The cybersecurity community has been gripped by the recent news about the highly complex cyber espionage software called Flame that rocked computer systems across the Middle East. While still early in the investigation and analysis of Flame, it is clear this 20M piece of malicious software has moved the state-of-the-art line significantly to the right with its cyber espionage capabilities. Technical staff with the Security and Engineering Research team at Solutionary have pointed out that a portion of the code within Flame was available via open source and said that even cyber weapons developers are looking for ways to shorten their cyber weapons development cycle and reduce their research and development costs.
Many pundits are now pointing to the Flame incident and proclaiming that we are in a cyber cold war. There are those who believe the cyber cold war started well before Flame and even before the recent Stuxnet and Duqu incidents. We need to bear in mind that history has shown that there are cyber incidents that hit (five or eight years ago) sensitive government, military and intelligence systems that are not discussed in public that are equal to or even worse than the Flame incident. Those attacks are what ushered in the cyber cold war we know today. Flame is just another one of the many acts of cyber aggression that occur daily. The difference is the magnitude of public attention this one is being given. In less than 12 hours the Web news coverage of Flame doubled and total Google hits returned on Flame Malware now exceeds 1.3 million.
The blame game has begun with Israel being the first to be pointed to as being the nation behind Flame. Many believe it is only a matter of time before the United States is named as being a part of this act of cyber aggression. While Flame is at the top of the discussion list in the tech sector, it is absent from the list of top worldwide news stories. I guess no one believes that a cyberattack like this could escalate to a kinetic exchange or be considered an act of war.
Posted on May 29, 2012 at 12:54 PM0 comments
The Defense Department on May 18 released its “Annual Report to Congress: Military and Security Developments Involving the People’s Republic of China 2012.” The report specifically calls out that in 2011 China’s leaders sustained investment in military cyberspace capabilities in support of what the Peoples’ Liberation Army (PLA) refers to as its counter-intervention operations.
The report also states that the PLA’s counterspace capabilities include cyber weapons. However, of particular interest was the Cyber Espionage and Cyberwarfare Capabilities section on page 9. This is where the authors called out the theft of sensitive U.S. economic information and technology that belonged to intelligence services, private-sector companies, academic/research institutions, and even private citizens from dozens of countries. The report goes as far as to say that Chinese actors are the world’s most active and persistent perpetrators of economic espionage. The Defense Department acknowledges in the report that China’s activities represent a growing and persistent threat to U.S. economic security.
As you may recall, there were public disclosures in 2011 that there had been multiple intrusions of U.S. companies in key technology sectors that included companies that directly support U.S. defense programs. The report goes on to highlight that the PRC has openly demonstrated that one of its national security objectives is to leverage legally and illegally acquired dual-use and military-related technologies to its advantage.
The report culminates in a statement that China is likely to remain an aggressive and a capable collector of sensitive U.S. economic information and technologies, particularly in cyberspace. That should not surprise anyone.
Posted on May 24, 2012 at 9:03 AM0 comments
North Korea recently demonstrated its cyber-related capabilities by jamming the Global Positioning System (GPS) navigation systems in the area of the border between North and South Korea. This obviously is part of what North Korea referred to in its pledge to carry out “special actions” against South Korea. The attack, which lasted nearly a week, began in late April and carried into early May. The attack affected GPS capabilities in passenger vehicles, aircraft, ships and other navigation systems. Most GPS systems displayed an error message due to the hostile activities.
The effect was said to be negligible, and no accidents, injuries or deaths were reported due to the GPS disruption. However, one has to conclude that the safety of those who depend on the GPS systems had to have been put at some minimal level of risk. One intelligence source stated that it believes Russian companies have been providing fairly powerful GPS jamming equipment to the North Korean military for some time now. This is the second time GPS systems were the target of a hostile action. The previous attack occurred back in March of 2011 and lasted 10 days.
We researched GPS jamming devices shortly after the 2011 attack and found a few available online. We ordered and tested one and for under $500 and free shipping. It jammed the GPS signal for about 150 feet around the jammer. While the North Korean jamming capability was much greater, this experiment demonstrated the ease with which this could be done by anyone with some funding.
Posted on May 17, 2012 at 12:54 PM0 comments
President Barack Obama continuing with his efforts to reduce the impact of cyberattacks on our nation recently commissioned a national preparedness report. The report has been published, and the news is not good when it comes to cybersecurity.
The Federal Emergency Management Agency's National Preparedness Report was constructed to assess our country’s preparedness to respond to a wide range of crises, including cybersecurity. As many professional in the field of cybersecurity already know, this is an area that requires immediate action. In the assessment of core capabilities, cybersecurity came in dead last.
One of the key findings stated that cybersecurity and recovery-focused core capabilities are national areas for improvement. Interestingly enough, more than 60 percent of the states had identified cybersecurity as a high-priority capability. Even though cybersecurity is a high priority in more than 60 percent of the states, the average cyber capability level determined by this study was only 42 percent (an F), and 45 percent (another F) had not implemented a formal cyber risk management program. A possible contributing factor for this finding is that cyber-related grants have been minimal.
The most alarming disclosure in the report was that only 50 percent of owners and operators at high-priority facilities participating in the survey said that they report cyber incidents to external parties. The Security and Exchange Commission (SEC) recently released guidance to publicly traded companies about the required disclosure of cyber incidents. In fourth quarter 2011, the SEC issued CF Disclosure Guidance: Topic No. 2 (Guidance) related to the obligations regarding cybersecurity risks and cyber incidents for public companies. Given the SEC’s actions and many other contributing factors, many critical infrastructure providers now identify cybersecurity as a priority issue and executive management has become involved.
This is not a new threat and the vulnerability of our critical infrastructure has been known for some time now. It is mind boggling how slow this sector has moved to address the rapidly evolving threat of cyberattacks.
Posted on May 10, 2012 at 12:54 PM0 comments