By Diane Bartz
Reuters - May 26, 2009 - 5:27pm EST

Original story with links at msnbc.com

WASHINGTON - A long-awaited U.S. cybersecurity report, which could lay the groundwork for how the United States will fight data-network thefts of defense and corporate secrets, money and personal identities, will be released Friday, White House spokesman Robert Gibbs said Tuesday.

President Barack Obama ordered a 60-day review of federal cybersecurity efforts in February. That review was completed last month but not released.

"The administration recognizes the very serious threats public- and private-sector networks face from cybercrime and cyberattack," said Gibbs.
Story continues below ↓advertisement | your ad here

"The administration has also committed to establishing the proper structure within the government to ensure cybersecurity issues continue to receive top-level attention and enhanced coordination," he said.

Debate has raged in the high-tech community over whether the task of ensuring cybersecurity should be given to the Department of Homeland Security or the National Security Agency, responsible for breaking codes and electronic spying.

Another issue is whether the top cybersecurity official will be based in the White House.

Holes in U.S. cybersecurity defenses have allowed a series of major incidents, including the theft of hundreds of millions of dollars from banks.

There have also been recent reports of the theft of sensitive military information and penetration of the U.S. electrical grid by cyberspies who left behind software programs that could be used to disrupt the system.

The Center for Strategic and International Studies said in a December report that the U.S. Defense Department has said its computers are probed hundreds of thousands of times each day.

The review was led by Melissa Hathaway, who worked for former President George W. Bush's administration as cybercoordination executive under Mike McConnell, Bush's director of national intelligence.

Obama's proposed fiscal 2010 budget, announced late February, included $355 million for the Department of Homeland Security to make private- and public-sector cyber infrastructure more secure.

Companies in the cybersecurity market range from security-software makers Symantec Corp and McAfee Inc, to traditional defense contractors such as Northrop Grumman Corp and Lockheed Martin Corp, to information technology companies such as CACI International.

Friday May 29, 2009 Updates:

Obama announces U.S. cyber security plan
US President lays out goals for dealing with threats, will name ‘cyber czar’
May 29, 2009 - 10:58 a.m. CT
By Lolita C. Baldor
Associated Press

Full Story with Video at msnbc.com

WASHINGTON - America has failed for too long to adequately protect the security of its computer networks, President Barack Obama said Friday, announcing he will name a new cyber czar to press for action.

Surrounded by a slew of government officials, aides and corporate executives, Obama said the U.S. has reached a "transformational moment" when computer networks are probed and attacked millions of times a day.

"It's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation," Obama said, adding, "We're not as prepared as we should be, as a government or as a country."
Story continues below ↓advertisement | your ad here

He said he will soon pick the person he wants to head a new White House office of cyber security, and that person will report to the National Security Council and the National Economic Council — a nod to his contention that the country's economic prosperity depends on cybersecurity.

---

PROMISES, PROMISES: Battling cyber turf wars
May 29, 5:49 PM (ET)
By LOLITA C. BALDOR

Full Story at excite.com

WASHINGTON (AP) - The digital battlefield is proving to be difficult terrain for President Barack Obama.

As he unveiled his plan Friday to make the nation's computer networks more secure, he fulfilled a campaign pledge to make cybersecurity a top priority. But he fell short on another promise to create a cyber adviser "who will report directly to me."

Ten months ago, candidate Obama told a Purdue University audience that he "will make cyber security the top priority that it should be in the 21st century." He went on to pledge that he would coordinate efforts across government, implement a national policy, tighten standards to make information more secure, and bring together government, industry and academia "to determine the best ways to guard the infrastructure that supports our power."

On Friday, Obama took the first step toward making that far-reaching promise a reality. But it remains unclear whether the structure he is creating will be capable and powerful enough to take on an enduring and monumental task.

The key will be how much authority the so-called coordinator will wield.

Obama said Friday he will personally choose his new cyber coordinator, and that person will have "regular access" to the Oval Office.

But the White House has yet to apply a formal title to the post and specify the coordinator's line and level of authority within the complex government structure.

