Cyber Defense Weekly July 26, 2010
| Cyber Defense News |
|
 IT-Harvest is re-launching the Cyber Defense Weekly with a new format. Instead of the news snippets we used to collect and publish every week we are going to provide analysis of those news events. Every week I will present the important developments in technology, attacks, government preparedness and vendor solutions in my own words.
In addition I am hosting a webcast every week to discuss these events. Please join us Tuesdays at 3 PM Eastern for the Cyber Defense Webcast on BrightTalk. |
|
| HR 2271 Shades of things to come? | |
| ThreatChaos.com analysis
There is a disturbing tendency on the part of the US Congress to legislate the Internet. A case in point is HR 2271 backed by eleven US Representatives and submitted to review by the House Energy and Commerce and Foreign Affairs Committees last May(2009). Thankfully, there has been no serious deliberation on this proposed measure which intends to somehow regulate the Internet to promote, ironically, freedom of speech. If you are a technology vendor read more details on this proposed bill at the link above. The consequences are frightening. There seems little danger of HR 2271 ever coming to a vote but...We must keep a wary eye on this 111th Congress that has over 40 measures under consideration that bear on highly technical issues. A misstep could be costly and have debilitating consequences for a fragile economy. Global Internet Freedom will be best served by governments of all types avoiding any meddling in the still young Internet.
|
|
| Siemens reports exploit of SCADA networks |
|
| From engaging with various insiders on Linkedin it quickly becomes evident that threats to industrial networks, including oil and gas and power distribution are common. Yet, there are few public incidents to point to which makes Siemens' revelation last week all the more important to pay attention to.
The malware used in these attacks targets an unpatched vulnerability in Microsoft shell code that has become know as the ShortCut vuln because it takes advantage of the way Microsoft has implemented shortcuts on the desktop.(See fix here) A researcher in Belarus discovered that malware delivered by USB drives was targeting machines running Siemens SCADA software. Since then Symantec researchers have determined that the majority of 14,000 machines infected are in Iran where Siemens happens to do a lot of business. Industrial processes are extremely vulnerable thanks in large part to the seemingly blind deployment of Windows system to the plant floor. Vendors such as Industrial Defender and SecureCrossing are rolling out network defense tools that target this issue. Now would be a good time for manufacturers and operators of critical infrastructure to review their control systems. There is now a clear and present danger that must be addressed. |
|
| WikiLeaks drops other shoe: reveals friction between US and Pakistan | |
| It is not unexpected that dealings between two countries in the fight against Taliban insurgents should be relatively secret. But WikiLeaks published 76,000 classified communications on Sunday (July 22, 2010) that indicate collusion between Pakistan and the Taliban. From the New York Times: Taken together, the reports indicate that American soldiers on the ground are inundated with accounts of a network of Pakistani assets and collaborators that runs from the Pakistani tribal belt along the Afghan border, through southern Afghanistan, and all the way to the capital, Kabul.
Look for these reports to have lasting repercussions on the war in Afghanistan. At the same time, the existence of a widely viewed source of classified information is going to challenge the US especially as it's State Department promotes freedom of speech on the Internet. |
|
| Robert Knake on attribution | |
| Robert R. Knake has contributed some important thoughts to the debate on cyberwar. First with the book he cosponsored with Richard Clarke, Cyber War: The Next threat to National Security and What to do About it. And now in testimony presented to the House Committee on Science and Technology which is holding "hearings on planning for the future of cyber attack." (Note the chairman, David Wu, was one of the sponsors of HR 2271 mentioned above.) Read Knake's testimony here. He argues that the lack of attribution in cyber space has been over hyped. He calls for stronger cooperation between law enforcement of different nations. And he calls for the development of stronger options in responding to cyber threats. |
|
| Cyber Defense Industry News | |
| Fortinet, the UTM vendor announced stellar quarterly numbers thanks in large part to the growing adaption of their products in large enterprise. My analysis was posted to GLG. Also read UTM is The Next Generation Firewall.
OISF announces first release of Suricata 1.0 a competitor to Snort. While it shares a lot of similarities with Snort and does not go far enough to address the noisy flood of alerts and lack of real defense, Suricata is an alternative. Our hope is that it leverages the security community to leap beyond Snort in defensive capability but it will be hard to match the investment Sourcefire is making in their technology base. SonicWall left the ranks of public companies as it was acquired by private equity firm Thoma Bravo. That makes three UTM vendors in the hands of PE. Watchguard is owned by Vector Capital and Francisco Partners, and the Carysle Group has a big piece of Cyberoam based in India. |
|
| Upcoming events |
|
| Hear more of my thoughts on cyber defense and recent developments on this Tuesday's Cyber Defense Webcast, 3 PM Eastern. | |
