You know the drill. Quick survey of recent cyber news . . .
***
Andrea Shalal-Esa wrote a great article for Reuters on the cyber vulnerabilities of the F-35 Joint Strike Fighter, DoD’s much maligned fighter jet. According to Reuters, Navy penetration testers managed to break into the computer systems that control the JSF, giving the heads up to Lockheed in the process. However, even if we found this vulnerability, there are surely more lurking. Shalal-Esa notes the “highly networked” nature of the JSF’s support system and the constantly evolving nature of cyber threats. Moreover, even though Lockheed itself may have “top-notch cyber security,” the high number of sub-contractors contributing to the JSF probably don’t.
Via Wikimedia Commons
Aviation Week had a great article (from a few months back) about how the JSF was vulnerable and how its cost overruns could be traced to Chinese cyberespionage.
And with all of these cyber vulnerabilities, can we safely say that the F-35 is still the last manned fighter (see also JCS remarks from Adm. Mike Mullen)? Do we really want to cut humans out of the loop here? And didn’t I see a movie asking questions similar to these?
Oh yeah, I did, and it was terrible (Jessica Biel in Stealth, via Wikimedia Commons).
***
Lucian Constantin wrote for Computerworld on how the Xtreme RAT malware that targeted Israeli police computers “has also targeted government institutions from the U.S., U.K. and other countries.”
***
ITWorld’s Grant Gross on how the U.S. Delegation to the upcoming World Conference on International Telecommunications (WCIT) “will not budge on its positions advocating free speech online and opposing broad new regulations for the Internet.”
USA, USA, USA.
WCIT starts Dec. 3rd, I wait with baited breath.
***
According to ZDNet’s Larry Dignan, Eugene Kaspersky’s concept for a secure industrial OS “has been either positive or negative” with “no neutral.” Again, the idea is to develop a pared-down OS system for critical infrastructure, with the assumption being that it will be safer.
Criticisms include believing an OS is safe(r) and trusting a Russian.
***
ZDNet’s Zack Whittaker with a 2012 year of cybersecurity and cybercrime in review. Whittaker names the victory over SOPA/PIPA, the emergence of Flame, and that White House minor cybersecurity breach, among others.
No love for Shamoon.
***
Hayley Tsukayama reports for The Washington Post on a development that should shock absolutely no one: cybersecurity legislation didn’t pass the Senate, at least in this lame duck session.
The Christian Science Monitor’s Mark Clayton suggests that perhaps its time that President Obama take charge on cybersecurity. That, of course, means issuing that cyber EO, which could come “soon.” In addition, Senate minority leader McConnell believes that cybersecurity legislation will get another look next month.
Unfortunately, both the cyber ROEs and the cybersecurity EO have been coming “soon” for a while now.
***
Eric Savitz, for Forbes, on an interview with Art Coviello (RSA’s Executive Chairman).
***
Jill Lawless for the Associated Press on a disturbing phenomenon: “In Britain, hundreds of people are prosecuted each year for posts, tweets, texts and emails deemed menacing, indecent, offensive or obscene, and the number is growing as our online lives expand.” Moreover, Lawless reports that prosecutions for offensive electronic communications have risen from “1,263 in 2009 to 1,843 in 2011,” with an increase in convictions over the same period.
#britiangetyouracttogether
***
Adam Segal wrote for Foreign Affairs and suggested a list of books to read on cybersecurity.
***
Here I am, writing a blog post, citing another blog post, which cites a report. Blogception.
Anyways, Lawfare’s Jack Goldsmith on a NRC report on vulnerabilities in the U.S. electric power delivery system.
Moreover, Paul Rosenzweig offers analysis for Lawfare on the Presidential Cyber LOAC Directive. Mr. Rosenzweig believes that “this is a big deal — far bigger than the Cybersecurity Act in some ways.”
Leave a Reply