czarwars

...now browsing by tag

 
 

Cyber Fear Echo Chamber

Wednesday, December 2nd, 2009



 

Theologians, Politicians, and Financiers agree! When in doubt use a little fear and not FUD.

Interesting how things pick up right where we left off; with discussion of MAD and CyOffensive Stratagies. A policy of ‘deterrence’ only works when you are not bluffing, and can neutralize your opponent. Hence
Can America take over the internet?”, because thats the only way such a policy would be effective. CyWar is more of a guerrilla operation, there is no specific target to nuke.

 

A threat pops up here, we whack it down, and another one comes up here – this is the environment that many of your enterprise cybersecurity officers are facing,”Bruce McConnell, counselor to DHS’ top cybersecurity official


Threats like al Qaeda?

 

I don’t think they’re the most capable in the world, but they have some capability,”Former Homeland Security Secretary Michael Chertoff


I am worried about some terrorist group [with] the capability to destroy the U.S. money supply,” The impact of such an attack would be “an order of magnitude greater” than the Sept. 11 terrorist attacksthe former Director of National Intelligence Mike McConnell


Spottswoode: From what Intelligence has gathered, it would be 9/11 times 100.
Gary:9/11 times 100? Jesus, that’s–”
Spottswoode: “Yes, 91,100.

Kim Jong Il:It will be 9/11 times 2,356.”
Chris:My god, that’s… I don’t even know what that is.”
Kim Jong Il: Nobody does.” – Team America World Police

 


FBI Suspects Terrorists Are Exploring Cyber Attacks

While there is no evidence that terrorist groups have developed sophisticated cyber-attack capabilities, a lack of security protections in U.S. computer software increases the likelihood that terrorists could execute attacks in the future, the official warned.

If terrorists were to amass such capabilities, they would be wielded with “destructive and deadly intent,”

Cyber agencies mum on how they try to identify cyberattackers

Identifying the sources of cyberattacks might not be technically possible in all cases, federal agencies can draw conclusions based on motive and the consequences of the attack

There is “no evidence” terrorists are ready for CyWar, but Chertoff seems to think they have some capability, and McConnell is worried they will destroy the economy before the bankers finish it off.  I almost feel like some of these people are doing the work of the terrorists by striking fear of  “destructive and deadly” CyAttacks into the hearts of hard working men and women.

McAfee stirred things up the month with some secondhand fearmongering.

Nations all over the world are gearing up for a cyber war and that everyone must adapt to these threats”David Dewalt, McAfee president and CEO

Now the media, which knows exactly squat about CySec, can only put into the echo chamber what they are fed into the. Which is exactly what happens with the McAfee statements.

McAfee Cautions About The Possibility Of Cyber Wars

Cyber Warfare Warning Sounded

Cyber Warfare Warning Sounded
In its annual report on cybercrime, McAfee says that the age of cyber warfare has arrived.

FBI Suspects Terrorists Are Exploring Cyber Attacks

Separately, the computer anti-virus company McAfee Inc. issued a report by Paul Kurtz, who led the cyber-security review for the Obama transition team. He concluded that some cyber-attacks in 2007, including Israeli cyber-attacks on Syria and U.S. cyber-weapons employed in Iraq, constitute cyber-warfare.

Cyber ‘cold’ war may have started

Cyber ‘cold’ war may have started


Hold the phone. A cyber cold war? I’ve been talking about this for several months now. To clarify it is not a ‘cyber cold war’, it is The Cold War. The established and powerful military industrial complex, which Dwight Eisenhower warned us against, is moving its resources into the Intelligence Industrial Complex. The same old players, now working the intelligence angle; The Cold War.

 

CyberWar is a Racket

Under the threat of war, the cost of defense is never too high. A nation is under significant obligation to protect its investments where ever they may be. What we see now, is the transition from physical to electronic defense. The United States is returning to Cold War status. In preparation for this the advancement of technology and the power of the intelligence community is of the foremost importance. In order to maintain a position of dominance, the government must sustain its partnership with wartime industry. Through a metamorphosis of the “military industrial complex”, into a new “intelligence industrial complex”, this accomplishment can be witnessed. The ever present fear of terrorism will still be used as justification for sustained engagement. The new terrorist threat comes from what the media refers to as hackers.

 

Its not even McAfee’s report. It’s Richard A. Clarke’s. See how this works? The Public-Private sycophants spoon feed the media into a frenzy to get them stirred up. The media echo chamber picks up the supplied message, and unsuspecting members of the public become influenced by it and believe the lie, which causes them to be more than willing to vote for any sort of legislation that could remedy the issue. Sounds like we’ve gone back to the Hegelian scheme once again.

Dick Destiny
The report itself is attributed to Paul Kurtz, another of Richard Clarke’s
men. Buttressing quote is furnished by Greg Rattray, another in a small
circle of individuals all known for pushing the coming age of cyberwar.

Paul Kurtz, if you remember, was one of my first picks for CyCzar.

CzarWars Episode 1
Paul Kurtz an Obama advisor who served in the national security council
under bush and Clinton, he has in the white house for long enough to
know its politics. Kurtz is also one of the people quoted in the
findings on which the Cybersecurity Act was drafted saying “the United
States is unprepared to respond to a `cyber-Katrina’ and that `a
massive cyber disruption could have a cascading, long-term impact
without adequate co-ordination between government and the private
sector”. Here is a person that fits my criteria, he is technical,
political, and a possesses an overwhelming desire to over-hype the
cybersecurity threat with the understanding that it will create revenue
to his and others private interests. It’s all about the money. If you
check out the consulting team Paul B. Kurtz is on, it’s also about the
cyber-FUD.


He is also mentioned in the CySecurity Act of 2009:

 

(6) Paul Kurtz,
a Partner and chief operating officer of Good Harbor Consulting as well
as a senior advisor to the Obama Transition Team for cybersecurity,
recently stated that the United States is unprepared to respond to a
`cyber-Katrina’ and that `a massive cyber disruption could have a
cascading, long-term impact without adequate co-ordination between
government and the private sector.’.


The people who stand to make the most profit from a little cyFear create a report. They give it to a company whose name is well known to the general public. The company feeds the report into the media echo chamber which bounces it back and forth making it seem legitimate. The public believes the lie, and is now willing to continue funding the people who stand to make the most profit from a little cyFear.

Hegelian Dialectic – Step 1: need $$$ Step 2: FUD Step 3: $$$

 

 

Despite the apparent lack of leadership or direction, the money is still getting spent. It seems that many of the recommendations set out in the proposed bill 773 are being implemented. Regional CySecurity Centres, and competitions to recruit skilled workers are two I can think of at the moment. In addition to competition based recruitment, thousands of skilled CyOps (Cyber Operators) have been offered employment for the purpose of national CySecurity. It is not just regional centres, which as the bill suggested would be facilitated by existing local institutions, but there are many new structures being constructed.


It’s almost as if they are taking CySecurity and the CyWar seriously, while appearing to seem incompetent. I know what you’re thinking, it’s the government, “
Never ascribe to malice that which is adequately explained by incompetence”, but I’ve never agreed with that statement. I know that by feigning incompetence you can avoid responsibility, it’s even in the Art of War; “Appear weak when you are strong, and strong when you are weak.

By preventing unwanted meddling with development of CyDefenses, the NSA and DHS and their corporate partnerships are actually throwing a fair amount of money at the problem. The issue with the CyCzar, and apparent lack of focus, could be a clever ruse.

So what is the real plan?
Monitoring, storeing and most importantly indexing every communication possible. Why else would the NSA be in charge? Now they have their own Air Force unit, where the CyWar will begin to merge with NetCent Ops. Imagine! A mobile militarized and offensive arm of the NSA; for those hard to reach communications during the next Cold War years.

CyWar is job security for an industry who has run out of sophisticated enemies to fight on the ground.


Bonus:

Buzzword: “IT Eco-System”
Freudian Typo:

Senate Panel: 80 Percent of Cyber Attacks Preventable

We need to, as a nation and as an IT echo system, continue to make it more simple for people to institute protections to determine if they’ve been compromised and to make sure they stay secure,” said Reitinger, a former Microsoft executive.

CzarWars Episode II: A lack of the Cojones

Monday, August 10th, 2009

CzarWars Episode II:  A lack of the Cojones

Hathaway is out, and a game of musical chairs is being played to see who gets stuck with the undesirable position of Cybersecurity Coordinator.  There are a number of personal reasons why no one would want to take the job. Whoever is finally selected will likely be lobbying on behalf of a number of interests. They will come in with the understanding they will have no effect on the state of the nation’s cybersecurity, and use the position to influence policies that will benefit the groups he or she represents.  This comes as no surprise after several tarot readings were done asking who the cyberczar would be. At this point a hokey religion and ancient superstition seems to be just as insightful as any of the industry analysts.

I don’t think it’s necessary to go into any great detail about the Hathaway’s resignation. It is important to note that she will remain at her position until August 21. This could possibly indicate a timeframe for the finalization of the selection process for her replacement. She stated that her reasons for leaving were personal. Some have suggested she may move into the private sector and work for her former boss Mike McConnell at Booz Allen Hamilton.

All of the likely czar choices are circling around trying to get seated before the music ends. Who ever is left standing will have to take the czar job. Everyone else will find themselves in various consulting positions where they can affect change, and receive a competitive salary. 

The czar position is one that nobody wants. In addition to Hathaway, let’s not forget that Rod Beckstrom stepped down from his position citing fears over NSA involvement. Now the DHS cybersecurity official, Mischel Kwon, has stepped down from her position as director of US-CERT.  I starting to wonder what the hell is going on up there in the District of Columbia. It could be that Alexander is exercising his power from the NSA to align things to his benefit.  Maybe we are just wasting time waiting for the announcement of the coordinator.


Among those who told the White House thanks but no thanks, The Washington Post reports: former Republican U.S. Rep. Tom Davis of northern Virginia, Microsoft executive Scott Charney, Symantec Chairman John Thompson and retired Air Force Gen. Harry Raduege Jr., the former Defense Information Systems Agency director and co-chair of the Commission on Cybersecurity for the 44th Presidency, which proposed the White House establish a cybersecurity post that has more influence than the job Obama described.


If agency CIOs, CISOs and others responsible for securing government IT are awaiting the appointment of the cybersecurity coordinator to get their marching orders, they’re wasting time. In reality, what will happen in the White House in the coming weeks will have little or no bearing on what agency security managers must do now to perform their jobs.

It’s not like we don’t need a fall guy, someone who can speak to the public about events like the recent electronic attacks on US and Korean networks.  It’s been over two months now since the position of ‘coordinator’ was announced, and it seems like we are headed in the opposite direction of actually filling the position.  Other then acting as a scapegoat, there are a number of other reason why this is something that should have been resolved before the first of June.


•  There is a lot of money being spent on cybersecurity everyday – with no comprehensive strategy. Not only are individual agencies spending millions of dollars on cybersecurity but a highly classified, multiyear, multibillion-dollar project, approved by the Bush Administration called CNCI — or “Cyber Initiative” – had a budget of $30 billion. This initiative was implemented with the goal to secure government, commercial and critical infrastructure computer systems against foreign and domestic intruders. We are talking big bucks here. Would you as a CISO let your business areas spend on security initiatives as they please without any coordination, communication or strategy?  

•  Critical infrastructure needs immediate help. Our critical infrastructure needs help. It is antiquated, prone to viruses and worms, and people doing stupid things ultimately leading to costly disruptions in service. Add to this the potential threats associated with foreign government hackers (Electricity Grid in U.S. Penetrated By Spies) and you’ve got an urgent matter on your hands. Other critical infrastructure breaches (FAA says info on 45,000 workers stolen in data breach) and commercial data losses (Hackers Breach Heartland Payment credit card system) brings no consolation.

•  FISMA has utterly failed at securing government infrastructure. We have all come to realize that FISMA has done little to improve the security of government systems, and created an additional layer of processes and a healthy revenue stream for beltline consulting companies. The Cybersecurity Czar needs to take over the responsibility of ensuring FISMA 2.0 is in line with the current realities on the ground and is able to change the focus from “compliance” to security.  

•  Capture the momentum and excitement. I have never seen such optimism and excitement in the security industry for a government initiative. Security experts and the industry at large is offering to help in whatever capacity they can to improve the nation’s cybersecurity posture. We need to seize the opportunity and come up with a defined strategy (not high level goals and objectives) and strong leadership that can channel this energy into positive action.

•  Perception is almost as important as reality. Many people hailed Mr. Obama’s speech on May 27thas a strong warning to our adversaries that we are serious about security. The recommendations from the cybersecurity review were also heralded as the right first step. But nothing has happened since. We don’t have a plan, any specifics on how those recommendations will be implemented nor a Cybsersecurity Coordinator. By not following it up with action, what message are we sending? We need to at least be perceived as taking security seriously.

I expected the response to the recent attacks on Korean and American systems to be a big wake up call. Instead of the expected Gulf of Tonkin type of response, as time has passed the coverage slowed to a trickle and finally dried up.  It seems the government and military’s incident response tactic is to sweep the event under the rug (so far as the media is concerned).    Things are going to continue to get worse, and while the real techies are hard at work trying to come up with solutions, there is no public face for America’s security solution.  


Most notably, as my colleague Robert McMillan has reported, a botnet of about 50,000 infected computers has been waging a war against U.S. government websites and causing headaches for businesses in the U.S. and South Korea.
“The attack started Saturday, and security experts have credited it with knocking the U.S. Federal Trade Commission’s (FTC’s) Web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the U.S. Department of Transportation (DOT),” McMillan wrote, offering this quote from an unnamed DOT spokeswoman: “The DOT has been experiencing network incidents since this past we
ekend. We are working with the U.S. Computer Emergency Readiness Team [US-CERT] at this time.”

Meanwhile, a South Korean researcher investigating the attacks has uncovered a sizable hit list of sites in and out of government, including some high-profile targets in the banking sector.

Maybe Obama is doing the right thing. The last thing we really need is some new jerk coming in and forcing more standards on the security professionals.  The czar would just be one more person in the cycle not actively perusing a solution, and causing more work for everyone else. This factor may already be understood by the corporations and government. There have been numerous employment offers in the public and private sectors for cyber related work. We should see a workforce in the tens-of-thousands in just a couple of years. At which point we may actually need a ‘coordinator’ to manage the new work force.


The response at most agencies has been to turn to outside contractors to perform sensitive work. That’s led to situations such as the one at the Department of Homeland Security, where contractors accounted for 83 percent of the chief information officer’s staff last year.
The report urged the White House cyber czar to enhance training and giving departments expanded authority to hire specialized talent. And it urged Congress to ramp up funding for training programs and scholarships to build a pipeline of qualified workers.

We are still left with the question of who will be the next cyber czar, the position which is officially vacant now.  At this point it seems that no one can fathom who would be willing to take the job, so a tarot reading is just as accurate in this situation as anyone’s opinion.

So what did the cards say?

•  person will be duped in to it for the money and power. they will have neither
•  czar will be duped into thinking they have the power to change the world. talented and naive. a final scapegoat
•  czar has power over nothing. strong beliefs. world behind them, will seem powerful.
•  czar will be well intentioned non-noob restricted by beurocracy and destined for failure

The czar will take the job for the money, and the power, and actually believe they can make a difference. Unfortunately there is no one so seemingly Idealistic and Naive in Washington, except for the President himself. Interestingly enough, though I was focusing on the identity of the new czar, the results give an excellent description of Obama.  
While all of that is painfully obvious in relation to the czar position, I have never seen the cards fall like that before.  While an entertaining anecdote on this story, the fact remains that we are apparently no closer to finding the czar.  This, however, might not be such a big deal. We already know that no one really wants the job any way.
Names of possible candidates seem to pop up to the surface every so often.  It is difficult to determine if they are legitimate candidates, or have just thrown their names into the media for the extra attention.  My current favorite is Franklin D. Kramer.


Franklin D. Kramer:
Distinguished Research Fellow at the Center for Technology and National Security Policy.
Assistant Secretary of Defense for International Security Affairs from March 1996 to February 2001
Deputy Assistant Secretary for European and NATO Affairs from January 1996 to March 1996
Principal Deputy Assistant Secretary of Defense for International Security Affairs from 1979 to 1981
Special Assistant to the Assistant Secretary of Defense for International Security Affairs from 1977 to 1979


“Mr. Kramer is the chairman of the board of the World Affairs Council of Washington, D.C.; chairman of the Committee on Asian and Global Security of the Atlantic Council and on the Executive Committee of the board; a Capstone Professor at George Washington University Elliott School of International Affairs; and on the board of directors and board of advisers of other organizations. Mr. Kramer has been a partner with the Washington, D.C. law firm of Shea and Gardner. Mr. Kramer received a B.A. cum laude from Yale University in 1967 and a J.D. magna cum laude from Harvard Law School in 1971.”


This puts Mr. Kramer in Yale at the same time as George Bush and John Kerry.  There is no specific mention as to if he was also a member of the Skull and Bones society.  His credentials make him the most likely candidate yet. He is a Washington insider, accustomed to dealing with security, and his research fellowship implies an understanding of technology.  Currently he is consulting in the private sector, and is tied to the green movement by serving as director and executive vice president at “Changing World Technologies”.   


Mr. Kramer has served as a director of LSI since September 2001. Since February 2004, Mr. Kramer has been an independent consultant. From March 2001 to May 2005, Mr. Kramer was a lawyer with Shea & Gardner, now Goodwin Procter LLP. Mr. Kramer served as a director of Changing World Technologies, Inc., a privately held energy and environmental service company from February 2002 to April 2006. From February 2002 to December 2003, Mr. Kramer served as Executive Vice President of Changing World Technologies. From January 2004 to January 2006, Mr. Kramer served as a consultant to Changing World Technologies. From March 1996 through February 2001, Mr. Kramer served as Assistant U.S. Secretary of Defense for International Security Affairs. Mr. Kramer currently serves on the boards of directors and board of advisors of various organizations and private companies. Since March 2007, Mr. Kramer has been an Operating Advisor for Pegasus Capital.



Pegasus identifies complex situations where financial, legal or governmental issues might deter conventional investors and creates value by exploring options like revising a business model, entering new markets, introducing new products or technologies, and entering into strategic partnerships.

This sounds like the sort of thing that would be right up the czar’s alley. Working around laws and regulations would help the Intelligence industry quite a bit.  This brings up the question as to who are the so-called ‘security experts’ that are pushing the recommendation for the czar position?  I’ve got a hunch that it’s the same people pushing for the Cybersecurity act, who stand to profit the most from this racket; the Intelligence Industrial Complex. Kramer could tie the .gov, .mil, and .com sectors together for their own benefit.


Hathaway took herself out of the running for the job, most likely because she realized that despite her qualifications, she wasn’t going to get the post. “I wasn’t willing to continue to wait any longer, because I’m not empowered right now to continue to drive the change,” she told The Washington Post. “I’ve concluded that I can do more now from a different role,” most likely in the private sector.
(As an aside, it’s unlikely that she’ll return to the Office of the Director of National Intelligence – where she was on loan to the White House to conduct the “60-day” review of the federal cybersecurity pos
ture – because her “rabbi,” Adm. Mike McConnell, resigned as national intelligence director at about the time she took on the White House assignment. McConnell returned to the business consultancy Booz Allen Hamilton, where they both had worked before coming to the ODNI. Will she rejoin McConnell?)


We are looking at the return of the cold war, and we are unprepared.

Click to continue »

CzarWars Episode 1 – The Phantom Finance

Wednesday, June 24th, 2009

CzarWars Episode 1 -The Phantom Finance

First of all we need to define the various compartments of network security.  There is the Military/Government sector, the DOD is responsible for defending these systems. There is the public government infrastructure, which the DHS will be in charge of defending. There is the private sector which are responsible to defend themselves. mixed in with this is the general protection of the people which will come in usual form of software developed by the private sector.

The announcement has not yet been made for the new cybersecurity coordinator.  though there are many choices, and much speculation. I’ll add to it with my own observations.  All of the choices will be from one of the 3 sectors who have a stake in the cybersecurity plan. Whoever is selected will show what lobby has been successful. The DOD has stated repeatedly they have no interest in backing the position. that leaves the DHS and big business.  It gets a bit complicated because the DHS also has a close private-public collaboration.  So the distinction again needs to be made that there are two levels of defense here. the DHS, while responsible for civilian infrastructure, only takes responsibility for the systems that are government critical. The rest of the work, dealing with what their CISO calls the standard internet pollution, will go to some of the big names in public security. Meaning the responsibility to protect the people will be left to Anti-Virus vendors, and Microsoft. The person who is selected should have an existing understanding of current national security policy.  This would rule out the representatives from a strictly business background. The new cyber coordinator will most likely be someone from inside government, or someone who has recently gone into the private government consulting sector.  Before I continue I should mention Keith Alexander is rumored to be head of the new [cyber]command, but this is not the czar position. Melissa Hathaway already holds a similar white house position, and it is possible that she could receive the promotion – though I get a sense of reluctance either from her, or on the part of the white house.  What we have left is Fred Kramer, the former assistant defense secretary for international affairs under president Clinton, Paul Kurtz an Obama advisor who served in the national security council under bush and Clinton, Maureen Baginski  a former FBI intelligence leader, and Tom Davis.

To update this a little bit, Alexander was selected as head of the CyberCommand, and Tom Davis has expressed that he is quite comfortable in his new position in the private sector, he mentioned he was lucky to get out with out an indictment, and has no plans to return. Davis did act quite nervous when confronted about the position, so it is possible he already has been confirmed and is playing the denial game until the president makes it official.

The cybersecurity coordinator will need to have a technical enough background to understand the details of security recommendations. This person will need to then be able to translate the recommendations into terms that the president can understand, as well as pass them along to the Secretary of Commerce who can choose to request funding from the OMB.  The cyberczar might not have direct power to make changes, but the position is an important one. There is defiantly need for a coordinator to facilitate between the public-private partnership and the Executive Office of the President.  Someone who already has a good understanding of national security, technical knowledge, and political ability.  I’ve made my pick based on the current choices, so when if pull someone out of left field don’t hate.

Paul Kurtz an Obama advisor who served in the national security council under bush and Clinton, he has in the white house for long enough to  know its politics. Kurtz is also one of the people quoted in the findings on which the Cybersecurity Act was drafted saying “the United States is unprepared to respond to a `cyber-Katrina’ and that `a massive cyber disruption could have a cascading, long-term impact without adequate co-ordination between government and the private sector”. Here is a person that fits my criteria, he is technical, political, and a possesses an overwhelming desire to over-hype the cybersecurity threat with the understanding that it will create revenue to his and others private interests.  Its all about the money. If you check out the consulting team Paul B. Kurtz is on, it’s also about the cyber-FUD.

-I don’t want to leave out Maureen Baginski as a possible choice, since the current administration seems to be about equal opportunity employment, breaking barriers, etc.  Baginski is a career NSA gal who was tapped by FBI Director Robert Muller to reform the FBI’s handling of domestic intelligence.  It was suggested that major restructuring within the government might be required to integrate ‘cyber’ as a separate but equal department.-

Twitter links powered by Tweet This v1.8, a WordPress plugin for Twitter.

Get Adobe Flash player