• Napolitano asserts DHS cybersecurity leadership

    Cybersecurity should be led by DHS and not left to the market or the military, DHS secretary Janet Napolitano said; this year, DHS has expanded partnerships with private industry and worked to build up liaisons with private sector industries it deems to be “critical”; DHS has also improved its partnerships with military and military intelligence this year; in October, DHS and the Department of Defense signed a cybersecurity pact to improve collaboration between the agencies and boost DHS’s encryption and decryption capabilities by co-mingling National Security Agency (NSA) cryptologic analysts and DHS cybersecurity leadership in a move that signaled progress in a sometimes uneasy relationship with the military

  • Stuxnet virus set back Iran's nuclear weapons program by two years: Langner

    Ralph Langner, top German computer security expert and the leading authority on Stuxnet, says Stuxnet was as effective in disrupting Iran’s nuclear weapons program as a direct military strike — but without any fatalities; the malware has set back the Iranian program by two years; expert says the Israeli military was the likely creator of the virus

  • WikiLeaks exposes tensions between "need to know" and "need to share"

    The WikiLeaks posting of stolen classified information has highlighted the tension between the strategy of “share to win” and the necessity to enforce “need to know”; share to win refers to the idea of getting information and intelligence out to the personnel who need it; need to know is about how information is shared, who has the information, for what purposes and for what period of time

  • Experts: Stuxnet worm wreaks havoc at Iran's nuclear sites

    Iran’s nuclear program is still in chaos as a result of the Stuxnet attack; the American and European experts say their security Web sites, which deal with the computer worm known as Stuxnet, continue to be swamped with traffic from Tehran and other places in the Islamic Republic, an indication that the worm continues to infect the computers at Iran’s two nuclear sites; Stuxnet was designed to take over the control systems and evade detection, and it apparently was very successful; last week President Mahmoud Ahmadinejad, after months of denials, admitted that the worm had penetrated Iran’s nuclear sites, but he said it was detected and controlled; the second part of that claim, experts say, does not ring true

  • DHS slowly moving government's Internet traffic to secure networks

    It will take several more years for the U.S. government fully to install high-tech systems to block computer intrusions, a drawn-out timeline that enables criminals to become more adept at stealing sensitive data, experts say; DHS is responsible for securing government systems other than military sites, and the department is slowly moving all the government’s Internet and e-mail traffic into secure networks — known as Einstein 2 and Einstein 3 — which eventually will be guarded by intrusion detection and prevention programs

  • China directed Google hacking: leaked U.S. documents

    Secret documents appearing on WikiLeaks include one in which the U.S. embassy in Beijing cited “a Chinese contact” who pointed to a Chinese government role in the hacking campaign into computers of Google and Western governments

  • IAEA: Iran forced to stop enrichment on 16 November

    The UN International Atomic Energy Agency (IAEA) reported Tuesday that Iran’s uranium enrichment program had shut down a week ago; the stoppage of the enrichment program coincides with the release of detailed expert studies of the Stuxnet virus; the conclusion of the cyber experts is that Stuxnet was aimed not at Iran’s Bushehr nuclear reactor, as initially thought, but rather at destroying Iran’s centrifuge farms; the sustained cyber attacks has already reduced the number of operating centrifuges from 4,920 in May 2009 to 3,772 in September 2010; it appears that the covert campaign Israel and the United States has been conducting against Iran’s nuclear weapons program — a campaign which includes the assassination of Iranian scientists and engineers, blowing up of machinery and supplies, attacks on Revolutionary Guard facilities, and seizing of technology shipments to Iran — is beginning to take its toll

  • Symantec: Stuxnet targeted Iran's uranium enrichment program

    Symantec says Stuxnet worm aimed to disrupt electrical motor controls, like those used by gas centrifuges to enrich uranium; Stuxnet, considered by many security researchers to be the most sophisticated malware ever, targeted Windows PCs that managed large-scale industrial-control systems in manufacturing and utility companies

  • Cybersecurity bill not likely to pass this year

    In an effort to give the president the power to combat any pending or existing cyber threat that could threaten critical infrastructure around the country, some lawmakers are looking to pass a new legislation that would give the president power to shut down some sections of the Internet during an attack or under the threat of an attack; the bill is not likely to pass in the Congress

  • U.K. security firms say GCHQ's cyberattack warning overwrought

    U.K. cybersecurity industry insiders say last week’s warnings by Britain’s cybersecurity chief about the cyber threat the U.K. was facing may have over-hyped threats — and may have been related more to the run-up to the U.K. government’s comprehensive spending review announcement than to new threat information

  • Chertoff calls for cyber-deterrence doctrine

    More than 100 countries now have cyber-espionage and cyber-attack capabilities; both kinds of attack used the same tools and might be used to mount anything from a garden variety cyber-espionage attack resulting in the corruption of financial data to something that might result in loss of life, such as a possible attack against air-traffic control systems; governments should formulate a doctrine to stave off cyberattacks similar to the cold war-era principle of nuclear deterrence, according to former DHS secretary Michael Chertoff.; “Everyone needs to understand to rules of the game”

  • Experts: Stuxnet "a game changer"

    EU cybersecurity agency warns that the Stuxnet malware is a game changer for critical information infrastructure protection; PLC controllers of SCADA systems infected with the worm might be programmed to establish destructive over/under pressure conditions by running pumps at different frequencies; Dr. Udo Helmbrecht, chief of EU’s cybersecurity agency: “Stuxnet is a new class and dimension of malware—- The fact that perpetrators activated such an attack tool, can be considered as the ‘first strike’ against major industrial resources. This has tremendous effect on how to protect national [cyber and critical infrastructure] in the future’

  • Skullduggery on a massive scale

    Stuxnet, the malware which attacked more than 30,000 computers used in industrial control systems in Iran, including that country’s nuclear weapons facilities, represents a new class and dimension of malware; it can reach into the physical world, allowing attackers to run motors so fast they burn out, to turn off alarms and safety cut-offs, open effluent valves and activate pumps — in the words of Paul Marks, it allows attackers to “carry out industrial sabotage and skullduggery on a massive scale”

  • Iran: Stuxnet infected industrial computers cleaned

    Iran claims that Stuxnet, the sophisticated virus which has infected more than 30,000 computers used in industrial control systems in Iran, has been removed; Iranian officials also denied that the Bushehr nuclear reactor was among the addresses penetrated by the worm

  • Impact of cyberattack on U.S. could be "an order of magnitude surpassing" 9/11

    Former director of national intelligence and director of the National Security Agency Mike McConnell and Bush administration Homeland Security Adviser Fran Townsend say the United States is unprepared for a cyberattack and must overhaul its defenses; they said a large-scale cyberattack against the United States could impact the global economy “an order of magnitude surpassing” the attacks of 9/11; McConnell: “The warnings are over; it could happen tomorrow”