Archive for the ‘Military & Defense’ Category

Infected PC Compromises Pentagon Credit Union

January 12, 2011

Infected PC Compromises Pentagon Credit Union: “

The credit union used by members of the U.S. armed forces and their families has admitted that a laptop infected with malware was used to access a database containing the personal and financial information of customers.


(Via threatpost – The First Stop for Security News.)


Cybersecurity: Here’s What Really Worries the Pentagon | Danger Room |

January 7, 2010

Cybersecurity: Here’s What Really Worries the Pentagon | Danger Room | ”

Cybersecurity: Here’s What Really Worries the Pentagon
By Noah Shachtman January 6, 2010  |  10:33 am  |  Categories: Info War

In Washington, ‘cybersecurity’ is a term that’s come to have a thousand meanings, and none at all. Any crime, prank, intelligence operation, or foreign-government attack involving a computer has become a ‘cyber threat.’ But at the Pentagon, they aren’t worried about some kid painting a Hitler moustache on Defense Secretary Robert Gates’ online portrait. They’re not even that concerned about a full-scale attack on the military’s networks – even though the modern American way of war depends so heavily on the free flow of data. In the military, there’s now broad agreement that one cyber threat trumps all others: electronic espionage, the infiltration (and possible corruption) of Defense Department networks.

Well-placed spy software not only opens a window for an adversary to look into Ameri”

(Via .)

Movement on the US Cyber Command

January 7, 2010

Movement on the US Cyber Command: “

The US Cyber Command has been an interesting story to watch. Similar to the old Charlie Brown comic strips where he continuously tried kicking the football only to have Lucy pull it away at the last minute. Now Ellen Nakashima, from the Washington Post, is reporting that ‘Pentagon computer-network defense command delayed by congressional concerns.’ Still, movement is occurring. The Pentagon hopes to brief lawmakers this month to clear the way for confirmation hearing of the Cyber Command’s new director.

For a little perspective, remember back in August 2008, the Air Force suspended all efforts to the establishment of the Cyber Command. This was after the Air Force was hyping the Cyber Command capabilities on TV, in Web video advertisement, and in presentations. In September, the Pentagon decided that the US Strategic Command in Omaha, NE should create and run a version of the joint Cyber Command. Deputy Secretary of Defense Gordon England wrote in a memo, ‘Because all the combatant commands, military departments and other defense components need the ability to work unhindered in cyberspace, the domain does not fall within the purview of any particular department or component.’

In October, top Air Force leadership decided to continue efforts to stand up the Cyber Command. At the time, Air Force Secretary Michael Donley made the statement, ‘The conduct of cyber operations is a complex issue, as [Defense] and other interagency partners have substantial equity in the cyber arena. We will continue to do our part to increase Air Force cyber capabilities and institutionalize our cyber mission.’

Top military officials in May 2009 argued for a single joint command and went on to tell the media that a ‘Cyber attack could bring U.S. military response.’ In June 2009, Defense Secretary Robert M. Gates in a memo Stated, ‘Our increasing dependency on cyberspace, alongside a growing array of cyber threats and vulnerabilities, adds a new element of risk to our national security. To address this risk effectively and to secure freedom of action in cyberspace, the Department of Defense requires a command that possesses the required technical capability and remains focused on the integration of cyberspace operations.’

The Defense Department failed to meet an Oct. 1 target launch date. There have been no confirmation hearing for the command’s first director. Nakashima is reporting that the project was delayed by ‘congressional questions about its mission and possible privacy concerns.’

NSA Deputy Director John (Chris) Inglis said ‘90 percent’ of the command’s focus will be on defensive measures because ‘that’s where we are way behind.’ The offensive measure lead to many policy and doctrinal questions involving cyber warfare. Nakashima goes on to report one official familiar with the Pentagon’s plans, who was not authorized to speak for the record, stated ‘The rules can vary dramatically depending upon under what authority you’re doing something. An offensive action is not a decision that can be taken very lightly. It is an extraordinary action because of the consequences that could result for either DOD or the intelligence community or critical U.S. industries.’

Offensive computing is a difficult topic to tackle. Remember Col. Charles W. Williamson III? He ran into a bit of controversy back in May 2008 when he posted ‘Carpet bombing in cyberspace: Why America needs a military botnet.’ He stated, ‘America needs a network that can project power by building an robot network (botnet) that can direct such massive amounts of traffic to target computers that they can no longer communicate and become no more useful to our adversaries than hunks of metal and plastic.’ Richard Bejtlich’s post, ‘Mutually Assured DDoS’ points out several of the problems with a robot network. Sean Sullivan from F-Secure also did a thoughtful response titled ‘US Air Force Colonel Proposes Skynet.’ The problem will always be in cyberspace, attackers do not wear uniforms, nor do they necessarily come from a particular domain. It is not so easy to identifying the enemy. The intelligent attacker makes all effort to blend into the population.

Paul B. Kurtz, a cybersecurity expert who served in the George W. Bush and Clinton administrations stated, ‘I don’t think there’s any dispute about the need for Cyber Command. We need to do better defending DOD networks and more clearly think through what we’re going to do offensively in cyberspace. But the question is how does that all mesh with existing organizations and authorities? The devil really is in the details.’

Nakashima reports officials stated:

‘The initial operating plan for a cyber command is straightforward: to merge the Pentagon’s defensive unit, Joint Task Force-Global Network Operations, with its offensive outfit, the Joint Functional Command Component-Network Warfare, at Fort Meade, home to the NSA. The new command, which would include about 500 staffers, would leverage the NSA’s technical capabilities but fall under the Pentagon’s Strategic Command.

Lt. Gen. Keith B. Alexander, director of the NSA, has been nominated by President Obama to be the director of the Cyber Command. Congressional staff have been briefed three times, and the Pentagon hopes to brief lawmakers this month. Once the staff are satisfied the understand the command’s purpose and operating place, the Senate Armed Service Committee can hold the confirmation hearing for a new director.

Edmund Burke once said, ‘All that is necessary for evil to succeed is that good men do nothing.’ Of course, Saint Bernard of Clairvaux would have cautioned, ‘Hell is full of good intentions or desires.’ While there are many issues involved with the development of a US Cyber Command, steps are continuing to occur. Issues are being considered. Is it progress? I believe so. Stay tuned and we will all see what happens.

(Via System Advancements at the Monastery.)

US Military cyber forces on the defensive in network battle

November 30, 2009

US Military cyber forces on the defensive in network battle: “

Operation Screaming Whimpering Fist

The US 24th Air Force – the first dedicated American military cyber force to go operational – is ‘not yet a warfighting organisation’ and needs to ‘create an awareness of the battlespace’, according to its commander.…

(Via The Register – Security.)

Report: Countries prepping for cyberwar –

November 27, 2009

Report: Countries prepping for cyberwar – “CNN

Report: Countries prepping for cyberwar
By Elinor Mills
November 17, 2009 — Updated 1611 GMT (0011 HKT)

Threats of cyberwarfare have been hyped for decades but a McAfee report shows cyberattack preparation is happening.
McAfee: Countries are amassing cyberweapons, conducting espionage
Report based on interviews with experts in international relations, security
Experts are seeing increased intelligence gathering, according to report
Threats of cyberwarfare have been debated for decades
Computer Security
(CNET) — Major countries and nation-states are engaged in a ‘Cyber Cold War,’ amassing cyberweapons, conducting espionage, and testing networks in preparation for using the Internet to conduct war, according to a new report to be released on Tuesday by McAfee.

(Via .)

Electronic health records could be a deadly target during a cyberwar

November 24, 2009

Electronic health records could be a deadly target during a cyberwar: “

Most health officials worry about hackers stealing sensitive information such as an AIDS diagnosis from someones electronic medical record, but a technology manager for a health care system in the Pacific Northwest said its just as likely the digital files could be a target of terrorists or a nation state during war Countries have invested millions of dollars in computer systems to conduct a cyberwar against the United States ‘and the best way to do that is to destabilize the population,’ said Chad Skidmore, director of network services for Inland Northwest Health Services, a network of 34 hospitals in Spokane, Wash. To do that, hackers could infiltrate health systems to change patient records so misinformation will lead to deadly consequences. Skidmore, speaking on Friday before a health IT standards committee organized by the Health and Human Services Department, said what ‘keeps me up night and fairly scared’ is that an attacker could get into a system and, for example, change data fields that indicate patients who have an allergy to penicillin do not have an allergic reaction to the antibiotic. About 400 patients in the United States die each year from penicillin allergies, according to the Web site Wrong Diagnosis. Skidmore said an adversary could manipulate other patient information such as blood types. Compounding his fears are findings that show health care organizations are more vulnerable to cyberattacks than other groups because the health care industry invests less in information

(Via Hostexploit News RSS.)

National Journal Magazine – The Cyber Defense Perimeter

September 30, 2009

National Journal Magazine – The Cyber Defense Perimeter: ”