Date: April 20, 2010
Source: Sacramento Press
Abstract: Central Intelligence Agency director Leon Panetta told 300 Sacramento Metro Chamber Cap-to-Cap delegates that the next “Pearl Harbor” is likely to be an attack on the United States’ power, financial, military and other Internet systems. Panetta addressed the Sacramento delegation that includes 43 elected officials and hundreds of business and civic leaders who are in Washington D.C. for the annual program that advocates for the region’s most pressing policy issues. He spoke on Monday, April 19, during the Cap-to-Cap opening breakfast.
“Cyber terrorism” is a new area of concern for the CIA, Panetta said. The United States faces thousands of cyber attacks daily on its Internet networks. The attacks are originating in Russia, China, Iran and from even hackers. “The next Pearl Harbor is likely to be a cyber attacking going after our grid…and that can literally cripple this country,” Panetta said. “This is a whole new area of threat.” But cyber terrorism is just one of four primary missions for Panetta, who took over directing the CIA last year after appointment by President Obama. The CIA is also focusing on counter-terrorism, reducing the proliferation of weapons of mass destruction and fighting narcotics trafficking.
Al Qaeda is becoming a viscous target, and as CIA and military operations tamp it down in Pakistan, Afghanistan and Iraq, the terrorist elements are moving to places like Somalia, Yemen and North Africa—as well changing its tactics, he said. “The president’s direction…is we must dismantle and destroy Al Qaeda and its known elements,” he said. “It’s a fundamental mission….The primary effort takes place in Pakistan and tribal areas. We are now focused on Afghanistan and have increased our presence there.” Meanwhile, CIA is working to help Iraqis fight Al Qaeda. “Even as our military draws down in Iraq, we’ll keep our presence there…to provide intelligence to the Iraqis so they can secure their own country.” Worrisome, he added, is how Al Qaeda is “coming at us in other ways.”
These include using individuals who have clean records and are not being tracked; individuals who are already in the U.S.A. and in contact with Al Qaeda; and individuals who decided to “self-radicalize” and are easily and quickly recruited as terrorists. Previously, Panetta served as a congressional representative from the Monterey area, rising to the House Budget committee chair, and then latter as President Clinton’s Director of the Office of Management and Budget. “I’ve spent most of my life on budget issues,” he said, noting the “work we did eventually produced a balanced budget for the country.” When he’s asked why he took on the job at the CIA, he told the group, “Because considering the size of the federal deficit, I’d rather fight Al Qaeda” (Sacramento Press, 2010).
Title: Alarming Tales Of International Hacking From A Cyber-Terrorism Czar
Date: November 8, 2010
Abstract: On a September night in 2007, a swarm of Israeli jets swooped across Syrian airspace and destroyed a nuclear facility under construction. Despite Syria’s sophisticated radar, their approach went unnoticed. The Israelis had hacked the Syrian equipment so all it showed was vast, empty sky. It is technology that cuts all ways: In the United States, hackers have breached the Pentagon, while spies from China have gained access to 1,300 computers in embassies around the globe. Richard A. Clarke, a counterterrorism czar to three administrations and the first special adviser to the president on cyber security, calls the Internet a “cyber battlefield.” In his recent book, Cyber War, he discusses the vulnerability of the electrical grid, banking systems, air-travel networks, and national defense. Clarke recently visited the DISCOVER offices to discuss this emerging type of warfare.
You say the threat of cyber war begins with computer manufacturing. How so?
Take any piece of computer hardware—your laptop, your desktop, a router in the network. It has probably been assembled in one country, but the components have probably been made in two dozen: Taiwan, India, China, the United States, Germany. And the software has probably been written by thousands of people in many countries. You can’t have high security when there are that many people involved. It’s so easy to slip a trap door into 50 million lines of code for a piece of software. It’s so easy to have a microscopic element on a motherboard that allows people to get in without authorization.
How could this sort of invasion happen?
In cyber war or cyber espionage, the person who’s doing it can achieve access in dozens of different ways. Once they are in your computer or your local area network, they can see everything that goes on, they can copy information and exfiltrate that information, they can issue commands. If they’ve accessed a network that’s controlling something, such as an electrical power grid or a railroad system, they can cause things to happen not in cyberspace but in physical space. They can control a rail switch or a valve on a pipeline.
How are we responding to the threat?
Last October the United States created a unit just like Strategic Command or Central Command; this one’s called Cyber Command. Under Cyber Command is a Navy unit called the 10th Fleet that has no ships and an Air Force unit, the 24th Air Force, that has no planes. These units are designed to fight both offensively and defensively in cyberspace.
Has the United States ever experienced a serious case of cyber espionage?
The United States and several of its allies are building a new, fifth-generation fighter plane, the F-35 Lightning II, cutting-edge technology. There’s good reason to believe that a foreign government, probably China, hacked into the manufacturing company for the aircraft and downloaded all the plans. So for this plane that hasn’t even flown yet, a potential enemy knows its strengths and weaknesses. The really scary part is, if they got in, do you think they just copied information? Or do you think perhaps they inserted something in the software? Imagine the future where a U.S. F-35 is flying into combat and another nation sends up a much less capable airplane, but that other airplane can send out a signal that opens up a trapdoor in the software that’s running the F-35 and causes it to crash. Airplanes these days, whether it’s the F-35 or the 787, they’re all software. The plane is just one big computer network with all sorts of things being run by software applications.
What do we need to do to keep the country secure from digital attack?
The United States is pretty good at offense; the government can probably hack its way into most anything. But we don’t have a good defense. Right now the U.S. government is defending only itself, and that’s largely the military defending the military. The Obama administration’s attitude seems to be that if you’re a bank or a railroad or a pipeline company or a power company, you should defend yourself. Imagine in the 1960s if our government had said to U.S. Steel in Pittsburgh or General Motors in Detroit, “The Soviet Union has a lot of bombers and those bombers could reach Pittsburgh or Detroit, so you, private company GM, private company U.S. Steel, should go out and buy some air-defense missiles.”
What are the private companies saying in response?
They want it both ways. They want to minimize government involvement; they certainly don’t want the government telling them how to structure their information technology systems. But at the same time, when you tell them the government of China could be hacking into their company, they say, “Well, why isn’t the federal government stopping that? I pay my taxes.” In the end, there’s going to have to be a federal role larger than there is now. The fact that we have virtually no defense right now, that’s largely a matter of policy—not so much of technology—and it would seem to be a rather obvious wrong choice, I think.
It sounds like we’re the big, tough boxer with a glass jaw.
The line that I like to use is “People who live in glass houses shouldn’t throw attack code.” We should be taking the lead in arms control.
The fight against cyber attacks is a form of arms control?
I think if you do limits on cyber war, that’s arms control. I worked in arms control for over 20 years. I did biological, nuclear, and conventional arms control. I know how hard it is. I negotiated a lot of agreements, and cyber war would be very difficult to negotiate. But some of those arms control agreements may actually have stopped nuclear war. So let’s not throw up our hands and say, “We can’t do it in cyberspace with cyber war.” Instead, let’s get the arms control experts and the cyber experts together and see what we can do to reduce the chances of a damaging cyber war.
What is the biggest threat: national governments, terror groups, or individual hackers?
Individual hackers can make a lot of trouble, but they can’t bring down a power grid. They can’t do the really destabilizing infrastructure attacks that we’re worrying about. Criminal gangs are getting better at it, and we’re seeing cyber criminal gangs doing things that in the past only nations could do. So that is a worry. But for the most part our concern is cyber war directed nation to nation, because in addition to having lots of technology at your fingertips, nation-states have intelligence agencies. And intelligence agencies can provide the collateral information to figure out how to do an attack. Sometimes you need physical involvement, social engineering, information gathering before you do an attack.
What will it take for us to acknowledge the true magnitude of the threat?
When Russia cyber-attacked Estonia in 2007 and then a year later attacked Georgia, people said, “That’s the wake-up call.” When the Chinese attacks on Google occurred last year, people said, “Oh, that’s the wake-up call.” I think people would have to know that some great discomfort or some great violence had occurred because of deliberate malicious activity in a network (Discover, 2010).
Date: February 20, 2011
Abstract: CNN rolled out a slick propaganda presentation this evening. It is called “Cyber Shockwave” and it posits a cyber attack on the United States.
CNN will air a two-hour production, We Were Warned: Cyber Shockwave, based upon exclusive television access to a national security cyber “war game” scenario. The simulated event was developed by The Bipartisan Policy Center and will debut Saturday, Feb. 20 and Sunday, Feb. 21 at 8pm, 11pm and 2am ET on CNN. The scenario was created by Fmr. CIA Director, General Michael Hayden (ret.) as well as the co-chairs of the 9/11 Commission, Fmr. Rep. Lee Hamilton (D-IN) and Fmr. Gov. Thomas Kean (R-NJ).
Additional participants who served various roles for the scenario are: Fmr. U.S. Secretary of Homeland Security Michael Chertoff, Fmr. Director of National Intelligence John Negroponte, Fmr. White House Homeland Security Advisor and CNN contributor Fran Townsend, Fmr. Director of Central Intelligence John McLaughlin, Fmr. U.S. Senator Bennett Johnston, Jr. (D-LA), Fmr. National Economic Council Director Stephen Friedman, Fmr. U.S. Deputy Attorney General Jamie Gorelick, Fmr. White House Press Secretary Joe Lockhart, Fmr. National Security Agency General Counsel Stewart Baker, and Gen. Charles Wald, USAF (Ret.), former Deputy Commander of the United States European Command.
How should the government deal with the threat? Federalize the National Guard to deal with unruly mobs freaking out over the loss of electricity. Nationalize utility companies so the NSA and the government get electricity. The participants also recommended new powers be granted to the president. Not surprisingly, they declared the president has the authority to take unprecedented action against the states and the private sector under the Constitution.CNN and the participants agreed the slick propaganda presentation is aimed at the American people.
Infowars.com will post video of the simulation when it becomes available.
Earlier in the week, a new computer virus infected almost 75,000 computers worldwide — including 10 U.S. government agencies — collecting login credentials from online financial, social networking sites and email systems and reporting back to hackers, according to the New York Daily News. The FBI, Department of State and Department of Homeland Security were notified. The attacks are attributed to “criminal hackers.”
On February 4, the House overwhelmingly passed The Cybersecurity Enhancement Act (H.R. 4061), a bill that requires the Obama administration to conduct an agency-by-agency assessment of cybersecurity workforce skills and establishes a scholarship program for undergraduate and graduate students who agree to work as cybersecurity specialists for the government after graduation, according to The New York Times. The bill represents yet another intrusion into the private sector by the Obama administration and Congress.
Rep. Michael McCaul, a Texas Democrat, says he is optimistic about the bill’s chances in the Senate. “When you’re talking about science and technology and national security,” said McCaul, “those are elements we should all be able to work together (on); Democrat, Republican, and that’s what we saw on the House floor,” McCaul told Homeland Seucirity Newswire (Infowars, 2011).
Title: 10 Years After 9/11, Cyberattacks Pose National Threat, Committee Says
Date: September 7, 2011
Abstract: Ten years after the terrorist attacks of Sept. 11, 2001, the nation faces a critical threat to its security from cyberattacks, a new report by a bipartisan think tank warns.
The report, released last week by the Bipartisan Policy Center's National Security Preparedness Group (NSPG), offers a broad assessment of the progress that the public sector has made in implementing the security recommendations of the 9/11 Commission. The comments about cybersecurity are part of broader discussion on nine security recommendations that have yet to be implemented.
The report, the foreword to which is signed by Lee Hamilton, a former Democratic representative from Indiana, and Thomas Kean, former governor of New Jersey, notes that catastrophic cyberattacks against U.S. critical infrastructure targets are not a mere theoretical threat.
"This is not science fiction," the NSPG said in its report. "It is possible to take down cyber systems and trigger cascading disruptions and damage. Defending the U.S. against such attacks must be an urgent priority."
The report highlights concerns expressed by the Department of Homeland Security (DHS) and the U.S. intelligence community about terrorists using cyberspace to attack the country without physically crossing its borders. "Successive [intelligence chiefs] have warned that the cyber threat to critical infrastructure systems -- to electrical, financial, water, energy, food supply, military, and telecommunications networks -- is grave."
The report makes note of a briefing in which DHS officials described a "nightmare scenario" of terrorists hacking into the U.S. electric grid and shutting down power across large sections of the country for several weeks. "As the current crisis in Japan demonstrates, disruption of power grids and basic infrastructure can have devastating effects on society," the report noted.
The committee's report is sure to reinforce perceptions among many within the security industry that critical infrastructure targets remain woefully underprepared for dealing with cyberattacks. Over the past few years, there have been numerous attacks targeting government and military networks. Most of the attacks are believed to be the work of highly organized, well-funded, state-sponsored groups.
Despite the attacks, some believe that those within government are not taking the threat seriously enough. Just a few weeks ago, for instance, Cofer Black, former director of the CIA's Counterterrorism Center during the Bush administration, warned about cyberthreats not being taken seriously enough.
Though many security experts agree that future conflicts will likely be fought in cyberspace, military and government officials have shown a hesitancy to act until they see a validation of the threats, Black said during a keynote address at the Black Hat conference in August. It was the same sort of skepticism that many government officials had showed toward the alarms sounded prior to the Sept. 11, 2001, Black had noted.
The Bipartisan Policy Center (BPC) is a Washington-based think tank that was established in 2007 by former Senate Majority leaders Howard Baker, Tom Daschle, Bob Dole and George Mitchell. The NSPG is a group that was established by the BPC to monitor the implementation of the 9/11 Commission's recommendations for bolstering national security in the aftermath of the terrorists attacks.
Last week's report offers an assessment of the progress that the government has made in implementing the commission's recommendations. According to the NSPG, the government has made significant progress in addressing many of the 9/11 Commission's 41 recommendations.
However, several crucial ones remain very much a work in progress, the report noted.
One area where little progress has been made has to do with the recommendation to increase the availability of radio spectrum for public safety purposes, the report noted.
"Incompatible and inadequate communications led to needless loss of life" on 9/11, the BPC said in its report. But plans to address the problem by setting aside more radio spectrum for first responders have "languished" because of a political fight over whether to allocate 10MHz of radio spectrum to first responders or to a commercial wireless bidder.
Another area where progress has been limited has been on the civil rights and privacy fronts, the report noted. Surveillance activities and the use of tools such as National Security Letters to search for terrorists has greatly expanded since the 9/11 attacks. But a recommendation for setting up a Privacy and Civil Liberties Oversight Board with the executive branch of the federal government has yet to be fully implemented.
"If we were issuing grades, the implementation of this recommendation would receive a failing mark," the NSPG said (Computerworld, 2011).
Title: Cyber Attacks Are Becoming Lethal, Warns US Cyber Commander
Date: September 15, 2011
Source: Computer Weekly
Abstract: Cyber attacks are escalating from large-scale theft and disruption of computer operations to more lethal attacks that destroy systems and physical equipment, according to the head of the US Cyber Command.
"That's our concern about what's coming in cyberspace - a destructive element," General Keith Alexander told a US conference on cyber warfare, according to the Washington Times.
Alexander, who is also the director of the National Security Agency (NSA), said that future computer-based combat is likely to involve cyber strikes that cause widespread power outages and even physical destruction of machinery.
The potential for cyber attacks to do this, he said, is illustrated by the electrical power outage in the Northeast US in 2003 caused by the freezing of software that controlled the power grid after a tree damaged two high-voltage power lines, and the destruction of a water-driven electrical generator at Russia's Sayano-Shushenskaya dam in 2009 that was caused by a computer operator remotely starting the generator while one of the dam's turbines was being serviced.
These events highlight the threat of attackers breaking into electricity grid networks or remotely starting or stopping systems to cause destruction and loss of life, said Alexander.
The US government is adopting an "active defence" strategy aimed at bolstering the readiness of computer networks to respond.
The UK government has come under fire from the Chatham House think-tank for failing to take a strong lead in protecting critical systems such as power and water from cyber attack.
There is no coherent picture of who is targeting what and which systems and services are potentially vulnerable to cyber attack, according to a Chatham House report
The UK government must play "an integral role in informing wider society" and raising levels of awareness, said the report, which is based on a series of interviews with senior figures in companies considered to be part of the critical national infrastructure, such as electricity, oil and gas.
The Chatham House report comes ahead of the government's expected announcement of a revised cyber security plan (Computer Weekly, 2011).
Title: Pentagon To Help Defend Cyber Networks
Date: September 26, 2011
Source: Fox News
Abstract: As hackers and hostile nations launch increasingly sophisticated cyberattacks against U.S. defense contractors, the Pentagon is extending a pilot program to help protect its prime suppliers.
That program could serve as a possible model for other government agencies. It is being evaluated by the Department of Homeland Security, as part of a potential effort to extend similar protections to power plants, the electric grid and other critical infrastructure.
Efforts to better harden the networks of defense contractors come as Pentagon analysts investigate a growing number of cases involving the mishandling or removal of classified data from military and corporate systems. Intrusions into defense networks are now close to 30 percent of the Pentagon's Cyber Crime Center's workload, according to senior defense officials. And they say it continues to increase.
The Pentagon's pilot program represents a key breakthrough in the Obama administration's push to make critical networks more secure by sharing intelligence with the private sector and helping companies better protect their systems. In many cases, particularly for defense contractors, the corporate systems carry data tied to sensitive U.S. government programs and weapons.
So far, the trial program involves at least 20 defense firms. It will be extended through mid-November, amid ongoing discussions about how to expand it to more companies and subcontractors.
"The results this far are very promising," said William Lynn, the deputy secretary of defense who launched the program in May. "I do think it offers the potential opportunity to add a layer of protection to the most critical sectors of our infrastructure."
Lynn, who has just left office, said the government should "move as expeditiously" as it can to expand the protections to other vital sectors.
A senior DHS official said no decisions have been made, but any effort to extend the program -- including to critical infrastructure -- faces a number of challenges.
The official, who spoke on condition of anonymity because the program review is ongoing, said it would be helpful if Congress would pass legislation that explicitly says DHS is responsible for helping private sector companies protect themselves against cyberattack. Also, the legislation should say that companies can be protected from certain privacy and other laws in order to share information with the government for cybersecurity purposes, the official said.
Senior U.S. leaders have been blunt about the escalating dangers of a cyberattack, and have struggled to improve the security of federal networks while also encouraging the public and corporate America to do the same.
"Cyber actually can bring us to our knees," said Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, adding that at some point the Pentagon may need to develop some type of governing structure similar to how the U.S. and allies monitor and limit nuclear weapons.
Data compiled by the Defense Cyber Crime Center shows that the number of investigations handled by analysts there has more than tripled over the past 10 years. And a growing number of them involve defense contractors -- including those participating in the pilot program.
Housed near Fort Meade, Maryland, the so-called DC3 employs about 100 digital examiners who sift through millions of bytes of data in the digital forensics lab. Stacks of hard drives line the shelves, and clear plastic evidence bags are filled with a vast expanse of computer technology -- from cell phones and tiny flash drives to IPads, Wii consoles and Nintendo games.
The analysts dissect intrusions, malware and other attacks that have breached or tried to burrow into the defense contractors' computer systems. And while those investigations are just a small fraction of the lab's work, the number has grown steadily over the past three years.
The caseload includes about 100 in the past year that involve the defense industrial base. Much of the center's work is for criminal cases for the military's investigative branches -- including the Army and Navy criminal investigative services and the Air Force Office of Special Investigations.
Cybersecurity expert James Lewis said there will be some tough hurdles in any effort to expand the pilot program to more military contractors or through DHS to other critical infrastructure companies. But he said it can be done.
The Pentagon has multi-million dollar contracts with companies, making it easier to build on those relationships and, if needed, link cyber threat cooperation to future contracts, said Lewis, who is with the Center for Strategic and International Studies.
DHS, however, doesn't have that type of contracting relationship with electric companies, power generation plants, financial firms or other critical corporations that run vital infrastructure. And the agency would probably need additional Congressional authorities to set up a program similar to the DOD pilot.
"If they move smartly, it could be done in two years. This is not an insolvable problem," said Lewis. "DHS needs more authorities to oversee the process. And they have to work through antitrust, information sharing and privacy issues."
The senior DHS official said that just keeping up with the ever-changing cyberthreats is a challenge, making it more difficult to determine the appropriate roles for the government, the companies and the internet service providers.
Both DHS and defense officials acknowledge that funding is another factor that must be worked out. As yet, they said, they don't know what the exact costs would be and how they would be allocated between the government and the private sector (Fox News, 2011).Title: Cyber Attacks Mounting Fast In U.S.
Date: September 30, 2011
Source: CBS News
Abstract: U.S. utilities and industries face a rising number of cyber break-ins by attackers using more sophisticated methods, a senior Homeland Security Department official said during the government's first media tour of secretive defense labs intended to protect the U.S. power grid, water systems and other vulnerable infrastructure.
Acting DHS Deputy Undersecretary Greg Schaffer told reporters Thursday that the world's utilities and industries increasingly are becoming vulnerable as they wire their industrial machinery to the Internet.
"We are connecting equipment that has never been connected before to these global networks," Schaffer said. Disgruntled employees, hackers and perhaps foreign governments "are knocking on the doors of these systems, and there have been intrusions."
According to the DHS, Control System Security Program cyber experts based at the Idaho National Laboratory responded to 116 requests for assistance in 2010, and 342 so far this year.
Department officials declined to give details about emergency response team deployments, citing confidentiality agreements with the companies involved. Under current law, the reporting of cyber attacks by private organizations is strictly voluntary.
The Obama administration has proposed making reporting mandatory, but the White House could find the idea difficult to sell at a time when Republicans complain about increased regulation of business.
Officials said they knew of only one recent criminal conviction for corrupting industrial control systems, that of a former security guard at a Dallas hospital whose hacking of hospital computers wound up shutting down the air conditioning system. The former guard was sentenced to 110 months in prison in March.
The Homeland Security Department's control system program includes the emergency response team, a Cyber Analysis Center where systems are tested for vulnerabilities, a malware laboratory for analyzing cyber threats and a classified "watch and warning center" where data about threats are assessed and shared with other cyber security and intelligence offices.
The offices are located at nondescript office buildings scattered around Idaho Falls. No signs announce their presence.
Marty Edwards, chief of the control system security effort, said the malware lab analyzed the Stuxnet virus that attacked the Iranian uranium enrichment facility in Natanz last year. He did not describe the group's findings in detail, except to say that they confirmed that it was "very sophisticated."
Edwards said that several years ago he had asked the German company Siemens to study the same kind of industrial controllers used at Natanz for vulnerabilities to attack, because they were so widely used in industry.
But he said the study was not part of any effort to target the controllers with malware, and said his program's work on the controllers could not have helped Stuxnet's designers.
A senior Homeland Security cyber official, who spoke on condition of anonymity because of the sensitivity of the topic, said the Stuxnet worm exploited well-known design flaws common to many system controllers, vulnerabilities that in general can't be patched.
Many independent experts and former government officials suspect that Stuxnet was created by the United States, perhaps with the help of Israel, Britain and Germany.
The U.S. and other nations believe Iran is building a nuclear weapons program, but Tehran insists it is interested only in the peaceful uses of nuclear technology.
While U.S. officials talk frequently about the threat of cyber attacks to America, they seldom discuss the country's offensive cyber weapons capability. The U.S. is thought to be the world's leader in cyber warfare, both defensive and offensive.
U.S. officials and others long have feared that future wars will include cyber assaults on the industries and economies of adversaries, and the potential targets include power plants, pipelines and air traffic control systems.
Foreign nations could also target military control systems, including those used for communications, radar and advanced weaponry.
Because of its advanced industrial base and large number of computer controlled machines connected to the Internet, the U.S. is thought to be highly vulnerable to a cyber attack on its infrastructure.
In a 2007 test at the Idaho National Laboratory, government hackers were able to break into the control system running a large diesel generator, causing it to self-destruct.
A video of the test, called Aurora, still posted on YouTube, shows parts flying off the generator as it shakes, shudders and finally halts in a cloud of smoke.
James Lewis, a former State Department official now with the Center for Strategic and International Studies in Washington, said in an interview that the Aurora test ushered in a new era of electronic warfare.
Before the test, he said, the notion of cyber warfare "was mainly smoke and mirrors. But the Aurora tests showed that, you know what? We have a new kind of weapon."
Homeland Security officials said they have not conducted such a test on that scale since. But they demonstrated Thursday how a hacker could tunnel under firewalls in computer systems to take command of industrial processes.
"All systems deployed have vulnerabilities," Edwards said (CBS News, 2011).
Title: GOP Candidates Exaggerate Threat Of Cyber Terrorism
Date: November 2011
Source: Policy Mic
Abstract: Rick Perry, Herman Cain, and Newt Gingrich rounded up Tuesday’s GOP debate on CNN by mentioning cyberattacks as one of the foremost national security threats to the U.S. today. Although cyber war is an emerging security problem for the U.S., it is not one of the top three security threats, as Gingrich stated.
The threat of cyberattacks is overblown, and the U.S. has other more problematic (and less “sexy”) issues to deal with.
Gingrich noted how unprepared the U.S. was to deal with the crime, while Perry specifically highlighted China’s People’s Liberation Army (PLA) involvement as a major issue. Cain drew on his background as a former ballistic analyst and computer scientist, noting that cyberattacks were “a national security area we do need to be concerned about.”
These concerns are overblown, because the U.S. faces deeper existential threats to its national security like the ever-looming economic crisis, energy security, or even traditional weapons of mass destruction, just to name a few.
Cyber war, cyber terrorism, and cyberattacks have so far been almost synonymous. But what the candidates should be concerned about is cyberterrorism, or attacks on critical components of national infrastructure. The discovery of the “Stuxnet” virus in a Iranian nuclear facility in Nantanz was alarming because of the potential damage it could have unleashed. Stuxnet also infected over 60,000 computers, going as far as Malaysia, Australia, and Germany. The difficulty of tracing the source of the attack and apportioning blame also makes the attacks impossible to police.
However, fears of cyberattacks have been exaggerated. There have so far been no documented cases of cyberterrorism on U.S. public facilities, transport systems, nuclear power plants, power grids, or other key components of national infrastructure. The reported cyberattacks are aimed at stealing company secrets and intellectual property. Though they were reportedly launched from China and Russia, the motivation is primarily to acquire business and technology information. These reports, moreover, remain accusations, and other U.S. companies have also been accused of cyber espionage in the attacks. Perry’s accusations against China will remain groundless unless culpability can be proven. The candidates’ fear of cyberattacks by hostile states is difficult to prove, and it is equally likely that what is happening is an online manifestation of old-fashioned corporate espionage than a new face of war.
The Stuxnet virus itself was also quickly disarmed, and neither al Qaeda nor other terrorist organizations have tried to launch a serious cyberattack. Until now, the Internet has mainly served as a medium for communication for them, not of war. And employees of critical infrastructure are well-versed in dealing with failures of their systems, having had to deal with problems caused by natural disasters. They have back-up plans in place, and the subsequent impact of cyberattacks is limited.
The US Institute for Peace noted that the media have discovered that cyberterrorism makes for “eye-catching, dramatic copy” and that “an entire industry has emerged to grapple with the threat of cyberterrorism” such that combating it has become not only a highly politicized but economically rewarding growth industry. The report also notes that: “The mass media frequently fail to distinguish between hacking and cyberterroism and exaggerate the threat of the latter by reasoning from false analogies."
The threat of cyberattacks is real, but it is not as pressing as the candidates would like you to think. The issue makes for great headlines, but the nation faces greater threats to its security than cyberattacks, and it is important to prioritize the threats and assess the threat for the actual damage it has caused so far, rather than the hype surrounding it (Policy Mic, 2011).
Title: French Nuclear Power Company Hit By Cyber Attack
Date: November 2, 2011
Source: eSecurity Planet
Abstract: French energy conglomerate Areva may have been hit by an attack first detected in September.
"Local reports are consistent only in terms of talking about cyber-espionage, perhaps involving malware rather than some kind of terrifying Stuxnet-style nuclear kit sabotage caper," writes The Register's John Leyden.
"Staff reportedly learned that all might not to be well with Areva systems in mid-September, following a weekend security upgrade that left some systems out of action for three days," Leyden writes. "The National Security Agency Information Systems (ANSSI) reportedly assisted the security upgrade."Go to "French nuke biz slapped in mystery cyberattack" to read the details (eSecurity, 2011).
Title: DHS Warns Anonymous May Target Critical Infrastructure
Date: November 4, 2011
Source: Homeland Security News Wire
Abstract: DHS is warning critical infrastructure operators that the international hacking group known as Anonymous has threatened to attack industrial control systems, the software that governs automated processes for nearly every major utility or production facility including factories, power stations, chemical plants, and pharmacies.
The security bulletin from the National Cybersecurity and Communications Integration Center was careful to note that “while Anonymous recently expressed intent to target [industrial control software], they have not demonstrated a capability to inflict damage to these systems.”
Following the Stuxnet virus at Iran’s Bushehr nuclear facility, which resulted in physical damage, cyberattacks against ICS systems have emerged as one of the greatest threats to critical infrastructure.
By taking control of the Supervisory Control and Data Acquisition (SCADA) system, the Stuxnet virus forced several nuclear centrifuges to spin out of control while it simultaneously knocked out the system’s automatic shutdown safety procedure. Analysts now fear that hackers can similarly cause power generators to explode, release dangerous chemicals, or pollute water supplies by attacking SCADA systems at various facilities.
The restricted security bulletin obtained by the website Public Intelligence, noted that hackers from Anonymous have published key programming code and other materials that instruct users on how to gain some access to ICS systems.
Furthermore Anonymous “could be able to develop capabilities to gain access and trespass on [ICS] networks very quickly,” the report cautioned.
In particular, oil and gas companies may be at greatest risk due to Anonymous’ “green energy” agenda in which it has supported the campaign against the Keystone XL oil pipeline and the Alberta Tar Sand project in Canada.
“This targeting could likely extend beyond Anonymous to the broader [hacker activist] community, resulting in larger-scope actions against energy companies,” the bulletin warned.DHS concluded by urging “owners and operators of critical infrastructure control systems … to engage in addressing the security needs of their [ICS] assets” (Homeland Security News Wire, 2011).
Title: Norway Hit By Major Cyber Attack On Oil, Defence Industries
Date: November 18, 2011
Source: International Business Times
Abstract: Data from Norway's oil, gas and defence systems have been stolen in what is feared to be one of the most extensive data espionage in the country's history.
Industry secrets and information about contract negotiations were stolen and "sent out digitally across the country," according to a statement released by Norway's National Security Agency (NSM).
At least 10 different firms, perhaps more, had been targeted in the biggest wave of cyber-attacks seen by the country.
None of the industries, mostly the oil, gas, energy and defence, have been named and it is feared that the number of attacked firms is higher as some may not realise they have been hacked.
Cybercrime: Prevention, Protection, Punishment Against Cyber Attacks (Conference)
"The attacks vary slightly from each other and are tailor-made so they are not discovered by anti-virus solutions. Companies that are targeted are therefore not aware of the attacks until after they have taken place," the NSA said in a statement.
"This means it is probable that industrial secrets from various companies have been stolen and sent digitally out of the country."
It is thought that the attacks may have been carried out by more than one person over the past year.
The methods used were varied, but it is thought that in some individual cases emails armed with viruses which did not trigger anti-malware detection systems were used to steal passwords, documents and other confidential material from hard-drives.
"This is the first time Norway has revealed extensive and wide computer espionage attacks," said NSM spokesperson Kjetil Berg Veire in a statement.
The attacks have occurred more often" when companies were negotiating large contracts," he said.
The NSM said that this type of internet espionage was an extremely cost-effective type of data-theft as that "espionage over the internet is cheap, provides good results and is low-risk."
Norway's oil and gas industry is ranked the third largest in the world, with 2.8 million barrels being produced each day (International Business Times, 2011).
Title: US Wouldn't Stand Up To Cyber Attacks
Date: November 9, 2011
Source: Tech Eye
Abstract: America is so vulnerable to cyber attacks that it might deter US leaders from going to war with other nations, a former top US cybersecurity official has warned.
Richard Clarke, a top adviser to three presidents, has given a dire assessment of America's cybersecurity and said that the country simply can't protect its critical networks.
According to Physorg, if anyone in the axis of evil decided to attack the US, its critical systems would roll over in a matter of minutes.
China, North Korea, Iran and Russia could retaliate against the US's military might by launching devastating cyberattacks that could destroy power grids, banking networks or transportation systems, he said.
Some of the problem, he claims, is that the US military has spent a fortune on kit which could be disabled before they get to a battlefield.
While the US might be able to blow up a nuclear plant or a terrorist training centre somewhere, a number of countries could strike back with a cyberattack and "the entire US economic system could be crashed in retaliation".
Clarke said that if the US goes to war with a cybersecurity-conscious, cybersecurity-capable enemy then it is unlikely that any of its stuff is going to work.
He said that the US also needs to make it clear to countries such as China that efforts to use computer-based attacks to steal high-tech American data will be punished.
Although if it lobs a missile its way, the Chinese could close the land of the free by refusing to make any of its technology (Tech Eye, 2011).
Title: Cyber Attacks Bombard Energy Sector, Threatening World Oil Supply
Date: December 8, 2011
Source: Huffington Post
Abstract: Hackers are bombarding the world's computer controlled energy sector, conducting industrial espionage and threatening potential global havoc through oil supply disruption.
Oil company executives warned that attacks were becoming more frequent and more carefully planned.
"If anybody gets into the area where you can control opening and closing of valves, or release valves, you can imagine what happens," said Ludolf Luehmann, an IT manager at Shell Europe's biggest company .
"It will cost lives and it will cost production, it will cost money, cause fires and cause loss of containment, environmental damage - huge, huge damage," he told the World Petroleum Congress in Doha.
Computers control nearly all the world's energy production and distribution in systems that are increasingly vulnerable to cyber attacks that could put cutting-edge fuel production technology in rival company hands.
"We see an increasing number of attacks on our IT systems and information and there are various motivations behind it - criminal and commercial," said Luehmann. "We see an increasing number of attacks with clear commercial interests, focusing on research and development, to gain the competitive advantage."
He said the Stuxnet computer worm discovered in 2010, the first found that was specifically designed to subvert industrial systems, changed the world of international oil companies because it was the first visible attack to have a significant impact on process control.
But the determination and stamina shown by hackers when they attack industrial systems and companies has now stepped up a gear, and there has been a surge in multi-pronged attacks to break into specific operation systems within producers, he said.
"Cyber crime is a huge issue. It's not restricted to one company or another it's really broad and it is ongoing," said Dennis Painchaud, director of International Government Relations at Canada's Nexen Inc. "It is a very significant risk to our business."
"It's something that we have to stay on top of every day. It is a risk that is only going to grow and is probably one of the preeminent risks that we face today and will continue to face for some time."
Luehmann said hackers were increasingly staging attack over long periods, silently collecting information over weeks or months before attacking specific targets within company operations with the information they have collected over a long period.
"It's a new dimension of attacks that we see in Shell," he said.
Not In Control
In October, security software maker Symantec Corp said it had found a mysterious virus that contained code similar to Stuxnet, called Duqu, which experts say appears designed to gather data to make it easier to launch future cyber attacks.
Other businesses can shut down their information technology (IT) systems to regularly install rapidly breached software security patches and update vulnerable operating systems.
But energy companies cannot keep taking down plants to patch up security holes.
"Oil needs to keep on flowing," said Riemer Brouwer, head of IT security at Abu Dhabi Company for Onshore Oil Operations (ADCO).
"We have a very strategic position in the global oil and gas market," he added. "If they could bring down one of the big players in the oil and gas market you can imagine what this will do for the oil price - it would blow the market."
Hackers could finance their operations by using options markets to bet on the price movements caused by disruptions, Brouwer said.
"So far we haven't had any major incidents," he said. "But are we really in control? The answer has to be 'no'."
Oil prices usually rise whenever tensions escalate over Iran's disputed nuclear program - itself thought to be the principal target of the Stuxnet worm and which has already identified Duqu infections - due to concern that oil production or exports from the Middle East could be affected by any conflict.
But the threat of a coordinated attack on energy installations across the world is also real, experts say, and unlike a blockade of the Gulf can be launched from anywhere, with no U.S. military might in sight and little chance of finding the perpetrator.
"We know that the Straits of Hormuz are of strategic importance to the world," said Stephan Klein of business application software developer SAP.
"What about the approximately 80 million barrels that are processed through IT systems?," said Klein, SAP vice president of oil and gas operations in the Middle East and North Africa.
Attacks like Stuxnet are so complex that very few organizations in the world are able to set them up, said Gordon Muehl, chief security officer at Germany's SAP said, but it was still too simple to attack industries over the internet.
Only a few years ago hacking was confined to skilled computer programmers, but thanks to online video tutorials, breaking into corporate operating systems is now a free for all.
"Everyone can hack today," Shell's Luehmann said. "The number of potential hackers is not a few very skilled people -- it's everyone" (Huffington Post, 2011).
Title: U.S. Authorities Probing Alleged Cyberattack Plot By Venezuela, Iran
Date: December 13, 2011
Source: Washington Times
Abstract: U.S. officials are investigating reports that Iranian and Venezuelan diplomats in Mexico were involved in planned cyberattacks against U.S. targets, including nuclear power plants.
Allegations about the cyberplot were aired last week in a documentary on the Spanish-language TV network Univision, which included secretly recorded footage of Iranian and Venezuelan diplomats being briefed on the planned attacks and promising to pass information to their governments.
A former computer instructor at the National Autonomous University of Mexico told Univision that he was recruited by a professor there in 2006 to organize a group of student hackers to carry out cyberattacks against the United States, initially at the behest of the Cuban Embassy.
In an undercover sting, instructor Juan Carlos Munoz Ledo and several selected students infiltrated the hackers and secretly videotaped the Iranian and Venezuelan diplomats.
Reports about Iran’s involvement in the suspected plot come amid the Islamic republic’s refusal to return a sophisticated, unmanned U.S. spy plane that crashed inside its borders this month. Iranian officials have laid claim to the drone, vowing to research it for its technology.
Calling the reports “disturbing,” State Department spokesman William Ostick said federal authorities are examining the cyberplot allegations but added that U.S. officials “don’t have any information at this point to corroborate them.”
Sen. Robert Menendez, New Jersey Democrat and chairman of the Senate Foreign Relations subcommittee on the Western Hemisphere, called for hearings in the new year about Iranian activities in Latin America.
Some House lawmakers called for the expulsion of a Venezuelan diplomat in the U.S. who is implicated in the suspected plot.
The Univision documentary fanned fears among lawmakers that Iran’s recent diplomatic outreach in the region, particularly to Venezuela’s anti-American leftist President Hugo Chavez, might be a front for nefarious activities.
Earlier this year, U.S. prosecutors charged an Iranian official based in Tehran with trying to recruit a Mexican drug cartel to kill the Saudi ambassador to the United States by bombing a Washington restaurant.
“If Iran is using regional actors to facilitate and direct activities against the United States, this would represent a substantial increase in the level of the Iranian threat and would necessitate an immediate response,” Mr. Menendez said.
An aide to Mr. Menendez told The Times that the Univision report, which also said that Iranian extremists were recruiting young Latin American Muslims, is “one of a variety of concerns we have about Iran’s efforts to engage with countries and other actors in the region.”
Next year’s hearing will examine Iran’s “political and commercial outreach, as well as more nefarious activities,” the aide said.
“We constantly monitor for possible connections between terrorists and transnational criminals.”
A congressional staffer said members of the Senate subcommittee and their staffs had requested a classified intelligence briefing before the hearing.
In the secretly recorded meetings with the Venezuelan and Iranian diplomats, the hackers discussed possible targets, including the FBI, the CIA and the Pentagon, and nuclear facilities, both military and civilian.
The hackers said they were seeking passwords to protected systems and sought support and funding from the diplomats.
At one point in the documentary, according to a translation provided by Univision, Iran’s ambassador to Mexico at the time, Mohammed Hassan Ghadiri, is seen telling the students that it was “very important to know about what [the United States has] in mind, attack Iran or not.”
“I wrote to Iran that a person can do this. They said do not allow him in [the building] anymore because this not an embassy’s job,” he said.
The ambassador denied any involvement in a plot, telling Univision that the students’ sting was a provocation by “CIA agents.”
“They proposed this, and we told them that this is not our job. We rejected it,” he said. “We don’t have any interest in doing those types of things.”
“A good ambassador with good intentions would have thrown [the hackers] out and contacted the Mexican authorities,” said the documentary’s director, Gerardo Reyes. “Instead, he listened to them, he asked questions, he made suggestions.”
One of the other diplomats implicated by the documentary - Livia Antonieta Acosta Noguera, then the second secretary at the Venezuelan Embassy in Mexico - is currently the Venezuelan consul in Miami.
Students secretly taped her asking for more information about the planned cyberattacks and promising to pass it along to Mr. Chavez via his head of security, Gen. Alexis Lopez.
Rep. Ileana Ros-Lehtinen, Florida Republican and chairwoman of the House Foreign Affairs Committee, wrote to Secretary of State Hillary Rodham Clinton to urge her to investigate and expel Ms. Antonieta if the reports are true.
The consul represents “a potential threat to our national security,” Mrs. Ros-Lehtinen said in the letter, which was co-signed by Reps. Mario Diaz-Balart and David Rivera, both Florida Republicans; and Albio Sires, New Jersey Democrat.
Officials at the Venezuelan Embassy in Washington and the consulate in Miami were unavailable for comment Tuesday.
“They are using a lie as an excuse to attack us,” he said of the U.S. during a TV and radio address. “We must be on our guard.”
Meanwhile, Iranian Defense Minister Gen. Ahmad Vahidi shrugged off President Obama’s request for the return of the unmanned spy plane and demanded an apology from the United States, the Associated Press reported.
Tehran last week identified the drone as the RQ-170 Sentinel and said it was captured over the country’s east. U.S. officials say the aircraft malfunctioned and was not brought down by Iran, the AP reported (Washington Times, 2011).
Title: FBI Says Hackers Hit Key Services In Three US Cities
Date: December 13, 2011
Abstract: The infrastructure systems of three US cities have been attacked, according to the Federal Bureau of Investigation.
At a recent cybersecurity conference, Michael Welch, deputy assistant director of the FBI's cyber division, said hackers had accessed crucial water and power services.
The hackers could theoretically have dumped sewage into a lake or shut off the power to a shopping mall, he said.
Industrial control systems are becoming an increasing target for hackers.
"We just had a circumstance where we had three cities, one of them a major city within the US, where you had several hackers that had made their way into Scada systems within the city," Mr Welch told delegates at the Flemings Cyber Security conference.
"Essentially it was an ego trip for the hacker because he had control of that city's system and he could dump raw sewage into the lake, he could shut down the power plant at the mall - a wide array of things," he added.
Such systems - commonly known as Supervisory Control and Data Acquisition (Scada) - are increasingly being targeted by hackers, following reports that they rely on weak security.
It follows two alleged break-ins to city water supplies. The first, to a water supply in Springfield, Illinois, was later played down by the FBI which said it could find no evidence of cyber-intrusion.
Initially it had thought a hardware fault was caused by Russian hackers but it later emerged that this was not the case.
In another attack a hacker named pr0f claimed to have broken into a control system that kept water supplied to a town in Texas.
The hacker said the system had only been protected by a three-character password which "required almost no skill" to get around.
Mr Welch did not confirm whether this breach was one of the three he was talking about.
Security experts predict there will be a rise in such attacks.
"Such systems have become a target partly because of all the chatter about the lack of security. Hackers are doing it out of curiosity to see how poorly they are protected," said Graham Cluley, senior security consultant at Sophos.
He said that many relied on default passwords, and information about some of these passwords was "available for download online".
Furthermore the firms that run Scada systems, such as Siemens, often advise against changing passwords because they claim the threat from malware is not a great as the problem that will be caused if passwords are changed.
"Not changing passwords is obviously slightly crazy. Proper security needs to be in place otherwise it is laughable," said Mr Cluley.
Industrial-scale hacking hit the headlines in 2010 with news of a worm aimed at Iran's nuclear facilities. Stuxnet was widely rumoured to have been developed by either the US or Israeli authorities and, according to experts, was configured to damage motors used in uranium-enrichment centrifuges by sending them spinning out of control.
Iran later admitted that some of its centrifuges had been sabotaged although it downplayed the significance of Stuxnet in that.
This year a Stuxnet copycat, Duqu, was discovered by security experts.
Initial analysis of the worm found that parts of Duqu are nearly identical to Stuxnet and suggested that it was written by either the same authors or those with access to the Stuxnet source code.
Unlike Stuxnet it was not designed to attack industrial systems but rather to gather intelligence for a future attack.
Mr Welch also revealed at the conference that, to date, the FBI's cyberteam had worked a 9 to 5 day. He said that a 12% increase in its budget would mean the team could now expand and begin monitoring cyberthreats around the clock (BBC, 2011).
Title: NDAA Gives Pentagon Green Light To Wage Internet War
Date: December 15, 2011
Abstract: In addition to kidnapping Americans and tossing them into Camp Gitmo without recourse or trial, the draconian NDAA bill passed in the House yesterday contains language that will allow the Pentagon to wage cyberwar on domestic enemies of the state.
The following language is in the final “reconciled” bill that will now travel to the Senate and ultimately Obama’s desk where it will be signed into law despite earlier assertions that he would veto the legislation:
Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, Allies and interests, subject to–
(1) the policy principles and legal regimes that the Department follows for kinetic capabilities, including the law of armed conflict; and
(2) the War Powers Resolution (50 U.S.C. 1541 et seq.).
In July, the Pentagon released its cybersecurity plan. It declared the internet a domain of war but did not specify how the military would use it for offensive strikes. The report claimed that hostile parties “are working to exploit DOD unclassified and classified networks, and some foreign intelligence organizations have already acquired the capacity to disrupt elements of DOD’s information infrastructure.” In addition, according to the Pentagon, “non-state actors increasingly threaten to penetrate and disrupt DOD networks and systems.”
“If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” an official said prior to the release of the official document. “The US is vulnerable to sabotage in defense, power, telecommunications, banking. An attack on any one of those essential infrastructures could be as damaging as any kinetic attack on US soil,” Sami Saydjari, a former Pentagon cyber expert who now runs a consultancy called Cyber Defense Agency, told The Guardian in May.
The Pentagon and its contractors are overstating the case, writes Ryan Singel of Wired. “Despite mainstream news accounts, there’s been no documented hacking attacks on U.S. infrastructure designed to cripple it. A recent report from a post-9/11 intelligence fusion center that a water pump in Illinois had been destroyed by Russian hackers turned out to be baseless — and was simply a contractor logging in from his vacation at the behest of the water company,” Singel notes.
Singel also notes that the Pentagon is characterizing spying as an offensive act. Spying “isn’t an act of war — just ask the NSA and CIA, who spend billions of dollars a year spying on other countries by intercepting communications and persuading foreign citizens to give the U.S. valuable intelligence. It’s certainly an aggressive state action, and a diplomatic issue. But if spying was an act of war, every CIA agent hiding under diplomatic cover would count as cause for a country to attack the U.S.,” he writes.
The Pentagon has considered the internet enemy territory since it produced its Information Operations Roadmap in 2003. The document was released to the public after a Freedom of Information Request by the National Security Archive at George Washington University in 2006. The document declares the Pentagon will “fight the net” as it would a weapons system.
The document does not describes how the Pentagon will destroy the internet, but gradually degrade it.
“The internet is useful not only as a business tool but also is excellent for monitoring and tracking users, acclimatizing people to a virtual world, and developing detailed psychological profiles of every user, among many other Pentagon positives,” writes Brent Jessop. “But, one problem with the current internet is the potential for the dissemination of ideas and information not consistent with US government themes and messages, commonly known as free speech.”
The Pentagon war on manufactured and exaggerated cyber threats was expanded to include the private sector in 2010. “In a break with previous policy, the military now is prepared to provide cyber expertise to other government agencies and to certain private companies to counter attacks on their computer networks, the Pentagon’s cyber policy chief, Robert Butler, said Oct. 20,” Defense News reported. “An agreement signed this month with the Department of Homeland Security and an earlier initiative to protect companies in the defense industrial base make it likely that the military will be a key part of any response to a cyber attack.”
Under the new rules, the New York Times noted at the time, “the president would approve the use of the military’s expertise in computer-network warfare, and the Department of Homeland Security would direct the work.”
A caveat, however, was added to calm fears about further trashing of the Constitution. “Officials involved in drafting the rules said the goal was to ensure a rapid response to a cyberthreat while balancing concerns that civil liberties might be at risk should the military take over such domestic operations.”
After the NDAA is signed into law by Obama, he will have the authority to wage war against “domestic terrorists,” defined by the Department of Homeland Security as “rightwing extremists” and other anti-government types. As noted above, it will be the DHS that will “direct the work” against enemies of the state. It will work with the Pentagon to militarily neutralize the threat posed by activists and the alternative media.
In November, the DHS practiced its work by coordinating a nationwide police crackdown on the OWS movement. In the not too distant future, it may be using the Pentagon – now that Posse Comitatus is a dead letter – in its ongoing efforts to wage war on political opposition to the establishment (Infowars, 2011).
Title: Cyber Attacks Now Fourth Biggest Threat To Global Stability, Says World Economic Forum
Date: January 12, 2012
Source: Daily Mail
Abstract: A report from the World Economic Forum (WEF) shows cyber attacks on governments and businesses are considered to be one of the top five risks in the world.
The report, Global Risks for 2012, examined 50 global risks in the areas of the economy and the environment and in geopolitics, society and technology, and was based on interviews with more than 460 experts from industry, government and specialist areas.
The international organisation concluded from its research that fourth on the list of Top 5 Global Risks in terms of likelihood is cyber attacks.
'Severe income disparity' was at number one, second-placed was 'chronic fiscal imbalances' and concern about rising greenhouse gas emissions was third-placed. Fifth on the list was 'water supply crises'.
Experts said they were most afraid of cyber attacks that might spark malfunctions in power plants, water supplies and other critical systems, but added that the likelihood of this was still relatively low.
Steve Wilson, chief risk officer for general insurance at Zurich, who contributed to the report, said the biggest concern for the WEF was the complexity of internet security.
The report, which aims to look at the next 10 years in terms of risk, points out that due to the speed of technological developments, it is difficult to keep up with security.
The WEF dossier says: 'A healthy digital space is needed to ensure stability in the world economy and balance of power' and calls for investment into the exploration of digital vulnerabilities.
The UK government has already made a start in this area with its Cyber Security Strategy published at the end of 2011.
The strategy announced on 25 November 2011, outlined how the government intends to spend £650m earmarked for cyber security and introduced a Cyber Crime Unit, which the government wants to be set up by 2013.
The document sets out plans for greater information sharing between government and private sector on threats and the creation of 'an easy-to-use single point for reporting cyber fraud' to encourage victims to report crime more readily.
Although technological concerns is in the Top 5 most likely risks this year for the first time since 2007, experts are still most worried about the ongoing financial crises around the world.
With severe income disparity topping of the list, the report says: 'There is a sense of receding hope for future prospects...discontent is exacerbated by the starkness of income disparities: the poorest half of the global population owns barely 1 per cent of the global wealth, while the world’s top 1 per cent owns close to half of the world’s assets.'
Gallup data from 2011 reveals that, globally, people believe living standards are falling and express diminishing confidence in the ability of their government to reverse the trend (Daily Mail, 2012).
Title: Watchdog Finds Cybersecurity 'Shortcomings' With Stimulus-Backed Power
Date: February 4, 2012
Source: Fox News
Abstract: A multibillion-dollar stimulus push to modernize the nation's power grid is raising cybersecurity concerns, as the Department of Energy's official watchdog reports that dozens of grant recipients came to the table with inadequate security plans.
The finding comes amid new warnings about cybersecurity threats, and a rash of international cyber attacks.
The power grid program in question is in the Energy Department, and received a $3.5 billion infusion in the 2009 stimulus package. That money was awarded to 99 recipients, with individual grants ranging up to $200 million.
In a January report, the inspector general for the Energy Department found "shortcomings" in those recipients' cybersecurity plans.
Though the projects are still being developed, the report noted that "existing gaps ... could allow system compromise before controls are implemented."
In one instance, the report said an unnamed recipient had never conducted a "formal risk assessment" -- without which, "threats and weaknesses may go unidentified and expose the recipient's systems to an unacceptable level of risk."
The IG report said 36 of the 99 cybersecurity plans were "lacking" in at least one area. Though the Energy Department told the recipients to update their plans, the report found "the initial weaknesses had not always been addressed."
The report did not detail where exactly each company ran afoul of the guidelines, but said the cybersecurity plans are supposed to show how the recipients would prevent, detect and respond to security problems. The inspector general's office found three of the five cybersecurity plans it reviewed were "incomplete" and did not always explain how their security controls would be carried out.
The office blamed that and other concerns in part on the rush to implement the program.
"The issues we found were due, in part, to the accelerated planning, development, and deployment approach adopted by the Department for the SGIG program," the report said. "We also found that the Department was so focused on quickly disbursing Recovery Act funds that it had not ensured personnel received adequate grants management training."
The Energy Department has vowed to address the problem, in part by having experts review the cyber plans and recommend changes after making annual site visits.
In a November letter to the inspector general's office, Energy Assistant Secretary Patricia Hoffman said the grid office wants to "ensure that recipients do not place the power system at risk."
She said the office would make sure cybersecurity plans "are
complete and are being implemented properly," and said grant recipients
will be required to update their plans no later than April 30 (Fox News, 2012).
Title: Bigger US Role Against Companies' Cyberthreats?
Date: February 6, 2012
Source: Fox News
Abstract: A developing Senate plan that would bolster the government's ability to regulate the computer security of companies that run critical industries is drawing strong opposition from businesses that say it goes too far and security experts who believe it should have even more teeth.
Legislation set to come out in the days ahead is intended to ensure that computer systems running power plants and other essential parts of the country's infrastructure are protected from hackers, terrorists or other criminals. The Department of Homeland Security, with input from businesses, would select which companies to regulate; the agency would have the power to require better computer security, according to officials who described the bill. They spoke on condition of anonymity because lawmakers have not finalized all the details.
Those are the most contentious parts of legislation designed to boost cybersecurity against the constant attacks that target U.S. government, corporate and personal computer networks and accounts. Authorities are increasingly worried that cybercriminals are trying to take over systems that control the inner workings of water, electrical, nuclear or other power plants.
