[ISN] Ready Player One - Did the Pentagon just take over America'scybersecurity

From: InfoSec News <alerts_at_private>
Date: Mon, 15 Oct 2012 05:40:36 -0500 (CDT)
http://www.foreignpolicy.com/articles/2012/10/12/ready_player_one

[Via Twitter - @csoghoian: Unintended irony: photo for "Did the Pentagon just 
take over America's cybersecurity?" article shows
soldier checking Yahoo email, no HTTPS.  - WK]


By James Andrew Lewis
ForeignPolicy.com
OCTOBER 12, 2012

It was bound to happen. The Senate fumbles and the House proffers only 
magical solutions for cybersecurity. The task of improving cybersecurity 
reverts to the executive branch, but the Department of Homeland Security 
does not inspire confidence. So the Department of Defense (DOD) is given 
a larger role in protecting cyberspace -- a responsibility that Defense 
Secretary Leon Panetta finally claimed in an important speech he 
delivered Oct. 11, "Defending the Nation from Cyber Attack." Panetta may 
have said that the Pentagon will only play a "supporting role," but make 
no mistake: When it comes to cybersecurity, the center of action just 
shifted.

Given the feeble state of U.S. cyberdefenses, an astute antagonist could 
use cyberattacks to disrupt critical services and information. This is a 
standard military doctrine for America's likely opponents. An expanded 
role for the DOD makes sense when the United States is so vulnerable -- 
not only from sophisticated opponents but, surprisingly, from less 
advanced countries that may be more aggressive and less able to 
calculate risk.

The driver for immediate action is Iran. "Iran has also undertaken a 
concerted effort to use cyberspace to its advantage," Panetta said. His 
speech laid the dots alongside each other without connecting them, but 
many sources in and out of government suggest that Iran was likely 
responsible for the disruptive attacks on Aramco and RasGas that the 
secretary mentioned. Iran may also have been behind recent 
denial-of-service attacks against U.S. banks. Iran has discovered a new 
way to harass much sooner than expected, and the United States is 
ill-prepared to deal with it.

The specifics of Iranian involvement are murky, but there is a general 
consensus that Tehran was either witting or supportive of the attacks. 
Iran has been working to acquire cyberattack capabilities for years -- 
well before Stuxnet -- and those who believe that the allegations of 
Iranian involvement are true do not believe the recent attacks were in 
retaliation for that piece of malware, which disrupted Iran's 
centrifuges. If anything, some speculate they were a reaction to the new 
U.S. sanctions. A more active Iran creates a new layer of problems in 
cyberspace that the United States cannot wait for Congress to address. 
An initial problem is how to credibly signal to Iran to refrain from 
further attacks. Panetta's speech was an attempt to do so. There is a 
message for Iran that, while indirect, is unlikely to miss.

[...]


--
CISSP and CEH Live OnLine training with ExpandingSecurity.com is the fastest,
easiest way to master the relevant data you need now.  Sign up for the free
weekly PainPill and try a free class.  It is easy.
http://www.expandingsecurity.com/PainPill
Received on Mon Oct 15 2012 - 03:40:36 PDT

This archive was generated by hypermail 2.2.0 : Mon Oct 15 2012 - 03:34:36 PDT