The number and impact of recent operational and intelligence leaks has caught the attention of just about everyone in the defense community, especially the upper brass. Their concern is that these leaks will not only have a negative impact on our national security but also could cost the lives of covert operatives working on our behalf. These events and concerns have resulted in a number of investigations being launched to get to the bottom of the leaks.
As the FBI continues its investigation into the inappropriate disclosures of this sensitive information, intelligence professionals, strategists and Defense Department policy staff are working on ways to solve this complex problem. In early July, an interesting idea surfaced that has by one account gotten legs.
The strategy is quite simple, the DOD and the intelligence community will work cooperatively to design and implement an ongoing disinformation campaign to proactively blur the view of sensitive information if it is leaked. This campaign is said to be designed to distribute false information deliberately and in some cases covertly to obscure the truth.
Disinformation as it relates to espionage or military intelligence is generally defined as the deliberate spreading of false information to mislead an adversary as to one's position or course of action. Some military and intelligence agencies also refer to this as black propaganda.
These techniques are commonly used to manipulate the recipients of the information at the rational level by either discrediting actual (i.e., real) information or supporting false conclusions.
I reached out to my sources to see if I could confirm this course of action and got the following response: “Implementing a disinformation campaign? With all the contradictory reports that I see in the media I thought we had done that years ago." Of course, the leak about the design and implementation of a disinformation campaign to obscure the truth could be disinformation itself.
Posted on Jul 12, 2012 at 7:01 PM0 comments
In my Digital Conflict blog on Aug. 11, 2011, I discussed the need for continuous innovation and creativity, which should be coupled with out-of-box thinking, as fundamental requirements for intelligence collection and analysis. This is necessary of the defense community is to stay ahead of the changing cyber threat environment.
I also pointed out that the private sector is on the spot to provide the next generation of products and services needed to address the demands of the cyber environment. On June 27, the results of a survey conducted by management consulting firm KPMG of 668 business executives in the Americas, Asia Pacific, Europe, the Middle East and Africa was released. The survey participants said that China and the United States show the most promise for disruptive breakthroughs that would have global implications. By far the most interesting yet troubling portion of that study found that only 39 percent of U.S. respondents selected the United States as most promising.
Has the United States lost its creative and innovative mojo? After having multiple discussions about this since that blog posting, two schools of thought have emerged. First and foremost, creativity and innovation involves risks, and the economic slow down that began back in 2008, and has hung on ever since, has made many companies take a risk-averse position. The second thought was that the continual hacking of U.S. companies, and the resulting theft of intellectual property, significantly contributed to the low rating. We all know that most of those activities have been attributed to China.
Regardless of the cause corrective actions must be taken immediately. Our country’s economic future and our national security may damn well depend on it.
Posted on Jul 05, 2012 at 12:54 PM2 comments
Recently, information about a new cyberattack that targets schematics and blueprints became public. Some cybersecurity professionals believe that this attack was a reconnaissance mission, and the documents were badly needed intelligence to plan cyberattacks against control systems. The highly focused attack appears to have targeted AutoCAD files. AutoCAD is a popular computer-aided design software program. It supports drafting and also 2D- and 3D-design and modeling. This CAD software is commonly used within the aerospace and defense industries, and also in the energy sectors including the nuclear engineering thus increasing the concern over this attack.
Investigations into this new piece of malicious software have uncovered that the thousands of schematics and blueprints collected by the espionage malware were sent via e-mail to an inbox traced back to China. For some reason yet unknown the malicious software has a high degree of concentration in Latin America. According to the Latin American Economic Outlook 2012 report the Latin American region is expected to grow 4.1 percent economically this year.
This high growth could be one driver behind the concentration. Another consideration is the fact that industrial activities represent an important source of economic growth in that region. Current details about this attack would seemt o indicate that the broad nature of the document collection does not lend itself to the identification of a specific programmable logic controller (PLC), manufacturer of supervisory control and data acquisition (SCADA) equipment or distributed control (DC) system. We are very early in the investigation of this incident and information is quite limited. It will be interesting to see if there are cyberattacks against the systems and equipment associated with the stolen CAD files as the investigation evolves.
The most noted attack of this type is Stuxnet. Stuxnet was a sophisticated computer worm and Trojan that attacked a widely used industrial control system and it appears to have been aimed directly at the Iranian nuclear enrichment program. Cyber investigator Jeff Karr pointed out that it was the Stuxnet worm that attacks control systems that was responsible for disruption of the Indian Space Research Organization satellite INSAT 4B. When looking at who might have been responsible for this and other acts of cyber aggression, fingers are often pointed toward China and Pakistan. It is important to note that India learned from this and other cyberattacks and took defensive measures. These measure were responsible for stopping a 2010 SCADA system attack that targeted India and could have disrupted or damaged 70 rigs of the Oil and Natural Gas Corp. that operate within India.
The risk of this type of cyberattack on control systems has made it to the most senior levels in business, government, industry, homeland security and the military. Cyberattacks on PLCs, SCADA systems and DCs represent high value targets and worry government officials in many countries. To help mitigate this threat the National Institute of Standards provides guidance on establishing secure industrial control systems. In addition, a May 2012 article in Government Security News titled “The Danger of SCADA Vulnerability Exposure” points out that “government agencies, contractors and SCADA suppliers must continue to invest in defensive security measures to mitigate the risk of cyberattack.”
The vulnerability of controls systems to cyberattacks is now being addressed by industrial control and security industries. Just recently one vendor announced a SCADA firewall product – a giant step in the right direction. However, there is much more that is needed to reduce the risks of control system attacks resulting in service disruptions. The big question: Do we have enough time before a serious cyberattack is successful?
Posted on Jun 28, 2012 at 12:54 PM1 comments
One measure of concern over cybersecurity is the number of new employment positions created in support for this domain. While it is clear employment in this area is growing from time to time, I go to one of the major job boards that specialize in jobs for people with security clearances and search on a specific cyber-related job title to look at the number of positions employers are looking to fill.
I just did that again and found eight and one-quarter pages of positions available. The postings started the end of April and go through June 15. Each page contains 20 job postings so that is more than 180 open spots for just one cyber job title. Forbes just ran an article titled, “New Grad Looking for a Job? Pentagon Contractors Post Openings for Black-Hat Hackers.”
Now consider that the number of colleges and universities that have added cyber-related courses and degrees to their curriculum. There are plenty of online- and classroom-based programs covering a plethora of related subject matter. Add to that the number of continuing education and professional development programs that are being widely offered and you begin to get a picture of the current supply and demand balance in this area.
One thing seems to be all but absent. It is very rare that you come across management- and officer-level programs that are needed to support this new domain of conflict. A few military-related organizations are now offering programs at the officer level, but less are available in the private sector. Education is key to managing this risk, and it must be nearly continuous education given the pace of change we are seeing in the cyber threat environment. That is a critical shortcoming that needs to be addressed and quickly.
Posted on Jun 21, 2012 at 7:01 PM2 comments