Module 8 - US Initiatives Flashcards
Cyber War in US
- US military strategy: cyber attack same as traditional act of war
Two Positions by Administration
Howard Schmidt, White House Cyber Czar (March 2010) - there is no cyber war.
Michael McConnell (former directory of national intelligence) (2010) testified to Congress that country was already in the midst of cyber war and was losing it.
US Shift of Focus
2009 - US believed should be a greater focus on cyber crime and not “cyber war”.
Five Pillars Framework
Developed after cyber security review of 2008 USB flash drive malware
1) To recognize that the new domain for warfare is cyberspace similar to the other elements in the battle space.
2) Proactive defenses as opposed to passive defense
3) Provide critical infrastructure protection
4) Use of collective defense, which provides early detection and incorporation into the cyber warfare defense structure
5) Maintain and enhance the advantage of technological change, incl. improved computer literacy and increasing artificial intelligence capabilities.
Overlapping US Military Authority
Orgs with Cyber warfare missions:
- Army
- Navy
- Air Force
- US Strategic Command -> US Cyber Command (31 Oct 2010)
- NSA (defend military networks)
US Federal Laws (7 areas)
United States Code Computer Fraud and Abuse Act of 1984 Cyber Security Enhancement Act Patriot Act Homeland Security Act FISMA Electronic Communications Privacy Act
US Code Regarding Cyber War
- Title 50 - intelligence/counter intelligence
- Title 10 - War - what makes combatant
- Title 18 - DOJ
US Computer Fraud and Abuse Act of 1984
Addresses fraud and related activities in conjunction with computers
US Cyber Security Enhancement Act
Service Providers can disclose the contents of communications to federal, state, or local entities in the event the provider has a good faith belief there is an emergency (death or serious injury)
- changed privacy substantially (snooping can be authorized)
US Patriot Act
allowed US government to observe certain traffic of individuals without standard wiretap laws.
Homeland Security Act
Voluntary release of content of communications to agencies beyond law enforcement. (threat of serious harm)
- enables DHS to work
FISMA
Requires Privacy Impact Assessments of IT systems that contain PII (Risk management)
Electronic Communications Privacy Act
Protects wire, oral, and electronic communications while the communications are being made, are in transit, and are stored on computers. (in effect until others override)
US Law Still Unclear
Question of actors, war vs espionage, data circumnavigating the globe, military involvement?
US CyberWar Examples
Olympic Games
- Stuxnet
Flame
Olympic Games
America’s first sustained use of cyberweapons
- Started by Bush, Accelerated by Obama
- Target: Iran’s nuclear enrichment facilities
- Became public in summer 2010 due to programming error that allowed it to escape.
Stuxnet
- Part of Olympic Games
- Worm
- discovered in June 2010
- spreads via Windows, targets Siemens SCADA systems
Flame
aka Flamer, Skywiper
- Discovered May 2012
- Data-mining virus that penetrated high-ranking Iranian officials
- Code at least 5 yrs old (Post claims NSA, CIA, and Israeli military)
- US says not part of Olympic Games.
Pres. Policy Directory 20
- Signed mid-October 2012
- updated 2003 Directive
- Allows military to be more aggressive in stopping cyber attacks against gov and private computers
- Classified doc
- DoD modify rules of engagement.
- Army announced plans to develop cyber warfare capabilities incl offensive
US Five Point plan (theft of trade secrets)
- Announced February 2013 (after Mandiant’s report on China)
- Collaboration btw fed agencies
NIST (commerce, DoD, DHS, DoJ, DoS, Treasury, ODNI, Office of US Trade Representative
- Focusing diplomatic efforts to protect trade secrets overseas
- Promoting voluntary best practices by private industry
- Enhancing domestic law enforcement operations
- Improving domestic legislation
- Promoting public awareness and stakeholder outreach.
