Cyber Defense Weekly March 1, 2010
| RSA 2010 |
|
 Richard Stiennon is presenting at RSA on Thursday, March 4th at 8:00 a.m., session RR-301. He'll be speaking on Shawn Carpenter and the inside story of Titan Rain. The story of Chinese cyber espionage began with Titan Rain and continues today with Google Aurora. |
|
| Mike McConnell on how to win the cyber-war we're losing |
|
| The United States is fighting a cyber-war today, and we are losing. It's that simple. As the most wired nation on Earth, we offer the most targets of significance, yet our cyber-defenses are woefully lacking. The problem is not one of resources; even in our current fiscal straits, we can afford to upgrade our defenses. The problem is that we lack a cohesive strategy to meet this challenge. The stakes are enormous. To the extent that the sprawling U.S. economy inhabits a common physical space, it is in our communications networks. If an enemy disrupted our financial and accounting transactions, our equities and bond markets or our retail commerce -- or created confusion about the legitimacy of those transactions -- chaos would result. Our power grids, air and ground transportation, telecommunications, and water-filtration systems are in jeopardy as well. | |
| Hitman Pro 3 |
|
 Hitman Pro is a second opinion scanner, designed to rescue your computer from malware (viruses, spyware, rootkits, etc.) that have infected your computer despite all the security measures you have taken. Just relying on a single vendor is not sufficient to completely protect you. 32% of the computers is infected, despite the presence of an anti virus program. You do need a second source to make sure you are secure. Hitman Pro is designed to work alongside existing security programs without any conflicts. It scans the computer quickly (less than 5 minutes) and does not slow down the computer. Hitman Pro does not need to be installed. It can be run straight from a USB flash drive, a CD/DVD, local or network attached hard drive.Click here for more information. |
|
| Navy looks to advance cyber defense |
|
|
The Office of Naval Research plans to spend up to $16 million to develop new cyber defense prototypes to ensure continuity of cyber operations during a cyber conflict, according to a recent notice from that organization. The project's goal is to develp new concepts for protecting the Navy's networks, and the desired prototype at the end of it would provide decision management, intelligent decision aids, data fusion, and correlation and visualization capabilities, ONR said in a recent broad agency announcement. The office said there's a major need for technologies that can identify and mitigate real-time threats while ensuring continuity of operations. Current network defense tools are reactive and inflexible and don't allow for real-time response, it said. "The architecture being sought is intended to provide a comprehensive, holistic approach to computer network defense and to move away from traditional concepts of patch management and computer resource management," ONR said.
|
|
| Security expert: US would lose cyberwar |
|
| The U.S. government, if confronted in a cyberwar today, would not come out on top, a former U.S. director of national intelligence said Tuesday. "If the nation went to war today, in a cyberwar, we would lose," Mike McConnell told a U.S. Senate committee. "We're the most vulnerable. We're the most connected. We have the most to lose." McConnell, director of national intelligence from 2007 to 2009, predicted that the U.S. government would eventually get heavily involved in protecting cybersecurity and in regulating private approaches to cybersecurity. Testifying before the Senate Commerce, Science and Transportation Committee, McConnell also predicted that the U.S. would make little improvements in its cybersecurity before a "catastrophic" attack will cause the government to get involved. "We will not mitigate this risk," said McConnell, now executive vice president for the national security business at Booz Allen Hamilton. "We will talk about it, we will wave our hands, we'll have a bill, but we will not mitigate this risk." | |
|
Fatal System Error - New book by Joseph Menn |
|
 Fatal System Error penetrates both the Russian cyber-mob and the American mafia as the two fight over the Internet's massive spoils. It takes readers into the murky hacker underground, traveling the globe from San Francisco to Costa Rica, London, and Russia. Using unprecedented access to mob businesses and Russian officials, it shows how top criminals earned protection from the Russian government and how Barrott Lyon and Andrew Crocker got closer to the titans of the underground economy than any previous outsider. Joseph Menn covers cybersecurity and other technology issues for the Financial Times.
|
|
| Firms see cash in cybersecurity |
|
| With cyber attacks constantly and relentlessly nipping at the government's networks, the defense industry continues to see the potential for billions in new cybersecurity business in the coming years. Already, market research reports show gobs of money being invested in protecting government computers. Market Research Media predicts the government will spend $55 billion on cybersecurity between 2010 and 2015. INPUT, which researches government procurement, sees the federal-information security market increasing from $6.6 billion annually in 2008 to $9.6 billion in 2013. But industry experts say the investment and the heightened government interest are not enough to stem the rising number of attacks by terrorist groups, potentially hostile nations and, increasingly, criminals out for a buck. | |
| SPAWAR technologist evaluates pros and cons of cloud |
|
| To boost cyber defense in cloud computing environments, agencies will need more standardized data dictionaries, advanced search capabilities and closer ties with experts in industry, Stephen Jarrett, the chief technologist for Navy's Space & Naval Warfare Systems (SPAWAR) Center Atlantic, told attendees at a cloud computing conference Feb. 23. Cloud computing is a way of computing, via the Internet, that involves the sharing of computer resources instead of having a local personal computer handle specific applications. However, it is an operating model with benefits and negatives, depending on the situation, Jarrett said. For example, how it is deployed in an operational environment such as on the battlefield will differ from how it is implemented in a commercial environment. Jarrett spoke during a session on securing cloud applications at the Institute for Defense and Government Advancement Cloud Computing for DOD and Government Conference held in Alexandria, Va. | |
| Air Force Blue for cyber command | |
| In the most startling act of generosity of the year, the Air Force to pony up $104 million for the new headquarters of the U.S. Cyber Command at Fort Meade, Md., in its fiscal 2011 budget. That nugget of information is contained in the prepared budget testimony that Air Force Secretary Michael Donley and Air Force Chief of Staff Gen. Norton Schwartz delivered to the House Armed Services Committee on Tuesday. "In support of the national cyber effort, this budget request dedicates $104 million to support operations and leased space for headquarters staff at the sub-unified U.S. Cyber Command," the testimony noted. I thought this was quite collegial of the Air Force because the service had spent a couple of years trying to own the cyber mission only to lose it to the U.S. Strategic Command, which will set up the command. So I called the Air Force press desk in the Pentagon to check if the service had engaged in this act of fiscal largesse or if the $104 million line item was for Air Force cyber space at Fort Meade. Capt. Joel Harper, an Air Force spokesman, ran my query past the green eye-shade folks, and he told me that, yes, the Air Force plans to fund the new Cyber HQ from its budget and that it was indeed a generous act. | |
| Castells and the global cybersecurity heuristic |
|
| The current storm about cybersecurity in the US has rightly been the subject of some skepticism, not least from yours truly, but it's worth remembering that there is a world beyond the US. This week, the UN announced its intentions to dig deep and do something about terrorist use of the Internet, and yesterday South Korea seems to have leaked its intentions to host a UN cybersecurity agency. Last October, the UN announced it would attempt to ban global first cyber strikes by the end of 2010, and they may have had a hand in US-Russia cyber talks. Interestingly, the UK's Office of Cyber Security seems to takea pretty dim view of the utility of such talks, or of any agreements that might come out of them. I suspect they're right. All this put me in mind of the following lengthy quote from Manuel Castells' excellent Communication Power (OUP, 2009, p.115). Castells has just expressed his frustrations with the UN's attempts to address global internet governance, and stem from his involvement in these discussions over the last decade.
|
|
| Pulling the strings of the net: Iran's cyber army |
|
| |
|
 Easy iPod and iPhone transfer, backup, and recovery MediaWidget is an easy to use iPod utility designed to help you get more out of your iPod. Recover lost or missing music, backup and restore f your iPod content, play music on your PC directly from your iPod, and that's not all |
|
| Tech Insight: Preparing your enterprise for cyberwar | |
| Is your organization ready for a cyberwar? If your answer is no, then you're not alone. CNN's broadcast of the Cyber Shockwave simulation helped to demonstrate that major government agencies in the U.S. aren't ready to even find the source of such an attack, much less defend against it. And many organizations that play a role in critical infrastructure are even less prepared than those agencies. You're also not alone if you think a cyberwar probably won't affect your organization. Many enterprises believe that if they aren't directly involved in banking, utilities, or critical infrastructure, then they won't be involved in a cyberattack. But even in the politically motivated attacks we've seen so far, there has been collateral damage. Most recently, the Aurora attacks against Google and U.S. companies demonstrated that no company is safe from becoming a target. McAfee's fifth annual "Virtual Criminology Report" asks the question, "Is the 'Age of Cyber War' at hand?" There's no doubt we're at the brink of that age -- if it hasn't already begun. The simple act of doing business with a targeted company or nation could mean attackers take aim at you tomorrow. So what should your organization do to prepare? | |
| NNSA dedicates national security computing center at Sandia Labs |
|
| The National Nuclear Security Administration (NNSA) today dedicated the National Security Computing Center (NSCC) at Sandia National Laboratories in Albuquerque, N.M. The NSCC is a Department of Energy user facility for top-secret level applications that require high performance computing. Its unique capabilities will be applied to help solve pressing national security problems such as cyber defense, vulnerability assessments, informatics (network discovery), space systems threats and situational awareness. The system can also be used to provide high-fidelity, physical simulations and advanced imagery processing. "The NSCC provides a first if its kind ability for the nation," said NNSA Administrator Thomas D'Agostino. "It is also one of the first visible steps in NNSA' s commitment to interagency partnerships and a glimpse of our future science, technology, and engineering enterprise. That fact that our supercomputing capabilities are being used for intelligence missions is also an important example of how our investment in nuclear security is providing the nation the tools to tackle broader national challenges." The Red Storm supercomputing platform was built at Sandia National Laboratories as part of NNSA's stockpile stewardship program. Listed last year as one of the top 15 fastest computers in the world, Red Storm is one of a suite of platforms across its national laboratories that NNSA's Office of Advanced Simulating and Computing (ASC) uses to ensure the United States nuclear weapons stockpile continues to be safe, secure and reliable without nuclear testing.
|
|
| Olympia Snowe critical of Cybersecurity Coordinator's place in the executive branch | |
| In a hearing held Tuesday addressing the Cyber Security Act of 2009, Sen. Olympia Snowe, R-Maine, was critical of the Obama administration for making the cybersecurity coordinator unable to testify before congress. Referring to the newly created position of the cybersecurity coordinator, Snowe said: "He's a member of the National Security Council and cannot testify. Given the significance of this issue ... it really needs to rise to a different level." Snowe, who serves on the U.S. Senate Intelligence Committee Task Force on Cyber Security, added that given the serious nature of cybersecurity, it is unacceptable to have a senior administration official who is not accountable to Congress and meets behind closed doors. The Senate Commerce Committee heard from experts who expressed their concerns about the lack of a comprehensive defense toward attacks targeting the nation's financial industry, telecommunications system and electrical grid. | |
| Selling China the digital rope to hang us |
|
| U.S. policy toward China increasingly sounds like a spoof from "Saturday Night Live." Google has accused China of launching cyber-attacks on it and least 20 other companies. The Obama administration has all but implicated Beijing in a recent electronic warfare campaign against critical computer networks throughout the U.S. government, military and the broader economy. And for good measure, the Obama Pentagon has identified China's growing military might - powered by is burgeoning technological prowess - as a major threat to U.S. interests not only in East Asia, but also globally. Yet, all the while, America's outsourcing multinational companies - including Google - are lobbying the Obama administration, so far successfully, to enable them to strengthen China's technological prowess still further. Specifically, these companies have persuaded the White House to support easing America's controls on the export of defense-related goods and technologies to China and other countries of concern. And here's icing on the cake: The multinationals and their administration allies complain that today's export controls cover too many of their products and deprive them of billions in sales to China and elsewhere. | |
| Iran urges fighting Israel in cyber space | |
| Iran's Intelligence Minister Heidar Moslehi has called on the Palestinians to open a new front against Israel in cyber space. "The Iranian Intelligence Ministry suggests to the Palestinian groups that a third Intifada (uprising) could be [in the form of] a cyber war," Moslehi told reporters after a speech at the international conference titled National and Islamic Solidarity for the Future of Palestine. He added that online social networks could be set up to inform the whole world about the crimes Israel commits against Palestinians. The Iranian minister said internal problems had distracted Muslim countries from the plots Israel hatches in the region. He stressed that such online networks could become part of a huge international movement against Israel and its ally, the US, which is persuading Middle East countries to act against the Palestinian resistance.
|
|
