For this week's discussion forum, respond to the following question:

• In an increasing wired world, Cyber-attacks are frequent and protecting against such attacks are expensive. (Module E) What are Corporate responsibilities, what actions should corporations take to protect the financial privacy of Individuals, and who should bear the cost of protection? 250 words

China's cyber war Washington Post Editorial Board, Published: December 15, 2011 CHINA IS waging a quiet, mostly invisible but massive cyber war against the United States aimed at stealing its most sensitive military and economic secrets and obtaining the ability to sabotage vital infrastructure. This is, by now, relatively well known in Washington, but relatively little is being done about it, considering the enormous stakes involved. What exactly is happening? Hackers mostly backed by the People's Liberation Army are trying daily to penetrate the computer systems of U.S. government agencies, defense contractors, technology firms, and utilities such as power and water companies not to mention the private e-mail accounts of thousands of Americans. To an alarming degree, they are succeeding. In recent years hacks have been reported of the State, Defense and Commerce departments; Lockheed Martin; Google, which said its source code and the e-mail accounts of senior government officials were targeted; and the computer security company RSA, which protects critical networks through the SecureID system. \"The computer networks of a broad array of U.S. government agencies, private companies, universities and other institutions all holding large volumes of sensitive economic information were targeted by cyber espionage,\" said a report issued in October by the Office of the National Counterintellingence Executive. \"Much of this activity originated in China.\" As in the case of other novel and slowly developing threats international terrorism in the 1990s comes to mind the U.S. response has been slowed by bureaucratic infighting, poor information-sharing and a failure to prioritize the problem above more familiar business with Beijing. The Pentagon has set up a cyber-command, but it has the authority to protect only military networks; the Department of Homeland Security jealously guards its prerogative to guard domestic civilian targets. Government agencies often don't share sensitive intelligence with companies, while many companies are reluctant to report on penetrations of their networks. A further difficulty is identifying exactly where cyber-attacks originate and connecting them to their government sponsors. Predictably enough, the Chinese government aggressively denies any involvement in the attacks on U.S. agencies and companies which makes it difficult for diplomats to pressure for a cease-fire. But an encouraging report in the Wall Street Journal this week said that U.S. intelligence agencies had managed to identify many of the Chinese groups, and even individuals, including a dozen cells connected to the People's Liberation Army. This should provide an opportunity for the Obama administration to more directly confront the problem. It should demand that Beijing shut down the military-backed groups; if it does not do so, they could be subjected to countermeasures, including sanctions against individuals. Congress could also consider legislation punishing companies connected to the Chinese military if the cyber war does not cease. Yes, such responses have the potential to roil relations between Washington and Beijing. But the Chinese offensive and the economic and national security threats it poses is simply too important to ignore. DOD spending $500B on 6 preparations for cyber war February 28, 2012 5:42 PM Meghan Kelly Venturebeat.com Cyber war is more than a threat; it is something the Department of Defense is spending money on as we speak. Deputy Secretary of Defense Ashton Carter outlined six ways the DOD is taking action today, as well as legislation he believes can help the government act quickly against hackers at home and abroad. \"Cyber will overtake terrorism as the persistent gnawing ... kind of threat and danger,\" said Carter at the RSA Conference in San Francisco today. \"The market, both economic and political, undervalues security at the moment. Doesn't see it. Doesn't fully get it. This is wrong, this is a mistake.\" The DOD is charged with protecting the United States not only with ships, airplanes, and tanks but also with cyber weapons. Former National Security Agency director Mike McConnell pointed out that if terrorists find their way into our banks, the ensuing economic havoc could result in greater devastation than that of 9/11. He said the US must be prepared not only to defend itself on the Internet but also to fight back. Six core DOD missions speak to this responsibility: 1. 2. 3. 4. 5. Developing and preparing to use weapons of cyber warfare Preparing the U.S. for what the battlefield may look like Listening for and analyzing defense intelligence over the Internet Defending both classified and unclassified networks Creating technology using the DOD's and the NSA's \"weight and resources\" and distributing them to Homeland Security, law enforcement agencies, and partners 6. Protecting these tools and infrastructure with the military. The DOD is spending half a trillion dollars to run these projects, according to Carter. He says he has never heard of anyone wanting to cut the budget back. Indeed, he would like to increase the spending if he can find worthy areas to develop. However, despite governmental support, he wants the technology sector to help push the agenda further. The legislation Carter is pushing for would allow the government to act more freely with the public sector to develop tools. He explained it would enable the government to share threat information with the private sector and would enable public companies to report intrusions \"without liability or trust concerns.\" It would also allow members of the private sector to share threat information with each other \"without liability or trust concerns.\" And, if passed, it would force companies to report intrusions to the government. Carter is aware that legislation and bullet points are small steps but asks that the security industry understand that \"trying to get our act together as a country ... is not an easy thing to do.\" \"Of course, we were involved in birthing the Internet itself,\" said Carter, \"We have a history here, and we're going to continue it.\" U.S. Steps up Alarm over Cyber attacks SIOBHAN GORMAN and SIOBHAN HUGHES March 13, 2013, on page A1 in the U.S. edition of The Wall Street Journal. WASHINGTONThe nation's top spies warned Tuesday of the rising threat of cyber- attacks to national and economic security, comparing the concern more directly than before to the dangers posed by global terrorism. U.S. intelligence officials told a Senate hearing that the nation is vulnerable to cyber espionage, cybercrime and outright destruction of computer networks, both from sophisticated, governmentsponsored assault as well as criminal hacker groups and cyber-terrorists. "It's hard to overemphasize its significance," Director of National Intelligence James Clapper said, addressing members of the Senate Intelligence Committee. "These capabilities put all sectors of our country at riskfrom government and private networks to critical infrastructures." Federal Bureau of Investigation Director Robert Mueller cited cyber-security as something that keeps him awake at night, saying at the hearing it "has grown to be right up there" with terrorism. The intelligence officials, in describing an annual inventory of global problems, didn't reveal imminent new cyber-threats or previously undisclosed plots. But they amplified their warnings by casting them in terms usually reserved for threats emanating from al Qaeda and Iran, and they included projections of where the danger is expected to lead in the next two years. WSJ reporter Siobhan Gorman says the recent cyber-attacks have revived concerns over U.S. vulnerability to foreign hackers. A key concern: how the government and business sector can defend themselves against future attacks. The warnings came as part of an aggressive Obama administration campaign to draw attention to cyber-security and to stir action to counter infiltrations and attacks that officials have said could allow foes to commandeer a nuclear-power plant or disrupt the financial system. Last month, President Barack Obama signed an executive order aimed at bolstering computer-network protections, and he noted the "rapidly growing threat from cyber-attacks" in his State of the Union address. "We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy," he said then. The following week, the administration rolled out a strategy to combat the theft of trade secrets. And Monday, in a speech in New York, National Security Adviser Thomas Donilon singled out China as a top perpetrator, demanding it adopt international standards of behavior in cyberspace. Chinese officials deny that Beijing engaged in such activities. On Saturday, China's foreign minister, Yang Jiechi, called for cooperation on cyber-security and said that China is a victim of cyber-attacks. "Cyberspace needs not war, but rules and cooperation," Mr. Yang said at a news conference. He said cyberspace shouldn't become a "new battlefield." Mr. Obama discussed the issue with lawmakers when he met behind closed doors Tuesday with a group of Senate Democrats, participants in the meeting said. The administration push continues Wednesday when Mr. Obama holds a meeting with U.S. executives in the White House Situation Room to discuss cyber-security. But for all the collective worrying, there was little agreement between the Obama administration and Congress Tuesday over how to address the problem. At a second Senate hearing, before the Armed Services Committee, lawmakers tussled over the role of the federal government in guarding against threats. Army Gen. Keith Alexander, head of the U.S. Cyber Command, a part of the military, acknowledged that the Obama administration is debating internally how to proceed when U.S. companies are under cyber-attack. "The issue that we're weighing is: When does a nuisance become a real problem and when are you prepared to step in for that?" he said at the hearing. "That's the work that I think the administration is going through right now and highlighting that." Lawmakers, too, acknowledged they can't