29 Mar 11. The Pentagon is finalizing a new cyber warfighting strategy that will create a framework for training and equipping forces, as well as call for more international cooperation in this evolving domain, according to a DoD official. U.S. Defense Secretary Robert Gates is reviewing the document, which could become official in a matter of days, according to Mary Beth Morgan, DoD director for cyber strategy.
“It will help the department better organize, train and equip, and be prepared for its operations across the spectrum – whether it’s military, it’s business operations, as well as intelligence activities,” Morgan said March 29 at an Atlantic Council conference in Washington. “It’s a way for us to ensure that we’re organizing in the right way, that we’re training in the right way, that we’re resourcing in the right way.”
The cyber warfighting strategy is designed with a “flexible structure so that as this environment and the strategic context changes over time, the department can change and develop over time,” Morgan said. The document “gets everybody on the same page and moving forward together so that we do have a more strategic approach to this area,” she noted. A “very large aspect” of the strategy calls for international engagement. This effort will be led by the State Department and help broaden military-to-military relationships, according to Morgan.
“If we as a department are to be successful in defending and providing enhanced security in cyberspace, we must build international partnerships both bilaterally and multilaterally,” Morgan said. “It has to be a U.S. government effort in a whole-of-government approach if we’re going to be successful.”
Building relationships with allies and international partners “to enable information sharing and strengthen collective cyber security” is one of U.S. Cyber Command’s top strategic initiatives, U.S. Army Gen. Keith Alexander, the head of the command, wrote in prepared testimony to the House Armed Services Committee on March 16. The cyber strategy includes engaging the private sector and “the multi-stakeholder forums that help govern and develop the architecture for the Internet,” Morgan said.
In addition, the Pentagon has launched a pilot program that uses DoD
cyberdefense tools to protect industry networks from attacks, according to a U.S. House lawmaker. As this initiative takes foot, the government should considering using those tools to defend its infrastructure, according to Rep. Mac Thornberry, R-Texas, chairman of the House Armed Services emerging threats and capabilities subcommittee. (Source: Defense News)
30 Mar 11. The National Security Agency has been called in to help investigate recent hack attacks against the company that runs the Nasdaq stock market, according to a news report. The agency’s precise role in the investigation hasn’t been disclosed, but its involvement suggests the October 2010 attacks may have been more severe than Nasdaq OMX Group has admitted, or it could have involved a nation state, according to sources who spoke with Bloomberg News.
“By bringing in the NSA, that means they think they’re either dealing with a state-sponsored attack, or it’s an extraordinarily capable criminal organization,” Joel Brenner, former head of U.S. counterintelligence in the Bush and Obama administrations, told the publication. He added that the agency rarely gets involved in investigations of company breaches. The NSA was called in by Google last year to help the company secure its network after it was targeted in a sophisticated attack. Regarding the Nasdaq breach, in addition to the Secret Service, the FBI and the NSA, unidentified foreign intelligence agencies are also reportedly assisting in the probe. The Wall Street Journal reported in February that Nasdaq OMX Group had been repeatedly breached last year. Nasdaq later confirmed the report but insisted that computers involved in its trading platform were not compromised in the attacks. (Source