By Kevin Coleman
Defense Tech Chief Cyber War Correspondent
Last week’s events combined to be perhaps the most significant series of cyber events since the Pentagon breach in November 2008. Last week Google pulled its .cn search operations, domain registrar GoDaddy publically stated its intent to leave China, and rumors began circulating that computer giant Dell may be considering leaving China as well.
If that did not make for a full week, add to it a senior U.S. military officer issued a stark warning about the Chinese cyber threat. U.S. Navy Admiral Robert Willard testifying before the U.S. House Armed Services Committee stated that U.S. Pacific Command is facing “increasingly active and sophisticated threats to our information and computer infrastructure.”
Then, U.S. Director of National Intelligence Dennis Blair began his testimony explaining the U.S. communications network is “severely threatened” and that the government lacks the ability to “protect the country’s information infrastructure.”
Add to all of that the fact that according to Steven Chabinsky, Director of the Joint Interagency Cyber Task Force, “The cyber threat can be an existential threat — meaning it can challenge our country’s very existence, or significantly alter our nation’s potential.” Defense Secretary Robert Gates testified up on Capitol Hill that China used the last decade to perfect cyber warfare and the threat that poses to the United States.
Add to all of the above the fact that “urgent warnings” have been circulated throughout NATO and the European Union for immediate action to be taken to protect secret intelligence material from a recent surge in cyber attacks targeting this data. Just as you think it could not become more bizarre, Hamas (YES — THAT HAMAS) issued a cyber spy warning to Palestinians accusing Israel of using the personal information people post on social networking sites to help them recruit collaborators.
With so many warnings of the growing risks of cyber terrorism, cyber espionage, cyber crime and cyber war, why is it that so many people do not believe there is a real threat?
{ 17 comments… read them below or add one }
Intelligent people are capable of adapting their routines in the face of a potential cyber threat; the average person simply cannot make the mental leap of a smart person. Fighting cyber threats takes users staying smart.
Try "combating traffic rubberneckers". It won't happen, no matter how important.
I like the picture of the servers. Is that in response to the commenter who teased about the graphics that look like they are from the 90's for cyber war articles?
Yeah, actually this pic is pretty cool.
I was the guy complaining about the House-of-Pain-era photos and I am totally okay with server rooms, I actually love that pic.
This will remain our softest spot, both domestically and militarily, until we have an Executive willing to protect our cyber-sovereignty, and a legislature willing to fund such an initiative as they would a military build-up.
The cyberacolypse has begun……
As always, I have to wonder, are we really that far behind the CHICOMS? Maybe it's just my eternal optimism, but I tell myself that we've got this all sewn up, and are playing games with them. LOL Hey, it helps me sleep at night…
I can authoritatively say that the US is behind the power curve, in terms of policy AND capability. We have fantastic intellectual capitol but fail to use them correctly. We spend more on one weapon systems that can't do a thing to stop a cyber attack than we do on the WHOLE of our national cyber defense and offensive capability.
That's what I'm saying. Where are we recruiting offensive teams from? Do we really have a tap on the underground-class talent (Example: Moxie Marlinspike)? Anyone can raise their hand and say "Sign me up, I'll test for that team," but those aren't the people who are extremely passionate, necessarily. To be really good, you have to be the guy who lives and breathes it and, as a former HPAV guy who went on to Military and now IT, I'm not convinced the US government is capable of digging that deep. Maybe we're effective anyway and I'm way off target.
Hard to say. I've read a few small pdf's talking about how pissed the CHICOMS were when they found out most of their top intell systems were infected with viruses and back doors.
I think one of the reason there seems to be such a disparity between what they're doing and what we're doing to them comes from the fact that ours is an open society. Simply put, everyone KNOWS when we're getting hammered by them. BUT, when they're taking the hits, they keep that wrapped up tight. Gives the impression that it's really one-sided.
That's an interesting point.
The first problem is that cyberattack is illegal in the U.S. This is obviously necessary but it does reduce the number of American kids who learn how to go on offense. That kind of skill is hard to develop in a controlled environment, simply because the real internet environment is very hard to duplicate in the lab–it's constantly and rapidly changing, and incredibly complex.
The second problem is that defense is in the hands of corporations who have historically been reluctant to reveal their IP to outside sources, or spend the dollars to secure it.
Absolutely, Hand. Two great expansions of my point.
I feel the biggest problem with US security is the US workplace. When I started in IT, the computer nerds were untouchable, now it seems they are the first to be laid off.
The IT staffs are woefully undermanned and underbudget, because most executives don't understand what IT really does or the risk. I once heard an Executive tell the head of IT security that he would not allow them to test the security of a new computer system going into production use because the programmers ensured him that it was secure. Anyways, they used up the IT budget to purchase the software, so they did not have the funds for additional testing. Crazy…..
Ptsfp
gsak, we should compare notes sometime, I think we are interested in similar stuff. If you are interested give me a shout at: feedback (at) steelarms.com.
When I spoke with someone from the DOD after he gave a speech on what our Cyber division and NSA teams are doing, it seems that they have a good understanding of what needs to be done. I recall him mentioning last may that for the upcoming 2 years they're making a lot of changes to our Cyber communications and protections. Seemed like an obvious statement but some of the things mentioned makes me think the DoD has a good understanding at what's at stake. We're not stupid enough to let this become an issue beyond saving.
The pwning of Estonia a while back is a perfect case study of the strategic necessity. The scary thing is that I am afraid our country must experience a Technologic Pearl Harbor in order to wake up. I don't believe the Technologic Pearl Harbor will be an isolated event. I believe it will be the first strike to soften the target prior to a tactical push for conquest. We delude ourselves if we think we are impenetrable on a larger scale than pin-prick strikes to corporate America. That thinking led to laxity prior to Pearl Harbor and the events of Sept 11, 2001. Proper preparation requires a Cold War era level of preparedness, focus, national drive/will and an strong element of some aspect of the equivalent of doctrine Mutually Assured Destruction (MAD).
Perhaps I am overly pessimistic, but I see little in my work in the DoD to inspire confidence that this issue is as important as we think. If we are better prepared than I think, then that is wonderful. I think the American people could use some bolstering of confidence by credible (on the subject at hand) civilian or military leadership of our level of preparedness.
lol – I agree about the images looking like they are from the 90's — or even 80's — always reminds me of the movie "War Games" Turning into an interesting topic and seen lots of news and write ups about cyber war. The interesting thing is that most of these "experts" haven't even yet agreed on what cyber warfare actually is…
http://www.securityweek.com/content/defining-and-…