Many nations are under constant cyber attack. The United States seems to be ground zero for the vast majority of the cyber attacks launched be their digital enemies around the world. A former CIA official provided the following statistics. In 2007 there were 37,000 reported breaches of government and private systems. In addition, there were nearly 13,000 direct assaults on federal agencies and 80,000 attempted computer network attacks on Defense Department systems.
In addition who could forget the U.S. Air Force commercial showing a picture of the pentagon and saying this building gets 6 million cyber attacks a day.
Cyber attacks are now expected to cause maximum damage because of the professional tools being used by the attackers. According to the cyber threat report released by Intelomics, the following list identifies the cyber attack techniques that have seen a significant increase in their level of sophistication.
- Internet social engineering attacks
- Wireless and wired network sniffers
- Packet spoofing
- Hijacking sessions
- Automated probes and scans
- GUI intruder tools
- Automated widespread attacks
- Widespread denial-of-service attacks
- Executable code attacks (against browsers)
- Techniques to analyze code to identify vulnerabilities
- Widespread attacks on DNS infrastructure
- Widespread attacks using NNTP to distribute attack
- “Stealth” and other advanced scanning techniques
- Windows-based remote controllable Trojans (Back Orifice)
- Email propagation of malicious code
- Wide-scale Trojan distribution
- Distributed attack tools
- Distributed denial of service attacks
- BotNets and Zombies
- Anti-forensic techniques
- Wide-scale use of worms
- Man-in-the Middle plus Man-in-the-Browser exploitation
Cyber threats are now demanding immediate attention because of the increased dangers they pose to commercial and government entities and national security. The Congressional Research Service study found the economic impact of cyber attacks on businesses has grown to over $226 billion annually. Despite the significant impact, there is no clear framework for business executives to assess the financial impact of their cyber risks. According to two new surveys, the threat to corporate computer systems from cyber attacks is getting worse, despite stronger corporate defenses. Some cyber security measures might include more restrictive hiring practices, restricting remote working arrangements, increasing monitoring of flexible work hours and telecommuting as well as restriction on access by trading partners, vendors and consultants. In addition, organizations must also increase computer security awareness training for information technology workers as well as the general systems/computer user community.
A cyber attack special investigator at Intelomics said, “the reports of attacks, breaches and system compromises that make the news are only the tip of the iceberg. The vast majority of these attacks go undisclosed and thus are not covered by the media.”
Most nations do not have adequate IT security to protect against targeted cyber attacks. Technolytics have warned before that these cyber attackers are well financed and have an arsenal of highly sophisticated weapons that not only circumvent current security controls, but leverage anti-forensic techniques that remove evidence of their attacks. The United States, European Union, United Nations and NATO must act and act now. In view of the current situation I would like to suggest they seriously consider the following actions and move immediately to adopt and implement these measures.
1. Establish a cyber threat operating committee under the United Nations Security Council.
a. This cyber threat operating committee must be closely linked in a collaborative relationship with the Counter-Terrorism Committee.
2. Create a framework to determine what constitutes an act of cyber war and create a legal framework that addresses international criminal cyber acts.
3. Proactively create a framework of actions that can quickly be levied against cyber aggressors.
a. These actions must include both economic and military sanctions as well as suspension of connectivity to the Internet backbone by both physical communications cables and via satellite.
4. Create a cyber peacekeeping force that is a rapid response asset to assist in repelling any offensive cyber-based aggression.In the interest of global peace, economic integrity and stability, I believe that the United States, European Union, United Nations and NATO must proactively send a stern warning to those who choose to use cyber weapons against other nations, that there will be severe consequences of such actions.
[From The Cyber Attack Danger]
Browsing Posts published in October, 2008
Rear Adm. (sel.) Mark Kenny, director of the new Navy Irregular Warfare Office, told the Submarine Naval League Symposium in Virginia last week that the SSGNs are being sent “where al Qaeda is at…it’s that simple” according to an article in Defense Daily (subscription) this morning.
“The first two deployments, the Ohio and Florida, were groundbreaking deployments,” he said at the Naval Submarine League Symposium in McLean, Va. “The ships work as advertised, brought home the bacon. And I wish I could give you the briefs in detail, because they are eye-watering…”
“These ships are the Navy’s premiere counterterrorism tool, no doubt about it,” Kenny said. He added that’s the view of “those that lead this fight”–officers such as Special Operations Command leader Adm. Eric Olson–as well as the intelligence community.
We recently observed the USS Ohio (SSGN 726) with two dry deck shelters, which one would imply that there were at least two special operations teams aboard. The article goes on to the discuss unmanned systems in development for the SSGN, including submarine versions of the Sea Stalker and the Boeing ScanEagle, to improve ISR capabilities.
The SSGN has an advantage over aircraft because it has both the intelligence-surveillance-reconnaissance (ISR) and strike capabilities, he said, and doesn’t need permission from other nations to take off and land.
If you have read here long, you should already be aware that it is the submarine force quietly leading from the front lines for the Navy. Good to see the submariners get some credit. However, ADM Kenny should have stopped while he was ahead.
He added that the SSGN can fill the gap in surface-fire support created by the planned truncation of the DDG-1000 destroyer line.
Sigh. ADM, stick to irregular warfare, that last comment drove a Marine sitting 20 feet from my desk to use his outside voice indoors, and when you remove the colorful adjectives of his comment it goes something like “that guy knows nothing about fire support.” Maybe you were making an important point, but the Tomahawk Cruise Missile is not fire support, and if that is what you are talking about I will agree with the Marines. [From The Navy's Premiere Counterterrorism Tool]
Medvedev observes first-ever test-launch of Russian SLBM
The National Applications Office is meant to coordinate the use of military spy satellites to watch the US, but the GAO warns that more privacy checks are needed. Congress has given the NAO a qualified go-ahead, barring cooperation with law enforcement… for now.
[From New surveillance program will turn military satellites on US]
