Showing posts with label CYBER ATTACKS. Show all posts
Showing posts with label CYBER ATTACKS. Show all posts

Saturday, March 14, 2015

NORAD COMMANDER TESTIFIES ABOUT THREATS TO U.S. HOMELAND

FROM:  U.S. DEFENSE DEPARTMENT  

Right:  Navy Adm. William E. Gortney assumed command of North American Aerospace Defense Command and U.S. Northern Command from Army Gen. Charles Jacoby Jr. in a change-of-command ceremony Dec. 5, 2014, at Peterson Air Force Base in Colorado. Air Force file photo.  

Northcom Chief Discusses Threats to Homeland
By Cheryl Pellerin
DoD News, Defense Media Activity

WASHINGTON, March 12, 2015 – The most dangerous threats to the U.S. homeland include transnational criminal networks, homegrown violent extremists and cyberattacks, Navy Adm. William E. Gortney told a Senate panel today.

The commander of U.S. Northern Command and of North American Aerospace Defense Command, or NORAD, testified before the Senate Armed Services Committee on Northcom’s fiscal year 2016 budget request.
Addressing the panel, Gortney began with his assessment of threats in defense of the homeland, from the most likely to the most dangerous.

The likeliest threat, the admiral said, is a transnational criminal network that operates by using what he calls seams between Northcom, U.S. Southern Command and U.S Pacific Command; seams between U.S. interagency partners and the combatant commands; seams between the United States and its partner nations; and seams within those countries themselves.
Closing the Seams

“In those seams,” Gortney told the panel, “people are moving drugs [and] money. As the [committee] chairman said, they're moving product for profit through those seams.”

He added, “We need to close those seams, because … if someone wants to move something that will do great damage to our nation, that is where they will come.”
About homegrown violent extremists, the admiral described an effective and sophisticated social media campaign on the part of extremists, aiming to stir up distrust and incite harm to American citizens.

On the cyber threat, Gortney said his command is responsible for defending known networks and helping lead federal agencies in the aftermath of a cyberattack.

Significant Cyber Threat

“But it's far more significant in that a cyberattack [could] directly affect critical infrastructure that I rely on to defend the nation, and that we rely on for our nation to operate. I see that as a significant threat,” he said.

For example, Gortney said, “a cyberattack in Ottawa would take out the northeast quadrant of our air defense sector. It would effectively be a mission kill. So not only would it affect my ability to do my mission, more importantly we as a nation rely on this same infrastructure to operate -- whether it's banking, rail, aviation, power or movement of water.”

He added, “All these things have critical infrastructure that we must have, and they need to be hardened against an adversary.”

International threats to the homeland include North Korea, China, Russia and Iran, the admiral told the panel.

Ballistic Missile Threat

In written testimony, Gortney said the past year has marked a notable increase in Russian military assertiveness.

“Russian heavy bombers flew more out-of-area patrols in 2014 than in any year since the Cold War. We have also witnessed improved interoperability between Russian long-range aviation and other elements of the Russian military, including air and maritime intelligence collection platforms positioned to monitor NORAD responses,” the admiral said.

Such patrols serve a training function for Russian air crews, but some are clearly intended to underscore Moscow's global reach and communicate displeasure with Western policies, especially those involving Ukraine, he added.

Russia also is progressing toward its goal of deploying long-range,
conventionally armed cruise missiles with increasing stand-off launch distances on its heavy bombers, submarines and surface combatants, Gortney said.

Defending North America

“Should these trends continue,” the admiral said, “over time NORAD will face increased risk in our ability to defend North America against Russian air, maritime and cruise-missile threats.”

Other states that may seek to put North America at risk with ballistic missiles include North Korea and Iran, he said.

“North Korea has successfully test-detonated three nuclear devices,” the admiral said, “and through its space program has demonstrated many of the technologies required for an intercontinental ballistic missile that could target the continental United States.”

North Korean military parades have showcased the new KN08 road-mobile ICBM, he said, adding that when deployed, the system will complicate the U.S. ability to provide warning and defend against an attack.
The Sequestration Effect

“Iran has likewise committed considerable resources to enhancing its ballistic missile capabilities,” Gortney said, “and has already placed another satellite into orbit this year, using a new booster that could serve as a demonstrator for ICBM technologies.”

But Gortney told the panel that the likeliest and most dangerous threat to his ability to protect the homeland is sequestration.

“That’s because of how sequestration affects the … services as they implement the sequestration effect … which leads to a hollow force,” Gortney said, adding that sequestration slows development of the U.S. technological advantage that makes it possible to outpace future threats.

Slowing Missile Defense

Sequestration also would affect missile defense, the admiral said.

The services can generate some flexibility in spending by tapping into readiness funds or delaying delivery of a capability, but the Missile Defense Agency does not have a readiness account they can go to, he explained.

The agency would have to go to new starts, Gortney said, putting on hold the long-range discrimination radar, improvements to the advance kill vehicle and a multi-object kill vehicle -- all part of the U.S. Ballistic Missile Defense System.
Holding up such work would hinder the United States’ ability to outpace the growing proliferation of ballistic missiles, he added.

The Arctic: Growing in Importance

Responding to questions about the Arctic, Gortney, who is assigned as the DoD advocate for Arctic capabilities, said he and his team are working to determine what requirements will help inform DoD operational plans on the future of the Arctic.

Gortney also will make recommendations for all of DoD, not just the services, about necessary investments there, he said.

“The Arctic requires advocacy and partnerships from within and outside the Northcom area of responsibility,” he said in written testimony, “as the region grows in importance to our national security over the next few decades.”

Friday, March 13, 2015

DEFENSE SECRETARY CARTER SAYS U.S. AND U.K. SECURITY TIES STRONG

FROM:  U.S. DEFENSE DEPARTMENT

Right:  U.S. Defense Secretary Ash Carter and British Defense Secretary Michael C. Fallon brief reporters during a joint news conference at the Pentagon, March 11, 2015. The leaders met beforehand to discuss security and other matters of mutual importance. DoD photo by Petty Officer 2nd Class Sean Hurt. 
Carter: U.S., U.K. Maintain Strong Security Ties
By Claudette Roulo
DoD News, Defense Media Activity

WASHINGTON, March 11, 2015 – The security ties between the United States and the United Kingdom are enduring and exceptional, Defense Secretary Ash Carter said today in a joint news conference with British Defense Secretary Michael C. Fallon.

For 200 years -- since the signing of the Treaty of Ghent, ending the war of 1812 -- service members from the U.S. and the U.K. have flown together, sailed together and fought together, Carter said.

“And our military collaboration in so many different areas -- from Iraq to Afghanistan -- reinforces the fact that our ‘special relationship’ is a cornerstone of both of our nations’ security,” he said.

The news conference was a first for both leaders -- it was Fallon’s first visit to the Pentagon and Carter’s first trip to the briefing room as defense secretary.
During their meeting before the news conference, the two secretaries discussed the “full scope of issues on which the United States and the United Kingdom are leading together around the world,” Carter said.

Multifaceted Partnership

The U.K. is a stalwart member of the global coalition fighting the Islamic State of Iraq and the Levant, Carter said, noting British contributions in the air and on the ground.

“As we continue to support local forces, the United States is fortunate to have our British allies by our side,” he said.

From the beginning of combat operations in Afghanistan, the U.K. was steadfast in its support, Carter said, and it continues that support as the mission evolves by providing hundreds of troops to train, advise and assist Afghan security forces.
“Their efforts will be critical to making sure that our progress there sticks,” Carter said.

In the Baltics, the U.S. and U.K. are working together to reassure their transatlantic allies and deter further Russian aggression, he said.
Support to Ukraine

“The United States has been clear from the outset of the crisis in Ukraine that we support the sovereignty and territorial integrity of Ukraine,” Carter said. “And we’ve been very clear that if Russia continues to flout the commitments it made in the September and February Minsk agreements, the costs to Russia will continue to rise -- including and especially through sanctions in coordination with our European allies and partners.”

The United States will continue to support Ukraine’s right to defend itself, he said. The White House announced today that it plans to provide Kiev with an additional $75 million in nonlethal security assistance and more than 200 Humvees, Carter noted.

“This brings U.S. security assistance to Ukraine to a total of nearly $200 million, with the new funds going towards unmanned aerial vehicles for improved surveillance, a variety of radios and other secure communications equipment, counter-mortar radars, military ambulances, first-aid kits and other medical supplies,” he said.

The additional assistance underscores the reassurance mission, Carter said, noting the impending arrival of troops and equipment from the U.S. Army’s 1st Brigade, 3rd Infantry Division to train with regional allies as part of Operation Atlantic Resolve.

“And since Russia’s aggression began last year, the United Kingdom has also stepped up militarily, contributing to NATO’s Baltic Air Policing mission and serving as a framework nation for NATO’s Very-high Readiness Joint Task Force,” he said.

NATO Endures

The NATO mission’s importance is demonstrated by alliance members’ commitment, agreed to last year in Wales, to invest two percent of their gross domestic product in defense, Carter said.

“Seventy years after we declared victory in Europe, our NATO allies -- and indeed the world -- still look to both [the U.S. and UK] as leaders,” he said. “And it’s clear that the threats and challenges we face -- whether they manifest through cyberattacks, ISIL’s foreign fighters, or Russian aircraft flying aggressively close to NATO’s airspace -- all of those will continue to demand our leadership.”

Leadership requires investment in innovation and modernized capabilities, in prudent reforms and in the forces necessary to meet national security obligations, Carter said.

“These are investments that both our nations -- and both our defense institutions -- must not only make, but embrace in the months and years to come,” he said.

Monday, November 3, 2014

NSF FUNDS SIMULATIONS TO TRAIN STUDENTS IN CYBERSECURITY

FROM:  NATIONAL SCIENCE FOUNDATION 
Cybersecurity: It's about way more than countering hackers
Growing professionals in cybersecurity means supporting an interdisciplinary approach that develops sophisticated thinkers

It's tense in the situation room. A cyber attack on the electrical grid in New York City has plunged Manhattan into darkness on a day that happens to be the coldest in the year. Concurrently, the cellular phone network has been attacked, silencing smartphones and sowing confusion and panic. A foreign power has claimed responsibility for the attacks and says more are coming. Your job is to look at geopolitical factors, intelligence feeds, military movements and clues in cyberspace to predict what may be happening next. Your goal is to make a recommendation to the President.

This scenario is thankfully not real, but it is the kind of simulation planned for students in the cybersecurity program at California State University, San Bernardino (CSUSB). With funding from the National Science Foundation's (NSF) CyberCorps®: Scholarships for Service (SFS) program, undergraduate and graduate students take an interdisciplinary approach to cybersecurity.

"We provide an environment where business students can work with engineers on drones, and students from political science can work on predictive modeling," said Principal Investigator (PI) Tony Coulson. "Our students can major in business, public administration, criminal justice, computer science, intelligence, all with cyber security as an option. We produce students who can problem-solve--people who can understand politics and finance as well as computer science."

Cybersecurity is a field that has received a lot of attention in recent years because of hacking episodes that have compromised networks, and in turn, the personal information of citizens who depend on a safe cyberspace to do such activities as banking and shopping. Following such a breach, attention is generally focused on identifying the hackers and their methods.

Among the options for students supported through San Bernardino's SFS program is being educated in cyber intelligence to deal proactively with cyber threats--to predict malicious behavior before it happens. Doing so draws not only on a background in computer and information science, but also on an understanding of human behavior and psychology and the political and economic environment. About 50 students have gone through the program, including completing internship requirements, and Coulson reports 100 percent placement with employers.

"The San Bernardino project is one of 166 active projects around the country fully or partly funded by SFS," said SFS Lead Program Director Victor Piotrowski. "Cybersecurity is a dynamic and evolving field, and the country needs talented people with the skills to protect U.S. interests around the world. Through SFS, we prepare students for high-paying careers in government, and increase the capacity of institutions to offer quality course work in this area."

A condition of students' receiving support through SFS is that they put their skills to work in a government agency for a period equal to the duration of their scholarship. Coulson says that after completing the program at CSUSB, students often have to choose from multiple offers. The program boasts having students placed in many areas of government.

"CSUSB students have a depth of skills and often pick their dream jobs," said Coulson, including a student who got a job at his first-choice agency--the National Archives.

San Bernardino is a poor community, and the good jobs available to SFS graduates can make a huge difference to them and their families. To promote their success in finding and keeping employment, the professional development offered to students goes beyond their academic work to include business etiquette, mentoring, how to succeed at an internship, and how to conduct oneself successfully in an office. The goal is to produce a graduate ready to be hired.

In addition to traditional essay-based projects, students have to complete a very hands-on final exam, requiring that they pick locks and use digital and biometric information to hack into a network. According to Coulson, they enjoy the challenge.

Along with running the SFS project, Coulson is co-PI on another NSF-supported project, CyberWatch West, funded through the Advanced Technological Education program (ATE).

"Despite Silicon Valley being on the West coast, and California having the largest population of community colleges in the country, there are very few cybersecurity programs here," said Coulson.

So CyberWatch West aims to help community colleges, K-12 schools and universities link together in 13 western states to develop faculty and students in cybersecurity. The project is a resource for faculty to identify curriculum pathways and outreach, find mentors and engage students in competitions, events and presentations.

"There's such a need in the Los Angeles and Orange County areas," said Coulson. There are something like 2,500 open positions, and we're graduating 200 kids."

Bringing together cybersecurity, law and digital forensics

Also responding to the need for a cybersecurity workforce prepared to deal with today's complex problems is an SFS project for undergraduates and graduate students at the University of Illinois, Urbana-Champaign (UIUC). The project has graduated 25 students who are already working in government (reflecting another 100 percentage placement rate), and another 20 are set to graduate next May.

Since last year, this project offers scholarships to law students as well as engineering and computer science students. According to PI Roy Campbell, few lawyers understand cybersecurity and few computer scientists understand the legal framework involved in prosecuting and preventing cyber crimes.

The first law student to be accepted in the program, Whitney Merrill, is a recent law school graduate currently practicing as an attorney while completing her master's in computer science at UIUC. She found the combination of cybersecurity and law in the UIUC program to be valuable.

"The two fields are fiercely intertwined," said Merrill. "Understanding both fields allows me to better serve and advocate for my clients. Additionally, I hope to be able to help the two communities more effectively communicate with each other to create tools and a body of law that reflects accurately an understanding of both law and technology."

Merrill found the program challenging at first.

"But my interest and love for the subject matter made the challenging workload (29 credits last semester) enjoyable," she added. "Working towards a mastery in both fields has also helped me to spot legal issues where I would not have before."

Next summer Merrill will be working as a summer intern at the Federal Trade Commission in their Division of Privacy and Identity Protection. She graduates in December 2015.

With additional NSF support, a new related program in digital forensics at UIUC has the goal of building a curriculum that will teach students about cybersecurity in the context of the law enforcement, the judicial system, and privacy laws.

"Digital forensics is not the sort of area a computer scientist can just jump into," Campbell said. "It's not just malware or outcropping of hacking techniques. It has to be done in a deliberate way to produce evidence that would be acceptable to courts and other entities."

Co-PI Masooda Bashir says digital forensics gets to the heart of the multidisciplinary nature of cybersecurity.

"If you think about the amount of digital information that is being generated, exchanged, and stored daily you begin to understand the impact that the field of Digital Forensics is going to have in the coming years, " she said. "But Digital Forensics (DF) is not only a technical discipline, but a multidisciplinary profession that draws on a range of other fields, including law and courtroom procedure, forensic science, criminal justice and psychology."

She added, " I believe it is through integration of such relevant nontechnical disciplines into the DF education we can help students develop the comprehensive understanding that they will need in order to conduct examinations and analyses whose processes and findings are not just technically sound, but legal, ethical, admissible in court, and otherwise effective in achieving the desired real-world goal."

As the new program evolves, Masooda is drawing on her background as a computer scientist/psychologist to add the psychology of cybercrime to the curriculum. She's also working on a project examining cybersecurity competitions to understand their impact on the cybersecurity workforce and also to better understand the psychological factors and motivations of cyber security specialist and hackers.

Students with an interest in cybersecurity can start planning now

The U.S. Office of Personnel Management maintains a website where students can get information of SFS and the institutions that are participating in it. Meanwhile, PIs can update their project pages and agency officials can check resumes for students with the qualifications they need.

In the evolving field of cybersecurity, individuals with technical skills and knowledge of the social and legal context for what they do will continue to be highly desirable workers

Tuesday, April 23, 2013

CHAIRMAN JOINT CHIEFS OF STAFF WANTS MORE STRATEGIC DIALOGUE WITH CHINA

FROM: U.S. DEPARTMENT OF DEFENSE

Dempsey Urges More Strategic Dialogue Between China, U.S.
By Karen Parrish
American Forces Press Service

BEIJING, April 22, 2013 - The strategic rebalance to the Asia-Pacific doesn't mean deploying high numbers of U.S. troops into the region, but it does involve more interest, more engagement and more quality in equipment and capabilities, America's senior military officer said here today.

Army Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, and Gen. Fang Fenghui, chief of the general staff for the Chinese army, spoke to reporters here during a news conference following about three hours of meetings at the Bayi Building, China's ministry of national defense.

"My theme [on this visit] is quite simple, actually -- a stable and prosperous region is in everyone's best interest," Dempsey said.

The two leaders met before the news conference during a small-group meeting for about an hour, then moved to a larger group meeting. As translators rendered Dempsey's remarks in Mandarin and Fang's in English at the news conference, the pair spoke with similar voices on topics including terrorism, North Korea, disaster relief and cyberattacks.

Responding to a reporter's question asking his stance on North Korean nuclear capability, Fang said he always has maintained that the Korean Peninsula should be free of nuclear weapons.

"We are thoroughly opposed to the nuclear test conducted by the [North Korean government]," he said. "We support the U.N. Security Council in appropriate and reasonable sanctions against North Korea."

Fang said he thinks peaceful dialogue is the most desirable approach to resolving multinational concerns about North Korea's nuclear ambitions. The last round of six-party talks aimed at the issue -- involving North and South Korea, the United States, China, Japan and Russia -- was in 2009.

"We ask all sides to work actively ... [to persuade] the North Koreans to stop the nuclear tests and to stop producing nuclear weapons," he said.

Fang also answered a question about cyberattacks in the wake of recent reports that many are launched from within China's army and said cyberattacks are a concern for all "big cyber countries."

If the Internet is not managed well, he said, "it may bring damaging consequences." He added, "If the security of the Internet cannot be guaranteed, then ... results may be as serious as a nuclear bomb."

China is a major victim of cyberattacks, he said, and the nation's leaders have no tolerance for it. Fang pointed out, however, that pinpointing the source of attacks can be very difficult, as the Internet is open to everyone and attacks can be launched from anywhere.

"General Dempsey and I have already talked about the importance of maintaining cybersecurity," he said. "I believe it is important that we check out the idea that we should jointly work on this issue."

Dempsey responded to a reporter's assertion that three obstacles inhibit U.S.-Chinese relations: U.S. arms sales to Taiwan, reconnaissance by U.S. ships and aircraft, and "the discriminatory laws against China." The reporter asked what the United States can do to improve the relationship.

"We talked about all three of those issues today, and another three, four or five beyond that," the chairman said. "And maybe isn't that the point? It's the first time we've spoken about these issues."

The two nations have frequent military-to-military contact on the tactical level, Dempsey said, but could benefit by more frequent senior-leader engagement. "It's our desire, both of us, that we maintain dialogue at the strategic level. ... We are committed to building a better, deeper, more enduring relationship," the chairman added.

It's important that each side do that while keeping in mind the other side's commitments to other nations, Dempsey said. The United States considers its relationship with China in the context of historic and enduring alliances in the region, he noted.

"This isn't about choosing any one or the other," he said. "We have some treaty obligations, but we will build this relationship by increasing our contact at the strategic level and recognizing [those alliances]."

The final question was to Dempsey, asking why the United
States conducts military exercises in China's vicinity. Dempsey said the answer "is probably at the core of why I've made this visit."

The United States is and has been a Pacific power, and while its military has been particularly active and busy in the Middle East, it has never left and will not leave the Asia-Pacific, the chairman said.

"Our intention, of course, is to contribute to stability in a way that protects our national interests, which are very much tied to this region," he said.

Dempsey said the United States seeks to be a stabilizing influence in the region. "We believe that it would be our absence that would be a destabilizing influence on the region, not our presence," he added.

Fang led the news conference by welcoming Dempsey and his delegation, and said he hopes the chairman's visit furthers the exchange of ideas between the two nations' militaries.

In his opening remarks, Dempsey thanked Fang for his hospitality and offered his condolences for the victims of the April 21 Sichuan magnitude 7.0 earthquake, a temblor that left a reported 189 people dead and injured more than 11,000. The chairman also complimented Fang on the Chinese army's quick response after the earthquake, and the general's leadership of that effort.

The chairman also expressed sympathy for the family of Lu Lingzi, a Chinese graduate student who had been pursuing a master's degree at Boston University when she was killed in the Boston Marathon bombings April 15.

She "was a gifted student, tragically killed," he said. "Our thoughts and prayers go out to her grieving family."

Dempsey arrived in Beijing yesterday after a stop in South Korea. Later this week, he will continue his Asia trip with a visit to Japan.

Saturday, October 13, 2012

U.S. SECRETARY OF DEFENSE PANETTA GIVES DETAILS REGARDING CYBERDEFENSE

FROM: U.S. DEPARTMENT OF DEFENSE
Panetta Spells Out DOD Roles in Cyberdefense

By Jim Garamone
American Forces Press Service


WASHINGTON, Oct. 11, 2012 - Defense Secretary Leon E. Panetta spelled out in detail the Defense Department's responsibility in cybersecurity during a speech to the Business Executives for National Security meeting in New York, today.

Panetta has stressed the importance of cybersecurity since taking office last year. In addition, the secretary has warned about a "cyber Pearl Harbor" many times, including during testimony before Congress.

The speech before BENS aboard the USS Intrepid Museum is the secretary's clearest discussion to date of DOD's responsibility in the cyber domain.

"A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11," he said in prepared remarks. "Such a destructive cyber terrorist attack could paralyze the nation."

The secretary pointed to denial of service attacks that many large U.S. corporations have suffered in recent weeks, but also cited a more serious attack in Saudi Arabia. In that attack a sophisticated virus called "Shamoon" infected computers at the Saudi Arabian state oil company, ARAMCO.

"Shamoon included a routine called a 'wiper,' coded to self-execute," he said. "This routine replaced crucial system files with an image of a burning U.S. flag. It also put additional 'garbage' data that overwrote all the real data on the machine. The more than 30,000 computers it infected were rendered useless, and had to be replaced."

There was a similar attack later in Qatar. "All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date," Panetta said.

Enemies target computer control systems that operate chemical, electricity and water plants, and guide transportation networks.

"We also know they are seeking to create advanced tools to attack these systems and cause panic, destruction and even the loss of life," he said.

"An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals," he said. "They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country."

Cyber attacks could be part of a major attack against the United States, and this could mean the cyber Pearl Harbor the secretary fears. This is "an attack that would cause physical destruction and loss of life, paralyze and shock the nation and create a profound new sense of vulnerability," he said.

DOD has a supporting role in cyber defense, he said. The Department of Homeland Security is the lead federal agency, with the FBI having lead on law enforcement. Still the overall DOD mission is to defend the United States.

"We defend. We deter. And if called upon, we take decisive action," the secretary said. "In the past, we have done so through operations on land and at sea, in the skies and in space. In this new century, the United States military must help defend the nation in cyberspace as well."

DOD has responsibility for defending its own networks, and can also help deter attacks. "Our cyber adversaries will be far less likely to hit us if they know we will be able to link them to the attack, or that their effort will fail against our strong defenses," he said. "The Department has made significant advances in solving a problem that makes deterring cyber adversaries more complex: the difficulty of identifying the origins of an attack."

DOD has improved its capability of tracking attacks to point of origin. "Potential aggressors should be aware that the United States has the capacity to locate them and hold them accountable for actions that harm America or its interests," he said.

But improved defenses will not stop all cyber attacks. "If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the President," Panetta said. "For these kinds of scenarios, the Department has developed the capability to conduct effective operations to counter threats to our national interests in cyberspace.

"Let me be clear that we will only do so to defend our nation, our interests, or our allies," he continued. "And we will only do so in a manner consistent with the policy principles and legal frameworks that the Department follows for other domains, including the law of armed conflict."

DOD is finalizing a comprehensive change to rules of engagement in cyberspace. "The new rules will make clear that the Department has a responsibility not only to defend DOD's networks, but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace," he said. "These new rules will make the Department more agile and provide us with the ability to confront major threats quickly."

The private sector, government, military and international partners operate in cyberspace. "We all share the responsibility to protect it," he said. "Therefore, we are deepening cooperation with our closest allies with a goal of sharing threat information, maximizing shared capabilities, and deterring malicious activities."

All U.S. leaders have discussed cyber security with foreign leaders. Panetta raised the issue with Chinese leaders during his recent trip to Beijing. "I underscored the need to increase communication and transparency so that we can avoid misunderstanding or miscalculation in cyberspace," he said. "That is in the interest of the United States, and it is in the interest of China."

But businesses have the greatest interest in cybersecurity. Businesses depend on a safe, secure, and resilient global digital infrastructure, and businesses own and run many of the critical networks the nation depends on. "To defend those networks more effectively, we must share information between the government and the private sector about threats in cyberspace," the secretary said.

While there has been progress in sharing public-private cyber information, "we need Congress to act to ensure this sharing is timely and comprehensive," he said. "Companies should be able to share specific threat information with the government without the prospect of lawsuits hanging over their head. And a key principle must be to protect the fundamental liberties and privacy in cyberspace that we are all duty-bound to uphold."

Baseline standards must be set for cyber security and that means Congress must act, Panetta said. He said the bipartisan Cybersecurity Act of 2012 "has fallen victim to legislative and political gridlock. That is unacceptable to me, and it should be unacceptable to anyone concerned with safeguarding our national security."

One option under consideration, Panetta said, is an executive order to enhance cybersecurity measures. "There is no substitute for comprehensive legislation, but we need to move as far as we can in the meantime," he said. "We have no choice because the threat we face is already here. Congress has a responsibility to act. The President has a Constitutional responsibility to defend the country."

Thursday, September 20, 2012

SECRETARY OF DEFENSE PANETTA COMMENTS ON CHINA MEETINGS

Defense Secretary Leon E. Panetta talks with Chinese Vice President Xi Jinping before a meeting in Beijing, Sept. 19, 2012. DOD photo by Erin A. Kirk-Cuomo   

FROM:  U.S. DEPARTMENT OF DEFENSE

Panetta Calls Beijing Meetings 'Substantive, Productive'

By Karen Parrish
American Forces Press Service


BEIJING, Sept. 20, 2012 - Visiting China at what he called a "very important moment" for the U.S.-China relationship, Defense Secretary Leon E. Panetta said yesterday his meetings with key Chinese leaders here have been both substantive and productive.

In a discussion with Chinese reporters and media representatives traveling with him, Panetta reviewed his meetings over two days with Chinese leaders including Vice President Xi Jinping, State Councilor Dai Bingguo, Vice Chairman of the Central Military Commission Xu Caihou and Defense Minister Gen. Liang Guanglie.

Key discussion points throughout the meetings, the secretary said, included territorial disputes, ballistic missile defense and North Korea, and cyber attack and intrusions. The overarching topic, he added, was the U.S.–China relationship in the context of the U.S. strategic rebalance to the Asia-Pacific region.

Panetta drew a parallel in describing his advice to Chinese leaders over a territorial dispute simmering between China and Japan – which, he noted, he also tendered to Japanese senior government officials when he visited there earlier this week – and Chinese advice to him over North Korea. Each side urged the other to seek peaceful, diplomatic solutions to their differences, he noted.

The secretary said he has some understanding of the deep feelings and long-standing differences between China and Japan over disputed islands in the East China Sea. But, he added, "it's really important that we not be trapped by the past and that we move forward."

Panetta said his message on the topic is consistent to any country claiming disputed territory in the East China Sea or South China Sea: while the United States doesn't take sides in territorial disputes, "we strongly urge the parties to exercise restraint and to work together to find a peaceful resolution to these issues."

The secretary added that he also strongly urges the Asia-Pacific nations to form a multilateral forum to resolve regional conflicts according to agreed-upon principles.

Panetta said his meetings here gave him the impression that the Chinese are looking for a good format in which to try to resolve these issues for the future. "They, too, have a concern that these issues can't just be resolved on the fly -- that there's got to be a process to try to deal with them," he added.

Both Japanese and Chinese leaders signaled this week that they "recognize that it's important not to let this kind of dispute get out of hand," Panetta said.

China's leaders similarly urged that the United States exercise restraint in its approach to North Korea, Panetta acknowledged. China, along with Russia, is one of North Korea's principal allies.

U.S.-North Korea differences came to the fore this week when, during his stay in Japan, the secretary announced the United States and Japan are discussing expansion of Japan-based ballistic missile defense radar systems. Panetta emphasized the X-band radar, which detects ballistic missiles early in their flight and provides precise tracking information for targeting systems, is intended solely for defense against North Korea.

The secretary told reporters that North Korea threatens the United States, its forward-deployed forces and its allied and partner nations as it continues to test nuclear weapons and delivery systems and to enrich uranium in defiance of international law.

During his meetings with China's leaders, Panetta said, he urged Chinese officials to try to persuade North Korea to engage with the United States to work on resolving these issues through diplomacy. In turn, he added, the Chinese leaders strongly recommended that the United States try to resolve its issues with North Korea peacefully.

Both sides noted that the recent change in North Korean leadership has produced some signs of softening in Pyongyang's stance, he noted. "We agreed that there are changes that are taking place and that we have to keep track of those changes," the secretary said.

Panetta said he also raised concerns about threats in the cyber domain, which he called the "potential battlefield for the future."

Cyber technology "has the potential to cripple a country, paralyze a country ... [and is] being used in order to exploit information -- important economic information -- from one country to the next," he said.

Panetta said the United States "has concerns about what China has been doing, in terms of exploiting information," and that during his meetings here he stressed the importance of the United States and China having a dialogue regarding cyber.

"I think we do have to make the effort to try to sit down with China and with other countries to discuss how we can approach cyber," the secretary said. He added that cyber is a growing threat in China as well, and that "there was concurrence" during meetings that the topic is worthy of strategic discussion.

"There was a sense that there has to be an effort to look at the larger picture here and whether or not we can develop international rules and standards. ... I thought that was a very good step to ... at least beginning the discussion about dealing with this issue," Panetta said.

The secretary has maintained throughout his comments to reporters this week that the chief focus of his visit to China was to strengthen military relations between the two countries and to seek Chinese response to the U.S. strategic rebalance to the Asia-Pacific region.

"What I hope this visit has made clear is that engagement with China is a critical part of [the rebalance]," he said. "And I believe we're making real progress towards building a military-to-military relationship with China that is, in fact, healthy, stable, reliable, and continuous."

China and the United States will not always agree, Panetta acknowledged. But he said the key to the relationship, as to any relationship, is open communications and the ability to express views candidly. "That, almost more than anything else, is what can lead to improved relations between the United States and China," he said. The "candid and frank discussions" he has had here bode well for the future, he added.

Concerning the U.S. rebalance in the Asia-Pacific region, Panetta said, Chinese leaders acknowledged that they don't view it as a threat. "They viewed it as important to the future prosperity and security of the Pacific region," he told reporters.

Their key concerns, he added, are that the United States develops and strengthens its presence in conjunction with developing a strong U.S.-China relationship, and that both nations work together to develop the capabilities of other countries and develop security for the region.

Tuesday, July 31, 2012

JOBS: SKILLED PEOPLE NEEDED FOR CYBER DEFENSE

FROM: U.S. DEPARTMENT OF DEFENSE
Photo Credit:  U.S. Department of Defense.
Highly Skilled People Are Key to Cyber Defense, Leaders Say
By Jim Garamone
American Forces Press Service

WASHINGTON, July 26, 2012 – Having the right people in the right places with the right training is the best defense against any attack, and this is as true in the cyber world as it is on battlefields Afghanistan, military commanders charged with improving capabilities in the cyber world told Congress yesterday.

Navy Vice Adm. Michael S. Rogers, commander of the 10th Fleet; Lt. Gen. Rhett A. Hernandez, commander of 2nd Army; Lt. Gen. Richard P. Mills, commander of Marine Corps Development Command; and Maj. Gen. Suzanne M. Vautrinot, commander of 24th Air Force testified before the House Armed Services Committee’s emerging threats subcommittee and described what the services are doing to attract and retain the best people.

And this is a problem, they said, because government and the private sector are worried about defending data and networks from attacks.

Cyber war is complicated, the commanders said, because defending systems demands world-class engineers and technicians and the military must compete with other public agencies and the private sector in attracting these world-class specialists.

"The Navy’s workforce is perhaps our greatest strength in this emerging discipline," said Rogers, who has commanded the 10th Fleet – the Navy’s Cyber Command – for about a year. "Our sailors and civilians are at the forefront of advances in cyberspace operations."

The changing nature of the cyber world complicates the effort to recruit and retain cyber specialists, Rogers said. The Navy has established a summer intern program at the Naval Academy and with ROTC to expose midshipmen to the cyber defense world, and has established the cyber engineer career field to allow direct accessions for a few recent college graduates with deep cyber expertise, he told the panel.

"While the Navy cannot compete with the compensation offered by industry, we provide individuals with unique opportunities that they cannot receive out in industry, and the highly motivated Navy cyber workforce is opting to stay Navy at record levels," the admiral said.

His sailors, Rogers said, are warriors. They know they are working to protect not only data, but also the country, and they know that, and it motivates them, he told the representatives.

Soldiers also recognize that they are warriors fighting in a different kind of war, Hernandez said. The Army is working to exercise all cyber warriors in the skills they need to defend networks and data.

"We will integrate cyberspace operations into 13 joint and Army exercises this fiscal year, and will double that number next year," the general said. The service also is using cyber specialists to play opposing forces in exercises at the National Training Center and at combatant command exercises.

The Air Force continues to stress the need for Americans with science and mathematics backgrounds, Vautrinot said, and works with high schools and colleges to encourage and mentor students involved in science and mathematics.

Overall, attacks in the cyber world are a serious threat, the military leadersagreed, so education, training and development of cyber defense professionals needs to continue unabated.

 

Friday, July 27, 2012

U.S. CYBER COMMANDER SAYS U.S. NOT PREPARED FOR CYBER WAR

FROM:  U.S. DEPARTMENT OF DEFENSE
Cybercom Chief: U.S. Unprepared for Serious Cyber Attacks
By Claudette Roulo
American Forces Press Service

ASPEN, Colo., July 26, 2012 - The United States is not adequately prepared for a serious cyber attack, the commander of U.S. Cyber Command told the audience at the Aspen Institute's annual security forum today.

Army Gen. Keith Alexander, who also serves as the director of the National Security Agency and the chief of the Central Security Service, said that, in terms of preparation for a cyber attack on a critical part of its network infrastructure, the U.S. is at a three on a scale of one to ten.

The problem of defending the nation from a cyber attack is complicated, Alexander said. It's not just a question of preparing the Department of Defense or federal networks. Private industry also has to be defended.

"Industry has a variety of capabilities," Alexander said. While networks serving the financial community are well-defended, others sectors need help.

Key to developing a strong cyber security infrastructure is educating its users, Alexander said.

"We have a great program, it's jointly run by [the National Security Agency] and [the Department of Homeland Security] working with over 100 different colleges and universities to set up an information assurance/cyber security portfolio," he said.

Ensuring people who didn't grow up in the Internet age are security-aware is one of the major challenges facing those who secure the network, Alexander said.

The number of exploits of mobile technology has almost doubled over the past year, he said, and many people don't realize that phones are tied into the same digital network infrastructure as computers.

Alexander defined exploits as the means that a hacker uses to penetrate a system, including mobile phones or tablets, to potentially steal files and credentials or jump to another computer.

"The attack surfaces for adversaries to get on the internet now include all those mobile devices," Alexander said. And mobile security lags behind that of cyber security for landline devices like desktop computers.

Alexander said the Department of Defense, in concert with agencies like the Department of Homeland Security and the Federal Bureau of Investigation, works together with industry to secure network devices.

"If we identify a problem, we jointly give that back to industry and say 'Here's a problem we found,'" Alexander said.

Using the nuclear model, or concentrating solely on major nation-states, to analyze the cyber threat is wrong, he said. Several nations are capable of serious cyber attacks, he explained, but anyone who finds vulnerabilities in the network infrastructure could cause tremendous problems.

Industry and government must work as a team to combat these threats, Alexander said.

"There are great folks in industry who have some great insights," he said. "That's the only way that we can prevent those several states from mounting a real attack on this nation's cyber."

In addition, deterrence theory worked for nuclear weapons in part because the decision time was much slower than it is for cyber threats.

"A piece of information can circumnavigate the globe in about 133-134 milliseconds," he said. "Your decision space in cyber [is] half that—60 seconds."

"My concern is...you've seen disruptions like in Estonia in 2007, in Georgia, Latvia, Lithuania, Azerbaijan, Kyrgyzstan, you could go on," he said. "We've seen them here in the United States... What I'm concerned about is the shift to destructive [attacks]. Those are the things that will hurt our nation."

Disruptive attacks, like distributed denial-of-service attacks, are aimed at interrupting the flow communication or finance, but aren't designed to cause long-term damage.

In contrast, destructive attacks are designed to destroy parts of the network infrastructure, like routers or servers, which would have to be replaced in order to resume normal operations, Alexander said. In some cases this could take weeks or months.

Congress is considering bills that would give the Department of Homeland Security a greater role in setting performance requirements for network industries. Alexander said this legislation is important to assist in setting network infrastructure standards.

Both parties have something to bring to the table, he said. Industry knows things that government doesn't, and government knows things that industry doesn't.

"If we were to be completely candid here, the reality is that industry is getting hacked [and] government is getting hacked," he said. "What we need to do is come together and form best practices."

Government-civil partnerships open up the possibility that the U.S. can accomplish things in cyber space that no other nation has the capability to accomplish, Alexander said.

"When we put together this ability for our nation to work as a team in cyber space, what that allows us to do now is do things that other countries aren't capable of doing in defending the nation," Alexander said.

Because attributing the source of a cyber attack is difficult, the focus is currently on defense rather than offense, Alexander said.

"Today, the offense clearly has the advantage," he said. "Get cyber legislation in there, bring industry and government together, and now we have the capability to say 'You don't want to attack us. We can stop it and there are other things that we can do to really make this hurt.'"

"The key is having a defensible capability that can survive that first onslaught," Alexander said.

Tuesday, July 10, 2012

U.S. NATIONAL SECURITY AGENCY WORKS TO ENSURE CYBERSPACE ACCESS


FROM:  AMERICAN FORCES PRESS SERVICE
NSA Chief: Cyber World Presents Opportunities, Challenges
By Jim Garamone
WASHINGTON, July 10, 2012 - Technology has opened tremendous opportunities for the world, but also poses tremendous challenges for those who work to ensure access to cyberspace, the director of the National Security Agency said here yesterday.

Army Gen. Keith B. Alexander, who also commands U.S. Cyber Command, told participants in an American Enterprise Institute seminar titled "Cybersecurity and American Power" that the capability exists today for destructive cyber attacks against critical infrastructures.

The cyber world is an increasingly important domain, the general said. In 2000, 360 million people were on the Internet. Today, more than 2.3 billion people are connected. Last year, 107 trillion emails were sent, he added, and a sign of the times is that more than 500,000 apps exist for the iPhone and 280,000 for Android smartphones.

But this tremendous opportunity for communication also presents a potential avenue of attack, Alexander said. A 2007 denial-of-service attack on Estonia virtually shut the nation down, he said, but that was just a transitory event in the evolution of cyber attacks.

"What I think we really need to be concerned about is when these transition from disruptive to destructive attacks -- and I think those are coming," he said.

A destructive attack does not simply overload computers or networks -- it destroys data or software, and systems must be replaced to return to the status quo. "We've got to consider that those are going to happen," Alexander said. "Those are coming up, and we have to be ready for that."

The general stressed that deterring cyber attacks is more difficult than nuclear deterrence, noting that nation-states, cyber criminals, hackers, activists and terrorists all pose threats. "So when you think about deterrence theory, you're not talking about just nation-on-nation deterrence theory," he said. "You have other non-nation-state actors that you now have to consider."

An attack may originate in a country, Alexander said, but no one can really tell if it's the nation, a criminal gang within the country or a lone hacker launching the attack.

Regardless of who initiates an attack, he added, the result could be the same. "You lose the financial sector or the power grid or your systems capabilities for a period of time," the general said. "It doesn't matter who did it; you still lose that. So you've got to come up with a defensive strategy that solves that, from my perspective."

The U.S. defensive strategy has to be a team approach, he said. "We want to get as many people as we can working together to solve this problem," Alexander said.
The White House has led the governmental effort, spanning the Department of Homeland Security to the Defense Department to the FBI and beyond. And any protection -- to be effective -- must include the private sector, the general told the audience. This has caused hackles to rise, he acknowledged, with critics saying such efforts are an invasion of privacy. But, Alexander said, it can be done while protecting civil liberties.

"If the critical infrastructure community is being attacked by something, we need them to tell us at network speed," the general said. "It doesn't require the government to read their mail or your mail to do that. It requires them -- the Internet service provider or that company -- to tell us that that type of event is going on at this time. And it has to be at network speed if you're going to stop it."

Cyber runs at the speed of light, Alexander noted, and human reaction times are simply not fast enough to react.

"Maybe we could do this in real time and come up with a construct [in which] you and the American people know that we're not looking at civil liberties and privacy, [but] we're actually trying to figure out when the nation is under attack and what we need to do about it," he said.

Thursday, June 14, 2012

SECRETARY OF DEFENSE PANETTA SAYS A SENSE OF URGENCY IS NEEDED REGARDING CYBER ATTACKS


Photo Credit:   Los Alamos National Laboratory.


FROM:  AMERICAN FORCES PRESS SERVICE

Panetta: Sense of Urgency Needed to Defend Against Cyber Attacks

By Jim Garamone
WASHINGTON, June 13, 2012 - The increasing threat of cyber attacks against the nation's computer networks requires a commensurate growth in resources dedicated to protecting them, Defense Secretary Leon E. Panetta told Congress today.

"I think there has to be a greater sense of urgency with regards to the cyber potential, not only now but in the future," Panetta told the Senate Appropriations subcommittee on defense. "Obviously it's a rapidly developing area."

Enemies launch hundreds of thousands of attacks every day on U.S. computer networks, government and non-government alike. "I'm very concerned at the potential in cyber to be able to cripple our power grid, to be able to cripple our government systems, to be able to cripple our financial systems," Panetta said. "It would virtually paralyze this country. And as far as I'm concerned, that represents the potential for another Pearl Harbor ... using cyber."

Testifying alongside Panetta, Army Gen. Martin E. Dempsey, the chairman of the Joint Chiefs of Staff, said the nature of cyber attacks has changed quickly. A few years ago, he said, hackers launched denial of service attacks on computer systems. Today, sophisticated users, criminal groups and even nations participate in intellectual property and technology theft and have progressed to destructive cyber attacks. "I can't overstate my personal sense of urgency about that," he said.

Panetta feels "very good" about DOD's ability to defend its computer systems, but he is concerned about the security of non-governmental systems. "I think that's the area where we have to deal with the additional authorities," he said.

Dempsey stressed that he, too, supports legislation that encourages information sharing with civilian systems.
The chairman said the department has the authority it needs in the cyber world, but must develop rules of engagement that work at network speed.

"This is not something where we can afford to ... convene a study after someone has knocked out the East Coast power grid," he said.




Search This Blog

Translate

White House.gov Press Office Feed