Print 35 comment(s) - last by mars777.. on Dec 24 at 6:03 PM

While foreign nations such as China are amassing legions of trained cyber combatants, recent war games have shown the U.S. woefully underprepared to defend itself against and retaliate in reponse to cyber attacks. Such attacks could soften U.S. defenses or merely yield a steady stream of leaked technical information.
The U.S. is alarmingly vulnerable to foreign cyber assaults, but will local governments spend the billions needed to shore up defenses

One of the most difficult challenges facing the U.S. government today is the constant threat of cyber attacks from tech savvy rivals such as China.  Freelance cyber "guns for hire" foreign nations can steal information, undermine the national economy, and spy on our nation's military readiness with little fear of retaliation.  While the armed forces and U.S. intelligence agencies have invested large amounts of money in preventing such breaches, a recent war game highlighted just how soft the U.S. is when it comes to cyber defense.

Last Thursday wrapped up a two-day war game testing our nation's cyber security readiness against hostile threats.  The exercise, perhaps the largest and most ambitious yet, was carried out by 230 representatives of government defense and security agencies, private companies and civil groups.  The conclusion -- the U.S. is unprepared to defend itself against cyber attackers.

The war game highlighted numerous problems
including flaws in leadership, planning, communications and other issues, according to the testers.  Experts note some improvements since a year ago when President George W. Bush instituted a broad new cybersecurity initiative.  However, they say that the defenses are still far from adequate.  Senior vice president Mark Gerencser of the Booz Allen Hamilton consulting service who hosted the games states, "There isn't a response or a game plan.  There isn't really anybody in charge."

Democratic U.S. Rep. James Langevin of Rhode Island, chair of the Homeland Security subcommittee on cybersecurity, woefully concurred, "We're way behind where we need to be now.  This is equivalent in my mind to before Sept. 11 ... we were awakened to the threat on the morning after Sept. 11."

U.S. Rep. Dutch Ruppersberger of Maryland, the Democratic chairman of the Intelligence subcommittee on Technical Intelligence, says that billions must be poured into shoring up the cyber defenses which is currently full of holes.  Rep. Ruppersberger cites the recent cyber warfare campaign by Russian supporters in Estonia and Georgia as an example of how devastating foreign cyber assaults can be on an unprepared nation.

The war games were set in a very applicable scenario -- escalating attacks during a period of economic instability.  Participants had to try to work together to develop strategies to fight the attacks.  The test was perhaps the largest to date as it encompassed both the free market and the government sectors.

Homeland Security Secretary Michael Chertoff at the end of the exercise signed off warning participants that cyber attacks will be used in the future to soften nations in preparation for invasion.  They will also become a tool used by terrorists, he warns.  New international laws and military doctrines must be put in place, he believes, to prevent unchecked aggression and cyber arms races.  Uncertainty is a critical flaw without government's current defense plan, he believes.  He states, "We know that if someone shoots missiles at us, they're going to get a certain kind of response. What happens if it comes over the Internet?"

There is dissent, though on how to solve the problem.  Rep. Ruppersberger believes a "cybersecurity czar" is the best solution as it will give the president a direct line to the critical state of the nation's network defenses.  However, Chertoff and Gerencser do not currently support this idea.

Rep. Ruppersrberger did state optimism that the state of cyber security can change, and praised President-elect Barack Obama for making cybersecurity a major priority thus far.

However, there are many tricky issues that remain, such as the question of how to finance the massive government-sponsored security overhaul needed and how to answer public doubts.  While one-party regimes such as China, have found it easy to force such efforts on the public, here in the U.S. convincing the public that such initiatives are necessary and positive is a much taller order.  Many are uneasy with the expansion of government and decreased privacy rights that such initiatives would yield.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Can't prepare for everything
By cmdrdredd on 12/22/2008 5:47:31 PM , Rating: 3
You can never prepare for every type of attack and close every security hole. It's just not possible. There will always be some type of hacker or criminal who, wanting in badly enough, will get in no matter what it takes. It's like DRM on music, movies, and games. That doesn't ever stop people from pirating these and you'll never stop all kinds of cyber attacks. Sure it may seem alarming when reading the article but how likely is it in reality? If it was likely to happen, it would have already happened.

RE: Can't prepare for everything
By blowfish on 12/22/2008 6:17:25 PM , Rating: 3
in fact I'd say if the DHS is involved, they can't prepare for ANYTHING. They are simply incompetent.

By ryandmiller1 on 12/22/2008 7:37:30 PM , Rating: 3
Hah! Right, can't prepare for everything. That is a terrible mindset. Knowing you have a huge security vulnerability but leaving it open because you cant prepare for everything? Sure, you dont know about every security hole, but you can still do something about the ones you know that are open. I think that this is kind of a big deal and a huge hole. If we pissed Russia or China off or even if some private organization got pissed at us, this article demonstrated that our network infrastructure would be almost completely breached and they could take down whatever they want, and take any information they want. If that happens do you think that the appropriate response is "we couldn't prepare for everything?"

RE: Can't prepare for everything
By Kode on 12/22/2008 7:54:14 PM , Rating: 2
You indeed can never be prepared for any attack, but you can train to get better prepared. It revealed kind of a small chaos. So hopefully they will work it out a little so that there won't be such a chaos anymore. Leaderships and communication issues are quite important in such events. Let's hope it get's at least some attention so they can improve it.

By ryandmiller1 on 12/22/2008 8:03:38 PM , Rating: 2
I agree. Im not saying that we should go pour 50billion into a new branch or organization to facilitate all this... But someone needs to be put in charge of this and something needs to be set up to start to deal with it, and not just a single wing of the air force. Knowing about it and not acting is foolish.

RE: Can't prepare for everything
By majBUZZ on 12/22/2008 8:44:05 PM , Rating: 3
If it was likely to happen, it would have already happened.

Yeah like how the concept that a jet airliner could be used as a terror weapon on sky scrapers was floated around back in the 70's. But it had not happened already so why prepare and we all know how that worked out.

But to think oh wow what a lot of work its gonna be to fix this security infrastructure, so lets not even try is the mentality that has served this country oh so well hasn't it.

RE: Can't prepare for everything
By theapparition on 12/23/2008 10:04:54 AM , Rating: 3
Yeah like how the concept that a jet airliner could be used as a terror weapon on sky scrapers was floated around back in the 70's. But it had not happened already so why prepare and we all know how that worked out.

They did prepare for that. One of the WTC's original design goals was to withstand impact from a jet aircraft.

And in that respect, it was a great success. The impact caused almost no structural damage to the buildings. However, the designers failed to see that the impact would cause the main support insulation to be blown off, and the resultant heat from burning jet fuel caused the support members to yield.

Back to the original topic though, the WTC and skyscrapers in general were all designed to withstand the impact of aircraft.

RE: Can't prepare for everything
By mars777 on 12/24/2008 5:56:33 PM , Rating: 2
It was an explosion that blow the WTCs after the aircrafts miserably failed. It's just a matter of believing your studies or studies of other independent researchers.

Many other experts said that the airplane wings with the fuel were not close enough to the main structure to melt it while burning. The wings were teared apart in the impact and the fuel exploded instantly.

Moreover you can see a second explosion on the video when the second skyscraper was about to fall.

I won't speculate on what exploded but clearly it was not the melting of the metal structure.

RE: Can't prepare for everything
By eye smite on 12/22/2008 10:00:59 PM , Rating: 2
Oh I think it's likely to happen. We have more enemies abroad in the world now than we ever have for whatever pluthara of reason you want to cite. However, this supports a statement I've been saying since Bill Clinton took office going on 2 decades ago. There are no politicians that can save us from themselves.

That being said, you can count on months if not yrs of deliberation on what and what shouldn't be done til it's too late and they miss the boat on this too. lol

RE: Can't prepare for everything
By bodar on 12/22/2008 10:08:45 PM , Rating: 2
RE: Can't prepare for everything
By whirabomber on 12/23/2008 7:12:16 AM , Rating: 2
..but you can avoid doing stupid things like putting secure data networks onto the common internet infrastructure. If you don't want data stolen don't put it in an environment where it can be stolen, manipulated, or deleted. I've heard many tales (from the civilian world) where someone has a direct line into a secure server cluster because "it was cheaper to put the line in than pay for the system admin to drive in when the servers go down." I've heard many a horror stories about "the vice president of the company/manager/vip wanted to access the financial data from his house so we put a internect connection into the secure network for him." Even the best laid plans are foiled by stupidity.

Of course, the biggest security threat to any organization is the $40-60k/year guys who keep getting passed up for promotion, are greedy, or keep getting stepped on by upper management. Those guys are the one loading up thumb/CDs/DVDs full of data or plugging in wireless adapters for cash/blackmail photos. An estimated 80% of all data thefts are inside jobs.

The biggest defense against a good offense is education and paranoia - fire a couple "medium level" security violation folks loudly and drop rumors their un-named co-workers were the ones who told management.

RE: Can't prepare for everything
By crystal clear on 12/23/2008 8:02:36 AM , Rating: 2
Sure it may seem alarming when reading the article but how likely is it in reality?

There is a political agenda behind this not on D.T. behalf, rather certain groups in the USA who wish to use scare tactics to pressure the congress/senate/president to allocate new/additional funds to this cause.

If and when there is a cyber attack then this group will say- we told you so...

As for the funds/money heres the solution-

Cut 5 % or more of every departments budget & transfer it to this dept in charge of cyber security.

RE: Can't prepare for everything
By cmdrdredd on 12/23/2008 10:01:13 PM , Rating: 2
I think all of you don't understand a word of what I said. This article was written as an alarmist attitude toward cyber attacks. I simply stated that you can never prepare for everything. That's true from everything from car safety, to internet security. You can NEVER prepare for everything.

I never, not once said we should do nothing. Man you guys read just like the Ny Times, full of spin and BS.

The best defense is...
By Azsen on 12/22/2008 7:36:04 PM , Rating: 2

RE: The best defense is...
By JS on 12/22/2008 8:30:11 PM , Rating: 5
Yeah, and there's no shortage of offensive material on the internet! Just aim that donkey pr0n straight at them Chinese, they won't know what hit 'em.

And when they finally do, they will be terribly offended.

RE: The best defense is...
By OblivionMage on 12/24/2008 4:00:52 PM , Rating: 2
I believe it is,

"The best offense is a good defense"

Or something... anyways.

By excrucio on 12/22/2008 8:11:06 PM , Rating: 2
Isn't Obama more tech savvy than Dumbo Bush?

I heard somewhere that he will be spending more money in technology, as far as Fiber optic infrastructure (create jobs) and etc.

I believe the U.S will be alright in the next 8 years as far as cyber attacks. Shit just hire some professional hackers, instead of putting them in jail, put them behind a god damn 40in screen with a keyboard and some HOT POCKETS.

RE: Obama
By dubyadubya on 12/22/2008 9:50:11 PM , Rating: 3
Who knows what Obama will really do but I agree hiring the best hackers would be a step in the right direction. I'll buy the hotpockets!

RE: Obama
By Quiescent on 12/22/2008 10:11:43 PM , Rating: 2
I also agree. But they already look for people like this already. A lot of FBI agents attend the DEFCON meetings and usually are looking for people who would be a likely candidate for working for the FBI.

Didn't we learn this in 2007...
By Noya on 12/23/2008 7:19:31 AM , Rating: 5
...when "Live Free or Die Hard" was released?

By NicePants42 on 12/23/2008 10:01:05 AM , Rating: 2
Other things we learned from 'Live Free or Die Hard'

-If you are given a PC as payment for an illegal job, check the back for a box labelled 'C-4' prior to use.

-If you are trying to kill someone with a bomb and the bomb fails to detonate, do not send your team of assassins into the apartment where the bomb was to check things out.

-If you are flying a combat aircraft and need to destroy a truck, it is not a good idea to fire missiles at overpasses; fire at the truck instead.

-In the event that you fire missiles at overpasses, do not fly underneath those overpasses.

By Creig on 12/23/2008 8:24:31 AM , Rating: 4
Yeah, the Japanese thought the same thing back in 1941. And we all know how that turned out. The US has this way of looking slow and soft until we get poked with a sharp stick. Then we poke back, usually with a much bigger stick.

By mars777 on 12/24/2008 6:03:45 PM , Rating: 2
I don't think there are bigger sticks than nuclear bombs today :D

By Quiescent on 12/22/2008 6:18:47 PM , Rating: 4
Now that's a good movie. Anyone up for a play with the game on that big clunky computer that probably sucks down more electricity than say 500 servers for nowdays?

Let down
By TxJeepers on 12/22/2008 9:48:34 PM , Rating: 2
10 comments in and no joke referencing Skynet yet? Come on DailyTech readers, you are letting me down.

RE: Let down
By DarkElfa on 12/23/2008 6:13:16 AM , Rating: 2
I bet its Skynet, the end is near!


By LumbergTech on 12/23/2008 12:48:44 AM , Rating: 2
does this mean that network security is going to be a lucrative field to go into?

RE: hm
By DarkElfa on 12/23/2008 6:12:19 AM , Rating: 2
Perhaps it was actually interference from China that caused our economy to collapse.



czars for everyone!
By TSS on 12/23/2008 9:34:41 AM , Rating: 2
"cybersecurity czar"

after i read the title i knew that was going to be suggested. would fit right in with the enviroment czar, the car czar, and all other czars that are springing up all over the place.

i've just got a bad feeling about them czars. wether if it's just to give more friends a job or creating positions of power that'll keep more power in a tight group, i don't know. but it's beginning to look like everybody isn't doing their job right so the czars will fix that.

RE: czars for everyone!
By Ringold on 12/23/2008 1:58:50 PM , Rating: 2
For a democracy, we do have an awful lot of czars. Other posters got it right; another way for the government to expand influence and power through patronage, expanded bureaucracy, etc.

If we really needed these posts, why not add them to the cabinet and call them Secretary posts?

Bloated & inefficient
By crystal clear on 12/23/2008 9:36:10 AM , Rating: 1
U.S. Rep. Dutch Ruppersberger of Maryland, the Democratic chairman of the Intelligence subcommittee on Technical Intelligence, says that billions must be poured into shoring up the cyber defenses which is currently full of holes.

Pouring (billions) more money/funds doesnt solve the problem.

Funds are needed elsewhere from the bailout packages to the "economic stimulus package" to education,health etc etc.

There are no spare funds & cost cutting across the board is needed in those bloated & ineffcient Govt depts.

Get better/more value for the money/funds currently allocated to every dept.

Make people in the depts work harder-better-faster & those not fit should be fired.

Intelligent use of funds/money is the keyword to the problem.


1) FIRE all those responsible for cyber security as they have failed to do their job/duties & hire NEW better qualified & capable personnel to deal with the problem.

2) Reorganize & restructore the dept responsible for cyber security.

3) Funding should come from existing budgets by cutting 5 % or more from every dept & transfering it to this effort/issue of cyber security.

4) Set aside/allocate funds from the above for R&D in cyber security to be allocated to universities in the USA

5) Use existing technologies available from companies specializing in cyber security by sub contracting portion of the work to setup/build cyber defences or shield. (call it what ever you like)

Remember its the tax payers money ....there has to be accountability & efficiency in the working of govt depts.

RE: Bloated & inefficient
By Ringold on 12/23/2008 1:53:34 PM , Rating: 2
3) Funding should come from existing budgets by cutting 5 % or more from every dept & transfering it to this effort/issue of cyber security.

Shadowy government assassins are enroute to your location now for suggesting such blasphemy. The solution to every problem is of course billions of dollars. Not millions or hundreds of millions, but b illions of dollars, as well as the creation of a new unelected federal government position and a new supporting bureaucracy to support him/her.

On a more serious note, I like the BSG approach to network security. Network security? What network?!

By JonnyDough on 12/22/2008 9:44:44 PM , Rating: 2
The war game highlighted numerous problems including flaws in leadership

Wait, the government has a leadership problem? I do not believe it.

The ultimate in network security
By Integral9 on 12/23/2008 10:42:27 AM , Rating: 2
use scissors. <snip snip>

By Moishe on 12/23/2008 2:16:25 PM , Rating: 2
What is the deal with the U.S. using the word "czar" now?
We don't need more freakin bureaucrats.

We need people with common sense in charge to make plans and will hold their employees accountable for making real progress.

This needs to be run like a business. Get it done or get out.

"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki