National Security Research and Education Programs, The Ohio State University

Home

Program Director
Program Description

News and Current Events

Homeland Security Institute

Homeland Security Focus Areas

Research Programs and Opportunities

Education, Training and Outreach Opportunities
Conferences and Symposia

National University Consortium On Homeland Security

U.S. Department of Homeland Security
Ohio Homeland Security

Homeland Security Job Fair

Available Positions

Applicants

New Publications

Related Sites

Reference Library

Program Development and Support

Contact Us

Homeland Security Focus Areas

Cyber-terrorism/Security

Vice Chairman Cites Need for Cyber Warfare Experimentation
By Air Force Master Sgt. Adam M. Stump
Special to American Forces Press Service

MARLBOROUGH, Mass., June 20, 2008 – The services need to experiment in cyberwarfare to figure out how to use technology effectively on the battlefield, the vice chairman of the Joint Chiefs of Staff said here yesterday.

Marine Corps Gen. James E. Cartwright spoke at the Air Force Cyberspace Symposium, covering a broad range of topics on the global use of cyber warfare.

One of the major cyber warfare challenges the military faces is integrating with the Homeland Security and Justice departments, Cartwright said.

The Defense Department has authority for cyber activities overseas, along with bases and stations that are stateside, he explained, while Homeland Security has responsibility for the U.S. cyber realm, which consists of many of the “dot com” sites. Justice has authority in both the United States and overseas. Because of the different responsibilities, the vice chairman said, the organizations have experimented to find out how best to work together.

“We need a common awareness of what’s happening in the United States in order to understand the threats that we’re going to face,” he said. “As we extend offshore, we have to tell the guys onshore what’s coming. [We] have to figure out how to do real-time integrated activities.”

Part of the reason the organizations need to work together is the quick nature of such attacks. Cartwright said when a target appears, the organizations have a period between microseconds and minutes to make a decision on whose authority it is to respond.

Another challenge the United States faces is with allies. The general said different countries have different policies on responding to a cyber attack.

“The United States has a way of handling that: basically, keep it as quiet as possible until we can figure out how to fix it, then we fix it,” he said. “Many of our closest allies do it just the opposite. They announce it publicly right away and then work on a solution. If we don’t come to some common way of handling this on an international basis, we will be stepping on each other just by doing what our laws tell us to do.”

Part of working toward a common goal involves the individual services, Cartwright said. Instead of operating independently and each developing separate strategy and doctrine on cyber warfare, the services must work together to form commonalities.

“We don’t fight as services, we fight as joint, interagency, combined task forces,” he said. If each service develops its own unique strategy, he said, it will hurt the United States because “consolidating will cut off innovation.” He said the Air Force is heading in the right direction with the creation of a major command dedicated to cyber warfare.

“Things like Air Force Cyber Command are in the right mold to prevent that from happening,” he said.

The general said that cyber organizations must be integrated into an air operations center, just like a bomber or fighter unit, even though it’s inherently different because, unlike an air or ground war, “we invented this battlespace.”

The vice chairman said the military is making progress on quickly adapting to ever-changing cyber technology, but nowhere near fast enough.

“We build an application the same way we build an aircraft carrier and about as fast,” Cartwright said. “We have to figure out a way to change that.”

He said the problem is based upon a “Napoleonic command and control” structure that makes the cyber organizations fight over who’s in charge. “The technology is not what paces us, it is the culture,” he said.

One of the other challenges is building a force of cyber warriors, Cartwright said. He said the military has to figure out the appropriate skills, schools and rank structure to build a force capable of both the “defend and operate skills” and the “exploit and attack skills.”

Once those forces are determined, the organizations will have to be built in such a way that they can present those forces to combatant commanders for employment. He said the backbone of the cyber warfare force needs people who are able to use constant innovation and adapt to constant change.

(Air Force Master Sgt. Adam M. Stump is assigned to the Joint Chiefs of Staff Public Affairs Office.)

 

 

Boston.com

Chinese hacked Capitol Hill computers, lawmakers say

Possibly sought data on dissidents

By Pete Yost and Lara Jakes Jordan, Associated Press  |  June 12, 2008

WASHINGTON - Multiple congressional computers have been hacked by people working from inside China, lawmakers said yesterday, suggesting the Chinese were seeking lists of dissidents.

Two congressmen, both longtime critics of Beijing's record on human rights, said the compromised computers contained information about political dissidents from around the world.

One of the lawmakers said he had been discouraged from disclosing the computer attacks by other US officials.

Representative Frank Wolf of Virginia said four of his computers were compromised, beginning in 2006. Representative Chris Smith of New Jersey, a senior Republican on the House Foreign Affairs Committee, said two of his computers were attacked, in December 2006 and March 2007.

Wolf said that after one of the attacks, a car with license plates belonging to Chinese officials went to the home of a dissident in Fairfax County, Va., and photographed it.

During the same time period, The House International Relations Committee - now known as the House Foreign Affairs Committee - was targeted at least once by someone working inside China, committee spokeswoman Lynne Weil said.

The disclosures yesterday came as US authorities continued to investigate whether Chinese officials secretly copied the contents of a government laptop computer during a visit to China by Commerce Secretary Carlos M. Gutierrez, then used the information to try to hack into Commerce Department computers.

The Pentagon last month acknowledged at a House Intelligence Committee meeting that its vast computer network is scanned or attacked by outsiders more than 300 million times each day.

