Fighting The Invisible War In CyberSpace

Last December, part of the Ukraine saw its power grid suddenly go dark. No one's claimed responsibility, but the grid had been hit by an online attack that took out the system remotely. Experts agree on a likely suspect: the Russian government, which is headquartered more than 800 miles away.

It appears to be the first time a cyberattack has knocked out a power grid. The outage is just one example of the growing threat of cyberwar, a practice that's become a primary focus of governments and terrorist organizations worldwide. Underlining this point, the US has started going public with its own attacks. Last week, Department of Defense Secretary Ash Carter said that the US is hitting ISIS systems with cyberassaults.

The attacks aim "to cause them to lose confidence in their networks, to overload their networks so they can't function," Rogers said, according to multiple reports. He didn't provide details, and the Department of Defense didn't respond to a request Friday for more information.

If we didn't know it already, the Ukraine attack and Ash's remarks make it clear there are destructive skirmishes taking place in cyberspace right now, and increasingly they're spilling into people's daily lives.

Director of US Cyber Command Michael Rogers: "It's only a matter of the when, not the if, you are going to see a nation state, a group or an actor engage in destructive behavior against critical infrastructure of the United States."

Cyberattacks can be designed to damage critical infrastructure, like the strike against the power grid in the Ukraine. They can be geared toward stealing important government secrets, like the theft of federal employee records from the US Office of Personnel Management last year. And they can even be about retaliating against private companies for political reasons, like when Sony found its systems hacked just as it planned to release a film mocking North Korean leader Kim Jong Un.

Most attacks seek to fly under the radar, leaving it unclear whether the target's own systems are at fault or whether they've been hit, according to Wired reporter Kim Zetter's 2014 book "Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon."

In 2012, it took cybersecurity researchers and journalists, months to ferret out who was behind Stuxnet, malicious software found on computers running the Iranian nuclear enrichment program. Surprise: It was the US and Israel.

Michael S. Rogers, the director of US Cyber Command, which carries out cyberattacks for the military, didn't mention attacks on ISIS when he spoke at the cybersecurity-focused RSA Conference in San Francisco on Tuesday. He only brought up attacks on infrastructure once to describe the threat to the US.

"It's only a matter of the when, not the if, you are going to see a nation state, a group or an actor engage in destructive behavior against critical infrastructure of the United States," Rogers said. After the attack in the Ukraine, the White House and the Department of Homeland Security warned US utilities and infrastructure providers that a similar attack could be used against them.

Testifying before the US Senate last March, Rogers said "a purely defensive reactive strategy" isn't enough. Aside from being resource intensive, such defensive tactics could come too late to do any good. "We also need to think about how can we increase our capacity on the offensive side," he said.
But former White House counterterrorism czar Richard A. Clarke has criticized the shadowy nature of cyberwar in the US. Cyberattacks are conducted "without public debate, media discussion, serious congressional oversight, academic analysis or international dialogue," he wrote in his 2010 book "Cyber War: The Next Threat to National Security and What to Do About it."

Speaking at a luncheon near the RSA Conference, retired Marine Corps Gen. Peter Pace said the powers the US has to hack aren't to be trifled with. But, he noted, here's the rub with cyberweapons: They don't blow up on impact. Once code that targets critical infrastructure creeps onto the enemy's computer, that enemy can potentially use it too.

Also, Pace noted that cyberweapons are easy to make but very hard to defend against. "I know we cannot defend against what we can do offensively," he said.

Ein News: 

 

 

« China’s Quantum Satellite Changes Cryptography
Cybersecurity Skill Shortage Has Industry Worried »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Indemnity Solutions (CIS)

Cyber Indemnity Solutions (CIS)

CIS is an InsurTech company focused on licensing innovative cyber risk insurance solutions to the global insurance industry.

CyberESI

CyberESI

CyberESI is a Managed Security Service Provider providing 24x7 remote security monitoring and management of your mission-critical networks.

Netteam

Netteam

Netteam designs, implements and services networking solutions for companies of all sizes.

Telspace Systems

Telspace Systems

Telspace Systems provides penetration testing, vulnerability assessment and training services.

Hedgehog Security

Hedgehog Security

The key objective of Hedgehog is to provide simple, effective and affordable information security improvements that support your drive to increase productivity and profitability.

NetFort

NetFort

NetFort provides software products to monitor activity on virtual and physical networks.

The Open Group

The Open Group

The Open Group: Leading the development of open, vendor-neutral IT standards and certifications.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

The main objective of the Hub is to bring cybersecurity and other advanced technologies closer to companies and as a result help to increase their performance as Industry 4.0.

Tehtris

Tehtris

TEHTRIS XDR Platform was developed to control and improve the IT security of private and public companies against advanced cyber threats such as cyber espionage or cyber sabotage activities.

Blue Cedar

Blue Cedar

Blue Cedar's mobile app security integration platform secures and accelerates mobile app deployment for enterprises and government organizations around the world.

Netlinkz

Netlinkz

Netlinkz has developed the Virtual Secure Network (VSN) overlay technology platform, a breakthrough in connectivity security, speed, and simplicity.

Secmation

Secmation

Secmation are an agile engineering services firm providing advanced DoD level security design and consultation services for both commercial and defense hardware and software applications.

Logically.ai

Logically.ai

Logically combines artificial intelligence with expert analysts to tackle harmful and manipulative content at speed and scale.

SoftForum

SoftForum

SoftForum is a company specializing in next-generation information security solutions in the Quantum-Resistant-Cryptography (PQC) field.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.