Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

7/30/2008
08:00 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Cyber Security for the 44th Presidency Group to Come Out of the Shadows at Black Hat

A presidential 'playbook' for cyberware is among the issues under discussion by the group

An unprecedented cyber security commission made up of a who’s who of experts and policymakers (as well as a few top-secret members) will give attendees of Black Hat USA next week a peek at its progress thus far. The so-called Commission on Cyber Security for the 44th Presidency is working on policy, research, and technology recommendations for the next administration to combat cybercrime and cyber warfare.

Tom Kellermann, one of the commissioners who will sit on a special panel at Black Hat in Las Vegas next week, says the bottom line is that the U.S. is in a Cold War -- cold cyber war, that is -- with at least two nations, and that over 100 different countries have dedicated cyber attack groups. “The reality is that our command and control and SCADA systems can now be directly impacted,” says Kellermann, who is also vice president of security awareness at Core Security Technologies.

But this isn’t just a national security threat issue, he says. “This is an international and economic issue. There is an institutionalization of the threat in developing countries, much like there was with the drug cartels in the 1970s and 1980s.”

“We are losing this war,” he says.

The nonpartisan commission, which was established by the Center for Strategic and International Studies (CSIS) and is co-chaired by Congressmen Jim Langevin (D-RI) and Michael McCaul (R-TX), Scott Charney, corporate vice president for Trustworthy Computing at Microsoft, and Retired Lieutenant General Harry D. Raduege Jr., will present a report to Congress within the next two months, providing specific recommendations for a comprehensive cyber security strategy in federal systems and in private critical infrastructures. Among the commissioners are Mary Ann Davidson of Oracle, John Stewart of Cisco, and former DHS assistant secretary for cybersecurity Amit Yoran.

The 44th Presidency Commission’s goal is to provide a holistic perspective on the policy and technology issues surrounding the protection of critical infrastructures, Kellermann says. “We want to focus on the long-term protection and the fight we are waging in cyberspace... from a national security lens, and from an economic security lens."

Kellermann says the commission’s final report with a handful of recommendations -- due to be completed within six to eight weeks -- will go to both presidential candidates, as well as to the House and Senate. He couldn’t disclose where some of the recommendations under consideration stand as of now, but he did say the commission is considering a doctrine of sorts that would define the basic rules of engagement for cyber war. “It would delineate when and how the president should consider reacting” in a cyber war situation, he says. “There’s been some discussion of what this presidential playbook would look like.”

The problem with battling in cyber war, he says, is how you determine if an attack was from an individual or if it was state-sponsored. And fighting back would entail incurring some internal damage: “Even if we were to hit back, say with a distributed denial of service attack, for example, it would blow back on us because the enemy is so deeply in our systems” already. But that’s something for the Pentagon, NSA, and DOD to ultimately determine, he says.

So how do this commission’s recommendations avoid the pitfalls of previous commissions and panels that get lost in the political crossfire? Kellermann says the key is for the U.S. to establish a national policy on cyber security. “We need to have in the public eye that this is the greatest threat we face -- and it’s invisible. It’s not just your computer going down, but your FICA account stolen, or your financial future being ripped out underneath you.”

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...