A center to combat cyber attacks has been launched on october 31st 2012 in Bristol. One of the objectives is to make UK one of the most secure places in the world to do business online (!)
Wednesday, October 31, 2012
News - Minister of communications denies Iran's complicity in cyber attacks
Reza Taqipour, Minister of Communication and Information technology, denied Iran's complicity in cyber attacks that recently targeted western banks (FARS News Agency. October 31, 2012).
News - Cyber attacks rose by 81% according to Symantec
According to Symantec, cyber attacks rose by 81% between 2010 and 2011 (Bankole Orimisan, The Guardian, October 31, 2012)
News - US Army and cyber training
The US Army includes cyber operations into its traditional training exercises. Army adds cyber war to combat training, october 29, 2012.
Events - Cyber Defence & Network Security 2013
Cyber Defence & Network Security 2013. London, 28-31 January 2013. More information.
Events - Cyber Defense Initiative Conference 2013
CDIC 2013. The Pirates in the Cyberspace. 27-28 February 2013. Bangkok Convention Center, Centara Grand at Central World.
โครงการอบรมการป้องกันความปลอดภัยข้อมูลคอมพิวเตอร์ ครั้งที่ 12
Thursday, October 25, 2012
News - Iranian cyber strategy
The new iranian cyberdefense strategy will be published next october 29, 2012 (Le nouveau document stratégique de la cyber-défense iranien sera dévoilé). Let's mention that the strategy will focus on "passive" cyber-defense (to counter cyber-attacks). The same day, Iran will implement national cyber-defense exercises to test cyber-infrastructures.
Last July, Ahmad Vahidi, Minister of Defense, declared that cyber-defense is among the top priorities of his ministry (a cyber command has been set up in 2012).
Publicaciones - Ciberguerra
"Ciberguerra" (Daniel Ventre), p. 31-46, en "Seguridad global y potencias emergentes en un mundo multipolar", actas del XIX Curso Internacional de Defensa (26-30 de septiembre de 2011. Jaca, España). Ministerio de Defensa, Academia General Militar, Universidad de Zaragoza. Fecha de edicion: septiembre de 2012.
Wednesday, October 24, 2012
News - Call It Chimerica: The U.S. and China Grow Ever Closer (Bloomberg)
Call it Chimerica: The U.S. and China Grow Ever Closer. Interesting paper by Jennifer Daniel and Caroline Winter. (Bloomber BusinessWeek. October 11, 2011). The most interesting probably is the proposed illustration, that compares both US and Chinese mutual dependance on business.
General question (that is not developed in the article): what is the impact of cyberespionage / cybercrime / cyberattacks / cybersecurity measures / cyberdefense policies, between close economic partners?
Tuesday, October 23, 2012
News - Canada: ready to combat cyber attacks ?
Bill Curry: "Serious flaws in Ottawa's Defence against cyber attacks: auditor general", October 23, 2012.
Monday, October 22, 2012
News - Conference "Cyberthreats, Cyberdefense, Cyberwar" - Brussels
Conference "Cyberthreats, Cyberdefense, Cyberwar" - Ecole Royale Militaire - Brussels - November 19, 2012. Journée d'études du Belgian Intelligence Studies Centre (BISC) et du Centre d'études de droit militaire et de droit de la guerre.
News - Statistics: 1000 cyberattacks / hour...
Tom Whitehead, Britain is target of up to 1000 cyber attacks every hour, 22 octobre 2012, The Telegraph:
- "Cyber crime is estimated to cost the UK about £27 billion annually"
- "Cyber crime is estimated to cost the UK about £27 billion annually"
- "it is possible to buy off-the-shelf malicious software, such as that designed to steal bank details from people’s computers, for as little as £3,000"
- "Britain is being targeted by up to 1,000 cyber attacks every hour"
But the most interesting point in the article concerns the opinion of the Intelligence and Security Committee, that believes "Britain should declare cyber war on states and criminals who target the country by using aggressive retaliatory strikes to destroy their own operations".
The escalation of violence is a real risk too!
News - Cybersecurity Conference - Washington
Washington. October 22-23, 2012. Cybersecurity Conference.
Sunday, October 21, 2012
News - (Cyber)Apocalypse Soon
Karen J. Greenberg is asking the question "Will the Apocalypse arrive online?"... and soon?
Let's remind that the question is not really new. The idea of a cyber-apocalypse or Cyber Pearl Harbor (CPH) was born in the 90's.
News - Become a cyber warrior!
Some private firms have invented the new version of the old commercial slogan "Learn French (or English, Spanish, Russian, Chinese...) in 20 lessons!"
If we believe the new slogans, people might become cyber warriors in less than a week. IT Securitas proposes a 5-days training program to become a cyber warrior. Last June 2012, the malaysian company CyberGuru proposed a 4-days (!!) program titled "Cyber Warrior" (The objective of the program was to train students how to use cyberweapons, and understand cyberdefense - attack and defense - strategies).
Is it so easy to become a cyber warrior?
News - Thomas Rid: "Cyber War will not take place"
New book soon to be published: "Cyber War will not take place", by Thomas Rid. 30 april 2013. 256 pages. C Hurst & Co Publishers Ltd.
Article - US hypocrisy over cyber warfare
US is accused of hypocrisy over cyber warfare. Mikko Hypponen reminds us that most of the cyberattacks uncovered in the past years have been launched from (or by) the United States. The official discourse from Leon Panetta and other US government institutions (about Cyber Pearl Harbor threat) is hypocritical. Lain Thomson, October 20, 2012. The Register.
News - Twenty top US Air Force generals are due to discuss cyber warfare
Twenty top US Air Force generals are due to discuss cyber warfare in a November meeting. The objective is to clarify the roles of US Air Force in the cyberconflict domain. (Washington, The Observer, October 20, 2012).
News - Israel Defense Forces is stepping up its cyber-warfare efforts
Israel Defense Forces is stepping up its cyber-warfare efforts, through the recruitment of cyber soldiers. October 21, 2012. Haaretz.com
News - Cyber-security: Innovation, Regulation and Strategic
The Innovation and regulation Chair will organize, next November 21, 2012, a Research workshop on Cyber-security: Innovation, Regulation and Strategic Shifts.
Participants:
- Philippe Baumard (Ecole Polytechnique, Innovation & Regulation Chair) will introduce this workshop and welcome:
- Dr. JP Macintosh, Director of Programs, UCL Institute for Security and Resilience Studies
- Dr. Chris C. Demchak, Professor, Strategic Research, NWC Center for Cyber conflict studies
- Admiral Arnaud Coustillère, Cyber-Defense General Officer, Etat-Major des Armées
- Mr. Jean-Luc Moliner, Senior Vice President, Security, France Telecom-Orange
- General Yves-Tristan Boissan, Commander, School of Transmissions
- Mr. Cédric Blancher, Senior Cyber-Security Expert, EADS Group
- John Mallery, Research Scientist, MIT Computer Science and Artificial Intelligence Laboratory.
More details
Articles - Washington Post - America should brace for cyber-war blowback
Walter Pincus (Washington Post) asks an interesting question: "How prepared is the American public for the inevitable blowback? Just what can be done about this remote-control warfare?" (Blowback being here defined as "an unforeseen and unwanted effect, result, or set of repercussions," according to the Merriam-Webster Dictionary). The U.S. is preparing for cyberoffense and is developping new weapon technologies, but is not the only one in the world being able to create and use them. Is the U.S. really prepared to defend against others doing the same thing? (Washington Post - October 21, 2012, America should brace for cyber-war blowback)
Saturday, October 20, 2012
News - HSBC websites hit by cyberattack
A large scale cyber attack has hit websites of HSBC. Million of customers around the world have been left without access to online services for at least 7 hours. The DDoS attack has been launched on Thursday evening. At the same time the US financial group Capital 1 was also hit by a similar type of cyberattack. According to HSBC, customers'data have not been affected by this incident. The most important for all firms being victims of such attacks is to ensure business continuity.
Friday, October 19, 2012
News - Conference on Cyber Warfare
Second International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec 2013), 4-6 March 2013 - Kuala Lumpur, Malaysia
News - CyberCercle
Agenda du CyberCercle:
- 24 octobre 2012: "Ministère de la défense: opérer en sécurité dans le cyberespace". Intervenants: CA Arnaud COUSTILLIERE, Officier Général en charge de la Cyberdéfense à l'EMA, Francis HILLMEYER, député du Haut-Rhin, membre de la ComDef. Inscription
- 8 novembre 2012: "Quelle place pour la cyberdéfense dans la réflexion du Livre Blanc?". Intervenants: Patrick Paiiloux (ANSSI), Eduardo RIHAN CYPEL, député de Seine-et-Marne, membre de la ComDef et de la Commission du Livre blanc. Inscription
- 5 décembre 2012: "La France dans le débat international sur la cybersécurité". Intervenant: M. l'Ambassadeur Jean-François BLAREL, Secrétaire Général adjoint du ministère des Affaires étrangères. Inscription
Plus d'informations sur le site Défense & Stratégie
Wednesday, October 17, 2012
Comments on U.S. Cyber Defense Strategies
Here are some elements of the current U.S. cyber defense strategy:
1 - Reaction to cyberattacks
- The Pentagon's approach to cyber warfare is focusing more on a quick response rather than a perfect solution. "Military focuses on quick response cyber capabilities". Sept. 19, 2012
- DoD is finalizing new cyberwar rules of engagement
2 - Identification of foes
- Existing new capabilities of attribution ("Cyber Command is increasingly able to trace the origin of digital assaults". Military prepares new agressive rules to fight cyber war: Panetta. Oct.12, 2012)
3 - Human resources
- Recruiting new kind of cyber warriors: civilians, subcontractors, private actors. The future cyber warriors might be civilians rather than DoD soldiers. (Leon Panetta, Speech, October 11, 2012)
4 - Maintaining Secret
- We do not know how DoD and more generally the US react to cyberattacks. Do they counter-attack? How?
International power :
- Iran is among the new adversaries that have recently appeared in the cyber realm. Does L. Panetta forget North Korea...?
1 - Reaction to cyberattacks
- The Pentagon's approach to cyber warfare is focusing more on a quick response rather than a perfect solution. "Military focuses on quick response cyber capabilities". Sept. 19, 2012
- DoD is finalizing new cyberwar rules of engagement
2 - Identification of foes
- "The three potential adversaries out there that are developing the greatest capabilities are Russia, China, Iran" (Leon Panetta, Oct.12, 2012. "Panetta sounds alarm on cyber-war threat")
- “Out of a scale of 10, we’re probably 8 [in cyber-war skills. But potential foes] are moving up on the scale – probably the others are about a 3, somewhere in that vicinity, but they’re beginning to move up.” (Leon Panetta, Oct.12, 2012. "Panetta sounds alarm on cyber-war threat")
- Existing new capabilities of attribution ("Cyber Command is increasingly able to trace the origin of digital assaults". Military prepares new agressive rules to fight cyber war: Panetta. Oct.12, 2012)
3 - Human resources
- Recruiting new kind of cyber warriors: civilians, subcontractors, private actors. The future cyber warriors might be civilians rather than DoD soldiers. (Leon Panetta, Speech, October 11, 2012)
4 - Maintaining Secret
- We do not know how DoD and more generally the US react to cyberattacks. Do they counter-attack? How?
Comments:
International power :
- Iran is among the new adversaries that have recently appeared in the cyber realm. Does L. Panetta forget North Korea...?
- The USA remais the strongest actor in the worl: "we are probably 8 ... the others are about a 3...". It means that a future (current?) cyberconflict will be (or is?) a dissymetric one.
- Will DoD rules of engagement become a worldwide model? Will the US allies be constrained to adopt the same rules of engagement? Will the U.S. impose its rules to NATO allies? ...
- Is the US really able to trace the origin of cyberattacks? Will the US be the only country to possess such capability? Will it share this capability with allied countries?
- Through its attribution capabilities, its rules of engagement, and such a difference in cyber-war skills compared to other nations, the USA tries to impose its hegemonic power through cyberspace.
