Cyber Attack Civil Defense Drills

Back in the 1950’s and 60’s most public schools practiced nuclear attack drills. You know, the siren goes off and you climb underneath your desk, covered your heads and kissed your butt goodbye. Anyone remember those? When I was in elementary in the 70s they no longer did this type of drill. The siren would go off and we would line up in perfect rows and walk outside and stand in the parking lot. No hiding under desks for us, nope, we would show the enemy that we were not afraid, one last great act of defiance. Or maybe it was the desks were no longer being made in America at that time and people figured why bother… 

All right, kidding aside, during the Russia-Georgia conflict, cyber warfare was part of the Russian strategy to hinder communication and government infrastructure. It would appear that cyber warfare works very well alongside physical force and is becoming a standard instead of an exception in modern conflicts. Currently, militants are attacking Israel using some of the same cyber attacks that Russia used against Georgia. But does this make cyberwar a serious enough threat to be added to defense planning? 

Israel believes so and has now added cyber attacks to its civil defense drills. According to an article on Haaretz, 70% of Israel’s population will be participating in a preparedness drill this week. The drill will begin with a simulated rocket attack on Israel. Later, a cyber-attack would be added to the mix: 

The “cyber preparedness” part of the exercise will simulate an Internet-based attack on the country’s communications and computer infrastructure, of the type the defense establishment believes hostile elements could mount in a war. 

Electronic targets could include mobile phone networks, banks and transportation communications systems, such as those of Israel Railways and Ben-Gurion International Airport. Such attacks took place during Operation Cast Lead, but there was little damage to government computer networks. 

In Israel, the Israel Security Agency, or better known as Shin Bet, is responsible for defending the civilian electronic infrastructure. Israel is well known for taking some of its best and brightest students and putting them directly into Military Intelligence.  And you just gotta love a security group whose motto is “The Unseen Shield”. 

Israel, who is surrounded on every side by nations that hate them, and have attacked them in the past, is taking cyber warfare very seriously. Facing such overwhelming numbers, Israel is in a constant state of readiness and studies the latest forms of attack and defense. Maybe our leaders should stop fighting over if our nation is at cyber war or not and take Israel’s drill as a big heads up.

Building Systems at Risk Due to Cisco Bug

Cisco warned today of vulnerabilities in their Cisco Network Building Mediator products. These products are used to remotely connect building systems to an IT controled monitoring panel. The system controls building lighting, HVAC, security and energy systems.

According to an article on The Register:

No authentication is required to read the system configuration files, making it possible for outsiders to take control of a building’s most critical control systems.

“Successful exploitation of any of these vulnerabilities could result in a malicious user taking complete control over an affected device,” a Cisco advisory stated. The notice also warned that the vulnerabilities are present in the legacy products from Richards-Zeta, the Cisco-acquired company that originally designed the system. The bugs were discovered during internal testing.
When I worked at an electrical engineering company, these devices were just coming out. The ones that I saw were simpler and only read data, they did not allow remote control. They were interesting because management could see realtime on their desktop what the building energy supply and loads were. The were great for forecasting energy use and supply.
Allowing control of these systems via computer was the next logical step, but bugs allowing a hacker remote control of your electric and lighting is a serious issue, especially in large metropolis buildings. 

Security Seminar: Introduction to Malware Analysis is offering an online security webinar, “Introduction to Malware Analysis” tomorrow at 10:30 PM EDT. Information from website:

SANS popular malware analysis course has helped IT administrators, security professionals, and malware specialists fight malicious code in their organizations. In this free session, Lenny Zeltser (FOR610: Reverse Engineering Malware course), primary author, will introduce you to the process of reverse-engineering malicious software. He will outline live behavioral analysis and some code analysis approaches, to make this topic accessible even to individuals with a limited exposure to programming concepts. You’ll learn the fundamentals and associated tools to get started with malware analysis.

The webinar is free, you just need to register in advance.

Excellent Sources for Cybercrime, Threat Analysis and Terrorism Consulting

Need to know more about global cybercrime or cyber conflicts? Need to get your agency up to speed on current terrorist tactics and threats? Or, are you an armchair cyber commando and just want to know more? Where do you turn? The following are Cyberarms recommendations:

Cyber Crime and Threat Analysis – Greylogic is the place to turn to. “GreyLogic is a veteran-owned small business registered in the State of Washington that specializes in the investigation of cyber conflicts by State and non-State actors, and monitors emerging threats in the global cyber landscape.

Unlike other Information Security companies, GreyLogic investigators and analysts go beyond the purely technical forensics of an attack to include geopolitical influences, bad actor profiles, individual and organizational connections (both hidden and disclosed), and other relevant data necessary for policy makers and corporate executives to properly evaluate the facts of an incident or threat before deciding on a course of action.” (from Website)

Greylogic has released to the public their findings on the Russia/ Georgia cyber conflict (Project Grey Goose Phase I) and the evolving state of cyberwarfare (Project Grey Goose Phase II). Confidential data is available to government/ corporate agencies.

Greylogic is led by CEO Jeffrey Carr, author of “Inside Cyber Warfare”.

Current Terrorist Tactics and Threats – Flashpoint Partners is the place to turn to. “Flashpoint Partners is a research and analysis enterprise focused on global security, with managing partners based in London and New York.  FP offers a host of contract consulting services which are available to international governments, law enforcement agencies, media outlets, academic institutions, and private corporations.  We have a proven track record in successfully completing critical projects for a variety of high-profile clients around the world–including the U.S. Department of Justice, the U.S. Department of Defense, Scotland Yard’s SO-15 Counter Terrorism Command, the United Kingdom Crown Prosecution Service, the Australian Federal Police (AFP), and the International Court of Justice at the Hague.” (from Website)

Flashpoint Partners is led by Evan Kohlmann, author of “Al-Qaida’s Jihad in Europe”. Mr. Kohlmann has provided consulting and analysis to an alphabet soup list of worldwide government agencies concerning various counter-terrorism topics and has testified as an expert witness in more federal court cases than I care to list.

I have had the pleasure of hearing both Jeffrey Carr and Evan Kohlmann in separate cyber-security related seminars and the knowledge and insight of both is amazing. I highly recommend both, check out their websites and if you get the chance to hear either in person or in an online webinar, you will not be disappointed.