Obama faces delicate decisions as cyberattack fears rise

President Barack Ob, ... ]

White House photo

At the height of the economic crisis in 2008, Saturday Night Live’s “Weekend Update” comedy news show rolled out the character Oscar Rogers as a faux financial commentator. His advice on how to restore the economy? “Fix it! It needs to be fixed! Now!”

Four years later, lawmakers are grappling with a cybercrisis, and despite rising concerns, legislative debates over how to secure U.S. networks and infrastructure have often resembled nothing so much as Oscar Rogers yelling “Fix it!”

Now, with Congress looking unlikely to act anytime soon to fix vulnerabilities in the nation’s computer systems that leave them open to cyberattacks, President Obama is weighing the pros and cons of using anexecutive order to do what Congress hasn’t.

Experts in government and industry alike report a tide of attacks aimed at stealing information from individuals, companies, and government agencies, potentially making a strong case for presidential action.

Further bolstering the case are warnings from top national-security officials that a catastrophic attack on a critical system like those that run energy grids or chemical plants could cause damage to the economy or even loss of life.

But Obama needs to consider his options carefully, because any unilateral steps could invite accusations from his critics of overstepping his authority. As the acrimonious debate over antipiracy legislation illustrated earlier this year, simmering Internet issues can easily explode.

In the final days before the August recess, the Senate hit an impasse on broad cybersecurity legislation that the White House and national-security and defense leaders support. The bill stalled after businesses and Republicans said the legislation would create burdensome regulations for industry without doing enough to shore up defenses against cyberattacks.

Top White House counterterrorism aide John Brennan said earlier this month that Obama was looking at the possibility of an executive order but that there is no decision yet.

Lee Hamilton, a Democratic former House member who sits on a board that advises the Homeland Security Department and who examined government security failures as cochair of the 9/11 Commission, said that Obama is right to consider moving forward on his own. He said the stalemate in Congress is a “serious breakdown” reminiscent of failures before the terrorist attacks on Sept. 11, 2001.

“The preference would be to work together with Congress, but the threat is serious enough that an executive order is in line,” he said. “There is certainly a lack of urgency in dealing with this, and it’s not a business-as-usual problem. Given the fact that Congress hasn’t acted, the president has the obligation to put together options to secure the country.”

While the debate in Congress largely broke down along party lines, some prominent Republicans support the cybersecurity standards backed by the White House.

Top national-security advisers for GOP presidential candidate Mitt Romney, such as former Homeland Security Secretary Michael Chertoff and former National Security Agency and Central Intelligence Agency chief Michal Hayden, differed with Republicans in Congress and publicly called for the Senate to pass provisions that have Obama’s support.

Romney campaign spokeswoman Andrea Saul declined to elaborate on the Republican candidate’s assertion that more needs to be done to secure American networks, or comment on whether he would favor using an executive order in the absence of legislation. But she reiterated Romney’s promise to make cybersecurity an early priority and didn’t rule out executive action. Romney’s plan would require agencies to begin developing a new national cybersecurity strategy within the first 100 days of his administration. “Once the strategy is formulated he will determine how best it can be implemented,” Saul said in an e-mail.

Polls show that while Americans express concerns over cyberattacks, they, too, are divided over what should be done.

Separate surveys published by United Technologies/National Journal and The Washington Post over the summer found that a majority of Americans prefer that the government either not create standards for private companies, or keep any standards voluntary.

Backers of the White House’s proposals, however, say an executive order could add clarity to the debate and prove to skeptics that the government can play a greater role in protecting American networks without violating privacy or burdening private businesses.

“I think it’s hard to make things any messier than it was politically,” said James Lewis, an expert at the Center for Strategic and International Studies. “If done right, an executive order could help critics reconsider their arguments.”

That’s an analysis echoed by University of California (Berkeley) professor Steven Weber who said many people seem to be “sleepwalking” when it comes to the threat of cyberattacks. An executive order, he said, could reform cybersecurity policies before a catastrophic attack galvanizes public opinion.

An executive order could give Obama the chance to take a strong stand on a rising national-security concern while portraying Republicans in Congress as ditherers.

But an order is unlikely to accomplish all of the White House’s aims. It couldn’t hand DHS wider authority to ensure that certain private networks are secure. Nor could it entirely ease legal restrictions that prevent businesses from sharing threat information. Even policy changes for some federal network-security policies would likely need congressional action. Additionally, any action would need to avoid inciting privacy watchdogs who fear cybersecurity could be used as an excuse to undermine civil liberties.

And some analysts said the politics of an executive order could cut both ways for Obama. Presidents often win political debates that pit them against an unpopular Congress, especially one perceived as unable to do anything substantive, said Peter Feaver, a former National Security Council staffer during the Clinton and George W. Bush administrations. But if Obama were to take unilateral action, it would give his critics on the right an opening to paint him as an “imperial” president and to accuse him of saddling business with new regulations, Feaver said.

“In general, White Houses win in these fights with Congress, but this White House has played this card many times,” Feaver said. “This is an issue where there are bound to be unintended consequences and any cybersecurity measures will need a system to fix and update the provisions down the road. This administration has a hard sell assuring people to trust them to fix things later.”

Paul Rosenzweig, a consultant and visiting fellow at the conservative Heritage Foundation, said a cybersecurity executive order could play into both the “imperial presidency and do-nothing-Congress” narratives, but said he thinks there is a genuine possibility for a future compromise and unilateral action by Obama would do little to actually help secure private networks

http://m.nextgov.com/cio-briefing/2012/08/obama-faces-delicate-decisions-cybe…

Advertisements

Obama faces delicate decisions as cyberattack fears rise

President Barack Ob, ... ]

White House photo

At the height of the economic crisis in 2008, Saturday Night Live’s “Weekend Update” comedy news show rolled out the character Oscar Rogers as a faux financial commentator. His advice on how to restore the economy? “Fix it! It needs to be fixed! Now!”

Four years later, lawmakers are grappling with a cybercrisis, and despite rising concerns, legislative debates over how to secure U.S. networks and infrastructure have often resembled nothing so much as Oscar Rogers yelling “Fix it!”

Now, with Congress looking unlikely to act anytime soon to fix vulnerabilities in the nation’s computer systems that leave them open to cyberattacks, President Obama is weighing the pros and cons of using anexecutive order to do what Congress hasn’t.

Experts in government and industry alike report a tide of attacks aimed at stealing information from individuals, companies, and government agencies, potentially making a strong case for presidential action.

Further bolstering the case are warnings from top national-security officials that a catastrophic attack on a critical system like those that run energy grids or chemical plants could cause damage to the economy or even loss of life.

But Obama needs to consider his options carefully, because any unilateral steps could invite accusations from his critics of overstepping his authority. As the acrimonious debate over antipiracy legislation illustrated earlier this year, simmering Internet issues can easily explode.

In the final days before the August recess, the Senate hit an impasse on broad cybersecurity legislation that the White House and national-security and defense leaders support. The bill stalled after businesses and Republicans said the legislation would create burdensome regulations for industry without doing enough to shore up defenses against cyberattacks.

Top White House counterterrorism aide John Brennan said earlier this month that Obama was looking at the possibility of an executive order but that there is no decision yet.

Lee Hamilton, a Democratic former House member who sits on a board that advises the Homeland Security Department and who examined government security failures as cochair of the 9/11 Commission, said that Obama is right to consider moving forward on his own. He said the stalemate in Congress is a “serious breakdown” reminiscent of failures before the terrorist attacks on Sept. 11, 2001.

“The preference would be to work together with Congress, but the threat is serious enough that an executive order is in line,” he said. “There is certainly a lack of urgency in dealing with this, and it’s not a business-as-usual problem. Given the fact that Congress hasn’t acted, the president has the obligation to put together options to secure the country.”

While the debate in Congress largely broke down along party lines, some prominent Republicans support the cybersecurity standards backed by the White House.

Top national-security advisers for GOP presidential candidate Mitt Romney, such as former Homeland Security Secretary Michael Chertoff and former National Security Agency and Central Intelligence Agency chief Michal Hayden, differed with Republicans in Congress and publicly called for the Senate to pass provisions that have Obama’s support.

Romney campaign spokeswoman Andrea Saul declined to elaborate on the Republican candidate’s assertion that more needs to be done to secure American networks, or comment on whether he would favor using an executive order in the absence of legislation. But she reiterated Romney’s promise to make cybersecurity an early priority and didn’t rule out executive action. Romney’s plan would require agencies to begin developing a new national cybersecurity strategy within the first 100 days of his administration. “Once the strategy is formulated he will determine how best it can be implemented,” Saul said in an e-mail.

Polls show that while Americans express concerns over cyberattacks, they, too, are divided over what should be done.

Separate surveys published by United Technologies/National Journal and The Washington Post over the summer found that a majority of Americans prefer that the government either not create standards for private companies, or keep any standards voluntary.

Backers of the White House’s proposals, however, say an executive order could add clarity to the debate and prove to skeptics that the government can play a greater role in protecting American networks without violating privacy or burdening private businesses.

“I think it’s hard to make things any messier than it was politically,” said James Lewis, an expert at the Center for Strategic and International Studies. “If done right, an executive order could help critics reconsider their arguments.”

That’s an analysis echoed by University of California (Berkeley) professor Steven Weber who said many people seem to be “sleepwalking” when it comes to the threat of cyberattacks. An executive order, he said, could reform cybersecurity policies before a catastrophic attack galvanizes public opinion.

An executive order could give Obama the chance to take a strong stand on a rising national-security concern while portraying Republicans in Congress as ditherers.

But an order is unlikely to accomplish all of the White House’s aims. It couldn’t hand DHS wider authority to ensure that certain private networks are secure. Nor could it entirely ease legal restrictions that prevent businesses from sharing threat information. Even policy changes for some federal network-security policies would likely need congressional action. Additionally, any action would need to avoid inciting privacy watchdogs who fear cybersecurity could be used as an excuse to undermine civil liberties.

And some analysts said the politics of an executive order could cut both ways for Obama. Presidents often win political debates that pit them against an unpopular Congress, especially one perceived as unable to do anything substantive, said Peter Feaver, a former National Security Council staffer during the Clinton and George W. Bush administrations. But if Obama were to take unilateral action, it would give his critics on the right an opening to paint him as an “imperial” president and to accuse him of saddling business with new regulations, Feaver said.

“In general, White Houses win in these fights with Congress, but this White House has played this card many times,” Feaver said. “This is an issue where there are bound to be unintended consequences and any cybersecurity measures will need a system to fix and update the provisions down the road. This administration has a hard sell assuring people to trust them to fix things later.”

Paul Rosenzweig, a consultant and visiting fellow at the conservative Heritage Foundation, said a cybersecurity executive order could play into both the “imperial presidency and do-nothing-Congress” narratives, but said he thinks there is a genuine possibility for a future compromise and unilateral action by Obama would do little to actually help secure private networks

http://m.nextgov.com/cio-briefing/2012/08/obama-faces-delicate-decisions-cybe…

FBI chief warns of threat of terror cyberattack

FBI chief warns of threat of terror cyberattack

This statement was issued on July 3, 2012.

Didn’t I warn you guys on July 1st?

Don’t worry, I did my part and called the CyberCrimes Unit at the FBI to tell them what I knew.

CAN YOU HEAR ME NOW?

^ed

FBI chief warns of threat of terror cyberattack

FBI chief warns of threat of terror cyberattack

This statement was issued on July 3, 2012.

Didn’t I warn you guys on July 1st?

Don’t worry, I did my part and called the CyberCrimes Unit at the FBI to tell them what I knew.

CAN YOU HEAR ME NOW?

^ed

Operation Anti-Security: LulzSec and Anonymous declare war on world’s governments – International Business Times

By Alastair Stevenson: Subscribe to Alastair’s

June 20, 2011 9:31 AM EDT

In a statement released over the weekend the hacker collective LulzSec has promised to unite with its 4Chan-born brother Anonymous in a new cyber campaign against the world’s governments.


  • (Photo: REUTERS)<br>British police officials revealed on Wednesday the arrest of an 18-yea-old teenager that authorities tagged as the mouthpiece of a hacking group identified as responsible for breaching the security protocols of Sony Pictures and a host of other websites.
  • (Photo: REUTERS)
    British police officials revealed on Wednesday the arrest of an 18-yea-old teenager that authorities tagged as the mouthpiece of a hacking group identified as responsible for breaching the security protocols of Sony Pictures and a host of other websites.

    Share This Story

    Codenamed Operation Anti-Security, the statement was originally released on the Pastbin website and has since been tweeted on LulzSec and Anonymous’ Twitter pages.

    The note stated that LulzSec was going to join with Anonymous, targeting any and all government websites or systems it encountered:

    “Welcome to Operation Anti-Security (#AntiSec) – we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word “AntiSec” on any government website defacement or physical graffiti art.

    “We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships.”

    The post went on to reiterate Anonymous previous sentiment that the attacks are a form of protest against certain governments internet censorship and moderation policies:

    “As we’re aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it’s acceptable to condition and enslave all vessels in sight.

    “Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011.”

    The news that Anonymous and LulzSec are in fact working together comes after a rift between the two groups was speculated. An argument that took place over 4Chan’s message boards indicated that Anonymous contributors had conducted attacks on LulzSec after the group released the personal information 62,000 random internet users.

    LulzSec went on to call for any interested party to join it and Anonymous, “Whether you’re sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion.

    “Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you’re aware of the corruption, expose it now, in the name of Anti-Security.”

    LulzSec’s campaign announcement comes just as the U.S. has reported its plans to increase the maximum sentences its courts can give hackers. The new laws — which are yet to pass — would mean that any hacker caught accessing government files could potentially face 20 years in prison.

    LulzSec has already claimed responsibility for two recent attacks on the U.S. Senate and CIA’s websites.

    The campaign was revealed just as the group affirmed in a separate statement celebrating its thousandth tweet argued that it is not a hacktivist group. The alternative mission statement outlined a much more anarchistic leaning, arguing that LulzSec has and will only ever carry out attacks that it finds amusing.

    The statement did not reveal which country, department or agency LulzSec intends to target next.

    UPDATE: LulzSec has since hacked the U.K.’s Serious Organised Crime Agency.

    UPDATE: LulzSec claims to have hacked the U.K. census.

    throw away the key!

    Operation Anti-Security: LulzSec and Anonymous declare war on world’s governments – International Business Times

    By Alastair Stevenson: Subscribe to Alastair’s

    June 20, 2011 9:31 AM EDT

    In a statement released over the weekend the hacker collective LulzSec has promised to unite with its 4Chan-born brother Anonymous in a new cyber campaign against the world’s governments.


  • (Photo: REUTERS)<br>British police officials revealed on Wednesday the arrest of an 18-yea-old teenager that authorities tagged as the mouthpiece of a hacking group identified as responsible for breaching the security protocols of Sony Pictures and a host of other websites.
  • (Photo: REUTERS)
    British police officials revealed on Wednesday the arrest of an 18-yea-old teenager that authorities tagged as the mouthpiece of a hacking group identified as responsible for breaching the security protocols of Sony Pictures and a host of other websites.

    Share This Story

    Codenamed Operation Anti-Security, the statement was originally released on the Pastbin website and has since been tweeted on LulzSec and Anonymous’ Twitter pages.

    The note stated that LulzSec was going to join with Anonymous, targeting any and all government websites or systems it encountered:

    “Welcome to Operation Anti-Security (#AntiSec) – we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word “AntiSec” on any government website defacement or physical graffiti art.

    “We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships.”

    The post went on to reiterate Anonymous previous sentiment that the attacks are a form of protest against certain governments internet censorship and moderation policies:

    “As we’re aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it’s acceptable to condition and enslave all vessels in sight.

    “Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011.”

    The news that Anonymous and LulzSec are in fact working together comes after a rift between the two groups was speculated. An argument that took place over 4Chan’s message boards indicated that Anonymous contributors had conducted attacks on LulzSec after the group released the personal information 62,000 random internet users.

    LulzSec went on to call for any interested party to join it and Anonymous, “Whether you’re sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion.

    “Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you’re aware of the corruption, expose it now, in the name of Anti-Security.”

    LulzSec’s campaign announcement comes just as the U.S. has reported its plans to increase the maximum sentences its courts can give hackers. The new laws — which are yet to pass — would mean that any hacker caught accessing government files could potentially face 20 years in prison.

    LulzSec has already claimed responsibility for two recent attacks on the U.S. Senate and CIA’s websites.

    The campaign was revealed just as the group affirmed in a separate statement celebrating its thousandth tweet argued that it is not a hacktivist group. The alternative mission statement outlined a much more anarchistic leaning, arguing that LulzSec has and will only ever carry out attacks that it finds amusing.

    The statement did not reveal which country, department or agency LulzSec intends to target next.

    UPDATE: LulzSec has since hacked the U.K.’s Serious Organised Crime Agency.

    UPDATE: LulzSec claims to have hacked the U.K. census.

    throw away the key!

    Hacker Team Poison group promises to reveal LulzSec members identities: Are LulzSec the lesser of two evils?

    Hacker Team Poison group promises to reveal LulzSec members identities: Are LulzSec the lesser of two evils?

    By Alastair Stevenson: Subscribe to Alastair’s

    June 24, 2011 3:30 PM GMT

    While LulzSec continues its Operation Anti-Security campaign against the world, rival group Team Poison has issued a statement promising to unmask LulzSec’s members.

    The group reported its intention to reveal all LulzSec’s members true identities earlier this month. Speaking to Fox News a member working under the pseudonym Hex0010 commented “We’re here to show the world that they’re [LulzSec] nothing but a bunch of script kiddies.

    “We’re going to let them do what they do. Then we’re going to do what we do”, adding, “We’re going to hit them hard.”

    The claim comes just as LulzSec announced its new Operation Ant-Security campaign. The operation has seen LulzSec team-up with its 4Chan-born sibling Anonymous to help rebel and protest any and all cases of internet censorship and moderation through a series of coordinated cyber attacks and hacks.

    Follow us  

    Google Plus

    Operation Anti-Security has already seen LulzSec claim responsibility for hacks and attacks on Arizona law enforcement, the U.K.’s Serious Organised Crimes Agency and two Brazilian Government owned websites.

    In the midst of LulzSec’s first attack authorities arrested Ryan Cleary for suspected involvement in several of LulzSec’s operations. Since the arrest, while LulzSec has adamantly denied Cleary’s membership, the 19-year-old has been charged and appeared in Court. British police were granted an additional three days to question Cleary after the hearing.

    In his statement Hex refuted LulzSec’s claims that Cleary was not a member. Hex commented to Fox News, “You can say he’s one of the people that ran it, you can say he’s a middleman. Depends on how you look at it. I think he’s a middleman.”

    Team Poison has also claimed responsibility for an attack on suspected LulzSec member Sven Slootweg’s website.

    Team Poison isn’t the first group to have made such claims. Already “cyber vigilante” outfit Team Ninja made a similar claim posting alleged names, addresses, phone numbers and at points pictures of individuals it claimed were LulzSec members.

    The individuals named included a 34-year-old Brazilian named Sabu, Slootweg, a freelance journalist named Barret Brown and a U.S. Marine name Casey Gardiner — the truth of these claims is yet to be verified.

    The fact that Team Poison is targeting LulzSec has not been universally hailed as good news. The hacking group has an extremely checkered past. It is believed to have connections both with the Mujahdeen Hacking Unit and Pakistan Cyber Army.

    The Mujahdeen Hacking Unit was the hacking group that targeted Facebook late last year.

    Additionally both groups are generally believed to hold strong anti-America, anti-Israel and anti-India ideologies.

    Team Poison has also been constantly speculated as having overtly zealous religious leanings — a fact that may make several governments uncomfortable with the group’s involvement.

    In the same interview with Fox Hex commented on the topic, “”We’re a group that consists of political hackers,” elaborating “A lot of people consider us being a religious type thing — in reality it’s not. When international governments are doing wrong and trying to hide from it, we’re there.”

    Many analyst’s have already speculated that Team Poison’s targeting of LulzSec could be born of “professional jealousy”.

    If true, then Team Poisons new involvement could be more harmful than helpful. The attack on LulzSec could lead to revenge attacks from both LulzSec and its comrade in arms Anonymous.

    Additionally, as demonstrated by the laundry list of hacks and cyber attacks Team Poison is suspected of, the hatred for LulzSec could turn into a game of one-upmanship, with each group trying to hack a bigger target than the other.

    Team Poison is yet to release the information it promised on Fox News.

    June 24, 2011. DING FUCKING DING!

    Next?