L'Iran mène un exercice de guerre informatique lors de manoeuvres navales | La-Croix.com

L'Iran mène un exercice de guerre informatique lors de manoeuvres navales | La-Croix.com

Publications - Sécurité & Stratégie n°11

Le nouveau numéro de la revue Sécurité & Stratégie (n°11, décembre 2012 - février 2013) est dédié au thème "Les cyber-menaces: mythe ou réalité?"

J'y publie un article intitulé "Le cyber-guerrier: nouvelle figure combattante au service de la cyber-défense" (pp. 39-47).

Au sommaire, vous retrouverez également:

- Sécurité: 15 ans d'échec. J. Brossard

- Don't Worry, we are from the Internet" - Anonymous. Fr. Bardeau, N. Danet 

- Rebond. N. Ruff 

- Nouvelles technologies et crime désorganisé: incursion au coeur d'un réseau de pirates informatiques. Benoit Dupont (CICC Montréal)

- Cybercriminalité et expertise: enjeux et défis. F. Guarnieri, E. Przyswa

- Le défi des nouveaux usages numériques: la sécurité des entreprises à la peine. B. Gruselle.

- La cybersécurité des systèmes industriels et tertiaires. S. Meynet

- Cyber-résilience, risques et dépendances: pour une nouvelle approche de la cyber-sécurité. S. Ghernaouti, Ch. Aghroum

- La cyber-sécurité en entreprise: se protéger juridiquement et se former. M. Quéméner, A. Souvira.

Article - New weapons for cyber warfare. The CHAMP project

"New weapons for cyber warfare. The CHAMP Project". Article by Pierluigi Paganini. Infosec website. December 6, 2012.

The attacks against the infrastructure of cyberespace (for instance using EMP bombs) may be considered as part of cyber warfare or information warfare. But others may consider that this is not cyberwar, just electronic warfare. Let's read the interesting article of Pierluigi Paganini, who describes what the CHAMP project is and what the impact on cyberwarfare scenario might be.

News - Syria's Internet outage: interpretations

Land Destroyer website proposes its analysis of the means and motivations that might explain the Syria's Internet outage. Syria's Internet outage & the future of information warfare. December 1, 2012.

News - Head of DHS never uses emails...

Head of Homeland Security doesn't use email at all. Salman Latif, nov.30, 2012, TheTechJournal.com. "If her own trust is that shaky towards the security of data sent online, how can she assure businesses and common users that her department can thwart any possible cyber attacks?"

News - Internet blackout in Syria

Is Syria suffering an Internet blackout? Today, november 29, 2012, Syria has disappeared from the wider Internet. Syria's information minister said "terrorists" were the cause of the Internet blackout, not the state. Most of the phone lines that run through the major Syrian exchange are also down.

News - A virtual cybercity to train government hackers

The Pentagon is developping a virtual town (CyberCity) to train its cyberwarriors. This virtual city will have more than 15000 inhabitants. The Pentagon is training his soldiers for cyberattacks.

News - US Navy new strategy documents

Three important documents on information dominance have been signed this week at the US Army:

- the NAVY STRATEGY FOR ACHIEVING INFORMATION DOMINANCE 2013-2017;

- NAVY CYBER POWER 2020;

- NAVY INFORMATION DOMINANCE CORPS HUMAN CAPITAL STRATEGY 2012-2017.

News - Scoop.it eConflicts

My new Scoop.it on cyber issues is opened:  http://www.scoop.it/t/econflicts/

News - South Carolina (USA): breach of personal data

Millions of South Carolina residents' data stolen: 1.9 million Social Security numbers, 3.8 million tax returns and bank account details for 3.3 million people across the state. This is not really new, actually! All around the world sensitive data are stolen, databases hacked... As usual, the incident has been discovered several weeks after the incident took place: "the data was then posted online - and only discovered by the Secret Service nearly two months later" !!!

Read more

News - US, France, Flame, cyberattacks...

- A French news magazine has accused the U.S. of using a spy software (Flame?) to hack into office of former French president Nicolas Sarkozy.   Nov.22, 2012. Arutz Sheva, Financial Times

 

News - Leçon inaugurale chaire cybersécurité et cyberdéfense

La leçon inaugurale de la chaire Cybersécurité/Cyberdéfense des Ecoles de Saint-Cyr Coëtquidan / Sogeti / Thalès a été donnée le mardi 13 novembre 2012 à l'Ecole militaire de Paris.

Le contenu de la leçon disponible ici.

Compte-rendu de la leçon, rédigé par Mr. Gérard Péliks, Président de l'Atelier Sécurité de Forum ATENA.

Communiqués de presse sur les sites suivants:
- EasyBourse
- BFMTV
- Euroinvestor
- Challenges
- Ministère de la Défense
- SecuObs
- Combourse
- Le Point

Indonesia’s cyber defense strategy and its challenges | The Jakarta Post

Indonesia’s cyber defense strategy and its challenges | The Jakarta Post

News - Chaire Cyberdéfense - Leçon inaugurale

13 novembre 2012. Leçon inaugurale de la Chaire Cybersécurité et Cyberdéfense (Saint-Cyr/Sogeti/Thalès). Amphithéâtre de Bourcet , Ecole Militaire, Paris. 9h30 - 12h. Programme 

Contact presse: Commandant Stéphane Simon (02 92 70 720 13 - 06 76 72 34 80) 

stephane.simon@st-cyr.terre-net.defense.gouv.fr  

News - NATO CDX Cyber Coalition 12

NATO cyber defense exercise will run between 12 and 16 november 2012.

Objective: testing the effectiveness of collaborative cyber defence procedures and capabilities.

Participants: allies + Austria, Finland and Sweden (as players) + Australia, Ireland and Switzerland and EU cyber defence staff (as observers)

News - Nordic Governments and cyber defence policies

Nordic governments have identified cyber defense as a priority and have decided to increase their investments in this domain :

- national military cyber defense centers (CDC) will be dedicated to cyberdefense. Norway has allocated $500 million to the creation of its CDC over the next five years. Denmark has allocated a $20 million annual budget for its CDC, rising to $30 million in 2017

- private sector (firms developing cyber security solutions) will work closely with government

- in the following months will be set up a connecting communications’ network linking to national cyber defense center and regulatory organizations (Norway, Denmark, Sweden and Finland)

Source: Cyber Defense Takes Center Stage in Nordic Cooperation

Book - #CyberDoc: No Borders, No Boundaries

A book soon to be published, from Tim Sample, called “#CyberDoc: No Borders, No Boundaries”

News - Cyber rules of engagement still unfinished

Cyber rules of engagement should be published soon by US DoD... but we are still waiting for them. Article by Amber Corrin, FCW, November 1st, 2012.  

News - Creation of a new cyber security research centre in Bristol

A center to combat cyber attacks has been launched on october 31st 2012 in Bristol. One of the objectives is to make UK one of the most secure places in the world to do business online (!)

News - Minister of communications denies Iran's complicity in cyber attacks

Reza Taqipour, Minister of Communication and Information technology, denied Iran's complicity in cyber attacks that recently targeted western banks (FARS News Agency. October 31, 2012).

News - Cyber attacks rose by 81% according to Symantec

According to Symantec, cyber attacks rose by 81% between 2010 and 2011 (Bankole Orimisan, The Guardian, October 31, 2012)

News - US Army and cyber training

The US Army includes cyber operations into its traditional training exercises. Army adds cyber war to combat training, october 29, 2012.

Events - Cyber Defence & Network Security 2013

Cyber Defence & Network Security 2013. London, 28-31 January 2013. More information.

Events - Cyber Defense Initiative Conference 2013

CDIC 2013. The Pirates in the Cyberspace. 27-28 February 2013. Bangkok Convention Center, Centara Grand at Central World.

โครงการอบรมการป้องกันความปลอดภัยข้อมูลคอมพิวเตอร์ ครั้งที่ 12

News - Iranian cyber strategy

The new iranian cyberdefense strategy will be published next october 29, 2012 (Le nouveau document stratégique de la cyber-défense iranien sera dévoilé). Let's mention that the strategy will focus on "passive" cyber-defense (to counter cyber-attacks). The same day, Iran will implement national cyber-defense exercises to test cyber-infrastructures.

Last July, Ahmad Vahidi, Minister of Defense, declared that cyber-defense is among the top priorities of his ministry (a cyber command has been set up in 2012).

Publicaciones - Ciberguerra

"Ciberguerra" (Daniel Ventre), p. 31-46, en "Seguridad global y potencias emergentes en un mundo multipolar", actas del XIX Curso Internacional de Defensa (26-30 de septiembre de 2011. Jaca, España). Ministerio de Defensa, Academia General Militar, Universidad de Zaragoza. Fecha de edicion: septiembre de 2012.   

News - Call It Chimerica: The U.S. and China Grow Ever Closer (Bloomberg)

Call it Chimerica: The U.S. and China Grow Ever Closer. Interesting paper by Jennifer Daniel and Caroline Winter. (Bloomber BusinessWeek. October 11, 2011). The most interesting probably is the proposed illustration, that compares both US and Chinese mutual dependance on business.

General question (that is not developed in the article): what is the impact of cyberespionage / cybercrime / cyberattacks / cybersecurity measures / cyberdefense policies, between close economic partners?

News - France joins Cyber Defense Center

The Tallinn-based NATO Cyber Defense Center has a new full partner: France.

News - Canada: ready to combat cyber attacks ?

Bill Curry: "Serious flaws in Ottawa's Defence against cyber attacks: auditor general", October 23, 2012.

News - Conference "Cyberthreats, Cyberdefense, Cyberwar" - Brussels

Conference "Cyberthreats, Cyberdefense, Cyberwar" - Ecole Royale Militaire - Brussels - November 19, 2012. Journée d'études du Belgian Intelligence Studies Centre (BISC) et du Centre d'études de droit militaire et de droit de la guerre.

News - Statistics: 1000 cyberattacks / hour...

Tom Whitehead, Britain is target of up to 1000 cyber attacks every hour, 22 octobre 2012, The Telegraph:

- "Cyber crime is estimated to cost the UK about £27 billion annually"

- "it is possible to buy off-the-shelf malicious software, such as that designed to steal bank details from people’s computers, for as little as £3,000"

- "Britain is being targeted by up to 1,000 cyber attacks every hour"

But the most interesting point in the article concerns the opinion of the Intelligence and Security Committee, that believes "Britain should declare cyber war on states and criminals who target the country by using aggressive retaliatory strikes to destroy their own operations".

The escalation of violence is a real risk too!

News - Cybersecurity Conference - Washington

Washington. October 22-23, 2012. Cybersecurity Conference.

News - (Cyber)Apocalypse Soon

Karen J. Greenberg is asking the question "Will the Apocalypse arrive online?"... and soon?

Let's remind that the question is not really new. The idea of a cyber-apocalypse or Cyber Pearl Harbor (CPH) was born in the 90's.  

News - Become a cyber warrior!

Some private firms have invented the new version of the old commercial slogan "Learn French (or English, Spanish, Russian, Chinese...) in 20 lessons!"

If we believe the new slogans, people might become cyber warriors in less than a week. IT Securitas proposes a 5-days training program to become a cyber warrior. Last June 2012, the malaysian company CyberGuru proposed a 4-days (!!) program titled "Cyber Warrior" (The objective of the program was to train students how to use cyberweapons, and understand cyberdefense - attack and defense - strategies).  

Is it so easy to become a cyber warrior?   

News - Thomas Rid: "Cyber War will not take place"

New book soon to be published: "Cyber War will not take place", by Thomas Rid. 30 april 2013. 256 pages. C Hurst & Co Publishers Ltd.

Article - US hypocrisy over cyber warfare

US is accused of hypocrisy over cyber warfare. Mikko Hypponen reminds us that most of the cyberattacks uncovered in the past years have been launched from (or by) the United States. The official discourse from Leon Panetta and other US government institutions (about Cyber Pearl Harbor threat) is hypocritical.  Lain Thomson, October 20, 2012. The Register.

News - Twenty top US Air Force generals are due to discuss cyber warfare

Twenty top US Air Force generals are due to discuss cyber warfare in a November meeting. The objective is to clarify the roles of US Air Force in the cyberconflict domain. (Washington, The Observer, October 20, 2012).

News - Israel Defense Forces is stepping up its cyber-warfare efforts

Israel Defense Forces is stepping up its cyber-warfare efforts, through the recruitment of cyber soldiers. October 21, 2012. Haaretz.com

News - Cyber-security: Innovation, Regulation and Strategic

The Innovation and regulation Chair will organize, next November 21, 2012, a Research workshop on Cyber-security: Innovation, Regulation and Strategic Shifts.

Participants:

- Philippe Baumard (Ecole Polytechnique, Innovation & Regulation Chair) will introduce this workshop and welcome:

- Dr. JP Macintosh, Director of Programs, UCL Institute for Security and Resilience Studies

- Dr. Chris C. Demchak, Professor, Strategic Research, NWC Center for Cyber conflict studies

- Admiral Arnaud Coustillère, Cyber-Defense General Officer, Etat-Major des Armées

- Mr. Jean-Luc Moliner, Senior Vice President, Security, France Telecom-Orange

- General Yves-Tristan Boissan, Commander, School of Transmissions

- Mr. Cédric Blancher, Senior Cyber-Security Expert, EADS Group

- John Mallery, Research Scientist, MIT Computer Science and Artificial Intelligence Laboratory.

More details

Articles - Washington Post - America should brace for cyber-war blowback

Walter Pincus (Washington Post) asks an interesting question: "How prepared is the American public for the inevitable blowback? Just what can be done about this remote-control warfare?" (Blowback being here defined as "an unforeseen and unwanted effect, result, or set of repercussions," according to the Merriam-Webster Dictionary). The U.S. is preparing for cyberoffense and is developping new weapon technologies, but is not the only one in the world being able to create and use them. Is the U.S. really prepared to defend against others doing the same thing? (Washington Post - October 21, 2012, America should brace for cyber-war blowback)

News - HSBC websites hit by cyberattack

A large scale cyber attack has hit websites of HSBC. Million of customers around the world have been left without access to online services for at least 7 hours. The DDoS attack has been launched on Thursday evening. At the same time the US financial group Capital 1 was also hit by a similar type of cyberattack. According to HSBC, customers'data have not been affected by this incident. The most important for all firms being victims of such attacks is to ensure business continuity.

News - Conference on Cyber Warfare

Second International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec 2013), 4-6 March 2013 - Kuala Lumpur, Malaysia

News - CyberCercle

Agenda du CyberCercle:

- 24 octobre 2012: "Ministère de la défense: opérer en sécurité dans le cyberespace". Intervenants: CA Arnaud COUSTILLIERE, Officier Général en charge de la Cyberdéfense à l'EMA, Francis HILLMEYER, député du Haut-Rhin, membre de la ComDef. Inscription

- 8 novembre 2012: "Quelle place pour la cyberdéfense dans la réflexion du Livre Blanc?". Intervenants: Patrick Paiiloux (ANSSI), Eduardo RIHAN CYPEL, député de Seine-et-Marne, membre de la ComDef et de la Commission du Livre blanc. Inscription

- 5 décembre 2012: "La France dans le débat international sur la cybersécurité". Intervenant: M. l'Ambassadeur Jean-François BLAREL, Secrétaire Général adjoint du ministère des Affaires étrangères. Inscription 

Plus d'informations sur le site Défense & Stratégie

Comments on U.S. Cyber Defense Strategies

Here are some elements of the current U.S. cyber defense strategy:

1 - Reaction to cyberattacks

- The Pentagon's approach to cyber warfare is focusing more on a quick response rather than a perfect solution. "Military focuses on quick response cyber capabilities". Sept. 19, 2012

- DoD is finalizing new cyberwar rules of engagement

2 - Identification of foes

- "The three potential adversaries out there that are developing the greatest capabilities are Russia, China, Iran" (Leon Panetta, Oct.12, 2012. "Panetta sounds alarm on cyber-war threat")

- “Out of a scale of 10, we’re probably 8 [in cyber-war skills. But potential foes] are moving up on the scale – probably the others are about a 3, somewhere in that vicinity, but they’re beginning to move up.” (Leon Panetta, Oct.12, 2012. "Panetta sounds alarm on cyber-war threat")

- Existing new capabilities of attribution ("Cyber Command is increasingly able to trace the origin of digital assaults". Military prepares new agressive rules to fight cyber war: Panetta. Oct.12, 2012)

3 - Human resources

- Recruiting new kind of cyber warriors: civilians, subcontractors, private actors. The future cyber warriors might be civilians rather than DoD soldiers. (Leon Panetta, Speech, October 11, 2012)

4 - Maintaining Secret

- We do not know how DoD and more generally the US react to cyberattacks. Do they counter-attack? How?

Comments:

International power :
- Iran is among the new adversaries that have recently appeared in the cyber realm. Does L. Panetta forget North Korea...?

- The USA remais the strongest actor in the worl: "we are probably 8 ... the others are about a 3...". It means that a future (current?) cyberconflict will be (or is?) a dissymetric one.

- Will DoD rules of engagement become a worldwide model? Will the US allies be constrained to adopt the same rules of engagement? Will the U.S. impose its rules to NATO allies? ...

- Is the US really able to trace the origin of cyberattacks? Will the US be the only country to possess such capability? Will it share this capability with allied countries? 

- Through its attribution capabilities, its rules of engagement, and such a difference in cyber-war skills compared to other nations, the USA tries to impose its hegemonic power through cyberspace.  

Seminar - Cyber Security Seminar (Geneva)

Cyber Security Seminar. 12 november 2012 - 13 november 2012. Geneva Centre for Security Policy. http://gcsp.ch/Regional-Capacity-Development/Euro-Atlantic-Security/Events/Cyber-Security-Seminar

News - ANAJ-IHEDN "Cyber Defense" Committee

Le Comité « Cyberdéfense » de l’ANAJ-IHEDN lance son cycle de conférences 2012-2013.  Hacking, défiguration, hammeçonnage, DDoS, cybercriminalité, virus, SCADA, intrusion, cyberespace…

Première conférence le jeudi 25 octobre 2012: "L'ANSSI en première ligne de la stratégie de cybersécurité française".

News - Easy access to Huawei routers

News - "Hack in the Box: researcher reveals ease of Huawei router access". October 11, 2012. ZDnet.com.

News - India - Public/Private sectors cooperation for cyberdefense

"India, private sector cooperate for national cyberdefense". Jamie Yap. October 16, 2012.

News - China busts 700 cybercriminal gangs

China busts 700 cybercriminal gangs. Article by Liau Yun Qing. ZDNet Asia. October 15, 2012.
China's Web policing campaign has led to the arrest of 8,900 suspects!

Article - M.C. Libicki. Cyberspace is not a Warfighting Domain

Cyberspace is not a Warfighting Domain. Martin C. Libicki. 16 pages. A Journal of Law and Policy for the Information Society. Vol.8, Issue 2. Cybersecurity: Shared Risks, Shared Responsibilities. 2012

• Cyber Policy–Institutional Struggle in a Transformed World, Terrence K. Kelly & Jeffrey  Hunker
• Government and Private Sector Roles in Providing Information Security in the U.S. Financial Services Industry, Mark MacCarthy
• United States Government Cybersecurity Relationships, Mark D. Young, 
• Cyberspace Is Not a War-Fighting Domain, Martin C. Libicki
• Thoughts on Threat Assessment in Cyberspace, Herbert Lin
• Applying International Environmental Legal Norms to Cyber Statecraft, Jason Healey & Hannah Pitts
• Making Good Cybersecurity Law and Policy: How Can We Get Tasty Sausage?, Paul Rosenzweig
• Cybersecurity: Ideas Whose Time Has Not Come – And Shouldn’t, Gregory T. Nojeim
• Cybersecurity Policy as if “Ordinary Citizens” Mattered: The Case for Public Participation in Cyber Policy Making, Peter M. Shane