The Complex

The Air Force's aggressive cyber defenses

While Defense Secretary Leon Panetta announced last night that the United States military is developing the capabilities to strike back against destructive attacks, U.S. Air Force officials shed some light on the aggressive tactics the service is taking to protect its networks.

As this blog has mentioned before, the air service has realized that it cannot built a cyber Maginot line in an attempt to keep cyber attackers out of its networks. Instead, the Air Force is working to develop networks that can operate while under attack and is starting to hunt its potential cyber attackers.

"Our cyber airmen lead hunter teams on the network in search of our adversaries," said the Air Force's Chief Information Officer, Lt. Gen. Michael Basla during a speech in Virginia yesterday. "They employ active network defense measures while engaged with unknown and potentially dangerous actors."

So, what does active network defense mean?

"Our defensive strategy will also expand into counter cyberspace operations, we will develop more focused and robust cyber ISR [intelligence, surveillance, and reconnaissance] and situational awareness capabilities to provide accurate, relevant and timely intelligence in the cyberspace domain," said Gen. William Shelton during the same conference yesterday. As commander of Air Force Space Command, Shelton (shown above) is one of the service's top cyber warriors.

While the military is incredibly tight-lipped about the specifics of its cyber operations, these comments seem to suggest that the Air Force, and the rest of the DoD, is using its relatively newfound ability to quickly trace who is attacking it to probe its enemies networks, discovering when, how, and why they are attacking and looking for weaknesses in their tactics and their networks.

The DoD is also likely using cyber honeypots, a basic security technique that deliberately gives cyber attackers what appear to be alluring targets.  Once an attack is underway, the military could either feed the attacker bad information or simply observe and learn all about how the enemy operates, building intelligence not only for defense but also for offensive operations against that attacker.

"Once we've established a strong defense, we'll focus more energy on offense," added Shelton.

U.S. Air Force

National Security

U.S. energy companies victims of potentially destructive cyber intrusions

Foreign actors are probing the networks of key American companies in an attempt to gain control of industrial facilities and transportation systems, Defense Secretary Leon Panetta revealed tonight.

"We know that foreign cyber actors are probing America's critical infrastructure networks," said Panetta, disclosing previously classified information during a speech in New York laying out the Pentagon's role in protecting the U.S. from cyber attacks. "They are targeting the computer control systems that operate chemical, electricity and water plants, and those that guide transportation thorough the country."

He went on to say that the U.S. government knows of "specific instances where intruders have gained access" to these systems -- frequently known as Supervisory Control and Data Acquisition (or SCADA) systems -- and that "they are seeking to create advanced tools to attack these systems and cause panic, destruction and even the loss of life," according to an advance copy of his prepared remarks.

The secretary said that a coordinated attack on enough critical infrastructure could be a "cyber Pearl Harbor" that would "cause physical destruction and loss of life, paralyze and shock the nation, and create a profound new sense of vulnerability."

While there have been reports of criminals using 'spear phishing' email attacks aimed at stealing information about American utilties, Panetta's remarks seemed to suggest more sophisticated, nation-state backed attempts to actually gain control of and damage power-generating equipment.  

Panetta's comments regarding the penetration of American utilities echo those of a private sector cyber security expert Killer Apps spoke with last week who said that the networks of American electric companies were penetrated, perhaps in preparation for a Stuxnet-style attack.

Stuxnet is the famous cyber weapon that infected Iran's uranium-enrichment centrifuges in 2009 and 2010. Stuxnet is believed to have caused some of the machines to spin erratically, thereby destroying them.

"There is hard evidence that there has been penetration of our power companies, and given Stuxnet, that is a staging step before destruction" of electricity-generating equipment, the expert told Killer Apps. Because uranium centrifuges and power turbines are both spinning machines, "the attack is identical -- the one to take out the centrifuges and the one to take out our power systems is the same attack."

"If a centrifuge running at the wrong speed can blow apart" so can a power generator, said the expert. "If you do, in fact, spin them at the wrong speeds, you can blow up any rotating device."

Cyber security expert Eugene Kaspersky said two weeks ago that one of his greatest fears is someone reverse-engineering a sophisticated cyber weapon like Stuxnet -- a relatively easy task -- and he noted that Stuxnet itself passed through power plants on its way to Iran. "Stuxnet infected thousands of computer systems all around the globe, I know there were power plants infected by Stuxnet very far away from Iran," Kaspersky said.

While the utilities have been penetrated, Panetta said that the Defense Department, largely via the National Security Agency, is "acting aggressively to get ahead of this problem -- putting in place measures to stop cyber attacks dead in their tracks" under a whole-of-government effort.

The Department of Homeland Security, working with the Department of Energy, has the lead in responding to the attacks that Panetta disclosed tonight, senior defense officials told reporters during a background briefing about Panetta's speech. The Pentagon officials believe they know who was behind the attack but would not reveal who that may be. They did note however, that Russia, China, and increasingly, Iran have developed worrisome cyber capabilities. DHS officials were not available for comment.

Panetta added that the Pentagon stands ready to "counter" cyber threats to U.S. national interests. He did not, however, use the word "offensive" to describe any of DoD's operations in cyberspace.

"If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the President," said Panetta. "For these kinds of scenarios, the [Defense Department] has developed that capability to conduct effective operations to counter threats to our national interests in cyberspace."

He went on to insist, though, that the Pentagon has only a supporting role to civil agencies in defending U.S. civilian infrastructure from cyber attack and that DoD will not monitor citizens personal computers.

"That is not our mission," said Panetta.

The Defense Department will only have the lead in responding to cyber attacks when deemed appropriate under the rule of armed conflict, said one of the defense department officials.

To protect the United States from crippling cyber attacks by "foreign adversaries," Panetta said the Pentagon will focus on the following:

  • Developing new cyber capabilities via the more than $3 billion spent on cyber issues annually;
  • Establishing policies and organizations that DoD needs to execute its mission in near real-time with other federal agencies, such as the Department of Homeland Security and the FBI;
  • Improving DoD's cooperation with private industry and international partners via better information-sharing about cyber threats and the establishment of basic cyber security standards for critical infrastructure providers.

Panetta also urged Congress to pass the Cyber Security Act of 2012, which would allow real-time information-sharing between businesses and the government, restrict the type of information government can collect on private citizens and how that information may be used, as well as set minimal cyber security standards that critical infrastructure providers should meet.

A copy of Panetta's speech is below.



SD BENS Cybersecurity Speech as PREPARED[3]

Getty Images