That was the case with the Stuxnet computer worm, which targeted Iran's nuclear program in 2010, infecting laptops at the Bushehr nuclear power plant.
As much as 85 percent of America's critical infrastructure is owned and operated by private companies.
The emerging proposal isn't sitting well with those who believe it gives Homeland Security too much power and those who think it's too watered down to achieve real security improvements.
One issue under debate is how the bill narrowly limits the industries that would be subject to regulation.
Summaries of the bill refer to companies with systems "whose disruption could result in the interruption of life-sustaining services, catastrophic economic damage or severe degradation of national security capabilities."
Critics suggest that such limits may make it too difficult for the government to regulate those who need it.
There are sharp disagreements over whether Homeland Security is the right department to enforce the rules and whether it can handle the new responsibilities. U.S. officials familiar with the debate said the department would move gradually, taking on higher priority industries first.
"The debate taking place in Congress is not whether the government should protect the American people from catastrophic harms caused by cyberattacks on critical infrastructure, but which entity can do that most effectively," said Jacob Olcott, a senior cybersecurity expert at Good Harbor Consulting.
Under the legislation, Homeland Security would not regulate industries that are under the authority of an agency, such as the Nuclear Regulatory Commission, with jurisdiction already over cyber issues.
"Where the market has worked, and systems are appropriately secure, we don't interfere," said Sen. Joe Lieberman, I-Conn., chairman of the Senate Homeland Security and Governmental Affairs Committee. "But where the market has failed, and critical systems are insecure, the government has a responsibility to step in."
The bill, written largely by the Senate Commerce, Science and Transportation Committee and the Senate homeland panel, is also notable for what it does not include: a provision that would give the president authority to shut down Internet traffic to compromised Web sites during a national emergency. This `"kill switch" idea was discussed in early drafts, but drew outrage from corporate leaders, privacy advocates and Internet purists who believe cyberspace should remain an untouched digital universe.
While the Senate is pulling together one major piece of cybersecurity legislation, the House has several bills that deal with various aspects of the issue.
A bill from a House Homeland Security subcommittee doesn't go as far as the Senate's in setting the government's role. Still, it would require DHS to develop cybersecurity standards and work with industry to meet them.
"We know voluntary guidelines simply have not worked," said Rep. Jim Langevin, D-R.I. "For the industries upon which we most rely, government has a role to work with the private sector on setting security guidelines and ensuring they are followed."
Stewart Baker, a former assistant secretary at Homeland Security, said the government must get involved to force companies to take cybersecurity more seriously.
Concerns about federal involvement, he said, belie the fact that computer breaches over the past several years make it clear that hackers and other governments, such as China and Russia, are already inside many industry networks.
"They already have governments in their business, just not the U.S.," said Baker. "For them to say they don't want this suggests they don't really understand how bad this problem is."
Industry groups have lobbied against the Senate bill's regulatory powers and say new mandates will drive up costs without increasing security.
They say businesses are trying to secure their networks and need legal protections built into the law so they can share information with authorities without risking antitrust or privacy violations.
In a letter to lawmakers this past week, the U.S. Chamber of Commerce said any additional regulations would be counterproductive and force businesses to shift their focus from security to compliance.
Liesyl Franz, a vice president at TechAmerica, which represents about 1,200 companies, said businesses would prefer to work with the government to enhance security rather than face more regulations. She said companies coping with the potential security risks, market consequences, and damage to corporate reputations, are defending against cyberthreats.
Senior national security officials were on Capitol Hill last week to talk to senators about the growing cybersecurity threat. After the meeting, Sen. Susan Collins, R-Maine, said she's always had a sense of urgency about it, adding, "I hope the briefing gives that same sense of urgency to members to put aside turf battles."
She said senators are reviewing concerns raised by the Chamber about the bill (Fox News, 2012).
Title: Alert On Hacker Power Play
Date: February 21, 2012
Abstract: The director of the National Security Agency has warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.
Gen. Keith Alexander, the director, provided his assessment in meetings
at the White House and in other private sessions, according to people familiar
with the gatherings. While he hasn't publicly expressed his concerns about the
potential for Anonymous to disrupt power supplies, he has warned publicly about
an emerging ability by cyberattackers to disable or even damage computer
Gen. Alexander's warning signals a growing federal concern over the capabilities of Anonymous, a loose affiliation of so-called hacktivist computer programmers who have launched a raft of high-profile cyberassaults against U.S. government and corporate targets such as Visa Inc., MasterCard Inc. and eBayInc.'s PayPal service.
Title: Internet Outage At Pentagon
Date: March 1, 2012
Source: Fox News
Abstract: Fox News has learned that on Thursday at around 10:00 a.m. the military's Defense Information Systems Agency (DISA) shut down access to the internet and blackberry service while they work to fix an unspecified problem. This means no one in the Pentagon has internet and many military downrange, to include combatant commands, don't have internet either.
DISA, according to its website, is a Defense Department agency that provides command and control support to national-level leaders and joint-war fighters "across the full spectrum of operations." The agency sent out a network wide notification this morning via email explaining that "users are experiencing problems browsing the internet due to a DISA-wide outage." As a result, the memo said, "ALLBlackberry, email web-browsing, and VPN services are affected."
People we spoke with in the Pentagon are still able to use e-mail on their computers, but were unable to access the internet.
According to a Pentagon official familiar with network security, this outage is not in response to any time of cyber-attack. This official says if it were an attack, "we'd all know it and DISA would have done what is called a blanket protocol, shutting down all sorts of access until they isolated the source of the attack."
A spokesman at DISA told Fox so far "there is no indication of an attack" and it's expected the internet will slowly come back online.
Title: Mock Cyber Attack On New York Used By Obama To Pitch Senate Bill
Date: March 8, 2012
Abstract: The Obama administration simulated a cyber attack on New York City’s power supply in a Senate demonstration aimed at winning support for legislation to boost the nation’s computer defenses.
Senators from both parties gathered behind closed doors in the U.S. Capitol yesterday for the classified briefing attended by Homeland Security Secretary Janet Napolitano, FBI Director Robert Mueller and other administration officials.
Internet-service providers including AT&T Inc. and Comcast Corp. opposed new cybersecurity regulations at a House hearing. The companies said they prefer measures to improve voluntary sharing of information about cyber threats.
The mock attack on the city during a summer heat wave was “very compelling,” said Senator Susan Collins, a Maine Republican who is co-sponsoring a cybersecurity bill supported by President Barack Obama. “It illustrated the problem and why legislation is desperately needed,” she said as she left the briefing.
U.S. lawmakers are debating cybersecurity legislation following assaults last year on companies including New York- based Citigroup Inc. (C), the third-largest U.S. bank by assets, and Bethesda, Maryland-based Lockheed Martin Corp. (LMT), the world’s largest defense company.
The attacks have increased concern that computer networks operated by U.S. banks, power grids and telecommunications companies may be vulnerable to hacking or viruses that may cause loss of life or inflict widespread economic harm.
The Obama administration is backing a Senate measure introduced on Feb. 14 by Collins and Senator Joe Lieberman, a Connecticut independent, that would direct the Homeland Security Department to set cybersecurity regulations for companies deemed critical to U.S. national and economic security.
A competing Senate bill from eight Republicans including John McCain of Arizona and Kay Bailey Hutchison of Texas would avoid new rules while promoting information sharing through incentives such as protection from lawsuits. Representative Mary Bono Mack, a California Republican, is preparing to introduce similar legislation in the House.
Senator Roy Blunt, a Missouri Republican, called yesterday’s demonstration “helpful because it got a whole bunch of senators thinking about the same thing at the same time.” He said the exercise didn’t sway him to support either of the Senate bills.
After the briefing, Hutchison cited similarities in the two Senate measures while criticizing the “big new bureaucracy and regulatory scheme” in the Obama-backed legislation.
The simulated attack “was intended to provide all senators with an appreciation for new legislative authorities that could help the U.S. government prevent and more quickly respond to cyber attacks,” Caitlin Hayden, a White House spokeswoman, said in an e-mail after the briefing.
A cyber attack leaving New York without power for a prolonged time could have “disastrous” effects, potentially severing communications, crashing life-saving medical equipment and destroying networks that run financial institutions, according to Lawrence Ponemon, chairman of the Ponemon Institute LLC, a research firm based in Traverse City, Michigan.
“I would project that you would have literally thousands of people dying,” Ponemon said in an interview. “A cyber attack on electrical grids that was sustained for three to four weeks would be like returning to the dark ages.”
A blackout that swept parts of North America in August 2003 left 50 million people in the dark for as long as four days. Hackers could cause blackouts “on the order of nine to 18 months” by disabling critical systems such as transformers, said Joe Weiss, managing director of Applied Control Solutions LLC, a Cupertino, California-based security consulting company.
“The dollars are incalculable,” Weiss said. The 2003 event, triggered when a power line touched tree branches in Ohio, caused losses of as much as $10 billion, according to a study by the U.S. and Canadian governments.
Internet Providers Object
Internet-service providers, including AT&T Inc. (T) and Comcast Corp. (CMCSA), opposed new cybersecurity regulations at a House hearing yesterday. The companies said they prefer measures to improve voluntary sharing of information about cyberthreats.
Government-imposed rules could impede innovation, the Internet providers said in testimony to a House Energy and Commerce subcommittee.
“Such requirements could have an unintended stifling effect on making real cybersecurity improvements,” Edward Amoroso, chief security officer for Dallas-based AT&T, said in testimony at the hearing. “Cyber adversaries are dynamic and increasingly sophisticated, and do not operate under a laboriously defined set of rules or processes.”
AT&T is the second-largest U.S. wireless carrier. Philadelphia-based Comcast, the leading U.S. cable provider, and Monroe, Louisiana-based CenturyLink Inc. (CTL) expressed similar views in their prepared testimony.
Senate Majority Leader Harry Reid, a Nevada Democrat, has said he wants to bring the Lieberman-Collins bill to the chamber’s floor for a vote as soon as possible, though he hasn’t given a date. The measure is co-sponsored by Democrats Jay Rockefeller of West Virginia andDianne Feinstein of California.
The Lieberman-Collins bill is S. 2105 and the McCain bill is S. 2151 (Bloomberg, 2012).Title: Report: Iran Unplugs Oil Facilities From Internet
Date: April 23, 2012
Abstract: The Iranian oil ministry’s computer network came under attack from hackers and a computer virus, prompting the Islamic Republic to disconnect the country’s main oil export terminal from the Internet as a preventative measure, a semiofficial news agency reported on Monday.
Mehr said the Sunday cyberattack affected some data, but the ministry had backed it up. It said oil operations were otherwise unaffected.
But the Kharg Island oil terminal, the ministry headquarters, and other facilities were all taken offline, the agency quoted Hamdollah Mohammadnejad, deputy oil minister in charge of civil defense, as saying. Some 80 percent of Iran’s daily 2.2 million barrels of crude export goes through the Kharg facility, located off its southern coast.
The Islamic Republic says that it is involved in a long-running technological war with the United States and Israel.
Iran periodically reports cyberattacks to its nuclear and industrial sectors, almost always saying that little damage was caused. In 2010, Iran reported that a nuclear plant had been targeted by the Stuxnet virus. It denied reports that uranium centrifuge operations had been disrupted, saying that damage was confined to nuclear plant personnel’s laptops.
Iran has reported other cyberattacks since, including an infection in April 2011 dubbed “Stars” and a spy virus about which little is known but its name, “Doku.”
Earlier this year, head of Iran’s civil defense agency Gholam Reza Jalali said the energy sector of the country has been a main target of cyberattacks over the past two years.
Iran has recently announced a series of cyberdefense measures spearheaded by the Revolutionary Guards — a unit which already runs every key military program in Iran and many industries.
In March, the Guard set up what it claims is a hack-proof communications network for its high-level commanders.
Ultimately, Iran says it wants to set up a completely indigenous Internet that is also aimed at checking a “cultural invasion” by enemies aimed at promoting dissent and undermining the ruling system.
Iran is at odds with Israel and the West over its controversial nuclear
program. The U.S. and its allies accuse Tehran of wanting to develop weapons
technology. Iran denies the claims, saying its program is for peaceful purposes
Title: Secretary Hillary Clinton: We Hacked Yemen Al Qaeda Sites
Date: May 23, 2012
Source: ABC News
Abstract: In a rare glimpse into cyber warfare tactics, a top U.S. official has explicitly acknowledged that the U.S. government hacked into websites run by Al Qaeda’s affiliate in Yemen, changing advertisements that boasted about killing Americans into advertisements that underscored the deaths of Muslim civilians in al Qaeda terror attacks.
During her keynote speech at the Special Operations Command gala dinner in Tampa, Florida Wednesday night, Secretary of State Hillary Clinton said that State Dept. specialists attacked sites tied to Al Qaeda in the Arabian Peninsula (AQAP) that were trying to recruit new members by “bragging about killing Americans.”
“Within 48 hours, our team plastered the same sites with altered versions of the ads that showed the toll al Qaeda attacks have taken on the Yemeni people,” said Clinton. “We can tell our efforts are starting to have an impact because extremists are publicly venting their frustration and asking supporters not to believe everything they read on the internet.”
It had been suspected that the U.S. government played some role in shutting down several jihadi web forums earlier this year, but officials from the CIA and counterterrorism community had previously denied any involvement.
Highlighting the government’s use of “smart power” to fight extremists, Clinton said that military and civilian specialists around the world are focused on pre-empting, discrediting, and outmaneuvering extremist propaganda. Calling them “a digital outreach team,” Clinton said the specialists are fluent in Urdu, Arabic, and Somali. The group is “already patrolling the web and using social media and other tools to expose al Qaeda’s contradictions and abuses, including its continuing brutal attacks on Muslim civilians.”
