Deputy Defense Secretary William Lynn III reveals that in 2008 the
U.S fell victim to an insidious cyber assault. The
August 25 post describes how an infected flash drive was plugged into
a single U.S. military laptop in the Middle East and "spread
undetected on both classified and unclassified systems, establishing
what amounted to a digital beachhead, from which data could be
transferred to servers under foreign control."The result
was the most dangerous cyber attack in U.S. history. Both
classified and unclassified infected systems were communicating with
and exposed their information to foreign servers. Based on the
location of those servers, past reports indicate that the U.S.
government suspects the attack originated from Russia; in the article
Secretary Lynn only refers to it as originating from "a foreign
intelligence agency".Since the incident, the U.S.
military initially banned flash drives from use with its systems, but
relaxed that provision slightly. Its efforts are now
focusing on "active defense systems", an attempt to try to
be more vigilant for possible malware or attempts to communicate with
untrusted servers.Secretary Lynn says his reason for
publishing details of severe assault was to raise public awareness to
the growing threat of cybersecurity. He says that defending our
nation in a sometimes hostile internet-savvy world is "not
easy".Unlike forward-looking fictional works like The
depict a futuristic internet-connected U.S. that acts as a cyber
aggressor, recent U.S. government reports indicate that the
government instead has evolved into somewhat
of a "cyber weakling" in terms of security. The
U.S. government is struggling to leverage the substantial security
talent of its nation's citizens like China or Russia. The
result is that the U.S. government and
its contractors have fell victims to several
attacks. The U.S. has also fallen victim to cyberintrusions
from foreign sources into critical free market entities like
power utilities.The government has also fallen victim to
sabotage from within, as showcased by the recent arrest
of 19-year-old U.S. Military specialist Bradley Manning.
Manning allegedly broke the law and military protocol, leaking what
now appears to be hundreds
of thousands of classified military documents to
whistle-blowing website Wikileaks.
Manning's actions were never discovered by the U.S. Armed Forces; he
was only caught via the fateful
decision of a former convicted U.S. hacker, with whom he
confided in.Under former President George W. Bush and now
under President Barack Obama, the government has promised to step up
its act, working to develop a more cohesive plan for cybersecurity.
President Obama in February 2009 appointed the
nation's first Security Czar, Melissa Hathaway. Ms. Hathaway, a
former director of national intelligence under the Bush
administration was tasked with coordinating inter-agency
cybersecurity efforts. But in a sign of what
disarray the nation's efforts remain in, Ms. Hathaway resigned in
August 2009. She has since been replaced
by Howard Schmidt, a former
chief security executive at Microsoft with 31 years'
experience in law enforcement and the military, who was appointed in
December to the post.There are currently a number of
proposals on the table to create some form of new agency (like the
CIA, FBI, etc.) tasked with U.S. cybersecurity at home and
of the bills looks to create a bureau called the National
Center for Cybersecurity and Communications (NCCC), which would be a
sub-bureau of the Department of Homeland Security.The
incident described by Secretary Lynn -- catastrophic actions
originating from packages malware aboard a USB stick -- immediately
brings to mind a recent incident, in which malware aboard a USB stick
attached to a Spanish airline computer interfered with its
to its crash. (which occurred in 2008). The
infection slowed down system alerts at the airline's
headquarters which could have canceled or delayed the flight.
Both the new report from the Pentagon and the recently published
details on the Spanair incident reveal the steep costs of
cybersecurity breaches in an increasingly connected world.
quote: The U.S. government also has to worry about betrayal within. It's giving 19 year olds access to its most sensitive systems.