Home
In this issue
December 2, 2014

Jonathan Tobin: Defending the Right to a Jewish State

Heather Hale: Compliment your kids without giving them big heads

Megan Shauri: 10 ways you are ruining your own happiness

Carolyn Bigda: 8 Best Dividend Stocks for 2015

Kiplinger's Personal Finance editors: 7 Things You Didn't Know About Paying Off Student Loans

Samantha Olson: The Crucial Mistake 55% Of Parents Are Making At Their Baby's Bedtime

Densie Well, Ph.D., R.D. Open your eyes to yellow vegetables

The Kosher Gourmet by Megan Gordon With its colorful cache of purples and oranges and reds, COLLARD GREEN SLAW is a marvelous mood booster --- not to mention just downright delish
April 18, 2014

Rabbi Yonason Goldson: Clarifying one of the greatest philosophical conundrums in theology

Caroline B. Glick: The disappearance of US will

Megan Wallgren: 10 things I've learned from my teenagers

Lizette Borreli: Green Tea Boosts Brain Power, May Help Treat Dementia

John Ericson: Trying hard to be 'positive' but never succeeding? Blame Your Brain

The Kosher Gourmet by Julie Rothman Almondy, flourless torta del re (Italian king's cake), has royal roots, is simple to make, . . . but devour it because it's simply delicious

April 14, 2014

Rabbi Dr Naftali Brawer: Passover frees us from the tyranny of time

Greg Crosby: Passing Over Religion

Eric Schulzke: First degree: How America really recovered from a murder epidemic

Georgia Lee: When love is not enough: Teaching your kids about the realities of adult relationships

Cameron Huddleston: Freebies for Your Lawn and Garden

Gordon Pape: How you can tell if your financial adviser is setting you up for potential ruin

Dana Dovey: Up to 500,000 people die each year from hepatitis C-related liver disease. New Treatment Has Over 90% Success Rate

Justin Caba: Eating Watermelon Can Help Control High Blood Pressure

The Kosher Gourmet by Joshua E. London and Lou Marmon Don't dare pass over these Pesach picks for Manischewitz!

April 11, 2014

Rabbi Hillel Goldberg: Silence is much more than golden

Caroline B. Glick: Forgetting freedom at Passover

Susan Swann: How to value a child for who he is, not just what he does

Cameron Huddleston: 7 Financial Tasks You Should Tackle Right Now

Sandra Block and Lisa Gerstner: How to Profit From Your Passion

Susan Scutti: A Simple Blood Test Might Soon Diagnose Cancer

Chris Weller: Have A Slow Metabolism? Let Science Speed It Up For You

The Kosher Gourmet by Diane Rossen Worthington Whitefish Terrine: A French take on gefilte fish

April 9, 2014

Jonathan Tobin: Why Did Kerry Lie About Israeli Blame?

Samuel G. Freedman: A resolution 70 years later for a father's unsettling legacy of ashes from Dachau

Jessica Ivins: A resolution 70 years later for a father's unsettling legacy of ashes from Dachau

Kim Giles: Asking for help is not weakness

Kathy Kristof and Barbara Hoch Marcus: 7 Great Growth Israeli Stocks

Matthew Mientka: How Beans, Peas, And Chickpeas Cleanse Bad Cholesterol and Lowers Risk of Heart Disease

Sabrina Bachai: 5 At-Home Treatments For Headaches

The Kosher Gourmet by Daniel Neman Have yourself a matzo ball: The secrets bubby never told you and recipes she could have never imagined

April 8, 2014

Lori Nawyn: At Your Wit's End and Back: Finding Peace

Susan B. Garland and Rachel L. Sheedy: Strategies Married Couples Can Use to Boost Benefits

David Muhlbaum: Smart Tax Deductions Non-Itemizers Can Claim

Jill Weisenberger, M.S., R.D.N., C.D.E : Before You Lose Your Mental Edge

Dana Dovey: Coffee Drinkers Rejoice! Your Cup Of Joe Can Prevent Death From Liver Disease

Chris Weller: Electric 'Thinking Cap' Puts Your Brain Power Into High Gear

The Kosher Gourmet by Marlene Parrish A gift of hazelnuts keeps giving --- for a variety of nutty recipes: Entree, side, soup, dessert

April 4, 2014

Rabbi David Gutterman: The Word for Nothing Means Everything

Charles Krauthammer: Kerry's folly, Chapter 3

Amy Peterson: A life of love: How to build lasting relationships with your children

John Ericson: Older Women: Save Your Heart, Prevent Stroke Don't Drink Diet

John Ericson: Why 50 million Americans will still have spring allergies after taking meds

Cameron Huddleston: Best and Worst Buys of April 2014

Stacy Rapacon: Great Mutual Funds for Young Investors

Sarah Boesveld: Teacher keeps promise to mail thousands of former students letters written by their past selves

The Kosher Gourmet by Sharon Thompson Anyone can make a salad, you say. But can they make a great salad? (SECRETS, TESTED TECHNIQUES + 4 RECIPES, INCLUDING DRESSINGS)

April 2, 2014

Paul Greenberg: Death and joy in the spring

Dan Barry: Should South Carolina Jews be forced to maintain this chimney built by Germans serving the Nazis?

Mayra Bitsko: Save me! An alien took over my child's personality

Frank Clayton: Get happy: 20 scientifically proven happiness activities

Susan Scutti: It's Genetic! Obesity and the 'Carb Breakdown' Gene

Lecia Bushak: Why Hand Sanitizer May Actually Harm Your Health

Stacy Rapacon: Great Funds You Can Own for $500 or Less

Cameron Huddleston: 7 Ways to Save on Home Decor

The Kosher Gourmet by Steve Petusevsky Exploring ingredients as edible-stuffed containers (TWO RECIPES + TIPS & TECHINQUES)

Jewish World Review

Code Warriors: The new arms race for a new front line

By Anna Mulrine




The Pentagon -- and a growing cyber industrial complex -- gears up for the new front line. Cyber defense is necessary. But it could cost us


JewishWorldReview.com |

W ALL TOWNSHIP, N.J.— (TCSM) In the eastern New Jersey suburbs, a train carrying radiological material is barreling toward a small town, and it is up to Pentagon cyber-operators to derail it. The town is the kind of idyllic whistle-stop hamlet where residents socialize at a cafe with complimentary Wi-Fi while surfing FaceSpace, a social networking site.

But danger lurks all around. Terrorists are using the open Wi-Fi connection to hack into the laptop of a patron who works at the hospital down the street. They plan to find the hospital codes stored in his computer to access the mayor's medical records, in which they will change the dosage of a prescription the mayor refills regularly in an effort to poison him.

They have other nefarious future schemes, too: They will cut the power grid with a nasty cybervirus and destroy the local water supply by engineering a program to make it appear as though the reservoir is polluted. When employees dump chemicals into the water to fix the problem, they will inadvertently be doing just what the terrorists want: contaminating the water supply.

This model town — CyberCity — is one of the US military's premier cyberwar simulators. Situated in a surprisingly unassuming suburban enclave, it is built with hobby shop-supplied model trains, miniature cellphone towers, and streetlights — all attached to a miniature power grid.

CyberCity is just a small town compressed onto an 8-by-10-foot plywood table. But its intricate electronic detail highlights the Pentagon's growing effort to expand its offensive cyberwarfare skills in a bid to bolster the nation's cybersecurity, through increasingly sophisticated and aggressive forays that have the potential to revolutionize the way America's military fights wars.

While the military has long fought on land, sea, and air, the emerging cyber-realm is forcing top defense officials to navigate the far less tangible — ever more murky — battlefield of computer attacks.

CyberCity offers some insight into one of the attack scenarios that senior military officials fear most: Bad guys plotting to take down the US power grid or financial networks.

Former Secretary of Defense Leon Panetta characterized this sort of strike as a "cyber Pearl Harbor," a doomsday sobriquet that has quickly become part of the cyber lexicon. And Secretary of Defense Chuck Hagel has picked up the banner, warning that a cybersiege could "paralyze an electric grid, a banking system, knock out computers on ships or weapons systems — and you never fire a shot."

So the Pentagon is rapidly ramping up to expand its cyberwarfare capacity, bidding to be the go-to authority for the nation's cyberdefense. Cyber-operations is one of its few areas that will see a considerable budget increase — from $3.9 billion this year to $4.7 billion in 2014. And its cadre of cyberwarriors manning computers will expand fivefold over the next two years.

A cyber-industrial complex blooms

Yet with this explosion in US military cyber-operations — and with the corresponding boom in the number of defense contractors to support cyber-activity — comes concern that a rapidly expanding "cyber-industrial complex" could jeopardize the openness and democratic ideals of the Internet.

It's a threat that seems more pressing in light of National Security Agency surveillance exposed by former Booz Allen Hamilton contractor Edward Snowden. The operations of the NSA, a US military organization, indicate that some officials want nothing more "than to identify anyone who connects to the Internet — to get rid of anonymity — so that we can always know who says what to whom," argues Jerry Brito, an attorney and senior research fellow at the Mercatus Center at George Mason University in Fairfax, Va.

"Sure, that would probably make our networks very secure," Mr. Brito adds. "But that's also called a police state."

To bolster their case, analysts point to recent revelations that the NSA is secretly paying US companies hundreds of millions of dollars a year for clandestine access to their communications networks.

"It turns surveillance into a revenue stream," Marc Rotenberg, executive director of the Electronic Privacy Information Center, told The Washington Post. "And that's not the way it's supposed to work."

While the NSA surveillance is ostensibly to detect foreign agents who might harm the United States in a terrorist plot, there is growing concern that the Pentagon may be laying the groundwork for expanded data collection from US companies under the guise of protecting them from cyberattacks, too.

At a conference in August on the security of the electric grid, for example, former NSA Director Michael Hayden lamented that the Internet "wasn't built to be protected ... and that remains in the architecture in today's World Wide Web, and that's why we're in the position we're in."

Mr. Hayden then issued a warning to private companies at risk for hacks and data theft, which some analysts interpreted as a veiled threat: "So those of you in private industry, I guess the point I really want to make to you is the next sound you hear will not be pounding hoofs as the federal cavalry comes over the nearest ridgeline to your cyber-rescue. You're responsible for your safety."



Some companies have taken up the challenge and turned it into a lucrative — legally fraught — venture, hiring hackers to probe private networks, then sell the vulnerabilities back to corporate customers.

The well-regarded Mandiant Corporation — which uncovered a series of cyberattacks on US networks by a branch of China's People's Liberation Army — was hired by The New York Times and The Wall Street Journal when they were hacked. And Mandiant's professional hackers consult with a number of Fortune 500 companies at a reported rate of $450 an hour.

Other companies are taking matters into their own hands, raising questions about the legality of private firms striking back against cyberattackers.

Former FBI cyber lawyer Steven Chabinsky argued at a recent cyber symposium that a company attacked should be able to counterattack in order to retrieve data: "It is universally accepted that in the physical world, you have the right to protect your property without first going to law enforcement."

This gets messy, of course, and may argue for a more clear role for the US military. Sen. James Inhofe (R) of Oklahoma noted during a recent congressional hearing that financial firms have spent millions of dollars responding to cyberattacks and "can't be expected to fend off attacks from a foreign government."

Indeed, responded Gen. Keith Alexander, head of the US Cyber Command: "I think this gets to the heart of 'how do we defend the country, and when does the Defense Department step in to defend the country?' "

At the same time, there is reason to question an expanded military role in domestic cybersecurity, says Steven Aftergood, director of the Project on Government Secrecy at the Federation of American Scientists. "These are secret US military agencies that have a tendency to expand their scope of activities," Mr. Aftergood adds, "but never to retreat."

There is a concern, however, among some companies about being compelled to share data with the government — coupled with a less altruistic disinclination to let it be known when they have been hacked, since it might jeopardize customer confidence.

As a result, there is a push in some corners for establishing cybersecurity-insurance programs to mitigate the cost of fortifying networks in the event of a breach, as well as proposals to establish legislation that treats various sorts of companies and incursions differently.

"If you're an auto parts manufacturer and your data is stolen, that's sort of like if your home got burgled — it's up to you whether you want to tell your friends or not," says Brito. "But if you're a company and you are breached in a way that might put your customers' data at risk, then you should be required to tell someone."

Pentagon stakes out turf

In the meantime, the US military is forging ahead with its own cyberdefense plans. While the Posse Comitatus Act largely bars the US military from getting involved in law enforcement endeavors, a new Department of Defense publication argues that the Pentagon can provide "law enforcement actions that are performed primarily for a military purpose, even when incidentally assisting civil authorities," notes Aftergood.

That includes cyberattacks, under the category of "complex catastrophe" — a "new addition to the DOD lexicon" introduced in the DOD report, he adds. "There is some turf-marking that seems to be going on on the part of the Pentagon."

It's a lexicon that has been embraced, too, by defense contractors eyeing the end of the war in Afghanistan and vying for their next business opportunity. Half of Booz Allen's $5.8 billion annual revenue comes from US military and intelligence agency contracts. Former NSA Director Mike McConnell now heads the company's "rapidly expanding" cyber division (earning $2.3 million a year to do so) and has likened cyberattacks to weapons of mass destruction. His division has a $5.6 billion, five-year intelligence analysis contract to protect networks in the Pentagon's Defense Intelligence Agency.

Some analysts worry that the big money involved could encourage fearmongering.

"If you're in the business of selling safeguards against cyberthreats, as many large firms are, you have an incentive to hype the threat," Aftergood says. "I don't want to be overly cynical about this and say that just because there is financial incentive, the threat is bogus, but it is a challenge to sort through the various claims and chart a way forward."

Industry specialists point out, however, that the business is lucrative because the cost of cybertheft is high and growing. A recent report by the Ponemon Institute, an independent security policy research group, surveyed 56 multinational companies and found the average annual cybertheft losses were $8.9 million per company, up from $8.4 million in 2011. Companies in the study reported a total of 102 successful attacks per week. (By way of comparison, there are more than 15,000 DOD computers in 100 countries, which are probed "thousands of times a day," according to a top Pentagon official who briefed reporters in February. "And we have not always been successful in stopping intrusions.")

Against this backdrop, plans leaked earlier this year that the US military is quickly working to increase the size of its cyber forces in its premier computer defense arm, US Cyber Command, from 900 to 4,900 during the next two years.

One-third of these will be designated "national mission forces," with special training in protecting critical infrastructure like power plants at national "cyber ranges" where they can practice and hone their skills. The group is slated to be ready to be up and working by the end of the month.

One-third more will be "cyber-protection forces" to defend the Pentagon's networks, and the final third are designated "combat mission forces" responsible for counterattacks and other offensive operations by September 2015.

The unprecedented growth in these forces is "also a recognition that the problem has become so great that they need to act quickly," says Alan Paller, founder of the SANS Institute, a private firm that is one of the premier training organizations for the US Air Force. "And it's a recognition that in this arena, the skills are the weapon."


FREE SUBSCRIPTION TO INFLUENTIAL NEWSLETTER

Every weekday JewishWorldReview.com publishes what many in the media and Washington consider "must-reading". In addition to INSPIRING stories, HUNDREDS of columnists and cartoonists regularly appear. Sign up for the daily update. It's free. Just click here.


Fine lines between offense and defense

CyberCity, one of a number of Air Force cybertraining ranges, grew out of a request from senior defense officials who wanted to hone the offensive cyberskills of US troops.

"They came to us and said, 'We need you to figure out some way to teach cyberwarriors that cyberattacks have a kinetic effect — that they make stuff move, blow up — and that people can get killed," says Ed Skoudis, founder of Counter Hack, the company that designed CyberCity, and a trainer at the SANS Institute.

US military officials asked that the city include a reservoir, as well as a lighted landing strip.

Mr. Skoudis estimates CyberCity missions break down equally into defensive and offensive training.

To illustrate the effect of cyberattack skills, for example, Skoudis has installed a miniature Nerf rocket launcher on the outskirts of CyberCity. When the US military begins to use the cyber-range regularly later this year, the mission for trainees will be to reverse-engineer the controls to the rocket launcher to make sure it fires away from the hospital rather than — as terrorists would have it — toward innocent patients.

"If you can hack a computer and use it to launch a Nerf rocket launcher, you have some interesting skills, no?" Skoudis says. "The skills that we're building can be used for offense or defense."

Cyberwarriors of the future, he points out, will often need to make use of offensive skills to defend US interests — a branch of cyber that the US military has only more recently begun to discuss, and even then in highly general terms, in the hope that mention of it might serve as some deterrent to would-be attackers.

"All the offensive stuff we describe is to take control of things to keep bad things from happening," Skoudis notes. "Of course, you can always use those skills to make bad things happen."

These are complex talents, and the plan to expand the cyber cadre has quickly raised concerns about how the services will find enough cyberwarriors to do the job — and keep them from decamping for the high-paying private sector firms eager to recruit well-trained specialists with top-secret security clearances.

Maj. Gen. Suzanne "Zan" Vautrinot, commander of Air Forces Cyber and of Air Force Network Operations at Lackland Air Force Base, Texas, offers a glimpse of the wide scope of Pentagon designs for cybersecurity. She cites congressional figures that indicate the military has 1,000 cyberwarriors who can operate at the highest level. But, she adds, "what we need is on the order of 20,000 or 30,000.... Cyber is foundational to everything we do, because everything you do in your mission is dependent on it."

For this reason, the US military's cyber effort is heavily reliant on civilian contractors like Mr. Snowden, along with the National Guard.

"There is a talent search within the existing military forces," says Mr. Paller. This involves reaching out to increasingly young prospective cyber prodigies, including high school students, and giving them secret security clearances in order to test the extent of their skills.

At the military's largest cyberwarfare school, the Air Force's 39th Information Operations Squadron at Hurlburt Field, Fla., students conduct real-time operations against cyberattacks on simulators like CyberCity.

The training is increasingly sophisticated, notes Col. John "Kiley" Weigle, commander of the squadron, who adds that he would like to see the number of trainers grow: "I could easily see this all doubling, given the correct instructors, to be much more close to what the nation needs."

Phishing for generals

As the US military's top flag officers sit down at their office computers each morning to sift through e-mail, their in-boxes routinely hold lures from hackers across the globe in search of an easy mark.

If these would-be infiltrators succeed in getting a general to click on a link embedded in an otherwise innocuous-looking e-mail, it may offer them entry to the DOD's top-secret networks and allow them to troll undetected, potentially exporting valuable data about US defense systems.

One of the more popular — and successful — recent phishing expeditions was an attachment labeled "I love you."

"It's the biggest threat right now that the Air Force and others are seeing," says Col. David Gibson, head of the computer science department at the Air Force Academy. "It's 'whale-phishing' — targeting a specific bigwig. In the Air Force, all of the general officers are constantly getting these," Gibson says.

Instead of simply remaining on the defense, the Air Force Academy is now teaching its young cadets how to wage offensive cyberwarfare by showing them how to harness some of the most insidious cybertactics used against the military. This starts with learning how to target high-profile people.

"This is a great tool to get to know the leadership in an adversary's country — where are they going to be at a certain time, trying to influence adversarial leadership. There's absolutely a lot of fruit in that sort of endeavor," Gibson says.

The incoming cadets get advanced instruction in "social engineering," which involves, among other things, "learning how to build e-mails to try to fool the recipient into doing something, like clicking on a link." Such e-mails are "incredibly sophisticated," because of the variety of information now available on social networking sites.

During their social engineering lessons, cadets draw on Facebook, newspapers, and other open sources of information to try to create an e-mail that might convince their targets to open an attachment or link that they shouldn't.

"It's 'how do I trick my classmates, and make this look as legitimate as possible?' " Gibson says.

Increasingly offensive in nature, this curriculum has sparked concern among some faculty about teaching such skills to cadets.

"I still have some in my department who are really nervous about teaching teenagers that there are tools freely available out there that you can download easily and use to break into other people's computers," Gibson acknowledges. "And they're right to be concerned about this. But I and most of my faculty have become convinced that this is the world we live in: that to be a good defender — which is what we need — you have to know what's coming at you and how."

To this end, the first classified data that young cadets at the Air Force Academy receive is a briefing about the cyberthreat.

Recruiting hackers from middle school

The military is also reaching out to even younger students through high school talent searches in the form of cybergames like CyberPatriot, a hacking tournament pitting young high school students against industry mentors who play the aggressors in a contest to see who can destroy the other's network first.

"If you compete well," Vautrinot says, "that highlights to the industry, 'Hey, this guy's got game.' "

Students who have caught the eye of commanders are recruited into an internship program to do temporary stints with the military.

"We gave them clearances and they are actually doing forensics on intrusions into our network," says Vautrinot, who likens the process to a coach replaying a game tape for a team after the big game. Sometimes they go on "hunt missions" looking for enemy hackers lurking in the systems.

"They can learn, 'How did that work, so I can thwart it the next time?' " Vautrinot says, extending the sports analogy. "What does it look like when they move back their arm to throw? So that even before the play sets up, it can be identified and automatically responded to on the network."

The Air Force is now even rea ching down into middle schools to identify prodigies.

Even in such a prioritized field in the US military, however, there are limitations, Weigle says. "It all costs money, and my needs smack into the fiscal reality. I can sit here as the training commander and say, 'Yes, I need my staff to double.' But at what expense, right? I do have to weigh that."

Cybertraining will be a "cradle to grave" endeavor for the military for the foreseeable future, Vautrinot says.

That said, the vast resources being poured into cyber have some questioning whether it is the best use of increasingly scarce defense dollars.

Senior military officials insist that the cost of cyberattacks to the nation is great. "We've seen the attacks on Wall Street over the last six months grow significantly — over 140...," Alexander told the Senate Armed Services Committee last March.

"You don't see a person on the street walking around without a cellphone or a device. It's become part of our American way of life. And it's also incorporated into our weapons systems to make them more accurate," says Col. Jodine Tooke, chief of the Air Force's Cyberspace Force Development Division.

These realms alone "certainly bear protection from a military perspective," she argues. "There may be industry trying to take advantage of our uncertainty about how best to protect networks, but that's why we're building astute people in the force."

Yet Alexander acknowledges, too, that the attacks hitting Wall Street, for example, are mainly "distributed denial-of-service attacks," which tend to be "at the nuisance level."

The vast majority of cyberthreats to US networks today are intellectual property theft and other forms of corporate espionage, rather than the dire sorts of attacks decried by top US officials.

"Any teenager can do a distributed denial-of-service attack. It's finite; when it's done, there's no permanent damage," says George Mason University's Brito. In other words, "it's very easy, and not very harmful."

On the other hand, a "kinetic" attack, in which a hacker is able to, say, open a dam and flood a community, "is incredibly difficult — we've never seen it happen."

Such an attack would be "incredibly harmful, but if you look at the realm of possibility, really unlikely," Brito adds.

"When you hear all the rhetoric from politicians and defense contractors, it's a cyber Pearl Harbor where planes fall out of the sky, trains derail, and thousands are killed — but they provide no evidence to back up serious threats, and a lot of it is easily debunked.

"The lesson," he argues, "is to be more critical."

A whiff of August 1945

It is, of course, the US military's job to plan for unlikely but highly catastrophic attacks.

That said, even top defense officials acknowledge that a cyber Pearl Harbor is unlikely, and would portend more problems for America than simply cybersecurity.

China is "without question ... the country that's out there stealing our stuff," says retired NSA Director Hayden.

But, he says, "I find it hard to imagine circumstances where China would do something incredibly destructive to any American network — the grid — absent a far more problematic international environment in which the cyberattack is itself part of a larger package of really, really bad things."

Still, the US military continues to refine and deploy its own increasingly sophisticated cyberweaponry — including Stuxnet, a cybervirus created to damage Iran's nuclear reactors, a fact that gives some top US officials pause.

Without commenting on the origin of Stuxnet, Hayden says that "blowing a thousand centrifuges in Natanz [in Iran], I think, is absolutely, unalloyed good," the use of cyberweaponry should not be taken lightly.

"Someone, almost certainly a nation-state — during a time of peace — just used a cyberweapon to destroy another nation's critical infrastructure," Hayden said. "That's a big deal."

"This has the whiff of August 1945. Somebody just used a new weapon," he adds. "And this weapon will not be put back into the box."


Every weekday JewishWorldReview.com publishes what many in Washington and in the media consider "must reading." Sign up for the daily JWR update. It's free. Just click here.


Comment by clicking here. .


© 2013, The Christian Science Monitor

Quantcast