Fighting The Invisible War In CyberSpace

Last December, part of the Ukraine saw its power grid suddenly go dark. No one's claimed responsibility, but the grid had been hit by an online attack that took out the system remotely. Experts agree on a likely suspect: the Russian government, which is headquartered more than 800 miles away.

It appears to be the first time a cyberattack has knocked out a power grid. The outage is just one example of the growing threat of cyberwar, a practice that's become a primary focus of governments and terrorist organizations worldwide. Underlining this point, the US has started going public with its own attacks. Last week, Department of Defense Secretary Ash Carter said that the US is hitting ISIS systems with cyberassaults.

The attacks aim "to cause them to lose confidence in their networks, to overload their networks so they can't function," Rogers said, according to multiple reports. He didn't provide details, and the Department of Defense didn't respond to a request Friday for more information.

If we didn't know it already, the Ukraine attack and Ash's remarks make it clear there are destructive skirmishes taking place in cyberspace right now, and increasingly they're spilling into people's daily lives.

Director of US Cyber Command Michael Rogers: "It's only a matter of the when, not the if, you are going to see a nation state, a group or an actor engage in destructive behavior against critical infrastructure of the United States."

Cyberattacks can be designed to damage critical infrastructure, like the strike against the power grid in the Ukraine. They can be geared toward stealing important government secrets, like the theft of federal employee records from the US Office of Personnel Management last year. And they can even be about retaliating against private companies for political reasons, like when Sony found its systems hacked just as it planned to release a film mocking North Korean leader Kim Jong Un.

Most attacks seek to fly under the radar, leaving it unclear whether the target's own systems are at fault or whether they've been hit, according to Wired reporter Kim Zetter's 2014 book "Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon."

In 2012, it took cybersecurity researchers and journalists, months to ferret out who was behind Stuxnet, malicious software found on computers running the Iranian nuclear enrichment program. Surprise: It was the US and Israel.

Michael S. Rogers, the director of US Cyber Command, which carries out cyberattacks for the military, didn't mention attacks on ISIS when he spoke at the cybersecurity-focused RSA Conference in San Francisco on Tuesday. He only brought up attacks on infrastructure once to describe the threat to the US.

"It's only a matter of the when, not the if, you are going to see a nation state, a group or an actor engage in destructive behavior against critical infrastructure of the United States," Rogers said. After the attack in the Ukraine, the White House and the Department of Homeland Security warned US utilities and infrastructure providers that a similar attack could be used against them.

Testifying before the US Senate last March, Rogers said "a purely defensive reactive strategy" isn't enough. Aside from being resource intensive, such defensive tactics could come too late to do any good. "We also need to think about how can we increase our capacity on the offensive side," he said.
But former White House counterterrorism czar Richard A. Clarke has criticized the shadowy nature of cyberwar in the US. Cyberattacks are conducted "without public debate, media discussion, serious congressional oversight, academic analysis or international dialogue," he wrote in his 2010 book "Cyber War: The Next Threat to National Security and What to Do About it."

Speaking at a luncheon near the RSA Conference, retired Marine Corps Gen. Peter Pace said the powers the US has to hack aren't to be trifled with. But, he noted, here's the rub with cyberweapons: They don't blow up on impact. Once code that targets critical infrastructure creeps onto the enemy's computer, that enemy can potentially use it too.

Also, Pace noted that cyberweapons are easy to make but very hard to defend against. "I know we cannot defend against what we can do offensively," he said.

Ein News: 

 

 

« China’s Quantum Satellite Changes Cryptography
Cybersecurity Skill Shortage Has Industry Worried »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DoD Cyber Crime Center (DC3)

DoD Cyber Crime Center (DC3)

DC3 is a US Department of Defense (DoD) center of excellence for Digital and Multimedia forensics.

Spiceworks

Spiceworks

Spiceworks provide a range of free apps for IT professionals including network inventory, network monitor, and help desk.

IdenTrust

IdenTrust

IdenTrust enables organizations to effectively manage the risks associated with identity authentication.

Advens

Advens

Advens is a company specializing in information security management. We provide Consultancy, Security Audits and Technology Solutions.

HumanFirewall

HumanFirewall

HumanFirewall makes it possible for every individual to take part in securing their organisation. With HumanFirewall, achieving security has never been easier.

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

GAVS Technologies

GAVS Technologies

GAVS is a global IT services provider with focus on AI-led Managed Services and Digital Transformation.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

Managed IT Services

Managed IT Services

Managed IT Services is a managed IT Services Company offering a diverse range of Cyber Security services and IT solutions.

Ostra Cybersecurity

Ostra Cybersecurity

As a next-generation MSSP, Ostra Cybersecurity combines best-in-class tools, proprietary technology and exceptional talent to deliver Fortune 100-level protection for businesses of all sizes.

McAfee

McAfee

McAfee is a worldwide leader in online protection. We’re focused on protecting people, not devices. Our solutions adapt to our customers’ needs and empower them to confidently experience life online.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

Space Hellas

Space Hellas

Space Hellas is a dynamic, established System Integrator and Value Added Solutions Provider, holding a leading position in the high technology arena.

All About Cookies

All About Cookies

All About Cookies is an informational website that provides tips, advice, and recommendations to help you with Online Privacy, Identity Theft Prevention, Antivirus Protection, and Digital Security.

Bearer

Bearer

Bearer helps modern teams ship trustworthy products with the help of our code security solution built for security, privacy and engineering teams.

ViCyber

ViCyber

ViCyber is an Australian based company whose mission is to simplify and strengthen cybersecurity for all businesses, irrespective of size.