Posts Tagged ‘Cyberspace’

The US Army and the BEST definition of Cyberspace to date

Last Updated on Thursday, 11 March 2010 10:20 Written by Jeffreycarr Thursday, 11 March 2010 10:20

The US Army’s new Cyberspace Operations Concept Capability Plan 2016-2028 is an outstanding piece of work; not just because it underscores much of what I’ve been saying since 2008, but because it builds a detailed framework of cyberspace as an operating environment which will prove invaluable to every agency in the Intelligence Community and the Department of Defense as well as Congress, the White House and the American public. The following is a brief excerpt which accompanies the above graphic. Do yourself a favor and read at least the Executive Summary. You’ll quickly see why I’m so pleased with it.

——————–

“Cyberspace can be viewed as three layers (physical, logical, and social) made up of five components (geographic, physical network, logical network, cyber persona, and persona) (see figure 2-1).

(1) The physical layer includes the geographic component and the physical network component. The geographic component is the physical location of elements of the network. While geopolitical boundaries can easily be crossed in cyberspace at a rate approaching the speed of light, there is still a physical aspect tied to the other domains. The physical network component includes all the hardware and infrastructure (wired, wireless, and optical) that supports the network and the physical connectors (wires, cables, radio frequency, routers, servers, and computers).
(2) The logical layer contains the logical network component which is technical in nature and consists of the logical connections that exist between network nodes. Nodes are any devices connected to a computer network. Nodes can be computers, personal digital assistants, cell phones, or various other network appliances. On an Internet protocol (IP) network, a node is any device with an IP address.
(3) The social layer comprises the human and cognitive aspects and includes the cyber persona component and the persona component. The cyber persona component includes a person’s identification or persona on the network (e-mail address, computer IP address, cell phone number, and others). The persona component consists of the people actually on the network. An individual can have multiple cyber personas (for example, different e-mail accounts on different computers) and a single cyber persona can have multiple users (for example, multiple users accessing a single eBay® account). This holds important implications for Army forces in terms of attributing responsibility and targeting the source of cyber action. It also means Army forces will require significant situational awareness (SA), forensic, and intelligence capabilities to counter the complex cyber threat.”
Learn More
Tags: , , ,   |  Posted under Cyber, Full Spectrum Operations  |  2 Comments

Here comes the pain (because that’s how we learn)

Last Updated on Wednesday, 12 August 2009 01:36 Written by Jeffreycarr Wednesday, 12 August 2009 09:44

When the wildlife population of a forest are observed abandoning an area for no apparent reason, its because they sense impending danger that their human counterparts are not yet aware of. Witness the Tsunami that devastated Indonesia and Sumatra in 2004. Animals flee. Humans stand around oblivious to what’s coming until its too late.

This week brought yet another resignation from a key U.S. cyber security official, Mischel Kwon, director of US-CERT due to “bureaucratic obstacles and lack of authority”,

Just prior to Kwon, it was Melissa Hathaway, the White House’s acting senior director for cyberspace. Even worse, no one of any accomplishment seems to want the job that Hathaway turned down (a confidential source tells me she was offered the position).

And let’s not forget Rod Beckstrom’s resignation and particularly his resignation letter which revealed just how fucked up the relationship is between the NSA and pretty much everyone else, at least in the area of cyber security.

If these resignations haven’t either pissed you off, or activated your fight or flight response, or both, stand by for the virtual tsunami that’s on the way; the cyber event that will cost us billions of dollars, reveal our vulnerabilities to our adversaries, and – finally – elevate cyber security back to the top of the priority list where it belonged in the first place. That comes with an entirely new set of problems which I won’t delve into right now, but think Iraq reconstruction in 2003 and Katrina reconstruction in 2005, and you’ll catch my drift.

