Israel builds Cybernetic taskforce to defend against cyberwar

A day after Iran announced the establishment of a Cyber Command, Israeli Prime Minister Benjamin Netanyahu Wednesday announced the establishment of a national cybernetic taskforce to encourage and develop the field of cybernetics and turn the State of Israel into a global center of knowledge, in cooperation with academia, industry, the security establishment and other public bodies.

The national cybernetic taskforce is being established in accordance with the recommendations of a special team from the Higher Committee for Science and Technology, which was appointed by Prime Minister Netanyahu, and is chaired by National Research and Development Council Director Prof. Yitzhak Ben-Yisrael.

The main responsibility of the taskforce will be to expand the state’s ability to defend vital infrastructure networks against cybernetic terrorist attacks perpetrated by foreign countries and terrorist elements.

The taskforce is being established following several such attacks that have taken place around the world in recent years, including those which disrupted the electricity grid in Brazil, banks in Estonia and elections in Myanmar.

Israeli electronic networks are also under constant threat.  For example, the Bank of Israel’s website was shut down in 2008.  This past June, after the Turkish flotilla, hackers attacked many Israeli Internet sites, including that of the Tel Aviv-Jaffa Municipality.

Prime Minister Netanyahu has directed the allocation of a special budget to implement the five-year plan that will place Israel at the global forefront in this field.  The plan includes investments in academic research and development, the establishment of a super computer-based center at an Israeli university, the establishment of academic centers of excellence, accelerated activity to bring researchers and academics back to Israel, significantly increasing the number of cybernetics students and upgrading university research infrastructures.

The plan will also encourage the business sector, especially high-tech, in order to develop blue-and-white technologies that will give Israel a significant advantage in the field.  The Government will remove export impediments on cybernetic developments and the security establishment will increase assistance for the development of cybernetic technologies by private industries.

Stuxnet like virus strikes Iran

Iran has been targeted by a new computer worm dubbed Stars, the director of Iran’s Passive Defense Organization announced on Monday.

The Iranian experts, however, spotted the computer worm and are still studying the malware, Gholam-Reza Jalali told the Mehr News Agency, Iran’s semi-official news agency.

While no final result has been achieved yet, he said, “(However), certain characteristics about the Stars worm have been identified, including that it is compatible with the (targeted) system,” Jalali stated.

On Saturday, Deputy chairman of Iran’s Joint Chiefs of Staff had said that Iran will take pre-emptive cyber action against the centers which launch cyber attacks against the Iranian facilities.

“A research center has been established in Imam Hussein University to conduct research on this subject,” Brigadier General Mohammad Hejazi told the Mehr News Agency.

“This research center will plan pre-emptive operations against the known centers that launch cyber attack on our facilities so that they cannot take such actions against us,” he explained.

He went on to say that Iran will take action within the framework of the relevant international regulations, but those who mount cyber attacks on Iran should not expect that Iran will not take reciprocal action against them.

The general added that the Armed Forces will also take measures to prevent the computer virus like Stuxnet from infecting the computer systems of the organizations and companies in Iran.

In September, Associated Press reported that a complex computer worm dubbed Stuxnet has infected many industrial sites in Iran and is capable of taking over power plants.

Stuxnet is a computer worm that attacks industrial systems and spies on them and reprograms them.

Iranian officials confirmed that some Iranian industrial systems were targeted by a cyber attack, but announced that Iranian engineers are capable of rooting out the problem.

Iranian officials said, “An electronic war has been launched against Iran.”

Reportedly, a state may have been involved in creating Stuxnet and using it against Iran.

Later a working group composed of representatives from the communications industries and defense ministries and the Passive Defense Organization was set up to find ways to combat the spyware.

Dramatic increase in cyberattacks and sabotage on critical infrastructure

McAfee and the Center for Strategic and International Studies (CSIS) today revealed the findings from a report that reflects the cost and impact of cyberattacks on critical infrastructure such as power grids, oil, gas and water. The survey of 200 IT security executives from critical electricity infrastructure enterprises in 14 countries found that 40 percent of executives believed that their industry’s vulnerability had increased. Nearly 30 percent believed their company was not prepared for a cyberattack and more than 40 percent expect a major cyberattack within the next year.

The report “In the Dark: Crucial Industries Confront Cyberattacks,” was commissioned by McAfee and produced by CSIS. “We found that the adoption of security measures in important civilian industries badly trailed the increase in threats over the last year,” said Stewart Baker, who led the study for CSIS. Industry executives made modest progress over the past year in securing their networks, as the energy sector increased its adoption of security technologies by only a single percentage point (51 percent), and oil and gas industries increased only by three percentage points (48 percent).

“Ninety to 95 percent of the people working on the smart grid are not concerned about security and only see it as a last box they have to check,” said Jim Woolsey, former United States Director of Central Intelligence.

The report is a follow-up to a report released in 2010 called “In the Crossfire: Critical Infrastructure in the Age of Cyberwar,” that found that many of the world’s critical infrastructures lacked protection of their computer networks, and revealed the staggering cost and impact of cyberattacks on these networks. The new study reveals that while the threat level to these infrastructures has accelerated, the response level has not, even after the majority of respondents frequently found malware designed to sabotage their systems (nearly 70 percent), and nearly half of respondents in the electric industry sector reported that they found Stuxnet on their systems. This threat to infrastructures also includes electrical smart grids, which are growing in adoption and expected to have exceeded $45 billion in global spending in 2015.

“What we are learning is the smart grid is not so smart,” said Dr. Phyllis Schneck, vice president and chief technology officer for public sector, McAfee. “In the past year, we’ve seen arguably one of the most sophisticated forms of malware in Stuxnet, which was specifically designed to sabotage IT systems of critical infrastructures. The fact is that most critical infrastructure systems are not designed with cybersecurity in mind, and organizations need to implement stronger network controls, to avoid being vulnerable to cyberattacks.”

Other key report findings from this year’s report include the following:

• Cyberattacks still prevalent: Eighty percent of respondents have faced a large-scale denial of service attack (DDoS), and a quarter reported daily or weekly DDoS attacks and/or were victims of extortion through network attacks.
• Extortion attempts were more frequent in the CIP sectors: One in four survey respondents have been victims of extortion through cyberattacks or threatened cyberattacks. The number of companies subject to extortion increased by 25 percent in the past year, and extortion cases were equally distributed among the different sectors of critical infrastructure. The countries of India and Mexico have a high rate of extortion attempts; 60 to 80 percent of executives surveyed in these countries reported extortion attempts.
• Organizations failing to adopt effective security: Sophisticated security measures placed upon offsite users are in the minority, with only a quarter of those surveyed implementing tools to monitor network activity, and only about 36 percent use tools to detect role anomalies.
• Security conscious countries: Brazil, France and Mexico are lagging in their security measures, adopting only half as many security measures as leading countries China, Italy and Japan. Concurrently, China and Japan were also among the countries with the highest confidence levels in the ability of current laws to prevent or deter attacks in their countries.
• U.S. and Europe falling behind Asia in government involvement: Respondents in China and Japan reported high levels of both formal and informal interaction with their government on security topics, while the U.S., Spain and U.K. indicated little to no contact.
• Organizations fear government attacks: More than half of respondents say that they have already suffered from government attacks.