Mais conteúdo relacionado



Mais de Mark Sussman(20)




  2. A. OVERVIEW AND BACKGROUND The Department of Homeland Security (DHS) was created in the wake of the Sept. 11, 2001 ("9/11") Terrorist attacks and is primarily responsible for immigration and airport security. In August 2013, when Janet Napolitano stepped down from her role as head of the DHS, she released an open letter to her successor, with some cautionary advice based on things she had learned during her tenure: “A massive and “serious” cyber attack on the U.S. homeland is coming, and a natural disaster — the likes of which the nation has never seen — is also likely on its way. “ "What you do here matters to the lives of people all across our great nation, and your decisions affect them in direct, tangible ways," she said. "You make sure their families are safe from terrorist threats, that their local first responders have equipment and training and funding, and that when disaster strikes, people who have lost everything are given food, shelter and hope." Rep. Ed Markey (D-Mass.) also actively agrees with the threat assessment. He released a report last May that said our power infrastructure was “highly vulnerable to attacks from Iran and North Korea” and as well as to natural threats such as geomagnetic storms from solar activity. Said Markey: “With one well-placed keystroke, Americans could be plunged into darkness and chaos through the damage to our electric grid. Foreign enemies are employing Web warriors to attack our way of life, and it’s time that our actions respond to the potential threat.” These Are Serious Words and Americans Should Take them Seriously. And they do. See next chart. A. OVERVIEW AND BACKGROUND
  3. Very Recent Polling of Citizens indicate high and growing concern A. OVERVIEW AND BACKGROUND
  4. THE CYBER WORLD: We live in a wired world. Companies and countries rely on cyberspace for everything from financial transactions to the movement of military forces. Computer code blurs the line between the cyber and physical world and connects millions of objects to the Internet or private networks. Electric firms rely on industrial control systems to provide power to the grid. Shipping managers use satellites and the Internet to track freighters as they pass through global sea lanes, and the U.S. military relies on secure networks and data to carry out its missions. The United States is committed to an open, secure, interoperable, and reliable Internet that enables prosperity, public safety, and the free flow of commerce and ideas. These qualities of the Internet reflect core American values - - of freedom of expression and privacy, creativity, opportunity, and innovation. And these qualities have allowed the Internet to provide social and economic value to billions of people. Within the U.S. economy alone, anywhere from three to 13 percent of business sector value-added is derived from Internet-related businesses. Over the last ten years Internet access increased by over two billion people across the globe.. Yet these same qualities of openness and dynamism that led to the Internet’s rapid expansion now provide dangerous state and non-state actors with a means to undermine U.S. interests. A. OVERVIEW - - THE THREAT OF TERRORISM - THE CITIZENS' OUTLOOK
  5. State and non-state actors conduct cyber operations to achieve a variety of political, economic, or military objectives. As one example, in November, 2014, likely in retaliation for the planned release of a satirical film, North Korea cyberattacked Sony Pictures Entertainment, rendering 1000s of Sony computers inoperable and breaching Sony’s confidential business information. In addition to the destructive nature of the attacks, North Korea stole digital copies of a number of unreleased movies, as well as 1000's of documents containing sensitive data regarding celebrities, Sony employees, and Sony’s business operations. North Korea accompanied their cyberattacks with coercion, intimidation, and the threat of terrorism. The attack on Sony was one of the most destructive cyberattacks on a U.S. entity to date. The attack further spurred an already ongoing national discussion about the cyber threat and the need for improved cybersecurity. Every day, our government and businesses are under attack. Countries such as China, Russia, and North Korea carry out cyber-attacks while cyber thieves steal the intellectual property of American companies, and criminals hack the personal information of Americans. The hacks of the Office of Personnel Management (OPM), State Department, White House, health insurer Anthem, Sony Pictures, and Target are only the most recent examples of this growing threat. As per the pie chart at right, American Citizens are growing increasingly anxious about such attacks. To defend America’s vital digital networks the government and private sector must work together. A. OVERVIEW - - THE THREAT OF TERRORISM - THE CITIZENS' OUTLOOK
  6. The Cybersecurity Act, landmark legislation included in the Omnibus Budget Bill, protects our Nation’s private sector and federal networks which are under continuous threat from foreign hackers and cyber terrorists. Many of the provisions originated in H.R. 1731, the National Cybersecurity Protection Advancement Act, which was introduced by Homeland Security Committee Chairman Michael McCaul (R-TX) and overwhelmingly passed the House on April 23, 2015 by a vote of 355-63. As seen in the figure at right, the so-called "power grid" attack, depending on the weapon strength and burst height, could impact a significant area of our nation, including even well beyond our continental border. And the consequences to individual Americans can be appalling as noted previously in chart #5. A. OVERVIEW - - THE THREAT OF TERRORISM - THE CITIZENS' OUTLOOK
  7. To say that the U.S. Government has done very little to help protect the Nation from Cyber Attack would be unfair and WRONG. Some Significant planning has been undertaken by Congress, the DOD, the DHS, and other Agencies. But the question remains: DOES THE PATH THAT WE’RE ON PROVIDE US ADEQUATE PROTECTION? The answer provided later in this note says, No. The rationale for this response is explored further in this section, with key elements believed not receiving adequate current attention, discussed subsequently in section C. In concert with other agencies, the DOD is responsible for defending the U.S. homeland and U.S. interests from attack, including attacks that may occur in cyberspace. In a manner consistent with U.S. and international law, the DOD seeks to deter attacks and defend America against any adversary that seeks to harm U.S. national interests during times of peace, crisis, or conflict. To this end the DOD has developed capabilities for cyber operations and is integrating those capabilities into the full array of tools that the U.S. government uses to defend U.S. national interests, including diplomatic, informational, military, economic, financial, and law enforcement tools. For example, DOD cooperates with agencies of the U.S government, with the private sector, and with our international partners to share information, build alliances and partnerships, and foster norms of responsible behavior to improve global strategic stability. For example, if DOD learns of malicious cyber activities that will affect important U.S. networks and vital systems, DoD supports agencies like the DHS and FBI as they reach out to U.S. entities, and often other countries, to share threat information such as technical indicators of a potential attack. Such information sharing can significantly improve an organization’s ability to defend itself against a broad range of cyberattacks. B. WE’VE PUT SOME GOOD THINGS IN PLACE - - BUT NOT ENOUGH!
  8. From application developers to Internet Services Providers, private companies provide the goods and services that make up cyberspace. The Defense Department relies on the private sector to build its networks, provide cybersecurity services, and research and develop advanced capabilities. The Defense Department has benefited from private sector innovation throughout its history. Going forward, DoD will work closely with the private sector to validate and commercialize new ideas for cybersecurity for the Department. The private sector owns and operates over ninety percent of all of the networks and infrastructure of cyberspace and is thus the first line of defense. One of the most important steps for improving the United States’ overall cybersecurity posture is for companies to prioritize the networks and data that they must protect and to invest in improving their own cybersecurity. While the U.S. government must prepare to defend the country against the most dangerous attacks, the majority of intrusions can be stopped through relatively basic cybersecurity investments that companies can and must make themselves. DoD sets five strategic goals for its cyberspace missions: B. WE’VE PUT SOME GOOD THINGS IN PLACE - - BUT NOT ENOUGH!
