Friday, June 17, 2011

Are the ongoing storm of cyberattacks preventable?

Experts think so. William Jackson over at Government Computer News has written a great article about the latest attacks and what experts think we need to do:

The CIA has become a member of a less-than-exclusive club of high-profile targets hit by online attacks, falling victim to a denial-of-service attack that temporarily took down its website.

The outage was reported June 15 and the LulzSec hacker group claimed credit. Other recent victims of a variety of attacks include defense contractors Lockheed Martin and L-3 Communications, the website of the Atlanta InfraGard chapter, the International Monetary Fund and the U.S. Senate.

Some of the attacks were targeted, using data stolen earlier this year from EMC’s RSA security division, some involved webpage defacements and others were simple denial-of-service attacks.

“They all have one common denominator,” said Eric Giesa, vice president of product management for F5 Networks. “All of them are preventable.”

Giesa blamed the cybersecurity industry as much as the users for the lack of preparedness. “Shame on the industry,” he said. “We haven’t been doing a good enough job of educating people how to protect against these things.”

“A lot of this stuff we should be able to stop,” agreed Kevin Haley, a director of Symantec Security Response. “But we’re not. People haven’t been doing the easy things to stop the attacks.”

Read the rest of the story over at

Tuesday, June 7, 2011

Major cybersecurity breaches builds momentum for government action

Cybersecurity experts have warned the government for years about the increasing threat that attacks from criminals and foreign states post to the nation's economic and physical security. But it has taken a series of high-profile breaches in recent years to build enough momentum to cut through the legislative stalemate.

The release of the first detailed legislative guidance on the topic from the White House is another sign that comprehensive cybersecurity legislation may finally pass Congress this session after years of inactivity.

Both the Senate and the House have shown a willingness to cooperate on legislation, though there is a healthy debate over how much authority the government should have to regulate security standards for private sector firms, particularly those deemed "critical infrastructure" and therefore crucial to national security. On one thing most experts are in agreement: whatever we're doing now isn't working. The following incidents are just the most public evidence.

Click on over to THE HILL to see some of the major security breaches

Wednesday, June 1, 2011

The Pentagon is Consider Cyberattacks as Acts of War

The US is set to publish plans that will categorise cyber-attacks as acts of war, the Pentagon says.
In future, a US president could consider economic sanctions, cyber-retaliation or a military strike if key US computer systems were attacked, officials have said recently.

The planning was given added urgency by a cyber-attack last month on the defence contractor, Lockheed Martin.

A new report from the Pentagon is due out in a matter of weeks.

"A response to a cyber-incident or attack on the US would not necessarily be a cyber-response. All appropriate options would be on the table," Pentagon spokesman Colonel Dave Lapan told reporters on Tuesday.
Mr Lapan confirmed the Pentagon was drawing up a cyber defence strategy, which would be ready in two to three weeks.

Cyber-attacks from foreign nations that threaten widespread US civilian casualties, like cutting off power supplies or shutting down emergency-responder networks, could be treated as an act of aggression under the new policy.

But the plan does not mention how the US may respond to cyber-attackers, such as terrorists, who are not acting for a nation state.

Take a look at the rest of the story HERE