Total Pageviews

Wednesday, October 31, 2012

News - Creation of a new cyber security research centre in Bristol

A center to combat cyber attacks has been launched on october 31st 2012 in Bristol. One of the objectives is to make UK one of the most secure places in the world to do business online (!)

News - Minister of communications denies Iran's complicity in cyber attacks

Reza Taqipour, Minister of Communication and Information technology, denied Iran's complicity in cyber attacks that recently targeted western banks (FARS News Agency. October 31, 2012).

News - Cyber attacks rose by 81% according to Symantec

According to Symantec, cyber attacks rose by 81% between 2010 and 2011 (Bankole Orimisan, The Guardian, October 31, 2012)

News - US Army and cyber training

The US Army includes cyber operations into its traditional training exercises. Army adds cyber war to combat training, october 29, 2012.

Events - Cyber Defence & Network Security 2013

Cyber Defence & Network Security 2013. London, 28-31 January 2013. More information.

Events - Cyber Defense Initiative Conference 2013

CDIC 2013. The Pirates in the Cyberspace. 27-28 February 2013. Bangkok Convention Center, Centara Grand at Central World.
โครงการอบรมการป้องกันความปลอดภัยข้อมูลคอมพิวเตอร์ ครั้งที่ 12

Thursday, October 25, 2012

News - Iranian cyber strategy

The new iranian cyberdefense strategy will be published next october 29, 2012 (Le nouveau document stratégique de la cyber-défense iranien sera dévoilé). Let's mention that the strategy will focus on "passive" cyber-defense (to counter cyber-attacks). The same day, Iran will implement national cyber-defense exercises to test cyber-infrastructures.
Last July, Ahmad Vahidi, Minister of Defense, declared that cyber-defense is among the top priorities of his ministry (a cyber command has been set up in 2012).

Publicaciones - Ciberguerra

"Ciberguerra" (Daniel Ventre), p. 31-46, en "Seguridad global y potencias emergentes en un mundo multipolar", actas del XIX Curso Internacional de Defensa (26-30 de septiembre de 2011. Jaca, España). Ministerio de Defensa, Academia General Militar, Universidad de Zaragoza. Fecha de edicion: septiembre de 2012.   

Wednesday, October 24, 2012

News - Call It Chimerica: The U.S. and China Grow Ever Closer (Bloomberg)


Call it Chimerica: The U.S. and China Grow Ever Closer. Interesting paper by Jennifer Daniel and Caroline Winter. (Bloomber BusinessWeek. October 11, 2011). The most interesting probably is the proposed illustration, that compares both US and Chinese mutual dependance on business.

General question (that is not developed in the article): what is the impact of cyberespionage / cybercrime / cyberattacks / cybersecurity measures / cyberdefense policies, between close economic partners?

News - France joins Cyber Defense Center

Monday, October 22, 2012

News - Conference "Cyberthreats, Cyberdefense, Cyberwar" - Brussels

Conference "Cyberthreats, Cyberdefense, Cyberwar" - Ecole Royale Militaire - Brussels - November 19, 2012. Journée d'études du Belgian Intelligence Studies Centre (BISC) et du Centre d'études de droit militaire et de droit de la guerre.

News - Statistics: 1000 cyberattacks / hour...

Tom Whitehead, Britain is target of up to 1000 cyber attacks every hour, 22 octobre 2012, The Telegraph:

- "Cyber crime is estimated to cost the UK about £27 billion annually"
- "it is possible to buy off-the-shelf malicious software, such as that designed to steal bank details from people’s computers, for as little as £3,000"
- "Britain is being targeted by up to 1,000 cyber attacks every hour"

But the most interesting point in the article concerns the opinion of the Intelligence and Security Committee, that believes "Britain should declare cyber war on states and criminals who target the country by using aggressive retaliatory strikes to destroy their own operations".

The escalation of violence is a real risk too!

News - Cybersecurity Conference - Washington

Washington. October 22-23, 2012. Cybersecurity Conference.

Sunday, October 21, 2012

News - (Cyber)Apocalypse Soon

Karen J. Greenberg is asking the question "Will the Apocalypse arrive online?"... and soon?
Let's remind that the question is not really new. The idea of a cyber-apocalypse or Cyber Pearl Harbor (CPH) was born in the 90's.  

News - Become a cyber warrior!

Some private firms have invented the new version of the old commercial slogan "Learn French (or English, Spanish, Russian, Chinese...) in 20 lessons!"
If we believe the new slogans, people might become cyber warriors in less than a week. IT Securitas proposes a 5-days training program to become a cyber warrior. Last June 2012, the malaysian company CyberGuru proposed a 4-days (!!) program titled "Cyber Warrior" (The objective of the program was to train students how to use cyberweapons, and understand cyberdefense - attack and defense - strategies).  
Is it so easy to become a cyber warrior?   

News - Thomas Rid: "Cyber War will not take place"

New book soon to be published: "Cyber War will not take place", by Thomas Rid. 30 april 2013. 256 pages. C Hurst & Co Publishers Ltd.

Article - US hypocrisy over cyber warfare

US is accused of hypocrisy over cyber warfare. Mikko Hypponen reminds us that most of the cyberattacks uncovered in the past years have been launched from (or by) the United States. The official discourse from Leon Panetta and other US government institutions (about Cyber Pearl Harbor threat) is hypocritical.  Lain Thomson, October 20, 2012. The Register.

News - Twenty top US Air Force generals are due to discuss cyber warfare

Twenty top US Air Force generals are due to discuss cyber warfare in a November meeting. The objective is to clarify the roles of US Air Force in the cyberconflict domain. (Washington, The Observer, October 20, 2012).

News - Israel Defense Forces is stepping up its cyber-warfare efforts

Israel Defense Forces is stepping up its cyber-warfare efforts, through the recruitment of cyber soldiers. October 21, 2012. Haaretz.com

News - Cyber-security: Innovation, Regulation and Strategic

The Innovation and regulation Chair will organize, next November 21, 2012, a Research workshop on Cyber-security: Innovation, Regulation and Strategic Shifts.

Participants:
- Philippe Baumard (Ecole Polytechnique, Innovation & Regulation Chair) will introduce this workshop and welcome:
- Dr. JP Macintosh, Director of Programs, UCL Institute for Security and Resilience Studies
- Dr. Chris C. Demchak, Professor, Strategic Research, NWC Center for Cyber conflict studies
- Admiral Arnaud Coustillère, Cyber-Defense General Officer, Etat-Major des Armées
- Mr. Jean-Luc Moliner, Senior Vice President, Security, France Telecom-Orange
- General Yves-Tristan Boissan, Commander, School of Transmissions
- Mr. Cédric Blancher, Senior Cyber-Security Expert, EADS Group
- John Mallery, Research Scientist, MIT Computer Science and Artificial Intelligence Laboratory.

More details

Articles - Washington Post - America should brace for cyber-war blowback

Walter Pincus (Washington Post) asks an interesting question: "How prepared is the American public for the inevitable blowback? Just what can be done about this remote-control warfare?" (Blowback being here defined as "an unforeseen and unwanted effect, result, or set of repercussions," according to the Merriam-Webster Dictionary). The U.S. is preparing for cyberoffense and is developping new weapon technologies, but is not the only one in the world being able to create and use them. Is the U.S. really prepared to defend against others doing the same thing? (Washington Post - October 21, 2012, America should brace for cyber-war blowback)

Saturday, October 20, 2012

News - HSBC websites hit by cyberattack

A large scale cyber attack has hit websites of HSBC. Million of customers around the world have been left without access to online services for at least 7 hours. The DDoS attack has been launched on Thursday evening. At the same time the US financial group Capital 1 was also hit by a similar type of cyberattack. According to HSBC, customers'data have not been affected by this incident. The most important for all firms being victims of such attacks is to ensure business continuity.

