Sunday, December 4, 2011

Cyber Practice


There still is hope for effective cyber defenses for the U.S. against foreign nations. The U.S. Cyber Command, the military department in charge of U.S. cyber-warfare activities, just recently preformed a mock exercise of an attack on Department of Defense (DOD) networks.  The U.S. Cyber Command was set up in September by the Obama administration to protect DOD from cyber attacks after significant data showing reoccurring attacks from foreign nations such as China.

The mission “Cyber Flag” involved 300 participants who had to perform defense skills and cyber tactics in a virtual environment.  They were split up in two groups so that each could practice offensive and defensive tactics. Wright-Patterson, the author of an article online calls Cyber Flag “a realistic training environment for the future.”  Now that there is a common believe that warfare will move from the physical to the virtual world, the military has adopted the Red Flag exercise – a mock exercise of air threats - to Cyber Flag. The exercise uses a combined air operations center that has an intranet to coordinate multiples computers. Through the network the military needs access to the outside world through internet connections and Global Information Grid. Even though it is much easier to penetrate foreign networks and manipulate data, there needs to efforts put into identifying an invasion. Though the exercise is nowhere near perfect since it is hard to visualize the full realm of the cyberspace, the military is making effective progress in at least preparing for attacks.

Source:
Elizabeth Montalbano, “U.S. Cyber Command Practices Defense In Mock Attack.” Nov. 30, 2011. Information Week.  http://informationweek.com/news/government/security/232200508.



Monday, November 28, 2011

What Will Happen To The Individual?

So far, my blogs have manly concerned international cyber threats; however, nationally citizens all over the world should also be worried about government or private attacks on personal networks and data. This problem is already occurring openly in the Middle East and North Africa. During the recent uprisings, pro-government groups used cyber tactics, such as disabling pages, creating alternative pages, and spamming pages etc. to repress any opposition.  A detailed account of this, especially in Syria, is given by Helmi Noman, a senior researcher at the Citizen Lab who is working on the OpenNet Initiative,  in his blog  post “The Emergence of Open and Organized Pro-Government Cyber Attacks in the Middle East.”

He focuses primarily on the public Internet Army of Syria that is based on national networks and has threatened all national enemies with cyber attacks.  Interestingly enough, the Syrian Electronic Army was launched by a group of young people who decided to retaliate against hostile anti-government adversaries by launching electronic attacks. It first emerged on Facebook in April 2011 in response to the citizen’s anti-government protests. The group was responsible for attacking over 50 websites and temporarily blocked them with pro-government propaganda. They also attacked and overtook many Western websites. Here is an example of a compromised page:

 


Even though one could say that these attacks were rather disruptive than severely dangerous, they have worrisome implications for the future.First off, these incidences show a future potential of more organized invasions by governments and groups on citizens. This could then lead to citizens to be disconnected from news, international relations, and truths. Even though it seems far fetched that there could be a transformation of society as extreme as that seen in "1984" and other futurist books and movies, cyber invasions and electronic capabilities will allow for a lot more control by those who know how to manipulate it. This discussion comes back to the question of how much privacy and freedom the individual should have the internet. And if one believes a lot, then how should this be protected? If it is easy enough for individual groups who have less research and funding to create large-scale electronic invasions, then what could this mean for a government organized invasion?  Should citizens be worried about what they put on the internet since it can be accessed, manipulated and stolen?   

Source:
Helmi Noman, "The Emergence of Open and Organized Pro-Government Cyber Attacks in the Middle East: The Case of Syrian Electronic Army." Infowar Monitor - Tracking Cyberpower. http://www.infowar-monitor.net/2011/05/7349/


Sunday, November 13, 2011

U.S.'Achilles Heel

A former U.S. cyber security official and experts claimed a couple of days ago that U.S.' networks are extremely vulnerable to cyber invasions and that the government should prevent war with foreign nation at any cost. Their assessment confirmed the U.S.' lag in cyber security. Even though we know about multiple cyber attacks from China and Russia as I mentioned in my previous post, there is nothing we can really do about it. A lot of people definitely want to retaliate to these hacks or at least make clear that the U.S. will not tolerate such espionage because other wise these cyber invasions will just continue and the U.S. will keep losing valuable economic information. The problem is that we are not protected if we want to make clear retaliations. In the Associated Press article "Cyber Weaknesses should Deter US From Waging War" by Lolita Baldor, she claims that the US "might be able to blow up a nuclear plant somewhere, or a terrorist training center somewhere, but a number of countries could strike back with a cyberattack and 'the entire us economic system could be crashed in retaliation ... because we can't defend it today.'" This is extremely disheartening to hear about a country that has in past been feared by many other countries. Now, we have to be afraid of countries such as China, North Korea, Iran and Russia from destroying infrastructure, systems etc. These experts are encouraging the government to step in to increase research into finding bugs and malware and create effective defenses. Obviously, the private sector isn't doing a good enough job at protecting their networks and information. Nevertheless, government involvement is controversial. But if the government is forced to deter waging war, shouldn't it do everything in its power to fix such deficiencies?

Lolita Baldor, "Cyber Weaknesses should Deter US From Waging War," Associated Press. http://www.google.com/hostednews/ap/article/ALeqM5j4_DOFqydEloIgIjsjVNUrMWhp7Q?docId=7ed0e8c366e84d4cb693a883122da1a1

Sunday, November 6, 2011

Playing Defense?


The U.S. has finally publically called out some of perpetrators of on-going cyber espionage. The Office of the National Counterintelligence Executive released a report that aggressive cyber espionage has been issuing heavily from Russia and China. According to an article on PCWorld, the two countries have be targeting areas of manufacturing, defense, and research.  There is the possibility that they are stealing technology data to enhance their economies as stated in the article in the Washington Post.

My previous posts that questioned the accuracy of blaming China have been validated by the report’s statement that "Chinese actors are the world's most active and persistent perpetrators of economic espionage" (Kirk). Nonetheless, China still denies the allegations, claiming that it is also been a victim of on-going hacking itself. It is unclear which cyber attacks or how many are specifically government-sponsored but there are definite traces of hacks coming from the country. This report finally urges the U.S. and the corporate world to take the threat of cyber attacks and competition seriously and come up with a solution to the on-going problem.   

Since the U.S. government stated that cyber attacks should now be taken as acts of war, it will be interesting to see how the U.S. will react to this new information in the long run. Perhaps, cyber espionage will be held less aggressive than a cyber attack which would result in actual data or processes being tampered with.  Definitions for these hostile actions will need to be solidified so that the government can actually come up with a most advantageous response. Presently, the Obama administration is urging individuals, corporations, and businesses to better protect their data with the use of encryptions, authentications, and frequent monitoring. U.S. officials are urging research to increase in cyber defense.

Cyber espionage is constantly getting more easy and advantageous, since more information is being held on smartphones and laptops than ever before. Without much effort or resources, intruders from anywhere in the world can hack into different networks or files without immediate detection. Since information is now held in electronic files, one hack can provide an enormous amount of information. This provides a huge threat to the U.S. and its status in the world economy. Some may find the US government’s responses to the proof of Chinese and Russian cyber espionage as weak; however, it would be unwise for the government to confess that it will retaliate with similar tactics in cyber space. This would go against the previous voice of decent to any cyber attacks. Even though it appears we are simply taking a defensive stance, the question is: are we really?  
  
Kirk, Jeremy. “US Report Warns of Russia, China Cyber Spying.” PC World. Nov. 3, 2011. http://www.pcworld.com/businesscenter/article/243102/us_report_warns_of_russia_china_cyber_spying.html

“U.S. Report Accuses China, Russia of Cyber-Espionage to Help Build their own Economies.” Associated Press. The Washington Post. Nov. 3, 2011. http://www.pcworld.com/businesscenter/article/243102/us_report_warns_of_russia_china_cyber_spying.html.