The Complex

Syrian rebels' DIY armor, complete with Playstation controlled guns

Happy Monday. To kick things off this week, check out this video of a homemade armored assault vehicle complete with a machine gun aimed via what looks like a Playstation controller.

Little is known about the armored car, called the Sham II, other than it's built on a car chassis and the driver and gunner rely on video cameras to steer it. Still, you've got to admit, it's a great example of battlefield-borne weaponry.

It's worth noting that the Sham II isn't that advanced compared to the increasing number of tanks and armored personnel carriers that the rebels have been capturing from Syrian government forces, it will be interesting to see how or if it is used in combat.

This isn't the first homemade armor that Syrian rebels have fielded. Check out this Suzuki pickup truck that's been heavily armored to allow rebels to avoid government sniper fire. While you're there, click the link to see the rebels using a gasoline tanker truck as an improvised flame-thrower.

After that, check out this slideshow on the rebels' more traditional DIY weapons.

H/t to BI.

National Security

Defense bill would require contractors to notify DoD of cyber intrusions

In case you missed it, buried inside the 2013 defense authorization bill is a clause that would require defense contractors to notify the Pentagon any time they have suffered a "successful penetration."

Section 936 of the bill requires that the Pentagon "establish a process" for defense contractors that have classified information on their networks to quickly report any successful cyber attacks against them to the Defense Department. Contractors must include a description of the "technique or method used in the penetration," and include samples of the "malicious software, if discovered and isolated by the contractor," reads the bill.

The bill would also require contractors to give DoD access to "equipment or information" to determine if any classified "information created by or for" the DoD had been stolen. It prohibits the Pentagon from distributing this information outside of DoD without the victim's approval.

(While a limitied number of contractors already participating in DoD's cyber security program known as the DIB CS/IA already tell the Pentagon about such breaches, this law would cover all defense contractors, explained a Pentagon spokesman.)

Sound familiar? That's because this language is similar to what Sens. Joe Lieberman (I-Ct.) and Susan Collins (R-Maine) wanted utilities, transportation companies, telecoms and banks to do with the Department of Homeland Security in the Cyber Security Act of 2012, which failed to advance in the Senate last month.

Advocates say Section 936, authored by Senate Armed Services Committee chairman Carl Levin (D-Mich) is badly needed given that U.S. businesses including defense contractors have had reams (billions of dollars worth, by some accounts) of sensitive data stolen by hackers in China and Russia. In fact, 2007 and 2008 Lockheed and other defense contractors working on the F-35 Joint Strike Fighter program (the biggest weapons buy in Pentagon history) were the victims of large-scale hacks that resulted in classified information about the jet being stolen, leading to a costly redesign of some of the plane's systems.

It may be no coincidence that China recently produced a stealth fighter -- the J-31 -- that looks an awful lot like an F-35.

"This is really important. We shouldn't belittle it -- there's a lot of this stuff going on," David Smith, director of the Potomac Institute's Cyber Center, said during a Dec. 4 speech. "We're basically funding the research and development for the People's Liberation Army and the army of the Russian Federation and maybe a few others."

During a press conference after the Senate passed its version of the NDAA this week, Levin said, "I think it's so obvious that if a defense contractor with classified information has their networks penetrated and attacked, that the government has to know about that."

John McCain (R-Ariz.), the top republican on the Senate Armed Services Committee, echoed Levin's statements, saying that since defense contractors are spending public money, they should have to report security breaches.

"It's the taxpayer's dollar," said McCain, who opposed the Lieberman-Collins bill because he thought that the National Security Agency, not the civilian DHS, should have the lead in protecting critical infrastructure from cyber attack. "It's nonsense to think that somehow the government should not be made aware of" cyber attacks against defense contractors.

U.S. Air Force