Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars
AFCEA logo
 

Networks

Cyber Investigators Analyze South Korea Malware

March 25, 2013

The malware that infiltrated computer systems across South Korea’s banking and television broadcast industries on March 20 shares similarities with the Shamoon program used last year to wipe clean the hard drives of 30,000 Saudi Aramco workstations, according to experts at General Dynamics Fidelis Cybersecurity Solutions. Investigators at the company’s newly-opened cyber forensics laboratory in Columbia, Maryland, say the malware is not a Shamoon variant, but that the two programs share some characteristics.

Company officials acknowledge the speculation that North Korea launched the attacks but did not comment on the program’s origin. It is not unusual, they say, for a criminal group or nation to use malware that deliberately mimics attacks used by others. Doing so, of course, casts suspicion elsewhere, helping to mask the malware’s true origins. “A number of commercial firms were hit with a somewhat similar attack. It was not Shamoon. But the techniques were somewhat similar,” says Jim Jaeger, the company’s vice president of cybersecurity services.

Cyber lab personnel identified the South Korea malware as “239ed75323.exe,” a malicious file capable of wiping data in disk drives. One of the areas it targets is the disk’s master boot record, without which a computer cannot load its operating system. The program writes a pattern to the disk that repeats the word “HASTATI.” Hastati is an apparent reference to a class of infantry in the armies of the early Roman Republic that originally fought as spearmen and later as swordsmen. The malware did not overwrite the entire disk, so some data can be recovered. The cyber lab experts posted their initial findings in a blog the day after the attacks.

 

Law Enforcement in the Cloud

March 14, 2013
By Rick Hansen

The Regional Information Sharing Systems (RISS) Program recently implemented a simplified sign-on capability that enables federal, state and local law enforcement to collaborate.

 

Cloud Industry Group Issues Mobile Computing Guidelines

March 1, 2013
By Max Cacas

When it comes to popular smartphones and tablets, security can be a many-layered and necessary endeavor

The growing use of advanced mobile devices, coupled with the increase in wireless broadband speed, is fueling demand by employees to bring their own devices to the job. This situation has opened a new set of security challenges for information technology staff, especially when it comes to the use of apps.

As the popularity and capability of mobile devices expands, standards are necessary to ensure that personal devices can function securely on enterprise networks. To address this need, the Cloud Security Alliance (CSA) organized its Mobile Working Group last year. The group recently released guidance to members on how enterprise administrators can successfully integrate smartphones and tablets into their work environment. The CSA is a not-for-profit organization of industry representatives focused on information assurance in the cloud computing industry.

Communications Labs JOIN Forces Remotely

March 1, 2013
By Robert K. Ackerman

The whole becomes greater than the sum of the parts in a networked software engineering realm.

A network built after its major move to a new base is allowing the U.S. Army Communications-Electronics Command to link diverse communications systems into an overarching network. This enables capabilities ranging from debugging software updates before they are sent to the front to a multinational exercise for validating operational activities.

When the Communications-Electronics Command (CECOM) relocated from Fort Monmouth, New Jersey, to Aberdeen Proving Ground, Maryland, under the Base Closure and Realignment program (BRAC), it used the opportunity to consolidate capabilities and build new facilities from the ground up that would allow the command to take advantage of the latest technologies. Among these facilities is the Joint On-demand Interoperability Network, or JOIN. This network connects with other laboratories and communications facilities, including some in theater, to share resources and solve problems by using all of their capabilities.

The network has existed in some form for more than two decades. Today’s JOIN community includes research, development, testing and evaluation as well as life-cycle support. JOIN serves as the nexus for these diverse elements. It provides two capabilities: services and interconnectivity as a technical hub.

John Kahler, chief of JOIN, allows that the network was established to integrate the entire command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) community and to provide a technical hub so that organizations could exploit each other’s resources as well as work in “a collaborative, common operating environment.” Participants can conduct research, development, testing and engineering along with life-cycle support.

Cyber and Physical Protection are Intrinsically Linked

February 28, 2013
By George I. Seffers

The recently signed executive order on cybersecurity and the presidential directive on critical infrastructure protection are not separate documents. In fact, they are part of the same overall effort to protect the nation, said Rand Beers, undersecretary for the National Protection and Programs Directorate, U.S. Department of Homeland Security. Beers discussed the effort on Thursday at the AFCEA Homeland Security Conference in Washington, D.C.

The two documents are “part and parcel of a whole of government and whole of society concept. The executive order is focused on cybersecurity, but the presidential policy directive takes the cybersecurity element and places it within the broader context of critical infrastructure protection in the sense that cyber and physical critical infrastructure are linked to one another,” Beers said. He added that a cyber attack that shuts down the electric grid could shut off access to water and to communications, which could affect the economy. “I’m not here to suggest cyber Armageddon is about to happen, but we have enough of a warning to understand that concerns about cybersecurity are not being overhyped.”

Beers revealed that the government is working to identify critical cyber nodes within the country, just as it has inventoried physical facilities that make up the nation’s critical infrastructure.

He added that the administration would still like Congress to pass cyber legislation. “We would still very much prefer legislation. We need to incentivize the private sector to take on the needed best practices,” Beers said. He suggested that legislation should include a safe harbor element providing liability protection to those in the private sector who adopt best practices but still suffer outages during a catastrophic event.

9/11 Attack Offers Lessons Learned for Broadband Interoperability

February 27, 2013
By George I. Seffers

The First Responder Network Authority (FirstNet), which is responsible for deploying the Nationwide Public Safety Network, could learn lessons from the September 11, 2001, attack on the Pentagon, during which emergency responders experienced almost no interoperability problems, according to emergency management panelists at the AFCEA Homeland Security Conference in Washington, D.C.

Rear Adm. Jamie Barnett, USNR (Ret.) mentioned FirstNet and its efforts to develop an interoperable broadband network for emergency management. “The promise of broadband is that we have the opportunity to invest in an interoperable system from inception,” he said, adding that the architecture is still not determined and interoperability is not a foregone conclusion.

He cited the response to the attack on the Pentagon as an example of interoperability that works. Adm. Barnett reminded the audience that the Pentagon roof, which was very old and insulated with a material made of horse hair, burned for three months following the attack. “Among the 13 agencies that responded, they had only one group that had trouble communicating.”

He added that the level of interoperability was achieved largely through close working relationships among the emergency responders. Those relationships were developed in the years prior to the attack.

“We can do the same thing on a public safety broadband network. We just have to make sure that the ultimate goal is that you end up with an interoperable network. Everything we have seen broadband bring to us—the various applications you have on your phone—can be available for public safety. And we really haven’t imagined it all,” he said. “It’s important to have the collaboration that the right kinds of communications systems enable. But if you don’t have the relationships that foster trust, it won’t matter what kind of electronics you have.”

National Fusion Centers Play Critical Role in Homeland Security

February 27, 2013
George I. Seffers

The National Network of Fusion Centers, developed in the aftermath of the September 11, 2001, attacks, are a vital part of the nation’s homeland security efforts, according to experts on the Intelligence and Information Sharing Panel at AFCEA’s Homeland Security Conference in Washington, D.C.

The fusion centers serve as the primary focal point for the receipt, gathering and sharing of threat-related information among federal, state, local, tribal and territorial partners. Although largely funded through federal homeland security grants, the centers are owned and operated by local entities.

Panelists described an environment where the need for fusion centers was identified and building began with little guidance. “We have seen tremendous progress made,” said Christian Beckner, former staff member on the Senate Homeland Security Committee. “Now, we have a broad national network playing a critical role in making the country safer.”

Scott McAllister, deputy undersecretary of intelligence and analysis for State and Local Program Office, Department of Homeland Security, pointed out that prior to the 9/11 attacks, local had no role in combating terrorism. Now, however, several thousand security clearances are issued at the local level.

Beckner explained that the fusion centers sometimes pass information up the chain to federal agencies, so information is being shared in both directions. Additionally, local and state experts can analyze and process information from a different point of view than federal employees, helping to fill intelligence gaps.

Chinese and Iranian Cyberthreat Growing

February 27, 2013
By George I. Seffers

Gen. Michael Hayden, USAF (Ret.), former director of the CIA, indicated an astounding extent of Chinese cyber espionage and said he believes the Iranians are attacking U.S. banks with unsophisticated but pervasive cyber attacks.

