Panetta: Cyber warfare could paralyze U.S.

[AdamG]

Quote:

(CBS News) Back in 2010, the Pentagon established cyber command to wage war and defend America's computer systems. It's a top priority for Secretary of Defense Leon Panetta. In an interview for "60 Minutes," CBS Evening News anchor Scott Pelley spoke with Panetta while he was touring the Middle East last month, flying in a command post that's rigged to conduct nuclear war if need be. The Secretary told CBS News cyber war is one of his biggest worries.

http://www.cbsnews.com/8301-18563_16...alyze-country/

[Jedburgh]

Harvard National Security Journal, 9 Jan 12: Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy

Quote:

There has been no shortage of attention devoted to cybersecurity, with a wide range of experts warning of potential doomsday scenarios should the government not act to better secure the Internet. But this is not the first time we have been warned of impending dangers; indeed, there are many parallels between present portrayals of cyberthreats and the portrayal of Iraq prior to 2003, or the perceived bomber gap in the late 1950s.

This article asks for a better justification for the increased resources devoted to cyber threats. It examines the claims made by those calling for increased attention to cybersecurity, and notes the interests of a military-industrial complex in playing up fears of a “cyber Katrina.” Cybersecurity is undoubtedly an important policy issue. But with a dearth of information regarding the true nature of the threat, it is quite difficult to determine whether certain government policies are warranted—or if this merely represents the latest iteration of threat inflation benefitting private and parochial political interests.

[Jedburgh]

Wired, 14 Feb 12: Wired Opinion: Cyberwar Is the New Yellowcake

Quote:

...Washington teems with people who have a vested interest in conflating and inflating threats to our digital security. The watchword, therefore, should be “trust but verify.”....

....Cybersecurity is a big and booming industry. The U.S. government is expected to spend $10.5 billion a year on information security by 2015, and analysts have estimated the worldwide market to be as much as $140 billion a year. The Defense Department has said it is seeking more than $3.2 billion in cybersecurity funding for 2012. Lockheed Martin, Boeing, L-3 Communications, SAIC, and BAE Systems have all launched cybersecurity divisions in recent years. Other traditional defense contractors, such as Northrop Grumman, Raytheon, and ManTech International, have invested in information security products and services. ....

[AdamG]

WSJ podcast -

Quote:

The director of the National Security Agency has warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack. Gen. Keith Alexander, the director, provided his assessment in meetings at the White House and in other private sessions, according to people familiar with the gatherings. While he hasn’t publicly expressed his concerns about the potential for Anonymous to disrupt power supplies, he has warned publicly about an emerging ability by cyberattackers to disable or even damage computer networks.

http://blogs.wsj.com/wsjam/2012/02/2...er-power-play/

[AdamG]

Quote:

WASHINGTON—China almost certainly would mount a cyberattack on the U.S. in the event of a conflict, and the U.S. has no clear policy to determine how to respond appropriately, a congressional advisory panel is set to warn on Thursday.

In a lengthy report analyzing Chinese cyber-capabilities and the threat facing the U.S., the U.S.-China Economic and Security Review Commission found that the U.S. telecommunications supply chain is particularly vulnerable to cyber-tampering and an attack could result in a "catastrophic failure" of U.S. critical infrastructure.

The report was written for the commission by analysts at defense firm Northrop Grumman Corp.

http://online.wsj.com/article/SB1000...world_newsreel

[Bob's World]

I have no problem appreciating the cyber vulnerability of the US, across all aspects of our society. We have pursued the benefits of technology while under-investing in the security of those same systems.

What I cannot embrace is why this is somehow a military mission to solve.

Anyone who can make the case for why this is a military mission, please, help make that case.

My concern is that the defense budget will not be made larger to address this wide mission area, but will come at the cost of actual defense capabilities. My other concern is that once DoD stands up and says they have this, that the other aspects of government and many civilian operations that rely on cyber capabilities will continue to under-invest in what is clearly their responsibility to secure.

[carl]

Quote:

Originally Posted by Bob's World

What I cannot embrace is why this is somehow a military mission to solve.

Anyone who can make the case for why this is a military mission, please, help make that case.

My concern is that the defense budget will not be made larger to address this wide mission area, but will come at the cost of actual defense capabilities. My other concern is that once DoD stands up and says they have this, that the other aspects of government and many civilian operations that rely on cyber capabilities will continue to under-invest in what is clearly their responsibility to secure.

That seems sensible and a wise concern. If there were a conflict with the persistent threat, would it be best for the military to conduct and coordinate cyber counter attacks or the intel types or contractors or a combination?

[Strickland]

Please excuse my ignorance, but what is the difference between cyber warfare, cyber terrorism, cyber espionage, and cyber crime? When a sovereign state attacked the Iranian nuclear facilities with a computer virus/worm - was this an act or war, terrorism, covert ops? When the Russian, Chinese, or North Korean governments hack into USG websites and databases, is this a criminal act, act of subversion, or act of war?

[Bob's World]

Quote:

Originally Posted by Strickland

Please excuse my ignorance, but what is the difference between cyber warfare, cyber terrorism, cyber espionage, and cyber crime? When a sovereign state attacked the Iranian nuclear facilities with a computer virus/worm - was this an act or war, terrorism, covert ops? When the Russian, Chinese, or North Korean governments hack into USG websites and databases, is this a criminal act, act of subversion, or act of war?

Exactly.

My take on this is that the closer it comes to being an individual conducting the action, regardless of the character of the act, it is a criminal act if outside the law.

The closer it comes to being a state, or a state-like organization with political purpose, the closer it comes to being an act of war.

It is the character of the actor and purpose of the act much more so than the character of the act itself that matters.

If it is determined that an act of war has been perpetrated against the US thorugh the Cyber domain, then we respond just as we would to any act of war in any of the other domains (land, sea, air, space, etc). If it is a criminal act we should treat as we do any other criminal act.

The cyber domain is very democratic, in that criminal individuals can wreck havoc to the same degree as war waging states and organizations. That scares the heck out of states. It should.

But that does not make this of necessity a military function.


For the majority of the military I believe there are two broad missions that must be covered:
1. Be able to maximize the cyber domain to conduct one's core operations and activities.

2. Be able to continue to conduct one's core operations and activities even if the cyber domain is severely degraded or denied.

DOD has it's own cyber vulnerablities to address, and similarly has not fully explored how this domain can be maximized. We need to focus on that first. Let Bank of America, Florida Power and Light, thousands of other important institutions figure out, fund and address their own vulnerabilities. What works to stop acts of crime and vandalism will stop acts of war as well.

[AdamG]

Quote:

The Pentagon official at the top of the US Defense Department’s cyber program says that an attack on the United States’ computer systems is not just on the way but that America is now more vulnerable than ever.

National Security Agency Director Army Gen. Keith Alexander, who also heads the Pentagon’s Cyber Command unit, tells reporters this week that the US is coming close to being hit with a computer attack that could devastate the country. Speaking before a crowd this week, Alexander warns, "The conflict is growing [and] the probability for crisis is mounting.”

Quote:

The US Congress is currently tasking itself with finding a way to fight cyberterrorism, but the inability to fully find a way to balance security with civil liberties has raised objections across the country. Alexander dismissed these concerns during this week’s address, however, insisting that the NSA does not "hold data on American citizens” and equated the US government’s association with major Internet entities as one that is relatively hands-off.

*

http://rt.com/usa/news/cyber-nsa-way-alexander-858/

* References this :

Quote:

National Security Agency whistle blowers Thomas Drake, former senior official; Kirk Wiebe, former senior analyst; and William Binney, former technical director, return to “Viewpoint” to talk about their allegations that the NSA has conducted illegal domestic surveillance. All three men are providing evidence in a lawsuit by the Electronic Frontier Foundation against the NSA.

Drake says the spying affects “the entire country,” citing a “key decision made shortly after 9/11 which began to rapidly turn the United States of America into the equivalent of a foreign nation for dragnet blanket electronic surveillance.”

http://current.com/shows/viewpoint/v...nto-your-life/

[AdamG]

Quote:

In a blunt admission designed to prod action, Defense Secretary Leon Panetta Thursday night told business executives there has been a sudden escalation of cyber terrorism and that attackers have managed to gain access to control systems for critical infrastructure.

In a speech in New York City, Panetta said the recent activities have raised concerns inside the U.S. intelligence community that cyber terrorism might be combined with other attacks to create massive panic and destruction on par with the Sept. 11, 2001 attacks.

http://www.washingtonguardian.com/pa...-cyber-stunner

[AdamG]

When is a cyberattack an act of war?
By Ellen Nakashima, Published: October 26

Quote:

On the night of Oct. 11, Defense Secretary Leon Panetta stood inside the Intrepid Sea, Air and Space Museum, housed in a former aircraft carrier moored at a New York City pier, and let an audience of business executives in on one of the most important conversations inside the U.S. government.

Quote:

Welcome to the new world of “drip, drip cyber attacks,” in the words of Tufts University law professor Michael J. Glennon. The nature of cyberspace, he says, creates the potential for “a mysterious airliner accident here, a strange power blackout there, incidents extending over months or years,” generally “with no traceable sponsorship.”

http://www.washingtonpost.com/opinio...8_story_1.html

[AdamG]

Quote:

(Reuters) - Homeland Security Secretary Janet Napolitano warned on Thursday that a major cyber attack is a looming threat and could have the same sort of impact as last year's Superstorm Sandy, which knocked out electricity in a large swathe of the Northeast.

http://www.reuters.com/article/2013/...90N1A320130124

Quote:

A jihadist website posted a new threat by al Qaeda this week that promises to conduct “shocking” attacks on the United States and the West.

The posting appeared on the Ansar al Mujahidin network Sunday and carried the headline, “Map of al Qaeda and its future strikes.”

The message, in Arabic, asks: “Where will the next strike by al Qaeda be?” A translation was obtained by Inside the Ring.

“The answer for it, in short: The coming strikes by al Qaeda, with God’s Might, will be in the heart of the land of nonbelief, America, and in France, Denmark, other countries in Europe, in the countries that helped and are helping France, and in other places that shall be named by al Qaeda at other times,” the threat states.

The attacks will be “strong, serious, alarming, earth-shattering, shocking and terrifying.”

Read more: http://www.washingtontimes.com/news/...#ixzz2Jg8CH8dt

[AdamG]

The Energy Department has been hit by a major cyber-attack, which resulted in the personal information of several hundred employees being compromised and could have been aimed at obtaining other sensitive information, The Washington Free Beacon reports.

Read more: http://www.foxnews.com/politics/2013...#ixzz2JxTT3nw8