by Mike Barry
CEO Fort Collins Web Works LLC
The US Cyber Command was created in 2009, commanded by the head of the National Security Agency, General Keith Alexander. Their mission is to prevent anyone from infiltrating US computer networks and to attack foreign computer networks.
When we added the ability to control industrial systems remotely over the Internet, we weren't thinking about security, and our electrical grids, water and sewer systems, traffic control systems, and industrial facilities are at risk. Financial transactions are carried over a secure network that is similar to the Internet, but anything can be hacked if you are willing to spend enough time and money.
Some governments consider cyber warfare to be just another aspect of economic competition, and they have been caught hacking into foreign private industrial computer networks to find secrets that they could give to companies in their countries to give them an extra competitive edge.
The largest state sponsored series of cyber attacks, named "Titan Rain" by the US Government, was perpertrated by the Chinese military on government and private computer networks in the US since 2003. We have found software that Chinese have inserted into the computer networks that control power grids and utilities in the US, so they could take control of our utilities if they found it necessary.
The second largest state sponsored series of cyber attacks, occured in 2007 when the Russian Government attacked Estonian computer networks including the parliament, ministries, banks, news outlets, telephone systems, and Estonian citizens. The Estonian government had insulted the Russian government by relocating war graves in Tallinn.
In 2008 the US Military found that someone had inserted software into their classified networks giving them access to 0ur classified military secrets.
China attacked Google servers in 2009. They were looking for proprietary code that Google uses to run their search engine. It is suspected that they provided this code to Chinese search engine companies so they could learn Google's techniques.
The Stuxnet virus was created by the US and Israel in 2010 to attack the centrifuges used by Iran to process material for nuclear weapons. Unfortunately Stuxnet spread beyond its intended target and has been found on the computer networks of 40% of the utility companies that tested for it.
In April of 2011 Oak Ridge National Lab had to shut down its email and Internet because someone (probably the Chinese government) had infiltrated their computers and was attempting to steal their information. Over 500 employees had received an email that contained malware. The employees installed the malware then they clicked on a link in the email while following the instructions from what they thought was their own Human Resources Department. The US Air Force and other government organizations and laboratories were also attacked, but not as successfully as Oak Ridge.
If the US is attacked our US Cyber Command can cause great damage to the attacker, the problem is figuring out who attacked us. We don't want to be tricked into attacking the wrong foreign country, and it is easy for a hacker to pretend to be someone else.