Cyber 9/12 contest participants present policy options to contain crisis

A cyberattack has brought nuclear-armed rivals India and Pakistan to the brink of war. An unknown adversary has hacked into a US defense contractor’s computer systems, stolen highly sensitive data, and potentially taken over Global Positioning System satellites. Fighter jets and military radios, along with commercial airlines and mobile phones, are all at risk.

As tensions escalate, non-state actors falsely claim responsibility for the cyberattack. Meanwhile, India and Pakistan inch toward full-scale war as a Pakistani missile shoots down an Indian commercial airliner that has mistakenly strayed into the airspace over the contested Kashmir region.

This was the fictional scenario laid out in a simulation at the fourth annual Cyber 9/12 Student Challenge held at American University on March 11-12. Who carried out the data breach? Were civilian GPS systems affected? Did Pakistan purposely fire the missile? These were among the many questions with which the participants from universities across the United States grappled.
The Food and Drug Administration has begun a push for good-faith hacking in order to anticipate and address cyber security issues, particularly in the realm of medical devices, according to a senior official in the agency. It is also trying to create incentives for manufacturers to take cyber security more seriously.

“This has been very much a journey, very much an evolving process,” said Susanne Schwartz, Associate Director for Science and Strategic Partnerships at the FDA.

The main challenge is one of cultural disconnect between the medical device and hacker communities, agreed Schwartz and Mara Tam, Director of Government Affairs at HackerOne, a cyber security firm.

ISIS intent on expanding online abilities to conduct cyber attacks, says US official

Extremist groups are using social media to “crowdsource” terrorism and are intent on developing the ability to conduct crippling cyber attacks on their enemies, a senior Justice Department official said at the Atlantic Council on Nov. 10.

“[Terrorist groups] have the intent [to conduct cyber attacks], and if they develop the capability they are going to use it… and they are not going to be deterrable,” said John P. Carlin, Assistant Attorney General for National Security at the US Department of Justice.

“If we don’t work to disrupt their ability to have that capability it is going to be a matter of time before they get the capability,” he added.
Data insecurity and the buildup of offensive cyber capabilities  are among the gravest threats to global economic prosperity in the modern era, according to a report by the Atlantic Council, in collaboration with Zurich Insurance Group and the University of Denver’s Frederick S. Pardee Center for International Futures.

The key message is that ICT drives global growth, but it doesn’t come for free.

World had similar feeling of being violated after Snowden’s revelations, says Atlantic Council’s Jason Healey

When the news broke earlier this summer that hackers had breached the Office of Personnel Management (OPM) and accessed the records of more than twenty million current and former federal employees, it prompted calls to punish China, which was believed to have orchestrated the cyber attacks.  

But what Chinese hackers allegedly did [China denies any involvement in the OPM hack and the US government has not officially blamed China for the attack] is no different from what spy agencies around the world, including in the United States, do all the time.

“That feeling that you are violated right now, that’s how everyone else feels after Snowden,” said Jason Healey, Nonresident Senior Fellow in the Brent Scowcroft Center on International Security’s Cyber Statecraft Initiative at the Atlantic Council.
If the Chinese government is in fact behind the cyber attack on the Office of Personnel Management (OPM) it would be a “disaster” in terms of counterespionage, says the Atlantic Council’s Jason Healey.

The kind of information that OPM has is a goldmine for intelligence agencies,” Healey, a Nonresident Senior Fellow in the Atlantic Council’s Cyber Statecraft Initiative, said in an interview.

“For senior government officials, this is particularly worrying on the counterterrorism side,” he said, adding that hackers could use the information they glean from their attack to pinpoint targets at top levels of the US government.

Cyber attack on Iran served as an ‘awakening’ for Tehran

Iran has vastly ramped up its cyber capabilities transforming itself from a “Tier 3” country to one that poses a significant global threat in the years following a massive cyber attack on its nuclear facilities, panelists said at the Atlantic Council April 8.

“Iran is definitely not a Tier 3 country any more,” said Andretta Towner, Senior Intelligence Analyst at CrowdStrike, a provider of security technology. 

Free of sanctions, Tehran ‘will become more aggressive’

A nuclear deal in hand and free of Western sanctions, Iran could more aggressively undermine US allies through “cyber attacks, subversion, and terrorism,” retired Gen James L. Jones, Jr., said April 8.

“Even if a deal is concluded, it is possible that an emboldened Iran free of sanctions will become more aggressive in supporting proxies in the region and continue to undermine the United States’ allies in the region,” said Jones, who is Chairman of the Atlantic Council’s Brent Scowcroft Center on International Security.

Panel debates ‘rewards and risks’ of technological advances

Midway through Season 2 of Showtime’s popular TV series Homeland, US Marine Sgt. Nicholas Brody—who is being blackmailed by Iraqi terrorist Abu Nazir—sneaks into the home office of Vice President William Walden, desperately looking for the serial number of Walden’s pacemaker.

Brody finds it and transmits the number to Nazir, whose computer-savvy accomplice uses it to remotely accelerate Walden’s heartbeat, inducing a heart attack. Brody watches without remorse as the politician who ordered a drone strike that killed Nazir’s son dies an agonizing death.

The incident is pure Hollywood, of course, but targeted, high-tech assassinations like these may actually take place in the not-too-distant future, panelists warned at a March 18 “Cyber Risk Wednesday” conference hosted by the Atlantic Council’s Brent Scowcroft Center on International Security.

Atlantic Council Analysts Say No Easy Response for US to Sony Cyber Attack

North Korea’s Internet outage this week could be the work of “good ol' American patriotic hackers,” according to Jason Healey, director of the Atlantic Council’s Cyber Statecraft Initiative.

North Korea’s Internet service appeared to be working again on December 23 following a nearly ten-hour shutdown that came hours after US President Barack Obama promised a “proportional response” to a cyber attack on Sony Pictures. Washington has blamed the North Korean government for the Sony hack, an accusation Pyongyang denies.