A single malware-infected USB stick led to huge 2008 compromise of U.S. Central Command's classified and unclassified systems in Iraq. The attack was conducted by a foreign intelligence agency; Russia is suspected.  (Source: Cocos Promotions)

The U.S. government also has to worry about betrayal within. It's giving 19 year olds access to its most sensitive systems. And U.S. Army specialist Bradley Manning showed the folly of that policy when it was recently alleged that he betrayed that trust, passing classified documents to foreign nationals.  (Source: Telegraph UK)
The purposeful attack occurred in 2008 in the Middle East and led to the theft of classified information

In a Foreign Affairs journal post, Deputy Defense Secretary William Lynn III reveals that in 2008 the U.S fell victim to an insidious cyber assault.  

The August 25 post describes how an infected flash drive was plugged into a single U.S. military laptop in the Middle East and "spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control."

The result was the most dangerous cyber attack in U.S. history.  Both classified and unclassified infected systems were communicating with and exposed their information to foreign servers.  Based on the location of those servers, past reports indicate that the U.S. government suspects the attack originated from Russia; in the article Secretary Lynn only refers to it as originating from "a foreign intelligence agency".

Since the incident, the U.S. military initially banned flash drives from use with its systems, but has since relaxed that provision slightly.  Its efforts are now focusing on "active defense systems", an attempt to try to be more vigilant for possible malware or attempts to communicate with untrusted servers.

Secretary Lynn says his reason for publishing details of severe assault was to raise public awareness to the growing threat of cybersecurity.  He says that defending our nation in a sometimes hostile internet-savvy world is "not easy".

Unlike forward-looking fictional works like 
The Neuromancer that depict a futuristic internet-connected U.S. that acts as a cyber aggressor, recent U.S. government reports indicate that the government instead has evolved into somewhat of a "cyber weakling" in terms of security.  

The U.S. government is struggling to leverage the substantial security talent of its nation's citizens like China or Russia.  The result is that the U.S. government and its contractors have fell victims to several attacks.  The U.S. has also fallen victim to cyberintrusions from foreign sources into critical free market entities like power utilities.

The government has also fallen victim to sabotage from within, as showcased by the recent arrest of 19-year-old U.S. Military specialist Bradley Manning.  Manning allegedly broke the law and military protocol, leaking what now appears to be hundreds of thousands of classified military documents to whistle-blowing website 
Wikileaks.  Manning's actions were never discovered by the U.S. Armed Forces; he was only caught via the fateful decision of a former convicted U.S. hacker, with whom he confided in.

Under former President George W. Bush and now under President Barack Obama, the government has promised to step up its act, working to develop a more cohesive plan for cybersecurity.  President Obama in February 2009 appointed the nation's first Security Czar, Melissa Hathaway.  Ms. Hathaway, a former director of national intelligence under the Bush administration was tasked with coordinating inter-agency cybersecurity efforts.  

But in a sign of what disarray the nation's efforts remain in, Ms. Hathaway resigned in August 2009.  She has since been replaced by Howard Schmidt, a former chief security executive at Microsoft with 31 years' experience in law enforcement and the military, who was appointed in December to the post.

There are currently a number of proposals on the table to create some form of new agency (like the CIA, FBI, etc.) tasked with U.S. cybersecurity at home and abroad.  One of the bills looks to create a bureau called the National Center for Cybersecurity and Communications (NCCC), which would be a sub-bureau of the Department of Homeland Security.

The incident described by Secretary Lynn -- catastrophic actions originating from packages malware aboard a USB stick -- immediately brings to mind a recent incident, in which malware aboard a USB stick attached to a Spanish airline computer interfered with its communications contributing to its crash. (which occurred in 2008).  The infection slowed down system alerts at the airline's headquarters which could have canceled or delayed the flight.  Both the new report from the Pentagon and the recently published details on the Spanair incident reveal the steep costs of cybersecurity breaches in an increasingly connected world.

"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki