In an interview with PBS, Hayden spoke about the cyber threat and his reluctance to use the word “war” to describe the assaults in cyberspace.

“Because it is so anarchic, there are a variety of actors out there in this space that don’t have your best interests at heart,” he said. “There are state actors out there who are interested in stealing either state secrets or industrial secrets.”

The retired four-star general touched upon the topic of potential enemies, such as spies, terrorists and other criminals. The modern-day bank robber is not the one who robs banks with drawn weapons, but one who goes online to steal valuable things, he explained.

As for labeling warfare on the Internet, Hayden said there is a tendency to “too facilely throw the label attack, cyber attack, on a whole bunch of things from the American side.”

Hayden also cited the findings of a recent survey that concluded that the United States in the most feared nation in the cyber domain.

“The Chinese were a close second, but we were No. 1, which I think is simply a reflection that we are a technologically agile country, and we have very good intelligence services, and the rest of the world is kind of responding to that reality,” he said.

Hayden called previous nation-state cyber attacks–as seen in Estonia and Syria–fairly unsophisticated. Although destructive, these denial-of-service attacks do not require a higher degree of finesse, he pointed out.

Answering a question on about whether there is a defense against a cyber attack, Hayden noted that the advantage goes to the offense. Internet is built on openness, access and agility–factors that do not help the defense, he said. However, the  strategy is to make U.S. targets less attractive than other targets, and make it more expensive for an adversary to attack.

“Can we make it so good that no one can attack us? Probably not. But we can reduce the chances of damage,” Hayden said.

The Black Market Experience is an exhibit set inside a fully converted semi truck that will provide guests insight into how the Internet crooks hack into victims’ computers and online accounts to steal, sell and trade identities from everyday people.

The fully interactive tour will expose elements of cyber crime such as how cyber criminals operate and spread their stolen goods through online scams, and what kind of items sell on the online black market. The expo will also feature real profiles of online thieves, as well as true stories from actual victims of cyber crime.

The expo will be held Sept. 1 from 11 am to 3 p.m. in New York City’s Times Square, 43rd and Broadway.

Eric Schmidt

Google CEO Eric Schmidt has suggested a novel approach to offset potentially damaging search-result histories: Change your name once you reach adulthood.

“I don’t believe society understands what happens when everything is available, knowable and recorded by everyone all the time,” Schmidt told the Wall Street Journal.

Instead, Schmidt envisions a world where “every young person one day will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends’ social media sites,” WSJ reports.

Presently, Google will store search data in an effort to provide suggestions to users. When you begin typing words into the search bar, Google provides suggestions based on previously searched terms and user surfing habits.

For some critics, however, this raises a broader question: Why Google doesn’t just erase search histories instead? While changing one’s name is certainly an option (though not many people seem keen on that idea, not to mention the costs associated with name changes), it would be just as easy for Google to clear the search history, or allow users to clear their search history (Google currently keeps search history data for nine months).

However, such a change in Google’s thinking is unlikely to happen soon. Last year, Schmidt told CNBC “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” Google also forsees a time when the website will actually completely guide a search for a user.

Alex Miller, L-3

Alex Miller is a retired Navy cryptologic officer, who spent more than 33 years in the Navy. He retired in 2005 as a rear admiral while serving as the chief of staff at the National Security Agency. He joined Titan Corporation, which was subsequently bought by L-3 Corporation where he now serves as senior vice president and general manager of the Intelligence Systems Business Unit. Miller is responsible for business within the intelligence sector, primarily the national intelligence agencies, and for some Army and Navy classified business. “I respect tremendously the business environment, the people in it, and how hard they work to serve their customers,” he told TheNewNewInternet. “It’s most impressive.”

TheNewNewInternet: What leadership lessons did you learn in the Navy that helped you in your current role?

Alex Miller: It is very important for your people to have a clear mission and vision. With that established, they are able to understand the context of what they are being asked to do. Further, you must give clear direction and ensure that the means exist to do the job. An open and communicative work environment is the absolutely key to ensuring success. Every human being needs to be validated and needs to receive attention and feedback from their boss. Finally, employees need to know that the utmost in integrity is expected all the time–the boss needs to set the example.

TNNI: You worked as a cryptologist for more than 33 years, what are your thoughts on the researchers who claimed they were able break quantum cryptography, which is considered one of the most secure means of communication?

Miller: While my designated field was called cryptology, I was trained as a Russian linguist and was operational much of my career. I don’t have much experience in the field cryptography, but I did get a little experience with the issue at NSA. I’d ask to see the evidence of anyone who says they can break quantum cryptography.

TNNI: Looking at the state of cybersecurity, what do you see as the most significant cyber threat?

Miller: I think there are many cyber threats out there: nation-state, terrorists, illegal activities, to name a few. But I’d say the greatest threat is the ignorance of the people who use computers and the Internet and their failure to realize how vulnerable they really are. Password protection and point defense systems that we use now are very vulnerable, and they [instill] a false sense of security. Securing our computers and trying to mitigate our risk while on the Internet will be a significant issue for the foreseeable future.

TNNI: You have been involved in mentoring students from your alma mater, Wabash College. What aspects of that do you see as most rewarding?

Miller: I really enjoy working with young people and trying to assist them with finding their path in life. I offer what I did; how I made my choices, successes I had and mistakes I made–if I made any. In the process, I hope I am able to impart a bit of wisdom regarding the need to set and achieve goals, and the value of the drive, passion, and persistence and their value to achieving success in life.

TNNI: What’s something most people would be surprised to learn about you?

Miller: A couple of things: Early in high school, I had the goal of being a professional bowler. I was a 225-pound tackle on a division three football team. Additionally, while in college, I toyed with the idea of being political scientist. I still love the subject very much. And I am learning to play the piano. How about that? After three and a half years, I have decided to keep my day job, having accomplished only marginal improvements. Jerry Lee Lewis does not need to feel threatened! But remember what I said about persistence.

Photo: Energy and Utility Conference

Over the weekend, severe thunderstorms wrecked havoc on Washington, D.C. and Maryland, knocking out power to thousands of residents.  The storms left some 430,000 customers without power, according to press reports.

Of course, with power outages come traffic problems as traffic lights within the District and Maryland were out on a number of major roadways. Trying to drive in was a nightmare, as many residents took the opportunity to ignore traffic laws, rather than act amicably and with prudence.

When approaching an intersection with all lights out, the intersection is supposed to become a 4-way stop. However, some drivers thought it really presented an opportunity to flout traffic laws and drive as they wished.

While this outage was caused by a natural disaster, it is similar to what has been touted as a possible result from a cyber attack on the nation’s power grid. What if another nation, or terrorists, were able to take out the U.S. electrical grid in the Washington, D.C. area?

In such an event, traffic lights would be out and power to homes shut off. If you don’t have a car or a radio with batteries (and really, who does have a radio with batteries these days), you have no way to get information.

If you are able to get information regarding the situation, knowing that the Washington, D.C. area is under cyber attack is likely to spread panic and cause citizens to flee the city quickly. Which brings us to the problem of no traffic lights.

As evinced by the recent driving chaos with the storm, power outages can cause some drivers to behave inappropriately and unsafely on the roadways. Imagine how that would escalate in the instance of a cyber attack, with people trying to flee the city as quickly as possible. Who knows what might follow the cyber attack? Perhaps a terrorist explosion or a conventional assault?

While this might seem a bit far-fetched, the panic levels in the city would rise and the situation would only get worse. If people are willing to be complete jerks on the road from a natural disaster, imagine how they would act if they feel their lives are threatened.

In that case, survival of the fittest (or meanest) would rapidly come into play.

Roger Anderson

Roger Anderson has been involved in intelligence-related activities his entire career. In the 1980s, he worked on Department of Defense TIARA programs while at the Georgia Tech Research Institute. He then joined the CIA and spent 15 years there, working on all of the NFIP programs with the primary focus on SIGINT and technical collection missions. As a SIGINT-focused officer, Anderson worked with the NSA and completed three tours there. He took early retirement in 2002 and has since been a contractor. His contractor roles have included executive vice president for Mnemonics, Inc., and senior executive account manager for Harris Corporation’s largest IC account. A former coworker at Harris who had previously joined AST asked if Anderson would be interested in building a new AST business unit focused on cyber. “The opportunity appeared interesting, so I joined them,” Anderson said.

TheNewNewInternet: As vice president of network intelligence, what do your current responsibilities include?

Roger Anderson: I am responsible for the company’s portfolio of activities related to CNA/CNE/CND missions, independent of the procuring customer.

TNNI: What are some of the core competencies AST brings to the table in this space?

Anderson: For AST’s 26-year history, it has largely been known as a leader in SIGINT Survey & Selection Equipment (S&SE). As such, we have a deep understanding of all the significant communications technologies and protocols employed worldwide. Whereas AST’s legacy focus has been on hardware-based devices that exploited the lowest three layers of the ISO protocol stack, my division is going to focus more on software that exploits layers three through seven – building systems that help customers better understand in real-time what is occurring in their networks, whether that be detecting malicious activities, identifying critical vulnerabilities, or providing improved network management tools.

TNNI: What are some key products/services AST provides that can help address federal cybersecurity challenges?

Anderson: Most of our current technology has been developed to address IC missions; however, the same technology is directly applicable to DoD, DHS and DISA needs. We are currently adapting a suite of tools for the federal market that is based upon products we have deployed for IC missions. These tools will range from deep packet inspection, metadata processing, malware detection, network management and visualization to an integrated suite of CNA tools for the emerging DoD offensive missions. In addition, I have an engineering services business unit that works hand-in-hand with our IC and DoD customers to architect, design, develop, integrate and operate mission solutions from within customer facilities. These engineers have an excellent understanding of the key mission needs due to their proximity and exposure to daily mission activities. We are using their ideas to focus our IRAD investments and to prioritize our future products rollout.

TNNI: How do you think the cyber threat will change over the next coming years?

Anderson: Everything will be connected. As mesh networking, cloud computing and ubiquitous sensors become reality over the next decade, they will present both opportunities and challenges. Challenges on the defensive front and increased opportunities for exploitation on the offensive front. The hardest part of the cyber threat has, and will be, the fact that it is continuously evolving.

TNNI: What are some emerging technologies or processes that can be leveraged to improve cybersecurity in the federal government?

Anderson: Effective identity management, better authentication of communications and a better architected set of security appliances are critical. Today’s security appliances, which do a reasonable job (if configured properly) of defending against hackers and script kiddies, probably aren’t much defense against a nation-state with the resources, intent and political will to get into any network.

TNNI: From a business perspective, where would you like to be in the federal cybersecurity market a year from now?

Anderson: Our initial focus has been on the IC because we understand it the best. We have made successful entries into multiple special DoD cyber activities, and we’ll continue growing those. We’re very interested in DHS and are watching closely to see how its plans play out.

TNNI: How do you see the future of intelligence collection? Will it focus on HUMINT or SIGNIT?

Anderson: Both will continue to be critical. HUMINT can be a key enabler to SIGINT missions and, if the corresponding lead agencies can work past their institutionalized parochialism, they can do great things together.

TNNI: What do you think the definition of cyber warfare should be?

Anderson: To deny, disrupt, or degrade the operation of an adversary’s computers, communications, or critical infrastructure.

Robert Butler

It started with a minor inconvenience that quickly escalated into nationwide panic. Twenty million of the nation’s smartphones have stopped working, and a massive power outage is spreading throughout the Eastern seaboard. Multiplying in strength, the phone outage soon reaches 30 million users and causes disruptions at the New York Stock Exchange and electric grid failures. America quickly comes to a standstill. The culprit: A malware program planted in phones months earlier through a popular “March Madness” basketball bracket application.

Although just a fictitious cyber attack against U.S. critical infrastructure, the “Cyber ShockWave” simulation made it clear the nation was far from prepared to deal with cyber terrorists, a topic highlighted at last week’s AFCEA Cybersecurity Symposium held at the Hilton Washington in Washington, D.C. The day-long event covered several panels with government officials and military leaders who highlighted the importance of protecting the nation’s most critical infrastructure and discussions on public-private partnerships.

Participating in the “Reaction to Cyber ShockWave – Enter DoD & USCYBERCOM” panel, Gen. Ronald E. Keys spoke about the process of information sharing between government and industry.

“If I want you to share information, some of you will readily share, some of you will won’t because of privacy concerns,” he said. “Because of concerns of your customer base becoming less than happy with your lack of security, how do we strip the sources of methods, if you will, like we do [off] intelligence, how do we strip proprietary and customer concern off information so we can share it?”

Deputy Assistant Secretary of Defense for Cyber Policy Bob Butler discussed the focus areas the Pentagon has been working on, including looking at cyberspace as a separate domain, deciding whether current efforts are enough or if there is a need for new operating concepts, extending interagency and international partnerships, and training of a cyber workforce.

“Doing security framework is one element that we use as a venue, but there are many others,” he said. “But it really comes down to looking at things in different ways, potentially changing business models and significant implications in terms of policy.”

Keys spoke about some of the steps to prevent cyber terrorists from attacking. By imposing consequences on their illegal actions and making it “painful” for individuals to act criminally, it is possible to deter bad behavior, he said.

“You have to make it dangerous, I believe,” Keys said. “And dangerous means someone is going to knock on your door and pick you up by the scruff of the neck. Or maybe your computer is going to stop working, or you have to make it not worth the time. … You can make it painful that way. You raise the cause, you raise the danger — you’re going to get caught, or something is going to happen to your system.”

Navy Rear Adm. Michael A. Brown, deputy assistant secretary for cybersecurity at the Department of Homeland Security, stressed the importance on acting swiftly rather than waiting for something catastrophic to happen.

“We just cannot wait for an event to occur before we know how we’re going to operate,” he said.

Substituting for scheduled keynote speaker Deputy Undersecretary of the National Protection and Programs Directorate Philip Reitinger, Bruce McConnell spoke about how to turn an insecure ecosystem into a healthy one that can respond to threats. McConnell, who is a senior adviser to Reitinger, stressed how there needs to be a collaborative defense between machines and humans to defend the environment.

With a rare public appearance, White House Cybersecurity Coordinator Howard Schmidt rounded off the event with a closing keynote echoing Keys’ sentiment on creating a policy of deterrence to combat cyber threats. He also stressed how poor cyber hygiene makes it easy for hackers to intrude networks.

“Why is it that we keep seeing these problems over and over again?” he asked. “Why do we keep getting reports on intrusions in our systems? Why do we keep seeing theft of intellectual property …  in the private sector? And the simple answer to that is because we have vulnerabilities.”

Speaking about the aspect of the cost/benefits aspect of doing cybersecurity, Schmidt addressed the issue of how to make it less lucrative for cyber criminals to carry out their efforts.

“[If] someone is able to sell a stolen identity for $5, how do we create an environment where it’s going to cost them $10 to get back? There’s just not cost/benefit in them doing it,” he said. “I think that’s one of the components that the private sector will look at on a regular basis, how can we raise the costs of them doing the things that they try to do to the benefit they get out of it?”

Last July, denial of service attacks hit U.S. and South Korean government networks, making several websites briefly unavailable. At the time, many cyber experts blamed North Korea for the attacks.

However, it now appears North Korea was not involved in the attacks. Government authorities are still no closer to determining who the culprits were, according to media reports. Cyber experts claim no solid evidence exists linking any foreign government to the attacks.

The attacks did not cause any significant damage or appear to result in any loss of information, leaving some experts to question its importance.

“It’s about as frightening as someone driving around the block blowing their horn a lot,” said James Lewis, a senior fellow at the Center for Strategic and International Studies. “A lot of people could have done it, and it doesn’t leave a lot of clues to their identity.”

Despite the lack of evidence, North Korea does possess a significant cyber attack capability.

“There are a number of national intelligence agencies who are creating cyber capabilities. It’s a natural area of exploration,” Gen. Wesley Clark said. “I wouldn’t underestimate North Korea’s potential in this space.”

According to officials, the government is better prepared for such attacks.

“We are not recommending people to start searching for erotic content, not at all, but the statistics are clear: For every infected adult domain we identify, there are 99 others with perfectly legitimate content that are also infected,” said Ondrej Vlcek, chief technology officer of Avast, which conducted the study.

Vlcek explained that in U.K. for example, there are more infected domains containing the word “London” than any other domain containing the word “sex.”

The latest discovery of an infected site is the Vodafone U.K. website. This infection in the smartphones section is an example of how cyber crooks find ways to spread malware to the Internet users.

The infection of Vodafone is an HTML:Script-inf, an evolution of JS:illRedir and JS:ilIiframe exploits. According to Avast, this type of infection is widespread and accounts for 20 percent of all infected U.K. pages. The infection takes advantage of a two-week- old Microsoft Windows vulnerability.

“The problem is particularly bad because the CVE-2010-1885 vulnerability targets the most widely used version of Windows, and at the present time it is still unpatched,” Vlcek said. “This means that even if a user is running a fully updated Windows XP SP3 with all the security patches, the user is still vulnerable.”

Galligan is currently chief inspector for the FBI’s Office of Inspections. She joined the bureau in 1988, and after completing training at the academy in Quantico, Va., she was assigned to the New York division to handle terrorism investigations and intelligence gathering. She was one of the on-scene commanders in Yemen to investigate the USS Cole attack, and she traveled to Tanzania in 1998 to work the U.S. Embassy bombing case. In 2001, she became a domestic terrorism squad supervisor in the New York division and worked on cases involving supremacy and extremist groups, anthrax and bomb threats.

After the Sept. 11, 2001 terrorist attacks, she supervised PENTTBOM, the FBI’s investigation of the attacks. Shortly after, she reported to FBI Headquarters and oversaw the entire investigation. Galligan briefed the FBI director, the Senate and House Intelligence Committees, the 9/11 Commission and staff, members of the National Security Council, the media, the U.S. military, and families of 9/11 victims.

In August 2004, she was assigned as an assistant special agent in charge (ASAC) in the administrative division and was designated as ASAC in the counterintelligence division in February 2006. She returned to headquarters in 2008 and was promoted in July 2009 to the role of chief inspector overseeing the Office of Inspections.

Galligan earned a bachelor’s degree from Fordham University and a master’s degree in psychology from the New School for Social Research. She also attended the Law Enforcement Executive Development course at Princeton University and the Graduate School of Industrial and Labor Relations at Cornell University. She is certified as an FBI crisis coordinator, general police instructor, and National Center for the Analysis of Violent Crime coordinator.