---

Pentagon Plans New Arm to Wage Cyberspace Wars
By DAVID E. SANGER and THOM SHANKER
Published: May 28, 2009

Full Story with links at nytimes.com

WASHINGTON — The Pentagon plans to create a new military command for cyberspace, administration officials said Thursday, stepping up preparations by the armed forces to conduct both offensive and defensive computer warfare.

The military command would complement a civilian effort to be announced by President Obama on Friday that would overhaul the way the United States safeguards its computer networks.

Mr. Obama, officials said, will announce the creation of a White House office — reporting to both the National Security Council and the National Economic Council — that will coordinate a multibillion-dollar effort to restrict access to government computers and protect systems that run the stock exchanges, clear global banking transactions and manage the air traffic control system.

White House officials say Mr. Obama has not yet been formally presented with the Pentagon plan. They said he would not discuss it Friday when he announced the creation of a White House office responsible for coordinating private-sector and government defenses against the thousands of cyberattacks mounted against the United States — largely by hackers but sometimes by foreign governments — every day.

---

Obama setting up better security for computers
May 29, 2009 - 1:12pm EST

Full Story at USA Today

America has for too long failed to adequately protect the security of its computer networks, President Barack Obama said Friday, announcing he will name a new cyber czar to take on the job.

"The status quo is no longer acceptable," said Obama. "We can and must do better."

Surrounded by a host of government officials, aides and corporate executives, Obama said this is a "transformational moment" for the country, where computer networks are probed and attacked millions of times a day.

"We're not as prepared as we should be, as a government or as a country," he said, calling cyber threats one of the most serious economic and military dangers the nation faces.

He said he will soon pick the person he wants to head up a new White House office of cyber security, and that person will report to the National Security Council as well as to the National Economic Council, in a nod to the importance of computers to the economy.

Obama made it clear that the White House will get fully behind a comprehensive mandate to stem cyber threats and make the Internet safer for consumers and corporate use, while also protecting our nation's strategic interests, without violating privacy. The announcement coincided with the release of a 40-page review of U.S. cybersecurity policy pulled together by former Booz Allen Hamilton management consultant Melissa Hathaway, who may still be in the running to be named to the nation's new top cybersecurity post.

---

Cyber attacks continue to grow
Hacking, viruses breach government, industry, university firewalls

May 29, 2009

Original Story at msnbc.com

Cyber espionage, attacks, breaches, viruses — they are all among the concerns President Barack Obama cited Friday when he announced he will create a new White House office of cyber security, with that cyber czar reporting to the National Security Council as well as to the National Economic Council.

The nation’s vulnerability to cyber attacks has long been a concern. The Center for Strategic and International Studies said in a December report that the U.S. Defense Department alone has said its computers are probed hundreds of thousands of times each day.

---

These publicly known cases of hacks, thefts and viruses at government, military, utilities and educational sites are just some examples:

Law enforcement computers were struck by a mystery computer virus last week, forcing the FBI and the U.S. Marshals to shut down part of their networks as a precaution. The U.S. Marshals said it disconnected from the Justice Department's computers as a protective measure after being hit by the virus; an FBI official said only that that agency was experiencing similar issues and was working on the problem. "We too are evaluating a network issue on our external, unclassified network that's affecting several government agencies," said FBI spokesman Mike Kortan, who did not elaborate or identify the other agencies.

Spies have hacked into the electric grid of the United States, a former government official said last month, and they left behind computer programs that would let them disrupt service. The intrusions were discovered after electric companies gave the government permission to audit their systems, said the ex-official. In April, officials in the U.S., Britain and Germany accused Chinese hackers backed by China's military of intruding into their government and defense computer networks. China has denied the accusation.

America's air traffic control systems are vulnerable to cyber attacks, and support systems have been breached in recent months to allow hackers access to personnel records and network servers, according to an audit released this month by the Department of Transportation's inspector general. The audit concluded that although most of the attacks disrupted only support systems, they could spread to the operational systems that control communications, surveillance and flight information used to separate aircraft. The report noted several recent cyber attacks, including a February incident, in which hackers gained access to personal information on about 48,000 current and former FAA employees, and an attack in 2008 when hackers took control of some FAA network servers.

The National Archives this month reported it is missing a computer hard drive containing massive amounts of sensitive data from the Clinton administration, including Social Security numbers, addresses, and Secret Service and White House operating procedures, congressional officials said. The drive, from the Archives facility in College Park, Md., was lost between October 2008 and March 2009 and contained 1 terabyte of data — enough material to fill millions of books. One of former Vice President Al Gore's three daughters is among those whose Social Security numbers were on the drive, but it was not clear which one. Other information includes logs of events, social gatherings and political records.

A six-month hacking effort at the University of California, Berkeley resulted in 97,000 Social Security numbers being stolen, said Shelton Waggener, UC Berkeley's associate vice chancellor for information technology, said this month. Hackers infiltrated restricted computer databases from October 2008 to April 9, putting at risk health and other personal information on 160,000 students, alumni and others. In addition to Social Security numbers, data included birth dates, health insurance information and some medical records dating back to 1999.

USAJobs.gov, the official job site of the federal government, was hacked, along with career site Monster.com in January. "It appears that Monster.com's database and USAJobs.gov's database were compromised and contact and account information was stolen," said Sophos, a security software firm. "Data stolen included users' login names, passwords, email addresses, names, phone numbers and some demographic data." The sites' millions of users were advised to immediately change their passwords.

In March, 2008, Harvard University said a computer hacker gained entry to its server and that about 10,000 of the previous year's graduate students and applicants may have had their personal information compromised, with 6,600 having their Social Security numbers exposed. The school said it would provide the applicants with free identity theft recovery services and help them with credit monitoring and fraud alerts.

As many as 1,500 Defense Department computers were taken offline in June 2007, because of a cyber attack, Pentagon officials said. Defense Secretary Robert Gates said the Pentagon sees hundreds of attacks a day, and this one had no adverse impact on department operations. He said the Pentagon shut the computers down when a penetration of the system was detected.

At the University of Missouri, a computer hacker accessed the Social Security numbers of more than 22,000 current or former students in May 2007, the second such attack that year, officials said. The hacker obtained the information through a Web page used to make queries about the status of trouble reports to the university's computer help desk, which is based in Columbia. The information had been compiled for a report, but the data had not been removed from the computer system.

The U.S. Department of Agriculture's computer system was breached in June 2006, when a hacker broke in over a weekend and may have obtained names, Social Security numbers and photos of 26,000 Washington-area employees and contractors, the department said. The information was used for staff or contractor badges in Washington, D.C. and the surrounding area, spokeswoman Terri Teuber said. Those who might have been affected were notified by e-mail and were being sent letters.

The Veteran's Administration lost track of a laptop in May 2006 that held personal data about 26.5 million American veterans. The story of the missing files hit just as U.S. news was peppered with other tales of missing or stolen computers that year containing 100 million pieces of data, including Social Security and credit card numbers. The VA said the laptop, recovered a month later, had been taken home by a subcontractor, and that no data was taken from the computer. Earlier this year, the VA agreed to pay up to $20 million in class-action lawsuit to veterans whose data was on the laptop.

In 2004, an FBI computer consultant gained access to the secret passwords of Director Robert Mueller and others using free software found on the Internet. The consultant, Joseph Thomas Colon, was sentenced in 2006 to six months of home detention after a federal judge said Colon was not trying to harm national security or use the information for financial gain. In his guilty plea, Colon acknowledged that he made his way into the deepest reaches of the FBI's internal computer network on four occasions in 2004.

A Southern California man admitted hacking into computers operated by NASA, Oregon State University and a San Francisco Bay area Internet service provider, and in September 2000, was sentenced to 21 months in federal prison. One hacking case involved the use of stolen credit card numbers in an attempt to wire transfer money through the Western Union Corporation. In the NASA incident, the hacker got into the agency's computers and used stolen credit card numbers to purchase electronic equipment.