Wolf said the FBI had told him that computers of other House members and at least one House committee had been accessed by sources working from inside China. The Virginia Republican suggested that Senate computers could have been attacked as well.

Wolf said the hacking of computers in his office began in August 2006, that he had known about it for a long time, and that he had been discouraged from disclosing it by people in the US government he refused to identify.

"The problem has been that no one wants to talk about this issue," he said. "Every time I've started to do something I've been told, 'You can't do this.' A lot of people have made it very, very difficult."

The FBI and the White House declined to comment. 

 

 

NYTimes.com

Article published May 15, 2008


Online warfare research outlined

May 15, 2008


By Shaun Waterman


UNITED PRESS INTERNATIONAL - Procurement documents released by the U.S. Air Force give a rare glimpse into Pentagon plans for developing an offensive cyber-war capacity that can infiltrate, steal data from and, if necessary, take down enemy information-technology networks.

The Broad Area Announcement, posted Monday by the Air Force Research Laboratory"s Information Directorate in Rome, N.Y., outlines a two-year, $11 million effort to develop capabilities to "access to any remotely located open or closed computer information systems," lurk on them "completely undetected," "stealthily exfiltrate information" from them and ultimately "be able to affect computer information systems through Deceive, Deny, Disrupt, Degrade, Destroy (D5) effects."

"Of interest," the announcement says, "are any and all techniques to enable user and/or root-level access to both fixed [and] mobile computing platforms ... [and] methodologies to enable access to any and all operating systems, patch levels, applications and hardware."

The announcement is the latest stage in the Air Force"s effort to develop a cyber-war capability and establish itself as the service that delivers U.S. military power in cyberspace.

Last year, the Air Force announced it was setting up a Cyberspace Command, alongside its Space and Air commands, and was developing military doctrine for the prosecution of cyber-war operations.

The United States is not alone in thinking along these lines, and NATO announced yesterday that seven European nations had signed up to participate in a cyber-defense Center of Excellence, in Tallinn, Estonia, which suffered a cyber-attack last year that many officials think was orchestrated by Russia.

The center will conduct research and training on cyber-warfare and include a staff of 30 people, half of them specialists from the sponsoring countries — Estonia, Germany, Italy, Latvia, Lithuania, Slovakia and Spain, according to a statement from NATO.

The developments highlight the murky legal territory on which the cyber-wars of the future will be fought: terrain on which attackers can cloak their identity and use as weapons the home computers of unsuspecting Web surfers that have been recruited to so-called "botnets" networks of PCs that unbeknownst to their owners have been compromised by hackers.

In a recent article for the Armed Forces Journal, Col. Charles Williamson, a staff judge advocate for U.S. Air Force Intelligence, Surveillance and Reconnaissance Agency, wrote that computer users whose equipment was recruited to botnets because they failed to patch their systems could not properly be considered bystanders.

"If the United States is defending itself against an attack that originates from a computer which was co-opted by an attacker, then there are real questions about whether the owner of that computer is truly innocent. At the least, the owner may be culpably negligent, and that does not, in fairness or law, prevent America from defending itself if the harm is sufficiently grave," wrote Col. Williamson in the article, which officials were keen to stress does not represent U.S. policy.

More important, because of the difficulties in identifying attackers and immediately quantifying damage from a cyber-attack, it can be hard to determine when such attacks constitute an act of war as opposed to crime or even vandalism.

"No one"s come out and defined that yet," Air Force Cyberspace Command spokeswoman Karen Pepitt told United Press International, adding that the Air Force saw its role as developing capabilities for cyber-war, but that the decision about when and how to use those capabilities would be one for the national leadership.

 

The Washington Times

 

FBI organizes defense against cyber-attacks

April 21, 2008

By Shaun Waterman - UNITED PRESS INTERNATIONAL

The FBI quietly established last summer a task force involving U.S. intelligence and other agencies to identify and respond to cyberthreats against the United States.

Called the National Cyber Investigative Joint Task Force, the group has "several dozen" personnel working together at an undisclosed location in the Washington area, said Shawn Henry, the FBI's deputy assistant director of its cyberdivision.

In an interview with United Press International, Mr. Henry was tight-lipped about the task force's composition, saying only that it involved "several intelligence, law-enforcement and other agencies from across the U.S. government."

Documents released earlier this month by the Homeland Security Department said the task force was being expanded "to include representation from the U.S. Secret Service and several other federal agencies."

During congressional testimony last year, FBI Director Robert S. Mueller III said the task force was a partnership with other agencies to deal with cyberthreats from foreign intelligence.

The FBI's justification for next year's budget, in which it has requested an additional 70 agents and more than 100 support personnel for its cyberdivision, says the task force "seeks to address cyber-intrusions presenting a national security threat."

The idea, Mr. Henry said, is for the partner agencies to "share information and make sure we're not overlapping in our response."

"If you serve a physical search warrant, and other agencies are involved, you can see them at the door," he said, adding that in virtual investigations it was more difficult to know who else might be on the trail.

"We're sharing investigative and threat information," he said, "looking at the attacks [each agency is] seeing and the methodologies being used."

From the FBI's point of view, Mr. Henry added, the task force "allows us to get visibility for our field offices across the country" into how threats are developing and what investigations are going on.

The task force looks at "all cyberthreats," he said, but is focused on "organizations that are targeting U.S. infrastructure."

