U.S. Plans Attack and Defense in Cyberspace Warfare

[Richard]

Some interesting concepts here...but it sometimes makes me wonder about our openness regarding such matters.

And so it goes...

Richard's $.02

U.S. Plans Attack and Defense in Cyberspace Warfare
David Sanger, John Markoff and Thom Shanker, NYT, 27 Apr 2009

When American forces in Iraq wanted to lure members of Al Qaeda into a trap, they hacked into one of the group’s computers and altered information that drove them into American gun sights.

When President George W. Bush ordered new ways to slow Iran’s progress toward a nuclear bomb last year, he approved a plan for an experimental covert program — its results still unclear — to bore into their computers and undermine the project.

And the Pentagon has commissioned military contractors to develop a highly classified replica of the Internet of the future. The goal is to simulate what it would take for adversaries to shut down the country’s power stations, telecommunications and aviation systems, or freeze the financial markets — in an effort to build better defenses against such attacks, as well as a new generation of online weapons.

Just as the invention of the atomic bomb changed warfare and deterrence 64 years ago, a new international race has begun to develop cyberweapons and systems to protect against them.

Thousands of daily attacks on federal and private computer systems in the United States — many from China and Russia, some malicious and some testing chinks in the patchwork of American firewalls — have prompted the Obama administration to review American strategy.

President Obama is expected to propose a far larger defensive effort in coming days, including an expansion of the $17 billion, five-year program that Congress approved last year, the appointment of a White House official to coordinate the effort, and an end to a running bureaucratic battle over who is responsible for defending against cyberattacks.

But Mr. Obama is expected to say little or nothing about the nation’s offensive capabilities, on which the military and the nation’s intelligence agencies have been spending billions. In interviews over the past several months, a range of military and intelligence officials, as well as outside experts, have described a huge increase in the sophistication of American cyberwarfare capabilities.

<snip>

But Mr. Gates has concluded that the military’s cyberwarfare effort requires a sharper focus — and thus a specific command. It would build the defenses for military computers and communications systems and — the part the Pentagon is reluctant to discuss — develop and deploy cyberweapons.

In fact, that effort is already under way — it is part of what the National Cyber Range is all about. The range is a replica of the Internet of the future, and it is being built to be attacked. Competing teams of contractors — including BAE Systems, the Applied Physics Laboratory at Johns Hopkins University and Sparta Inc. — are vying to build the Pentagon a system it can use to simulate attacks. The National Security Agency already has a smaller version of a similar system, in Millersville, Md.

(cont'd)

[Go Devil]

William Gibson.

Futurist/Prophet.

[Slantwire]

Quote:

Originally Posted by Richard

President Obama is expected to propose a far larger defensive effort in coming days, including [...] the appointment of a White House official to coordinate the effort...

Oh boy! Another czar!

[Sigaba]

Source is here.

Quote:

US threatens military force against hackers
9 May 2009, 0042 hrs IST, AP


Cyber espionage and attacks from well-funded nations or terror groups are the biggest threats to the military’s computer networks, a top US officer said.

Gen Kevin Chilton, who heads US Strategic Command, said he worries that foes will learn to disable or distort battlefield communications.

Chilton said even as the Pentagon improves its network defences against hackers, he needs more people, training and resources to hone offensive cyber war capacity. At the same time, he asserted that the US would consider using military force against an enemy who attacks and disrupts the nation’s critical networks.

“Our job would be to present options. I don’t think you take anything off the table when you provide options” to the president, in the wake of an attack, whether the weapon is a missile or a computer program, he said.

Chilton’s comments shed the most light to date on the Pentagon’s ongoing debate over how to beef up its abilities to wage and defend against cyber warfare. And they came as the military is planning to set up a new cyber command at Fort Meade not far from Washington that would report to Strategic Command.

Chilton said that his biggest fear is that enemies hack into military battlefield systems, and when an American commander sends out an order that says forces should go left, it is changed to say forces should go right. While most systems are classified and walled off, he said there are often ways to cross into those networks.

The other worry is more internal. When a soldier or sailor sits down at a computer, Chilton said “it’s like he’s stepping to the guard gate at his base,” and can open the digital gate and let adversaries in.

KAL, a political cartoonist for The Economist, offers a vision of the future here.

[nmap]

Quote:

Originally Posted by Richard

Some interesting concepts here...but it sometimes makes me wonder about our openness regarding such matters.

Perhaps we should be even more open.

The knowledge mentioned in the article is available in undergraduate computer science programs. At a certain university, a junior-level course in the subject was created, and it included specific details of how to do the various attacks - and assignments to use specific network attacks were conducted on an isolated network. I don't think that anyone who wants to know the material is prevented from learning it - from both the offensive and defensive perspectives.

[7624U]

Quote:

Originally Posted by Richard

In fact, that effort is already under way — it is part of what the National Cyber Range is all about. The range is a replica of the Internet of the future, and it is being built to be attacked. Competing teams of contractors — including BAE Systems, the Applied Physics Laboratory at Johns Hopkins University and Sparta Inc. — are vying to build the Pentagon a system it can use to simulate attacks. The National Security Agency already has a smaller version of a similar system, in Millersville, Md.

And is that system called (drum roll) Skynet?

[Richard]

It's a go.

Richard's $.02

Quote:

Pentagon approves creation of cyber command
Andrew Gray, Yahoo Tech, 23 Jun 2009

The Pentagon will create a Cyber Command to oversee the U.S. military's efforts to protect its computer networks and operate in cyberspace, under an order signed by Defense Secretary Robert Gates on Tuesday.

The new headquarters, likely to be based at Fort Meade, Maryland, outside Washington, D.C., will be responsible for defending U.S. military systems but not other U.S. government or private networks, Pentagon spokesman Bryan Whitman said.

Asked if the command would be capable of offensive operations as well as protecting the Department of Defense, Whitman declined to answer directly.

"This command is going to focus on the protection and operation of DoD's networks," he said. "This command is going to do what is necessary to be able to do that."

U.S. officials have voiced growing concern in recent years about being vulnerable to attacks on the country's civilian or military networks as technology takes on an ever-increasing role, including in military operations.

President Barack Obama said last month he would name a White House-level czar to coordinate government efforts to fight cybercrime.

The United States has said many attempts to penetrate its networks appear to come from China but it has stopped short of accusing Chinese authorities of being responsible.

Whitman said the new command will consolidate existing Pentagon efforts to protect its networks and operate in cyberspace.

Those efforts currently come under the auspices of U.S. Strategic Command in Nebraska, which will also oversee the new headquarters.

The U.S. Department of Defense runs some 15,000 electronic networks and runs some 7 million computers and other information technology devices, Whitman said.

"Our defense networks are constantly probed. There are millions of scans every day," he said.

"The power to disrupt and destroy, once the sole province of nations, now also rests with small groups and individuals, from terrorist groups to organized crime to industrial spies to hacker activists, to teenage hackers," he said.

"We also know that foreign governments are trying to develop offensive cyber capabilities," he added, saying more than 100 foreign intelligence services were trying to hack into U.S. networks.

The new command should begin initial operations by this October and be fully up and running a year later.

The head of the Cyber Command would also be the director of the U.S. National Security Agency, which conducts electronic surveillance and communications interception and is also based at Fort Meade.

http://tech.yahoo.com/news/nm/200906...ntagon_cyber_1

[incarcerated]

From www.stratfor.com

South Korea: Cyberattacks Launched From 16 Countries - NIS
July 10, 2009 | 0828 GMT
South Korea’s National Intelligence Service (NIS) said July 10 that the recent cyberattacks on South Korean and U.S. government and private Web sites were launched from 16 different countries and North Korea was not among them, Yonhap reported. The attacks were traced to 86 Internet Protocol addresses in South Korea, the United States, Japan and China, among other countries. The NIS still suspects North Korea or its sympathizers are responsible for the attacks.


U.S.: Cyberattack Hits State Department For Fourth Day
July 9, 2009 | 2211 GMT
The US State Department said on July 9 that its Web site came under cyberattack for a fourth day running as it tried to prevent further attacks, Agence France-Presse reported. A State Department spokesman said there is not a high volume of attacks and he could not confirm North Korean involvement.