09 April 2010

Trying to Predict the CyberWar Future

First question: Who's in Charge?

When the first salvos of cyberwar are fired against the United States, the responsibility to defend the country falls to the president who, aided by advisers from the broad spectrum of government agencies and also the private sector, must feel his way along an uncertain path to decide the appropriate response.

Because possible return fire could come from traditional military, intelligence, diplomatic or economic agencies -- and perhaps even from private business -- the United States needs a set of policies and procedures for cyberwarfare that are still in the making, experts say.

The president's top cyber adviser, Howard Schmidt, has said in interviews that the responsibility for cybersecurity is a shared responsibility between public and private sectors. And within the government it will be shared among government agencies but not in a well-defined way. "Who's in charge?" asks Jamie Sanbower, the director of security for Force 3, an integrator that works with the federal government. "That's the number-one challenge we're facing right now."

Emerging as a powerful player is the appointed head of the U.S. military Cyber Command Army Lt. Gen. Keith Alexander, who is the director of the National Security Agency (NSA) and would retain that title if his appointment to CyberCom is approved by the U.S. Senate, indicating the broad reach and central authority the president believes is needed to respond to attacks. But it makes Congress jumpy, and it has reportedly sought explanation from the Department of Defense about what shape the relationship between the Defense Department and the NSA would take.

Meanwhile, Schmidt's role as White House adviser on cybersecurity has no such concentrated authority. His direct boss is not the president, but rather two separate groups, the National Security Council and the National Economic Council, both of which report to the president. That assignment of authority appears to limit Schmidt, but also points to the broad nature of the cyber threat.

+++

Suspected attacks around the world... by the Chinese again?

Canadian cyber-security professionals working with the Shadowserver Foundation and Information Warfare Monitor have uncovered a suspected Chinese cyber-offensive against India.

In a report released April 6 titled “Shadows in the Cloud - Investigating Cyber Espionage 2.0,” investigators say that hackers of the so-called “Shadow Network” stole secret files on India’s missile projects, troop deployments and military schools.

The offensive also included attacks on several other countries, the Dalai Lama and the United Nations, according to the report.

A host of Indian military computers have been compromised, as well as systems belonging to think tanks. Compromised documents were related to the Pechora anti-aircraft surface-to-air missile system, the Iron Dome mobile missile defense system, and Project Shakti, which is the Indian army’s command and control system for artillery.

Documents relating to network-centric warfare were compromised, along with plans for intelligence fusion and technologies for monitoring and analyzing network data.



By: Brant

No comments: