Thursday, March 12, 2015

CIA Plays Catch-up to Fight Cyberterrorism

By Jim McFarlin

Cyberterrorism is the number one threat facing the U.S.

The Director of National Intelligence ranked cyberterrorism as the top threat to our country – even more so than threats such as Islamic terrorist groups – in the just-released analysis, “Worldwide Threat Assessment of the US Intelligence Community.”

In a 2014 report, the General Accounting Office found that the FAA as having “...security weaknesses which threaten the agency’s ability to ensure the safe and uninterrupted operation of the national airspace.”

The recent cyberattacks against Sony Pictures Entertainment have raised the stakes even higher, creating what cybersecurity professionals have deemed “the dawn of a new age” for cyberattacks. Now, cyberterrorism not only aims for destruction, but to influence behavior.

Where does the nation’s preeminent intelligence agency fit amidst such an array of new cyberthreats facing the United States?

Oddly, out of step.

Wednesday, January 28, 2015

2015 Marks a Critical Juncture for America's Cyber Security

By Jim McFarlin

2014 was a challenging year for America’s cyber security. Like falling dominos, a wave of corporate, government and military organizations succumbed to damaging, expensive and–in many cases–embarrassing breaches of their information networks.

2015 promises to be even more challenging. The Department of Homeland Security estimated a 215% increase in reported cyberattacks over the past three years, with similar acceleration projected into the foreseeable future.

Last year’s attacks offered many lessons, most notably these:

      It was repeatedly demonstrated that when cyber assailants come to call, the U.S. is vulnerable, unaware, and open to attack. 

      It was also apparent that the safety of personal financial and investment accounts is effectively in the hands of those with malicious intent, not the institutions that hold our assets.

The only positive claim any of those attacked could make was that the damage was contained--and eventually stopped. However, it’s important to keep in mind that these are the institutions that were unaware of their network intrusions for weeks or even months.

Further, in a reported 71% of cases, those being breached only became aware of the attacks once informed by an outside party or government agency.

The list of compromised businesses includes retailer Target, which somehow managed to miss or ignore alerts they were under cyberattack despite 24/7 outside monitoring and the installation of a brand new $1.6 million cybersecurity system just three months before the attacks. The assault swept across the land throughout the year, ravaging the likes of Neiman-Marcus, Michael’s Stores, PF Changs, Home Depot, JPMorgan, and many others.   

JPMorgan, considered the “gold standard” for cyber security in the financial services industry, boasts a staff of 3,000 cybersecurity professionals backed by an annual cybersecurity budget of $250 million. Even this was not enough to stop cyberattackers from hacking account information. In fact, the banking giant realized that up to 83 million accounts had been compromised only after an incidental tip from a third party.

The Sony Pictures attacks in November went beyond data theft, involving not only misappropriation of intellectual property (films), but also destruction of computer systems, extortion, and threats of 9/11-style violence. 

The confused, conflicting, and oft-reversed response from Sony and involved U.S. agencies clearly illustrate yet another lesson from 2014: the U.S. is woefully unprepared to respond to serious cyberattacks in a coherent, effective manner.

With such examples of successful attacks against major institutions, can the organizations that produce and distribute our electrical power be far behind?

The answer is that no such safety, perceived or otherwise, can be taken for granted. In a serious cyberattack against U.S. power generation or distribution facilities, power outages impacting large swaths of the country could continue for weeks, months or longer, rendering traditional preparedness actions ineffective, and in the end, only delaying the inevitable chaos, loss of life and lack of social order.


When considered against the deadly combination of escalating global instability, the growing black market availability of cyber weaponry, and the startling propensity for Islamic extremists to take their war to the home turf of Western democracies in Europe and beyond, cyber insecurity appears to describe America’s future for the coming year.


("Global Networking" Image by bluebay/FreeDigitalPhotos.net)

Wednesday, December 24, 2014

Sony, North Korea and the Future of Cyberwarfare

By Jim McFarlin


The recent hack against Sony Pictures Entertainment (widely believed to have been perpetrated by North Korea), its threats of physical violence against Americans, and its successful attempt to restrict our right of free speech can only be termed an attack on America.

