03 Dec 14. DISA takes on defense of DOD networks. The Defense Information Systems Agency is taking on a new role in cyber defense as part of an arrangement with the U.S. Cyber Command intended to centralize and integrate the cyber operations of the Defense Department and military services. The initiative will create a Joint Force Headquarters for DOD Information Networks, with DISA focusing on network defense, AFCEA’s Signal Magazine reported. Adm. Michael Rogers, head of the Cyber Command and the National Security Agency, worked out the plan with acting DOD CIO Terry Halvorsen and Air Force Lt. Gen. Ronnie Hawkins, DISA’s director, according to the report. Rogers, who took over the Cyber Command and NSA in April, began talking about the need for an integrated cyber defense shortly after. In June, he said that making DISA—mostly an acquisition and engineering organization with some control of DOD’s networks—an “operationalized entity focused on maneuvering and defending the networks” would free up the Cyber Command to do more than focus on tactical-level details. “We have to give DISA the ability to come up with a command-and-control node that can coordinate with others in defending the DOD information networks,” he said at the time. DISA “could enable U.S. Cyber Command to function at the operational level of war. That’s our niche and that’s where I think we generate the best return and the best outcome.”
The move to a coordinated joint forced, which includes the cyber commands of each of the military services, is driven by the growing threats from nation-states, terrorists, criminal organizations and others not only to DOD networks, but to private-sector networks and the nation’s infrastructure. Rogers has compared the Cyber Command’s role in defending the nation to that of traditional military defense, which means defending the entire infrastructure, most of which is controlled by commercial organizations. “What I think we need to do,” he said in August, “is create an operational construct that creates a direct linkage [between] U.S. Cyber Command, DISA and U.S. Cyber Command service components.” (Source: Open Source Information Report/Defense Systems)
04 Dec 14. Why Regin isn’t the next Stuxnet. Recently Symantec issued a report about the Regin family of malware. The malware appears to be sophisticated and many security analysts and researchers believe it to have been developed by a western Government specifically for cyber espionage. This family of malware has been compared to Stuxnet; however, this is a poor comparison since Regin does not spread the way Stuxnet did. In fact, the purposes of each malware are quite different. Stuxnet was designed for sabotage, whereas Regin was likely designed for espionage and as a result was deployed with a great deal more of precision. If anything, the purpose and behavior of the malware is similar to Flame, another malware family, specifically designed for espionage purposes. There is still very little known about the initial attack vector used to deploy Regin. It appears to have been dropped using a variety of methods, including social engineering, an exploit in Yahoo Messenger and a link to a fake LinkedIn page that functioned as a watering hole. Although Regin was designed to be stealthy, the various phases of the malware deployment can still be detected. The Regin malware actually makes a lot of ‘noise’ given the number of changes it makes on a host system if you have the right tools in place to monitor these changes on host systems. Many of the methods used by Regin are not necessarily new and from conversations with developers are actually more like general best practices for developing Windows drivers. The sophistication of the malware isn’t necessarily in the technical implementation, but in what appears to be a mature software development lifecycle. The malware has evolved and adapted, using best practices for development, borrowing techniques from other successful malwar