agree on legislative measures to bolster protections for computer networks. Last year, Republicans defeated a White House-backed bill that would have established voluntary cyber-security standards for companies running critical infrastructure such as the electrical grid, citing concerns about a government role in cyber-security. Mr. Obama's executive order last month established voluntary standards as an interim measure, but the order lacks key incentives for companies to participate, like liability protections, that would require legislation. The cost of protections remains another stumbling block, particularly for power companies, Gen. Alexander said, as he provided a relative ranking of computer protections in private industry. "The banks and the Internet-service companies are pretty good; the power companies, not so good," Gen. Alexander said. In testimony before the House Intelligence Committee in February, Kenneth W. DeFontes Jr., chief executive of Baltimore Gas & Electric Co., told lawmakers that the electric industry takes cyber-security "very seriously." Intelligence officials cited cyber-assaults last year on the websites of many U.S. banks and a more destructive attack on a Saudi oil company that destroyed 30,000 computers as examples of the kind of disruptions already taking place. They didn't discuss who mounted those attacks, but U.S. defense and intelligence officials have said the Iranian government is behind them. Iran has denied any involvement in the attacks. "What we're seeing with the banks today I am concerned is going to grow significantly throughout the year," Gen. Alexander said at the hearing. Looking ahead, Mr. Clapper said that chances of an ultrasophisticated attack capable of wiping out major nationwide computer networks are "remote." Countries most capable of carrying out such an attackChina and Russiaare unlikely to launch such assaults in the absence of a conflict or crisis, according to the assessment. But even relatively unsophisticated hackers were projected by the intelligence officials of eventually being capable of disrupting insecure computer networks running parts of vital functionslike the power grid. Cyberattacks from "less advanced but highly motivated actors" could do great harm because of impacts on computer networks connected to the one under attack, the assessment concluded. U.S. intelligence has picked up indications that terrorists, too, are weighing cyber-attacks, according to the annual assessment. Fear Factors The government's annual intelligence review cites threats other than cyber-attacks: Terrorism and organized crime: A decentralized extremist movement still poses dangers. Nuclear fears: Iran may develop longer-range missiles that could carry weapons of mass destruction; North Korea is a threat to neighbors and the U.S Space wars: U.S. reliance on satellites for communications, navigation and surveillance could be undermined Food, water, energy, minerals: Natural disasters and growing competition tighten supplies. Health and pandemic threats: Pathogens jumping from animals to humans increases risks Eurozone crisis: Economic deterioration remains a threat. Looming cyber-attack threatens major banks December 13th, 2012 12:01 AM ET By Pam Benson CNN Senior National Security Producer Some of the nation's biggest banks are at risk of a massive cyber-attack in 2013 that could potentially siphon funds from unsuspecting customers, according to a leading digital security firm. The fraud campaign, known as Project Blitzkrieg, is a credible threat, the Internet security firm McAfee Labs concluded in a new report. The malware has been lying dormant in U.S. financial systems and is scheduled to go active by the spring of 2013, McAfee researchers concluded. The project "appears to be moving forward as planned," the report states. People familiar with the study said some 30 financial institutions are targets of the campaign. They include Fidelity, E*Trade, Charles Schwab, PayPal, Citibank, Wachovia, Wells Fargo, Capital One, Navy Federal Credit Union and others. Information about the intended cyber-attack was discovered in September by the Internet security firm RSA during the course of monitoring a web chat room that the company says was run by a Russian hacker known as vorVzakone. According to the report, the Russian was believed to be using the chat room to recruit fellow hackers to steal assets from bank accounts as part of a criminal enterprise. At the time, there were doubts about the credibility of the threat, with some experts suggesting it was part of a Russian law enforcement sting. "Our researchers have been pouring into this and what they have found, they actually found somewhere between 300 to 500 devices in the U.S. that have actually been infected with the particular malware that this individual is talking about," said Pat Calhoun, a senior vice president at McAfee. "That, combined with some additional research we're doing, has led us to believe this is true. This is actually a real operation that this individual is planning to launch sometime before spring 2013." The McAfee report states, "The targets are U.S. banks, with the victims dispersed across various U.S. cities, according to the telemetry data. Thus this group will likely remain focused on U.S. banks and making fraudulent transactions." Calhoun said that McAfee has access to the malware and, through reverse engineering, has learned much about its capability and targets. "We see the IP addresses and names of banks and so on or references to URLs." Calhoun said the behavior of the Trojan suggests it is a variant of a previous known strain called Gozi. RSA labeled this latest version, Gozi Prinimalka. But it's a tedious task dissecting the malware, and the company is still trying to figure out how it would create fraudulent bank transactions, Calhoun said. Based on their analysis, the McAfee researchers believe the plan is to attack a small group of bank customers. "This strategy is necessary if the attackers hope to succeed in transferring several million dollars over the course of the project," the report states. "A limited number of infections reduces the malware's footprint and makes it hard for network defenses to detect its activities." But Calhoun said the fact the malware has been detected allows for a defense to be mounted. "Since we know about it, we will be able to protect against it," Calhoun said. "We're working very closely with law enforcement and a lot of the potential targets to make sure they understand this and know how to behave or how to protect themselves against it." Wells Fargo, the only financial institution to respond to questions about preparations it might be taking to thwart the potential attack, said it was watching for the threat. "Security is core to our mission and safeguarding our customers' information is at the foundation of all we do," Wells Fargo said in a statement. "We constantly monitor the environment, assess potential threats, and take action as warranted." The Department of Homeland Security, which takes the lead for the government on cyber security issues, had no comment on the McAfee report or Project Blitzkrieg. Wall Street Launches a Massive Cyber-Attack On Itself FINANCE Derek Klobucher, Published July 26, 2013 Wall Street's largest trade group is about to try taking down the financial nerve center of the United States. The FBI and SEC, as well as the U.S. departments of Treasury and Homeland Security, are among about 50 banks, exchanges and other organizations participating in a high-tech war game to test institutional and individual readiness for an allout cyber-assault. About 50 banks, exchanges and other organizations will spend Thursday testing Wall Street's readiness for an all-out cyber-assault. The Securities Industry and Financial Markets Association (SIFMA) will kick off Quantum Dawn 2 on Thursday in hopes of \"informing best practices moving forward.\" The mounting threat of organized, full-on cyber-attack on the financial services industry prompted the drill. \"This exercise will build on the lessons learned from the previous exercise, as well as a second generation version of the exercise tool,\" SIFMA said on its Web site. \"We expect this exercise to improve the readiness of sector as a whole to respond to a [Wall] Street-wide cyber-attack, and allow each participating firm to test their internal coordination mechanisms and processes.\" All Banks, Big and Small Employees from JPMorgan, Bank of America, Citigroup and other banks will participate from their usual workplaces in New York from 9 a.m. to 2:30 p.m., watching a simulated stock exchange for signs of an attack and responding to them. The first Quantum Dawn, a 2011 drill named for the dawn of quantum computing, had fewer than half the participants of this year's exercise, in part because it preceded last autumn's flood of cyber-attacks. \"If you went to banks three years ago, and said, 'What are your top five risks?' probably none of them would put cyber on there,\" SIFMA VP Karl Schimmeck said in USA Today Tuesday. But cyber-strikes against U.S. targets shot up 42% in 2012, according to Mountain View, Calif.-based computer Symantec. Cyber-attacks are now among the risk factors that big banks list to regulators and investors. And firms employing less than 250 people find themselves in hackers' crosshairs ever more often, according to the Office of the Comptroller of the Currency. Looking Forward New York-based consultancy Deloitte will assess Quantum Dawn 2, but these drills won't end with cyber-attacks. SIFMA will conduct a three-day exercise in November, gauging Wall Street's capacity to keep markets functioning during mock H7N9 bird flu and Middle East Respiratory Syndrome (MERS) pandemics with staffing as low as 60 percent. \"It's something we haven't tested as a sector for a good amount of time,\" Schimmeck said in Wednesday's Financial Times, referring to the last pandemic drill about six years ago. \"For a lot of the banks, their footprints have changed dramatically over the past few years, and so have their headcounts.\" And so has the technology used by good guys and bad guys. So this isn't about wiping cybercrime from the map because that will never happen. It's about staying ahead of the bad guys. \"If someone asks, 'when are you going to stop cybercrime?'\" Greg Garcia, principal of Washington, D.C.based consulting firm Garcia Cyber Partners, said in USA Today. \"Well, when are you going to stop crime?\