Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

April 12 2012

19:57

Pentagon Announces New Strategy: Rapidly Develop Cyberweapons to Attack Specific Targets

The Pentagon wants cyberweapons, and it wants them fast. Deftly recognizing that cyberweapons are nothing like the materiel of physical warfare, the DoD is devising a means to fast-track and field certain cyberweapons, some of which will take only days to go from development to deployment.

The Washington Post has obtained a Pentagon-prepared report for Congress outlining and acquisition process that will respond to “mission-critical” needs when cyber weapons are absolutely necessary and time isn’t on the side of U.S. personnel. It’s a strategy that addresses the fact that cyberwarfare isn’t like anything that’s come before it.

In conventional warfare, you build your weapons, you warehouse them, and if the time comes, you pull them out of storage and you deploy them wherever in the world they are needed. Procurement times are long, but so is the shelf life of something like an F-16--an all-purpose platform that can flies and fights the same way regardless of hemisphere. Cyberwarfare is nothing like this. Generally, a specific threat requires a specific response, and specific cyber targets require specific cyberweapons that may be used once and never used again. As such, cyberweapons can’t effectively come off the shelf. They have to be tailor made for the situation, and fast.

To that end, the two-year-old Cyber Command is in the process of inventorying the Pentagon’s current cyber capabilities and basic off-the-shelf cyberweapons platforms that could be quickly tailored for specific tasks. It will then set up two different silos of cyberweapons development. In the rapid silo, cyberweapons will be developed in months or even just days from existing or nearly complete hardware and software assets to deal with immediate threats. The deliberate silo will house cyberweapons that are designed over longer timelines for specific purposes but whose deployments are far riskier (“cough STUXNET cough”).

It’s important to note that these cyberweapons won’t just be defensive, but offensive as well. Which is troubling in its own way, since the building of new and powerful offensive weapons tends to lead to escalation. But at least it shows that the Pentagon fully (and finally) grasps that this kind of warfare requires a high degree of nimbleness. In the same way that you don’t want to show up to an IED fight with an unarmored humvee, you can’t expect to compete in the cyber conflicts of the future with yesterday’s cyber tools.

[WaPo]

Reposted by02mydafsoup-01 02mydafsoup-01

July 07 2011

17:54

Former CIA Chief: A Separate Internet Could Curb Cyber Threats

To combat cyber attacks, the U.S. may need more than new cyber defenses. It might need a whole new piece of Internet infrastructure. So says former CIA director Michael Hayden, who served under President G.W. Bush, and he's not the only one. Several lawmakers and the current Cyber Command chief Gen. Keith Alexander are toying with the notion of creating a ".secure" domain where Fourth Amendment rights to privacy are voluntarily foregone in order to keep that corner of the Internet free of cyber criminals.

The idea goes something like this: China and other regimes around the world inherently have an upper hand when it comes to cyber defense because their lack of civil liberty protections lets the government freely monitor online activity. Things like "deep packet inspection" (which gained notoriety during Iranian election protests back in 2009) that let governments monitor citizens traffic also let them monitor for unusual activity.

That activity could be cyber criminals at work, or it could be foreign-backed cyber warriors and cyber spies working to weaken a nation's infrastructure or penetrate sensitive government systems. Regardless, other countries are better protected. The U.S. Internet, by virtue of its adherence civil liberties, is more like the wild west. Everyone does everything online anonymously, and while that's great for liberties, it's also dangerous when cyber criminals/foreign hackers are roaming the cyber countryside.

The proposed solution: a dot-secure safe zone (basically, a seperate Internet) where things like financial institutions, sensitive infrastructure, government contractors, and the government itself can hide behind heavier defenses. Your fourth amendment privacy rights wouldn't apply here, as you would consent to give them up upon entry; as when walking onto a military base or into an airport, users would have to show detailed identification and credentials to get in. Those who want to remain anonymous on the Web can still frolic about in the world of dot-com, but in the dot-secure realm you would have to prove you are you.

A wise man once warned about giving up a little liberty for a little security, but a tiered Internet with varying levels of freedom, security, and anonymity may be the way the Internet goes in the end. The Obama administration and members of Congress are finally taking cybersecurity quite seriously it appears, and big-league legislation is likely imminent. When the dust settles, you may not be able to go to certain neighborhoods of the Web without showing your papers at a checkpoint--and perhaps subjecting yourself to one of those humiliating electronic pat-downs as well.

[Nextgov]

17:54

Former CIA Chief: A Separate Internet Could Curb Cyber Threats

To combat cyber attacks, the U.S. may need more than new cyber defenses. It might need a whole new piece of Internet infrastructure. So says former CIA director Michael Hayden, who served under President G.W. Bush, and he’s not the only one. Several lawmakers and the current Cyber Command chief Gen. Keith Alexander are toying with the notion of creating a “.secure” domain where Fourth Amendment rights to privacy are voluntarily foregone in order to keep that corner of the Internet free of cyber criminals.

The idea goes something like this: China and other regimes around the world inherently have an upper hand when it comes to cyber defense because their lack of civil liberty protections lets the government freely monitor online activity. Things like “deep packet inspection” (which gained notoriety during Iranian election protests back in 2009) that let governments monitor citizens traffic also let them monitor for unusual activity.

That activity could be cyber criminals at work, or it could be foreign-backed cyber warriors and cyber spies working to weaken a nation’s infrastructure or penetrate sensitive government systems. Regardless, other countries are better protected. The U.S. Internet, by virtue of its adherence civil liberties, is more like the wild west. Everyone does everything online anonymously, and while that’s great for liberties, it’s also dangerous when cyber criminals/foreign hackers are roaming the cyber countryside.

The proposed solution: a dot-secure safe zone (basically, a seperate Internet) where things like financial institutions, sensitive infrastructure, government contractors, and the government itself can hide behind heavier defenses. Your fourth amendment privacy rights wouldn’t apply here, as you would consent to give them up upon entry; as when walking onto a military base or into an airport, users would have to show detailed identification and credentials to get in. Those who want to remain anonymous on the Web can still frolic about in the world of dot-com, but in the dot-secure realm you would have to prove you are you.

A wise man once warned about giving up a little liberty for a little security, but a tiered Internet with varying levels of freedom, security, and anonymity may be the way the Internet goes in the end. The Obama administration and members of Congress are finally taking cybersecurity quite seriously it appears, and big-league legislation is likely imminent. When the dust settles, you may not be able to go to certain neighborhoods of the Web without showing your papers at a checkpoint--and perhaps subjecting yourself to one of those humiliating electronic pat-downs as well.

[Nextgov]

June 09 2011

14:01

Red Team Go! It's NATO's Turn to Build a Cyber Defense Force

NATO HQ USAF

Hacks, cyber strategies, international cyber squads--we could just go ahead and dub this the "summer of cyber," and it's not even mid-June. On the heels of some high-profile hacks (including one at Lockheed Martin), a terse exchange between Google and China following a Gmail breach, and the U.S. DoD declaring that cyber attacks can be considered an act of war, NATO has now said it will develop a special cyber force.

It's even getting a cool name: the "Cyber Red Team." But the urgency that name implies might not carry over to the force's actual functions. For the most part, it sounds like the Red Team would simulate threats to manage readiness and response, probe networks for potential security vulnerabilities, assess the damage of cyber attacks against member states, and carry out the occasional denial of service attack.

In other words, it sounds like Cyber Team Red will be a fast reactive force rather than a proactive force meting out cyber punishment to nations that step out of cyber-line. Still, given the difficulty in identifying and prosecuting cyber crimes across international borders, such an international cyber force could go a long way toward enforcing international law/agreements and protecting states that don't have the resources to mount their own cyber defenses.

[PhysOrg]

14:01

Red Team Go! It's NATO's Turn to Build a Cyber Defense Force

Hacks, cyber strategies, international cyber squads--we could just go ahead and dub this the “summer of cyber,” and it’s not even mid-June. On the heels of some high-profile hacks (including one at Lockheed Martin), a terse exchange between Google and China following a Gmail breach, and the U.S. DoD declaring that cyber attacks can be considered an act of war, NATO has now said it will develop a special cyber force.

It’s even getting a cool name: the “Cyber Red Team.” But the urgency that name implies might not carry over to the force’s actual functions. For the most part, it sounds like the Red Team would simulate threats to manage readiness and response, probe networks for potential security vulnerabilities, assess the damage of cyber attacks against member states, and carry out the occasional denial of service attack.

In other words, it sounds like Cyber Team Red will be a fast reactive force rather than a proactive force meting out cyber punishment to nations that step out of cyber-line. Still, given the difficulty in identifying and prosecuting cyber crimes across international borders, such an international cyber force could go a long way toward enforcing international law/agreements and protecting states that don’t have the resources to mount their own cyber defenses.

[PhysOrg]

Reposted by02mydafsoup-01 02mydafsoup-01

June 07 2011

19:25

RSA Security Offers to Replace Nearly All of its Security Fobs After Lockheed Hack

RSA SecurIDs br1dotcom via Flickr
The cyber security firm's portable password generators were duplicated

Yet another wrinkle in the ongoing flood of cyber security stories emerging over the past couple of weeks: RSA Security--maker of those little keychain tokens that generate constantly changing passwords for users logging into secure networks--is offering increased security monitoring and the complete replacement of SecurID tokens to nearly all of its customers after evidence emerged that the recent cyber attack on Lockheed Martin was perpetrated in part using data stolen from RSA.

That's something of a massive recall. RSA's SecureID tokens add a second layer of protection to employees' static passwords via a keyfob-like device that displays a second numeric password necessary to log on. That password changes every 30 seconds, ensuring that even if someone steals an employee's regular password, the perpetrator still won't be able to access a secure server without possession of the SecureID token.

At least that was the idea. Back in March, RSA experienced its own cyber attack, and in a letter issued to customers yesterday it admitted that it has been working behind the scenes ever since to shore up cyber defenses at its defense-oriented clients, as an analysis of the hack at RSA indicated that the perps were seeking information that could be used to breach defense-related companies.

The letter also admitted that data stolen from RSA was used to breach Lockheed Martin's networks (specifically, the hackers used duplicates of the SecureID tokens issued to Lockheed employees).

That doesn't bode particularly well for RSA or for American corporations' cyber defense abilities on the whole, seeing as cyber security is RSA's bread and butter and its core competency. Considering its SecureID tags are employed by millions of corporate workers--including those at various other defense-related companies--this latest revelation isn't exactly welcome news for anyone (except the hackers who got away with it). RSA is now scrambling to replace tokens and offer additional security monitoring for its non-defense-related clients.

[WSJ]

19:25

RSA Security Offers to Replace Nearly All of its Security Fobs After Lockheed Hack

The cyber security firm's portable password generators were duplicated

Yet another wrinkle in the ongoing flood of cyber security stories emerging over the past couple of weeks: RSA Security--maker of those little keychain tokens that generate constantly changing passwords for users logging into secure networks--is offering increased security monitoring and the complete replacement of SecurID tokens to nearly all of its customers after evidence emerged that the recent cyber attack on Lockheed Martin was perpetrated in part using data stolen from RSA.

That’s something of a massive recall. RSA’s SecureID tokens add a second layer of protection to employees’ static passwords via a keyfob-like device that displays a second numeric password necessary to log on. That password changes every 30 seconds, ensuring that even if someone steals an employee’s regular password, the perpetrator still won’t be able to access a secure server without possession of the SecureID token.

At least that was the idea. Back in March, RSA experienced its own cyber attack, and in a letter issued to customers yesterday it admitted that it has been working behind the scenes ever since to shore up cyber defenses at its defense-oriented clients, as an analysis of the hack at RSA indicated that the perps were seeking information that could be used to breach defense-related companies.

The letter also admitted that data stolen from RSA was used to breach Lockheed Martin’s networks (specifically, the hackers used duplicates of the SecureID tokens issued to Lockheed employees).

That doesn’t bode particularly well for RSA or for American corporations’ cyber defense abilities on the whole, seeing as cyber security is RSA’s bread and butter and its core competency. Considering its SecureID tags are employed by millions of corporate workers--including those at various other defense-related companies--this latest revelation isn’t exactly welcome news for anyone (except the hackers who got away with it). RSA is now scrambling to replace tokens and offer additional security monitoring for its non-defense-related clients.

[WSJ]

May 31 2011

15:45

Pentagon Declares That Cyber-Attacks Can Constitute an Act of War, Deserving an Armed Response

On the heels of a cyber attack that breached defense contractor Lockheed Martin’s network defenses last week, the Pentagon is opening the door to new means of dealing with cyber attacks perpetrated by foreign nations. In a new, formal 30-page cyber strategy document--unclassified portions of which will be made public next month--the Pentagon has deemed that cyber attacks can constitute acts of war, and that responses can include traditional military retaliation.

The question now is: what constitutes a cyber attack from a foreign land? Pinning the blame for digital skullduggery on a foreign government (or anyone else for that matter) is often difficult to do with any degree of certainty. The Pentagon is of the opinion that the largest and most sophisticated attacks require state resources, and as such leave a fingerprint of government complicity if not outright support.

But the idea that conventional forces might be launched in retaliation for a cyber attack also conjures thoughts of Bond villian-esque plots to thrust the world into chaos. Could some teenager in Estonia with a knack for coding unwittingly (or wittingly) provoke an armed conflict? And even if a cyber attack was unquestioningly perpetrated on behalf of a foreign state, how does one weigh the appropriate military response?

These are the tough questions that will have to be hashed out in coming months and years as cyber warfare takes a place next to conventional might on the global battlefield. We’ll learn more about the DoD’s philosophy here when the unclassified portion of the document is released, but we do know that the document will push for an international doctrine among America’s allies that dictates appropriate responses to cyber threats.

One popular idea is a doctrine of “equivalence.” If a cyber attack produces death, damage, or some kind of economic or commercial disruption equivalent to what might be wrought by a military attack, it could be considered an act of war and a candidate for military retaliation. As one military official told the WSJ: “If you shut down our power grid, maybe we will put a missile down one of your smokestacks.”

It sounds a bit subjective, but so these things go. The current international system of meting out retaliation and justifying military action is based on a patchwork system of international treaties, some dating back decades, as well as a code of (somewhat)mutually agreed upon international practices and methods. The DoD is heading into uncharted territory from an international framework standpoint, as nothing exists in these earlier treaties and agreements that applies to the digital perils of the 21st century.

That leaves a lot of room for uncertainty, but what is absolutely certain is the role cyber warfare will play in global conflicts going forward. The British Ministry of Defense announced just this week that it is placing cyber attacks on equal standing with other military conflicts, and that “cyber troops” will deploy with conventional forces in the field and elsewhere to defend critical networks. In that sense, the age of the true cyber warrior is just getting underway.

[Wall Street Journal, BBC]

September 01 2010

20:27

DARPA's Cyber Insider Threat Program Is the Agency's Great Hope for Ending Leaks

The recent WikiLeaks exposure was a huge black eye for the U.S. Department of Defense, supposedly one of the more secure state organizations we have working for us. Its impact clearly wasn’t lost on the Pentagon, whose blue sky research arm has launched a new project designed to ferret out malicious behavior on DoD networks. Named CINDER – Cyber INsiDER Threat – the project is designed not to sniff out people, but adversarial actions as they happen.

To quote DARPA’s request for industry solicitations: “The goal of CINDER will be to greatly increase the accuracy, rate and speed with which insider threats are detected and impede the ability of adversaries to operate undetected within government and military interest networks.”

The philosophy driving CINDER is the idea that singular actions by an insider with malicious intent aren’t noticeable as malicious – say, the downloading of a sensitive document from a DoD server or the searching for information on a particular topic. But the larger adversary mission should be noticeable when compared to normal mission activities. By monitoring strings of actions rather than isolated events, CINDER is expected to pinpoint system users who may be up to something malicious.

CINDER assumes that insiders are operating within the Pentagon’s most sensitive networks, so rather than focus on keeping outside threats out, it will be designed to weed out those already inside. As Danger Room points out, it seems like a recipe for false positives, but DARPA seems to think a properly-designed CINDER will be able to distinguish between normal and malicious mission contexts.

We’ll see. In the meantime, while DARPA works CINDER into serviceable shape, the DoD is expected to roll out a new cyber strategy by year’s end to hopefully curtail the kinds of massive leaks and cyber breaches that have been the embarrassment of the Pentagon lately.

[FedBizOpps via Danger Room]

20:27

DARPA's Cyber Insider Threat Program Is the Agency's Great Hope for Ending Leaks

Protecting Military Networks Thinking about WikiLeaking? Think again. U.S. Navy

The recent WikiLeaks exposure was a huge black eye for the U.S. Department of Defense, supposedly one of the more secure state organizations we have working for us. Its impact clearly wasn't lost on the Pentagon, whose blue sky research arm has launched a new project designed to ferret out malicious behavior on DoD networks. Named CINDER - Cyber INsiDER Threat - the project is designed not to sniff out people, but adversarial actions as they happen.

To quote DARPA's request for industry solicitations: "The goal of CINDER will be to greatly increase the accuracy, rate and speed with which insider threats are detected and impede the ability of adversaries to operate undetected within government and military interest networks."

The philosophy driving CINDER is the idea that singular actions by an insider with malicious intent aren't noticeable as malicious - say, the downloading of a sensitive document from a DoD server or the searching for information on a particular topic. But the larger adversary mission should be noticeable when compared to normal mission activities. By monitoring strings of actions rather than isolated events, CINDER is expected to pinpoint system users who may be up to something malicious.

CINDER assumes that insiders are operating within the Pentagon's most sensitive networks, so rather than focus on keeping outside threats out, it will be designed to weed out those already inside. As Danger Room points out, it seems like a recipe for false positives, but DARPA seems to think a properly-designed CINDER will be able to distinguish between normal and malicious mission contexts.

We'll see. In the meantime, while DARPA works CINDER into serviceable shape, the DoD is expected to roll out a new cyber strategy by year's end to hopefully curtail the kinds of massive leaks and cyber breaches that have been the embarrassment of the Pentagon lately.

[FedBizOpps via Danger Room]

August 02 2010

19:59

The Cost to Build a Globally Dominating Cyber Army: 2 Years and $100 Million

Cyber Defense Even with the cyber defenses the U.S. has in place via the military and various security agencies, one former-NSA computer espionage specialist thinks a well-trained group of cyber warriors could smash through U.S. defenses in just two years with just $100 million in funds. US Navy

A former NSA computer espionage specialist has created a blueprint for destroying the United States's cyber defenses and bringing about "Internet Armageddon," and it doesn't take the kind of unmanageable resources one might think. Charlie Miller says that a devastating cyber attack would only require 2 years, roughly a thousand cyber-soldiers, and a mere $100 million.

Miller was asked by the Cooperative Cyber Defence Centre of Excellence in Estonia to create the blueprint as a means of testing global cyber defenses. To do so, Miller took on the role of North Korea initiating an attack on the U.S., and according to his scenarios the attack was extremely easy. Moreover, the $100 million price tag pales in comparison to what is spent to protect sensitive systems.

Using a cyber army of about a thousand soldiers ranging from highly-experienced hackers to minimally-trained geeks, Miller's strategy hinges on stealthily infiltrating key systems and networks over the course of a couple years, the equivalent of establishing zones of control behind enemy lines. When the day of the actual cyber invasion arrives, America will find her defenses already breached by these advance forces, opening the floodgates and wreaking havoc on key systems and networks controlling everything from banks to markets to electricity grids and other technology infrastructure.

But before you barricade yourself in your Y2K bunker (see, you told everyone it would come in handy), there are a couple of bright spots in Miller's report. For one, thanks to our newly flattened, interconnected world, most states with the wherewithal to muster the kind of cyber genius necessary for such an attack have no interest in bringing down the Internet.

Further, during those two years there is a lot of time to catch on to this kind of stealthy invasion if the right security mechanisms are in place monitoring for the right kinds of malicious activities. Besides, while it's certainly not encouraging to hear that the only thing standing between free peoples and unstoppable cyber anarchy is two years and $100 million, at least we have an elite group of cyber guardians on call to raise the Web from the ashes and start it all over again.

[AFP]

19:59

The Cost to Build a Globally Dominating Cyber Army: 2 Years and $100 Million

A former NSA computer espionage specialist has created a blueprint for destroying the United States's cyber defenses and bringing about "Internet Armageddon," and it doesn't take the kind of unmanageable resources one might think. Charlie Miller says that a devastating cyber attack would only require 2 years, roughly a thousand cyber-soldiers, and a mere $100 million.

Miller was asked by the Cooperative Cyber Defence Centre of Excellence in Estonia to create the blueprint as a means of testing global cyber defenses. To do so, Miller took on the role of North Korea initiating an attack on the U.S., and according to his scenarios the attack was extremely easy. Moreover, the $100 million price tag pales in comparison to what is spent to protect sensitive systems.

Using a cyber army of about a thousand soldiers ranging from highly-experienced hackers to minimally-trained geeks, Miller's strategy hinges on stealthily infiltrating key systems and networks over the course of a couple years, the equivalent of establishing zones of control behind enemy lines. When the day of the actual cyber invasion arrives, America will find her defenses already breached by these advance forces, opening the floodgates and wreaking havoc on key systems and networks controlling everything from banks to markets to electricity grids and other technology infrastructure.

But before you barricade yourself in your Y2K bunker (see, you told everyone it would come in handy), there are a couple of bright spots in Miller's report. For one, thanks to our newly flattened, interconnected world, most states with the wherewithal to muster the kind of cyber genius necessary for such an attack have no interest in bringing down the Internet.

Further, during those two years there is a lot of time to catch on to this kind of stealthy invasion if the right security mechanisms are in place monitoring for the right kinds of malicious activities. Besides, while it's certainly not encouraging to hear that the only thing standing between free peoples and unstoppable cyber anarchy is two years and $100 million, at least we have an elite group of cyber guardians on call to raise the Web from the ashes and start it all over again.

[AFP]

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl