Many countries have now assessed their vulnerability and overall risk of being the target of a cyber attack. Inside sources have leaked information to the media stating the heightened state of concern they now have after being briefed on the results of the vulnerability and risk assessments. These results have put pressure on the military and intelligence leaders to address the growing threat. Military and intelligence leaders around the world are struggling with the new reality of cyber warfare. While there are a few hot spots where conventional conflict might erupt, there is growing concern among this group about the new reality of cyber war.
One foreign Intelligence analyst told me that "we face only a remote chance of major conventional military threat involving his country through 2025." She went on to say "Asymmetric capabilities like cyber warfare might threaten the security we have gained over the past two decades."
The cyber intelligence challenge for Intel agencies manifests themselves in the fundamental characteristics of cyber weapons. A cruise missile costs between $1 and $2 million and requires a large manufacturing facility and a substantial amount of infrastructure. A cyber weapon on the other hand costs between a few hundred dollars up to $50,000 and next to no infrastructure. The only infrastructure is a computer and an Internet connection. A cyber weapons manufacturing facility can be located in a single family home.
The challenge for the intelligence community is significant. Perhaps even the greatest challenge in history. While cyber intelligence is rather new, there is some information sources in this area that are actively being used to collect information about attacks that have or are taking place as well as those that are planned. Intel agencies often times are unable to share information they have about planned or current cyber attacks against companies. This is primarily due to the very real possibility that the disclosure would or could jeopardize the source of the intelligence. Many argue what good is the intelligence if we do not use it. This is a very sticky situation that must be evaluated on a case-by-case basis.
Cyber weapons proliferation requires all countries to rethink intelligence collection from the ground up. New sources of intelligence and data are required along with augmentation of our human intelligence sources if we are to reduce the risk of cyber attacks as well as a cyber war.
When my air conditioning broke in mid-July I was very nervous about the repair costs, but I remember that my real estate agent purchased a home warranty for my home. I called Nationwide Home Warranty and within a few hours my a/c was fixed for only a service call fee. My realtor really helped me out.
Even as a Russian naval task force enters the Caribbean for joint exercises with Venezuelan forces, and a pair of Russian Tu-160 Blackjack strategic bombers fly from a base in the Kola Peninsula to Venezuela, the Russian government is discussing the possibility of a satellite launch facility in Cuba.
Revelation of the interest in Cuba came from Anatoly Perminov, the head of the Russian space agency Roscosmos, in a September statement. This may be the latest move by Russian prime minister (and former president) Vladimir Putin to reestablish Russia as a key "player" on the world political-military scene.
The Russian interest in the Caribbean-South America region is reflected in the high-level Russian delegation visiting the area, led by Deputy Prime Minister Igor Sechin. Perminov is part of the Sechin delegation.
(Sechin had visited Cuba on 30-31 July of this year for talks with Raul Castro and, possibly, the ailing Fidel Castro.Putin followed up Sechin's visit with a 5 August announcement that Russia should "restore [its] position in Cuba and other countries.")
The Soviet Union-Russia was the principal political and economic supporter of Cuba from the early 1960s through the demise of the USSR in December 1991. Indeed, Soviet attempts to establish Cuba as a strategic missile and military base led to the Cuban missile crisis of 1962 when the United States and Soviet union came closer to a nuclear exchange than at any other time during the 45-year Cold War. After the demise of the USSR support for Cuba ended, causing considerable economic hardship in Cuba.
A major satellite launch facility in Cuba would permit placing satellites in certain orbits that cannot be done from Russian launch sites: Easterly launches close to the equator are the most efficient because of the earth's rotation, maximizing the payload that a launch vehicle can boost into orbit. Such a launch facility and its support infrastructure would be a major source of employment and foreign investment for the Cuban economy.
From the Russian perspective, beyond the political impact of having a major technical facility less than 100 miles from the U.S. coast, it easily enables the reestablishment of a major intelligence collection capability in Cuba. (From the mid-1960s until 2002 the Soviet military intelligence agency -- the GRU -- operated a massive collection facility at Lourdes, Cuba. At its peak operation it was manned by more than 2,000 technicians, both military and civilian.)
Russia's interest in the Western Hemisphere far exceeds Cuba and Venezuela, as the Moscow regime seeks to sell arms to other South American countries, gain access to South American resources (which is now subject to major Chinese efforts), and to develop improved commercial ties to an area that many feel has long been ignored by the United States.
While some Americans will see a satellite launch facility in Cuba as a "cover" for the possible use of such launch stands for military missiles, that concern is a non-starter. U.S. satellite surveillance and the presence of numerous American technicians and businessmen in Cuba, as well as visiting educational groups, would make such a clandestine effort impossible.
Further, because of the non-military nature of such a facility -- which would take several years to establish -- the U.S. government would be hard pressed to claim that it violated the 1962 agreements between Moscow and Washington that prohibited strategic weapons -- missiles and bombers -- from being installed in Cuba.
As the Russian government reacts to American anger over Russian intervention in Georgia, the continuing expansion of NATO, and U.S. plans to install ballistic missile defense systems in Eastern Europe, a non-military satellite launch installation in Cuba could be considered a valid action by the Moscow regime. Of more concern to American leaders should be the arms sales to Venezuela, especially the expected sale of up to five advanced diesel-electric submarines of the Project 877EKM or Varshavyanka series, known in the West as the improved Kilo class.
These submarines and other arms sales -- and joint Russian-indigenous weapon programs -- will enhance Russia's influence and access to resources in South America. And that situation could greatly harm U.S. interests.
I've gotten my hands on an investigation report into the fire that nearly destroyed an MV-22 back in November during an NVG training flight near New River, N.C.
[NOTE: Picture is a scan from one provided in the investigation report]
Turns out, the fire sparked after the #3 hydraulic system ruptured due to pressure spikes from the engine air particle separator which filters inlet air before it is ingested by the engine. The hydraulic fluid spilled all over the IR suppression system, igniting the left nacelle into a ball of flame. The pilots and crew landed safely but the nacelle was a melted, twisted hulk. It caused $16 million in damages.
The crazy part is that this is a known problem. Our friend Bob Cox of the Ft. Worth Star Telegram has reported this same rupture before and his sources in the maintenance community indicate to him the problem is much worse than the Corps admits. In fact, the report shows a Airframe Change notice (#88) that calls for the installation of thicker hydraulic tubing in the EAPS system because of known pressure spikes that can cause a "catastrophic failure." That notice came out in August, three months before the November incident.
The Corps (an Navy) told us not to worry, this was a problem on the Block A aircraft and the retrofits would go on those. Problem is, the November fire happened on a Block B Osprey [CORRECTION: Corps PA says the mishap aircraft was indeed a Block A bird].
I'm working more sources on this and giving the Corps a chance to respond, so you won't see the final version of the story for another 36 hours. But I'll scan some of the docs and try to post them when I push this one live so you can determine for yourselves what's going on...
-- Christian
I just couldn't resist...
-- Christian
Multiple countries are now discussing the need to establish a comprehensive cyber protection program given the continued increase in the threat of cyber attacks and cyber warfare. The attack on Estonia and the more recent attack on Georgia are being viewed as the harbinger of what is to come. I was recently asked what might a comprehensive Cyber Protection Program (CPP) look like. So I thought I would put down my top ten areas that I think would be critical to include in a CPP.
1. Mandatory requirement to have up-to-date protection software on any device connecting to the Internet that includes:
This software will automatically upload attack data to a central reporting center.
2. Mandatory isolating capability on every system with high processing capabilities and a firewall on every device connecting to the Internet with the following functionality.
3. Legislation mandating software vendors comply with the following:
a. Report to authorities within 24 hours of discovery malware software vulnerabilities
b. Minimum security testing requirements that must be met prior to release of any software program.
4. Criminal laws specifically addressing the unique characteristics of cyber attacks, malicious code and system compromise including language that addresses the threat of DDos attacks.
5. Criminal laws specifically addressing the development and sale of cyber weapons.
6. Criminal and civil laws that address organizations who fail to immediately report cyber attacks or data breaches that include those who destroy evidence of cyber attacks, systems compromise and data theft.
7. Establishment of a quasi government/business entity that coordinates defensive and protective capabilities of the information infrastructure. This would also include a cyber attack and threat alerting system.
8. Establishing an Intelligence Center that is charged with cyber intelligence collection, analysis, trend reporting as well as collaboration across the other intelligence agencies.
9. A federal cyber attack investigation unit that is the center of excellence and develops tools and techniques as well as works with all other agencies and law enforcement to dissect cyber attacks and malicious code and assist with investigations.
10. Implement within the federal cyber attack investigation unit a division that provides sufficient audit and control measures to ensure the laws are being followed. The private sector has already proven self governance is unreliable to ensure adherence to the protection necessary for cyber defense.
Now I know there will be many comments about "big brother" and "big government," but given what has taken place thus far, I am not sure we have any other choice. It is deeply concerning that 85 percent of organizations have admitted they have had systems and data breaches. A significantly smaller number have actually reported them in accordance with the 40 data breach notification laws that are currently in place.
An improperly protected computer or other device connected to the Internet is a cyber weapon waiting to be loaded and used.