He declined to comment further, but in recent congressional testimony, Director of National Intelligence Michael McConnell named Russia and China as among the most important cyber-adversaries for the United States.

Mr. Henry said it is important to be "adversary neutral" in combating cyberthreats.

"A network can be attacked by a terrorist group, a foreign power, or a hacker kid from Oklahoma City ... Networks need to be protected from all threats because once [sensitive] data has been stolen, it can be transferred anywhere," he said.

In recent testimony, Mr. McConnell said the U.S. government is "not prepared to deal with" the cyberthreats it faces. And Homeland Security Secretary Michael Chertoff told a bloggers roundtable last month that cybersecurity is "the one area in which I feel we've been behind where I would like to be."

Asked whether the U.S. government is getting a handle on the problem, Mr. Henry said, "Our response has to constantly change and grow because the threat is constantly changing and growing."

He said that one of the most-worrying aspects of cyberthreats is the extent to which "the offense outstrips the defense."

"The pace of technological change ... the increasing connectivity [of networks] creates more opportunity for exploitation" of vulnerabilities, he said.

 

 

Government trying to improve Internet security

By BOB KEEFE
Cox News Service
Published on: 04/08/08

SAN FRANCISCO — The Homeland Security Department has launched an overhaul of the government's computer security efforts "almost ... like a Manhattan Project" in response to concerns that the nation's Internet system is vulnerable to hackers and online terrorists, Secretary Michael Chertoff said Tuesday.

At a computer security conference here, Chertoff said the government has made some strides in making its computer networks more secure since his department was created five years ago.

But with threats constantly evolving and computer networks becoming increasingly important, the government must take steps comparable to the World War II effort to create the atomic bomb, he said.

"The time has come to take a quantum leap forward, to really engage in what I'd call a game-changer in how we deal with (cyber) attacks," Chertoff said.

A Government Accountability Office report last month found that computer security problems are common — and growing — throughout federal agencies. According to the report, software used by government agencies contain as many as 29,000 security vulnerabilities that could allow a hacker to compromise government computers.

Meanwhile, the number of computer attacks and related incidents reported by government agencies has soared by nearly 260 percent in the last three years, according to the GAO.

Tuesday, Chertoff said Homeland Security is developing a new "early warning" system that could identify cyber-attacks before they could happen. Such a system, he said, could eventually be used by private companies and consumers as well.

In addition to other classified moves, Homeland Security also is trying to dramatically reduce the number of internal access points to critical government computer networks, from about 4,000 to about 50.

To pay for the changes, Homeland Security is planning to spend $115 million on cyber-security initiatives this fiscal year, Chertoff said. The department is requesting another $109 million for cyber-security next year.

"We've put some real money into this, and we're asking for more," he said in a meeting with reporters.

Still, some say the government isn't doing enough or getting enough resources given the potential economic consequences of a major cyber-attack.

"Why can we keep the bad stuff out of our ports, and packages off of airplanes, but we can't keep the bad stuff out of the Internet?" Chris Rouland, chief technology officer of Atlanta-based Internet Security Systems, said in an interview last week. Rouland is one of several private computer security executives scheduled to meet with Chertoff during the RSA security conference.

Earlier Tuesday at the conference, Business Software Alliance president Robert Holleyman urged Congress to pass new laws to make it easier to find and prosecute cyber-criminals and to provide more money for federal cyber-crime investigators.

"We must expand our available tools to combat this serious, growing threat," Holleyman said in prepared remarks. "Oftentimes our security officials are outmanned by these criminals, so we are looking to Congress to pass legislation that provides law enforcement officials with the necessary tools to fight cyber-crime."

 

 

The Washington Times

Article published Mar 24, 2008


Cyber-attacks on Tibet groups tied to China

March 24, 2008


By Shaun Waterman - UNITED PRESS INTERNATIONAL

Malicious e-mail and other cyber-attacks on Tibet advocacy groups in the United States are linked to Internet servers used in past hacker intrusions that U.S. law enforcement traced to China.

The link, made on the basis of publicly available data, is the first direct evidence that the recently intensified attacks against the Tibet groups, reported by United Press International a week ago, were launched from China. But it is not clear whether or to what extent the Chinese government or military is involved.

The latest claims follow similar charges last week from the Save Darfur Coalition, a group opposing Chinese policy in Darfur, that it had been the target of intrusion attempts "which appeared to originate in China and seemed intent on subversively monitoring, probing and disrupting coalition activities."

The recent cyber-attacks on several Tibet groups, such as the Free Tibet Campaign and Students for a Free Tibet, were analyzed by a security researcher for the SANS Internet security organization, Maarten Van Horenbeeck, who has followed for many years cyber-attacks against advocates for human rights in China, such as Tibet groups, Uighur activists and the Falun Gung.

Mr. Van Horenbeeck told UPI that the attacks used e-mails purporting to come from known associates of the victims with attachments containing malicious code — so-called Trojan horse software — that stole e-mail and contact data, passwords and other information and covertly sent it on the Internet to special command servers.

One domain address that came up as the destination for data stolen from supporters of the Students for a Free Tibet group was familiar to him. Cvnxus.8800.org has been used by hackers "again and again" over the years, he said.

Since earlier this month, the domain has been "moving around," he said. But until March 8, it was based on a server previously identified by the FBI as the source for an e-mail attack aimed at U.S. defense contractors launched in August, according to a report from the Air Force Association.