What proof do I have that this will happen? Apart from the migration of experts getting the hell out of Dodge, the biggest evidence that a cyber catastrophe is just around the corner is the elephant in the room that no one is talking about anymore: Conficker C and other mega-bots that have the capability of crushing not just one nation’s entire network infrastructure, but of bringing the entire global Internet to a complete standstill.

Conficker’s authors, still unknown in spite of the best efforts of the Conficker Cabal, have demonstrated:

Internet-wide programming skills, advanced cryptographic skills, custom dual-layer code packing and code obfuscation skills, and in-depth knowledge of Windows internals and security products.  They are among the first to introduce the Internet rendezvous point scheme, and have now integrated a sophisticated P2P protocol that does not require an embedded peer list.  They have continually seeded the Internet with new MD5 variants, and have adapted their code base to address the latest attempts to thwart Conficker.   They have infiltrated government sites, military networks, home PCs, critical infrastructure, small networks, and universities, around the world.  Perhaps an even greater threat than what they have done so far, is what they have learned and what they will build next.(emphasis added)

Now before this turns into a Conficker argument, let me stress that Conficker is not the issue. It is representative of the issue which is that a wired world such as the one we live in is inherently vulnerable to attacks that are the cyber equivalent of an extinction event. That is what a botnet of over one million hosts represents to a nation and to the world. Thanks to Conficker, we know that such bots exist; that they will evolve in sophistication and complexity (i.e., Conficker A, B, and C), and that we have no way to stop them, at least not yet.

So for those of you reading this who are in a position to make your voices heard, please spread the word. The White House and Congress must elevate cyber security to the top of the priority list. Health care will be tough to deliver when your doctor cannot access your data because its stored in a Cloud that seems to have vanished.

Learn More
Tags: , , ,   |  Posted under Uncategorized  |  1 Comment

CSIS Commission’s Recommendation for a Public-Private Partnership

Last Updated on Sunday, 21 December 2008 01:30 Written by admin Monday, 8 December 2008 10:39

I just finished reading the full CSIS Cyber Commission report “Securing Cyberspace for the 44th Presidency“. I think it’s an outstanding piece of work, and I hope that its recommendations are adopted by the Obama Administration.

I know from personal experience how effective a public-private partnership can be when it comes to investigating cyber warfare and related incidents so I was very happy to read the Commission’s recommendation for establishing the Center for Cyber Security Operations (CCSO) “where public and private entities can collaborate and share information on critical cybersecurity in a trusted environment”. 

In addition to the CCSO, the report recommends:

The President should appoint an assistant for cyberspace and establish a Cybersecurity Directorate in the National Security Council (NSC) that absorbs existing Homeland Security Council functions.

A new National Office for Cyberspace (NOC) would support the work of the assistant for cyberspace and the new Directorate in the NSC. The President can create this office by merging the existing National Cyber Security Center (NCSC) and the Joint Inter-Agency Cyber Task Force (JIACTF). The assistant to the president for cyberspace would direct the NOC.

Be sure to visit Bob Gourley’s CTOVision for his take on the report as well.

UPDATE: Steve Baker, Business Week reporter and author of The Numerati, takes a thorough look at the complexities of cyber security and adds a quote from me on the topic as well!

 

Learn More
Tags: , ,   |  Posted under Cyber  |  No Comments

Inside Cyber Warfare

Book cover of Inside Cyber Warfare

Main Menu

Site Search

Tags

China CIA critical infrastructure Cyber Cyber attack Cyber Command cyber security cyberwar Cyber War cyber warfare DARPA DHS DNI DoD DST Facebook FSB Georgia Google grey goose greylogic hackers IARPA India inside cyber warfare IntelFusion FLASH Traffic intelligence Iran Kremlin Kyrgyzstan Microsoft NSA O'Reilly Open Source OSINT palantir power grid project grey goose RBN Russia SCADA Second Life Terrorism Twitter USAF

Archives

Copyright © 2009 Afterburner - Free GPL Template. All Rights Reserved.
WordPress is Free Software released under the GNU/GPL License.