Cyber Threat: First Data Theft - Next Data Manipulation

o-JAMES-CLAPPER-facebook.jpg

Director of U.S. National Intelligence James Clapper calls data deletion or manipulation ‘next push of the envelope’ to US digital networks now threatened by wide-scale data theft.

A “Cyber Armageddon”, long imagined in Washington as a catastrophic event of digitally triggered damage to physical infrastructure, is less likely than “cyber operations that will change or manipulate data”, the US director of national intelligence, James Clapper, told the House intelligence committee recently.
Clapper, backed by the director of the National Security Agency, Admiral Michael Rogers, said that while such efforts had yet to manifest themselves, US business and governmental agencies had entered an era of persistent “low-to-moderate level cyber-attacks from a variety of sources”.

Yet both indicated that US digital networks are currently threatened by wide-scale data theft, like the recent intrusion into the networks of the Office of Personnel Management, not destruction or compromise.
Rogers and Clapper warned that a mutated phase of malicious digital penetrations would undermine confidence in data stored and accessible on US networks, creating an uncertainty that could jeopardize US military situational awareness.
“I believe the next push on the envelope is going to be the manipulation or the deletion of data which would of course compromise its integrity,” Clapper told the House panel.

Rogers testified that while the NSA and its military conjoined twin, US Cyber Command, had clear rules for protecting US networks, its authorities to engage in offensive action online were murkier. In 2013, the Guardian published a secret directive on US digital offensive capabilities and a framework for their use, thanks to the whistleblower Edward Snowden.
There is “still uncertainty about what is offensive and what is authorized”, Rogers said. “That’s a policy decision.”
While noting that offensive cyber attacks were “an application of force” akin to conventional military conflict, Rogers suggested that NSA or Cyber Command require a freer hand, warning: “A purely defensive strategy is not going to change the dynamic we find ourselves in now.”

Rogers also urged new international norms that would prohibit “extracting mass personally identifiable data”, although the Snowden document hoard demonstrates that to be the NSA’s practice worldwide.
Nor should the global community accept data destruction as a national practice, Rogers said – a cyber practice the US and Israel arguably inaugurated by allegedly creating the Stuxnet worm that hijacked and damaged industrial controls for Iranian nuclear centrifuges.

The FBI director, James Comey, joined by Rogers, reprised his plea for surreptitious access into end-to-end encrypted data. Comey argued that technologists had not truly tried to find a mathematical solution that would allow the US government access without subjecting sensitive data to increased insecurity.
Though leading cryptographers have likened Comey’s effort to “magical thinking”, Comey said: “My reaction to that is, really? Have we really tried?”

Clapper testified that there was no consensus within the intelligence agencies as to the ultimate culprit in the mass exfiltration of federal employees’ data at the Office of Personnel Management.
Rogers said the NSA had provided the office with “19 specific recommendations” to forestall a future hack, but did not indicate why the US agencies tasked with protecting government networks did not spot the vulnerabilities before 4 million personnel records were stolen, reportedly by China.
“I don’t think anyone is satisfied with the environment we find ourselves in right now,” Rogers said.
Ein News: http://http://bit.ly/1MoJpQW

« Autonomous Submarine Drones: A Threatening New Weapons Platform
Over 90% of UK Police Requests to Access Calls & Emails Are Granted »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

Cobalt Labs

Cobalt Labs

Pen Testing as a Service for Modern SaaS Businesses. Cobalt is redefining the modern pen test for companies who want serious hacker-like testing built into their development cycle.

Ekran System

Ekran System

Ekran System is an advanced insider threat detection solution for companies of any size.

Egnyte

Egnyte

Egnyte delivers secure content collaboration, compliant data protection and simple infrastructure modernization; all through a single SaaS solution.

Network Center Inc (NCI)

Network Center Inc (NCI)

NCI is one of the largest IT solution providers in the Midwest. We specialize in industry specific technology solutions, service, support, and expertise for small to enterprise businesses.

Trava Security

Trava Security

Trava simplifies cyber risk management for business owners and IT professionals. Automated assessments, mitigation advising, and data-driven cyber insurance.

Belcan

Belcan

Belcan is a global supplier of engineering, manufacturing & supply chain, workforce and government IT solutions to customers in the aerospace, defense, automotive, industrial, and private sector.

Center for Medical Device Cybersecurity (CMDC) - University of Minnesota

Center for Medical Device Cybersecurity (CMDC) - University of Minnesota

CMDC’s mission is to foster university-industry-government partnerships to assure that medical devices are safe and secure from cybersecurity threats.

Cisco Networking Academy

Cisco Networking Academy

Cisco Networking Academy is the world's largest classroom, bringing technology education, 21st-century skills, and improved jobs prospects since 1997.

Immunefi

Immunefi

Immunefi provides bug bounty hosting, consultation, and program management services to blockchain and smart contract projects.

Catalogic Software

Catalogic Software

Catalogic helps clients backup, recover, manage, and protect their data across their enterprise and cloud environments with Smart Data Protection solutions.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

Canadian Cyber Threat Exchange (CCTX)

Canadian Cyber Threat Exchange (CCTX)

The CCTX is Canada’s not-for-profit, private-sector cyber threat sharing hub and collaboration centre.

Cyber Industrial Networks

Cyber Industrial Networks

Cyber Industrial Networks objective is to service the needs of industry in achieving reliable, robust and secure infrastructure that supports productivity.

FoxPointe Solutions

FoxPointe Solutions

FoxPointe Solutions is a full-service cyber risk management and compliance firm.

SafeLiShare

SafeLiShare

SafeLiShare’s data security platform unifies encryption strategies for organizations with hybrid and multi-cloud infrastructures, ensuring data is secure regardless of its location.