China's Cyber Forces
China is well known for its global cyber espionage efforts. And while the United States has received most of the media attention given to cyber attacks, we are not the only ones dealing with this issue. India is now pointing the finger at China, claiming they have systematically launched a series of attacks on sensitive information systems and networks of Indian agencies. India rapidly responded and now has cyber-security forces down to the division-level to guard against cyber wars. But is that really enough given China's stated ambitions?
China's Cyber Warfare Doctrine is designed to achieve global "electronic dominance" by 2050 which would include the capability of disruption of the information infrastructure of their enemies. This doctrine includes strategies that would disrupt financial markets, military and civilian communications capabilities as well as other parts of the enemy's critical infrastructure prior to the initiation of traditional military operations. With all the attacks that have been attributed to China, there has to be significant intelligence out there about techniques, cyber weapons and strategies that have been used in these cyber assaults. The proliferation of China's cyber capabilities will be the topic of a Congressional hearing in DC on May 20th. This hearing will examine "China's Proliferation Practices and the Development of its Cyber and Space Warfare Capabilities."
Military and intelligence sources have known that Chinese cyber forces have developed these detailed plans for cyber attacks against the United States and others. It is believed that the plans for such an attack were drawn under the direction of the People's Liberation Army (PLA).
China has a significant cyber weapons and intelligence infrastructure in place today. What is alarming is not only do they have the intent, but they have the money. Beijing has the world's second or third largest defense budget depending on where you look for the numbers. Their military budget has been on the rise at 10 percent or more a year for over a decade. This, as well as the attacks, are evidenced by their cyber operational ability to scan, acquire nodes for their growing botnet as well as the continued sophisticated assaults on defense information systems in the US, Germany, UK and India. In addition, in April 2007, Sami Saydjari, who has worked on cyber defense systems for the Pentagon since the 1980s, told Congress: "The situation is grave, with nation-states such as China developing serious offensive capabilities."
Recent attacks on the United States and India have brought this threat to the forefront. While diplomatic efforts to address these attacks have been initiated, virtually no progress has been made, according to individuals close to the issue. The following information has been provided by Spy-Ops and represents their assessment of China's current cyber capabilities.
China People's Liberation Army (PLA)
Military Budget: $62 Billion USD
Global Rating in Cyber Capabilities: Number Two
Cyber Warfare Budget: $55 Million USD
Offensive Cyber Capabilities: 4.2 (1 = Low, 3 = Moderate and 5 = Significant)
Cyber Weapons Arsenal:
In Order of Threat -- Large, advanced BotNet for DDos and espionage
Electromagnetic pulse weapons (non-nuclear)
Compromised counterfeit computer hardware
Compromised computer peripheral devices
Compromised counterfeit computer software
Zero-day exploitation development framework
Advanced dynamic exploitation capabilities
Wireless data communications jammers
Computer viruses and worms
Cyber data collection exploits
Computer and networks reconnaissance tools
Embedded Trojan time bombs (suspected)
Compromised microprocessors & other chips (suspected)
Cyber Weapons Capabilities Rating: Advanced
Cyber force Size: 10,000 +
Broadband Connections: More than 55 million
China's Hacker Community: Honker Union, Red Hackers Alliance (The 5th largest hacking organization in the world.)
China's Software Industry: In Q1 2007, the software industry RMB 96.7 billion with a year-on-year increase of 26.9%.
In Q1 2008, China recorded RMB 144.36 billion in software industry sales revenue, up sharply year-on-year.
From all this information one can only conclude that China has the intent and technological capabilities necessary to carry out a cyber attack anywhere in the world at any time. Nations around the world can no longer ignore the advanced threat that China's cyber warfare capabilities may have today and the ones they aspire to have in the near future. Just recently Belgian justice minister, Jo Vandeurzen, claimed that attacks against the Belgian Federal Government originated from China and are most likely sanctioned by Beijing. The Belgian minister of foreign affairs, Karel De Gucht, told their parliament that his ministry is the subject of cyber-espionage by Chinese cyber agents. This is just the tip of the iceberg. Spy-Ops believes that an estimated 140 countries will be working on their cyber weapons by the end of 2008 and that in the next five years we will see countries and extremist groups jockeying for cyber supremacy.
-- Kevin Coleman
Professional Cyber Arms Dealers
Software used for years by hackers and criminals have now become mainstream and, as we have mentioned before, hacking and cyber crime have been professionalized. As such, tool kits that enable these activities have been packaged for sale and wide dispersion across the Internet. These cyber attack tool kits make it possible to automate hacking, espionage, fraud, and much more. These top hacking tools are now being sold for prices ranging from less than $100 and up to $50,000.
And you won’t believe this: The most advanced packages come with customer service/support. In at least one case the package includes 12 months of technical support and updates to ensure the kits stay up to date on the latest web vulnerabilities.
Arguably the most advanced hacker tool kit is MPack. According to Intelomics, MPack is a PHP-based malware kit with high quality key-logging capabilities that sells for between $500 to $1,000 USD and the first version was released in December of 2006. It is believed to have been produced by RBN, a multi-faceted cybercrime organization and appears to come with support and monthly updates.
RBN and their support units provide scripts and executables to make MPack undetectable by antivirus software. Every time MPack is generated it looks different to the anti-virus engines and it often goes undetected. The modularization of delivery platform and malicious instructions is a growing design in cyber weapons. MPack is very popular and powerful. In June 2007, it was used by a single person to attack and compromise over 10,000 websites in a single assault.
FACT: In 2007 a new piece of malware was identified every 45 seconds.
These tools have become common place and are quite affordable. Paul Henry, VP at Secure Computing, estimates there are currently about 68,000 cyber attack tools available for download and the number is growing fast. In some cases these tool kits are sold under the heading of "Penetration Testing Products," a legitimate and useful product.
However, the automation that enables multi-site scanning and intrusion would have very little applicability in the real security testing world. Experts have estimated that the underground market for cyber attack tools is in the hundreds of millions of dollars worldwide.
Note: MPack should not be confused with mpack, which is a harmless command-line utility.
Common Cyber Weapons and Attack Tools:
MPack, SQLNinja
Shark 2, WFuzz
Nuclear, ProxyStrike
WebAttacker, Wireshark
IcePack, httpRecon
John the Ripper, Exploit-Me
USB thief, Burp
Kismet, Metasploit
Cyber Attack Tool Web Sites
http://www.ethicalhacker.net
http://www.metasploit.com
http://www.hackerscatalog.com/Products/Deal_Steals/index.html
-- Kevin Coleman
Cyber-Holes in Your Software
New software vulnerabilities are announced all the time. In fact, according to the NITS database, last year a new software vulnerability was announced every 57 minutes.
A software vulnerability is defined as a flaw in a software program which may allow a third party or program to gain unauthorized access. Some experts say that over 70% of the nearly 7,000 vulnerabilities discovered last year were exploitable remotely. This remote capability makes them valuable assets for cyber attackers.
The ability to rapidly respond to and mitigate the risks posed by these vulnerabilities is one of the most important parts of computer and network security. Vendors rapidly respond to the reports of newly discovered vulnerabilities in their products. But wouldn't we all be better off if the vulnerabilities did not exist in the first place?
I consulted a 25 year veteran of the software industry that hails from one of the icons of the software industry and posed the following question to him: Based on your experience, how often do software vendors investigate the root cause of reported vulnerabilities? He said, "They Don't -- they jump in and try to create a patch."
I followed up and asked so you are saying they do not look to see if the vulnerability was purposefully programmed? After a significant pause he said, "We never considered that possibility, we only worked to respond to the vulnerability."
If that's not bad enough think about the amount of software being developed offshore. Product liability exists in virtually every other category except software. How would you react if every 57 minutes your car dealer called you and said there is a problem with your car? We have been conditioned to accept software products with these problems and have allowed organizations to protect themselves by hiding behind the armor of the "Software License."
If software vendors, whose products run our critical infrastructure, do not investigate if these vulnerabilities are actually acts of espionage, that would seem to be a critical flaw in our efforts to protect ourselves against cyber attack.
-- Kevin Coleman
Cover Your Computer Mics and WebCams
The NSA is not the only agency with advanced eavesdropping capabilities.
Cyber espionage is getting renewed attention as fresh evidence emerges of computer spying against corporations and government agencies here and abroad. Late last year MI5 warned British companies of Chinese espionage activities. Computer Security Professionals have stated there is growing evidence of attacks from China and other countries. Zhao Shangse, an official from the Chinese embassy in London, has denied the allegations. This is not new. Way back in 2001 when we were preparing for my congressional testimony and demonstration we considered hacking the computer and using the webcam and built-in PC microphone to look and listen in. We had to scrap that plan when we found out that we had to use a dial up modem to connect in the hearing room.
Now many more people have caught on to our tricks. Numerous news stories report the use of Trojans and Worms using webcams to spy on users. In one case it was college students spying on female students.
Other stories report that similar malicious code is in use by corporate and government spies alike. With the growth of VoIP this takes on a new and more significant risk. In November of 2007, CISCO Systems confirmed it is possible to eavesdrop on remote conversations using Cisco VoIP phones.
Multiple computer manufacturers admitted that microphones attached to their workstations can be used to eavesdrop on conversations near the computer. I discussed cyber spying with the experts at Spy-Ops and they strongly recommended microphones on systems in sensitive areas be either physically switched off or totally disconnected from the system. In addition, they told me that last year the global cost of industrial espionage topped $1.5 trillion dollars.
-- Kevin Coleman
Your Credit Card Could be Funding Terrorism
It is hard to pick up a tech publication without finding a story about another security breach that has compromised credit card information. According to Identity Theft Resource Center there were 167 data breaches in the first three months of this year. At least 8.3 million records containing sensitive information were potentially compromised in the same time period.
One Recent Event: Data from 4 Million credit cards stolen. Recently, Hannaford announced what security experts call a sophisticated attack on their computer network that resulted in the theft of credit and debit card account information.
When we think of credit card data theft and fraud you don't think about terrorism - but that is indeed the case. Al Qaeda is a skilled practitioner at using the Internet for a multitude of reasons. According to FBI Director Robert Mueller, "The Internet has been used by the likes of Al Qaeda to recruit, to train, to communicate." The arrest of Al Qaeda's top cyber terrorist provided hard evidence of their use of stolen credit card data for funding. In one case, terrorist groups use the stolen credit card information to purchase $3 million of materials to carry out terrorist attacks. Al Qaeda's top cyber terrorist 23 year old Younes Tsouli (online name - Irhaby007), recently admitted conspiring to defraud banks, credit card companies and charge card companies.
For additional information about terrorist cyber attack capabilities you may want to download this CRS Report to Congress titled: Terrorist Capabilities for Cyber Attack.
Overview and Policy Issues:
The game has changed! Information security as it relates to sensitive data, like credit card information, has now risen because of the link to terrorist financing. Imagine the psychological impact if you were to find your credit card was used to finance a terrorist attack that resulted in the death of innocent civilians. Imagine the damage to a corporation's brand and possible backlash from their customers. Significant improvement in all aspects of security is needed to cut off this funding source.
-- Kevin Coleman
Cyber-Sabotage in Counterfeit Hardware
Recent events have raised the concerns about hidden backdoors and malicious code inside of counterfeit hardware -- all the way down to the integrated circuit level.
In fact, a 2005 report by the Pentagon's Defense Science Board addresses this issue. While this report assessed the problem, recent events have now raised the anxiety over cyber sabotage in bogus hardware. In fact, many consider the use of compromised counterfeit hardware as a strategic tactic in cyber warfare.
In January of 2008, a joint task force seized $78 million of counterfeit Cisco networking hardware. This international effort resulted in over 400 seizures of counterfeit networking hardware that was shipped between China, Canada and the United States. This international effort between the Federal Bureau of Investigations (FBI), U.S. Immigration and Customs Enforcement (ICE), US Customs and Border Protection (CBP), the Royal Canadian Mounted Police (RCMP) and supported by other agencies within the Department of Homeland Security (DHS) clearly shows the criminal efforts that are underway.
This investigation has been underway for the last two years and has shown great results.
The Numbers:
While there has been no public disclosure of counterfeit hardware sabotage/espionage on America by foreign countries or rogue groups, the threat is there. Supply-Chain threats have now moved into the spotlight and many organizations are moving to address the threat of purchasing counterfeit computer related equipment. Sources at Spy-Ops told me that in 2008 they estimate counterfeit computer hardware will exceed $1.25 billion and that current security measures such as holographic labels on integrated circuits and printed circuit boards are no longer adequate means to identify authentic equipment.
Michelle Kalnas, a supply-chain subject matter expert working with me on this issue pointed out that refurbished computer equipment poses the same threat and is more difficult to control. She went on to say that, "Close coordination between the security department and purchasing with external critical equipment vendors is necessary to resolve this issue. But at this time it is the exception not the rule."
-- Kevin Coleman
DCD Logo
Our boy Kevin Coleman had some fun designing the seal of the new Department of Cyber Defense...
Have a happy and hacker free Easter!
-- Christian
Inside the Cyber Defense Group
The rumor is that there will be two or three new presidential directives that will put structure around cyber defense this month. These directives will become the fundamental constructs to operate the interagency group.
A presidential directive is a form of executive order issued by the President of the United States with the advice and consent/buy-in of the National Security Council. When issued, a Presidential Directive has the full force and effect of law. One of the most notable directives is Homeland Security Presidential Directives (HSPD). HSPD-1 followed Executive Order 13228 and established the Department of Homeland Security (DHS). There is little doubt that these directives will be classified.
That being said, I thought I would post what I believe will be representative of the directives that should be put in place this week.
Directive #1: This directive will establish the entity being charged with cyber defense. It is believed this order will define the make-up of the organization and establish eleven functional areas of operation. (Listing withheld for security reasons) It is believed that the organization will have defensive and intelligence gathering responsibilities as they relate to cyber defense. Additionally, oversight and reporting requirements will be defined.
Directive #2: This directive will concentrate of the offensive cyber capabilities. It is believed that the military will have the responsibility for offensive cyber warfare and be charged with the responsibility of extending current military doctrine covering information warfare and the requirement to align and integrate these operations with the new organization.
Directive #3: This directive will concentrate on the private sector responsibility for cyber security. It is widely accepted that unless businesses, particularly those included as part of our critical infrastructure, enhance their security in light of the growing threat of cyber attacks and cyber terrorism, the country will not be adequately protected. This directive will establish the coordination and integration of the private sector into the operational modalities of the new entity charged with cyber defense. It is also though to include the establishment of minimum security standards for private sector organizations.
There is a large amount of funding that is being budgeted for this effort. Inside sources believe in this current year the budget is $6 billion. You can be sure the competition for these funds is significant and there is a lot at stake. Hopefully, everyone has learned from establishing the Department of Homeland Security and this will go much smoother.
-- Kevin Coleman
More Gov Agencies to Defend Cyberspace
We've sort of debated this a bit over the last few months, but I thought I'd forward you all a breaking news item that indicates the formation of a joint cyberdefense initiative for the U.S.
From today's Washington Post:
New Interagency Group to Oversee Cyberattack Defense -- By Brian Krebs
The Bush administration is planning to tap a Silicon Valley entrepreneur to head a new interagency group that will coordinate the government's efforts to protect its computer networks from organized cyberattacks.
Sources in the government contracting community said the White House is expected to announce as early as today the selection of Rod A. Beckstrom as a top-level adviser to be based in the Department of Homeland Security. Beckstrom is an author and entrepreneur best known for starting Twiki.net, a company that provides collaboration software for businesses.
The new interagency group, which will coordinate information sharing about cyberattacks aimed at government networks, is being created as part of a government-wide "cyber initiative" spelled out in a national security directive that President Bush signed in January, according to the sources, who spoke on the condition of anonymity because they did not have permission to discuss the information.
The presidential directive expanded the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies' computer systems. According to the sources, the new group will gather information about cyberattacks and vulnerabilities from a wide range of federal agencies, including the FBI, the National Security Agency and the Defense Department. Beckstrom will report directly to Homeland Security Secretary Michael Chertoff.
-- Christian
Cyber Weapons and e-Bombs
Recently NATO's Chief of Cyber Defense stated that cyber terrorism/cyber attack poses as great a threat to national security as a missile attack. Strong words for sure.
Most people do not equate cyber war with explosives, but that is short sighted. Ever heard of TEDs or EPFCs? If you haven’t, you are not alone. In a recent briefing of 85 individuals responsible for business continuity in a major U.S. city, no one had ever heard of the two terms either.
TEDs and EPFCs are two weapons that create an EMP - electromagnetic pulse (similar to that nuclear explosion but less powerful) that destroy electronic circuitry. Both of these devices use conventional explosives to push an armature through and electromagnetic field.
The resulting pulse generated by a van size device could destroy electronics in an area up to a couple city blocks.
TEDs – Transient electromagnetic devices
EPFCs – Explosively pumped flux compressor
Development Assessment Cost = Low between $500 and $1,000
Design = Multiple websites had fairly detailed design plans
Skill Set = Moderate – basic wiring and mechanical skills. (High School Shop Class)
Detection = Low due to the minimal amount of special needs required to build a device. The only special material required are conventional explosives.
Defense = Building data centers underground and metal shielding as well as utilities isolation would be required to defend against such an attack. EMP weapons attack our computers and communications infrastructure. The development of TEDs and EPFCs now makes the threat of an EMP attack much more likely. These EMP weapons pose a unique threat to the electronic society and our national security and economy.
Can you imagine the stock market reaction in one such device was detonated on Wall Street?
-- Kevin Coleman
Cyber Command Strategic Vision Released
Air Force Cyber Command's Strategic Vision spells out the command's operational scope and postures. Controlling cyber space is key to national security. This was clearly articulated in the 2008 National Threat Assessment delivered by the Director of National Intelligence to the Congressional Armed Services Committee last week. Major General William T. Lord heads up the command that is provisionally located at Barksdale Air Force Base. The command is slated to begin operations in this fall and become fully operational in 2009.
Supremacy in cyber space is critical across all strategic and operations domains. This new command is currently in the process of acquiring a suite of capabilities that will create the flexible options for military and governmental decision makers. These capabilities sought be Cyber Command include but are not limited to the following:
The ability to deter adversaries
The ability to deny access and operations to adversaries
The ability to disrupt adversaries
The ability to deceive adversaries
The ability to dissuade adversaries
The ability to defeat adversaries
This will be accomplished through a variety of offensive and defensive, destructive and non-destructive, and lethal and non-lethal capabilities being developed and deployed within Cyber Command.
The cyber threat environment faced by the U.S. and our allies represents a new challenge. Cyber command has chosen a holistic approach to meeting this challenge that includes science and technology, research and development, systems acquisition, operations, education, training, and a new operational doctrine. The challenges of standing up a new command are daunting. When you compound those challenges with addressing the complexities of cyber warfare, they multiply and become huge.
The battle being fought by the Air Force is not limited to cyber space. You may have seen the slick new commercials airing on television. This is an offensive move by the Air Force to try and secure the lead position in cyber warfare and defense. The Army and the National Security Agency are also vying for the top spot.
One insider believes that the NSA has already been given the nod. Well, at least unofficially. However, this battle rages on.
This is a critical time for the United States. Our nation, our society, our economy and our businesses are all heavily dependent on Internet connectivity. Failure is not an option and the White House and Congress know it. We must address the threats coming from cyber space. Earlier this year I wrote an article for Eye Spy magazine titled, "The Department of Cyber Defense." I believe the best way to address this new threat to create a new organization and staff it with a cross functional team for NSA, DoD, DHS as well as the Army, Navy and Air Force. Using this approach, the country gets the best and brightest assembled from all these organizations and stands up a new entity that comes without baggage that is inherent in all organizations.
Completely new, new hybrid, or assign the responsibility to and existing entity - what is your opinion?
-- Kevin Coleman
Intel Community Recognizes Cyber Threat
In the 2008 Annual Threat Assessment of the Intelligence Community for the Senate Armed Services Committee for the first time the threat of cyber attacks were addressed (well, the first time in the report available to the public). [EDITOR: The threat assessment was delivered by Director of National Intelligence Mike McConnell and Defense Intelligence Agency chief, Army Lt. Gen. Michael Maples, in testimony before the Senate Armed Services Committee Feb. 27]
The intelligence community listed "the vulnerabilities of the US information infrastructure to increasing cyber attacks by foreign governments, non-state actors and criminal elements" as the fourth major bullet of the fourth page in the opening of the forty-five page testimony delivered to the Senate by DNI McConnell. The testimony goes on to state that due to the significance of computers and telecommunications to our country's security, defense and economy, threats to our IT infrastructure are an important focus of the Intelligence Community.
Also stated were the trends seen over the past year, which included cyber exploitation activities that grew more sophisticated, more targeted and more serious. Finally, McConnell stated that the Intelligence Community expects these trends to continue in the coming year. Most concerning was the following statement excerpted from the report.
"We assess that nations, including Russia and China, have the technical capabilities to target and disrupt elements of the US information infrastructure and for intelligence collection. Nation states and criminals target our government and private sector information networks to gain competitive advantage in the commercial sector." The report went on to state that terrorist groups, including al-Qaeda, HAMAS, and Hezbollah have expressed the desire to use cyber means to target the United States.
Criminal elements continue to show growing sophistication in technical capability and targeting, and today operate a pervasive, mature online service economy in illicit cyber capabilities and services available to anyone willing to pay.
The information contained in the testimony represents the cumulative views of highly skilled professionals working on this critical issue. All the warning signs are there.
The intelligence community has confirmed our fears. The "Cyber Arms Race" has begun.
-- Kevin Coleman
Analyzing the Threat of Cyber Attack
Did you know that the Bush administration is pushing to spend $6 billion on cyber security in 2008? (Wall Street Journal)
Would you like to know why? If so read the facts below.
Did you know that AL QAEDA'S top cyber terrorist used phishing schemes and other cyber attacks to steal credit card accounts and buy $3 million worth of terrorist equipment? (FBI)
Did you realize that in the past minute over 5,000 significant incidents were reported to HackerWatch.org? (Hackerwatch.org)
Did you realize that the financial impact of computer viruses in 2005 was over $14 billion and continues to grow? (Computer Economics)
Did you know the busiest day of the week for vulnerability disclosures continued to be Tuesday with 1,361 new vulnerabilities disclosed on this day of the week in 2007? (IBM)
Did you know that nearly 90 percent of all the 2007 vulnerabilities could be remotely exploited? (IBM)
Did you know there was a new software vulnerability reported every 82 minutes? (CERT)
Did you know that Symantec recorded an average of 5,213 denial of service (DoS) attacks per day in the second half of 2006? (Symantec)
Did you know that in 2006 of the individuals who reported hard dollar losses the largest median losses were from the Nigerian letter fraud ($5,100) followed by check fraud ($3,744) and other investment fraud ($2,695). (Internet Computer Complaint Center)
Did you know that only about 1% of users follow corporate data and computer security policies? (Absolute Software Research Survey)
Did you know that 27% believe their company has experienced a data security breach? (Absolute Software Research Survey)
Did you know that so far this year there have been 44 corporate and governmental data breaches (reported)? That is about 1 per day when I collected this data. (Privacy Clearing House)
Did you know that all three branches of the military have cyber warfare /information warfare units, including: Navy – Network Warfare Command; Air Force – U.S. Cyber Command; Army - TRADOC G2.
Did you know that in a two week period five cables were severed in various parts of the Mediterranean Sea, leading to large scale disruption of the Internet and telecom services in the Middle East and parts of Southeast Asia. Two of the five cables were cut in two different places. (Reuters)
Did you know that organized crime has used the internet for criminal activity for some time. Recently, (2 years ago) there has been a huge increase in mob based attack sophistication that has moved organized crime over the internet from an irritation to a serious problem. (IT Security)
After reading the above information, how could anyone dismiss the threats we face in cyberspace? Yet some do, and some on here think I am overstating the threat. It has been my experience the one of the biggest security threats to an organization is the attitude of their Chief Security Officer. Most of the individuals I work with wake up every morning and ask themselves three questions.
1. What has happened that I don’t know about?
2. What do I need to know that I don’t?
3. Who are my new adversaries today?
The “I know everything” attitude of many of these individuals, increase the risk of a successful attack significantly. I was in one such meeting in the DC area where the CSO actually stated, “I have it all under control” yet they have lost three laptops in about a year and none of the hard drives were encrypted. And they contained sensitive data.
Consider this point: if the information provided here is publically available, what do you think the threat looks like to those of us with security clearances and who work in the area of international cyber warfare and attacks? You can be sure it is not better looking.
-- Kevin Coleman
Cyber Attack: Online Bank Heist
If someone enters a bank and hand the teller a note, demanding money, it is on the evening news. If someone does the same thing in five banks, it hits the national news. If someone does it to 400 banks online – NOT A WORD. This is not a hypothesis it is a fact.
The cyber weapon used in the 400 bank robberies is called SilentBanker. Security professionals are concerned over the discovery of a banking Trojan which steals user data that impact more than 400 banks worldwide. The information that SilentBanker collects gives it the ability to reroute money to another account owned by the attackers or who they represent. This is done without the user's knowledge until he receives his bank statement.
Trojan: (short for Trojan Horse) is a piece of malicious software which appears to perform a certain action but in fact performs another. In addition, trojan horses are notorious for installing backdoor programs.
This appears to be just the beginning of the attack. The Trojan first appeared in December 2007 and continues to spread around the world. SilentBanker is more powerful that originally thought. The malicious code is so smart that if it is missing information needed to complete the transaction, the trojan enables the attackers to add extra code to the authorization page asking the user for that missing data. The rapid increase in sophistication and complexity of the latest cyber attack tools is a clear trend that is challenging the cyber security industry to stay ahead of the criminals and terrorists.
No one knows who is collecting the money, nor how they intend to use it. Could it be for drugs, terrorist attacks, purchasing of weapons or just very sophisticated bank robbers? One thing is for sure, this is just another example of our vulnerability.
PROTECTION: Make sure your anti-virus software is updated and operational. Vigilance is also a powerful defense. Check your bank statements and balances regularly and report any suspicious activity to your bank immediately.
-- Kevin Coleman
Resilience Engineering
If a cyber attack occurred tomorrow, could your organization continue to function? Odds are the answer is no.
In a survey by Spy-Ops, less than 1% of organizations have planned for a cyber attack. What is even more shocking is that less than 1% has business continuity plans that address the threat of a terrorist attack. Both of these events are now foreseeable threats and as such require all organizations to create strategies to minimize these risks. Failure to prepare for these events could bring charges of negligence from all of those who are negatively impacted.
“For companies in America, the issue of liability for cyber-attacks is a significant risk,” said Edward Maggio of Spy-Ops.
Many business organizations are waiting for specific regulations to require action before they implement procedures and safeguards to a cyber-attack. The reality is that with so many publications like this one and other like news article, academic journals or material from a conference available to the public now puts an organization on notice that a cyber-attack is foreseeable.
“Since cyber-attacks are now foreseeable acts that can cripple a business organization, the failure to mitigate an attack can rise to the level of negligence in U.S. civil courts,” Maggio stated. He then went on to say: “The ‘we didn't know’ defense is no longer working in the realm of liability for cyber-attacks.”
Resilience engineering is a relatively recent term given to a collection of activities designed to create the ability for organizations to continue to operate under extremely adverse conditions such as a cyber attack. These activities are rapidly evolving into what is sure to become industry “Best Practices” and some security experts believe it will soon become a regulatory requirement.
Technolytics estimates that a one day interruption of eBusiness could easily exceed $35 billion. If a cyber attack were to occur now or in the near future, it would surely send the already shaky economy into a tail-spin. This is considered Economic Warfare that is just one of the fifteen modalities of UnRestricted Warfare (URW).
Business, Government and Industry need to build resiliency into their systems and operations if we are to be secure.
-- Kevin Coleman
Cyber Sabotage
Cyber Sabotage is yet another new wrinkle in the emerging threats from cyber space. Whether delivered over the internet or purposefully installed during the manufacturing process, contaminated hardware or software is now a concern. Sabotage is defined as deliberate and malicious acts that result in the disruption of the normal processes and functions or the destruction or damage of equipment or information.
The Department of Defense operates and estimated 3.5 million PCs and 100,000 local-area networks at 1,500 sites in 65 countries. In one study a common piece of network equipment sold by a US company was found to have nearly 70 percent of the components produced by foreign suppliers. This equipment is critical to our security as well as our economy. If we cannot trust the computer equipment out of the box, then where are we? At this point it would be impractical to validate each and every computer before we place it into operations.
In the commercial sector cyber sabotage could be used to attack competition and steal market share. In 2007 there were an estimated 269 million PCs shipped worldwide. Just imagine the backlash if a saboteur was able to contaminate the master software file used to image all the computers produced by the huge computer manufacturer HP. The millions of computers they ship each month could pose a significant threat to the business customers, and consumers and could even pose a national security threat. If that is not bad enough, can you imagine the impact of HP’s stock if such an event were ever to happen. Now it should be noted that computer manufactures all have security controls in place to guard against such malicious acts. But then again, I am sure Seagate and Insignia would have said the same thing.
Offshore manufacturing diminishes our ability to control and monitor the manufacturing process for computers and related equipment. However, these malicious acts can occur even if all manufacturing is done in the United States. Insiders are thought to be involved in nearly 80 percent of security breaches that occur each year and who knows what percentage of the $1.5 trillion a year in corporate espionage. The fact is no matter what you do, what technology you use and how careful you are, you cannot be 100 percent sure you have managed all your risks.
Here are a couple of recent examples:
January 2008 — Digital picture frames were one of the hot items for this holiday season. However, some of them came with an unexpected surprise. Insignia NS-DPF10A digital picture frames connect to computers via the standard USB port. The digital picture frames were contaminated with a computer virus during the manufacturing process according to a notice posted on the company's website.
November 2007 — Seagate Maxtor Basics Personal Storage 3200 hard drives were infected with a Trojan Horse virus. The hard drive has been temporarily pulled off the shelves and is no longer available for purchase. Intelligence reports that the Trojan was designed to copy information on the computer and send it to a Beijing web sites without the user's knowledge.
July 2007 — A space program worker deliberately damaged a computer that was supposed to fly aboard the shuttle Endeavour in less than two weeks. This was an act of sabotage that was caught before the equipment was loaded onto the spacecraft.
-- Kevin Coleman
Cyber Assassination
“Cyber assassination” is when an individual is unaware that he or she is the subject of a cyber attack designed to discredit them and to call into question his or her credibility or loyalty.
Here's a possible scenario: A senior person in the CIA is working on a case and is disrupting the enemy’s activities or getting closer to uncover covert enemy operatives. A smart enemy might attack the leader or others involved in the investigation in an effort to slow down or derail the efforts to expose them. They may choose to hack the individual’s laptop and place damaging emails that allude to a pay-off on their hard drive. Then all that is required is a subtle leak that gets back to the CIA and you can imagine the rest.
A second example could be a politician who is pushing for sanctions against a country and they hack their computer and put pornography on the hard drive. A covert leak of this information results in an investigation and public disclosure of the porn on the hard drive. This individual’s ability to gain or maintain support for their interest in sanctions would be undoubtedly damaged.
You can prove a computer has been compromised (hacked). However, it is virtually impossible to say definitively that a computer has not been hacked. Our ability to defend against this type of assault on individuals in the political, academic, business or industrial spotlight is very limited. For whatever reason people believe the bad and explaining how the compromising materials unknowingly got on their computer hard drive would be almost impossible. Who knows, many of these individuals may have already been set-up and their computers hacked and the damaging evidence planted. Now the enemy patiently waits for the time they need to leak this information to further their cause. Who will be their target now?
-- Kevin Coleman
al Qaeda's Top Cyber Terrorist
The Internet has long been a critical domain of terrorist and extremist groups around the world. Perhaps the most notorious cyber terrorist was an individual know as "Irhabi 007." He was later identified as Younes Tsouli is a 23-year-old son of a Moroccan diplomat.
For nearly two years, Younes Tsouli was sought by global intelligence sources. The online terrorist communities Tsouli created trained terrorists who congregated in those cyber communities. The training included hacking, programming, executing online attacks and mastering digital and media design. He suddenly went underground in September 2007 after Scotland Yard arrested a 23-year-old West Londoner believed to be tied to Younis Tsouli.
Scotland Yard believed that Tsouli participated in an alleged bomb plot they were investigating. British counter-terror agents and investigators stormed Tsouli's top floor flat and discovered stolen credit card information which is believed to have funded much of his activities. They also found that the cards were used to pay American Internet providers on whose servers he had posted jihadi propaganda.
In addition, Tsouli Irhabi used countless other web sites as free hosts for material that the jihadists needed to upload and share. The true extent of his material distribution network is still not known. He is credited with the large scale distribution of a film produced by Zarqawi called "All Is for Allah's Religion."
His arrest struck a significant blow to al Qaeda’s cyber terrorism weaponry.
With cyber weaponry only requiring widely available knowledge and skills and the only equipment required a computer that can be purchased anywhere, cyber weapons proliferation cannot be controlled. These facts coupled with the recent cyber attacks on utilities that blackout cities and regions show this is a serious threat.
Spy-Ops profile on Irhabi 007:
Younes Tsouli is a 23-year-old male and studied computers at a London college. Tsouli is a computer nerd from Shepherd's Bush, West London. He is the son of a Moroccan diplomat and arrived in London in 2001. He was recruited by al Qaeda in 2002 when he began his cyber campaign of propaganda and terrorist training. is online legend (cover name) was "Irhabi 007" derived from combining the James Bond reference with the Arabic word for terrorist. He published a manual on computer hacking on one of the many al Qaeda's web sites. He joined the closed message forum known as Muntada al-Ansar al-Islami that provided military instructions, propaganda and recruitment.
He became the web master for al-Ansat, a forum used by 4,500 extremists to communicate. He rose to become the top cyber jihadi expert and directed all Internet-related activities. He also posted a 20 page website hacking manual called "Seminar on Hacking Websites," on the Ekhlas forum.
Tsouli used stolen credit card information on 37,000 cards to pay American Internet providers on whose servers he had posted jihadi propaganda. He was apprehended as he was in the process of building and deploying a new website called “YouBombIt.”
Captured in his London top floor flat was a PowerPoint-style presentation on how to build a car bomb. His capture led to the arrest of several Islamic terrorists around the world, including 17 men in Canada and two in the US.
His hacking skills are categorized as moderate to advanced compared to today’s standards. In December of 2007 his sentence was increased from 10 years to sixteen years in prison.
-- Kevin Coleman
More Cyber War Gouge
Cyber attacks on critical infrastructure targets. On Wednesday the Central Intelligence Agency (CIA) told an international gathering of government officials, engineers and security managers from electric, water, oil & gas and other critical industry asset owners that the CIA has information that cyber intrusions into utilities was responsible for at least three blackouts and then followed up with extortion demands.
The CIA went on to say they suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. The very next day the Federal Energy Regulatory Commission (FERC) approved eight mandatory cyber security standards that extend to all entities connected to the nation's power grid. The following are the eight areas addressed by these standards:
1. Critical cyber asset identification
2. Security management controls
3. Personnel and training
4. Electronic security perimeters
5. Physical security of critical cyber assets
6. System security management
7. Incident reporting and response planning
8. Recovery plans for critical cyber assets
These eight standards were created to increase the security of our CIP and reduce the risk of a successful attack. Disruption of a county’s critical infrastructure would have significant direct and indirect damages. Most of these damages would be psychological, economic and financial. Analysis of a cyber attack on critical infrastructure targets resulted in the following data:
Target value: High
Impact analysis: Elevated
Required skills: Moderate
Attack costs: Low
Current defenses: Moderate (elevated for nuclear sites)
Facts
- Utilities across the world are being hit by an estimated 500 to 1,000 attacks from hackers and malicious code every year.
- Technolytics analysis found insider threats now account for over 80 percent of security breaches.
- The Spy-Ops Cyber Warfare CIP training program stated the two areas of greatest critical infrastructure cyber threat is equipment, hardware and software vendor management and human resource management.
- Technolytics analysis found physical and information security responsibilities must merge to improve security.
- Critical Infrastructure targets are on the top targets for terrorists and military cyber warfare units.
(Reference link here.)
-- Kevin Coleman
The Impact of a Cyber War
The nation's top spy, Michael McConnell, Director of National Intelligence, thinks the threat of cyberarmageddon! is so great that the U.S. government should have unfettered and warrantless access to U.S. citizens' Google search histories, private e-mails and file transfers, in order to spot the cyberterrorists in our midst.
Like DNI, many believe we are either in the early stages of a cyber arms race or a global cyber war. Given the number of attacks we have seen this year, it would be difficult to argue with either statement. If indeed we are headed into a global cyber conflict, what would be the implications for the United States?
A cyber conflict differs greatly from what we typically associate with a war. There are no bombs bursting or gun fire. It is a silent conflict that is hard to notice until you try an electronic transaction. When we evaluate the progress of a war today we measure death and physical destruction. While there can be minor physical destruction in a cyber war, the political economic and financial implications are the primary measures of success.
The political fallout of a cyber attack will certainly be high, but this will pale in comparison to the financial and economic implication. The results of research on this topic conducted by Spy-Ops are listed below.
Physical Impact 1.2 Very Limited
Social Impact 4.3 Very High
Political Impact 4.0 High
Financial Impact 4.3 Very High
The financial and economic impact of a one day cyber war that disrupts U.S. credit and debit card transactions is estimated at being about $35 billion USD.
The United States is one of, if not the country most dependent on computers. Computers control our financial system, the traffic on streets, rail and in the air, and have become an integral part of our every day lives. In an all out cyber assault against the United States, the financial and economic, social and political implications could be greater that that felt by the 9/11 terrorist attacks.
-- Kevin Coleman
Hacking the Dreamliner?
Along with the standard spiels about exit rows and seat belts, flight attendents of the future might add this to their repetoires: "The captain has requested that all passengers close their browsers until he regains control of the aircraft."
Recently the AP reported on a possible unintended consequence of offering Internet access to all passengers on Boeing's 787 Dreamliner. Here's an except:
Before Boeing Co.'s new 787 jetliner gets the green light to fly passengers, the aircraft maker will have to prove that offering Internet access in the cabin won't leave the flight controls vulnerable to hackers and hijackers.
Boeing claims it has engineered safeguards to shut out unauthorized users, but some security analysts worry navigation and communications systems could be vulnerable.
"The odds of this being perfect are zero," said Bruce Schneier, chief technology officer at the security services firm BT Counterpane. "It's possible Boeing can make their connection to the Internet secure. If they do, it will be the first time in mankind anyone's done that."
But Boeing spokeswoman Lori Gunter said 787's aviation electronics "are not connected in any way to the Internet."
Boeing has designed the 787 to allow airlines to offer passengers more in-flight entertainment and Internet options than previous planes have allowed.
Those new features and other aspects of 787's computer network go beyond the scope of existing regulations, so the Federal Aviation Administration is requiring Boeing to show the new technology won't pose a safety threat.
In a "special condition" the FAA has ordered Boeing to satisfy, the agency notes that the 787 "allows new kinds of passenger connectivity to previously isolated data networks connected to systems that perform functions required for the safe operation of the airplane.
"Because of this new passenger connectivity, the proposed data network design and integration may result in security vulnerabilities from intentional or unintentional corruption of data and systems critical to the safety and maintenance of the airplane."
Read the entire AP report here.
-- Ward
The New Cyber General
During a media conference on November 2, 2007, Secretary of the Air Force Michael W. Wynne said the 8th Air Force would become the new Air Force Cyber Command. Now this statement has become reality. A three-star general, Lt. Gen. Robert Elder Jr. is the commander and will lead the Air Force's (AFCYBER) Cyber Command. AFCYBER will have over 20,000 personnel, and the Air Force is recruiting officers and airmen from all over for careers in Cyber War. Thousands of existing air force electronic warfare specialists will be assigned, or offered, jobs in AFCYBER. This will include units operating in the full spectrum of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures.
Compliment of high tech equipment includes the following:
U2 - strategic reconnaissance aircraft
EC-135 electronic-eavesdropping aircraft
EC-130E Commando Solo radio/TV broadcasting aircraft
EC-130H Compass Call radio-jamming aircraft
A cyber attack can be launched from anywhere and at anytime. A cyber weapon attack requires no physical access (land or air) to the target or targets or significant skill. Basic cyber weapons are openly shared via the internet today. Technolytics conducted analysis of the evolution of cyber weapons and determined we are currently moving from basic weapons like vulnerability exploits and traditional viruses to more advanced classes of weapons such as self-morphing malicious code.
The U.S. Air Force is currently training 40,000 Cyber Warriors that make up this unique force. The cyber war training program will take from six to 15 months to complete. The first Undergraduate Network Warfare Training Class graduated Dec. 7, 2007. They are representing the Air Force's expansion into the lead role in cyberspace threat management. It is estimated that it will take over seven years to get the full complement of staff trained. The training coupled with experience will combine to give them what they need to perform their critical mission. Not all of the people trained as Cyber Warriors will be in the 8th Air Force. Many will be assigned throughout the Air Force to take care of Cyber War needs of their units. We are developing a new breed of soldier- cyber soldiers are ones who engage in cyber conflicts, wars, or espionage. They are armed with hackers' skill and knowledge and newly developed cyber weapons and stand ready to defend our nation against cyber threats.
Construction of a Cyber Innovation Center (CIC), which would serve as the civilian counterpart to the AFCYBER, began in the fourth quarter of 2007. The CIC will be built on a 58-acre site, near Barksdale Air Force Base. Bossier City, LA has allotted $50 million USD for the construction, while the state of Louisiana has matched the financing and approved another $50 million. While many believe that Barksdale Air Force Base will be the HQ for AFCYBER, other are not so sure.
Officials from six states are competing over the headquarters location of the Air Force’s Cyberspace Command, which promises thousands of jobs and millions in revenue. Lobby efforts have turned into an all out war between several Air Force towns in recent weeks. This coupled with rumors that the Capital Hill is discussing establishing a new department or agency to deal with cyber threats. The final decision about the location of AFCYBER should be made by the end of February 2008. The new command is expected to meet its initial operational late in 2008 and become fully operational by October 2009.
While location of and reporting responsibility seem a bit uncertain, what is certain is the threat we face from the build up of cyber weapons by more that 120 countries is very real.
-- Kevin Coleman
Inside DPRK's Unit 121
Military planners and security experts have intensified their shouts of concern about the development of cyber weapons and the distinct possibility of a cyber war. Cyber warfare is not new. It has been in modern military doctrine for the past decade not to mention the number of terrorist groups who have threatened the use of cyber weapons against the west. However, what has changed is the number of countries that posess these capabilities today.
The North Korean military created a new unit that focuses solely on cyber warfare. The unit, dubbed Unit 121, was first created in 1998 and has steadily grown in size and capability since then. Interest in establishing cyber war forces shouldn't come as a surprise to anyone, but North Korea’s intense effort stands out among the top ten nations developing cyber weapons.
Unit 121 Capabilities Assessment:
Force Size: Originally 1,000 - Current Estimate:17,000
Budget: Total military budget $6 billion USD. Cyber Budget $70+ million. North Korea’s military budget is estimated to be the 25th largest in the world.
Goal: To increase their military standing by advancing their asymmetric and cyber warfare.
Ambition: To dominate their enemy’s information infrastructure, create social unrest and inflict monetary damage.
Strategy: Integrate their cyber forces into an overall battle strategy as part of a combined arms campaign. Additionally they wish to use cyber weapons as a limited non-war time method to project their power and influence.
Experience: Hacked into the South Korea and caused substantial damage; hacked into the U.S. Defense Department Systems.
Threat Rating: North Korea is ranked 8th on the Spy-Ops cyber capabilities threat matrix developed in August of 2007.
Capabilities
Cyber Intelligence/Espionage: Basic to moderately advanced
weapons with significant ongoing development into cyber intelligence.
Offensive Cyber Weapons: Moderately advanced distributed
denial of service (DDoS) capabilities with moderate virus and malicious code capabilities.
North Korea now has the technical capability to construct and deploy an array of cyber weapons as well as battery-driven EMP (electro magnetic pulse) devices that could disrupt electronics and computers at a limited range.
