(I haven't blogged in
several months, and three in two days, not good marketing technique :) )
SANS is the most trusted
information security training organization in the world. I get a weekly newsletter
from them. This Flash (highlights below), showed up in my Inbox today.
Wow, we've all watched
it on movies, theorized about the effect on the US if we were attacked, but
hadn't thought of us already doing the attacking.
What role does our faith
play in warfare that for the most part seems "not real" but in
reality is more real than those bullets and UAVs of the past?
FLASH: The New York Times reported this morning that
President Obama (and his predecessor) ordered a sophisticated campaign of
cyberattacks against Iran's nuclear program, and has either attacked or
considered attacking networks in China, Syria, and North Korea as well.
Because the publication of this story is likely to herald substantive and
far-ranging changes in the way cybersecurity is managed in the US and in many
other countries, we have included an analysis by Gautham Nagesh.
Under normal circumstances, his thoughtful, in-depth
analyses are available only to paid subscribers to CQ Roll Call "Executive
Briefing on Technology." This is an abnormal circumstance.
There is great value in the security community understanding that the game has
changed, and what it means.
Alan
PS Another very valuable piece of cybersecurity reporting
will appear on the front page of the Washington Post on Sunday or Monday and
then be discussed on National Public Radio (the Diane Rehm show) on Monday
morning.
TOP OF THE NEWS
--President Obama Ordered Stuxnet and More Attacks on
Iran (June 1, 2012) (By Gautham Nagesh, CQ Executive Briefing on Technology)
The New York Times has a bombshell this morning: President Obama began ordering
cyberattacks on Iran within days of taking office. The story, which is a
must-read, finally confirms what many cybersecurity experts have suspected: the
Stuxnet worm, which disabled industrial equipment in Iran and Europe, was
originally designed by Israel and the U.S. to slow down Iran's nuclear enrichment
plant. The virus' escape from Iran's Natanz plant and subsequent discovery in
Germany in 2010 was a mistake that U.S. authorities blamed on Israel. Former
CIA chief Michael Hayden also acknowledged to the Times that Stuxnet is the
first major cyberattack intended to cause physical destruction (to Iranian
centrifuges). "Somebody crossed the Rubicon," he said.
The article includes a history of the classified
cyberweapons program, dubbed "Olympic Games," which began under
President Bush, and includes details of how President Obama decided that
digital attacks were preferable to a potential military conflict between Iran
and Israel. But the bottom line is that President Obama (and his predecessor)
ordered a sophisticated campaign of cyberattacks against Iran's nuclear
program, and has either attacked or considered attacking networks in China,
Syria, and North Korea as well. The Obama administration previously
acknowledged that it might respond to cyberattacks with physical force, but the
report makes it clear that even as the U.S. was making those threats, it was
perpetrating cyberattacks on the very nations it accuses of targeting its
networks.
In doing so, the White House has seemingly opened a
Pandora's box.
Administration officials have placed a greater emphasis
on cybersecurity and the threat to our nation's networks that any previous
administration, doubtless because they had first-hand knowledge of just how
much damage sophisticated cyberattacks are capable of causing. Those officials
might have also feared reprisals from nations that were targeted by Stuxnet and
other digital attacks from the U.S. The revelation also sheds some light on the
Pentagon's reluctance to outline its cyberwarfare policies in detail, since
doing so might have involved disclosing to Congress that the U.S. already was
fully engaged in online battle.
Having taken such an aggressive stance on deploying
Stuxnet, it will be very difficult for the U.S. to keep casting itself as the
innocent victim of unprovoked attacks by countries looking to steal our
economic and military secrets. Today's report makes it clear that the White
House long ago decided to embrace digital warfare, and puts the onus squarely
back on the administration to clearly explain its rules of engagement online. But
the greatest impact may be internationally, where hostile nations now have
confirmation the U.S. could be targeting their networks. If hackers in those
countries weren't already attempting to take down U.S. critical infrastructure,
they probably are now.
--Pentagon's Plan X Aims to Develop Robust Cyberwarfare
Capabilities (May 30, 2012) The Pentagon's Defense Advanced Research Projects
Agency (DARPA) is launching a five-year, US $110 million research program
dubbed Plan X.
DARPA is seeking input from private sector organizations,
universities, and computer game companies in its effort to develop improved
cyberwarfare capabilities. Goals include creating a comprehensive map of
cyberspace that is updated continuously, developing an operating system strong
enough to launch cyber attacks and withstand counterattacks, and creating
systems that allow commanders to launch speed-of-light attacks.