The link, although a narrow one, is significant because of the well-acknowledged difficulty of attributing cyber-attacks. Hackers can take control of computers, or even whole servers, without the knowledge of their owners and use them to launch attacks.

China has some of the world's tightest government restrictions on the use of the Internet, which makes many observers skeptical that hacker gangs could operate from within China without government approval or acquiescence.

The attacks against the Tibet groups were "very professional and well-coordinated," Mr. Van Horenbeeck said, although he said no definitive evidence linked the Chinese government to the attacks.

Some of the e-mails used highly sophisticated "social engineering techniques" to trick their victims into opening the attachment, he said.

Rather than just faking the e-mail address of an associate as the sender of a general message, these e-mails would refer to discussions the intended victim had conducted with that associate on open Internet bulletin boards or e-mail lists, Mr. Van Horenbeeck said, suggesting the hackers had done much research on individual targets.

"These were very sophisticated," he said, adding that unlike conventional hacker attacks, these were not aimed at defacing the group7s Web site, or driving it off-line with a series of crude denial-of-service bombardments. "These attacks were designed to steal data."

He said they might also be designed to "disrupt [the groups'] operations by making people wary of using their e-mail, which is a vital tool for their coordination."

Some of the attacks seemed designed to undermine trust in e-mail. Last week, a security professional working with one group posted a message to a Tibet discussion list warning people to expect an uptick in e-mail and other attacks. The following day, hackers sent another mail, faked to look as if it came from the same address, containing a security document as a Word attachment. The attachment contained a Trojan horse malware package.

 

White House Taps Tech Entrepreneur for Cyber Defense Post

By Brian Krebs
washingtonpost.com Staff Writer
Wednesday, March 19, 2008; 8:21 PM

The Bush administration is planning to tap a Silicon Valley entrepreneur to head a new inter-agency group charged with coordinating the federal government's efforts to protect its computer networks from organized cyber attacks.

Sources in the government contracting community said the White House is expected to announce as early as Thursday the selection of Rod A. Beckstrom as a top-level adviser based in the Department of Homeland Security. Beckstrom is an author and entrepreneur best known for starting Twiki.net, a company that provides collaboration software for businesses.

The new inter-agency group, which will coordinate information sharing about cyber attacks aimed at government networks, is being created as part of a government-wide "cyber initiative" spelled out in a national security directive signed in January by President Bush, according to the sources, who asked to remain anonymous because they did not have permission to talk publicly about the information.

The presidential directive expanded the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies' computer systems. According to the sources, the center will be charged with gathering cyber attack and vulnerability information from a wide range of federal agencies, including the FBI, the National Security Agency and the Defense Department. Beckstrom will report directly to Homeland Security Secretary Michael Chertoff.

Reached via phone Wednesday evening, Beckstrom declined to provide any specifics about his new position, saying only, "I'm thrilled to be on the DHS team, and I am looking forward to doing my best to serve the country."

The White House and the Department of Homeland Security declined to comment.

Beckstrom's appointment comes at a time when the government has acknowledged that its information systems have been the target of repeated cyber attacks originating in other counties. The attacks have lead to compromises and several large data breaches at federal agencies and contractors.

Sources with knowledge of the selection process said Beckstrom's candidacy was backed chiefly by top brass at the Defense Department and the National Security agency.

But Beckstrom's appointment raises a number of questions. James Lewis, director of technology and public policy for the Center for Strategic and International Studies, noted that DHS only recently appointed Greg Garcia, former head of the Information Technology Association of America, to be assistant secretary for cyber-security and telecommunications, a position fought for and won through tireless lobbying from lawmakers on Capitol Hill who believed DHS wasn't placing a strong enough emphasis on cyber.

Garcia in turn answers to Robert D. Jamison, who serves as Under Secretary for National Protection and Programs Directorate. When asked last week at a press briefing about a simulated cyber attack against the United States who would lead the government's response in the event of a sustained cyber attack on the federal government, Jamison said that duty would fall to him.

"Here you have a group that's allegedly in charge of cyber for DHS, and then we see another group being set up outside that in a structurally new way," said Lewis, whose employer is spearheading a group of industry and government cyber experts called the "Commission on Cyber Security for the 44th Presidency," which is expected to present the next president with a series of actionable recommendations he or she can take to tackle some of most pressing cyber security problems facing the government, industry and consumers. "We still don't know what [Beckstrom's] relationship will be to all of the other bits of cyber bureaucracy lying around."

Roger Cressey, a former Bush administration official and president of Good Harbor Consulting, said the creation of a new coordinating group on cyber-security "reflects a concern that government networks have been compromised at an unprecedented level."

"The very fact that the president signed a cyber-security presidential directive in the last year of his administration reflects that the current approach the government is taking is not working," Cressey said.

By all accounts, Beckstrom is neither a cyber-security expert nor a Washington insider. But his private-sector background and published writings emphasize a decentralized approach to managing large organizations.

In "The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations," a book Beckstrom co-authored with Ori Brafman in 2006, the authors use the two creatures to illustrate their argument that decentralized organizations -- whether in the marketplace or the battlefield -- are more nimble, creative and resilient than those that operate in a rigid, top-down fashion.

Following this analogy, user-driven, starfish-like organizations distribute decision-making among all members. If parts of the organization are crushed, the whole survives and recovers, just as a starfish regenerates an arm if it is severed. In contrast, the book posits, industry and government are more akin to "spider" organizations that function within a centralized structure, with the leader calling the shots. One solid blow to the head cripples or kills a spider.

"Whether we're looking at a Fortune 500 company, an army, or a community, our natural reaction is ask, 'Who's in charge?'," Beckstrom and Brafman wrote. "The absence of structure, leadership, and formal organization, once considered a weakness, has become a major asset. Seemingly chaotic groups have challenged and defeated established institutions. The rules of the game have changed."

"I think it's a unconventional choice, and that's a good thing," Cressey said of the Beckstrom pick.

 

 

Washington Prepares for Cyber War Games
Week-Long Simulation Tests Agencies', Companies' Response to Online Attacks

By Brian Krebs
washingtonpost.com Staff Writer
Friday, March 7, 2008; 7:44 AM

The U.S. government will conduct a series of cyber war games throughout next week to test its ability to recover from and respond to digital attacks.

Code-named 'Cyber Storm II,' this is the largest-ever exercise designed to evaluate the mettle of information technology experts and incident response teams from 18 federal agencies, including the CIA, Department of Defense, FBI, and NSA, as well as officials from nine states, including Delaware, Pennsylvania and Virginia. In addition, more than 40 companies will be playing, including Cisco Systems, Dow Chemical, McAfee, and Microsoft.

In the inaugural Cyber Storm two years ago, planners simulated attacks against the communications and information technology sector, as well as the energy and airline industries. This year's exercise will feature mock attacks by nation states, terrorists and saboteurs against the IT and communications sector and the chemical, pipeline and rail transportation industries.

Jerry Dixon, a former director of the National Cyber Security Division at the Department of Homeland Security who helped to plan both exercises, said Cyber Storm is designed to be a situational pressure-cooker for players: Those who adopt the proper stance or response to a given incident are quickly rewarded by having to respond to even more complex and potentially disastrous scenarios. Players will receive information about the latest threats in part from a simulated news outlet, and at least a portion of the feeds they receive will be intentionally misleading, Dixon said.

'They'll inject some red herring attacks and information to throw intelligence analysts and companies off the trail of the real attackers,' Dixon said. 'The whole time, the clock keeps ticking, and things keep getting worse.'

At a cost of roughly $6.2 million, Cyber Storm II has been nearly 18 months in the planning, with representatives from across the government and technology industry devising attack scenarios aimed at testing specific areas of weakness in their respective disaster recovery and response plans.

'The exercises really are designed to push the envelope and take your failover and backup plans and shred them to pieces,' said Carl Banzhof, chief technology evangelist at McAfee and a cyber warrior in the 2006 exercise.

Cyber Storm planners say they intend to throw a simulated Internet outage into this year's exercise, but beyond that they are holding their war game playbooks close to the vest.

Individuals who helped plan the scenarios all have signed non-disclosure agreements about the details of the planned attacks. They will act as puppeteers apart from the participants, injecting events into the game from a command center at U.S. Secret Service headquarters in Washington, D.C. Meanwhile, players will participate via secure online connections from around the world.

At its most basic, organizers say, the exercise tests the strength of relationships and trust between government officials and the private sector companies that control more than 80 percent of the nation's critical physical and cyber infrastructure. In Cyber Storm I, the Department of Homeland Security and the participating companies largely kept the exercise a secret until it was virtually completed. In fact, most of the companies that participated in Cyber Storm I did so anonymously, so that that private sector players only knew each other's respective companies by fictitious business names.

The fact that so many companies have chosen to trumpet their participation in this year's exercise is a testament to how those trust relationships have grown in the intervening years, said Reneaue Railton, manager of critical infrastructure response for Cisco Systems, a company whose hardware devices help direct a large portion of the traffic on the Internet.

'All the companies that played did so anonymously,' Railton said. 'We didn't always know who we were contacting.'

Railton, who helped plan the attack scenarios in this year's exercise, said Cyber Storm II promises to keep all participants on their toes, like an episode of the television show '24,' only for an entire work week at a time. Dozens of companies and government agencies from Australia, Canada, New Zealand and the United Kingdom will also participate in the war games and will keep the game in flux around the clock, she said.

The war games will be far more realistic and inclusive for Australia, whose participation in the first Cyber Storm amounted to what a spokesperson for the Australian Attorney General's department called "a desktop exercise" that did not include any private sector companies.

"This year, we're setting up an exercise control room and will be sending out injects to the players in both the private sector and the government," said Daniel Gleeson of the Australia's Attorney General's office. "So we'll be involved in this as it unfolds in real time, rather than just talking about what we'd do in those situations."

 

 

NYTimes.com

February 28, 2008 

German Court Permits Limited Cybermonitoring

By REUTERS

KARLSRUHE, Germany (Reuters) — Germany’s domestic security services are permitted to monitor the computers of people suspected of crimes or terrorism but only if they have evidence showing the suspects are dangerous, the country’s top court ruled Wednesday.

The decision by the Constitutional Court opens the door to a new federal law, long advocated by Chancellor Angela Merkel’s conservative Christian Democrats, to allow online surveillance under only strict conditions.

Such surveillance is a delicate issue in Germany, which has a legacy of distrust of state intrusion through spying by the Nazi Gestapo and East Germany’s secret police, the Stasi.

