Cybersecurity

”’Proposals:”’

2002

”’Piazza, P”’ (2002). ”A national strategy for securing cyberspace.” Security Management, 46(9), 40-41.
*”Tiffany Olson, the deputy chief of staff on the president’s Critical Infrastructure Protection Board (CIPB), explains that the plan is divided into five levels: home users and small businesses; major enterprises; sectors of national information infrastructure (including local, state, and federal government); national level institutions and policies (including groups that oversee the mechanics of the Internet itself); and global.”
*””In each section [of the strategy], we’ll talk about some of the problems and issues surrounding that area, we’ll talk about what’s already in place, what’s worked and what hasn’t worked, and some of the new recommendations to improve that area,” Olson says.”
*”For starters, the program will focus on awareness and education of cybersecurity among small business owners, she says. “We’re considering the idea of grants or loans to small businesses if they implement cybersecurity into their business plans,” she says, but that step has not yet been approved.”
*[[Cybersecurity]]
== 2004 ==

”’Benjamin D. Kern”’, “*101 Whacking, Joyriding and War-Driving: Roaming use of Wi-Fi and the Law” November, 2004, Santa Clara Computer and High Technology Law Journal Last Checked January 7, 2012. [http://www.mcguirewoods.com/news-resources/publications/technology_business/Whacking_Joyriding_and_War_Driving.pdf]
*““Whackers” …will be defined as users who intentionally access a Wi-Fi network for destructive, malicious, theft or espionage purposes.””
*“Roaming Wi-Fi users include “joyriders” that use an open Wi-Fi connection to access the Internet,…”
*““War-drivers,” who scan, locate, and map Wi-Fi access points, and accidental users, who unintentionally connect to a Wi-Fi network.””
*“The term “hacker” is popularly used in the media to refer to a malicious computer or network user, although use of the term in technology circles is considerably more nuanced.”
*“A “whacker” is a hacker that uses wireless technology.”
*“Laws applicable to roaming Wi-Fi use will facilitate and encourage roaming, while deterring destructive behavior and providing remedies to any network operator injured by a malicious or destructive user.”
*“Several men pled guilty to violations of the CFAA and other statutes after accessing credit card information stored in the computer systems of Lowe’s hardware store by accessing a store’s open Wi-Fi network from the parking lot of the store.”
*“Internet-related legislation has clarified that those who provide access to the Internet to third-parties are not liable for the acts of these third-parties.”
*“The Digital Millennium Copyright Act (“DMCA”) and Communications Decency Act (“CDA”) both include safe harbors that clarify that Internet service providers are not liable for content transmitted through their services, potentially including all of the types…”
*“Pre-DMCA case law makes clear that network operators that do not have knowledge of the content passing through their networks have little danger of being liable for copyright infringement.”
*“The Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-SPAM”) clarifies that liability for spam sent by a user of an open Wi-Fi network would rest with the user, not the network operator.”
*“Whether or not the CDA, DMCA, and CAN-SPAM Acts expressly apply to all materials that may be transmitted through an open Wi-Fi network, courts have recognized that Congressional intent to absolve service providers has been very broad.”
*“The Computer Fraud and Abuse Act of 1986 (“CFAA”) prohibits unauthorized access to a computer or network in a number of specific situations.”
*“To violate the most widely applicable provisions of the CFAA, a user must intentionally access a network without authorization, and must either obtain information or cause damage and a loss exceeding a threshold amount.”
*“Many state statutes, as well as the CFAA, prohibit intentional unauthorized access, but do not clarify what level of mens rea applies to the unauthorized nature of the user’s access.”
*“Most states have statutes that prohibit intentional, unauthorized access to, or use of, computer networks.”
*“Current federal and state laws may apply to the use of Wi-Fi networks for whacking activities, and to roaming use of open Wi-Fi networks for purposes of accessing the Internet, and, at least in California, to war-driving.”
*“A lack of clarity and consistency among existing laws threatens to have a chilling effect on this important direction of future growth for the Internet.”
*[[Cybersecurity]], [[Law]], [[Hacker]], [[Law Enforcement]]
”’USA Today”’, “Lowe’s hardware hacker gets nine years” 15 December, 2004, usatoday.com Last Checked 29 December, 2011. [http://www.usatoday.com/tech/news/computersecurity/hacking/2004-12-15-lowes-hack_x.htm]
*“One of three Michigan men who hacked into the national computer system of Lowe’s hardware stores and tried to steal customers’ credit card information was sentenced Wednesday to nine years in federal prison.”
*“The government said it is the longest prison term ever handed down in a U.S. computer crime case.”
*“Brian Salcedo, 21, of Whitmore Lake, Mich., pleaded guilty in August to conspiracy and other hacking charges.”
*“Salcedo’s sentence… exceeds that given to the hacker Kevin Mitnick, who spent more than 5½ years behind bars, according to a Justice Department Web site that tracks cyber-crime prosecutions.”
*“Adam Timmins, became one of the first people convicted of “wardriving,” in which hackers go around with an antenna, searching for vulnerable wireless Internet connections.”
*“Prosecutors said the three men tapped into the wireless network of a Lowe’s store in Southfield, Mich., used that connection to enter the chain’s central computer system in North Wilkesboro, N.C., and installed a program to capture credit card information.”
*“The case was prosecuted in Charlotte because it is home to an FBI cyber-crime task force.”
*“Mitnick led the FBI on a three-year manhunt that ended in 1995 and is said to have cost companies millions of dollars by stealing their software and altering computer information.”
*“Victims included Motorola, Novell, Nokia and Sun Microsystems.”
*“I think the massive amount of potential loss that these defendants could have imposed was astounding, so that’s what caused us to seek a substantial sentence against Mr. Salcedo, …”
*[[Cybersecurity]], [[Hacker]], [[Law Enforcement]]

== 2007 ==

”’Lorine A. Hughes, Gregory J. DeLone”’, “Viruses, Worms, and Trojan Horses: Serious Crimes, Nuisance, or Both?”, ”Social Science Computer Review”, Volume 25 Number 1, Spring 2007 78-98
*”Computers also may play a role in “creating a unique environment in which unauthorized activities can occur, or where the computer creates unique forms of assets subject to abusive acts.””
*” As in the legendary tale about the hollow wooden horse that the Greeks used to smuggle their soldiers into Troy, a Trojan horse is a destructive program that masquerades as a legitimate file or application to gain entry to a computer (or, more recently, mobile phone, personal digital assistant, or gaming device).”
*”Because “there is no centralized database that collects information on the damage that viruses [and other types of malware] cause” (Taylor et al., 2005, p. 119), it is impossible to say with any certainty whether the effects of these programs constitute a major threat or have been largely overblown by the media and other doomsayers.”
*”Reports and press releases from the major antivirus companies—including McAfee, Sophos, Symantec, and Trend Micro—reveal a substantial increase in the number and complexity of malware attacks.”
*”Prosecutions of computer malware writers under the act have been relatively rare, mainly because of the “burden and complexity of the government’s case” (Montana, 2000, p. 58), the traditionally narrow focus of the law on information stored on federal interest computers, and the existence of legislative loopholes stemming from vague terminology (Baker, 1993; Colombell, 2002; Davis, 1994; McCall, 1988).”
*”On one hand, the data reveal that most threats are not widely distributed, do not cause significant damage, and are fairly easy to contain and remove.”
*”On the other hand, however, the most prevalent actions performed by existing malware tend to be among the most serious in terms of their ability to release information, provide unauthorized computer access, destroy data, and result in financial losses.”
*”Local, national, and global efforts to increase user awareness of the potential dangers of cyberspace and how best to avoid them nevertheless can coexist with innovative legal and law enforcement strategies to fight cybercrimes, including the development of incentive structures and programs for actions undertaken to benefit the common good (see Powell, 2005).”
*[[Cybersecurity]], [[Law]]

== 2009 ==

”’Cetron, Marvin J. & Davies Owen”’, “Ten Critical Trends for Cybersecurity”, 1 September 2009 Futurist Last checked February 24, 2011. [http://web.ebscohost.com/ehost/pdfviewer/pdfviewer?sid=945f8e70-582d-4e70-91d3-5b5d6170fb14%40sessionmgr13&vid=3&hid=18]
*“Technological advances and greater connectivity may be making our systems less rather than more secure.”
*‘“Cybersecurity is the soft underbelly of this country,…”’
*“McConnell does not worry…hackers or spies will steal classified information from computers owned by government or the military… He is afraid they will erase it and thereby deprive the United States of critical data…”
*“January 2008, a CIA analyst told American utilities that hackers had infiltrated electric companies in several locations outside the United States.”
*“Information warfare will be a significant component in most future conflicts.”
*“Repeated reports that Chinese computer specialists have hacked into government networks in Germany, the United States… show that the threat is not limited…”
*”Information warfare in military planning and operations will expand greatly in the next two or three decades.”
*“The growing domination of technology is the ultimate foundation for cyberwar.”
*‘“Coordinated cyberattacks at multiple levels will be capable of knocking out the macro(national defense systems), meso (local power grids), and micro (starting an automobile) simultaneously.”’
*‘“National-security interventions and general hell raising, it is time to plan, design, and execute over the next five to seven years a replacement for the internet.”’
*“Disrupt essential information or communications systems,… government agency. Or military unit could be dead in water…”
*“Our major concern is no longer weapons of mass destruction, but weapons of mass disruption.”
*[[Cybersecurity]], [[China]], [[Homeland Security]], [[Military]]
”’Lozowski, Dorothy.”’ “Chemical Plant Security.” Chemical Engineering, Volume 116, Issue 9. 21. September 2009.
* ”Security at many U.S. chemical facilities is currently regulated by the U.S. Department of Homeland Security under the Chemical Facility Anti-Terrorism Standard (CFATS).” – page 21
* ”Compliance with CFATS begins with an assessment tool developed by Department of Homeland Security call the Top-Screen, to assist DHS in determining which chemical facilities meet the criteria for being high-risk.” –page 21
* ”There doesn’t seem to be any disagreements among the chemical process industries (CPI) that security regulations are a good idea.” – page 21
* ”The House of Representatives has proposed a revision to the current CFATS standard. Two main points in the House’s bill that Society of Chemical Manufacturers and Affiliates (SOCMA) oppose are mandated inherently safer technologies (IST) and a civil suits clause.” – page 22
* ”As tiered facilities move forward with their site plans, a number of companies are positioning themselves to help with the process of CFATS compliance and implementation.” – page 22
* ”Ryan Loughin, director of the Petro-Chem and Energy Division of ADT Advanced Integration, explains that a tiered facility faces two basic threats: toxic release, and theft and diversion.” – page 23
* ”ADT’s approach to working with a facility with one or both of these threats is to consider three key factors: deter, detect, and delay.” – page 23
* ”While the bulk of CFATS focuses on the physical plant, it also addresses cyber security, which is undoubtedly an integral part of overall security.” – page 23
*[[Chemical]], [[Chemical Surveillance]], [[Cybersecurity]]
”’Aitoro Jill R,”’ “Los Alamos Lab Again Under Fire for Weak Computer Security”, 17 November  2009 Nextgov.com,Global Security Newswire Last checked February 24, 2011. [http://gsn.nti.org/gsn/nw_20091117_6009.php]
* “Numerous network vulnerabilities in several critical areas of the laboratory, which manages operations at nuclear facilities.”
* ‘“This weakness, increased risk exists that insiders with malicious intent could guess the passwords of other individuals and use them to gain inappropriate access to classified information.”’
* “In 2000, two pieces of removable media containing nuclear weapon designs used by the Energy Department were lost temporarily…”
* “In 1999, a scientist transferred classified information from Los Alamos computer systems onto unmarked discs, which he then removed from the laboratory.”
* “GAO recommended NNSA review federal cybersecurity staffing requirements at the Los Alamos office to determine if more personnel is needed.”
* “The lab also should develop a plan that details how cybersecurity improvements will be maintained and funded.”
* “October 2006, evidence obtained during a drug-related investigation… revealed that classified information saved on a thumb drive and some paper documents had been improperly removed from the laboratory.”
* ‘”[The lab] did not always manage passwords securely on the classified computer network..”’
* [[Cybersecurity]], [[Mexico]]

== 2010 ==

”’CyberInsecure.com,”’ “Massive Data Breach In Eastern Washington University, 130,00 Student Records Exposed”, 8 January 2010, CyberInsecure.com. [http://cyberinsecure.com/massive-data-breach-in-eastern-washington-university-130000-student-records-exposed/]
*“Eastern Washington University has notified present and former students of a massive data breach of its systems that could affect up to 130 000 people.”
*“The breach occurred after administrators audited the University’s network, according to a breach notification sent out to students.”
*“The intruder installed file sharing software on network machines that could have enabled the sensitive information to be filched from the network.”
*“Data involved in the breach, which dates back to 1987, includes names, social security numbers and dates of birth.”
*‘“As a precaution, the university is mailing notification letters to people whose personal data may have been exposed so they can take the appropriate steps to protect themselves from fraud.”’
*“The University also set up a security hotline for students, but didn’t go so far as to instigate free credit protection. Instead, it merely listed the numbers of credit reporting agencies on its website.”
*“This is EWU’s first reported data breach, but other Universities have suffered their own losses.”
*“The biggest university breach to date was reported in June 2008, when 2.2 million billing records were compromised on tapes stolen from University of Utah Hospitals and Clinics.”
*“More recently, 236 000 records were reported stolen from a hacked University of North Carolina server in September.”
*“That breach, which reports said may have occurred up to two years prior, involved the data of women enrolled in a mammography study.”
*“And in another breach reported last month, Pennsylvania State University said that 261 records from an archived class list may have been stolen using malware.”
*[[Cybersecurity]]
”’Markoff, John”’, “Google Asks Spy Agency for Help With Inquiry Into Cyberattacks,,”February 5, 2010, New York Times, [http://www.nytimes.com/2010/02/05/science/05google.html]. last checked 12/10/11
*”Google has turned to the National Security Agency for technical assistance to learn more about the computer network attackers who breached the company’s cybersecurity defenses last year, a person with direct knowledge of the agreement said Thursday.”
*” By turning to the N.S.A., which has no statutory authority to investigate domestic criminal acts, instead of the Department of Homeland Security, which does have such authority, Google is clearly seeking to avoid having its search engine, e-mail and other Web services regulated as part of the nation’s “critical infrastructure.”
*” Systems designated as critical infrastructure are increasingly being held to tighter regulatory standards.”
*”On Jan. 12, Google announced a ‘new approach to China,’ stating that the attacks were ‘highly sophisticated’ and came from China.”
*”At the time, it gave few details about the attacks other than to say that a theft of its intellectual property had occurred and that a primary goal of the attackers had been to gain access to the Gmail accounts of Chinese human rights activists.”
*”A number of computer security consultants who worked with other companies that experienced attacks similar to those of Google have stated that the surveillance system was controlled from a series of compromised server computers based in Taiwan.”
*”An N.S.A. spokeswoman said, ‘N.S.A. is not able to comment on specific relationships we may or may not have with U.S. companies,’ but added, the agency worked with “a broad range of commercial partners’ to ensure security of information systems.’
*”’This is the other side of N.S.A. — this is the security service that does defensive measures,’ said the specialist, James A. Lewis, a director at the Center for Strategic and International Studies. ‘It’s not unusual for people to go to N.S.A. and say ‘please take a look at my code.’ ‘ ”
*” On Thursday, the organization [Electronic Privacy Information Center] filed a lawsuit against the N.S.A., calling for the release of information about the agency’s role as it was set out in National Security Presidential Directive 54/Homeland Security Presidential Directive 23 , a classified 2008 order issued by President George W. Bush dealing with cybersecurity and surveillance.”
*”The relationship that the N.S.A. has struck with Google is known as a cooperative research and development agreement, …. These were created as part of the Federal Technology Transfer Act of 1986 and are essentially a written agreement between a private company and a government agency to work together on a specific project.”
*”In addition to the N.S.A., Google has been working with the F.B.I. on the attack inquiry,…”
*[[Cybersecurity]], [[Hacker]], [[Law Enforcement]], [[China]], [[Taiwan]], [[Classified]], [[Law]], [[Homeland Security]]
”’Lorber, Jane,”’ “House Passes Cybersecurity Bill”, 4 February 2010 New York Times [http://thecaucus.blogs.nytimes.com/2010/02/04/house-passes-cybersecurity-bill/] Last Checked March 15, 2011.
*“The House… passed a bill aimed at building up the United States’ cybersecurity army and expertise, amid growing alarm over the country’s vulnerability online.”
*“Bill… passed 422-5, requires the Obama administration to conduct an agency-by agency assessment of cybersecurity workforce skills…”
*“Establishes a scholarship program for undergraduate and graduate students who agree to work as cybersecurity specialists for the government after graduation.”
*“Officials puzzle over how to defend the nation from enemies that are often impossible to pinpoint, … education and recruitment are crucial.”
*‘“Investing in cybersecurity is the Manhattan Project of our generation,”’
*‘“But this time… we are facing far greater threat. Nearly every high school hacker has the potential to hamper… the internet. Just imagine what a rouge state could do.”’
*“Federal government will need to hire between 500 and 1,000 more ‘“cyber warriors”’ each year to keep up with potential enemies.”
*“Large-scale cyberattacks could massively disable or hurt international financial, commercial and physical infrastructure.”
*“Mr. Obama has said cybersecurity is one of his top priorities and between the fallout from the attack on Google’s computers in January…”
*“Authorizes one single entity,… to represent government in negotiations over international standards… a cybersecurity university-industry task force to guide the direction of future research.”
*[[Cybersecurity]], [[Military]]
”’Keating, Robert,”’ “The Cyber Warrior”, 1 July 2010 Academic Search Premier Last checked March 8, 2011. [http://web.ebscohost.com.proxy-tu.researchport.umd.edu/ehost/detail?hid=21&sid=ceea057b-79dd-4a43-9b25-88e4042c232a%40sessionmgr14&vid=3&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d#db=aph&AN=51508726]
*“In cyber war or cyber espionage, the person who’s doing it can achieve access in dozens of different ways.”.
*“Accessed a network that’s controlling something,… they can cause things to happen not in cyberspace but in physical space.”
*“Let’s get the arms control experts and the cyber experts together and see what can do to reduce the chances of a damaging cyber war.”
*“If you do limits on cyber war, that’s arms control.”
*“We’re seeing cyber criminal gangs doing things that in the past only nations could do.”
*“Individual hackers can make a lot of trouble, but they can’t bring down a power grid.”
*“Cyber war directed nation to nation, because in addition to having lots of technology at your fingertips, nation-states have intelligence agencies.”
*“Sometimes you need physical involvement, social engineering, information gathering before you do an attack.”
*“The fact that we have virtually no defense right now, that’s largely a matter of policy — not so much of technology — …”
*[[Cybersecurity]], [[China]]
”’Editors,”’ “War in the fifth domain”, 3 July 2010 Economist Last checked March 8, 2011.
*“After land, sea, air and space, warfare has entered the fifth domain: cyberspace.”
*“Mandate is to conduct ‘“full-spectrum”’ operations—to defend American military networks and attack other countries’ systems.”
*“Britain, too, has set up a cyber-security policy outfit, and an “operations centre” based in GCHQ, the British equivalent of the NSA.”
*“Many other countries are organizing for cyberwar, among them Russia, Israel, and North Korea.”
*“Cyber-security, envisages a catastrophic breakdown within 15 minutes.”
*“The effects of full-blown cyberwar are much like nuclear attack.”
*“Growing dependence on computers increases the harm they can cause.”
*“Weakly governed swathes of Africa are being connected up to fibre-optic cables, potentially creating new havens for cyber-criminals.”
*“Mr Obama has quoted a figure of $1 trillion lost last year to cybercrime–a bigger underworld than the drugs trade…”
*“The ostentatious hackers and virus-writers who once wrecked computers for fun are all but gone, replaced by criminal gangs seeking to harvest data.”
*‘“given enough time, motivation and funding, a determined adversary will always–always–be able to penetrate a targeted system.”’
*“China,… wholesale espionage, attacking the computers of… Western defence contractors … taking classified details of the F-35 fighter, …”
*“Western spooks think China deploys the most assiduous, and most shameless, cyberspies, but Russian ones are probably more skilled and subtle.”
*“Deterrence in cyber-warfare is more uncertain than, say, in nuclear strategy: there is no mutually assured destruction, the dividing line between criminality and war is blurred…”
*[[cybersecurity]], [[China]], [[Africa]], [[Russia]], [[North Korea]], [[Israel]]
”’Editors”’ “The Meaning of Stuxnet”, 30 September 2010 The Economist [http://www.economist.com/node/17147862] Last Checked March 16, 2011.
*“The Stuxnet worm, a piece of software that infects industrial-control systems,…”
*“Its… complexity suggests that it is the work of a team of well-funded experts, probably with the backing of a national government, rather than rogue hackers or cyber-criminals…”
*“It is designed to infect a particular configuration of a particular type of industrial-control system—in other words, to disrupt the operation of a specific process or plant.”
*“The Stuxnet outbreak has been concentrated in Iran, which suggests that a nuclear facility in that country was the intended target.”
*“This is, in short a new kind of cyber-attack.”
*“This was a weapon aimed at a specific target- it has been called a “cyber-missile”’.
*“One or more governments (the prime suspects are Israel and America) were probably behind it.”
*“The potential for this sort of attack, Stuxnet is a worked example of cyberwar’s potential- and its limitations.”
*“Cyberwar has focused on the potential for a “digital Pearl Harbour”, in which a country’s power grids and other critical infrastructure are disabled by attackers.”
*“Stuxnet, which exploits flaws in Microsoft Windows to spread on to stand-alone systems via USB memory sticks, shows they are more vulnerable…”
*“Stuxnet… reveals the potential for cyber-weapons that target specific systems, rather than simply trying to cause as much mayhem as possible.”
*“Specificity, along with the deniability and difficulty tracing a cyber-weapon,… appeal to governments that would like to disable a particular target… avoiding a direct military attack…”
*“A cyber-attack is no substitute for a physical attack.”
*[[Cybersecurity]], [[Iran]], [[Israel]]
”’Andrues, Wesley R.”’ “What U.S. Cyber Command Must do”, 1 October 2010 JFQ: Joint Force Quarterly Last checked March 8, 2011. [http://web.ebscohost.com.proxy-tu.researchport.umd.edu/ehost/pdfviewer/pdfviewer?hid=21&sid=ceea057b-79dd-4a43-9b25-88e4042c232a%40sessionmgr14&vid=3]
*“The U.S. Cyber Command (USCYBERCOM) … role in information technology ownership and draw clear operational boundaries in administering cyber security…”
*“The existing ingredients of cyber security would be more effective under a central commander than distributed to those with a custodial responsibility for the network.”
*“Information assurance, computer network defense, and computer network response actions… weapons of choice in safeguarding DOD information…”
*“Overlapping responsibilities may hobble the effectiveness of a new command devoted exclusively to cyberspace operations and security.”
*“NSA, whose influence on planning and programming information systems could feasibly eclipse that of CIO.”
*“June 2009,… the creation of U.S. Cyber Command (USCYBERCOM),… subunified command to be led by the director…National Security Agency (NSA).”
*“USCYBERCOM will be legitimized by a base execute order from the Secretary of Defense that will bestow it with the authorities needed … on some global level.”
*“Cyber forces are far from readily understood or objectively applied.”
*“There is potential for subunified command to make a tangible impact on a functional area such as cyberspace…”
*“USCYBERCOM may emerge as a well-intended office whose real authorities prove negligible in the long run.”
*[[Cybersecurity]], [[Military]]
”’Editors,”’ “Iran admits its nuclear facilities are under massive cyberattack”  Homeland Security Newswire, October 2 2010. [http://homelandsecuritynewswire.com/iran-admits-its-nuclear-facilities-are-under-massive-cyberattack 1]
*”Iran’s nuclear agency has admitted it is battling to contain a computer worm that experts say was designed by a hostile government — read: Israel — and has the capacity to shut down industrial plants.”
*”Iran has confirmed that 30,000 computers in the country’s power stations, including the nuclear reactor in Bushehr, have been attacked by the Stuxnet worm.”
*”Sky News reports that the Stuxnet worm is described by experts as the most complex piece of malware ever designed. Once it gains access to a plant’s computers, it hunts out specific software that controls operations such as the opening and closing of valves or temperature regulation.”
*”By halting those processes it can cause extensive damage to nuclear power stations, power grids or other industrial facilities.”
*”Alan Bentley, senior vice president of IT security company Lumension, told Sky News Online: “The worrying thing about Stuxnet is that mischief or financial reward wasn’t its purpose, it was aimed right at the heart of a critical infrastructure. Stuxnet isn’t just another piece of malware. It is the most refined piece of malware ever discovered.””
*”The worm was discovered in July and attacks were reported primarily in Iran but other countries such as Pakistan and Indonesia have been affected.”
*”Technology security provider Symantec told the Financial Times it would have taken a team of ten specialized programmers about six months of full-time work to design Stuxnet.”
*”“Government organizations across the world need to think carefully about how they are protecting their power stations, water plants and industrial units, from malicious attack,” Bentley added.”
*[[Iran]], [[Cybersecurity]]
”’Editors,”’ “Stuxnet, world’s first “cyber superweapon,” attacks China” Homeland Security Newswire October 2, 2010 [http://homelandsecuritynewswire.com/stuxnet-worlds-first-cyber-superweapon-attacks-china 2]
*”Stuxnet is feared by experts around the globe as it can break into computers that control machinery at the heart of industry, allowing an attacker to assume control of critical systems like pumps, motors, alarms, and valves.”
*”AFP reports that it could, technically, make factory boilers explode, destroy gas pipelines, or even cause a nuclear plant to malfunction.”
*”The virus targets control systems made by German industrial giant Siemens commonly used to manage water supplies, oil rigs, power plants and other industrial facilities.”
*”“This malware is specially designed to sabotage plants and damage industrial systems, instead of stealing personal data,” an engineer surnamed Wang at antivirus service provider Rising International Software told the Global Times. “Once Stuxnet successfully penetrates factory computers in China, those industries may collapse, which would damage China’s national security,” he added.”
*”The Stuxnet computer worm — a piece of malicious software (malware) which copies itself and sends itself on to other computers in a network — was first publicly identified in June.”
*”It was found lurking on Siemens systems in India, Indonesia, Pakistan and elsewhere, but the heaviest infiltration appears to be in Iran, according to software security researchers.”
*”Yu Xiaoqiu, an analyst with the China Information Technology Security Evaluation Centre, downplayed the malware threat. “So far we don’t see any severe damage done by the virus,” Yu was quoted by the Global Times as saying.”
*”A top U.S. cybersecurity official said last week that the country was analyzing the computer worm but did not know who was behind it or its purpose. “One of our hardest jobs is attribution and intent,” Sean McGurk, director of the National Cybersecurity and Communications Integration Center (NCCIC), told reporters in Washington. “It’s very difficult to say ‘This is what it was targeted to do,’” he said of Stuxnet, which some computer security experts have said may be intended to sabotage a nuclear facility in Iran.”
*”A cyber superweapon is a term used by experts to describe a piece of malware designed specifically to hit computer networks that run industrial plants. “The Stuxnet worm is a wake-up call to governments around the world,” Derek Reveron, a cyber expert at the U.S. Naval War School, was quoted as saying Thursday by the South China Morning Post. “It is the first known worm to target industrial control systems.””
*[[Cybersecurity]]
”’Editors,”’ “U.S. Cyber Command will not go operational today as planned” Homeland Security Newswire, Published October 1 2010, Last accessed October 2 2010. [http://homelandsecuritynewswire.com/us-cyber-command-will-not-go-operational-today-planned 3]
*”The U.S. Cyber Command will not become operational today as had been planned, according to Pentagon spokesmen.”
*”Issues responsible for the delay include difficulties finding suitably qualified staff, and also the fact that it is not entirely clear what “operational” means for a cyber force, the Stars & Stripes reports .”
*”Lewis Page writes that Cyber Command, which is directed by the head of America’s feared National Security Agency (NSA) and has its headquarters at the same complex (Fort Meade in Maryland), was created to bring the nascent cyberwar forces of the separate American armed services together. These include the U.S. 24th Air Force, Fleet Cyber Command, Army Forces Cyber Command, and Marine Forces Cyber Command.”
*”Pages notes that finding suitable military people to man up the Cyber Command is apparently a serious issue. Briefing politicians last week, NSA/Cyber Command chief General Keith Alexander said: “If you were to ask me, what is the biggest challenge that we currently face? It’s generating the people that we need to do this mission.””
*”Another factor in the Cyber Command delays is the issue of what its job is. General Alexander’s confirmation as boss was held up for some time by puzzled politicians trying to get more detail on this, and indeed judging by Colonel White’s comments even the Pentagon remains unsure.”
*”Page writes that much debate has revolved around the issue of whether the Command will mount network attacks in other countries, and if so what the legal mechanisms for ordering it to do so might be. There is little doubt that it will be capable of making such attacks, however: the 24th AF alone contains an entire unit, the 67th Network Warfare Wing, dedicated to nothing else. Moreover, DARPA is known to be working on a digital “cyber range” in which to test the fearful network artillery and code missiles of tomorrow.”
*[[Cybersecurity]]
”’Editors,”’ “Experts: Israel used cyber weapon to disrupt Iran’s nuclear reactor” Homeland Security Newswire,Published September 23 2010, Last accessed October 2 2010. [http://homelandsecuritynewswire.com/experts-israel-used-cyber-weapon-disrupt-irans-nuclear-reactor 4]
*”A highly sophisticated computer worm that has burrowed into industrial systems worldwide over the past year may have been a “search-and-destroy weapon” built to take out Iran’s Bushehr nuclear reactor, according to news reports published on Tuesday.”
*”The articles from IDG News and The Christian Science Monitor said the Stuxnet worm was programmed to probe the hosts it infected for extremely specific settings. Unless it identified the hardware fingerprint it was looking for in industrial software systems made by Siemens, it remained largely dormant.”
*”The appearance of Stuxnet created a ripple of amazement among computer security experts. Too large, too encrypted, too complex to be immediately understood, it employed amazing new tricks, like taking control of a computer system without the user taking any action or clicking any button other than inserting an infected memory stick. Experts say it took a massive expenditure of time, money, and software engineering talent to identify and exploit such vulnerabilities in industrial control software systems.”
*”Industrial control systems experts now have concluded, after nearly four months spent reverse engineering Stuxnet, that the world faces a new breed of malware that could become a template for attackers wishing to launch digital strikes at physical targets worldwide. Internet link not required.”
*”Dan Goodin writes that it was only after a unique configuration on a Programmable Logic Controller device was detected that Stuxnet took action. Under those circumstances, the worm made changes to a piece of Siemens code called Operational Block 35, which monitors critical factory operations, according to IDG, which cited Eric Byres, CTO of security firm Byres Security.”
*”“Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance — a target still unknown,” the Christian Science Monitor said. It went on to say that the digital fingerprinting capability “shows Stuxnet to be not spyware, but rather attackware meant to destroy.””
*”Both reports said the sophistication of Stuxnet suggests Israel or some other nation state is behind the worm and both articles cited speculation by Ralph Langner that the intended target may have been Iran’s Bushehr reactor, located about 750 miles from Tehran.”
*”The Iranian project faced reported delays around the same time Stuxnet is believed to have propagated, and the plant is believed to use the Windows-based Siemens software targeted in the attacks, IDG said.”
*The Christian Science Monitor said Stuxnet may already have exacted damage on Bushehr and noted the facility’s expected opening in late August has been delayed for unknown reasons.”
*[[Cybersecurity]], [[Iran]], [[Israel]]
”’Markoff J. & Sanger E.,”’ “In a Computer Worm, a Possible Biblical Clue” NY Times, Published September 29 2010. Last accessed October 2, 2010 [http://www.nytimes.com/2010/09/30/world/middleeast/30worm.html?pagewanted=1&_r=1&no_interstitial 5]
*”Not surprisingly, the Israelis are not saying whether Stuxnet has any connection to the secretive cyberwar unit it has built inside Israel’s intelligence service. Nor is the Obama administration, which while talking about cyberdefenses has also rapidly ramped up a broad covert program, inherited from the Bush administration, to undermine Iran’s nuclear program. In interviews in several countries, experts in both cyberwar and nuclear enrichment technology say the Stuxnet mystery may never be solved.”
*”The malicious code has appeared in many countries, notably China, India, Indonesia and Iran. But there are tantalizing hints that Iran’s nuclear program was the primary target.”
*”The fact that Stuxnet appears designed to attack a certain type of Siemens industrial control computer, used widely to manage oil pipelines, electrical power grids and many kinds of nuclear plants, may be telling. Just last year officials in Dubai seized a large shipment of those controllers — known as the Simatic S-7 — after Western intelligence agencies warned that the shipment was bound for Iran and would likely be used in its nuclear program.”
*”Also, starting in the summer of 2009, the Iranians began having tremendous difficulty running their centrifuges, the tall, silvery machines that spin at supersonic speed to enrich uranium — and which can explode spectacularly if they become unstable.”
*”For intelligence agencies they are an almost irresistible weapon, free of fingerprints. Israel has poured huge resources into Unit 8200, its secretive cyberwar operation, and the United States has built its capacity inside the National Security Agency and inside the military, which just opened a Cyber Command.”
*”But the near impossibility of figuring out where they came from makes deterrence a huge problem — and explains why many have warned against the use of cyberweapons. No country, President Obama was warned even before he took office, is more vulnerable to cyberattack than the United States.”
*”There are many reasons to suspect Israel’s involvement in Stuxnet. Intelligence is the single largest section of its military and the unit devoted to signal, electronic and computer network intelligence, known as Unit 8200, is the largest group within intelligence.”
*”But other Israeli experts said they doubted Israel’s involvement. Shai Blitzblau, the technical director and head of the computer warfare laboratory at Maglan, an Israeli company specializing in information security, said he was “convinced that Israel had nothing to do with Stuxnet.””
*”Mr. Blitzblau noted that the worm hit India, Indonesia and Russia before it hit Iran, though the worm has been found disproportionately in Iranian computers. He also noted that the Stuxnet worm has no code that reports back the results of the infection it creates. Presumably, a good intelligence agency would like to trace its work.”
*[[Cybersecurity]], [[Iran]], [[Israel]]
”’Elliott, Dan”’, “Air Force Manual Describes Shadowy Cyberwar World”, 25 October 2010, Associated Press [http://news.yahoo.com/s/ap/20101025/ap_on_re_us/us_cyberwarfare_manual/print] Last Checked 26 October 2010.
*“A new Air Force manual for cyberwarfare describes a shadowy, fast-changing world where anonymous enemies can carry out devastating attacks in seconds and where conventional ideas about time and space don’t apply.”
*“The manual — officially, ‘Cyberspace Operations: Air Force Doctrine Document 3-12’ — is dated July 15 but wasn’t made public until this month. It is unclassified and available on the Internet.”
*“The manual explains how dependent the military and civil society have become on computer networks for communication, banking, manufacturing controls and the distribution of utilities.”
*“It also outlines the vulnerabilities of the Internet, including the relatively low cost of computers that could give an adversary a way to block, manipulate, damage or destroy a network.”
*“Much of the Internet’s hardware and software are produced and distributed by private vendors in other countries who ‘can be influenced by adversaries to provide altered products that have built-in vulnerabilities, such as modified chips.’”
*“Enemies can cloak their identities and hide their attacks amid the cascade of data flowing across international computer networks.”
*“Operating in cyberspace ‘may require abandoning common assumptions concerning time and space’ because attacks can come from anywhere and take only seconds, the manual says.”
*“Relentless attackers are trying to hack into home and office networks in the U.S. ‘millions of times a day, 24/7.’”
*“It dwells mostly on protecting U.S. military computer networks and makes little mention of attacking others. That could signal the Pentagon wants to keep its offensive plans secret, or that its chief goal is fending off cyberattacks to keep its networks up and running, analysts said.”
*“Overall U.S. military cyberwarfare operations will be the job of the U.S. Cyber Command, which began limited operations in May. It will have components from the Army, Air Force, Navy and Marines.”
*“Responsibility for civilian and government cybersecurity is less clear. Congress is debating between giving more power to the Homeland Security Department or the White House and the National Institute of Standards and Technology.”
*[[Cybersecurity]], [[Military]], [[Homeland Security]]
”’Waterman, Shaun”’, “Hackers Shopping Malware Network Suspected of Backing Iran”, 26 October 2010, Washington Times [http://www.washingtontimes.com/news/2010/oct/26/hackers-shopping-malware-network/] Last Checked 27 October 2010.
*“A hacker group calling itself the Iranian Cyber Army is assembling a network of infected computers, and selling it to cybercriminals to spread spam and malicious software, according to security researchers.”
*“Most researchers regard the Iranian Cyber Army (ICA) as ‘hacktivists’ — politically motivated pro-Iranian hackers — and there is no evidence they are linked to the Tehran government.”
*“The group was exploiting a vulnerability in WordPress, a popular blogging software program, to gain control of unsuspecting Internet users’ computers and add them to its network — known as a botnet, or robot network — of infected machines.”
*“Botnets can be used to send spam e-mail or spread more malware, but they can also be used to conduct so-called denial-of-service attacks against websites.”
*“Visitors were surreptitiously redirected to a hacker-controlled website, where they were infected with a so-called Trojan downloader — a kind of malicious software that allows hackers to take control of the user’s computer.”
*“The Trojan was placed on the visitors’ computers by exploiting well-known vulnerabilities in several widely used software packages, including Adobe PDF, Java and Internet Explorer.”
*“The ICA appeared to be selling access to the computers it had infected to other cybercrime gangs, who were loading their own malware onto them, effectively recruiting them to multiple other botnets, or equipping them to steal banking passwords or other personal data from their owners.”
*“Botnet, one of hundreds controlled by hacker gangs and cybercrime syndicates all over the world, could be used to launch cyber-attacks against Tehran’s enemies.”
*[[Cybersecurity]], [[Iran]]

