The security week ahead: Let the Cyber Cold War begin!
D.C. wonks warm up to a new Cold War: this one fought with computers. Plus: Death of Aaron Swartz inspires Anonymous back to action.
Image: Reuters/Rick Wilking
Let the Cyber Cold War begin!
There's going to be more talk about 9/11 this week than at any time since...well... 9/11. This time, however, it's a "Cyber 9/11" that has the D.C. Beltway crowd in knots.
The Washington Post reported on Sunday that The Pentagon has approved a five-fold expansion of the Department of Defense's three year-old Cyber Command - with a focus on both offensive and defensive cyber actions.
The move has yet to be officially announced, but follows a string of urgent-sounding, "End of Days" type statements from high-ranking military and Obama Administration officials about the threat of a catastrophic cyber attack on the U.S.
On Thursday, for example, U.S. Homeland Security Secretary Janet Napolitano warned that a major cyber attack is a "looming threat" and could have the same impact as Superstorm Sandy, which devastated parts of New York and New Jersey, and the 9/11 2001 terrorist attacks on Washington D.C. and New York.
"We shouldn't wait until there is a 9/11 in the cyber world," Napolitano is quoted by Reuters as saying in a speech at The Wilson Center, a Washington D.C. think tank. "There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage."
And Napolitano's comments follow similar admonitions by Defense Secretary Leon Panetta in October. Speaking to a gathering of Business Executives for National Security, Panetta dropped the "cyber 9/11" meme when describing the increase in cyber threats to the U.S. by other nations. "A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11," Panetta said.
Given the imminent announcement from the Pentagon, you should expect the discussion about the nation's preparedness for cyber war to heat up this week. After all, the juicing of Cyber Command raises more questions than it answers. For one thing: where will the U.S. Military find the talent to fill the 4,000 cyber warrior req's that the expansion entails. That's a tall order, especially given the hot market for cyber security skills in the private sector, where top candidates can expect higher pay, opportunities for promotion, a lax dress code and the freedom to leave for greener pastures when the opportunity arises.
Still, there's ample evidence of a global cyber arms race. Just last week, Reuters reported that a sophisticated and malicious virus shut down one U.S. power plant for three weeks, after a technician inserted an infected USB into a system connected to the plant's network. Beyond that, reports about widespread economic espionage and spying with ties to China are common. And, following devastating cyberattacks like the Stuxnet worm that have links to the West, Iran made offensive and defensive cyber operations a top priority.
Finally, Russian President Vladimir Putin signed an order on January 15 that directed that country's Federal Security Service (FSB) to "create a state system for the detection, prevention and liquidation of the effects of computer attacks on the information resources of the Russian Federation", that, following the discovery of a widespread cyber spying operation targeting Russian embassies and dubbed "Red October."
But what do "cyber war" or even "cyber cold war" mean? And - if attacks are ongoing - what determines when a cold war becomes a hot one? Those are questions that will have to be worked out in the weeks and months ahead.
Anonymous's second act
The demise of the global hacking collective known as Anonymous has been declared more times than we can count. All the same: the group - whatever that means - has always found a way to survive - and even thrive. Despite arrest and trial of high ranking members and the defection of trusted insiders like Hector Xavier Monsegur (aka "Sabu"), the group carries on as a kind of amorphous change agent - what security luminary Joshua Corman of Akamai calls a "chaotic actor." In recent days, Anonymous has stirred to life again: spurred by the tragic suicide of Aaron Swartz, a promising, 26 year-old software developer and Internet activist: briefly defacing the website of MIT with a memorial to Swartz.
Then, over the weekend, Anonymous carried out a higher profile hack against the U.S. Sentencing Commission (USSC), a U.S. government agency that provides sentencing guidelines for U.S. federal courts. The U.S. justice system and U.S. Attorney for Massachusetts Carmen Ortiz have been the targets of outrage following Swartz's suicide, which many contend was provoked by an unrelenting federal prosecution of his hack of MIT's network.
Expect this story to continue, since Anonymous says that the USSC hack was part of a larger operation against government Web sites and that the group has sensitive data that would be "embarrassing" if released.