Fighting The Invisible War In CyberSpace

Uploaded on 2016-03-18 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

Last December, part of the Ukraine saw its power grid suddenly go dark. No one's claimed responsibility, but the grid had been hit by an online attack that took out the system remotely. Experts agree on a likely suspect: the Russian government, which is headquartered more than 800 miles away.

It appears to be the first time a cyberattack has knocked out a power grid. The outage is just one example of the growing threat of cyberwar, a practice that's become a primary focus of governments and terrorist organizations worldwide. Underlining this point, the US has started going public with its own attacks. Last week, Department of Defense Secretary Ash Carter said that the US is hitting ISIS systems with cyberassaults.

The attacks aim "to cause them to lose confidence in their networks, to overload their networks so they can't function," Rogers said, according to multiple reports. He didn't provide details, and the Department of Defense didn't respond to a request Friday for more information.

If we didn't know it already, the Ukraine attack and Ash's remarks make it clear there are destructive skirmishes taking place in cyberspace right now, and increasingly they're spilling into people's daily lives.

Director of US Cyber Command Michael Rogers: "It's only a matter of the when, not the if, you are going to see a nation state, a group or an actor engage in destructive behavior against critical infrastructure of the United States."

Cyberattacks can be designed to damage critical infrastructure, like the strike against the power grid in the Ukraine. They can be geared toward stealing important government secrets, like the theft of federal employee records from the US Office of Personnel Management last year. And they can even be about retaliating against private companies for political reasons, like when Sony found its systems hacked just as it planned to release a film mocking North Korean leader Kim Jong Un.

Most attacks seek to fly under the radar, leaving it unclear whether the target's own systems are at fault or whether they've been hit, according to Wired reporter Kim Zetter's 2014 book "Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon."

In 2012, it took cybersecurity researchers and journalists, months to ferret out who was behind Stuxnet, malicious software found on computers running the Iranian nuclear enrichment program. Surprise: It was the US and Israel.

Michael S. Rogers, the director of US Cyber Command, which carries out cyberattacks for the military, didn't mention attacks on ISIS when he spoke at the cybersecurity-focused RSA Conference in San Francisco on Tuesday. He only brought up attacks on infrastructure once to describe the threat to the US.

"It's only a matter of the when, not the if, you are going to see a nation state, a group or an actor engage in destructive behavior against critical infrastructure of the United States," Rogers said. After the attack in the Ukraine, the White House and the Department of Homeland Security warned US utilities and infrastructure providers that a similar attack could be used against them.

Testifying before the US Senate last March, Rogers said "a purely defensive reactive strategy" isn't enough. Aside from being resource intensive, such defensive tactics could come too late to do any good. "We also need to think about how can we increase our capacity on the offensive side," he said.
But former White House counterterrorism czar Richard A. Clarke has criticized the shadowy nature of cyberwar in the US. Cyberattacks are conducted "without public debate, media discussion, serious congressional oversight, academic analysis or international dialogue," he wrote in his 2010 book "Cyber War: The Next Threat to National Security and What to Do About it."

Speaking at a luncheon near the RSA Conference, retired Marine Corps Gen. Peter Pace said the powers the US has to hack aren't to be trifled with. But, he noted, here's the rub with cyberweapons: They don't blow up on impact. Once code that targets critical infrastructure creeps onto the enemy's computer, that enemy can potentially use it too.

Also, Pace noted that cyberweapons are easy to make but very hard to defend against. "I know we cannot defend against what we can do offensively," he said.

Ein News: 

 

 

« China’s Quantum Satellite Changes Cryptography
Cybersecurity Skill Shortage Has Industry Worried »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

CyberPolicy

CyberPolicy

CyberPolicy is a cyber protection solution for small businesses. It combines three important components against cyber threats - Cyber Plan, Cybersecurity and Cyber Insurance.

Quantstamp

Quantstamp

Quantstamp are experts in Smart Contract Security Audits. We provide verification that your decentralized system works as intended.

Lumu Technologies

Lumu Technologies

Lumu is a cybersecurity company that illuminates threats and attacks affecting enterprises worldwide.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

Pixm

Pixm

Pixm’s computer vision based approach offers a truly unique and effective means to protect organizations from web-based phishing attacks.

Infuse Technology

Infuse Technology

Infuse Technology provide the highest level of cybersecurity support, implementing practical solutions to protect against cyber-attacks, from simple phishing scams to complex data security breaches.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

tru.ID

tru.ID

We’re tru.ID, and we're reimagining mobile authentication, one API at a time.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

Hetz Ventures

Hetz Ventures

Hetz Ventures is a global-facing VC investing in highly talented and ambitious Israeli founders who operate at the cutting edge of deep technology.

TetherView

TetherView

TetherView provides leading virtual desktop and email security technology to help businesses stand up and manage digital workspaces.

Inholo

Inholo

Inholo offers tools to manage the risks of synthetic realities, starting with an AI-photo detection service.

Tanzania Industrial Research and Development Organization (TIRDO)

Tanzania Industrial Research and Development Organization (TIRDO)

TIRDO is a multi-disciplinary research and development organization.

Black Bison Cyber

Black Bison Cyber

Black Bison Cyber is a premier cybersecurity firm specializing in elite, discreet, and highly personalized digital protection for high-profile individuals and executives.