Tuesday, October 16, 2012
Seminar - Cyber Security Seminar (Geneva)
Cyber Security Seminar. 12 november 2012 - 13 november 2012. Geneva Centre for Security Policy. http://gcsp.ch/Regional-Capacity-Development/Euro-Atlantic-Security/Events/Cyber-Security-Seminar
News - ANAJ-IHEDN "Cyber Defense" Committee
Le Comité « Cyberdéfense » de l’ANAJ-IHEDN lance son cycle de conférences 2012-2013. Hacking, défiguration, hammeçonnage, DDoS, cybercriminalité, virus, SCADA, intrusion, cyberespace…
Première conférence le jeudi 25 octobre 2012: "L'ANSSI en première ligne de la stratégie de cybersécurité française".
News - Easy access to Huawei routers
News - "Hack in the Box: researcher reveals ease of Huawei router access". October 11, 2012. ZDnet.com.
News - India - Public/Private sectors cooperation for cyberdefense
"India, private sector cooperate for national cyberdefense". Jamie Yap. October 16, 2012.
Monday, October 15, 2012
News - China busts 700 cybercriminal gangs
China busts 700 cybercriminal gangs. Article by Liau Yun Qing. ZDNet Asia. October 15, 2012.
China's Web policing campaign has led to the arrest of 8,900 suspects!
China's Web policing campaign has led to the arrest of 8,900 suspects!
Sunday, October 14, 2012
Article - M.C. Libicki. Cyberspace is not a Warfighting Domain
Cyberspace is not a Warfighting Domain. Martin C. Libicki. 16 pages. A Journal of Law and Policy for the Information Society. Vol.8, Issue 2. Cybersecurity: Shared Risks, Shared Responsibilities. 2012
- Cyber Policy–Institutional Struggle in a Transformed World, Terrence K. Kelly & Jeffrey Hunker
- Government and Private Sector Roles in Providing Information Security in the U.S. Financial Services Industry, Mark MacCarthy
- United States Government Cybersecurity Relationships, Mark D. Young,
- Cyberspace Is Not a War-Fighting Domain, Martin C. Libicki
- Thoughts on Threat Assessment in Cyberspace, Herbert Lin
- Applying International Environmental Legal Norms to Cyber Statecraft, Jason Healey & Hannah Pitts
- Making Good Cybersecurity Law and Policy: How Can We Get Tasty Sausage?, Paul Rosenzweig
- Cybersecurity: Ideas Whose Time Has Not Come – And Shouldn’t, Gregory T. Nojeim
- Cybersecurity Policy as if “Ordinary Citizens” Mattered: The Case for Public Participation in Cyber Policy Making, Peter M. Shane
Saturday, October 13, 2012
News - Cyber Defense Initiative 2012
SANS Cyber Defense Initiative 2012 will take place in Washington December 7 - December 16, 2012.
Comments: Among the courses, the intervention of John Strand will teach how to attack the attackers, how to implement offensive countermeasures. There is no legal framework for such offensive activities, but "Well, to be honest, you will need it someday"...and "the old strategies of security have failed us and will continue to fail us unless we start becoming more offensive in our defensive tactics". That is what we call escalation of violence. Is this the unique solution to the current asymetry that provides advantage to the attackers? Might the State let private actors launch counterattacks against foreign actors?
Conference - R&D for cyber defence and for combating cyber crime
EDA (European Defence Agency) proposes a one-day workshop on R&D for cyber defence.
"Research and Development for Cyber Defence and for Combating Cyber Crime". Brussels. 23 october, 2012
The workshop will focus on technologies. Are they the only solution for combating cyber threats?
News - Entretien avec le général Boissan, "père de l'Arme" des Transmissions
Le site Secret Défense propose un entretien avec le général Boissan, intitulé "Les transmissions doivent construire leur place dans la cyberdéfense".
L'arme des transmissions développe ses capacités de cyberdéfense (c'est-à-dire celles de LIO, celles de LIA ne relevant pas de ses missions).
News - L'ASEAN et le Japon se liguent contre les attaques supposées de la Chine
Article publié par ZDNet le 8 octobre 2012: L'ASEAN et le Japon se liguent contre les attaques supposées de la Chine.
Friday, October 5, 2012
News - Lettre ouverte de J.M. Bockel
Le sénateur Jean-Marie Bockel publie une intéressante lettre ouverte aux équipementiers de télécommunication chinois.
Cette lettre appelle les autorités françaises, l'Europe et la Chine à dialoguer. La France doit faire entendre sa voix, et affirmer qu'elle ne saurait accepter de voir ses communications interceptées, filtrées, analysées, par des acteurs de la scène internationale déloyaux: "... les efforts consentis par les entreprises françaises pour augmenter leur compétitivité via des investissements importants en matière de système d'information se révèlent, en cas d'espionnage, servir leurs concurrents. C'est l'un des aspects masqués d'une mondialisation déloyale qu'il faut rendre plus visible. Il en va de notre souveraineté, de la survie de nos entreprises et de la préservation de nos emplois. »
Dans le même temps, l'AFP publie une dépêche: "La moitié des créanciers de la France, pour la dette levée en 2012, sont en Asie et au Moyen-Orient, contre à peine un tiers pour la zone euro, indique Philippe Mills, directeur général de l'Agence France Trésor (AFT) dans un entretien publié vendredi par le site Next Finance."
Souveraineté malmenée.
Cette lettre appelle les autorités françaises, l'Europe et la Chine à dialoguer. La France doit faire entendre sa voix, et affirmer qu'elle ne saurait accepter de voir ses communications interceptées, filtrées, analysées, par des acteurs de la scène internationale déloyaux: "... les efforts consentis par les entreprises françaises pour augmenter leur compétitivité via des investissements importants en matière de système d'information se révèlent, en cas d'espionnage, servir leurs concurrents. C'est l'un des aspects masqués d'une mondialisation déloyale qu'il faut rendre plus visible. Il en va de notre souveraineté, de la survie de nos entreprises et de la préservation de nos emplois. »
Dans le même temps, l'AFP publie une dépêche: "La moitié des créanciers de la France, pour la dette levée en 2012, sont en Asie et au Moyen-Orient, contre à peine un tiers pour la zone euro, indique Philippe Mills, directeur général de l'Agence France Trésor (AFT) dans un entretien publié vendredi par le site Next Finance."
Souveraineté malmenée.
Tuesday, October 2, 2012
News - Information Operations Training
US Army 1st IO Command. IO Training. 15 october 2012 - 27 september 2013.
Program:
- IO fundamentals
- Military Information Support Operations Integration Course (MISOIC)
- Military Deception Planners Course (MDPC)
- Sociocultural Information Integration Course - Afghanistan (SIIC)
- Basic Computer Network Operations Planners Course (BCNOPC): coordinated employment of Computer Network Exploitation (CNE), Computer Network Attack (CNA), and Computer Network Defense (CND) activities. The BCNOPC describes how CNO elements (CNE, CNA, CND) relate to each other; to other Information Operations Capabilities (EW, MILDEC, OPSEC, PSYOP, etc.); and, in general, to both friendly and adversary operations in cyberspace.
- Executive Computer Network Operations Planners Seminar (ECNOPS). This seminar provides a strategic/operational level introduction to CNO and cyberspace planning. Content and discussions are at the TOP SECRET//SI level
- Electronic Warfare Integration Course (EWIC)
News - Cyberattaque à Washington: un non-évènement
Les médias se sont empressés de rapporter la nouvelle: la Maison Blanche a fait l'objet de cyberattaques cette semaine. Mais en y regardant de plus près on se rend compte une fois de plus que l'on ne dispose d'aucune véritable information, et que les gros titres cachent un non-évènement:
- l'attaque visait un réseau non classifié (ce qui minimise déjà l'importance de l'affaire)
- les responsables (qui?) ont déclaré qu'aucune donnée n'aurait été volée
- l'attaque a été notifiée assez tôt, elle n'a pas eu le temps de se propager
- La Maison Blanche n'a pas pu identifier le groupe responsable
Finalement, il n'y a rien à dire. Ou pas grand chose.
Subscribe to:
Posts (Atom)