Tuesday, December 9, 2014

Increasing Cyber Threats Fuel Growing Global Disorder

By Jim McFarlin

The world as we once knew it, one of post-Cold War order with the U.S. as a primary world power, is disappearing before our eyes. In its place, we are left with a world now defined by mounting global disorder – and cyber threats only add to the chaos.

An expansionist Russia and increasingly aggressive China seek to establish new spheres of influence; meanwhile, the cauldron of war and unrest engulf the Middle East and North Africa. At the same time, the U.S. sits on the brink of a nuclear-armed Iran, which surely has its own ambitions for global power.

As Senator John McCain puts it, “We’re in the most dangerous position we’ve ever been in as a nation.”

Wednesday, November 12, 2014

Cyber Alert: The Russians Are Coming

By Jim McFarlin

When it comes to today’s digital world, it is the best of times – and it is the worst of times.

Although we enjoy an era of unparalleled worldwide commerce, sharing of cultures, and global communications thanks to the Internet, we also find the power of this marvelous creation turned on us in ways we would not have considered possible just a few years ago.

Goals such as improving quality of life, extending the benefits of health care for all and spreading economic benefits are still there but deemed perhaps unachievable, or at a minimum both diluted and distorted.

The good is here but the bad has come with it – and there is no going back. The genie is out of the bottle.

A rising torrent of cybercrime attacks on hundreds of millions of Americans has swept the nation. Roughly 280 million customers have been affected by cyberattacks on Home Depot, eBay, and JP Morgan.

The government has fallen victim, too. The Washington Post reported that hackers affiliated with the Russian government have breached computer networks at the White House; meanwhile, the Chinese government infiltrated the Department of Defense to steal plans for the F-35 advanced fighter jet.

There appears to be no end to such cyberattacks, nor means to stop them. Worse, there are ominous signs that these attacks are just the beginning.

A recently released study by the Pew Research Center study found that more than 60 percent of 1,642 computer and Internet experts polled believe a nationwide cyberattack against the United States is imminent.

The most vulnerable targets include essential critical infrastructures like power distribution. Many also expect attacks against the financial services sector at a larger scale than is now being experienced, possibly leading to economic disruptions worldwide.

Those surveyed did not have expectations of immediate attacks, but such views quickly became outdated in October, when the Wall Street Journal reported that Russian computer hackers have already begun laying the groundwork for such attacks against the U.S.

In researching recent cyberattacks, investigators for cybersecurity firm FireEye found “sophisticated cyber weapons able to evade detection and hop between computers.” The investigators also found code programmed on Russian-language machines that was sophisticated enough to indicate a government sponsor, specifically a government based in Moscow.

The cyber weapons discovered by FireEye, known as “trojan horses,” have been discovered in America’s critical infrastructures such as power and water facilities. Such weapons consist of malicious software that potentially threatens all aspects of our daily lives and is just waiting to be activated.

Such cyber weapons implanted in American industrial facilities can be located and disposed of, but the facts are there: more will come.

Cold War 2.0 has begun. And the Russians are not just coming with the genie in hand; they are already here.


("Grunge Flag Of Russia" by creativedoxfoto/FreeDigitalPhotos.net)

Tuesday, October 28, 2014

China’s Cyberespionage against the U.S. Is Just the Opening Gambit

By Jim McFarlin

The world is becoming increasingly hostile. The evidence is mounting: struggles with ISIS in the Middle East; Russia’s adventurism in Ukraine and the California coast; Iran’s nuclear bomb; and China’s aggression in the South China Sea, not to mention her new boomer subs.

Of these, China’s aggression is perhaps the most subtle -- and most concerning.

Thursday, October 2, 2014

Jihadists to America: Cyberattacks Are Coming

By James McFarlin

The 9/11 Commission’s authors placed primary blame for the success of the attacks on “a failure of imagination.” America’s intelligence agencies, with all of their resources, did not awaken to the gravity of such a threat to our nation until it was too late. The authors recently reprised this conclusion in an updated 9/11 Report assessment with a fresh warning:

“We must not repeat this mistake in the cyber realm.”

But if we do not wake up – and quickly – to the very real threat of 9/11-class cyberattacks against the United States, we may soon find ourselves reliving the nightmare of 9/11 all over again.