FROM: U.S. JUSTICE DEPARTMENT
Assistant Attorney General Leslie R. Caldwell Speaks at Cybercrime 2020 Symposium
Washington, DCUnited States ~ Thursday, December 4, 2014
Good morning and welcome to the Criminal Division’s inaugural symposium on cybercrime. Before we start, I would like to thank Dean Treanor and the Georgetown Law Center for being such gracious partners in planning and holding this event.
I would also like to thank the moderators and panelists for traveling from across the country to contribute their expertise to today’s discussions. We have assembled an impressive array of experts from the private sector, academia, privacy groups, and all three branches of government, and I am looking forward to the diverse perspectives they will be sharing with us today.
A special welcome and thanks to Troels Orting, our keynote speaker, who has traveled the farthest to be with us today. Troels is the Director of Europol’s European Cybercrime Center or “EC3,” which is headquartered at the Hague in the Netherlands. In recent months, the Criminal Division, U.S. Attorneys’ Offices, federal investigators, and private companies have executed some of the most elaborate law enforcement operations ever attempted in the cybercrime arena. Troels and EC3 have been instrumental to the success of those operations.
You’ll hear more about that in a moment, but I wanted to make sure I expressed my personal appreciation to him and EC3. I believe that such robust cooperation within the international law enforcement community is the necessary future of cybercrime investigations. I anticipate that the Department of Justice and EC3 will be allies for years to come.
Today’s symposium is focused on the future of technology and online crime, so I expect that you will be hearing a lot about “change” and “evolution.” I want to briefly discuss the state of affairs today, and how I see cybercrime evolving over the coming years.
I also want to take this opportunity to talk about changes within the Criminal Division and our evolving efforts to deter, investigate, and prosecute cyber criminals and to protect the country’s computer networks from cyber threats in the first instance.
In that regard, I will highlight two ways in which we are addressing the growing threat:
First, we are mounting increasingly innovative and cooperative, international law enforcement operations to disrupt cyber criminal organizations across the globe;
Second, we are increasing our efforts to prevent cyber attacks by providing resources for our public and private partners to enhance cyber security across the board. In furtherance of this effort, we are creating a dedicated Cybersecurity Unit within the Criminal Division, which I will discuss more in a moment.
As I mentioned, I will start with a few words about the Internet and technology, how they are influencing the crimes we see today, and how we anticipate they will shape the crimes of tomorrow.
By now it has become obvious not only to those of us who gather at events like this but to the entire world: the Internet and related technologies have changed the way we work, play, and live. Everyone in this room is carrying a cell phone, tablet, or some other device that is connected to the Internet right now. The vast majority of Americans have made technology part of their everyday lives.
This boom in Internet-driven technology brings with it new opportunities for innovation, productivity, and entertainment. It is helping people connect locally and globally through email, social networking, and various other forms of communication. It is helping our businesses compete in expanding markets. It is giving us ready access to a seemingly endless stream of information, resources, and services unlike anything that preceded it. From big companies to tiny start-ups, innovation is taking place around the world at a dizzying pace.
Unfortunately, there is also a flip side to these advances. A tool that has become so vital to families, consumers, businesses, and governments was also bound to become a target for criminals. Not surprisingly, cyber criminals are taking advantage of the same advances in technology to perpetrate more complex and extensive crimes. Indeed, according to data from the 2013 Norton Report, there will be more than 14,000 additional victims of online crime by the time I have finished this speech.
For the foreseeable future, cybercrime will increase in both volume and sophistication. By exploiting technology, the most skilled cyber criminals will be capable of committing crimes on a scale that will result in more lost data, greater damage to the security of networks, and greater risk to Internet users. We are already getting glimpses of this new criminal tide.
Last year, two cyber intrusions targeting the banking system inflicted $45 million in losses on the global financial system in a matter of hours. Let me emphasize, that figure is not a speculative estimate or a projection. That is the sum total of money that the perpetrators withdrew from banks around the world by breaking into bank computers and removing limits on the amount of money they could withdraw from ATM machines. That crime dwarfed the biggest bank heists in U.S. history several times over, and the masterminds never had to worry about security guards, dye-packs, or silent alarms. In fact, they never had to leave home.
Our dependence on technology is also ushering in a new era of online breaches. Ever larger networks are processing more consumer data in an effort to make our purchases simpler and less time consuming. These networks transmit vast amounts of personal and financial data, and enterprising hackers are targeting them to produce data breaches that dwarf anything we’ve seen before. Individual breaches regularly put at risk the financial information of tens of millions of consumers. This threatens consumer confidence and has devastating consequences for companies who have fallen victim.
We have also witnessed the rise of another type of intrusion that causes harms less simple to quantify. Rather than stealing money or valuable financial data, these breaches have robbed people of their privacy. Some hackers have become virtual home invaders, using malware to tap into personal webcams located in homes around the world so they can spy on our most intimate moments. Other hackers have broken into online storage accounts and personal devices to snatch personal photos or communications for money or prurient thrills.
So, how is the Department responding to these new types of online threats and challenges? In the case of the $45 million dollar cyber heist I mentioned, we were able to promptly find, arrest and prosecute some of those responsible. Thus far, 13 defendants have been convicted for their participation in the scheme. The Criminal Division and U.S. Attorneys’ Offices are bringing the lessons of this successful prosecution and others to the investigations of recent breaches that have been in the news.
While arrests and prosecutions are our primary goal, we recognize that it is increasingly common for sophisticated cyber criminals to base themselves overseas in countries where they are not so easily reached. Consequently, we have adjusted our tactics in two significant ways. We are engaging in larger, international law enforcement operations to target criminals around the globe. And, we are acting up front to stop the harm that these cyber criminals are causing, even before we can get them into custody. A prime example of this has been our approach to “botnets.”
“Botnets” are networks of computers that have been secretly infected by malware and controlled by criminals. Some botnets are millions of computers strong. Once created, they can be used without a computer owner’s knowledge to engage in a variety of criminal activities, including siphoning off personal and financial data, conducting disruptive cyber attacks, and distributing malware to infect other computers.
One particularly destructive botnet—called Gameover Zeus—was used by criminals to steal millions of dollars from businesses and consumers and to extort additional millions of dollars in a “ransomware” scheme. Ransomware is malware that secretly encrypts your hard drive and then demands payments to restore access to your own files and data. Ransomware called “Cryptolocker” was distributed through the Gameover Zeus Botnet, which infected hundreds of thousands of computers, approximately half of which were located in the United States. It generated more than $27 million in ransom payments for its creators, including Russian hacker Evgeniy Bogachev, in just the first two months after it emerged.
But through carefully choreographed international law enforcement coordination, we not only identified and obtained a 14-count indictment against Bogachev, but also obtained injunctions and court orders to dismantle the network of computers he used to orchestrate his scheme. The Justice Department, U.S. law enforcement, numerous private sector partners, and foreign partners in more than 10 countries, as well as EC3, mounted court-authorized operations that allowed us to wrest control of the botnet away from the criminals, disable it, and start to repair the damage it caused.
This afternoon, you will hear from David Hickton, the U.S. Attorney for the Western District of Pennsylvania, whose office worked with CCIPS to spearhead this effort. This case serves as a model of both international cooperation and our ability to mitigate the damage caused by cyber criminals even before making an arrest.
In another international operation, just a few weeks ago, we targeted so-called “dark market” websites selling illegal goods and services online. These websites were operating on the “Tor” network, a special network of computers on the Internet designed to conceal the locations of individuals who use it. The websites we targeted traded in illegal narcotics; firearms; stolen credit card data; counterfeit currency; fake passports and other identification documents; and computer-hacking tools and services. Using court-authorized legal process and mutual legal assistance treaty requests, the Department, the FBI, and international partners from approximately 16 foreign nations working under the umbrella of EC3 seized over 400 Tor addresses associated with dozens of websites, as well as multiple computer servers hosting these websites.
Once again, international cooperation among the world’s law enforcement agencies was pivotal to the success of this global operation. And, once again, we were able to disrupt cybercrime in manners other than traditional arrest and prosecution.
In addition to undertaking these innovative international operations and takedowns, the Criminal Division is also re-orienting itself to better address the complex nature of cyber threats on multiple fronts.
High-tech crimes are not new to the Criminal Division. We have been investigating and prosecuting computer crimes since the Division created the Computer Crime and Intellectual Property Section, or “CCIPS,” in 1996. As I have already described, CCIPS prosecutors have led complex computer crimes investigations for years, and this work will continue.
Through CCIPS, the Criminal Division has also supported and expanded our U.S. Attorneys’ Offices’ expertise and capacity to tackle the most complex cybercrimes. CCIPS has worked over the last 12 years to build the Computer Hacking and Intellectual Property or “CHIP” Network with U.S. Attorneys’ Offices across the nation, which is now over 270 prosecutors strong. That network has fostered a close partnership between CCIPS and the U.S. Attorneys’ Offices in addressing the nation’s most sophisticated computer crimes. In addition, over the last two years, the CHIP Network was used as the model for the National Security Cyber Specialists’ network, a partnership among the National Security Division, the U.S. Attorneys’ Offices, and CCIPS that focuses on cyber threats to national security.
As the threats increase daily, however, I want to make sure that cyber security is receiving the dedicated attention it requires. It is important that we address cyber threats on multiple fronts, with both a robust enforcement strategy as well as a broad prevention strategy. I am, therefore, announcing today the creation of the Cybersecurity Unit within CCIPS. The Cybersecurity Unit will have responsibility on behalf of the Criminal Division for a variety of efforts we are undertaking to enhance public and private cyber security efforts.
Given the growing complexity and volume of cyber attacks, as well as the intricate rubric of laws and investigatory tools needed to thwart the attacks, the Cybersecurity Unit will play an important role in this field. Prosecutors from the Cybersecurity Unit will provide a central hub for expert advice and legal guidance regarding the criminal electronic surveillance statutes for both U.S. and international law enforcement conducting complex cyber investigations to ensure that the powerful law enforcement tools are effectively used to bring the perpetrators to justice while also protecting the privacy of every day Americans. The Cybersecurity Unit will work hand-in-hand with law enforcement and will also work with private sector partners and Congress. This new unit will strive to ensure that the advancing cyber security legislation is shaped to most effectively protect our nation’s computer networks and individual victims from cyber attacks.
As you know, the private sector has proved to be an increasingly important partner in our fight against all types of online crime, but particularly cyber security-related matters. Prosecutors from the Cybersecurity Unit will be engaging in extensive outreach to facilitate cooperative relationships with our private sector partners. This is a fight that the government cannot and will not wage alone.
As just one example of the kind of outreach we can do, earlier this year, we heard concerns expressed by communications service providers about uncertainty over whether the Electronic Communications Privacy Act prohibits sharing certain cyber threat information. This uncertainty limited the lawful sharing of information that could better protect networks from cyber threats. In response, we produced a white paper in May to address these concerns and publicly released our analysis of the issue. We will continue to engage in this open dialogue about emerging issues and to clear roadblocks like this one.
Finally, we will be engaging with the public at-large about cyber security issues. Over the past several years, but especially this past year, I have noticed a growing public distrust of law enforcement surveillance and high-tech investigative techniques. This kind of mistrust can hamper investigations and cyber security efforts. Most of this mistrust, however, comes from misconceptions about the technical abilities of the law enforcement tools and the manners in which they are used. I hope to engage the public directly on these issues and to allay concerns.
CCIPS already plays an important role in this regard, and I expect that to expand with the Cybersecurity Unit. CCIPS’s manuals on laws governing searching and seizing computers, electronic surveillance, and prosecuting computer crimes are probably the most comprehensive materials on those topics you will find anywhere. To ensure transparency and wide access to this helpful information, those manuals are publicly available on CCIPS’s website, cybercrime.gov.
I would like to start the public dialogue, however, by briefly addressing an overarching misconception: the apparent belief that privacy and civil liberties are afterthoughts to criminal investigators. In fact, almost every decision we make during an investigation requires us to weigh the effect on privacy and civil liberties, and we take that responsibility seriously. Privacy concerns are not just tacked onto our investigations, they are baked in. Privacy concerns are in the laws that set the ground rules for us to follow; the Departmental policies that govern our investigative and prosecutorial conduct; the accountability we must embrace when we present our evidence to a judge, a jury, and the public in an open courtroom; and in the proud culture of the Department.
We not only carefully consider privacy implications throughout our investigations, but we also dedicate significant resources to protecting the privacy of Americans from hackers who steal our financial and credit card information, online predators that stalk and exploit our children, and cyber thieves who steal the trade secrets of innovative American entrepreneurs. As just an example our efforts, we recently announced the conviction of a Danish citizen who marketed and sold StealthGenie, a spyware application or “app” that could remotely monitor calls, texts, videos and other communications on mobile phones without detection. This app was marketed to individuals who wanted to spy on spouses and lovers suspected of infidelity.
Additionally, earlier this year, the FBI and the U.S. Attorney for the Southern District of New York announced charges against the owner of “Blackshades,” which sold the Blackshades Remote Access Tool. EC3 again played a substantial role in this worldwide takedown, which resulted in the arrests of more than 90 people across the globe. The Blackshades tool was used by hackers to gain access to victims’ personal computers to secretly steal files and account information, browse personal photos, and even to monitor the victims through their own webcams. This software tool illustrates one of the scariest capabilities of hackers to date, as the Blackshades product or a similar tool was used by one hacker to secretly capture naked photos of teens and young women, including Miss Teen USA. The hacker then used the photos to extort his victims—with threats that he would post the photos on the Internet—into sending additional nude photos and videos.
These are just two examples of our work to investigate and prosecute criminals who invade the privacy of unsuspecting citizens. We hope that continuing to host symposiums like this one—and other outreach efforts—will help combat misconceptions about the Department’s efforts to protect the privacy of Americans. Outreach allows us to participate in the growing public debate about evolving technology. The open debate will benefit from the information that we can contribute about how technology is being used by criminals, how we are leveraging technology to investigate and disrupt criminal activity, and how technology can be leveraged in the public and private sectors to enhance cyber security. Without that information, misconceptions and inaccuracies can take root and hamper enforcement efforts as well as cyber security programs.
Georgetown and the Department designed today’s event to bring diverse viewpoints together. Our aim is to make sure that a range of perspectives are presented. Of course, there will be limits to what Department representatives can publicly discuss for a variety of reasons, including the potential of harming an ongoing investigation, the need to protect individuals who are the subjects of investigations, and statutory and Departmental restrictions on disclosure of certain information. Regardless, we are excited to add our voice to the debate and grateful to Georgetown and to all of you for supporting this event. We hope it will be the first of many.
Thank you.
A PUBLICATION OF RANDOM U.S.GOVERNMENT PRESS RELEASES AND ARTICLES
Showing posts with label CYBER SECURITY. Show all posts
Showing posts with label CYBER SECURITY. Show all posts
Saturday, December 6, 2014
Friday, July 11, 2014
U.S. STRATEGIC COMMANDER DISCUSSES CHALLENGES
FROM: U.S. DEFENSE DEPARTMENT
Stratcom Chief Outlines Deterrence Challenges
By Terri Moon Cronk
DoD News, Defense Media Activity
WASHINGTON, July 11, 2014 – Strategic deterrence in the 21st century is complicated, challenging and vastly different from that of the Cold War, the commander of U.S. Strategic Command said yesterday.
Navy Adm. Cecil D. Haney said extremist organizations, significant regional unrest, protracted conflicts, budgetary stresses and competition for natural resources could have strategic implications for the United States and the world.
“While terrorism remains the most direct threat to our nation -- particularly weapons of mass destruction -- we are also dealing in advances in state and nonstate military capabilities across air, sea, land and space domains, and cyber security,” the admiral told an audience at the State Department’s George Marshall Conference Center.
Some nations continue to invest in long-term modernization with strategic capabilities, he added, some are replacing their older systems, while others are modernizing based on their perceived need in the geopolitical situation. He cited India, Pakistan, Russia, Iran, North Korea and China as examples of nations developing modern military capabilities.
When Russia recently invaded Ukraine and overtook Crimea, Haney said, Russian troops also exercised “their strategic ability, not just their conventional capabilities.” On May 8, he said, “Russia conducted a major strategic force exercise involving significant nuclear forces and associated command control six months from the last one. And I don’t mean just moving it around. I mean demonstrating firing each part of their associated arsenal.”
While adversarial threats grow against the United States, the nation still retains the strategic advantage, he said, although potential adversaries are moving quickly in their development of destructive capabilities.
“While we have improved and increased our cyberspace capabilities, the worldwide threat is growing in sophistication in a number of state and nonstate actors,” he said. “As we monitor developments, we must not lose sight of nation states and non-nation-state actors [that] continue to have goals of obtaining proliferation,” Haney said. “As long as these threats remain, so too does the value of our strategic capabilities to deter these threats.”
The Stratcom commander emphasized the importance of the U.S. nuclear triad.
“Each element of the nuclear triad has unique and complementary attributes in strategic deterrence,” Haney said. “As we look at ballistic missiles and air response capabilities to the survivable leg of our submarine capability to the heavy bombers, the real key is integration of all three that make a difference in the deterrence equation for any country that would want to take us on. And it works.”
Haney pointed out that while the United States has sought to have a world free of nuclear weapons, those weapons still have a role in strategic deterrence and in the foundational force, “until we can get rid of them.”
“We must continue to lean forward with arms-control agreements while continuing to provide assurance and deterrence,” he said. “As a nation, we must create strategies and policies to deal with this diverse, multidisciplinary-problem world we live in, because we have to deliver strategic stability and effective solutions in a conscious manner, given today’s fiscal environment.”
Haney urged students in the audience to challenge traditional thinking.
“Successful 21st-century strategic deterrence lies in our understanding that this is not about a Cold War approach,” he said. “It’s about understanding that deterrence is more than nuclear.”
And while U.S. nuclear weapons are just as salient today as in the past, Haney said, “it’s understanding that what our adversaries are willing to risk requires deep understanding.”
Tuesday, July 31, 2012
JOBS: SKILLED PEOPLE NEEDED FOR CYBER DEFENSE
Photo Credit: U.S. Department of Defense.
Highly Skilled People Are Key to Cyber Defense, Leaders Say
By Jim Garamone
American Forces Press Service
WASHINGTON, July 26, 2012 – Having the right people in the right places with the right training is the best defense against any attack, and this is as true in the cyber world as it is on battlefields Afghanistan, military commanders charged with improving capabilities in the cyber world told Congress yesterday.
Navy Vice Adm. Michael S. Rogers, commander of the 10th Fleet; Lt. Gen. Rhett A. Hernandez, commander of 2nd Army; Lt. Gen. Richard P. Mills, commander of Marine Corps Development Command; and Maj. Gen. Suzanne M. Vautrinot, commander of 24th Air Force testified before the House Armed Services Committee’s emerging threats subcommittee and described what the services are doing to attract and retain the best people.
And this is a problem, they said, because government and the private sector are worried about defending data and networks from attacks.
Cyber war is complicated, the commanders said, because defending systems demands world-class engineers and technicians and the military must compete with other public agencies and the private sector in attracting these world-class specialists.
"The Navy’s workforce is perhaps our greatest strength in this emerging discipline," said Rogers, who has commanded the 10th Fleet – the Navy’s Cyber Command – for about a year. "Our sailors and civilians are at the forefront of advances in cyberspace operations."
The changing nature of the cyber world complicates the effort to recruit and retain cyber specialists, Rogers said. The Navy has established a summer intern program at the Naval Academy and with ROTC to expose midshipmen to the cyber defense world, and has established the cyber engineer career field to allow direct accessions for a few recent college graduates with deep cyber expertise, he told the panel.
"While the Navy cannot compete with the compensation offered by industry, we provide individuals with unique opportunities that they cannot receive out in industry, and the highly motivated Navy cyber workforce is opting to stay Navy at record levels," the admiral said.
His sailors, Rogers said, are warriors. They know they are working to protect not only data, but also the country, and they know that, and it motivates them, he told the representatives.
Soldiers also recognize that they are warriors fighting in a different kind of war, Hernandez said. The Army is working to exercise all cyber warriors in the skills they need to defend networks and data.
"We will integrate cyberspace operations into 13 joint and Army exercises this fiscal year, and will double that number next year," the general said. The service also is using cyber specialists to play opposing forces in exercises at the National Training Center and at combatant command exercises.
The Air Force continues to stress the need for Americans with science and mathematics backgrounds, Vautrinot said, and works with high schools and colleges to encourage and mentor students involved in science and mathematics.
Overall, attacks in the cyber world are a serious threat, the military leadersagreed, so education, training and development of cyber defense professionals needs to continue unabated.
Highly Skilled People Are Key to Cyber Defense, Leaders Say
By Jim Garamone
American Forces Press Service
WASHINGTON, July 26, 2012 – Having the right people in the right places with the right training is the best defense against any attack, and this is as true in the cyber world as it is on battlefields Afghanistan, military commanders charged with improving capabilities in the cyber world told Congress yesterday.
Navy Vice Adm. Michael S. Rogers, commander of the 10th Fleet; Lt. Gen. Rhett A. Hernandez, commander of 2nd Army; Lt. Gen. Richard P. Mills, commander of Marine Corps Development Command; and Maj. Gen. Suzanne M. Vautrinot, commander of 24th Air Force testified before the House Armed Services Committee’s emerging threats subcommittee and described what the services are doing to attract and retain the best people.
And this is a problem, they said, because government and the private sector are worried about defending data and networks from attacks.
Cyber war is complicated, the commanders said, because defending systems demands world-class engineers and technicians and the military must compete with other public agencies and the private sector in attracting these world-class specialists.
"The Navy’s workforce is perhaps our greatest strength in this emerging discipline," said Rogers, who has commanded the 10th Fleet – the Navy’s Cyber Command – for about a year. "Our sailors and civilians are at the forefront of advances in cyberspace operations."
The changing nature of the cyber world complicates the effort to recruit and retain cyber specialists, Rogers said. The Navy has established a summer intern program at the Naval Academy and with ROTC to expose midshipmen to the cyber defense world, and has established the cyber engineer career field to allow direct accessions for a few recent college graduates with deep cyber expertise, he told the panel.
"While the Navy cannot compete with the compensation offered by industry, we provide individuals with unique opportunities that they cannot receive out in industry, and the highly motivated Navy cyber workforce is opting to stay Navy at record levels," the admiral said.
His sailors, Rogers said, are warriors. They know they are working to protect not only data, but also the country, and they know that, and it motivates them, he told the representatives.
Soldiers also recognize that they are warriors fighting in a different kind of war, Hernandez said. The Army is working to exercise all cyber warriors in the skills they need to defend networks and data.
"We will integrate cyberspace operations into 13 joint and Army exercises this fiscal year, and will double that number next year," the general said. The service also is using cyber specialists to play opposing forces in exercises at the National Training Center and at combatant command exercises.
The Air Force continues to stress the need for Americans with science and mathematics backgrounds, Vautrinot said, and works with high schools and colleges to encourage and mentor students involved in science and mathematics.
Overall, attacks in the cyber world are a serious threat, the military leadersagreed, so education, training and development of cyber defense professionals needs to continue unabated.
Friday, April 13, 2012
U.S. LABORATORIES WORK TO FIGHT OFF CYBER ATTACKS
FROM: LOS ALAMOS NATIONAL LABORATOY
Cyber Security Exercise Puts Laboratories to the Test
LOS ALAMOS, NEW MEXICO, April 12, 2012- Intense pressure creates diamonds from coal, they say, and for Department of Energy (DOE) national laboratory cyber security programs, it’s an apt comparison. Fending off thousands of computer attacks from around the world, controlling vast libraries of sensitive information, yet keeping the scientific flow of knowledge moving, cyber teams such as those at Los Alamos National Laboratory (LANL) and elsewhere in the government complex feel the squeeze.
Sharing insights and ideas from the teams’ experiences, however, can create a boon in cyber defense and incident management, and potentially provide useful input for other government agencies such as the new federal Joint Cyber Coordination Center, or JC3. The JC3 is focused on improving the national response to threats, leveraging complex resources, and sharing information to meet information security commitments to the nation.
Recently, Los Alamos National Laboratory hosted an information security exercise dubbed “Eventide” that put more than 100 participants from around the complex into a virtual maelstrom of bad news and worse events, as the simulation spewed sensitive data and cracked network security out into the wilderness of the internet. They had to assess what was happening and how to respond, as their systems were progressively compromised, sensitive data appeared on hostile web sites, and invisible “bad guys” revealed their nefarious plans.
“That was pretty scary … but most E-ticket rides are,” said one participant.
Coordinated by Dale Leschnitzer, LANL's “master of disaster,” Eventide brought together cyber and IT leaders from 20 sites, including the Federal Bureau of Investigation, the DOE, its Cyber Forensics Laboratory and National Nuclear Security Administration, and the DOE’s national laboratories, to develop recommendations on resources they need from JC3. Not only did Eventide set the stage for the complex to ask the hard (and realistic) questions, it also acted as an excellent incubator to assist the JC3 in developing a practical path forward.
Tom Harper, LANL’s chief information officer, said: “Cyber threats target our information and data, and our productivity through vulnerabilities in our IT infrastructure. They pose great risks to our organization’s security and the nation's competitiveness.”
Harper said: “We’ve had a trial by fire and it’s toughened our teams. Now we can strengthen and optimize our joint defenses to ensure we’re a national resource ready to develop responses and templates to assist government and industry.”
Harper characterized the driving factors of the exercise: “The CIO community understands through recent events that cyber threats continue to increase. And a positive feature for us is our ability to surge resources across the complex to make our response faster, bolder, and more robust.”
A player describing himself only as “a DOE detailee” pointed out that “we’re all under attack, and now we can help each other. We’ve got a lot of smart people here, and when it comes to cyber, the government’s light years ahead of much of the industry, for good reasons. Asking the tough questions makes you think. This is why you train on real attacks and valid scenarios. It’s our chance fill the voids.”
Harper noted that the past years’ work has been to improve the Laboratory’s posture and, to a degree, misperceptions about LANL’s capabilities on these issues. Harper is chairing the National Laboratory CIO Council for 2012, in which chief information officers from across the complex are working with the federal employees to ensure that defense and response are agile and proactive, and that the focus is on agility, leveraged resources, and information sharing.
“Eventide was the way to maximize input to plans by cyber and IT leaders from DOE’s national laboratories and plants,” Harper said.
Photo caption: Dale Leschnitzer, Los Alamos National Laboratory, works through a cyber-security disaster scenario with computer specialists from across the country. Photo Los Alamos National Laboratory.
CyberSecurity.jpg
About Los Alamos National Laboratory (www.lanl.gov)
Los Alamos National Laboratory, a multidisciplinary research institution engaged in strategic science on behalf of national security, is operated by Los Alamos National Security, LLC, a team composed of Bechtel National, the University of California, The Babcock & Wilcox Company, and URS for the Department of Energy’s National Nuclear Security Administration.
Los Alamos enhances national security by ensuring the safety and reliability of the U.S. nuclear stockpile, developing technologies to reduce threats from weapons of mass destruction, and solving problems related to energy, environment, infrastructure, health, and global security concerns.
Subscribe to:
Posts (Atom)