Department of Homeland Security Secretary Janet Napolitano acknowledged Friday her Luddite-like ways, despite the fact her position puts her in a critical leadership role when it comes to defending the nation's infrastructure from cyberattacks.
Napolitano said she does not use email "at all."
"For a whole host of reasons. So, I don't have any of my own accounts and that, you know, I'm very secure," Napolitano noted at a Washington conference about cyber security.
"Some would call me a Luddite but you know. But that's my own personal choice and I'm very unique in that regard I suspect," Napolitano added.
The Obama administration has been pushing Congress to revisit legislation that would have given DHS authority to enforce security standards. Legislation faltered earlier this year over concerns that it was too intrusive in requiring business to share data about intrusions, rather than it being voluntary.
In the meantime, an executive order is being drafted by the Obama administration that would help clarify security standards, Napolitano said. She said President Barack Obama has not reviewed it yet.
Napolitano said legislation would not dictate to companies how to run their security but rather would be a public-private partnerships to defend critical infrastructure.
Over the couple of weeks, many major banks in the U.S suffered day-long slowdowns and been sporadically unreachable for many customers. The attackers, who took aim at Bank of America first, went after their targets in sequence, reports CNNMoney's David Goldman.
Security experts say the outages stem from one of the biggest cyberattacks they've ever seen. These "denial of service" attacks - huge amounts of traffic directed at a website to make it crash - were the largest ever recorded by a wide margin, according to two researchers. A financial services industry security group raised the alert level to high in response to the attacks.
The Islamist group Izz ad-Din al-Qassam Cyber Fighters publicly claimed responsibility for the attacks in what it called "Operation Ababil," but researchers are divided about how seriously to take their claims. The group has launched attacks in the past, but those have been far less coordinated than the recent batch.
The Cybersecurity adviser to the White House, Michael Daniel, gave a candid assessment today of the cyber risks the U.S. faces. This comes as there are rumblings that the President is getting ready to issue an executive order on cybersecurity in light of Congress failing to pass legislation on this issue. CNN's Suzanne Kelly reports on what the government is doing to protect the U.S. from the threat of cyber attacks.
By Suzanne Kelly
Researchers at the same cybersecurity lab that announced the discovery of the Flame virus this past May believe they have discovered a related set of code that serves as a Trojan horse, and they're asking the wider cryptographic community to help them crack it.
The newly found code dubbed "Gauss" appears to be a cyber-espionage toolkit that has the ability to intercept passwords, steal computer system configuration information and access credential information for banks located in the Middle East. But researchers at Kaspersky Lab in Russia say things don't seem to be only as they appear.
"We're talking about a complex package," says senior security researcher Kurt Baumgartner, who says the code appears to be created by a nation-state. "It's unique and different in a few ways; it maintains code and has similar functionality to Flame and Stuxnet."
Flame and Stuxnet are computer viruses that have the ability to rewrite code. Stuxnet targeted Iran's nuclear program. It rewrote code that caused enrichment centrifuges to spin out of control, rendering them useless. The U.S. and Israel are widely believed to be behind the creation of the virus.
By Suzanne Kelly
President Barack Obama is considering whether to issue an executive order to fill a gap in the country's cybersecurity defenses after Congress failed to move forward cybersecurity legislation last week.
Homeland Security adviser John Brennan said failure to pass legislation that would grant the government more authority in heading off cyber intrusions and attacks, has left a gap that the executive branch is working to fill on an interagency basis, using the resources of the Department of Homeland Security, the National Security Agency and the FBI.
"Executive Orders are a good vehicle to actually direct the departments and agencies to do some certain things to make sure that the nation is protected," Brennan said during a question and answer session at the Council on Foreign Relations in Washington. "We can't wait, so we're doing things, DHS in conjunction with NSA, FBI, others are working to make sure that we are able to better safeguard our environment but also be able to respond but also be able to be resilient."
A new cyberweapon that secretly steals bank account information from its victims was exposed on Thursday.
The sophisticated malware, discovered by Internet security company Kaspersky Labs, has been capturing online bank account login credentials from its victims since September 2011. There's no evidence it's been used to steal any money. The virus instead appears to be a spy interested in tracking funds: It collects banking login information, sends it back to a server, and quickly self-destructs.
Dubbed "Gauss," a name taken from some of the unique file names in its code, the malware appears to be a cyber-espionage weapon designed by a country to target and track specific individuals. It's not known yet who created it, but Gauss shares many of the same code and characteristics of other famous state-sponsored cyberweapons, including Stuxnet, Duqu and Flame.
Those viruses are widely believed to have been developed by the U.S. government. But unlike Stuxnet and Flame, which targeted an Iranian nuclear facility and spied on Iran's government officials, Gauss seems to have primarily gone after people in Lebanon.
By Mike Mount
An intelligence gathering system widely used by the Army in Afghanistan to detect roadside bombs and predict insurgent activity has severe limitations and is "not suitable," according to a memo from the Army's senior equipment tester to the Army's chief of staff, Gen. Raymond Odierno.
The e-mail memo was sent to Odierno on August 1, and comes as the system - known as the Distributed Common Ground System (DCGS) - is in the middle of Army and congressional investigations.
The inquiries surrounds a newly developed software system called Palantir, which - according to U.S troops and commanders who have used it - is more effective in helping troops in Afghanistan track and predict the location of deadly roadside bombs than the existing DCGS.
The memo to Odierno, written by the head of the Army's test and evaluation command - Gen. Genaro J. Dellarocco - hammers the DCGS system for its "poor reliability" and "significant limitations," during operational testing and evaluation earlier this year.
By Jennifer Rizzo
The most comprehensive cybersecurity legislation proposed by Congress, which sponsors say would have helped protect the government and industry from potentially devastating cyberattacks, was voted down in the Senate Thursday.
The Cybersecurity Act of 2012 would have given the government the three legislative elements it needs to fend off cyberattacks, according to John Brennan, assistant to the president for homeland security and counterterrorism. Those are new threat-information-sharing between the government and private industry, better protection of critical infrastructure such as the power grid and water filtration facilities, and authority for the Department of Homeland Security to unite federal resources to lead the government's cybersecurity team.
Sens. Joe Lieberman, I-Connecticut, and Susan Collins, R-Maine, introduced the bill.
"This is a moment of disappointment that I really cannot conceal," Lieberman said after the vote. "But the threat of cyberattack is so real, so urgent and so clearly growing that I am not going to be petulant about this."
By Suzanne Kelly
The White House rolled out its cybersecurity A-team Wednesday for an on-the-record telephone conference, with reporters hearing an appeal for the Senate to pass the Cybersecurity Act of 2012 now being debated on the Senate floor.
John Brennan, assistant to the president for homeland security and counterterrorism, was joined by Keith Alexander, chief of U.S. Cyber Command and head of the National Security Agency, as well as Jane Holl Lute, deputy secretary at the Department of Homeland Security, and Eric Rosenbach, deputy assistant secretary of defense for cyberpolicy.
"The risks to our nation are real and immediate," Brennan said, adding that the White House doesn't see the legislation as a partisan issue, but rather a matter of national security.