Regarding the Chinese, Gen. Hayden said he believes the government solution to cyber espionage should be economic rather than cyber. “We have cyber espionage coming at us, and they’re bleeding us white. The reason the Chinese are doing this is economic. I think the government response should be economic. We can punish China in the economic sphere,” Gen. Hayden told the audience at the AFCEA Homeland Security Conference in Washington, D.C., on Wednesday.

He added that some believe we cannot punish China economically because the Chinese own too much U.S. debt. Gen. Hayden indicated he disagrees.

The general also said the U.S. engages in cyber thievery as well, but he indicated that it is more for security reasons than economic reasons. “We steal other people’s stuff, too. And we’re better at it. We’re number one. But we self-limit—we and a small number of other countries around the world, all of whom speak English,” Gen. Hayden said.

Regarding the Iranians, Gen. Hayden said the number of attacks on the U.S. banking industry has ballooned. “My sense is that we’ve seen a real surge in Iranian cyber attacks. The Iranians have committed distributed denial of service attacks against American banks. I’ve talked to folks in the game here, and they’ve reported to me there’s nothing sophisticated about the attacks, but they say they’ve never seen them on this scale,” Gen. Hayden revealed.

Cyber and Physical Protection Go Together

February 26, 2013
By George I. Seffers

Homeland Security Conference 2013 Show Daily, Day 1

All too often, cyber and physical protection are considered separately, when really they go hand-in-hand, according to experts speaking at the first day of the AFCEA Homeland Security Conference in Washington, D.C., February 26, 2013. The conference opened with a half-day of conversation about hackers, terrorists and natural disasters and addressed concerns involving both physical infrastructure and the cyber environment for all kinds of attacks, be they physical, virtual or even natural in origin.

Richard Puckett, chief security architect for GE, drove home the point that physical infrastructure, such as power plants, have a cyber component. “People want to be able to walk around a power plant with an iPad. They want to attach remotely to these systems, because it is an incredibly powerful and attractive tool. It’s very visceral to them,” he said. “What we’re concerned about as we see those increased patterns of connectedness is how to protect that.”

Puckett emphasized that the relationship between cybersecurity and physical infrastructure was a focus of government and military, noting that the term "cyber" means a lot of different things to different people and for the private sector was more connotative of personal and financial cybersecurity.

Paige Atkins, vice president of cyber and information technology research, Virginia Tech Applied Research Corporation, said that part of the problem is that cyber is a sometimes difficult concept. “Cyber is a little harder for us to understand and grasp because it is not as graphic," she said. "In my personal experience, the cyber-physical area is underappreciated and not fully understood.”

NIST Seeks Industry Information for Cybersecurity Framework

February 26, 2013
By George I. Seffers

The National Institute of Standards and Technology (NIST) released a request for information on Tuesday, February 26, for the cybersecurity framework demanded by the recent White House executive order.

Speaking on the cybersecurity panel at the AFCEA Homeland Security Conference in Washington, D.C., on Tuesday, Jeff Voas, a NIST computer scientist, said he received his first briefing on the executive order about a week ago and NIST already has begun putting together working groups. The request for information process should be concluded in about 45 days. “We’re only a week or two into this,” Voas said.

The panel included Darren Ash, deputy executive director for corporate management and chief information officer for the U.S. Nuclear Regulatory Commission, which regulates the civilian use of nuclear power. Ash said that most nuclear power plants in this country were built decades ago in an analog environment, whereas more recent applications to build nuclear facilities are grounded in a digital environment.

“We know that cyber is important. What we expected and required of these licensees was to establish their plans on how to address cyber,” Ash said. “What’s important is what we do with it.” Recent nuclear license requirements have been accepted, he reported, and just this fiscal year, the commission has begun to inspect the cybersecurity capabilities to ensure they are meeting the requirements.

Richard Puckett, chief security architect for GE, argued that the term “cyber” is too vague, meaning different things to different sectors. To private sector clients, for example, cyber refers to protection of credit card numbers and other personal information, whereas government and military customers are more concerned with the cyber activities of other nation states and the protection of critical infrastructure.

Pages

Subscribe to RSS - Networks