Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

7/30/2008
08:00 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Cyber Security for the 44th Presidency Group to Come Out of the Shadows at Black Hat

A presidential 'playbook' for cyberware is among the issues under discussion by the group

An unprecedented cyber security commission made up of a who’s who of experts and policymakers (as well as a few top-secret members) will give attendees of Black Hat USA next week a peek at its progress thus far. The so-called Commission on Cyber Security for the 44th Presidency is working on policy, research, and technology recommendations for the next administration to combat cybercrime and cyber warfare.

Tom Kellermann, one of the commissioners who will sit on a special panel at Black Hat in Las Vegas next week, says the bottom line is that the U.S. is in a Cold War -- cold cyber war, that is -- with at least two nations, and that over 100 different countries have dedicated cyber attack groups. “The reality is that our command and control and SCADA systems can now be directly impacted,” says Kellermann, who is also vice president of security awareness at Core Security Technologies.

But this isn’t just a national security threat issue, he says. “This is an international and economic issue. There is an institutionalization of the threat in developing countries, much like there was with the drug cartels in the 1970s and 1980s.”

“We are losing this war,” he says.

The nonpartisan commission, which was established by the Center for Strategic and International Studies (CSIS) and is co-chaired by Congressmen Jim Langevin (D-RI) and Michael McCaul (R-TX), Scott Charney, corporate vice president for Trustworthy Computing at Microsoft, and Retired Lieutenant General Harry D. Raduege Jr., will present a report to Congress within the next two months, providing specific recommendations for a comprehensive cyber security strategy in federal systems and in private critical infrastructures. Among the commissioners are Mary Ann Davidson of Oracle, John Stewart of Cisco, and former DHS assistant secretary for cybersecurity Amit Yoran.

The 44th Presidency Commission’s goal is to provide a holistic perspective on the policy and technology issues surrounding the protection of critical infrastructures, Kellermann says. “We want to focus on the long-term protection and the fight we are waging in cyberspace... from a national security lens, and from an economic security lens."

Kellermann says the commission’s final report with a handful of recommendations -- due to be completed within six to eight weeks -- will go to both presidential candidates, as well as to the House and Senate. He couldn’t disclose where some of the recommendations under consideration stand as of now, but he did say the commission is considering a doctrine of sorts that would define the basic rules of engagement for cyber war. “It would delineate when and how the president should consider reacting” in a cyber war situation, he says. “There’s been some discussion of what this presidential playbook would look like.”

The problem with battling in cyber war, he says, is how you determine if an attack was from an individual or if it was state-sponsored. And fighting back would entail incurring some internal damage: “Even if we were to hit back, say with a distributed denial of service attack, for example, it would blow back on us because the enemy is so deeply in our systems” already. But that’s something for the Pentagon, NSA, and DOD to ultimately determine, he says.

So how do this commission’s recommendations avoid the pitfalls of previous commissions and panels that get lost in the political crossfire? Kellermann says the key is for the U.S. to establish a national policy on cyber security. “We need to have in the public eye that this is the greatest threat we face -- and it’s invisible. It’s not just your computer going down, but your FICA account stolen, or your financial future being ripped out underneath you.”

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-22392
PUBLISHED: 2021-08-05
Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file.
CVE-2021-3591
PUBLISHED: 2021-08-05
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2021-3642
PUBLISHED: 2021-08-05
A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.
CVE-2021-3655
PUBLISHED: 2021-08-05
A vulnerability was found in the Linux kernel in versions before v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.
CVE-2021-32003
PUBLISHED: 2021-08-05
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware.