La guerra cibernetica

[Ospite intruder]

Ho trovato questo materiale, secondo me molto interessante e che vale la pena di ampliare e discutere, e lo piazzo qui anche se non si tratta propriamente di aeronautica.

 

 

The combatant commander in charge of U.S. Strategic Command told House defense authorizers March 17 that the United States remains vulnerable across a swath of cyber threats, but he asserts that the military is indeed making progress on the issue.

 

U.S. Air Force Gen. Kevin Chilton also respectfully lobbied the House Armed Services strategic forces subcommittee on behalf of the Reliable Replacement Warhead, or something of the kind, to modernize, secure and even reduce the U.S. nuclear arsenal. Chilton predicted that “2009 will be an important year” for deciding and pursuing the nation’s new strategic forces vision due to major military reviews, as well as groundwork laid by years of debate over the RRW and other related issues.

 

Chilton and subcommittee Chair Ellen Tauscher (D-Calif.) appeared mostly to agree on issues discussed at the public hearing, although Tauscher hinted at continued hesitation over RRW, which she has resisted before because of the image that it gives of the United States building new nuclear weapons. But she also outlined “fences,” or restrictions, under which she seemed to offer support.

 

According to Tauscher, nuclear stockpile modernization must maintain the ban on atomic testing, provide no new capabilities in regards to nuclear yield or robustness, adhere to the Comprehensive Test Ban Treaty, and work toward U.S.-Russian efforts at cutting their Cold War arsenals. Accordingly, modernization “really is a policy that can be reviewed in an interesting way.”

 

Chilton did not challenge any of those assumptions, and he repeated purported benefits that RRW would bring. Both the nuclear weapons workforce and stockpile are aging, he reminded lawmakers, and the RRW was conceived toward addressing those issues. He also stressed that numerous allies rely on the U.S. nuclear “umbrella” for their own strategic protection, and the RRW moves toward assuring them of U.S. reliability.

 

Meantime, Chilton sidestepped the ongoing debate about who in the federal government should lead its cyber efforts, but he noted that the military has a cyber command force inside StratCom, which works part and parcel with the National Security Agency on the issue. Still, StratCom is only responsible for protecting military networks and developing any related cyber attacks, if ordered. And even in the defense department, the military must make more cultural and behavioral changes.

 

The combatant commander said the defense sector must see cyber as a necessity, not a convenience, and charge its operational leaders with the responsibility to defend and develop the capability in their areas of command. Meanwhile, the country faces the potential for attacks from bored teen-agers causing mischief to organized nation-state aggression.

 

“I’m worried about all of them,” Chilton said. “Are we vulnerable today across the spectrum? I would say yes.”

 

www.aviationweek.com

 

 

7 Billion Reasons Not to Sleep at Night

 

 

I don't suppose Kevin Chilton gets much sleep. If I were him, I'd be a one-man customer base for every sleep narcotic available. But somehow the four-star U.S. Air Force general in charge of Strategic Command looked well and sounded great Tuesday when he testified in front of the House Armed Services strategic forces subcommittee.

 

Chilton is the combatant commander responsible for - among other weighty duties - the military's cybersecurity and warfare capabilities right now. I say "right now" because the new Obama administration is part way through a 60-day review of the federal government's cyber status, and the report-out is expected to include major reforms like establishing who ought to be in charge. The military, whom many argue is the tip of the spear currently, looks to Chilton.

 

In his live testimony, Chilton noted that cyber threats have evolved from bored teen-agers looking to cause havoc to organized nation-state actions, as is suspected in China and Russia. The Strategic commander says the United States remains vulnerable to the whole gamut. “I’m worried about all of them,” Chilton said. “Are we vulnerable today across the spectrum? I would say yes.”

 

Although he sidestepped the ongoing debate about who in the federal government should lead its cyber efforts, Chilton noted that the military has a cyber command force inside StratCom, which works part and parcel with the National Security Agency on the issue. Still, StratCom is only responsible for protecting military networks and developing any related cyber attacks, if ordered by the President.

 

And within DOD itself, there is still much progress to make. The military must make more cultural and behavioral changes. Chilton said the defense sector must see cyber as a necessity, not a convenience, and charge its operational leaders with the responsibility to defend and develop the capability in their areas of command.

 

 

 

 

 

 

Remember this, the ol' provisional USAF cyber command idea? That was so last year.

 

 

 

There will be a lot more discussion this week in Washington about cyber things. On March 12, Homeland Security Secretary Janet Napolitano appointed Phil Reitinger as deputy undersecretary of the National Protections Program Directorate. He will be responsible for protecting many federal networks from cyberattack. On March 19, the Senate Committee on Commerce, Science and Transportation has called a hearing, titled “Cybersecurity – Assessing Our Vulnerabilities and Developing An Effective Defense.”

 

www.aviationweek.com

Modificato 18 Marzo 2009 da intruder

[Andrea75]

Cercavo un topic su virus e guerra cyber ed ho trovato questo; concordo con intruder quando dice che non riguarda propriamente (o esclusivamente) l'aviazione. Mi permetto di suggerire uno spostamento nelle "discussioni a tema".

 

Scoperto in Medio Oriente super-virus informatico che ruba segreti di stato

 

Si chiama «Flame», fiamma, ed è un super-virus informatico che ha colpito i network in diversi Paesi mediorientali. Tra questi l’Iran, l’Arabia Saudita, la Siria, il Libano, il Sudan, l’Egitto e i territori palestinesi. Un «baco» che ruba qualsiasi tipo di informazione, registra comunicazioni e dialoghi, intercetta Skype. Qualcosa - affermano gli esperti - che deve essere stato messo a punto da un apparato statale. Ossia da un servizio segreto o da una struttura militare di alto livello.

[motogio]

Visto che è stato riesumato questo vecchio post tanto vale utilizzarlo:

 

Un team di ricercatori della Cambridge University ha scoperto un chip cinese "backdoor" utilizzato in alcuni dispositivi militari USA. I rischi sono notevoli per la sicurezza, ma un esperto del settore sostiene che in questo caso è difficile credere che un produttore si sia spinto a tanto.

 

Chip cinese con backdoor in dispositivi militari USA

 

Solo poche settimane fa Mikko Hypponen aveva scoperto una backdoor che dava accesso a una shell di root sui telefonini della cinese ZTE (quarto produttore mondiale di telefonia mobile).

 

Nice backdoor, ZTE.

 

[Andrea75]

Negli USA si stanno attrezzando per questo nuovo tipo di guerra White House, industry joins to secure cyberspace

 

The White House and industry groups Wednesday unveiled new initiatives to combat so-called "botnets," or networks of computers controlled by hackers through virus infections.

The cybersecurity partnership includes US government agencies including the Department of Homeland Security and the Industry Botnet Group, a group of nine trade associations and nonprofit organizations.

[Andrea75]

Panetta Green Lights First Cyber Operations Plan

 

Secretary of Defense Leon Panetta has approved a new organizational framework, a plan designed as a “first step” towards standardized cyber operations, according to documents obtained by Defense News.

The framework outlines a command structure that places more authority for both offensive and defensive operations under the geographic combatant commanders and creates Joint Cyber Centers (JCC) to serve as a link between combatant commanders and U.S. Cyber Command (CYBERCOM) Combat Support Elements that will provide intelligence information and operational know-how.

[Andrea75]

Malware hunter Kaspersky warns of cyber-war dangers

 

“Flame is extremely complicated but I think that many countries can do the same or similar — even the countries which don’t have expertise at the moment,” he said.

But other analysts have described the virus as “clumsy,” saying it was unsophisticated and did not resemble the work of a country with highly advanced technological capacities.

Kaspersky put the development costs of Flame at “less than $100 million” (80 million euros) but said the potential damage caused by such programmes was likely to be enormous.

“Cyber weapons can replicate, and there could be random victims anywhere around the globe, it doesn’t matter how far you are from the conflict,” he said.

“It’s not cyberwar, it’s cyberterrorism and I’m afraid it’s just the beginning of the game.”

[Andrea75]

Unique Program to educate Next Generation of US Cybersecurity Leaders

 

The University of Maryland and the Northrop Grumman Corporation (NYSE:NOC) will launch a landmark honors program designed to educate a new generation of advanced cybersecurity professionals. The unique program, Advanced Cybersecurity Experience for Students (ACES), will immerse undergraduate students in all aspects of the field to meet growing manpower needs in the nation and the State of Maryland.

ACES will engage a highly talented, diverse group of students—majors in computer science, engineering, business, public policy and the social sciences—in an intensive living-learning environment that focuses on the multifaceted aspects of cybersecurity and develops team-building skills. Students will take on an advanced, cross-disciplinary curriculum developed through industry consultation, and will interact directly with industry and government cybersecurity mentors. Students enrolled in the program will have the option of interning with Northrop Grumman and preparing for security clearance. ACES will produce skilled, experienced cybersecurity leaders highly sought by corporate and government organizations.

[Andrea75]

Cyber Security o Cyber War?

 

Il 13 e il 14 Giugno, presso il CASD (Centro Alti Studi della Difesa di Roma), a partire dalle ore 09.30, si svolgerà il workshop dal titolo "Cyber Security o Cyber War?".

L'evento è organizzato dal Centro Studi Militari Aeronautici "Giulio Douhet" (CESMA) dell’Associazione Arma Aeronautica, in collaborazione con la Armed Forces Communications and Electronics Association (AFCEA ) - Capitolo di Roma, e con il supporto dell’Osservatorio sulla Sicurezza Nazionale del Centro Militare di Studi Strategici (CeMiSS).

Il seminario ha lo scopo, nel corso di tre sessioni, di analizzare le minacce alle infrastrutture critiche, le risposte istituzionali possibili, nonché di valutare le iniziative accademiche e industriali che possono contribuire alla salvaguardia del Sistema Paese, della sicurezza e della qualità della vita dei cittadini.

 

Il Programma

[Andrea75]

US, Israel made flame virus to thwart Iran report

 

The United States and Israel collaborated to create the Flame computer virus as part of an effort to slow Iran’s suspected nuclear weapons drive, The Washington Post reported Tuesday.

The newspaper, citing “Western officials with knowledge of the effort,” said the sophisticated malware was designed to spy on Iran’s computer networks and send back intelligence used for an ongoing cyberwarfare campaign.

[Andrea75]

We’re Slowly Starting to See U.S.’ Cyber Weapons

 

Modificato 21 Giugno 2012 da Andrea75

[-{-Legolas-}-]

What’s most impressive — or scary — is that, according to the Washington Post, Flame — which has been hiding out there undiscovered for years as a routine Microsoft software update — is just the tip of the iceberg in a massive cyber espionage effort against Iran.

Read more: http://defensetech.org/2012/06/20/were-slowly-starting-to-see-u-s-cyber-weapons/#ixzz1yQYuCx3b

Defense.org

 

Caspita. Cioè Flame sarebbe in un aggiornamento periodico ci Microsoft, secondo il Washinghton Post.

 

Geniale e terribile.

 

[madmike]

tutti gli Iraniani a comprare Apple, allora....

[-{-Legolas-}-]

Si, o anche Linux che è pure gratis.

[cama81]

linux o gli altri S.O. open sorce NON possono essere utilizzati da enti governativi o da è preoccupato per attacchi informatici , questo perchè un attaccante conoscerebbe le vulnerabilità del S.O. in quanto pubbliche e note . la parte più difficile in questi attacchi è scoprire le vulnerabilità avversarie ,per questo in occidente si usano S.O dedicati all ambiente militare non solo microsoft ma anche di altre sofware house .

 

utilizzare un software open è come avere una casa di vetro ,non esattamente una fortezza

 

gli iraniani/ cinesi dovrebbero sviluppare un loro s.o e tenerlo segreto , i secondi sarebbero capaci i primi no

[Andrea75]

Of ‘Honeypots’ and NATO Cybersecurity

 

The new NATO Computer Incident Response Capability (NCIRC) will be designed around a defense scheme that may well include such components as traps for attackers known as honeypots, among other proactive defense tools, one of the experts behind the program said July 11 at the Farnborough International Airshow.

 

The NCIRC contract was awarded to a Northrop Grumman/Finmeccanica team in February, and the program has passed its proof of concept testing, company representatives said at the press conference.

 

NCIRC is scheduled to be fully operational by the end of 2012.

[Andrea75]

Cyber-guerra 'covert' già in corso Flame Spyware Spotlights Low-Grade Threats

 

Initiated by the Bush administration in 2006, the program—codenamed Olympic Games—saw the Defense Department's National Security Agency working with Israel's military signals intelligence and code-breaking group, Unit 8200. After an intelligence-gathering phase in which the Natanz plant was digitally mapped, code designed to destroy centrifuges was tested on working replicas of the Iranian centrifuge cascades, constructed at a number of U.S. national laboratory sites, before being deployed against the Iranian facility.

[Andrea75]

Mahdi, il «messia» che tiene sotto scacco l'Iran

 

L'allarme arriva da Kaspersky Lab, produttori russi di antivirus, e dall’azienda di sicurezza israeliana Seculert, che annunciano la scoperta di un nuovo programma altamente nocivo: il suo nome è Mahdi, letteralmente «il Messia», e da almeno otto mesi tiene sotto scacco l’Iran e altri quattro Paesi del Medio Oriente, tra cui Israele. Due le caratteristiche importanti del trojan: si tratta del primo attacco in cui i programmi informatici utilizzati includono formulazioni in lingua persiana. Inoltre, a differenza dei potenti malware industriali Stuxnet, Flame o Duqu, Mahdi sembra appartenere ad un'altra fase della guerra informatica. «Non è stato progettato da stati o enti governativi, ma da dilettanti».

[Andrea75]

Finmeccanica completes first tests for NATO cyber-security system

 

The Finmeccanica Cyber Solutions team selected in February 2012 to fulfil the NATO Computer Incident Response Capability (NCIRC) – Full Operating Capability (FOC) requirement, has completed the testing phase of the programme’s Proof of Concept in line with the challenging timescale set by NATO. NCIRC FOC will provide a highly adaptive and responsive system to help protect NATO from cyber-attacks against both its mobile and static Communication and Information Systems.

...

Once delivered, NCIRC FOC will provide an agile, flexible and interoperable solution featuring advanced cyber defence systems to protect NATO static commands, crisis operations, NATO signal battalions, Article V Operations and the NATO Reaction Force.

Modificato 19 Luglio 2012 da Andrea75

[Andrea75]

Cambio al vertice dello U.S. Cyber Command NETCOM schedules change of command

 

Maj. Gen. Jennifer L. Napper

[Andrea75]

Stuxnet: 'Moral crime' or proportionate response?

 

opinione 1

"I think what you're talking about is a moral crime," said Marcus Ranum, faculty member of the Institute for Applied Network Security. "What you're really doing is putting civilian infrastructure on the front line in this non-existent war. The military is basically saying 'we've saved you a little old fashioned bombing - you should be happy,' but that's not appropriate."

 

opinione 2

"I've always thought that these were tools in the spectrum of proportional force in between harsh words and dirty looks and Mark II bombs," said Moss. "Now instead of blowing up plants and killing people you can attack the equipment, and this is another notch on the proportionality meter. If you agree with that or not it's a good tool to allow nation states to exert force without having to blow people up."

[Andrea75]

US unprepared for serious cyber attacks

 

The United States is not adequately prepared for a serious cyber attack, the commander of U.S. Cyber Command told the audience at the Aspen Institute’s annual security forum today. ... in terms of preparation for a cyber attack on a critical part of its network infrastructure, the U.S. is at a three on a scale of one to ten.

[Andrea75]

Segnalo questo articolo CSBA evaluates cyber warfare in a new study

 

How valid is the growing concern among senior U.S. leaders that state and non-state actors will become increasingly capable of executing cyber attacks with catastrophic consequences? Does the expansion of the military competition into the cyber domain represent a major shift in the character of warfare? Dr. Andrew Krepinevich, President of the Center for Strategic and Budgetary Assessments, examines these questions in CSBA’s latest report, Cyber Warfare: A “Nuclear Option”?

 

The assessment finds the concerns of leaders like Secretary Panetta regarding cyber war have merit: the United States and other developed countries are ill-prepared to defend against a cyber attack on their critical infrastructure.

 

In calce all'articolo è possibile effettuare il download del paper CYBER WARFARE A “NUCLEAR OPTION”?

[Andrea75]

Flame cyber virus linked to more malware report

 

The Flame virus believed to be part of a cyberwarfare effort against Iran was developed as early as 2006 and is linked to at least three other malware programs, a new analysis said Monday.

The report suggests that the effort to develop Flame, widely reported to be part of a US-Israeli effort to slow Iran’s suspected nuclear weapons drive, has been going on longer than initially believed and has more components, including some not yet fully understood.

[Andrea75]

US Cyberwarrior Accuses China Of Targeting Pentagon

 

The U.S. Cyber Command’s top intelligence officer accused China on Thursday of persistent efforts to pierce Pentagon computer networks and said a proposal was moving forward to boost the cyber command in the U.S. military hierarchy.

 

“Their level of effort against the Department of Defense is constant” while alleged Chinese attempts to steal corporate trade secrets has been growing, Rear Admiral Samuel Cox, the command’s director of intelligence, told Reuters after remarks to a forum on the history of cyber threats.

 

The Office of the National Counterintelligence Executive, a U.S. intelligence arm, said in a landmark report a year ago that “Chinese actors are the world’s most persistent perpetrators of economic espionage.”

[Andrea75]

NSA Director Urges Passage Of Cybersecurity Bill

 

Cyberattacks have breached the Pentagon and sent businesses into bankruptcy. Still, it might take a cyberdisaster that causes damage on the scale of Hurricane Katrina in 2005 to get lawmakers to pass legislation aimed at shoring up the U.S.’s infrastructure.

The White House has proposed an executive order to address part of the problem, but Gen. Keith Alexander, the director of the National Security Agency and commander of U.S. Cyber Command, says that is not enough.

The Pentagon has a pilot program that will help private companies work with the government to help them protect their own information. But that program “doesn’t give us the ability to work with the Internet service providers and allow that to benefit the rest of the critical infrastructure and the rest of government,” Alexander said during an Oct. 1 panel discussion at the Woodrow Wilson Center in Washington. “That’s really what we need this legislation for.”

An executive order also would fail to address liability protections to shield companies from lawsuits over information-sharing that are needed to encourage tparticipation, says Susan Collins (Maine), the ranking Republican on the Senate Homeland Security Committee and a co-sponsor of cybersecurity legislation. “I think the executive order is a mistake,” Collins says. “I fear that it actually could lull people into a false sense of security that we’ve taken care of cybersecurity.”