U.S. Security Experts Seek More Extensive Information-Sharing

It's not the loud pronouncements by hacking groups or the highly visible denial-of-service attacks that scare cybersecurity experts. It's silence.
In the escalating battle against cyber attackers, the focus has been on new security software and cyber hygiene, but one of the greatest tools against "the adversary," as cyber attackers are called in industry parlance, is the relatively low-tech approach of sharing information about attacks.
Yet contractors continue to remain mum on many intrusions - citing liability concerns - creating a vacuum that reduces their ability to fight attacks. The U.S. Defense Department continues to hunt for a way to increase reporting when both classified and unclassified sensitive data are compromised.
"The bad guys are fast; they have no intellectual property boundaries, no rules, they just execute and with all this funding they could kill us if we don't match that with good information sharing," said Phyllis Schneck, vice president and chief technology officer for the public sector at McAfee Security. "It's like a weather forecast; the more data you have, the more lives you can save if you can forecast the tornado or the hurricane."
McAfee highlighted the issue of information sharing when it released a report Aug. 3 about an effort to track a group of intruders. The project, Operation Shady RAT, found that the intruders had grabbed data from 72 different entities, including 13 defense contractors and 22 government agencies, in 14 different countries, with more than two-thirds of those attacks targeting the U.S.
The project's name refers to a technique of using remote access tools (RAT) to infiltrate networks. In order to gain access to the networks, the attackers employed spear phishing, sending emails that appear to be from a recognized contact that encourages a download concealing malicious hardware.
The group used the same set of tools for five years, suggesting that later victims might have been able to respond more effectively if they had learned of the pattern in earlier attacks.
To push for greater disclosure, the DoD has been exploring two avenues: a new Defense Federal Acquisition Regulations Supplement (DFARS) rule that would make mandatory the reporting of intrusions that compromise certain types of sensitive information; and the Defense Industrial Base (DIB) Cyber Pilot program, a voluntary program that includes roughly two dozen companies reporting intrusions involving classified and sensitive data, and disclosure by the DoD of threats it has detected.
But reporting attacks, even to government agencies that promise anonymity, is not without risks, said Alan Chvotkin, executive vice president of the Professional Services Council. "It's reputation liability, legal liability and business liability," he said.

DFARS Proposed Rule

Dipping its toe into mandatory compliance, the Pentagon is circulating for comment until Aug. 29 the proposed new rule for the DFARS that would compel contractors to disclose intrusions. The rule would require that contractors provide "adequate security," report cyber incidents within 72 hours and conduct a review of their networks to search for information about the attacks.
But although Chvotkin said that contractors agree with the notion of improving security, there are questions about the rule.
"One of the underlying concerns in the DFARS proposed rule is that it makes security a contract compliance issue, so does a breach incur not only some liability and exposure but also a contract breach because you haven't met the standards? Even if you've met the regulations, errors still occur."
He also pointed to the unknown risk of liability, acknowledging concerns about trust as it relates to company anonymity during the reporting process.
"Trust develops over time," he said. "As companies have participated, that trust factor goes up. Just like voluntary disclosure and others, you come to the first one reluctantly."
The issue of trust is very real, said Bill Marshall, managing director of The Chertoff Group and former deputy chief of staff for cyber at the National Security Agency.
"There's a significant lack of trust between the government and the private sector," he said. "There's also a lack of understanding as far as concerns and needs on both sides of the fence, and that's an impediment."
He pointed to the potential repercussions of information leaks. "What if a penetration shows up in The Washington Post? What if you have to explain that to your shareholders?"
Jeff Moulton, a researcher at the Georgia Tech Research Institute, said there would need to be a means for enforcement for the rule to be effective.
"There has got to be an ironclad way to make sure that there are serious repercussions for a person who discloses information," he said. "If somebody wants to torpedo the stock price of a company, all they have to do is release that information."

DIB Cyber Pilot

The Pentagon has also looked for a voluntary approach to the reporting problem. The DIB Cyber Pilot, lasting 90 days and including a limited number of companies, has been successful, said Alan Paller, who directs research at the SANS Institute.
"It worked wonderfully," he said. "It found specific evidence of attacks taking place in one company that was occurring in three other companies that those other companies didn't know about."
He noted that even when companies volunteer, reporting is still an issue.
"There are at least two to three times the number of attacks than are presented to the community, and that's among people that are agreeing to share the data," he said.
Experts said voluntary reporting would be most effective if smaller companies were included in the process, whereas most of the companies in the DIB Cyber Pilot are large. Larger companies typically have large cybersecurity staffs and conduct extensive research on intrusions, while smaller companies may not have the resources to invest in this type of research.
By sharing data between larger and smaller companies, the contracting community as a whole would likely be better protected as the transfer of sensitive data occurs across the spectrum of company size.
While there has been discussion of implementing a program similar to the DIB Cyber Pilot on a larger scale, the problem of cost looms. Speaking about the DIB Cyber Pilot, Deputy Defense Secretary William Lynn talked about the cost issue at a press conference in July.
"One of the reasons this is a short pilot is that for 90 days, people are willing to hold their breath and not worry about the 'who pays' part," he said. "But when you get beyond that, when we get more permanent, there is a question of who pays, and that's one of the central questions that we're tackling."

Cost and Oversight

Regardless of the technique employed to promote communication, the issue of cost remains.
"Quite frankly, this is a cost that they're trying to drive as close to zero as they can, and the costs keep going up," Marshall said.
Those costs are hard to justify for many companies, as there isn't a simple risk/reward equation that companies can do, and potential gains in security are hard to compare against the costs.
"The view that the regulations need to change is a recognition that there is not a financial incentive for them to do that," Marshall said. "That's one of the things that is kind of an arrow in the quiver that has to be used judiciously."
And the cost to companies is not alone. The issue of government resources to provide data analysis and potentially enforcement of mandates raises important questions, Moulton said.
"The government doesn't have enough people to police themselves, so how are they going to go out and verify that companies are doing this?" he said.
Chvotkin voiced the same concern.
"It calls on the resources available to the government. How much are they willing to spend?" Chvotkin asked.
The DFARS proposed rule would also include a mandate to provide "adequate security," meaning the cost would be twofold: creating an appropriate security system and providing the manpower to produce the report for the Pentagon in the event of an intrusion.
But the concerns about cost are insignificant compared to what is being lost, Paller said.
"They're losing America's greatest treasures. Their fears are irrelevant," he said. "They've lost some of the stuff that our entire economic infrastructure is based upon."

China: Japan's Defense Comments 'Irresponsible'

BEIJING - China launched a series of blistering attacks on key rival Japan on Aug. 4 after a defense paper approved by Tokyo criticized Beijing's military build-up and growing territorial assertiveness.

State news agency Xinhua went further, accusing Japan of "China bashing" and warning the document could jeopardize relations between the neighbors, while the defense ministry also issued a statement condemning the paper.

China's foreign ministry branded the paper "irresponsible," insisting Beijing's drive to modernise its forces was entirely defensive, and expressed its "strong dissatisfaction".

Japan's annual defense report, released this week, voiced concern over China's growing assertiveness in the South China Sea and Pacific Ocean, and what it called the "opaqueness" of Beijing's military budget.

"The Japanese 2011 defense white paper made irresponsible comments on China's national defense construction. China expresses its strong dissatisfaction," foreign ministry spokesman Ma Zhaoxu said.

"China's development is offering significant opportunities to all countries - including Japan - and China has not been, and never will be a threat to any other country."

China broke off all high-level contact with Tokyo last September after Japan detained a Chinese fishing boat captain whose vessel collided with Japanese coast guard patrol ships in waters claimed by both sides.

The row between Asia's two biggest economies was their worst in years and undermined painstaking recent efforts to improve relations marked by decades of mistrust stemming from Japan's 1930s invasion of China.

The Chinese skipper was released after more than two weeks and the two countries, which have deep trade ties, have been trying to mend fences.

Japan's defense report used a Japanese word that can be translated as "overbearing" or as "assertive" to describe China's stance over its "conflicting interests with neighboring countries, including Japan".

The paper also said China's defense spending was not transparent, saying that the budget publicly announced by China "is widely seen as only part of what Beijing actually spends for military purposes."

"Opaqueness in its defense policies and military movements are concerns for the region, including Japan, and for the international community, and we need to carefully analyze them," it said.

Xinhua called claims "groundless" and said the report "dutifully carries out its China-bashing tradition, nitpicking at China's defense expenditure growth and military modernization in the manner of a back seat driver".

Earlier this year, China announced military spending would rise 12.7 percent to 601.1 billion yuan ($91.7 billion) in 2011 after funding slowed last year.

Beijing has repeatedly sought to alleviate fears over its pursuit of sophisticated missiles, satellites, cyber-weapons and fighter jets, stressing that the nation's defense policy is "defensive in nature."

It has invested heavily in developing its first stealth fighter jet, revealed in January, as well as an aircraft carrier and anti-ballistic missile capable of piercing the defenses of even the most sturdy U.S. naval ships.

However, China has become increasingly assertive in its claims over the East China Sea and South China Sea, most of which it views as its maritime territory, but where several other Asian nations have competing claims.

Huge Cyber Spying Effort Revealed, China Suspected

WASHINGTON - The United States, United Nations, defense contractors and the International Olympic Committee were targets of a massive global cyber spying campaign, a computer security firm said on Aug. 3, with China seen as the likely culprit.

McAfee vice president for threat research Dmitri Alperovitch described it as a "five-year targeted operation by one specific actor" but declined to identify the country responsible.

California-based McAfee said in a report it had identified 72 victims in 14 countries of a sophisticated hacking effort dubbed "Operation Shady RAT," which it traced back to at least 2006.

The "compromised parties" included the governments of Canada, India, South Korea, Taiwan, the United States and Vietnam, McAfee said, as well as a U.S. Department of Energy research laboratory and around a dozen U.S. defense contractors.

Others included computer networks of the United Nations, the Association of Southeast Asian Nations, the International Olympic Committee, Asian and Western national Olympic committees and the Montreal-based World Anti-Doping Agency.

In a conference call with reporters, Alperovitch, the lead author of the report, said the intrusions into the systems of defense contractors targeted "sensitive military technologies."

He said McAfee had notified law enforcement about the cyber espionage campaign, briefed the White House and members of the U.S. Congress and was working with some of the targeted companies on remediation efforts.

"We believe based on the targeting and the scale and the impact of these operations, and the fact that they didn't just have an economic gain in mind but also political and military, that that this is clearly a nation-state but we're not pointing the finger at anyone," Alperovitch said.

James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said the evidence may not be "conclusive in a legal sense," but suspicion points towards China.

"You can think of at least three other large programs attributed to China that look very similar," Lewis told AFP. "It's a pattern of activity that we've seen before."

Google said in June that a cyber spying campaign originating in China had targeted Gmail accounts of senior U.S. officials, military personnel, journalists and Chinese political activists.

In January of last year, Google announced it was halting censorship of its Internet search engine in China after coming under attack along with 20 other companies from hackers based there.

In February, McAfee said in another report that hackers in China have penetrated computer networks of global oil companies, stealing financial documents on bidding plans and other confidential information.

McAfee said it had discovered the "Shady RAT" series of cyber attacks by gaining access to a command and control server in a Western country used by the intruders and examining its logs.

"After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators," McAfee said.

McAfee said attacks on Asian and Western national Olympic committees, the International Olympic Committee and the World Anti-Doping Agency occurred in the lead-up and immediate follow-up to the 2008 Beijing Olympics.

It described this as "particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks."

Other targets included a private Western organization focused on promoting democracy, two U.S. national security think tanks, South Korean steel and construction firms, a Danish satellite communications company, a Singapore electronics company, a Taiwanese electronics firm, Vietnam's government-owned technology company and U.S. state and county governments, McAfee said.

It said a major U.S. news organization - identified as the Associated Press by The Washington Post - was "compromised at its New York headquarters and Hong Kong bureau for more than 21 months."

McAfee said the attacks involved sending infected emails to employees of the targeted companies. When opened, the emails implanted malware and established a backdoor communication channel to the command and control server.

Data theft appeared to be the chief objective of the attackers but Alperovitch warned the "potential exists for even more insidious activity."

"These intruders are in our systems, in the systems of all these companies, in all these government systems," he said. "The likelihood that they'll escalate the activity from just stealing data to modifying data or destroying data or destroying systems is also there."

NATO Probes Hackers' Claim of Security Breach

BRUSSELS - NATO is investigating claims by the hacker group Anonymous that it plundered sensitive data from alliance computers, a NATO official said July 22.

"We are aware that Anonymous has claimed to have hacked us and we have security experts investigating these claims," the official said.

"We strongly condemn any leaks of classified documents, which can potentially endanger the security of NATO allies, armed forces and citizens," the official said on condition of anonymity.

The group posted a message on Twitter this week claiming to have looted about a gigabyte of NATO data and said it was too sensitive to release.

"Yes, we haz (sic) more of your delicious data," the Twitter post read.

"You call it war; we laugh at your battleships."

Last month, NATO said it was notified by police dealing with digital crimes that an alliance website was probably breached by hackers.

The e-Bookshop website, a separate service for the public to access alliance publications, did not contain sensitive information.

Hacker Group Claims Hit on U.S. Defense Contractor

SAN FRANCISCO - Hacker group Anonymous on July 11 released a trove of military email addresses and passwords it claimed to have plundered from the network of U.S. defense consulting firm Booz Allen Hamilton.

AN IMAGE OF a data center in Chicago. Hackers say they stole thousands of passwords for U.S. military email addresses by getting into Booz Allen Hamilton's network. (Microsoft)

Anonymous made available a file containing more than 90,000 email addresses and other information it said in online messages that it stole from an unprotected server at Booz Allen.

"While this should certainly be embarrassing to Booz Allen Hamilton, the real impact is on the U.S. military," the post continued."Anonymous claims to have erased four gigabytes worth of source code and to have discovered information which could help them attack U.S. government and other contractors' systems," computer security firm Sophos said in a blog post.

In a message accompanying the data at file-sharing website The Pirate Bay, Anonymous said Booz Allen was targeted in a "Meltdown Monday" as part of an anti-security, or "antisec," movement.

"So in this line of work you'd expect them to sail the seven proxseas with a state-of-the-art battleship, right?" Anonymous said, using pirate jargon and playing off a reference to proxy computer servers.

"Well, you may be as surprised as we were when we found their vessel being a puny wooden barge," the message continued. "We infiltrated a server in their network that basically had no security measures in place."

Although some downplayed the value of the looted data, computer security specialists warn that the email addresses could be used to target messages that trick recipients into revealing information or downloading viruses.

Booz Allen declined to comment on the incident, citing a company policy of not discussing "specific threats or actions taken against our systems."

Anonymous rose to infamy last year with cyber attacks in support of controversial whistle-blower website WikiLeaks.

The group was linked to attacks on Visa, Mastercard and Paypal, which blocked donations to WikiLeaks after it published thousands of U.S. diplomatic cables.

Early this year, Anonymous took credit for breaking into the website of HBGary Federal, stealing tens of thousands of email messages and temporarily routing traffic to a page with a vitriolic message.

Anonymous claimed to have busted through HBGary Federal computer defenses in February because the firm was working with federal agents to expose the hackers' identities.

The HBGary hack was more sophisticated than the distributed denial of service (DDoS) attacks last year on the Amazon, Visa and MasterCard websites in apparent retaliation for their decisions to stop working with WikiLeaks.

In a typical DDoS attack, a large number of computers are commanded to simultaneously visit a website, overwhelming its servers, slowing service or knocking it offline completely.

In recent months, police in Spain, Turkey and Italy have arrested suspected members of Anonymous, which is believed to have branches in several countries.

DoD to Release Public Version of Cyber Strategy

The U.S. Defense Department is hoping to drive the development of cyber war-fighting tools that will give itself new advantages on virtual battlegrounds.
Next week, the Pentagon will release an unclassified version of its much-anticipated cyber war-fighting strategy. Finalized several months ago, the strategy calls for treating cyberspace as a domain in which the military needs to be able to operate and defend U.S. interests, according to Deputy Defense Secretary William Lynn.

"To do that … a military organization needs some sort of command structure to organize, train and equip the forces," Lynn said during a July 8 interview at the Pentagon.
Cyber security and the damage of attacks have become more frequently discussed by senior defense officials in recent years. Attacks can originate from virtually any computer with a network connection, and it is often difficult to trace their origins.
DoD is going to spend more on cyber technology and train its personnel better, Adm. Michael Mullen, chairman of the Joint Chief of Staff, said this week.
"The single biggest existential threat that's out there, I think, is cyber," Mullen said during a July 7 taping of This Week in Defense News. "I think we're going to have to focus a lot more on it."
DoD's strategy has also helped increase cyber-aligned resources, including nearly $500 million into the Defense Advanced Research Projects Agency (DARPA), according to Lynn.
"In draft form, we've used that strategy to build a stronger program and budget," he said. "Then we've used what we're doing here as a platform to reach out in the interagency process to help drive the legislative initiatives, as well as to develop a memorandum of agreement with the Department of Homeland Security, to work with them to think about how we're going to extend protections to critical infrastructure."
The strategy also calls on DoD "to utilize our advantages in technology to maintain our military strength that's dependent on information technology," Lynn said.
"In particular, over time, we're looking to change the balance between offense and defense in the Internet," he said. "Right now, the attacker has all the advantages and the defender is constantly playing catch up."
But DoD thinks it can get a leg up on this trend.
"We think you can make long-term … five- to 10-year technology investments where you might be able to change that balance so then you can impose more costs on the attacker," Lynn said.
To that end, DARPA and industry are exploring encrypting stored data so even if a computer gets hacked, the data is still protected. This type of encryption would provide "more balance between attacker and defender," according to Lynn.
"The challenge with that is you can do that now, but it really slows processing time," he said.
Although Lynn does not expect DoD to be "the dominant source of funding for this kind of stuff," he believes the Pentagon can "cede important investments" similar to the way it did with high-performance computing in the past.

Japan, U.S. To Expand Missile Defense, Cyber Cooperation

The United States and Japan pledged to continue working together on missile defense, cyber and space initiatives, as well as expanding information-sharing and intelligence, surveillance and reconnaissance activities.
"We have … agreed on a framework to transfer jointly produced missile defense interceptors to third parties, to deepen our cooperation on humanitarian assistance and disaster relief, and to start new initiatives in space and cybersecurity," U.S. Defense Secretary Robert Gates said during a June 21 briefing.

As for missile defense, the ministers decided to study future issues in preparation for transition to a production and deployment phase of the SM-3 Block 2A. The ministers designated the Joint Arms and Military Technology Commission as the consultation mechanism for such future third party transfers.
In addition, the ministers agreed to promote dialogue on the diversification of supplies of critical resources and materials, including energy and rare earths, which are abundant in the region.
"The ministers decided to expand joint training and exercises, study further joint and shared use of facilities and promote cooperation, such as expanding information sharing and joint intelligence, surveillance, and reconnaissance (ISR) activities, in order to deter and respond proactively, rapidly and seamlessly to various situations in the region," according to a joint statement by the U.S.-Japan Security Consultative Committee.
The U.S. reaffirmed its pledge to defend Japan and the peace and security in the region through conventional and nuclear force.
The United States also pledged to "tailor [its] regional defense posture to address such challenges as the proliferation of nuclear technologies and theater ballistic missiles, anti-access/area denial capabilities, and other evolving threats, such as to outer space, to the high seas, and to cyberspace."
In space, the two countries acknowledged the potential for future cooperation in space situational awareness, a satellite navigation system, space-based maritime domain awareness and the utilization of dual-use sensors, according to the statement. The ministers also agreed to "promote the resilience of critical infrastructure, including the security of information and space systems."
The ministers also welcomed the establishment of a bilateral strategic policy dialogue on cybersecurity issues.
Many of the strategic agreements are related to recent activities by China and North Korea.
China has been developing anti-ship ballistic missiles that the U.S. views as a threat to its ships in international waters.
At the same time, North Korea has been developing strategic ballistic missiles.
In addition, much light has been shed on the need for space situational awareness in the wake of a Chinese anti-satellite test several years ago, which resulted in the creation of a large amount of space debris.

NATO Plans Force to Respond to Cyber Attacks

TALLINN - NATO wants to beef up its cyber defense capabilities with the creation of a special task force to detect and respond to Internet attacks, an alliance expert said at a conference on cyber security here on June 8.
"NATO is planning to establish the Cyber Red Team (...) that would provide a significant contribution to the improvement of NATO's cyber defense capability," Luc Dandurand and expert with NATO's C3 Agency told delegates to the alliance's third annual cyber defense conference.

The new NATO cyber force could be involved in simulating threats and controlling readiness to response, gathering and using public information from open sources, scanning and probing networks as well as conducting denial-of-service attacks against specific services or networks, according to Dandurand.
The Symantec cyber security firm recently reported that web-based attacks in 2010 were up 93 percent from 2009.
"The need for such a team is obvious," Dandurand said, adding it would primarily be tasked with detecting, responding to and assessing the "damage cyber attacks can cause in a military sense."
Dandurand also highlighted legal and privacy issues that must be addressed before NATO's cyber force can take shape.
"The two main issues identified at this point are the need to legitimize the Cyber Red Team activities that could otherwise be construed as the malicious or unauthorized use of computer systems, and the potential for invasion of privacy resulting from cyber red team activities," he told experts gathered at NATO's Tallinn-based Cyber Defence Centre.
"Cyber-attacks against Estonia in the Spring of 2007, during Russia's operation in Georgia in 2008, and the many more cyber attacks we have seen worldwide since then have shown us there is a new kind of war that can cause a lot of damage," Maj. Gen. Jonathan Shaw, a British defense ministry official told delegates.
"We need a response system and we need to learn to respond fast. In the cyber world you have to do lot of homework before the attack in order to be effective," he added.
The three-day conference, which kicked off June 7 and is attended by 300 international cyber experts, focuses on the legal and political aspects of national and global Internet security.

NATO Addresses Cyber Security at Tallinn Meeting

TALLINN, Estonia - Three hundred global cyber experts gathered in Tallinn on June 7 for a NATO Cyber Conflict conference focused on the legal and political aspects of national and global Internet security amid a rise in attacks.
"The special focus at the conference this year is on generating cyber forces (...) the technologies, people and organizations that nations require to mitigate cyber threats that have been increasing with rapid speed," Col. Ilmar Tamm, head of NATO's Tallinn-based Cyber Defence Centre told AFP as the forum got underway .

According to Tamm, the Symantec cyber security firm recently reported that "web-based attacks in 2010 were up 93 percent from 2009."
"This calls for frameworks in both legal and strategic aspects which would guide the decision makers on how to act on these cases," Tamm said.
The Tallinn conference will coincide with a NATO defense ministers' meeting in Brussels where a new cyber defense policy for NATO will be adopted.
Meanwhile, at the third annual Tallinn meeting, experts from 37 countries are to share cutting-edge cyber security research, Tamm explained.
Among others, Ralph Langner, the German computer scientist who conducted much of the ground-breaking research on the Stuxnet worm, will present an analysis of what has been called the world's first cyber weapon.
Keir Giles from the U.K. Conflict Studies Research Centre is to analyze global cyber attacks from Russia and whether they can be seen as acting under a so-called Russian Cyber Command.
Talks will also focus on the recent U.S. government decision to treat cyber attacks as military attacks and make relevant legislative changes.
"The support the U.S. initiative has got in many other states, including Estonia and the U.K., indicates nations' increasing willingness to discuss military responses to cyber attacks," Tamm told AFP.
"With cyber incidents becoming more and more intrusive, it is a logical step for militaries to develop capabilities to counter cyber attacks and be prepared to engage in proportional response to cyber attacks," he added.
Though in practice, "it will be challenging to tailor a cyber response that would respect the rules of combat related to civilian objects and collateral damage," he added.

No Consensus on Cyber Attacks

The U.S. government still lacks a consensus about how to ward off and retaliate against cyberattacks, analysts said after a week in which the world's largest defense contractor and other companies acknowledged their computer networks had been infiltrated.
"Although Lockheed [Martin] nipped this attack in the bud, it's pretty obvious that the federal government isn't prepared to cope with the kind of cyber onslaught that it's facing," said Loren Thompson of the Lexington Institute, Arlington, Va.
Each government agency - and even the military services within the Defense Department - has a different picture of what cyber is and how it contributes to the mission, according to Charles Dodd, a cybersecurity consultant in Washington who has advised Congress and other government agencies.
"The biggest problem is they look at the data security and the way forward only as it pertains to their mission," Dodd said. "What they miss is that cyber isn't different. It doesn't change just because your mission does. How you use it does."
U.S. government computer networks are attacked about 1.8 billion times per month, according to a recent Center for New American Security (CNAS) report, and Dodd said the weeks since U.S. forces killed Osama bin Laden have seen an uptick.
So-called hacktivists tend to "stretch their cyber legs" following major world events - and state-sponsored entities are starting to behave similarly, he said.
"The techniques of both these groups are kind of the same," he said.
Lockheed Martin, the largest supplier of weapons to the U.S. military, acknowledged last week that its network had been breached.
In a May 29 statement, company officials said the May 21 attack was detected "almost immediately," and that no customer, program or employee data had been compromised.
The FBI is leading an investigation into the intrusion, according to Robert Butler, the Pentagon's deputy assistant secretary for cyber policy.
"The analysis on these activities ... is challenging, it's diffuse, and lots of different pieces have got to be put together," said Butler, who spoke June 2 as part of a panel at a CNAS conference.

Coordination Efforts

The CNAS report said deterring and preventing cyberattacks will require "stronger and more proactive leadership" by the federal government. It suggested the White House create an office of cyber policy.
The Obama administration is striving to get government agencies on the same page. In May, the White House sent a package of proposed cybersecurity legislation to Capitol Hill, largely dealing with securing networks and defining the Department of Homeland Security's role.
But federal officials and analysts said that more legislation is needed; in particular, stricter laws to deter cyber offenders.
"The penalty for cyber criminals [is] not adequate at this point in time," Rand Beers, DHS's undersecretary for its national protection and programs directorate, said at the CNAS conference. "We're going to have to fix that."
Dodd said those who use bullets or bombs face far greater, or at least clearer, consequences than online attackers.
"These groups are attacking these networks, and there's just no fear of retaliation," he said. "I think that that's going to start bringing these other more guerilla-style tactics from groups we haven't seen in the past."
The CNAS report agreed, recommending the government lay out a declaratory policy that explains how it will retaliate, at least in certain situations.
In coming weeks, the Defense Department is expected to release its own strategy for cyber warfighting. That document will create a framework for training and equipping forces, as well as call for more international cooperation in this evolving domain, Mary Beth Morgan, Pentagon director for cyber strategy, said in March.
Dodd said the fruits of the effort would likely become apparent only after a major cyber attack.
"There has to be a uniformed way to move forward pertaining to the threat, not how we use the network and not how we defensively posture ourselves, because these [attackers] are looking at things offensively," he said.
The CNAS report also recommends the U.S. strengthen its international cybersecurity agenda.
Butler concurred.
"We can make the greatest inroads on the international side with working to develop norms, understanding ways that we can help each other to think about a safe and secure, reliable cyberspace," he said.
Thompson said that since many of the attacks appear to originate in countries such as China and Russia, the U.S. should treat them as a national security challenge rather than a law enforcement one.
He questioned DHS's ability to adequately defend U.S.-based networks from cyberattacks, and opined that the U.S. National Security Agency might be better positioned for the task.
But Dodd said NSA lacks the resources to protect such a large number of systems.
Cyber tools, both defensive and offensive, remain among the most classified systems in the U.S. arsenal. DoD and industry officials frequently remain tight-lipped on attacks and their success, or lack thereof, that an intruder has achieved.
"We have a wide range of physical, electronic, computing and personnel policies/ practices to investigate suspected issues," said Boeing spokesman Dan Beck. "Boeing takes the security of its people, products and information very seriously, and we have systems in place for detection and prevention."
Similarly, Northrop Grumman spokesman Randy Belote said his company "continuously monitors and proactively strengthens the security of our networks, and is vigilant to protect our employee, customer and program data and systems."
But Dodd, the cybersecurity consultant, said he believes the defense industry has been "completely arrogant" about the capabilities it possesses and is not fully prepared to combat a state-sponsored entity.
"This is not the stage for arrogance," he said. "You've brought a stick to a gunfight, and you're arrogant about your capabilities?"
Thompson said, "Lockheed probably has the most sophisticated network defenses of any company in the United States, bar none … and even they had a problem. So what does that tell you?"

Gates: New Weapons For 'Robust' US Role In Asia

SINGAPORE - Defense Secretary Robert Gates on Saturday vowed the U.S. military would maintain a "robust" presence across Asia backed up with new high-tech weaponry to protect allies and safeguard shipping lanes.

Seeking to reassure Asian allies mindful of China's growing power and Washington's fiscal troubles, Gates told a security conference in Singapore that Washington's commitment to the region would not be scaled back.

Instead, the U.S. military will expand its presence in Southeast Asia, sharing facilities with Australia in the Indian Ocean and deploying new littoral combat ships (LCS) to Singapore, where it has access to naval facilities, he said.

The LCS is a speedy, lighter ship designed to operate in shallow coastal waters.

Gates, who steps down at the end of the month after more than four years as Pentagon chief, said the U.S. military planned to deepen its engagement with countries across the Pacific, with more port calls and training programs.

The U.S. military will be positioned in a way "that maintains our presence in Northeast Asia while enhancing our presence in Southeast Asia and into the Indian Ocean," Gates said.

The speech came as countries facing a rising China watch the United States for signs of its long-term security plans in Asia, amid mounting disputes over territorial rights in the potentially resource-rich South China Sea.

"The U.S. position on maritime security remains clear: we have a national interest in freedom of navigation; in unimpeded economic development and commerce; and in respect for international law," Gates said.

Citing investments in new radar-evading aircraft, surveillance drones, warships and space and cyber weapons, Gates said the United Sates is "putting our money where our mouth is with respect to this part of the world - and will continue to do so."

The planned weapons programs represented "capabilities most relevant to preserving the security, sovereignty, and freedom of our allies and partners in the region," he said.

The programs also include maintaining America's nuclear "deterrence" amid continuing concern over North Korea's atomic weapons.

Senior U.S. officers have long pointed to China's military buildup, saying Beijing's pursuit of anti-ship and anti-aircraft missiles as well as cyber warfare capabilities pose a potential threat to US naval power in the region.

Without naming China, Gates said the new hardware was a response to "the prospect that new and disruptive technologies and weapons could be employed to deny US forces access to key sea routes and lines of communications."

Although the Pentagon's budget would come under growing scrutiny and military spending in some areas would be cut back, Gates predicted that investments in the key "modernization" programs would be left untouched.

"These programs are on track to grow and evolve further in the future, even in the face of new threats abroad and fiscal challenges at home."

This would ensure "that we will continue to meet our commitments as a 21st century Asia-Pacific nation - with appropriate forces, posture, and presence", he said.

Looking back on US policy in Asia since he took over at the Pentagon in 2006, Gates said the military had bolstered ties with old allies, such as Japan and South Korea, as well with new partners, including India and Vietnam.

The speech reflected how Washington has sought to strike a delicate balance between countering a more assertive Chinese military with a bigger presence in the region while seeking to defuse tensions through dialogue and exchanges.

Gates, who held talks with his Chinese counterpart Liang Guanglie on Friday, said efforts to promote a security dialogue with China had borne fruit and that military relations had "steadily improved in recent months."

China Denies Responsibility for Gmail Cyberattack

BEIJING - China said on June 1 it was "unacceptable" to blame it for a cyberspying campaign, which Google said had targeted the Gmail accounts of senior U.S. officials, journalists and Chinese activists.
The comments marked the latest salvo in a battle between the Chinese government and Google dating back to last year when the U.S. Internet giant revealed it had been the victim of a separate China-based cyberattack.

"To put all of the blame on China is unacceptable," foreign ministry spokesman Hong Lei told reporters.
"The so-called statement that the Chinese government supports hacking attacks is a total fabrication... It has ulterior motives."
Google said June 1 it was hit by a cyberspying campaign that appeared to have originated in Jinan, capital of the eastern Chinese province of Shandong. The company did not specifically point the finger of blame at Chinese authorities.
"We recently uncovered a campaign to collect user passwords, likely through phishing," Google security team engineering director Eric Grosse said in a blog post.
"The goal of this effort seems to have been to monitor the contents of these users' emails, with the perpetrators apparently using stolen passwords to change peoples' forwarding and delegation settings," he said.
Those affected included senior US government officials, Chinese political activists, military personnel, journalists and officials in several Asian countries, mainly South Korea, Grosse said.
"Google detected and has disrupted this campaign to take users' passwords and monitor their emails," he said.
"We have notified victims and secured their accounts," he added. "In addition, we have notified relevant government authorities."
The "phishing" ruse used to trick Gmail users into revealing account names and passwords reportedly involved sending booby-trapped messages that appeared to come from legitimate associates, friends or organizations.
The White House is investigating the situation but has no reason to believe that Gmail accounts of senior government officials were hacked, an official told AFP.
Briefing reporters on a new White House strategy statement about cyber-security, the Pentagon on May 31 did not rule out a military response if the United States was hit by an online attack.
"A response to a cyber-incident or attack on the U.S. would not necessarily be a cyber response," Pentagon spokesman Colonel Dave Lapan said. Google said the California-based firm's systems and servers were not attacked.
There was no indication whether the Gmail spying campaign was related to the China-based cyberattack on Google that prompted the company early last year to stop bowing to Internet censors and reduce its presence in the country.
Google, whose motto is "Don't Be Evil," had initially threatened to close its Chinese operations altogether because of censorship and cyberattacks it said originated from China.
At that time, Beijing virulently denied any state involvement in the cyberattacks that Google said targeted email accounts of Chinese human rights activists and said such claims were "groundless."
Beijing tightly controls online content in a vast system dubbed the "Great Firewall of China," removing information it deems harmful such as pornography, violent content, and politically sensitive material.
Noting that China too had been a victim of cyberattacks, Hong said, "The Chinese government always disapproves of criminal activities including hacker activities and other activities that impair the Internet."
The spokesman added, "We punish these activities in accordance with law."

FBI Reviews Hacking of Officials' Gmail Accounts

The FBI is investigating a cyber attack that targeted hundreds of Google email accounts, including those belonging to senior U.S. government officials and military personnel.
Google believes the phishing scam, which tricked users into divulging personal information, was launched by hackers in Jinan, China, to monitor email content, Google announced in a June 1 blog post.

The Internet giant said its internal systems were not affected and those targeted by the incident have been notified.
FBI spokeswoman Jenny Shearer said the agency is reviewing the matter. As with any cyber attack, incidents reported to the FBI are evaluated to determine if an investigation will be launched.
The U.S. Department of Homeland Security is working with Google and agencies to analyze malicious activity and mitigate risks, DHS spokesman Chris Ortman said.
Less than two weeks ago, hackers penetrated information systems networks at Lockheed Martin. The defense contractor said no customer, program or employee data was compromised during the attack, and DHS and the U.S. Defense Department are looking into the matter.
"Impact to DoD [from the Lockheed cyber attack] is minimal and we don't expect any adverse effect," said U.S. Air Force Lt. Col. April Cunningham, a Defense Department spokeswoman.

Chinese Military Build-Up No Threat: Official

LONDON - China's military build-up poses no threat to the world, even as the army modernizes to meet the challenges of an "informationalized age", a top Chinese army official said June 1.
The comments by Gen. Zhang Qinsheng, deputy chief of the general staff of the People's Liberation Army, come amid longstanding Western claims that hackers inside China are behind a range of cyberattacks.

"China has always been embarking on peaceful development and the development of China is by no means a threat," Zhang told a conference on land warfare at the Royal United Services Institute, a defense think-tank in London.
"China does not pursue hegemony. We will not do it even when we grow stronger. This is not only the basic state policy, but also a solemn commitment to the people of the world."
In March, China announced that its defense budget would rise 12.7 percent in 2011 to 601.1 billion yuan ($91.7 billion), fuelling regional concerns about Beijing's military build-up in addition to its economic clout.
Addressing an audience of senior military officers from countries including the United States, Britain and Brazil, Zhang said China's armed forces needed "reform" to win increasingly high-tech conflicts.
"The (Chinese) army has to be modernized to fight modern wars in an informationalized age. This is a major challenge facing us," said Zhang, speaking through an interpreter.
He said China's aims had always been defensive, but added: "The goal of modernization of our army is to transform it from a regional defense force to an all-theatre maneuvering force."
Zhang's words come just days after Chinese state media reported that the military had set up an elite Internet security task force tasked with fending off cyber-attacks.
But the Global Times newspaper denied that the initiative, in which the military has reportedly invested millions of dollars, is intended to create a "hacker army", saying that China was relatively weak in cyber-security.
The United States, Australia, Germany and other Western nations have long alleged that hackers inside China are carrying out a wide-range of cyber-attacks on government and corporate computer systems worldwide.

China's PLA Bans Soldiers From Social Media

BEIJING - Making online friends could play into the hands of the "enemy", according to China's People's Liberation Army, which has said its roughly 2.3 million soldiers will be banned from using social media.
The world's largest military force has notified service men and women that it will strictly enforce the ban to "safeguard military secrets and the purity and solidarity" of the PLA, state media said this week.

The People's Liberation Daily, the armed forces' official newspaper, said passing on personal details such as a soldier's address, duties or contact details could risk revealing the location of military bases.
It added that particular risks exist in users posting photos of themselves, such as during training, which could divulge military capabilities and equipment.
The ban was included in regulations announced last year that proscribed soldiers from launching websites or writing blogs, the paper added.
But in a sign that the ban was apparently being ignored in a country where social media are wildly popular, the military brass has taken the step of re-emphasizing the restriction, warning of a "grim struggle" on the Internet.
Officers and soldiers must be made to understand the "real dangers" of making friends online and to "strengthen their knowledge of the enemy situation," it said, without elaborating.
China has nearly half a billion online users, according to official figures, and Chinese-language social media sites similar to Facebook and Twitter - which are blocked by the country's censors - count hundreds of millions of users.
The newspaper last week said China's military has set up an elite Internet security task force tasked with fending off cyberattacks, while denying that the initiative is intended to create a "hacker army."
The United States, Australia, Germany and other Western nations have long alleged that hackers inside China are carrying out a wide range of cyberattacks on government and corporate computer systems worldwide.

Major Cyber Attack Is Act of War: Pentagon Report

WASHINGTON - The Pentagon has adopted a new strategy that will classify major cyber attacks as acts of war, paving the way for possible military retaliation, the Wall Street Journal reported on May 31.
The newspaper said the Pentagon plans to unveil its first-ever strategy regarding cyber warfare next month, in part as a warning to foes that may try to sabotage the country's electricity grid, subways or pipelines.

"If you shut down our power grid, maybe we will put a missile down one of your smokestacks," it quoted a military official as saying.
The newspaper, citing three officials who had seen the document, said the strategy would maintain that the existing international rules of armed conflict - embodied in treaties and customs - would apply in cyberspace.
It said the Pentagon would likely decide whether to respond militarily to cyber attacks based on the notion of "equivalence" - whether the attack was comparable in damage to a conventional military strike.
Such a decision would also depend on whether the precise source of the attack could be determined.
The decision to formalize the rules of cyber war comes after the Stuxnet attack last year ravaged Iran's nuclear program. That attack was blamed on the United States and Israel, both of which declined to comment on it.
It also follows a major cyber attack on the U.S. military in 2008 that served as a wake-up call and prompted major changes in how the Pentagon handles digital threats, including the formation of a new cyber military command.
Over the weekend, Lockheed Martin, one of the world's largest defense contractors, said it was investigating the source of a "significant and tenacious" cyber attack against its information network one week ago.
President Barack Obama was briefed about the attack.

Lockheed: Little to No Damage from Cyberattack

WASHINGTON - Major U.S. defense contractor Lockheed Martin said May 29 it was investigating the source of a major cyber-attack one week ago against its information network, the company said.
"Lockheed Martin detected a significant and tenacious attack on its information systems network," the company said in a news statement released late May 28.

The company said the cyber-assault took place on May 21, and that quick action by its security team successfully repelled the attack.
"No customer, program or employee personal data has been compromised," Lockheed's statement said, adding that federal authorities had been notified.
"Throughout the ongoing investigation, Lockheed Martin has continued to keep the appropriate U.S. government agencies informed of our actions," the company said.
President Obama has been briefed about the attack, White House spokesman Jay Carney said.
"It has been part of the briefing materials that he has," Carney said. "My understanding, based on what I've seen, is they feel it's fairly minimal in terms of the damage."
Lockheed Martin said its officials are working "around the clock to restore employee access to the network, while maintaining the highest level of security."
It did not mention the suspected source of the cyber-attack.
The company's information security team detected the attack almost immediately and took what is described as "aggressive actions" to protect all systems and data, the statement added.
The statement said that despite the attack, the company remains confident in the integrity of its "robust, multi-layered information systems security."
Federal officials, for their part, told U.S. media that the consequences of the attack for the Pentagon and other agencies was "minimal," and no adverse effect on their operations was expected.
Headquartered in Bethesda, Md., Lockheed Martin employs about 126,000 people worldwide. It focuses on design, development and manufacturing of advanced technology systems, including some of the military's most advanced weaponry.
Seventy-four percent of the company's 2009 revenue came from military sales, according to published reports.
Lockheed Martin's products included the Trident missile, P-3 Orion spy plane, F-16 and F-22 fighter jets, and C-130 Hercules military cargo planes among many other major weapons systems.
The company is a primary developer of stealth technology used in U-2 and SR-71 reconnaissance aircraft, the F-117 fighter jet as well as the F-22 and F-35 Joint Strike Fighter designs.
The corporation's 2010 sales from continuing operations reached $45.8 billion.
However, the stealth Joint Strike Fighter program has faced delays and cost overruns, and the Pentagon overhauled the program last year.
The initial estimate for each F-35 Joint Strike Fighter aircraft was $50 million eight years ago, but more recent estimates were up to $92 million.
Meanwhile, NASA announced last week that a new spacecraft to ferry humans into deep space would be based on designs for the Orion crew exploration vehicle built by Lockheed Martin.
The Orion capsule, originally designed to take astronauts back to the moon, is a surviving component of the Constellation manned space exploration program canceled by Obama last year for being behind schedule and over budget.
The capsule will weigh 23 tons and NASA has no date set for a potential launch, said Douglas Cooke, associate administrator for NASA's exploration systems mission directorate.
There is also no final cost associated with the project.
Lockheed Martin is to continue its work on building the space capsule begun in 2006.

China Sets Up Military Cyber-Warfare Team: Report

BEIJING- China's military has set up an elite Internet security task force tasked with fending off cyberattacks, state media reported May 27, denying that the initiative is intended to create a "hacker army."
The People's Liberation Army has reportedly invested tens of millions of dollars in the project, which is sure to ring alarm bells around the world among governments and businesses wary of Beijing's intentions.

"Cyber attacks have become an international problem affecting both civilian and military areas," the Global Times quoted China's defense ministry spokesman Geng Yansheng as telling a rare briefing this week. "China is relatively weak in cyber-security and has often been targeted. This temporary program is aimed at improving our defenses against such attacks."
The 30-member "Cyber Blue Team" - the core of the PLA's cyber force - has been organized under the Guangdong military command in the country's south and will carry out "cyber-warfare drills", the newspaper said.
The United States, Australia, Germany and other Western nations have long alleged that hackers inside China are carrying out a wide-range of cyberattacks on government and corporate computer systems worldwide.
But in a commentary, the Global Times hit out at "some foreign media" for interpreting the program as a breeding ground for a "hacker army".
"China's capability is often exaggerated. Without substantiated evidence, it is often depicted by overseas media as the culprit for cyberattacks on the US and Europe," the paper said. "China needs to develop its strong cyber defense strength. Otherwise, it would remain at the mercy of others."
China's military has received annual double-digit increases in its budget over much of the last two decades as it tries to develop a more modern force capable of winning increasingly high-tech wars.
In 2007, the Pentagon raised concerns about a successful Chinese ballistic missile test strike on a satellite. That weapon could be used to knock out the high-tech communications of its enemies.
U.S. computer firm McAfee said in February that hackers from China have also infiltrated the computer networks of global oil companies and stole financial documents on bidding plans and other confidential information.
According to US diplomatic cables obtained and published by WikiLeaks, the United States believes that China's leadership has directed hacking campaigns against U.S. Internet giant Google and Western governments.
In one cable, the U.S. Embassy in Beijing said it learned from "a Chinese contact" that the Politburo had led years of hacking into computers of the United States, its allies and Tibet's exiled spiritual leader, the Dalai Lama.

Norway Army Faced Cyber Attack After Libya Bombing

OSLO - The Norwegian military said May 19 that it had been the victim of a serious cyber attack at the end of March, a day after Norwegian F-16 fighter jets for the first time carried out bombings in Libya.
"The army is regularly the target of cyber and virus attacks, but not as extensive as this," Hilde Lindboe, a spokeswoman for Norwegian Defence Information Infrastructure (INI), told AFP.

On March 25, a day after Norwegian F-16s first took part in the NATO-led bombing in Libya, around 100 military employees, some of them high-ranking, received an email in Norwegian with an attachment that, once opened, let loose a virus made to extract information from the host computer.
"From what we have seen, no sensitive information has been obtained," Lindboe said.
According to INI, only one computer containing non-classified information was contaminated.
The Norwegian Police Security Service (PST) has opened an investigation to determine who launched the attack, but authorities say it is too soon to say whether there was a link to the Libya bombings.
Norway has six F-16s stationed on the Greek island of Crete as part of the NATO campaign against leader Moammar Gadhafi's forces, authorized by U.N. Security Council Resolution 1973 to protect the Libyan population.
The Scandinavian country has however said it plans to curb its military role in Libya if the campaign lasts longer than June 24.

N. Korea Again Denies Sinking S. Korea Warship

SEOUL, South Korea - North Korea on May 15 accused South Korea of inventing allegations against it to raise tension and repeated denials of involvement in a deadly ship sinking and a damaging cyber-attack on a bank.
"We strongly urge the group of traitors to own responsibility for faking up the conspiratorial farces doing harm to the fellow countrymen and make an official apology before the nation," the North's top leadership body the National Defense Commission (NDC) said, referring to the South's leaders.

The North has repeatedly denied involvement in the sinking of the South Korean warship Cheonan, which killed 46, near the disputed sea border in March 2010.
Last week the North's defense ministry also denied carrying out a cyber-attack on one of South Korea's largest banks in April, calling the allegations "absurd" and a "farce."
South Korean prosecutors say the North brought down the computer system of the National Agricultural Cooperative Federation by hacking into an official's laptop and operating it remotely as a "zombie computer."
The NDC statement via the North's official news agency repeated those denials.
The South, citing a multinational investigation, said a North Korean torpedo sank Cheonan and put what it said was a salvaged portion of the torpedo on display.
The North said its neighbor cooked up the story as part of what it calls a policy of confrontation designed to ensure a continuing U.S. military presence.
The NDC, which is chaired by leader Kim Jong-Il, said the cyber-attack claim followed recriminations between Seoul's presidential palace and the ruling party over a by-election setback.
It said further allegations may be "orchestrated as long as the group of traitors is working hard to stoke confrontation between the North and the South."