DSBlog

The 2011 Atlantic hurricane season, which began on June 1, comes to a close tomorrow. The National Oceanic and Atmospheric Administration (NOAA) says the number of tropical storms and hurricanes that developed this year matched its pre-season predictions and “continued the trend of active hurricane seasons that began in 1995.”

There were a total of 19 tropical storms of which seven became hurricanes, including three major hurricanes (defined as Category 3, 4 or 5 with top winds of 111 mph and greater). Only one of the hurricanes—Irene—made landfall in the U.S., and it was not a major one at that. Nevertheless it did so much damage across such a wide area as to break what NOAA calls the ‘hurricane amnesia’ of not having experienced a major land-falling hurricane in the U.S. in three years.

“Irene was the lone hurricane to hit the United States in 2011,” NOAA reported, “and the first one to do so since Ike struck southeast Texas in 2008. Irene was also the most significant tropical cyclone to strike the Northeast since Hurricane Bob in 1991.”

NOAA’s press release on the 2011 season can be found here. It makes several references to the value of storm-predicting satellites, an allusion to threatened budget cuts in fiscal year 2012. Click here to view a four-minute animation of the entire season from one of those satellites (Irene appears just after the two-minute mark).

––––––––––––––––

Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises for optimizing risk-based strategic, policy and budgetary decisions.

The U.S. strategy for countering cyber-security threats in the past has barely kept pace with the variety and complexity of the latest digital threats. Just in time for a recent surge in attacks and intrusions, however, it seems a more coordinated and proactive approach is at last taking root.

Cyber attacks come in many guises, including denial-of-service actions designed to jam web servers; thefts of money, intellectual property and state secrets; and direct attacks on physical infrastructure using digital means.

In this latter category we recently witnessed what many experts have been warning about for decades: an apparent cyber attack on an Illinois water utility that caused one of its pumps to malfunction and burn out.

During the summer the White House explicitly linked the cyber and physical realms in its new cyber-security strategy – a move we applauded not only because it will allow for common and coordinated responses in two very different but interlinked arenas, but because it acknowledges that an attack is an attack regardless of whether or not it can be seen with the naked eye. As a consequence, a cyber attack could now plausibly result in a physical response.

More recently, the Department of Defense (DoD) issued an even more explicit statement of policy, stating that the U.S. will launch “offensive cyber operations” in response to hostile acts such as “significant cyber attacks directed against the U.S. economy, government or military” (see the full DoD policy report here).

Although not always mentioned by name, Russia and China are frequently the implied sources of cyber threats. Both countries have been accused of cyber espionage by the U.S. intelligence community, Russian hackers were fingered for the Illinois water utility incident, and China has been named in a number of others, including the infamous RSA hack in March. Former White House cyber-security adviser Richard Clarke recently said the Chinese are “the people who are doing us the most damage these days in cyber-space.”

Finally, for an interesting and well-informed perspective on the complex issues surrounding cyber-security, listen to an interview that SearchSecurity.com conducted with Tony W. Sager, Chief Operating Officer of the Information Assurance Directorate of the National Security Agency (NSA). In one videotaped segment, Sager discusses the big-picture message from this year’s major security breaches, and also why the hype about Advanced Persistent Threats isn’t fully justified. In the second, he addresses questions surrounding the likelihood of a “digital Pearl Harbor” cyber attack, the trouble identifying the origin of a major cyber attack like Operation Aurora, and why doing just enough to disrupt attackers is the ideal enterprise cyber-defense strategy.

––––––––––––––––

Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises for optimizing risk-based strategic, policy and budgetary decisions.