cyber attacks «

From Physical Fear mongering to Cyber Fear mongering

September 14, 2011 1 Comment

United States Cyber Command “warns” about cyber Armageddon.

Ask yourself, who has the power to carry out vast cyber attacks? Right, those who control cyber space.

by Bill Gertz
Washington Times
September 14, 2011

The general in charge of U.S. cyber warfare forces said Tuesday that future computer-based combat likely will involve electronic strikes that cause widespread power outages and even physical destruction of thousand-ton machines.

Army Gen. Keith Alexander, commander of the new U.S. Cyber Command, also said that massive losses of private and public data in recent years to computer criminals and spies represent the largest theft in history.

Threats posed by cyber-attacks on computer networks and the Internet are escalating from large-scale theft of data and strikes designed to disrupt computer operations to more lethal attacks that destroy entire systems and physical equipment.

“That’s our concern about what’s coming in cyberspace — a destructive element,” Gen. Alexander, who is also the director of the National Security Agency, the electronic spying agency, said in a speech at a conference on cyber warfare.

Gen. Alexander said two cases illustrate what could happen in an attack.

The first was the August 2003 electrical power outage in the Northeast U.S. that was caused by a tree damaging two high-voltage power lines. Electrical power-grid software that controlled the distribution of electricity to millions of people improperly entered “pause” mode and shut down all power through several states.

The example highlighted the threat of sophisticated cyber warfare attackers breaking into electrical grid networks and using the access to shut down power.

“You can quickly see that there are ways now to get in and mess with [electrical] power if you have access to it,” he said.

The second example was the catastrophic destruction of a water-driven electrical generator at Russia’s Sayano-Shushenskaya dam, near the far eastern city of Cheremushki, in August 2009.

Gen. Alexander said one of the dam’s 10 650-megawatt hydroturbine generators, weighing more than 1,000 tons, was being serviced and, by mistake, was remotely restarted by a computer operator 500 miles away. The generator began spinning and rose 50 feet into the air before exploding. The flood caused by the accident killed 75 people and destroyed eight of the remaining nine turbines.

A similar deliberate attack remains a huge problem, Gen. Alexander said, saying that destruction by cyber-attacks was outranked only by nuclear bombs or other weapons of mass destruction.

In developing cyber warfare strategies, Gen. Alexander said, the U.S. will respond to computer-based attacks as it will to other attacks. The government is adopting what he termed an “active defense” strategy aimed at bolstering the readiness of computer networks to respond.

The Pentagon’s cyberstrategy announced last summer calls for treating the cyberdomain as equal to the air, land, sea and space domains and leveraging U.S. technology to improve cyberdefenses for government and the private sector.

On information theft, Gen. Alexander said the problem is so pervasive that there are two categories for major companies: firms that are aware they have been hacked and the rest who remain unaware of the problem.

“What’s been going on over the last few years in the networks … is the greatest theft that we’ve seen in history,” he said. “What we’re losing in intellectual property is astounding.”

The four-star general said estimates of the value of lost corporate and government information range as high as $1 trillion. In one recent case, a U.S. corporation that he did not identify by name lost $1 billion worth of proprietary technology that was “stolen by the adversaries.” The technology took the company more than 20 years to develop.

The problem is “on a massive scale that affects every industry and every sector of the economy and government, and it’s one that we have to get out in front of,” he said.

Recent attacks on corporate computer networks include Sony’s system that affected 7.7 million video users in April and a second incident affecting 2.5 million users in May. Google, defense contractor Booz Allen Hamilton and the security company RSA also were targets of sophisticated computer attacks.

In May 2007, computer networks in Estonia were disabled by computer operatives from neighboring Russia.

“They had to disconnect their international connections to stop these attacks after several days. It was huge and greatly impacted Estonia,” Gen. Alexander said.

Asked about conducting offensive operations, Gen. Alexander said that current cyberdefenses are “far from adequate” and that more needs to be done before adopting more offensive tools.

“In cyber, we have not solved the defensive portion,” he said. “From my perspective, there is a lot that we can do to fix that before we take offensive actions.”

Response actions to cyber-attacks need to be carefully measured to avoid escalating from a conflict in the cyber-arena to full-scale conventional warfare, he said.

One example would be to “take down ‘botnets’” — malicious computer software packages — from the Internet.

Gen. Alexander defended the U.S. government practice of not identifying major cyber threats such as those emanating from China and Russia.

Confronting foreign government complicates efforts to track cyber-activity, he said.

“Candidly, if every time we say, ‘We know you’re doing A,’ they say, ‘Oh, you can see that?’ We don’t see it anymore. We don’t see them for a while.”

The foreign governments also seek to learn information about U.S. tracking capability and, when confronted, “all they do is deny it,” he said.

Gen. Alexander warned that cyber warfare is expected to continue and that defenses need to be improved. “Whether or not we do that, it’s coming,” he said. “It’s a question of time. People say, ‘Aw that’s five years out, it’s two years out.’

“What we don’t know is how far out it is, an attack in cyberspace, and what that will be? Will it be against commercial infrastructure, government networks? Will it be against platforms? We don’t know.”