The ruling, which concerned a law in the western state of North Rhine-Westphalia, is a compromise between those who say secret online searches are a vital tool to combat terrorism and critics who argue they infringe on civil liberties.

“The basic right that guarantees the confidentiality and integrity of Information Technology systems is not without limits,” said the court’s president, Hans-Jürgen Papier.

He said clandestine online surveillance was allowed only in the case of a concrete threat to human life or to the state. Searches would be subject to an order from a judge, and personal data should be protected or quickly deleted, he said.

Interior Minister Wolfgang Schäuble, a Christian Democrat, said the ruling enabled the government to introduce federal laws to better equip security services to fight terrorists.

“I expect the ruling, which is deemed necessary by experts and police workers, can be converted into a federal law as quickly as possible,” he said.

The surveillance technique at issue involves sending e-mail messages that plant so-called Trojan software on a suspect’s computer, which would enable the authorities to scan the hard drive.

Leading Social Democrats, who share power with the Christian Democrats in an uneasy coalition and have opposed online surveillance, welcomed the tight limits the court set and said they expected ministers to start writing a national law soon.

“The balance between freedom and security remains protected,” the party’s chairman, Kurt Beck, said in a statement. “The exaggerated ideas of security and political hard-liners were rebuffed.”

Several European countries have struggled since 2001 to increase police and intelligence agency powers to help prevent terrorist attacks and at the same time to protect civil rights. The debate has been particularly fraught in Germany, especially since the authorities arrested three men last year who they accused of planning to carry out bomb attacks against American installations in Germany.

 

 

Team Works to Defend Digital Battlefield in Europe

By Kristopher Joseph
Special to American Forces Press Service

MANNHEIM, Germany, Dec. 31, 2007 – In 1983, with the Cold War still going strong, a movie called “War Games” depicted an eccentric computer hacker named David Lightman, played by Matthew Broderick. With dogged determination to play a military-generated “game” -- Global Thermonuclear War -- David managed to hack into the North American Aerospace Defense Command computer system and almost caused an actual nuclear war with the Soviet Union.

“War Games” represented the tensions and anxieties of the ever-looming nuclear threat during the Cold War nuclear arms race. The global war on terrorism has replaced many threats of the Cold War. Many believe that in today’s “information age” there are real David Lightmans who pose a cyber threat to military networks that could cause the loss of innocent lives unless something is done about them.

“We are taking a proactive approach to stop these ‘hacktivists’ from attacking our systems,” said Robert Hembrook, deputy chief of intelligence for United States Army Europe’s 5th Signal Command here.

For the first time in the European military theater, a cyber-threat intelligence cell has been created for the specific purpose of detecting, monitoring and combating malicious digital infiltrations on military computer networks, Hembrook said.

Cyber defense is implemented at the Department of Defense level and already was under way in the halls of U.S. European Command, in Stuttgart, but a fully developed and funded European theater-level cyber cell now is active within 5th Signal Command, Hembrook said.

The cell consists of three experienced intelligence and computer experts whose jobs are to observe potentially harmful data passing from the Internet into friendly networks, identify patterns of attacks, analyze data, and advise the operators of the network so that they can take preventative action to ensure the safety and security of all systems in the European footprint.

“The fact is that there are people currently trying to break into our systems in an effort to obtain data or plant viruses that put servicemembers and their missions at risk,” one of the cyber cell members said. “We simply cannot be vulnerable in this area.”

The military, along with most other organizations, relies more and more on the speed and capabilities of computer-based technology to give it an edge on the battlefield. This reliance also allows an extra avenue of attack for the enemy. “This cyber cell marks a change of approach in the intel world,” a team member said. “We are already experts on predicting physical attacks from the enemy, but we never had a dedicated staff to predict and prevent virtual attacks at a theater level.”

Besides combating threats from the outside, the cell is also involved with helping its military users prevent “digital fratricide” from the inside. For work and morale purposes, DoD policy allows users filtered, monitored access to the World Wide Web on government computers. According to a cell member, this is to obtain business-related information and to visit non-work related sites as long as casual browsing does not affect getting missions accomplished.

“It’s a delicate relationship of balancing functionality and security,” a cell member said. “We know that many users can’t do their job without computers and the Internet, so we look for ways to help protect them.”

“Users need to know that Internet access is a privilege and not a right,” one cyber cell member said.

The cell has taken another proactive step by leaving their offices and actively engaging and informing commanders and military communities of their findings as well as stressing the importance and relevance of the cyber battlefield.

Another cell member said that the team’s audience is the leadership in theater because they are the ones who can affect changes in how members of the DoD deal with and fight these cyber threats.

“We have had nothing but positive feedback from commanders,” one cell member said. “They are taking our reports seriously, and more and more they are seeing that, if our data or systems get compromised or abused, threats to our systems can affect not only those sitting behind a desk, but also those on the front lines.”

Since the 5th Signal Cyber Cell has shared its results to the intelligence community, other military organizations are asking how they too can have a cyber cell to find their own digital landmines, team officials said.

“This (cyber cell) is unprecedented at this level,” a cell member said. “I saw the need for this when I worked at the DoD level. Members of the cell believe that network-defensive measures should be implemented at all levels in the military because a computer’s role is becoming just as vital as an M-16 rifle in terms of winning today’s wars.

“As much as the military trains its own on weapon safety, so we should be training them on computer and network safety,” the cell member said. “That is where informing the leadership and giving them briefings becomes so vital.”