”’Hersh, Seymour M.,”’ “The Online Threat”, 1 November 2010 New Yorker Last Checked March 9, 2011.
*“If China had reverse-engineered the EP-3E’s operating system, all such systems in the Navy would have to be replaced, at a cost of hundreds of millions of dollars.”
*“The Chinese penetration as a warning about present and future vulnerabilities–…that China, or some other nation, could use… cyber skills to attack America’s civilian infrastructure and military complex.”
*“After years of planning, the U.S. Cyber Command was officially activated, and took operational control of disparate cyber-security and attack units… among the four military services.”
*“Its commander, Army General Keith Alexander… wants more access to e-mail, social networks, and internet to protect America and fight in… a new warfare domain—cyberspace.”
*“President Obama, who has publicly pledged that his Administration will protect openness and privacy on the Internet, will have to make choices that will have enormous consequences for the future…”
*“Will cyber security be treated as a kind of war?”
*‘“Cyber war” was emerging as one of the nation’s most widely publicized national-security concerns.”
*“The federal government currently spends between six and seven billion dollars annually for unclassified cyber-security work, and, it is estimated, an equal amount on the classified portion.”
*“Fourteen million dollars to build a bunker for the Pentagon’s new Cyber Command.”
*“Cyber espionage is… capturing e-mail traffic, text messages, other electronic communications, and corporate data for the purpose of gathering national-security or commercial intelligence.”
*“Cyber war involves the penetration of foreign networks for the purpose of disrupting or dismantling those networks, and making them inoperable.”
*“Blurring the distinction between cyber war and cyber espionage has been profitable for defense contractors–and dispiriting for privacy advocates.”
*“The most common cyber-war scare scenarios involve America’s electrical grid.”
*“Many long-standing allies of the United States have been deeply engaged in cyber espionage for decades.”
*“A retired four-star Navy admiral, who spent much of his career in signals intelligence, said that Russia, France, Israel, and Taiwan conduct the most cyber espionage against the U.S. …”
*[[cybersecurity]], [[Military]], [[China]], [[Russia]], [[France]], [[Israel]]
”’Editors N.P.,”’ “Talking with Anonymous”, 8 December 2010 The Economist [http://www.economist.com/blogs/democracyinamerica/2010/12/anonymous_and_cyber_protest] Last Checked March 16, 2011.
*“Group called “Anonymous”, the “hacktivists” who… declared war on the websites of people and organizations that try to impede the work of Julian Assange and WikiLweaks.”
*“After… chatting with them yesterday they went after Joe Lieberman’s website and, apparently, took it offline briefly.”
*“In the past, this same group has gone after the copyright establishment.”
*“When you take down the website of a PostFinance or MasterCard, as Anonymous has done in the past, it does more than simply show disapproval, it affects business.”
*“This is the future of activism, and it is both empowering and scary.”
*“A group like Anonymous isn’t really trying to impose anarchy as much as it’s trying to impose the will of its members (or whichever members are active at a certain time).”
*“As it fights for freedom on the internet, it constricts the net itself, by taking down websites and halting e-commerce.”
*“We have no idea who these people are.”
*[[Cybersecurity]]

== 2011 ==

”’Ghosh, Anup K., Angelos Stavrou, Michael E. Locasto, Sushil Jajodia,”’ “Virtual Extension The Ephemeral Legion: Producing an Expert Cyber-Security Work Force from Thin Air”, 1 January 2011 Communications of the ACM Last Checked March 9 2011.
*“A large cyber-security work force would provide a strong pillar for the domestic high-tech industry.”
*“Current rate of production of skilled cyber-security workers satisfies… neither the public nor private sector, …”
*“If we do not make a concerted effort to drastically increase this work force, then the U.S. will export high-paying information security jobs.”
*“We believe the creation of a significant cyber-security work force is… feasible, but also will help ensure the economic strength of the U.S.”
*“Government cyber-security workers should focus on educating a new work force rather than mass certification of existing workers.”
*“Government’s incredibly diverse cyber-security needs… operational, analytical, and strategic technology roles span both the military and civilian parts of government.”
*“Even finding a figurehead to direct and coordinate government cyber-security efforts is a monumental and ill-defined task.”
*“NSA has designated many college and university cyber-security programs… only a small number of quality educational programs are… equipped and willing to quickly educate large numbers…”
*“The Obama administration has laudably held cyber-security as an important national priority, …educating large numbers of cyber-security professionals, must be a front-line priority….”
*“The demand for cyber-security professionals far outstrips the current supply-indicating… primed for growth if a adequate number of professionals can be trained.”
*“Cyber-security presents a difficult… challenge… the fight is fundamentally unbalanced: an attacker need… a single weakness,… a defender must scramble to protect everything.”
*“If the U.S. cannot produce highly competent defenders of its military, civilian, financial, energy, health care,… then it will cease to be a meaningful international presence.”
*[[cybersecurity]]
”’Editors”’ “Stuxnet” 15 January 2011 New York Times [http://topics.nytimes.com/top/reference/timestopics/subjects/c/computer_malware/stuxnet/index.html?scp=3&sq=cyber%20security&st=cse]
*“Stuxnet is the name given to a computer worm, or malicious computer program, that began to spread in mid-2009.”
*“The most sophisticated cyberweapon ever deployed.”
*“experts dissecting it soon determined that it had been precisely calibrated in a way that would send nuclear centrifuges wildly out of control, adding to suspicions that it was meant to sabotage Iran’s nuclear program.”
*“Wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.”
*“Iran had run into technological difficulties that could delay a bomb until 2015.”
*“The biggest single factor in putting time on the nuclear clock appears to be Stuxnet.”
*“The digital trail is littered with intriguing bits of evidence, many of which suggest that the virus was designed as an American-Israeli project to sabotage the Iranian program.”
*“The worm itself now appears to have included two major components.”
*“One was designed to send Iran’s nuclear centrifuges spinning wildly out of control.”
*“The computer program also secretly recorded what normal operations at the nuclear plant looked like, then played those readings back to plant operators, like a pre-recorded security tape in a bank heist, so that it would appear that everything was operating normally while the centrifuges were actually tearing themselves apart.”
*“The attacks were not fully successful: Some parts of Iran’s operations ground to a halt, while others survived…”
*“The paternity of the worm is still in dispute…”
*[[Cybersecurity]], [[Iran]]
”’Gertz, Bill”’, “Show of Strength Urged for Cyberwar”, 27 January 2011, Washington Times [http://www.washingtontimes.com/news/2011/jan/27/show-of-strength-urged-for-cyberwar/] Last Checked 27 January 2011.
*“Gen. Chilton said the foreign operation that penetrated U.S. classified computer networks in 2008 changed the culture, conduct, and capabilities for cyberwarfare.”
*“Military cyberwarriors are building up efforts to pinpoint the sources of foreign computer break-ins on U.S. networks and will need to demonstrate a major computer attack capability in the future to deter increasingly sophisticated threats.”
*“On tracking the source of computer attacks, a process the military calls ‘attribution,’ Gen. Chilton said the military is improving its capability to locate the sources of electronic attacks, a key first step in defending systems and conducting offensive cyber-attacks.”
*“Deterring cyber-attacks before they are carried out, either by nations or criminals, requires demonstrating a ‘credible threat’ from the U.S. Military that would force all attackers to think before acting.”
*“Other countries were sent a clear signal that the U.S. military could shoot down enemy satellites in a conflict, based on the February 2008 Strategic Command-led operation known as Burnt Frost, which used a modified Navy SM-3 missile fired from an Aegis warship to shoot down a falling National Reconnaissance Office satellite.”
*“The U.S. satellite shootdown followed China’s January 2007 first successful test of an anti-satellite missile, an event that triggered alarm in U.S. military circles because of the vulnerabilities of U.S. satellites to China’s anti-satellite (ASAT) missile.”
*“The cyberworld has emerged as a new war-fighting arena.”
*[[Cybersecurity]], [[Military]]
”’Landler, Mark”’, “U.S. Policy to Address Internet Freedom.” 14 February 2011 New York Times [http://www.nytimes.com/2011/02/15/world/15clinton.html?_r=1&ref=technology] Last checked February 14, 2011.
*“On Tuesday … a new policy on Internet Freedom, intended to help people get around barriers in cyberspace while making it harder for autocratic governments to use the same technology to repress dissent.”
*“The new policy, a year in the making, had been bogged down by fierce debates… whether to view the Internet primarily as a weapon to topple repressive regimes or as a tool that autocrats can use to root out and crush dissent.”
*’“We support multiple tools, so if repressive governments figure out how to target one, others are available. And we invest in cutting edge…’”
*“Thought the new policy was on the drawing board for months, it has new urgency in light of turmoil in the Arab world…. Part of a larger debate over how the United States weighs its alliances…”
*“Reflects their view that technology can be a force that leads to democratic change, but cannot by itself bring down repressive regimes.”
*“Critics say the administration has held back $30 million in Congressional financing that could have gone to circumvention technology, a proven method that allows Internet users to evade government firewalls…”
*“They need much more to install networks capable of handling millions of users in China, Iran and other countries.”
*“The State Department has received 68 proposals for nearly six times the $30 million in available funds.”
*“On Jan. 27, the day before the Egyptian government cut off access to the Internet, he said there were more than 7.8 million page views by Egyptians on UltraSurf,… That was a huge increase from only 76,000 on Jan. 22.”
*“UltraSurf and its sister service, Freegate, do not have enough capacity to handle sudden sharp increases in use during political crises. That causes the speed to slow to a crawl…”
*“The number of global Internet users could swell by 5 billion within 20 years.”
*[[Cybersecurity]], [[China]], [[Russia]], [[Iran]]
”’Gertz, Bill”’, “Iran Militia Claims Credit for VOA Cyberstrike”, 22 February 2011, Washington Times [http://www.washingtontimes.com/news/2011/feb/22/iran-militia-claims-credit-for-voa-cyberstrike/] Last Checked 23 February 2011.
*“An Iranian government official on Tuesday claimed the Islamic Revolutionary Guards Corps was behind a recent computer attack that disrupted Voice of America Internet programming.”
*“The cyber-attack began Monday and lasted until early Tuesday morning, when service was restored.”
*“The Broadcasting Board of Governors, VOA’s parent agency, said in a statement that it was the target of a domain-name system ‘attack’ that affected a computer server outside of the agency.”
*“Visitors to the VOA home page and up to 95 other VOA-related websites were redirected to a page with an Iranian flag and a graphic of an AK-47 rifle.”
*“The hacking group identified itself as the Iranian Cyber Army and it left a message on the VOA sites that stated ‘we have proven that we can.’ It also called on the United States to stop interfering in Islamic countries.”
*“The Iranian IRGC spokesman said the hacking showed Iran’s sophistication in developing cyberweapons.”
*[[Cybersecurity]], [[Iran]]
”’Gertz, Bill,”’ “Inside the Ring”, 16 March 2011, The Washington Times [http://www.washingtontimes.com/news/2011/mar/16/inside-the-ring-278570395/?page=1] Last Checked 26 March 2011.
*‘“The cyberthreat continues to mature, posing dangers that far exceed the 2008 breach of our classified systems,…”’
*“He also disclosed that computer warfare troops were dispatched to the conflicts in Afghanistan and Iraq.”
*“He warned that the command is working to defend against a “Cyber 9/11” attack.”
*“The command is projected to have 931 military and civilian officials and a budget of $159 million by next year.”
*“We are collectively vulnerable to an array of threats ranging from network instability to criminal and terrorist activities to state-sponsored capabilities and actions that are progressing from exploitation to disruption to destruction.”
*‘“We believe that state actors have developed cyberweapons to cripple infrastructure targets in ways tantamount to kinetic assaults. Some of these weapons could potentially destroy hardware as well as data and software,…”’
*“His command is prepared to use offensive cyberwarfare to defend freedom of action in cyberspace and deny adversaries its use.”
*‘“In sum, our adversaries in cyberspace are highly capable.”’
*[[Cybersecurity]], [[Military]], [[Iraq]], [[Afganistan]]
”’Waterman, Shaun,”’ “China open to cyber-attack” 17 March 2011 The Washington Times [http://www.washingtontimes.com/news/2011/mar/17/china-open-to-cyber-attack/] Last Checked 28 March 2011.
*“Dams, oil and gas pipelines, factories and other computer-controlled infrastructure are more vulnerable to cyber-attacks in China than in other countries, security specialists say.”
*“The effectiveness of such an attack was demonstrated last year when the Stuxnet computer worm slowed Iran’s nuclear program by taking control of and disabling hundreds of uranium-enriching centrifuges.”
*“A cyber-attack on China’s computer-controlled infrastructure would imperil the world’s second-largest economy,…”
*“China is widely viewed as an aggressor in cyberspace.”
* “The U.S. and other Western nations have identified Beijing as being behind cyber-espionage attempts against their infrastructure computer systems.”
*“China’s vulnerability lies in its fledgling domestic software industry, which Beijing nurtures and promtes, and in the lack of transparebcy in its computer-defense organizations,…”
*“Malicious computer programs such as the Stuxnet worm allow hackers to hijack SCADA controls.”
*“Mr. Beresford, who looks for flaws in Chinese software as a hobby… said he identified the vulnerability last year and immediately notified both the company and China’s Computer Emergency Response Team, CN-CERT.”
*“Neither ever acknowledged his communication nor moved to deal with the flaw for 3 ½ months.”
*“By putting proof-of-concept data on the Web, Mr. Beresford raised the stakes significantly. He made the vulnerability public…”
*“CN-CERT posted a fix for the vulnerability within a few days.”
*‘“When it comes to vulnerabilities in software produced by domestic manufactures, they’re not exactly transparent or open,”’
*“That lack of transparency is a problem because, in order to patch a vulnerability effectively, it must be done publicly so that everyone who owns the software knows they need to download and apply the patch.”
*‘“China’s infrastructure is just as vulnerable [as anyone else’s] and probably more because of the lack of transparency,”’
*“Several surveys show that the great majority of computers used in China run pirated software…”
*‘“If you use pirated software, you have no idea where it comes from,… adding that much of China’s has come from the Russian mafia.”’
*“Pirated software cannot be patched or updated and might have flaws…”
*[[Cybersecurity]], [[China]], [[Russia]]
”’CBR Staff Writer,”’ “UK prepared to lead international fight against cyber terrorism” 24 March 2011 CBR [http://security.cbronline.com/news/uk-prepared-to-lead-international-fight-against-cyber-terrorism-240311] Last Checked 28 March 2011.
*“The UK is willing to lead the international fight against cyber crime and terrorism, but will co-ordinate its policy with its partners including the US…”
*‘“The UK has signalled its willingness to lead internationally.”’
*“However he added that the UK’s response to cyber threats has to be developed with the help of other countries.”
*“The UK must lead the fight against cyber threats to protect its own interests.”
*‘“We have to fight and win battles to decide internationally how this will be run. There are states that want to dictate how cyberspace evolves in a way that would be detrimental to our interests.”’
*“The government will publish a new cyber security strategy in the coming months…”
*“The coalition government has given priority to cyber threats. In its national security strategy: “A Strong Britain in an Age of Uncertainty” unveiled on 18 October 2010, the government said that cyber crime is one of the biggest emerging threats to the UK.”
*“Subsequently, the government announced the National Cyber Security Programme as a part of its Strategic Defence and Security Review and allotted £650 million of new investment over the next four years to the programme.”
*“The government has maintained that the private sector has to play a key role in the successful delivery of the programme.”
*‘“Partnership with the private sector will be absolutely crucial,” he said. “Government can’t do it alone.”’
*‘“The problem is networked and diffuse, so the response needs to be collaborative between government and the private sector.”’
*“The collaboration had already started last month… in which a joint response from government and the private sector was agreed upon.”
*[[cybersecurity]], [[U.K.]]
”’National Journal Group,”’ “Trial Cyber Attack Suggests Widespread U.S. Vulnerabilities” 30 March 2011 Global Security Newswire [http://gsn.nti.org/gsn/nw_20110329_6685.php] Last Checked 30 March 30, 2011.
*“The water supplier’s computer system had permitted outside access by staffers — a key vulnerability exploited by the specialists.”
*“Al-Qaeda and other extremist organizations have yet to acquire means of carrying out computer-based assaults.”
*“Governments including China and Russia could conduct such attacks, and independent entities might carry out electronic strikes on behalf of terrorists…”
*“Weak points identified by the group also exist at critical sites throughout the United States, according to U.S. government sources and independent analysts.”
*‘“ If a sector of the country’s power grid were taken down, it’s not only going to be damaging to our economy, but people are going to die…”’
*“President Obama established a federal “czar” position to address computer-based vulnerabilities, but the post remained vacant for seven months and has little power, according to the Times.”
*“The United States cannot compel companies to safeguard their computer systems, and the private sector has no strong cause to do so,…”
*‘“The odds are we’ll wait for a catastrophic event, and then overreact…”’
*[[Cybersecurity]], [[Russia]], [[China]], [[al-Qaeda]]
”’Homeland Security Newswire,”’ “Major Increase in cyber attacks on China’s Government”, 21 March 2011, Homeland Security Newswire, [http://homelandsecuritynewswire.com/major-increase-cyber-attacks-chinas-government]
*“In a twist of events, China recently reported that last year its government websites experienced a 68 percent increase in cyber attacks.”
*“The Chinese government has been accused of sponsoring cyber attacks against major companies like Google and Yahoo as well as governments around the world.”
*“A total of 35,000 Chinese websites, including 4,635 government sites, were hit by hackers in 2010.”
*“Attacks on non-government websites actually decreased 22 percent in 2010, while attacks on government websites had increased nearly 70 percent.”
*“The report also found that roughly 60 percent of ministerial-level websites have potential security risks.”
*“Hackers use two main means to attack government websites. One means is to turn the homepage of government websites into that of hacker organizations in order to show off their skills…”
*“The other is to hide hackers’ own pages on government Web sites before telling potential buyers that the servers and bandwidth of the government Web sites have been under their control and can be leased and transferred to criminals…”
*“After cyber attacks against China’s largest search engine Baidu, the report said that Chinese Internet companies and users should increase monitoring of malicious cyber activity.”
*“The report also found that five million Chinese IP addresses had been infected with a trojan horse or corpse virus.”
*“China has roughly 457 million Internet users, more than any other country in the world.”
*“The Chinese government maintains that it is the victim of cyber attacks and does not encourage them.”
*“The French government recently confirmed that sensitive files were stolen in highly sophisticated and targeted attacks against its Budget Ministry’s computers.”
*“McAfee analysts also recently determined that a series of highly targeted cyber attacks stole sensitive financial data worth millions of dollars from five major multinational oil and gas companies.”
*“Evidence suggests that the attacks may have originated from China…”
*[[cybersecurity]], [[China]], [[France]]
”’Riley, Michael,”’ “U.S. Spy Agency Is Said to Investigate Nasdaq Hacker Attack” 30 March 2011 Bloomberg [http://www.bloomberg.com/news/2011-03-30/u-s-spy-agency-said-to-focus-its-decrypting-skills-on-nasdaq-cyber-attack.html] Last Checked 6 April 2011.
*“National Security Agency, the top U.S. electronic intelligence service, has joined a probe of the October Cyber attack on Nasdaq…”
*“Amid evidence the intrusion by hackers was more severe than first disclosed…”
*‘“By bringing in the NSA, that means they think they’re either dealing with a state-sponsored attack or it’s an extraordinarily capable criminal organization…”’
*“The NSA’s most important contribution to the probe may be its ability to unscramble encrypted messages that hackers use to extract data…”
*“Investigators have yet to determine which Nasdaq systems were breached and why, and it may take months for them to finish their work…”
*“Nasdaq operators will be hard pressed to assure potential partners that they have resolved the matter…”
*“Nasdaq reported in February that the breach of its computers was limited to a single system known as Directors Desk, a product used by board members of companies to exchange confidential information…”
*“The NSA-assisted probe is now focused on how far the attack may have reached, including the breach of other systems…”
*“Directors Desk, where the break-in was discovered, is designed to allow directors and executives of Nasdaq client companies to share private files, nonpublic information that cyber criminals could trade on.”
*“Sophisticated hackers often enter computer networks through a single system, like Directors Desk, then hop to other secure parts of a computer network,…”
*“The agency rarely gets involved in investigating cyber attacks against companies.”
*“The NSA played a part in probing the 2009 attack against Google Inc. (GOOG),… represented “a major change” for the agency, which monitors the electronic communications of foreign entities and helps secure the networks of U.S. government agencies.”
*“The NSA, based at Fort Meade, Maryland, has the government’s most detailed knowledge of cyber attackers and their methods…”
*“A 2008 executive order signed by President George W. Bush expanded the NSA’s responsibilities to include monitoring U.S. government computer networks to detect cyber attacks.”
*“One challenge in analyzing the scope of cyber attacks is that the information captured by intruders is often sent out in an encrypted form, making it difficult to tell what was taken,..”
*“The NSA could help identify and analyze electronic clues left behind by the hackers, including communication between the malicious software used in the attack and the outside computers that controlled it…”
*“Another obstacle,… is that the most sophisticated cyber attacks employ stealthy software that’s programmed to go dormant for months and can be altered by hackers in response to changing security measures.”
*“One line of inquiry pursued by investigators is whether the attack is linked to state-based cyber espionage or sabotage, which would raise national security concerns,…”
*“Criminal enterprises have narrowed the skills gap with state-sponsored hackers, launching attacks that can penetrate even the best- guarded computer networks,…”
*[[Cybersecurity]]
”’Helft, Miguel,”’ “After Breach, Companies Warn of E-Mail Fraud” 4 April 2011 New York Times [http://www.nytimes.com/2011/04/05/business/05hack.html?_r=1&scp=3&sq=cyber%20security&st=cse].
*“Monday that millions of people were at increased risk of e-mail swindles after a giant security breach at an online marketing firm…”
*“The breach exposed the e-mail addresses of customers of some of the nation’s largest companies, including JPMorgan Chase, Citibank, Target and Walgreen…”
*“The breach may be among the largest ever…”
*“And it could lead to a surge in phishing attacks — e-mails that purport to be from a legitimate business but are intended to steal information like account numbers or passwords.”
*‘“If criminals can associate addresses with names and a business like a bank, they can devise highly customized attacks to trick people into disclosing more confidential information, a technique known as “spear phishing.”’
*“A spear-phishing e-mail is far more dangerous because it can include a person’s name and is sent only to people who are known to be customers of a certain business…”
*“The Anti-Phishing Working Group, an organization that tries to prevent Internet crime, received reports of more than 33,000 phishing attacks worldwide last June, the most recent month for which data is available.”
*“Roughly 70 percent of the attacks were in the financial services and online payment industries.”
*“Hackers often scan the Internet looking for machines that have a certain vulnerability or misconfiguration and then, once they hit upon something, look further to see if the victim interests them…”
*[[Cybersecurity]]
”’Richmond, Riva,”’ “An Attack Sheds Light on Internet Security Holes” 6 April 2011 [http://www.nytimes.com/2011/04/07/technology/07hack.html?_r=1&ref=stuxnet]
*“The Comodo Group, an Internet security company, has been attacked in the last month by a talkative and professed patriotic Iranian hacker…”
*“Infiltrated several of the company’s partners and used them to threaten the security of myriad big-name Web sites.”
*“It has also cast a spotlight on the global system that supposedly secures communications and commerce on the Web.”
*“The encryption used by many Web sites to prevent eavesdropping on their interactions with visitors is not very secure.”
*“This technology is in use when Web addresses start with “https” (in which “s” stands for secure) and a closed lock icon appears on Web browsers”
*“These sites rely on third-party organizations, like Comodo, to provide “certificates” that guarantee sites’ authenticity to Web browsers.”
*“But many security experts say the problems start with the proliferation of organizations permitted to issue certificates.”
*“As of December, 676 organizations were signing certificates, it found. Other security experts suspect that the scan missed many and that the number is much higher.”
*“Making matters worse, entities that issue certificates, though required to seek authorization from site owners, can technically issue certificates for any Web site.”
*“This means that governments that control certificate authorities and hackers who break into their systems can issue certificates for any site at will.”
*“The certificate system and the technology it employs have long been in need of an overhaul, but that the technology industry has not been able to muster the will to do it.”
*‘“This is a wake-up call. This is a small leak that is evidence of a much more fundamental structural problem.”’
*“In the Comodo case, the hacker infiltrated an Italian computer reseller and used its access to Comodo’s systems to automatically create certificates for Web sites operated by Google, Yahoo, Microsoft, Skype and Mozilla.”
*“The hacker described himself as a software-engineering student and cryptography expert and said he worked alone.”
*“He suggested he was avenging the Stuxnet computer worm, which was directed at Iranian nuclear installations last year.”
*‘“Cutting out a large player like Comodo, which controls at least 95,100 certificates, could effectively “break the Web,”’
*[[Cybersecurity]], [[Iran]]
”’Homeland Security Newswire,”’ “Senators seek to end Wasteful Government Cybersecurity Spending”, 12 April 2011, Homeland Security Newswire [http://homelandsecuritynewswire.com/senator-seeks-end-wasteful-government-cybersecurity-spending]
*“Senator Tom Carper (D – Delaware) is actively seeking ways to end wasteful government cybersecurity spending; Carper believes that the government can spend its money more efficiently on IT security…”
*‘“We waste about, I don’t know, $1 billion or $2 billion a year on the paperwork, which frankly doesn’t reflect that our cybersecurity protection any better…”
*“He believes that too many government programs are expensive, inefficient, and do not actually secure government networks…”
*“Carper has proposed mandating that all agencies only purchase technology that is preconfigured with encryption or other security measures…”
*[[Cybersecurity]]
”’Behr, Peter,”’ “A ‘Smart’ Grid Will Expose Utilities to Smart Computer Hackers”, 19 April 2011, New York Times, [http://www.nytimes.com/cwire/2011/04/19/19climatewire-a-smart-grid-will-expose-utilities-to-smart-28110.html?scp=2&sq=cyber%20security&st=cse]
*“A year ago, an unidentified computer intruder tried to penetrate the Lower Colorado River Authority’s power generation network with 4,800 high-speed log-in attempts that originated at an Internet address in China…”
*“And that was probably just an amateur’s work, says David Bonvillain…”
*“Far greater challenges lie ahead as smart grid technologies proliferate in the nation’s transmission network and utility control centers…”
*“The risk that a hacker could disrupt a closely managed grid control system is considerably lower than for an intrusion into a financial or industrial network, but the consequences could be far graver…”
*“And the scope of the threat is expanding faster than the utility sector’s response…”
*‘“”The smart grid increases the complexity of the system…”’
*‘“You’re deploying technology that is no longer in a building you control, and you are deploying it over the air, right up to the home.”’
*‘“There is more technology, and more networks highly interconnected to share information. You’ve increased the overall attack surface.”’
*‘“The smart grid is one of the best things to ever happen to security in the utility space.”’
*“The GAO report also cited a dramatic increase in cyber attacks on federal agencies, as reported to the U.S. Computer Emergency Readiness Team…”
*“Cyber incidents totaled 41,776 in fiscal 2010, a 650 percent increase in five years.”
*“Congress set up the process for creating cybersecurity standards for the electric power industry in the 2005 Energy Policy Act, it put the agency into a reactive stance…”
*“FERC can approve or reject cyber standards developed through NERC’s industry consensus process, but it cannot do more.”
*“After years of disjointed efforts since the 2005 act passed, the cyber issue has begun to move on some fronts…”
*“Companies are to follow in identifying critical parts of their systems that will be subject to cyber protection regulation.”
*“The Nuclear Regulatory Commission has agreed to take oversight responsibility for cybersecurity of all systems at nuclear power plants, not just the reactors…”
*“But a new Senate initiative is likely to reignite the federal-state jurisdictional quarrel over cyber standards.”
*“Committee and ranking Republican Lisa Murkowski (R-Alaska) circulated a draft bill on cyber protection policy that would give FERC the authority over critical distribution networks that it has been seeking.”
*“But even the successful completion of standards and rules for cyber protection for the power sector won’t be enough if the technical competency of the industry’s cyber managers is not upgraded…”
*“The case study Assante cites is the Stuxnet computer worm, which industry experts believe penetrated a part of Iran’s nuclear power infrastructure in mid-2009, damaging some of its critical uranium enrichment centrifuges.”
*“The code for the Stuxnet cyber weapon, whose authors remain unidentified publicly and are the subject of intense speculation, was identified by a Russian security firm that found it on a USB flash drive…”
*“Assante said there is still too wide a gap dividing power companies that are serious about raising cyber threat barriers and training people to use them, and other companies whose awareness and preparations are not adequate.”
*[[Cybersecurity]], [[Iran]], [[Russia]]
”’Perna, Gabriel,”’ “Report: Smart Grid Not Smart When It Comes To Cyber Attacks”, 20 April 2011, International Business Times, [http://www.ibtimes.com/articles/136601/20110420/cyber-crime-critical-infrastructure-energy-smart-grid.htm]
*“A new report says the industries in gravest danger from the increasing number of cyber threats is critical infrastructure industries such as power grids, oil, gas and water.”
*“Forty percent of information technology executives at critical infrastructure companies surveyed for the report said their industry’s vulnerability had increased.”
*“Thirty percent said their company was not prepared for a cyberattack and 40 percent expected one.”
*“The critical infrastructure industries lacked protection against cyber attacks, which can come at a high cost.”
*“The report points to Stuxnet, a sophisticated piece of malware designed to sabotage critical IT infrastructure, having been found on half of the electronic industry respondents…”
*‘“The fact is that most critical infrastructure systems are not designed with cyber security in mind, and organizations need to implement stronger network controls, to avoid being vulnerable to cyber attacks…”’
*“Eighty percent of respondents have faced a large-scale denial of service attack (DDoS) according to the report.”
*“Even worse, 25 percent have been victims of extortion through actual or threatened cyber attacks.”
*[[Cybersecurity]]
”’Niller, Eric,”’ “Cyber-Security System Mimics Human Immune Response”, 24 April 2011, abc News/Teschnology. [http://abcnews.go.com/Technology/wiping-computer-virus-cold/story?id=13439300]
*“Computer scientists and IT engineers are increasingly looking to the human immune system as a model for preventing attacks by cyber-hackers.”
*“They hope that in the near future computers will be able to communicate among themselves, recognize threats, and be able to monitor their own health — just like the cells inside our bodies.”
*“McConnell and others point to a marked increase in cyber-threats from organized crime, terrorists, and nation-states looking for key military, financial and other classified intelligence.”
*“McConnell says a first step would be to get computers to recognize and react to threats automatically.”
*“Some experts are already working on this kind of interoperability on a small scale.”
*“One of the biggest obstacles in getting computers closer to working by themselves is figuring out a better way to authenticate interactions,…”
*“Experts are looking at new models of “nature-inspired defense” as computer threats become a greater security problem for government agencies and a bigger cost to industry.”
*“The latest buzzword is ‘advanced persistent threats.”
*“These are sufficiently advanced methods that are difficult to detect and take a long time to discern.”
*“Another hurdle faced by computer experts in designing collaborative systems of either individual devices or networked computers is that of privacy.”
*“The more that computers share information in order to deter threats, the more individual privacy is reduced.”
*‘“Although we want the cell to be curable, we want it to have our private personality that cannot be wiped or automatically checked,…”’
*[[Cybersecurity]]
”’National Journal Group,”’ “Iran Reports New Computer Strike”, 25 April 2011, Global Security Newswire. [http://gsn.nti.org/gsn/nw_20110425_7283.php]
*“Iran is facing a new computer-based attack by hostile powers, a high-level Iranian military officer told the nation’s Mehr News Agency…”
*‘“The virus is congruous and harmonious with the (computer) system and in the initial phase it does minor damage and might be mistaken for some executive files of government organizations,…”’
*“Iran this month attributed the worm’s development to Israel and the United States, which both suspect the Middle Eastern state’s uranium enrichment program is geared toward weapons development.”
*“Specialists have suggested the malware targeted the Iranian enrichment program, which is capable of generating nuclear-weapon material.”
*“Tehran, which has maintained its atomic ambitions are strictly peaceful, last September confirmed that Stuxnet had infected laptops of Bushehr nuclear power plant personnel while denying the worm affected operations at the Russian-built facility.”
*“Meanwhile, Iran on June 18 intends to convene a two-day multilateral meeting on eliminating and preventing the spread of nuclear armaments and other weapons of mass destruction,…”
*‘“Perhaps the Foreign Ministry had overlooked the options to legally pursue the case, and it seems our diplomatic apparatus should pay more attention to follow up the cyber wars staged against Iran,” he said (Mostafavi, Reuters).”’
*[[Cybersecurity]], [[Russia]], [[Iran]]
”’National Journal Group,”’ “New Computer Strike Could Target Iranian Atomic Sites”, 26 April 2011, Global Secuirty Newswire. [http://gsn.nti.org/gsn/nw_20110426_1154.php]
*“A new computer-based assault on Iran appeared to target atomic sites and might reflect a wider effort to sabotage the Middle Eastern nation’s nuclear activities…”
*‘“The Stars virus has been presented to the laboratory but is still being investigated,…”’
*‘“The virus assumes the appearance of official electronic data and is hard to eliminate in its initial form …”’
*“The Stuxnet worm also remains a threat, the report indicates.”
*“Iran responded to Stuxnet before its impact became catastrophic…”
*‘“The nation should ready itself for the next virus since it is possible that new viruses will be considerably more dangerous than the first, …”’
*“Computer-based strikes might have inflicted heavier damage on Iran’s nuclear program than previously assessed, …”
*“Stuxnet was engineered to persist until 2012, and the worm might assume a low profile in infiltrated computers until it receives a launch instruction from an outside site …”
*“Iran might reformat data storage equipment and throw out affected systems in an effort to fight the worm, but Stuxnet could contaminate new but unsecured equipment, as well as new Iranian bases and sets of connected computers…”
*“Iran scrambled in 2010 to purge in excess of 1,000 uranium enrichment centrifuges affected by the Stuxnet worm.”
*“Tehran has informed the International Atomic Energy Agency of its intention to deploy higher-speed machines that could be better able to withstand attack…”
*[[Cybersecurity]], [[Iran]]

”’Homeland Security Newswire,”’ “ Iran’s control systems attacked by another virus”’ 26 April 2011, Homeland Security Newswire. [http://homelandsecuritynewswire.com/irans-control-systems-attacked-another-virus]
*“Iran’s civil defense commander, Gholamreza Jalali said Iran has been under sustained cyber attack, saying on Monday that yet another piece of malware — called “Stars” – was about to infect computers and servers used in Iran’s industrial control systems.”
*‘“Fortunately, our young experts have been able to discover this virus and the Stars virus is now in the laboratory for more investigations.”’
*“He did not specify the target of Stars or its intended impact.”
*‘“The virus is congruous and harmonious with the (computer) system and in the initial phase it does minor damage and might be mistaken for some executive files of government organizations.”’
*“That this description by Jalali suggests the attack was disguised as a legitimate Word, PDF, or other similar document types in order to trick unsuspecting victims into infecting government computers.”
*“Several organizations, including federal research facility Oak Ridge National Laboratory, have disclosed that attackers breached their systems by tricking employees into opening a malicious Word or Excel document.”
*‘“At this point whether Stars is “really specifically targeting Iranian systems,” said, noting that Sophos researchers see over 100,000 new unique malware samples every day, and many of them are designed to spy on victims’ computers.”’
*‘“Iranian authorities have reason to believe that the Stars virus they have intercepted was specifically written to steal information from their computers and is not just yet another piece of spyware…”’
*“Stars is the second known virus to have targeted Iran’s industrial control systems.”
*“Last year, the malware Stuxnet, widely believed to have been created by Israeli military programmers with the assistance of the United States, infected around 42,000 computers and servers used in Iran’s nuclear weapons program.”
*“The infection disabled about 20 percent of Iran’s uranium enrichment centrifuges, leading Iran, in mid-November last year, to halt enrichment activities…”
*“The Stuxnet virus also infected the Bushehr nuclear reactor, which was supposed to go on line in August.”
*‘“A Russian delegate to NATO said the Stuxnet created a situation in which if the Bushehr reactor were to go on line, it would become “another Chernobyl.”’
*‘“We should know that fighting the Stuxnet virus does not mean the threat has been completely tackled, because viruses have a certain life span and they might continue their activities in another way.”’
*‘“The country should prepare itself to tackle future worms since future worms, which may infect our systems, could be more dangerous than the first ones, …”’
*[[Cybersecurity]], [[Iran]], [[Russia]]
”’Clayton, Mark”’, “Cyberespionage: US Finds FBI Agents in Elite Unit Lack Necessary Skills”, 27 April 2011, CSMonitor [http://www.csmonitor.com/USA/2011/0427/Cyberespionage-US-finds-FBI-agents-in-elite-unit-lack-necessary-skills], Last Checked 28 April 2011.
*“Many of the Federal Bureau of Investigation’s field agents assigned to an elite cyber investigative unit lack the skills needed to investigate cases of cyberespionage and other computerized attacks on the US, the Justice Department inspector general reported.”
*“Investigating these kinds of cyberespionage attacks falls largely on the FBI as the lead agency for the National Cyber Investigative Joint Task force, which also includes representatives from 18 different intelligence agencies and is assigned to investigate the most difficult national security intrusions – those by a foreign power for intelligence gathering or terrorist purposes.”
*“In interviews with 36 field agents in 10 of the FBI’s 56 field offices nationwide, 13 agents, or more than a third, ‘reported that they lacked the networking and counterintelligence expertise to investigate national security [computer] intrusion cases.’”
*“Among the issues that impeded developing strong expertise and solving cyber investigations was the practice of rotating field agents to a new field office every three years.”
*“After rotating to a new office, an agent with cyber investigation experience often is not assigned to a cyber unit ‘leaving their cyber background underutilized.’”
*“The FBI cybersquads were also not as effective as they could be because the squads did not always have intelligence analysts embedded in their units to provide a strategic perspective and overall threat analysis.”
*“That’s a problem because the US is under constant and increasing cyberattack with 5,499 known intrusions into US government computer systems in 2008 alone – a 40 percent jump from 2007.”
*“‘There are about 1,000 security people in the US who have the specialized security skills to operate at world-class levels in cyberspace – we need 10,000 to 30,000,’ Jim Gosler, founding director of the CIA’s Clandestine Information Technology Office.”
*“Existing training and education programs, it said, are ‘limited in focus and lack unity of effort.’”
*“To ensure an adequate pipeline of skilled people ‘it will take a national strategy, similar to the effort to upgrade science and mathematics education in the 1950s, to meet this challenge.’”
*[[Cybersecurity]]
”’Homeland Security Newswire,”’ “Sony’s gaming network hacked, Microsoft’s follows suit”, 28 April 2011, Homeland Security Newswire. [http://homelandsecuritynewswire.com/sonys-gaming-network-hacked-microsofts-follows-suit]
*“Gaming devotees of Sony’s PlayStation network are fretting over the revelation that the company’s security has been breached.”
*“Users of the system, up to seventy-seven million of them, have been exposed to having vital personal and financial information fall into the hands of hackers.”
*“Sony maintained that there is no evidence indicating that credit card information had been obtained, they also refused to rule out the possibility, indicating that the credit card account number, along with the expiration date, may have fallen into the hackers’ hands.”
*“Sony also warned that with so much personal information exposed, customers should be vigilant against lower-tech events like phishing and human engineering attacks.”
*“Sony spokesman Patrick Seybold said that the company learned of the breach on April 19, and subsequently shut network services down.”
*“Seybold then went on to say that Sony brought in outside consultants to conduct a several-days-long forensic analysis to understand the nature and scope of the breach.”
*“The first lawsuit has been filed in U.S. District Court for the Northern District of California on behalf of a Birmingham, Alabama man, …”
*“Microsoft announced via its Xbox Live status page that one of its game titles, Modern Warfare 2, has been exploited by hackers so that users will receive an in-game message asking for personal information that is, in reality, a phishing attempt.”
*“The Guardian reports that dozens of “modded” Xbox 360 game consoles, that had been previously banned, were again able to access the Xbox Live network.”
*“Modding is the term of art for the modification of a game console so that it will run pirated software and unofficial applications.”
*[[Cybersecurity]]
”’ Homeland Security Newswire,”’ “DOJ report finds FBI agents critical cyber security skills”, 2 May 2011, Homeland Security Newswire. [http://homelandsecuritynewswire.com/doj-report-finds-fbi-agents-lacks-critical-cyber-security-skills]
*“A recent government report found that the FBI’s cybersecurity experts are incompetent and overly focused on investigating child pornography.”
*“The Department of Justice (DOJ), said that many of the FBI agents trained in cyber security lacked the ability to investigate national security related intrusions and threats.”
*“Out of the thirty-six agents that DOJ interviewed, only 64 percent said they had the expertise to handle national security related cyber investigations.”
*‘“The remaining 36 percent “lacked the networking and counterintelligence expertise to investigate national security intrusion cases.”’
*‘“Five agents even admitted that they “did not think they were able or qualified to investigate national security intrusions effectively.”’
*“In 2010 there were nearly 42,000 attacks against the government, a sharp increase compared to the 30,000 attacks in 2009.”
*‘“DHS anticipates that malicious cyber activity will continue to become more common, more sophisticated and more targeted — and range from unsophisticated hackers to very technically competent intruders using state-of-the-art techniques.”’
*“FBI cyber investigators spend nearly twice as much time investigating child pornography as it does analyzing attacks by foreign governments meant to steal sensitive information.”
*“In 2009 only 19 percent of cyber agents worked on national security intrusions whereas 41 percent were assigned to investigating online child porn and 31 percent were assigned to non-spy related digital crimes.”
*[[cybersecurity]]
”’Homeland Security Newswire,”’ “Preparing your organization for stuxnet-like attacks”, 2 May 2011, Homeland Security Newswire. [http://homelandsecuritynewswire.com/preparing-your-organization-stuxnet-attack]
*“If even you do not work for the Iranian nuclear program, you may want to learn how to protect your organization from a Stuxnet-like attack.”
*‘“Stuxnet as “this epochal change,” and says it was “one of the most complex threats observed to date.”’
*“Stuxnet not only did it use innovative antivirus evasion techniques and complex process injection code…”
*‘“It also pioneered new frontiers in virus design, including the use of four separate zero-day vulnerabilities and the first ever rootkit designed specifically for programmable logic controller systems.”’
*“What was remarkable about Stuxnet was that it was designed to reprogram industrial control systems, that is, computer programs used to manage industrial environments such as power plants, oil refineries, and gas pipelines.”
*‘“It is the first known malware designed to specifically target such systems with the goal of impacting real-world equipment and processes,…”’
*“Stuxnet’s ultimate objective was to disrupt Iran’s uranium enrichment program by targeting systems with drives that functioned at a certain frequency such as gas-centrifuge-based systems.”
*‘“Altering the frequencies of the drives, as Stuxnet is designed to do, will effectively sabotage the enrichment procedure, likely damaging the affected centrifuges in the process…”’
*“Stuxnet was of such great complexity and required such significant resources to develop that few attackers will be capable of producing a similar threat in the near future.”
*“The real-world dangers of Stuxnet-like threats are obvious.”
*[[Cybersecurity]], [[Iran]]
”’Homeland Security Newswire,”’ “25 million more users hit in second cyber attack on Sony”, 4 May 2011, Homeland Security Newswire. [http://homelandsecuritynewswire.com/25-million-more-users-hit-second-cyber-attack-sony]
*“Japanese electronics giant Sony recently announced that hackers successfully broke into its networks and stole sensitive data from more than twenty-five million online gaming subscribers.”
*“The announcement comes days after Sony’s admission that an additional seventy-seven million users had their personal information stolen.”
*“In the most recent attack, hackers infiltrated Sony’s Online Entertainment network and stole names, addresses, emails, birth dates, and even phone numbers from online gamers.”
*“According to Sony, the first attack resulted in the loss of data from an outdated 2007 PlayStation Network database that contained financial records for gamers.”
*‘“Sony, said, “We had previously believed that SOE (Sony Online Entertainment) customer data had not been obtained in the cyber-attacks on the company.”’
*“The attack is believed to have occurred on 16 and 17 April, several days before the larger PlayStation attack that occurred on 20 April.”
*‘“The company sought to ease fears by stating, “There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment.”’
*“It also said that the financial data that hackers stole was encrypted.”
*“Taina Rodriguez, a spokesperson for Sony, said that so far there has been no evidence that the stolen information has been used for any illegal activities.”
*“As Sony investigates the cyber attacks, it has temporarily shut down its Sony Online Entertainment Network services.”
*“Some analysts estimate that the attacks could cost Sony and credit card companies as much as $1 to $2 billion.”
*‘“This may be the mother of all data breaches at this point,”’
*“Large data breaches in the past have included the 2008 attacks on Heartland Payment System where hackers stole 130 million credit card numbers and a 2005 attack on TJX where as many as 100 million accounts were hacked.”
*[[Cybersecurity]]
”’Cooper, Helene,”’ “U.S. Calls for Global Cybersecurity Strategy”, 16 May 2011, New York Times. [http://www.nytimes.com/2011/05/17/us/politics/17cyber.html]
*“The Obama administration on Monday proposed creating international computer security standards with penalties for countries and organizations that fell short.”
*“Officials did not single out any countries in announcing the strategy, several officials said privately that the hope was that the initiative would prod China and Russia into allowing more Internet freedom,…”
*“Cracking down on intellectual property theft and enacting stricter laws to protect computer users’ privacy. “
*‘“The effort to build trust in the cyberspace realm is one which should be pushed in capitals around the world…”’
*‘“The White House also promised that the United States would respond to attempted hacking “as we would to any other threat to our country.”’
*“The strategy calls for officials from the State Department, the Pentagon, the Justice Department, the Commerce Department and the Department of Homeland Security to work with their counterparts around the world to come up with standards aimed at preventing theft of private information and ensuring Internet freedom.”
*‘“The 21st-century threats that we now face to both our national and international security really have no borders.”’
*“The administration released… its new computer security strategy, increasing and clarifying the penalties for computer crimes, and giving the domestic security agency a clear mandate for the protection of the government’s own networks.”
*“That effort was intended to reverse a growing perception that penalties for attacks on government, corporate and personal computers had been relatively small.”
*“The legislation calls for the agency to work with energy companies, water suppliers and financial institutions to rank the most serious threats and find ways to counter them.”
*“The law would also require each business to have an independent commercial auditor assess its plans…”
*[[Cybersecurity]], [[Law]]
”’Homeland Security Newswire,”’ “Government launches cybersecurity plan”, 16 May 2011, Homeland Security newswire. [http://homelandsecuritynewswire.com/government-launches-cybersecurity-plan]
*“Last week the Obama administration unveiled its plan to secure federal computer networks, critical industries, and consumers from cyberattacks.”
*“The plan would require critical infrastructure operators like electric companies and large financial firms to present cybersecurity plans to DHS for approval.”
*‘“DHS auditors would review the plans with the operators, discuss any shortcomings and “take other action as may be determined appropriate.”’
*“Plans that are deemed insufficient could lead to shutdowns, fines, or other monetary or civil penalties.”
*‘“DHS will lead government efforts to secure networks with “primary responsibility within the executive branch for information security.”’
*“DHS would also be empowered to set policies and activities for government systems.”
*‘“Federal authority and leadership would be designated within DHS, which will “develop and conduct risk assessments for federal systems and, upon request, critical information infrastructure.”’
*“If an intrusion is detected, DHS will have the authority to deploy and operate detection and prevention systems on any government network.”
*“DHS will also establish a cybersecurity information sharing center to increase cooperation between all relevant stakeholders including federal, state, and local governments as well as the private sector.”
*“Administration officials say that the proposed law is designed to facilitate cooperation with the private sector and is a signal that no single entity can effectively guard against all cyber security threats.”
*“The legislation was sent to Congress on 12 May and is currently being debated.”
*[[Cybersecurity]], [[Law]]
”’Editors”’,“DARPA Building Stronger Cyber Defense” 20 May 2011, Homeland Security Newswire [http://homelandsecuritynewswire.com/darpa-building-stronger-cloud-cyber-defenses] Last Checked 20 May 2011.
*Pentagon researchers are seeking to develop cloud-based computing networks that can remain operational even while under cyber attack.”
*The Defense Advanced Research Projects Agency (DARPA), the Department of Defense’s advanced research department, is working on a project called Mission oriented Resilient Clouds (MRC) which aims to build resiliency into existing cloud networks to preserve ‘mission effectiveness’ during a cyberattack.”
*MRC is part of DARPA’s broader cybersecurity efforts which include the Clean-slate design of Resilient, Adaptive, Secure Hosts (CRASH) program, a companion project to MRC.”
*CRASH researchers hope to increase security by limiting the vulnerabilities to the hosts of cloud-computing infrastructure.”
*Before the U.S. military moves too far ahead with cloud based computing systems it wants to ensure that its sensitive and mission-critical data is not vulnerable to cyberattack.”
*To help secure its networks, DARPA is exploring several defense mechanisms with MRC including redundant hosts, correlating attack information from across the ensemble, and providing for diversity across the network.”
*MRC is still in the early phases of development and DARPA has not revealed too much information about the program.”
*[[Cybersecurity]]
”’Homeland Security Newswire,”’ “DHS cybersecurity chief resigns”, 26 May 2011, Homeland Security Newswire. [http://www.homelandsecuritynewswire.com/dhs-cybersecurity-chief-resigns]
*“Just days after the White House unveiled its comprehensive plan for securing government networks from cyber attacks, one of the government’s top cyber security officials announced that he was resigning.”
*“At DHS it was his chief responsibility to liaise with other federal agencies like the Department of Defense to protect critical cyber infrastructure.”
*“I n addition his department spearheaded efforts and coordinated procedures to secure networks across all federal agencies.”
*“Greg Schaffer, the Assistant Secretary of the DHS Office of Cybersecurity and Communications, has been appointed as the acting deputy undersecretary in the interim.”
*[[Cybersecurity]]
”’Homeland Security Newswire,”’ “Pentagon to help protect U.S. cyber assets, infrastructure”, 26 May 2011 Homeland Security Newswire. [http://www.homelandsecuritynewswire.com/pentagon-help-protect-us-cyber-assets-infrastructure]
*“The U.S. Defense Department is now sharing cybersecurity information, capabilities, and expertise with DHS, a Pentagon official said on Monday, 23 May.”
*“American Forces Press Service reports that the plan calls for DHS to lead the effort to protect Americans, the U.S. critical infrastructure, and the federal government’s computer networks.”
*“It would work in close collaboration DHS and the departments of Justice and Commerce better to safeguard cyberspace.”
*“Just as our reliance on critical infrastructure has grown, so have the threats…”
*“The military is “critically dependent” on the civilian power generation grid, telecommunications, transportation and other sectors run on computer networks.”
*‘“Cyber attacks have become so pervasive as to create “a real possibility of a large-scale attack on any of our nation’s critical infrastructure,…”’
*“The status quo (in cybersecurity) is no longer acceptable — not when there is so much at stake…”
*“Some 2 billion people worldwide use the Internet, and an estimated $1 trillion is lost annually to cyber crimes…”
*“Congress and U.S. executive departments, they added, are the target of about 1.8 billion cyber attacks per month.”
*“The collaboration between Defense and DHS has grown into joint coordination at U.S. Cyber Command and the National Security Agency (NSA) at Fort Meade, Maryland, and the sharing of information, capabilities, and employees.”
*“DHS, Defense, and NSA officials meet regularly and have weekly teleconferences to coordinate cybersecurity.”
*‘“DOD has unparalleled technical expertise and cyber expertise. In DHS, we’ve built up our own expertise, working broadly across agencies.”’
*“Homeland Security will stay “operationally synched” with the Defense Department, and both departments and NSA will deploy cyber experts to work at each others’ sites,…”
*[[Cybersecurity]]
”’Homeland Security Newswire,”’ “DHS invests $10 million to build open source software”, 26 May 2011 Homeland Security Newswire. [http://www.homelandsecuritynewswire.com/dhs-invests-10-million-build-open-source-software]
*“The Georgia Tech Research Institute is leading a $10 million DHS funded initiative to develop open source cybersecurity solutions for government use.”
*“One of the goals of the program, dubbed the Homeland Open Security Technology (HOST), is to demonstrate that open-source programs are just as secure from malicious code as proprietary software if not more.”
*“Other project partners include the University of Texas at Austin and the Open Information Security Foundation.”
*“If someone wants to get into your software, it’s irrelevant” if the code is open source or not,…”
*“Open source software is more secure than traditional software as it is more adaptable and offers greater flexibility when addressing security threats.”
*“The five-year program will occur in three phases.”
*“In the first phase, researchers will examine what open source software is currently available that could potentially serve government needs.”
*“ In the second phase, researchers will take the selected software and connect government agencies with programmers to further develop the software. “
*“The final stage will invest money in promising open-source projects.”
*“The strategic objective of the HOST program is to lead efforts of discovery and collaboration, seeding development in open source software and practices that produce a measurable impact for government cyber security systems…”
*“The collaborative nature of open source and open technologies provide unique technical and economic value and opportunities for government users.”
*“While open source software is generally less expensive than proprietary software, Weathersby said that the goal of the project was not to save money but rather to create the most secure software for government networks.”
*“The whole point at the end of the day is increasing national defense,…”
*[[Cybersecurity]]
”’Homeland Security Newswire,”’ “DHS to double its cybersecurity staff”, 26 May 2011, Homeland Security Newswire. [http://www.homelandsecuritynewswire.com/dhs-double-cybersecurity-staff]
*“DHS recently announced that it plans to increase its cybersecurity workforce by more than 50 percent so that it can lead government-wide efforts to secure federal networks against cyber attacks as outlined in President Obama’s recently proposed cybersecurity plan.”
*“DHS plans to hire 140 additional cybersecurity experts by October 2012 bringing the agency’s total to 400.”
*“This decision comes as part of President Obama’s plan to secure both federal networks and critical infrastructure from malicious cyberattacks.”
*“Under the proposed legislation, DHS would act as the lead agency in coordinating cybersecurity measures across the government and would also be responsible for ensuring that private operators of critical infrastructure have adequate security measures in place.”
*“Critical infrastructure operators would be required to submit cybersecurity plans to DHS auditors who would review the plans.”
*“ If the plans are deemed inadequate the firms could face legal or financial penalties.”
*‘“DHS will be the new sheriff in cyber town that we need.”’
*[[Cybersecurity]]
”’Homeland Security Newswire,”’ “U.S. intelligence sets up cyber defense office in Estonia”, 31 May 2011, Homeland Security Newswire. [http://www.homelandsecuritynewswire.com/us-intelligence-sets-cyber-defense-office-estonia]
*“The United States will open an office in the Estonian capital Tallinn to help bolster the fight against cyber-crime,…”
*‘““Estonia was selected as the site for the new secret service office due to both the investigative nexus it provides in combating cyber and financial crimes…”’
*“The office, due to be opened Friday, will have a staff of four.”
*‘“Tallinn will also serve as a prime location from which to engage counterparts in Russia and throughout the Nordic region…”’
*“The European Union nation of 1.3 million became one of the world’s most cyber-focused nations, earning the nickname “E-stonia.”’
*“Since falling victim to a Russian-based cyberwar in 2007, it has become a leader in finding ways to fending off online attacks, and hosts NATO’s IT-defense facility.”
*“It also created a volunteer unit of cyber-experts late last year within the Estonian Defense League…”
*[[Cybersecurity]]
”’Drew, Christopher, John Markoff”’,“Lockheed Strengthens Network Security After Hacker Attack”, 29 May, 2011, nytimes.com. [http://www.nytimes.com/2011/05/30/business/30hack.html?_r=2&ref=lockheedmartincorporation].
*“Lockheed Martin said on Sunday that it had stepped up its investigation into a sophisticated hacking attack on its computer networks and bolstered security measures for gaining remote access to its systems.”
*“They were still trying to determine whether the attack had relied on any data that hackers had stolen from RSA in March or if it had exploited another weakness.”
*“Lockheed and RSA Security, which supplies coded access tokens to millions of corporate users and government officials…”
*“Lockheed, which is based in Bethesda, Md., said on Saturday night that the attack, which occurred on May 21, was “significant and tenacious.”
*“They had stopped the attack shortly after hackers got into a system, adding that no customer or company data was compromised.”
*“Lockheed Martin, the nation’s largest military contractor, and other military companies face frequent attacks from hackers seeking national security data.”
*“Lockheed also had accelerated a plan to increase network security.”
*“Lockheed also switched to eight-digit access codes from four-digit codes, which are randomly generated by the tokens.”
*[[Cybersecurity]], [[Hacker]]
”’PHYSORG.com,”’ “Pentagon: All options on table in Cyber-attack”, 31 May 2011, PHYSORG.com. [http://www.physorg.com/news/2011-05-view-major-cyber-war.html]
*“The Pentagon said Tuesday that it would consider all options if the United States were hit by a cyber-attack as it develops the first military guidelines for the age of Internet warfare.”
*“President Barack Obama’s administration has been formalizing rules on cyberspace amid growing concern about the reach of hackers.”
*“The White House on May 16 unveiled an international strategy on cyber-security which said the United States “will respond to hostile acts in cyberspace as we would to any other threat to our country.”
*‘“We reserve the right to use all necessary means — diplomatic, informational, military, and economic — as appropriate and consistent with applicable international law, in order to defend our nation, our allies, our partners and our interests,…”’
*“The White House policy did not rule out a military response to a cyber-attack.”
*“The Pentagon was drawing up an accompanying cyber defense strategy which would be ready in two to three weeks.”
*“The strategy would classify major cyber-attacks as acts of war, paving the way for possible military retaliation.”
*“The newspaper said that the strategy was intended in part as a warning to foes that may try to sabotage the US electricity grid, subways or pipelines.”
*“The newspaper said the Pentagon would likely decide whether to respond militarily to cyber-attacks based on the notion of “equivalence” — whether the attack was comparable in damage to a conventional military strike.”
*“Such a decision would also depend on whether the precise source of the attack could be determined.”
*“The US military suffered its worst cyber-attack in 2008.”
*‘“ Deputy Secretary of Defense William Lynn said that a malicious flash drive — likely from a foreign spy agency — spread and commandeered computers at US Central Command, which runs the war in Afghanistan.”’
*“In cyber-warfare, aggressors are often mysterious and hence would not fear immediate retaliation — a key theoretical framework in traditional warfare.”
*“It may be that the best response is not to use force, but what this policy will say is that an attack is an attack and could be met by force.”
*“While stepping up defenses, some believe the United States may also be pursuing cyber war. “
*“Iran has accused the United States and Israel of last year launching Stuxnet, a worm that reportedly wreaked havoc on computers in the Islamic republic’s controversial nuclear program”
*“The United States and Israel both declined to comment on Stuxnet.”
*[[Cybersecurity]]
”’Homeland Security Newswire”’, “Data breaches comprise nearly 8 million medical records”, 1 June 2011, Homeland Security Newswire. [http://www.homelandsecuritynewswire.com/data-breaches-compromise-nearly-8-million-medical-records]
*“In the last two years alone nearly eight million people have had their medical records stolen or compromised.”
*“At seven large hospitals in New York, California, Massachusetts, Missouri, Georgia, Illinois, and Texas, HHS investigators found that unencrypted personal data was kept on computers that were easily accessed by unauthorized users.”
*“The revelation that millions of people have had their personal medical records stolen could slow the Obama administration’s efforts to digitize the nation’s health care records.”
*“It’s a huge challenge. Break-ins and hacks are unfortunately going to be part of the landscape.”
*“A recent Carnegie Mellon University study found that at least thirty people or organizations have access to an average individual’s health care records.”
*“It is unrealistic to believe that the government can design a system that prevents all medical records from being compromised.”
*“conversion to electronic health records may be one of the most transformative issues in the delivery of health care, lowering medical errors, reducing costs and helping to improve the quality of outcomes.”
*[[Cybersecurity]]
”’Homeland Security Newswire”’, “U.S. will “View major cyber attacks as acts of war””, 1 June 2011, Homeland Security Newswire. [http://www.homelandsecuritynewswire.com/us-will-view-major-cyber-attacks-acts-war]
*“The Pentagon has adopted a new strategy that will classify major cyber attacks as acts of war, paving the way for possible military retaliation…”
