Obama faces delicate decisions as cyberattack fears rise

President Barack Ob, ... ]

White House photo

At the height of the economic crisis in 2008, Saturday Night Live’s “Weekend Update” comedy news show rolled out the character Oscar Rogers as a faux financial commentator. His advice on how to restore the economy? “Fix it! It needs to be fixed! Now!”

Four years later, lawmakers are grappling with a cybercrisis, and despite rising concerns, legislative debates over how to secure U.S. networks and infrastructure have often resembled nothing so much as Oscar Rogers yelling “Fix it!”

Now, with Congress looking unlikely to act anytime soon to fix vulnerabilities in the nation’s computer systems that leave them open to cyberattacks, President Obama is weighing the pros and cons of using anexecutive order to do what Congress hasn’t.

Experts in government and industry alike report a tide of attacks aimed at stealing information from individuals, companies, and government agencies, potentially making a strong case for presidential action.

Further bolstering the case are warnings from top national-security officials that a catastrophic attack on a critical system like those that run energy grids or chemical plants could cause damage to the economy or even loss of life.

But Obama needs to consider his options carefully, because any unilateral steps could invite accusations from his critics of overstepping his authority. As the acrimonious debate over antipiracy legislation illustrated earlier this year, simmering Internet issues can easily explode.

In the final days before the August recess, the Senate hit an impasse on broad cybersecurity legislation that the White House and national-security and defense leaders support. The bill stalled after businesses and Republicans said the legislation would create burdensome regulations for industry without doing enough to shore up defenses against cyberattacks.

Top White House counterterrorism aide John Brennan said earlier this month that Obama was looking at the possibility of an executive order but that there is no decision yet.

Lee Hamilton, a Democratic former House member who sits on a board that advises the Homeland Security Department and who examined government security failures as cochair of the 9/11 Commission, said that Obama is right to consider moving forward on his own. He said the stalemate in Congress is a “serious breakdown” reminiscent of failures before the terrorist attacks on Sept. 11, 2001.

“The preference would be to work together with Congress, but the threat is serious enough that an executive order is in line,” he said. “There is certainly a lack of urgency in dealing with this, and it’s not a business-as-usual problem. Given the fact that Congress hasn’t acted, the president has the obligation to put together options to secure the country.”

While the debate in Congress largely broke down along party lines, some prominent Republicans support the cybersecurity standards backed by the White House.

Top national-security advisers for GOP presidential candidate Mitt Romney, such as former Homeland Security Secretary Michael Chertoff and former National Security Agency and Central Intelligence Agency chief Michal Hayden, differed with Republicans in Congress and publicly called for the Senate to pass provisions that have Obama’s support.

Romney campaign spokeswoman Andrea Saul declined to elaborate on the Republican candidate’s assertion that more needs to be done to secure American networks, or comment on whether he would favor using an executive order in the absence of legislation. But she reiterated Romney’s promise to make cybersecurity an early priority and didn’t rule out executive action. Romney’s plan would require agencies to begin developing a new national cybersecurity strategy within the first 100 days of his administration. “Once the strategy is formulated he will determine how best it can be implemented,” Saul said in an e-mail.

Polls show that while Americans express concerns over cyberattacks, they, too, are divided over what should be done.

Separate surveys published by United Technologies/National Journal and The Washington Post over the summer found that a majority of Americans prefer that the government either not create standards for private companies, or keep any standards voluntary.

Backers of the White House’s proposals, however, say an executive order could add clarity to the debate and prove to skeptics that the government can play a greater role in protecting American networks without violating privacy or burdening private businesses.

“I think it’s hard to make things any messier than it was politically,” said James Lewis, an expert at the Center for Strategic and International Studies. “If done right, an executive order could help critics reconsider their arguments.”

That’s an analysis echoed by University of California (Berkeley) professor Steven Weber who said many people seem to be “sleepwalking” when it comes to the threat of cyberattacks. An executive order, he said, could reform cybersecurity policies before a catastrophic attack galvanizes public opinion.

An executive order could give Obama the chance to take a strong stand on a rising national-security concern while portraying Republicans in Congress as ditherers.

But an order is unlikely to accomplish all of the White House’s aims. It couldn’t hand DHS wider authority to ensure that certain private networks are secure. Nor could it entirely ease legal restrictions that prevent businesses from sharing threat information. Even policy changes for some federal network-security policies would likely need congressional action. Additionally, any action would need to avoid inciting privacy watchdogs who fear cybersecurity could be used as an excuse to undermine civil liberties.

And some analysts said the politics of an executive order could cut both ways for Obama. Presidents often win political debates that pit them against an unpopular Congress, especially one perceived as unable to do anything substantive, said Peter Feaver, a former National Security Council staffer during the Clinton and George W. Bush administrations. But if Obama were to take unilateral action, it would give his critics on the right an opening to paint him as an “imperial” president and to accuse him of saddling business with new regulations, Feaver said.

“In general, White Houses win in these fights with Congress, but this White House has played this card many times,” Feaver said. “This is an issue where there are bound to be unintended consequences and any cybersecurity measures will need a system to fix and update the provisions down the road. This administration has a hard sell assuring people to trust them to fix things later.”

Paul Rosenzweig, a consultant and visiting fellow at the conservative Heritage Foundation, said a cybersecurity executive order could play into both the “imperial presidency and do-nothing-Congress” narratives, but said he thinks there is a genuine possibility for a future compromise and unilateral action by Obama would do little to actually help secure private networks

http://m.nextgov.com/cio-briefing/2012/08/obama-faces-delicate-decisions-cybe…

Obama faces delicate decisions as cyberattack fears rise

President Barack Ob, ... ]

White House photo

At the height of the economic crisis in 2008, Saturday Night Live’s “Weekend Update” comedy news show rolled out the character Oscar Rogers as a faux financial commentator. His advice on how to restore the economy? “Fix it! It needs to be fixed! Now!”

Four years later, lawmakers are grappling with a cybercrisis, and despite rising concerns, legislative debates over how to secure U.S. networks and infrastructure have often resembled nothing so much as Oscar Rogers yelling “Fix it!”

Now, with Congress looking unlikely to act anytime soon to fix vulnerabilities in the nation’s computer systems that leave them open to cyberattacks, President Obama is weighing the pros and cons of using anexecutive order to do what Congress hasn’t.

Experts in government and industry alike report a tide of attacks aimed at stealing information from individuals, companies, and government agencies, potentially making a strong case for presidential action.

Further bolstering the case are warnings from top national-security officials that a catastrophic attack on a critical system like those that run energy grids or chemical plants could cause damage to the economy or even loss of life.

But Obama needs to consider his options carefully, because any unilateral steps could invite accusations from his critics of overstepping his authority. As the acrimonious debate over antipiracy legislation illustrated earlier this year, simmering Internet issues can easily explode.

In the final days before the August recess, the Senate hit an impasse on broad cybersecurity legislation that the White House and national-security and defense leaders support. The bill stalled after businesses and Republicans said the legislation would create burdensome regulations for industry without doing enough to shore up defenses against cyberattacks.

Top White House counterterrorism aide John Brennan said earlier this month that Obama was looking at the possibility of an executive order but that there is no decision yet.

Lee Hamilton, a Democratic former House member who sits on a board that advises the Homeland Security Department and who examined government security failures as cochair of the 9/11 Commission, said that Obama is right to consider moving forward on his own. He said the stalemate in Congress is a “serious breakdown” reminiscent of failures before the terrorist attacks on Sept. 11, 2001.

“The preference would be to work together with Congress, but the threat is serious enough that an executive order is in line,” he said. “There is certainly a lack of urgency in dealing with this, and it’s not a business-as-usual problem. Given the fact that Congress hasn’t acted, the president has the obligation to put together options to secure the country.”

While the debate in Congress largely broke down along party lines, some prominent Republicans support the cybersecurity standards backed by the White House.

Top national-security advisers for GOP presidential candidate Mitt Romney, such as former Homeland Security Secretary Michael Chertoff and former National Security Agency and Central Intelligence Agency chief Michal Hayden, differed with Republicans in Congress and publicly called for the Senate to pass provisions that have Obama’s support.

