Cyberwar heats up

Did you find my January cyberwar post futuristic?  If so, the future is now.

From AP (via Yahoo News), here's an item from security firm McAfee: "Report: Global cyberattack under way for 5 years." To begin: 

... cybercriminals have spent at least the past five years targeting more than 70 government entities, nonprofit groups and corporations around the world to steal troves of data.

 McAfee Inc. said in a report Wednesday that the attacks have targeted a broad range of organizations, including the United Nations, the International Olympic Committee and companies mostly in the United States.

McAfee did not say who may be behind the attacks but says the culprit is likely a nation state.

Meanwhile, The Wall Street Journal reports "U.S. Homes In on China Spying" (the full article is only available in full to subscribers). The subtitle is more direct: "Probe Pinpoints Groups of Hackers and Ties Most to Military; Officials Prepare to Confront Beijing." The article opens:

U.S. intelligence agencies have pinpointed many of the Chinese groups responsible for cyberspying in the U.S., and most are sponsored by the Chinese military, according to people who have been briefed on the investigation.

and cites incidents traceable to the Chinese back to 1999.

From the Christian Science Monitor (again via Yahoo News) an Iranian source claims to have brought down an advanced US spy drone by hacking the UAV's GPS feeds. Other (and IMO, more credible/convincing) sources suggest this claim is bogus. See, for example, "Iran Hijacked Spy Drone With GPS Hack? 'Ridiculous,' Official Says" from Fox News or "U.S. Says Drone Crashed, Refuting Iran's Claim" (again from the WSJ; full article available only to subscribers.)

Nonetheless the Iranian claim provides a window into thinking about hack attacks on a key US miitary technology.

And yesterday's WSJ reports that "Firms Bid on NATO Cyberwar," to discuss an important ongoing procurement.

The North Atlantic Treaty Organization on Monday will collect bids from some of the world's top defense companies, including Lockheed Martin Co. and Northrop Grumman Corp., to update and expand the alliance's cybersecurity abilities.

The €32 million ($42 million) contract, although valued at less than the price of one fighter jet, holds great significance because it cements the alliance's role in protecting cutting-edge infrastructure, say NATO officials.

Hopefully not a case of too little, too late.

Ditto this report from MIT (via Reuters and Yahoo News): "U.S. power grid needs cybersecurity shield."

But in a cybersecurity/public-utility mea culpa ... a few weeks ago, as part of the post Hacked off, I reported on the apparent over-the-net destruction by Russian hackers of an Illinois utility's water pump. PCmag reports that the "hacker" was a consultant for the utility, vacationing in Russia. (That's one consultant whom I suspect won't get a return engagement.)

The explanation still fails to give me a warm-and-fuzzy for the security of the national infrastructure.  How about you?