Military Cybersecurity

By pjain      Published Jan. 19, 2020, 3:38 a.m. in blog Invest   

Keys

Vulnerable to attacks right at home

Wars are not fought only overseas any longer; the cyber domain is here at home and we are vulnerable.

As an example a dam in New York state could have had its gates opened flooding and causing major damage - it was averted with the simple dumb luck of the gates connections being down at the time the attack occurred.

Hospitals and the medical system have proved especially vulnerable to wiper-type attacks.

A well-timed intrusion that targeted response systems and coincided with some natural disaster (like the California or Aussie wildfires or the earthquake in Puerto Rico) could have a devastating effect in hundreds or thousands of lives lost.

Major Military powers find Cyberwarfare is cheap - can invest billions

It comes down to resources. A government is a predator with billions of dollars at its disposal to amass a formidable cyber army. Its prey is a lean, for-profit company with a small security team.

China and Russia are most capable and dangerous

US Homeland security leaders have told senators that hackers in China and Russia are the worlds most dangerous.

Iran and N. Korea are opportunistic attackers

US Homeland security leaders have told senators that hackers in Iran and North Korea pose less of a threat than China and Russia. But they're still a serious foe.

Private targets face overwhelming foes

Computer security experts agree that companies aren't prepared to handle this threat.

Israelis are World No 1 in Cyberwarfare - just do it quietly

US No 2 Military Cyberwarfare and 10,000 foot Attacks

US used cyber tools to shutdown Iran centrifuges

U.S. used a cyber tool known as Stuxnet to destroy Iran’s uranium processing centrifuges,

US, UK attack European targets

2015 American and British spies hacked a phone SIM card maker in the Netherlands.

Hillary Clinton backed Bombings killed thousands, millions of refugees in Libya, Syria

US Fintech - "US Dollar" and Sanctions can hurt millions economically - Venezuela, Iran, N. Korea

US Protection - spending tens of billions

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) released new guidance on Iran in Jan 2020.

DoD has major problems in Military Cybersecurity

It is well known that there has been a systematic failure of the Defense Department to improve software procurement.

This is potentially implicated in problems like the suspected vulnerabilities in the F-35’s cyber systems.

PROBLEM: Procuring software esp. upgrades in a timely manner

Rapid upgrades are vital. Upgrades that take days or weeks in the private sector seem to linger for months or years at the Pentagon.

he systematic failure of the Defense Department to improve software procurement is potentially implicated in problems like the suspected vulnerabilities in the F-35’s cyber systems.

Congress bill 2020 National Defense Authorization Act (NDAA) Section 800 on rapid procurement

This has the title “Authority for Continuous Integration and Delivery of Software Applications and Upgrades to Embedded Systems.” and pushes for rapid DoD upgrades by authorizing rapid upgrades.

Rapid procurement in six months as a goal

Section 800 authorizes the department to create procurement pathways in which software can be purchased in less than a year. If implemented effectively, the change would be dramatic in improvements in US military cybersecurity.

Delivery of increments of useful software capability no less frequently than every six months is not only a best practice for software-intensive systems but it has also been a standing government-wide requirement for years. Overcoming the Department’s institutional and cultural resistance to delivering in a year or less requires ruthless prioritization of features, which hinges on more effective cooperation among stakeholders.

A rapid procurement process will help software developers to current one that takes years longer to complete.

The NDAA gives the DoD just a year to set up the rapid procurement pathway.

Security Metrics - standards and industry best practices

This is full of interesting proposals on rapid procurement pathways and guidelines from modern industrial DevOps and Security practices.

assurances that cybersecurity metrics of the software to be acquired or developed, such as metrics relating to the density of vulnerabilities within the code of such software, the time from vulnerability identification to patch availability, the existence of common weaknesses within such code, and other cybersecurity metrics based on widely-recognized standards and industry best practices, are generated and made available to the Department of Defense and the congressional defense committees.

The NDAA will force the DoD within a year to identify more concretely exactly which metrics it will use to ensure that the software it procures is less vulnerable.

Resources

Chinese No 3 cyberwar part of Peoples Army

2014 DoJ charges Industrial Espionage

Federal charges were filed against five members of the Chinese military, whom the U.S. accused of stealing trade secrets from U.S. companies. Justice Department officials have said that such charges send a message that the U.S. government will not tolerate state-sponsored cyber attacks on U.S. businesses or organizations.

2014 stole industrial plans

Russian No 4 Cyberwarfare state

2014 breakins to Oil companies

  • Russian hackers have broken into American and European oil and gas companies.

2016 Hacking US Elections through social Media

Russia’s social media campaign from the 2016 election, but they have watched (as have all of our adversaries) and seen how disruptive ransom-ware attacks against local governments have been. Such attacks can have even greater potential for disruption when the perpetrator isn’t interested in a ransom. One key concern is the targeting of election databases in battleground states in the lead-up to the 2020 election. An attack on them would devastate confidence in the fairness of the election and make the final result the subject of political dispute. SRC

Iran uses low cost assymetric attack and hacking - No 5 threat

Iran faced with the trillion dollar deployment of US has a history of avoiding direct military conflicts and instead projecting its national power through proxies and asymmetric means.

  1. Support for militias like in Yemen on Saudi borders and Hezbollah on Israel borders.

  2. Since 2010 cyber warfare has been a key part of Iran’s arsenal. The existing cases suggest Iran already has a deeply-rooted ability to wage foreign cyber-war on distant targets as part of any, more conventional, terror attack involving bombs and bullets.

  3. US uses tens of millions of drones and missiles and standby infrastructure to surgically strike. Iran in reaction pledged to attack American entities after the nation's top military official Gen. Qasem Soleimani was drone-killed by U.S. forces as he visited Iraq last week.

  4. Recent reactions have weaponized to do far more than DOS, or hacking identities or stealing. Iran is now using destructive 'wiper' attacks to wipe out memory or an entire network. Now it is using common tactics like spear-phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you've lost your whole network.

Islamic Revolutionary Guard Corps - center of their Cyberwarfare

The hackers in prior Iranian hacker attacks worked for ITSecTeam and Mersad Co. -- that performed work on behalf of the government and its Islamic Revolutionary Guard Corps. This is the same military organization that Soleimani oversaw in Iran at the time of his death.

2011-12 Denial of service attacks against American banks

In 2011 and 2012, the hackers allegedly launched concerted denial-of-service attacks on several U.S. financial institutions, including Bank of America, Citibank and the New York Stock Exchange. Such attacks involve blasting computer servers with so much data that they have difficulty processing legitimate transactions.

These prevented some Americans from using online banking tools.

Seven Iranian computer specialists with ties to Tehran have been charged by U.S. prosecutors with launching cyberattacks that cost banks millions of dollars. The seven men worked for ITSecTeam and Mersad Co. -- that performed work on behalf of the government and its Islamic Revolutionary Guard Corps. - SRC: MARCH 24, 2016 LaTimes

In reality the US will have a hard time getting its hands on the Iranians, whose government is unlikely to hand them over for prosecution.      ## Iran attacks US targets of opportunity

  • Iran-backed hackers have already commenced a digital war on hundreds of targets in the Midwest.

  • 2018 March - Iranian infiltration of computer systems for the State of Indiana, at the Federal Energy Regulatory Commission, the Department of Labor, the United Nations and 144 U.S. universities. Nine Iranian nationals were working in cooperation with Iran's Islamic Revolutionary Guard Corps and are still fugitives, have been charged in that case, one of the largest foreign government-sponsored hacking cases ever charged by the Justice Department.

    In this attack - hackers stole data and intellectual property across all fields of research, including engineering, medicine, science and technology between 2013 and 2017.

  • 2018 Nov - Iran targeted a Chicago healthcare technology company. The two men charged in that case are also both federal fugitives. In this attack they used an extreme form of 21st century digital blackmail using SamSam ransomware to target vulnerable institutions across the U.S. and Canada.

Attack Saudi Oil facilities

The Iranians were also identified as responsible for releasing a virus called Shamoon which erased data on computers at Saudi Aramco, the largest oil company in the world.

2014 Iran shutdown Zionist Ultra Sheldon's Las Vegas Sands Casino

And Sheldon Adelson, a billionaire pro-Israel, Republican supporter of President Trump, was targeted --- his Sands Casino in Las Vegas was infected with a virus that shut down the casino for a while, and U.S. officials said the attack came from Iran.

Adelson is a major donor to Republican politicians in particular a strong Trump ally. He's staunchly pro-Israel, and a financier and backer of current Israeli regime. In the past, Adelson has casually suggested that the U.S. drop nuclear bombs on Iran. The attack was soon after the company's founder, Sheldon Adelson, called for a nuclear attack on Iran.

In February 2014, it said unidentified hackers broke into its computer network and stole customer data: credit card data, Social Security numbers and driver's licenses numbers.

A year later Director of National Intelligence James Clapper said the Iranian government was behind the attack.

North Korean Cyberwarfare No 5

Attack on Sony

Huawei the Mega threat or 5G competitive frontier

Is Trump Admin ban toothless?

Paul Rosenzweig criticized Trump officials for launching the ban before they were prepared to implement it and speculated it could be more than a year before the ban fully takes effect. “The right way to do this would have been to prepare everything in advance and announce it with an implementation date in 30 days. But that isn’t what we did. The announcement, like so many things, was done impulsively.” - Src Paul Rosenzweig is former senior national security at Homeland Security under Bush


0 comments

There are no comments yet

Add new comment

Similar posts

Personal Data and Privacy in Social Media TODO

Cyberattack Cases and Lessons TODO

Banking and Financial Cybersecurity

Enterprise IT Cybersecurity Tech and BPR