As I write this there is evidence that the Russian’s are once again attacking another country through massive denial of service attacks. For a recap with analysis you will not see elsewhere see The Kyrgyzstan Cyber Attack That No One Is Talking About . This is not the first time that a major nation state has been accused of launching attacks like this. Russia has been implicated as responsible for two other large scale attacks (Estonia and Georgia). In other investigations China has been implicated of sponsoring/supporting attacks designed to extract information. These are very serious high end attacks that are hard to mitigate, but organized crime is also becoming increasingly capable, investing large amounts in R&D to allow their continued ability to sap resources through cyber theft. In a recent example a payment processing company called Heartland Security Systems admitted its security system had been breached and millions of credit and debit card numbers were extracted. I’ve previously written about the government’s response and many of us have been strongly supportive of the efforts and activities of Melissa Hathaway and th…
As I write this there is evidence that the Russian’s are once again
attacking another country through massive denial of service attacks.
For a recap with analysis you will not see elsewhere see The Kyrgyzstan Cyber Attack That No One Is Talking About .
This is not the first time that a major nation state has been accused
of launching attacks like this. Russia has been implicated as responsible for two other large scale attacks (Estonia and Georgia). In other
investigations China has been implicated of sponsoring/supporting
attacks designed to extract information. These are very serious high
end attacks that are hard to mitigate, but organized crime is also
becoming increasingly capable, investing large amounts in R&D to
allow their continued ability to sap resources through cyber theft.
In a recent example a payment processing company called Heartland
Security Systems admitted its security system had been breached and
millions of credit and debit card numbers were extracted.
I’ve previously written about the government’s response and many of us
have been strongly supportive of the efforts and activities of Melissa
Hathaway and the team of coordinators she assembled in government.
Her approach has been viewed as very positive by all credible
observers and it is good to know she will be continuing to work to make
our nation safe in this area.
It was also good to see the approach of the Obama team posted on the
Whitehouse.gov site. In a homeland security policy statement six key
goals were articulated. They are copied below:
-
Strengthen Federal Leadership on Cyber Security:
Declare the cyber infrastructure a strategic asset and establish the
position of national cyber advisor who will report directly to the
president and will be responsible for coordinating federal agency
efforts and development of national cyber policy. -
Initiate a Safe Computing R&D Effort and Harden our Nation’s Cyber Infrastructure:
Support an initiative to develop next-generation secure computers and
networking for national security applications. Work with industry and
academia to develop and deploy a new generation of secure hardware and
software for our critical cyber infrastructure. -
Protect the IT Infrastructure That Keeps America’s Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience.
-
Prevent Corporate Cyber-Espionage:
Work with industry to develop the systems necessary to protect our
nation’s trade secrets and our research and development. Innovations in
software, engineering, pharmaceuticals and other fields are being
stolen online from U.S. businesses at an alarming rate. -
Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit:
Shut down the mechanisms used to transmit criminal profits by shutting
down untraceable Internet payment schemes. Initiate a grant and
training program to provide federal, state, and local law enforcement
agencies the tools they need to detect and prosecute cyber crime. -
Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches:
Partner with industry and our citizens to secure personal data stored
on government and private systems. Institute a common standard for
securing such data across industries and protect the rights of
individuals in the information age.
Protect Our Information Networks
Barack Obama and Joe
Biden — working with private industry, the research community and our
citizens — will lead an effort to build a trustworthy and accountable
cyber infrastructure that is resilient, protects America’s competitive
advantage, and advances our national and homeland security. They will:
Another goal was in the Defense portion of the Whitehouse.gov site which called for DoD to lead in operational defense. It reads:
- Protect the U.S in Cyberspace: The Obama-Biden
Administration cooperate with our allies and the private sector to
identify and protect against emerging cyber-threats.
My assessment of these seven goals: This is too important for us to kibitz on at all. Now is the time for us to all form up on these goals and execute. Collectively we have to move faster in all these areas if we are to lesson the impact of the thinking/changing/technologically advanced adversaries that face us. I only add that we should keep bold visions in mind. I really believe that security and functionality of IT are totally connected and should always be considered in the same breath. And both can be dramatically improved, this is not a zero sum game where functionality is compromised by security. I believe our goal should be, as I’ve stated before, that the security and functionality of the federal enterprise will be improved by two orders of magnitude over the next 24 months. And I believe the cyber and CTO team of the new administration can deliver on that.
I also believe that DoD will continue to have a key leadership roll in cyber, since increasingly that domain is being used by military adversaries and our own military must be able to operate with knowledge that their IT systems are safe from adversary attack.
More later.