My Washington Times Piece On Frederick Forsyth's 'The Fox' - Cyberspace Is The New Crime Zone, The New Battlefield

The Washington Times ran my piece on cyber warfare and Frederick Forsyth’s The Fox.

The House of Representatives voted unanimously to create the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). The act passed the Senate in October and now goes to the president’s desk for his signature.

According to DHS, the CISA Act will reorganize the National Protection and Programs Directorate into a new agency and prioritize its mission as the federal leader for cyber and physical infrastructure security.

As I read the DHS press release, I thought of Frederick Forsyth's timely thriller, “The Fox,” which I had just read and enjoyed.

Mr. Forsyth, the author of the classic thriller “The Day of the Jackal,” said he was finished writing books after the 2015 publication of his memoir, “The Outsider: My Life in Intrigue.” Thankfully, he decided to write one more thriller.

I like that Mr. Forsyth uses his skills as a veteran journalist to infuse his thrillers with facts and fascinating details about crime, espionage, terrorism and war. He also offers a thrilling and suspenseful story and “The Fox,” Mr. Forsyth's 17th novel, continues in that fine tradition.

According to Mr. Forsyth's publisher, Putnum, his new thriller was inspired by the cyberterrorism cases of  two computer hackers who have Asperger’s Syndrome, like Mr. Forsyth's fictional character, the Fox, a teenager named Luke Jennings.

“Cyberspace is the new crime zone, the new battlefield,” Mr. Forsyth said. “All the enemies of the West are major players. The Fox is a damaged teenager, a cyber-freak who can hack into any database — anywhere. What he lays bare is worrying.”

You can read the rest of the piece via the below link:

https://www.washingtontimes.com/news/2018/dec/4/how-thriller-writer-frederick-forsyth-sees-cyber-w/ 

Cybercom To Elevate To Combatant Command

Lisa Ferdinando at the DoD News offers the below piece:

WASHINGTON, May 3, 2018 — In response to the changing face of warfare, U.S. Cyber Command will be elevated tomorrow to a combatant command, chief Pentagon spokesperson Dana W. White said today.

“The cyber domain will define the next century of warfare,” White said at a Pentagon news conference.

Army Lt. Gen. Paul M. Nakasone, most recently commander of Army Cyber Command, will receive his fourth star as he succeeds retiring Navy Adm. Michael S. Rogers as Cybercom commander.

“Just as our military must be prepared to defend our nation against hostile acts from land, air and sea,” White said, “we must also be prepared to deter, and if necessary, respond to hostile acts in cyberspace.”

New Warfighting Domain Has ‘Come of Age’

Nakasone will play a critical role in tasks that include training cyber warriors, advocating for more cybersecurity resources, and planning and conducting cyber operations, White said.

Deputy Defense Secretary Patrick M. Shanahan is to preside over the Cybercom portion of ceremony at the Integrated Cyber Center/Joint Operations Center at Fort Meade, Maryland, White said.

“This change of command is noteworthy because it signifies the elevation of Cyber Command as our 10th combatant command,” she said. “Last year, [Defense Secretary James N.] Mattis announced the elevation of Cyber Command, acknowledging that a new warfighting domain has come of age.”

Cyber Command Established in 2009

U.S. Cyber Command, which has been a subunified command under U.S. Strategic Command, was established in 2009 in response to the rapidly evolving threats, with adversaries seeking to exploit the cyber domain to attack the United States and its allies.

The elevation of the command raises the stature of the commander to a peer level with other unified combatant command commanders, allowing the Cybercom commander to report directly to the secretary of defense, Kenneth P. Rapuano, assistant secretary of defense for homeland defense and global security, told reporters at the Pentagon last year. 

Admiral Rogers Discusses NSA Reorganization, National Security Threats

Cheryl Pellerin at the DoD News offers the below report:

WASHINGTON September 25, 2015 — Navy Adm. Michael S. Rogers, director of the National Security Agency, previewed an upcoming NSA reorganization and discussed a range of national security threats with members of a Senate panel here yesterday.

Rogers, also commander of U.S. Cyber Command, testified before the Senate Select Committee on Intelligence.

Rogers began his testimony by describing the work of “the nation’s cryptologic arm” and its 40,000 civilian and military employees in 31 states and worldwide.

“NSA now plays a key role in cyberspace, assisting U.S. government efforts to see, mitigate and deter cyber security threats. In concert with public, private and foreign partners, our work helps to ensure that users, operators and administrators maintain control of their systems and data,” Rogers said.

“NSA also gives our leaders unique insights into the hostile activities of foreign powers and their agents,” he added.

Reorganizing NSA

The agency does its work in accordance with the law and within strict guidelines, Rogers said, and only by collecting foreign intelligence in response to specific requirements from U.S. policymakers and senior U.S. commanders.

Rogers has been in the job at NSA and Cybercom for 18 months, the first part of that time spent focused on the aftermath of the Edward Snowden media leaks and ensuring that NSA’s collected data was secure, he told the panel.

Over many months, Rogers and the NSA workforce have been crafting a strategy for reorganizing the agency for a changing world.

“Our structure reflects a series of changes and choices that have been made over the last 20 years. The last major organizational change at NSA on a wide swath was 1999 or 1998 … and I want to make sure we're optimized to meet the future,” the admiral said.

Optimized for the Future

Rogers posed questions to the workforce about NSA capabilities and its evolving mission, and received more than 200 recommendations. From those, Rogers said he chose three areas on which he asked them to spend more time.

These included the military part of the workforce, a more far-reaching view of cyber, and the NSA organizational structure, he explained, adding that he would receive final input back on those areas by Oct. 1.

In his testimony on national security challenges for NSA and the nation, Rogers mentioned the Islamic State in Iraq and the Levant and similar groups, their technology capabilities and an issue known as “going dark,” and the potential Oct. 1 government shutdown.

On the shutdown, Rogers answered yes to a question from the panel: Would a shutdown of the federal government next week compromise national security?

Retaining the Workforce

“And if I could just go beyond that -- in the last five days or so, as we now are publicly talking about this possibility,” Rogers said, the reaction of the workforce at NSA and U.S. Cyber Command, who could easily get jobs on the outside and earn significantly more money there, is one of real concern.

“This instability [is a] message to the workforce that … you are a secondary consideration in a much larger game,” Rogers added, noting that he spoke this week to the leadership about how to “figure out how we're going to keep these men and women.”

On another national security issue, without going into the details of NSA’s work, Rogers said the agency broadly uses its ability to work communications in the foreign space to generate insights [about] what ISIL and other groups are doing largely through NSA’s cyber and signals intelligence expertise.

In the counterterrorism mission set, whether it's ISIL, al-Qaida or al-Qaida in the Arabian Peninsula, Rogers said, “I've seen more changes in their behavior in the last two years probably than any other target.”

They actively reference some of the data compromises that have occurred over the past couple of years, he added, “and we know that they have achieved a level of insight as to what we do, how we do it, and the capabilities we have that … they didn't have in the past.”

Going Dark

Rogers said that, as a result, combined with broader changes in technology, it has become harder to achieve insight into what such groups are doing.

“The nation's networks, communications and data are increasingly at risk from diverse and persistent threats,” he said.

“These include rogue states, organized criminal enterprises and terrorists who are showing a willingness and an aptitude to employ sophisticated capabilities against us, our allies and indeed anyone who they perceive as a threat or lucrative target,” the admiral added.

Such capabilities include going dark, or the use of encrypted communications by terrorists and criminals, the use of apps that offer end-to-end encryption, and more complicated attempts to hide in the “broader set of noise out there,” Rogers said, adding that the motivated men and women of NSA are the nation’s edge.

Working Together

This also poses a national security threat, Rogers told the panel.

“I am concerned that the direction we're going -- if we make no changes -- effectively represents a significant challenge for us in terms of our ability to generate insight that the nation is counting on,” the admiral said.

He added, “We have got to collectively get together among the private sector, government, industry, policy, and the technical side, and sit down and figure out how we're going to work our way through this.”

Note: In the top photo by Army Sgt. 1st Class Jeremy Bunkley Navy Admiral Michael S. Rogers, the commander of the U.S. Cyber Command and director of the National Security Agency, speaks to cadets and faculty at the U.S. Military Academy at West Point, N.Y. on Jan. 9, 2015. 

FBI On Preparing For And Responding To The Cyber Threat

Richard A. McFeely, the FBI's Executive Assistant Director, Criminal, Cyber, Response, and Services Branch (seen in the above FBI official photo), testified before the Senate Appropriations Committee on cyber security on June 12, 2013.

Good afternoon Chairwoman Mikulski, Vice Chairman Shelby, and members of the committee. I appreciate the opportunity to appear before you today to discuss the cyber threat, how the FBI has responded to it, and how we are marshaling our resources and strengthening our partnerships to more effectively combat the increasingly sophisticated adversaries we face in cyberspace.

As the committee is well aware, the frequency and impact of cyber attacks on our nation’s private sector and government networks have increased dramatically in the past decade, and are expected to continue to grow. Since 2002, the FBI has seen an 84 percent increase in the number of computer intrusion investigations.

Our adversaries in the cyber realm include spies from nation-states who seek our secrets and intellectual property; organized criminals who want to steal our identities and money; terrorists who aspire to attack our power grid, water supply, or other infrastructure; and hacktivist groups who are trying to make a political or social statement. It is difficult to overstate the potential impact these threats pose to our economy, our national security, and the critical infrastructure upon which our country relies. The bottom line is we are losing data, money, ideas, and innovation to a wide range of cyber adversaries and much more is at stake.

Director Mueller has said he expects the cyber threat to surpass the terrorism threat to our nation in the years to come. That is why we are strengthening our cyber capabilities in the same way we enhanced our intelligence and national security capabilities in the wake of the September 11th attacks.

You can read the rest of his statement via the below link:

http://www.fbi.gov/news/testimony/cyber-security-preparing-for-and-responding-to-the-enduring-threat?utm_campaign=email-Daily&utm_medium=email&utm_source=congressional-testimony&utm_content=232918

U.S. Deputy Defense Secretary Says Cyberspace is the New Domain of Warfare

By Cheryl Pellerin American Forces Press Service

WASHINGTON, Oct. 18, 2010 - With the creation of the U.S. Cyber Command in May and last week's cybersecurity agreement between the departments of Defense and Homeland Security, DOD is ready to add cyberspace to sea, land, air and space as the latest domain of warfare, the Deputy Defense Secretary William J. Lynn III said.

"Information technology provides us with critical advantages in all of our warfighting domains so we need to protect cyberspace to enable those advantages," Lynn said during an Oct. 14 Pentagon Channel interview.

In the above photo, U.S. sailors assigned to Navy Cyber Defense Operations Command man their stations at the Joint Expeditionary Base in Little Creek-Fort Story, Va. The sailors monitor, analyze, detect and respond to unauthorized activity within U.S. Navy information systems and computer networks. (the above U.S. Navy photo is by Mass Communication Specialist 2nd Class Joshua J. Wahl)

Adversaries may be able to undermine the military's advantages in conventional areas, Lynn said, by attacking the nation's military and commercial information technology, or IT, infrastructure.

This threat has "opened up a whole new asymmetry in future warfare," the deputy defense secretary said.

DOD's focus on cyberdefense began in 2008 with a previously classified incident in the Middle East in which a flash drive inserted malware into classified military networks, Lynn said.
"We realized we couldn't rely on passive defenses and firewalls and software patches, and we've developed a more-layered defense," he said.

Lynn laid out a draft cyberstrategy in the September/October issue of "Foreign Affairs" magazine. He said DOD is working to finalize the strategy.

"There's no agreed-on definition of what constitutes a cyberattack," Lynn said. "It's really a range of things that can happen -- from exploitation and exfiltration of data to degradation of networks to destruction of networks or even physical equipment, physical property. What we're doing in our defense cyberstrategy is developing appropriate responses and defenses for each of those types of attacks."

One element of the strategy –- working with Homeland Defense to protect critical military and civilian IT infrastructure -– was put into place Oct. 13, when Defense Secretary Robert M. Gates and Homeland Security Secretary Janet Napolitano announced a new agreement to work together on cybersecurity.

The agreement includes a formal mechanism for benefiting from the technical expertise of the National Security Agency, or NSA, which is responsible for protecting national security systems, collecting related foreign intelligence, and enabling network warfare.

Another element is what Lynn calls a "layered defense, where you have intrusion detection and firewalls but you also have a ... layer that helps defend against attacks."

In his draft strategy, Lynn describes the defense-layer component of cybersecurity in terms of NSA-pioneered systems that "automatically deploy defenses to counter intrusions in real time. Part sensor, part sentry, part sharpshooter, these active defense systems represent a fundamental shift in the U.S. approach to network defense."

And, since no cyberdefense system is perfect, DOD requires "multiple layers of defense that give us better assurance of capturing malware before it gets to us," Lynn said.

"We need the ability to hunt on our own networks to get [intruders] that might get through and we need to continually improve our defenses," he continued. "We can't stand still. The technology is going to continue to advance and we have to keep pace with it."

Envisioned attacks on military networks could impair military power, national security and the economy, Lynn said.

Enemy cyberattacks could deprive the military of the ability to strike with precision and communicate among forces and with headquarters, he said, and it could impair logistics or transportation networks and eliminate advantages that information technology has given military forces.

"Beyond that, cyberattacks conceivably could threaten the national economy if [adversaries] were to go after the power grid or financial networks or transportation networks, and that, too, would be a national security challenge," Lynn said. "And over the long run there's a threat to our intellectual property ... basically a theft of the life blood of our economy."

Working more closely with allies is an important element of the strategy, he said, to ensure a shared defense and an early warning capability.

The NATO 2020 report rightly identified the need for the alliance's new 10-year strategic concept -- a draft of which is an expected product of the 2010 NATO Summit slated for Nov. 19-20 in Lisbon, Portugal –- to further incorporate cyberdefense concepts Lynn wrote about in Foreign Affairs.

U.S. technological advantages are a critical part of the cyberstrategy and the Pentagon already is working with industry and with the Defense Advanced Research Projects Agency to put these to work, Lynn said.

As part of a public-private partnership called the Enduring Security Framework, Lynn wrote in his Foreign Affairs article, chief executive officers and chief technology officers of major IT and defense companies meet regularly with top officials from Defense, Homeland Security and the Office of the Director of National Intelligence.

DARPA also is working on the National Cyber Range, a simulated model of the Internet that will enable the military to test its cyberdefenses before deploying them in the field.

The Pentagon's IT acquisition process also has to change, Lynn wrote in Foreign Affairs. It took Apple Inc. 24 months to develop the iPhone, he said, and at DOD it takes on average about 81 months to develop and field a new computer system after it is funded.

"The Pentagon is developing a specific acquisition track for information technology," Lynn wrote in Foreign Affairs, and it also is bolstering the number of cyberdefense experts who will lead the charge into the new cyberwar era.

The military's global communications backbone consists of 15,000 networks and 7 million computing devices across hundreds of installations in dozens of countries, Lynn wrote. More than 90,000 people work full time to maintain it, he said, but more are needed.

Through the establishment of U.S. Cyber Command and the bolstering of cybersecurity at other defense agencies "we've greatly increased the number of cyber professionals we have at DOD and will continue to increase that," Lynn told the Pentagon Channel."
*

You can read my earlier post on the history and threat of cyber warfare via the below link:

http://pauldavisoncrime.blogspot.com/2010/03/weapons-of-mass-disruption-cyber.html