Filed under World Tagged with computer networks, cyber attacks, cyberdefenses, cyberspace, cyberwarfare, distribution of electricity, electronic spying agency, General Keith Alexander, government sponsored cyberattacks, large scale attacks, malicious government cyberattacks, national security agency, pentagon, pentagon cyberstrategy, US corporation, us cyber command

Secret Raytheon Military Contract Rolls out Internet Clamp Down

July 9, 2010 1 Comment

It would rely on a set of sensors deployed in computer networks to spy on the Internet for “attacks” on infrastructure. The irony is that the only people who have the power and technology to cause a massive attack of the scale it is being promoted, are the very same people who are clamping down on the Internet to establish censorship and control. The program’s name (Perfect Citizen) could not be more deceiving.

WSJ

The federal government is launching an expansive program dubbed “Perfect Citizen” to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.

The surveillance by the National Security Agency, the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system, these people said.

Defense contractor Raytheon Corp. recently won a classified contract for the initial phase of the surveillance effort valued at up to $100 million, said a person familiar with the project.

An NSA spokeswoman said the agency had no information to provide on the program. A Raytheon spokesman declined to comment.

Some industry and government officials familiar with the program see Perfect Citizen as an intrusion by the NSA into domestic affairs, while others say it is an important program to combat an emerging security threat that only the NSA is equipped to provide.

“The overall purpose of the [program] is our Government…feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security,” said one internal Raytheon email, the text of which was seen by The Wall Street Journal. “Perfect Citizen is Big Brother.”

Raytheon declined to comment on this email.

A U.S. military official called the program long overdue and said any intrusion into privacy is no greater than what the public already endures from traffic cameras. It’s a logical extension of the work federal agencies have done in the past to protect physical attacks on critical infrastructure that could sabotage the government or key parts of the country, the official said.

U.S. intelligence officials have grown increasingly alarmed about what they believe to be Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure. Officials are unable to describe the full scope of the problem, however, because they have had limited ability to pull together all the private data.

Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind. Many of those systems—which run everything from subway systems to air-traffic control networks—have since been linked to the Internet, making them more efficient but also exposing them to cyber attack.

The goal is to close the “big, glaring holes” in the U.S.’s understanding of the nature of the cyber threat against its infrastructure, said one industry specialist familiar with the program. “We don’t have a dedicated way to understand the problem.”

The information gathered by Perfect Citizen could also have applications beyond the critical infrastructure sector, officials said, serving as a data bank that would also help companies and agencies who call upon NSA for help with investigations of cyber attacks, as Google did when it sustained a major attack late last year.

The U.S. government has for more than a decade claimed a national-security interest in privately owned critical infrastructure that, if attacked, could cause significant damage to the government or the economy. Initially, it established relationships with utility companies so it could, for instance, request that a power company seal a manhole that provides access to a key power line for a government agency.

With the growth in concern about cyber attacks, these relationships began to extend into the electronic arena, and the only U.S. agency equipped to manage electronic assessments of critical-infrastructure vulnerabilities is the NSA, government and industry officials said.

The NSA years ago began a small-scale effort to address this problem code-named April Strawberry, the military official said. The program researched vulnerabilities in computer networks running critical infrastructure and sought ways to close security holes.

That led to initial work on Perfect Citizen, which was a piecemeal effort to forge relationships with some companies, particularly energy companies, whose infrastructure is widely used across the country.

The classified program is now being expanded with funding from the multibillion-dollar Comprehensive National Cybersecurity Initiative, which started at the end of the Bush administration and has been continued by the Obama administration, officials said. With that infusion of money, the NSA is now seeking to map out intrusions into critical infrastructure across the country.

Because the program is still in the early stages, much remains to be worked out, such as which computer control systems will be monitored and how the data will be collected. NSA would likely start with the systems that have the most important security implications if attacked, such as electric, nuclear, and air-traffic-control systems, they said.

Intelligence officials have met with utilities’ CEOs and those discussions convinced them of the gravity of the threat against U.S. infrastructure, an industry specialist said, but the CEOs concluded they needed better threat information and guidance on what to do in the event of a major cyber attack.

Some companies may agree to have the NSA put its own sensors on and others may ask for direction on what sensors to buy and come to an agreement about what data they will then share with the government, industry and government officials said.

While the government can’t force companies to work with it, it can provide incentives to urge them to cooperate, particularly if the government already buys services from that company, officials said.

Raytheon, which has built up a large cyber-security practice through acquisitions in recent years, is expected to subcontract out some of the work to smaller specialty companies, according to a person familiar with the project.

Filed under World Tagged with censorship, connectivity, control, cyber attacks, Google, government, infrastructure, intelligence, internet, Military, NSA, Perfect Citizen program, privacy, Raytheon, spying, surveillance, system, technology

Newer posts →

From Physical Fear mongering to Cyber Fear mongering

Secret Raytheon Military Contract Rolls out Internet Clamp Down

Follow us

Subscribe by E-mail

Vote on our October Poll

Archives

News Categories

Noticias en Español

Notícias em Português

Latest News

Most Popular

Recommended Reads

Agenda Terms

Copyright Information

Use of Original Content

Uso de Contenido Original

Related Links:

Togel178

Pedetogel

Sabatoto

Togel279

Togel158

Colok178

Novaslot88

Lain-Lain

Partner Links