Afghanistan, Syria, North Korea, Yemen, Somalia.
Remember that Barry McGuire 1965 song, “Eve of Destruction?” “The eastern world, it is exploding / Violence flarin', bullets loadin' / You don't believe in war, but what's that gun you're totin'?”
China, Russia, Iran.
That gun we’re totin’ these days is more likely a thumb drive. The tools of battle have moved from atomic weapons in the 1940s, intercontinental missiles in the 1950s and drones in the 2000s to cyber attacks. No doubt: China uses cyber weapons against the U.S., defense contractors and universities. Russian and Eastern European operatives often target credit card clearing houses and even individual consumers.
But then there are the Olympic Games. Not the jump and swim stuff that started late last month. These games started during the George W. Bush administration and expanded by President Barack Obama and is an ongoing covert operation by the U.S., Israel and others aimed primarily at Iran and its 5,000 centrifuges that Mahmoud Ahmadinejad has spinning to purify his uranium.
This is where Stuxnet and Flame enter the picture.
Damage All Around
A joint project of U.S. and Israeli military and government officials, the Olympic Games created a computer worm – delivered by a thumb drive plugged into a USB port inside the over-guarded Iranian facility – that would make that country’s centrifuges spin faster or slower and destroy themselves. It worked to a point. About one-fifth of the devices were destroyed; but Stuxnet somehow got out into the world’s computers and caused a bit of collateral damage.
A similar cyberweapon called Flame attacked the computers of Iranian officials this year, grabbing and twisting information from those machines.
Of course, any good offense deserves a good defense.
And the Cyber Intelligence Sharing and Protection Act (CISPA), approved by the U.S. House earlier this year but not expected to see Obama’s desk, amends the National Security Act of 1947 to add provisions concerning cyber threat intelligence and information sharing. It encourages enterprises to share cyber threat data with the federal government and Homeland Security. While supported by many technology companies, the legislation is opposed by organizations claiming overreaching government action and privacy concerns. The Senate has its own version, more palatable to opponents of the House measure.
Cyber attacks by China and other countries are one of the nation’s “most rapidly-evolving and most serious set of threats,” claims Homeland Security Secretary Janet Napolitano. Homeland Security responded to 106,000 such attacks last year and has increased cyber security personnel by 500 percent in the past several years, Napolitano says. Cyber attacks threaten critical infrastructure and human lives, and could cause “massive economic damage or massive displacement of persons, or massive interference with national security,” she claims.
With the exposure of the Olympic Games project, some say, combative governments and terrorist organizations may invest more into their own cyber attacks aimed at American government, military and business targets.
Whatever the outcome of Congressional action, covert American and other country attacks, the takeaway for enterprise security leaders is to be more involved and aware of computer security needs. There will be more sharing between U.S. government and corporate security officials. And approaching is the need for corporate security executives to earn government-recognized certification to work with government colleagues.
Who would have thought the latest threat would be a worm delivered by a thumb drive?