Cyber Security Bill passed the House by a vote or 422 to 5

Cyber Security Bill, laying foundations for building up the United States’ cyber security infrastructure, passed the House by a vote of overwhelming majority of 422 to 5, on the wave of recent Chinese hacking attacks. Below is the full text of the Bill.

Cybersecurity Enhancement Act of 2009 Continue Reading >>

Cyber Security Experts Brace for Rise in Tension Over US Arms Sale to Taiwan

Cyber security experts are warning about increased risk of China-originated cyber attacks in a view of announcement of a US arms sale to Taiwan and invitation of the Dalai Lama to the White House. US-China cyber confrontation is nothing new but Chinese hacking attacks and Obama’s new hardball policy shift with China will likely add fuel to the fire.

At the 10th National People’s Congress in 2003, the Chinese army announced the creation of “information warfare units.” General Dai Qingmin said internet attacks would run in advance of any military operation to cripple enemies. Clearly cyber intelligence is a critical component of China’s military arsenal. Cyber espionage officially arrived on Capitol Hill when two Republican congressmen, Rep. Frank Wolf of Virginia and Rep. Christopher Smith of New Jersey, went public with the news that in 2006 and 2007 their office computer networks had been breached by Chinese hackers. And also when Commerce Secretary Carlos Gutierrez, who was in China on a trip with a U.S. trade delegation last December, had his laptop slurped by Chinese cyber operatives. Not much happened after those two events. It was seen as just two of the many covert acts that take place in networks that connect the billions of computers and related devices globally. Perhaps the recent discovery of a vast Chinese cyber espionage network (code named GhostNet) that penetrated 103 countries, infected nearly 1,300 computers, and continued to infect at least a dozen new computers every week, will provide the wake-up call. In March of 2009, the security operations center (SOC) identified 128 acts of cyber aggression against their clients every minute that were tracked back to IP addresses in China. These acts should serve as a warning that clearly indicates just how far along China’s cyber intelligence collection capabilities are.

America tops the global chart of military spending, with China and Russia ranking second and third. China’s strategists believe the United States is dependent on information technology and that this dependency constitutes an exploitable weakness. There are reasons to believe that China and Russia’s militaries are collaborating and cyber warfare is one area that not only lends itself to remote collaboration, but there is soft and medium intelligence that this has and is occurring. Last year Col. Gary McAlum, chief of staff of the command’s Joint Task Force for Global Network Operations at U.S, Strategic Command, quoted approvingly from a new report Technolytics had produced saying, “China aims to achieve global electronic dominance by 2050.” This conclusion was drawn prior to the massive decline in the U.S. economy. As the U.S. funding for research and development has slowed substantially, China’s has increased.

“Current and potential U.S. adversaries seek to employ cyber warfare, as a means to confront U.S. military superiority in conventional conflict”, said William J. Lynn III, Deputy Defense Secretary. Additionally, Lynn said, the cyber-warfare threat is a major national security issue that has captured his attention.“If we don’t maintain our capabilities to defend our networks in the face of an attack,” he said, “the consequences for our military – and indeed, for our whole national security – could be dire.”

Lynn cited a 1998 cyber attack launched by two California teenagers and an overseas accomplice that targeted U.S. military computer networks. “The attacks were coordinated and aimed at crucial military [computer] systems,” Lynn said. “The threat was so serious that the president was briefed.”

Investigators, he said, traced the origins of the attack and the instigators were apprehended and tried on charges of computer assault.

Yet, that 1998 computer attack “was child’s play,” Lynn said, noting the frequency and sophistication of attacks have increased exponentially during the past decade.

“Cyber [warfare] is an especially asymmetric technology; the low cost of computing devices means that our adversaries don’t have to build an expensive weapons system like a fifth-generation fighter to pose a disproportional threat,” Lynn explained.

Consequently, he said, many militaries are building offensive cyber capabilities.

The Defense Department today operates 15,000 computer networks across 4,000 military installations in 88 countries, Lynn said, noting the department spends billions of dollars each year to administer, monitor and defend those networks.

Because of the seriousness of the cyber threat, he said, the Defense Department has over the past 10 years built layered and robust cyber defenses.

And, in June 2009, Defense Secretary Robert M. Gates directed the establishment of U.S. Cyber Command, a military sub-command focused on cyber security, Lynn noted. Cyber Command is in the process of being stood up and is to be based at Fort Meade, Md.

“Cyber Command will bring together more than a half a dozen intelligence and military organizations in support of three overlapping categories of cyber operations,” he said.

The command, he said, will protect defense computer networks, coordinate all defense computer operations and provide full-spectrum support for all military and counterterrorism missions, and stand by to support civil authorities and industry partners on an as-needed basis.

Next few years will be most likely years of steeply increasing federal cyber defense budgets.

Cyber Genome Program

The objective of the Cyber Genome Program is to produce revolutionary cyber defense and investigatory technologies for the collection, identification, characterization, and presentation of properties and relationships from collected digital artifacts of software, data, and/or users to support DoD law enforcement, counter intelligence, and cyber defense teams.

Digital artifacts may be collected from live systems (traditional computers, personal digital assistants, and/or distributed information systems such as ‘cloud computers’), from wired or wireless networks, or collected storage media. The format may include electronic documents or software (to include malicious software - malware). The Cyber Genome Program will encompass several program phases and technical areas of interest. Each of the technical areas will develop the cyber equivalent of fingerprints or DNA to facilitate developing the digital equivalent of genotype, as well as observed and inferred phenotype in order to determine the identity, lineage, and provenance of digital artifacts and users.

DARPA will host a Proposers’ Day Workshop in support of DARPA-BAA-10-36, CYBER GENOME PROGRAM on January 29, 2010 at the Ballston Hilton, 950 North Stafford Street, Arlington, VA 22203 from 8:00 a.m. to 6:00 p.m. EST. The purpose of this conference is to provide information on the CYBER GENOME PROGRAM; promote additional discussion on this topic; address questions from potential proposers; and provide a forum for potential proposers to present their capabilities for teaming opportunities. A second Proposers’ Day Workshop will be held on February 8, 2010, Arlington, Virginia area.

DARPA ADVANCES CYBER SECURITY TESTING INITIATIVE

Goal of National Cyber Range is Fast, Reliable, Cost-Effective Testing of Internet Security Systems

The Defense Advanced Research Projects Agency (DARPA)has advanced to the second phase of its National Cyber Range (NCR) program, a revolutionary approach to assessing the readiness of the nation’s cyber security systems and networks. The Agency awarded two contracts to continue the program, which aims to help researchers evaluate the strength and resiliency of the security programs they are developing.

In Phase I of the NCR program, DARPA oversaw the creation of initial conceptual designs, concepts of operation, and detailed engineering and system demonstration plans.

In Phase II, the Agency and its contractors will build and evaluate prototype ranges and their corresponding technology.

The following prime contractors were awarded contracts for Phase II:

• Johns Hopkins University - Applied Physics Laboratory, Laurel, Maryland - $24,777,235
• Lockheed Martin – Simulations, Training, and Support, Orlando, Florida - $30,803,319

The National Cyber Range is DARPA’s contribution to the interagency “Comprehensive National Cybersecurity Initiative” that aims to safeguard Federal Government information systems from cyber threats and attacks. The goal of the NCR program is to revolutionize the state of the art of the Nation’s cyber testing technology, and develop a computer systems test bed on which cyber scenarios can be evaluated simultaneously to provide a comprehensive, qualitative and quantitative assessment of the security of information and automated control systems that are under development.

“The National Cyber Range will revolutionize the Nation’s ability to evaluate the security of our research programs.The NCR program is developing revolutionary capabilities for cyber experimentation including a fully automated, secure range to validate leap-ahead cyber research technologies and systems, as well as provide vision for iterative and new computer security research directions for the community,” said DARPA Program Manager, Michael van Putte, Ph.D.

13th Annual New York State Cyber Security Conference, June 16 - 17, 2010, Albany, NY

13th Annual New York State Cyber Security Conference will be held at June 16 - 17, 2010, Empire State Plaza, Convention Center, Albany, NY.

The Annual NYS Cyber Security Conference is organized jointly by the University at Albany, State University of New York (SUNY) and the NYS Office of Cyber Security & Critical Infrastructure Coordination. The event is funded entirely through registration fees and the support of the sponsors and exhibitors; no state funds are used. This conference provides crucial training that enables the workforce to stay attuned to cyber security threats and effectively meet the challenges we are facing.

This two-day event features experts representing government, academia and industry from across the country and around the world. The Conference offers a variety of both technical and non-technical sessions, and is open to individuals in the public and private sectors. The program includes hands-on training for cyber security professionals as well as those in information technology, academia, law enforcement, the legal community and others who want to better understand the latest cyber security challenges we face and how to best address them.

Black Hat DC 2010, Information Security Event, February 2 – 3, 2010,Arlington, Virginia

Black Hat DC 2010 will host over 500 digital security experts, bringing together public and private sector security professionals and underground hackers from around the world to dissect the latest security trends. Black Hat DC is taking place February 2 – February 3 at the Hyatt Regency Crystal City in Arlington, Virginia.

Gregory Schaffer, U.S. Department of Homeland Security, will keynote at Black Hat DC 2010. U.S. Department of Homeland Security (DHS) Secretary Janet Napolitano appointed Greg Schaffer as Assistant Secretary for Cybersecurity and Communications (CS&C) last year. Mr. Schaffer works within the National Protection Program Directorate (NPPD) to lead the coordinated efforts of CS&C and its components, including the National Cyber Security Division, the Office of Emergency Communications, and the National Communications System. Schaffer engages the public and private sectors as well as international partners to prepare for, prevent, and respond to incidents impacting the nation’s strategic cyber and communications infrastructure.

Generalized Malware Analysis Platform Provides Pre-Emptive Protection Against Current Internet Explorer Vulnerability

FireEye, Inc., a developer of modern malware protection systems, confirmed that the FireEye Analysis & Control Technology (FACT) engine has provided pre-emptive protection to enterprise, federal and higher education customers against the current Internet Explorer (IE) zero-day vulnerability (see Microsoft Security Advisory 979352). FireEye provided protection from this sophisticated and targeted zero-day attack without any changes or content updates to the product. As the broad implications of the Operation Aurora attacks were disclosed, FireEye worked with customers to determine if they had been singled out. In several cases, it was confirmed that Operation Aurora had indeed targeted their network and that the FireEye security technology had identified the IE malware attacks; the same attacks recently disclosed targeting high-profile technology companies.

At multiple production sites, FireEye and its customers established that there were attempts made to exploit the IE zero-day vulnerability. Real-time detections were made in the FACT engine without any new rules or post-mortem analysis to manually develop security content. Within the FireEye virtual machine analysis environment, dropper malware was found to install and subsequently download a Hydraq Trojan payload. Hydraq then established an outbound connection to command-and-control servers providing the cyber criminals behind the attack full administrative access to the end system, including but not limited to manipulating files, processes, installing new malware, disabling auto-patching, and even uninstalling endpoint security. The IE zero-day exploit has now been documented and made publicly available.

FireEye network security appliances protect customers against zero-day attacks through advanced malware analysis across multiple protocols, including but not limited to HTTP, IRC, FTP and SMTP. Conducting deep packet inspection via highly instrumented virtual machines, the FACT engine is able to identify both previously infected machines as well as systems under attack. Organizations who are concerned they may have been attacked or are at risk of being targeted should contact FireEye for a network security review.

Reference: Operation Aurora was a cyber attack, conducted in mid-December 2009 and originating in China, against Google and more than 20 other companies, including Adobe Systems, Juniper Networks, Rackspace, Yahoo, Symantec, Northrop Grumman and Dow Chemical.

Cyber Defence, 17th to 20th May 2010, Swissotel, Tallinn, Estonia

SMi’s Cyber Defence 2010 is well timed and brings together international experts from across the cyber security sector. Being run in partnership with the Estonian MoD the event will examine the threats you face in cyberspace. Take the opportunity to attend our most interactive conference to date where you will have the chance to take part in panel discussions and multiple stream sessions. Cyber Defence 2010 will be held 17th to 20th May 2010, Swissotel, Tallinn, Estonia.

Cyber warfare has become a major concern for international governments, militaries and civil agencies over the last few years. Recently a wave of cyber attacks against NATO member Estonia in 2007, and then Georgia in 2008 have highlighted the crippling impact cyber warfare can have against a nation’s critical national infrastructure.

How do you protect national security in a borderless world? Learn from conference’s expert speakers:

• Colonel Pietro Nofroni, Chief of Defence Security Branch, Ministry of Defence, Italy
• Jeffery Troy, Chief, Cyber Criminal Section, Federal Bureau of Investigation, USA
• John Bumgarner, Research Director for Security Technology, Cyber Consequences Unit, USA
• Amit Yoran, CEO, NetWitness
• Mario Kempton, Head of information Security, Serious Organised Crime Agency, UK
• Frederic Jordon, CAT-8, Information Assurance Service Control, NATO C3 Agency
• Gareth Niblett, Chairman, BCS Information Security Specialist Group, UK
• Michael Kaiser, Executive Director, National Cyber Security Alliance, USA
• David Lacey, Director of Research, Information Systems Security Association (ISSA), UK
• Major General (Ret’d) Barbara Fast, Vice President Cyber Solutions, Intelligence and Security Systems, Network and Space Systems, Boeing
• Paul de Souza, Owner, Cyber Security Forum Initiative
• Jim Reavis, Executive Director, Cloud Security Alliance
• Professor Christian Probst, Language Based Technology, Technical University of Denmark

To register visit URL: http://www.smi-online.co.uk/2010cyber19.asp
Alternatively contact Teri Arri on tel: +44 (0) 20 7827 6162 or email: tarri@smi-online.co.uk

Lockheed Martin Initiates Cyber Security Technology Alliance

Lockheed Martin initiates formation of a new cyber security technology alliance with leading technology providers: APC by Schneider Electric, CA, Cisco, Dell, EMC Corporation and its RSA security division, HP, Intel, Juniper Networks, McAfee, Microsoft, NetApp, Symantec and VMware. The alliance members have agreed to collaborate on solutions that can help provide early threat detection, protection, and multi-layer autonomic self-healing capabilities to solve customers’ hard problems and meet future challenges.

The Lockheed Martin Cyber Security alliance combines the strengths of market leading companies’ solutions and integrates their best practices, hardware, software, and tools within a unique new research, development and collaboration center called the NexGen Cyber Innovation and Technology Center. The center is fully equipped for live cybertechnology exercises and demonstrations to help customers integrate solutions and test them in environments that are representative of their missions.

Lockheed Martin also holds existing Strategic Alliance Agreements with Cisco, EMC, HP, and Microsoft.

Camp Williams Will Host a New $1.5 Billion Cybersecurity Data Center

The U.S. Intelligence Community will build a new $1.5 billion data center at Camp Williams, Utah, which will provide critical support to national cybersecurity priorities. The center will support the Comprehensive National Cybersecurity Initiative (CNCI) which is aimed at securing the United States’ information infrastructure and coordinating its defense with state and local governments, as well as the private sector.

The Center will add important capabilities to the IC so that intelligence agencies can exercise their lawful authorities, subject to appropriate oversight, to protect national security networks, provide technical assistance to the Department of Homeland Security, provide intelligence and warning regarding cybersecurity threats, and to otherwise carry out their proper tasks under the CNCI to meet cybersecurity objectives. The IC estimates between 5,000 and 10,000 individuals will be employed during the construction and development of the Data Center. Once operational, the facility will employ between 100 and 200 individuals.

“The Intelligence Community has an important mission in protecting the U.S. cyber infrastructure. Cybersecurity is among the most pressing of national security concerns we face, and Utahns are going to play an important role in this mission – in protecting America’s interests,” says Mr. Gaffney, deputy director of national intelligence for collection whose responsibilities include oversight for Intelligence Community (IC) cyber activities.

The Cyberspace Policy Review, revealed by the White House earlier this year, describes a new way forward towards a reliable, resilient, trustworthy digital infrastructure for the future. In its review, the White House states, “The architecture of the nation’s digital infrastructure, based largely upon the Internet, is not secure or resilient. Without major advances in the security of these systems or significant change in how they are constructed and operated, it is doubtful that the United States can protect itself from the growing threat of cybercrime and state-sponsored intrusions and operations.”