The Growing Cyber Threat: Is Anyone Truly Safe?

Mike O'Brien
Posted: 06/03/2013

When Defense Secretary Chuck Hagel spoke with troops in Hawaii last Thursday he chose to address the growing cyber security problem.

He may have been standing in a hangar with an F-22 Raptor fighter jet behind him at Joint Base Pearl Harbor-Hickam, but it was the most modern form of "untraceable" warfare that was the focus of attention.

Speaking to 200 service members, representing the Army, Navy, Air Force, Marines, National Guard and Coast Guard, Mr. Hagel said cyber is "one of the very few items" slated to receive more money in the current budget request now before Congress.

He said: "Cyber warfare capabilities: we are increasing that part of the budget significantly.

"Cyber is one of those quiet, deadly, insidious unknowns you can’t see. It’s in the ether -- it’s not one big navy sailing into a port, or one big army crossing a border, or squadrons of fighter planes. This is a very difficult, but real and dangerous, threat. There is no higher priority for our country than this issue."

Referring to the assistance provided by allied contributions, he said: "We live in a world -- and you all know this -- where one country’s just not big enough, or wealthy enough, to handle it all. Can’t do it -- especially cyber."

He added that interconnected cyber efforts across the U.S. government will also increase.

U.S law enforcement agencies, the National Security Agency, U.S. Cyber Command and the Department of Homeland Security are all working together on the issue, he added.

The growing cyber threat affects all levels of society, from individuals having their online bank account hacked, to transnational crime organizations disabling economies across the globe.

The latest developments in security will be discussed at IDGA’s Cyber Security for Government summit in August.

Paul de Souza is the Founder/President of CSFI (Cyber Security Forum Initiative)and its divisions CSFI-CWD (Cyber Warfare Division) and CSFI-LPD (Law and Policy Division) and has consulted for several governments, military organizations and private institutions on best network security practices.

He told IDGA.org: "Cyberspace is segmented into five operational domains: Persona, device, logical, physical, and geographic. To truly engage in cyber operations is to aggressively control cyber behavior in and through these five domains.

"Such advanced capabilities are desperately sought after by nation and non-nation states alike as a way to overpower the adversary with minimal financial costs.

"This represents the classic David and Goliath approach applied in our modern days. The bigger you are, the harder you fall.

"Cyber touches everything and everyone, and its compromise can range from being as silly as an unwanted pop-up screen to as serious as uncontrollable nuclear centrifuges spinning out of control at a nuclear facility in the Far East. Cyber operations have become the number one weapon of choice for many countries."

Attack, at certain times, can be the best form of defense and after three years of intense internal debate, the chairman of the Joint Chiefs is close to approving new rules empowering commanders to counter direct cyber attacks with offensive efforts of their own — without White House approval.

Once signed, the new cyber rules contained in the U.S. military’s standing rules of engagement (SROE) — the classified legal document that outlines when, how and with what tools America will respond to an attack — will mark a far more aggressive stance than envisioned when the process started in 2010.

At the moment, any cyber action requires the approval of the National Security Council (NSC).

The new rules were supposed to have been implemented in late 2010, but were delayed while government lawyers debated how aggressively the U.S. should respond to cyber attacks and what tools commanders could use.

IDGA.org last week revealed that designs for many of the nation’s most sensitive advanced weapons systems have been compromised by Chinese hackers.

Among more than two dozen major weapons systems whose designs were breached were programs critical to U.S. missile defenses and combat aircraft and ships, according to a Defense Science Board.

Experts warn that the electronic intrusions gave China access to advanced technology that could accelerate the development of its weapons systems and weaken the U.S. military advantage in a future conflict.

The significance and extent of the targets help explain why the Obama administration has escalated its warnings to the Chinese government to stop what Washington sees as rampant cyber ­theft.

Last month it was also revealed in a report by Congressmen Ed Markey and Henry Waxman that the electric power grid in the United States is highly vulnerable to cyber attacks.

According to the study, "more than a dozen utilities" reported that deliberate cyber attacks have occurred daily, with one utility reporting 10,000 attacks each month.

The authors concluded that that most utilities have not responded adequately to voluntary standards for cyber security to prevent such attacks, leaving them unprepared and susceptible.

But while many U.S. sectors have been accused of dragging their heels in the cyber space, it would also appear that the U.S. response is catching up fast.

Bill Kleyman, a cloud and virtualization architect at MTM Technologies, a Stamford, CT based consulting firm, told IDGA.org how the cyber security experts at the government's Los Alamos National Labs have been attempting to create a perfectly secure Internet and communications environment through the use of Quantum Internet.

He said: "The basic idea here is that the act of measuring a quantum object, such as a photon, always changes it. So any attempt to eavesdrop on a quantum message cannot fail to leave telltale signs of snooping that the receiver can detect.

"That allows anybody to send a ‘one-time pad’ over a quantum network which can then be used for secure communication using conventional classical communication."

So is this the future for cyber security? He said: "Quantum Internet and cryptography solutions will, without a doubt, create new types of fast and secure systems over which we can communicate and share information.

"However, just like with any other technology – the planning, design and implementation part of the project can mean the difference between a truly secure system, and one with holes in it."

IDGA’s Cyber Security for Government event takes place in the Washing DC Metro area from August 12-14. Full details are available at www.CyberSecurityEvent.com

Mike O'Brien
Posted: 06/03/2013