Secretary Clinton also said that under her tenure the State Department has become more active in working with the Defense Department and the intelligence community to use diplomacy as a tool to fight terrorism of all forms and extremist propaganda.
The Bureau of Conflict and Stabilization Operations, according to Clinton, was created to find ways for civilian diplomats and experts to better aid military operations in hot spots. Clinton said the bureau sent a team of experts ahead of the Special Operations mission in Central Africa to talk to village leaders and rebels who would be open to defecting or helping the U.S. find the warlord Joseph Kony.
Clinton said the State Department’s Counterterrorism Bureau is currently spearheading a diplomatic campaign around the world working with local governments and leaders to squeeze any funding venues for al Qaeda and its affiliates. She said the State Department trains nearly 7,000 police, prosecutors and counterterrorism officials from more than 60 countries.“We’re expanding our work with civil society organizations in specific terrorist recruiting hotspots — particular villages, prisons, and schools — to disrupt the process of radicalization by creating jobs, promoting religious tolerance, and amplifying the voices of victims of terrorism,” said Clinton (ABC News, 2012).
Title: Dirty Deeds: Iranian Nuclear Program Hit By 'AC/DC Virus'?
Date: July 24, 2012
Abstract: Iranian nuclear facilities have reportedly been attacked by a “music” virus, turning on lab PCs at night and blasting AC/DC’s “Thunderstruck.”
Mikko Hypponen, Chief Researcher at Finnish digital security firm F-secure, publicly released a letter he received from an unnamed Iranian scientist. The researcher, who claimed to work for the Atomic Energy Organization of Iran (AEOI), said that another virus has struck the Natanz uranium enrichment facility in central Iran and a secret underground research facility at Fordo, southwest of Tehran.
The letter’s author reported that the virus shut down equipment (made by Germany’s Siemens Corporation) and automated systems at both research centers.
Hypponen published the letter on his blog, but cautioned that there is no way for him to verify the accusations. He was able to confirm, however, that the letter did originate from the AEOI’s servers.
The letter, which was reportedly sent to various cybersecurity experts, said that Metasploit’s Penetration Testing Software had been used to direct this new attack on Iran’s nuclear facilities.
The scientist stressed that he is not a cybersecurity specialist, and does not have detailed information on the virus.
“There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing ‘Thunderstruck’ by AC/DC,” the scientist wrote.
If true, this attack is the third hacking attempt aimed at Tehran’s controversial nuclear program. In 2010, the state-of-the-art Stuxnet virus set Iran’s nuclear ambitions back by at least two years.
In May 2012, experts at Russia’s Kaspersky Laboratories exposed another Trojan virus called Flame, which was designed to spy on web activity in Iran and some Middle Eastern countries. Russian cybersecurity experts labeled Flame “probably the most complicated virus ever.”
Iran claimed to have found a way to neutralize Flame (RT, 2012).
Oil Producer’s Computers Restored After Virus Attack
Date: August 26, 2012
Source: New York Times
Abstract: Saudi Aramco, the world’s biggest oil producer, has resumed operating its main internal computer networks after a virus infected about 30,000 of its workstations earlier this month, the company said Sunday.
Immediately after the Aug. 15 attack, the company announced it had cut off its electronic systems from outside access to prevent further attacks.
On Sunday, Saudi Aramco said the workstations had been cleansed of the virus and restored to service. Oil exploration and production were not affected because they operate on isolated systems, it said.
“We would like to emphasize and assure our stakeholders, customers and partners that our core businesses of oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected and are functioning as reliably as ever,” Saudi Aramco’s chief executive, Khalid al-Falih, said in a statement.
However, one of Saudi Aramco’s Web sites taken offline after the attack — www.aramco.com — remained down on Sunday. E-mails sent by Reuters to people within the company continued to bounce back.
The company said that the virus “originated from external sources,” and that an investigation into the causes of the incident and those responsible was continuing. It did not elaborate.
Information technology experts have warned that computer attacks on countries’ energy infrastructure, whether conducted by hostile governments, militant groups or private “hacktivists” to make political points, could disrupt energy supplies.
In April, a virus infected the Iranian oil ministry and national oil company networks, forcing Iran to disconnect the control systems of oil facilities including Kharg Island, which handles most of its crude exports.
Iran has attributed some of the attacks to the United States, Israel and Britain.
An English-language posting on an online bulletin board on Aug. 15, signed by a group called the “Cutting Sword of Justice,” claimed the group was responsible for the attack and wanted to destroy the 30,000 computers at Saudi Aramco.
It said the company was the main source of income for the Saudi government, which it blamed for “crimes and atrocities” in several countries, including Syria and Bahrain. Saudi Arabia sent troops into Bahrain last year to back the gulf state’s Sunni Muslim rulers against Shiite-led protesters. Riyadh is also supporting Sunni rebels against the Syrian government of President Bashar al-Assad.
The Cutting Sword of Justice was not widely known before this attack, and information security experts contacted by Reuters had no information on the group.
Rob Rachwald, director of security strategy for United States-based data security firm Imperva, said in a blog posting last week that if the Saudi Aramco attack had been carried out by hacktivists, it could be a milestone in computer hacking.
“A group of hobbyists and hacktivists with several very strong-minded developers and hackers achieved results similar to what we have allegedly seen governments accomplish,” Mr. Rachwald wrote.
Symantec, one of the world’s largest Internet security companies, said on the day after the Saudi Aramco attack that it had discovered a new virus directed against at least one organization in the global energy sector, although it did not name that organization.
“It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable,” Symantec said in a blog posting about the virus, which it called W32.Disttrack. “Threats with such destructive payloads are unusual and are not typical of targeted attacks.”Mr. al-Falih, the oil company’s chief executive, said in his statement on Sunday: “Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyberattack” (New York Times, 2012).
Title: Siemens Software Which Controls Power
Plants Vulnerable To Hackers
Date: August 27, 2012
Abstract: RuggedCom is a Canadian subsidiary of Siemenswhich sells networking equipment for use in harsh environments with extreme and inclement weather; many critical infrastructure operators of power plants, water systems, dams, and more; a security specialist discovered a flaw in the software, a flaw which allows hackers to spy on communication of infrastructure operators and gain credentials to access computer systems which control power plants as well as other critical systems.
Against the backdrop of the acrimonious debate over the cybersecurity bill, and with the White House exploring the possibility of using executive orders to mandate cybersecurity standards which operators of critical infrastructure facilities would have to meet, DHS will now look into claims of flaws in software for specialized networking equipment from Siemens.
Justin Clarke, an expert in securing industrial control systems, two weeks ago disclosed that he had found a flaw in software from Siemens’ RuggedComdivision, a flaw which allows hackers to spy on traffic moving through networking equipment manufactured by.Siemens.
The Chicago Tribune reports that DHS asked RuggedCom on Tuesday to confirm Clarke’s claims that the flaws could enable hackers to attack power plants and other critical systems. RuggedCom is a Canadian subsidiary of Siemens which sells networking equipment for use in harsh environments. The company has said that it was investigating Clarke’s claims but declined to elaborate.
Clarke said hackers who can spy on communication of infrastructure operators could gain credentials to access computer systems which control power plants as well as other critical systems.
“If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you,” Clarke toldthe Chicago Tribune.
This is the second time that Clarke has found a bug in RuggedCom’s products, which are used by power companies for communication to remote power stations.
RuggedCom released an update to its Rugged Operating System (ROS) software in May after Clarke discovered that it had a “back door” account that could give hackers access to the equipment with a password.
DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), said on Tuesday that it is working with RuggedCom and Clarke to fix the problem and to keep this from happening in the future.
This will not be easy, however; as Clarke said that all ROS software uses a single software “key” to decode traffic that is encrypted as it moves across the network. Clarke told Reuters that it is possible to extract that key from any piece of RuggedCom’s ROS software.
Clarke, who never attended college, did his original research at his apartment, but was hired a few months ago by Cylance, a company specializing in securing infrastructure. The company was founded by Stuart McClure, the former chief technology officer of Intel Corp’s McAfee security division.
Marcus Carey, a security researcher with Boston-based Rapid7, said hackers could exploit the bug discovered by Clarke to disable communications networks as one element of much bigger attack.
“It’s a big deal,” Carey told the Tribune. “Since communications between these devices is critical, you can totally incapacitate an organization that requires the network.”
As of now there are no reported cases of cyber attacks on the U.S. infrastructure.
The Tribune notes that the report on the RuggedCom vulnerability is among ninety released so far this year by ICS-CERT about possible risks to critical infrastructure operators. That is up from about sixty in the same period a year earlier (HSNW, 2012).
Title: Qatar Group Falls Victim To Virus Attack
Date: August 30, 2012
Abstract: Qatar’s RasGas, one of the world’s largest producers of natural gas, has become the second major state-owned Middle East energy company to be hit by a severe computer virus in weeks.
The disruption came after Saudi Aramco, the government-backed company that is the world’s largest crude oil producer, was also attacked by a computer virus.
Saudi Aramco said in a statement on Sunday that it has restored its “main internal network services” after the attack on August 15. But oil traders in Houston, Geneva and London on Thursday said they were communicating with Aramco’s counterpart by fax and telex, as the company’s external email services were still down (FT, 2012).
Title: Mole Hack? 30,000 Computers Of World's Biggest Oil Company Hit
Date: September 8, 2012
Abstract: Insiders are thought to have facilitated the cyber-attack on the world’s largest oil company, says a probe. The group behind the hack on state-run Saudi Aramco claim the attack is revenge for “crimes and atrocities” by the Saudi government.
"It was someone who had inside knowledge and inside privileges within the company," a source familiar with investigation told Reuters.
The Shamoon virus spread through the company’s computer network last month, wiping the data from at least 30,000 computers, in one of the most destructive cyber-attacks on a single business in history.
Reports say to prevent any drastic consequences Aramco prohibited its employees from sending or receiving emails outside of the company and had to switch to paper transactions while it was dealing with the virus.
Hackivist group The Cutting Sword of Justice claimed responsibility for the attack on the company. They issued a statement saying that the attack was politically motivated and revenge for the “crimes and atrocities” committed by the Saudi Arabian government.
The previously unknown hacker organization also said that they had obtained classified documents from the hack and threatened to release them, although thus far nothing has been published.
Saudi Aramco has not made any comments regarding its ongoing investigation into the mass hack, refraining from speculating on what it called
“Rumors and Conjecture.”
“This was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack,” said the company’s chief executive Mr. al-Falih. He went on to say “not a single drop of oil was lost and no critical systems were harmed.
Meanwhile, Qatari gas producer RasGas announced that it had been affected by a similar virus at the end of August.
The virus in question, known as Shamoon, is not a sophisticated cyber weapon designed for high-level insurgency. It is used to attack ordinary business computers.
“Based on initial reporting and analysis of the malware, no evidence exists that Shamoon specifically targets industrial control systems components or US government agencies,” the Department of Homeland Security’s United States Computer Emergency Readiness Team said in an August 29 advisory.
Once the Shamoon virus has infiltrated a computer network it attempts to infect every computer. The virus is capable of stealing information and erasing all data on the devices, experts say.
“We don’t normally see threats that are so destructive, it’s probably been 10 years since we saw something so destructive,” said Liam O Murchu from computer security firm Symantec.
Repression and marginalization
Saudi Arabia saw a number of protests across the country recently with the country’s Shia Muslim minority protesting against discrimination from the ruling Sunni monarchs.
The Shia protests were triggered last year in March when the Saudi government sent troops to neighboring Bahrain to crackdown on Shia protesters. Bahrain is also ruled by a Sunni Muslim monarchy (RT, 2012).
Title: Chinese Hackers Blamed For Intrusion At Energy Industry Giant Telvent
Date: September 26, 2012
Source: Krebs On Security
Abstract: A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.
The attack comes as U.S. policymakers remain gridlocked over legislation designed to beef up the cybersecurity posture of energy companies and other industries that maintain some of the world’s most vital information networks.
In letters sent to customers last week,Telvent Canada Ltd. said that on Sept. 10, 2012 it learned of a breach of its internal firewall and security systems. Telvent said the attacker(s) installed malicious software and stole project files related to one of its core offerings — OASyS SCADA — a product that helps energy firms mesh older IT assets with more advanced “smart grid” technologies.
The firm said it was still investigating the incident, but that as a precautionary measure, it had disconnected the usual data links between clients and affected portions of its internal networks.
“In order to be able to continue to provide remote support services to our customers in a secure manner, we have established new procedures to be followed until such time as we are sure that there are not further intrusions into the Telvent network and that all virus or malware files have been eliminated,” the company said in a letter mailed to customers this week, a copy of which was obtained by KrebsOnSecurity.com. “Although we do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to a customer system or that any of the compromised computers have been connected to a customer system, as a further precautionary measure, we indefinitely terminated any customer system access by Telvent.”
The incident is the latest reminder of problems that can occur when corporate computer systems at critical networks are connected to sensitive control systems that were never designed with security in mind. Security experts have long worried about vulnerabilities being introduced into the systems that regulate the electrical grid as power companies transferred control of generation and distribution equipment from internal networks to so-called “supervisory control and data acquisition,” or SCADA, systems that can be accessed through the Internet or by phone lines. The move to SCADA systems boosts efficiency at utilities because it allows workers to operate equipment remotely, but experts say it also exposes these once-closed systems to cyber attacks.
Telvent did not respond to several requests for comment. But in a series of written communications to clients, the company detailed ongoing efforts to ascertain the scope and duration of the breach. In those communications, Telvent said it was working with law enforcement and a task force of representatives from its parent firm, Schneider Electric, a French energy conglomerate that employs 130,000 and has operations across the Americas, Western Europe and Asia. Telvent reportedly employs about 6,000 people in at least 19 countries around the world.