  9. Reference 2. contains extensive discussion of the preceding 5 goals and the reading of that info is well worth the time. Similarly, managing the implementation of the 5 Goals is also well stated and worth reading. However, for the purposes of this note, a summary of the following 4 implementation steps will suffice so that some time may be allocated to perceived “holes’ in the plan and what can/should be done about those. Here’s the summary of the 4 key implementation management steps that is provided. Establish the Office of the Principal Cyber Advisor to the Secretary of Defense. Improve Cyber Budgetary Management. DoD will develop an agreed-upon method to more transparently and effectively manage the DoD cyber operations budget. Today cyber funding is spread across the DoD budget, to include: the Military Intelligence Program (MIP), in multiple appropriations, budget lines, program elements, and projects. In addition, the Under Secretary of Defense for Intelligence, on behalf of DoD, ensures that all National Intelligence Program (NIP) investments are aligned to support DoD missions. The diffuse nature of the DoD cyber budget presents DoD with a challenge for effective budgetary management; DoD must develop a new method for managing cross-program funding to improve mission effectiveness and achieve management efficiencies. In the National Defense Authorization Act (NDAA) of 2014, Congress required the Defense Department to designate a Principal Cyber Advisor to the Secretary of Defense to review military cyberspace activities, cyber mission forces, and offensive and defensive cyber operations and missions. In addition, the Principal Cyber Advisor will govern the development of DoD cyberspace policy and strategy for the DoD enterprise B. WE’VE PUT SOME GOOD THINGS IN PLACE - - BUT NOT ENOUGH!
  10. Develop DoD’s Cyber Operations and Cybersecurity Policy Framework. Consistent with Presidential guidance, DoD will align and simplify its cyber operations and cybersecurity policy management and identified gaps, overlaps, seams, conflicts, and areas in need of revision in current documentation. This effort will help translate national and departmental guidance and policy into tactical operations. It is essential to clarifying conflicts in existing documentation that currently complicate cyber operations and cybersecurity governance. Conduct an End-to- End Assessment of DoD’s Cyber Capabilities. U.S. Cyber Command will lead a comprehensive operational assessment of its posture. In coordination with the Principal Cyber Advisor to the Secretary of Defense, the Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics, and the Office of the Director of Coast Assessment and Program Evaluation, USCYBERCOM will provide short- and long-term recommendations through the CIMB to provide to the Secretary of Defense regarding organizational structure, command and control mechanism, rules of engagement, personnel, capabilities, tools, and potential operational gaps. The goal of this posture assessment will be to provide a clear understanding of the future operational environment; key stakeholder views; as well as strategic priorities, choices, and resources for planning and operations. B. WE’VE PUT SOME GOOD THINGS IN PLACE - - BUT NOT ENOUGH!
  11. So, in sum, this plan contains many steps that seem quite thoughtful and admirable. Nevertheless, critics find fault with the fact that much of the plan remains just that: a plan - - but with a degree of implementation which still leaves us quite vulnerable. Peggy Noonan (ref 4) described some hopes that have been put out - - but which have yet to achieve the ends desired due to an absence of Leadership. “After the pain of previous terror incidents, from 9/11 straight through to Madrid 2004 (train bombings, 191 dead), London 2005 (suicide bombers, 52 dead) and Paris 10 months ago (shootings, 17 dead), the focus was always on the question: What will the Leaders—the political and policy elite—think? The 2015 Paris attack immediately carried a different question: What will the People think, Mr. and Mrs. Europe on the street, Mom and Pop watching in America? What are the thoughts and conclusions of normal people who are not blinkered by status, who can see things clear?” “Madrid and London took place during the height of the wars in Iraq and Afghanistan and could be taken as responses to Western actions. The Charlie Hebdo massacre was in its way a story about radical Islamic antipathy to the rough Western culture of free speech. BUT (the) Paris attack was different. It was about radical, violent Islam’s hatred of the West and desire to kill and terrorize its people. They will not be appeased; we won’t talk them out of it at a negotiating table or by pulling out of Iraq or staying out of Syria. They will have their caliphate, and they will hit Europe again, as they will surely hit us again, to get it.” B. WE’VE PUT SOME GOOD THINGS IN PLACE - - BUT NOT ENOUGH!
  12. Then, later in the year, in San Berardino, CA, the loss of lives directly in our homeland gave rise to the conviction that our government is somewhat asleep at the switch regarding its #1 assignment by the Citizens: to keep America safe. Yet our Chief Executive referred to our enemy as just a “junior varsity” opponent. He continually fails to acknowledge that we face a committed enemy, schooled and obedient to a radical religious fervor, under which America has been cast as the Great Satan and as such must be vanquished as a duty to their Creator. IN THE MINDS OF AMERICANS, FESTERS THE QUESTION: HOW MANY MORE OF US MUST DIE, UNTIL THIS PRESIDENT AND THIS CONGRESS STEP UP TO THEIR LAWFUL DUTY AND SWORN PLEDGE TO THE NATION ? - - A QUESTION MADE MORE URGENT BY CYBER TERROR. Is this our plan ? ? B. WE’VE PUT SOME GOOD THINGS IN PLACE - - BUT NOT ENOUGH!
  13. Summing our thoughts so far, America is, and has been confronted with an implacable foe for well more than a decade. We’ve taken some modest Tactical steps to right the situation. But the results have simply led to more American lives lost. These have not been solely in foreign lands. 9-11, Boston and San Bernardino are stark evidence of this fact. Simply stated, WE HAVE HAD NO STRONG STRATEGY WITH LEADERSHIP TO IMPLEMENT IT. We used some tactical moves - - but these clearly have not deterred our enemy. We saw some Leadership directly after 9-11, but in the past 7 years, Leadership has refused to acknowledge even the name or existence of an issue. Moreover, when this animosity and war-like behavior is combined with the rising spectre of Cyber Warfare, the failure to acknowledge a war upon us, is a recipe for continued (some would say, AT HISTORIC LEVELS) death to Americans. But this is a total miscarriage of the duty of our key Electeds to institute, literally TODAY, a plan that is: C. WHAT MUST BE DONE IS THIS
  14. For those readers in agreement so far, here’s one opinion of the % achievement we’ve made so far with regard to the 6-point plan laid out above: Surely, others will have their own %’s ratings to apply - - but the key here is to acknowledge that our strategy and implementation is NOT YET a recipe to keep us safe. The next chart provides a little more food for thought regarding the 6 plan elements and the rationale for the ratings I have applied. C. WHAT MUST BE DONE IS THIS
  15. D. Concluding Thoughts 3000+ Americans have been killed since 2001. 14 innocent Americans were killed in San Bernardino, CA as recently Dec 2, 2015. Congress and our Chief Executive have applied many words but few actions toward improved safety here at home. However, words and mini-action are a recipe for more American lives lost. Nevertheless, safety of Americans is the #1 job of our Leaders. Our vulnerability to homeland attack has hugely expanded as Cyberterrorism is growing as a likely enemy weapon of choice. A few tactical bombings by American forces is a start - - but this will only hasten Terrorist action in response. Saving American lives requires a STRATEGIC approach that must include improvements to the implementation steps of Chart #13 - - and specifically, this critical, missing ingredient: **America's Leaders must declare in unambiguous terms: "Continued Terrorist taking of American lives will henceforth be responded to by a 100-fold worse attack by America on the Leadership of the Terrorist movement. This Terrorist Leadership includes (i) the Agitators who collude in broadcasting inflammatory requests for Terrorist action, and (ii) The top Terrorist Mastermind Leadership, which reside comfortably in external Nations while proselytizing such vicious actions as a duty, in accord with the will of their Deity. Moreover, if America establishes, for any specific attack, the national residence of Terrorist Leadership, then the nation which permits such goings on within its realm, will be subjected to the might of American destructive power aimed directly at that Nation’s Terrorist Leadership and their resources. So, all Non-Terrorist Leadership must initiate NOW, the destruction of such Terrorist Groups within their borders. America will not sit by and see another American life sacrificed to Terrorism of any shade. **
  16. REFERENCES "You’ve Been Warned: Why You Need to Be Ready for Total Grid Failure", Daisy Luther , September 23, 2013, "THE DEPARTMENT OF DEFENSE CYBER STRATEGY", April 2015, strategy/Final_2015_DoD_CYBER_STRATEGY_for_web.pdf LANDMARK CYBERSECURITY LEGISLATION INCLUDED IN OMNIBUS PASSES HOUSE, Homeland Security Committee, Chairman Michael McCaul (R-TX) , December 18, 2015, house/ "Uncertain Leadership in Perilous Times - Paris is Different, But the President Can’t Seem To Change", Peggy Noonan, The Wall Street Journal, November 27, 2015 I'm very happy to cite the following references which helped provide much of the historical information developed in this article.