How the U.S. Government Hacks the World. Obscured by trees and grassy berms, the campus of the National Security Agency sits 15 miles north of Washington’s traffic-clogged Beltway, its 6 million square feet of blast-resistant buildings punctuated by clusters of satellite dishes. Created in 1952 to intercept radio and other electronic transmissions—known as signals intelligence—the NSA now focuses much of its espionage resources on stealing what spies euphemistically call “electronic data at rest.”
These are the secrets that lay inside the computer networks and hard drives of terrorists, rogue nations, and even nominally friendly governments. When President Obama receives his daily intelligence briefing, most of the information comes from government cyberspies, says Mike McConnell, director of national intelligence under President George W. Bush. “It’s at least 75 percent, and going up,” he says. The Chinese response, essentially: Look who’s talking. The U.S. government doesn’t deny that it engages in cyber espionage. Obama signs secret directive to help thwart cyberattacks.
The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyberwar and cyberterrorism, where an attack can be launched in milliseconds by unknown assailants utilizing a circuitous route. For the first time, the directive explicitly makes a distinction between network defense and cyber-operations to guide officials charged with making often-rapid decisions when confronted with threats. The policy also lays out a process to vet any operations outside government and defense networks and ensure that U.S. citizens’ and foreign allies’ data and privacy are protected and international laws of war are followed.
“What it does, really for the first time, is it explicitly talks about how we will use cyber-operations,” a senior administration official said. “Network defense is what you’re doing inside your own networks. . . . James A. 10K Reasons to Worry About Critical Infrastructure | Threat Level. Screenshot showing an industrial control system in Idaho that's connected to the internet. The red tag indicates there are known vulnerabilities for the device that might be exploitable. Two known vulnerabilities are listed at the bottom of the text bubble. MIAMI, Florida – A security researcher was able to locate and map more than 10,000 industrial control systems hooked up to the public internet, including water and sewage plants, and found that many could be open to easy hack attacks, due to lax security practices.
Infrastructure software vendors and critical infrastructure owners have long maintained that industrial control systems (ICSes) — even if rife with security vulnerabilities — are not at risk of penetration by outsiders because they’re “air-gapped” from the internet — that is, they’re not online. “Vendors expect systems to be on segregated networks — they comfort themselves with this. They say in their documentation to not put it on an open network. ManTech Awarded $9.2 Million Contract to Provide Cyber Security Services to the Federal Bureau of Investigation. Fuck FBI Friday III: ManTech. University projects to secure cyberspace could soon bear fruit. University projects to secure cyberspace could soon bear fruit Five-year program funded by Northrop Grumman researching new technologies By William JacksonJun 01, 2011 A number of university cybersecurity research programs funded by Northrop Grumman are expected to begin paying off in new technologies soon, researchers said June 1.
“I think we have the potential to see some of these fielded in the next year or two,” said Robert F. Brammer, CTO of Northrop Grumman Information Systems. Projects nearing fruition at Carnegie Mellon University, the Massachusetts Institute of Technology and Purdue University include techniques to make infrastructure security more cost-effective, reducing the time and expense of software assurance testing and making clouds more secure. Related story: Cybersecurity consortium tackles problems of the future They are among 13 research projects being conducted under the Cybersecurity Research Consortium announced 18 months ago in Washington by Northrop Grumman. At MIT: NSA is looking for a few good hackers. For that reason an alphabet soup of federal agencies — DOD, DHS, NASA, NSA — are descending on Las Vegas this week for Defcon, an annual hacker convention where the $150 entrance fee is cash only — no registration, no credit cards, no names taken. Attendance is expected to top 10,000.
The NSA is among the keen suitors. The spy agency plays offense and defense in the cyberwars. It conducts electronic eavesdropping on adversaries, and it protects U.S. computer networks that hold super-secret material — a prime target for America’s enemies. “Today it’s cyberwarriors that we’re looking for, not rocket scientists,” said Richard “Dickie” George, technical director of the NSA’s Information Assurance Directorate, the agency’s cyber-defense side.
“That’s the race that we’re in today. The NSA is hiring about 1,500 people in the fiscal year, which ends Sept. 30, and another 1,500 next year, most of them cybersecurity experts. But what about culture rifts? Read more at PostPolitics — Reuters. Fake femme fatale shows social network risks. News July 22, 2010 06:00 AM ET Computerworld - Hundreds of people in the information security, military and intelligence fields recently found themselves with egg on their faces after sharing personal information with a fictitious Navy cyberthreat analyst named "Robin Sage," whose profile on prominent social networking sites was created by a security researcher to illustrate the risks of social networking. In a conversation with Computerworld, Thomas Ryan, co-founder of Provide Security, said he used a few photos to portray the fictional Sage on Facebook, LinkedIn and Twitter as an attractive, somewhat flirty cybergeek, with degrees from MIT and a prestigious prep school in New Hampshire.
Then he established connections with some 300 men and women from the U.S. military, intelligence agencies, information security companies and government contractors. The goal, said Ryan, was to determine how effective social networking sites can be in conducting covert intelligence-gathering activities. Pentagon, LulzSec, News of The World ... we live in interesting times for hacking. The hacking stories just keep on coming. Of course, The News of the World is the big one at the moment, matched, for the moment at least, by the hacking of The Sun’s website by celebrity – and proficient – hacking group LulzSec. Other interesting stories on hacking exploits keep cropping up, but are perhaps not getting the same high-profile coverage. One well worth having a look at is the fact a Pentagon supplier recently lost 24,000 files to a foreign intelligence service. There are several interesting things about this hack: 1) It was an unidentified defence contractor, and not the Pentagon, that lost the files. 2) The Pentagon believes the perpetrator was a foreign intelligence service. 3) The response has been a confirmation by the US military that cyberspace is a legitimate theatre of war.
That it was a military contractor that was hacked, and not the Pentagon itself, is significant. But if its contractors do not have comparable standards it can all be for nought. Cyber war focus drives attacks on privacy and funding of contractors. When it comes to cyber defence, assessing the risk of online warfare, or even of a “cyber Pearl Harbor”, as opposed to common-or-garden crime or espionage, is made more difficult by the lack of detail around cyber attacks and the conflation of unrelated attacks. The revelations this week about “Operation Shady RAT”, the multi-year Chinese effort to spy on a host of foreign governments and corporations, plainly related to regulated security and commercial espionage. That is, it was a continuation of ordinary spying activities — particularly by China, where impressive levels of education don’t seem to have yet produced a strong culture of technological innovation — online, rather than a peculiarly online form of attack, and certainly not any “cyber war”.
Worse is the tendency to lump together quite different forms of online activity. Take an AP article from a fortnight ago. This may merely be the cluelessness of politicians and journalists. Pentagon wants to change strategy for dealing with cyber-attacks | Technology. The Pentagon may have to redesign some of its weapons system after a foreign intelligence service hacked into systems at a corporate contractor and obtained 24,000 key files in March.
The incursion was one of the worst single incidents the US defence department has seen. Though it did not name the contractor nor the country suspected of carrying out the attack, Lockheed Martin said in May that it had come under attack. China and Russia have frequently been suspected of carrying out internet espionage, with China the most prominent in recent years. US defence chiefs now think they need to have a means of response against such incursions. Lynn revealed that over the year key files including plans for missile-tracking systems, satellite navigation, surveillance drones and even jet fighters have been stolen from systems. Attacks on defence-related contractors and systems are growing increasingly sophisticated. Cartwright suggested that stronger deterrents would be needed.
The Comprehensive National Cybersecurity Initiative. President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we as a government or as a country are not adequately prepared to counter. Shortly after taking office, the President therefore ordered a thorough review of federal efforts to defend the U.S. information and communications infrastructure and the development of a comprehensive approach to securing America’s digital infrastructure. In May 2009, the President accepted the recommendations of the resulting Cyberspace Policy Review, including the selection of an Executive Branch Cybersecurity Coordinator who will have regular access to the President. The activities under way to implement the recommendations of the Cyberspace Policy Review build on the Comprehensive National Cybersecurity Initiative (CNCI) launched by President George W.
CNCI Initiative Details Initiative #1. Initiative #2. Initiative #3. Initiative #5. Initiative #6. Pentagon doesn't rule out military force against cyberattacks. The Pentagon's cyber attack policy "All appropriate options would be on the table"Identifying attacker can be hard, take a long time2008 incident was wake-up call Washington (CNN) -- The Pentagon is formulating a new strategy on how to respond to cyberattacks that would include using military force, a spokesman confirmed late Tuesday. Col. David Lapan said if the attack is serious enough, "a response to a cyberincident or attack on the U.S. would not necessarily be a cyber response, so as I said all appropriate options would be on the table.
" The final public portion of the "Defense Strategy for Operating in Cyberspace" is expected to be released in two or three weeks. But much of it has already been discussed for months by numerous administration officials, including the White House and Deputy Secretary of Defense William Lynn. In May, the White House released the International Strategy for Cyberspace. Protecting yourself in a virtual world. Pentagon: Online Cyber Attacks Can Count as Acts of War. The last line of cyber defense. According to the Wall Street Journal, DoD’s first formal cyber strategy is based on the doctrine that a cyber attack on US critical infrastructure can be retaliated by a conventional military strike. The article is decorated with macho statements from unidentified military officials, such as “if you shut down our power grid, maybe we will put a missile down one of your smokestacks.”
The military person who said that may have had full confidence in how deterring and frightening his or her line would be to wannabe attackers, and yet could not be more off the mark. Here is what everybody can read from DoD’s cyber strategy, given that the WSJ’s report is authentic (which I don’t call in question): 1. We, the Department of Defense, acknowledge that US critical infrastructure is vulnerable to cyber attack. 2. 3. Let’s look at these items in detail. 1. 2. 3. The bottom line is that deterrence won’t work to defend against cyber attacks. Ralph Langner. Cyberwar heats up with Pentagon's virtual firing range | Technology. The National Cyber Range marks a rise in the temperature of the online battlefield. Illustration: Getty Images The US defence agency that invented the forerunner to the internet is working on a "virtual firing range" intended as a replica of the real internet so scientists can mimic international cyberwars to test their defences.
Called the National Cyber Range, the system will be ready by next year and will also help the Pentagon to train its own hackers and refine their skills to guard US information systems, both military and domestic. The move marks another rise in the temperature of the online battlefield. The Defense Advanced Research Projects Agency (Darpa), which developed Arpanet, the forerunner of the internet, in the 1960s, is working on a number of fronts to boost the US's defences against computer-generated attacks. The National Cyber Range is expected to be working by mid 2012, four years after the Pentagon approached contractors to build it at an estimated $130m. Commentary: The Patriot Act, cyber-edition - Sacramento Living - Sacramento Food and Wine, Home, Health. Cyberwar Doomsayer Lands $34 Million in Government Cyberwar Contracts | Threat Level. Last month, the former Director of National Intelligence Michael McConnell boldly took to the Senate floor and the Washington Post‘s editorial page to declare “The United States is fighting a cyber-war today, and we are losing.”
Thankfully for the American people, his company — the giant defense contractor Booz Allen Hamilton — has now landed the contract to build the Pentagon’s cyberwar control center. For a measly $14.4 million in taxpayer money, the outfit will help build a new cyberwar bunker for the U.S. Cyber Command. Additionally, Booz Allen Hamilton won another contract for $20 million to “foster collaboration among telecommunications researchers, University of Maryland faculty members and other academic institutions to improve secure networking and telecommunications and boost information assurance,” Washington Technology reports. Photo: USAF See Also: White House Cyber Czar: ‘There Is No Cyberwar’ | Threat Level. Howard Schmidt, the new cybersecurity czar for the Obama administration, has a short answer for the drumbeat of rhetoric claiming the United States is caught up in a cyberwar that it is losing.
“There is no cyberwar,” Schmidt told Wired.com in a sit-down interview Wednesday at the RSA Security Conference in San Francisco. “I think that is a terrible metaphor and I think that is a terrible concept,” Schmidt said. “There are no winners in that environment.” Instead, Schmidt said the government needs to focus its cybersecurity efforts to fight online crime and espionage. His stance contradicts Michael McConnell, the former director of national intelligence who made headlines last week when he testified to Congress that the country was already in the midst of a cyberwar — and was losing it. Schmidt’s official title is cyber-security coordinator at the White House, a job he took over just before Christmas. That plan was first formulated under a veil of secrecy in January 2008 by President Bush. Mike McConnell on how to win the cyber-war we're losing - washingtonpost.com. Pentagon wastes time defining cyberwar rather than trying to fight the one it's already in.
U.S. Cyber Command: 404 Error, Mission Not (Yet) Found | Danger Room. Ex-U.S. general urges frank talk on cyber weapons. Cyber ShockWave Shows U.S. Unprepared For Cyber Threats. Kissinger, Huntsman: U.S., China need cyber detente. Special report: Government in cyber fight but can't keep up. Cyber threats to spur defense innovation: Huntsman | Video. Analysis: Could a cyber war turn into a real one for U.S.? Revealed: Air Force ordered software to manage army of fake virtual people. FinFisher - IT Intrusion lets Government Agents Steal ALL your info - Lawmen. Exclusive: Military’s ‘persona’ software cost millions, used for ‘classified social media activities’ Metaphor is the new weapon in the 'war' on terror | Technology | The Observer. So, Why Does the Air Force Want Hundreds of Fake Online Identities on Social Media? [Update] | BNET. Preparing for cyber warfare: US Air Force floats botnet plan. US Paid Millions For Bogus (Patented) Intelligence Software; Now Trying To Cover It Up Claiming 'National Security'
Pentagon to Help Internet Providers Get Military Cyber Tools. Information Warfare Monitor | Tracking Cyberpower. HBGary E-mails: DuPont, Other Firms Hit In Aurora Attack. Black ops: how HBGary wrote backdoors for the government. US cyber war defences 'very thin', Pentagon warns. Cyberguerre : un général veut un deuxième Internet aux Etats-Unis. Obama needs to address our cyber-warfare gap with China. A Declaration of Cyber-War. Premier test grandeur nature d'une cyber-attaque aux Etats-Unis - Monde. CBS 60 Minutes: Cyber War: Sabotaging the System 1/2.
New recovery system restores virus-infected computers, could be used by agencies. Pentagon: Online Cyber Attacks Can Count as Acts of War. Taliban mobile phones and website 'hacked' | World news. Net neutrality rules declared illegal by US court.