Showing posts with label Cyber warfare. Show all posts
Showing posts with label Cyber warfare. Show all posts

Tuesday, May 21, 2024

US Military Academy Report Reveals Three Strategies to Counter Kamikaze Drones

 The ongoing conflict in Ukraine has highlighted the impact of inexpensive drones causing significant damage to advanced, costly targets. This insight, combined with the effectiveness of Hamas's drone attack on Israel on October 7, has spurred the anti-drone industry to innovate technologies to combat drone threats on the battlefield.

Recently, Russia has deployed new AI-powered anti-drone systems, Abzats and Gyurza, in Ukraine. Abzats, a mobile jamming platform, uses AI to autonomously execute electronic warfare tasks, jamming frequencies utilized by UAVs. Similarly, Gyurza's AI selectively jams frequencies used by Ukrainian drones, neutralizing them. Oleg Zhukov, CEO of Geran, a Russian research company, affirmed the effectiveness of AI in electronic warfare for automatically suppressing enemy drones.

Ukraine, meanwhile, is receiving various counter-drone systems from the U.S., such as counter-drone gun trucks and laser-guided rockets. Additionally, Ukraine has acquired several CORTEX Typhon systems from Norway's Kongsberg, which detect drones via radar and shoot them down with missiles. Ukraine has also developed its own EW systems like the Brave1 and the L3Harris VAMPIRE, a laser-guided missile launcher used effectively against Iranian-produced Shahed drones.

Israel is a key player in the counter-drone sector with systems like Rafael's Drone Dome and Elbit's ReDrone, which detect drones and emit jamming signals to disrupt their operation. These systems are used by various countries to protect critical infrastructure and are considered highly effective.

The counter-drone market is growing rapidly, projected to reach $14.6 billion by 2031 from $1.3 billion in 2021, driven by key players like Lockheed Martin, Dedrone, and Raytheon Technologies. However, the cost imbalance between cheap drones and expensive countermeasures poses a significant challenge. Experts argue that the industry has yet to develop universally applicable, scalable solutions.

Brett Velicovich, CEO of Drone Experts, noted the vast number of counter-drone technologies, but no single solution guarantees complete protection against drones. The real challenge lies in creating an affordable, effective system adaptable to various situations.

There are four main categories of counter-drone systems: Tracking, Jamming, Kinetic, and Hybrid/Cyber approaches. Tracking and jamming systems locate and disrupt drone signals, while kinetic systems destroy drones with projectiles. However, these systems' effectiveness varies based on location and situation, especially against multiple drone attacks.

As drone technology advances, new vulnerabilities in sensors and radar coverage are exploited. Consequently, there is growing emphasis on building impenetrable shelters like bunkers against drone attacks.

A report from the "Modern War Institute" at the US Military Academy outlines three primary defense strategies against one-way attack drones: shooting them down, using electronic interference, or seeking shelter. Despite expensive technologies, simple measures like sandbags and concrete remain effective. Bunkers, combined with radars and concrete T-walls, provide essential protection, although overhead coverage is crucial against precise attacks.

In conclusion, counter-drone operations require a multi-layered defense combining active and passive measures. A single, simple solution is not feasible, and the ongoing conflict will continue to see evolving tactics between drones and counter-drone technologies.

Wednesday, April 3, 2024

Analyzing the Air Power Balance: Indian Air Force vs. Chinese PLAAF




Amid escalating tensions, the Indian Air Force (IAF) faces a formidable challenge from the technologically advanced People’s Liberation Army Air Force (PLAAF) over the Himalayas. With over 1200 warplanes, the IAF stands in a tight spot against the PLAAF's locally developed and manufactured arsenal.

The PLAAF's substantial size and technological superiority pose a significant threat, yet the IAF holds advantages in operational bases and geographical positioning, critical for supporting Indian Army operations and counteracting PLAAF strategies.

As tensions simmer along the Ladakh border, questions arise about the IAF's ability to sustain operations in challenging mountain terrain and a potentially expanding conflict scenario. An objective analysis of PLAAF capabilities is crucial to assess the threat posed to IAF operations.

Delving into PLAAF platforms, training, and likely tactics provides insights into the potential challenges faced by the IAF. From frontline fighters like the Su-35 and J-20 to strategic assets like the H-6 bombers and advanced cruise missiles, the PLAAF presents a multifaceted threat.

Examining PLAAF training, tactics, and operational exercises reveals a concerted effort to enhance combat readiness and adaptability against near-peer adversaries. However, challenges remain in achieving uniformity across units and maintaining tactical proficiency.

In assessing the PLAAF's potential tactics, the utilization of stealth capabilities, force multipliers like AWACS, and precision strike capabilities underscores the complexity of the threat environment faced by the IAF.

Despite PLAAF's advantages, constraints exist, such as terrain limitations, logistical challenges, and vulnerabilities in extended operations from high-altitude airbases. The IAF's familiarity with low-level flying and operational bases offers strategic advantages in countering PLAAF aggression.

As both air forces engage in a potential conflict scenario, the balance of power hinges on factors like training, motivation, and adaptability. While the IAF may face initial challenges, leveraging strategic acquisitions and operational expertise can bolster its resilience against PLAAF incursions.

In navigating the air power balance, the IAF must prioritize strategic investments in cruise missiles, EW equipment, and air defense systems to mitigate PLAAF advantages and uphold national security interests in the region. 

Wednesday, June 27, 2012

Cartwright: China, S. Korea Need To Pressure North Korea---------Defense News


The United States should take a back seat to China and South Korea when it comes to applying pressure on North Korea, according to an influential, retired U.S. general.
“We could probably do a substantial amount of solving the problems of North Korea if we would let South Korea and China work the problem,” said retired Marine Corps Gen. James Cartwright, who retired last year as the vice chairman of the Joint Chiefs of Staff.
Cartwright’s comments came during a June 26 presentation at an event sponsored by Johns Hopkins University Applied Physics Laboratory.
“Once you start to introduce commerce, risk equations change substantially,” he said, noting both China and South Korea have built roads and rail lines up to the North Korean border.
“But as long as we’re there, it looks like a wartime footing. We’ve just got to think our way through how to do this,” he said.
The U.S. has about 28,000 troops based on the Korean Peninsula.
Cartwright, who since his retirement has been outspoken on defense issues such as nuclear deterrence and cybersecurity, said the United States should partner with China to make sure nations in the region “are taken care of, that they have access to goods, that they can move their goods.”
“We’re better off solving these problems if we do so with China,” he said.
Cartwright said there needs to be an authoritative venue that could address nations’ claims of natural resources under the South China Sea.

Wednesday, January 18, 2012

Chinese Virus hits DoD access cards


A Chinese-based cyber attack is targeting the U.S. Defense Department’s Common Access Cards with technology that could steal information from military networks while troops and civilians work at their desks, researchers say.
The new cyber weapon apparently can get inside individual computers after users unwittingly open a standard PDF email file. Once embedded, it logs the users’ keystrokes to obtain personal identification numbers or codes associated with that card and user, according to AlienVault, a Silicon Valley-based cyber security firm.
“Basically, they are able to steal the PIN and then they can get access to whatever they want,” said Jaime Blasco, the lab manager for AlienVault who published detailed technical information about the attack.
The attacks are a variant of a virus, or malware, known as “Sykipot” and date back as far as March 2011, Blasco said.
The new Sykipot strain specifically targets the technology used to support the Pentagon’s CAC system and the emails seeking to spread it often are disguised as official military or government communications, Blasco said.
To lure defense workers to open the infected attachment, some of the emails have used information about new drone technology and pictures of unmanned aerial vehicles, he said.
The hackers behind the virus can access military systems only as long as an infected user’s card remains logged into a system.
Pentagon spokeswoman Air Force Lt. Col. April Cunningham declined to comment on the details published by AlienVault.
“We are aware of reports regarding this matter and take these type of reports seriously. However, due to operational security, we are not able to provide further details,” she told Military Times.
Blasco said the virus is linked to a “command and control server” that appears to be based in China; some flaws buried deep in the code revealed Chinese language characters, suggesting that only a Chinese speaker would be able to launch it.
Defending against attacks using this technology is extremely difficult. The best way to keep military networks secure is to train troops and civilian employees not to open any unfamiliar files or email attachments, Blasco said.
Many military officials are eager to begin widespread use of smart phones, tablets and other wireless devices, but cyber security experts caution that such technology can be more vulnerable to cyber attacks.

Friday, January 6, 2012

Keep Investing in Stealthy ISR


A big danger with having sophisticated military systems is that you run the risk of losing them if you use them.
That appears to be the case with the U.S. Air Force RQ-170 Sentinel, the remotely operated reconnaissance aircraft that was recently lost over Iran. The stealthy aircraft, built by Lockheed Martin, entered service about a decade ago and has seen duty over hot spots worldwide since.
The United States has been using manned and unmanned aircraft for this mission for decades; the RQ-170 is only the latest that allows the United States to see into denied airspace.
The loss of any advanced aircraft poses special risks because it exposes its materials and technologies to enemy scientists and engineers. Now that the Iranians have the Sentinel - especially since it appears to have come into their possession largely intact - it's only a matter of time before China, North Korea and others learn about the UAV's stealth coatings, airframe structures and materials, sensors and electronic components, flight controls and more.
The Air Force is trying to learn as much as possible from the loss, such as why the plane lost signal and how it came to be recovered in one piece.
But more important, it must learn how to guard against such a dangerous loss of technology in the future. Such aircraft must be fitted with physical and electronic self-destruct mechanisms that will obliterate anything of interest as soon as it falls into enemy hands.
Last, the inherent value of having the kind of technology that makes an RQ-170 possible is a critical U.S. advantage in warfare. As defense budgets decline, continuing robust investment in advanced stealth, sensor and reconnaissance technologies is crucial to maintaining America's strategic and tactical advantages.

Sunday, January 1, 2012

Japan Developing Cyber Weapon



TOKYO: Japan has been developing a virus that could track down the source of a cyber attack and neutralise its programme, the daily Yomiuri Shimbun reported Sunday.

The weapon is the culmination of a 179 million yen ($2.3 million) three-year project entrusted by the government to technology maker Fujitsu Ltd to develop a virus and equipment to monitor and analyse attacks, the daily said.

The United States and China are reported to have put so-called cyber weapons into practical use, Yomiuri said.

Japan will have to make legal amendments to use a cyber weapon as it could violate the country's law against the manufacture of a computer virus, the daily said.

In November a computer system run by about 200 Japanese local governments was struck.

In October, Japan's parliament came under cyber attack, apparently from the same emails linked to a China-based server that have already hit several lawmakers' computers.

It was also reported that Japanese computers at embassies and consulates in nine countries were infected with viruses in the summer.

Currently, the virus is being tested in a "closed environment" to examine its applicable patterns. (AFP)
 

Tuesday, December 13, 2011

Iranian Cyber Commandos downed the American stealth Drone

A secret U.S. surveillance drone that went missing last week in western Afghanistan appears to have crashed in Iran, in what may be the first case of such an aircraft ending up in the hands of an adversary.

Iran’s news agencies asserted that the nation’s defense forces brought down the drone, which the Iranian reports said was an RQ-170 stealth aircraft. It is designed to penetrate enemy air defenses that could see and possibly shoot down less-sophisticated Predator and Reaper drones.

A stealthy RQ-170 drone played a critical role in surveilling the compound in Pakistan where Osama bin Laden was hiding in the months before the raid in which he was killed by U.S. Navy SEALs in May.

U.S. officials acknowledged Sunday that a drone had been lost near the Iranian border.
 This is the second time in history a stealth tech/plane has been brought down (f-117 being the first). Possible first time ever one has been hacked into in the air, and the fact that it's still in pretty good shape makes it priceless as it now can be disected and reverse/engineered

The chinese and russians are probably dying to take a look at this intact american Toy...

Billions of dollars worth of state-of-the-art stealth/drone/aircraft technology is now under the microscope being examined/reverse engineered.

Iran Did Not Down Drone: U.S. House Intel Chair

Iran did not down the U.S. spy drone captured by Iranian armed forces earlier this month, U.S. House Intelligence Committee chairman Rep. Mike Rogers said Dec. 13.
"I am satisfied in this particular case that no outside force brought this drone down," said Rogers, R-Mich., speaking at a conference sponsored by the Foreign Policy Initiative. "I will say without hesitation that this came down due to a technical problem."
On Dec. 12, President Barack Obama made public the U.S. request for Iran to return the drone.
"We've asked for it back. We'll see how the Iranians respond," Obama said during a news conference with Iraqi Prime Minister Nouri al-Maliki.
According to news reports, Brig. Gen. Ahmad Vahidi, Iran's defense minister, said Dec. 13 that the aircraft is Iran's property.
While Rogers said he is confident Iran did not down the drone, the United States should still be worried about its potential to do so via cyber attack in the future.
"Anytime that folks with ill intentions toward the United States come into possession of our technology is a bad day for the United States," he said.
However, while Iran tries to reverse-engineer the technology, the United States will be busy engineering new designs, he said.

Monday, December 12, 2011

Japan Launches Spy Satellite


TOKYO - Japan launched a new spy satellite into orbit Dec. 12 amid concerns over North Korea's missile program and to monitor natural disasters in the region, officials said.
The Japanese H-2A rocket carrying an information-gathering radar satellite lifted off at 10:21 a.m. local time from the Tanegashima Space Center in southwestern Japan.
"The rocket was launched successfully," said Toshiyuki Miura, a spokesman for Mitsubishi Heavy Industries, which built the satellite and worked on the launch with the Japan Aerospace Exploration Agency (JAXA).
"The satellite was separated into orbit around the Earth later," Miura added.
The government decided to build an intelligence-gathering system after North Korea launched a missile in 1998 that flew over the Japanese archipelago and into the Pacific, shocking many in Japan.
In defiance of international pressure, North Korea launched what was believed to be a three-stage Taepodong-2 missile in April 2009, with an estimated range of 6,700 kilometers (4,100 miles).
Japan has three operating optical satellites. Two radar ones were successfully placed into orbit, but both broke down later. Another optical satellite was launched in September but is not yet functioning.
Demand for land surveillance grew, meanwhile, after Japan's March 11 quake and tsunami, which killed some 20,000 people and crippled cooling systems at the Fukushima Dai-ichi nuclear plant, northeast of Tokyo, causing reactor meltdowns.
"The project is aimed at boosting security and monitoring land in case of sizable natural disasters like the one in March," a government official said, adding that the current three satellites were used to track the March calamity.
"If everything goes smoothly, it will be the first radar satellite under the program," the official said. "With the radar satellite, we can introduce wider usage of the system."
Radar satellites are able to capture images at night and in cloudy weather, something that optical satellites cannot.
The latest satellite cost some 39.8 billion yen ($512 million) to develop, while the launch cost about 10.3 billion yen, Kyodo News reported.
JAXA and Mitsubishi Heavy had originally planned to launch the satellite Dec. 11, but it was postponed due to bad weather.

Sunday, November 20, 2011

Norwegian Defense Firms Hacked, Intel Reports

OSLO - The biggest wave of hacking and espionage attacks in Norway's history has hit key defense and energy companies, the National Security Agency (NSM) said Nov. 18.
At least 10 companies have over the past year fallen victim to hackers in a string of attacks believed to be the work of one group, the NSM said in a statement.
"We have to suppose that the actual number (of victims) is much higher, but that many (companies) have not been in contact" with authorities, the agency said.
The security agency said it was difficult to track down the perpetrators, who used servers based abroad for their attacks, refusing to point fingers at any suspects.
"This is the first time that a hacking campaign of this magnitude has been detected in Norway," said NSM spokesman Kjetil Berg Veire.
The hackers in each case tried to gain access to the corporate network by sending seemingly legitimate emails to specific people, along with a well-concealed virus handing them remote access to the computer in question, according to the agency.
But each attack was "tailored" for the specific company, making it possible to escape detection by anti-virus programs, it said.
The main targets of the attacks were companies in the oil, gas and overall energy sector, as well as in defense.
The names of the targeted companies were not divulged.
"The attacks have, on several occasions, come when the companies have been involved in large-scale contract negotiations," NSM said.
The attacks had allowed the hackers to gain access to documents, industrial charts, usernames and passwords.
According to Berg Veire, however, it is impossible to quantify the possible losses, as no overview exists of what had been taken

Thursday, November 10, 2011

Lockheed Martin Unveils Australian Cyber Lab


CANBERRA - Lockheed Martin has unveiled its latest NexGen Cyber Innovation and Technology Centre (NCITE) facility in Canberra, joining existing sites in the United States and United Kingdom.
The 10 million-Australian dollar ($10.38 million) center, known as NCITE AU, occupies a reconfigurable, 900-square-meter area of the company's new headquarters in the nation's capital. When fully operational, about 200 people will work in the facility.
The official opening will occur in March, when the center will reach full operational capability. The company said it will link with the other two labs and bring together leading technologies and talent in a secure environment.
"The investment in the NCITE AU demonstrates Lockheed Martin's long-term commitment to Australia and the desire to serve its national security requirements." said Raydon Gates, chief executive of Lockheed Martin Australia.
"It will provide us with a base to service customer needs in both the civil and military markets, along with a platform to leverage industry partner and Lockheed Martin technologies to create rapid prototypes to speed innovation of solution delivery, while providing seamless advanced cybersecurity," he said.
"Networks and platforms must be defended against breaches," added Curt Aubley, Lockheed's vice president and chief technology officer of cybersecurity and NexGen Innovation. "By building trust and resilience in the systems we build and use for ourselves, Lockheed Martin and its industry partners can assure our customers that we have the capabilities and technology to do the same for them."
According to Aubley, the facility will also be part of a Global Cyber Innovation Range.
"We will be able to conduct offensive and defensive control testing and wildfire work on the Internet," he said. "It is a separate network where we can train offensive versus defensive, so we can rapidly learn in a safe and secure environment."
It will operate three private and one public computing clouds and operate to a secret level, Aubley said.
Lockheed also is considering incorporating a Systems Intelligence center in the facility in the future.
Other NCITE facilities, together with Systems Intelligence centers, are located in Gaithersburg, Md., and Ampthill, U.K.
The company also announced the imminent formation of what is tentatively known as the Global Innovation Alliance to harness the resources of leading technology providers in Australia. Inaugural members of the alliance will include Australian National University (ANU) Edge, Computer Associates, Dell, Glasswall Solutions, Hewlett-Packard, McAfee, Quintessence Labs, Schneider Electric and Taskey. Other organizations also are reportedly interested.
"By bringing the combined strengths of leading universities such as the ANU together with industry partners to address the challenge of cybersecurity, we can accelerate the development of effective solutions to growing threats without boundaries or limitations," said ANU Edge Professor Mick Cardrew-Hall, speaking on behalf of Canberra-based IT service providers.
"To defend against advanced persistent threats, we need to build effective security ecosystems based on collaboration, knowledge sharing and the rapid uptake of best practices," he said.
Cyberspace threats were recently added to consultative arrangements within the Australia, New Zealand, United States Treaty and the Australian government is fast-tracking a cybersecurity white paper, that was flagged in the defense white paper of 2009.

China's PLA Involved in Cyber Espionage: Report

TAIPEI - For the first time, a new report details China's signals intelligence (SIGINT) organization, including what role the People's Liberation Army (PLA) has in cyber intelligence collection.
The report, "The Chinese People's Liberation Army Signal Intelligence and Cyber Reconnaissance Infrastructure," by Mark Stokes and Jenny Lin of the Project 2049 Institute, Arlington, Va., provides the first overview of the PLA General Staff Department's Third Department, China's premier cryptologic service responsible for signals and cyber intelligence collection.
The Third Department is comparable to the U.S. National Security Agency and appears to be diversifying its traditional SIGINT mission to include cyber surveillance, also known as computer network exploitation (CNE), the report said.
The Third Department's Seventh Bureau (61580 Unit) is responsible for CNE. Headquartered in Beijing, the bureau's engineers specialize in computer network defense and attack, and have conducted joint studies with the PLA Information Engineering Academy Computer Network Attack and Defense Section. The bureau has been known to conduct research outlining U.S. network-centric warfare and dense wavelength-division multiplexing.
CNE also is conducted by the Technical Reconnaissance Bureaus (TRB), Stokes said: "A senior engineer from the Hainan office was granted awards for network-related work, including possible surveillance of Voice over Internet Protocol."
The Chengdu Military Region's 1st Technical Reconnaissance Bureau also may be involved in cyber surveillance.
The degree of control that the Third Department exercises over the Technical Reconnaissance Bureau bureaucracies of the country's seven military regions is unknown, but Third Department's resources dedicated to high-performance computing and its large arsenal of skilled linguists could comprise China's cryptologic "A-Team."
"The combination of SIGINT and CNE, for example, fusing transcripts of phone conversations with intercepted email exchanges, would enable a powerful understanding of plans, capabilities, and activities of an organization or individual in near real time," Stokes said.
China could be cracking down on its own cyber warfare activities. Lt. Gen. Wu Guohua, who directed the Third Department from 2005 to 2010, allegedly was transferred out due to unauthorized cyber attacks.
"If true, it appears that senior civilian leaders could have some understanding of the political damage caused by overt, hostile network penetration," Stokes said.
Another possible reason for the dismissal could be that the Third Department overstepped its area of responsibility. It is possible the PLA has consolidated computer and network attack missions with electronic warfare into an "integrated Network electronic warfare" activity under the Fourth Department, responsible for electronic countermeasures, said Desmond Ball, a SIGINT and cyber warfare specialist at the Australian National University's Strategic and Defence Studies Centre.
"Use of the doctrinal concept of 'integrated network and electronic warfare' implies an attempt to link computer network attack and jamming," Stokes said.
Both the Third and Fourth Departments are said to jointly manage a network attack and defense training system.
Though the U.S. continues to blame China for alleged intrusions into U.S. government and defense industry computer networks, the Chinese believe the U.S. is the attacker.
"Chinese analysts believe that the United States is already carrying out extensive CNE activities against Chinese servers," Stokes said. "Therefore, from the Chinese perspective, defending computer networks must be the highest priority in peacetime."
Ball points to massive internal problems with malicious hackers and possible intrusions from foreign governments. Chinese officials have said that China is the biggest victim of network hacking.
The Beijing-based National Computer Network Emergency Response Technical Coordination Center released a report in March claiming that more than 4,600 Chinese government websites had their content modified by hackers in 2010, an increase of 68 percent over the previous year, Ball said. An incident in 2000 involving a series of high-technology combat exercises by the PLA was suspended when a computer hacker attacked the military's network.

Wednesday, November 9, 2011

Coordinated Approach to Cyber Defense Urged

BRUSSELS - Countries need to have a good understanding of the cyber capabilities being developed by opponents, said a leading Israeli government official, because "you can't block an attack by waiting for the attack to come, including in cyber defense."
Isaac Ben-Israel, a senior cybersecurity adviser to the Israeli prime minister, was speaking at a Security and Defence Agenda event on cybersecurity.
Maj. Gen. Patrick Fermier, director of NATO C3 Staff, dodged a question about whether there was a need to improve cyber offensive capacity to improve cyber defense.
"NATO is trying to develop the protection of its infrastructure network," Fermier said. This is the first step, he added, after which "we'll see, at 28, what steps to take in the future. Protecting information and information sharing is a key parameter of success in any military operation."
Robert Bell, senior civilian representative of the secretary of defense in Europe and defense adviser to the U.S. ambassador to NATO, said that NATO needs to get all its agencies and commands under a single cyber defense roof by the end of 2012 and was on track to do that. He also said NATO needs to identify standards.
"We have no alternative except to work in close partnership with industry, which has much to teach us about the use of open standards to get us to the point where we need to be," he said.
Ben-Israel said Israel had realized in 2002 that the most vulnerable points are power production, water distribution, food supply etc. The country then set down a list of 19 key areas but faced a legal problem because most are owned or operated by the private sector. As a result, Israel had to change its laws and define how much government "intrusion" into the private sector was allowed in order to guarantee security.
The EU is faced with a similar issue in that a lot of its critical infrastructure is owned by the private sector. On this point, the German Ministry of the Interior has taken a stance in its national cybersecurity strategy, unveiled earlier this year.
"We are in favor of the alliance's commitment to establishing uniform security standards, which member states may also use for civilian critical infrastructures on a voluntary basis, as foreseen in NATO's new Strategic Concept," says the document.
Ben-Israel also said "there was a real threat from states and major criminal organizations." In that context, a report released Nov. 3 by U.S. intelligence agencies said, "the governments of China and Russia will remain aggressive and capable collectors of sensitive U.S. economic information and technologies, particularly in cyberspace."
Cecilia Malmström, the EU's commissioner for Home Affairs, pointed out that the EU has developed relations with NATO in this area and has a formal relationship with the U.S. But asked if there was an EU-NATO plan to respond to an Estonia-type cyber attack by another state or terrorist organization, she said that "there was no strategy."

Monday, November 7, 2011

Pentagon Looks for Weapons to Wage Cyberwarfare

WASHINGTON - The Pentagon's researchers plan to bolster their efforts to create offensive weapons for use in cyberwarfare, reflecting a growing concern over digital threats, U.S. officials said Nov. 7.
The U.S. government needed "more and better options" to safeguard the country from assaults on sensitive computer networks and had to invest in both offensive and defensive tools, said Regina Dugan, director of the Pentagon's research arm, the Defense Advanced Research Projects Agency (DARPA).
"Malicious cyberattacks are not merely an existential threat to our bits and bytes. They are a real threat to our physical systems, including our military systems," Dugan told a conference.
"To this end, in the coming years we will focus an increasing portion of our cyber research on the investigation of offensive capabilities to address military-specific needs," she said.
DARPA has proposed boosting funding in cyber research in the proposed 2012 budget from $120 million to $208 million and the Defense Department leadership has called for $500 million in funding for cybersecurity over the next five years, she said.
With other countries pursuing cyberwarfare capabilities and the danger from digital attacks growing by the day, the United States had to look at developing "offensive" arms to protect national security, said Dugan, without specifying what weapons could be employed.
"Our first goal must be to prevent war. We do so in part by being prepared for it. Failing prevention, however, we must accept our responsibility to be prepared to respond," she said.
Even while preparing for possible digital war, U.S. policy makers must protect civil liberties and the "peaceful shared use of cyberspace," she added.
A recent DARPA analysis of cybersecurity over several months concluded that the U.S. government had to rethink how it defends cyberspace to keep up with a threat evolving at lightning speed.
"Why is it that despite billions of dollars in investment and the concerted efforts of many dedicated individuals, it feels like we are losing ground?" she asked.
The DARPA study found that security software had grown more and more complex over the past two decades - involving up to 10 million lines of code- while various viruses and other digital assaults required an average of 125 lines of code for malware, according to Dugan.
"This is not to suggest that we stop doing what we are doing in cybersecurity. On the contrary, our existing efforts are necessary," she said. "These efforts represent the wisdom of the moment. But if we continue only down the current path, we will not converge with the threat."
DARPA organized the "cyber colloquium" in the Washington suburb of Arlington to help find better ways to address the digital threat, inviting members of industry, government and academia - including "white hat" hackers, she said.
At the same event, the head of the National Security Agency, the secretive intelligence agency that carries out eavesdropping on foreign communications, and the U.S. military's newly created cyber command, Gen. Keith Alexander, proposed one way to improve the country's cyber defenses - cloud computing.
By shifting to a "cloud architecture," the United States would save money and be better placed to protect vital computer networks, Alexander said.
The current complex web of government and military networks is unwieldy and intelligence agencies cannot easily monitor for intrusions or attacks, he said.

Mossad, IDF Websites Online After 'Server Crash'


JERUSALEM - The websites of Israel's military, Mossad and the Shin Bet intelligence services were back online on Monday after being unavailable the previous day due to what officials said was a "server crash."
The three sites, along with numerous other government websites, crashed on Sunday, two days after the international hackers' group Anonymous apparently threatened to take action after Israel blocked two boats of pro-Palestinian activists from reaching the blockaded Gaza Strip.
All three sites appeared to be working normally on Monday after being unavailable all day on Sunday. A spokesman for the office of Prime Minister Benjamin Netanyahu, whose website was not affected, blamed the outage on a "server malfunction" technical glitch rather than an attack by hackers.
"Israeli government websites crashed today because of a server malfunction, not as a result of a cyber attack," Ofir Gendelman wrote in a posting on Twitter late on Sunday.
The sites went down shortly after a video was posted on YouTube, allegedly by "hacktivist" group Anonymous, in which they threatened the Israeli government with retaliation after Friday's interception of two activist vessels that had been hoping to run Israel's naval blockade on the territory.
An earlier attempt to run the Gaza blockade in May 2010 had ended in bloodshed when Israeli naval commandos stormed the lead vessel of a six-ship flotilla, killing nine Turkish activists and sparking a wave of international condemnation - and a flurry of new attempts to reach the coastal enclave.
Entitled "An open letter from Anonymous to the Government of Israel," the video accused the Jewish state of "piracy on the high seas" and warned that if it continued to block ships heading to Gaza "then you will leave us no choice but to strike back," it said. It was not immediately possible to confirm whether the video was posted by Anonymous, which has been involved in scores of hacking exploits, many of them targeting governments. Last year, hackers associated with Anonymous launched retaliatory attacks on companies perceived to be enemies of the anti-secrecy website WikiLeaks.

Sunday, November 6, 2011

Chinese Cyber-Espionage Growing: U.S. Report

TAIPEI - A new U.S. intelligence report declares the most active and persistent perpetrator of economic espionage is China.
The report, issued by the U.S. Office of the National Counterintelligence Executive (ONCIX), draws on the inputs and reporting from more than a dozen U.S. law enforcement and intelligence collection bodies, including the CIA, FBI, DIA and NSA.
China views economic espionage as an "essential tool in achieving national security and economic prosperity," the report said.
The report - "Foreign Spies Stealing U.S. Economic Secrets in Cyberspace: Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011" - indicates the U.S. intelligence community judges the use of cyber tools is now a greater threat than more traditional espionage methods.
A recent Chinese espionage case in the U.S. contrasts the shift from traditional espionage tradecraft to today's cyber espionage techniques. Dongfan Chung, a former Boeing and Rockwell engineer who had worked on the B-1 bomber and space shuttle, was sentenced by a U.S. Federal Court in 2010 to 15 years for having 250,000 pages of sensitive documents in his home.
"This is suggestive of the volume of information Chung could have passed to his handlers between 1979 to 2006," the report said.
The logistics of handling the physical volume of so many documents, equal to "four 4-drawer filing cabinets," are staggering. However, according to the report, today the information could have easily fit onto a compact disc or transferred via e-mail. "Cyberspace makes possible the near instantaneous transfer of enormous quantities of economic and other information."
The costs of cyber espionage on commercial U.S. business are high.
■ Between 2008 and 2009 an employee of Valspar Corporation, David Yen Lee, downloaded proprietary paint formulas valued at $20 million with the intent of selling it to China.
■ Meng Hong, a Dupont Corporation research chemist, downloaded proprietary information on organic light-emitting diodes in 2009 with the intent of transferring the data to a Chinese university.
■ Yu Xiang Dong, a product engineer with Ford Motor Company, copied 4,000 Ford documents onto an external hard drive in 2009 with the intent of transferring the data to an automotive company in China.
China's intelligence services seek to "exploit" Chinese citizens or persons with family ties to China to recruit. Of the seven cases that were adjudicated under the Economic Espionage Act in 2010, six involved a link to China.
U.S. corporations and cyber security specialists have reported an "onslaught" of computer network intrusions originating from China. "Some of these reports have alleged a Chinese corporate or government sponsor of the activity," but the U.S. intelligence community has not been able to confirm these reports.
In a study released in February, McAfee attributed an intrusion attempt they labeled "Night Dragon" to a Chinese Internet Protocol (IP) address and indicated the intruders stole data from the computer systems of petrochemical companies.
In January 2010, VeriSign iDefense identified the Chinese government as the sponsor of intrusions into Google's networks.
MANDIANT, a cyber security company, reported in 2010 that information was pilfered from the corporate networks of a U.S. Fortune 500 company during business negotiations in which the company was looking to acquire a Chinese firm.
The report states that China is driven by its longstanding policy of "catching up fast and surpassing" the Western powers. "An emblematic program in this drive is Project 863, which provides funding and guidance for efforts to clandestinely acquire U.S. technology and sensitive economic information." Project 863 lists the development of "key technologies for the construction of China's information infrastructure."
In terms of military technology, China is focusing on two areas: marine systems designed to jump-start the development of a blue-water navy, and aerospace systems that will allow China's air force to develop air supremacy.
The U.S. is not the only victim of Chinese cyber espionage, according to the report. South Korea claims that in 2008 the country lost $82 billion in proprietary information from Chinese and other hackers. Japan's Ministry of Economic, Trade and Industry (METI) conducted a survey of 625 manufacturing firms in 2007 and found that more than 35 percent reported some form of technology loss and more than 60 percent of those leaks involved China.
Since late 2010, hackers have accessed more than 150 computers at France's Finance Ministry, exfiltrating and redirecting documents relating to the French G20 presidency to Chinese sites.
The British Security Service's Centre for the Protection of National Infrastructure warned hundreds of business leaders in 2010 of Chinese economic espionage practices, including the giving of gifts of cameras and memory sticks equipped with cyber implants at trade fairs and exhibitions.
German officials also noted that business travelers' laptops are often stolen during trips to China. "The Germans in 2009 highlighted an insider case in which a Chinese citizen downloaded highly sensitive product data from the unidentified German company where he worked to 170 CDs," the report says.
China always denies reports of being involved in cyber espionage and often responds with counteraccusations.

Friday, November 4, 2011

EU, U.S. Conduct Cyber Attack Exercise

BRUSSELS - The EU and U.S. carried out their first joint exercise to test responses to cyber incidents, including cyber attacks, here Nov. 3 as experts simulated how authorities on both sides of the Atlantic would cooperate in response to attacks.
Sony PlayStation, the EU Emissions Trading Scheme, European Commission and European External Action Service have all been subject to cyber attacks in recent months.
Two hypothetical scenarios were tested during "Cyber Atlantic 2011": an attack that attempts to extract and publish sensitive online information from the EU's national cybersecurity agencies, and an attack on supervisory control and data acquisition (SCADA) systems in EU power-generation equipment.
Cyber Atlantic 2011 grew out of an EU-U.S. Working Group on Cybersecurity and Cyber Crime, which was established in November 2010 to tackle new threats to global networks. The initial findings of the exercise will be taken into account in the working group's report, which will be presented to the EU-U.S. summit later this year.
EU and U.S. leaders agreed to set up the working group at their summit in Lisbon, Portugal, last November. Four expert subgroups have been established to deal with four different subject areas: cyber incident management; public-private partnerships; awareness raising; and cyber crime.
"Recent high-profile cyber attacks show that global threats need global action. Today's exercise provides valuable lessons for specialists on both sides of the Atlantic," EU Commissioner Neelie Kroes said in a Nov. 3 press release

Thursday, November 3, 2011

Boeing Unveils Cyber Effort

Long quiet about its cybersecurity capabilities and business, Boeing is starting to get more vocal about one of the few defense sectors expected to grow in the upcoming budget crunch.
The public push into cyber comes in the form of a ribbon-cutting ceremony for Boeing's new Cyber Engagement Center located little more than 100 yards from Fort Meade, Md., which houses the headquarters of the National Security Agency and U.S. Cyber Command. Boeing Vice President Brian Palma noted the significance of the center's proximity.
"There's absolutely an important part of this that is about being close," Palma said. "Obviously, the government is an important customer for us."
Boeing's name is hardly synonymous with cybersecurity; the market has been dominated by General Dynamics, Raytheon, Lockheed Martin and SAIC, among others. At Boeing's quarterly earnings call Oct. 26, the profitable commercial aviation business received most of the attention, while cybersecurity was barely mentioned.
"The perception is that they haven't talked about it," said Byron Callan of Capital Alpha Partners. "Other people have been talking about it for a while, and that might be a signal in and of itself, that they're not placing the same emphasis on cyber as others are."
However, Steve Grundman of Grundman Advisory said that while Boeing has not been very public about cyber, its other capabilities may prove a major asset.
"It's manifestly correct to say that Boeing has a relatively small IT business compared to its competitors, but it would not surprise me to learn that they have very advanced capabilities in protecting their communications networks," Grundman said.
New Cyber Center
At the Oct. 25 ceremony, Dennis Muilenburg, CEO of Boeing's defense division, said the new facility will house one of Boeing's three major network monitoring offices, and help develop products and collaborate with customers.
"This is the first time that we're bringing it all together in an engagement center where not only can we do the work of protecting Boeing's network and developing new products, but we can also bring customers in to experience those products," Muilenburg said.
As part of the opening ceremony, the company showed off four capabilities:
■ Secure Mobile Enterprise. Still in its infancy, the Secure Mobile Enterprise program is designed to provide platform agnostic security for mobile systems. Boeing would not disclose the means employed to secure the systems but said it had not created some of the products used in the security scheme. The company was describing the capability as a service. The system is designed to secure an entire device as opposed to operating through an individual application, giving greater flexibility to the user.
■ VSOC. Already in circulation for years, the Virtual Security Operations Console (VSOC) has integrated security camera and alarm feeds with 2-D and 3-D maps. Boeing has added the ability to feed network data into VSOC so that attacks on a network can be associated with a particular server on a map. Boeing said this feature will be especially useful in combating on-location attacks using thumb drives or similar devices.
■ TAC. The TripWire Analytic Capability (TAC) system works to mine data looking for connections. Internal documents or publicly available information can be compared to threat data to find correlations. The system uses a list of 500,000 queries that are constantly performed and expanded. Boeing said that although security experts typically spend 80 percent of their time searching for information on threats and 20 percent of their time analyzing threats, the TAC system inverts those percentages.
■ NarusInsight. One of the fruits of Boeing's July 2010 acquisition of Narus, NarusInsight is a network monitoring program that provides a dashboard that can visualize data. The program presents a map with network activity, as well as listings of activity deemed suspicious that are color-coded and organized by the seriousness of the threat. The software does not gather data, and is designed to be integrated into a pre-existing security scheme.
Emphasizing Cyber
While the company is publicly emphasizing cyber, its interest is not new, Palma said.
"We believe we're at an inflection point," he said. "We saw this coming, and this gives us a capability and a way to engage with customers that's different than we've had before, but we're not getting into the cyber business for the first time."
Company officials described cyber as a 100-year business, likening it to the aviation business that has been the backbone of Boeing since its creation.
"This is an area where we've been investing, and we will continue to invest," Muilenburg said.
The new cyber center probably does not reflect the strength of the company's business, Callan said.
"These are kind of iconic facilities, but I think cyber is still a business that gets down to individuals, as opposed to plants and facilities," he said. "It's always a hard market. It's not the same as visiting a factory. That's why you talk about intellectual prowess in cyber."
Even if the cyber business is growing, Callan said he doubted it could lift companies faced with cuts in nearly every other segment.
"It's going to be an important market, but from an investment standpoint, is cyber going to be something that is going to move the needle for these guys? My guess is, probably not."
The Boeing Co.: company profile
Headquarters: Chicago.
2010 revenue: $30.8 billion.