Volunteer Cyber Army Emerges In Estonia. Hide captionA massive 2007 cyberassault, traced to Russia, highlighted the need for Estonia to set up a Cyber Defense League, a force of programmers, computer scientists and software engineers who in wartime would function under a unified military command. iStockphoto A massive 2007 cyberassault, traced to Russia, highlighted the need for Estonia to set up a Cyber Defense League, a force of programmers, computer scientists and software engineers who in wartime would function under a unified military command. In April 2007, the Baltic republic of Estonia became the first country in the world to experience cyberwar. Government, financial and media computer networks were paralyzed by a series of attacks, which authorities ultimately concluded originated in Russia.
In the years since that cyberassault, Estonia has distinguished itself once again: Now it is a model for how a country might defend itself during a cyberwar. 2007 Cyberattack Targeted Country Private Sector Cooperation. EU carries out first cyberwarfare simulation - ComputerworldUK.com. Bruce Schneier: We need ‘cyberwar hotlines’ to match nuclear hotlines. Security expert Bruce Schneier has called for governments to establish ‘hotlines’ between their cyber commands, much like the those between nuclear commands, to help them battle against cyber attacks. Cyber security is high on the national agenda, and is regarded as a top threat to the UK’s security. It is also top a concern for other nations around the world. Last month, the EU announced plans to cybercrime centre by 2013, and it agreed with the US to set up a working group on cybersecurity. Meanwhile, NATO also adopted its Strategic Concept Charter, which outlines plans to develop new capabilities to combat cyber attacks on military networks.
Schneier, writing in the Financial Times, said that a hotline between the world’s cyber commands would “at least allow governments to talk to each other, rather than guess where an attack came from.” He said that this would be a starting point and that more importantly, governments need to establish cyberwar “treaties”. Hiding our Cyberwar from Congress. The AP noticed something troubling in Michael Vickers’ response to the Senate Armed Services Committee questions on his nomination to be Undersecretary of Defense for Intelligence: the government did not include descriptions of its cyberwar activities in the quarterly report on clandestine activities.
The Senate Armed Services Committee voiced concerns that cyber activities were not included in the quarterly report on clandestine activities. But Vickers, in his answer, suggested that such emerging high-tech operations are not specifically listed in the law — a further indication that cyber oversight is still a murky work in progress for the Obama administration.Vickers told the committee that the requirement specifically calls for clandestine human intelligence activity. But if confirmed, he said, he would review the reporting requirements and support expanding the information included in the report. But there seems to be some interesting carving out of programs to hide from Congress. AAAS "U.S. Government, Businesses Are Poorly Prepared for Cyber Attacks, Experts Say at AAAS" The United States is ill-prepared to defend its vital infrastructure against a cyber attack, a former top cybersecurity official said during a recent panel discussion at AAAS.
Richard C. Clarke, special adviser for cybersecurity under President George W. Bush, said the federal government might be able to defend some of its own military and civilian networks. But he warned that the United States has no comprehensive plan in place to defend “its railroads, its pipelines, its electric power grid, its aviation system, or its banking system from nation state cyber attack in a cyber war.” Clarke’s remarks came during a 22 November session, sponsored by the AAAS Center for Science, Technology and Security Policy, on how effectively government cybersecurity efforts are keeping up with a rapidly changing technical environment. Some 20 to 30 nations have military units with the capability to mount cyber attacks, Clarke said, citing comments by CIA director Leon Panetta.
Richard C. Eugene Spafford. Stuxnet Worm Used Against Iran Was Tested in Israel. New info on Stuxnet. Stuxnet continues to make headlines. The New York Times published a long story on the latest findings, including these: President George Bush started an experimental cyber attack program against Iran already in 2008. The NY Times claims that Stuxnet was developed jointly by USA and Israel. They offer no direct proof though. Israel has built a replica of the Iranian Natanz enrichment facility in their Negev Nuclear Research Center in Dimona. It was used to test drive Stuxnet before it was deployed. Embassy cables leaked by WikiLeaks seem to prove that Iran's nuclear program was indeed using Siemens PLC gear. The NY Times claims that Idaho National Laboratory at Idaho Falls used their security testing of the Siemens PLC systems to find vulnerabilities to be used in the Stuxnet attack.
Image copyright Idaho National Laboratory & Siemens The target of the attack was to modify the operation of high-frequency power drives made by Vacon and Fararo Paya. Applying U.S. principles on Internet freedom - Glenn Greenwald. Hillary Clinton, speech on Internet freedom, Newseum, Washington, DC, January, 21, 2010: Countries or individuals that engage in cyber attacks should face consequences and international condemnation. In an interconnected world, an attack on one nation’s networks can be an attack on all. The New York Times, Saturday: Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role . . . . Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges. . . . the operations there, as well as related efforts in the United States, are among the newest and strongest clues suggesting that the virus was designed as an American-Israeli project to sabotage the Iranian program. . . .
The biggest single factor in putting time on the nuclear clock appears to be Stuxnet, the most sophisticated cyberweapon ever deployed. Risks of cyber war 'over-hyped' says OECD study. 17 January 2011 Last updated at 10:33 GMT A huge solar flare could give rise to a global cyber shock, warns the report The vast majority of hi-tech attacks described as acts of cyber war do not deserve the name, says a report. The Organisation for Economic Cooperation and Development study is part of a series considering incidents that could cause global disruption. While pandemics and financial instability could cause problems, cyber attacks are unlikely to, it says. Instead, trouble caused by cyber attacks is likely to be localised and short-lived. However, it warns that governments need to plan for how it could mitigate the effects of both accidental and deliberate events. 'Great confusion' Attempts to quantify the potential damage that hi-tech attacks could cause and develop appropriate responses are not helped by the hyperbolic language used to describe these incidents, said the OECD report.
Stuxnet-increasingly-sounding-like-movie-plot.shtml from techdirt.com. Like many people, I've been following the story of the Stuxnet worm with great interest. As you probably know, this worm was apparently designed to infect Iranian nuclear operations to create problems -- and supposedly setting back their nuclear operations quite a bit. The NY Times came out with a fascinating investigative report about the background of Stuxnet over the weekend, and it's worth a read.
What I found most entertaining was the rather Hollywood-trickery angle by which Stuxnet did its dirty work: The worm itself now appears to have included two major components. One was designed to send Iran’s nuclear centrifuges spinning wildly out of control. That latter part is, indeed, right out of a movie.