The US is unsurprisingly worried about cyber attacks from hackers, Russia, China or even a friendly nation. The future of warfare may well be fought in a different space altogether.
But this report proves how unprepared America is for the inevitable attempts to understand its inner workings. The problem lies in how hackers are viewed. Is Wikileaks in the same category? Clearly not, but Washington’s counter-attack may be far too draconian for a supposed democracy:
The Pentagon is about to roll out an expanded effort to safeguard its contractors from hackers and is building a virtual firing range in cyberspace to test new technologies, according to officials familiar with the plans, as a recent wave of cyber attacks boosts concerns about U.S. vulnerability to digital warfare.
The twin efforts show how President Barack Obama’s administration is racing on multiple fronts to plug the holes in U.S. cyber defenses.
Notwithstanding the military’s efforts, however, the overall gap appears to be widening, as adversaries and criminals move faster than government and corporations, and technologies such as mobile applications for smart phones proliferate more rapidly than policymakers can respond, officials and analysts said.
A Reuters examination of American cyber readiness produced the following findings:
* Spin-offs of the malicious code dubbed “agent.btz” used to attack the military’s U.S. Central Command in 2008 are still roiling U.S. networks today. People inside and outside the U.S. government strongly suspect Russia was behind the attack, which was the most significant known breach of military networks.
* There are serious questions about the security of “cloud computing,” even as the U.S. government prepares to embrace that technology in a big way for its cost savings.
* The U.S. electrical grid and other critical nodes are still vulnerable to cyber attack, 13 years after then-President Bill Clinton declared that protecting critical infrastructure was a national priority.
* While some progress has been made in coordinating among government agencies with different missions, and across the public-private sector gap, much remains to be done.
* Government officials say one of the things they fear most is a so-called “zero-day attack,” exploiting a vulnerability unknown to the software developer until the strike hits.
That’s the technique that was used by the Stuxnet worm that snarled Iran’s enriched uranium-producing centrifuges last summer, and which many experts say may have been created by the United States or Israel. A mere 12 months later, would-be hackers can readily find digital tool kits for building Stuxnet-like weapons on the Internet, according to a private-sector expert who requested anonymity.
“We’re much better off (technologically) than we were a few years ago, but we have not kept pace with opponents,” said Jim Lewis, a cyber expert with the Center for Strategic and International Studies think tank. “The network is so deeply flawed that it can’t be secured.”
“IT’S LIKE AN INSECT INFESTATION”
In recent months hackers have broken into the SecurID tokens used by millions of people, targeting data from defense contractors Lockheed Martin, L3 and almost certainly others; launched a sophisticated strike on the International Monetary Fund; and breached digital barriers to grab account information from Sony, Google, Citigroup and a long list of others.
The latest high-profile victims were the public websites of the CIA and the U.S. Senate – whose committees are drafting legislation to improve coordination of cyber defenses.
Terabytes of data are flying out the door, and billions of dollars are lost in remediation costs and reputational harm, government and private security experts said in interviews. The head of the U.S. military’s Cyber Command, General Keith Alexander, has estimated that Pentagon computer systems are probed by would-be assailants 250,000 times each hour.