`
shake863
  • 浏览: 665231 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

U.S. Cyber Infrastructure Vulnerable to Attacks

阅读更多
美国高级官员周二说,美国政府正尽力抵御对其电脑网络越来越多的攻击。这些电脑网络有可能令关键的军事和民用系统在海外电脑黑客面前不堪一击。在国会的几次听证会上,来自不同军种的官员说,美国的网络防御系统正前所未有地受到组织严密的复杂攻击。这些攻击旨在破坏重要系统和窃取机密信息。美国空军首席信息长谢尔顿中将(William Shelton)对众议院军事委员会(House Armed Services Committee)的一个小组说,网络空间的威胁正在以光速发展,随着我们的网络不断受到探测,我们的对手努力寻找漏洞,我们实际上每天都受到攻击。五角大楼信息安全高级官员伦茨(Robert Lentz)说,国防部去年共发现黑客试图渗透其网络3.6亿次,大大高于2006年的600万次。美国国防部最近透露,过去6个月为修复网络攻击造成的损失已花费了1亿美元。这些官员没有具体透露攻击的来源,但军方和其他政府部门的高级官员都认为,大部分的黑客活动来自俄罗斯和中国,近年来这两个国家投入了大量资源进行网络间谍活动。有越来越多的证据表明海外黑客经常对美国重要网络展开精心攻击,听证会是在这一背景下召开的。《华尔街日报》曾报导说,海外黑客曾入侵美国电网和五角大楼最大的武器计划──3,000亿美元的联合攻击战斗机项目(Joint Strike Fighter)。不过,官员们周二警告说,联邦系统仍然容易受到攻击。政府问责局信息安全主管威尔斯胡森(Gregory Wilshusen)说,大多数联邦系统都没有受到充分的保护,无法持续抵御网络威胁。举例来说,美国洛斯阿拉莫斯国家实验室(Los Alamos National Lab)松懈的网络安全防护令非保密的核数据面临着被窃或泄露的危险。政府问责局发现,2008年接受调查的24家主要机构中,有23家没有设置适当的计算机安全防御。在美国众议院能源和商业委员会(House Energy and Commerce Committee)的一场听证会上,议员们将政府未能保护网络和采购项目的安全和导致罗马沦陷的过失相提并论。这个主题又延续到了众议院军事委员会。佛罗里达州共和党众议员米勒(Jeff Miller)说,联合攻击战斗机项目所遭遇的问题暴露出了当前网络安全存在的薄弱之处。美国海军首席信息官凯利(Robert Carey)说,国防承包商需要加大努力保护他们的系统不受海外黑客攻击。他说,黑客试图窃取信息的活动是技术先进的坚持不懈的错综 杂的变化多端的和准备充分的。美国国防部长盖茨美国国家安全局局长亚历山大(Keith Alexander)呼吁政府和私营承包商之间进行合作。他承认当下存在一些可能的障碍因素,包括难以让私营公司接触到有关具体网络攻击的秘密情报,以及私营公司可能不愿花费加强网络安全防御。很多公民自由团体和公司在让政府广泛接触商业系统和网络方面行事谨慎。政府可能即将出台法律,对私营行业的重要部门制定联邦安全标准。亚历山大说,美国政府正在培训新一代计算机网络安全专家。美国国防部长盖茨(Robert Gates)今年4月表示,五角大楼计划逐步将此类人员的数目增加三倍。不过,亚历山大警告称,当前针对军事人员文职官员和承包商的的网络安全训练措施不足,必须得到改善。Yochi J. Dreazen相关阅读纽约警察局声称遭到中国黑客攻击 2009-04-24中国媒体质疑中国电脑间谍说 2009-04-23电脑间谍侵入美战斗机项目 2009-04-21中国否认攻击美国电网 2009-04-10美国电网遭间谍入侵 2009-04-08


The U.S. government is struggling to keep pace with the growing number of attacks on its computer networks, potentially leaving key military and civilian systems vulnerable to overseas hackers, senior U.S. officials said Tuesday.At several hearings on Capitol Hill, officials from each branch of the armed forces said the nation's cyber defenses were being challenged like never before by sophisticated, well-organized efforts to disrupt important systems and steal classified information.'Threats in cyberspace move at the speed of light, and we are literally under attack every day as our networks are constantly probed and our adversaries seek to exploit vulnerabilities,' Lt. Gen. William Shelton, the Air Force's chief information officer, told a House Armed Services Committee panel. The Pentagon's top information security official, Robert Lentz, said the Defense Department detected 360 million attempts to penetrate its networks last year, up from six million in 2006. The Pentagon recently disclosed that it had spent $100 million in the past six months repairing damage from cyber attacks.The officials declined to specify the source of the attacks, but top military and civilian officials believe that most of the hacking attempts originate in Russia and China, which have been pouring resources into cyber espionage in recent years.The hearings come amid growing evidence that sophisticated overseas hackers are regularly penetrating important U.S. networks. The Wall Street Journal has reported that overseas hackers breached both the nation's electricity grid and the Pentagon's biggest weapons program, the $300 billion Joint Strike Fighter.Still, officials warned Tuesday that federal systems remain vulnerable to attack.  Gregory Wilshusen, director of information security for the Government Accountability Office, said most 'federal systems are not sufficiently protected to consistently thwart cyber threats.'Lax cyber security at the Los Alamos National Lab, for example, put unclassified nuclear data at risk of theft or compromise. The GAO found that, in 2008, 23 of 24 major agencies surveyed didn't have adequate computer security protections in place.Lawmakers at a House Energy and Commerce Committee hearing compared the government's inability to protect networks and acquisitions programs to the lapses that led to the fall of Rome.  That theme continued in the House Armed Services Committee. 'The Joint Strike Fighter program highlights a vulnerability that currently exists,' said Rep. Jeff Miller, R.-Fla.  Robert Carey, the Navy's chief information officer, said defense contractors needed to do more to protect their systems from overseas hackers.  He said the attempts to steal information were 'advanced, persistent, sophisticated, always changing and well-resourced.'Gen. Alexander called for a 'partnership' between the government and the private sector. He acknowledged potential obstacles, including the difficulty of giving private companies access to classified intelligence on specific cyber attacks and possible corporate reluctance to spend the money necessary to better protect its networks.Many civil-liberties groups and companies are wary about giving the government broad access to commercial systems and networks. Pending legislation would establish federal standards for key elements of private industry.Gen. Alexander said the government was training a new generation of computer network experts. In April, Defense Secretary Robert Gates said the Pentagon aims to quadruple the number of such staffers over time.Still, Gen. Alexander cautioned that the current cybersecurity training efforts for military personnel, civilian officials and contractors were 'inadequate' and 'must be improved.'Yochi J. Dreazen
分享到:
评论

相关推荐

    PerformanceDegradationofAttacks.zip_CYBER_cyber attacks_cyber ph

    标题“PerformanceDegradationofAttacks.zip_CYBER_cyber attacks_cyber ph”提示我们,这个压缩包可能包含与网络安全和信息物理系统(Cyber-Physical Systems, CPS)受到攻击时性能下降相关的研究或分析。...

    UN Regulation No.155 - Cyber security and cyber security managem

    2. **定义**:法规明确了“cyber security”(网络安全)和“cyber security management system”(CSMS,网络安全管理系统)的概念。网络安全是指保护车辆及其相关系统免受网络威胁的能力,而CSMS则是一套系统性的...

    Enterprise.Cybersecurity.1430260823

    Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the escalating threat of modern targeted cyberattacks. This book ...

    Personal.Cybersecurity.epub

    Through instructive examples and scenarios, the author shows you how to adapt and apply best practices to your own particular circumstances, how to automate and routinize your personal cybersecurity,...

    「信息安全」Reiber-How to build resilience to cyberattacks - 安全测试.zip

    「信息安全」Reiber-How to build resilience to cyberattacks - 安全测试 安全培训 移动安全 区块链 防火墙 AI安全

    Insider.Attack.and.Cyber.Security.Beyond.the.Hacker

    《Insider Attack and Cyber Security: Beyond the Hacker》是Advances in Information Security系列中的一本重要著作,主要关注的是网络安全领域中的一个关键问题——内部威胁。内部威胁是指来自组织内部的人员,如...

    Cybersecurity Incident Response

    “Effective incident response forms the criteria used to judge cybersecurity programs. Effective protection and detection measures do not matter if the response to an event falls short. Within days of...

    英文原版-Digital Defense A Cybersecurity Primer 1st Edition

    As more and more of life's transactions take place online, the average computer user and society at large have a lot to lose. All users can take steps to secure their information. Cybercrime is so ...

    Enterprise Cybersecurity(Apress,2015)

    Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the escalating threat of modern targeted cyberattacks. This book ...

    Cybersecurity.for.Hospitals.and.Healthcare.Facilities.1484221540

    The vulnerability of the medical equipment inside the hospital to cyber-attacks far eclipses the actual building equipment. A cyber-physical attack on building equipment pales in comparison to the ...

    NATIONAL_KEY_INFORMATION_INFRASTRUCTURE_EMERGENCY_RESPONSE_MODEL.pdf

    Protection Of Critical National Information Infrastructure (CNII) -Key To Malaysia's E-Sovereignty CNII in Malaysia Threats to CNII : Interdependency Threats to CNII : SCADA Systems Threats to CNII : ...

    cyber_record-0.1.4-py3-none-any.whl

    pip install cyber_record出错 1.下载cyber_record-0.1.4-py3-none-any.whl包。 2.cd到存放whl文件的目录 3.pip install cyber_record-0.1.4-py3-none-any.whl

    Developing Cybersecurity Programs and Policies, 3rd Edition

    Today, cyberattacks can place entire organizations at risk. Cybersecurity can no longer be delegated to specialists: success requires everyone to work together, from leaders on down. Developing Cyber...

    cyber 依赖的代码库

    在IT行业中,"cyber"通常指的是CyberRT,这是一个由Apollo开源项目开发的高性能、模块化、可扩展的实时车载计算框架。CyberRT旨在为自动驾驶系统提供基础架构,支持数据流处理、任务调度、通信和信息服务。在这个...

    Mastering Python for Networking and Security

    Increasing your network’s security helps step up your defenses against cyber attacks. Meanwhile, Python is being used for increasingly advanced tasks, with the latest update introducing many new ...

Global site tag (gtag.js) - Google Analytics