Crapaganda.com

The Pentagon would consider a military response in the case of a cyber attack against the United States, a US defense official said on Wednesday.

Asked about the possibility of using military force after a cyber assault, James Miller, undersecretary of defense for policy, said: “Yes, we need to think about the potential for responses that are not limited to the cyber domain.”

But he said it remained unclear what constituted an act of war in cyberspace.

“Those are legal questions that we are attempting to address,” Miller said at a conference in Washington, adding that “there are certainly a lot of grey areas in this field.”

He said hostile acts in cyberspace covered a wide range, from digital espionage to introducing false data into a network, that did not necessarily represent full-blown war.

But he said the threat to US networks from terrorists, criminals and others was real and growing.

“Over the past decade, we’ve seen the frequency and the sophistication of intrusions into our networks increase,” he said. “Our systems are probed thousands of times a day.”

The Defense Department has about 90,000 employees and troops using computer networks, with about seven million computer devices, he said.

The US military recently created a new cyber command that will be led by Lieutenant General Keith Alexander, head of the secretive National Security Agency. Alexander was confirmed in his post by the US Senate last week.

In his written testimony to Congress, Alexander said that the new cyber command would be prepared to wage offensive operations as well, despite the risk of sustaining damage to US networks.

He told lawmakers that he expected digital operations to take place as part of a wider military campaign, but that special legal authority would be required to respond to a cyber attack staged from a neutral country.

Source: RawStory

It came as a surprise this month to Wang Jianwei, a graduate engineering student in Liaoning, China, that he had been described as a potential cyberwarrior before the United States Congress.

Larry M. Wortzel, a military strategist and China specialist, told the House Foreign Affairs Committee on March 10 that it should be concerned because “Chinese researchers at the Institute of Systems Engineering of Dalian University of Technology published a paper on how to attack a small U.S. power grid sub-network in a way that would cause a cascading failure of the entire U.S.”

When reached by telephone, Mr. Wang said he and his professor had indeed published “Cascade-Based Attack Vulnerability on the U.S. Power Grid” in an international journal called Safety Science last spring. But Mr. Wang said he had simply been trying to find ways to enhance the stability of power grids by exploring potential vulnerabilities.

“We usually say ‘attack’ so you can see what would happen,” he said. “My emphasis is on how you can protect this. My goal is to find a solution to make the network safer and better protected.” And independent American scientists who read his paper said it was true: Mr. Wang’s work was a conventional technical exercise that in no way could be used to take down a power grid.

The difference between Mr. Wang’s explanation and Mr. Wortzel’s conclusion is of more than academic interest. It shows that in an atmosphere already charged with hostility between the United States and China over cybersecurity issues, including large-scale attacks on computer networks, even a misunderstanding has the potential to escalate tension and set off an overreaction.

“Already people are interpreting this as demonstrating some kind of interest that China would have in disrupting the U.S. power grid,” said Nart Villeneuve, a researcher with the SecDev Group, an Ottawa-based cybersecurity research and consulting group. “Once you start interpreting every move that a country makes as hostile, it builds paranoia into the system.”

Mr. Wortzel’s presentation at the House hearing got a particularly strong reaction from Representative Ed Royce, Republican of California, who called the flagging of the Wang paper “one thing I think jumps out to all of these Californians here today, or should.”

He was alluding to concerns that arose in 2001 when The Los Angeles Times reported that intrusions into the network that controlled the electrical grid were traced to someone in Guangdong Province, China. Later reports of other attacks often included allegations that the break-ins were orchestrated by the Chinese, although no proof has been produced.

In an interview last week about the Wang paper and his testimony, Mr. Wortzel said that the intention of these particular researchers almost did not matter.

“My point is that now that vulnerability is out there all over China for anybody to take advantage of,” he said.

But specialists in the field of network science, which explores the stability of networks like power grids and the Internet, said that was not the case.

“Neither the authors of this article, nor any other prior article, has had information on the identity of the power grid components represented as nodes of the network,” Reka Albert, a University of Pennsylvania physicist who has conducted similar studies, said in an e-mail interview. “Thus no practical scenarios of an attack on the real power grid can be derived from such work.”

Read the rest of the story at: Academic Paper in China Sets Off Alarms in U.S. (NY Times)

The United States would lose a cyberwar if it fought one today, a former US intelligence chief has warned.

Michael McConnell, a retired US Navy vice admiral who served as ex-president George W. Bush’s director of national intelligence, also compared the danger of cyberwar to the nuclear threat posed by the Soviet Union during the Cold War.

“If we went to war today in a cyberwar, we would lose,” McConnell told a hearing Tuesday on cybersecurity held by the Senate Committee on Commerce, Science and Transportation.

“We’re the most vulnerable, we’re the most connected, we have the most to lose.

“We will not mitigate this risk,” added McConnell, now an executive vice president for consulting firm Booz Allen Hamilton’s national security business. “And as a consequence of not mitigating this risk, we are going to have a catastrophic event.”

Tuesday’s hearing came a little over a month after Internet giant Google revealed that it and other US companies had been the target of a series of sophisticated cyberattacks originating in China.

“National security and our economic security are at stake,” said Democratic Senator Jay Rockefeller, the panel’s chairman and a co-sponsor of a bill seeking to bolster public and private sector cybersecurity cooperation.

“A major cyberattack could shut down our nation’s most critical infrastructure — our power grid, telecommunications, financial services.”

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said that government intervention would probably be needed to crack down on the “Wild West” the Internet has become.

Read more »

Cyber attacks against power plants and other vital infrastructure may be higher than previously believed

A new study that interviewed power plant operators and other “critical infrastructure” indicates more than 50 percent of all U.S. power plants have had to deal with an increase in cyber attacks.

Security company McAfee funded the research, speaking with 600 IT managers and executives from 14 different nations.

Around 54 percent of those interviewed said some type of network “stealthy infiltration” took place, with the same number of executives noting they faced massive denial-of-service attacks on their networks at one point in time.

The threat of cyber attacks scare most computer users to be worried about potential data and bank theft — but security experts and government analysts note cyber attacks could be a national security issue as well.

Brazil had several high-profile blackouts in late 2009, which allegedly are tied to cyber attacks against the country’s IT infrastructure.  Brazilian officials denied cyber terrorism caused the outages, but it’s a major issue now that the 2016 Summer Olympic Games will  be held in Rio de Janeiro.

The threat of cyber attacks are even more serious now with China, North Korea, and Russia either hiring hackers directly to launch attacks, or are funneling money to hacker groups.

Power Plants Report Increase of Foreign-Based Attacks (DailyTech.com)

On a Monday morning earlier this month, top Pentagon leaders gathered to simulate how they would respond to a sophisticated cyberattack aimed at paralyzing the nation’s power grids, its communications systems or its financial networks.

The results were dispiriting. The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What’s more, the military commanders noted that they even lacked the legal authority to respond — especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war.

What some participants in the simulation knew — and others did not — was that a version of their nightmare had just played out in real life, not at the Pentagon where they were meeting, but in the far less formal war rooms at Google Inc. Computers at Google and more than 30 other companies had been penetrated, and Google’s software engineers quickly tracked the source of the attack to seven servers in Taiwan, with footprints back to the Chinese mainland.

More at:  In Digital Combat, U.S. Finds No Easy Deterrent (NY Times)

Clinton Condemns Cyber Attacks (Reuters)