For several days, Bank of America’s systems had problems. The problems – primarily denial of service disruptions – hit their web site and reportedly their mobile banking services.

For BofA, the nation’s largest bank based on assets, this was not the first issue or attack they experienced in the past year. Nor in fact, was BofA the only U.S. financial institution that has been experiencing what appears to be a series of directed cyber attacks. JPMorgan Chase and Citigroup also are reported to have been struck by similar related aggressive cyber activities, beginning last year. Keep reading →

The head of Iran’s Presidential Center for International Legal Affairs has announced that Iran plans to bring legal action against those that launched cyber attacks against their uranium enrichment equipment in a move that promises to raise the stakes for the U.S. cybersecurity policy officials.

Majid Jafarzadeh made the announcement this week after consulting Iranian and foreign legal experts, saying Iran has decided to file a lawsuit against the “cyber terrorists” who have attacked the country’s nuclear enrichment infrastructure. Keep reading →

Intelligence organizations are racing to collect cyber intelligence in efforts to identify and monitor the development, use and sale of offensive cyber capabilities by individual actors, criminal organizations, terrorist groups and nation states. This is a formidable undertaking to say the least. Consider the facilities and infrastructure needed to make a tank. Now think about the facilities and infrastructure needed to make a cyber weapon. All you need is ambition coupled with a laptop, Internet connection, programming skills, a search engine for research and maybe a couple of books – all of which are openly available. Add to that the hacker underground and black-market for malicious code and sale of newly discovered vulnerabilities and you have everything needed for the development and sale of cyber weapons. Keep reading →

Cyber investigators looking at the Stuxnet code determined that on June 24th the sophisticated cyber weapon would stop operating and remove itself from the systems it had infiltrated.

This function was identified long ago and cyber researchers have patiently waited to see what if any implications this will have on the tens of thousands of computers in more than 155 countries the sophisticated cyber weapon had infected. By all accounts this is a self-destruction, an unusual function not often seen embedded within malicious code. The inclusion of this function is a strong indicator that those behind this cyber attack did not believe that Iran would discover the malicious code. Keep reading →

Earlier this year Iran’s President Mahmoud Ahmadinejad announced that Iran would establish a Supreme Council of Cyberspace. This was the latest action intended to strengthen Iran’s cyber power and defend the country against cyber attacks.

Sources inside of Iran have said that the council will be comprised of high-ranking Iranian officials such as the Iran’s Parliament speaker, Judiciary chief, head of the Islamic Republic of Iran Broadcasting, and ministers of Communication and Information Technology, Culture and Islamic Guidance and Intelligence. Keep reading →

The Stuxnet computer worm that damaged Iranian nuclear facilities – widely suspected to be an Israeli or even U.S. covert action – was a model of a responsibly conducted cyber-attack, said the top lawyer for the U.S. military’s Cyber Command, Air Force Col. Gary Brown. By contrast, the Chinese stance, which holds that the international law of armed conflict does not apply in cyberspace, opens the door for indiscriminate online actions launched with less concern for collateral damage than was evident in Stuxnet, he warned, while a joint Russo-Chinese proposal for international collaboration on cyber-security could potentially threaten free speech.

Brown emphasized that his remarks represented his own opinion and that he was not speaking for the U.S. government, but they still open a window into the thinking of an influential official on the cutting edge of policymaking on cyber war. Keep reading →

When we hear that getting incentives right and letting the private sector lead or sharing more information will secure the nation, remember that we’ve spent 15 years proving this doesn’t work.

Some people say the threat is exaggerated. This is unfortunate. We are on course to repeat in cybersecurity the 9/11 error of ignoring risk. Keep reading →

A government laptop stolen from the home of a VA data analyst in 2006 contained Social Security numbers and other personal information for 26.5 million veterans and active duty troops.

A class action suit brought by veterans groups was later settled by the agency for $20 million. Keep reading →