The Luddite atop U.S. cybersecurity
Department of Homeland Security Secretary Janet Napolitano acknowledged Friday her Luddite-like ways, despite the fact her position puts her in a critical leadership role when it comes to defending the nation's infrastructure from cyberattacks.
Napolitano said she does not use email "at all."
"For a whole host of reasons. So, I don't have any of my own accounts and that, you know, I'm very secure," Napolitano noted at a Washington conference about cyber security.
"Some would call me a Luddite but you know. But that's my own personal choice and I'm very unique in that regard I suspect," Napolitano added.
The Obama administration has been pushing Congress to revisit legislation that would have given DHS authority to enforce security standards. Legislation faltered earlier this year over concerns that it was too intrusive in requiring business to share data about intrusions, rather than it being voluntary.
In the meantime, an executive order is being drafted by the Obama administration that would help clarify security standards, Napolitano said. She said President Barack Obama has not reviewed it yet.
Napolitano said legislation would not dictate to companies how to run their security but rather would be a public-private partnerships to defend critical infrastructure.
Doubts raised about Islamist group's involvement in online bank attacks
Over the couple of weeks, many major banks in the U.S suffered day-long slowdowns and been sporadically unreachable for many customers. The attackers, who took aim at Bank of America first, went after their targets in sequence, reports CNNMoney's David Goldman.
Security experts say the outages stem from one of the biggest cyberattacks they've ever seen. These "denial of service" attacks - huge amounts of traffic directed at a website to make it crash - were the largest ever recorded by a wide margin, according to two researchers. A financial services industry security group raised the alert level to high in response to the attacks.
The Islamist group Izz ad-Din al-Qassam Cyber Fighters publicly claimed responsibility for the attacks in what it called "Operation Ababil," but researchers are divided about how seriously to take their claims. The group has launched attacks in the past, but those have been far less coordinated than the recent batch.
Sen. Joe Lieberman, an Independent from Connecticut, said in a C-SPAN interview on Wednesday that he believed the attacks were launched by Iran. FULL POST
Safeguarding against cyber attacks
The Cybersecurity adviser to the White House, Michael Daniel, gave a candid assessment today of the cyber risks the U.S. faces. This comes as there are rumblings that the President is getting ready to issue an executive order on cybersecurity in light of Congress failing to pass legislation on this issue. CNN's Suzanne Kelly reports on what the government is doing to protect the U.S. from the threat of cyber attacks.
Solving "Gauss"
By Suzanne Kelly
Researchers at the same cybersecurity lab that announced the discovery of the Flame virus this past May believe they have discovered a related set of code that serves as a Trojan horse, and they're asking the wider cryptographic community to help them crack it.
The newly found code dubbed "Gauss" appears to be a cyber-espionage toolkit that has the ability to intercept passwords, steal computer system configuration information and access credential information for banks located in the Middle East. But researchers at Kaspersky Lab in Russia say things don't seem to be only as they appear.
"We're talking about a complex package," says senior security researcher Kurt Baumgartner, who says the code appears to be created by a nation-state. "It's unique and different in a few ways; it maintains code and has similar functionality to Flame and Stuxnet."
Flame and Stuxnet are computer viruses that have the ability to rewrite code. Stuxnet targeted Iran's nuclear program. It rewrote code that caused enrichment centrifuges to spin out of control, rendering them useless. The U.S. and Israel are widely believed to be behind the creation of the virus.
Executives advocate a military approach to cybersecurity
By Suzanne Kelly
CNN Intelligence Correspondent
A new study being released by a private Internet security company highlights cyberworld weaknesses when it comes to gathering intelligence on hackers and suggests that businesses take a more military-minded approach to defense.
The cybersecurity company CounterTack polled 100 information security executives at companies with revenues greater than $100 million. Nearly half of the respondents said their organization had been the victim of a targeted cyberattack within the past year.
Some 80% of those polled believe that taking a more military-minded approach to the cyberwar could benefit business, according to CounterTack CEO Neal Creighton, whose firm released the poll Monday. For Creighton, that means incorporating more military-style intelligence gathering into companies' cyberworld defenses. FULL POST
President mulling executive order to fill cybersecurity gap
By Suzanne Kelly
President Barack Obama is considering whether to issue an executive order to fill a gap in the country's cybersecurity defenses after Congress failed to move forward cybersecurity legislation last week.
Homeland Security adviser John Brennan said failure to pass legislation that would grant the government more authority in heading off cyber intrusions and attacks, has left a gap that the executive branch is working to fill on an interagency basis, using the resources of the Department of Homeland Security, the National Security Agency and the FBI.
"Executive Orders are a good vehicle to actually direct the departments and agencies to do some certain things to make sure that the nation is protected," Brennan said during a question and answer session at the Council on Foreign Relations in Washington. "We can't wait, so we're doing things, DHS in conjunction with NSA, FBI, others are working to make sure that we are able to better safeguard our environment but also be able to respond but also be able to be resilient."
Middle East bank accounts hit by new cyberweapon
A new cyberweapon that secretly steals bank account information from its victims was exposed on Thursday.
The sophisticated malware, discovered by Internet security company Kaspersky Labs, has been capturing online bank account login credentials from its victims since September 2011. There's no evidence it's been used to steal any money. The virus instead appears to be a spy interested in tracking funds: It collects banking login information, sends it back to a server, and quickly self-destructs.
Dubbed "Gauss," a name taken from some of the unique file names in its code, the malware appears to be a cyber-espionage weapon designed by a country to target and track specific individuals. It's not known yet who created it, but Gauss shares many of the same code and characteristics of other famous state-sponsored cyberweapons, including Stuxnet, Duqu and Flame.
Those viruses are widely believed to have been developed by the U.S. government. But unlike Stuxnet and Flame, which targeted an Iranian nuclear facility and spied on Iran's government officials, Gauss seems to have primarily gone after people in Lebanon.
Army critical of its controversial intelligence system
By Mike Mount
An intelligence gathering system widely used by the Army in Afghanistan to detect roadside bombs and predict insurgent activity has severe limitations and is "not suitable," according to a memo from the Army's senior equipment tester to the Army's chief of staff, Gen. Raymond Odierno.
The e-mail memo was sent to Odierno on August 1, and comes as the system - known as the Distributed Common Ground System (DCGS) - is in the middle of Army and congressional investigations.
The inquiries surrounds a newly developed software system called Palantir, which - according to U.S troops and commanders who have used it - is more effective in helping troops in Afghanistan track and predict the location of deadly roadside bombs than the existing DCGS.
The memo to Odierno, written by the head of the Army's test and evaluation command - Gen. Genaro J. Dellarocco - hammers the DCGS system for its "poor reliability" and "significant limitations," during operational testing and evaluation earlier this year.
Cybersecurity bill fails in Senate
By Jennifer Rizzo
The most comprehensive cybersecurity legislation proposed by Congress, which sponsors say would have helped protect the government and industry from potentially devastating cyberattacks, was voted down in the Senate Thursday.
The Cybersecurity Act of 2012 would have given the government the three legislative elements it needs to fend off cyberattacks, according to John Brennan, assistant to the president for homeland security and counterterrorism. Those are new threat-information-sharing between the government and private industry, better protection of critical infrastructure such as the power grid and water filtration facilities, and authority for the Department of Homeland Security to unite federal resources to lead the government's cybersecurity team.
Sens. Joe Lieberman, I-Connecticut, and Susan Collins, R-Maine, introduced the bill.
"This is a moment of disappointment that I really cannot conceal," Lieberman said after the vote. "But the threat of cyberattack is so real, so urgent and so clearly growing that I am not going to be petulant about this."
FULL POST
Administration's computer safety A-team urges passage of Cybersecurity Act
By Suzanne Kelly
The White House rolled out its cybersecurity A-team Wednesday for an on-the-record telephone conference, with reporters hearing an appeal for the Senate to pass the Cybersecurity Act of 2012 now being debated on the Senate floor.
John Brennan, assistant to the president for homeland security and counterterrorism, was joined by Keith Alexander, chief of U.S. Cyber Command and head of the National Security Agency, as well as Jane Holl Lute, deputy secretary at the Department of Homeland Security, and Eric Rosenbach, deputy assistant secretary of defense for cyberpolicy.
"The risks to our nation are real and immediate," Brennan said, adding that the White House doesn't see the legislation as a partisan issue, but rather a matter of national security.
@natlsecuritycnn on Twitter
