Can the genie be contained?

Cyber security for the US, including the US Congress and Pentagon is underdeveloped.  The Congress was recently hacked and a Pentagon contractor was likewise hacked.  The House and Senate networks are especially vulnerable.  According to US News and World report, congress traffics about 500 emails each year.  The number of attacks has grown from 8 million attacks per month, in 2008, to 1.8 billion per month for 2011.  The Senate Sergeant At Arms claims the Congress is safe – they only allow 1.1 attacks through every day.  The Pentagon is suffering the same level of attacks, but instead of a centrally located facility akin to the Congress in Wash DC, the Pentagon has its facilities plus those of its contractors and subcontractors.  The recent theft of details for new weapons systems has Pentagon officials questioning whether they need to redesign the system.  One Pentagon official claimed that the new Pentagon initiatives for countering cyber warfare do not go far enough, that intrusion into Pentagon cyber did not penalize attackers.  The Official indicated that the current strategy is “purely defensive” and there is no penalty for attacking us.  The Official indicated that more aggressive cyber tactics, as well as legal and diplomatic measures are needed to “raise the price” of attacking.

The ongoing Saga - Pentagon vs. the Cyber

In the ongoing saga of the Pentagon and Cyber War, the Pentagon declared the Internet a war domain.  Just think, the 8 year Johnny or Susie logging on to his Macintosh to download Pond Puppies could somehow be caught up in a war zone and may have his computer taken over by the Pentagon and recruited as a bot.  Internet bots, also known as web robots, WWW robots or simply bots, are software applications that run automated tasks over the Internet.  The largest use of bots is in web spidering, in which an automated script fetches, analyzes and files information from web servers at many times the speed of a human.  Many organizations, large and small rely on the internet to function, including the State and Federal governments, large corporations, and small businesses.  The Pentagon is claiming that the bad guys are taking war to the Cyber and that they have no choice.  The Pentagon plans to focus on three areas in their Cyber War plans – the theft or exploitation of data; attacks of US military networks (how they can differentiate between military and civilian, I’ll never know) and the destruction or degradation of networks.  The plans do not specifically differentiate between those of the US or others.   One of the obstacles facing the US military is that many components used in the US internet infrastructure are designed, manufactured and assembled overseas.  As part of their strategy, the Pentagon is adopting the Cyber as a medium in which wars can be fought, much like the ground, air and water is used for fighting wars.

Organized Crime and the Cyber

Organized crime syndicates are organizing for an attack on the cyber world.  The US Secret Service, has successfully investigated and prosecuted numerous of the largest cybercriminal cases in the US.  In 2010 alone, the USSS arrested over 1200 suspects for some form of cybercrime totaling over $500 million in actual loss and prevention of over $7 billion in losses.  According to the 2011 Verizon Data Breach Investigations Report, cybercriminals are primarily interested in point-of-sale systems, performing account takeovers, and Automated Clearing House transaction fraud.  Many of these criminals originate from Eastern Europe.  As a result, the USSS and other agencies are teaming up with their counterparts in Romania, Germany, Turkey and elsewhere.  Romania, it appears, is the hotbed of most cybercrime.  Romanian legal forces are marshaled to take down the international organized crime organizations.  The Russians too are getting involved.  Some Russian agents are being trained in the US in the hopes of becoming as affective as the Romanians become.  In addition, cybercrime in Eastern Europe will be met with an increase in penalties.

Civilian Perspective on Cyber Warfare

Dartmouth College defines cyber warfare as nation-states participating in offensive and defensive operations, using computers to attack other computers or networks through electronic media.  The attackers do not need to be part of the military forces of these nation-states, rather they can be any person, sanctioned by these units.  The purveyors of cyber warfare are individuals who know how to exploit weaknesses in software and computers.  These nation-states, including the United States gather intelligence or spy to determine vulnerabilities in the digital infrastructure of known or potential enemies.  In doing so, they determine how to defeat the enemy while learning of their own weaknesses.  Perfect security is but a dream.  This is true for information security.  Since the beginning of time, someone has devised a means to defeat any security system – hackers are no different.  As soon as one security system is established, a hacker is disabling it.  The best we can to is minimize or mitigate the destructive nature of cyber warfare.