24 Aug 11. API Technologies Corp., a provider of electronic systems, subsystems, RF, and secure systems for defense, aerospace, and commercial applications, announced today that it has been awarded a U.S. patent for its system and method for traversing metadata across multiple network domains at various layers of the protocol stack. This patented technology, awarded to the Company’s Cryptek™ product line, part of the Secure Systems and Information Assurance (SSIA) Division, is a core component in its Netgard™ Encryption Suite, enabling coalition information sharing (across a single network) while providing multi-domain security for Service-Oriented Architecture (SOA) infrastructure components like databases and applications servers. The Netgard Encryption Suite will be on display at Booth #636 at LandWarNet, August 23-25 in Tampa, FL. The availability of the Netgard Encryption Suite was previously announced at the Information Assurance Exposition as an alternative to Type-1 encryption for secure environments. It uses NSA-approved Suite B encryption algorithms to provide security while releasing the user from the logistical burden of traditional Type-1 solutions. The product is expected to begin shipping by the end of 2011. Additional information can be found at www.apitech.com/products/netgard-encryption-suite.
30 Aug 11. A couple of years back, it was reported that hackers had compromised the Joint Strike Fighter program’s internal information system. The reports were partially correct, but were not denied by the Pentagon because official sources could then state that the JSF program had not suffered extensive data loss. That was because JSF was not the target. The hack had been aimed at a classified program. Not only could intruders extract data—they could become invisible witnesses to online meetings and technical discussions. After the break was discovered, the program had to be halted and was not restarted until a new—and costly—security system was in place. Announcing the Defense Department’s new cyberwarfare strategy in July, Deputy Defense Secretary William Lynn noted that “a foreign intelligence agency” had hit a major defense contractor in an exploit discovered in March, and exfiltrated 24,000 files concerning a developmental system. The Pentagon was still reviewing whether the system (which Lynn did not identify) will need to be redesigned. That could be necessary if the compromised information will not only help the intruder develop similar systems, but also methods of attack and defense. Meanwhile, China’s unveiling of the Chengdu J-20 stealth fighter prototype at the end of 2010 took Western observers by surprise. Then-Defense Secretary Robert Gates’s prediction in 2009 that China would have no stealth aircraft in 2020 and only a handful in 2025 had started to look optimistic—but was contradicted by U.S. Air Force Vice Chief of Staff Gen. Phillip Breedlove’s Senate testimony in July. China, he said, can close the technology gap faster than expected because of “the way they’re intruding into the nets of our manufacturers and our government.” Breedlove added: “When they say they’re going to build 300 [J-20s] in the next five years, they will build 300 in the next five years.” (Source: Aviation Week)
26 Aug 11. A few weeks ago I wrote a column explaining, step by step, how hackers with a Chinese IP address attacked a honeypot network in the GCN Lab that had been set up for just that purpose. We watched the attacks take place, made notes about what the hackers did, the techniques they used, and tracked them back to several addresses inside China. In the comments section that followed, a few people complained that I had no
evidence that the attack actually came from China, implying that I was slandering them in some way. Given that the Chinese government’s official line has always been that it respects the rule of law and would never attack a sovereign nation in cyberspace, I can see why they would have defen