TechNet Asia-Pacific 2012 Online Show Daily: Day 2
Quote of the Day: “I’m fearless, but cyberwar scares me to death.”— Brig. Gen. Richard L. Simcock II, USMC, deputy commander, U.S. Marine Forces Pacific
The threat to cyberspace has a new face, new tactics and new goals. For the U.S. military, this could not come at a worse time with the force being realigned to provide greater emphasis on security in the Asia-Pacific region.
A new type of player has emerged among cyber malefactors, and many of the traditional adversaries are adopting new tactics that combine both hardware and software exploitation. These threats no longer are confined to customary targets, as even systems once thought sacrosanct are vulnerable to potentially devastating onslaughts.
And, U.S. and allied forces are staking their success to an even greater degree on information technologies and capabilities. Being able to cover the vast Asia-Pacific region with forward-deployed forces will depend on more diverse communication and networking technologies. Providing these capabilities will require industry to ensure security in its systems without sapping the strengths of their innovative capabilities.
Day two of TechNet Asia-Pacific 2012, being held in Honolulu, Hawaii, November 13-15, featured a discussion of many of these points throughout its day of panels. Yet it was the day’s opening speaker who set the tone with his hard assessment of the growing and morphing cyberthreat.
Marcus H. Sachs, vice president, national security policy for Verizon, rocked the breakfast audience on its heels by outlining specific new threats that are emerging across the spectrum of information technologies. At the top of his list is the supply chain, and Sachs provided specific examples of how virtually any kind of device can be suspect.
For example, he cited how a Cisco card that retails for $1,000 can be purchased from normally reliable dealers on the Internet for half that price. Further Web sleuthing can uncover prices as low as $29 for supposedly the same card, and eBay has it for even lower opening bids. An FBI investigation showed that these low-cost cards were counterfeit, and they could have provided network gateways for all types of malware. Sachs said that 10 to 12 percent of the global information technology supply chain is counterfeit, and that number is growing.
Marcus H. Sachs, vice president, national security policy for Verizon, gives the audience at TechNet Asia-Pacific 2012 a candid assessment of the worsening cyberthreat.
And that malware is riding in various types of hardware along the supply chain. Sachs related that, this year, Microsoft ordered 20 test computers from various sources in China. The recipient was clearly known to the sources that sent the computers. Of those 20, four devices arrived at Microsoft infected with unknown malware. It’s anybody’s guess whether those infections were targeted or just random events, he noted. With all the potential for mischief among the many elements that make up the information technology supply chain, any piece of hardware or software that passes through more than one country could be suspect.
While this malware threat could come from nation-states or criminals, another type of cybermarauder is rising to the fore. Hactivists who harvest information and publish it to embarrass people or organizations are becoming predominant among Internet malefactors, Sachs stated. Noting that that hack-and-leak activities are becoming the new challenge for young computer minds, Sachs also offered that denial-of-service attacks are on the wane as they lose value. New mitigation tools are working to defeat those attacks, and bot armies will be used for distributed computing rather than denial of service. “Real hackers don’t do denial of service,” he declared.
Bots remain a great threat, and their harm may extend throughout the cloud. Sachs reported that investigators in just the past two weeks discovered a situation in which stolen credit cards were used to build a botnet in a cloud. The botnet then would launch attacks from that rented cloud.
The military already is facing constant cyberattacks, but these undoubtedly will worsen if conventional war erupts. Rear Adm. Patrick Driscoll, USN, deputy commander and chief of staff, U.S. Pacific Fleet, said in a panel that the next conflict also will be a cyber conflict. Individuals on ships and other platforms must be properly prepared, as cyber is extremely important and will increase in importance over time.
Brig. Gen. Richard L. Simcock II, USMC, deputy commander, U.S. Marine Forces Pacific, offered that technology is ahead of policy, and the military still is working on defining cyberwarfare. “If you can’t define the threat, you have a lot to do,” he declared.
“I’m fearless, but cyberwar scares me to death,” the general stated.
And security is a major challenge for the new information technologies on which the military is relying to be able to carry out its Asia-Pacific mission. Mark Loepker, director, National Information Assurance Partnership, noted that security attributes are “nonfriendly” to these new capabilities, and experts need to figure out how to work security into these needed technologies. He noted that officials are working to bring in the vendor community to talk about protection profiles, which would help ensure the right degree and type of security for the new capabilities.
Among the capabilities that are key to the Asia-Pacific force are diverse means of communications and networking. Col. James Dillon, USMC, director, G-6, U.S. Marine Corps Pacific, called for industry to provide ruggedized handheld devices such as smartphones and tablets. With 22,000 Marines being forward-deployed west of the International Date Line, this rotational force will comprise small units in bandwidth-restricted environments out on the fringes of the operational realm. They need lightweight equipment that will not use much bandwidth so they can obtain their necessary information and share it with their partners, the general said.
Col. Karlton Johnson, USAF, assistant chief of staff, J-6/CIO, U.S. Forces Korea, cited a need for technologies that allow solutions between disparate enterprises. He also said that industry needs to enable immediate plug-and-play communications upon arrival in a fight. And, he would like to see translation software that works at least 90 percent of the time.
Coming up on the final day of TechNet Asia-Pacific 2012: Addresses by two of the top U.S. military leaders in the Pacific—Lt. Gen. Francis J. Wiercinski, USA, commander, U.S. Army Pacific, and Adm. Cecil D. Haney, USN, commander, U.S. Pacific Fleet—along with a panel discussion highlighting the PACOM point of view.
Also, mark your calendar for TechNet Asia-Pacific 2013, October 29-31 in Honolulu, Hawaii.