Paul's Blog

THOUGHTS ON CYBER WARFARE

Surviving Cyberwar (National Press Club, Dec 2010)


Paul de Souza and Richard Stiennon

The book launch event for Surviving Cyberwar at the National Press Club was a success! I got up early and got ready to go support Richard and listen to his speech here in DC. As I looked out the window I see snow—not a common sight in Virginia and definitely not a pleasant one when taking the DC metro and especially not when driving. However, neither snow nor rain would stop me from making it there! As I arrived at the National Press Club, I start to notice that Richard Stiennon is not the only one presenting today; I see Mike McConnell and others getting ready to present on other security issues. I had the opportunity to have a quick chat with Col Banks (Office of the Assistant Secretary of the Army) on cyber warfare and security in general, at which point Richard arrived. The networking continued on as I made my way to Richard’s presentation space. I had the opportunity to meet some interesting folks.
I have known Richard for awhile now, and we even had the opportunity to be the only two Americans presenting at CebIT (security conference) in Sydney, Australia this year. To talk security with Richard is always a fascinating intellectual experience, as he can easily walk one through security events with such clarity.
Anne Bader introduced Richard Stiennon to a fairly full room. Richard opened his presentation by explaining to the audience the reason why he wrote a book on Cyber War, which is to raise awareness on the issue and also to clarify certain terms and events that may or may not be considered cyber war. It is a book that, in my opinion, covers historical events of cyber conflicts and attempts to give the reader a better understanding of what happened not only from a historical perspective but also from a technological angle. As a writer, journalist and researcher, Richard has the ability to immerse the reader into the subject of cyber war.
Richard continued his speech by covering the story of Shawn Carpenter, an American Navy veteran previously employed by Sandia National Laboratories, who tracked down a Chinese cyber-espionage ring that is code-named Titan Rain by the FBI. The story came to national attention when it was featured in the September 5, 2005 issue of Time magazine. Carpenter, who was present in the room, is currently employed at NetWitness Corporation and is also a CSFI member.
Richard then talked about China’s strategic approach to cyber warfare by quoting Mr. Tim Thomas (The Dark Visitor http://www.thedarkvisitor.com/) and the father of information warfare in China, Dr. Shen Weiguang, who stated that “the main target of IW is the enemy’s cognitive and trust systems, and the goal is to exert control over his actions” in the IW introductory research piece for the Chinese military newspaper. Richard talked about his new own definition of APT – combination of (Adversaries, Perniciousness and Targets). He also covered the reality of social media attacks and how TRUST is the main security element of any relationship. We can clearly see this malicious trend getting more and more momentum as we all rely on trusted relationships to speed up our processes and operations. Breach of trust can be the hardest form of attack to be protected against.
Richard said, “Cyber Espionage is not Cyber Warfare.” It is an element of it, but it should not be mistaken by the media as Cyber War. Richard’s definition of cyber war: “Tanks must be rolling across borders in conjunction with cyber attacks.” He gave the example of the Georgia vs. Russia conflict as real cyber war. I recommend anyone interested in learning more about cyber security events and cyber warfare to read Richard’s book and support his work. Richard is a great asset to the overall education of cyber citizens, and his voice must be heard.

Paul de Souza, CSFI Founder Director

Advertisements

Filed under: Uncategorized

Digital Pearl Harbor (Georgetown University Dec 2010)

I would like to congratulate Tom Billington from Cyber Security Seminars, Dr. Spiros Dimolitsas  (Georgetown University Senior Vice president) and Catherine Lotrionte (Georgetown University Associate Director, Institute for Law, Science and Global Security) for organizing an affordable and highly valuable cyber event in DC!

The Cyber Symposia: Digital Pearl Harbor took place at Georgetown University with the following panel:

Richard Clarke, Author, Cyberwar: The Next Threat to National Security and What to Do About It, Chairman, Good Harbor Consulting and Special Advisor to the President for Cybersecurity.

General Michael Hayden, Former Director, Central Intelligence Agency and National Security Agency and Senior Advisor, Cyber Project, Georgetown University.

Jeffrey Carr, Author, Inside Cyber Warfare: Mapping the Cyber Underworld, and Founder and CEO, Taia Global.

Moderators:

Thomas K. Billington, CEO, CyberSecurity Seminars

Catherine Lotrionte, Associate Director, Georgetown Institute of Law, Science and Global Security.

This event took place on a very cold day here in DC in a room full of information security professionals, military personnel and government employees. I had the opportunity to see Jeff Carr again and catch up on his visit to India, I was also honored to have a chat with Richard Clarke and talk with him about CSFI and our mission.

Richard Clarke started out by talking about how America’s network has been heavily victimized by cyber espionage. On Cyber War “If there were a cyber war involving the United States today, we have no plan and no capability to defend our critical infrastructure”.  Mr. Clarke spoke about the US possibly not being able to reach an agreement with Iran over their nuclear program which could requiret the US and its allies to have to step up and wage war. According to Mr. Clarke, this is not fantasy as the Pentagon, the White house and CENTCOM have been preparing for a more serious response scenario last year. In fact he talked about this war scenario not being in a “distant future”.  He talked about Iran responding through cyberspace in case of war as their missiles cannot reach our homeland. Cyber will be an important medium in the next conflict. North Korea is also a subject of concern, as we have no economic inter-dependence with North Korea, like we do with China. North Korea has also been polishing their cyber offensive capabilities to fight in and through cyber. I have also heard from some contacts that North Korea has been investing on satellite technologies as their submarine cables can be kinetically compromised.  Mr. Clarke spoke of our US government not being up to speed with our national policies covering cyber operations in response to cyber attacks against our homeland. The US Congress needs to introduce cyber legislation next year that can demonstrate bipartisan efforts. We need to put aside politics and focus on the issues at hand. The government will have to do something to help the private sector, and some of that may include regulation. We will not succeed in defending critical infrastructure without smart regulation that is truly enforced.

General Michael Hayden talked about the nature of the network itself. He talked about ARPANET as the bloodline of the internet, a network created by the DOD meant to transfer data among a limited number of nodes in a TRUSTED environment. Today of have an unlimited number of nodes along with a vast number of un-trusted connections. Gen. Hayden spoke about the realization of such problem by America as we created CYBERCOM. He addressed the lack of policy and legal guidance necessary to run defensive and offensive operations in the protection of our national security.

Jeffrey Carr stated, “We need to re-think what war is!” He gave the example of China’s strategy in cyberspace, the Chinese concept of waging warfare by stealing intellectual property and fighting a bloodless war where true power is the economic power. The main part of this strategy is to incentive foreign R&D companies to open shop in China as the Chinese government keeps capturing ALL traffic and decrypting anything traversing their pipes. Jeff mentioned that Russia is also conducting some form of warfare very similar to China where organized crime and Russian Intelligence collaborate to achieve national goals. Russia however has a tendency to use knetict force in conjunction with cyber attacks in a more aggressive cyber war strategy. Russians have been investing on American social media networks as a way to harvest open source intelligence. The investment on social media is a key strategy element to Russian strategy in cyberspace. Jeff talked about the importance of having metrics as a way to measure the success of our cyber strategies. Most organizations lack that capability today.

I recommend Cyber Security Seminars for anyone wanting to network and learn from people who can be trusted in the security industry. Great value! Even if you are not in the DC area I would recommend you come check it out!

Paul de Souza, CSFI Founder Director

 

 

Filed under: Uncategorized

CSFI Blog Calendar

December 2010
M T W T F S S
« Oct   Feb »
 12345
6789101112
13141516171819
20212223242526
2728293031  

Enter your email address to follow this blog and receive notifications of new posts by email.

CSFI Twitter

Career Thoughts

I am humbled and honored to have the opportunity to manage and run one of the biggest and most active forums on the Internet dealing with cyber warfare and cyber security – CSFI (The Cyber Security Forum Initiative). With over 16 years of cyber security experience, I continue to actively raise Cyber Warfare/Cyber Security awareness worldwide. I have worked as a Chief Security Engineer for AT&T, where I designed and approved secure networks for MSS. I have also consulted for several governments, military and private institutions on best network security practices throughout my career.

CSFI and its divisions CSFI-CWD (Cyber Warfare Division), CSFI-LPD (Law and Policy Division) and CSFI-WD (Wireless Division) continue to grow and expand with more than 60,000 information security members.

One of my personal goals is to serve our security community to the best of my abilities, in the protection and defense of our American national security interests, the American people, and that of our international partners. I am always ready to serve and to give of my time and skills to help our society with the growing problems we experience in cyberspace. I thank God and my family for the opportunities I have had in life and the most precious of all opportunities, which is the chance to serve others. I love what I do, and I appreciate all the support I have received from friends, family and our CSFI members.

___________________________________________

Paul de Souza, CSFI Founder Director