Private computer experts advised U.S. officials on how cyberattacks could damage Libya’s oil and gas infrastructure and rob Moammar Gadhafi’s regime of crucial oil revenue, according to a study obtained by hackers.
“For the private sector to be making recommendations … that’s a level of ambition that you would not have seen until very recently,” said Eli Jellenc, a cyber security expert with VeriSign Inc. who is not linked to the study or its authors.
Project Cyber Dawn was put together by the Cyber Security Forum Initiative, a group whose membership includes military officials, academics and business leaders. Unveillance Chief Executive Karim Hijazi was one of the report’s 21 co-authors, among them forum founder Paul de Souza and Jeffrey Bardin, a former NSA code breaker.
The group posted a redacted version of the study online on May 25, around the time that Hijazi realized his emails had been compromised, but by then the unredacted version was already online.
de Souza, who in a statement said it was aimed at “educating the international community” about the risks of an attack on the industrial control systems at oil refineries in Libya.
But the recommendations are apparently addressed to American officials and contain suggestions on how U.S. intelligence could best spy on the current or any future Libyan administration. Despite repeated emails, de Souza did not clarify how such advice would be useful to an international audience.
Several of the leaked emails suggest that the report was circulated among Pentagon officials, presidential staffers, and a group at the ODNI, presumably the Office of the Director of National Intelligence.
“Our final report will make it to the White House,” Bardin wrote in one of the emails.
But senior defense officials told The Associated Press they were unaware of the study.
Recent reports suggest that the United States government, while pounding the table about the sanctity of its own networks, has secretly been busy setting up alternative networks in other countries with the aim of establishing independent Internet services which can circumvent local censorship.
Certainly there’s a difference between bringing a nation’s network down and inserting an independent network. There’s a chance, however, that the target nation might take this to be an unwanted and hostile intrusion in its cyber-space. I’d like to understand a little better why that isn’t a form of cyber-warfare — and I hope the answer isn’t “Because we’re doing it, not them.”
Instead of invoking Pearl Harbor, how about some constructive preparations to guard against outages and attacks, whether caused by the Axis of Evil, LulzSec, or a bad storm? For example, back-up systems that aren’t dependent on digital networks (hey, we used to run things OK, pre-Internet); minimal interface between vital networks and the wide-open Web; and some accountability when organizations pay no mind to security.
Diplomacy is a good idea, too. It might have a chance if the United States’ own agencies stopped playing cyber-spies for a while. Or stopped getting caught.
“I really believe cyber is one of two existential threats that are out there, the other being nuclear weapons,” he said. He added that the nuclear threat is controlled to a certain extent by the New Strategic Arms Reduction Treaty signed with Russia in 2010 that took effect this year and resumed inspections by each side of the other’s facilities.
Cyber attacks are a particular threat because they could affect economic infrastructure such as financial and transportation systems.
“It needs to be front and center,” he said, “in all of our war-fighting thinking.”
Posted from Diigo. The rest of my favorite links are here.