Posts Tagged ‘Cyber Warfare’

smh.com.au:

The US senators pushing a controversial new bill that some fear would give President Barack Obama the powers to seize control of and even shut down the internet have rejected claims it would give Obama a net “kill switch”.

The bill, titled Protecting Cyberspace as a National Asset Act, has been unanimously approved by the US Homeland Security committee and will be put to a vote on the Senate floor shortly.

Lobby groups and academics quickly rounded on the bill, which seeks to grant the President broad emergency powers over the internet in times of national emergency.

Any internet firms and providers must “immediately comply with any emergency measure or action developed” by a new section of the US Department of Homeland Security, dubbed the “National Centre for Cybersecurity and Communications”.

The critics said that, rather than combat terrorists, it would actually do them “the biggest favour ever” by terrorising the rest of the world, which is now heavily reliant on cyberspace.

Australian academics criticised the description in the bill’s title of the internet as a US “national asset”, saying any action would disrupt other countries as most of the critical internet infrastructure is located in the US.

This week, 24 privacy and civil liberties groups sent a letter raising concerns about the legislation to the sponsors, including that it could limit free speech and free inquiry, Computerworld reported.

“We are concerned that the emergency actions that could be compelled could include shutting down or limiting internet communications,” the letter reads.

But the architects of the plan, committee chairman Senator Joe Lieberman and Senator Susan Collins, have this week released a “Myth v. Reality” document that hits back at these criticisms.

They say the threat of a catastrophic cyber attack is real and not a matter of “if” but “when”. Cyber crime was also costing the US economy billions of dollars annually and the bill would “modernise the government’s ability to safeguard the nation’s cyber networks from attack and will establish a public/private partnership to set national cyber security priorities”.

The senators rejected the “kill switch” claim, arguing that the President already had authority under the Communications Act to “cause the closing of any facility or station for wire communication” when there is a “state or threat of war”.

They said under the new bill the President would be far less likely to use the broad authority he already has under current law to take over communications. It would provide “a precise, targeted and focused way for the President to defend our most sensitive infrastructure”.

Any action would be limited to 30-day increments and the President must use the “least disruptive means feasible” to respond to the threats. Action extended beyond 120 days would need Congressional approval.

The bill would not give the President the authority to take over the entire internet, target specific websites or conduct electronic surveillance.

“Only specific systems or assets whose disruption would cause a national or regional catastrophe would be subject to the bill’s mandatory security requirements,” the senators wrote.

Secrecy News:

New technologies could be used to improve internet security but the impact of those technologies on personal privacy is classified information, the director of the National Security Agency told Congress last week.

“How could the Internet be designed differently to provide much greater inherent security?” the Senate Armed Services Committee asked Lt. General Keith Alexander, who has been nominated to lead the new U.S. Cyber Command.

“The design of the Internet is – and will continue to evolve – based on technological advancements. These new technologies will enhance mobility and, if properly implemented, security,” replied Gen. Alexander in his written answers (pdf) in advance of an April 15 Committee hearing.

“What would the impact be on privacy, both pro and con?” the Committee continued.

The answer to that question was “provided in the classified supplement” to the General’s response, and was not made public (see question 27).

“It is astounding that Lt. Gen. Alexander’s remarks on the impact on privacy of future modifications to the Internet under his command should be withheld from the public,” wrote Jared Kaprove and John Verdi of the Electronic Privacy Information Center (EPIC), especially given the President’s declared commitment to upholding privacy protection in the nation’s cybersecurity policy.

Consequently, EPIC filed a Freedom of Information Act request seeking disclosure of the classified supplement to General Alexander’s answers.  “There is a clear public interest in making known the Director’s views on this critical topic,” EPIC wrote in its request (pdf).

A senior Republican on the Senate Commerce Committee criticized the Obama administration Tuesday for appointing a cybersecurity coordinator who cannot testify before Congress.

LINK

POPSCI:

As any soldier will tell you, consistent and realistic drill forms the foundation of any successful military action. But whereas an infantryman can hone his aim at a firing range, America’s Internet warriors don’t have a similar venue for developing their skills at cyberwar. But DARPA hopes a $51 million network simulation, complete with computer programs that behave like human targets and adversaries, will provide the perfect arena for developing the next generation of cyberwar weapons and tactics.

The simulation, called the National Cyber Range (NCR), first went public last year, but just yesterday the cash needed to get this project moving was finally doled out. Johns Hopkins received $24.8 million for the project, while Lockheed Martin walked away with $30.8 million. The Lockheed contract is significant, as its defense industry competitor Northrop Grumman actually won the Phase I grant in 2009.

According to DARPA, the NCR will “realistically replicate human behavior and frailties,” and provide “realistic, sophisticated, nation-state quality offensive and defensive opposition forces.” Basically, computer programs acting like real people will populate a the virtual world that the cyberwarriors will attempt to disrupt or save, depending on the mission. Paging Agent Smith…

Even more impressive than the automation of the virtual population is the size of the simulation. DARPA hopes that the NCR will be able to simulate the entire Internet, allowing soldiers to drill in virtual simulations ranging from a small scale computer virus to a World War III-sized conflict.

The project just entered Phase II testing, so there it’s still going to be a wait before the NCR starts running at full capacity. In the meanwhile, let’s just hope someone remembers to teach the computer how to play tic-tac-toe.

Federal Computer Week:

Obama administration makes a full-court press to engage industry and the public in the crusade against cyber war

All of a sudden, the cyber spooks and watchdogs in the Obama administration are coming out of the shadows, making a full-court press to engage industry and the public in their crusade against cyber war.

Howard Schmidt, the president’s new cybersecurity chief, Janet Napolitano, homeland security secretary, and FBI Director Robert Mueller made sequential keynote addresses in early March at the RSA Conference in San Francisco. Schmidt made the biggest news, opening the “Einstein 3 Kimono,” as Richi Jennings of Computerworld’s IT Blogwatch put it, referring to the unveiling of the super-secret Comprehensive National Cybersecurity Initiative and a summary of its 12-point program.

Einstein 3 is a next-generation tool the government is developing to protect the civilian government domain. The summary said the program “will draw on commercial technology and specialized government technology to conduct real-time full packet inspection and threat-based decision-making on network traffic entering or leaving these executive branch networks.”

It’s definitely eye-opening, wrote Kit Eaton of Fast Company. “And while you may suspect that Schmidt could only reveal the tiniest of details about such an important plan, he actually spilled quite a few beans in an attempt to get academics and private companies to buy into the government’s plans.”

Napolitano, appearing the next day, said public education will be a critical part of the agency’s strategy. She announced the launch of a new competition that asks any and all comers for help in designing a cybersecurity public awareness campaign. Her ambition is “comparable in scale to forest fire and smoking prevention campaigns,” wrote Alejandro Martinez-Cabrera in SFGate’s The Tech Chronicles.

You can go to www.dhs.gov/cyberchallenge to submit your ideas. And, of course, they will remain confidential.