Digital Conflict blog


Kevin Coleman

Digital Conflict

By Kevin Coleman

View all blogs

A major milestone in US cyberspace operations

It finally happened. On Oct. 13, I went to Starbucks and was floored when I saw the weekend issue of the Wall Street Journal on the newsstand. The headline, in boldface, across the top of the front page read: U.S. Says Iran Is Behind Cyberattacks. To my knowledge this has never happened before, so it is truly a major milestone in the evolution of cyber as a national security threat. Now add to that story the recent claims that Iran was behind the recent cyberattacks on oil production, processing and transmission capabilities in the Persian Gulf.

In an Oct. 11 news conference, Defense Secretary Leon Panetta Chairman warned that the cyber threat from Iran has grown. He appeared before reporters with Chairman of the Joint Chiefs of Staff GEN Martin Dempsey. Panetta is quoted as saying that Iran has “undertaken a concerted effort to use cyberspace to its advantage.” Add to that the comments of some very senior level U.S. officials who have openly stated they believe China and Russia may be actively collaborating with the Iranian cyber forces, and through this arms-length working relationship the Iranians will gain valuable insight into U.S. cyber defense. It is almost like a real-life applied research project and would explain the acceleration of Iranian cyber capabilities seen lately.

Many believe that the risk of a devastating cyberattack on the United States has never been higher. This risk has even made it into the 2012 presidential elections. Leaked information suggests that President Barack Obama is considering an executive order that would force critical infrastructure providers (owners and operators) to meet minimum cybersecurity standards that are jointly developed. On the other side, Republican challenger Mitt Romney has stated that, within his first 100 days in office, he would order the development of a national strategy to defend and work to prevent cyberattacks against the nation. Things have definitely heated up in cyberspace.

Posted on Oct 18, 2012 at 2:46 PM0 comments


Counterfeit equipment poses continuing threat

Since my testimony and authoring a restricted report for a Congressional Commission back in 2009, I have been very concerned about the threat of malicious circuitry or code within microprocessors. In fact, several of my blog postings have addressed this threat. The year following that testimony the U.S. Navy disclosed that its investigation found that it (the Navy) had purchased 59,000 microchips that were being used in everything from missiles to transponders, which were counterfeits from China. I also covered the introduction of legislation “Combating Military Counterfeits Act of 2011” to reduce this threat.

This week the results of a year-long Congressional investigation were made public. That investigation concluded, based on available classified and unclassified information, that Chinese telecom companies Huawei and ZTE cannot be trusted to be free of influence from Beijing and could be used to undermine the security of the United States. That’s right, this could pose a national cybersecurity threat. The United States is not the only country with these concerns. Earlier this year Australia barred, on national security grounds, Huawei from participating in the $36 billion national broadband network.

The reality is that critical infrastructure providers, the defense industrial base, and our military and intelligence organizations have awakened to the threats posed by a global supply chain. Supply chain risks are many and will not go away. For years now global sourcing has been used as a tool for competitive advantage (i.e., low price provider). Times are changing and now sourcing within the country of use or a trusted partner country likely will be added as a tool for competitive advantage via national security.

Posted on Oct 11, 2012 at 12:54 PM1 comments


Cyberattacks against U.S. critical infrastructure on the rise

The headlines are abuzz with information about a series of targeted distributed denial of service (DDoS) attacks on major financial institutions within the United States. The DDoS traffic was estimated at up to 20 times the normal traffic volume of those websites. A few cybersecurity professionals have proclaimed this as the biggest of its kind to hit the United States. The targeted attacks were focused on disrupting customers’ ability to electronically access the funds in their accounts. To that end, the attacks met their goals at least partially. The websites were slowed down, and in some cases were overloaded to the point where they were unavailable due to the malicious traffic.

Multiple sources have reportedly traced the cyberattack to an entity or entities in the Middle East. There are some public reports that Izz ad-Din al-Qassam, the military wing of Hamas and others have extended their attribution to Hamas with the assistance of Iran. Sen. Joe Lieberman (I-Conn.), chairman of the Senate Homeland Security Committee, was quoted by C-SPAN's Newsmakers program as saying, "I think this was done by Iran and the Quds Force (a special unit with fairly good cyber capabilities in the Iranian Army).

There have been claims these coordinated attacks were in response to the infamous anti-Islam video that sparked protests around the world. However, most sources believe that the cyberattacks were in response to crippling sanctions against Iran and or retaliation for the Stuxnet, Duqu and Flame cyberattacks on Iran that have been attributed to the United States and Israel. If it was in retaliation for the Stuxnet, Duqu and Flame cyberattacks it would go to substantiate the claims the U.S. government has an obligation to fund (at least a portion) of critical infrastructure asset protection for those owned by the private sector.

This is a clear indicator of the current state of aggression in the cyber domain, and everyone needs to get used to seeing these types of attacks. To that point, many businesses that derive a substantial part of their revenues from online services have begun to disclose the risk posed by cyberattacks in the regulatory filings as a caveat to their projected earnings.

Posted on Oct 04, 2012 at 2:46 PM0 comments


Why we must adjust to the rapid pace of cyber threats

Much attention has been given to sharing cyber intelligence outside the military/intelligence community and providing it to government organizations -- in general -- and critical infrastructure providers in the private sector. The U.S. Cyber Command is sharing cyber threat intelligence with critical infrastructure providers and technology companies in the private sector because it is essential if we are to defend our critical systems from acts of cyber aggression.

However, mid-September events have made me realize that many organizations in the government and the private sector are operating with an outdated mindset. A process that was put in place that would delay near real-time cyber threat intelligence by up to a month. There was no sense of urgency demonstrated or concern about the delay in the discussions surrounding this new processor. For those use to operating in the fast paced cyber domain, it appeared the activity would be moving in slow motion and one cleared information operations professional called this “incredibly stupid.”

Cybersecurity practitioners in the public and private sector experience thousands of acts of cyber aggression each and every day. Using new malware release statistics from 2011 as a basis for calculation, in the past month (the delay period) there were more than 2,166,000 new strains of malware introduced into our operational environment.

Another important consideration is the cyberattack rate. A 2010 article reported that cyberattacks against Congress and other government agencies average 1.8 billion incidents a month. Now, consider that according to international intelligence executives, most cyberattacks fly under our radar and few have a real-time view of the current cyber threat situation.

Cyber intelligence and metrics (monthly cyberattacks and new strains of malware), cyber intelligence briefings, cybersecurity training and efforts to reduce these cyber threats must be near real-time to mitigate this growing risk. We are not talking about the battleground of the future – cyberattacks are the reality of today.  We must change our mental models and adapt to the rapid pace in which this threat environment forces us to operate and provide near real-time cyber intelligence and training.

Posted on Sep 27, 2012 at 2:46 PM0 comments


Defense Systems eNewsletters