• Pentagon mulls “byte for a byte” cyber retaliatory operations

    Much has been made of the phrase “an eye for an eye” throughout history, and it is beginning to appear that the oft-used motto will extend to the new fields of cyber warfare as well.This “approach is something our adversaries will readily understand,” one analyst writes. “If they escalate, we escalate. They know they will lose because we have far more cyber resources to draw on than they have, and we can cause real harm if they mess with us.”

  • NSA director: China and “one or two” other nations can damage U.S. critical infrastructure

    Adm. Michael Rogers, director of the National Security Agency and head of U.S. Cyber Command, told lawmakers yesterday that China and “one or two” other countries are capable of mounting cyberattacks which would paralyze the U.S electric grid and other critical infrastructure systems across the country. A cyberattacks of such scope has been discussed in the past – it was even dubbed a “cyber Pearl Harbor” – but Rogers was the first high official to confirm that such a crippling attack on the United States was not a mere speculation. Rogers said U.S. adversaries are conducting electronic “reconnaissance” on a regular basis so that they will be well-positioned to damage and disrupt the industrial control systems which run chemical facilities, nuclear power plants, water treatment facilities, dams, and much more.

  • U.S. spends about $10 billion a year to protect the nation's digital infrastructure

    U.S. intelligence agencies have designated cyberattacks as the most alarming threat to national security. The federal government is spending roughly $10 billion a year to protect the nation’s digital infrastructure, but hackers, some sponsored by nation-states, are successfully infiltrating civilian and military networks.Professionals from DHS, the Pentagon, and private contractors all work together in U.S. cyber centers to detect, prevent, respond, and mitigate incoming and existing cyberattacks. Several of the U.S. top cybersecurity labs are housed in nondescript office buildings with no government seals or signs.

  • Differences between hacking, state-sponsored cyberwarfare increasingly blurred: Experts

    Cybersecurity officials say that there is an increasing similarity between hacking attacks and full-on cyber warfare, as digital infrastructures continue to grow and play a larger role in everyday life. “It’s not a clear, bright red line,” said Mitchell Silber, the executive managing director of K2 Intelligence, “It really is more murky, the difference between where a cyber criminal hack ends and where some type of state or state-sponsored event begins.”

  • The best cyberdefense is cyber offense, some experts say

    In response to the surge in cyberattacks against the U.S. private sector, some firms are exploring “active defense” measures which they hope will send a message to hackers.Some cyber analysts say tougher defense will not deter new cyberattacks, and some sort of offensive action is needed. “I think you are morally justified for sure” in taking such actions, a former high DHS official says. “And I think the probability of being prosecuted is very low.” If a firm locates its stolen data and is capable of recovering it, “they would be crazy not to.”

  • Russian government hackers insert malware in U.S. critical infrastructure control software

    Investigators have uncovered a Trojan Horse named BlackEnergy in the software that runs much of the U.S. critical infrastructure. In a worst case scenario, the malware could shut down oil and gas pipelines, power transmission grids, water distribution and filtration systems, and wind turbines, causing an economic catastrophe. Some industry insiders learned of the intrusion last week via a DHS alert bulletin issued by the agency’s Industrial Control Systems Cyber Emergency Response Team(ICS-CERT). The BlackEnergy penetration had recently been detected by several companies. Experts say Russia has placed the malware in key U.S. systems as a threat or a deterrent to a U.S. cyberattack on Russian systems – mutual assured destruction from a cold war-era playbook.

  • New report urges policy overhaul, transparency in offensive cyber operations

    A newly released report, titled Joint Publication 3-12(R) and authored by the Joint Chiefs of Staff, has revealed that some top commanders are calling for a policy overhaul and more public transparency in offensive cyber operations, given the growing need for such operations. Some previous documents have been published on the topic, but there is no official U.S. military policy book for cyber operations.

  • A major cyberattack causing widespread harm to national security is imminent: Experts

    A new report found that more than 60 percent of the roughly 1,600 computer and Internet experts surveyed on the future of cyberattacks believe a nationwide cyberattack is imminent. They did so in response to the question: “By 2025, will a major cyberattack have caused widespread harm to a nation’s security and capacity to defend itself and its people?” The experts also warn about the risks to privacy which will accompany a growing focus on cybersecurity.

  • U.S. should emulate allies in pushing for public-private cybersecurity collaboration

    Israeli Prime Minister Benjamin Netanyahu announced last month the formation of a national cyber defense authority to defend civilian networks under the leadership of the Israel National Cyber Bureau.The “U.S. government has a lot to learn from successful examples in allied nations. With more compromise and reform, there is plenty of reason for hope,” says a cybersecurity expert, adding that “a cybersecurity partnership between government, business, and individuals built on trust is possible, and would promote more resilient networks as well as creative thinking on cybersecurity.”

  • Federally funded cybersecurity center launched

    The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence(NCCoE) initiative has awarded the first federally funded research and development center (FFRDC) contract for cybersecurity to MITRE Corp., a nonprofit established to operate FFRDCs. Cybersecurity professionals will work with stakeholders in government, the private sector, and academia to develop low cost and scalable cybersecurity solutions.

  • U.S. Cyber Command plans to recruit 6,000 cyber professionals, as U.S. mulls offensive cyber strategy

    Last Wednesday, House Intelligence Committee Chairman Mike Rogers (R- Michigan) told reporters that he would like to see the United States adopt a more offensive strategy in cyberspace, but added that the Pentagon, intelligence agencies, and law enforcement must first develop protocols for offensive cyber measures.The following day, U.S. Cyber Command (USCYBERCOM) announced plans to recruit 6,000 cyber professionals and create 133 teams across the country to support the Pentagon in defending the nation’s cyber infrastructure.

  • Training cyber security specialists for U.S. critical cyber infrastructure

    Lawrence Livermore National Laboratory is joining Bechtel BNI and Los Alamos National Laboratory to train a new class of cyber defense professionals to protect the U.S. critical digital infrastructure. The Bechtel-Lawrence Livermore-Los Alamos Cyber Career Development Program is designed to allow the national labs to recruit and rapidly develop cyber security specialists who can guide research at their respective institutions and create solutions that meet the cyber defense needs of private industry. About 80 percent of the nation’s critical digital infrastructure and assets are owned and operated by private industry.

  • Shortage of cybersecurity professionals a risk to U.S. national security

    The nationwide shortage of cybersecurity professionals — particularly for positions within the federal government — creates risks for national and homeland security, according to a new RAND study. Demand for trained cybersecurity professionals who work to protect organizations from cybercrime is high nationwide, but the shortage is particularly severe in the federal government, which does not offer salaries as high as the private sector.

  • Debating disclosures of cyber vulnerabilities

    Cybersecurity experts are debating whether the NSAand U.S. Cyber Commandshould keep cyber vulnerabilities secret, or disclose and fix them. Not disclosing and fixing cyber vulnerabilities means that, when necessary, such vulnerabilities may be used as weapons in offensive information warfare. Disclosing and fixing such vulnerabilities would diminish the effective of U.S. offensive cyber operations, but the effectiveness of an adversary’s offensive cyber operations would be similarly diminished.

  • Future cyberattacks to cause more trouble than Heartbleed

    Many of the future cyberattacks could take advantage of vulnerabilities similar to Heartbleed, a major Internet security flaw which allows attackers to gain access to encrypted passwords, credit card details, and other data on trusted Web sites including Facebook, Gmail, Instagram, and Pinterest. A new report said that hackers could soon use similar holes in computer security to shut down energy grids, disrupt public services, and steal vast amounts of private data worth billions of dollars, unless institutions take measures today to ready themselves against future Heartbleed-like threats.