Romney campaign spokeswoman Andrea Saul declined to elaborate on the Republican candidate’s assertion that more needs to be done to secure American networks, or comment on whether he would favor using an executive order in the absence of legislation. But she reiterated Romney’s promise to make cybersecurity an early priority and didn’t rule out executive action. Romney’s plan would require agencies to begin developing a new national cybersecurity strategy within the first 100 days of his administration. “Once the strategy is formulated he will determine how best it can be implemented,” Saul said in an e-mail.

Polls show that while Americans express concerns over cyberattacks, they, too, are divided over what should be done.

Separate surveys published by United Technologies/National Journal and The Washington Post over the summer found that a majority of Americans prefer that the government either not create standards for private companies, or keep any standards voluntary.

Backers of the White House’s proposals, however, say an executive order could add clarity to the debate and prove to skeptics that the government can play a greater role in protecting American networks without violating privacy or burdening private businesses.

“I think it’s hard to make things any messier than it was politically,” said James Lewis, an expert at the Center for Strategic and International Studies. “If done right, an executive order could help critics reconsider their arguments.”

That’s an analysis echoed by University of California (Berkeley) professor Steven Weber who said many people seem to be “sleepwalking” when it comes to the threat of cyberattacks. An executive order, he said, could reform cybersecurity policies before a catastrophic attack galvanizes public opinion.

An executive order could give Obama the chance to take a strong stand on a rising national-security concern while portraying Republicans in Congress as ditherers.

But an order is unlikely to accomplish all of the White House’s aims. It couldn’t hand DHS wider authority to ensure that certain private networks are secure. Nor could it entirely ease legal restrictions that prevent businesses from sharing threat information. Even policy changes for some federal network-security policies would likely need congressional action. Additionally, any action would need to avoid inciting privacy watchdogs who fear cybersecurity could be used as an excuse to undermine civil liberties.

And some analysts said the politics of an executive order could cut both ways for Obama. Presidents often win political debates that pit them against an unpopular Congress, especially one perceived as unable to do anything substantive, said Peter Feaver, a former National Security Council staffer during the Clinton and George W. Bush administrations. But if Obama were to take unilateral action, it would give his critics on the right an opening to paint him as an “imperial” president and to accuse him of saddling business with new regulations, Feaver said.

“In general, White Houses win in these fights with Congress, but this White House has played this card many times,” Feaver said. “This is an issue where there are bound to be unintended consequences and any cybersecurity measures will need a system to fix and update the provisions down the road. This administration has a hard sell assuring people to trust them to fix things later.”

Paul Rosenzweig, a consultant and visiting fellow at the conservative Heritage Foundation, said a cybersecurity executive order could play into both the “imperial presidency and do-nothing-Congress” narratives, but said he thinks there is a genuine possibility for a future compromise and unilateral action by Obama would do little to actually help secure private networks

http://m.nextgov.com/cio-briefing/2012/08/obama-faces-delicate-decisions-cybe…

FBI chief warns of threat of terror cyberattack

FBI chief warns of threat of terror cyberattack

This statement was issued on July 3, 2012.

Didn’t I warn you guys on July 1st?

Don’t worry, I did my part and called the CyberCrimes Unit at the FBI to tell them what I knew.

CAN YOU HEAR ME NOW?

^ed

FBI chief warns of threat of terror cyberattack

FBI chief warns of threat of terror cyberattack

This statement was issued on July 3, 2012.

Didn’t I warn you guys on July 1st?

Don’t worry, I did my part and called the CyberCrimes Unit at the FBI to tell them what I knew.

CAN YOU HEAR ME NOW?

^ed

LulzSec, Anonymous ignites global cyberwar to expose governments. Who’s next? – International Business Times

By |
June 20, 2011 5:26 PM EDT

LulzSec’s influence has been attracting partnerships as the hacker group “Anonymous” joined forces in a recent announcement.  The two groups are now setting eyes to expose global government websites as the hackers have ignited a cyber war campaign. 

The Anonymous hacker group has a history of hacking government sites such as the Tunisia censorship protest incident earlier this year.  At that time, Anonymous compiled a watchlist and strikes when corruption or issues with freedom arises. It is not clear what will determine the hacker group’s next target, but the US government may be on the top of the list.  A quote from an Anonymous hacker suggests that they are confident in breaching a majority of websites on their watchlist. 

“We have the capacity to eliminate the infrastructures of any and all government sites on our watchlist… The ones it can’t hack can simply be taken down with DDoS attacks,” wrote an Anoynymous hacker.

The recent activities have also sparked attention into how secure government sites really are as a string of successful hacks have exposed flaws in IT infrastructure.  According to the hackers, the  FBI and its related sites  are utilizing insufficient security tactics. 

After a weekend of hacking the Sega Pass Network, Lulzsec and Anonymous have added a new victim to its list, UK’s Serious Organized Crime Agency (SOCA).  SOCA published a statement saying,

Follow us

“SOCA has chosen to take its Web site offline to limit the impact of the distributed-denial-of-service (DDoS) attack on other clients hosted by our service provider…The SOCA Web site is a source of information for the general public which is hosted by an external provider. It is not linked to our operational material or the data we hold,” wrote the agency.

The string of targets have included video game corporations such as Sony, Sega and Government sites such as the CIA and US Senate.  The US recently announced that the country’s cyber security is at risk and has plans to tackle cyber terrorists with harsher punishments. 

LulzSec may not be highly affected by the recent US officials announcement as the hacker group continues their  parade of infiltration and government exposure.  Only time will tell until LulzSec and Anonymous reveal their next target. 

The hacker groups call for participation in the cyber hack movement as seen in LulzSec’s post on Pastebin.

Salutations Lulz Lizards,

As we’re aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it’s acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011.

Welcome to Operation Anti-Security (#AntiSec) – we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word “AntiSec” on any government website defacement or physical graffiti art. We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships.

Whether you’re sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion. Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you’re aware of the corruption, expose it now, in the name of Anti-Security.

Top priority is to steal and leak any classified government information, including e-mail spools and documentation. Prime targets are banks and other high-ranking establishments. If they try to censor our progress, we will obliterate the censor with cannon fire anointed with lizard blood.

EXACTLY: WHO’S NEXT?

LulzSec, Anonymous ignites global cyberwar to expose governments. Who’s next? – International Business Times

By |
June 20, 2011 5:26 PM EDT

LulzSec’s influence has been attracting partnerships as the hacker group “Anonymous” joined forces in a recent announcement.  The two groups are now setting eyes to expose global government websites as the hackers have ignited a cyber war campaign. 

The Anonymous hacker group has a history of hacking government sites such as the Tunisia censorship protest incident earlier this year.  At that time, Anonymous compiled a watchlist and strikes when corruption or issues with freedom arises. It is not clear what will determine the hacker group’s next target, but the US government may be on the top of the list.  A quote from an Anonymous hacker suggests that they are confident in breaching a majority of websites on their watchlist. 

“We have the capacity to eliminate the infrastructures of any and all government sites on our watchlist… The ones it can’t hack can simply be taken down with DDoS attacks,” wrote an Anoynymous hacker.

The recent activities have also sparked attention into how secure government sites really are as a string of successful hacks have exposed flaws in IT infrastructure.  According to the hackers, the  FBI and its related sites  are utilizing insufficient security tactics. 

After a weekend of hacking the Sega Pass Network, Lulzsec and Anonymous have added a new victim to its list, UK’s Serious Organized Crime Agency (SOCA).  SOCA published a statement saying,

Follow us

“SOCA has chosen to take its Web site offline to limit the impact of the distributed-denial-of-service (DDoS) attack on other clients hosted by our service provider…The SOCA Web site is a source of information for the general public which is hosted by an external provider. It is not linked to our operational material or the data we hold,” wrote the agency.

The string of targets have included video game corporations such as Sony, Sega and Government sites such as the CIA and US Senate.  The US recently announced that the country’s cyber security is at risk and has plans to tackle cyber terrorists with harsher punishments. 

LulzSec may not be highly affected by the recent US officials announcement as the hacker group continues their  parade of infiltration and government exposure.  Only time will tell until LulzSec and Anonymous reveal their next target. 

The hacker groups call for participation in the cyber hack movement as seen in LulzSec’s post on Pastebin.

Salutations Lulz Lizards,

As we’re aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it’s acceptable to condition and enslave all vessels in sight. Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011.

Welcome to Operation Anti-Security (#AntiSec) – we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word “AntiSec” on any government website defacement or physical graffiti art. We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships.

Whether you’re sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion. Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you’re aware of the corruption, expose it now, in the name of Anti-Security.

Top priority is to steal and leak any classified government information, including e-mail spools and documentation. Prime targets are banks and other high-ranking establishments. If they try to censor our progress, we will obliterate the censor with cannon fire anointed with lizard blood.

EXACTLY: WHO’S NEXT?

Operation Anti-Security: LulzSec and Anonymous declare war on world’s governments – International Business Times

By Alastair Stevenson: Subscribe to Alastair’s

June 20, 2011 9:31 AM EDT

In a statement released over the weekend the hacker collective LulzSec has promised to unite with its 4Chan-born brother Anonymous in a new cyber campaign against the world’s governments.


  • (Photo: REUTERS)<br>British police officials revealed on Wednesday the arrest of an 18-yea-old teenager that authorities tagged as the mouthpiece of a hacking group identified as responsible for breaching the security protocols of Sony Pictures and a host of other websites.
  • (Photo: REUTERS)
    British police officials revealed on Wednesday the arrest of an 18-yea-old teenager that authorities tagged as the mouthpiece of a hacking group identified as responsible for breaching the security protocols of Sony Pictures and a host of other websites.

    Share This Story

    Codenamed Operation Anti-Security, the statement was originally released on the Pastbin website and has since been tweeted on LulzSec and Anonymous’ Twitter pages.

    The note stated that LulzSec was going to join with Anonymous, targeting any and all government websites or systems it encountered:

    “Welcome to Operation Anti-Security (#AntiSec) – we encourage any vessel, large or small, to open fire on any government or agency that crosses their path. We fully endorse the flaunting of the word “AntiSec” on any government website defacement or physical graffiti art.

    “We encourage you to spread the word of AntiSec far and wide, for it will be remembered. To increase efforts, we are now teaming up with the Anonymous collective and all affiliated battleships.”

    The post went on to reiterate Anonymous previous sentiment that the attacks are a form of protest against certain governments internet censorship and moderation policies:

    “As we’re aware, the government and whitehat security terrorists across the world continue to dominate and control our Internet ocean. Sitting pretty on cargo bays full of corrupt booty, they think it’s acceptable to condition and enslave all vessels in sight.

    “Our Lulz Lizard battle fleet is now declaring immediate and unremitting war on the freedom-snatching moderators of 2011.”

    The news that Anonymous and LulzSec are in fact working together comes after a rift between the two groups was speculated. An argument that took place over 4Chan’s message boards indicated that Anonymous contributors had conducted attacks on LulzSec after the group released the personal information 62,000 random internet users.

    LulzSec went on to call for any interested party to join it and Anonymous, “Whether you’re sailing with us or against us, whether you hold past grudges or a burning desire to sink our lone ship, we invite you to join the rebellion.

    “Together we can defend ourselves so that our privacy is not overrun by profiteering gluttons. Your hat can be white, gray or black, your skin and race are not important. If you’re aware of the corruption, expose it now, in the name of Anti-Security.”

    LulzSec’s campaign announcement comes just as the U.S. has reported its plans to increase the maximum sentences its courts can give hackers. The new laws — which are yet to pass — would mean that any hacker caught accessing government files could potentially face 20 years in prison.

    LulzSec has already claimed responsibility for two recent attacks on the U.S. Senate and CIA’s websites.

    The campaign was revealed just as the group affirmed in a separate statement celebrating its thousandth tweet argued that it is not a hacktivist group. The alternative mission statement outlined a much more anarchistic leaning, arguing that LulzSec has and will only ever carry out attacks that it finds amusing.

    The statement did not reveal which country, department or agency LulzSec intends to target next.

    UPDATE: LulzSec has since hacked the U.K.’s Serious Organised Crime Agency.

    UPDATE: LulzSec claims to have hacked the U.K. census.

    throw away the key!