cyber security
Latest
Thumb drive-based malware attack led to formation of US Cyber Command
Recently declassified documents have revealed that the worst breach of U.S. military computers evar went down in 2008, a major turning point in our nation's cyberstrategy that eventually led to the formation of the United States Cyber Command. Operation Buckshot Yankee, as the defense came to be known, began when a USB thumb drive infected by a foreign intelligence agency was found in the parking lot of a Department of Defense facility in the Middle East. Whomever found the thing placed it in their laptop (probably hoping to find Justin Bieber MP3s), which just so happened to be attached to United States Central Command. From that point, writes Deputy Defense Secretary William J. Lynn in Foreign Affairs, malware spread "undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control." Yikes! We still haven't found out which country orchestrated the attack, or what they might have learned from it, so until the Pentagon tells us otherwise we're going to do what we usually do in these situations and blame Canada (sorry, Don). [Warning: read link requires subscription]
Perfect Citizen: secret NSA surveillance program revealed by WSJ
Do you trust your government? Do you just support it like an obedient Britney Spears, steadfast to your faith that it will do the right thing? Your answer to those questions will almost certainly predict your response to a Wall Street Journal exposé of a classified US government program provocatively dubbed, "Perfect Citizen." Why not just call it "Big Brother," for crissake! Oh wait, according to an internal Raytheon email seen by the WSJ, "Perfect Citizen is Big Brother," adding, "The overall purpose of the [program] is our Government...feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security." Histrionics aside, according to the WSJ, the "expansive" program is meant to detect assaults on private companies and government agencies deemed critical to the national infrastructure. In other words, utilities like the electricity grid, air-traffic control networks, subway systems, nuclear power plants, and presumably MTV. A set of sensors deployed in computer networks will alert the NSA of a possible cyber attack, with Raytheon winning a classified, $100 million early stage contract for the surveillance effort. Now, before you start getting overly political, keep in mind that the program is being expanded under Obama with funding from the Bush-era Comprehensive National Cybersecurity Initiative. The WSJ also notes that companies won't be forced to install the sensors. Instead, companies might choose to opt-in because they find the additional monitoring helpful in the event of cyber attack -- think of Google's recent run-in with Chinese hackers as a potent example. Like most citizens, we have mixed emotions about this. On one hand, we cherish our civil liberties and prefer to keep the government out of our personal affairs. On the other, we can barely function when Twitter goes down, let alone the national power grid.
