Friday, December 6, 2013

Manhattan Project Needed for U.S. Cybersecurity?

By Jim McFarlin

I have written here about the risks America faces from rapidly dispersing cyber threats, the powerful forces of indifference and disbelief aligned against the development of our cyber defenses, and have made an argument for US preemptive cyber strikes against those who would attack us.

On a daily basis, cyberattacks successfully remove our intellectual property and military weapons plans, disrupt banking systems operations, and repeatedly steal personal information that is supposed to be secure.

The operative question: What it will take to marshal America’s resources to push us into developing effective national cyber defense capabilities?

Will it take another 9/11?

Monday, November 25, 2013

Why the U.S. Will Preemptively Initiate Cyberwar

The pressures for preemptive global cyberwar are building, not because of the conclusion it provides but because of the salvation it offers.


Too many weapons. Too many bad actors. Too many untenable motives.

Such is the realm of cyberspace conflict today, a world where weapons are readily available and new antagonists seeking to advance their agendas can enter the fray with ease.

These are just three of the forces driving a global marathon that is racing toward a dangerous outcome. Only a few – if any – winners will cross the finish line.

It is a world in which the nation-states with cyber power moderate usage of their cyber weapons: China and Russia because they are perhaps satisfied with the intellectual property and military plans they retrieve; Iran and North Korea perhaps due to their fear of retaliation.

The newer cast of bad actors are another problem altogether. Extremists and the growing forces of cyber militias have no such fears and thus present a major danger to the U.S., Britain and other developed nations.

With no one else to rein these dangerous new players in, the U.S. will be forced to take offensive action, even if it takes the form of a widespread cyberwar. Here’s why:

Monday, November 11, 2013

Geopolitical Currents Push U.S. Cyber Defenses to the Edge

Defenselessness. Indifference. Disbelief. All are individually strong currents under any circumstances.

When it comes to America’s attitude toward cyber threats, all three are in play: churning, swirling whirlpools gathering the collective power to sweep U.S. cyber defense capabilities over the edge to the rocks below.

As reported here in July, Wall Street failed a day long test of its resilience to cyberattacks, forcing trading exchanges to close six hours into the exercise.

Now America’s electric power system faces its turn. On November 13th, an exercise dubbed Grid Ex II will test the security of the American power grid with a day-long series of simulated cyberattacks.

If the results are similar to the Grid Ex I exercise conducted in 2011, the electric grid will show vulnerabilities that can shut down power to major portions of the U.S.

In other words, our power grid will most likely prove again to be just as defenseless against cyberattack as is Wall Street.

Wednesday, October 30, 2013

American Blackout: Trick?...or Treat?

By Jim McFarlin

Was the timing of National Geographic’s American Blackout TV special just before Halloween inadvertently ironic? Or intentional?

If inadvertent, mark it up to curious scheduling. If intentional, are we being “tricked” by a Hollywood-style dramatization of disturbing events for entertainment purposes? Or are we being “treated” to a reality show warning us of calamitous circumstances to come, circumstances that are already storm clouds on the horizon?

For those who missed the show, American Blackout tells the story of a nation descending into social chaos following extended loss of electrical power due to cyberattacks.

The Nat Geo story, although as gripping as it is comprehensive, is incomplete. Here is the rest of the story.

Sunday, October 27, 2013

BULLETIN: Cyberattack rated number one security threat facing United States

In recent Capitol Hill testimony, Gen. James Clapper, the nation's top intelligence official, placed cyberterrorism at the top of the threats facing the United States.  Gen. Clapper stated that it would be "hard to overemphasize" the significance of the threat.

He rated America's electrical grid the most vulnerable of the nation's infrastructures, with equipment in many cases ten to twenty years out of date with no immediate plans for updating to counter cyberthreats.

NOTE: a nationwide test of America's electrical grids' ability to repel cyberattacks is scheduled for November 17th.  I will have results of that exercise for you as soon as they are available.

Financial institutions and government services rounded out Gen. Clapper's list of most vulnerable segments of our economy.  In the six months prior to his testimony, Wall Street had received 140 verified cyberattacks. In July, leading investment banks and trading exchanges were overwhelmed in a staged cyberattack exercise which closed the markets within six hours of the start of the attacks.

Stay tuned for future Bulletins.

Saturday, October 19, 2013

Are America’s Cyber Defenses On the Brink?

By Jim McFarlin

Cyberspace is a harsh and cruel world, a digital realm rife with unpleasant axioms.

One axiom is that attacks on the United States have increased in sophistication, intent, and frequency over the past several years. And it isn’t just hackivists who delight in defacing and defaming anymore – serious players are joining the fray.

The most recent interlopers include the cyber militias – mercenaries for hire around the globe who carry out attacks of the funders’ bidding. They are difficult to defend against as these mercenaries operate without predictable motives or methods.

A second axiom is that American institutions (private, government, military or otherwise) are widely ineffective in deploying cyber defenses. There are a host of excuses for this incapability, ranging from valid to self-inflicted.

These axioms point toward America’s declining security against cyberattacks. There are a few explanations, but few of these offer any meaningful hope.

Is there a way forward?

Let’s start by addressing a much-raised question: As the world’s leading technology superpower, why can’t the U.S. defend itself?

Saturday, October 12, 2013

Are Cyber Barbarians at Our Gates?

By James McFarlin
from New York City

Continually puzzled by why America’s cyber defenses do such an inadequate job of actually defending, I journeyed to Manhattan this past weekend to hear what a select gathering of global cybersecurity experts had to say on the subject.

With my mind spinning two days later from complex chart images, PowerPoint bullets and spirited discussions, I said my goodbyes and made my way to the elevator. It was only once I was in the taxi to midtown, mind roaming free, that the collective impact of the discussions began to synthesize and take form.

That’s when a sense of dark foreboding began to sweep over me. Here’s why.

Saturday, October 5, 2013

Is the NSA Breaking Bad in the Name of Cyber Security?

It is a rare week indeed that yet another National Security Agency action in the name of national safety is not unveiled for the public to see. The revelations are almost like a slow-motion card deal in Texas hold ’em, with the nation waiting to see where the next deal of the up card leads us.

The latest card? Ex-NSA contractor Edward Snowden revealed that the agency has been using its metadata collection to graph the relationships between Americans’ social connections. According to an NSA memorandum, these steps were intended “to help the agency discover and track” overseas intelligence targets.

But is the NSA actually pulling a Walter White and breaking bad in its mission to ensure American security?

The agency may feel it has probable reason to do so. Here’s why:

Saturday, September 28, 2013

America’s Internal War Over Cyber Security

Watching cyberspace developments in the United States is much like watching a serial psychodrama on television: it’s a saga filled with twists, turns, surprises, and unintended consequences.

The nation’s story arc involves two opposing forces on course to collide: the fear of personal privacy invasion and the capabilities necessary for the nation’s cyber security.

The consequences resulting from this struggle will majorly influence the personal safety of Americans over the next several years. Let’s take a look at both of these forces.

Tuesday, September 17, 2013

Paying Forward the Legacy of 9/11

As our nation commemorates the 12th anniversary of the September 11 terror attacks, it is important we honor the legacy of that day in both word and deed.

Over the course of the last week, many eloquent words have been spoken and memorable statements written about the events and memories of that fateful day. But above all, it is most important that the institutions meant to protect us meet their responsibilities by making decisions that safeguard our country from future attacks.

Barring a dramatic shift in the global landscape, the world will be a dangerous place for as far ahead as we can see. In such an environment, one fact is certain: the United States will continue to be the world’s number one target.

Thanks to their largely anonymous nature and disregard for physical borders, cyberattacks provide an increasingly attractive means for extremist groups and ill-intentioned nation states to target the U.S. Without international agreements to restrict their use or set a common framework for cyberwarfare behavior, the proliferation of cyberweapons and cyberattacks is all but assured.

Now matter how well grounded predictions of what may happen in the future might be, these calculations can easily be upended by circumstances and changing global factors beyond our control. Still, we can gather clues from the forces that influence the possible future.

Here are three forces we should be monitoring between now and the next 9/11 anniversary:

  • Increasing severity of cyberattacks against American institutions.
    When the types of attacks start to escalate from child’s play (like posting false Twitter messages or taking down a news website) to attacks that create operational damage, beware. This not only signals that attackers are increasing their sophistication, but also that we might face more serious dangers like extended power outages or communication interruptions.
  • Negative results from the upcoming test of U.S. utilities’ cyber defense capabilities.
    If November’s utility cyberattack resilience tests show serious vulnerabilities in the more than 200 government agencies and utilities that will participate (as was the case when Wall Street banks and exchanges were tested this past July), we have a sign of major trouble ahead.
  • Expanded fear-driven restrictions on the operations of U.S. cyber intelligence agencies.
    No one likes personal intrusions, but mistakes in any complex operation can and will be made. For agencies such as the NSA, it’s better to fix what is wrong and enhance what is working. Dismantling, crippling or unnecessarily restricting cyber intelligence efforts will only aid our enemies and leave us more vulnerable to attack.

And of course stay tuned to this site, where you will find all the late-breaking developments on these and other cybersecurity forces that affect our national security.

Will the U.S. Pay it Forward?

The legacy of the 9/11 attacks cannot and should not be squandered. In these tumultuous times when large portions of the world are becoming increasingly anarchistic, one question we should continually be asking ourselves is, “Can the U.S. maintain the bigger picture and stay out of its own way?”

Let’s hope that the answer to this question is yes. If not, those wishing to do us harm will soon find open doors to facilitate their actions.

("One World Trade Tower and Tribute in Light Memorial" image: Anthony Quintano/Flickr)

Saturday, September 7, 2013

Will 2013 Be the Year Cybersecurity Crashes the Party in the Board Room?

Some call it disinterest, disbelief, ambivalence, another overblown Y2K scare, or simply “IT’s problem.”

But no matter what you call it, there’s no doubt that American industries seriously lack attention for the threats posed from cyberattacks. I saw it at the AIAA aviation convention and am seeing it again at the Association of Emergency Managers: scant attention to the risks of cyberattacks.

But attitudes are changing. I predict 2013 will be recognized as the year that the chickens came home to roost, the year corporate executives recognized that continuing to ignore cyber threats would expose their organizations to growing operational, legal, and customer loss risks.

Why the sudden recognition? Strong pressures came into play during 2013, which acted as a form of shock therapy that forced executives into action.

What were these pressures? Let’s take a look at three:

Monday, August 26, 2013

Dispersing Cyber Threats Signify New Risks for U.S. Homeland Security

Fortunately – and unfortunately – computers are everywhere. When used for good, computers power our modern way of life. But when used under the wrong direction, the cyber machines possess powerful capabilities for malicious actions, such as initiating military action, creating social chaos, affecting government turmoil, and inflicting destruction.

The constant here is the computer. The variable is the human factor, which, as I profiled in my earlier post on human factors, poses the dangers.

The growing problem is that the rapidly expanding availability of cyber weapons is enabling global proliferation of cyberwarfare capabilities into less-developed nation states and, increasingly, the hands of extremists and “irrational hackers.”

This is where the risks for U.S. Homeland Security begin. And to these risks, there is no end in sight.

Friday, August 16, 2013

Just Before the Crash: Locked on Cyber-Free Auto Pilot Too Long, American Aviation Finally Launches Cybersecurity Initiative

Driven by advances in communications and cyber technology, global aviation is on the precipice of momentous change. But what will it mean for air travelers?

Many of aviation’s operational procedures (radio communications, radar and human controllers, to name a few) have not substantially changed for 70 years. With increasing air traffic pushing this system to its physical limits, the industry is turning to Internet-based technologies like eEnabled aircraft and highly connected air traffic control systems.

But it appears there’s a glaring disconnect between the industry’s embrace of Internet technologies and its awareness of cybersecurity threats. The American Institute of Aeronautics and Astronautics recently stated:

“Cyber adversaries are numerous, adaptive, attack from multiple fronts, and are far-reaching. It is not a question of if there will be an attack, but rather when, and what the outcome will be.”

With the potential for a cyber-fueled aviation disaster looming, I set out to the annual aviation industry gathering in Los Angeles, where the aviation industry was set to unveil its “Framework for Cybersecurity” decision paper.

And what I found is unsettling for air travelers.

Friday, August 2, 2013

Edward Snowden’s NSA Leaks: Could These Seismic Shocks Have Been Prevented?

Ex-NSA contractor Edward Snowden is now on Russian soil, leaving the Moscow airport transit lounge with 12 secure months of asylum from Russia tucked under his arm and a pending job offer at VKontakte, Russia’s biggest social networking site, in his pocket.

Wow. And all of that presumably without a series of grueling face-to-face interviews from his new employer. In addition, Glenn Greenwald, the reporter at The Guardian who broke Snowden’s revelations, has landed a nice book deal -- plus, perhaps, an extended contract at his newspaper, which hasn’t had this much publicity since the 1963 Profumo political scandal.

The rest of us should be so lucky.

A part of me wants to turn this tragi-comedy fairy tale into a cyber-age spy thriller, with Snowden as an undercover U.S. CIA agent carrying out a top-secret assignment to get inside Russia’s cyber security apparatus and save civilized society from World War III.

But let’s get back to reality: How did the rest of America fare from Snowden’s disclosure of U.S. intelligence electronic data gathering methods?

Thursday, July 25, 2013

Investor Alert: Cyber Tests Reveal Mission Failure from Investment Banks

Each business afternoon CNBC’s Maria Bartiromo opens her show with the mantra, “It’s four o’clock on Wall Street. Do you know where your money is?”

Financial industry cyber defense readiness exercises on July 18th produced an unsettling answer to her question: Don’t count on it.

Those who read my prior post on cyberattacks against the financial industry are aware that the effectiveness of the cyber defense “protecting” major Wall Street investment banks was tested on July 18th during an exercise dubbed “Quantum Dawn 2.”

Wednesday, July 17, 2013

More Cyberattacks Targeting Investment Firms Serving Individual Investors

In today’s Internet-centric world, cybercrime in all forms has become a way of life. Credit card information is stolen, personal identification compromised, and in what’s been described as the “greatest transfer of wealth in history,” massive amounts of valuable intellectual property are being whisked away from U.S. companies and the U.S. Department of Defense.

And it’s all happening at an alarming rate.

Sunday, July 14, 2013

Distorted Picture: NSA Surveillance Powers Expand as Data Escapes with Edward Snowden

Is NSA surveillance expanding to an increasingly wider range of personal data just to see it turned over to foreign intelligence agencies by the likes of Edward Snowden?

As reported in a New York Times article on July 6:

“The nation’s Foreign Intelligence Surveillance Court has quietly created a secret body of law expanding the National Security Agency’s power to amass vast collections of data on Americans while pursuing not only terrorism suspects, but also people possibly involved in espionage and cyberattacks.”

On the one hand, it might look like the FISA court is allowing more personal surveillance for the sake of national security. But does this kind of rationalization make sense when we look at the massive data misappropriation by former NSA contractor Edward Snowden?

Friday, July 5, 2013

Did Shakespeare Set the Stage for the Coming Wars in Cyberspace?

"All the world’s a stage, and all the men and women merely players…"
–William Shakespeare, As You Like It

Little did Shakespeare know how these words describing the tightly defined stage in the early 17th century would be so appropriate in describing the global cyberspace stage of the early 21st century.

As today’s Act I begins, the stage is filled with actors possessing duplicity, deception, corruption and overreaching personal ambition, much as in Shakespeare’s day.

Let’s meet the cyber players in this 21st-century global cyber-saga:

Thursday, June 27, 2013

Are Defenses Against Cyberattacks on U.S. Critical Infrastructures Missing the Target?

When the first version of what would become the Internet became operational in the late 1970s, one of the developers revealed years later that the team never expected the user base of this new technology to exceed 10,000. Nor did they imagine that critical infrastructures like power generation would be connected to what was meant to be an open network.

How wrong on both counts.

Wednesday, June 19, 2013

Politics, Human Factors and Legal Issues Thwart Deployment of U.S. Cyber Defenses

Cyberattacks are increasing in sophistication. Cyber threat information is scarce, and qualified cybersecurity specialists are hard to come by. There are legal risks to cyber counterstrikes, but meanwhile companies like Wyndham are being targeted for not doing enough to protect customer data.

And all the while, skittish shareholders are getting worried.

What’s an organization attempting to prevent cyberattacks to do?

Wednesday, June 12, 2013

Can Metadata, PRISM and an Elite U.S. Research Agency Usher in a New Era of Predictive Cyber Defense?

If the increase in disruptive cyberattacks against U.S. computer networks or the loss of hundreds of billions of dollars of intellectual property theft is any sign, America’s cyber defenses are in dismally weak condition. And sadly, there are few signs of industry-government progress toward a solution.

Can the National Security Agency and metadata come to the rescue?

Perhaps. With a little help.

Monday, June 10, 2013

U.S. Intellectual Property Cybertheft Losses Call for Retaliatory Cyberattacks

There are two primary reasons to launch retaliatory cyberattacks – active defenses in the jargon of cyber defense – as well as reasons why not to do so.

Take a moment to review my previous post where I discussed the massive U.S. losses from intellectual property cybertheft. It leads us to the question, “Is now the time for retaliatory cyberattacks?

The answer is yes. And it has been for some time.

Wednesday, June 5, 2013

Is Now the Time for Retaliatory Cyberattacks?

 A new era of warfare is in full swing. And America is the target.

As documented by the Commission on the Theft of American Intellectual Property, America is in a state of siege. The report singles out China as being primarily responsible for “several hundreds of billions of dollars” of intellectual property losses from U.S. private companies. Twenty-five years of research and development has been undone in what Gen. Keith Alexander, head of the U.S. Cyber Command, calls “the greatest transfer of wealth in history.”

And these losses do not include the incalculable losses from the theft of U.S. military plans and top secret weapons systems.

Tuesday, May 28, 2013

Are Chinese Hacker Cyberattacks Really Behind the Theft of U.S. Weapons Systems Designs?

Designs for many advanced U.S. weapons systems – including the advanced Patriot missile, the Navy’s new high-tech Littoral Combat Ship, the Aegis ballistic missile defense system and the Black Hawk helicopter – were breached this morning. As media outlets picked up the Chinese cyberattack story, the recriminations flew faster than the F-35 fighter jet whose designs were reportedly stolen.

“That’s staggering,” Mark Stokes, executive director of the Project 2049 Institute, a think tank focusing on Asia security issues, told the Washington Post. “These are all very critical weapons systems, critical to our national security. When I hear this in totality, it’s breathtaking.”

Friday, May 24, 2013

Iran Cyberattacks on U.S. Power Installations Cross the Red Line

Distributed denial of service (DDoS) attacks against U.S. banking networks have been a mainstay of Iranian cyberattacks for nearly a year.  In the pyramid of danger of cyberattacks, DDoS are the least harmful of cyberattacks - disruptive but not threatening.

According to U.S. officials and as reported May 24th in the Wall Street Journal, Iranian attacks against the U.S. have recently taken a much more dangerous turn.  These latest cyber operations targeted control-system software that could allow manipulation of oil or gas pipelines.  There was no confirmed indication that such control was achieved, however.

This level of attack moves Iran’s cyber threat level against the U.S. up several notches on the cyber threat pyramid.  The threat is that Iran may gain access to control systems which allow them to gain control of gas and electricity production, turning systems on and off.

James Lewis, a cyber-security specialist at the Center for Strategic and International studies, remarked, “We don’t have much we can do in response, short of kinetic [physical] warfare.”

This is a dangerous threat to the United States which should set alarm bells ringing in Washington.  And if alarm bells are as effective in getting government attention as chemical weapons red-line crossings were in Syria, little action other than posturing, high-level meetings, and accusations hurled at the Iranians will constitute the only result.

The result of these new attacks may be positive, however, if the Iranian actions drive the U.S. electric power sector to markedly step up its cyber defense efforts.

If such step up is not initiated, and given anticipated lack of government intervention, we may be soon accessing websites in candlelight through our computer's battery power while Iranians dance in celebration through the streets of Tehran.

Tuesday, May 21, 2013

Does Personal Privacy Exist in the Digital Age? Dream On.

Imagine, for a moment, that you are living in the California Gold Rush era of the 1850’s. Money, money, everywhere for the taking. 

Well, the California rush is back, except this time it’s not in the foothills of the Sierra Nevada. It’s in the Valley of the Silicon. The major difference now is we are not the miners – we are the gold. Our movements, friends, purchases, photos, likes and dislikes, communications, and so on are the new “Silicon Gold.” Available free of charge, all with our permission. The miners? Facebook, Google and a host of other online companies.

In an amazing expression of truth, in his book The New Digital Age, Google executive chairman Eric Schmidt states the following:

Friday, May 17, 2013

Cybersecurity for U.S. Banking Industry Must Be Driven by Industry, Not Big Government

Do cyberattacks need to cause a plane to go down before cybersecurity gets the attention it demands?

I often wonder. It seems a disastrous cyber-induced consequence is the only way cybersecurity will become a priority. And unfortunately, a plane crash is well within the realm of reality.

With the recent ATM cyber heist and Wall Street marketcrash caused by the AP Twitter account hack, we may see a twinkle of understanding of the escalating risks that cyberattacks pose to American industry.


Tuesday, May 14, 2013

When Cyber and Physical Worlds Collude, We Lose

The previous three posts here dealt with the dangers posed by cyberattacks on our investments in America’s securities markets. The conclusion? That U.S. market information and trading mechanisms are structured in a way that is not only open to disruption from basic cyberattacks, but also conducive to it. The Twitter hack and its resulting market crash were 100% cyber-delivered – no human intervention.

But just as the headlines on the Twitter market crash faded, news of a new cyberattack broke. In the span of just a few hours, $45 million in cash was sucked from bank ATMs around the world.

How? The worlds of cyber crime and physical crime collided in what might be a new trend in cyberattacks.

Thursday, May 9, 2013

The Twitter Hack and Wall Street Market Crash: What Can You Do to Protect Yourself?

In my prior two posts, I examined how the recent AP Twitter account hack caused a sudden crash in the securities markets. I also discussed the potential investing dangers that may result from a cyberattack market crash.

So how can you protect your investments from future cyberattacks that affect U.S. securities markets?

First, let’s look at the reasons why social media’s market influence has increased in the past month:

  • Recently, the Securities and Exchange Commission began allowing companies to use services like Twitter to report financial news.
  • Bloomberg announced it was integrating Twitter feeds into its market information terminals.
  • High frequency traders started to include social media feeds into their high-speed algorithms that search for market-moving information. These algorithms are still in their infancy and prone to executing trading orders without corroborating information, which amplified the effects of the hacked AP Twitter account.
Some Wall Street observers believe we now have a more fragile market.  A market that is subject to even more unexpected, random swings than before. When you throw in the market-moving impact of false information, such as what happened with the recent AP Twitter account hack, what is the result? In the most recent instance, market swings that affect all investors.

Wall Street fund managers I have spoken with have downplayed the risks posed here, almost as though they do not exist. Investment firms and the financial media will similarly issue disclaimers stating there is no problem. They do not want the fear of chaos to drive the average investor from the market. After all, it is the average investor who feeds new funds into the securities markets for the professionals to trade on.

So what about protecting our investment accounts? The truth? There is nothing we as individuals can do to protect other firms' Twitter accounts from being compromised. As long as America's financial  and social media sites are open and vulnerable to attack, the hackers will clearly have the upper hand to strike when and where they please.

What is the typical investor to do? I suspect the answer lies partly in one’s investment strategy. Day traders, for example, may find themselves more subject to risk than long-term buy-and-hold investors.

But there are steps that you can take. If you fear U.S. markets, for example, overseas markets may be less prone to cyberattacks than Wall Street. The use of stop-loss orders, which execute trades to limit losses, can also be minimized or avoided outright.

Bonds, which aren’t quite as affected by rapid market moves as securities, are another investment alternative to consider.

Even if you take some of these steps, you’ll probably still wonder if your investments are safe. The answer partly depends on your investment philosophy and your tolerance for risk. And partly on luck, or the lack of it. Either way, the risks from cyberattacks on America's financial system pose a real and present danger. A danger deserving of serious investor consideration. For me, I have swung to real estate and cash.

What steps will you take to reduce your risk the next time a hacked Twitter account causes a market crash?

** NOTE: The comments herein are the opinion of James McFarlin and in no way should be interpreted as investment advice. See your financial advisor for assistance. **

("Business Data Analyzing" image: adamr/

Tuesday, May 7, 2013

The Twitter Hack and Wall Street Market Crash: Just the Beginning of the Trouble? [Part Two]

If you missed the first post in this series on the recent AP Twitter hack and market crash, read up on how a hacked AP Twitter account caused an abrupt plunge in the Dow Jones Average.

When the Associated Press’ Twitter account was hacked in April, it quickly sent the stock market crashing.

Luckily, AP put out a disclaimer and the market quickly recovered. The entire ordeal was over in less than three minutes.

While some have dismissed the event as “more flash than crash,” major questions remain. A primary concern has to do with the impact on the confidence in our securities markets. Why is Twitter so easily hacked anyway? And if a single social media post has the power to be this disruptive, what else can happen?

Immediately after the Twitter hack, America’s securities regulators called an emergency meeting. Preventing such future economic cyberattacks was their question. Their conclusion? No rule changes are possible to deter future attacks of this type. Their strategy? Deter future attacks through prosecution of those who profit from such hacking-fueled crashes. Really!

Think this is scary? You’ve seen nothing yet.

Fast forward your thinking to the potential disasters from another false Tweet or social media hack. What if false information is released by a hacked Twitter or Facebook account that is more difficult to disclaim? What if those false posts are confirmed by yet another hacked media source? What if this false information causes the Dow average to continue plummeting? What if predefined sell orders triggered by the panic accelerate the decline? Would they irretrievably wipe out the savings of millions of investors?

It looks like the regulators who met after the Twitter hack and market crash were right.

Technology is moving faster than their ability to regulate it. Social media streaming feeds to market terminals? New. Fancy algorithms to identify market-pertinent information? Still in their infancy. High frequency trading? Growing more sophisticated with each trading day.

I know you get the drift. We are only several serious cyberattacks away from nationwide economic chaos.

Scared yet? We should all be thinking seriously about this. In my next post, I will address how – and if – we can protect our assets from such market cyberattacks in the future.

Thursday, May 2, 2013

The Twitter Market Crash: Just the Beginning of the Trouble? [Part One]

Cyberterrorists have a new arrow in their quiver. Their target? America’s economic system.

On April 23, the Associated Press Twitter account reported about a bombing at the White House and sent U.S. securities markets plummeting. With the May 6, 2010 “Flash Crash” – which sent the market plunging and then recovering 1000 points ­– still an imprint in everyone’s mind, the attack sent a wave of fear through Wall Street and market regulators in Washington scrambling for cover.

As it turned out, it was a false tweet: the AP’s Twitter account was hacked.

The damage, however, was done. And the culprits of this Twitter market crash? Well, you might say those responsible for the AP Twitter hack who posted the false news. The Syrian Electronic Army has claimed credit, but we may never know for sure.

But the Syrians? Like a businessman seeking advantage, they’re just turning Wall Street’s self-prescribed business practices against itself.

So, who are the culprits? Here are some of the actions that made this cyber cocktail so ready-to-happen:

The Securities and Exchange Commission’s new rules authorizing the use of social media sites to announce market-moving news. Sophisticated computer algorithms which gather and analyze social media posts and stream relevant data, notices and events to trading firms, all in the space of two to three milliseconds. High-volume, computer-automated trading triggered as a result of this information.

There was also another soft ingredient in the mix. Yuri Milner, a venture capitalist and early investor in Facebook, Twitter, Zynga and other Internet firms, commented on CNBC that this event “clearly demonstrates the power of social media.” He then added, “What also is evident is the strength of Twitter’s level of influence.”

The result of the frenzied trading after the Twitter hack? A $136 billion drop in value of the Dow Jones Industrial Average in twenty seconds. The DJIA, mind you, is not a theoretical gauge of the market. It is comprised of stocks which populate tens of millions of investment and retirement accounts of working Americans.

The Associated Press quickly issued a disclaimer about the Twitter hack, the White House responded all was well, and the Dow regained its footing, ultimately erasing the drop. Those investors who had “sell” orders triggered during the Twitter market crash, however, were now looking at higher prices to repurchase their positions.

The bigger issue relates to how this could happen and what can be done to prevent reoccurrences. One brokerage firm head framed it this way: “The concern is ‘How do you know what’s right and what’s not? How do you know what’s hacked and what isn’t?’”

The next post will address the surprising steps being taken by regulators and the social media-flash trading dangers that loom on the horizon. What do you think can happen?

("Stock Exchange Board" image: audfriday13/

Tuesday, April 30, 2013

Cyberwar: War in God’s Space?

Since it doesn’t exist in a physical realm, cyberspace has been referred to as “God’s space.” While we’ll never know if this is true, we do know this: cyberspace has been invaded by the human race. 

And where humans tread, trouble follows. Cyberspace is no exception. In fact, this column exists only by the grace of this trouble. The trouble to which I am referring? Cyberstalking. Bank account theft. Disruption of securities trading markets. Outright warfare between two sovereign countries. And other malicious acts that are too numerous to mention.
What do humans do when there is trouble? Write rules. Unfortunately, the rules of cyber conduct can be difficult to pin down, much like religion. This difficulty, however, did not stop NATO’s cyber defense center from trying to craft its own set of rules for the world to follow. The results of their four-year effort?  The Tallinn Manual* (named after a city in Estonia, recipient of the first publicly-known target of politically motivated cyberattacks, in April 2007).

The Tallinn Manual argues that “existing law broadly applies to cyberspace.” With this one bold conclusion, those operating in the world of cyberspace now have their rules of conduct. Simple as that. Next?

A recent analysis in The Economist posits that “such rules would be helpful if law-abiding countries went to war (Sweden against Canada, for example).” But doubts about the Tallinn rules run rampant.  Why?  Quite simply, those launching the cyberattacks are unlikely to pay attention to any such rules. Countries like North Korea, for example, might rather play by their own rules.

Alas, war in cyberspace will be conducted by man’s rules.  Or depending on the man, by the Devil’s rules.

*”The Tallinn Manual on the International Law applicable to Cyber Warfare”.  Cambridge, 2013.

("Word Law in Dictionary" image: Jeroen van Oostrom/

Sunday, April 28, 2013

Technological Terror could be on the Horizon

Written by Jim McFarlin Special to The Desert Sun
Apr 24

You don’t have to look far to see how deeply the Coachella Valley is intertwined with computer networks around the nation. From smartphones to GPS satellites, from online banking to the power grid, networks fuel our daily lives.

But how safe are these vital networks from cyberattacks?  More…

Thursday, April 25, 2013

Should the U.S. Fight Fire with Rhetoric – or Fire?

Hackers affiliated with the Chinese government were “by far the most energetic and successful cyberspies in the world last year,” according to a recently issued report.

The 2013 Data Breach Investigations Report was issued by Verizon’s RISK Team and 18 partners, including officials from the United States and several foreign governments. Although cyber intrusions with financial motives are the most common source of data breaches worldwide, China dominated the category of state-affiliated cyber-espionage of intellectual property.

This report and others (including the U.S. National Intelligence Estimate) confirm China’s success in penetrating U.S. networks to access proprietary and top secret military information. Here are my conclusions:

· U.S. cyber defenses are largely ineffective against Chinese attacks.

· U.S. military plans and corporate intellectual property are important to China’s plans for continued economic and military growth.

· China will not acknowledge the attacks and cannot be talked down.

A front page Wall Street Journal article on April 22, “U.S. Eyes Pushback On China Hacking,” talks about increasing diplomatic pressure, trade sanctions, and perhaps cyber countermeasures.

Let’s be honest: the only viable defense under these circumstances is a strong offense. Each time American interests are confronted with clear Chinese attacks, the U.S. must strike back – hard. U.S. cyber defense initiatives should become much more proactive and offensive nature if we are going to see a decrease in foreign cyberattacks of all types.

Agree or disagree?  Let me know.

("Virtual Tanks Protecting Computer Data" image: Victor Habbick/

Tuesday, April 23, 2013

From Boston Terror to Cyberterror: The Importance of Getting the Terminology Straight

We can only know how to respond to attacks against the United States if we know what we are fighting back against.

When attacks on the U.S. occur, descriptive words are thrown around by officials and the media in a mad, almost random frenzy, as they try to build a frame of reference to the nature of the threat against us. Whether these attacks involve deadly explosives, such as those used in Boston, or cyberattacks, like the daily assaults against U.S. banks, the word terror must be used carefully.

In the case of the Boston bombings, the term first used by President Obama was “senseless loss.” The next day, he used the term, “act of terrorism,” stating that terrorism is any bombing aimed at civilians. To be accurate, however, terrorism is any attack on civilians for a political purpose. Until you know the purpose, you can’t know if it is terrorism. The Tucson shooter who nearly killed Rep. Gabrielle Giffords in 2011 was simply deranged. He was a certified paranoid schizophrenic, not a terrorist.

Similarly, descriptive words are thrown around in the world of cyberattacks, but they are often inaccurate. Chinese thefts of intellectual property receive knee-jerk reference as cyberwar. Intrusions on banking networks are classified as acts of cyberterror. But the same definition for the Boston attack applies to cyberattacks. An attack which takes out the western U.S. power grid in an attempt to traumatize or bring fear and irrational acts from civilians is an act of cyberwarfare. Theft of intellectual property is cyberespionage.

Cyberattacks of all types – crime, property theft, disruption, destruction – will only continue to increase. If we begin to get our terminology straight, we will be better equipped to clearly understand and respond to such attacks.

NOTE: As of the time of this posting, the Boston attacks do appear to be an act of terror.

("Cyberspace Word Definition" image: Stuart Miles/

Monday, April 8, 2013

U.S. Cybersecurity Safety Net to Vanish?

Today, Chinese cyberespionage will continue against corporations and the U.S. government. Meanwhile, Iran will focus their assaults on American banks. They might even cause periodic disruptions in service.

It’s business as usual on the cyber front. And America is wide open for business.
Luckily, a successful cyberattack has yet to be launched against our vital networks such as the power grid or communications network. In fact, such an attack isn’t even expected in the near future – but not because our government has a formidable cyber defense system protecting us.

It’s simply because our enemies don’t yet have the necessary attack capabilities. If they did, America would be on the verge of a state of national emergency at this moment.

The continued attacks and lack of progress were predicted in our Cyberwarfare Quarterly Report (available for download in the sidebar). As the Report states:

"The U.S. continues to operate in a period where a 'cyber safety net' exists - those nation states and radical organizations who want to launch harmful cyberattacks against the U.S. do not yet have the capability, while those that may have the means [China, Russia] have no motive for doing so."

During this relative ‘quiet time’ the U.S. could be aggressively developing strategies and defenses against the cyberattacks that will one day threaten our nation’s most vital networks.

At least, this would be the smart thing to do. 

The steps taken so far include an administration initiative pushing for “guidelines for industry-government cooperation” to protect against cyberattacks. Establishing a one-year timeline just to develop these guidelines is in my opinion using up valuable time in our cybersecurity safety net. 

Is this lack of urgency going to cost the U.S. down the line? I’ll have an update for you in my Cyberwarfare Report in July.

("Net with Blue Sky" image: sritangphoto/

Thursday, March 14, 2013

WSJ Article: U.S. Steps Up Alarm Over Cyberattacks

WASHINGTON—The nation's top spies warned Tuesday of the rising threat of cyberattacks to national and economic security, comparing the concern more directly than before to the dangers posed by global terrorism.

U.S. intelligence officials told a Senate hearing that the nation is vulnerable to cyberespionage, cybercrime and outright destruction of computer networks, both from sophisticated, government-sponsored assault as well as criminal hacker groups and cyberterrorists.

"It's hard to overemphasize its significance," Director of National Intelligence James Clapper said, addressing members of the Senate Intelligence Committee. "These capabilities put all sectors of our country at risk—from government and private networks to critical infrastructures."

Federal Bureau of Investigation Director Robert Mueller cited cybersecurity as something that keeps him awake at night, saying at the hearing it "has grown to be right up there" with terrorism.

The intelligence officials, in describing an annual inventory of global problems, didn't reveal imminent new cyberthreats or previously undisclosed plots.

But they amplified their warnings by casting them in terms usually reserved for threats emanating from al Qaeda and Iran, and they included projections of where the danger is expected to lead in the next two years.

The warnings came as part of an aggressive Obama administration campaign to draw attention to cybersecurity and to stir action to counter infiltrations and attacks that officials have said could allow foes to commandeer a nuclear-power plant or disrupt the financial system.

Last month, President Barack Obama signed an executive order aimed at bolstering computer-network protections, and he noted the "rapidly growing threat from cyberattacks" in his State of the Union address.

"We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy," he said then.

The following week, the administration rolled out a strategy to combat the theft of trade secrets. And Monday, in a speech in New York, National Security Adviser Thomas Donilon singled out China as a top perpetrator, demanding it adopt international standards of behavior in cyberspace.
Chinese officials deny that Beijing engaged in such activities.

On Saturday, China's foreign minister, Yang Jiechi, called for cooperation on cybersecurity and said that China is a victim of cyberattacks. "Cyberspace needs not war, but rules and cooperation," Mr. Yang said at a news conference. He said cyberspace shouldn't become a "new battlefield."
Mr. Obama discussed the issue with lawmakers when he met behind closed doors Tuesday with a group of Senate Democrats, participants in the meeting said. The administration push continues Wednesday when Mr. Obama holds a meeting with U.S. executives in the White House Situation Room to discuss cybersecurity.

But for all the collective worrying, there was little agreement between the Obama administration and Congress Tuesday over how to address the problem.

At a second Senate hearing, before the Armed Services Committee, lawmakers tussled over the role of the federal government in guarding against threats.

Army Gen. Keith Alexander, head of the U.S. Cyber Command, a part of the military, acknowledged that the Obama administration is debating internally how to proceed when U.S. companies are under cyberattack.

"The issue that we're weighing is: When does a nuisance become a real problem and when are you prepared to step in for that?" he said at the hearing. "That's the work that I think the administration is going through right now and highlighting that."

Lawmakers, too, acknowledged they can't agree on legislative measures to bolster protections for computer networks.

Last year, Republicans defeated a White House-backed bill that would have established voluntary cybersecurity standards for companies running critical infrastructure such as the electrical grid, citing concerns about a government role in cybersecurity.

Mr. Obama's executive order last month established voluntary standards as an interim measure, but the order lacks key incentives for companies to participate, like liability protections, that would require legislation.

The cost of protections remains another stumbling block, particularly for power companies, Gen. Alexander said, as he provided a relative ranking of computer protections in private industry.
"The banks and the Internet-service companies are pretty good; the power companies, not so good," Gen. Alexander said.

In testimony before the House Intelligence Committee in February, Kenneth W. DeFontes Jr., chief executive of Baltimore Gas & Electric Co., told lawmakers that the electric industry takes cybersecurity "very seriously."

Intelligence officials cited cyberassaults last year on the websites of many U.S. banks and a more destructive attack on a Saudi oil company that destroyed 30,000 computers as examples of the kind of disruptions already taking place.

They didn't discuss who mounted those attacks, but U.S. defense and intelligence officials have said the Iranian government is behind them. Iran has denied any involvement in the attacks.
"What we're seeing with the banks today I am concerned is going to grow significantly throughout the year," Gen. Alexander said at the hearing.

Looking ahead, Mr. Clapper said that chances of an ultrasophisticated attack capable of wiping out major nationwide computer networks are "remote." Countries most capable of carrying out such an attack—China and Russia—are unlikely to launch such assaults in the absence of a conflict or crisis, according to the assessment.

But even relatively unsophisticated hackers were projected by the intelligence officials of eventually being capable of disrupting insecure computer networks running parts of vital functions—like the power grid.

Cyberattacks from "less advanced but highly motivated actors" could do great harm because of impacts on computer networks connected to the one under attack, the assessment concluded.
U.S. intelligence has picked up indications that terrorists, too, are weighing cyberattacks, according to the annual assessment.


Fear Factors

The government's annual intelligence review cites threats other than cyberattacks:
Terrorism and organized crime: A decentralized extremist movement still poses dangers.
Nuclear fears: Iran may develop longer-range missiles that could carry weapons of mass destruction; North Korea is a threat to neighbors and the U.S
Space wars: U.S. reliance on satellites for communications, navigation and surveillance could be undermined
Food, water, energy, minerals: Natural disasters and growing competition tighten supplies.
Health and pandemic threats: Pathogens jumping from animals to humans increases risks
Eurozone crisis: Economic deterioration remains a threat.

Write to Siobhan Gorman at and Siobhan Hughes at

Sunday, February 24, 2013

Cyber Strikes Preemption: Savior or Curse?

The Obama administration's announced step toward preemptive cyber attacks as reported by the New York Times sets off more alarm bells than victory signs.  Let's start with looking at what preemptive strikes are.

As defined in the Times report, cyber preemption by the United States is justified if "U.S. agencies detect credible evidence of a major digital attack looming from abroad."  Here's the first alarm bell: what is meant by "credible evidence" and "major digital attack" (to quote the news release)?  This policy definition, to be effective, requires strict definition so that attacks are not recommended to the president which "hope" to take out or prevent a future attack but which are not real.  And how is a "threat" to be detected?  By standard CIA intelligence?  By some new, as yet unannounced U.S. cyber detection capabilities?

As described in our Semi-Annual Review: Cyberwarfare 2013-2015, this type of policy is nothing more than a repackaging of U.S. Military cyber weapons under a new banner and giving first-strike capabilities a cloak of respectability while creating a danger that does not necessarily exist today.

Here is the second alarm bell: Alerted to our preemption plans, are our cyber enemies going to sit back and await Washington's judgement on their cyber plans, or will they go ahead and attack, before their capabilities to do so are destroyed, or at least compromised?

There is currently no publicly available information that the United States has the cyber-based capability to take out other nations' cyber sites at will.  Even the famed Stuxnet attack required physical use of a flash drive to initiate.

Let's be careful what we threaten.  Since reliable attribution of the sources of threats is limited and our attack methods are questionable, are we unnecessarily setting ourselves up for preemptive attacks - the very action we are attempting to prevent?  Quite possibly yes.