The disclosure comes just days after Telvent announced it was partnering with Foxborough, Mass. based Industrial Defender to expand its cybersecurity capabilities within Telvent’s key utility and critical infrastructure solutions. A spokesperson for Industrial Defender said the company does not comment about existing customers.
In its most recent dispatch to customers impacted by the breach, dated Sept. 25, 2012, Telvent executives provided details about the malicious software used in the attack. Those malware and network components, listed in the photocopied Telvent communication shown here strongly suggest the involvement of Chinese hacker groups tied to other high-profile attacks against Fortune 500 companies over the past several years.
Joe Stewart, director of malware research at Dell SecureWorks and an expert on targeted attacks, said the Web site and malware names cited in the Telvent report map back to a Chinese hacking team known as the “Comment Group.”
In July, Bloomberg News published an in-depth look at the Comment Group and its many years of suspected involvement in deploying sophisticated attacks to harvest intellectual property and trade secrets from energy companies, patent law firms and investment banks.
That investigation looked at data gathered by a loose-knit group of 30 security researchers, who tracked the Comment Group’s activity over less than two months last year and uncovered evidence that it had infiltrated at least 20 organizations — “many of them organizations with secrets that could give China an edge as it strives to become the world’s largest economy. The targets included lawyers pursuing trade claims against the country’s exporters and an energy company preparing to drill in waters China claims as its own.”
Politicians in Congress and the Obama administration are becoming more vocal about accusing China and Russia of hacking U.S. computer networks for economic gain, espionage and other motives. But those accusations tend to ring hollow abroad, as Reuters recently observed: “U.S. standing to complain about other nations’ cyber attacks has been undermined, however, by disclosures that Washington, along with Israel, launched sophisticated offensive cyber operations of its own against Iran to try to slow that nation’s suspected quest for a nuclear weapon.” The malware alluded to in that Reuters piece — Stuxnet — was designed to attack specific vulnerabilities in SCADA systems known to be used in Iran’s uranium enrichment facilities.
Nevertheless, a mounting body of evidence suggests the involvement
of one or two Chinese hacking groups in a host of high-profile corporate cyber break-ins over the past
several years. Symantec Corp. reported earlier this month that a
Chinese hacker group responsible for breaking into Google Inc in 2009 – an
operation later dubbed Operation Aurora – had since launched hundreds of other
cyber assaults, focusing on defense companies and human rights groups. Earlier
this week, I detailed additional research on this front which showed espionage
attackers often succeed in a roundabout way — by planting malware at “watering hole” sites deemed most likely
to be visited by the targets of interest (Krebs On Security, 2012).
Title: DHS Issued False ‘Water Pump Hack’ Report; Called It A ‘Success’
Date: October, 2012
Abstract: When an Illinois fusion center distributed a report last year stating that hackers from Russia had broken into a water district’s SCADA system and sabotaged a water pump, the Department of Homeland Security stepped in publicly to denounce the report as false, blaming the regional fusion center for spreading unsubstantiated claims and sowing panic in the industrial control system community.
But while DHS was busy pointing a finger at the fusion center, its own Office of Intelligence and Analysis had been irresponsibly spreading the same false information privately in a report to Congress and the intelligence community, according to a Senate subcommittee investigation released late Tuesday. The DHS report was issued five days after the fusion center report was issued.
Even after the FBI and other investigators concluded a few days later that there was no merit to the hacking claims and that the reports were false, the DHS intelligence unit did not issue a correction to its report or notify Congress or the intelligence community that the information it spread was incorrect.
Officials behind the false claims told Senate investigators that such reports weren’t meant to be “finished intelligence” and that despite their report’s inaccuracies and sloppy wording they considered it to be a “success.”
“[It did] exactly what it’s supposed to do – generate interest,” DHS officials told Senate investigators.
The revelation is buried in a lengthy report released by the Senate’s bipartisan Permanent Subcommittee on Investigations, which examines the many failings of state fusion centers, which were set up in the wake of the 9/11 terrorist attacks in an effort to improve intelligence collection and dissemination for state, local and federal law enforcement and counter-terrorism agencies.
The water pump hack report spawned dozens of sensational news stories when it was leaked to reporters in November 2011. The fusion center report, which was titled “Public Water District Cyber Intrusion,” was distributed by the Illinois Statewide Terrorism and Intelligence Center on Nov. 10 and given to state and federal law enforcement agencies, utilities and other groups.
The report, which was meant to be confidential, claimed that attackers from Russia had hacked into the network of a software vendor that made the SCADA system used by a water district in Illinois and stolen usernames and passwords that the vendor maintained for its customers. The hackers then supposedly used the credentials to gain remote access to the utility’s network and cause a water pump to burn out. The report was leaked to the media by an industrial control systems expert who had gained access to it.
The report was significant at the time because it represented the first known attack of this kind involving hackers breaking into an industrial control system in the U.S. and sabotaging equipment. As the Senate investigators point out in their report, earlier that year Defense Department officials had stated that the U.S. would treat such attacks on critical infrastructure systems as an act of war if they caused widespread casualties.
But none of the information was true, and the authors of the fusion center report could have easily discovered this had they bothered to investigate the matter even a little.
Someone did access the water district’s SCADA system from Russia, but it was a water district contractor who was asked to access the system by water district employees, as Wired first reported. They had called him to seek his opinion on something while he was on vacation in Russia, and he had logged into the system remotely to check on some data for them.
When the pump broke five months later and someone examined the network logs to determine the cause, they found an IP address from Russia listed in the logs next to the username and password of the contractor. No one ever bothered to call the contractor to see if he had logged in from Russia; they just assumed someone in Russia had stolen his credentials.
The assertion by the fusion center that the pump was sabotaged by intruders from Russia was all the more perplexing since the contractor had logged in from Russia five months before the pump broke, the Senate investigators point out.
Nonetheless, five days after the fusion center issued its report on Nov. 10, officials from DHS’s Office of Intelligence & Analysis issued their own report, inexplicably repeating the same claims that the fusion center had made.
“Like the fusion center report, DHS stated the allegations as fact, not as theory, claim or hunch,” the Senate report says, noting that DHS guidelines forbid the department from reporting on information if it’s just a theory, claim or hunch.
The author of the DHS report, a senior reports officer in the Intelligence and Analysis branch, claimed in his report that the information was based on “first and secondhand knowledge of information” that was “deemed reliable.” The report never indicated that the information was based on conjecture.
A slide that the I&A office prepared for an intelligence briefing stated emphatically that the Illinois water district’s SCADA system had “experienced a network intrusion from a Russian IP address” and said that the perpetrator hijacked an “authorized user account” and that “system controls were manipulated resulting in a pump burnout.” The information was included in a daily intelligence briefing that went to Congress and the intelligence community.
A week after the DHS intelligence report was released, investigators from DHS’s Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT) arrived in Illinois to investigate the apparent intrusion. They quickly determined, after speaking with the contractor whose name had shown up in the logs, that the fusion center and the DHS intelligence reports were wrong and that the failed pump was not the result of a hack attack at all.
“Almost no part of the initial reports of the incident had been accurate – not the fusion center report, or DHS’s own intelligence report, or its intelligence briefing,” write the Senate investigators in their report. “The only fact that they got right was that a water pump in a small illinois water district had burned out.”
On Nov. 22, the DHS released a statement saying that there was no evidence to back the fusion center claims that the utility had suffered a cyber intrusion, that credentials were stolen or that any malicious activity was behind the failed water pump.
On Nov. 30, after Wired published a story identifying the contractor who had logged into the system from Russia and revealed the true facts behind the “cyber intrusion”, DHS pointed the finger at the fusion center for releasing information that had not been verified.
A spokeswoman for the Illinois State Police, which is responsible for the fusion center, pointed the finger at local representatives of DHS, FBI and other agencies who she said were responsible for compiling information that gets released by the fusion center.
And then DHS pointed another finger back at the fusion center, saying if the report had been DHS-approved, six different offices would have had to sign off on it.
“Because this was an Illinois [fusion center] product, it did not undergo such a review,” a DHS official told Wired at the time.
But according to the Senate report, DHS had indeed released its own separate report that restated the same false claims that the fusion center report had stated.
When Senate investigators asked officials from the I&A office about their report, the officials acknowledged that they had not included caveats in the report to indicate that the information was uncorroborated and based on hypotheses, but they defended their hurried reporting by saying there was “a premium for getting [intelligence reports] out.”
And despite the fact that their office is called the Office of
Intelligence & Analysis, they told investigators that “analytical
judgements are saved” – that is, analysis is not included in such reports (Wired, 2012).
Title: Report: Iran Blocks Cyberattack On Its Oil Drilling Platforms
Date: October 8, 2012
Source: Fox News
Abstract: An Iranian oil official says the country has successfully blocked a cyberattack on the computer network of its offshore drilling platforms.
The Monday report by semiofficial ISNA news agency quotes Mohammad Reza Golshani, IT head of Iran's state offshore oil company, as blaming Israel for the attack.
He said the attack occurred over the past two weeks, was routed through China, and affected only the communications systems of the network. He did not provide further details.
Iran periodically reports attacks on government, nuclear, oil and industrial targets, blaming Israel and the United States. Israel has done little to deflect suspicion that it uses viruses against Iran.
Iran is odds with the West over its nuclear program. The West suspects
the program is aimed at developing weapons, a charge Tehran denies (Fox News, 2012).
Title: Iran Says It Blocks Cyberattack On Oil Platforms
Date: October 8, 2012
Abstract: Iran says it has successfully blocked a cyberattack on the computer network of its offshore drilling platforms, a semiofficial news agency reported Monday.
The report by ISNA quoted Mohammad Reza Golshani, IT head of Iran's state offshore oil company, as blaming Israel for having planned the attack.
Iran periodically reports the discovery of viruses and other malicious programs in government, nuclear, oil and industrial networks, blaming Israel and the United States. In May, Iran shut down part of its oil facilities because of another such cyberattack.
Israel has done little to deflect suspicion that it uses viruses against Iran.
In this case, Golshani said, the attack occurred over the past two weeks, was routed through China, and affected only the communications systems of the network. He said the main network was safe since it was isolated from the Internet, and was back to normal operations. Iran announced that it had temporarily disconnected its oil ministry and its main crude export terminal from the Internet after the May attack.
Iran earns up to 80 percent of its foreign revenue from the export of crude.
Iran is odds with the West over its nuclear program. The West suspects the program is aimed at developing weapons. Tehran denies the charge, saying its nuclear program is geared toward peaceful purposes like power generation and cancer treatment.A computer worm known as Stuxnet briefly brought Iran's uranium enrichment activity to a halt in 2010 (Guardian, 2012).
Title: Israeli Cyber Attacks Targeted Offshore Oil, Gas Platforms – Iran IT Head
Date: October 8, 2012
Abstract: Iran’s offshore oil and gas platforms were the targets of the cyber attacks aimed at crippling the country. All threats were repelled and Israel was behind them, according to head of IT at the Iranian Offshore Oil Company, Mohammad Reza Golshani.
Golshani told Reuters that the attack happened over the past couple of weeks, was routed through China, and affected only the communications systems of the network.
It is almost two weeks since the managing director of the National Iranian Offshore Oil Company Mahmoud Zirakchianzadeh announced his company’s negotiations over deals worth US$14 billion.
Iran is currently under pressure from the international sanctions, mainly in oil exports, imposed by the UN Security council, the US, and the EU.
On Saturday, the EU threatened to ban Iran’s natural gas export to put pressure on the country’s nuclear program. Iran’s now exporting to Turkey and has swap deals with Armenia and Azerbaijan.
The possible ban was described by a spokesman of the oil ministry Alireza Nikzad-Rahbar as a "propaganda campaign" because “right now no EU member imports Iranian gas supply.”
The UN Security Council imposed four rounds of sanctions in efforts to pressure Tehran to give up its nuclear program, which the West fears is aimed at creating a nuclear weapon. Iran insists its nuclear ambitions are peaceful. The sanctions targeted Iran’s oil exports and cut off access to international banking networks.
Tehran is being pressured not only with sanctions: the country has been variously attacked by Flame, Stuxnet and Gauss, three viruses that gathered information on sensitive Iranian equipment and slowed down its nuclear centrifuges. They were tacitly confirmed to have been launched by the US and Israel, as a way of slowing down the country’s atomic program, which the West says is aimed at eventually producing nuclear weapons. A claim Iran emphatically denies.
Iran has reported several computer attacks in recent months and a Revolutionary Guard commander said last month the country would defend itself in case of a "cyber war".Tehran is seeking to developing a national Internet system, which it says would improve cyber security. But many Iranians say the plan is the latest way to control their access to the Web, which is already highly censored (RT, 2012).
Title: IAEA Incursion: Anti-Israel Hackers Invade IAEA Networks Once More
Date: December 3, 2012
Source: Free Beacon
Abstract: An anti-Israel hacking collective has seized “highly sensitive” nuclear data and satellite imagery from the International Atomic Energy Agency (IAEA), the world’s top nuclear watchdog, according to the website Cryptome.
Parastoo stole the personal information of nearly 200 IAEA scientists and officials last week, including one employee in the United States Department of Energy’s (DOE) Office of Science. DOE is responsible for overseeing America’s nuclear arsenal.
Parastoo now claims to have pilfered reams of documents and personnel information from the nuclear watchdog’s internal “nuclear data section,” according to a statement by the group.
It also has obtained “highly sensitive information, Including Confidential ‘SafeGuard’ Documents, Satellite Images, Official letters, [and] Presentations,” according to the statement.
The hacker group has threatened to release this sensitive information unless the IAEA launches a formal investigation into Israel’s nuclear site, which some believe houses nuclear arms.
“We are demanding IAEA to start an INVESTIGATION into activities at Israel’s secret nuclear facilities,” the group wrote in its second public statement. “There are many PARASTOOs in the world, seeking for an investigation into Israel’s Human-Life threatening nuclear activities.”
