Is the US Ready For Cyberwar?

Uploaded on 2016-01-26 in NEWS-Cybersecurity News, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

Richard Stiennon

A highly-regarded cybersecurity analyst has recently published a book which makes a convincing case that not only is cyberwar between major world powers inevitable, but that the US has allowed itself to fall dangerously behind in preparing for it.

Richard Stiennon, who was previously an executive with Fortinent and Gartner, offers his analysis in There Will Be Cyberwar, published by IT-Harvest Press. In an interview for this column, Stiennon described how the motivation for his book came from an analysis of the U.S. military’s move into networking or, as he characterizes it, how they “jumped onto the Internet.”

Earlier this month, reports came out that of the $3 billion allocated by the Air Force Space Command on cybersecurity, not a single cent was spent on defending software vulnerabilities in weapons systems. This funding gap led Stiennon to believe that the U.S. military “was completely unprepared to fight a cyberwar.”

The problem is that in today’s technology age, weapons platforms, which include radar, targeting and missile systems, all contain tons of software. For example, Stiennon estimates that there are 9 million lines of code in one F-35 fighter jet and another 15 million lines in support systems. And, as we all know, software can be hacked.

At current government contracting rates, the cost to fix security flaws in all of the weapons platform code could be very high. Stiennon is critical of what he terms “the archaic contract selection system,” and faults the military for being unwilling to change.
“Think about how deep you would have to go in a military organization to change their thinking,” says Stiennon.

Looming over the cyberwar preparedness debate is the dark cloud of increased nation state hacking. The Wall Street Journal published a story two days ago that Iranian hackers were able to gain control of a dam in New York State back in 2013. And, according to Stiennon, there is evidence that China has stolen data on missile systems.

During a joint appearance at the White House with President Obama in September, China’s President Xi Jinping pledged that his country would not conduct economic spying in cyberspace. When asked if he believed that China had lived up to its promise, Stiennon was quick to reply, “No, not for a minute.”

Another ominous development concerns recent reports, which indicate that malware authors are getting more sophisticated in devising new techniques to evade detection. Intel Security, the company’s MacAfee Labs division reported an unprecedented increase in new macro malware that includes fileless attacks which leave no trace on disk, making detection much more difficult.

In a separate interview for this column with Vincent Weafer, vice president of Intel Security’s McAfee Labs, he confirmed that the tools outlined in his firm’s most recent report were being adopted by nation states. “Actors are trying to find ways to get their malware on the box without leaving any footprint,” says Weaver.

According to the Intel report, the use of malware attacks on companies and the US government are becoming more successful in part because of social networking. Malware developers can find out if a particular individual recently attended an industry conference or ordered a holiday gift through FedEx simply be accessing often publicly-available information posted to sites like Facebook or Twitter. They can then craft an innocuous-looking email referencing the conference or shipment, inject the malware once opened, and then reap the cyber-spy benefits.

In a separate development, the news broke late last week that Juniper Networks found unauthorized code had been inserted into its ScreenOS software that can decrypt devices without leaving a trace of who did it. The company makes communications equipment for large enterprises, including the US government. The FBI is investigating whether foreign governments were involved.

What is not clear at this point is when and how the first cyberwar conflict will play out. Stiennon believes that the first occurrence will be in less than five years and will most likely include an engagement between world powers, such as China and Taiwan.

He also points out that the military has acknowledged the funding gaps in defending software vulnerabilities and are beginning to take steps to address them. In the meantime, the clock is ticking and recent developments just this month alone highlight the urgency of the task.

Examiner: http://exm.nr/1Jx8s47

« Islamic State Is An Existential Threat
Bitcoin Developer Says Cryptocurrency Has Failed »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

AtkinsRéalis

AtkinsRéalis

AtkinsRealis is a market-leading design, engineering and project management consultancy operating in fields ranging from infrastructure, through energy and transport to cybersecurity.

Cyberlytic

Cyberlytic

Cyberlytic applies artificial intelligence to combat the most sophisticated of web application threats, addressing the growing problem of high volumes of threat data.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

Mexis

Mexis

SecLytics

SecLytics

SecLytics is the leader in Predictive Threat Intelligence. Our SaaS-based Augur platform leverages behavioral profiling and machine learning to hunt down cyber criminals.

National Cyber Security Center (NCSC) - Hungary

National Cyber Security Center (NCSC) - Hungary

The National Cyber Security Center was established in 2015 by uniting the GovCERT-Hungary, National Electronic Information Security Authority (NEISA) and the Cyber Defence Management Authority (CDMA).

972VC

972VC

972VC was created to help entrepreneurs find potential funding for their startups. Your guide to the Israeli startup funding ecosystem.

Blaick Technologies

Blaick Technologies

Blaick is an Israeli cyber-security company which deploys proprietary Artificial Intelligence threats detection technology for early prevention of online cyber crime.

BreachLock

BreachLock

Breachlock delivers the most comprehensive Penetration Testing as a Service (PtaaS) powered by Certified Hackers and AI.

Advantex Network Solutions

Advantex Network Solutions

Advantex Network Solutions are a leading provider in Mitel, IT Solutions, Networking, and iP surveillance.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

Extreme Networks

Extreme Networks

Since 1996, Extreme has been pushing the boundaries of networking technology, driven by a vision of making it simpler and faster as well as more agile and secure.

Auriga

Auriga

Auriga create innovative software and have become a benchmark for high quality banking software including cyber security solutions to protect business critical devices.

Network Contagion Research Institute (NCRI)

Network Contagion Research Institute (NCRI)

NCRI provides pioneering technology, research, and analysis to identify and forecast cyber-social threats targeting individuals, organizations, and communities.

CNF Technologies

CNF Technologies

CNF Technologies is an award-winning cyber company providing technology-focused research and development to commercial, federal, and Department of Defense clients.

Harrison Clarke

Harrison Clarke

Harrison Clarke is a leading staffing and recruiting firm in the Cloud, Cybersecurity, Data & AI space.