US Department of Defense and National Policy
A recent article released by the US Department of Defense (DoD) spoke of the worst compromise in DoD history, facilitated by what was said to be the unauthorized use of a USB drive. As a result of this incident, the US government has seen fit to step up the DoD involvement, working with the US Department of Homeland Security (DHS), in an effort to protect critical national infrastructure. The full article (requires registration) by WIlliam J. Lynn, Undersecretary of Defense, speaks of the DoD and it's experiences which makes it uniquely qualified for cyberdefense. "Cyberattacks offer a means for potential adversaries to overcome overwhelming U.S. advantages in conventional military power and to do so in ways that are instantaneous and exceedingly hard to trace. Such attacks may not cause the mass casualties of a nuclear strike, but they could paralyze U.S. society all the same," he wrote. "In the long run, hackers' systematic penetration of U.S. universities and businesses could rob the United States of its intellectual property and competitive edge in the global economy."
The announcement by the DoD that within the last 24 months it had suffered it's worst compromise in history would seem embarrassing, but then to announce in the same week that they will become more involved in the protection of national critical infrastructure is disconcerting. The DoD is the US arm for defense of national interests, however I do not believe that makes the DoD the best agency for this role.
I welcome your comment,
tony . carothers at gmail dot com
Comments
From http://support.microsoft.com/kb/967715/: "Before Windows XP SP2, AutoPlay was disabled by default on removable drives, such as the floppy disk drive (but not the CD drive), and on network drives. Starting with Windows XP SP2, AutoPlay is enabled for removable drives". They're referring to the NoDriveTypeAutoRun registry-value, which affects autorun behavior, and defaulted to 0x95 prior to XP SP2, and defaults to 0x95 in XP SP2 and XPS SP3.
From http://www.net-security.org/malware_news.php?id=1444: "In 2010, 25 percent of new worms have been specifically designed to spread through USB storage devices connected to computers, according to PandaLabs."
Fact: on XP SP3, fully patched, manual action (registry modification or policy) is required to prevent Autorun.inf from being executed on USB drives such as memory sticks, smartphones, picture frames etc.
Perhaps an operating system primarily targeting "user experience" (which I fail to recognize in this case) shouldn't be used when "Cyberattacks" may take place?
Bitwiper
Sep 5th 2010
1 decade ago
Bitwiper
Sep 5th 2010
1 decade ago
And I don't believe in US Universities and US Businesses having an 'edge'. Education ... and businesses ... are global nowadays, and IBM, Microsoft, and many others develop and market around the planet. Exploit talent wherever you find it.
I pledge allegiance to the Flag, and to the Republic for which it Stands.
God Save the Queen.
Take your choice, either suits me, but I think that William J should look a bit more globally. It isn't just the good ol' USA at the moment.
Chris
Sep 5th 2010
1 decade ago
Roy
Sep 6th 2010
1 decade ago
None. Set up a new dedicated agency instead for cyber security that merges elements of NSA, DHS together as a bridge between the two.
A hand-shake agency... so both work together on cyber security.
n3td3v
Sep 6th 2010
1 decade ago
me
Sep 6th 2010
1 decade ago
n3td3v
Sep 6th 2010
1 decade ago
Roy
Sep 6th 2010
1 decade ago
n3td3v
Sep 6th 2010
1 decade ago
http://www.stratcom.mil/factsheets/cc/
The primary function if the U.S Cyber Command is to protect the pentagon.
Robert
Sep 7th 2010
1 decade ago