State of Security: NSA Cyber Warriors, Gov Security Overreach, NIST Servers Downed
NSA Developing Cyber Offensive Squads
NSA Director and U.S. Cyber Command chief General Keith Alexander disclosed in testimony to Congress plans for the development of as many as thirteen teams of cyber warriors who will specialize in attack methods in what can only be described as a measurable escalation in the military’s cyber offensive capabilities. In statements delivered Wednesday before the House Armed Services Committee, Alexander said he “would like to be clear that this team, this defend-the-nation team, is not a defensive team.”
“This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone,” Alexander continued.
In addition to the cyber attack teams, and additional 27 units will be focused on monitoring an surveillance activities, and will be directed to “monitor incoming traffic to the United States through private ‘Internet service providers’” in order to gather intelligence on possible cyber-borne threats.
The General’s statements came just one day after he offered testimony before the Senate Armed Services Committee in which he expressed concerns over the continued distributed denial of service (DDoS) attacks that have been targeting U.S. financial institutions since mid-September of last year.
“We’ve seen the attacks on Wall Street over the last six months grow significantly. And if you look at industry, especially the anti-virus community and others, they believe it’s going to grow more in 2013. And there’s a lot that we need to do to prepare for this,” Alexander warned.
Adding to the drama, just minutes after Alexander delivered the statements, attackers disrupted the websites of Chase Bank for umpteenth time in what the alleged attackers claim is a protest of a controversial YouTube video that offended Muslims around the world. Some U.S. officials have warned on several occasions that the attacks may in fact be part of a grand diversionary campaign designed to facilitate large scale fraudulent fund transfers by international organized crime syndicates. In December of last year the Office of the Comptroller of the Currency (OCC) had issued an advisory warning of the fraud operation which was similar warnings from the Financial Services – Information Sharing and Analysis Center FS-ISAC, the FBI and IC3 issued in the fall of 2012.
Any way you slice it, both the cyber bad guys and governments seem determined to continue the conflict escalation in cyberspace. Hang on to your virtual seats…
Business Leaders Ask for Limited Government Intervention in Cyber Affairs
In the wake of an Executive Order issued by President Obama, and with cybersecurity legislation still on the table, business leaders have been anxious to make sure that the government understands that while companies welcome help in defending critical infrastructure and protecting systems that contain sensitive data, they don’t want costly cram-down regulatory inference from the feds.
“I think we all agreed – and that included the administration and the president – that we want as light a government touch on this as possible. Flexibility is important, because this is the kind of threat that changes very quickly… The threat is real… there is a consistent, persistent threat here that we need to be concerned about as a country,” Reuters quoted Honeywell International’s David Cote as saying after a meeting with the President.
Of course, before we start discussing solutions, the problems we want to deal with should be more clearly defined, according to Internet Security Alliance president Larry Clinton, who penned a terse op-ed in The New York Times on the issue of cybersecurity legislation in October of last year.
“While the unrealistic threats of crumbling critical infrastructure may be useful rhetoric to scare senators into voting on issues they have not studied adequately, the real cyber problem lies elsewhere,” Clinton wrote.
“Cyber security is not simply a technical or standards issue. It has strategic and economic dimensions as well, and none of the current proposals deal with it in a truly comprehensive way that goes beyond standards to deal with economics and incentives at both a domestic and international level. We need to start by clearly defining which problem we are trying to solve. Our government has not yet done that.”
Don’t hold your breath Larry, that would entail the government putting the horse before the cart.
NIST National Vulnerability Database Attacked
the National Institute of Standards and Technology (NIST) – a department of the U.S. Department of Commerce which assits government and industry with technology, measurement, and standards issues – apparently suffered some network downtime after malware was discovered on critical systems. Information security professional Kim Halavakoski contacted the agency after noticing that their National Vulnerability Database (NVD) was offline for a period.
“The National Vulnerability Database public-facing Web site and several other NIST-hosted Web sites are currently unavailable due to discovery of malware on two NIST Web servers,” NIST representatives told Halavakoski in an email, according to his G+ posting.
“On Friday March 8, a NIST firewall detected suspicious activity and took steps to block unusual traffic from reaching the Internet. NIST began investigating the cause of the unusual activity and the servers were taken offline. Malware was discovered on two NIST Web servers and was then traced to a software vulnerability,” the NIST told Halavakoski.
“Currently there is no evidence that NVD or any other NIST public pages contained or were used to deliver malware to users of these NIST Web sites. NIST continually works to maintain the integrity of its IT infrastructure and acts to limit the impact of malware on its systems. We regret the impact this has had on our services.”
NIST hopes the much used database will be back on line in short order, but could not provide an estimate. Halavakoski noted that the affected servers, which had been 2008 and IIS 7.5 until about a week ago, but now seem to be using Linux and Apache. If related to the malware infection, that must be some kinda bug they caught.
Images courtesy of ShutterStock
Categories: Cyber Security