Tuesday, August 16, 2011

U.S. Security Experts Seek More Extensive Information-Sharing

It's not the loud pronouncements by hacking groups or the highly visible denial-of-service attacks that scare cybersecurity experts. It's silence.
In the escalating battle against cyber attackers, the focus has been on new security software and cyber hygiene, but one of the greatest tools against "the adversary," as cyber attackers are called in industry parlance, is the relatively low-tech approach of sharing information about attacks.
Yet contractors continue to remain mum on many intrusions - citing liability concerns - creating a vacuum that reduces their ability to fight attacks. The U.S. Defense Department continues to hunt for a way to increase reporting when both classified and unclassified sensitive data are compromised.
"The bad guys are fast; they have no intellectual property boundaries, no rules, they just execute and with all this funding they could kill us if we don't match that with good information sharing," said Phyllis Schneck, vice president and chief technology officer for the public sector at McAfee Security. "It's like a weather forecast; the more data you have, the more lives you can save if you can forecast the tornado or the hurricane."
McAfee highlighted the issue of information sharing when it released a report Aug. 3 about an effort to track a group of intruders. The project, Operation Shady RAT, found that the intruders had grabbed data from 72 different entities, including 13 defense contractors and 22 government agencies, in 14 different countries, with more than two-thirds of those attacks targeting the U.S.
The project's name refers to a technique of using remote access tools (RAT) to infiltrate networks. In order to gain access to the networks, the attackers employed spear phishing, sending emails that appear to be from a recognized contact that encourages a download concealing malicious hardware.
The group used the same set of tools for five years, suggesting that later victims might have been able to respond more effectively if they had learned of the pattern in earlier attacks.
To push for greater disclosure, the DoD has been exploring two avenues: a new Defense Federal Acquisition Regulations Supplement (DFARS) rule that would make mandatory the reporting of intrusions that compromise certain types of sensitive information; and the Defense Industrial Base (DIB) Cyber Pilot program, a voluntary program that includes roughly two dozen companies reporting intrusions involving classified and sensitive data, and disclosure by the DoD of threats it has detected.
But reporting attacks, even to government agencies that promise anonymity, is not without risks, said Alan Chvotkin, executive vice president of the Professional Services Council. "It's reputation liability, legal liability and business liability," he said.
DFARS Proposed Rule
Dipping its toe into mandatory compliance, the Pentagon is circulating for comment until Aug. 29 the proposed new rule for the DFARS that would compel contractors to disclose intrusions. The rule would require that contractors provide "adequate security," report cyber incidents within 72 hours and conduct a review of their networks to search for information about the attacks.
But although Chvotkin said that contractors agree with the notion of improving security, there are questions about the rule.
"One of the underlying concerns in the DFARS proposed rule is that it makes security a contract compliance issue, so does a breach incur not only some liability and exposure but also a contract breach because you haven't met the standards? Even if you've met the regulations, errors still occur."
He also pointed to the unknown risk of liability, acknowledging concerns about trust as it relates to company anonymity during the reporting process.
"Trust develops over time," he said. "As companies have participated, that trust factor goes up. Just like voluntary disclosure and others, you come to the first one reluctantly."
The issue of trust is very real, said Bill Marshall, managing director of The Chertoff Group and former deputy chief of staff for cyber at the National Security Agency.
"There's a significant lack of trust between the government and the private sector," he said. "There's also a lack of understanding as far as concerns and needs on both sides of the fence, and that's an impediment."
He pointed to the potential repercussions of information leaks. "What if a penetration shows up in The Washington Post? What if you have to explain that to your shareholders?"
Jeff Moulton, a researcher at the Georgia Tech Research Institute, said there would need to be a means for enforcement for the rule to be effective.
"There has got to be an ironclad way to make sure that there are serious repercussions for a person who discloses information," he said. "If somebody wants to torpedo the stock price of a company, all they have to do is release that information."
DIB Cyber Pilot
The Pentagon has also looked for a voluntary approach to the reporting problem. The DIB Cyber Pilot, lasting 90 days and including a limited number of companies, has been successful, said Alan Paller, who directs research at the SANS Institute.
"It worked wonderfully," he said. "It found specific evidence of attacks taking place in one company that was occurring in three other companies that those other companies didn't know about."
He noted that even when companies volunteer, reporting is still an issue.
"There are at least two to three times the number of attacks than are presented to the community, and that's among people that are agreeing to share the data," he said.
Experts said voluntary reporting would be most effective if smaller companies were included in the process, whereas most of the companies in the DIB Cyber Pilot are large. Larger companies typically have large cybersecurity staffs and conduct extensive research on intrusions, while smaller companies may not have the resources to invest in this type of research.
By sharing data between larger and smaller companies, the contracting community as a whole would likely be better protected as the transfer of sensitive data occurs across the spectrum of company size.
While there has been discussion of implementing a program similar to the DIB Cyber Pilot on a larger scale, the problem of cost looms. Speaking about the DIB Cyber Pilot, Deputy Defense Secretary William Lynn talked about the cost issue at a press conference in July.
"One of the reasons this is a short pilot is that for 90 days, people are willing to hold their breath and not worry about the 'who pays' part," he said. "But when you get beyond that, when we get more permanent, there is a question of who pays, and that's one of the central questions that we're tackling."
Cost and Oversight
Regardless of the technique employed to promote communication, the issue of cost remains.
"Quite frankly, this is a cost that they're trying to drive as close to zero as they can, and the costs keep going up," Marshall said.
Those costs are hard to justify for many companies, as there isn't a simple risk/reward equation that companies can do, and potential gains in security are hard to compare against the costs.
"The view that the regulations need to change is a recognition that there is not a financial incentive for them to do that," Marshall said. "That's one of the things that is kind of an arrow in the quiver that has to be used judiciously."
And the cost to companies is not alone. The issue of government resources to provide data analysis and potentially enforcement of mandates raises important questions, Moulton said.
"The government doesn't have enough people to police themselves, so how are they going to go out and verify that companies are doing this?" he said.
Chvotkin voiced the same concern.
"It calls on the resources available to the government. How much are they willing to spend?" Chvotkin asked.
The DFARS proposed rule would also include a mandate to provide "adequate security," meaning the cost would be twofold: creating an appropriate security system and providing the manpower to produce the report for the Pentagon in the event of an intrusion.
But the concerns about cost are insignificant compared to what is being lost, Paller said.
"They're losing America's greatest treasures. Their fears are irrelevant," he said. "They've lost some of the stuff that our entire economic infrastructure is based upon."

Indian Team Visits Moscow for Su T-50 Flight Demo

NEW DELHI - A delegation of Indian military officers and technicians was in Moscow to witness the first public flight Aug. 16 of the Sukhoi T-50, the base platform of the Fifth-Generation Fighter Aircraft (FGFA) that India and Russia have contracted to develop jointly.
A new Russian twin-engine jet fighter T-50 lands at Zhukovsky airfield as it takes part in MAKS-2011, the International Aviation and Space Show, in Zhukovsky, Russia, on Aug. 14. (Dmitry Kostyukov / AFP)
The aircraft, which made its maiden flight at a Far East airbase in Russia in January 2010, was rolled out for its first public viewing at the MAKS international air show outside Moscow, where two of the sleek silver prototypes are due to perform air stunts Aug. 16 under the watchful eye of Russian Prime Minister Vladimir Putin.
India's Hindustan Aeronautics Ltd. (HAL) and Russia's Rosoboronexport and Sukhoi Design Bureau are working together to develop and produce the plane.
The two countries have proposed building about 500 FGFAs to meet the needs of both the Indian and Russian air forces. India's FGFA order is expected to cost the country more than $25 billion over the next two decades.
The exact details of the pact between India and Russia on technical collaboration are still not known, Indian Air Force sources said.
But a Defence Ministry official here said that HAL and Rosoboronexport on Dec. 21 signed a preliminary contract for design and development of the aircraft by HAL and the Sukhoi Design Bureau at a cost of $295 million. The preliminary development phase will last 18 months. Full-scale design and development work will be taken up under a separate contract, which will be negotiated and signed toward the end of the preliminary phase, the ministry official said.
The induction of the FGFA into the Indian fleet is to begin in 2018 as the first prototype has already undergone several tests, the official added.
The FGFA will be a stealthy, lethal swing-role fighter with advanced avionics, 360-degree situational awareness, smart weapons, data links and high-end mission computers, the Indian Air Force has said.

U.S., South Korea Begin Drills; North Warns of War

SEOUL, South Korea - South Korea and the United States launched a massive joint military exercise on Aug. 16, prompting the North to condemn the maneuvers as provocative and warn that war could erupt.
The two allies have described the 10-day Ulchi Freedom Guardian exercise as defensive and routine, but the North habitually terms such joint drills a rehearsal for invasion and launches its own counter-exercises.
"The exercise started this morning," a spokesman of the U.S.-South Korea Combined Forces Command (CFC) told AFP, referring to the annual computer-assisted simulation command-post exercise.
All of CFC's major units are taking part, involving more than 530,000 troops, including some 3,000 military personnel from the United States and other bases around the Pacific region, CFC said.
CFC commander U.S. Gen. James D. Thurman said the drill was focused on "preparing, preventing and prevailing against the full range of current and future external threats" to South Korea and the region.
"We are applying lessons learned out of Iraq and Afghanistan, as well as those garnered by the Alliance's recent experiences with North Korean provocations on the peninsula and past exercises," he said.
Pyongyang condemned the exercise as "extremely provocative," calling it a preparation for an "all-out war" against the North and the "largest-ever nuclear war exercise".
"The Korean peninsula is faced with the worst crisis ever. An all-out war can be triggered by any accidents," the North's ruling communist party newspaper Rodong Sinmun said in a commentary.
Seoul and Washington wanted to use the latest exercises to build up their capability to mount surprise attacks on the North's nuclear and missile facilities, it said.
"The U.S. warmongers are planning to carry out a realistic war drill to remove our nuclear facilities with a mobile unit led by the U.S. 20th Support Command, which was sent to Iraq to find and disable weapons of mass destruction," it said.
"Our military and the people will not sit idle as U.S. imperialists mobilize massive military forces and threaten our sovereign rights," the commentary said.
It accused the United States of seeking to bring war to the Korean peninsula after Afghanistan and Iraq as a way to "extricate itself from its worsening economic crisis."
The CFC spokesman said that during the exercise, troops would train for a "wide variety of missions including those involving the location and security of chemical, biological, nuclear and radiological threats."
The allies will simulate the detection and destruction of North Korean atomic bombs, missiles and chemical weapons, Yonhap news agency said last week.
Professor Yang Moo-Jin of the University of North Korean Studies in Seoul said the North was unlikely to escalate tensions despite its criticism of the exercise, one of two annual Korean peninsula-wide drills by the CFC.
"The North is unlikely to raise tension at a time when diplomatic efforts are underway to resume dialogue" even though the North's statement is strongly-worded, Yang told AFP.
The North's military urged Seoul and Washington last week to show their willingness to work toward denuclearization by scrapping the exercise.
In an open letter published by its state media, Pyongyang also called for a peacekeeping mechanism to replace the current armistice that ended the 1950-1953 war.
A flurry of diplomatic efforts have been underway to resume stalled six-party disarmament talks involving the two Koreas, Russia, China, Japan and the United States.
Senior Pyongyang officials met their counterparts in Seoul and Washington last month. The meetings raised hopes that the talks - last held in December 2008 - could resume.
The North has repeatedly expressed a desire to return to the forum, but the United States has urged it to show more sincerity and mend ties with the South first.

Turkey Signs Deal To Buy Six CH-47 Copters


ANKARA - Turkey has signed a government-to-government deal with the United States to buy six CH-47 Chinook heavy-lift transport helicopters, worth up to $400 million, a senior procurement official said.
The U.S. Defense Security Cooperation Agency, the Pentagon body that coordinates weapon sales, notified Congress of a potential sale of 14 CH-47F heavy-lift helicopters for $1.2 billion in December 2009, and Congress gave permission later that month.
But because of financial constraints, the Undersecretariat for Defense Industries (SSM), Turkey's arms procurement agency, later decided to buy only six CH-47Fs, five for the Army and one for the Special Forces Command, postponing a decision on the remaining eight aircraft. Contract negotiations among the SSM, the U.S. government and Chinook maker Boeing were launched last year.
"The contract was signed in late July," the procurement official said. "It was worth around $400 million. After the helicopters begin to arrive, we plan to make some modifications on them according to our needs."
The six CH-47F Chinooks will be the first heavy-lift helicopters in the Turkish Army's inventory. Their deliveries are expected to begin in 2013 and end in 2014.
"These helicopters have incredible capabilities. Three or four of them can transport a company-sized unit and its equipment to long distances only in a few hours," the procurement official said. The maximum speed of the CH-47F is about 312 kilometers an hour.
Developed in the 1960s, the Chinooks have been exported to many countries, including Australia, Britain, Canada, Egypt, Greece, Italy, Japan, Morocco, the Netherlands, Singapore, South Korea, Taiwan, Thailand and the United Arab Emirates.
The Chinook has been successfully operated in combat in several wars and armed conflicts.
The Chinook is a twin-engine, twin-rotor helicopter. The counter-rotating rotors eliminate the need for an anti-torque vertical rotor, allowing all power to be used for lift and thrust.
The CH-47F is the upgraded version of the CH-47D, and is the latest model in this helicopter family. It can carry up to 60 troops and personnel.
A CH-47 Chinook was shot down by Taliban forces southwest of Kabul in Afghanistan in earlier this month, killing 30 U.S. troops, including 23 Navy SEALs, and eight Afghans.
"These are not unsafe devices. On the contrary, these helicopters had mission flights of thousands of hours in Afghanistan only this year, and this was the first such incident," the procurement official said.
Turkey usually manufactures its own defense equipment, or jointly produces it with foreign partners. But since the number of heavy-lift helicopters being ordered is rather small, SSM decided on direct procurement from a single source, i.e. Boeing. The heavy-lift helicopter program is expected to be among Turkey's last direct foreign procurement projects.

China's Aircraft Carrier Ends Maiden Trip: Xinhua

BEIJING - China's first aircraft carrier has returned to port after completing a "smooth" set of sea trials designed to test its capabilities, the state news agency Xinhua reported on Aug. 15.
The 990-foot ship docked in the northeastern port of Dalian on Aug. 14 after five days of trials that have sparked international concern about the country's widening naval reach.
The carrier tests came amid heightened tensions over a number of maritime territorial disputes involving China, notably in the South China Sea, which is believed to be rich in oil and gas and is claimed by several countries.
Dockworkers set off fireworks as the vessel, a refitted old Soviet carrier called the Varyag, returned to port, Xinhua said, adding that the ship would now undergo further work and testing.
"The sea trials carried out by the aircraft carrier on its maiden voyage went smoothly," it said.
China's People's Liberation Army - the world's largest active military - is extremely secretive about its defense programs, which benefit from a huge and expanding military budget boosted by the nation's runaway economic growth.
Earlier this year, China announced military spending would rise 12.7 percent to 601.1 billion yuan ($91.7 billion) in 2011.
In January, China revealed it was developing its first stealth fighter jet. It is also working on an anti-ballistic missile capable of piercing the defenses of even the most sturdy U.S. naval ships.
Japan recently expressed concern about what it called the "opaqueness" of China's military budget, and the U.S. State Department last week called on the country to explain why it needed an aircraft carrier.
"This is part of our larger concern that China is not as transparent as other countries," said spokeswoman Victoria Nuland. "It's not as transparent as the United States about its military acquisitions, about its military budget."
Beijing only recently confirmed it was revamping the old Soviet ship. It has repeatedly insisted that the carrier poses no threat to its neighbors and will be used mainly for training and research purposes.
But a news website run by China's defense ministry took a different stance four days ago, stating that the carrier should handle territorial disputes as well.

Israeli, Chinese Defense Chiefs Meet in Tel Aviv

JERUSALEM - China's chief of staff Gen. Chen Bingde for the first time met his Israeli counterpart, Gen. Benny Gantz, and Defense Minister Ehud Barak in Tel Aviv, the Defense Ministry said in a statement.
"The defense minister and the Chinese chief of staff discussed the situation in the region, relations with the Palestinian Authority and the situation in Pakistan and Iran, as well as the fight against global terrorism," the statement said.
During his trip Chen will "meet senior security officials and attend strategic and security briefings, visit the IDF Urban Warfare Training Centre, and observe a display of IDF forces training," an Israeli military spokesman said earlier.
Israeli army radio has described the visit as "historic."
The Israeli military declined to say how long Chen would be in the country.
In June, Barak made a rare visit to Beijing for talks with Chinese leaders, at the invitation of his Chinese counterpart, Liang Guanglie.
Defense ties had been frosty after U.S. intervention twice scuttled Israeli arms deals with China: the sale of advanced Phalcon spy planes in 2000 and of spare parts for Israeli-built Harpy drones five years later.
Chen's visit comes as Israel seeks to convince the international community to vote against a bid by the Palestinians for recognition of a state at the U.N. General Assembly in September.
Israel has in the past also sought tougher measures from Beijing, a key U.N. Security Council member, against Iran's controversial nuclear program.

Sunday, August 14, 2011

U.S. To Deny Taiwan New F-16 Fighters


Offers AESA Radar in Upgrade for Older Jets
TAIPEI - Bowing to Chinese pressure, the U.S. will deny Taiwan's request for 66 new F-16C/D fighter aircraft, a Taiwan Ministry of National Defense (MND) official said.
An armed U.S.-built F-16 fighter takes off during a drill in April. A Taiwan Ministry of National Defense official says Taipei will not be able to purchase new F-16s and is “so disappointed” in the U.S. decision. (Sam Yeh / Agence France-Presse)
"We are so disappointed in the United States," he said.
A U.S. Department of Defense (DoD) delegation arrived here last week to deliver the news and offer instead a retrofit package for older F-16A/Bs that includes an active electronically scanned array (AESA) radar.
The visit coincided with the biennial Taipei Aerospace and Defense Technology Exhibition (TADTE), held here Aug. 11-14.
"The U.S. Pentagon is here explaining what is in the upgrade package," a U.S. defense industry source said at TADTE. "They are going to split the baby: no C/Ds, but the A/B upgrade is going forward."
Sources said an official announcement of the decision is expected by month's end.
But an official at the American Institute in Taiwan (AIT), the de facto U.S. Embassy, said "no decisions have been made," while DoD officials declined to comment on their delegation's mission.
The proposed upgrade package would make the 146 Taiwanese F-16A/Bs among the most capable variants of the aircraft, perhaps second only to the APG-80 AESA-equipped F-16E/Fs flown by the United Arab Emirates.
Originally requested by Taipei in 2009, the package would cost $4.2 billion, sources at TADTE said.
The new gear would include an AESA radar, likely either Northrop Grumman's Scalable Agile Beam Radar or the Raytheon Advanced Combat Radar, to replace the planes' current APG-66(V)3 radar.
Either one would be an improvement on the Northrop APG-68(V)9 mechanical radar once contemplated for Taiwan's upgrade package. The switch is meant to soften the blow of denying new planes to Taipei, a Lockheed Martin source said.
A decision between the two AESA candidates could foreshadow the U.S. Air Force's own choice as it prepares to upgrade its fleet of F-16s. The upgrade package will also improve the planes' Raytheon ALQ-184(V)7 electronic countermeasures pod by adding the capacity to intercept and save hostile radar transmissions, then use the same frequency to jam them.
However, ITT is offering the ALQ-211 Advanced Integrated Defensive Electronic Warfare Suite pod as an alternative.
ITT is also offering the BRU-57/A Smart Twin Store Carrier, which doubles the number of bombs an F-16 can carry, an ITT source said.
The package would also replace the AIM-9P/M Sidewinder air-to-air missile with the new AIM-9X; fit the planes to carry enhanced GBU-12 Paveway II laser-guided bombs; and add a digital radar warning receiver, helmet-mounted cueing system and center pedestal display.
The package will not include new engines to better handle the additional weight and electrical draw, though there could be an upgrade to bring the existing Pratt & Whitney F100-PW-220 to the PW-220E standard. The upgrade would swap out obsolete parts for newer ones, but wouldn't offer any additional performance.
Lockheed Martin will be working with Taiwan's state-run Aerospace Industrial Development Corp. (AIDC) to integrate the new gear on the jets.
"Changing a fighter's major sensor should not be taken lightly. It is more than electrical capacity. It is the integration of sensors, weapons, displays, etc., that make a fighter aircraft effective," Lockheed spokeswoman Laura Siebert said.
Consequences

Siebert said the failure to release F-16C/Ds will weaken Lockheed Martin's plans to extend the production line for the fighter.
"While Congress has been notified of Oman and Iraq's desire for F-16s, the Taiwan order for 66 aircraft is very important to the long-term viability of the F-16 production to include the U.S. Air Force, Lockheed Martin and the thousands of suppliers throughout the U.S.," she said.
More than a few TADTE attendees said the Obama administration might reverse the decision as the 2012 presidential election approaches and political pressure for new jobs builds.
A June report by the Perryman Group, a Texas-based economic and financial analysis firm, estimated that Taiwan's F-16C/D program would create more than 16,000 jobs and almost $768 million in U.S. federal tax revenue. Much of that tax revenue and new jobs would go to election battleground states: California, Connecticut, Florida, Maryland, Ohio, Texas and Utah.
But China holds about 8 percent of U.S. debt, the largest block in foreign hands.
As one TADTE attendee said, "Beijing's Kung Fu is better than Washington's."
The denial of the new jets will likely lead AIDC officials to ask the government to expand upgrade plans for Taiwan's 126 Indigenous Defense Fighters, of which 71 are currently slated for upgrades.
The company has also been pushing Taiwan's Air Force to allocate funds for full-rate production of the IDF C/D Goshawk, which features improved range and weapons payload.
Background

In July, the U.S. State Department indicated a final decision on the F-16 issue would be made by Oct. 1. Since 2006, the U.S. has repeatedly denied Taiwan's request for 66 F-16C/D Block 50/52s, a prospective sale estimated at more than $8 billion.
The planes would replace 60 F-5 Tigers and 60 Mirage 2000-5s due for retirement within five to 10 years.
China has called the sale a "red line." A recent editorial in the state-controlled People's Daily called for the use of a "financial weapon" against the U.S. if new F-16s were released.
The U.S. decision comes as a blow to the self-ruled island's effort to counter China's growing military, whose first aircraft carrier began sea trials last week, and therefore to its independence.
There are fears that losing Taiwan could spell the end of U.S. power projection in the region. Losing Taiwan would "change everything from the operational arch perspective to the posture of Japan and the U.S." in the region, said Raytheon's Asia president, Walter Doran, a retired admiral who once commanded the U.S. Pacific Fleet.
Staff writer Dave Majumdar in Washington contributed to this report.