Module 8 - US Initiatives

Question 1

Cyber War in US

Answer 1

• US military strategy: cyber attack same as traditional act of war

Question 2

Two Positions by Administration

Answer 2

Howard Schmidt, White House Cyber Czar (March 2010) - there is no cyber war.

Michael McConnell (former directory of national intelligence) (2010) testified to Congress that country was already in the midst of cyber war and was losing it.

Question 3

US Shift of Focus

Answer 3

2009 - US believed should be a greater focus on cyber crime and not “cyber war”.

Question 4

Five Pillars Framework

Answer 4

Developed after cyber security review of 2008 USB flash drive malware

1) To recognize that the new domain for warfare is cyberspace similar to the other elements in the battle space.
2) Proactive defenses as opposed to passive defense
3) Provide critical infrastructure protection
4) Use of collective defense, which provides early detection and incorporation into the cyber warfare defense structure
5) Maintain and enhance the advantage of technological change, incl. improved computer literacy and increasing artificial intelligence capabilities.

Question 5

Overlapping US Military Authority

Answer 5

Orgs with Cyber warfare missions:

• Army
• Navy
• Air Force
• US Strategic Command -> US Cyber Command (31 Oct 2010)
• NSA (defend military networks)

Question 6

US Federal Laws (7 areas)

Answer 6

United States Code
Computer Fraud and Abuse Act of 1984
Cyber Security Enhancement Act
Patriot Act
Homeland Security Act
FISMA
Electronic Communications Privacy Act

Question 7

US Code Regarding Cyber War

Answer 7

• Title 50 - intelligence/counter intelligence
• Title 10 - War - what makes combatant
• Title 18 - DOJ

Question 8

US Computer Fraud and Abuse Act of 1984

Answer 8

Addresses fraud and related activities in conjunction with computers

Question 9

US Cyber Security Enhancement Act

Answer 9

Service Providers can disclose the contents of communications to federal, state, or local entities in the event the provider has a good faith belief there is an emergency (death or serious injury)
- changed privacy substantially (snooping can be authorized)

Question 10

US Patriot Act

Answer 10

allowed US government to observe certain traffic of individuals without standard wiretap laws.

Question 11

Homeland Security Act

Answer 11

Voluntary release of content of communications to agencies beyond law enforcement. (threat of serious harm)
- enables DHS to work

Question 12

FISMA

Answer 12

Requires Privacy Impact Assessments of IT systems that contain PII (Risk management)

Question 13

Electronic Communications Privacy Act

Answer 13

Protects wire, oral, and electronic communications while the communications are being made, are in transit, and are stored on computers. (in effect until others override)

Question 14

US Law Still Unclear

Answer 14

Question of actors, war vs espionage, data circumnavigating the globe, military involvement?

Question 15

US CyberWar Examples

Answer 15

Olympic Games
- Stuxnet

Flame

Question 16

Olympic Games

Answer 16

America’s first sustained use of cyberweapons

• Started by Bush, Accelerated by Obama
• Target: Iran’s nuclear enrichment facilities
• Became public in summer 2010 due to programming error that allowed it to escape.

Question 17

Stuxnet

Answer 17

• Part of Olympic Games
• Worm
• discovered in June 2010
• spreads via Windows, targets Siemens SCADA systems

Question 18

Flame

Answer 18

aka Flamer, Skywiper

• Discovered May 2012
• Data-mining virus that penetrated high-ranking Iranian officials
• Code at least 5 yrs old (Post claims NSA, CIA, and Israeli military)
• US says not part of Olympic Games.

Question 19

Pres. Policy Directory 20

Answer 19

• Signed mid-October 2012
• updated 2003 Directive
• Allows military to be more aggressive in stopping cyber attacks against gov and private computers
• Classified doc
• DoD modify rules of engagement.
• Army announced plans to develop cyber warfare capabilities incl offensive

Question 20

US Five Point plan (theft of trade secrets)

Answer 20

• Announced February 2013 (after Mandiant’s report on China)
• Collaboration btw fed agencies
  NIST (commerce, DoD, DHS, DoJ, DoS, Treasury, ODNI, Office of US Trade Representative

1. Focusing diplomatic efforts to protect trade secrets overseas
2. Promoting voluntary best practices by private industry
3. Enhancing domestic law enforcement operations
4. Improving domestic legislation
5. Promoting public awareness and stakeholder outreach.