1 November 2014

U.S. Eyes Cyber ‘Deterrence’ To Stop Hackers

The best defense against this problem is a good offense. RCP

Agence France-Presse, 
Oct. 28 | Rob Lever

The US military is looking to flex its muscles in cyberspace as a “deterrence” to hackers eying American targets, the nation’s top cyber-warrior said Tuesday.

Admiral Mike Rogers, who heads the Pentagon’s Cyber Command as well as the National Security Agency, evoked a policy often put forward for avoiding nuclear warfare, because holding powerful weapons is seen as a deterrent.

Rogers said that as part of his role as the head of Cyber Command, he wants to send a message to potential cyber-attackers that there are consequences for their actions.

“Right now, if you are a nation-state, if you are a group, if you are an individual, my assessment is that most (hackers) come to the conclusion that it is incredibly low-risk, that there is little price to pay for the actions that they are taking,” Rogers told a cyber security conference at the US Chamber of Commerce in Washington.

“I’m not saying I agree with that but I believe most look at that and in light of that feel that they can be pretty aggressive. That’s not in our best interests in the long term as a nation to have that perception. We need to try to change that over time.”

Rogers said the US military has a “legal framework” for the use of any offensive cyber-weapons, noting that a decision to use these tools needs approval from the president and secretary of defense.

But he said US officials are in the midst of discussions on defining offensive military actions in cyberspace and how to implement them.

“What I hope we can develop over time is a set of norms and rules that get us into an area where we can get a better definition of what is acceptable and what is not acceptable (in cyberspace), and even into the idea of deterrence,” he told the conference.

The comments came the same day that security researchers, in two separate reports, said the Russian and Chinese governments are likely behind widespread cyber-espionage that has hit targets in the United States and elsewhere.

One team of researchers led by the security firm Novetta Solutions said it identified a hacker group believed to act “on behalf of a Chinese government intelligence apparatus.”

A separate report by the security firm FireEye said a long-running effort to hack into US defense contractors, Eastern European governments and European security organizations is “likely sponsored by the Russian government.”

The Chinese group, which was dubbed Axiom, “is a well-resourced, disciplined and sophisticated cyber-espionage group operating out of mainland China,” Novetta chief executive Peter LaMontagne said in a statement released with the study.

The report said the firms went beyond simply collecting information and cooperated on a “coordinated, effective remediation and disruption” of the Chinese networks.

“Novetta feels that the unified approach… provides the highest level of visibility and establishes the foundation necessary to effectively counter a threat of this nature,” the report said.

Rogers did not specifically comment on Axiom but said he is generally cautious on the use of “cyber-mercenaries” who retaliate against hackers.

“I would urge you to be very careful about going down that road,” he told the conference.

“I often get asked this question about ‘cyber-mercenaries,'” or private-sector players who seek to take out hacking threats.

“My input to you would be to be very careful about that,” Rogers said. “It really potentially opens you up for a whole range of complications.”

Washington Post, Oct. 29, Pg. A2 | Ellen Nakashima

Hackers thought to be working for the Russian government breached the unclassified White House computer networks in recent weeks, sources said, resulting in temporary disruptions to some services while cyber security teams worked to contain the intrusion.

White House officials, speaking on the condition of anonymity to discuss an ongoing investigation, said that the intruders did not damage any of the systems and that, to date, there is no evidence the classified network was hacked.

“In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network,” said one White House official. “We took immediate measures to evaluate and mitigate the activity. . . . Unfortunately, some of that resulted in the disruption of regular services to users. But people were on it and are dealing with it.”

The FBI, Secret Service and National Security Agency are involved in the investigation. White House officials are not commenting on who was behind the intrusion or how much data, if any, was taken.

“Certainly a variety of actors find our networks to be attractive targets and seek access to sensitive information,” the White House official said. “We are still assessing the activity of concern.”

U.S. officials were alerted to the breach by an ally, sources said.

Recent reports by security firms have identified cyber espionage campaigns by Russian hackers thought to be working for the government. Targets have included NATO, the Ukrainian government and U.S. defense contractors. Russia is regarded by U.S. officials as being in the top tier of states with cyber-capabilities.

In the case of the White House, the nature of the target is consistent with a state-sponsored campaign, sources said.

The breach was discovered two to three weeks ago, sources said. Some staffers were asked to change their passwords. Intranet or VPN access was shut off for a while, but the e-mail system, apart from some minor delays, was never down, sources said.

White House officials said that such an intrusion was not unexpected. “On a regular basis, there are bad actors out there who are attempting to achieve intrusions into our system,” said a second White House official. “This is a constant battle for the government and our sensitive government computer systems, so it’s always a concern for us that individuals are trying to compromise systems and get access to our networks.”

The Russian intelligence service was believed to have been behind a breach of the U.S. military’s classified networks, which was discovered in 2008. The operation to contain the intrusion and clean up the computers, called Buckshot Yankee, took months.

That incident helped galvanize the effort to create U.S. Cyber Command, a military organization dedicated to defending the country’s critical computer systems – including those in the private sector – against foreign cyber attack, as well as helping combatant commanders in operations against adversaries. The command is expected to have some 6,000 personnel by 2016, officials said.

When directed by the president or defense secretary, Cyber Command can undertake offensive operations.

–Craig Whitlock contributed to this report

No comments: