Hackers take aim at key U.S. infrastructure

Hackers take aim at key U.S. infrastructure (http://www.cnn.com)

02/20/2013 – Cyber Security

Tuesday’s report detailing hacking activities by the Chinese government against U.S. targets all but confirmed what everyone suspected: the Chinese, along with other nations and groups, are gathering information that could disrupt the operation of critical infrastructure in this country, including power plants, chemical factories and air-traffic control systems.

To be clear, the report from U.S.-based cybersecurity firm Mandiant did not say the Chinese government has actively tampered with these systems. The only two counties thought to have actually altered industrial processes in another country are the United States and Israel, which are suspected of infecting an Iranian uranium enrichment plant with malicious software that caused the centrifuges to spin out of control and self-destruct.

But the Mandiant report said it was likely Chinese military personnel that hacked into Telvent Canada, a firm now known as Schneider Electric that makes switches and other gear for oil and gas pipelines. The Chinese military denies the allegations, calling them “groundless both in facts and legal basis.”

(Continue reading at http://www.cnn.com)

My Two Cents: Hacking is only going to get worse. Seems to me that the software running these firewalls has too many mistakes within the code, and people should NOT be allowed to click on any links via an email message. Then of course, is it a good idea to have pro-logic controllers attached to the internet?

Sophisticated cyber-attack hits Energy Department, China possible suspect

Sophisticated cyber-attack hits Energy Department, China possible suspect (http://www.foxnews.com)

02/04/2013 – Cyber Security

The Energy Department has been hit by a major cyber-attack, which resulted in the personal information of several hundred employees being compromised and could have been aimed at obtaining other sensitive information, The Washington Free Beacon reports.

FBI agents are investigating the attacks, which happened two weeks ago, at the Washington-based headquarters. Fourteen computer servers and 20 workstations reportedly were penetrated during the attack.

China, as well as Iran, have been after Energy Department secrets. Several groups and agencies have warned about stepped-up cyber activities out of China.

“China continues to develop its capabilities in the cyber arena,” the U.S. China Economic and Security Review Commission said in a November 2012 report to Congress. “U.S. industry and a range of government and military targets face repeated exploitation attempts by Chinese hackers as do international organizations and nongovernmental groups including Chinese dissident groups, activists, religious organizations, rights groups, and media institutions.”

Officials tell the Beacon they’re working to plug security holes in the system and are developing ways to prevent a similar cyber attack in the future.

(Continue reading at http://www.foxnews.com)

My Two Cents: Cyber-attacks are only going to get worse. This problem is not about an indvidual college kid hacking into a school system to change a grade. This is a collective problem, where government intelligence organizations are behind these attacks. This is just the beginning.

Broad Powers Seen for Obama in Cyberstrikes

Broad Powers Seen for Obama in Cyberstrikes (http://www.nytimes.com)

02/03/2013 – Cyber Security

A secret legal review on the use of America’s growing arsenal of cyber weapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review.

That decision is among several reached in recent months as the administration moves, in the next few weeks, to approve the nation’s first rules for how the military can defend, or retaliate, against a major cyber-attack. New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code — even if there is no declared war.

Cyber weaponry is the newest and perhaps most complex arms race under way. The Pentagon has created a new Cyber Command, and computer network warfare is one of the few parts of the military budget that is expected to grow. Officials said that the new cyber policies had been guided by a decade of evolution in counterterrorism policy, particularly on the division of authority between the military and the intelligence agencies in deploying cyber weapons. Officials spoke on condition of anonymity because they were not authorized to talk on the record.

The Obama administration has urged stronger firewalls and other systems to provide a first line of defense, and then resiliency in the face of cyberattacks. It failed to get Congress to pass cybersecurity legislation that would have allowed the government to mandate standards.

(Continue reading at http://www.nytimes.com)

My Two Cents: Every year that goes by I see more and more everyday systems being exposed to the internet. This is a good thing, as long as they are protected. Security standards do exist (we don’t need Congress to mandate standards), and thinking out of the box to secure your cyber infrastructure is a must these days. However, I would like some kind of international\national legal action or law for private corporations to be able to retaliate after an attack. We could stage our servers at our datacenters and our maximized bandwidth at these bad guys and take them out. Legal prevents me from doing this..lol, even though we have the technology and systems to do it. They argue “What if we target the wrong system by mistake?” FYI: We get thousands of Denial of Service attacks every hour. We track where they come from, we know where and who they are. I am tired of everyone here in the USA being re-active then being pro-active. I hate to say it, but it will take a Pearl Harbor cyber attack event to make everyone wake up and see how vulnerable their systems are!