The IAEA did not respond to a Free Beacon request for comment about the second infiltration of its servers.
Yukiya Amano, the United Nations’ nuclear head, said last week that he did not believe sensitive nuclear safeguards have been comprised as a result of Parastoo’s initial attack, according to Reuters.
Parastoo responded to this charge by launching a second attack last week aimed at penetrating further into the IAEA’s systems, this time its “nuclear data section.”
“We’re now publishing additional information to prove our ability to gain access to highly sensitive information,” Parastoo wrote in its statement.
“IAEA cannot just keep us away by turning off their Servers (either old or new ones!),” the group wrote. “There are plenty more of where this information came from but we guarantee that these information will stay in a very safe place with us.”
Parastoo has said that it will safeguard this information as long as the IAEA agrees to investigate Israel’s Negev Nuclear Research Center located near the southern city of Dimona. Israel has not publicly acknowledged having nuclear arms.
Parastoo’s demand appears to be in response to the IAEA’s aggressive investigation into Iran’s clandestine nuclear enrichment program, which is believed to be aimed at building nuclear weapons.
“This information only released to open eyes of IAEA and independent media to real threat of world peace, Israel,” the group states. “Our intentions are not to sabotage or misuse such data for any purposes what so ever.”
Included in the group’s statement is a link to the IAEA’s internal “nuclear data section.” The information, which includes critical technical information needed to acquire access to the system, is meant to prove that Parastoo’s claims are legitimate.
Additionally, Parastoo claims to have at least 15 portions of the IAEA’s system under its control and it lists this information for the public to view.
The group also provides a sample of several documents and satellite images it has seized from the IAEA and lists the email addresses of additional employees.
Parastoo is highly critical of Israel, accusing it of espionage and terrorism in past statements.
Both the language and political positions adopted by Parastoo are similar to dispatches from Anonymous, an anarchic collective of “hacktivists” who engage in cyber-attacks against targets it finds objectionable.
Anonymous recently threatened to launch a “cyber war” against Israel in response to its most recent incursion into the Gaza Strip. It then leaked the personal information of nearly 5,000 Israeli officials.
Details regarding Parastoo’s specific location remain vague.The group was not publicly known before its first attack and claims to have “many” members likely scattered in various locations (Free Beacon, 2012).
Title: Saudi Arabia Says Cyber Attack Aimed To Disrupt Oil, Gas Flow
Date: December 9, 2012
Abstract: Saudi Arabia's national oil company, Aramco, said on Sunday a cyber attack against it in August which damaged some 30,000 computers was aimed at stopping oil and gas production at the biggest OPEC exporter.
The attack on Saudi Aramco - which supplies a tenth of the world's oil - failed to disrupt production, but was one of the most destructive cyber strikes conducted against a single business.
"The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals," said Abdullah al-Saadan, Aramco's vice president for corporate planning, on al-Ekhbariya television. It was the firm's first comments on the apparent aim of the attack.
Aramco and the Saudi Interior Ministry is conducting an investigation into the cyber strike. Interior Ministry spokesman Mansour al-Turki said the attackers were an organised group operating from different countries on four continents.
The attack used a computer virus known as Shamoon which infected workstations on Aug. 15 and the company shut down its main internal network for more than a week.
Turki said that the investigation had not shown any involvement of Aramco employees but he could not give more details as the investigation was not yet complete.
Saudi Arabia's economy is heavily dependent on oil. Export revenues from oil have accounted for 80-90 percent of total Saudi revenues and above 40 percent of the country's gross domestic product, according to U.S. data.
Shamoon spread through the company's network and wiped computers' hard drives clean. Saudi Aramco said damage was limited to office computers and did not affect systems software that might hurt technical operations.
Hackers from a group called "Cutting Sword of Justice" claimed responsibility for the attack, saying their motives were political and that the virus gave them access to documents from Aramco's computers, which they threatened to release. No documents have so far been published.
In a posting on an online bulletin board the day the files were wiped, the group blamed Saudi Arabia for "crimes and atrocities" in several countries, including Syria and Bahrain.Saudi Arabia sent troops into Bahrain last year to back the Gulf state's rulers, fellow Sunni Muslims, against Shi'ite-led protesters. Riyadh is also sympathetic to mainly Sunni rebels in Syria while Iran backs the Syrian leader Bashar al-Assad, whose Alawite religion is an offshoot of Shi'ite Islam (Reuters, 2012).
Title: Iran Media Report New Cyberattack By Stuxnet Worm
Date: December 25, 2012
Source: Fox News
Abstract: An Iranian semi-official news agency says there has been another cyberattack by the sophisticated computer worm Stuxnet, this time on the industries in the country's south.
Tuesday's report by ISNA quotes provincial civil defense chief Ali Akbar Akhavan as saying the virus targeted a power plant and some other industries in Hormozgan province in recent months.
Akhavan says Iranian computer experts were able to "successfully stop" the worm.
Iran has repeatedly claimed defusing cyber worms and malware, including Stuxnet and Flame viruses that targeted the vital oil sector, which provides 80 percent of the country's foreign revenue.
Tehran has said both worms are part of a secret U.S.-Israeli program that seeks to destabilize Iran's nuclear program.
The West suspects Iran is pursuing a nuclear
weapons program, a charge Tehran denies (Fox
Title: Hacker Hits On U.S. Power And Nuclear Targets Spiked In 2012
Date: January 9, 2013
Source: CNN Money
Abstract: America's power, water, and nuclear systems are increasingly being targeted by cybercriminals seeking to gain access to some of the nation's most critical infrastructure.
The number of attacks reported to a U.S. Department of Homeland Security cybersecurity response team grew by 52% in 2012, according to a recent report from the team. There were 198 attacks brought to the agency's attention last year, several of which resulted in successful break-ins.
An earlier report from DHS sketched in details on some of those successes. An unidentified group of hackers targeting natural gas pipeline companies gained access to the corporate systems of several of their targets and "exfiltrated" -- that's security-speak for "stole" -- data on how their control systems work.
The information obtained "could facilitate remote unauthorized operations," DHS said. There's no evidence the hackers have actually broken into the control systems themselves, the agency added.
The energy sector was the most-targeted field, with 82 attacks, and the water industry reported 29 attacks last year. Chemical plants faced seven cyber attacks, and nuclear companies reported six.
Hackers hit the bulls-eye on "several" of their nuclear targets: "These organizations reported that their enterprise networks were compromised and in some cases, exfiltration of data occurred," the DHS team wrote. It said that it is not aware of any successful breaches of nuclear control networks.
Those are only the attacks that we know about, though. Many companies choose not to report incidents, and the majority of cyberattacks go undiscovered, according to industry researchers.
Of course, it's not the quantity of attacks that matters. It's the small handful that succeed.
DHS warned that the nation's infrastructure is worryingly vulnerable. Using a special search engine that finds Internet-connected devices, researchers from security advocacy group InfraCritical located more nearly 500,000 devices across the country that appeared to tap into key control systems. They brought their list to DHS, which began investigating -- and confirmed that 7,200 devices on it really do appear to be linked to critical control systems.
Many of those systems are directly reachable through the Internet and "have either weak, default, or nonexistent logon credential requirements," the agency warned.
It is working with government agencies and private partners to alert system operators and close down those vulnerabilities.
A similar test of European home automation systems revealed that many of these devices had been built without security in mind. One popular smart meter device, for instance, had a default password of "1234."
Anyone with malicious intent -- terrorists, rogue or enemy nations -- could locate those devices just as easily as the researchers did.
The Obama administration and many in Congress have been more vocal about how an enemy nation or a terrorist cell could target the country's critical infrastructure in a cyberattack. Legislation aimed at preventing such attacks stalled in Congress last year.
In its report, the Department of Homeland Security advised critical infrastructure companies to keep devices linked to their control systems offline, put stronger passwords in place and implement better security protocols.
Some security experts think the nation won't crack down on securing its critical systems until there's a high-profile debacle."I believe that people will not truly get this until they see the physical implications of a cyber attack," Shawn Henry, who retired last year as the Federal Bureau of Investigation's top cybercrime official, said at an industry conference in July. "We knew about Osama bin Laden in the early '90s. After 9/11, it was a worldwide name. I believe that type of thing can and will happen in the cyber environment (CNN Money, 2013).
Title: Sophisticated Cyber-Attack Hits Energy Department, China Possible
Date: February 4, 2013
Source: Fox News
Abstract: The Energy Department has been hit by a major cyber-attack, which resulted in the personal information of several hundred employees being compromised and could have been aimed at obtaining other sensitive information, The Washington Free Beacon reports.
FBI agents are investigating the attacks, which happened two weeks ago, at the Washington-based headquarters. Fourteen computer servers and 20 workstations reportedly were penetrated during the attack.
The Energy Department is in the process of notifying employees whose information was stolen. While no classified information was compromised, the Free Beacon reports there are indications the hackers could have been seeking access to such data. Chinese hackers may be suspects, as the department is a known target of Beijing -- according to the Free Beacon, the sophistication of the attack indicates the involvement of a foreign government.
The department includes the National Nuclear Security Administration, which maintains nuclear weapons.
"It's a continuing story of negligence," former Energy Department security official Ed McCallum told the Free Beacon, explaining that the department continues to have security problems despite controlling some of the most "sophisticated military and intelligence technology the country owns."
He said China, as well as Iran, have been after Energy Department secrets. Several groups and agencies have warned about stepped-up cyber activities out of China.
"China continues to develop its capabilities in the cyber arena," the U.S. China Economic and Security Review Commission said in a November 2012 report to Congress. "U.S. industry and a range of government and military targets face repeated exploitation attempts by Chinese hackers as do international organizations and nongovernmental groups including Chinese dissident groups, activists, religious organizations, rights groups, and media institutions."
Officials tell the Beacon they're working to plug security holes in the system and are developing ways to prevent a similar cyber attack in the future.Confirmation of the attack comes only days after The New York Times and The Wall Street Journal announced that Chinese hackers had infiltrated its computers and stolen passwords for its employees. In a written statement, News Corporation, parent company of FoxNews.com, described the attack as an "ongoing issue." China's Ministry of National Defense has denied accusations they were behind the cyber attacks (Fox News, 2013).
Title: Symantec Discovers 2005 US Computer Virus Attack On Iran Nuclear
Date: February 26, 2013
Abstract: Researchers at the security company Symantec have discovered an early version of the "Stuxnet" computer virus that was used to attack nuclear reprocessing plants in Iran, in what they say is a "missing link" dating back to 2005.
The discovery means that the US and Israel, who are believed to have jointly developed the software in order to carry out an almost undetectable attack on Iran's nuclear bomb-making ambitions, were working on the scheme long before it came to public notice – and that development of Stuxnet, and its forerunner, began under the presidency of George W Bush, rather than being a scheme hatched during Barack Obama's first term.
The older version of the virus, dubbed "Stuxnet 0.5" – to distinguish it from the "1.0" version – also targeted control systems in Iran's Natanz enrichment facility, the researchers said.
"Stuxnet 0.5 was submitted to a malware scanning service in November 2007 and could have begun operation as early as November 2005," Symantec notes in a report. It may have been submitted to see whether Symantec's defences would recognise it as malware – in which case it would have been useless. One key to Stuxnet's success was that it was not detected by conventional antivirus systems used in corporate and state computer systems.
The success of Stuxnet – in both forms – is reckoned to have averted a planned military strike by Israel against Iran's reprocessing efforts in 2011. During 2010 it had seemed increasingly likely that Israeli jets might target the heavily-armoured plant to thwart Iran's nuclear ambitions.
But the computer virus, one of the most visible forms of a cyberwar that is increasingly raging between nation states, made that unnecessary, and is reckoned to have put Iran's plans back by years.
The 1.0 version of Stuxnet is reckoned to have infected Iranian computers after being copied onto USB sticks which were left in locations in India and Iran known to be used by Iranian nuclear scientists and their contacts. It then spread into computer systems and took over the connected Siemens control systems, spinning centrifuges to dangerous speeds in order to damage the systems.
The 0.5 version, by contrast, was transmitted as part of an infected control archive for specific Siemens systems used for uranium enrichment. Once active, it infected the network and control systems and closed off valves, a move that would cause serious damage to the centrifuges and the enrichment system. It also recorded data about the system it was on, which it would send back over the internet to a set of "command and control" servers – which at the time had been faked to look like a group of internet advertising agencies created in 2005, with names such as smartclick.org and best-advertising.net, and all bearing the same phrase on the front: "Believe What the Mind Can Dream." (They have since been adopted by other companies, or closed.)"The 0.5 version was a mixture of sabotage and espionage – affecting the valves and reporting back," said Sian John, Symantec's director of security strategy for UK and Ireland Enterprise. "This really goes to show that with the right impact and amount of research, these groups can create very targeted attacks" (Guardian, 2013).
Title: Iran Ministry Denies Cyberattack On
Its Oil Networks
Date: June 26, 2013
Source: Fox News
Abstract: An Iranian oil ministry official on Saturday denied a report published by a government agency that it had successfully blocked a cyberattack on an oil sector computer network.
Ahmad Tavallaei, head of IT at the National Iranian Oil Company, said in comments posted on the oil ministry's website shana.ir that a technical problem, not a cyberattack, was the reason for a temporary shutdown of the network.
An Iranian government agency in charge of fighting sabotage said earlier Saturday in its website, paydarymelli.ir, that the networks of the Oil Ministry and the National Iranian Oil Company came under cyberattack the day before.
Iran periodically reports the discovery of viruses and other malicious programs in government, nuclear, oil and industrial networks, blaming Israel and the United States. In May, Iran shut down part of its oil facilities because of another such reported cyberattack.
Israel has done little to deflect suspicion that it uses viruses against Iran (Fox News, 2013).