| |
Current Topic: Military Technology |
|
Topic: Military Technology |
1:08 pm EST, Feb 15, 2010 |
James Fallows: Retired Admiral Mike McConnell argues that we now suffer from a conspiracy of secrecy about the scale of cyber risks. No credit-card company wants to admit how often or how easily it is cheated. No bank or investment house wants to admit how close it has come to being electronically robbed. As a result, the changes in law, regulation, concept, or habit that could make online life safer don't get discussed. Sooner or later, the cyber equivalent of 9/11 will occur -- and, if the real 9/11 is a model, we will understandably, but destructively, overreact.
Tom Cross via Andy Greenberg: Internet-related companies need to be more transparent about their lawful intercept procedures or risk exposing all of their users. There are a lot of other technology companies out there that haven't published their architecture, so they can't be audited. We can't be sure of their security as a result.
Rattle: Paranoia about the conspiracy is always justified. It's just usually misplaced.
Rebecca Brock: She tells me she's ready. She may be small, she says, but she's mean. She outlines her plans for fending off terrorists. She says, "I kind of hope something happens, you know?" She wears an American flag pin on the lapel of her blazer. She sits on the jump seat, waiting for her life to change.
Decius: Wow, life is boring.
Cyber Warriors |
|
Technology, Policy, Law, and Ethics Regarding US Acquisition and Use of Cyberattack Capabilities |
|
|
Topic: Military Technology |
7:33 am EDT, Apr 30, 2009 |
Herb Lin, Bill Owens, and Ken Dam at the NRC have a new book. The US armed forces, among other intelligence agencies, are increasingly dependent on information and information technology for both civilian and military purposes. Although there is ample literature written on the potential impact of an offensive or defensive cyberattack on societal infrastructure, little has been written about the use of cyberattack as a national policy tool. This book focuses on the potential for the use of such attacks by the United States and its policy implications. Since the primary resource required for a cyberattack is technical expertise, these attacks can be implemented by terrorists, criminals, individuals and corporate actors. Cyberattacks can be used by U.S. adversaries against particular sectors of the U.S. economy and critical national infrastructure that depend on computer systems and networks. Conversely, they can be used by the U.S. intelligence community with adequate organizational structure and appropriate oversight. Focusing on the use of cyberattack as an instrument of U.S. national policy, Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities explores the important characteristics of cyberattacks and why they are relatively ideal for covert action. Experts argue that the United States should establish a national policy for launching cyberattacks, whether for purposes of exploitation, offense or defense for all sectors of government. This book will be of special interest to the Department of Defense, the Department of Homeland Security, law enforcement, and the greater intelligence community.
See also: The cyber domain is undergoing extraordinary changes that present both exceptional opportunities to and major challenges arising from malevolent actors who use cyberspace and the many security vulnerabilities that plague this sphere. Exploiting opportunities and overcoming challenges will require a balanced body of knowledge. Cyberpower and National Security assembles a group of experts, discusses pertinent issues, and identifies the important questions involved in building the human capacity to address cyber issues, balancing civil liberties with national security considerations, and developing the international partnerships needed to address cyber challenges. With more than two dozen contributors, this book covers it all.
Take note: The National Security Agency announced that West Point cadets successfully defended their title to win their third straight Cyber Defense Exercise. An extremely fit woman of indeterminate Los Angeles age pulled her Mercedes up to the curb on Adelaide Drive, popped open her trunk, pulled out a five-pound weight and began lifting.
Know your enemy: For years, the US intelligence community worried that China’s government was attacking our cyber-infrastructure. Now one man has discovered it’s worse: It's hundreds of thousands of everyday civilians. And they’ve only just begun.
Be advised: Russia retains the right to use nuclear weapons first against the means and forces of information warfare, and then against the aggressor state itself.
Technology, Policy, Law, and Ethics Regarding US Acquisition and Use of Cyberattack Capabilities |
|
The snooping dragon: social-malware surveillance of the Tibetan movement |
|
|
Topic: Military Technology |
7:42 am EDT, Mar 30, 2009 |
A new report from Ross Anderson: In this note we document a case of malware-based electronic surveillance of a political organisation by the agents of a nation state. While malware attacks are not new, two aspects of this case make it worth serious study. First, it was a targeted surveillance attack designed to collect actionable intelligence for use by the police and security services of a repressive state, with potentially fatal consequences for those exposed. Second, the modus operandi combined social phishing with high- grade malware. This combination of well-written malware with well-designed email lures, which we call social malware, is devastatingly effective. Few organisations outside the defence and intelligence sector could withstand such an attack, and al- though this particular case involved the agents of a ma jor power, the attack could in fact have been mounted by a capable motivated individual. This report is therefore of importance not just to companies who may attract the attention of government agencies, but to all organisations. As social-malware attacks spread, they are bound to target people such as accounts-payable and payroll staff who use computers to make payments. Prevention will be hard. The traditional defence against social malware in government agencies involves expensive and intrusive measures that range from mandatory access controls to tiresome operational security procedures. These will not be sustainable in the economy as a whole. Evolving practical low-cost defences against social-malware attacks will be a real challenge.
Acidus, from last year: The first rule of Confidential Document Fight Club is you cannot acknowledge the existence of Confidential Document Fight Club.
The snooping dragon: social-malware surveillance of the Tibetan movement |
|
Tracking GhostNet: Investigating a Cyber Espionage Network |
|
|
Topic: Military Technology |
7:42 am EDT, Mar 30, 2009 |
Cyber espionage is an issue whose time has come. In this second report from the Information Warfare Monitor, we lay out the findings of a 10-month investigation of alleged Chinese cyber spying against Tibetan institutions. "GhostNet" is a cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs. This report serves as a wake-up call. At the very least, a large percentage of high-value targets compromised by this network demonstrate the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spynet. These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly.
The report is also available on Scribd. From John Markoff's coverage: The malware is remarkable both for its sweep — in computer jargon, it has not been merely “phishing” for random consumers’ information, but “whaling” for particular important targets — and for its Big Brother-style capacities. "It’s a murky realm that we’re lifting the lid on."
Acidus, from last year: The first rule of Confidential Document Fight Club is you cannot acknowledge the existence of Confidential Document Fight Club.
Tracking GhostNet: Investigating a Cyber Espionage Network |
|
Dearth of technical experts leaves US open to cyber attack |
|
|
Topic: Military Technology |
7:59 am EDT, Mar 25, 2009 |
The United States isn't producing enough engineers and technicians to combat the growing threat to government and business computer networks, a panel of security experts said yesterday. "We are not portraying an image that this is an exciting career path," said Eugene Spafford. "There are less than 100 people who truly know and understand control systems cyber security," said Joseph Weiss, managing partner of Applied Control Solutions.
Pointy-Haired Boss: "I need to be managing a sexier project to boost my career."
Dearth of technical experts leaves US open to cyber attack |
|
Topic: Military Technology |
8:06 am EDT, Mar 16, 2009 |
Another front beckons. Mexican drug traffickers have escalated their arms race, acquiring military-grade weapons, including hand grenades, grenade launchers, armor-piercing munitions and antitank rockets with firepower far beyond the assault rifles and pistols that have dominated their arsenals. The proliferation of heavier armaments points to a menacing new stage in the Mexican government's 2-year-old war against drug organizations, which are evolving into a more militarized force prepared to take on Mexican army troops, deployed by the thousands, as well as to attack each other. At least one grenade attack north of the border, at a Texas nightclub frequented by US police officers, has been tied to Mexican traffickers. "At this stage, the drug cartels are using basic infantry weaponry to counter government forces," a US government official in Mexico said. "Encountering criminals with this kind of weaponry is a horse of a different color," the official said. "It's not your typical patrol stop, where someone pulls a gun. This has all the makings of an infantry squad, or guerrilla fighting."
This Means War |
|
A Struggle Over US Cybersecurity |
|
|
Topic: Military Technology |
7:56 am EDT, Mar 10, 2009 |
The resignation of the federal government's cybersecurity coordinator highlights a power struggle underway over how best to defend the government's civilian computer networks against digital attacks. Rod A. Beckstrom resigned the post Friday after less than a year on the job, citing a lack of funding and the National Security Agency's tightening grip on government cybersecurity matters. "He brought a completely different perspective, which in one way could have been his undoing," said a senior member of the intelligence community.
From last year's best-of: Someone needed to bring it, so I brought it.
From the archive, a personal favorite: The evidence suggests that from an executive perspective, the most desirable employees may no longer necessarily be those with proven ability and judgment, but those who can be counted on to follow orders and be good "team players."
From the documentation: MemeStreams has a reputation system, which takes your perspective into account.
From Decius, in 2007: It is our failure to avoid embracing fear and sensationalism that will be our undoing. We're still our own greatest threat.
Always the classic: Is more what we really need?
A Struggle Over US Cybersecurity |
|
Iridium 33 and Cosmos 2251 Satellite Collision |
|
|
Topic: Military Technology |
7:32 am EST, Feb 27, 2009 |
On February 10 at approximately 1656 GMT, the Iridium 33 and Cosmos 2251 communications satellites collided over northern Siberia. The impact between the Iridium Satellite LLC-owned satellite and the 16-year-old satellite launched by the Russian government occurred at a closing speed of well over 15,000 mph at approximately 490 miles above the face of the Earth. The low-earth orbit (LEO) location of the collision contains many other active satellites that could be at risk from the resulting orbital debris. The following videos, interactive 3D Viewer files, 3D models, and high-resolution images are available to better understand this event.
See also: ... POSSIBLE SATELLITE DEBRIS FALLING ACROSS THE REGION...
Iridium 33 and Cosmos 2251 Satellite Collision |
|
Making the most of information sharing |
|
|
Topic: Military Technology |
7:46 am EDT, Aug 29, 2008 |
Dale Meyerrose, associate director of national intelligence: To fully realize the value of information sharing — our principal component as we transform to provide better support for our nation’s protection — we must transition from net-centricity to data-centricity. Giving attention to data and metadata management strategies and ensuring alignment with the applications-development uses of metadata can provide benefits and continue to drive the intelligence community toward realizing the full value of information sharing.
Making the most of information sharing |
|