The U.S. military to defend homeland America from cyber attacks
May 25, 2011
The U.S. military says it will play a major role in defending homeland America from cyber attacks, and this will include providing cybersecurity and improved protection to key infrastructure on U.S. soil.
Deputy assistant secretary of defense for cyber policy Robert Butler briefed a few senators in Washington yesterday on the plans. Butler said that the Defense department would of course safeguard its own .mil domain, but would also closely collaborate with the Departments of Homeland Security and Justice to guard and patrol the rest of America's cyber territory in a diligent manner.
Philip Reitinger, a DHS senior manager, seemed to imply that the military would lead on cybersecurity even in the domestic sphere. "We each bring unique experience to the initiative," he added. "The DOD (Defense Department) has unparalleled technical expertise and cyber expertise."
Giving a hint as to just which parts of America the military would be the most eager to secure, Butler stated that the U.S. armed forces are critically dependent on the civilian power network, telecoms, transport and many other sectors that are currently run using various computer networks.
"Just as our reliance on critical infrastructure has grown, so have the threats," Butler told the Senate homeland-security committee. His remarks were reported by the U.S. forces press service.
It is the U.S. military's mandate to protect the United States from threats both foreign and domestic, but nonetheless there will be those worried by the prospect of military intelligence and security agencies getting involved in utility companies' networks and databases, and we fully expect that.
To some degree, this is already happening anyway. News emerged in 2010 that the National Security Agency (NSA) had set up a black secret program called "Perfect Citizen", intended to set up monitoring equipment on networks deemed to be of national-security importance, perhaps including those of utility companies.
This would allow the NSA to know exactly when attacks were happening, rather than relying on companies to realize this and then report it afterwards. But the prospect also existed that such equipment could allow for pervasive monitoring of such items as whether a given property was occupied, perhaps where a given car, truck or passenger train had been, and at what date and time, etc.
At the time the NSA insisted that Perfect Citizen is a research and engineering effort. There is no monitoring involved. It doesn't involve the monitoring of communications or the placement of sensors on utility company systems.
Nonetheless, the news that the NSA – whose chief is also in command of the uniformed Cyber Command and subsidiary single-service cyberwar units such as the 24th Air Force, 10th Fleet etc – is apparently to advise and guide – if not lead outright – U.S. domestic cyber security efforts may give rise to a little discomfort as well as some reassurance to a few.
In other Internet security news
A few reports are coming in that suggest Apple is publishing outdated software packages on its App Store, even subject to some critical security vulnerabilities in a few cases.
The issue was discovered by security researcher Joshua Long, who discovered that iPhone and iPad users who download a copy of Opera via the App Store get a copy of the software released in March.
Opera repaired an important security hole in that software weeks ago, but the latest 11.11 version of its browser app isn't available throughout Apple's App Store. Users are instead offered a version of the software that's two releases outdated, and that represent some security vulnerabilities.
The Opera example isn't the only example of potential security issues, though it is the most serious one so far. For instance, Amazon's Kindle app in the App Store dates from as far back as January 2011 and that one too had an issue at that time but that has been long fixed since.
Apple's approval is necessary before software is published via the Mac App Store. This approach has arguably helped prevent the issue of Trojans, viruses and other problematic apps that have become an increasing problem in other software marketplaces.
But it does introduce a delay that means Apple is falling short of its promise to "keep track of your apps and tell you when an update is available".
Security savvy Mac users would be better to get updated software from a vendor's own website, suggests Long.
In February, Apple said that it was tightening its App Store policies on eBooks, a move that has so far prevented the release of Sony's new eReader app and signals even more trouble ahead for Amazon's popular Kindle mobile eReader application.
Late yesterday, the New York Times reported that Apple had rejected Sony's Reader app for the iPhone because users would make their purchases in a browser rather than with Apple's in-app payments system-- literally cutting Apple out of the sales stream altogether.
In a prepared statement, Sony said that it has "opened a dialog with Apple" but has "reached an impasse at this time."
A note posted on its website fills customers in on the dispute: "Unfortunately, and with little notice, Apple has changed the way it enforces some of its rules," Sony wrote.
Other e-reader apps -- including those for Amazon's Kindle and Barnes & Noble's Nook -- open up Web browser windows when users wish to purchase e-books, so the process isn't new at all. But it's unclear for now whether those apps, which are already available in Apple's App Store, will be affected by Apple's apparent about face.
In response to the New York Times article, Apple said in a statement late yesterday that it had not changed its developer terms or guidelines in any way.
However, the company did say that it has decided to interpret its rules more strictly when it comes to its extremely popular Apple App Store.
Both Amazon and Barnes & Noble didn't respond to requests for comment at the time this article was published.
"We are now requiring that if an app offers customers the ability to purchase books outside of the app, that the same option is also available to customers from within the app with in-app purchase," Apple said.
Nevertheless, that's a significant change for a company the size and footprint of Apple, and one likely to be very controversial with Amazon, which has been aggressively building out its Kindle platform and touting its "read anywhere" portability. The company said last week that Kindle e-books now outpace both its hardcover and paperback sales.
Sony's feud with Apple came to light just as Apple is stepping up its visibility as a player in the media market, and this didn't surprise some wireless industry analysts that are following this closely.
This morning, Apple will participate in News Corp.'s New York launch of its new iPad-only newspaper, The Daily. To underpin the new venture, Apple is adapting its App Store model to support recurring subscription payments. The Daily is expected to sell its subscriptions for 99 cents per week.
On Jan. 24, Apple announced that it had surpassed the ten billion downloads mark by the more than 160 million iPhone, iPod touch and iPad users globally. According to a press release, the 10 billionth mobile app downloaded was Paper Glider, which was purchased by Gail Davis of Orpington, Kent in the United Kingdom. Davis will receive a $10,000 iTunes Gift Card as part of a contest Apple ran surrounding the milestone.
"With more than 10 billion apps downloaded in just 2 1/2 years — a staggering seven billion apps in the last year alone — the Apple App Store has surpassed our wildest dreams," said Philip Schiller, Apple's senior vice president of Global Product Marketing.
Apple's App Store currently offers about 350,420 mobile apps to users in ninety countries. The App Store also boasts 60,000 native iPad apps as well.
The App Store is still the leader in the numbers game. According to recent accounting from app analytics firm Distimo, Google's Android Market currently features 130,000 apps, and Nokia's Ovi Store and BlackBerry App World feature 25,000 and 18,000 downloadable applications, respectively.
Source: The U.S. military.
You can link to the Internet Security web site as much as you like.