backtop


Print 35 comment(s) - last by mars777.. on Dec 24 at 6:03 PM


While foreign nations such as China are amassing legions of trained cyber combatants, recent war games have shown the U.S. woefully underprepared to defend itself against and retaliate in reponse to cyber attacks. Such attacks could soften U.S. defenses or merely yield a steady stream of leaked technical information.
The U.S. is alarmingly vulnerable to foreign cyber assaults, but will local governments spend the billions needed to shore up defenses

One of the most difficult challenges facing the U.S. government today is the constant threat of cyber attacks from tech savvy rivals such as China.  Freelance cyber "guns for hire" foreign nations can steal information, undermine the national economy, and spy on our nation's military readiness with little fear of retaliation.  While the armed forces and U.S. intelligence agencies have invested large amounts of money in preventing such breaches, a recent war game highlighted just how soft the U.S. is when it comes to cyber defense.

Last Thursday wrapped up a two-day war game testing our nation's cyber security readiness against hostile threats.  The exercise, perhaps the largest and most ambitious yet, was carried out by 230 representatives of government defense and security agencies, private companies and civil groups.  The conclusion -- the U.S. is unprepared to defend itself against cyber attackers.

The war game highlighted numerous problems
including flaws in leadership, planning, communications and other issues, according to the testers.  Experts note some improvements since a year ago when President George W. Bush instituted a broad new cybersecurity initiative.  However, they say that the defenses are still far from adequate.  Senior vice president Mark Gerencser of the Booz Allen Hamilton consulting service who hosted the games states, "There isn't a response or a game plan.  There isn't really anybody in charge."

Democratic U.S. Rep. James Langevin of Rhode Island, chair of the Homeland Security subcommittee on cybersecurity, woefully concurred, "We're way behind where we need to be now.  This is equivalent in my mind to before Sept. 11 ... we were awakened to the threat on the morning after Sept. 11."

U.S. Rep. Dutch Ruppersberger of Maryland, the Democratic chairman of the Intelligence subcommittee on Technical Intelligence, says that billions must be poured into shoring up the cyber defenses which is currently full of holes.  Rep. Ruppersberger cites the recent cyber warfare campaign by Russian supporters in Estonia and Georgia as an example of how devastating foreign cyber assaults can be on an unprepared nation.

The war games were set in a very applicable scenario -- escalating attacks during a period of economic instability.  Participants had to try to work together to develop strategies to fight the attacks.  The test was perhaps the largest to date as it encompassed both the free market and the government sectors.

Homeland Security Secretary Michael Chertoff at the end of the exercise signed off warning participants that cyber attacks will be used in the future to soften nations in preparation for invasion.  They will also become a tool used by terrorists, he warns.  New international laws and military doctrines must be put in place, he believes, to prevent unchecked aggression and cyber arms races.  Uncertainty is a critical flaw without government's current defense plan, he believes.  He states, "We know that if someone shoots missiles at us, they're going to get a certain kind of response. What happens if it comes over the Internet?"

There is dissent, though on how to solve the problem.  Rep. Ruppersberger believes a "cybersecurity czar" is the best solution as it will give the president a direct line to the critical state of the nation's network defenses.  However, Chertoff and Gerencser do not currently support this idea.

Rep. Ruppersrberger did state optimism that the state of cyber security can change, and praised President-elect Barack Obama for making cybersecurity a major priority thus far.

However, there are many tricky issues that remain, such as the question of how to finance the massive government-sponsored security overhaul needed and how to answer public doubts.  While one-party regimes such as China, have found it easy to force such efforts on the public, here in the U.S. convincing the public that such initiatives are necessary and positive is a much taller order.  Many are uneasy with the expansion of government and decreased privacy rights that such initiatives would yield.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Can't prepare for everything
By cmdrdredd on 12/22/2008 5:47:31 PM , Rating: 3
You can never prepare for every type of attack and close every security hole. It's just not possible. There will always be some type of hacker or criminal who, wanting in badly enough, will get in no matter what it takes. It's like DRM on music, movies, and games. That doesn't ever stop people from pirating these and you'll never stop all kinds of cyber attacks. Sure it may seem alarming when reading the article but how likely is it in reality? If it was likely to happen, it would have already happened.




RE: Can't prepare for everything
By blowfish on 12/22/2008 6:17:25 PM , Rating: 3
in fact I'd say if the DHS is involved, they can't prepare for ANYTHING. They are simply incompetent.


By ryandmiller1 on 12/22/2008 7:37:30 PM , Rating: 3
Hah! Right, can't prepare for everything. That is a terrible mindset. Knowing you have a huge security vulnerability but leaving it open because you cant prepare for everything? Sure, you dont know about every security hole, but you can still do something about the ones you know that are open. I think that this is kind of a big deal and a huge hole. If we pissed Russia or China off or even if some private organization got pissed at us, this article demonstrated that our network infrastructure would be almost completely breached and they could take down whatever they want, and take any information they want. If that happens do you think that the appropriate response is "we couldn't prepare for everything?"


RE: Can't prepare for everything
By Kode on 12/22/2008 7:54:14 PM , Rating: 2
You indeed can never be prepared for any attack, but you can train to get better prepared. It revealed kind of a small chaos. So hopefully they will work it out a little so that there won't be such a chaos anymore. Leaderships and communication issues are quite important in such events. Let's hope it get's at least some attention so they can improve it.


By ryandmiller1 on 12/22/2008 8:03:38 PM , Rating: 2
I agree. Im not saying that we should go pour 50billion into a new branch or organization to facilitate all this... But someone needs to be put in charge of this and something needs to be set up to start to deal with it, and not just a single wing of the air force. Knowing about it and not acting is foolish.


RE: Can't prepare for everything
By majBUZZ on 12/22/2008 8:44:05 PM , Rating: 3
If it was likely to happen, it would have already happened.

Yeah like how the concept that a jet airliner could be used as a terror weapon on sky scrapers was floated around back in the 70's. But it had not happened already so why prepare and we all know how that worked out.

But to think oh wow what a lot of work its gonna be to fix this security infrastructure, so lets not even try is the mentality that has served this country oh so well hasn't it.


RE: Can't prepare for everything
By theapparition on 12/23/2008 10:04:54 AM , Rating: 3
quote:
Yeah like how the concept that a jet airliner could be used as a terror weapon on sky scrapers was floated around back in the 70's. But it had not happened already so why prepare and we all know how that worked out.

They did prepare for that. One of the WTC's original design goals was to withstand impact from a jet aircraft.

And in that respect, it was a great success. The impact caused almost no structural damage to the buildings. However, the designers failed to see that the impact would cause the main support insulation to be blown off, and the resultant heat from burning jet fuel caused the support members to yield.

Back to the original topic though, the WTC and skyscrapers in general were all designed to withstand the impact of aircraft.


RE: Can't prepare for everything
By mars777 on 12/24/2008 5:56:33 PM , Rating: 2
It was an explosion that blow the WTCs after the aircrafts miserably failed. It's just a matter of believing your studies or studies of other independent researchers.

Many other experts said that the airplane wings with the fuel were not close enough to the main structure to melt it while burning. The wings were teared apart in the impact and the fuel exploded instantly.

Moreover you can see a second explosion on the video when the second skyscraper was about to fall.

I won't speculate on what exploded but clearly it was not the melting of the metal structure.


RE: Can't prepare for everything
By eye smite on 12/22/2008 10:00:59 PM , Rating: 2
Oh I think it's likely to happen. We have more enemies abroad in the world now than we ever have for whatever pluthara of reason you want to cite. However, this supports a statement I've been saying since Bill Clinton took office going on 2 decades ago. There are no politicians that can save us from themselves.

That being said, you can count on months if not yrs of deliberation on what and what shouldn't be done til it's too late and they miss the boat on this too. lol


RE: Can't prepare for everything
By bodar on 12/22/2008 10:08:45 PM , Rating: 2
RE: Can't prepare for everything
By whirabomber on 12/23/2008 7:12:16 AM , Rating: 2
..but you can avoid doing stupid things like putting secure data networks onto the common internet infrastructure. If you don't want data stolen don't put it in an environment where it can be stolen, manipulated, or deleted. I've heard many tales (from the civilian world) where someone has a direct line into a secure server cluster because "it was cheaper to put the line in than pay for the system admin to drive in when the servers go down." I've heard many a horror stories about "the vice president of the company/manager/vip wanted to access the financial data from his house so we put a internect connection into the secure network for him." Even the best laid plans are foiled by stupidity.

Of course, the biggest security threat to any organization is the $40-60k/year guys who keep getting passed up for promotion, are greedy, or keep getting stepped on by upper management. Those guys are the one loading up thumb/CDs/DVDs full of data or plugging in wireless adapters for cash/blackmail photos. An estimated 80% of all data thefts are inside jobs.

The biggest defense against a good offense is education and paranoia - fire a couple "medium level" security violation folks loudly and drop rumors their un-named co-workers were the ones who told management.


RE: Can't prepare for everything
By crystal clear on 12/23/2008 8:02:36 AM , Rating: 2
quote:
Sure it may seem alarming when reading the article but how likely is it in reality?


There is a political agenda behind this not on D.T. behalf, rather certain groups in the USA who wish to use scare tactics to pressure the congress/senate/president to allocate new/additional funds to this cause.

If and when there is a cyber attack then this group will say- we told you so...

As for the funds/money heres the solution-

Cut 5 % or more of every departments budget & transfer it to this dept in charge of cyber security.


RE: Can't prepare for everything
By cmdrdredd on 12/23/2008 10:01:13 PM , Rating: 2
I think all of you don't understand a word of what I said. This article was written as an alarmist attitude toward cyber attacks. I simply stated that you can never prepare for everything. That's true from everything from car safety, to internet security. You can NEVER prepare for everything.

I never, not once said we should do nothing. Man you guys read just like the Ny Times, full of spin and BS.


"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." -- Bill Gates














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki