Wednesday, 1 September 2010

Pentagon may apply preemptive warfare policy to the Internet


Grappling with matters of law and policy governing the United States military's cyber-warfare capabilities, Pentagon planners are eying ways of making preemptive strikes across the Internet part of America's toolbox.



In a piece for Foreign Affairs, the publication of globalist policy group The Council on Foreign Relations, Deputy Secretary of Defense William J. Lynn III paints a picture of dire threat to American infrastructure, disclosing for the first time details of a devastating cyber-attack on U.S. infrastructure.



While not giving many specifics, Lynn described how malicious code on a USB thumb drive managed to spread across the Department of Defense network, establishing a "digital beachhead" that could siphon key data.



"It was a network administrator's worst fear: a rogue program operating silently, poised to deliver operational plans into the hands of an unknown adversary," he wrote. "This previously classified incident was the most significant breach of U.S. military computers ever, and it served as an important wake-up call. The Pentagon's operation to counter the attack, known as Operation Buckshot Yankee, marked a turning point in U.S. cyberdefense strategy."



However, "Operation Buchshot Yankee," commenced in 2008 and lasting some 14 months, saw the Department of Defense scramble over what was essentially a very minor security threat that caught their network experts completely by surprise.



The Defense Department quickly issues an outright ban on the use of flash drives. The file which infected Pentagon computers was actually quite common -- a derivative of the "SillyFDC" worm, according to Wired, which is listed by anti-virus software developer Symantec as a lowest tier threat. Users who wanted to remove the threat could have simply scanned their drives for the file "Agent.btz," which was at the source of the Pentagon's dilemma.



Naturally, the operation to eradicate the worm was kept secret, requiring a much larger effort on part of a smaller group.





The Washington Post, in a Saturday report on the development of rules to govern cyber-warfare, added:



"We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us," Gen. Keith Alexander, the head of the Pentagon's new Cyber Command, told an audience in Tampa this month.





Military officials have declared that cyberspace is the fifth domain - along with land, air, sea and space - and is crucial to battlefield success.



"We need to be able to protect our networks," Lynn said in a May interview. "And we need to be able to retain our freedom of movement on the worldwide networks."



That line of thinking has led Pentagon planners to weigh weather or not the United States can legally reach across the Internet to attack "adversary information systems," according to Defense Dept. documents examined by the Post. The capabilities being sought would allow U.S. cyber-warriors to "deceive, deny, disrupt, degrade and destroy" information and computers around the globe.



While it is legal for the Pentagon to block malicious software on the edges of its networks, preemptive strikes on systems thought to be in the employ of those who would harm America or its interests are still a gray area and could be subject to international escalation, should the U.S. take an overtly offensive stance.




The U.S. Cyber Command, comprised of 1,000 hackers and spies, will assume command on Oct. 1, led by NSA director General Keith Alexander and Bilderberger. The group's creation was announced in 2009, with the full support of President Obama.




Keith B Alexander




Civil liberties’ activists have warned against allowing the secretive NSA to take the lead in overseeing cyber security, saying it would place too much power in one agency with the NSA policing the same networks that it exploits to carry out eavesdropping.



In unveiling his plans to create a new White House post to oversee cyber security, Obama promised privacy rights would be carefully safeguarded even as the government moves to step up efforts to protect sensitive civilian and military networks.



There have been reported breaches of the US electricity grid and the F-35 fighter jet program, and Obama mentioned a cyber attack — blamed by some accounts on foreign spy services — on the computer hub for his own 2008 presidential campaign.




THE ROLE OF THE NSA




NSA's eavesdropping mission includes radio broadcasting, both from various organizations and individuals, the Internet, telephone calls, and other intercepted forms of communication. Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications. It has been described as the world's largest single employer of mathematicians, and the owner of the single largest group of supercomputers, but it has tried to keep a low profile. For many years, its existence was not acknowledged by the U.S. government, earning it the nickname, "No Such Agency" (NSA). Because the agency rarely makes any public remarks, it has been quipped that their motto is "never say anything".



Because of its listening task, NSA/CSS has been heavily involved in cryptanalytic research, continuing the work of predecessor agencies which had broken many World War II codes and ciphers (see, for instance, Purple, Venona project, and JN-25).



In 2004, NSA Central Security Service and the National Cyber Security Division of the Department of Homeland Security (DHS) agreed to expand NSA Centers of Academic Excellence in Information Assurance Education Program.[6]



As part of the National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD 54), signed on January 8, 2008 by President Bush, the NSA became the lead agency to monitor and protect all of the federal government's computer networks from cyber-terrorism.[1]




Facilities



NSA headquarters in Fort Meade, Maryland

Headquarters for the National Security Agency are at Fort George G. Meade, Maryland, about 15 mi (24 km) southwest of Baltimore. The NSA has its own exit off Maryland Route 295 South labeled "NSA Employees Only." The scale of the operations at the NSA is hard to determine from unclassified data; some 18,000 parking spaces are visible in photos of the site. In 2006, the Baltimore Sun reported that the NSA was at risk of electrical overload because of insufficient internal electrical infrastructure at Fort Meade to support the amount of equipment being installed. This problem was apparently recognized in the 1990s but not made a priority, and "now the agency's ability to keep its operations going is threatened."[7] Its secure government communications work has involved the NSA in numerous technology areas, including the design of specialized communications hardware and software, production of dedicated semiconductors (at the Ft. Meade chip fabrication plant), and advanced cryptography research. The agency contracts with the private sector in the fields of research and equipment.

No comments: