The Pentagon is set to publish a report on measures to tackle and respond to cyber warfare.
A cyber-attack last month targeting U.S. defense contractor Lockheed Martin has hastened the Pentagon’s steps on the cyber-warfare plans. A report, due in a matter of weeks, is expected to deem cyber-attacks as an act of war, and to suggest whatever measures necessary to defend the country’s infrastructure.
“A response to a cyber-incident or attack on the US would not necessarily be a cyber-response. All appropriate options would be on the table,” Pentagon spokesman Colonel Dave Lapan told reporters on Tuesday.
Areas of great concern include the already-strained power grid in the U.S., or systems that emergency response networks rely on. Attacks against systems particularly in urban areas could have devastating consequences for the civilian populations in the worst case.
“We reserve the right to use all necessary means - diplomatic, informational, military, and economic - as appropriate and consistent with applicable international law, in order to defend our nation, our allies, our partners and our interests,” states a White House statement put out on May 16.
The United States is not alone in its feelings toward cyber-warfare either.
In 2007, the nation of Estonia came under a heavy denial of service attack in a dispute over the movement of a Soviet-era war monument. The attacks, believed to have come from Russia (though the Kremlin stresses there was no official involvement), targeted the government and financial services of the state, with harsh consequences for citizens in a country that relies heavily on digital transactions and other electronic services.
[More]>>
Result for: measures
VUPEN Security has announced the discovery of a vulnerability in Google’s Chrome browser software.
Google Chrome has survived assaults at the Pwn2Own contest for the last three years. Now, French security firm VUPEN says it is unhappy to announced that it has officially “Pwned” Google Chrome and its protective Sandbox measures.
VUPEN uploaded a video of the browser exploit in action which bypasses all security features including ASLR/DEP/Sandbox, without exploiting a Windows kernel vulnerability. It works on all Windows systems and with the latest versions of the Chrome browser.
In the video, a web page is loaded displaying just a text message - “Your browser is being Pwned!” - and after a few seconds of inactivity (and without a visible crash in Chrome), the windows calculator application runs. According to the VUPEN write-up, the calculator executable is downloaded and executed.
At Pwn2Own in March this year, VUPEN successfully attacked Safari in much the same way. A specially crafted web page was loaded and several seconds later, the Mac OS X calculator application was launched and a file was written to the hard drive to demonstrate that the Sandbox had been compromised.
For obvious reasons, the write-up does not disclose technical information on the exploit, only to say that it is one of the most sophisticated codes they have used so far.
Result for: measures
United States Senators have said it is unlikely that Cyber security legislation will pass this year as the 111th Congress comes to an end.
Recognizing that critical infrastructure of the United States depends on computer and network systems, legislators are debating what powers should be given to the U.S. President to respond to, and handle situations such as cyber attacks.
Countries like the United Kingdom and the United States have expressed concerns that some critical systems (health, transport, defense etc.) could be affected by cyber attacks launched by cyber criminals or rogue states. Lawmakers in the U.S. are looking to pass new legislation that would give the President powers to handle attacks from the Internet or threats of attacks, but say that any legislation is unlikely to pass this year.
“I’m not optimistic of major cyber security legislation passing at this late time.” Republican staff director on the Senate Intelligence Committee Louis Tucker said. “Considering the objections to some of the cyber bills out there, comprehensive legislation will probably have to wait until next year.”
A piece of legislation backed by Sens. Joseph Lieberman, I-Conn., Susan Collins, R-Maine, and Tom Carper, D-Del has some privacy activists concerned. ACLU legislative counsel Michelle Richardson said the problem is the legislation fails to specify the powers it wants to grant to the President.
Defense News reports that the bill states: “The president would be granted emergency measures to protect the nation’s most critical infrastructure if a cyber vulnerability is being exploited or is about to be exploited.” Aides to the sponsoring Senators have said the bill does not authorize the government to take over critical infrastructure.
[More]>>
