Paul's Blog

THOUGHTS ON CYBER WARFARE

Transatlantic Cybersecurity Research Workshop at the Hungarian Embassy

I would like to share some of my thoughts about the Transatlantic Cybersecurity Research Workshop at the Hungarian Embassy.  I would like to thank our CSFI members and friends who attended this event with me, David Simpson (CSFI Security Engineer and lab genius), Steve Smith (cyber Hungarian friend), Ambassador Smith (always inspiring me on political issues), and Connie Peterson Uthoff (CSFI OSINT Analyst).  I have been in contact with Joe Weiss for 2 years, and I finally had the opportunity to meet Joe personally and listen to his presentation. 

Below is part of the introduction to the Transatlantic Cybersecurity Research Workshop as described in the news section of the website of the Embassy of Hungary, which can be found at http://www.huembwas.org/News_Events/20110408_cyber_conf/draft%20agenda.htm

Since threats, and the critical infrastructures criminals and state actors target, have become global and increasingly sophisticated, the need to come up with effective protection is also a shared responsibility by the democratic community of nations.  To support such efforts, the Hungarian Embassy in Washington DC (Hungary is currently assuming the role of the Presidency of the Council of the European Union) is organizing a one-day Transatlantic Cybersecurity Research Workshop with legislators, policymakers, researchers, scholars and representatives of the private sector from both sides of the Atlantic.  Members of the relevant European parliamentary delegation – all belonging to the Parliament’s Civil Liberties, Justice and Home Affairs Committee – are coming to Washington to have talks on PNR, SWIFT, data protection issues.  At the same time they are also in charge of overseeing European cybersecurity planning and agreed to lend us a hand in discussing EU cyber policy.  The half day workshop will aim to focus on how cybersecurity research may be harmonized or even prioritized between the US and the EU.

Ambassador György SZAPÁRY was very kind to welcome the audience and to make their Embassy open to our group for this special cyber event.

Panel Discussion: Most Urgent and Emerging Cyberthreats to Critical Infrastructure         

Jody WESTBY, Adjunct Distinguished Fellow at Carnegie Mellon University and CEO of Global Cyber Risk

Carlos KIZZEE, Director, Strategic Initiatives, Critical Infrastructure Cyber Protection & Awareness, National Cyber Security Division, Cybersecurity and Communications, National Protection and Programs Directorate, DHS

Kristjan PRIKK, Defense Counselor, Estonian Embassy

Joe WEISS, researcher, Applied Control Solutions

Moderator: Lynn VAN FLEIT, Founder and Executive Director, Diplomacy Matters Institute

Jody Westby gave us a good summary of what the United States is trying to accomplish in cyberspace in terms of policy and regulation, she covered some of the cyber bills and initiatives. I personally believe that it is time for industry and government to start taking a harder look at all of our proposed bills, improve them and finally get serious about passing them.

Carlos Kizzee gave a realistic speech about the efforts of DHS to protect our critical infrastructure and how DHS has created collaboration channels with CYBERCOM. “We all have to accept that cyber security is a complex issue that cannot be solved by one country, one vendor or one actor by itself; it requires coordinated response, coordinated mitigation, and it is an ongoing activity”.  We cannot fix the problem by creating a new set of problems; we cannot erode civil liberties, voiced Mr. Kizzee. The solution set must be something that changes the game, something that we have not seen before, in his words.

He stressed four elements: Coordination, Alignment, Testing and Innovation.

I only wish our government got more serious about the issue by increasing the cyber R&D budget, currently at an embarrassing amount of 40 million dollars. We have great minds in the DHS like Mr. Kizzee and Dr. Douglas Maughan, but we all know that 40 million dollars for cyber R&D is ludicrous. We have Ferraris in the garage and no gasoline.

Joe Weiss, also a CSFI member, spoke at the event, a much anticipated speech that I enjoyed very much so. His main message is that the control systems world is much different from the IT world! Cyber security professionals are not trained to deal with control systems. In the control systems world confidentiality means little, and availability is king. When we try to apply cyber security regulations and principles to the world of control systems, we run the risk of making things worse. Joe talked about intentional and unintentional attacks. There are 10 or 12 SCADA vendors out there supplying their code internationally, making it possible for companies in the US to control nuclear plants in Japan and vice-versa, a global reach that physically affects processes! He made sure to clarify that PLCs are not IT, like the STUXNET attack using IT as the delivery vehicle, but in reality the “warhead” was a control system attack. There is no anti-virus, no patch for addressing the warhead. Neither Estonia nor Georgia had their infrastructure attacked by this form of attack. Joe pointed out that we have too many IT professionals who know nothing about control systems; there is a lack of education and training in this field, due to the lack of control systems professionals and initiatives.

We as a nation must stop being secretive and obscure about this problem and start facing reality by creating programs that are open to the public to educate and train America on control systems security and the role of cyber in this environment. Joe is one of the few control systems professionals preaching this truth out there; we all should listen to him and take action. I am glad to say that CSFI is ahead of the curve by creating our STUXNET workshop and producing control systems training, ALL of it done with minimal budget and volunteerism efforts. If we can do it, so can our government. I would like to voice Joe’s concern and invite our leaders to think about such initiatives, to collaborate, join hands with industry and take action before it is too late. I always tell my children that freedom comes from education, and we need to be more educated about cyber security and control systems security in order to be free. 

I had the pleasure to talk with Jeff Moulton, and I appreciate his comment during the event about cyberspace being a war fighting domain. This reality must not be forgotten, and it is DOD doctrine. I understand that many cyber security professionals may not like to use the term cyber warfare and rather say cyber conflict or cyber operations, and that is OK. The fact of the matter is that nation states and other actors can fight through and in cyberspace to accomplish military missions, using cyberspace as a medium for warfare.

This article was a bit long, but I feel passionately about the things I heard at the event and would like to share this with my dear CSFI members and friends.

 Paul de Souza, CSFI Founder Director

Advertisements

Filed under: Uncategorized

Career Thoughts

I am humbled and honored to have the opportunity to manage and run one of the biggest and most active forums on the Internet dealing with cyber warfare and cyber security – CSFI (The Cyber Security Forum Initiative). With over 16 years of cyber security experience, I continue to actively raise Cyber Warfare/Cyber Security awareness worldwide. I have worked as a Chief Security Engineer for AT&T, where I designed and approved secure networks for MSS. I have also consulted for several governments, military and private institutions on best network security practices throughout my career.

CSFI and its divisions CSFI-CWD (Cyber Warfare Division), CSFI-LPD (Law and Policy Division) and CSFI-WD (Wireless Division) continue to grow and expand with more than 60,000 information security members.

One of my personal goals is to serve our security community to the best of my abilities, in the protection and defense of our American national security interests, the American people, and that of our international partners. I am always ready to serve and to give of my time and skills to help our society with the growing problems we experience in cyberspace. I thank God and my family for the opportunities I have had in life and the most precious of all opportunities, which is the chance to serve others. I love what I do, and I appreciate all the support I have received from friends, family and our CSFI members.

___________________________________________

Paul de Souza, CSFI Founder Director

%d bloggers like this: