Fighting The Invisible War In CyberSpace

Uploaded on 2016-03-18 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

Last December, part of the Ukraine saw its power grid suddenly go dark. No one's claimed responsibility, but the grid had been hit by an online attack that took out the system remotely. Experts agree on a likely suspect: the Russian government, which is headquartered more than 800 miles away.

It appears to be the first time a cyberattack has knocked out a power grid. The outage is just one example of the growing threat of cyberwar, a practice that's become a primary focus of governments and terrorist organizations worldwide. Underlining this point, the US has started going public with its own attacks. Last week, Department of Defense Secretary Ash Carter said that the US is hitting ISIS systems with cyberassaults.

The attacks aim "to cause them to lose confidence in their networks, to overload their networks so they can't function," Rogers said, according to multiple reports. He didn't provide details, and the Department of Defense didn't respond to a request Friday for more information.

If we didn't know it already, the Ukraine attack and Ash's remarks make it clear there are destructive skirmishes taking place in cyberspace right now, and increasingly they're spilling into people's daily lives.

Director of US Cyber Command Michael Rogers: "It's only a matter of the when, not the if, you are going to see a nation state, a group or an actor engage in destructive behavior against critical infrastructure of the United States."

Cyberattacks can be designed to damage critical infrastructure, like the strike against the power grid in the Ukraine. They can be geared toward stealing important government secrets, like the theft of federal employee records from the US Office of Personnel Management last year. And they can even be about retaliating against private companies for political reasons, like when Sony found its systems hacked just as it planned to release a film mocking North Korean leader Kim Jong Un.

Most attacks seek to fly under the radar, leaving it unclear whether the target's own systems are at fault or whether they've been hit, according to Wired reporter Kim Zetter's 2014 book "Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon."

In 2012, it took cybersecurity researchers and journalists, months to ferret out who was behind Stuxnet, malicious software found on computers running the Iranian nuclear enrichment program. Surprise: It was the US and Israel.

Michael S. Rogers, the director of US Cyber Command, which carries out cyberattacks for the military, didn't mention attacks on ISIS when he spoke at the cybersecurity-focused RSA Conference in San Francisco on Tuesday. He only brought up attacks on infrastructure once to describe the threat to the US.

"It's only a matter of the when, not the if, you are going to see a nation state, a group or an actor engage in destructive behavior against critical infrastructure of the United States," Rogers said. After the attack in the Ukraine, the White House and the Department of Homeland Security warned US utilities and infrastructure providers that a similar attack could be used against them.

Testifying before the US Senate last March, Rogers said "a purely defensive reactive strategy" isn't enough. Aside from being resource intensive, such defensive tactics could come too late to do any good. "We also need to think about how can we increase our capacity on the offensive side," he said.
But former White House counterterrorism czar Richard A. Clarke has criticized the shadowy nature of cyberwar in the US. Cyberattacks are conducted "without public debate, media discussion, serious congressional oversight, academic analysis or international dialogue," he wrote in his 2010 book "Cyber War: The Next Threat to National Security and What to Do About it."

Speaking at a luncheon near the RSA Conference, retired Marine Corps Gen. Peter Pace said the powers the US has to hack aren't to be trifled with. But, he noted, here's the rub with cyberweapons: They don't blow up on impact. Once code that targets critical infrastructure creeps onto the enemy's computer, that enemy can potentially use it too.

Also, Pace noted that cyberweapons are easy to make but very hard to defend against. "I know we cannot defend against what we can do offensively," he said.

Ein News: 

 

 

« China’s Quantum Satellite Changes Cryptography
Cybersecurity Skill Shortage Has Industry Worried »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ENVEIL

ENVEIL

ENVEIL’s technology is the first scalable commercial solution to cryptographically secure Data in Use.

Silverfort

Silverfort

Silverfort introduces the first security platform enabling adaptive authentication and identity theft prevention for sensitive user, device and resource throughout the entire organization.

Cybersecurity Advisors Network (CyAN)

Cybersecurity Advisors Network (CyAN)

CyAN provides a not-for-profit platform that helps private and public organisations as well as governments to identify trusted advisors in the area of Cyber Security and Cyber Crime.

Quorum Cyber

Quorum Cyber

Quorum Cyber offer end-to-end cyber security solutions, specialising in Managed Security Services, Consulting and Resourcing.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

Cyxtera Technologies

Cyxtera Technologies

Cyxtera offers powerful, secure IT infrastructure capabilities paired with agile, dynamic software-defined security.

Johnson Controls International

Johnson Controls International

Johnson Controls is a global diversified technology company with a focus on smart cities, energy, infrastructure and transportation including the security of automation and control systems.

ISMS.online

ISMS.online

ISMS.online is a cloud software solution for fast & cost-effective implementation of an information security management system and achieve compliance with ISO 27001 and other standards.

Fudo Security

Fudo Security

Fudo Security is a leading provider of privileged access management and privileged session monitoring solutions.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

HackersEra

HackersEra

HackersEra is a leading offensive cybersecurity service provider. We enable our clients to operate in a more secure environment efficiently and produce more value.

iNovex

iNovex

iNovex is a community of innovators that work together to solve hard problems. We partner with you to meet problems head-on and push boundaries with technology solutions.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

SureCloud Cyber Services

SureCloud Cyber Services

Our Cyber Testing capability has been honed since we were founded in 2006 as a disrupter in the penetration testing market.

Twilio

Twilio

Twilio are the customer layer for the internet, powering the most engaging interactions companies build for their customers. We provide simple tools that solve hard problems.

Cyber Security Unity (CSU)

Cyber Security Unity (CSU)

Cyber Security Unity (formerly the UK Cyber Security Association) is a new global community which has been set up to help unite the industry and combat the growing cyber threat.