Cyber Round Up: U.S. Strengthens Cyber Defenses while recruiting 6,000 cyber-warriors, RSA:CyberSecurity industry is ‘fundamentally broken’, Who’s Really in Charge in case of a US Cyberattack?

• U.S. Grapples with Controlling ‘cyber-munitions’ while Recruiting 6,000 new Cyber-Warriors (TechRepublic): According to TechRepublic, the development of code-based tools, known as cyber-munitions, which can wreak havoc in the world of cyber, is a burgeoning, worldwide industry.  The article states that this is troubling since these cyber-munitions were originally developed by or controlled by the U.S. government, however now both private, as well as state actors can develop and gain access to these tools.  One of the most widely known cyber-munition was the Stuxnet worm that was discovered in 2010 and was reportedly used to target the Iranian centrifuges to thwart the Iranian nuclear effort.

Meanwhile, TechRepublic reports that along with the attempts to control cyber-munitions, the U.S. Cyber Command recently issued a request for proposals for private contractors to fill a nearly $500 million contract to help the government retain over 6,000 Cyber-Warriors.  The full article may be found here.

• RSA: Cybersecurity industry is “fundamentally broken” (SC Magazine):  The former Director of Cybersecurity at DHS and current President of RSA claims that information security (InfoSec) is “fundamentally broken”, according to SC Magazine. This report indicates that RSA President, Amit Yoran claims that current cybersecurity threats emanate primarily from professional, aggressive actors who launch successful attacks in spite of next-gen firewalls and advanced InfoSec software.  The article highlights four points raised by Yoran to combat this growing issue:

1. Advanced protections offer a false sense of security: a determined adversary will discover and exploit vulnerabilities to breach your system(s);
2. A complete end-to-end vulnerability awareness must be created which ranges from the network to endpoints and into the cloud as well;
3. Identity and Authentication are critically important. The most important user accounts are the ones you should trust least, since they are more likely to be attacked;
4. situational awareness: understand what your critical data is, where it is stored, how it is accessed and then — protect it

The full text of the article is here.

• Who’s Really in Charge if a Massive Cyberattack strikes the U.S.? (Nextgov):  According to an article in Nextgov, the current command and control structure within the U.S. means that in the event of a large-scale cyberattack it is unclear whether DHS or the DoD would be in charge.  The report asserts that currently the only thing defined is the structure through which various entities would be expected to have a discussion about who is in charge; however there is no actual concrete designation of exactly who would be in charge.  According to the report some of the unresolved, outstanding issues surround using the Armed Forces to execute laws which would violate the posse comitatus act.  This poses some difficulties with respect to the prospect of leveraging DoD resources in the event of a cyberattack.  The full text of the article can be found here.