Friday, October 29, 2010

Germany, Kaplan, Dunlap

AFA members, Congressional staff members, civic leaders, DOCA members, in my last note [http://www.afa.org/PresidentsCorner/Notes/Notes_10-22-10.pdf] I described to you the cuts announced by the UK regarding their defense budget. This week, German Defense Minister Karl-Theodor zu Guttenberg said the country would begin budget-drivenrestructuring of its military. A commission studying reforms and expected to make recommendations public in January may recommend cutting the Defense Ministry staff in half and reduce by 25 percent the number of troops. Coupled with the recent UK announcement and possibly our own defense cuts, it appears we naively believe peace is right around the corner. I am reminded of a quote by President Reagan: “Of the four wars in my lifetime, none came about because the U.S. was too strong.”

In light of these defense cuts, a new book, Monsoon, The Indian Ocean and The Future of American Power, by Robert Kaplan, explores the rise of China and India and how this area will be a test of American Power in the 21st century. He also warns that our military mission in today’s wars is diverting us from properly reacting to the rise of China as a power in East Asia. Remember—spending tomorrow’s money on today’s threats invites tremendous strategic risk. The future is very uncertain, and it is vital that we preserve a strategic range of options for the nation. You can read an interview Kaplan gave to Foreign Affairs Magazine here: http://www.foreignaffairs.com/articles/66205/robert-d-kaplan/the-geography-of-chinese-power [requires a free one-time registration.]

Finally, last week in the Washington Post, an op-ed ran that was written by Maj Gen (Ret) Charles Dunlap. The piece was entitled: “Could Airstrikes save lives in Afghanistan?” The simple answer to the question is: Certainly. Airpower is doing this every day. However, the piece cited new studies that show: (1) Since airstrikes were limited in Jun 09, Afghan civilian deaths have risen 31% (2) Only 6% of the civilian casualties attributed to ISAF were caused by Airpower (3) the Taliban are responsible for more than 75% of civilian deaths.

To quote a portion of the op-ed: “Airpower reduces the need to put our precious soldiers in the path of the improvised explosive devices that are killing and maiming more ISAF troops than anything else. And airpower works: The surge in Iraq in 2007 succeeded only when it was accompanied by a fivefold increase in airstrikes.” You can find the piece at: http://www.washingtonpost.com/wp-dyn/content/article/2010/10/21/AR2010102105936_pf.html

For your consideration.

Mike

Michael M. Dunn
President/CEO
Air Force Association

Thursday, October 28, 2010

DHS: Cyber defenders will respect civil rights

An article on Department of Homeland Security-military partnership in regards to protecting the nation's computer networks by The Associated Press:

COLORADO SPRINGS, Colo. (AP) — A high-ranking Homeland Security official says the agency will protect Americans' civil liberties and privacy while it partners with the military to protect the nation's computer networks.

An agreement with the military announced two weeks ago "in no way changes our respective departments' promises to protect civil liberties and privacy," Rear Adm. Michael Brown said Wednesday at the National Symposium on Homeland Security and Defense in Colorado Springs.

Brown is assigned to Homeland Security as assistant secretary for cybersecurity and communications.

Homeland Security announced Oct. 13 that computer experts from the super-secret National Security Agency, part of the Defense Department, will work with DHS to protect the computer networks that have become the backbone of financial, communication and transportation systems.

That agreement raised concerns among civil liberties groups, which said safeguards would be needed to protect civil rights.

Brown said the partnership won't infringe on civil rights or expand the military's role.

The military has a legal obligation to protect citizens' privacy and civil liberties, said Air Force Maj. Gen. David Senty, chief of staff at U.S. Cyber Command, the Defense Department command responsible for military actions in cyberspace.

"We do not see Cyber Command and NSA as a balance between liberty and security. We work to protect both," Senty told the symposium Thursday.

For the full article and to see related articles, click here.

Wednesday, October 27, 2010

Cybersecurity in the News

Hackers shopping malware network
By Washington Times' reporter Shaun Waterman

According to a Washington Times article, a hacker group calling itself the Iranian Cyber Army is gathering a network of infected computers, and selling it to cybercriminals to spread spam and malicious software.

Aviv Raff, of the computer security firm Seculert, told The Washington Times that the group was exploiting a vulnerability in the popular blogging software program WordPress to gain control of unsuspecting Internet users' computers and add them to its network — known as a botnet, or robot network — of infected machines. He said the botnet, one of hundreds controlled by hacker gangs and cybercrime syndicates all over the world, could be used to launch cyber-attacks against Tehran's enemies.

Most researchers regard the Iranian Cyber Army (ICA) as "hacktivists" — politically motivated pro-Iranian hackers — and there is no evidence they are linked to the Tehran government. Almost a year ago, a group using that name attacked U.S.-based social networking platform Twitter, and then Chinese search engine Baidu, briefly diverting visitors to those Web pages to a different page decorated with an Iranian flag, nationalist slogans and anti-U.S. and anti-Israel images.

"We are not sure if they are really Iranians," Raff said of the ICA, "but they are supporters of the Iranian regime."

He said his firm was trying to identify the geographical origin of the attacks, but such tracing is notoriously difficult in cyberspace, where hackers can launch attacks from computers they control half a world away from their own location.

"At the moment, there is no way of knowing who these people really are," said Jason Glassberg, of the computer firm Casaba Security.

"They could be Iranians," he told The Times. "It could just as easily be a 13-year-old in New Jersey."

Politically motivated cybervandalism like the ICA defacement of the Twitter and Baidu sites is relatively common, and usually no more than a nuisance. For example, Islamic hacker groups, many of them apparently based in Turkey, defaced Danish websites after a newspaper there published cartoons of the Prophet Muhammad in September 2005.

But ICA's most recent hack appears to be much more aggressive, said Mr. Raff. He said European newsblog site TechCrunch, and "hundreds" of other smaller sites that use WordPress had been compromised over the past two months. Visitors were surreptitiously redirected to a hacker-controlled website, where they were infected with a so-called Trojan downloader — a kind of malicious software that allows hackers to take control of the user's computer.

The Trojan was placed on the visitors' computers by exploiting well-known vulnerabilities in several widely used software packages, including Adobe PDF, Java and Internet Explorer.

Read the full article at: http://www.washingtontimes.com/news/2010/oct/26/hackers-shopping-malware-network/

Tuesday, October 26, 2010

Common Cybersecurity-themed Myths

The U.S. Department of Homeland Security has debunked several commons myths associated with cybersecurity that may influence online security practices.


Myth: Anti-virus software and firewalls are 100% effective.
*Truth: Anti-virus software and firewalls are important elements to protecting your information (see Understanding Anti-Virus Software and Understanding Firewalls for more information). However, neither of these elements are guaranteed to protect you from an attack. Combining these technologies with good security habits is the best way to reduce your risk.

Myth: Once software is installed on your computer, you do not have to worry about it anymore.
*Truth: Vendors may release patches or updated versions of software to address problems or fix vulnerabilities (see Understanding Patches for more information). You should install the patches as soon as possible; some software even offers the option to obtain updates automatically. Making sure that you have the latest virus definitions for your anti-virus software is especially important.

Myth: There is nothing important on your machine, so you do not need to protect it.
*Truth: Your opinion about what is important may differ from an attacker's opinion. If you have personal or financial data on your computer, attackers may be able to collect it and use it for their own financial gain. Even if you do not store that kind of information on your computer, an attacker who can gain control of your computer may be able to use it in attacks against other people (see Understanding Denial-of-Service Attacks and Understanding Hidden Threats: Rootkits and Botnets for more information).

Myth: Attackers only target people with money.
*Truth: Anyone can become a victim of identity theft. Attackers look for the biggest reward for the least amount of effort, so they typically target databases that store information about many people. If your information happens to be in the database, it could be collected and used for malicious purposes. It is important to pay attention to your credit information so that you can minimize any potential damage (see Preventing and Responding to Identity Theft for more information).

Myth: When computers slow down, it means that they are old and should be replaced.
*Truth: It is possible that running newer or larger software programs on an older computer could lead to slow performance, but you may just need to replace or upgrade a particular component (memory, operating system, CD or DVD drive, etc.). Another possibility is that there are other processes or programs running in the background. If your computer has suddenly become slower, you may be experiencing a denial-of-service attack or have spyware on your machine (see Understanding Denial-of-Service Attacks and Recognizing and Avoiding Spyware for more information).

Check out more information from the DHS here.

Thursday, October 21, 2010

UK Defense Review

Last August I posted a piece in which the headlines read: "The RAF will shrink to its smallest size since the First World War, under unprecedented cuts being proposed at the Ministry of Defense." [See: http://www.afa.org/PresidentsCorner/Notes/Notes_8-12-10.pdf] Many of my UK friends mildly (and rightly) chastised me for spreading press stories about the review … and urged I wait to see what comes from it.

This week the UK published its final report. [See: http://www.direct.gov.uk/prod_consum_dg/groups/dg_digitalassets/@dg/@en/documents/digitalasset/dg_191634.pdf ] (Warning: it’s 75 pages long).

A fairly good summary of it comes from a Defense News piece by Andrew Chuter:

"The Strategic Defense and Security Review, unveiled Oct. 19 by Prime Minister David Cameron, stripped the armed forces of various capabilities, reduced military and civilian personnel numbers, and ushered in a restructuring of the Army.

Cameron told lawmakers that the 36.9 billion pound ($53.1 billion) defense budget was being cut in real terms by 8 percent over the next four years, but that he envisaged a possible increase in spending beyond that. The review said that Britain will in the future deploy no more than 30,000 troops overseas, including maritime and air support - two-thirds of the force deployed to Iraq in 2003. It will reduce the civilian MoD work force by about 25,000 and military personnel by about 17,000, both by 2015."

"All three services will see capabilities reduced, but the British Army has come off the lightest, mainly because it is embroiled deeper in the war in Afghanistan."

"The military's is heading toward a fast-jet fleet consisting solely of Typhoons and Lockheed Martin F-35s. The Harrier GR9 is being withdrawn from service beginning in 2011; the number of RAF Tornado GR4 strike aircraft will also be reduced as Eurofighter Typhoons arrive. The government decision to withdraw the GR9 and only start operating the F-35 in 2020 means the Royal Navy will have to take a capability holiday on carrier strike for the next 10 years.

The review said the MoD intended to operate a single type of F-35, not different land and naval variants."

"One of the two carriers being built by a BAE-led consortium for the Royal Navy will be fitted with catapult and arrestor gear, and is slated to arrive in 2020. The second carrier being built will be mothballed in a low state of readiness."

Several reactions to these cuts have come from a number of people whom I respect. Below my name is a compendium of their talking points.

For your consideration.

Mike

Michael M. Dunn
President/CEO
Air Force Association


--------------------------------------------------------------------------------

"The first thing that hit me was that the UK approach to developing future forces is similar to that of the US. Both countries are emphasizing force structure designed to deal with current conflicts (such as Afghanistan and Iraq) rather than the much more challenging and dangerous ones that will almost certainly occur in the future."

"Very high tech weaponry provides huge advantages to the United States and the UK and allows them to fight asymmetrically against enemies such as the Taliban rather than on a face-to-face basis where the advantage is minimal. And it actually turns out that the weaponry developed for demanding conventional conflicts has great utility in wars such as those in Afghanistan. One need only think of long range bombers and fighters, precision weapons that not only have great military utility but also reduce collateral damage dramatically, Global Position Systems, Imaging Satellites, and long duration unmanned vehicles to name just a few."

"The tone is similar to that of our Secretary of Defense [Robert Gates]. He talks about focusing on today’s wars and avoiding what he calls “next war-ite- is.” This is an extraordinarily dangerous approach for it assumes that the future will be like the present—which it has never been. And lying in the future are certainly enemies who are far more difficult threats than those of today.”

"I don't see, in the medium term (3-5 years), that the new UK posture will have any adverse affects on the US and British relationship. But it puts us on a joint course for the future which it makes it difficult to overcome serious threats with serious capabilities which will likely arise beyond the mid-term. I find this almost myopic focus on today to be quite troubling."

“The RAF has to be interoperable with the US … not just in systems, but doctrine, training, thought and strategies. It is in the US interest to have a strong “left wing” [to quote a former boss] to oppose oppression and safeguard freedom and democracy."

“The RAF has to be able to accomplish a wide range of missions … and continue to be a “Full-Service Air Force.” Right now many of the world’s Air Forces rely on the US for such things as … transport, intelligence, smart munitions, AAR, etc. We cannot be expected to embrace 2nd or 3rd world efforts from the UK and still call them a dependable ally.”

“There comes a time when the UK reaches a “Tipping Point” – when one of their elements of national power decays such that we no longer see them as having the same or similar world view as the US. It may be that it occurs in the military instrument of national power … and we just can’t define when that might be. If it happens, it will be bad for both the US and the UK. This force takes us much closer than before … as the overall level of forces is so small as to possibly make the UK a “bit player” on the world stage – especially against a regional power that might challenge Western interests.”


--------------------------------------------------------------------------------

Thursday, October 14, 2010

House Cyber Security Caucus

Congressman Jim Langevin (RI-D) and Congressman Mike McCaul (R-TX) founded the first-ever House Cyber Security Caucus in September 2008. The two were actively engaged in identifying challenges and making recommendations concerning cybersecurity to the Administration. This Caucus provides an opportunity for members of Congress to get involved in the subject and discuss the challenges in securing cyberspace.

Follow their initiative here.

Cybersecurity Defense

Almost every Internet user is at risk, rather it be a consumer or a global corporation. The increase in threats related to social networking sites, banking security, online shopping and attacks targeting users, businesses and even applications have made the Internet a potentially dangerous landscape.

Every year, cyber crimes cost billions of dollars to repair systems hit by attacks and loss in productivity because of disruptions.

In 2006, 8.3 million Americans were the victims of identity theft.

In the first half of 2009, there were more than 40,000 cyber attacks against the Department of Defense. According to Brig. Gen. John Davis, Deputy Commander, Joint Task Force for Global Network Operations, Defense Department, these attacks cost the Pentagon more than $100 million to clean up.

And according to the Federal Bureau of Investigation (FBI), consumers and businesses lost $5.8 billion in 2009 due to cyber crime, and more than $100 million from US banks.

The FBI has a department dedicated to investigating high-tech crimes, including cyber-based terrorism, computer intrusions, online predators, piracy and cyber frauds.

On their site, they provide a great deal of information regarding protection and security, past cyber crime cases and the types of threats and scams.

Knowledge is a key opposition to cybersecurity threats. Follow this link to read examples of scams.

Tuesday, October 12, 2010

Air Force Memorial Goes Hollywood

As one of DC’s newest memorials, the U.S. Air Force Memorial generally brings in around 250,000 visitors a year. Its three stainless steel spires, designed to resemble a bomb burst, stand 270 feet tall and are visible from miles around.



But perched on a cape in Arlington, Virginia, the Air Force Memorial allows an easily visible skyline of Washington, DC. It’s a great place to steal a view over the Potomac, the Pentagon and parts of the National Mall – which may be why Producer/Director Michael Bay and his film crew for the Transformers movie franchise chose it as one of their locales in their upcoming film.

Monday evening the Air Force Memorial got first row seats to a scene out of Transformers 3. The film's vehicles and equipment trucks drove up Air Force Memorial Boulevard, staring “eye to eye” with our symbolic architectural structure.

Not wanting to miss the action, I was among a large crowd of more than 150 flocking to the Memorial with a digital camera and cell phone in an attempt to snap a picture of the Transformers action. I was only able to snap a few pictures of props and the film crew’s setting up (though I’m not allowed to upload anything captured). But no plot secrets were revealed in the three-hour shoot (which includes time to set up, film and take down).

Also, the scene, unfortunately, did not invite any guest appearances by the film’s stars (i.e., Shia LeBouf, Josh Duhamel or John Malkovich) or even Bumblebee (though, dear Bumblebee may still be in the ICU).

However, the shoot will highlight the beauty of the Memorial and its representation of flight and the flying spirit of the Air Force. It’s a great opportunity to share our memorial that honors the service and sacrifices of the men and women of the United States Air Force and its predecessor organizations to the world.

Transformers 3 is the first motion-picture film to have been shot at the Memorial, said Colonel Pete Lindquist USAF (ret), managing director of the Memorial.

“The crew was very respectable to the landscape and the Memorial,” he said, detailing how the crew requested his approval of the grounds after they finished filming and breaking down. “They truly wanted to make sure they did not leave any scratches, scuffmarks or imprints on any part of our memorial.”

Though no high-speed chases may have been involved, I’ll be excited to see our Air Force Memorial on the big screen in the Hollywood blockbuster Transformers: The Dark of the Moon next summer!

- Staff member of AFA

Monday, October 11, 2010

Cybersecurity: Protecting yourself: PASSWORDS

Many programs, sites and systems that require passwords suggest that the use of strong passwords can help Internet users fight the various attack/hack methods.

Here are some tips on dealing with passwords:

USE a different password for each of your accounts. Though it is easier to keep track of one or two passwords, its also easier for hackers or identity thieves to discover one password and have access to more of your accounts.

MAKE your passwords strong. According to a Microsoft spokesperson, each character you add to your password increases the protection it affords many times over.

Passwords are case-sensitive and have different characters limits. A strong password should adhere to the following tips:
• Should never consist of the user name.
• Should be minimum of eight characters long.
• Should include both lower case and uppercase alphabets (minimum one from each group is suggested).
• Should consist of minimum one number (0 to 9).
• Should consist of at least one symbol. (i.e.: *, $, #)

The password created must be easier to remember but difficult for anybody to guess. Substituting numbers or symbols for alphabets can be used to satisfy the above criteria for a strong password. For example ‘a’ in password can be substituted with ‘@’, similarly ‘i’ can be replaced with ‘!’.

*After creating your password, you can test its strength with one of the "password checkers" available online such as The Password Meter.

AVOID:
• Using personal information such as family names, birthdays, or your
address.
• Using sequences or repeated numbers, like abcd, 12345 or 9999.
• Using personal information, such as birthdays, family names and addresses.
• Using sequences or repeated numbers, like abcd, 12345 or 9999.
• Revealing your passwords to family and friends; children, particularly, may unwittingly pass them on to others.
• Typing passwords into public computers, such as those at libraries or in hotel lobbies. Even if you instruct the computer not to save the password, there could be malicious software on the computer that records your keystrokes for a criminal's use.

CHANGE your passwords frequently. It is a good practice if password is changed periodically, such as monthly or quarterly.

MONITOR all the information you protect with that password, such as online shopping accounts or investment accounts, and request free copies of your credit reports from the national credit
bureaus.

Experian; 888-397-3742
Equifax; 800-685-1111
TransUnion; 800-888-4213

If you see suspicious activity, notify the authorities and contact your credit union for help. If you're a victim of identity theft, the Federal Trade Commission's website includes information about what steps to take.

Friday, October 8, 2010

Cybersecurity Awareness campaign

The Air Force Association joins the nationwide campaign to encourage cybersecurity caution and protection during the 7th Annual National Cybersecurity Awareness Month, sponsored by the National Cyber Security Division (NCSD) within the Department of Homeland Security.

In recognition of the month-long initiative, AFA will be promoting public awareness of cyber threats with tips and guidelines to maintaining a safer online presence every week.

“National Cybersecurity Awareness Month is a great initiative to educate millions of Americans on the many cyber threats out there,” said Mike Dunn, president and CEO of AFA. “Hopefully, through this national campaign, citizens will gain a greater sense of cybersecurity.”

Also, check out this informative feature on cybersecurity by the Department of Defense here.

Wednesday, October 6, 2010

American Foreign Policy in the Middle East

Wednesday, October 6, 2010

AFA members, Congressional Staff members, Civic leaders and DOCA members, during our recent Air & Space Conference, Washington Post columnist Charles Krauthammer gave an interesting talk entitled "American Foreign Policy in the Middle East." It focused on three arcs: the Israeli-Palestinian dispute; pro-western, moderate Arab states; and the non-Arab states of Turkey and Iran. A few of the points he made:

(1) As long as the Palestinians refuse to recognize the existence of Israel, with the signing of a permanent agreement, there will be no end to this conflict.

(2) The creation of a stable economy in Gaza is perhaps the best means to this end in which the Palestinians will not want to sacrifice economic gain with war.

(3) One of the implications of an Iranian nuclear weapon, is that he believes Israel will feel threatened enough to launch a pre-emptive strike.

This transcript is worth reading as he puts the Middle East issue of peace and war in perspective. You can find the piece at: http://www.afa.org/events/conference/2010/scripts/Krauthammer_9-13.pdf.

Secondly, our CyberPatriot Commissioner, Brig Gen (Ret) Bernie Skoch, has been using the radio airwaves this week to market the CyberPatriot High School Competition before the 8 October registration deadline. He’s been on 16 radio talk shows this week.

You can listen to one here at a station in Oklahoma: Gen. Skoch & Dianne Miller on News Radio 1000 KTOK

Thirdly, DOCA recently paid a visit to GTMO and Southcom. You can find their trip report on our website at: http://www.afa.org/edop/2010/GitmoSouthcomFtBragg2010Final.pdf

I have been to GTMO, but am not current on what is going on there. I found their insights helpful in understanding present conditions and treatment of the detainees.

Lastly, every morning I receive two Daily Reports – one from AFA/Air Force Magazine and the other from the Department of Homeland Security. The DHS Daily Report is a compendium of open source events grouped by sector. It is long – often more than 30 pages – but it gives those who have the time to see if there is a trend developing which may be of concern. Here is a link to a recent DHS DR: http://www.dhs.gov/xlibrary/assets/DHS_Daily_Report_2010-10-05.pdf

Note:
On the bottom of page 8 the first piece in the Banking and Finance Sector – "Over the past two years, corporate account takeovers by cybercriminals have cost US businesses more than $100 million, according to FBI estimates."

And on the bottom of page 18, item 48 which states: "Many free iPhone apps pass device ID to the app vendor."

You can sign up for the free email with links to the DR on the DHS website. I’ve found, however, that the pdf file is almost too much to be digested every day … plus I’ve had to copy the URL and paste it into my browser to get the report.

For your consideration,

Mike

Michael M. Dunn
President/CEO
Air Force Association

Tuesday, October 5, 2010

National Cybersecurity Awareness Month

Stop. Think. Connect.

Technology connects billions of people daily. The Internet sees billions of exchanges and tracks trillions of dollars in bank transactions worldwide. And computers regulate everything from traffic lights and sprinkler systems to subway operations and plane landings.

But such systems are susceptible to computer malware, viruses and worms. Attacks on computer systems can freeze the networks, compromise confidentiality and endanger lives.

"We stand at a transformational moment in history, when our technologically interconnected world presents both immense promise and potential risks," said President Barack Obama as he announced the beginning of the 7th Annual celebration of National Cybersecurity Awareness Month.

On Monday, the Department of Homeland Security (DHS) launched their cybersecurity awareness campaign, a national, educational initiative to enhance public understanding of cyber threats. The campaign carries the title "Stop. Think. Connect.," hoping to better equip the public from these threats with cyber habits and tips on increasing security on the Internet.

The "Stop. Think. Connect." campaign is the first-ever coordinated message to help all digital citizens stay safer and more secure online.

DHS is the lead federal agency in defending critical cybernetworks. DHS works to lead a coalition of federal, state and local agencies and private industry to counter attacks. But this campaign is a coordinated effort among government agencies AND industry peers, including Google, Microsoft and Facebook. During this month, these companies, and more, will be putting extra emphasis on online safety to help Americans establish smart cyber habits that will lead to increased protection online.

"Stop. Think. Connect." includes cyber forums hosted in collaboration with the National Centers of Academic Excellence to bring together diverse groups of community, private and government participants for dialogues on cybersecurity issues; opportunities for members of the public to get involved and help spread the word by leading or hosting campaign activities; and a coalition for public and private sector organizations.

Last year, President Obama addressed the importance of cyber awareness and called for the creation of a public awareness program that specifically focused on cybersecurity. The growing number of attacks on America’s cyber networks has become, in President Obama's words, "one of the most serious economic and national security threats our nation faces." Hopefully, through the "Stop. Think. Connect." campaign and the month-long initiative to educate the public on cyber threats, citizens will gain a greater sense of cybersecurity.

AFA understands the importance of cybersecurity and holds it in its mission to promote education on the matter. Through the implementation of CyberPatriot, the nation’s largest and fastest-growing high school cyber defense challenge, AFA is investing in securing the nation’s cyber infrastructure. CyberPatriot calls attention to one of the nation’s most critical needs by exciting, educating and motivating the talent who will become the country’s next generation of cyber leaders.

To learn more about the "Stop. Think. Connect." Campaign, visit the Department of Homeland Security’s site, where you can find tips to stay active in enhancing cybersecurity 365 days a year.