The Stock Exchange and United Outages Weren’t Hacks But They Were Just As Scary – By Lily Hay Newman JULY 9 2015 7:50 PM

 A trader on the floor of the New York Stock Exchange during Wednesday's outage. Photo by Lucas Jackson

A trader on the floor of the New York Stock Exchange during Wednesday’s outage.
Photo by Lucas Jackson

On Wednesday, an hour-and-a-half-long reservation system failure grounded United Airlines flights, the New York Stock Exchange was down for almost four hours, and the Wall Street Journal’s website suffered intermittent outages. At an intelligence committee hearing that afternoon, Sen. Barbara Mikulski firmly told FBI Director James Comey, “I don’t believe in coincidences.” But no matter how hack-like the situation seemed, all three companies and law enforcement have been adamant that bad actors were not behind the failures. And that’s just as scary.

A United representative told the Los Angeles Times that a router issue had “degraded network connectivity for various applications,” causing the company’s system problems. And after consistently but opaquely claiming that there weren’t bad actors behind the stock exchange outage, NYSE said in a statement on Thursday that a software update was to blame. “As is standard NYSE practice, the initial release was deployed on one trading unit … [but] there were communication issues between customer gateways and the trading unit with the new release.” NYSE attempted to correct the problem, but this caused new complications and “the decision was made to suspend trading.” The Wall Street Journal is still investigating the cause of its outages, with some speculating that heavy Web traffic brought the site down.

Between the Office of Personnel Management hack and the breach at Sony, the idea of large-scale malicious cyberattacks has become markedly more real for consumers in recent months. But Dave Chronister, who founded the cybersecurity firm Parameter Security and formerly did IT management at financial institutions like A.G. Edwards, points out that there doesn’t have to be a bad actor on the other end for something to be a cybersecurity problem. “We’re in a hypersensitive time right now where everybody’s worried about the malicious attacker, but the chances are you’re going to have a lot more incidents like [those on Wednesday] than actual attacks,” he said. “These were security incidents. The systems went down. It didn’t matter that it wasn’t an attack.”

Article continues:

Last night NSA scare tactics finally stopped working – Updated by Timothy B. Lee on May 23, 2015, 10:50 a.m. ET

There was drama in the Senate last night, as Senate Majority Leader Mitch McConnell struggled to extend a Patriot Act provision that supporters say allows the government to conduct mass surveillance of Americans’ calling records. (Opponents think the program is illegal regardless, but the legislative provision has become a focal point for the fight over the larger issue.) But his fellow Kentucky Republican senator, Rand Paul, led the charge to stop him. Wrote the Hill:

The battle between the two Kentucky Republicans spilled over on the Senate floor, with Paul using procedural tactics to force the chamber into an early Saturday vote. He then used his leverage to kill off McConnell’s repeated attempts to reauthorize the expiring National Security Agency (NSA) programs — first for two months, then for eight days, then for five, then three, then two.

It’s a tactic advocates of mass surveillance have used repeatedly in recent years:

  • They drag their feet on legislation to curtail NSA spying authority until the last possible minute.
  • They argue that it would be reckless to let old spying authority expire without an alternative to put in its place.
  • Terrified of appearing soft on terrorism, members of Congress have repeatedly extended current authority without changes.

But it didn’t work this time, and for good reason.

The NSA program the Senate was debating last night, which collects phone records of every American, was never authorized by Congress in the first place. At least that’s the view of the Second Circuit Appeals Court, which ruled the program was illegal earlier this month. While the secretive FISA court disagrees with the Second Circuit, the latter’s ruling has stiffened the spines of those who believe the program was illegal from the outset.

And two years after the phone records program was revealed by NSA whistleblower Ed Snowden, the program’s advocates still haven’t produced any convincing evidence that the program makes us safer.

There’s broad agreement that the government should have access to the calling records of suspected terrorists, of course. But there’s no reason to think it’s helpful to collect the calling records of millions of innocent Americans just in case one of them happens to be a terrorist. And in particular, there’s no reason to think that a few days or weeks without bulk collection of telephone records will lead to a rash of terrorist attacks. The US government still has a number of ways to get the calling records of terrorism suspects — these mechanisms just involve more court oversight.

Finally, after years of repeating this tactic, it’s become clear that it’s just that — a tactic. Mass surveillance advocates are going to use it over and over to keep current law in place indefinitely. Only by saying no to short-term extensions and being willing to actually let the program lapse will reformers have the leverage to insist on serious reforms of the spying agency.

US security chief warns shoppers after terror threat – BBC News 22 February 2015 Last updated at 16:16 ET

Jeh Johnson told ABC: ''We're in a new phase now''

Jeh Johnson told ABC: ”We’re in a new phase now”

Jeh Johnson told ABC: ”We’re in a new phase now”

US Homeland Security Secretary Jeh Johnson has urged people to be vigilant following a terror threat to Western shopping centres, including one of America’s largest malls.

He said he took the threat by the Somali-based group al-Shabab seriously.

In a video, the group urged followers to carry out attacks on shopping centres in the US, Canada and the UK.

Al-Shabab was responsible for the 2013 attack on Westgate shopping mall in Nairobi that killed 67 people.

Mr Johnson told CNN that the threat was part of “a new phase” of terrorism in which attacks would increasingly come from “independent actors in their homelands”.

“Anytime a terrorist organisation calls for an attack on a specific place, we’ve got to take that seriously,” he said.

But Mr Johnson added that he was not advising people not to go to the malls named by the militants.

In the video, a man with a British-sounding accent and full face covering calls on supporters of al-Shabab to attack “American or Jewish-owned” Western shopping centres.

He specifically mentions Minnesota’s Mall of America – the second-largest US shopping centre – and Canada’s West Edmonton Mall, as well as London’s Oxford Street and the UK capital’s two Westfield shopping centres.

Co-ordinates for the various targets were listed on the screen as they were described.

The BBC’s Naomi Grimley in Washington says it is possible that the video is part of a rivalry between al-Shabab, which is linked to al-Qaeda, and Islamic State, which has dominated media coverage recently.

Article continues;

Classroom Terror: Too Horrible to Discuss, Too Pressing to Ignore – By Paul D. Shinkman Feb. 20, 2015 | 12:01 a.m. EST

Amid a focus on school shooters, the possibility of a true terrorist attack has taken a back seat in the U.S.

The aftermath of the Army Public School shooting in Peshawar, Pakistan. More than 140 people, mostly children, were killed when Taliban gunmen stormed the school in December.

The aftermath of the Army Public School shooting in Peshawar, Pakistan. More than 140 people, mostly children, were killed when Taliban gunmen stormed the school in December.

The aftermath of the Army Public School shooting in Peshawar, Pakistan. More than 140 people, mostly children, were killed when Taliban gunmen stormed the school in December.

In December, a group of militants entered a school and indiscriminately opened fire with automatic machine guns.

“One of my teachers was crying,” a student later recounted. “She was shot in the hand and she was crying in pain.”

“One terrorist then walked up to her and started shooting her until she stopped making any sound. All around me, my friends were lying injured and dead.”

For Americans, the Dec. 16 raid by Taliban insurgents against the Army Public School in Peshawar, Pakistan, was horrific, but distant. The incident, among the latest in a troubling rise of terror attacks worldwide, resonated little outside the South Asian nation. Western news coverage of the aftermath gave way a day later to President Barack Obama’s announcement that the U.S. would seek to normalize relations with Cuba.

The lack of attention also reflected how little attention is paid in the U.S. to preventing a terrorist attack against a school, or any kind of attack other than the “active shooter” scenarios that have grabbed national headlines in recent years. Relatively rare incidents in places like Newtown, Connecticut, and Littleton, Colorado, remain fresh in Americans’ memories, but the government’s willingness to fund local districts to prepare for and manage emergencies related to a larger attack remains as spotty now as it has been historically.

From the local perspective, there is also no standard path through which federal authorities communicate with school districts, either about long-range policies or to impart pressing information about a threat. Some states have clearly defined agencies and officials charged solely with serving as this kind of conduit. Others are only just beginning to consider such options.

A school is the ultimate “soft target” for a terrorist to attack, say many of those charged with protecting the facilities and their students. For communities across America, schools serve not only as places of learning, but as community halls, sports venues and polling places as well.

Article continues:

Senate frozen amid DHS fight – By BURGESS EVERETT 2/12/15 7:20 PM EST

Some GOP senators fear that a short-term funding deal would only prolong the chamber’s paralysis.

From left, House Speaker John Boehner of Ohio, Senate Majority Leader Mitch McConnell of Ky., and Senate Minority Whip Richard Durbin of Ill., attend a statue unveiling ceremony honoring former Arizona Sen. Barry Goldwater, Wednesday, Feb. 11, 2015, on Capitol Hill in Washington. Boehner and McConnell are at a standstill over provisions attached to a Homeland Security spending bill aimed at blocking President Barack Obama's executive actions on immigration. McConnell declared a Senate stalemate Tuesday and called on the House to make the next move to avoid an agency shutdown. House Republicans said they had no intention of doing so and today, Wednesday, Feb. 11, 2015, Speaker Boehner declared that Senate Democrats should

The GOP-controlled Senate is looking a lot like last year’s Democratic Senate: failed procedural votes, short and fruitless workweeks and prolonged periods of inactivity on the floor.

The reason: The stubborn impasse on Homeland Security funding has sapped the chamber’s ability to do much else for the past two weeks, aside from some small-bore legislation. And as lawmakers skip town for a 10-day recess, some Republicans worry that the fight could drag on far past the Feb. 27 shutdown deadline — particularly if Congress ends up passing a short-term funding Band-Aid that merely sets up another cliff.

Many in the Capitol see a short-term extension as the most likely solution to keeping the Department of Homeland Security’s funding from running out at the end of the month, especially with the chambers deadlocked on language that would roll back President Barack Obama’s immigration policies.

But Senate Republicans are already expressing frustration that they’ve wasted too much time trying to appease their House counterparts by voting repeatedly on the same doomed DHS bill, which Democrats have filibustered three times. High-ranking GOP senators are sending a warning flare to the House: The only thing worse than missing the first deadline of the year would be fighting this battle all over again in March or April.

“We’ve got to get off this. We’ve got to get it behind us. We have to at some point bring it to closure,” said Sen. John Thune of South Dakota, the No. 3 Senate Republican. A short-term DHS funding deal “would be a bad outcome for the Senate just in terms of us being to do other things. … If we have to do a short-term extension, we’ve got to revisit this. The next time it comes over, it will take another couple weeks.”

The partisan stalemate is also undermining Republicans’ attempts to show they can run Congress effectively as they head into a tough fight to keep the Senate in 2016.

“This battle should be ended,” said Sen. Mark Kirk (R-Ill.), who wants a DHS funding bill with none of the immigration riders that the House attached to its version in January. “When we were given the honor of the majority, we have to govern wisely. Shutdowns are not wise policy for key national security-related departments.”

Article continues:

Read more:

Under the Sea – By Robert Martinage JANUARY/FEBRUARY 2015 ISSUE

The Vulnerability of the Commons


In recent years, U.S. officials have grown increasingly fearful of a massive cyberattack, one capable of crippling infrastructure and crashing markets. In 2010, William Lynn, then deputy secretary of defense, wrote in these pages that cyberspace was “just as critical to military operations as land, sea, air, and space.” As defense secretary, Leon Panetta warned of a “cyber–Pearl Harbor.” And in 2013, James Clapper, the director of national intelligence, put cyberattacks at the top of his annual list of transnational threats.

Yet as Washington has poured billions of dollars into shoring up its defenses in the virtual world, it has largely ignored the physical infrastructure that allows cyberspace to exist in the real one. Today, roughly 95 percent of intercontinental communications traffic—e-mails, phone calls, money transfers, and so on—travels not by air or through space but underwater, as rays of light that traverse nearly 300 fiber-optic cables with a combined length of over 600,000 miles. For the most part, these critical lines of communication lack even basic defenses, both on the seabed and at a small number of poorly guarded landing points. And a mounting tally of small-scale breaches points to the potential for large-scale damage.

Washington’s neglect of undersea infrastructure extends beyond cables to an increasingly important source of global oil and gas supply: deep-water drilling. Today, offshore rigs in the Gulf of Mexico account for some 25 percent of total U.S. oil and gas production—a figure the Department of Energy predicts could reach 40 percent by 2040. Outside the United States, global production from deep-water wells has risen from 1.5 million barrels per day in 2000 to over six million barrels per day in 2014. As the infrastructure for offshore drilling grows more sophisticated and widespread, it is also becoming more susceptible to attack, with the potential consequences exceeding those of the giant 2010 oil spill in the Gulf of Mexico.

Although human activities underwater are regulated by numerous international bodies, no single entity has both the authority and the ability to take the lead. In the United States, the Coast Guard is responsible for enforcing security plans at the largest offshore energy platforms and protecting underwater structures at some ports. Yet no government agency or department has responsibility for the defense of the country’s submerged energy and cable infrastructure. As a consequence, two of the most critical sectors of the U.S. economy—communications and energy—could easily fall prey to a well-organized terrorist plot or a foreign attack. Fortunately, Washington still has time to correct course.

Some 95 percent of intercontinental communications travel underwater.


British engineers laid the first submarine telegraph line across the English Channel in 1850. Eight years later, an effort backed by the American financier Cyrus Field bridged the Atlantic, linking Ireland to Newfoundland with a telegraph wire that eventually transmitted almost seven words per minute. After Alexander Graham Bell invented the telephone in 1876, the first underwater telephone cable soon followed, carrying conversations beneath the San Francisco Bay.

Although the number of cables proliferated, their speed and capacity stagnated until the introduction of two key advances during the 1920s and 1930s: coaxial copper cores and polyethylene insulation, which allowed individual cables to carry multiple voice channels and provided improved durability. In subsequent decades, capacity soared, rising from 36 voice channels per cable in the 1950s to around 4,000 in the 1970s. Nevertheless, installation and maintenance costs remained high, making satellites decidedly more attractive for carrying telephone traffic. Until the 1980s, satellites could provide almost ten times as much capacity as submarine cables while requiring only one-tenth as large an investment.

But then fiber-optic technology revolutionized global communications. In 1988, a consortium of British, French, and U.S. telecommunications firms laid the first fiber-optic cable across the Atlantic. TAT-8, as the line was called, could carry 40,000 telephone calls simultaneously—an order of magnitude greater than most existing coaxial cables could handle and at a fraction of the previous cost. Today’s fiber-optic cables can transmit an amount of data equivalent to the entire printed collection of the Library of Congress in about 20 seconds.

Article continues:

A Cyber-Whodunit – Winning will require nerds and sleuths, not warriors. By NEAL POLLARD January 02, 2015

A ticket for

From the past few years, it seems we can add cyber-attacks to the list of holiday headaches that includes congested travel, overeating, binge spending and in-laws. In December 2010, web publisher Gawker was hacked, with hackers posting source code, employee conversations, and the email addresses and passwords of hundreds of thousands of users. In late 2012, hackers probably affiliated with Iran, attacked U.S. banks, knocking their consumer-facing web services offline—this attack occurring not long after other hackers, probably affiliated with Iran, attacked oil producers in the Middle East. The 2013 holiday season saw millions of consumers’ personal and payment card details lost to a breach of retailers’ point-of-sale systems.

And this holiday season, Seth Rogen and James Franco made a movie, The Interview, that has challenged fundamental assumptions of geopolitics, foreign policy and modern international conflict, through the lens of a cyber-attack. What began as an antic film plot suddenly became a lot more real on January 2, when the Obama administration—responding to an actual cyber-attack possibly provoked by a fake movie scenario—escalated matters considerably by imposing new financial sanctions on 10 North Korean officials and three government agencies.

Yet the apparent tit-for-tat between Washington and Pyongyang has clarified very little. As “cyber-warfare” and cyber-attacks become more evolved, the more confused we seem to get about what they truly mean, and how to respond—or even who did it. Some of the more famous cyber-attacks described above have simultaneously been termed by government officials and experts alike as crime, terrorism, vandalism, acts of war and nuisances. They can’t be all five at the same time. The silver lining from these trends of cyber-attacks is greater awareness among the public on what is truly at risk, and an opportunity for government, industry and the media to cooperate to define a more consistent, less ad hoc framework on responding to cyber-attacks, identifying and punishing the true beneficiaries of cyber-crime and elevating cybersecurity out of the IT department and into boardrooms and the corporate suite.

Article continues: