Is China to Blame for Recent Cyber Attacks?

Posted on February 22, 2013 by Peter S. Vogel

Recently the NY Times admitted that it had been the victim of Cyber attacks, and then the NY Times reported that the Chinese Army may be behind the online attacks based on a report by Mandiant security firm which:

…has tied more than a hundred cyber attacks on U.S. corporations to China’s military, including several involved with critical U.S. infrastructure such as pipelines and power grids.

…collected from 147 attacks during seven years it traced back to a single group it designated “APT1,” a group Mandiant has now identified as a military unit within the 2nd bureau of China’s People’s Liberation Army General Staff Department’s 3rd Department, going by the designation “Unit 61398.”

Recently many high activity Internet sites have reported being victims of cyber attacks including: Twitter, Facebook, Apple, and Google to name a few.

Cybersecurity is critical to the US as it is the focus of a recent Executive Order from the President, and with the reports of Chinese Army actions highlights how critical it is for our government to act ASAP.
 

Tags: , ,

Cybersecurity in the Headlines Again

Posted on February 15, 2013 by Peter S. Vogel

A new Executive Order from the White House entitled “Improving Critical Infrastructure Cybersecurity” was noted in the State of the Union with these comments:

…will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy. Now, Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks.

Unfortunately there is little room for optimism since the White House’s 2009 Cyberspace Policy Review which included a thorough analysis concluding that the world’s economy is dependence on the Internet, and yet Congress has been unable to create cybersecurity laws. As a matter of fact the Senate filibuster in August 2012 abruptly ended proposed cybersecurity laws which had been passed in the House.

The Wall Street Journal reported that the EU proposed new cybersecurity rules that requires “search engines, energy providers, banks and other companies to report disruptions to government authorities.”

Cybersecurity is critical to all governments and businesses given the world’s dependence on the Internet.
 

Tags: ,

Cybersecurity Risks Debated Over New Chinese 4G Networks in the US

Posted on October 9, 2012 by Peter S. Vogel

Increased demand for higher speed 4G networks brought on by increased use of cells & tablets may lead to a new security threat from China. The New York Times reported that the US House Intelligence Committee issued its report after a yearlong investigation which concluded:

…that the Chinese businesses, Huawei Technologies and ZTE Inc., were a national security threat because of their attempts to extract sensitive information from American companies and their loyalties to the Chinese government.

Huawei and ZTE “sell telecommunications equipment needed to create and operate wireless networks, like the ones used by Verizon Wireless and AT&T. Many of the major suppliers of the equipment are based outside the United States, creating concerns here about the security of communications.”

On October 7, 2012 Steve Kroft reported about a “60 Minutes” investigation concerning Huawei:

Their overriding concern is this: that the Chinese government could exploit Huawei's presence on U.S. networks to intercept high level communications, gather intelligence, wage cyber war, and shut down or disrupt critical services in times of national emergency.

Clearly these reports should help the US government focus on establishing cybersecurity laws, and somehow get past the August 2012 Senate filibuster which blocked the creation of a cybersecurity bill.
 

Tags: ,

Should the Pentagon Defend Non-Military Networks?

Posted on August 15, 2012 by Peter S. Vogel

The Secretary of Defense is considering a proposal “that military cyber-specialists be given permission to take action outside its computer networks to defend critical U.S. computer systems.” The Washington Post reported that anonymous sources stated:

It would account for changes in technology that will give more flexibility in defending the nation from cyberattack.

Probably this military proposal is a direct result that the Senate filibuster killed a new cybersecurity bill in early August, 2012 that “…would have established optional standards for the computer systems that oversee the country’s critical infrastructure, like power grids, dams and transportation.”

Clearly the US needs cybersecurity and perhaps the Pentagon’s approach will make up for Congress’ failure to create new laws.
 

Tags: ,

Internet Politics - Senate Filibuster Blocks Cybersecurity Bill

Posted on August 3, 2012 by Peter S. Vogel

At time when cybersecurity is headline news around the world, partisan politics in the U.S. Senate got in the way of new a cybersecurity bill which was different than a bill passed in the U.S. House last April. The New York Times reported that the most vocal opponent of the new cybersecurity bill was the U.S. Chamber of Commerce who argued that the law would have been too burdensome. The report went on to describe that the bill:

…would have established optional standards for the computer systems that oversee the country’s critical infrastructure, like power grids, dams and transportation.

The Los Angeles Times headline about the story was “U.S. Chamber of Commerce leads defeat of cyber-security bill,” and reported:

Gen. Keith Alexander, head of the National Security Agency, and Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, were among those who pressed for a White House-backed cyber-security bill to regulate privately owned crucial infrastructure, such as electric utilities, chemical plants and water systems.

Perhaps it will take a major cybersecurity disaster to force the U.S. Congress to come together, like the way the U.S. Patriot Act (“Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism”) was created within one day following 9/11 in 2001.
 