In a 2006 interview for Defense Systems magazine, Tom Reardon, chief of the Intelligence Division for Network Enterprise Technology Command at Fort Huachuca, Ariz., had this to say about the level of importance computer networks play in military operations: “Network-centric operations are how we prosecute war and sustain the warfighter. If an enemy can degrade or destroy that capability, the tide of the battle could easily be turned in their favor. Worse yet, if the enemy succeeds in denying our network-centric capability, our forces may not be able to deploy; we couldn’t show up to seize or defend terrain or support an ally.”

Today, the 5th Signal Cyber Threat Intelligence Cell team members are the U.S. Army Europe warfighters in virtual trenches making sure the digital frontlines are defended.

“From an intel point of view, we’ve gone from ‘patch the leaks’ to ‘build a better boat,’” Hembrook said.

(Kristopher Joseph is a public affairs specialist and editor of 5th Signal Command’s biannual Echo magazine.)

 

 

U.S., British officials target Chinese as source of cyberattacks


By Bob Brewin bbrewin@govexec.com

December 4, 2007

High-ranking officials in the United Kingdom and the United States have for the first time publicly identified the Chinese government as the source of cyberattacks, warning that China has penetrated both government and business networks with potentially disastrous consequences.
Jonathan Evans, director-general of MI5, the U.K.'s counterintelligence and security service, told British companies last week that they were under attack by "Chinese state organizations," The Times of London reported Saturday.
Marine Gen. James Cartwright, the vice chairman of the Joint Chefs of Staff, has portrayed the effects of large-scale Chinese-backed denial-of-service attacks against U.S systems and networks as potentially having an effect equal to "the magnitude of a weapon of mass destruction." The characterization came in a little-noticed report to Congress released by the U.S.-China Economic and Security Review Commission late last month.
Security analysts said the comments of Cartwright and Evans mark the first time that high-level officials in either the United States or the U.K. have publicly identified the Chinese government as the source of widespread cyberattacks.
Antivirus software company McAfee stated in its annual Virtual Criminology Report released last week that 120 nations worldwide have started to develop cyberattack commands, with China well ahead of the others.
The Times of London said Evans told British companies doing business in China that they are being targeted by the Chinese army, which is using the Internet to steal confidential commercial information that can be used to benefit Chinese companies.
Evans' alert was posted on the Web site of the UK's Centre for the Protection of the National Infrastructure. The Times said Evans used the site to warn companies "about the possible damage to U.K. business resulting from electronic attacks sponsored by Chinese state organizations, and the fact that the attacks are designed to defeat best practice IT security systems." Access to secure parts of the CPNI Web site is limited to companies and organizations that make up the U.K. critical infrastructure, including banks, telecommunication firms, energy companies and utilities.
Alan Paller, director of research at the SANS Institute, a provider of information security training, certification and research, called the MI5 warning "the most vibrant example of how the British are doing a better job of cybersecurity leadership. You cannot ask people to act unless they understand the problem. The British have consistently been willing to speak the truth."
In contrast, Paller said the United States has relied on a failed paperwork policy built around the Federal Information Security Management Act and "vapid guidance" from the National Institute of Standards and Technology.
Attacks Could Cause 'Cataclysmic Harm'
Cartwright testified before the U.S.-China Economic and Security Review Commission in March, when he was still head of the U.S. Strategic Command, which has responsibility for information operations in the Defense Department. He told the commission that China currently has a larger capability to conduct denial-of-service attacks than any other country, and such attacks have "the potential to cause cataclysmic harm if conducted against the United States on a large scale."
He testified that the Chinese are making "plans to use this type of capability in a military context." He added, "I don't think the [United States] has gotten its head around this issue yet, but I think we should start to consider that the regret factors associated with a cyberattack could, in fact, be in the magnitude of a weapon of mass destruction."
China also is "actively engaging in cyber reconnaissance" by probing the computer networks of U.S. government agencies as well as private companies, Cartwright said. The data collected from these probes, he told the commission, could be used to identify weak points in U.S. networks, discover the communications patterns of government agencies and obtain valuable information stored throughout networks.
Despite reports of Chinese attacks this fall against government and military networks in the United States and U.K. as well as Australia, Germany and New Zealand, top leaders in those countries have not publicly identified China as the culprit until now. Bruce Schneir, a security consultant with BT Counterpane, said he found it significant that both Evans and Cartwright decided to identify China as a serious cyber threat.
"We're not used to seeing the head of MI5 and a top general saying that China is the problem," Schneir said. Maybe, he said, "they decided enough is enough." He said he believed that Cartwright was engaging in hyperbole when he warned of a cataclysmic effect on the United States from a large-scale Chinese denial-of-service attack. The country, he noted, managed to weather an electrical outage that crippled much of Northeast in 2004.
Paller said he found Cartwright's comments on the Chinese capability to launch massive denial-of-service attacks particularly significant, because this scenario has never been publicly discussed by such a high-ranking official.
The Latest Cyberwar Technology
The McAfee report also fingers the Chinese government as the source of widespread cyberattacks. James Mulvenon, director of the Center for Intelligence Research and Analysis at the Defense Group Inc. in Washington, told McAfee that "the Chinese were the first to use cyberattacks for political and military goals....Whether it is as battlefield preparation or hacking networks used by the German chancellor, they are the first state actor to jump feet first into 21st century cyberwarfare technology. This is becoming a more serious and open problem."
China does not stand alone in its military exploitation of cyberspace, according to the McAfee report. Peter Sommers, a computer security expert at the London School of Economics, said there are signs that intelligence agencies around the world are constantly probing government networks for signs of weakness, and countries he did not identify "are gearing themselves up to launch all-out online attacks."
McAfee predicted that over the next few years, governments will pursue "punitive action" against cyberattackers and "will ... go after them, regardless of their location." That's the approach advocated by the Defense Science Board in a recent report, which said that the United States "should link cyber defensive and offensive operations to its broader national strategies ... treating adversarial operations that damage U.S. information systems and networks as events warranting a balanced, full-spectrum response."
Earlier this year, Cartwright advocated a similar strategy in testimony before the House Armed Services Committee. He said that if "we apply the principle of warfare to the cyber domain, as we do to sea, air and land, we realize the defense of the nation is better served by capabilities enabling us to take the fight to our adversaries, when necessary, to deter actions detrimental to our interests."

 

US Video Shows Hacker Hit on Power Grid

By TED BRIDIS and EILEEN SULLIVAN

Associated Press Writers

3:01 AM CDT, September 27, 2007

WASHINGTON

A government video shows the potential destruction caused by hackers seizing control of a crucial part of the U.S. electrical grid: an industrial turbine spinning wildly out of control until it becomes a smoking hulk and power shuts down.

The video, produced for the Homeland Security Department and obtained by The Associated Press on Wednesday, was marked "Official Use Only." It shows commands quietly triggered by simulated hackers having such a violent reaction that the enormous turbine shudders as pieces fly apart and it belches black-and-white smoke.

The video was produced for top U.S. policy makers by the Idaho National Laboratory, which has studied the little-understood risks to the specialized electronic equipment that operates power, water and chemical plants. Vice President Dick Cheney is among those who have watched the video, said one U.S. official, speaking on condition of anonymity because this official was not authorized to publicly discuss such high-level briefings.

"They've taken a theoretical attack and they've shown in a very demonstrable way the impact you can have using cyber means and cyber techniques against this type of infrastructure," said Amit Yoran, former U.S. cybersecurity chief for the Bush administration. Yoran is chief executive for NetWitness Corp., which sells sophisticated network monitoring software.

"It's so graphic," Yoran said. "Talking about bits and bytes doesn't have the same impact as seeing something catch fire."

The electrical attack never actually happened. The recorded demonstration, called the "Aurora Generator Test," was conducted in March by government researchers investigating a dangerous vulnerability in computers at U.S. utility companies known as supervisory control and data acquisition systems. The programming flaw was quietly fixed, and equipment-makers urged utilities to take protective measures.

There was no evidence any U.S. utility company suffered damage from hackers or terrorists using this technique, U.S. officials said. But these officials cautioned that affected systems are not routinely monitored as closely as many modern corporate computer networks, so there would be little forensic evidence to study after such a break-in.

Industry experts cautioned that intruders would need specialized knowledge to carry out such attacks, including the ability to turn off warning systems.

"The video is not a realistic representation of how the power system would operate," said Stan Johnson, a manager at the North American Electric Reliability Corp., the Princeton, N.J.-based organization charged with overseeing the power grid.

A top Homeland Security Department official, Robert Jamison, said companies are working to limit such attacks.

"Is this something we should be concerned about? Yes," said Jamison, who oversees the department's cybersecurity division. "But we've taken a lot of risk off the table."

President Bush's top telecommunications advisers concluded years ago that an organization such as a foreign intelligence service or a well-funded terror group "could conduct a structured attack on the electric power grid electronically, with a high degree of anonymity, and without having to set foot in the target nation." Ominously, the Idaho National Laboratory -- which produced the new video -- has described the risk as "the invisible threat."

Experts said the affected systems were not developed with security in mind.

"What keeps your lights on are some very, very old technology," said Joe Weiss, a security expert who has testified before Congress about such threats. "If you can get access to these systems, you can conceptually cause them to do whatever it is you want them to do."

The Homeland Security Department has been working with industries, especially electrical and nuclear companies, to enhance security measures. The electric industry is still working on their internal assessments and plans, but the nuclear sector has implemented its security measures at all its plants, the government said.

In July the Federal Energy Regulatory Commission proposed a set of standards to help protect the country's bulk electric power supply system from cyber attacks. These standards would require certain users, owners and operators of power grids to establish plans and controls.

 

 

 

Return to top

Focus Area Current News

Agroterrorism/Defense and Food Security

Bio-Terrorism/Defense

Border and Port Security, Immigration & Customs

Business and Contracting Issues

Citizen and Volunteer Activities

Civil Liberties and Privacy Issues

Critical Infrastructure Protection

Cyber-terrorism/Security

Domestic terrorism and Counter-terrorism

Economic and Financial Issues

Education and Training

Emergency Preparedness, Response and Recovery

Government & Political Issues

Homeland Defense

Homeland Security - General

Information Sharing, Communication, Security and Systems

Intelligence and Warning

International Issues

Legal and Justice Issues

Media and Communication Issues

Medical Care Delivery

Public Health

Risk Management and Insurance

Science and Technology

Sensors, Detection and Identification

Social, Religious and Cultural Issues

Terrorism, Terrorists and Counter-Terrorism

Transportation Security

University Issues and Security

Weapons of Mass Destruction