Deputy secretary of defense: 2 mistakes led to Snowden leaks
Editor's note: This is one in a series of stories and opinion pieces surrounding the Aspen Security Forum currently taking place in Aspen, Colorado. Security Clearance is a media sponsor of the event, which is taking place from July 17 to 20 in Aspen, Colorado.
A senior-level defense official said Thursday that keeping top-secret information on one shared server and giving an individual the ability to view and move that data were two mistakes that allowed NSA leaker Edward Snowden to disclose top-secret information.
Although Ashton Carter, the deputy secretary of defense, said he didn't want to directly comment on Snowden - "because that is a criminal investigation" - he spent a portion of a panel at the Aspen Security Forum laying out the "root causes of all of this."
"This is a failure to defend our own network," Carter said. "That failure originated from two practices that we need to reverse."
The first mistake: "In an effort for those in the intelligence community to be able to share information with one another, there was an enormous amount of information concentrated in one place. ... It creates too much information in one place."
The second: "You had an individual who was given very substantial authority to access that information and move that information. That ought not to be the case, either."
Opinion: Has U.S. started an Internet war?
By Bruce Schneier, Special to CNN
Today, the United States is conducting offensive cyberwar actions around the world.
More than passively eavesdropping, we're penetrating and damaging foreign networks for both espionage and to ready them for attack. We're creating custom-designed Internet weapons, pre-targeted and ready to be "fired" against some piece of another country's electronic infrastructure on a moment's notice.
This is much worse than what we're accusing China of doing to us. We're pursuing policies that are both expensive and destabilizing and aren't making the Internet any safer. We're reacting from fear, and causing other countries to counter-react from fear. We're ignoring resilience in favor of offense.
Welcome to the cyberwar arms race, an arms race that will define the Internet in the 21st century.
Editor's note: Bruce Schneier is a security technologist and author of "Liars and Outliers: Enabling the Trust Society Needs to Survive."
FULL STORY
Leaked document shows Obama efforts to expand cyberwarfare preparation
By Barbara Starr
President Barack Obama has directed senior national security leadership to prepare a list of targets for potential cyberattacks, according to a "Top Secret" document published Friday by the British newspaper The Guardian.
The classified document marks the third time in three days that highly sensitive government information has been leaked to The Guardian.
The latest document, called Presidential Policy Directive/PPD-20, is marked "TOP SECRET/NOFORN" which means it is not to be shared with foreign nationals. CNN could not independently verify the directive but it appears in the same format as other government directive documents. "Top Secret" material is highly sensitive but it is not the highest level of classification in the government.
The presidential directive orders the federal government to "identify potential targets" for "offensive" cyberoperations - essentially cyberattacks.
Hagel ties China to cyber attacks
From CNN’s Nunu Japaridze
Defense Secretary Chuck Hagel pointed the finger at China Saturday when addressing cybersecurity threats, the latest in a series of rhetorical skirmishes between the United States and China on the issue.
Speaking to an audience of defense professionals at a regional security summit in Singapore, Hagel said the United States was concerned about “the growing threat of cyber intrusions, some of which appear to be tied to the Chinese government and military.”
Hackers appear to probe U.S. energy infrastructure, suspicions about Iran
By Chris Lawrence
The United States is investigating "a string of malicious" cyber incidents that appear to be focused on probing energy infrastructure, a U.S. official familiar with the latest intelligence tells CNN.
The official, who spoke anonymously due to the sensitivity of the information, said the suspected hacking did not appear to be intended to steal trade secrets or exploit technology for commercial reasons. It appeared to be aimed at identifying weaknesses in fuel and electrical systems in the United States.
While the official did not identify any suspected origins of the apparent hacking, a U.S. lawmaker raised suspicions about Iran.
The United States has over the past year become more concerned about Iran and cyber security.
Pentagon says China using cyberattacks
By CNNMoney's Charles Riley
The Pentagon has accused China of trying to extract sensitive information from U.S. government computers, the latest in a series of rhetorical skirmishes between the two countries on the issue of cyberattacks.
The frank assessment, made in an annual report to U.S. lawmakers on Chinese military capabilities, is the harshest and most detailed set of accusations made thus far by the Obama administration.
"In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military," the report said.
The Pentagon said China is carrying out the attacks in an effort to extract information from "diplomatic, economic and defense industrial base sectors that support U.S. national defense programs." The intellectual property and data is likely being used to bolster China's own defense and high tech industries, the report said
FULL STORY
New cybersecurity bill clears House committee
By Pam Benson
The House Intelligence Committee has overwhelmingly passed a new cybersecurity bill that would enhance data sharing between the government and private industry to protect computer networks and intellectual property from cyber attacks.
By a vote of 18-2, the panel on Wednesday approved the Cyber Intelligence Sharing and Protection Act (CISPA).
The measure sets up a voluntary system for companies to share threat information on their networks with the government in exchange for some liability protections.
The bill also allows the government to share intelligence and other cyber threat information with industry.
A similar bill died in the Senate last year after a number of Republicans argued that proposed cybersecurity standards allowed for too much government regulation.
The White House had threatened to veto that bill over privacy concerns.
FULL POST
U.S. Forces Korea website down
By CNN's Chris Lawrence
The website for U.S. Forces Korea is down and has been off-line all day.
A U.S. Defense Department official tells CNN, “This was a hardware crash. It could be awhile before they get back online, because they have to rebuild the system. Right now there’s no signs this had anything to do with a cyber attack or outside intrusion. These are initial indications, but right now it doesn’t appear to be caused by outside influence.”
But the official says they haven't completely ruled out an outside attack.
If you go to the site, you will see a message reading, "Network Error… The gateway may be temporarily unavailable, or there could be a network problem.”
Cyberthreats getting worse, House intelligence officials warn
By Ashley Killough
The highest-ranking officials on the House intelligence committee continued to warn Sunday of the increasing cybersecurity threat to the U.S. economy and national security.
Republican Rep. Mike Rogers, the committee's chairman, spelled out the different levels of cyberattacks during an appearance on CNN's "State of the Union" and cautioned that the worst of those – a debilitating hit by a terrorist group - could become reality.
"We know that terrorists, non-nation states, are seeking the capability to do a cyberattack. They're probably not there yet," he said, sitting next to the ranking member on the committee, Democratic Rep. Dutch Ruppersberger.
Read more on CNN's Political Ticker.
President to host CEOs in Situation Room for cyber security chat
By Alex Mooney
President Obama has invited a handful of CEOs to the White House Situation Room on Wednesday to discuss the growing threats posed by cyberattacks.
Administration officials are so far staying tight-lipped about who is attending the closed-door meeting, but one White House official tried to downplay the choice of convening it in the Situation Room, which is ordinarily reserved for high-ranking members of the president's national security team.
Instead, the White House official said, the Situation Room is the only conference room available Wednesday to accommodate the meeting.
The president is expected to discuss his administration's latest steps to beef up cybersecurity, including a recently signed executive order designed to improve intelligence sharing between the government and the private sector over potential cyber vulnerabilities, particularly those posed by Chinese hackers.
Among the CEOs invited are the leaders of AT&T, Honeywell and Northrop Grumman, the White House said Wednesday. FULL POST
@natlsecuritycnn on Twitter
