The many cybersecurity challenges facing the U.S. include one of which many Americans are unaware—the serious threat posed by vulnerabilities in the cyber supply chain. Of the many components—including hardware, firmware, and software—that compose a technological product, most contain elements stemming from a broad global market, making it difficult to ascertain the complete security of an end product. With the market for technological goods and components continuing to grow every year, and with everything from missiles to smartphones relying on these products, the need for cyber supply chain security has never been more important. It is essential that enhancing the security of the United States’ technological supply chain not destroy the well-functioning international market for technology. Instead of the two extremes of intrusive government mandates or doing nothing, the U.S. government should promote development of a private-sector system for securing and accrediting technology companies that would allow customers—from the federal government to small businesses—to make more informed and risk-based decisions.
President Obama’s fiscal year 2015 budget outlines a set of priorities – a wish list – of programs the administration hopes to pursue, including a federal cyber campus where civilian agencies can collaborate on cyber-incident response.
Collaboration is among the major cybersecurity themes in Obama’s proposed budget for fiscal year 2015, which begins Oct. 1.
“Cyberthreats are constantly evolving and require coordinated, comprehensive and resilient plan for protection and response,” according to the 212-page budget document issued March 4. “The budget identifies and promotes cross-agency cybersecurity indicatives and priorities, including improving cybersecurity information sharing while protecting privacy, civil liberties and enhancing state and local capacity to respond to cyber-incidents.”
The General Services Administration is seeking $35 million as part of President Barack Obama’s proposed 2015 budget to establish a civilian cybersecurity center in the D.C. metro area that would enable more collaboration between various federal agencies.
GSA Administrator Dan Tangherlini told reporters Tuesday that the idea is to bring experts from federal agencies — such as the Department of Homeland Security and Department of Justice — together in shared space instead of being spread over multiple D.C.-area buildings. Tangherlini says the government is “spending substantial amounts of resources” on rent and that the initiative could shift agencies from around 600,000 square feet of leased space to a new, federally-owned building.
In one of his final Capitol Hill appearances, Gen. Keith Alexander, the National Security Agency’s director, called Thursday for a stronger strategy to deter cyberattacks, saying the line that would prompt a U.S. response against an adversary “does not yet exist.”
Alexander, who retires next month after nearly 40 years in the Army and almost nine at the helm of the NSA, said his greatest concern was a terrorist attack against the United States or Europe.
Gen. Keith B. Alexander, the director of the National Security Agency, said Tuesday that the leaks by the former agency contractor Edward J. Snowden had slowed the effort to protect the country against cyberattacks on Wall Street and other civilian targets.
General Alexander was speaking at a conference at Georgetown University in one of his last public speeches before he leaves the agency this spring. He predicted that the disclosure of information relating to government surveillance programs would force Congress to act on changes to the rules governing the bulk collection of telephone records before it tries again to pass legislation that would mandate the way private companies protect against cyberintrusions, and delineate what information they share about attacks with the government.
U.S. utilities would benefit from an independent group to set industry-wide guidelines on combating cyber threats, according to a think-tank report released on Friday that was co-authored by a former director of the Central Intelligence Agency.
The report, from the Bipartisan Policy Center, said a new independent organization could bring together the disparate interests in the sector to help manage cybersecurity for the nation’s electric grid, and help to deal with threats such as new malware that could be targeted at plants’ information technology systems.
“We don’t have one group looking at this holistically to see what the answers are,” said Curt Hebert, a co-author of the report who is a former chairman of the Federal Energy Regulatory Commission, the agency which oversees aspects of the nation’s electric grid.
Sears Holdings Corp said Friday it has launched an investigation to determine whether it was the victim of a security breach, following Target Corp’s revelation at the end of last year that it had suffered an unprecedented cyber attack.
“There have been rumors and reports throughout the retail industry of security incidents at various retailers and we are actively reviewing our systems to determine if we have been a victim of a breach,” Sears spokesman Howard Riefs said in a statement on Friday.
Electronic spying tools used by the U.S. government could end up in the hands of organized criminals and hackers, further eroding Internet security, warned industry leaders who called for new restrictions and oversight of government activity.
“It is a big worry” that the methods will spread, said Andrew France, former deputy director of the UK’s NSA equivalent, GCHQ, and now chief executive of security startup Darktrace.
The government habit of purchasing information about undisclosed holes in software is also “really troublesome,” said former White House cyber security advisor Howard Schmidt. “There’s collateral damage.”
Crashing websites and overwhelming data centers, a new generation of cyber attacks is costing millions and straining the structure of the Internet.
While some attackers are diehard activists, criminal gangs or nation states looking for a covert way to hit enemies, others are just teenage hackers looking for kicks.
Distributed Denial of Service (DDoS) attacks have always been among the most common on the Internet, using hijacked and virus-infected computers to target websites until they can no longer cope with the scale of data requested, but recent weeks have seen a string of particularly serious attacks.
This year marks an important but likely overlooked anniversary – 100 years since the death of Alfred Thayer Mahan. A notable military officer and scholar, Mahan revolutionized military strategy and security policy with his 1890 book The Influence of Sea Power Upon History. Supporting vigorous engagement in the international community, he argued that states could best build and maintain strength through powerful navies, which open foreign markets and deter foreign aggressors.
Though based on historical example, his message was particularly prescient for the 20th century, in which the great naval armadas of two world wars moved men and materiel in unprecedented quantities to the far reaches of the earth. One could hardly dispute that naval strength remains relevant today. Aircraft carrier groups, for example, are a critical tool of power projection, and essential sea lines of communication and trade rely on naval protection.
Russia’s offensive military actions in Crimea and its threats to the rest of Ukraine are raising concerns about how the conflict could play out in cyberspace.
On March 4, at a news briefing, the head of Ukraine’s security service said the country’s telecommunications system had been attacked, with equipment installed in Russian-controlled Crimea used to impede the mobile phones of members of parliament, according to Reuters.
Paul Rosenzweig, a former Department of Homeland Security deputy assistant secretary for policy, has identified three other cyber-related actions that have occurred in the past few days in the budding conflict: the degrading of telecommunication links to Crimea; Russian social networks blocking links to sites and pages with pro-Ukrainian messages; and Russia Today – the pro-Kremlin, English-language website – briefly being hacked with the word “Nazi” prominently inserted into headlines describing Russian actions.
Businesses in the Middle East are facing a growing risk of cyber-attacks, says an annual security report released on Monday.
Total global threats have reached their highest recorded level, increasing 14 per cent from 2012 to last year, according to the Cisco 2014 Annual Security Report.
A sample of 30 of the world’s largest Fortune 500 companies generated visitor traffic to websites that host malware, with a sharp rise in malware attacks on the Middle East’s oil and gas sector.
The Russian forces occupying Crimea are jamming cell phones and severing Internet connections between the peninsula and the rest of Ukraine. Moscow hasn’t succeeded in imposing an information blackout, but the attacks could be sign that Russia is looking to escalate its military operations against the new government in Kiev without firing a shot.
Russia has a history of launching cyber attacks on its neighbors with the aim of disrupting the countries’ ability to communicate to their citizens and with the outside world. One attack in 2008, during Russia’s war with Georgia, accompanied a ground-based military assault and was intended to disrupt government and media communications.
Ukraine and its friends in the United States, NATO, and European Union need to prepare now for a probably inevitable (but just possibly preventable) cyber conflict with Russian-backed proxies.
Russian government behavior is clear when its perceived interests in its “near abroad” are at risk. The trend started most obviously in 1999 when the Kremlin turned a blind eye to groups like the Russian Hacker Brigade that attacked networks of NATO and member nations in response to Operation Allied Force bombing attacks against Serbia (a fellow Slavic country friendly to Russia). These attacks disrupted NATO web servers and other services but had little overall effect on the alliance or its operations. Similarly, later attacks by Russian nationalists, such as those against Latvia or Lithuania, were largely inconsequential, at least at the strategic level.
The Syrian Electronic Army takes to Twitter to threaten an attack on U.S. Central Command if the United States conducts cyberwarfare operations against Syria.
The shadowy hactivist group that supports the regime of Syrian President Bashar al-Assad warned on Friday that the strike would reveal “the U.S. command structure was a house of cards from the start.”
During an official meeting on security, Mr Xi called for a “master strategy… and innovative development” while stressing the strategic importance of “internet security and informatisation” as it concerned the security and development of a nation, the People’s Daily reports.
The term informatisation refers to the extent of information a society gets.
China is the world’s largest internet market with about 618 million internet users and cyber-security has become a matter of prime concern after the country was hit by a large-scale attack in January