If you’re in Washington DC this Wednesday, you’ll have to endure the agony of choice between two great cybersecurity panels.
George Washington University’s Homeland Security Policy Institute will be hosting roundtable discussion on pending cybersecurity legislation, with former Director of National Intelligence Mike McConnell, former Department of Homeland Security Director Michael Chertoff, and senior congressional staff. The event begins at 10:30 in the Jack Morton Auditorium, 805 21st Street, NW. See this link for more information.
And the Bipartisan Policy Center will be hosting an event at the same time on how best to forge public-private partnerships for cybersecurity, with a focus on policies put forth by the FCC. That discussion will include former Assistant Secretary for Policy at DHS, Stewart Baker; Director of Risk Management Information Security at CenturyLink, Michael Glenn; President of the internet intelligence firm Renesys, Andy Ogielski; and Assistant Secretary of the Office of Cybersecurity and Communications at DHS, Greg Schaffer. This event will be held at 1225 Eye St. NW, Suite 1000. See the link for more details.
Yesterday, the Hudson Institute hosted a discussion between Harold Furchtgott-Roth and Gen. James Cartwright (USMC, ret.) entitled “Recent Developments in Cyber Warfare.” Cartwright served as Commander, U.S. Strategic Command, and later as Vice Chairman of the Joint Chiefs of Staff. He is currently the Harold Brown Chair in Defense Studies at the Center for Strategic and International Studies (CSIS).
Cartwright began his discussion by noting that the underlying assumptions about how the Department of Defense (DOD) views cyber and has organized itself in that respect are not well understood, and that he wanted to rectify some of those misconceptions.
View full article »
The House Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies will hold a hearing tomorrow at 10 am on draft legislation that takes an information sharing approach to cybersecurity. The hearing will be livecast.
Word broke last night that a number of Japan’s embassies across the globe were the victims of some form of breaches. I use that term because of headlines like the one from Radio Netherlands Worldwide – “Cyber war on Japanese embassies,” and because it is still unclear what exactly took place.
From Alex Martin at The Japan Times:
Cyber-attackers targeted the Foreign Ministry and several overseas diplomatic missions with viruses delivered by email, Chief Cabinet Secretary Osamu Fujimura revealed to reporters Wednesday.
It’s likely some of the computers at the missions were infected in the latest in a string of cybersecurity breaches, following attacks on the Diet and major defense contractors.
“At present I am not aware of any classified information having leaked,” Fujimura said, adding that the government was collecting information from ministries and other institutions on the state of their IT security.
This news comes amid other reports that hackers had gained access to email accounts of members of Japan’s House of Representatives:
Hackers may have been spying on the e-mails of lawmakers in Japan’s lower house of parliament for a month, according to reports by the Japanese press.
The computer network of the lawmakers was infected with a virus in July and passwords were stolen, giving hackers access to the e-mail system. Information related to foreign and defence policies may have been exposed, a source close to the matter said, quoted by the Asahi newspaper.
An inquiry showed that the virus which infected the network later connected to servers in China, but it is difficult to find out who exactly placed it there, as it could have been accessed by anyone, the source said.
Eric Chabrow at GovInfoSecurity reports on a DOE Inspector General report that indicates the department suffered four “cyberattacks” on non-classified systems, costing more than $2 million.
“As noted by recent successful attacks at four department locations, exploitation of vulnerabilities can cause significant disruption to operations and/or increases the risk of modification or destruction of sensitive data or programs, and possible theft or improper disclosure of confidential information,” Inspector General Gregory Friedman wrote in the report.
Though DoE had expanded efforts to mitigate these risks in the last fiscal year, which ended Sept. 30, more steps must be taken to strengthen department IT from attackers seeking to exploit vulnerabilities in applicatons and products, the inspector general audit said.
McAfee will be hosting a webcast this afternoon on Duqu, how it works, and what threat it poses to “utility operations.” The webcast begins at 4pm Eastern.
As an aside, I can’t help but think about this other “Dooku” whenever I post on this topic. I unfortunately find myself snickering.
James Simpson at Japan Security Watch reports on the latest revelations in the Mitsubishi Heavy Industry intrusion, with indications that information relating to Japanese defense assets and nuclear power infrastructure was among compromised data:
Officials are suspicious that information relating to combat defense equipment and nuclear power plants has been leaked in the cyber-attack incident at Mitsubishi Heavy industries. From the left-over traces of the information transmitted to the outside world, there is said to be highly possible that something was stolen. Suspicions have begun to surface that the virus that infected MHI circulated military information.
Ellen Nakashima and David S. Hilzenrath at the Washington Post report on the SEC’s new guidance issued on October 13, which
promulgates reiterates existing obligations for publicly traded companies, and how those obligations also apply to cybersecurity. From the article:
The SEC guidance clarifies a long-standing requirement that companies report “material” developments, or matters significant enough that an investor would want to know about them. The guidance spells out that cyberattacks are no exception.
For example, the SEC says, a company probably will need to report on costs and consequences of material intrusions in which customer data are compromised. The company’s revenue could suffer, and it could be forced to spend money to beef up security or fight lawsuits. In addition, if a company is vulnerable to cyberattack, investors may need to be informed of the risk, the SEC said.
You can view the SEC guidance document here.
Japan Security Watch has been providing good coverage of the Mitsubishi incident and its aftermath. Their latest update indicates that the breach may have been far more extensive than was initially thought:
The compromised data is restricted but not secret, and it is in Mitsubishi’s best interest to keep denying that any data was retrieved, but it seems likely that some other restricted reports might also have been transferred by the infected systems.
At first glance, 300,000 instances of illegal access seems to be an excessively high number of instances, suggesting that the data-mining efforts were automated.
Again, details are thin on the ground, and no doubt will remain that way to all but MHI and MoD officials. It remains a worrying event, but the lessons to be learned will help Japan’s defense industry secure itself against possibly more organized and deeper-penetrating attacks in the future.
It’s been reported that the systems were compromised by a significant number of malware infections.
In response to the fallout from this, the PM Noda’s cabinet has established a cybersecurity taskforce to address the growing threat:
The latest months have shown that Japan is not well prepared against high-scale electronic attacks. Several Japanese corporations, like Sony or Mitsubishi Heavy Industries, as well as some governmental agencies, have been targeted and sensitive data has been stolen or put at risk.
Data on nuclear power plants and military-related products were leaked in the attack on Mitsubishi Heavy Industries, Japan’s most important heavy machinery manufacturer. About 80 servers and computers had been infected with computer viruses, the company learned in mid-August.
The new taskforce, a public-private joint effort, will discuss electronic security and will try to find ways to protect the Japanese nation’s data from intruders.
Lee Youkyung with Yonhap News reports that the Republic of Korea’s National Intelligence Services received a court order to monitor the Gmail account of a citizen suspected of DPRK-supporting activities.
The NIS argued that “packet monitoring” of Kim’s Gmail account was “inevitable” because local citizens evade investigations by seeking a so-called cyber exile in foreign email services, rendering search warrants ineffective, the agency wrote in the legal document.
The court granted access to Kim’s Gmail to the agency, according to Hankyoreh. The spy agency likely has the technical skills to monitor the stream of emails sent to and from Gmail accounts and glean information, the report added.