US cyber security is top of the agenda

Barack Obama made an initial review of US cyber security, but pressure is growing for the president to take further action For the past month or so a curious game has been going on in the world of rumour and uncertainty that passes for the intelligence community. At the heart of it is an attempt to force the US president, Barack Obama, to put cyber security back to the top of his agenda and to usher in increased monitoring of the internet. Despite an initial promise of action and a demand for a report on the risks to the US technology infrastructure to be on his desk in 60 days, little in policy terms has been heard since. Even more frustratingly for the computer-security community, Obama has also not filled the much-trumpeted post of cyber czar . Melissa Hathaway, the White House's senior acting director for cyberspace and the author of Obama's 60-day review of cyber policy , had been widely tipped for the position – but four months ago she resigned , citing personal reasons for her decision. Damage limitation This appears to have resulted in a turf war between the US department of homeland security, the military and the intelligence community as each compete for responsibility for the issue. Now, in what is being seen as an attempt to jog Obama's memory, stories about the US's vulnerability to cyber attack , the threat it poses to its economy and the potential rise of cyber-terrorism have begun to appear on an almost daily basis. Senior intelligence officials are suggesting that the US faces a massive risk to its power grid and communications infrastructure – claiming that if current vulnerabilities are exploited there would be enormous economic damage to the US. "There has been a heightened awareness of our vulnerability to cyber attacks in the US and that has been building for over a year. People are saying, 'Look at Lehman Brothers' – if someone had taken out another banking website on the same day it would have been the straw that broke the camel's back," says Tom Reilly, a US director of ArcSight, a company set up by the investment arm of the CIA. It draws 30% of its revenue from monitoring critical infrastructure for dangerous activity for US federal government agencies and Nato. On the subject of the cyber czar, Reilly says: "There is now a lot of impatience … People are looking for an individual to be appointed to set policy direction, and without that framework in place there is the possibility of duplication by agencies." The potential for exploiting the fragile confidence in financial institutions has not been lost on businesses. "The recession has been a driver in awareness," says William Beer, director of information security practice for PricewaterhouseCoopers. "For the first time, critical infrastructure vulnerability has made it onto the risk register

More here:
US cyber security is top of the agenda

Concerns over Obama’s delayed cybersecurity chief

The White House has yet to appoint a head of cybersecurity, more than five months after President Obama announced that protecting America's computer systems was a "national security priority". The slow progress has left some senior figures concerned that government officials are not taking the threat seriously - despite a string of high-profile attacks on America's internet infrastructure. The role, which is meant to draw together different areas of the nation's cyberdefence for the first time, was announced earlier this year as part of an attempt to coordinate organisations including the National Security Agency, Department of Homeland Security and the Pentagon. In May, President Obama said that it was vital to establish a White House office responsible for coordinating cybersecurity because it was "one of the most serious economic and national security challenges we face". "Cyberspace is real, and so is the risk that comes with it," he said at the time. "From now on, our digital infrastructure will be treated as a strategic asset." The move came after a series of revelations about failures in online security that had potential impact across the US and Europe. One report suggested Chinese hackers had successfully infiltrated the system that operates the US electrical grid , while others suggested that computer criminals had stolen valuable documents relating to the military's £182bn Joint Strike Fighter programme - which is being jointly funded by the UK government.

Read more from the original source:
Concerns over Obama's delayed cybersecurity chief

Obama orders review of cyber security

Barack Obama has ordered a review of America's cyber defence strategy, opening the possibility of a wholesale change to the country's approach to online security. At the moment, a wide spread of agencies are involved in protecting the US from attack over the internet, including the Department of Homeland Security, National Security Council and the various branches of the military. That situation could be simplified, according to the results of the 60-day review announced by the White House yesterday. "The national security and economic health of the United States depend on the security, stability, and integrity of our nation's cyberspace, both in the public and private sectors," said John Brennan, Obama's assistant for counterterrorism and homeland security, in a statement. "The president is confident that we can protect our nation's critical cyber infrastructure while at the same time adhering to the rule of law and safeguarding privacy rights and civil liberties." The review will be overseen by Melissa Hathaway, a former consultant who was a high-ranking cyber security adviser to the Bush administration. She will temporarily take on the role of senior director of cyberspace until the completion of her work in April. The appraisal intends to measure precisely what online security measures are being taken, as well as point towards possible changes. It could eventually mean the White House is more involved in cyber security decisions – as well as bringing more power to national security adviser General Jim Jones. Online security is a growing concern for governments around the world, particularly as critical infrastructures such as communications, finance and transport become more reliant on the internet to work. According to former director of national intelligence Mike McConnell, the potential for chaos caused by an online attack on the US is enormous. "If you get in our systems and you're trying to destroy banking records or electric power distribution or transportation, it could have a debilitating effect on the country," he told reporters recently.

See the original post here:
Obama orders review of cyber security

Danny Bradbury investigates the cyberattack on Kyrgyzstan

It was the second time of trying to reach Paul Quinn-Judge on his mobile phone. Was there a landline we could use? "The landlines here just don't work. It would involve many hours of pain," said the analyst for the International Crisis Group, an NGO that advises governments on conflict resolution. Quinn-Judge lives in Bishkek, the capital of Kyrgyzstan. From 18 January until last weekend, the country had been pummelled by a massive distributed denial of service (DDoS) attack. Two of its four ISPs had been hit. Surfing from inside the country, Quinn-Judge, who says that internet access inside the country is poor at the best of times, hadn't noticed any change. But intelligence experts in the west speaking directly with senior sources in the Kyrgyz ISP community said that the sustained attack had taken as much as 80% of its internet traffic to the west offline. But who did it, and why? The country, nestled in the mountainous territory between China and oil-rich Kazakhstan, isn't a major player on the world stage. There's little oil or natural gas. It isn't at war with anyone, and its internet infrastructure is limited at best. Strategic importance Don Jackson, senior security researcher at the Atlanta-based managed services firm SecureWorks, thinks that the Russian government was behind the attack. Traffic came almost entirely from Russian networks that he says are controlled by former members of the Russian Business Network, which was a St Petersburg-based ISP said to have rented network capacity to cybercriminals without asking questions. "The RBN, meaning not just the hosting company but its close circle of clients, has been called upon to do this kind of thing by the Russian government in the past," says Jackson. He asserts that the Russian government sanctions such activities at arm's length without wanting to be seen as directly involved. "The fact that [Russia] allows it gives some kind of consent," agrees Jeffrey Carr, chief executive of GreyLogic, a company providing intelligence on hackers to government clients.

See the original post here: 
Danny Bradbury investigates the cyberattack on Kyrgyzstan