In the late spring of 2007, North Korea conducted another test of one of the cyber weapons in their current arsenal. In October, the North Koreans tested its first logic bomb. A logic bomb is a computer program that contains a piece of malicious code that is designed to execute or be triggered should certain events occur or at a predetermined point of time. Once triggered, the logic bomb can take the computer down, delete data of trigger a denial of service attack by generating bogus transactions.
For example, a programmer might write some software for his employer that includes a logic bomb to disable the software if his contract is terminated.
The N Korean test led to a UN Security Council resolution banning sales of mainframe computers and laptop PCs to the East Asian nation. The action of the United Nations has had little impact and has not deterred the North Korean military for continuing their cyber weapons development program.
Keeping dangerous cyber weapons out of the hands of terrorists or outlaw regimes is next to impossible. As far back as 2002, White House technology adviser Richard Clarke told a congressional panel that North Korea, Iraq and Iran were training people for internet warfare. Most information security experts believe that it is just a matter of time before the world sees a significant cyber attack targeted at one specific country. Many suggest the danger posed by cyber weapons rank along side of nuclear weapons, but without the physical damage. The signs are there. We need to take action and prepare for the impact of a cyber war.
-- Kevin Coleman
Cyber Threat Matrix
With 120 countries now in the cyber arms race, intelligence agencies around the world are working to assess their offensive and defensive cyber capabilities. Developing cyber weapons does not require the massive infrastructure usually associated with conventional arms. A couple of PCs and a couple of smart programmers and you have all you need to create a cyber weapon.
Advanced Data Weapons have unique capabilities that make their detection and elimination much more difficult than conventional viruses and trojans.
Self morphing malicious code applications
Electronic circuitry destruction capabilities
Self encrypting / decrypting of malicious code
External disruption capacity of wireless networks
Exploitation of unreported vulnerabilities in common commmercial software
Working with Intelomics and Spy-Ops, two international cyber security companies, we were able to collect enough data to construct the high level cyber threat matrix featured above.
As with the conventional arms race, countries with significant defense spending have taken the lead in the cyber arms race. But that trend is rapidly changing. In the past few years malicious code with advanced features has been created for under $3,500 USD. We are beginning to see the emergence of cyber arms dealers. The cost of cyber weapons are in range of poor and developing countries.
Question: who is more dangerous in the cyber weapons race – nation states of a single rogue hacker?
-- Kevin Coleman
Inside a Cyber Attack
The global military community witnessed the first cyber war earlier this year.
While many consider the three week attack on Estonia a non-event, others point to it as a sign of things to come.
One of the most common cyber attack strategies is the network effect on the weakest link theory. The strategy requires the aggressor to identify and attack the weakest link on the network, and then use it as a cover to give the appearance of legitimacy and rapidly propagate the malicious code throughout the rest of the network.
The weakest link could be a system missing one of its security patches or an ill configured firewall. DoD networks withstood an estimated 80,000 attacks in 2007 so they are fairly well hardened and fortified.
That is not the case with many private sector systems. Cyber defense requires a much tighter cooperative relationship between defense organizations and the private sector. At this time there are NO minimum security requirements for computer systems. In the private sector system protection goes from next to nothing to as hardened as DoD systems. Addressing the weakest link will be the greatest challenge and threat to protection our nation’s Information Infrastructure.
-- Kevin Coleman
[Editor's Note:DT contributor Kevin Coleman is a strategic advisor and certified management consultant with technolytics and the former Chief Strategist of Netscape.
Chinese Cyberwar Alert!
The Air Force has been tracking aggressive cyber incursions by computer technicians in China, primarily focused toward gathering information on military network infrastructure and American trade secrets, the Air Force's cyber warfare commander said this week.
"China has put a lot of resources into this business," said Lt. Gen. Robert Elder, commander of Air Force Cyberspace Command. "China, at this point, is not interested so much in attack as they are in using the Internet to pull [industrial] data."
"They're interested in doing this in a way that they can be dominant without even having a fight," he added.
A recently-released Pentagon report on Chinese military development said Beijing is crafting an aggressive computer network operations strategy that the People's Liberation Army "sees as critical to achieving 'electromagnetic dominance' early in a conflict."
While his newly-established command is focused primarily on the defense of military information networks, communications nodes and command and control systems by "peer competitors" such as China, Russia and Iran, Elder told reporters during a June 13 breakfast meeting in Washington his cyber warriors don't see much of a threat from terrorist-initiated attacks.
"If you have a terrorist operating on their own they're going to have less capability than if they had nation-state sponsorship," Elder explained. "To seriously disrupt us, you're not going to be able to do this with a 'teenage hacker' capability."
Aside from the defense of Air Force cyberspace from would-be attackers, Elder said his command is focused on developing tactics to render adversaries' computer systems inoperable, dropping cyber bombs on enemy sensors, databases and battle management systems.
"Everything I talk about we're trying to do to an adversary we're trying to defend for ourselves," Elder said.
"We want to go in and knock them out in the first round," he added.
The Air Force formally established Cyberspace Command in November after the Pentagon-crafted Quadrennial Defense Review designated cyberspace as an emerging battlefield where American forces increasingly will have to fight in the future.
The vulnerability of networks and the disruption computer hackers can cause to a country's infrastructure was demonstrated in early May after cyber attacks on a wide range of civilian and government networks in Estonia crippled state-run banks, telecommunications companies and news organizations for weeks.
Estonian government officials allege the attacks were launched from state-owned networks in Russia, though the Kremlin denies they had anything to do with the computer assault. But the accusation raises questions about how Elder's command should respond to similar attacks against Air Force cyber infrastructure.
The service is working to develop doctrine on how to defend - and counter-attack - cyber adversaries who can potentially shield their identities or seek cover in networks that have no knowledge of the attack.
"We are looking to provide very precise effects - you want to minimize collateral damage," Elder said. "Would a civilian target be a legitimate target? Generally ... you don't go after civilian targets."
The Air Force has instituted security procedures to ensure individual workstations can't serve as gateways for an adversary into military networks, an effort Elder hopes will prompt Airmen to "recognize that this is not a safe neighborhood."
The Cyberspace Command has already begun to build its cadre of cyber warriors, drawing upon the nearly 45,000 Airmen already tasked with information technology-related duties in the service.
Air Force instructors will keep an eye out during initial training for potential cyber warriors to fill out the ranks, and Elder intends to establish a viable career path for his Airmen in hopes of keeping Cyberspace Command strong in the future.
"We're trying to get someone trained who can work on a production line who's an expert on doing their part, and over time you expand that," Elder said. "It's going to be really critical for us to be able to retain these people into continuing in the force."
-- Christian
