Fighting The Invisible War In CyberSpace

Uploaded on 2016-03-18 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

Last December, part of the Ukraine saw its power grid suddenly go dark. No one's claimed responsibility, but the grid had been hit by an online attack that took out the system remotely. Experts agree on a likely suspect: the Russian government, which is headquartered more than 800 miles away.

It appears to be the first time a cyberattack has knocked out a power grid. The outage is just one example of the growing threat of cyberwar, a practice that's become a primary focus of governments and terrorist organizations worldwide. Underlining this point, the US has started going public with its own attacks. Last week, Department of Defense Secretary Ash Carter said that the US is hitting ISIS systems with cyberassaults.

The attacks aim "to cause them to lose confidence in their networks, to overload their networks so they can't function," Rogers said, according to multiple reports. He didn't provide details, and the Department of Defense didn't respond to a request Friday for more information.

If we didn't know it already, the Ukraine attack and Ash's remarks make it clear there are destructive skirmishes taking place in cyberspace right now, and increasingly they're spilling into people's daily lives.

Director of US Cyber Command Michael Rogers: "It's only a matter of the when, not the if, you are going to see a nation state, a group or an actor engage in destructive behavior against critical infrastructure of the United States."

Cyberattacks can be designed to damage critical infrastructure, like the strike against the power grid in the Ukraine. They can be geared toward stealing important government secrets, like the theft of federal employee records from the US Office of Personnel Management last year. And they can even be about retaliating against private companies for political reasons, like when Sony found its systems hacked just as it planned to release a film mocking North Korean leader Kim Jong Un.

Most attacks seek to fly under the radar, leaving it unclear whether the target's own systems are at fault or whether they've been hit, according to Wired reporter Kim Zetter's 2014 book "Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon."

In 2012, it took cybersecurity researchers and journalists, months to ferret out who was behind Stuxnet, malicious software found on computers running the Iranian nuclear enrichment program. Surprise: It was the US and Israel.

Michael S. Rogers, the director of US Cyber Command, which carries out cyberattacks for the military, didn't mention attacks on ISIS when he spoke at the cybersecurity-focused RSA Conference in San Francisco on Tuesday. He only brought up attacks on infrastructure once to describe the threat to the US.

"It's only a matter of the when, not the if, you are going to see a nation state, a group or an actor engage in destructive behavior against critical infrastructure of the United States," Rogers said. After the attack in the Ukraine, the White House and the Department of Homeland Security warned US utilities and infrastructure providers that a similar attack could be used against them.

Testifying before the US Senate last March, Rogers said "a purely defensive reactive strategy" isn't enough. Aside from being resource intensive, such defensive tactics could come too late to do any good. "We also need to think about how can we increase our capacity on the offensive side," he said.
But former White House counterterrorism czar Richard A. Clarke has criticized the shadowy nature of cyberwar in the US. Cyberattacks are conducted "without public debate, media discussion, serious congressional oversight, academic analysis or international dialogue," he wrote in his 2010 book "Cyber War: The Next Threat to National Security and What to Do About it."

Speaking at a luncheon near the RSA Conference, retired Marine Corps Gen. Peter Pace said the powers the US has to hack aren't to be trifled with. But, he noted, here's the rub with cyberweapons: They don't blow up on impact. Once code that targets critical infrastructure creeps onto the enemy's computer, that enemy can potentially use it too.

Also, Pace noted that cyberweapons are easy to make but very hard to defend against. "I know we cannot defend against what we can do offensively," he said.

Ein News: 

 

 

« China’s Quantum Satellite Changes Cryptography
Cybersecurity Skill Shortage Has Industry Worried »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Webroot

Webroot

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe.

DomainTools

DomainTools

DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know.

TechGuard Security

TechGuard Security

TechGuard Security was founded to address national cyber defense initiatives and US critical infrastructure security.

Bluink

Bluink

Bluink specializes in identity and access management and customer identity verification, using your smartphone as a strong authenticator and secure identity store.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

Threatspan

Threatspan

Threatspan is a cybersecurity firm helping shipping and maritime enterprises achieve and maintain nautical resilience in an age of increasing cyber threats.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

C11 Cyber Security & Digital Innovation Centre

C11 Cyber Security & Digital Innovation Centre

C11 is working with local and national partners to develop talent and bring brilliant minds and brilliant businesses together.

Cyber Talents

Cyber Talents

CyberTalents is on a mission to close the gap of cyber security professionals shortage across the globe.

ARCON

ARCON

ARCON offers a proprietary unified governance framework, which addresses risk across various technology platforms.

ABCsolutions

ABCsolutions

ABCsolutions is dedicated to assisting businesses and professionals achieve compliance with federal anti-money laundering regulations in an intelligent and pragmatic way.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Panasonic Automotive Systems

Panasonic Automotive Systems

Panasonic Automotive Systems brings together security technologies and human resources cultivated across an extensive range of businesses into the automotive field.