Infinite Unknown

The U.S. government has quietly gone ahead and formed several special security organizations for policing the internet.

Because there is such a (trained, not to mention talented) manpower shortage right now (and in the foreseeable future), this was done on the cheap. An effective force could not be recruited, even if everyone agreed to accept government pay levels, because of the huge expense.

One solution that was suggested even before September 11, 2001, and eventually caught on, was to organize and reward the pro bono cybersecurity efforts that have been going on for some time. A lot of talented whitehats just get pissed off and go after bad guys on their own nickel.

An example is HoneyNet (the pro bono network of honeypots set up to attract, analyze and document backhat activities and techniques). One suggestion that did not fly was setting up a “CyberCorps” as a separate corporation, with a few really good people to run it, and enough budget to pay market rate for the right people, and still have a close working relationship with government agencies and commercial firms that spend a lot on net security (banks and brokerages, for example.)

Instead, a “Cyber Corps” program was set up to give tuition assistance to college students studying computer security, in order to increase the number of qualified experts in this area. Meanwhile, the Department of Homeland Security established working relationships with existing computer security groups, while the Department of Defense encouraged the services to set up computer security operations. The air force established the Cyber Command, a major operation that, it is hoped, will give the air force the lead (and most of the budget) for defense related Internet security operations. Continue reading »

Tags: Air Force, Cyber Attack, cyberterrorism, Department of Defense, Government, Homeland Security, Internet, U.S.

Chinese hackers pose a clear and present danger to U.S. government and private-sector computer networks and may be responsible for two major U.S. power blackouts.

Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.

One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.

Officially, the blackout was attributed to a variety of factors, none of which involved foreign intervention. Investigators blamed “overgrown trees” that came into contact with strained high-voltage lines near facilities in Ohio owned by FirstEnergy Corp. More than 100 power plants were shut down during the cascading failure. A computer virus, then in wide circulation, disrupted the communications lines that utility companies use to manage the power grid, and this exacerbated the problem. The blackout prompted President Bush to address the nation the day it happened. Power was mostly restored within 24 hours.

There has never been an official U.S. government assertion of Chinese involvement in the outage, but intelligence and other government officials contacted for this story did not explicitly rule out a Chinese role. One security analyst in the private sector with close ties to the intelligence community said that some senior intelligence officials believe that China played a role in the 2003 blackout that is still not fully understood. Continue reading »

Tags: China, Cyber Attack, cyberwar, George Bush, U.S.

The government’s new cyber-security “Manhattan Project” is so secretive that a key Senate oversight panel has been reduced to writing a letter to beg for answers to the most basic questions, such as what’s going on, what’s the point and what about privacy laws.

The Senate Homeland Security committee wants to know, for example, what is the goal of Homeland Security’s new National Cyber Security Center. They also want to know why it is that in March, DHS announced that Silicon Valley evangelist and security novice Rod Beckstrom would direct the center, when up to that point DHS said the mere existence of the center was classified.

Those are just two sub-questions out of a list of 17 multi-part questions centrist Sens. Joe Lieberman (I-Connecticut) and Susan Collins (R-Maine) sent to DHS in a letter Friday.

In fact, although the two say they asked for a briefing five months ago on what the center does, DHS has yet to explain its latest acronym.