Cyber Wars


I like this.


An eternal optimist, Liu-Yue built two social enterprises to help make the world a better place. Liu-Yue co-founded Oxstones Investment Club a searchable content platform and business tools for knowledge sharing and financial education. also provides investors with direct access to U.S. commercial real estate opportunities and other alternative investments. In addition, Liu-Yue also co-founded Cute Brands a cause-oriented character brand management and brand licensing company that creates social awareness on global issues and societal challenges through character creations. Prior to his entrepreneurial endeavors, Liu-Yue worked as an Executive Associate at M&T Bank in the Structured Real Estate Finance Group where he worked with senior management on multiple bank-wide risk management projects. He also had a dual role as a commercial banker advising UHNWIs and family offices on investments, credit, and banking needs while focused on residential CRE, infrastructure development, and affordable housing projects. Prior to M&T, he held a number of positions in Latin American equities and bonds investment groups at SBC Warburg Dillon Read (Swiss Bank), OFFITBANK (the wealth management division of Wachovia Bank), and in small cap equities at Steinberg Priest Capital Management (family office). Liu-Yue has an MBA specializing in investment management and strategy from Georgetown University and a Bachelor of Science in Finance and Marketing from Stern School of Business at NYU. He also completed graduate studies in international management at the University of Oxford, Trinity College.

By Doug Hornig, Casey’s Research,

It is often alleged that our future wars will be fought largely in cyberspace, with the winner not having the best tanks and missiles, but the best gamers.

The Pentagon – long enamored of the multi-gazillion dollar fighter jets and cruisers more suitable to the last war – has often treated cyberspace as an afterthought in its drive to get ever shinier new stuff. But lately it seems to have gotten the message. Or perhaps it was just forced to by reports such as the one released by Reuters in June, which found:

* Spin-offs of the malicious code dubbed “agent.btz” used to attack the military’s U.S. Central Command in 2008 are still roiling U.S. networks today. People inside and outside the U.S. government strongly suspect Russia was behind the attack, which was the most significant known breach of military networks.

* There are serious questions about the security of “cloud computing,” even as the U.S. government prepares to embrace that technology in a big way for its cost savings.

* The U.S. electrical grid and other critical nodes are still vulnerable to cyber attack, 13 years after then-President Bill Clinton declared that protecting critical infrastructure was a national priority.

* While some progress has been made in coordinating among government agencies with different missions, and across the public-private sector gap, much remains to be done.

* Government officials say one of the things they fear most is a so-called “zero-day attack,” exploiting a vulnerability unknown to the software developer until the strike hits.

An example of the last one is the Stuxnet worm that crawled into Iran’s enriched-uranium-producing centrifuges in the summer of 2011 and screwed them up. Experts believe Stuxnet was created by the U.S. (perhaps in coordination with Israel) as an alternative to conventional bombing. But things move at warp speed in the cyberuniverse, and any would-be hacker can now download DIY Stuxnet kits from the Internet.

Government moves much more ponderously, of course, and as a result has fallen far behind the current generation of electronic break-in artists. Recent targets have included the CIA, the Senate, the International Monetary Fund, and defense contractors Lockheed Martin and L3. As for the Pentagon, it admits that its defenses are probed about 250,000 times per hour. It declines to say how successful the intruders are.

Laments Jim Lewis, a cyber expert with the Center for Strategic and International Studies, “[W]e have not kept pace with opponents. The network is so deeply flawed that it can’t be secured.”

The Pentagon thinks otherwise, and it has announced its response: The Defense Advanced Research Projects Agency (DARPA) is expected to launch the National Cyber Range by mid-2012. It’s a kind of mirror Internet that will cost an estimated $130 million to build and that will be used to test cyber defense technologies and help train the cyber warriors of tomorrow.

(So if your kids are obsessively playing World of Warcraft, that may not be as bad a thing as you think. They could be developing just the skills the military will be looking for.)

The White House is also deeply involved. It has a cyberspace security coordinator who is in the process of trying to fashion an “all-government response” that would encompass the Pentagon, FBI, DHS, and NSA. Lot of turf battles there.

Private sector companies that do classified business with these agencies are also included, especially the so-called Defense Industrial Base (DIB), a network of contractors that collectively pulls down $400 billion a year for supplying military goods and services. That one’s a tough nut to crack, as these companies tend to be understandably paranoid about information sharing.

DARPA has a few other tricks up its collective sleeve, too. Among programs under way: Clean-slate Design of Resilient, Adaptive, Secure Hosts (CRASH) intends to design new systems that are resistant to cyber attacks, and can learn and adapt to them over time. Cyber Insider Threat (CINDER) will attempt to sleuth out spy- and malware already hidden inside networks. And Cyber Genome will be able to discover, identify, and analyze malicious code and help identify the perpetrator.

Complicating matters are two new technologies. One is the explosion of smartphones, tablets, and other mobile devices, which means that attackers have that many more avenues of attack. Widespread adoption of these tools has happened so fast that security issues are only just being recognized. In the apologetic words of Rear Admiral Mike Brown, a senior DHS cyber security official, “[W]e’re semi-late to the game” in protecting mobile applications.

The other new tech is the aforementioned shift to “cloud computing,” whereby offsite providers offer network and storage resources that can be accessed remotely from a variety of computing platforms. It’s convenient but a security nightmare. “We’re trying to get to the place where warfighters or any of us can get to our information from anywhere on the planet, with any device,” a defense spokesperson told Reuters. But that kind of easy access is easily exploited. The data are vulnerable.

A recent study by CA Technologies and the Ponemon Institute that surveyed 103 U.S. and 24 European cloud computing providers found that a majority did not view security of their services as a competitive advantage. They believed that security was their customers’ responsibility, not theirs. And most did not have dedicated security personnel on staff.

How safe are we? A U.S. defense official told Reuters he would give the Pentagon just a C+ grade overall for its cyber defenses. But, “[W]e’re getting better.” And that, remember, is the top of the line. It’s unlikely that our non-military infrastructure protection, for example, would grade out any better than an F. But, hopefully, that too is getting better.

As concern over cybersecurity grows, and the cat and mouse game between hackers and targets continues, we can expect a couple of things. First, there will be ever more complex and exotic defense systems devised. That means an inevitable conflict with privacy rights, as well as a further bolstering of the all-powerful, monolithic state.

And second, there will be a proliferation of companies that cater to the demand for greater safety emanating from both government and the private sector, especially at the points where the two cross. Those who arrive firstest with the mostest will be very, very well rewarded.

Tags: , , , , , , , , ,

Post a Comment

Your email is never published nor shared. Required fields are marked *


Subscribe without commenting