israel Deaconess Medical Center in Boston, 664 pieces of medical equipment are running on older Windows operating systems that manufactures will not modify or allow the hospital to change—even to add antivirus software—because of disagreements over whether modifications could run afoul of U.S. Food and Drug Administration regulatory reviews, Fu says.

As a result, these computers are frequently infected with malware, and one or two have to be taken offline each week for cleaning, says Mark Olson, chief information security officer at Beth Israel.

"I find this mind-boggling," Fu says. "Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There's little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches."

The worries over possible consequences for patients were described last Thursday at a meeting of a medical-device panel at the National Institute of Standards and Technology Information Security & Privacy Advisory Board, of which Fu is a member, in Washington, D.C. At the meeting, Olson described how malware at one point slowed down fetal monitors used on women with high-risk pregnancies being treated in intensive-care wards.

"It's not unusual for those devices, for reasons we don't fully understand, to become compromised to the point where they can't record and track the data," Olson said during the meeting, referring to high-risk pregnancy monitors. "Fortunately, we have a fallback model because they are high-risk [patients]. They are in an IC unit—there's someone physically there to watch. But if they are stepping away to another patient, there is a window of time for things to go in the wrong direction."

The computer systems at fault in the monitors were replaced several months ago by the manufacturer, Philips; the new systems, based on Windows XP, have better protections and the problem has been solved, Olson said in a subsequent interview.

At the meeting, Olson also said similar problems threatened a wide variety of devices, ranging from compounders, which prepare intravenous drugs and intravenous nutrition, to picture-archiving systems associated with diagnostic equipment, including massive $500,000 magnetic resonance imaging devices.

Olson told the panel that infections have stricken many kinds of equipment, raising fears that someday a patient could be harmed. "We also worry about situations where blood gas analyzers, compounders, radiology equipment, nuclear-medical delivery systems, could become compromised to where they can't be used, or they become compromised to the point where their values are adjusted without the software knowing," he said. He explained that when a machine becomes clogged with malware, it could in theory "miss a couple of readings off of a sensor [and] erroneously report a value, which now can cause harm."

Often the malware is associated with botnets, Olson said, and once it lodges inside a computer, it attempts to contact command-and-control servers for instructions. Botnets, or collections of compromised computers, commonly send spam but can also wage attacks on other computer systems or do other tasks assigned by the organizations that control them (see "Moore's Outlaws").

In September, the Government Accountability Office issued a report warning that computerized medical devices could be vulnerable to hacking, posing a safety threat, and asked the FDA to address the issue. The GAO report focused mostly on the threat to two kinds of wireless implanted devices: implanted defibrillators and insulin pumps. The vulnerability of these devices has received widespread press attention (see "Personal Security" and "Keeping Pacemakers Safe from Hackers"), but no actual attacks on them have been reported.

Fu, who is a leader in researching the risks described in the GAO report, said those two classes of device are "a drop in the bucket": thousands of other network-connected devices used for patient care are also vulnerable to infection. "These are life-saving devices. Patients are overwhelmingly safer with them than without them. But cracks are showing," he said. (Fu was Technology Review's Innovator of the Year in 2009.)

Malware problems on hospital devices are rarely reported to state or federal regulators, both Olson and Fu said. This is partly because hospitals believe they have little recourse. Despite FDA guidance issued in 2009 to hospitals and manufacturers—encouraging them to work together and stressing that eliminating security risks does not always require regulatory review—many manufacturers interpret the fine print in other ways and don't offer updates, Fu says. And such reporting is not required unless a patient is harmed. "Maybe that's a failing on our part, that we aren't trying to raise the visibility of the threat," Olson said. "But I think we all feel the threat gets higher and higher."

Speaking at the meeting, Brian Fitzgerald, an FDA deputy director, said that in visiting hospitals around the nation, he has found Beth Israel's problems to be widely shared. "This is a very common profile," he said. The FDA is now reviewing its regulatory stance on software, Fitzgerald told the panel. "This will have to be a gradual process, because it involves changing the culture, changing the technology, bringing in new staff, and making a systematic approach to this," he said.

In an interview Monday, Tam Woodrum, a software executive at the device maker GE Healthcare, said manufacturers are in a tough spot, and the problems are amplified as hospitals expect more and more interconnectedness. He added that despite the FDA's 2009 guidance, regulations make system changes difficult to accomplish: "In order to go back and update the OS, with updated software to run on the next version, it's an onerous regulatory process."

Olson said that in his experience, GE Healthcare does offer software patches and guidance on keeping devices secure, but that not all manufacturers have the same posture. He added that the least-protected devices have been placed behind firewalls. But to do that with all a hospital's software-controlled equipment would require more than 200 firewalls—an unworkable prospect, he said.

John Halamka, Beth Israel's CIO and a Harvard Medical School professor, said he began asking manufacturers for help in isolating their devices from the networks after trouble arose in 2009: the Conficker worm caused problems with a Philips obstetrical care workstation, a GE radiology workstation, and nuclear medical applications that "could not be patched due to [regulatory] restrictions." He said, "No one was harmed, but we had to shut down the systems, clean them, and then isolate them from the Internet/local network."

He added: "Many CTOs are not aware of how to protect their own products with restrictive firewalls. All said they are working to improve security but have not yet produced the necessary enhancements."

Fu says that medical devices need to stop using insecure, unsupported operating systems. "More hospitals and manufacturers need to speak up about the importance of medical-device security," he said after the meeting. "Executives at a few leading manufacturers are beginning to commit engineering resources to get security right, but there are thousands of software-based medical devices out there."


Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 72319
    • View Profile

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 72319
    • View Profile

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Flame Relative is a "High-Precision, Surgical Attack Tool
« Reply #163 on: October 18, 2012, 01:17:46 PM »
From the SANS Newsletter

 --Flame Relative is a "High-Precision, Surgical Attack Tool"
(October 15, 2012)
Researchers have detected another piece of malware that targets systems used in the Middle East. It is being called mini Flame because it appears to be built on the same platform as the Flame malware, which was detected earlier this year. While Flame focuses on stealing information, miniFlame acts as a backdoor on infected machines to allow attackers access. It also appears to be able to act as a modulefor both Flame and Gauss, lending more credence to the theory that the two pieces of malware are related. miniFlame can download files from
a command-and-control server. It is being called a "high-precision, surgical attack tool."


http://www.wired.com/threatlevel/2012/10/miniflame-espionage-tool/all/

http://www.computerworld.com/s/article/9232367/Kaspersky_discovers_miniFlame_cyberespionage_malware_directly_linked_to_Flame_and_Gauss?taxonomyId=82

http://www.v3.co.uk/v3-uk/news/2217221/miniflame-surgical-cyberstrike-malware-tool-discovered

http://www.securelist.com/en/analysis/204792247/miniFlame_aka_SPE_Elvis_and_his_friends


[Editor's Note (McBride): From an analytical perspective the fact that a sinkhole designed for Flame found miniFlame is a nice windfall (but not necessarily great opsec). Is the fact that Kaspersky continues to find state sponsored malware (allegedly belonging to the United States) surprising - or is the awe wearing off? Is it concerning that the U.S. appears to be a leader in offensive cyber operations? Is the real difference between APT and APF (advanced persistent friendliness) summed up in the amount of trust you have for the motives of the sponsoring nation-state?
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
US Defense Secretary Says US is Prepared to Take Action
« Reply #164 on: October 18, 2012, 01:21:55 PM »
Another one from the SANS newsletter.

 --US Defense Secretary Says US is Prepared to Take Action
(October 11 & 14, 2012)

US Defense Secretary Leon Panetta last week said that a recent campaign of cyberattacks on Middle East oil and gas companies "was probably the most destructive attack that the private sector has seen to date." While Panetta did not say that Iran was involved in those attacks, he did note that Iran is trying to "gain an advantage in cyberspace" and warned those who would consider launching cyberattacks against the US that the US is prepared to take action.

http://www.eweek.com/security/iranian-cyber-attack-is-most-destructive-to-date-says-defense-secretary/

http://www.washingtonpost.com/world/national-security/cyberattack-on-mideast-energy-firms-was-biggest-yet-panetta-says/2012/10/11/fe41a114-13db-11e2-bf18-a8a596df4bee_story.html

[Editor's Note (Assante): One must not lose sight of the big picture when considering the consequences of all cyber attacks on our productivity, competitiveness, and national security.  The challenge with the emerging attacks referred to by the Secretary of Defense is in the development of doctrines that are flexible enough to apply the right response to manage the death by a thousand cuts while deterring specific attacks that can directly impact economic and nation security. Cyber defense is a job too big for any one organization we all play an important part in safeguarding our information and critical systems.


(McBride): McBride: The tone of Panetta's comments appears to support a stance of deterrence. He well might have said "the U.S. is prepared to take offensive or retaliatory action if and when it can positively attribute highly-destructive attacks to another nation-state." On the other hand, the tone of the comments does not build confidence that the U.S. is prepared to defend and restore. That makes his plea to executives of firms that own and operate critical infrastructure all the more imperative.]
« Last Edit: October 18, 2012, 03:21:57 PM by Robertlk808 »
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Timeline: Key events in cyber history
« Reply #166 on: January 08, 2013, 02:16:47 PM »
http://www.washingtonpost.com/wp-srv/special/investigative/zeroday/cyber-history-timeline/index.html

1943-1944 History
The digital era jumped ahead with the creation of Colossus, the first programmable digital machine. Though limited compared to later computers, Colossus played a pivotal role in code breaking during World War II. In effect, the British developed the first digital machine to hack German codes.

The National Museum of Computer: Colossus
Colossus: The first large-scale electronic computer
 
1961-1962 History
Key steps in the history of global computer networks came when Leonard Kleinrock at MIT published the first paper on packet switching theory in July 1961, and the next year when J.C.R. Licklider, also at MIT, wrote a series of memos spelling out his ideas for a "Galactic Network" in which people could access data from anywhere.

Internet Society: Origins of the Internet
 
1967-1969 History
The Advanced Research Projects Agency, later known as DARPA, accelerated work on what was initially dubbed ARPANET and eventually came to be known as the Internet. The first ARPANET message was sent at 10:30 p.m. on Oct. 29, 1969.

Internet Society: Oirginal Internet concepts
Stanford Research Institute: Celebrating the first ARPANET transmission
 
1971 History
Intel released the first integrated microprocessor, a major leap forward in the history of the computer. It had 2,300 transistors and processed 60,000 instructions per second.

 
1982 Hack
National security officials in the United States launched one of the world's first cyberattacks on another country: the Soviet Union. U.S. officials heard, through a KGB source named Farewell, that the Soviets intended to buy computer equipment through a front company to operate a gas pipeline. U.S. agents altered the software, which later caused the pipeline to explode.

CIA: The Farewell Dossier
At the Abyss: An Insider's History of the Cold War (book)
 
1986-1987 Hack
In 1986 and 1987, a physics researcher at the University of California at Berkeley uncovered a global hack of academic, military and government computers in the United States. Chronicled later in the book “The Cuckoo's Egg,” it was the first investigation of its kind, and it revealed online hacker threats spread around the globe.

Wikipedia: The Cuckoo's Egg
 
1988 Hack
The first "worm" attack occurred on the Internet. A Cornell University student named Robert Tappan Morris released several dozen lines of code, which replicated wildly and hit thousands of computers hard. It stopped about 10 percent of the 88,000 computers linked to the Internet at the time.

The What, Why, and How of the 1988 Internet Worm
CERT: Security of the Internet
 
1990 History
ARPANET became an operation network known as the Internet. About 2.6 million people around the globe had access.

 
1994 Hack
Anonymous hackers repeatedly attacked the Air Force's Rome Laboratory in New York, underscoring the threat to military systems. Investigators discovered that a British teenager and an Israeli technician had used phone systems and networks in eight countries to cloak their attacks on numerous military and government computer systems.

GAO (PDF): Computer attacks at the Department of Defense pose increasing risks
 
1997 Hack
The Pentagon's first "information warfare" exercise, known as Eligible Receiver, found that industrial and information systems throughout the United States are vulnerable to cyberattacks from hackers using readily available technology and software. Specialists said it appeared as though simulated attacks on power and communications networks in Oahu, Hawaii; Los Angeles; Colorado Springs, Colo.; Washington, D.C.; and elsewhere succeeded with ease.

Congressional Research Service report (PDF): Cyberwarfare
 
2003 History
The amount of digital information created by computers, cameras and other data systems this year surpassed the amount of all information created in human history, according to studies by International Data Corp. and EMC.

 
November 2003 Hack
Hackers apparently supported by China attacked military and government systems in the United States with impunity, making off with terabytes of data. The attacks were dubbed Titan Rain by officials in the United States.

Washington Post: Hackers attack via Chinese Web sites
 
May 2007 Hack
During a dispute between Estonia and Russia, hackers launched massive attacks on Estonian government agencies, banks, newspapers and other organization, using networks of computers to shut down Estonian systems online. Some analysts, blaming Russia, asserted the attacks represent one of the first instances of cyberwar.

Wired: Kremlin Kids: We launched the Estonian cyber war
 
2008 History
Cyberspace accelerated its expansion, with the number of devices connected to the Internet exceeding the number of people on Earth for the first time. That number hit an estimated 12.5 billion in 2010, according to a researcher at Cisco who predicted it will rise to 50 billion in 2020. Hundreds of millions of new Internet users also sign on, many millions of them via mobile phones and other portable devices.

 
November 2008 Hack
The most significant breach of U.S. computer security occurred, apparently when someone working with the Pentagon's Central Command inserted an infected flash drive into a military laptop computer at a base in the Middle East. The case was code named Buckshot Yankee. "The flash drive’s malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command. That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control," a senior U.S. official later wrote in Foreign Affairs magazine.

Washington Post: Cyber-intruder sparks massive federal response
 
March 2009 Hack
Canadian researchers identified a Chinese espionage network operating on government computer systems in 103 countries, making it the largest operation of its kind ever publicly identified. The researchers dubbed the system GhostNet.

New York Times: Vast spy system loots computers in 103 countries
 
December 2009 Hack
Communications links with U.S. drones were hacked by Iraqi insurgents, who used laptop computers and inexpensive software. The hack apparently enabled the insurgents to see video images the drone was recording.

 
January 2010 Hack
Google announced that it and dozens of other companies were the focus of a "highly sophisticated and targeted attack" originating from China. The attack resulted in a huge amount of data being stolen. It was later dubbed Operation Aurora.

 
February 2010 History
The number of Internet users topped 2 billion. The Defense Department said that although "it is a man-made domain, cyberspace is now as relevant a domain for DoD activities as the naturally occurring domains of land, sea, air and space.”

 
July 2010 Hack
Researchers discovered the most sophisticated cyberweapon ever to be made public. A "worm" known as Stuxnet, it was designed to seek out certain industrial control systems made by Siemens. Stuxnet took advantage of four zero-day vulnerabilities and appeared to be targeted at a uranium enrichment program in Iran. Specialists said it appeared to have a devastating effect, destroying or damaging hundreds of centrifuges. The New York Times reported that President Obama approved the operation as part of a secret U.S.-Israeli cyberwar campaign against Iran begun under the Bush administration.

 
November 2010 History
A group of the nation's top scientists concluded in a report to the Pentagon that "the cyber-universe is complex well beyond anyone’s understanding and exhibits behavior that no one predicted, and sometimes can’t even be explained well." The scientists, part of a Pentagon advisory group called JASON, said, "Our current security approaches have had limited success and have become an arms race with our adversaries. In order to achieve security breakthroughs we need a more fundamental understanding of the science of cyber-security."

 
May 2011 Hack
Sony told Congress that hackers had penetrated the PlayStation network, stealing or misusing the personal information of at least 77 million users. Sony estimated that fallout from the hack cost at least $170 million. It appeared as though criminals masqueraded as members of the anarchist-activist group known as Anonymous.

 
March 2012 Hack
Gen. Keith Alexander, commander of U.S. Cyber Command, blamed China for taking "astounding" amounts of intellectual propery and for the hack last year of security giant RSA. In testimony before a congressional panel, Alexander hinted at military reprisals. "We reserve the right to use all necessary means — diplomatic, informational, military, and economic — as appropriate and consistent with applicable international law," Alexander testified.

 
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
2012: What Have We Learned?
« Reply #167 on: January 10, 2013, 11:08:06 AM »
There's a natural inclination for people at the end of each year to look back, take stock and try to draw some grand meaning or life lessons out of the events of the past 12 months. This is a particularly risky and difficult thing to do in the security industry, given its inherent unpredictability and chaotic nature. That doesn't stop people from doing it, mind you, it just makes the process more difficult and often more humorous. The weird thing about 2012, though, is that it turned out to be one of those years that may well end up marking a turning point for consumers, enterprises and governments around the world.

The biggest shift in 2012 was the emergence of state-sponsored malware and targeted attacks as major factors. The idea of governments developing and deploying highly sophisticated malware is far from new. Such attacks have been going on for years, but they've mainly stayed out of the limelight. Security researchers and intelligence analysts have seen many of these attacks, targeting both enterprises and government agencies, but they were almost never discussed openly and were not something that showed up on the front page of a national newspaper.

That all changed in 2010 with the discovery of the Stuxnet worm, which targeted the nuclear enrichment facility at Natanz in Iran. That attack made international news and started conversations in Washington, London and around the world about who deployed the worm and about the propriety of using such malware to go after the assets of foreign governments, regardless of their political alignment.

That conversation grew louder and more contentious in 2012 with the emergence of a number of new cyberweapons, including Flame, Gauss, Mini-Flame and Shamoon. Researchers believe that several of these tools are connected and may have been written by the same team and use some of the same code and modules. For the most part, these tools have been designed to steal sensitive data, conduct surveillance on victim networks and give the attackers a hidden presence on those systems. Shamoon was the exception to this rule, wiping data from target systems and rendering many of them useless.

Shamoon's destructive tendencies confused researchers for a while, as there doesn't seem to be much upside in destroying the data on machines that you're targeting. That is, of course, unless the attackers had no interest in stealing any of the data on the target network and simply wanted to make a statement by trashing the systems instead and causing major headaches for the security team on the other end. And that's what ended up happening, at least to the one major known target, oil giant Saudi Aramco. The attack on Aramco destroyed data on more than 30,000 machines and took the company weeks to recover from.

The kind of targeted attacks in which cyberweapons such as Flame and Shamoon are used are relatively rare and almost exclusively hit major corporate or government networks. But that doesn't mean that they don't have consequences for consumers, as well. Attackers routinely go after banks, ISPs and other companies and those attacks can have major repercussions for consumers. There has been a series of high-powered and highly disruptive DDoS attacks against several major banks over the last few months, some of which have taken banks' sites offline for hours at a time.

The attacks have reached the point where the Office of the Comptroller of the Currency is warning banks about the campaign and recommending that they look at their risk-management plans to ensure that they have quality mitigations in place. The major banks, of course, have layers of defenses in place, but that only goes so far against a determined attacker, as many other enterprises are finding out these days.

The question now is what 2013 has in store. It's no reach to say that there will be more Stuxnet or Flame-style attacks in the coming year. It's as sure a bet as there is, the kind of lock that Vegas bettors dream about. A five-star lock. The attacks are going on all the time, 24 hours a day, on sensitive networks around the world. Attackers are vacuuming up data by the terabyte and handing it over to their bosses or backers and then moving on to the next assignment.

What's far less certain is how many of these attacks will come to light. Researchers hit the jackpot in 2012 with several juicy new cyberweapons to sink their teeth into and they made a lot of headway in understanding the methods and techniques of these types of attackers. But that knowledge and intelligence has a limited shelf life. Attackers shift tactics often, responding to changes in defensive methods or advances in research. Attacks that are going on right now and may be discovered weeks or months down the road could include components that have never been seen before. The hash collision developed by the attackers behind Flame is a perfect example.

So 2013 likely will look a lot like 2012, only more so. More sophisticated attacks, more novel techniques and more targets. Whether those attacks bubble up to the surface remains to be seen, but if they do, expect to see the rhetoric and hand-wringing ratchet up a few notches. It's the natural progression. If we learned anything in 2012, it's that attacks only get better.
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 72319
    • View Profile
Re: Cyberwar and American Freedom
« Reply #168 on: January 10, 2013, 11:24:25 AM »
Robert:

Your ongoing contributions here are greatly appreciated.

Marc

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 72319
    • View Profile
BO readies unilateral move on cyber security
« Reply #169 on: January 29, 2013, 10:18:10 AM »


http://pjmedia.com/blog/obama-readies-unilateral-move-on-cybersecurity/

Obama Readies Unilateral Move on Cybersecurity
Even with a new Congress in session, the president will argue that lawmakers aren't moving fast enough.
by Rodrigo Sermeño
January 29, 2013 - 12:34 am
 
MARC: Given the nature of the threat to national security, I am more tolerant of some unilateral action by the Prez.

WASHINGTON – A long-running effort to protect critical infrastructure in the U.S. from cyber attacks collapsed in Congress last year. Despite this setback, different groups have continued their calls for more action in the wake of continuous threats, paving the way for the Obama administration to take the lead on cybersecurity policy – perhaps in an executive order that could come early this year.
 
After Congress first rejected the Cybersecurity Act of 2012 in August, the Obama administration immediately began drafting an executive document, known as Presidential Policy Directive 20. The White House argued that the danger of a devastating cyber attack against the U.S. was just too great for the executive branch to ignore it. The executive order, unlike the bill, does not need congressional approval, which will undoubtedly open the debate about the directive’s constitutionality.

 


The executive order will offer voluntary guidelines and a strict set of standards that will help government “more effectively secure the nation’s critical infrastructure by working collaboratively with the private sector,” White House spokeswoman Caitlin Hayden told the Washington Times.
 
The cybersecurity bill, first introduced by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) in February, called for the creation of a council to develop standards for certain industries such as utilities, pipelines, and financial service companies labeled as “critical infrastructure.” It also aimed to encourage industry to share information with the government about cyber-threats spotted on their networks.
 
After months of negotiations with privacy and civil liberty groups and industry representatives, the Senate introduced a revised version of the bill last summer. In the hopes of winning over the opposition, the bill’s co-sponsors significantly watered it down, making the cybersecurity standards optional.
 
Despite disagreements over specific measures, the legislation attracted widespread bipartisan support in the Senate. Many senators agreed with the major provisions of the bill that sought to strengthen the nation’s barriers against cyber attacks. But a rift emerged between the legislators believing that a new regulatory program was necessary because of the private sector’s failure to adequately protect its networks, and those doubting the efficacy of more government regulation in achieving its intended objective.
 
Back in August, Republicans and business groups strongly opposed the bill that would have imposed minimum standards of security on companies in key industries, claiming it was unwarranted government regulation. After the bill fell short to pass in August, Senate Majority Leader Harry Reid voted against it in a procedural move so that he could bring the bill back to the floor in November.
 
During the lame-duck session, the Senate came close to passing cybersecurity legislation. But a motion to move forward on the bill failed to secure the 60 votes needed to bring the bill up for passage.
 
“The bill that was and is most important to the intelligence community was just killed, and that’s cybersecurity,” Reid told the Hill after the vote. “Whatever we do for this bill, it’s not enough for the U.S. Chamber of Commerce. So everyone should understand cybersecurity is dead for this Congress. What an unfortunate thing, but that’s the way it is.”
 
Opposition to the bill made some legislators break ranks with their party. Four Democrats – Sens. Max Baucus (Mont.), Mark Pryor (Ark.), Jon Tester (Mont.) and Ron Wyden (Ore.) – voted against the motion in November. Three Republicans – Sens. Collins, Olympia Snowe (Maine), and Scott Brown (Mass.) – joined their Democratic counterparts in favor of the bill.
 
A rival version, the SECURE IT Act, introduced by Sen. John McCain (R-Ariz.) and a group of Senate Republicans in March, focused on improving the sharing of information about cyber-threats, but it did not include any measures aimed at creating security standards for critical infrastructure. The bill failed to gain traction in Congress and among civil liberty groups, including the American Civil Liberties Union.
 
Many government officials lamented the Cybersecurity Act’s failure. Sen. Daniel K. Akaka (D-Hawaii), senior member of the Senate Committee on Homeland Security, expressed his disappointment that the Senate “once again failed to put partisan differences aside and pass the critical bill.” Defense Secretary Leon Panetta also expressed his disappointment with the Senate for failing to allow the country to enhance its ability to protect itself against threats.
=======================

Panetta warned last year of the possibility of a “cyber Pearl Harbor.” He told business leaders attending a meeting of the Business Executives for National Security that the country is increasingly vulnerable to foreign computer hackers who could attack the country’s transportation system, government, financial networks, and power grid.
 
In a recent report, the Department of Homeland Security (DHS) estimated that more than 40 percent of all reported cyber attacks on critical infrastructure in 2012 targeted the energy sector. Many of the incidents reported to the DHS targeted information that could facilitate remote access and unauthorized operation.

 


Sustained cyber attacks targeting the websites of a dozen U.S. banks, including Wells Fargo, JP Morgan Chase, and Bank of America, exemplify the growing threat to the financial sector. What makes these attacks suspicious is that they are not carried by opportunists trying to steal data or money, but instead by experts keen on creating significant disruptions. Computer-security specialists say that the attacks showed a level of sophistication that exceeded that of amateur hackers, making it more likely that they were orchestrated by a nation.
 
“There is no doubt within the U.S. government that Iran is behind these attacks,” former Commerce and State Department official James A. Lewis told the New York Times this month. According to Lewis, the attacks are probably in retaliation for previous cyber attacks on Iran as well as sanctions imposed on the country.
 
After the intensifying wave of attacks, major U.S. banks have turned to the National Security Agency for technical assistance in an effort to protect their computer systems, the Washington Post reported.
 
The banks’ request follows a similar push by a trade group for more collaboration between the private sector and government. The Business Roundtable, which represents the chief executive of top U.S. companies, has recently called on Congress to pass legislation aimed at improving the sharing of information between government and industry so companies can thwart cyber attacks quickly. The group, however, cautioned against a “static compliance based regime” that would undermine a more dynamic solution based on information sharing.
 
Before the Senate vote in November, Lieberman warned of the possibility of an executive order issued by the president if the Senate voted against moving the bill forward. Reid also noted that the order would fall short of what the bill could accomplish, including liability protection that would protect companies from legal action if they are hit by a cyber attack.
 
In a letter sent to the president in October, a group of Republican senators urged Obama to work with Congress on cybersecurity legislation instead of acting unilaterally in a way that “will solidify the present divide” among stakeholders. The White House is expected to roll out the executive order as early as the end of this month.
 
As new leaders assume command of the congressional committees in charge of cybersecurity legislation, the prospects of reviving the debate have begun to emerge. A coalition of Senate Democrats, led by longtime cybersecurity legislation supporter Sen. Jay Rockefeller (D-W.Va), introduced on Wednesday a new resolution tackling the issue. “The new Congress has a real opportunity to reach needed consensus on bipartisan legislation that will strengthen our nation’s cybersecurity,” the senators said in a joint statement announcing the bill, called the Cybersecurity and American Cyber Competitiveness Act of 2013.
 
The new bill outlines legislative intent but does not provide any specific solutions beyond some recommendations to improve collaboration between the private sector and the federal government.

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Re: Cyberwar and American Freedom
« Reply #170 on: February 14, 2013, 02:10:15 AM »
Robert:

Your ongoing contributions here are greatly appreciated.

Marc

Thanks Guro!  I've been slacking on posting due to some transitioning at work. Glad to be back on the .... CND side vs Policy.
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Cybersecurity Executive Order Short on Action, Long on Voluntary Initiatives
« Reply #171 on: February 14, 2013, 02:15:44 AM »
http://threatpost.com/en_us/blogs/cybersecurity-executive-order-short-action-long-voluntary-initiatives-021313?utm_source=Newsletter_021313&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=

The executive order that President Barack Obama signed yesterday in advance of his State of the Union Address contains a lot of provisions for information sharing on attacks and threats on critical infrastructure, and also calls for the development of a framework to reduce cybersecurity risks in federal agencies and critical infrastructure. What the order does not include are any mandates, required changes or a plan for significant action.

The most-discussed section of the executive order on cybersecurity is the one that directs the attorney general, secretary of the Department of Homeland Security and the Director of national Intelligence to establish an information-sharing program that will produce unclassified reports on "cyber threats to the U.S. homeland that identify a specific targeted entity." However, this is not the broad, two-way sharing of attack and threat data between the government and the private sector that some in the security community had been pushing for. Rather, it's a program designed to let intelligence agencies and the DHS take some of the data they gather on current attacks and notify targeted agencies about the attacks.

The executive order focuses almost exclusively on the threats facing critical infrastructure providers, both inside and outside the government, and discusses the need for better data on those threats and coordination among the entities responsible for running them. To that end, the order requires that DHS and the intelligence community figure out a method for disseminating classified threat information to those critical infrastructure providers. However, it does not provide a mechanism for getting that information to other, private-sector companies that may be targeted by the same kind of attacks.

"The Secretary and the Attorney General, in coordination with the Director of National Intelligence, shall establish a process that rapidly disseminates the reports produced pursuant to section 4(a) of this order to the targeted entity. Such process shall also, consistent with the need to protect national security information, include the dissemination of classified reports to critical infrastructure entities authorized to receive them. The Secretary and the Attorney General, in coordination with the Director of National Intelligence, shall establish a system for tracking the production, dissemination, and disposition of these reports," the executive order says.

The other major section of the order lays out the need for a voluntary risk-management framework designed to reduce vulnerabilities in critical infrastructure organizations such as utilities, government agencies and others. The framework "shall include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks," the order says, and there are no provisions in the document that require compliance with the framework's provisions. Instead, the government will establish a voluntary program to promote the adoption of the framework.

The issuance of the executive order comes nearly 10 years to the day after the publication of the National Strategy to Secure Cyberspace, a document developed in the aftermath of the Sept. 11 attacks that was meant to lay out a road map for how the government, businesses and users could help improve security. At the time of its release on Feb. 14, 2003, the document was criticized heavily by security experts who saw it as being too weak and lacking any direct action. Much of that initial strategy discussed the need for better information sharing, more data on attacks and threats and better security at critical infrastructure facilities, as well.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I'm in class tomorrow for something Information Assurance related, maybe we will be able to discuss the Executive Order tomorrow.
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Classified Report Says Chinese Cyberespionage is a Serious Economic Threat ...
« Reply #172 on: February 14, 2013, 02:19:05 AM »
Classified Report Says Chinese Cyberespionage is a Serious Economic Threat to the US (February 10, 2013)
According to a National Intelligence Estimate, China more than any other country in the world is targeting the US in a focused cyberespionage campaign that threatens the country's economy. The classified report lists organizations in the energy, finance, aerospace, information technology and other sectors that have been the targets of these attacks. Russia, Israel, and France have also been named as engaging in similar activity, but China's alleged activity outstrips theirs by far.

http://www.washingtonpost.com/world/national-security/us-said-to-be-target-of-massive-cyber-espionage-campaign/2013/02/10/7b4687d8-6fc1-11e2-aa58-243de81040ba_story.html

[Editor's Note (Henry): Not really sure what the news is; I re-read the article twice to see what I missed. The Chinese and other nations are engaged in cyber espionage against the US...really? While this has been happening for at least 15 years, corporate executives, government agencies, and administration officials have been talking about this openly for the past two or three years. I hope the open dialogue and public recognition of the true impact of this threat move us faster and closer to truly effective mitigation actions.

(Ranum): US agencies responsible for protecting the country against cyberespionage have been doing their constituents a disservice. Instead of trading on fears, they could release and document details of the kind of thing that is happening and couple that with specific actions that should be taken by corporations and organizations that might be targeted. Today's taxpayers interpret a full-on fear sell as a request for a blank check and are understandably reluctant to write one.

(Paller): A powerful defense, discovered by another country and validated by U.S. Intelligence agencies, has emerged. Look for an upcoming report from the Center for Strategic and International Studies with evidence of the effectiveness of this defense against the most common methods of attack used in the nation-state espionage attacks. It's time to stop admiring the problem, and start fixing it. ]
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 72319
    • View Profile
Re: Cyberwar and American Freedom
« Reply #173 on: February 14, 2013, 08:11:40 AM »
Robert:

Thanks for staying with this theme for us.


"Today's taxpayers interpret a full-on fear sell as a request for a blank check and are understandably reluctant to write one."

I would submit that this is less a matter of concern over taxes, and more a matter of concern over Orwellian power grabs.

 

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 72319
    • View Profile
Study officially accuses Chinese Army of hacking US inmany ways.
« Reply #174 on: February 18, 2013, 08:53:10 PM »
 | BREAKING NEWS ALERT
NYTimes.com | Video


SPECIAL REPORT Monday, February 18, 2013 10:02 PM EST
China’s Army Is Seen as Tied to Hacking Against U.S.

A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of a unit of cyberwarriors in China’s army — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around a 12-story building on the outskirts of Shanghai.

An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the headquarters of a People’s Liberation Army unit.

While Comment Crew has drained terabytes of data from companies like Coca-Cola, increasingly its focus is on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks.

http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?emc=na



G M

  • Power User
  • ***
  • Posts: 26643
    • View Profile
Re: Cyberwar and American Freedom
« Reply #175 on: February 18, 2013, 09:09:40 PM »
This just in, Keith Richards may have used illicit substances!

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Re: Cyberwar and American Freedom
« Reply #176 on: February 19, 2013, 01:53:40 AM »
Interesting report, but this is also from a vendor of a product as well, Ill be searching other sites to see if anything else is being mentioned about this article.

https://www.mandiant.com/blog/mandiant-exposes-apt1-chinas-cyber-espionage-units-releases-3000-indicators/?utm_source=rss

Mandiant Exposes APT1 – One of China’s Cyber Espionage Units & Releases 3,000 Indicators
By Dan Mcwhorter on February 18, 2013

Today, The Mandiant® Intelligence Center™ released an unprecedented report exposing APT1′s multi-year, enterprise-scale computer espionage campaign.  APT1 is one of dozens of threat groups Mandiant tracks around the world and we consider it to be one of the most prolific in terms of the sheer quantity of information it has stolen.

 

Highlights of the report include:

Evidence linking APT1 to China’s 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department (Military Cover Designator 61398).
A timeline of APT1 economic espionage conducted since 2006 against 141 victims across multiple industries.
APT1′s modus operandi (tools, tactics, procedures) including a compilation of videos  showing actual APT1 activity.
The timeline and details of over 40 APT1 malware families.
The timeline and details of APT1′s extensive attack infrastructure.
 

Mandiant is also releasing a digital appendix with more than 3,000 indicators to bolster defenses against APT1 operations. This appendix includes:

Digital delivery of over 3,000 APT1 indicators, such as domain names, IP addresses, and MD5 hashes of malware.
Thirteen (13) X.509 encryption certificates used by APT1.
A set of APT1 Indicators of Compromise (IOCs) and detailed descriptions of over 40 malware families in APT1′s arsenal of digital weapons.
IOCs that can be used in conjunction with Redline™, Mandiant’s free host-based investigative tool, or with Mandiant Intelligent Response® (MIR), Mandiant’s commercial enterprise investigative tool.
 

The scale and impact of APT1′s operations compelled us to write this report.  The decision to publish a significant part of our intelligence about Unit 61398 was a painstaking one.  What started as a “what if” discussion about our traditional non-disclosure policy quickly turned into the realization that the positive impact resulting from our decision to expose APT1 outweighed the risk of losing much of our ability to collect intelligence on this particular APT group.  It is time to acknowledge the threat is originating from China, and we wanted to do our part to arm and prepare security professionals to combat the threat effectively.  The issue of attribution has always been a missing link in the public’s understanding of the landscape of APT cyber espionage.  Without establishing a solid connection to China, there will always be room for observers to dismiss APT actions as uncoordinated, solely criminal in nature, or peripheral to larger national security and global economic concerns.  We hope that this report will lead to increased understanding and coordinated action in countering APT network breaches.

We recognize that no one entity can understand the entire complex picture that many years of intense cyber espionage by a single group creates.  We look forward to seeing the surge of data and conversations a report like this will likely generate.

You can download the report, the appendices and view the video showing APT1 attacker activity at http://www.mandiant.com/apt1.

Dan McWhorter

Managing Director, Threat Intelligence

 
« Last Edit: February 19, 2013, 11:50:10 AM by Robertlk808 »
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

DougMacG

  • Power User
  • ***
  • Posts: 19450
    • View Profile
Re: Cyberwar and American Freedom
« Reply #177 on: February 20, 2013, 10:17:57 AM »
"China’s Army Is Seen as Tied to Hacking Against U.S. "

Interesting that it was the need to create a virtual private network to get around the Chinese firewall and censorship policies that allowed the discovery and geographic pinpointing of the espionage to a 12 story Chinese military building.

Obama administration:  "We have repeatedly raised our concerns at the highest levels..."
http://killerapps.foreignpolicy.com/posts/2013/02/19/white_house_we_are_talking_cyber_espionage_with_china

Phew!!  That ought to do it.

On second thought, if they believed "raising concerns at the highest level" will stop it, why admit the need to do it "repeatedly"?
« Last Edit: February 20, 2013, 10:25:48 AM by DougMacG »

G M

  • Power User
  • ***
  • Posts: 26643
    • View Profile
Re: Cyberwar and American Freedom
« Reply #178 on: February 20, 2013, 10:25:18 AM »
From Team America:

Kim Jong Il: Hans Brix? Oh no! Oh, herro. Great to see you again, Hans!
Hans Blix: Mr. Il, I was supposed to be allowed to inspect your palace today, but your guards won't let me enter certain areas.
 Kim Jong Il: Hans, Hans, Hans! We've been frew this a dozen times. I don't have any weapons of mass destwuction, OK Hans?
 Hans Blix: Then let me look around, so I can ease the UN's collective mind. I'm sorry, but the UN must be firm with you. Let me in, or else.
 Kim Jong Il: Or else what?
Hans Blix: Or else we will be very angry with you... and we will write you a letter, telling you how angry we are.
 Kim Jong Il: OK, Hans. I'll show you. Stand to your reft.
Hans Blix: [Moves to the left]
Kim Jong Il: A rittle more.
Hans Blix: [Moves to the left again]
Kim Jong Il: Good.
[Opens up trap, Hans falls in]

bigdog

  • Power User
  • ***
  • Posts: 2321
    • View Profile
Re: Cyberwar and American Freedom
« Reply #179 on: February 20, 2013, 10:47:00 AM »
Well done, GM.

G M

  • Power User
  • ***
  • Posts: 26643
    • View Profile
Re: Cyberwar and American Freedom
« Reply #180 on: February 20, 2013, 10:49:17 AM »
You write articles, I quote Team America. We all have our strengths.  :-D

bigdog

  • Power User
  • ***
  • Posts: 2321
    • View Profile
Re: Cyberwar and American Freedom
« Reply #181 on: February 20, 2013, 10:53:20 AM »
You write articles, I quote Team America. We all have our strengths.  :-D

And a fine quote it was, sir!

bigdog

  • Power User
  • ***
  • Posts: 2321
    • View Profile
National Cybersecurity Standards
« Reply #182 on: February 20, 2013, 02:57:56 PM »
http://spectrum.ieee.org/riskfactor/telecom/security/us-agency-issues-call-for-national-cybersecurity-standards/?utm_source=computerwise&utm_medium=email&utm_campaign=022013

"Oddly, though, the press release announcing the development of the Cybersecurity Framework makes no mention that the final public version of a report titled, "Security and Privacy Controls for Federal Information Systems and Organizations" was released on 5 February and that the public comment period continues through 1 March."

 :-o :-o


bigdog

  • Power User
  • ***
  • Posts: 2321
    • View Profile

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 72319
    • View Profile
Re: Cyberwar and American Freedom
« Reply #185 on: February 27, 2013, 07:37:20 AM »
Regarding the first of BD's two entries this morning: "The real issue is how to avoid that these sort of attacks lead to escalating tensions between the two great powers on a strategic level":

NO, the real issue is whether we do something to defend ourselves-- to get them to knock it off.  Not only is their the military espionage stuff, there is also the massive threat of intellectual property.

G M

  • Power User
  • ***
  • Posts: 26643
    • View Profile
Re: Cyberwar and American Freedom
« Reply #186 on: February 27, 2013, 09:01:38 AM »
Regarding the first of BD's two entries this morning: "The real issue is how to avoid that these sort of attacks lead to escalating tensions between the two great powers on a strategic level":

NO, the real issue is whether we do something to defend ourselves-- to get them to knock it off.  Not only is their the military espionage stuff, there is also the massive threat of intellectual property.

If you look/act like a victim, you'll be one soon enough.

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Cyber war crucial to edge in regional arms race
« Reply #187 on: March 04, 2013, 10:20:40 PM »
http://www.afr.com/p/technology/cyber_war_crucial_to_edge_in_regional_9iXE9ux1Njz4mnmLBykREM

The paper nominates cyber warfare, electronic warfare and undersea warfare systems as areas where industry will need to stay “abreast of key enabling technologies’’ to stay ahead of the threat. Photo: Jessica Hromas
JOHN KERIN

Australia risks losing a regional arms race unless closer links can be forged between the government and the defence industry on countering cyber attacks, the Australian Industry Group Defence Council warns.

The council’s submission to the federal government’s 2013 defence white paper warns Australia will struggle to win a regional arms race unless the Gillard government pursues policies to align defence and industry.

“Given the more rapid acquisition of advanced military capabilities in our region of primary strategic concern, maintaining a capability edge is going to become much more demanding,’’ it says.

It calls for a closer relationship between the Defence Science and Technology Organisation and industry in promoting faster innovation. It nominates cyber warfare, electronic warfare and undersea warfare systems as areas where industry will need to stay “abreast of key enabling technologies”. “ADF capabilities must be capable of adaptation and evolution to meet changing threats,’’ the paper says.

CYBER ATTACKS
A defence white paper draft leaked to The Australian Financial Review warned in January that an adversary could try to use cyber attacks on defence networks to bring down systems crucial to deploying troops to war.

It also warned that Australia’s neighbours were increasingly buying sophisticated ships, aircraft and weapons systems that would make it harder to maintain the traditional capability edge.

The submission recommends an industry-wide survey be conducted to ensure industry and defence industry research and development more closely align to defence needs.

It says the government must bring forward projects to preserve the naval shipbuilding industry as the air warfare destroyer and troop transport ship projects wind down before an ambitious new submarine project worth up to $36 billion.

The submission also says the government should consider outsourcing some capabilities within the government weapons buyer, the Defence Materiel Organisation, to industry provided conflicts of interest can be avoided.

It says an Australian defence export push should become part of formal defence ties with south-east Asian nations to try to ensure the defence sector is not so vulnerable to traditional peaks and troughs of domestic defence buying.

FISCAL CONSTRAINT
The submission urges a wider review of the priority industry capabilities scheme. This scheme nominates areas vital to national security for special assistance in light of the government focusing on challenges closer to home in Asia-Pacific as the war in Afghanistan winds down.

The AiGroup warns that the white paper comes when “confidence has collapsed’’ in the defence industry after the government failed to deliver on its ambitious $275 billion weapons wish list.

The government has cut or deferred almost $25 billion in defence spending since the 2009 defence white paper and imposed cuts of $5.5 billion, or 10.5 per cent, this year. “By 2012 defence spending had reduced to its lowest level since 1938 (1.6 per cent of GDP) and the planned equipment acquisition program had been scuttled,’’ it says.

“A number of defence industry companies have closed and more than 5000 people have lost their jobs. Confidence has collapsed and uncertainty prevails throughout defence industry . . . this has a direct effect on national security.”

"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
The Cyber Threat Planning for the Way Ahead
« Reply #188 on: March 04, 2013, 10:24:32 PM »
http://www.fbi.gov/news/stories/2013/february/the-cyber-threat-planning-for-the-way-ahead/the-cyber-threat-planning-for-the-way-ahead

 Director Mueller speaks to cyber security professionals in San Francisco. Read text of his remarks.
 
The Cyber Threat
Planning for the Way Ahead


02/28/13

Denial of service attacks, network intrusions, state-sponsored hackers bent on compromising our national security: The cyber threat is growing, and in response, said FBI Director Robert S. Mueller, the Bureau must continue to strengthen its partnerships with other government agencies and private industry—and take the fight to the criminals.


“Network intrusions pose urgent threats to our national security and to our economy,” Mueller told a group of cyber security professionals in San Francisco today. “If we are to confront these threats successfully,” he explained, “we must adopt a unified approach” that promotes partnerships and intelligence sharing—in the same way we responded to terrorism after the 9/11 attacks.




 
Focus on Hackers and Intrusions

The FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers’ digital signatures from mountains of malicious code. Learn more


The FBI learned after 9/11 that “our mission was to use our skills and resources to identify terrorist threats and to find ways of disrupting those threats,” Mueller said. “This has been the mindset at the heart of every terrorism investigation since then, and it must be true of every case in the cyber arena as well.”


Partnerships that ensure the seamless flow of intelligence are critical in the fight against cyber crime, he explained. Within government, the National Cyber Investigative Joint Task Force, which comprises 19 separate agencies, serves as a focal point for cyber threat information. But private industry—a major victim of cyber intrusions—must also be “an essential partner,” Mueller said, pointing to several successful initiatives.


The National Cyber Forensics and Training Alliance, for example, is a model for collaboration between private industry and law enforcement. The Pittsburgh-based organization includes more than 80 industry partners—from financial services, telecommunications, retail, and manufacturing, among other fields—who work with federal and international partners to provide real-time threat intelligence.


Another example is the Enduring Security Framework, a group that includes leaders from the private sector and the federal government who analyze current—and potential—threats related to denial of service attacks, malware, and emerging software and hardware vulnerabilities.


Mueller also noted the Bureau’s cyber outreach efforts to private industry. The Domestic Security Alliance Council, for instance, includes chief security officers from more than 200 companies, representing every critical infrastructure and business sector. InfraGard, an alliance between the FBI and industry, has grown from a single chapter in 1996 to 88 chapters today with nearly 55,000 members nationwide. And just last week, the FBI held the first session of the National Cyber Executive Institute, a three-day seminar to train leading industry executives on cyber threat awareness and information sharing.


“As noteworthy as these outreach programs may be, we must do more,” Mueller said. “We must build on these initiatives to expand the channels of information sharing and collaboration.”


He added, “For two decades, corporate cyber security has focused principally on reducing vulnerabilities. These are worthwhile efforts, but they cannot fully eliminate our vulnerabilities. We must identify and deter the persons behind those computer keyboards. And once we identify them—be they state actors, organized criminal groups, or 18-year-old hackers—we must devise a response that is effective, not just against that specific attack, but for all similar illegal activity.”


“We need to abandon the belief that better defenses alone will be sufficient,” Mueller said. “Instead of just building better defenses, we must build better relationships. If we do these things, and if we bring to these tasks the sense of urgency that this threat demands,” he added, “I am confident that we can and will defeat cyber threats, now and in the years to come.”


Resources:
- Read Director Mueller’s remarks
http://www.fbi.gov/news/speeches/working-together-to-defeat-cyber-threats

- Cyber Crime page
http://www.fbi.gov/about-us/investigate/cyber

- National Cyber Investigative Joint Task Force
http://www.fbi.gov/about-us/investigate/cyber/ncijtf

- National Cyber Forensics and Training Alliance
http://www.fbi.gov/news/stories/2011/september/cyber_091611

- Infragard
http://www.fbi.gov/news/stories/2010/march/infragard_030810
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
China is Behind more than 20 Serious Cyber Attacks against Norway
« Reply #189 on: March 04, 2013, 10:26:09 PM »
Norwegian National Security Authority accuses China of computer espionage against Norwegian companies.

After TV2 revelaed last week that a Chinese military hacker group connected to Chinese government is behind cyber attacks against sensitive targets in Norway, National Security Authority deputy Eiliv Ofigsbø today said Norwegian companies have probably lost contracts because of computer espionage.

According to Ofigsbo, at least 20 of these serious cyber attacks can be traced back to China.

- The consequence of espionage cases may be losing data or losing the contract negotiations. We have seen concrete examples of Norwegian companies probably have lost as a result of these espionage activities. Our organization works with a number of Norwegian firms, and we know a number of those who have been subjected to such attacks, says Ofigsbø to TV2.

Ofisbo also noted that particularly high-tech firms, defense and oil and gas industries are the most severely affected ones by the attacks. Some in the energy sector have also been attacked. He says the U.S. report, designated "Unit 61398" also shows the Chinese military as responsible for an attack aimed at a larger company on Norwegian soil.

- Since 2008, the number of cases increased by 30 percent each year. The past year was particularly remarked with the increased serious cases, including espionage cases, says he.
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 72319
    • View Profile
Re: Cyberwar and American Freedom
« Reply #190 on: March 05, 2013, 04:45:38 AM »
Robert, as best as I can tell you are the most knowledgeable of us about the tech side this sort of thing.

What sort of solutions suggest themselves to you?

bigdog

  • Power User
  • ***
  • Posts: 2321
    • View Profile
Good cybersecurity means better privacy
« Reply #191 on: March 05, 2013, 12:25:24 PM »
http://money.cnn.com/2013/03/05/technology/security/cybersecurity-privacy/index.html

From the article:

The debate on cybersecurity has produced a sideshow centered around the belief that added security means a reduction in privacy.
Such views are nonsense. Quite simply, digital privacy cannot exist without cybersecurity. Weak security equals weak privacy. Want better privacy? Raise your security game to prevent hackers from stealing private data. Let the experts from the private sector and government communicate with each other so when they see threats, they can alert others and work together to create a solution.

C-Kumu Dog

  • Power User
  • ***
  • Posts: 576
    • View Profile
Re: Cyberwar and American Freedom
« Reply #192 on: March 06, 2013, 12:06:28 PM »
Robert, as best as I can tell you are the most knowledgeable of us about the tech side this sort of thing.

What sort of solutions suggest themselves to you?

Hey Guro, havent been ignoring the question been kind of busy this week, will give some thoughts as soon as I can.

Aloha.
"You see, it's not the blood you spill that gets you what you want, it's the blood you share. Your family, your friendships, your community, these are the most valuable things a man can have." Before Dishonor - Hatebreed

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 72319
    • View Profile
Re: Cyberwar and American Freedom
« Reply #193 on: March 06, 2013, 06:25:09 PM »
Thanks Robert, we await with interest.

BD:

An interesting point, but what do you make of the "fox guarding the hen house" aspects of it?

bigdog

  • Power User
  • ***
  • Posts: 2321
    • View Profile
Re: Cyberwar and American Freedom
« Reply #194 on: March 06, 2013, 06:31:33 PM »
I think it needs oversight. In some ways, at least, a single government is less of a threat than 1000s of independent hackers, etc.

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 72319
    • View Profile
Re: Cyberwar and American Freedom
« Reply #195 on: March 06, 2013, 06:38:45 PM »
Philosophical question:  Which is a greater danger-- thousands of independent hackers or the government tracking everything you read, write, and say?

bigdog

  • Power User
  • ***
  • Posts: 2321
    • View Profile
K Street
« Reply #196 on: March 07, 2013, 04:11:40 AM »
http://thehill.com/blogs/hillicon-valley/technology/286685-k-street-lobbyists-lining-up-for-cybersecurity-cash-grab-

From the article:

"Lobbyists note that cybersecurity is one of the few areas where budget-conscious lawmakers are looking to spend."

DougMacG

  • Power User
  • ***
  • Posts: 19450
    • View Profile
Re: Cyberwar and American Freedom
« Reply #197 on: March 07, 2013, 08:05:47 AM »
Philosophical question:  Which is a greater danger-- thousands of independent hackers or the government tracking everything you read, write, and say?

Both.

bigdog

  • Power User
  • ***
  • Posts: 2321
    • View Profile
Cyber competition and conflict
« Reply #198 on: March 10, 2013, 08:19:36 PM »

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 72319
    • View Profile
POTH: US demands Chinese block cyberattacks
« Reply #199 on: March 12, 2013, 04:39:04 PM »
Albeit begrudglingly, as even POTH admits herein, it is good to see the first hints of spine on this!
================================================
U.S. Demands China Block Cyberattacks and Agree to Rules
By MARK LANDLER and DAVID E. SANGER
Published: March 11, 2013 267 Comments



WASHINGTON — The White House demanded Monday that the Chinese government stop the widespread theft of data from American computer networks and agree to “acceptable norms of behavior in cyberspace.”



The demand, made in a speech by President Obama’s national security adviser, Tom Donilon, was the first public confrontation with China over cyberespionage and came two days after its foreign minister, Yang Jiechi, rejected a growing body of evidence that his country’s military was involved in cyberattacks on American corporations and some government agencies.

The White House, Mr. Donilon said, is seeking three things from Beijing: public recognition of the urgency of the problem; a commitment to crack down on hackers in China; and an agreement to take part in a dialogue to establish global standards.

“Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyberintrusions emanating from China on an unprecedented scale,” Mr. Donilon said in a wide-ranging address to the Asia Society in New York.

“The international community,” he added, “cannot tolerate such activity from any country.”

In Beijing, a spokeswoman for the Chinese Foreign Ministry, Hua Chunying, did not directly say whether the government is willing to negotiate over the proposals spelled out by Mr. Donilon. But at a daily news briefing Tuesday she repeated the government’s position that it opposes Internet attacks and wants “constructive dialogue” with the United States and other countries about cybersecurity issues.

Until now, the White House has steered clear of mentioning China by name when discussing cybercrime, though Mr. Obama and other officials have raised it privately with Chinese counterparts. In his State of the Union address, he said, “We know foreign countries and companies swipe our corporate secrets.”

But as evidence has emerged suggesting the People’s Liberation Army is linked to hacking, the China connection has become harder for the administration not to confront head-on. The New York Times three weeks ago published evidence tying one of the most active of the Chinese groups to a neighborhood in Shanghai that is headquarters to a major cyberunit of the People’s Liberation Army. That account, based in large part on unclassified work done by Mandiant, a security firm, echoed the findings of intelligence agencies that have been tracking the Chinese attackers.

American officials say raising the issue with the Chinese is a delicate balancing act at a time when the United States is seeking China’s cooperation in containing North Korea’s nuclear and missile programs, and joining in sanctions on Iran. Yet they have been expressing their concerns about cyberattacks with Chinese officials for years. Starting in 2010, they invited P.L.A. officials to discuss the issue — a process that has only just started — and last November, Mr. Obama broached the subject at a summit meeting with Prime Minister Wen Jiabao, a senior administration official said.

Since then, the official said, there has been a “perfect storm” of media coverage and protests from the corporate world. Still, he said, Mr. Donilon chose not to mention the P.L.A. in his speech because he did not want to engage in finger-pointing.

“What we are hoping to do,” another senior official said, “is force the Chinese civilian leadership to realize that the P.L.A. is interfering with their foreign policy.”

The Chinese have insisted that they are the victims of cyberattacks, not the perpetrators. On Saturday, the Chinese foreign minister, Yang Jiechi, issued his own call for “rules and cooperation” on cybersecurity and said reports of Chinese military involvement in cyberattacks were “built on shaky ground.”

“Anyone who tries to fabricate or piece together a sensational story to serve a political motive will not be able to blacken the name of others nor whitewash themselves,” Mr. Yang told reporters at the National People’s Congress, which was preparing to ratify the ascension ofXi Jinpingto the Chinese presidency.

Mr. Donilon said the threats to cybersecurity had moved to the forefront of American concerns with China, noting that he was not “talking about ordinary cybercrime or hacking.”

1

That distinction, a senior administration official said, was meant to separate the theft of intellectual property by Chinese state entities from small-scale hacking by individuals, or the use of cyberweapons by a state to protect its national security. But the distinction between cyberattacks aimed at intellectual property theft and those aimed at disabling a military threat is largely made by Western officials devising legal arguments, not one the Chinese have embraced.



Related
 
In Wake of Cyberattacks, China Seeks New Rules (March 11, 2013)






Connect With Us on Twitter

Follow @nytimesworld for international breaking news and headlines.

Twitter List: Reporters and Editors
.

Readers’ Comments


Share your thoughts.
Post a Comment »
Read All Comments (267) »
 

Even as he emphasized the need for international rules to guide cyberactivity, Mr. Donilon made no reference to the billions of dollars the American military and intelligence agencies are spending to develop an arsenal of offensive cyberweapons — to be used against military targets, officials insist, not economic ones. The most famous of these operations was the covert cyberattack mounted by the United States and Israel to disable the centrifuges that Iran uses to enrich uranium at its site in Natanz.

Mr. Donilon sketched out a vigorous agenda in Asia, insisting the United States would keep pursuing its “strategic pivot” toward the region, despite cuts in military spending. He announced that the Treasury Department would impose sanctions on a North Korean bank specializing in foreign-exchange transactions — ratcheting up the pressure on the North Korean government on the day that Pyongyang announced it would no longer abide by the 1953 armistice that halted the Korean War.

With fears about North Korea’s increased nuclear and missile capabilities causing considerable anxiety in Seoul and Tokyo, Mr. Donilon restated a “declaratory policy” that was first formulated by President George W. Bush after the North’s first nuclear test, in 2006. He warned that the United States would reserve the option to retaliate against the North, not just if it used nuclear weapons but if it allowed the “transfer of nuclear weapons or nuclear materials to other states or nonstate entities.”

That formulation did not appear to cover, however, the transfer of technology to build nuclear facilities, as North Korea did in Syria. That reactor was destroyed by Israel in 2007.

“It’s understandable that the people of South Korea would be concerned about the threat they face from the North,” Mr. Donilon said, apparently alluding to talk in the South of building the country’s own nuclear arsenal, a move the United States halted decades ago. Mr. Donilon added that the United States had assets in place “to insure that South Korea’s defense is provided for.”

« Previous Page 1
2


Chris Buckley contributed reporting from Hong Kong.
 

This article has been revised to reflect the following correction:

Correction: March 11, 2013



Because of an editing error, an earlier version of this article misidentified the Chinese official with whom President Obama, at a summit meeting last November, broached the subject of Chinese cyberattacks on American computer networks. It was Prime Minister Wen Jiabao, not the foreign minister, Yang Jiechi.

 





A version of this article appeared in print on March 12, 2013, on page A1 of the New York edition with the headline: U.S. Demands Chinese Block Cyberattacks.