Friday, October 19, 2012

News - Conference on Cyber Warfare

News - CyberCercle

Agenda du CyberCercle:

- 24 octobre 2012: "Ministère de la défense: opérer en sécurité dans le cyberespace". Intervenants: CA Arnaud COUSTILLIERE, Officier Général en charge de la Cyberdéfense à l'EMA, Francis HILLMEYER, député du Haut-Rhin, membre de la ComDef. Inscription
- 8 novembre 2012: "Quelle place pour la cyberdéfense dans la réflexion du Livre Blanc?". Intervenants: Patrick Paiiloux (ANSSI), Eduardo RIHAN CYPEL, député de Seine-et-Marne, membre de la ComDef et de la Commission du Livre blanc. Inscription
- 5 décembre 2012: "La France dans le débat international sur la cybersécurité". Intervenant: M. l'Ambassadeur Jean-François BLAREL, Secrétaire Général adjoint du ministère des Affaires étrangères. Inscription 
Plus d'informations sur le site Défense & Stratégie

Wednesday, October 17, 2012

Comments on U.S. Cyber Defense Strategies

Here are some elements of the current U.S. cyber defense strategy:

1 - Reaction to cyberattacks

- The Pentagon's approach to cyber warfare is focusing more on a quick response rather than a perfect solution. "Military focuses on quick response cyber capabilities". Sept. 19, 2012

- DoD is finalizing new cyberwar rules of engagement

2 - Identification of foes

- "The three potential adversaries out there that are developing the greatest capabilities are Russia, China, Iran" (Leon Panetta, Oct.12, 2012. "Panetta sounds alarm on cyber-war threat")

- “Out of a scale of 10, we’re probably 8 [in cyber-war skills. But potential foes] are moving up on the scale – probably the others are about a 3, somewhere in that vicinity, but they’re beginning to move up.” (Leon Panetta, Oct.12, 2012. "Panetta sounds alarm on cyber-war threat")

- Existing new capabilities of attribution ("Cyber Command is increasingly able to trace the origin of digital assaults". Military prepares new agressive rules to fight cyber war: Panetta. Oct.12, 2012)

3 - Human resources

- Recruiting new kind of cyber warriors: civilians, subcontractors, private actors. The future cyber warriors might be civilians rather than DoD soldiers. (Leon Panetta, Speech, October 11, 2012)

4 - Maintaining Secret

- We do not know how DoD and more generally the US react to cyberattacks. Do they counter-attack? How?

Comments:

International power :
- Iran is among the new adversaries that have recently appeared in the cyber realm. Does L. Panetta forget North Korea...?
- The USA remais the strongest actor in the worl: "we are probably 8 ... the others are about a 3...". It means that a future (current?) cyberconflict will be (or is?) a dissymetric one.
- Will DoD rules of engagement become a worldwide model? Will the US allies be constrained to adopt the same rules of engagement? Will the U.S. impose its rules to NATO allies? ...
- Is the US really able to trace the origin of cyberattacks? Will the US be the only country to possess such capability? Will it share this capability with allied countries? 
- Through its attribution capabilities, its rules of engagement, and such a difference in cyber-war skills compared to other nations, the USA tries to impose its hegemonic power through cyberspace.  

Monday, October 15, 2012

News - China busts 700 cybercriminal gangs

China busts 700 cybercriminal gangs. Article by Liau Yun Qing. ZDNet Asia. October 15, 2012.
China's Web policing campaign has led to the arrest of 8,900 suspects!

Saturday, October 13, 2012

News - Cyber Defense Initiative 2012

SANS Cyber Defense Initiative 2012 will take place in Washington December 7 - December 16, 2012.

Comments: Among the courses, the intervention of John Strand will teach how to attack the attackers, how to implement offensive countermeasures. There is no legal framework for such offensive activities, but "Well, to be honest, you will need it someday"...and "the old strategies of security have failed us and will continue to fail us unless we start becoming more offensive in our defensive tactics". That is what we call escalation of violence. Is this the unique solution to the current asymetry that provides advantage to the attackers? Might the State let private actors launch counterattacks against foreign actors?

Conference - R&D for cyber defence and for combating cyber crime

EDA (European Defence Agency) proposes a one-day workshop on R&D for cyber defence.
The workshop will focus on technologies. Are they the only solution for combating cyber threats?

News - Entretien avec le général Boissan, "père de l'Arme" des Transmissions

Le site Secret Défense propose un entretien avec le général Boissan, intitulé "Les transmissions doivent construire leur place dans la cyberdéfense".
L'arme des transmissions développe ses capacités de cyberdéfense (c'est-à-dire celles de LIO, celles de LIA ne relevant pas de ses missions).

News - L'ASEAN et le Japon se liguent contre les attaques supposées de la Chine

Cyber Warfare – Do We Need a New Geneva Convention? - Army Technology

Cyber Warfare – Do We Need a New Geneva Convention? - Army Technology

Cybersecurity – defending the digital line - Army Technology

Cybersecurity – defending the digital line - Army Technology

Cyber security – US election embraces the Cinderella issue - Army Technology

Cyber security – US election embraces the Cinderella issue - Army Technology

Friday, October 5, 2012

News - Lettre ouverte de J.M. Bockel

Le sénateur Jean-Marie Bockel publie une intéressante lettre ouverte aux équipementiers de télécommunication chinois.

Cette lettre appelle les autorités françaises, l'Europe et la Chine à dialoguer. La France doit faire entendre sa voix, et affirmer qu'elle ne saurait accepter de voir ses communications interceptées, filtrées, analysées, par des acteurs de la scène internationale déloyaux:  "... les efforts consentis par les entreprises françaises pour augmenter leur compétitivité via des investissements importants en matière de système d'information se révèlent, en cas d'espionnage, servir leurs concurrents. C'est l'un des aspects masqués d'une mondialisation déloyale qu'il faut rendre plus visible. Il en va de notre souveraineté, de la survie de nos entreprises et de la préservation de nos emplois. »
Dans le même temps, l'AFP publie une dépêche: "La moitié des créanciers de la France, pour la dette levée en 2012, sont en Asie et au Moyen-Orient, contre à peine un tiers pour la zone euro, indique Philippe Mills, directeur général de l'Agence France Trésor (AFT) dans un entretien publié vendredi par le site Next Finance."

Souveraineté malmenée.

Tuesday, October 2, 2012

News - Information Operations Training

US Army 1st IO Command. IO Training. 15 october 2012 - 27 september 2013.
Program:
- IO fundamentals
- Military Information Support Operations Integration Course (MISOIC)
- Military Deception Planners Course (MDPC)
- Sociocultural Information Integration Course - Afghanistan (SIIC)
- Basic Computer Network Operations Planners Course (BCNOPC): coordinated employment of Computer Network Exploitation (CNE), Computer Network Attack (CNA), and Computer Network Defense (CND) activities. The BCNOPC describes how CNO elements (CNE, CNA, CND) relate to each other; to other Information Operations Capabilities (EW, MILDEC, OPSEC, PSYOP, etc.); and, in general, to both friendly and adversary operations in cyberspace.
- Executive Computer Network Operations Planners Seminar (ECNOPS). This seminar provides a strategic/operational level introduction to CNO and cyberspace planning. Content and discussions are at the TOP SECRET//SI level
- Electronic Warfare Integration Course (EWIC)

News - Cyberattaque à Washington: un non-évènement

Les médias se sont empressés de rapporter la nouvelle: la Maison Blanche a fait l'objet de cyberattaques cette semaine. Mais en y regardant de plus près on se rend compte une fois de plus que l'on ne dispose d'aucune véritable information, et que les gros titres cachent un non-évènement:

- l'attaque visait un réseau non classifié (ce qui minimise déjà l'importance de l'affaire)
- les responsables (qui?) ont déclaré qu'aucune donnée n'aurait été volée
- l'attaque a été notifiée assez tôt, elle n'a pas eu le temps de se propager

Finalement, il n'y a rien à dire. Ou pas grand chose.