America is facing an energy-security paradox. Our domestic oil production is on the rise; the cars that roll onto our roads are more efficient than ever, and net oil imports are at their lowest level since the days when President George Herbert Walker Bush lived in the White House. Yet none of this has reined in the price of gasoline. This runs counter to U.S. conventional wisdom over the past forty years, touted by every president since Richard Nixon. Read more of Gal Luft's article on the energy security paradox.

From BBC

Spamhaus, a nonprofit spam filtering organization, has been targeted by a cyber attack.

Steve Linford, chief executive for Spamhaus, told the BBC the scale of the attack was unprecedented. "We've been under this cyber-attack for well over a week.

"But we're up - they haven't been able to knock us down. Our engineers are doing an immense job in keeping it up - this sort of attack would take down pretty much anything else."

Mr Linford told the BBC that the attack was being investigated by five different national cyber-police-forces around the world.

He claimed he was unable to disclose more details because the forces were concerned that they too may suffer attacks on their own infrastructure.

The attackers have used a tactic known as Distributed Denial of Service (DDoS), which floods the intended target with large amounts of traffic in an attempt to render it unreachable.

From the Telegraph

The document, written by al-Qaeda planner Younis al-Mauretani, suggests planting recruits in jobs which could later be useful in attacks, such as oil or gas transportation, and directing supporters to study chemistry and physics. [...]

 Al-Mauretani identifies the massive petrochemical facility at Abqaiq in Saudi Arabia as a potential target for aerial attack.

The 17-page document includes a suggestion that al-Qaeda should use submarines to explore the layout of underwater gas pipelines, in order to mine them. This idea is given serious consideration in the document which notes that the pipelines have safety valves every 6 miles that need to be taken into account when planting mines. 

 

CNBC:

Gal Luft, co-director at the Institute for the Analysis of Global Security and a senior adviser to the U.S. Energy Security Council said that though a Chavez departure may already be well factored into prices, it won't "translate into market calmness before it is clear what the nature of the new leadership is."

Clarity over who will be running state-oil producer PDVSA will be equally important, Luft said. "The company has been battered by terribly ineffective personnel changes and removal of competent leadership which has been replaced by political appointees," he said. "Once we begin to see changes in the company's leadership, reflecting professionalism and competence, that could mean the company is making a U-turn, becoming attractive for investors."

Meanwhile, a former executive at PDVSA told CNBC that Venezuela has lost its ability to influence global oil markets because years of under investment in the OPEC (Organization of Petroleum Exporting Countries) member's petroleum industry has constrained production.

"Venezuela is a weak OPEC hawk, as it has no sufficient production to influence prices," said Gustavo Coronel, a founding member of the board of state-oil firm Petroleos de Venezuela. "Venezuela is no longer a factor that can really upset the markets as it was the case 20 years ago."

Gustavo Coronel outlined in the July 2012 JES what it will take for PDVSA to recover. 

Energy frontiers in North America

From Reuters, via the Lebanese Daily Star

Once again, terrorists have targeted the vulnerable energy sector. 

Attackers bombed and disabled a pipeline carrying fuel oil from Iraq's largest refinery to a province north of Baghdad, the oil ministry said on Sunday.

 "A bomb attack led to an explosion in the 16-inch pipeline transporting fuel oil from Baji refinery to Nineveh province," said ministry spokesman Asim Jihad.

From the White House 

Victoria Espinel, the U.S. Intellectual Property Enforcement Coordinator, announced the launch of a new strategy to protect intellectual property. She cited President Obama's State of the Union Address in which he said,  “we cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”

The Strategy that we are releasing today coordinates and improves U.S. Government efforts to protect the innovation that drives the American economy and supports jobs in the United States. As the Strategy lays out, we are taking a whole of government approach to stop the theft of trade secrets by foreign competitors or foreign governments by any means – cyber or otherwise.

From the White House

In his 2013 State of the Union address, President Barack Obama emphasized the importance of securing our energy systems from cyber attacks. 

America must also face the rapidly growing threat from cyber-attacks. Now, we know hackers steal people’s identities and infiltrate private emails. We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.

And that’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy.

But now Congress must act as well, by passing legislation to give our government a greater capacity to secure our networks and deter attacks. This is something we should be able to get done on a bipartisan basis.

The full text of the Executive Order

 

 

The Persistent Threat Detection System, or PTDS, is fielded by Program Executive Office Intelligence Electronic Warfare & Sensors, and personnel manning the systems fall under the 401st. 

"PTDS is a large aerostat tethered to a mooring platform, which is accompanied by a Ground Control Station," Lt. Col. Michael Parodi, product manager for Meteorological and Target Identification Capabilities, was quoted as saying in an article published Jul. 2, 2012. "The system is equipped with both visual and audio surveillance technology and acts as a force multiplier for commanders on the ground."

Parodi added that PTDS can be utilized to scan large areas for potential insurgent activity while interacting with various sensors to provide a complete picture of potential threats.

From The Hill

With the State of the Union approaching this evening at 9pm, Cybersecurity is sure to play a role. The Hill reports anticipation that the President will follow up the SOTU with an announcement on cybersecurity.

The White House is poised to release an executive order aimed at thwarting cyberattacks against critical infrastructure on Wednesday, two people familiar with the matter told The Hill.

The highly anticipated directive from President Obama is expected to be released at a briefing Wednesday morning at the U.S. Department of Commerce, where senior administration officials will provide an update about cybersecurity policy.

The executive order would establish a voluntary program in which companies operating critical infrastructure would elect to meet cybersecurity best practices and standards crafted, in part, by the government. 

Observers are expecting the president to briefly mention the need for the country to improve its defenses against cyberattacks during his State of the Union address on Tuesday. 

According to The Hill, White House Cybersecurity Coordinator Michael Daniel, Commerce Department Deputy Secretary Rebecca Blank, Department of Homeland Security Deputy Secretary Jane Holl Lute and National Security Agency Director Gen. Keith Alexander may participate in Wednesday’s briefing.   

From Voice of America:

Armed men have hijacked a tanker carrying 5,000 tons of oil from a port in Ivory Coast. [...]

A total of five incidents were reported off Ivory Coast in 2012, up from one the previous year. In October, suspected Nigerian pirates seized a tanker carrying more than 30,000 tons of gasoline off the coast of Abidjan, the first reported hijacking in the country.

 

From World Politics Review

Anne Korin was interviewed on the attractiveness of the energy sector for terrorists: 

In mid-January, militants raided Algeria’s In Amenas gas field, sparking a crisis that ended with the deaths of at least 37 hostages. Anne Korin, co-director of the Institute for the Analysis of Global Security, an energy security research organization, explained in an email interview why the oil and gas industry is an attractive target for terrorists.

 

From Voice of America

IAGS' Dr. Gal Luft was interviewed in a report on the the relationship between energy security and oil costs.

Gal Luft, an energy expert, said cyber attacks are a growing concern for energy companies.

"As cyber terrorists realize the vulnerability, they may improve their technical sophistication and eventually develop capabilities that could wreak havoc in global oil and gas markets," said Luft.

So far, the most serious cyber attacks have been aimed at power grids  rather than at oil or gas production. Luft said, however, that could change.

Meantime, oil prices that spiked right after the Algeria attack remain high.

 

From IT Management:

February 05, 2013, 10:41 AM — The European Commission's long-awaited Cyber Security Strategy will be presented on Thursday and as written, it would force private companies, so-called "enablers of information society services," to report all data breaches or cyber security incidents to national authorities.

With leaked drafts of the text circulating in Brussels, the strategy has come under fire before it has even been formally announced. Industry leaders are worried that extending the scope of reporting mandates could harm business, while European digital rights group EDRi said that the move would give national authorities access to "sufficient information from almost everyone online" in breach of the European Convention on Human Rights. [...]

