Cyber

Homeland Security Conference 2013 Show Daily, Day 1

All too often, cyber and physical protection are considered separately, when really they go hand-in-hand, according to experts speaking at the first day of the AFCEA Homeland Security Conference in Washington, D.C., February 26, 2013. The conference opened with a half-day of conversation about hackers, terrorists and natural disasters and addressed concerns involving both physical infrastructure and the cyber environment for all kinds of attacks, be they physical, virtual or even natural in origin.

Richard Puckett, chief security architect for GE, drove home the point that physical infrastructure, such as power plants, have a cyber component. “People want to be able to walk around a power plant with an iPad. They want to attach remotely to these systems, because it is an incredibly powerful and attractive tool. It’s very visceral to them,” he said. “What we’re concerned about as we see those increased patterns of connectedness is how to protect that.”

Puckett emphasized that the relationship between cybersecurity and physical infrastructure was a focus of government and military, noting that the term "cyber" means a lot of different things to different people and for the private sector was more connotative of personal and financial cybersecurity.

Paige Atkins, vice president of cyber and information technology research, Virginia Tech Applied Research Corporation, said that part of the problem is that cyber is a sometimes difficult concept. “Cyber is a little harder for us to understand and grasp because it is not as graphic," she said. "In my personal experience, the cyber-physical area is underappreciated and not fully understood.”

One day after unveiling a long-awaited executive order concerning a wide-range of cybersecurity concerns, President Barack Obama’s top cybersecurity advisers admit that the order only goes so far in dealing with pressing Internet security needs. They say that the order is only a “down payment” and no substitute for permanent congressional legislation on the matter.

“We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and economy,” President Obama said in reference to his executive order and the urgency to act during his State of the Union address before a joint session of Congress on Tuesday night.

Michael Daniel, special assistant to the president and White House cybersecurity adviser, told reporters and congressional staffers at a Commerce Department briefing on Wednesday that the executive order, and a companion Presidential Policy Directive (PPD-21), “rest on three pillars”:

• Information sharing
• Privacy
• A framework of standards

Both documents build on numerous cybersecurity measures already in use within the government, dating back to Homeland Security Presidential Directive 7 (HSPD-7) signed during the previous Bush administration. Daniel describes the philosophy behind the most recent order as a “whole of government” approach designed to engage all agencies in a stepped-up effort to secure the nation’s digital infrastructure. In addition, Daniels says, the executive order reflects the work of “a number of other stakeholders,” primarily during last fall’s push to gain passage of comprehensive cybersecurity legislation on Capitol Hill.

A cyberspace operations facility grows with the burgeoning mission.

The U.S. Defense Department’s network operations training and education capabilities must continually evolve in the ever-shifting cyber realm. To meet that need, one of the department’s premier cyber ranges harnesses the power of simulation to support a full array of training, education, certification and military exercises for the warfighters.

The Joint Cyberspace Operations Range (JCOR) provides cyberspace operators and others the ability to train in realistic environments. The operators gain hands-on experience in protecting, defending and fighting in the networked arena without impacting real-world operational networks.

The JCOR allows users to connect disparately located cyber training systems from different services or agencies. The level of connections can vary depending on the users’ needs. “There are different ways of interfacing or integrating. We’re able to do, in many cases, both interfacing and integrating,” says Thomas May, technical project lead for the U.S. Air Force’s Simulator Training and Exercise (SIMTEX) range, which is the Air Force portion of JCOR. “If need be, we have been able to take the assets that other capabilities can provide and integrate them together so that they are actually components of our network.”

Commanders wrestling with control of cyberspace elements now have a new tool to help them secure their corner of cyberspace in an operational setting. The Adaptive Network Defense of Command and Control concept of operations enables joint force commander control of key terrain in cyberspace, based on assessments at an operational tempo. To achieve a joint force command objective, network operators concentrate cybersecurity and monitoring of command and control systems to maintain the initiative against adversarial attacks and provide enhanced situational awareness.

This approach was developed by the Joint Cyber Operations Joint Test (JCO JT), under the auspices of the director, Operational Test and Evaluation. It developed and evaluated a concept of operations and tactics, techniques and procedures (TTP) to secure command and control (C²) systems with commercially available technologies.

The JCO JT tested the effectiveness of the Adaptive Network Defense of Command and Control (AND-C²) TTP for the Virtual Secure Enclave (VSE) TTP. The VSE TTP provides methods to establish and employ a community of interest virtual private network, with anomaly detection, for protection and defense of joint task force (JTF) C² systems. The VSE TTP implements the AND-C² concept of operations by using a virtual secure enclave for C² protection.

The JCO JT employed a challenging test methodology for the VSE TTP. This methodology proved successful because of careful collaboration and deliberate planning. The JCO JT aligned testing with U.S. Pacific Command (PACOM) experimentation and a sister Joint Capability Technology Demonstration (JCTD) during a major theater exercise. Test planners closely coordinated with multiple red teams and created test conditions for quantitative analysis with statistical rigor.

West 2013 Online Show Daily, Day 3

Quote of the Day: “Make no mistake: the PLAN is focused on war at sea and sinking an opposing fleet.”—Capt. Jim Fanell, USN, deputy chief of staff for intelligence and information operations, U.S. Pacific Fleet

Two separate issues, both on the rise, have become increasing concerns for U.S. military planners. The technology-oriented world of cyber and the geopolitical challenge of a growing Chinese military are dynamic issues that will be major focus points for the U.S. defense community in the foreseeable future.

Cyber security is becoming increasingly complex because of the plethora of new information technologies and capabilities entering the force. Security planners must strike a balance between effectively protecting these new information systems and imposing constraints that would wipe out most of the gains they offer.

China, the world’s rising economic power, is evolving into a military power with a reach that extends increasingly beyond its littoral waters. The U.S. strategic rebalance to the Asia-Pacific region is likely to enmesh U.S. military forces in local issues to a greater degree, and China’s steady growth in military strength will affect how international relations evolve in that vast region.

West 2013 Online Show Daily, Day 1

Quote of the Day:“’Flat’ is the new ‘up’ in this defense budget environment.”— Robert O. Work, undersecretary of the Navy

The military services are facing potentially crippling constraints if sequestration takes place in March. Defense officials foresee the likelihood of draconian budget cuts being imposed that will cripple the force just as it is being counted on to assume new strategic missions. In most cases, the services will have to choose to sacrifice some capabilities so that others will remain part of the force. In worse-case scenarios, the U.S. military may be unable to meet its obligations when a crisis emerges.

These and other points were hammered home by speakers and panels on the first day of West 2013, the annual conference and exposition hosted by AFCEA and the U.S. Naval Institute in San Diego. While the event has the theme of “Pivot to the Pacific: What Are the Global Implications,” the first day’s discussions largely focused on the dire consequences of the fiscal cliff as well as potential solutions to avoid completely gutting the military force. Audiences generally were aware of the looming budget crisis, but many were surprised by the bluntness of the assessments offered by high-ranking Defense Department civilian and military leaders.

The purpose of the attack is purely robbery, says a cyber expert, who has shared his McAfee report with government officials.

A cyber attack that could result in the theft of millions of dollars from American banks could take place this spring, according to a report from a noted cybersecurity expert. 
“What we’re dealing with here is a digital bank robber,” according to Ryan Sherstobitoff, a threats researcher with McAfee Labs and the principal author of the report entitled, “Analyzing Project Blitzkrieg, a Credible Threat.” And the attack mastermind could take additional steps to deter attacked banks from defending themselves and hinder their ability to recover stolen funds following such an attack.

The group behind the potential attack “is a collaboration or an alliance of ‘botmasters’ run by an individual named vorVzakone with the clear intention of robbing financial institutions,” Sherstobitoff explains in a report that was issued in mid-December. The white paper is based on months of in-depth analysis of Project Blitzkrieg, as it has been dubbed by vorVzakone’s website, and tracking the online activities of vorVzakone dating back to late summer 2012. “We know from forum posts he had published on an underground Russian cyberforum that was really meant for cybercriminals,” explains Sherstobitoff.  Those posts detailed how the attack was to be coordinated around the release of a variant of the trojan malware popularly known in the hacker community as Gozi Prinimalka.