Archive for March 2013

Homeland Security seeks student hackers to help counter cyberthreats

There are “new and rapidly growing threats” of a cyberstrike to the US homeland – perils that will require hundreds of young, college-age hackers to counter an alarming number of daily incursions into the nation’s electrical grid and financial networks, says Department of Homeland Security (DHS) head Janet Napolitano.
This will be “hackers for good,” and the DHS currently has a need for about 600 of them, Secretary Napolitano added in remarks Tuesday at a Monitor Breakfast.

The need to develop a skilled cyber workforce has been a common – and formidable – challenge for a number of US government agencies, including DHS and the Pentagon, which is also struggling to build its own cyber workforce.

That’s because most skilled “cyber warriors,” as the US military calls them, often get recruited by private industry after their service commitments are up.

“That’s a big concern, to be honest,” says Col. Kiley Weigle, commander of the Air Force’s Cyber Training Unit. “We have not, in my opinion, fully cracked that nut yet.”

The Air Force set up an internship program for high school students, who were given security clearances to work in the service’s Cyber Emergency Response Team unit.

But sequestration, which for the Pentagon has come with requirements to cut the number of temporary employees on the payroll, has forced a cancellation of the high school training program for the Air Force.

“I can’t do the internship program anymore,” says Maj. Gen. Suzanne “Zan” Vautrinot, commander of Air Force Network Operations at Lackland Air Force Base in Texas, who adds that the service is continuing to work to find ways to “give these kids experience so they can see our forensics.”

At DHS, young hackers – who have not yet entered the job market – potentially “have a bunch of different skill sets” to offer the country, Napolitano says.

“We don’t need PhDs in computer [science]” for many of the jobs they will be called upon to do, she says.

To that end, DHS is launching “a whole host of internships and fellowships for young people to get,” Napolitano adds, noting that the department recently had “over 3,000 kids compete for 60 billets” in one such program.

More from the Christian Science Monitor @ http://www.csmonitor.com/USA/Politics/monitor_breakfast/2013/0326/Homeland-Security-seeks-student-hackers-to-help-counter-cyberthreats

Manual Applies Laws of War to Cyber Attacks

LONDON (AP) — Even cyberwar has rules, and one group of experts is putting out a manual to prove it.

Their handbook, due to be published later this week, applies the practice of international law to the world of electronic warfare in an effort to show how hospitals, civilians and neutral nations can be protected in an information-age fight.

“Everyone was seeing the Internet as the ‘Wild, Wild West,’” U.S. Naval War College Professor Michael Schmitt, the manual’s editor, said in an interview before its official release. “What they had forgotten is that international law applies to cyberweapons like it applies to any other weapons.”

The Tallinn Manual — named for the Estonian capital where it was compiled — was created at the behest of the NATO Cooperative Cyber Defense Center of Excellence, a NATO think tank. It takes existing rules on battlefield behavior, such as the 1868 St. Petersburg Declaration and the 1949 Geneva Convention, to the Internet, occasionally in unexpected ways.

Marco Roscini, who teaches international law at London’s University of Westminster, described the manual as a first-of-its-kind attempt to show that the laws of war — some of which date back to the 19th century — were flexible enough to accommodate the new realities of online conflict.

The 282-page handbook has no official standing, but Roscini predicted that it would be an important reference as military lawyers across the world increasingly grapple with what to do about electronic attacks.

from TalkingPointsMemo.com @ http://talkingpointsmemo.com/news/cyberwar-manual-appeals-laws-of-war-to-cyber-attacks.php?ref=fpblg

Cyberattack on Florida election website points to broad vulnerabilities in the system

Over a 2-1/2 week period last July, more than 2,500 online “phantom requests” for absentee ballots were made to Miami-Dade County election headquarters, marking the first known cyberattack on a US election.

The fake requests for ballots targeted the Aug. 14 statewide primary and included requests for Democratic ballots in one congressional district and Republican ballots in two state House districts, according to a recent Miami Herald report.

The fake requests were done so clumsily that they were red-flagged and did not foul up the election. In any case, they would not have been enough to change the outcome. But now confirmed as the first cyberattack aimed at election fraud, the incident is further evidence that the vote-counting process is vulnerable, particularly as elections become more reliant on the Internet.

“This is significant because it’s the first time we’ve seen a very well documented case of attempted computer election fraud in the US,” says J. Alex Halderman, a cybersecurity researcher at the University of Michigan who focuses on election-system vulnerabilities. “This should be a real wakeup call because it illustrates the sort of computer voting attacks that many scientists have been warning were possible for years.”

From RawStory.com: http://www.rawstory.com/rs/2013/03/19/cyberattack-on-florida-election-website-points-to-broad-vulnerabilities-in-the-system/