CyberCity lets government hackers train to thwart attacks

CyberCity has all the makings of a regular town. There’s a bank, a hospital and a power plant. A train station operates near a water tower. The coffee shop offers free WiFi.

But only certain people can get in: government hackers preparing for battles in cyberspace.

The town is a virtual place that exists only on computer networks run by a New Jersey-based security firm working under contract with the Air Force. Computers simulate communications and operations, including email, heating systems, a railroad and an online social networking site dubbed FaceSpace.

Think of it as something like the mock desert towns that were constructed at military facilities to help American soldiers train for the war in Iraq. But here, the soldier-hackers from the Air Force and other branches of the military will practice attacking and defending the computers and networks that run the theoretical town. In one scenario, they will attempt to take control of a speeding train containing weapons of mass destruction.

To those who participate in the practice missions, the digital activity will look and feel real. The “city” will have more than 15,000 “people” who have email accounts, work passwords and bank deposits. The power plant has employees. The hospital has patients. The coffee shop’s customers will come and go, using the insecure WiFi system, just as in real life.

To reinforce the real-world consequences of cyberattacks, CyberCity will have a tabletop scale model of the town, including an electric train, a water tower and a miniature traffic light that will show when they have been attacked.

“It might look to some people like a toy or game,” Ed Skoudis, founder of Counter Hack, the security firm in central New Jersey that is developing the project, said recently while giving a reporter a tour of the fledgling system. “But cyberwarriors will learn from it.”

More available from the Washinton Post: http://www.bendbulletin.com/article/20121128/NEWS0107/211280353/

DARPA Reveals National Cyber Test Range

The Defense Advanced Research Projects Agency (DARPA) on Tuesday announced yet another computing advance: the “National Cyber Range (NCR),” essentially a testing grounds for national cyber weapons, tools and security measures — a kind of cyber firing range.

Or as DARPA alternatively describes it “a secure, self-contained facility where complex defense and commercial networks can be rapidly emulated for cost-effective and timely validation of cyber technologies,” and “a new range for the cyber domain that realistically emulates complex global networks, enabling cyber researchers to test tools and capabilities.”

The open announcement comes after reports that the U.S. and Israeli jointly developed the malware strains known as Stuxnet and Flame in an effort to thwart Iran’s unclear program.

It’s unclear whether DARPA’s new testing facility will be used for anything like those projects, but the purpose of the announcement Tuesday was to note that the NCR had “executed…seven large-scale cyber experiments for multiple DoD organizations” in a test phase and had now moved the NCR over to the control of the Deputy Assistant Secretary of Defense for Developmental Test and Evaluation.

from TalkingPointsMemo @ http://livewire.talkingpointsmemo.com/entry/darpa-reveals-national-cyber-test-range

A smartphone app to stop surveillance

A new “surveillance proof” application aims to make encryption easy for the general public and businesses alike.

How far governments across the globe can go in order to protect the public without invading their privacy is a concern made paramount by modern technology. “Big Brother” — Nineteen eighty-four notwithstanding — ranges from wire tapping to drones, but for the general public, email, device location and online activity surveillance can make us nervous.

However, would-be eavesdroppers don’t have everything their own way. A team of security experts — including Apple’s disk-encryption system designer Jon Callas — led by former Navy SEAL commando Mike Janke have developed what they describe as new, worldwide encryption tools.

The encryption service known as “Silent Circle” is subscription-based access to four services — Silent Phone, Silent Text, Silent Eyes and Silent Mail. Every communication is processed through a peer-to-peer service, which means there is no central database where data or keys are stored. When you make a call or send a text, an individual key is generated by the service, and then immediately deleted once the data is processed. In addition, a “burn” function lets you set an auto-timer on messages sent — almost like a self-destruct function.

For optimal encryption, both sender and receiver need to have the app installed. If not, then data is encrypted until it reaches the device service provider. In case of emails, this is not necessary.

According to the developers of Silent Circle, the app is simple enough to use for the general public. They believe that for governments, media, celebrities and businesses operating in China the app will be especially useful — but the general public can also benefit.

If you’re worried about third-party snooping, access will cost you $20 a month. Apps for the iPhone and iPad are available. Windows, Android and an email service are promised to soon follow.

From SmartPlanet at http://www.smartplanet.com/blog/bulletin/the-spy-free-app-you-can-use-to-stop-surveillance/3237

FBI unveils Next Generation Cyber Initiative

The FBI is doing its part in combating national security threats. Just last week the FBI’s Cyber Crime Division announced its latest program. Deemed the “Next Generation Cyber Initiative,” this program is designed to enable an advanced rapid response to isolate and address cyber threats. (See Note 1).

The team is made up of specially selected and highly trained computer scientists. Working around the clock these specialists can respond to issues any time of the day or night. Any findings can be immediately sent to the FBI’s Cyber Division for review and dissemination to other agencies. (See Note 2). The main goal is to identify problems and identify the source and motivation behind the particular attack. (See Note 3). The target is criminals, spies, terrorists, and hackers attempting to compromise national security. (See Note 4).

This project has been in the works for over a year. (See Note 1). It is part of the efforts to adapt the FBI’s Cyber Division to the needs posed by today’s highly sophisticated cyber threats. (See Note 3). The FBI is also expanding its resources and adding personnel.

Proactive efforts to strengthen national security against cyber threats provide a significant step in the right direction. Threats from cyber space are present around the clock and having a dedicated team to combat these threats and coordinate appropriate responses is paramount to keeping the country safe. Investments of money, personnel, and time into projects such as this are worthwhile. Expanding currently available resources and facilitating greater collaboration efforts can only help the situation. The FBI is taking appropriate steps. So why is it that the country still lacks a unified and mandatory Cyber Security Act?

While an executive order is in the works by the current Obama administration, further delays only create a bigger gap for hackers to continue. Not to mention that a new president could put the current executive order on hold indefinitely much like Congress’ deathblow to the Cyber Security Act over the summer. (See Note 5). Efforts like those being taken by the FBI could be much more effective if conducted against a backdrop of a mandatory nation-wide Cyber Security Act. Until then, actions by individual government agencies can accomplish only so much.

It is time for the United States to take action. Why efforts continue to be delayed makes no sense. Sitting by merely talking about change does nothing if those words are never translated into actual change. We cannot continue to remain idle. In today’s age of advanced technology, guarding against cyber threats should be a top policy concern. Large-scale action needs to be taken. When it is national security at stake, proactive and pre-emptive approaches make more sense. A national policy and further efforts such as those taken by the FBI should be replicated and expanded across the country. There is just too much to lose for inaction to continue. Time will tell how the U.S. measures up in the cyber security wars.

For additional information please email Ian N. Friedman, Esq., Friedman & Frey, L.L.C., at ifriedman@faflegal.com or visit www.faflegal.com.

1. Danielle Walker, FBI Rolls Out Round-the-clock Cyber Crime Team, SCMAGAZINE.COM (2012), http://www.scmagazine.com/fbi-rolls-out-round-the-clock-cyber-crime-team….

2. Aliya Sternstein, FBI Starts New Initiative to Name Hackers, NEXTGOV.COM (2012), http://www.nextgov.com/cybersecurity/2012/10/fbi-starts-new-initiative-n….

3. J. Nocholas Hoover, FBI Expands Cybercrime Division, INFORMATIONWEEK.COM (2012), http://www.informationweek.com/government/security/fbi-expands-cybercrim….

4. Podcast, FBI.GOV (2012), http://www.fbi.gov/news/podcasts/thisweek/next-generation-cyber.mp3/view.

5. Ian N. Friedman, Cyber Security Act fails in Senate: Yet even U.S. military admits vulnerability, EXAMINER.COM (2012), http://www.examiner.com/article/cyber-security-act-fails-senate-yet-even….

From the Examiner: http://www.examiner.com/article/national-cyber-security-fbi-unveils-next-generation-cyber-initiative