Tags: , ,

China: Cyberterror or Academic Research?

Posted on March 22, 2010 by Peter S. Vogel

A Chinese graduate student’s “paper on how to attack a small U.S. power grid sub-network in a way that would cause a cascading failure of the entire U.S.” was recently reported to the US House Foreign Affairs Committee. The paper entitled “Cascade-Based Attack Vulnerability on the U.S. Power Grid” was published in Safety Science a year ago. American scientists who read the paper agreed that there was no way that the power grid could be taken down as explained in the paper. Famous last words! The US is barely managing Cybersecurity and this paper should give us all pause to consider the implications.

Google Set to Depart

China is demanding that Google obey Chinese law as it departs which seem imminent now. Since Google entered China in 2006 it has been censoring content just as “China routinely blocks Internet content, shutting off access to sites such as Facebook, YouTube and Twitter.” The dominant search engine in China, Baidu continues to be successful albeit with Chinese censorship. Time will tell about other US based Internet companies such as Microsoft and whether they will stay in China and participate in Chinese censorship.

Chinese Media Furor

A recent report about a Chinese provincial Governor’s response to a scandal led to “rare display of unity, journalists, lawyers, academics and activists posted a letter of protest on the Internet demanding the Governor’s resignation.” Li Hongzhong, the Governor of Hubei Province, was incensed that a reporter had the gall to question him about a waitress at a karaoke bar killed a government official in self-defense. The waitress was later released and the Governor got a lot of heat on the Internet. Given the economic power and population, the Internet will continue to impact China whether the Chinese government wants the Internet impact or not.

Tags: , , , ,

Cyber Czar Finally

Posted on December 22, 2009 by Peter S. Vogel

Months after declaring the importance of CyberSecurity as a national priority President Obama will name Howard Schmidt as Cyber Czar today. “Schmidt served as special adviser for cyberspace security from 2001 to 2003 and shepherded the National Strategy to Secure Cyberspace, a plan that then was largely ignored. He left that job also frustrated, colleagues said.”

Not the Rock Star that the President Was Looking For

Schmidt appears to have the right credentials. Before he joined the Bush administration he work as Chief Security Officer at Microsoft and later VP and Chief Information Security Officer at eBay.  Before the appointment Schmidt was head of the Information Security Forum (ISF) a cybersecurity research consortium. “In addition to his role leading the ISF, He's the chief executive of R&H Security Consulting and serves on the board of several security companies including PGP, Fortify, and BigFix. He's served as vice chair of the President's Critical Infrastructure Protection Board and as chief security strategist for the US CERT Partners Program under the Department of Homeland Security.”

Cyber Czar Not Part of Cabinet

Based on the May 2009 Cyberspace Policy Review Schmidt will report to both the National Security Council and National Economic Council, but will not part of the President’s Cabinet. There were many reports that no one wanted the Cyber Czar job and that’s probably because there are so many federal agencies in the mix including NSA, CIA, Justice, and DOD. It will be interesting to see how well the new Cyber Czar will succeed. Time will tell and everyone will be watching!
Tags: , , , , , ,

President Obama: "America's economic prosperity in the 21st century will depend on cybersecurity"

Posted on June 1, 2009 by Peter S. Vogel

When President Obama spoke about cybersecurity last week the Whitehouse also released a 40 page “Cyberspace Policy Review” that included a thorough analysis concluding that the world’s economy is dependence on the Internet. The Cyberspace Policy Review reinforced my Five Big Bang Theory of the Internet and is detailed in an Appendix (see chart below) which includes a reminder to the US about the October 1957 launch of Sputnik got the US started on its space race. Sputnik led President Kennedy to his 1961 promise to put a person 'on the moon by the end of the decade.’ President Kennedy’s promise directly led to funding of DARPA in 1962 that started to the Internet.

 

 

How Secure is the Internet?

Recent blogs questioning the state of Internet security and how well the US manages cybersecurity reinforce the need for an improvement in cybersecurity not only by the US, but other countries around the world. To improve cybersecurity countries around the world will have to unite, it is not possible for the US to succeed without partnerships with its allies which is stressed in the Cyberspace Policy Review. Last year there were reports that the Russian Business Network hijacked the websites of the Georgian government, and there continue to be headlines in that vein with militants and countries with political unrest.

Partnerships Required

The Cyberspace Policy Review makes the point that partnerships of all sorts are required between federal, state, and local governments, as well as private enterprise. Ironically enough the Cyberspace Policy Review points out that most of the Internet infrastructure is owned by private enterprise for commercial reasons. Accordingly if the new cybersecurity plans are to be successful surely all the players will have to work together as partners. Appointing a Cybersecurity Czar will not solve the problems identified in the Cyberspace Policy Review, rather hopefully the Cybersecurity Czar will allow the US to focus energies to help protect the Internet and its infrastructure.

Tags: , , ,