The Commission draft text says that "synergies between civilian and military approaches in protecting critical cyber assets should be enhanced" and adds that the Budapest convention on cybercrime should serve as a model for future plans. But, said the official, "we are not China, we are not trying to use cyber security to control what is on the web."

Read More

 

 

From Defense Systems:

In one of the first visible effects on force readiness of the looming threat of across-the-board budget cuts scheduled to go into effect next month, the  Defense Department has delayed the deployment of the aircraft carrier USS Harry S. Truman and USS Gettysburg to the Persian Gulf.

The two vessels were scheduled to depart Norfolk, Va., this week for the U.S. Central Command area of responsibility.

Read more

From CSO:

Bill Gertz, of The Washington Free Beacon, reported Monday that unnamed Energy Department officials confirmed that there had been an attack on servers at the agency's Washington headquarters about two weeks ago.

Gertz reported that the sources told him that 14 computer servers and 20 workstations were penetrated, that personally identifiable information of several hundred employees was compromised, but that no classified information was exposed.

Read More

 

From Reuters

SAN JUAN, Puerto Rico, Feb 5 (Reuters) - A widely used system for controlling electricity, heating and other systems inside buildings remains vulnerable to attacks over the Internet, despite warnings from U.S. officials, researchers said on Tuesday.

The Niagara control system from Honeywell International Inc's Tridium division are configured to connect to the Internet by default, even though that is not necessary for them to function, two researchers from security firm CyLance said at a security conference in San Juan, Puerto Rico.

 

In their presentation, the two researchers showed that some 21,000 Niagara systems used at hospitals and other facilities can currently be accessed via the public Internet, using a specialized search engine known as Shodan.

Read MOre

 

From FireEye blog:

FireEye discovered an APT campaign consistently targeting companies in the aerospace and defense industries. The campaign has been in effect for sometime now.

We have seen this campaign use both email and drive-by downloads as a means of infecting end users. The threat actor has consistently used attachment names of documents/white papers released by well-known companies. The malicious email attachment exploits some common vulnerabilities in PDF and DOC files.

[...] this campaign has been targeting companies in the Aerospace and Defense vertical in waves. There is no specific pattern to this attack, we have seen days on which multiple weaponized emails were sent to several companies, and on other days we observed that the threat actor sent only one email to a specific target organization. The chart below shows Beebus attacks in the last year.

Read More

 

 

From the New York Times:

A secret legal review on the use of America’s growing arsenal of cyberweapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad, according to officials involved in the review. 

That decision is among several reached in recent months as the administration moves, in the next few weeks, to approve the nation’s first rules for how the military can defend, or retaliate, against a major cyberattack. New policies will also govern how the intelligence agencies can carry out searches of faraway computer networks for signs of potential attacks on the United States and, if the president approves, attack adversaries by injecting them with destructive code — even if there is no declared war.

The rules will be highly classified, just as those governing drone strikes have been closely held. John O. Brennan, Mr. Obama’s chief counterterrorism adviser and his nominee to run the Central Intelligence Agency, played a central role in developing the administration’s policies regarding both drones and cyberwarfare, the two newest and most politically sensitive weapons in the American arsenal.  

Read More 

From the Council on Foreign Relations:

A few days after the New York Times, Wall Street Journal, and Washington Post all admitted that their computer networks had been attacked, apparently by China-based hackers, it seems fair to say that both sides agree the “naming and shaming” approach to the problem is not working. The United States can call China out, but it has no real affect on behavior.

In one of the interviews she did in her last days as secretary of state, Hillary Clinton said that “We have to begin making it clear to the Chinese—they’re not the only people hacking us or attempting to hack us—that the United States is going to have to take action to protect not only our government, but our private sector, from this kind of illegal intrusions.”  

Read More