[ISN] US reveals plans to hit back at cyber threats

From: InfoSec News (alerts@private)
Date: Wed Apr 02 2008 - 22:24:52 PST


http://news.zdnet.co.uk/security/0,1000000189,39378374,00.htm

By Tom Espiner  
ZDNet.co.uk
02 April 2008

The US Air Force Cyber Command is just as interested in attack as 
defence, according to a senior general

The US Air Force Cyber Command is developing capabilities to inflict 
denial of service, confidential data loss, data manipulation, and system 
integrity loss on its adversaries, and to combine these with physical 
attacks, according to a senior US general.

Air Force Cyber Command (AFCYBER), a US military unit set up in 
September 2007 to fight in cyberspace, is due to become fully 
operational in the autumn under the aegis of the US Eighth Air Force. 
Lieutenant general Robert J Elder, Jr, who commands the Eighth Air 
Force's Barksdale base, told ZDNet.co.uk at the Cyber Warfare Conference 
2008 that Air Force is interested in developing its capabilities to 
attack enemy forces as well as defend critical national infrastructure.

"Offensive cyberattacks in network warfare make kinetic attacks more 
effective, [for example] if we take out an adversary's integrated 
defence systems or weapons systems," said Elder. "This is exploiting 
cyber to achieve our objectives."

However, this is a double-edged sword, as adversaries will also attempt 
to develop similar capabilities, especially considering the US 
military's heavy use of technology, said Elder.

"Terrorists and criminals are doing the same thing. We depend so heavily 
as a military on the use of cyber, we have to be cautious about it," 
said Elder. "Cyber gives us a huge advantage but adversaries look at our 
capabilities and see areas they can undermine. We need to protect our 
asymmetric advantage . on the one hand by having people further exploit 
cyber, and on the other by having mission assurance."

This problem is made more pressing by the military's reliance on the 
public internet to perpetrate cyberattacks. The infrastructure the US 
military uses to both launch and defend against cyberattacks runs 
through the public internet system. Military networks such as the Global 
Information Grid are linked to US government and critical national 
infrastructure systems, which in turn are linked to the public internet. 
Adversary systems are subverted by the US military through public 
channels . however, this also leaves the US military open to attack 
through the same channels, said Elder.

"The infrastructure on which the Air Force depends is controlled by both 
military and commercial entities and is vulnerable to attacks and 
manipulation," said Elder.

Other causes for military concern include possible supply-chain 
vulnerabilities, where vulnerabilities are introduced into chipsets 
during manufacturing that an adversary can then exploit, and electronics 
vulnerabilities.

"We need to make sure chips aren't manipulated . we're worried about 
information assurance just like everyone else," said Elder.

Other problems being faced by the Cyber Command are centred around 
different Air Force and military units needing to improve their channels 
of communication before the autumn.

"We have 10,000 people to do this, but the problem is they are 
stovepiped," said Elder.

"Stovepiping" has two complementary meanings. In IT terms it describes 
information held in separate databases which is difficult to access due 
to its multiple locations . the UK equivalent term would be "siloed". In 
intelligence-gathering terms . the Eighth also serves as the US Air 
Force information operations headquarters . "stovepiping" refers to 
information which has been passed up the chain of command without 
undergoing due diligence.

Elder said that, while he was satisfied with AFCYBER's covert operations 
capabilities and its demonstrable ability to remotely destroy missile 
defence systems, he wished to further develop its attack capabilities.

"IT people set up traditional IT networks with the idea of making them 
secure to operate and defend," said Elder. "The traditional security 
approach is to put up barriers, like firewalls . it's a defence thing . 
but everyone in an operations network is also part of the [attack] 
force. We're trying to move away from clandestine operations. We're 
looking for real physics . a bigger bang resulting in collateral 
damage."

US Cyber Command also needs to develop the means to quickly pinpoint 
exactly where an attack is coming from, to be able to retaliate, and 
also to deter potential attackers.

"We haven't done a good job in the cyber-domain just yet," said Elder. 
"We have to demonstrate the capability to do [rapid forensics] then 
message that to our adversaries. For deterrence we have to clearly 
identify the attacker. We're working on rapid forensics to determine who 
the adversary is."

While cyber-espionage was inevitable, said Elder, knowledge of the US 
military being able to pinpoint the source of cyberattacks could deter 
assaults on critical national infrastructure that use Supervisory 
Control And Data Acquisition (Scada) systems.

"We're not going to deter cyber-espionage, but we might be able to deter 
attacks on Scada networks," said Elder.

As well as developing forensics tools, Cyber Command is also coding 
tools to check for incursions, including a "Cyber Sidearm", which will 
monitor activity on the Combat Information Transport System . the US Air 
Force cyber-network.

"We've been working to get the functionality built . we're supposed to 
have it in the next couple of months," said Elder.

US Eighth Air Force said it was seeking partnerships with both public- 
and private-sector organisations to "secure cyberspace". The Department 
for Homeland Security's Strategy to Secure Cyberspace includes 
establishing a public-private architecture to gauge and respond to 
cyberthreats, and increase information-sharing between public- and 
private-sector organisations and the military.

Copyright 1995-2008 CNET Networks, Inc. All rights reserved


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Wed Apr 02 2008 - 22:34:32 PST