Georgetown University’s Institute for Law, Science, and Global Security hosted a discussion this morning between the Institute’s Director, Dr. Catherine Lotrionte, and US Cyber Command’s Legal Counsel, Col. Gary Brown*, on the topic of “Legal Challenges to Advancing Cybersecurity.” The purpose of the discussion was to highlight some of the lessons learned from a conference held last year on the same topic, in which policymakers and other leaders in cyber attempted to tackle the legal complexities of cybersecurity.
View full article »
Tag Archive: Cyberespionage
The Heritage Foundation held an event this morning on cyber threats, with particular attention paid to House Intelligence Committee Chairman Mike Rogers’ bill, HR 3523 - the Cyber Intelligence Sharing and Protection Act of 2011.
View full article »
Project 2049 Institute has released a new study on the People’s Liberation Army’s Signals Intelligence and Cyber Reconnaissance Infrastructure. From the study’s description:
This study offers a tentative baseline for assessing the GSD Third Department, affiliated Technical Reconnaissance Bureaus (TRBs), and supporting research and development organizations. An examination of this organization, its role and function would provide a mosaic with which to better evaluate China‘s signal intelligence and cyber-infrastructure. The data points assembled by this monograph points to an expansive yet stovepiped organization responsible for various facets of technical reconnaissance, including collection of wireless line of sight communications, satellite communications, cyber surveillance, network traffic analysis, network security, encryption and decryption, translation, and political, military, and economic analysis.
Henry Kenyon at DefenseSystems reports on remarks made by General Keith Alexander, Commander of US Cyber Command at DARPA’s Cyber Colloquium, suggesting the military needs to move away from conventional paradigms of network security and implement more flexible approaches that will allow it to adapt to the continuously evolving threat:
One of the key things DOD must do to help thwart attacks on its networks is to repair its defensible network architecture. But to do so, it must move away from a static mentality that detects and reacts to incidents after they have occurred, he said.
The government’s network architectures must be redrawn and streamlined; there are 15,000 enclaves in DOD, Alexander said. This mix of networks offers Cyber Command little or no visibility into their status because there is no situational awareness in cyberspace, he maintained. To remedy this, organizations such as DARPA must develop autonomous technologies that can both detect intrusions in real time and put people in the loop to respond to them, he said.
(H/T CyberTheorist)
Word broke last night that a number of Japan’s embassies across the globe were the victims of some form of breaches. I use that term because of headlines like the one from Radio Netherlands Worldwide – “Cyber war on Japanese embassies,” and because it is still unclear what exactly took place.
From Alex Martin at The Japan Times:
Cyber-attackers targeted the Foreign Ministry and several overseas diplomatic missions with viruses delivered by email, Chief Cabinet Secretary Osamu Fujimura revealed to reporters Wednesday.
It’s likely some of the computers at the missions were infected in the latest in a string of cybersecurity breaches, following attacks on the Diet and major defense contractors.
“At present I am not aware of any classified information having leaked,” Fujimura said, adding that the government was collecting information from ministries and other institutions on the state of their IT security.
This news comes amid other reports that hackers had gained access to email accounts of members of Japan’s House of Representatives:
Hackers may have been spying on the e-mails of lawmakers in Japan’s lower house of parliament for a month, according to reports by the Japanese press.
The computer network of the lawmakers was infected with a virus in July and passwords were stolen, giving hackers access to the e-mail system. Information related to foreign and defence policies may have been exposed, a source close to the matter said, quoted by the Asahi newspaper.
An inquiry showed that the virus which infected the network later connected to servers in China, but it is difficult to find out who exactly placed it there, as it could have been accessed by anyone, the source said.
A few outlets are discussing a new report from Symantec regarding a new piece of malware that has entered the digital ecosystem, exhibiting many similarities to the Stuxnet code. There are a few key distinctions however.
From Mike Lennon at SecurityWeek:
According to Symantec, early samples of the malware were seen in Europe, with one revealing a compilation date as late as October 17, 2011 that Symantec is currently analyzing. Initial findings compared Duqu to Stuxnet, with parts of it nearly identical to Stuxnet—but it appears to serve a different purpose and does NOT contain code that would target industrial control systems.
Instead, Duqu’s primary purpose appears to be a remote access Trojan or RAT, being an acronym that stands for Remote Access Tool that can provide a way for attackers to install other forms of malware that can record keystrokes and collect other system information.
And from Robert Vamosi at Forbes:
At this time Duqu does not propagate and has been released only within targeted industries, although Symantec admits it may also be elsewhere and not yet discovered. The original compile dates on some of the variants of Duqu so far analyzed suggest it may have existed as far back as November 3, 2010. Stuxnet compile dates were between June 2009 and March 2010 and therefore pre-date Duqu.
Clues to Duqu’s origin do exist. For example, it uses a digital certificate set to expire August 2, 2012, issued from a company in Taipei, Taiwan. F-Secure’s Hypponen thinks the certificate might have been stolen from C-Media in Taiwan. Symantec says that certificate was revoked on October 14, 2011.
You can read Symantec’s report here.
Japan Security Watch has been providing good coverage of the Mitsubishi incident and its aftermath. Their latest update indicates that the breach may have been far more extensive than was initially thought:
The compromised data is restricted but not secret, and it is in Mitsubishi’s best interest to keep denying that any data was retrieved, but it seems likely that some other restricted reports might also have been transferred by the infected systems.
At first glance, 300,000 instances of illegal access seems to be an excessively high number of instances, suggesting that the data-mining efforts were automated.
Again, details are thin on the ground, and no doubt will remain that way to all but MHI and MoD officials. It remains a worrying event, but the lessons to be learned will help Japan’s defense industry secure itself against possibly more organized and deeper-penetrating attacks in the future.
It’s been reported that the systems were compromised by a significant number of malware infections.
In response to the fallout from this, the PM Noda’s cabinet has established a cybersecurity taskforce to address the growing threat:
The latest months have shown that Japan is not well prepared against high-scale electronic attacks. Several Japanese corporations, like Sony or Mitsubishi Heavy Industries, as well as some governmental agencies, have been targeted and sensitive data has been stolen or put at risk.
Data on nuclear power plants and military-related products were leaked in the attack on Mitsubishi Heavy Industries, Japan’s most important heavy machinery manufacturer. About 80 servers and computers had been infected with computer viruses, the company learned in mid-August.
The new taskforce, a public-private joint effort, will discuss electronic security and will try to find ways to protect the Japanese nation’s data from intruders.
Yesterday I attended the AAAS event on cyber attacks. On the panel were Stewart Baker, former Assistant Secretary of Policy, John Steinbruner, Professor of Public Policy at the University of Maryland & Director of the Center for International and Security Studies at Maryland (CISSM), and “James,” who was not described any further.
I should begin by noting that this post is based on my notes, and any errors are unintended.
The event began with a description of what the threat looks like. Baker provided the hypothetical of a conventional conflict brewing between the US and China, with forces being deployed and readied for combat. Prior to engagement, power for New England is knocked offline, with a “nationalist group” in China claiming responsibility for it and stymieing US efforts to fix the problem. The inability to bring the grid backup and attendant consequences (financial losses, casualties, etc.) would place such pressure on our political institutions as to force the US president to pull back from the pending military conflict, effectively surrendering.
From this the panel concurred that the gravest threat today is that posed to our power infrastructure, and that such a scenario is technologically possible today.
Thus, one of the major themes of the evening was “what to do about it,” – “it” being cyber attacks. Steinbruner took the position that “globally organized protection” was necessary, through conventions and other international legal measures. With regard to attacks on power grids, he called for a solid prohibition.
Baker took a different stance, arguing that “Moore’s Outlaws” still applies and that we need to change the adversary calculus, making it too painful for the bad guys to attack us. Baker contended that the strict prohibition was “delusional” in the sense that there was simply no way to enforce it. A country does not walk into a negotiation with an adversary, tell that country that it better not do this really bad thing, and expect to walk away with a deal without some major concessions. He further noted that conventions and other laws put the US at a disadvantage, because the US strenuously adhere to them while others may (and likely do) have less incentive to do so. Of some note here as well is the idea that if the New England scenario described above were to occur, a military response would very much be on the table. This seems to comport with what’s been previously discussed.
The discussion next turned to attribution and privacy issues. This was an interesting part of the talk – it was observed that anonymity is getting harder, not easier (not terribly surprising), and that there is a wealth of data out there on each individual, some of it put there willingly, other parts less so. Baker raised the idea of a “more authentication-friendly architecture” to help facilitate enforcement efforts, but noted the privacy concerns raised by such a change. There was also some talk of anomaly detection software and other tools that will examine your use of a system to see if it comports with your behavior profile or other data. This could lead us to see a scenario in which anonymity draws more attention to a user than conspicuousness, thus leading bad actors to try to “hide in plain sight.”
The panelists then addressed what I can best describe as our “strategic mindset,” or lack thereof. Baker suggested that we’re too focused on “who has the authority to do what,” rather than, “say this happens – how do we win.” Baker and Steinbruner again engaged each other on the latter point, with Steinbruner making the point that our focus ought to be, “how do we keep this from happening in the first place?” Baker’s rejoinder was that if we aren’t able to see what’s necessary to win, indeed what winning would look like, we’re in no position to prevent it from happening.
Before entering a brief Q&A session, Baker observed that one principle on which most countries might find themselves in agreement would be that countries are responsible for “packets leaving their borders,” though he noted that would represent a major shift in how most Americans view and utilize the Internet.
In all it was an informative (albeit brief) discussion. If you were in attendance and think there is something I overlooked, feel free to post a comment.
Lastly, a quick plug for Nebraska’s Space and Cyber Conference in Washington DC next week. If you can make it, please join us. As an LL.M. student I had the opportunity to attend last year, and learned a wealth of information over the course of the conference. You will find links for registration at the above link.
Image via Wikipedia
The House Permanent Select Committee on Intelligence will hold a hearing entitled, “Cyber Threats and Ongoing Efforts to Protect the Nation,” on October 4, from 10am to 1pm. You will be able to watch the hearing here.
Welcome to The Khôranauts, a blog about cyberwarfare, space control, and everything in between. This is a project of two Space and Telecommunications Law LL.M. graduates from the University of Nebraska-Lincoln. We hope you’ll visit our site often, and provide feedback and your own perspectives on these issues.
A bit about the title first. We had hoped to use the title “The Cybernauts,” as it perfectly encapsulated the subject matter of this blog. Shortly after choosing that title we discovered it had already been taken. An afternoon of meandering the web yielded the term Khôra:
Khôra (Khora or Chora; Greek: χώρα) is a philosophical term described by Plato in Timaeus as a receptacle, a space, or an interval. It is neither being nor nonbeing but an interval between in which the “forms” were originally held. Khôra “gives space” and has maternal overtones (a womb, matrix).
Considering the legal issues involved in both space and cyber are often subject to interpretation and represent new frontiers for humanity, we thought this might be a decent place to start. It may change, but we’ll do our best not do so too frequently.
Today’s first article is on the “cyberattack” suffered by Mitsubishi Heavy Industries (hat tip to Hillicon Valley). It should be immediately noted that the article describes the intrusion of Mitsubishi’s systems as the “first known cyber attack on Japan’s defense industry;” as Andrew Davies notes, it is unlikely that this is truly the first:
“It’s probably just the first that hacking attacks in Japan have been detected. It’s consistent with what we’ve seen already with big American defense companies,” Andrew Davies, a cyber-warfare analyst with the government backed defense think-tank, the Australian Strategic Policy Institute, told Reuters.
ErikTheBlond
Luke Pelican
