The Complex

Ex-Canadian Army chief warns of increased gov't control in cyberspace


In case you haven't been following it, the Twitter traffic from today's Cyber Dialogue 2013 at the University of Toronto's Munk School of Global Affairs featured a great quote from a recently retired Canadian general.

Lt. Gen. Andrew Leslie (chief of the Canadian Army from 2006 to 2010, shown above in 2009) apparently made a comment that yours truly has heard plenty of times in Washington: a major, destructive cyber attack would likely prompt a knee-jerk reaction from governments that greatly expanded their control of the Internet. Killer Apps wasn't at the event to hear the quote directly, but here's what people who were at the event tweeted about it.

Taylor Owen, research director at Columbia University's Tow Center for Digital Journalism, tweeted that the general's comments sent "a chill over" the conference:

 "@taylor_owen wow, Andy Leslie sends a chill over cyberdialogue "You are all running out of time before 'people like me' try to govern cyberspace #cd13"

Scott Carpenter of Google Ideas called the Canadian general's comment "a weird threat":

 "@JSCarpenter11 Weird threat from a former general: "you're running out if time" b/c once "something bad" happens in cyber gov't will assert control #cd13"

Finally, Richard Bejtlich, chief security officer at cyber firm Mandiant, tweeted:

 "@taosecurity At #CD13 retired Canadian general warns "you're running out if time" because once "something bad" happens in cyber, gov will assert control."

It's interesting to see cyber professionals from some of the foremost institutions in tech, business, and journalism express surprise over Leslie's comments. U.S. lawmakers have made similar comments throughout the last year in trying to pass cyber security legislation.

Reps. Mike Rogers and Dutch Ruppersburger -- co-sponsors of CISPA, the cyber security bill currently being worked on in the House -- have used this argument several times in an attempt to push lawmakers to adopt their bill, which civil liberties advocates say is harmful to individual privacy rights.

Last summer, James Lewis of the Center for Strategic and International Studies warned that a destructive cyber attack will likely result in Congress passing legislation that runs roughshod over privacy rights.

Bruce MacRae, Flickr

National Security

The Saudi air force wants to protect its newest planes from cyber attack

The U.S. Air Force is looking for someone to help the Royal Saudi Air Force keep its fleet of brand new F-15SA Strike Eagles safe from cyber attack.

Remember, the Saudis bought 84 Boeing-made Strike Eagles in December 2011 as part of a mammoth weapons buy. Deliveries of the new jets are slated to start in 2015. Like other 21st century fighter jets, the newest Strike Eagles are tied to computer networks that could be vulnerable to hacking. 

To protect against this, the U.S. Air Force wants to hire someone to give the Saudis "initial Computer Network Defense (CND) capabilities, facilities, and manpower necessary to protect sensitive networks, systems, and data generated and utilized in support of F-15 flight, maintenance, supply, and operations activities," according to this March 11 notice. The U.S. Air Force estimates that this is a $110-$120 million business opportunity, pretty small when compared to the $29.4 billion contract for the 84 new jets.

This is just the start of the Saudi air force's effort to develop a "robust and survivable Computer Network Operations capability," according to the notice.

In addition to designing software and procedures necessary to protect the jets from hacking, the contractor will be expected to build the Saudi air force's new "Secure Communications Facility," which includes the service's primary data center, its new "Cyber Security Operations Center/Network Operations & Security Center," and a secure satellite communications facility.  

The Saudi F-15s aren't the only new fighter jets being built with cyber security in mind. Lockheed Martin's F-35 Joint Strike Fighter program underwent a pretty big software overhaul after it was discovered that its computerized maintenance and flight planning systems -- called ALIS -- was vulnerable to hacking. This meant that enemy spies could discover all sorts of information about the maintenance status of the jets, pilot readiness levels, and potentially the plane's weaknesses. Until late in the last decade, fighter jets weren't necessarily designed with cyber security in mind.

If you want to get in on the effort, the Air Force is hosting industry days to talk to potential vendors on April 9, 10 and 11 at Hanscom Air Force Base, MA. 

Wikimedia Commons