*“Pentagon plans to unveil its first-ever strategy regarding cyber warfare next month, in part as a warning to adversaries who may try to sabotage the U.S.’s electricity grid, subways, or pipelines.”
*““If you shut down our power grid, maybe we will put a missile down one of your smokestacks,…””
*“The strategy would maintain that the existing international rules of armed conflict — embodied in treaties and customs — would apply in cyberspace.”
*“The decision to formalize the rules of cyber war comes after the Stuxnet attack last year ravaged Iran’s nuclear program.”
*“That attack was blamed on the United States and Israel, both of which declined to comment on it.”
*“It said the Pentagon would likely decide whether to respond militarily to cyber attacks based on the notion of “equivalence” — whether the attack was comparable in damage to a conventional military strike.”
*“PCWorld reports that such a decision would also depend on whether the precise source of the attack could be determined.”
*[[Cybersecurity]]
”’Homeland Security Newswire”’, “U.S. unveils New cybersecurity strategy”,  15 July 2011, Homeland Security Newswire. [http://www.homelandsecuritynewswire.com/us-unveils-new-cybersecurity-strategy]
*“William Lynn, the outgoing deputy secretary of defense, yesterday unveiled a new U.S. cyber security strategy.”
*“The new strategy will move away from a purely defensive posture to treating cyberspace, in Lynn’s words, as an “operational domain” in which well-trained forces engage in both defensive and offensive moves.”
*“the United States would prefer not to militarize cyberspace, but that the overriding concern was to fashion a strategy which would secure critical infrastructure and strategic networks.”
*““Our ability to identify and respond to a serious cyber attack is … only part of the strategy. Our strategy’s overriding emphasis is on denying the benefit of an attack, …””
*““If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place.””
*“the Pentagon would introduce new operating concepts and capabilities on its networks, such as sensors, software and signatures to detect and stop malicious code before it affects U.S. operations.”
*““Far from militarizing cyberspace, our strategy of securing networks to deny the benefit of an attack will help dissuade military actors from using cyberspace for hostile purposes, …””
*““Our responsibility is to acknowledge this new environment and adapt our security instruments to it,…”
*““That is the purpose of the DoD Cyber Strategy. We must prepare.””
*“Until recently, the military’s cyber effort was run by a loose confederation of joint task forces spread too far and too wide, both geographically and institutionally, to be fully effective…”
*“the DOD strategy will hinge on active defense systems, planning and coordination with the Homeland Security Department and a strong public-private partnership…”
*““The unclassified version [of the new strategy], you will find, follows much of what was in the administration’s [international cyber strategy released in May], …””
*““This isn’t about acts of war — this is about an overall cyber strategy, and how we defend ourselves against cyber threats.””
*[[Cybersecurity]]
”’Homeland Security”’, “United States and India sign Cybersecurity Treatment”, 19 July, 2011, dhs.gov. [http://www.dhs.gov/ynews/releases/20110719-us-india-cybersecurity-agreement.shtm]
*“NEW DELHI—The United States and India signed a Memorandum of Understanding (MOU) today to promote closer cooperation and the timely exchange of information between the organizations of their respective governments responsible for cybersecurity.”
*“The agreement helps fulfill the joint commitment of both nations to advancing global security and countering terrorism, one of the pillars of the U.S.-India Strategic Dialogue launched on July 20, 2009.”
*“Previously, Secretary of Homeland Security Janet Napolitano traveled to India in May to launch the U.S.-India Homeland Security Dialogue (HSD) with Indian Minister of Home Affairs P. Chidambaram.”
*“he 2011 HSD was the first comprehensive bilateral dialogue on homeland security issues between the United States and India.”
*“During her visit, the countries agreed to create the MOU, and negotiations for the non-binding arrangements were concluded at the June 2011 meeting…”
*“The MOU establishes best practices for the exchange of critical cybersecurity information and expertise between the two governments through the Indian Computer Emergency Response Team (CERT-In)…”
*“Through this arrangement, the respective governments and broader cybersecurity communities in both the United States and India will have the ability to coordinate with their counterparts on a broad range of technical and operational cyber issues.”
*[[Cybersecurity]], [[India]]
”’Emery, Daniel”’, “Governments, IOC and UN hit by massive cyber attack”, 3 August, 2011, bbc.co.uk. [http://www.bbc.co.uk/news/technology-14387559]
*“IT security firm McAfee claims to have uncovered one of the largest ever series of cyber attacks.”
*“It lists 72 different organisations that were targeted over five years, including the International Olympic Committee, the UN and security firms.”
*“McAfee will not say who it thinks is responsible, but there is speculation that China may be behind the attacks.”
*“Beijing has always denied any state involvement in cyber-attacks, calling such accusations “groundless.””
*““This is a whole different level to the Night Dragon attacks that occurred earlier this year. Those were attacks on a specific sector. This one is very, very broad.””
*“Dubbed Operation Shady RAT – after the remote access tool that security experts and hackers use to remotely access computer networks…”
*“In many cases we found evidence that intellectual property (IP) had been stolen.”
*“The United Nations, the Indian government, the International Olympic Committee, the steel industry, defence firms, even computer security companies were hit…”
*“McAfee said it did not know what was happening to the stolen data, but it could be used to improve existing products or help beat a competitor, representing a major economic threat.”
*“This was what we call a spear-phish attack, as opposed to a trawl, where they were targeting specific individuals within an organisation,…”
*““An email would be sent to an individual with the right level of access within the system; attached to the message was a piece of malware which would then execute and open a channel to a remote website giving them access.””
*““Once they had access to an organisation, they either did what we would call a ‘smash-and-grab’ operation, where they would try and grab as much information before they got caught,…””
*““Or they sometimes embedded themselves in the network and [tried to] spread across different systems within an organisation.””
*““very likely China was behind the campaign because some of the targets had information that would be of particular interest to Beijing.””
*““We cannot prove it’s China. That doesn’t mean we should be naive. Every country in the world is probably using the internet to spy.””
*““Sometimes it’s not about stealing your money or publicly leaking your data. It’s about quietly stealing your information, which can have a very high political, military or financial value.””
*[[Cybersecurity]], [[China]], [[Hacker]]
”’Fallon, Jim”’, “U.S. Export Control Reform: Getting It Right This Time,” 10 August 2011, Microwave Journal, [http://www.mwjournal.com/Article/Export_Control_Reform_Getting_Right_Time/AR_11232/] Last Visited 11 August 2011.
*“The [Obama] [A]dministration’s plan for Export Control Reform (ECR) — to make the system work for us as part of our national security strategy, not against us – is indeed a visionary approach for those of us who have been involved in this bureaucratic nightmare for many years.”
*“The goal is also to be better able to monitor and enforce controls on technology transfers with real security implications while helping to speed the provision of equipment to allies and partners who fight alongside us in coalition operations.”
*“The Cold War is over and so are most of the assumptions that led us to this point in the evolution of Export Control Laws and Regulations.”
*“Today, we fight in ‘cyberspace domains at the speed of light.’ And our Export Control Systems must be brought up to new standards and be re-evaluated in that context.”
*“[Export Control laws] should reflect how we deal with our closest allies internationally, both as close friends and as military coalition partners.”
*“We must protect the critical technology in the U.S. in the proper fashion from all the ‘bad guys.’ But our Export Control laws must reflect the world we live in today.”
*“The context for this discussion is clear – our laws need to keep pace with advancing technology in a globally connected world economy. U.S. military supremacy depends on our warfighters having a clear technological advantage.”
*“Technology is the critical factor that determines support for our national military strategy, and most importantly, is the key underpinning used to protect and support our warfighters on the battlefield.”
*“This whole discussion is really all about one thing – ‘a big reset’ that is coming – on how we will come together and implement Export Control Reform.”
*[[Export Control]], [[Nonproliferation]], [[Cybersecurity]]
”’Homeland Security Newswire”’, “General Dynamics teams up with Virginia Tech to bolster cybersecurity”, 8 September 2011, Homeland Security Newswire. [http://www.homelandsecuritynewswire.com/general-dynamics-teams-virginia-tech-bolster-cybersecurity]
*“Defense giant General Dynamics’ cybersecurity division has teamed up with Virginia Tech to help strengthen the nation’s cybersecurity research capabilities.”
*“On Wednesday, the company announced that its Advanced Information Systems branch will assist Virginia Tech with its new Security and Software Engineering Research Center.”
*“The strides we make in cyber security benefit not only industry, but protect our national security as well.”
*“The new cybersecurity facility was founded with the help of a five-year National Science Foundation grant designed to bolster the nation’s software engineering and cybersecurity capabilities…”
*““It is vital to America’s security that industry remains a prominent contributor in the education and training of our future cyber leaders,…””
*““We expect this center for cyber research to improve our customers’ mission capability and strengthen their defenses on the Internet…””
*[[Cybersecurity]]
”’Baldor, Lolita”’, “Study: U.S. Must Develop Cyberintelligence,” 12 September 2011, Washington Times [http://www.washingtontimes.com/news/2011/sep/12/study-us-must-develop-cyberintelligence/] Last Checked 12 September 2011.
*“A new study warns that the United States must develop cyberintelligence as a new and better coordinated government discipline that can predict computer-related threats and deter them.”
*“The report by the Intelligence and National Security Alliance says the dramatic expansion of sophisticated cyberattacks has moved beyond acceptable losses for government and businesses that simply threaten finances or intellectual property.”
*“INSA, a nonpartisan national security organization, says the U.S. must develop strategies beyond the current ‘patch and pray’ procedures, create cyberintelligence policies, coordinate and share intelligence better among government agencies and businesses, and increase research on attack attribution and warnings.”
*“The report comes amid growing worries that the U.S. is not prepared for a major cyberattack, even as hackers, criminals and nation-states continue to probe and infiltrate government and critical business networks millions of times a day.”
*“INSA’s report also lays out the growing threats from other nations — including those who are friendly, corrupt or just unable to control hackers within their borders.”
*“While it doesn’t name the countries, it notes that failed states provide opportunities for hackers, as they do for criminals and terrorists, while other nations tolerate the criminals as long as they concentrate their activities beyond their borders.”
*“U.S. officials long have pointed to Russia and China, as well as a number of Eastern European nations, as some of the leading safe havens for cybercriminals or government-sponsored or -tolerated hacking.”
*“At the same time, the report warns that the U.S. also has outsourced much of the design and maintenance of computer technology to other countries, where potential adversaries easily can insert themselves into the supply chain.”
*“The U.S. must develop effective cyberintelligence so officials can assess and mitigate the risks.”
*“Many of the report’s observations echo sentiments expressed by Pentagon and Department of Homeland Security officials who have been struggling to improve information-sharing between the government and key businesses. But efforts to craft needed cybersecurity legislation have stalled on Capitol Hill.”
*[[Cybersecurity]]
”’Homeland Security Newswire”’, “Safeguarding the internet of tomorrow”, 14 September 2011, Homeland Security Newswire. [http://www.homelandsecuritynewswire.com/safeguarding-internet-tomorrow]
*“The Centre for Secure Information Technologies’ (CSIT) Belfast 2011 Cyber Summit represent a global collective strategy for world’s leading research institutes.”
*“These recommendations include developing self-learning, self aware cyber security technologies, protecting smart utility grids, and enhancing the security of mobile networks.”
*“The summit concluded that these are among the top research priorities needed to safeguard the Internet of tomorrow,…”
*“A Queen’s University Belfast release reports that the Belfast 2011 event attracted international cyber security experts from leading research institutes, government bodies and industry…”
*“who gathered to discuss current cyber security threats, predict future threats and the necessary mitigation techniques, and to develop a collective strategy for next generation research.”
*“The collective research strategy contained in the report identifies four research themes critical to the ongoing creation of cyber security defenses.”
*“Protection of smart utility grids — research aims in this field will comprise: smart grid requirements gathering methodology; protection technologies for smart grid components; secure technologies for smart grid communications; …”
*“Security of the mobile platform and applications — research in this space will target not only malicious applications but also mobile cyber security problems introduced by the configuration and use of mobile networks,…”
*“Multi-faceted approach to cyber security research — research will take into account social behavioral norms and societal desires in cyber space, …”
*“Our ambition is that this strategy will help to inform global cyber security research and act as a driver for cyber security roadmap definition over the coming year.”
*[[Cybersecurity]]
”’Homeland Security Newswire”’, “U.S. – Australia announce cyber defense treaty”, 19 September, 2011, Homeland Security Newswire. [http://www.homelandsecuritynewswire.com/us-australia-announce-cyber-defense-treaty]
*“Last week, the United States and Australia announced a mutual defense treaty that declared a cyberattack on one would result in retaliation by both nations.”
*“The latest announcement comes as an addition to the Australia, New Zealand, United States Security treaty (ANZUS), which commits the three nations to support one another if one is attacked.”
*“The treaty, signed sixty years ago, now includes cyber attacks as well as physical attacks.”
*“This new agreement appears to be the first instance of a mutual defense treaty in the cyber realm outside of NATO.”
*“The treaty highlights how the United States percieves cyber attacks.”
*““I think it’s in large measure a recognition of what I’ve been saying time and time again, which is that cyber is the battlefield of the future…””
*“The Obama administration released its cyberescurity strategy that similarly announced that certain cyber attacks would result in retaliation that could potentially involve a physical response.”
*“So far, the majority of cyber attacks have been focused on stealing sensitive data.”
*“In July, the Pentagon revealed that a foreign intelligence service stole 24,000 files from a U.S. defense contractor earlier this year.”
*““We’re all going to have to work very hard not only to defend against cyber attacks but to be aggressive with regards to cyber attacks as well.””
*[[Cybersecurity]], [[Australia]]
”’Security park.net”’, “The vulnerability of sensitive Biometric data storage systems”, 20 September, 2011, securitypark.co.uk. [http://www.securitypark.co.uk/security_article266669.html]
*“The latest cyberattacks prove “One Time Password” (SecurID) has failed to protect faked “legitimate” access.”
*“Significant federal sites with RSA protection were recently breached.”
*“Biometric storage methods define conditions for individual identification by storing indefeasible characteristics in national, government and private databases.”
*“Storing biometric data gives hackers the obvious potential to hack, copy, clone or manipulate sensitive/irreplaceable information in minutes.”
*“Whether it is Firewalls, Intrusion Detection Systems, Intrusion Prevention System, Private Key Infrastructure, Application Security, Secure Socket Layers, SecurID’s, or Load Balancers, facts show that none of these security measures can prevent hacking,…”
*“The best bet is to attack vulnerable endpoints, or computers that are connecting remotely and are not likely under the direct control of the organization’s security policies…”
*“Currently there is no single technology that can mitigate the weakest link in the security chain; End-User Authentication, a legal access made by a set of composite Phishing or Crawling acts, triggering global cyber attacks.”
*“There are no pragmatic, arithmetical, or automatic means to compare a legitimate individual’s unequivocal identity record with computers…”
*“In this electronically interconnected world, weak real remote authentication of the end-user is the gap that allows hackers to use counterfeited legitimate entry with simple, front door credentials, hiding themselves behind undiscoverable secure tunnels.”
*“High tech savvy hackers use system security measures themselves to gain access.”
*“Any electronic data storage method, such as RFID chips or smart storage cards, which contain irreplaceable personal data that can be read by third parties, gives it the obvious potential to be hacked, copied, cloned and manipulated in minutes.”
*“Storing easily penetrable Biometric information on contactless smart cards is doomed for long-term failure.”
*“As of now, the only logical way to authenticate humans without putting any personal information at risk is via the use of a completely anonymous traceless authentication system.”
*“The question we are faced with is how can we truly use biometric information without risking or collecting it or even without separating it from its owner’s physical body?”
*“The reason biometric collection is dangerous is not because it is not a good idea; it is because it is extremely inefficient and fenceless.”
*[[Cybersecurity]], [[Hacker]]
”’Jackson, William”’, “US Defense Falling Behind Capabilities of Cyber Attackers” 20, September 2011, redmondmag.com. [http://redmondmag.com/articles/2011/09/20/us-defenses-falling-behind-capabilities-of-cyber-attackers.aspx]
*“According to former presidential adviser Richard Clarke, the U.S.’s cyber defense is falling behind the resources and expertise of attackers, which leaves critical infrastructure and data vulnerable to increasingly sophisticated attacks.”
*“The recent string of high-profile breaches of government and corporate IT systems illustrates the evolving threat landscape in which the advantage has shifted to the offense,…”
*“Most enterprises still rely on static, first-generation IT security tools to secure an increasingly porous and ill-defined perimeter and do not protect against a new generation of advanced persistent threats,…”
*““If someone wants to get into your network, they can get in. All the money you spent on antivirus software and firewalls won’t stop it.””
*“Those who want to get into U.S. networks often are well-financed criminal organizations or nation-states, which have siphoned terabytes of data in the past several years.”
*””While it may appear to give America some sort of advantage, in fact cyber war places this country at greater jeopardy than it does any other nation.””
*“The apparent success of the Stuxnet worm, a sophisticated software weapon that targeted and damaged Iranian uranium enrichment facilities, illustrates some of the challenges of waging cyber war.”
*“The source of Stuxnet is not known, although analysts said it is the work of a well-funded, long-term project.”
*“There is speculation that it was created by Israel and/or the United States.”
*“Another challenge to waging cyber war is the ability to determine the source of attacks.”
*“Although there is growing evidence that other nations, most notably China, are involved in malicious cyber activities targeting U.S. resources,…”
*“These new systems could take the form of separate networks for mission-critical activities…”
*“Either physically separated from existing infrastructure or using a different set of protocols from the TCP/IP now underlying the Internet and associated networks.”
*[[Cybersecurity]]
”’Tabuchi, hiroko”’, “U.S. Expresses Concern About New Cyberattacks in Japan”, 22, September 2011, nytimes.com [http://www.nytimes.com/2011/09/22/world/asia/us-expresses-concern-over-cyberattacks-in-japan.html?_r=1&scp=3&sq=cyber%20security&st=cse]
*“The United States gave a stern warning on Wednesday over recent cyberattacks on Japan’s biggest defense contractors, the latest in a series of security breaches that have fueled concern about Tokyo’s ability to handle delicate information.”
*“An online assault on defense contractors including Mitsubishi Heavy Industries, which builds F-15 fighter jets and other American-designed weapons for Japan’s Self-Defense Forces,…”
*“The breach came less than two weeks after a Japanese air traffic controller was questioned for posting secret American flight information on his blog.”
*“The breaches threaten to undermine any progress made by Japan, an important American ally, in bolstering cybersecurity in recent years.”
*“The Japanese government had promised to revamp its security procedures after a Japanese Navy officer was arrested in 2007 over the leak of classified data on the United States Navy’s advanced Aegis combat radar system,…”
*“For every country, these kinds of intrusions have the potential for long-term negative impact and must be taken seriously,…”
*“This is why cybersecurity must be a public sector priority in close collaboration with the private sector.”
*“Mitsubishi Heavy Industries said Monday that its computer systems had been hacked and that some network information may have been compromised.”
*“According to the company, 83 computers and servers at 11 locations, including its Tokyo headquarters, factories, and a research and development center were accessed in the attack.”
*“But an investigation by a security company has revealed that connections were made to 14 overseas sites, including at least 20 servers in China, Hong Kong, the United States and India,…”
*“It has previously experienced breaches in security, including the loss of data on nuclear reactor tests in 2006 and on its fighter jets in 2003.”
*“This year, Lockheed Martin was the victim of a sophisticated hacking attack.”
*[[Cybersecurity]], [[Japan]], [[China]], [[Hacker]]
”’GJelten, Tom”’, “Security Expert: U.S. ‘Leading Force’ Behind Stuxnet”, 26, September 2011, npr.org. [http://www.npr.org/2011/09/26/140789306/security-expert-u-s-leading-force-behind-stuxnet?sc=17&f=1001]
*“One year ago, German cybersecurity expert Ralph Langner announced that he had found a computer worm designed to sabotage a nuclear facility in Iran. It’s called stuxnet, …”
*“In the year since, Stuxnet has been analyzed as a cyber-superweapon, one so dangerous it might even harm those who created it.”
*“I’m in this business for 20 years, and what we saw in the lab when analyzing Stuxnet was far beyond everything we had ever imagined,…”
*“It was a worm that could burrow its way into an industrial control system, the kind of system used in power plants, refineries and nuclear stations.”
*“It ignored everything it found except the one piece of equipment it was seeking; when the worm reached its target, it would destroy it.”
*“Langner also realized after analyzing the Stuxnet code that it was designed to disable a particular nuclear facility in Iran.”
*“He couldn’t imagine who could have created the worm, and the level of expertise seemed almost alien.”
*“Thinking about it for another minute, if it’s not aliens, it’s got to be the United States,…”
*“The code is available on the Internet for dissection by anyone who has the motivation or money to do so.”
*“U.S. utility companies are not yet prepared to deal with the threat Stuxnet represents.”
*“Homeland Security officials insist measures are being taken to defend U.S. infrastructure against cyberattack.”
*[[Cybersecurity]]
”’Homeland Security Newswire”’, “Pentagon expends cyber networks security project”, 27 September, 2011, Homeland Security Newswire. [http://www.homelandsecuritynewswire.com/pentagon-expends-cyber-networks-security-project]
*“The Pentagon plans to extend a cyber defense pilot program intended to help protect U.S. defense contractors from cyberattacks to more private companies, subcontractors, and industries such as power plants,…”
*“Other governmental agencies, such as DHS, are evaluating the program, which entails, in part, the sharing of intelligences with the private sector,…”
*“The Pentagon’s counter-cyberattack program involves twenty defense contractors…”
*“Could be extended through mid-November in an effort to include more companies and subcontractors.”
*“Data from the Defense Cyber Crime Center shows the number of investigations more than tripled over the past ten years…”
*[[Cybersecurity]]
”’Karam, Zeina”’, “Syria wages cyber warfare as websites hacked”, 27 September, 2011, newsday.com. [http://www.newsday.com/business/technology/syria-wages-cyber-warfare-as-websites-hacked-1.3205305]
*“Pro- and anti-government activists in Syria are increasingly turning to the Internet, hacking and defacing websites in an attempt to win a public relations victory.”
*“Shadowy online activist groups have hacked into at least 12 Syrian government websites in recent days, replacing their content with interactive maps and statements detailing atrocities by security forces against protesters.”
*“The groups say their actions are in response to the regime’s tactics.”
*“Since early in the uprising, a group of pro-government hackers known as the Syrian Electronic Army has used the Internet to attack opposition activists and their perceived backers…”
*“On Monday, pro-Assad hackers briefly defaced Harvard University’s website, replacing the home page with an image of Assad together with a message accusing the U.S. of supporting the uprising against him and threatening retaliation.”
*“The other websites or Facebook pages reportedly targeted by the group include those of Oprah Winfrey, Newsweek magazine and Brad Pitt. Pitt’s partner, Angelina Jolie, is a U.N. goodwill ambassador who visited thousands of Syrian refugees in Turkey in June.”
*“The Syrian Electronic Army has been trying to root out prominent activists in Syria and recent evidence suggests it has begun waging cyber-war against entities from countries that oppose the regime,…”
*““The Syrian Electronic Army claims on its Facebook page that it has no affiliation with the Assad regime and was founded by ordinary Syrians who want to defend the country against “fabrications and distortions of events in Syria.””
*“But the impact of the online attacks has been limited since counterattacks were launched by the hacker group Anonymous as well as two other loose groupings of hackers made up mostly of Syrian activists, the so-called Free Hackers Union and RevoluSec.”
*“It is an electronic war. It’s legitimate. As long as it isn’t hurting anyone, we are ready to wage it until the end,…”
*“RevoluSec and Anonymous said Monday they were behind the latest attacks targeting the websites of several Syrian government ministries and some major Syrian cities.”
*“Monday’s hacking shows that the Syrian government has not erected sufficient defensive safeguards, despite reported training from its ally Iran on how to deal with the protest movement and mounting a sophisticated response.”
*“Anonymous said on its website that 12 government websites had been defaced by RevoluSec. Most have since been restored, but some were still down.”
*““Our goal is to raise public awareness of the abhorrent actions of the brutal Assad regime and the bloody war that it wages on its own people,…””
*[[Cybersecurity]], [[Hacker]]
”’Homeland Security Newswire”’, “Securing financial infrastructure against cyberattacks”, 30 September, 2011, homelandsecurity.newswire.com. [http://www.homelandsecuritynewswire.com/securing-financial-infrastructure-against-cyberattacks]
*“To protect the U.S. financial sector from increasingly ubiquitous and costly cyberattacks, DHS plansto work more closely with other federal agencies as well as the private sector to defend against hackers.”
*““To achieve our shared goals, we need to increase the sharing of timely and relevant intelligence information concerning cybersecurity threats with financial sector stakeholders.””
*“DHS plans to work with cyber intelligence and analysis to address specific threats that face the financial industry.”
*“DHS already offers direct assistance to individual companies by assisting in analysis, improving their cyber defenses, and helping to respond to security breaches.”
*“In the coming months, DHS will expand on a pilot program that sends qualified financial IT experts to banking and financial companies to help analyze and respond to threats.”
*[[Cybersecurity]]
”’Wilson, Aleta; Wilson, Clay”’, “THE EFFECTS OF U.S. GOVERNMENT SECURITY REGULATIONS ON THE CYBERSECURITY PROFESSIONAL,” [http://eds.b.ebscohost.com/eds/pdfviewer/pdfviewer?vid=5&sid=82a433c5-ca94-4de6-a605-4b6ad38606b2%40sessionmgr111&hid=113], October 2011, ALERI, Last Checked Oct. 2015.
*“There is a shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of the Comprehensive National Cybersecurity Initiative.” (p. 5)
*“Department of Homeland Security (DHS) Secretary Janet Napolitano defines Cybersecurity professionals as employees responsible for “… cyber risk and strategic analysis; cyber incident response; vulnerability detection and assessment; intelligence and investigation; and network and systems engineering.” (p. 6)
*“The federal government’s cybersecurity workforce is broken, facing a serious shortage of trained personnel, an over-reliance on contractors and a hiring process that doesn’t attract the right candidates, according to a new report from the non-profit Partnership for Public Service.” (p. 7)
*“Many of the current cyber jobs will become vacant over the next 10 years as half of the defense workforce becomes eligible to retire.” (p. 9)
*[[Cybersecurity]], [[Executive]]

”’Dilanian, Ken”’, “Idaho lab concentrates on cyber-security”, 1 October, 2011, latimes.com. [http://www.latimes.com/news/nationworld/nation/la-na-idaho-cyber-20111001,0,6859511.story]
*“At the Idaho National Laboratory is to find and stop what experts warn is a growing risk to America: a cyber-attack that could disable water systems, chemical plants or parts of the electrical grid.”
*“Attacks could come from disgruntled employees or criminal networks intent on extortion, publicity or mischief.”
*“China, Russia, Iran and North Korea already have cyber-weapons that can target critical nodes in the U.S. economy, including utilities and private industry.”
*“The U.S. Cyber Consequences Unit, a government-sponsored think tank, has concluded that hackers conceivably could crash trains, cause chemical spills, and darken the electrical grid.”
*“As more utilities and industries link their computer networks to the Internet, shadowy adversaries regularly probe the control systems that run crucial infrastructure…”
*“In an experiment, they hacked the control system for a large diesel electrical generator — the kind used widely in U.S. power plants — causing it to self-destruct.”
*“Further proof came with the so-called Stuxnet attack, computer malware that targeted and caused centrifuges to spin out of control at a uranium enrichment facility in Natanz, Iran.”
*“Stuxnet was a “game changer,” said Marty Edwards, who leads the cyber-security effort at the lab. It made people recognize the destructive potential of cyber-attacks on industrial control systems.”
*“The sophisticated malware took advantage of previously unknown vulnerabilities in the Windows operating system and targeted a specific type of Siemens controller used to run Iran’s centrifuges.”
*“More than 90% of U.S. infrastructure is in private hands, and except for nuclear power plants, no regulations govern how to secure systems against cyber-attacks.”
*“Many cyber-attacks go unreported, experts say, because companies fear the financial and public relations consequences of disclosure.”
*“The Obama administration has proposed requiring companies and utilities to hire commercial auditors to assess cyber-security risk and mitigation plans.”
*“The proposal faces an uphill battle in Congress, where several cyber-security bills are pending.”
*““An attack that damages crucial infrastructure is inevitable. “It’s a matter of time.””
*[[Cybersecurity]], [[China]], [[Russia]], [[Iran]], [[North Korea]]
”’Birch, Douglas”’, “ US: Cuber Attacks on  utilities, industries rise”, 3 October, 2011, hstoday.us. [http://www.hstoday.us/single-article/us-cyber-attacks-on-utilities-industries-rise/5364309400c3a4d24ebbc43440d66a84.html]
*“U.S. utilities and industries face a rising number of cyber break-ins by attackers using more sophisticated methods,…”
*“The world’s utilities and industries increasingly are becoming vulnerable as they wire their industrial machinery to the Internet.”
*““Disgruntled employees, hackers and perhaps foreign governments “are knocking on the doors of these systems, and there have been intrusions.””
*“According to the DHS, Control System Security Program cyber experts based at the Idaho National Laboratory responded to 116 requests for assistance in 2010, and 342 so far this year.”
*“Under current law, the reporting of cyber attacks by private organizations is strictly voluntary.”
*“The Obama administration has proposed making reporting mandatory, but the White House could find the idea difficult to sell at a time when Republicans complain about increased regulation of business.”
*“Officials said they knew of only one recent criminal conviction for corrupting industrial control systems, that of a former security guard at a Dallas hospital whose hacking of hospital computers wound up shutting down the air conditioning system.”
*“The Homeland Security Department’s control system program includes the emergency response team, a Cyber Analysis Center where systems are tested for vulnerabilities, a malware laboratory for analyzing cyber threats…”
*“A classified “watch and warning center” where data about threats are assessed and shared with other cyber security and intelligence offices.”
*“Marty Edwards, chief of the control system security effort, said the malware lab analyzed the Stuxnet virus that attacked the Iranian uranium enrichment facility in Natanz last year.”
*“The Stuxnet worm exploited well-known design flaws common to many system controllers, vulnerabilities that in general can’t be patched.”
*“Many independent experts and former government officials suspect that Stuxnet was created by the United States, perhaps with the help of Israel, Britain and Germany.”
*“The U.S. and other nations believe Iran is building a nuclear weapons program, but Tehran insists it is interested only in the peaceful uses of nuclear technology.”
*“While U.S. officials talk frequently about the threat of cyber attacks to America, they seldom discuss the country’s offensive cyber weapons capability.”
*“The U.S. is thought to be the world’s leader in cyber warfare, both defensive and offensive.”
*“U.S. officials and others long have feared that future wars will include cyber assaults on the industries and economies of adversaries, and the potential targets include power plants, pipelines and air traffic control systems.”
*“Because of its advanced industrial base and large number of computer controlled machines connected to the Internet, the U.S. is thought to be highly vulnerable to a cyber attack on its infrastructure.”
*“In a 2007 test at the Idaho National Laboratory, government hackers were able to break into the control system running a large diesel generator, causing it to self-destruct.”
*“A video of the test, called Aurora, still posted on YouTube, shows parts flying off the generator as it shakes, shudders and finally halts in a cloud of smoke.”
*““Before the test, he said, the notion of cyber warfare “was mainly smoke and mirrors. But the Aurora tests showed that, you know what? We have a new kind of weapon.””
*“Homeland Security officials said they have not conducted such a test on that scale since. But they demonstrated Thursday how a hacker could tunnel under firewalls in computer systems to take command of industrial processes.”
*““All systems deployed have vulnerabilities,…””
*[[Cybersecurity]], [[Hacker]], [[Iran]], [[Germany]], [[Israel]]

Support the information project and gain access to the newer half of this page and each protected page by subscribing for 6 months at the rate of $5.00. 

6 Month All Access

Additional topics covered under Cybersecurity with subscription access covering roughly 40 “Word” pages:

“ DHS begins move to cloud” 4 October, 2011,

*[[Cybersecurity]]

“Registration for CyberPatriot IV competition to end this week” 5 October, 2011, *[[Cybersecurity]], [[Japan]],[[Germany]]
“National Cybersecurity Awareness Month launches today” 7 October, 2011,

*[[Cybersecurity]]
“Cyber war may never happen” 11 October, 2011,

*[[Cybersecurity]], [[Russia]], [[Georgia]]
“ Michigan to launch cyber command center and defense teams” 13 October, 2011, *[[Cybersecurity]]
“Securing smartphones in battle” 13 October 13, 2011, handsets,…””  *[[Cybersecurity]], [[Military]]
“ Sony hit by hackers again, 93,000 accounts compromised” 14 October, 2011, *[[Cybersecurity]], [[Hacker]]
“RSA blames nation-state for SecureID cyberattack” 18 October, 2011, homelandsecuritynewswire.com

*[[Cybersecurity]], [[Hacker]]
SEC requires businesses to disclose cyberattacks” 18 October, 2011,

*[[Cybersecurity]]
“Stuxnet-clones easily created” 25 October, 2011, *[[Cybersecurity]], [[Hacker]]
“ Exclusive: National Security Agency helps banks battle hackers”, 26 October, 2011,

*[[Cybersecurity]]
“Napolitano: hackers “came close” to shutting down critical infrastructure” 28 October, 2011,

*[[Cybersecurity]],[[Hacker]]
“Senior FBI official suggest creating alternative Internet”, 31 October, 2011, *[[Cybersecurity]]

“Electrical grid targeted by hackers”, 31 October, 2011

*[[Cybersecurity]]

“New Cyber attack targets chemical firms”, 1 November, 2011,

*[[Cybersecurity]], [[Hacker]], [[China]]

“Microsoft software bug linked to “Duqu” virus” 1 November, 2011,

*[[Cybersecurity]], [[Hacker]]

“Duqu hackers shift to Belgium after India raid” 3 November, 2011,

*[[Cybersecurity]], [[Hacker]]

“ America’s Deadly Dynamics With Iran” 6 November, 2011,

*[[Cybersecurity]], [[Iran]]
“Prison systems Vulnerable to cyberattacks” 11 November, 2011, *[[Cybersecurity]], [[Hacker]]

“Hackers ‘hit’ US water treatment systems” 21 November, 2011,

*[[Cybersecurity]], [[Hacker]], [[Iran]]

“Cyber attacks on critical infrastructure reach U.S.” 21 November, 2011, *[[Cybersecurity]], [[Hacker]], [[Russia]], [[Iran]]

“Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise” November, 2011, U.S. Department of Homeland Security, Last Checked January 11, 2012. *[[Cybersecurity]]

“Congressional approval of cybersecurity bill looks promising *[[Cybersecurity]], [[Law]], [[Homeland Security]]

“Helping businesses defend against cyber threats” 3 December, 2011,

*[[Cybersecurity]], [[Hacker]], [[China]], [[Russia]], [[Classified]], [[Information Policy]], [[Law]]

“Lockheed Martin UK opens its U.K. cybersecurity center” 5 December, 2011, *[[Cybersecurity]]

“Top nine cyber security trends of 2012” 7 December, 2012.” *[[Cybersecurity]], [[Hacker]]

“Government preps next generation of cybersecurity employees” 8 December, 2011, *[[Cybersecurity]]

“Shell fears cyberattack on oil infrastructure” 12 December, 2011

*[[Cybersecurity]]

“U.S. authorities probing alleged cyberattack plot by Venezuela, Iran” 13 December, 2011,

*[[Cybersecurity]], [[Hacker]], [[Iran]], [[Mexico]]

“Twelve Chinese hacker groups responsible for attacks on U.S.” 16 December, 2011,

*[[Cybersecurity]], [[Hacker]], [[China]], [[Russia]]

 

“Privacy in the Digital Age: A Review of Information Privacy Research in Information Systems”,

*[[Cybersecurity]], [[Information Policy]]

 2012

“Iranian scientist involved in nuclear program killed in Tehran bomb attack,”, January 11, 2012

*[[Iran]], [[Sabotage]], [[Scientist]], [[Nuclear]], [[Cybersecurity]], [[Academia]]

National Protection and Programs Directorate Under Secretary, ”Testimony before the House Committee on Energy and Commerce, Subcommittee on Environment and the Economy regarding the Department of Homeland Security’s efforts to regulate the security of high-risk chemical facilities under the Chemical Facility Anti-terrorism Standards”, Release Date: February 3, 2012,

*[[Chemical]], [[Industry]], [[Law]], [[Compliance]], [[Cybersecurity]]

‘ “The CISPA Cybersecurity Bill Is No SOPA, but It’s Bad Enough,”. May 1, 2012.

*[[Law]], [[Cybersecurity]]

 

‘ “Holder Directs U.S. Attorneys to Track Down Paths of Leaks,” , June 8, 2012. *[[Classified]], [[Information Policy]], [[Law Enforcement]], [[Cybersecurity]], [[Iran]], [[Al-Qaeda]]

“The International Governance Framework for Cybersecurity,” *[[Cybersecurity]], [[Executive]], [[Law]]

‘ (2012). “Procedure analysis of the special investigative actions through cyberspace in countries of common and continental law.” [[Cybersecurity]], [[Law]]

 2013

“Chinese Army Unit Is Seen as Tied to Hacking Against U.S.” February 18, 2013. *[[Cybersecurity]], [[China]]

”’,”Broad Powers Seen for Obama in Cyberstrikes”  February 3, 2013. * [[Cybersecurity]], [[China]], [[Executive]]
“Report ties cyberattacks on U.S. computers to Chinese military”, February 19, 2013, *[[Cybersecurity]], [[China]], [[Executive]]

“U.S. Ready to Strike Back Against China Cyberattacks”, February 19, 2013, *[[Cybersecurity]], [[China]], [[Executive]]
“Spies and Big Business Fight Cyberattacks,” March 27, 2013, *[[Cybersecurity]], [[U.K.]]

“Overview of the Federal Response to Cybersecurity,” *[[Cybersecurity]], [[Executive]]

“Confidential report lists U.S. weapons system designs compromised by Chinese cyberspies,” May 27, 2013, *[[Cybersecurity]], [[China]], [[Military]]

“List of Hacked U.S. Defense Systems Is Long,” May 31, 2013, *[[Cybersecurity]], [[China]], [[Military]]

“U.S. Agency Misses Deadline for Cybersecurity Framework” October 17, 2013. *[[Cybersecurity]]

2014

“BEYOND THE NEW “DIGITAL DIVIDE”: ANALYZING THE EVOLVING ROLE OF NATIONAL GOVERNMENTS IN INTERNET GOVERNANCE AND ENHANCING CYBERSECURITY,” *[[Cybersecurity]], [[Law]]

, “Architecture for Managing Knowledge on Cybersecurity in Sub-Saharan Africa,” April 2014 *[[Cybersecurity]]

“Time for Cyber War Laws?” December 2014 *[[Cybersecurity]], [[Law]], [[Military]]

(2014). “An overview of contemporary cyberspace activities and the challenging cyberspace Crimes/Threats.”

[[Cybersecurity]]

2015

“Maritime Cybersecurity: A Growing Threat Goes Unanswered,”] January 2015, *[[Cybersecurity]], [[Homeland Security]]

“THE CYBERSECURITY PARTNERSHIP: A PROPOSAL FOR CYBERTHREAT INFORMATION SHARING BETWEEN CONTRACTORS AND THE FEDERAL GOVERNMENT,” Spring 2015, *[[Cybersecurity]], [[Executive]], [[Executive Order]], [[Law]]

“Safe and Sound: Cybersecurity and Community Banks April 2015, *[[Cybersecurity]]

“The New Cybersecurity Elite,”, June 2015, *[[Cybersecurity]], [[Classified]]

“New export requirements on the horizon for cybersecurity products and technologies” June 25, 2015 *[[Cybersecurity]], [[Export Control]]

, “F.B.I. Is Tracking Path of Classified Email From the State Dept. to Clinton,” *[[Classified]], [[State Department]], [[Cybersecurity]], [[China]], [[Russia]]

, “Cybersecurity’s Human Factor: Lessons from the Pentagon,” September 2015, *[[Cybersecurity]], [[Military]], [[Homeland Security]]

“Gov’t Information Security Incidents Increased 1,121% in Last Decade,” September 30, 2015.

[[Cybersecurity]], [[Compliance]]

“Interpol: Cyber Crime from Russia, E. Europe Expands,”, October 2, 2015. [[Cybersecurity]], [[Hacker]], [[Russia]]

Support the information project and gain access to the newer half of this page and each protected page by subscribing for 6 months at the rate of $5.00. 

6 Month All Access

Additional topics covered under Cybersecurity with subscription access covering roughly 40 “Word” pages

© Commons Foundation, Benefit-LLC