National Cybersecurity
Testimony from James A. Baker, Michael Chertoff, and others.
Engleman, E. (2011, November 18). Reid to move on Senate cybersecurity measure in early 2012. BusinessWeek. Retrieved from http://www.businessweek.com/news/2011-11-18/reid-to-move-on-senate-cybersecurity-measure-in-early-2012.html
Senate Majority Leader Harry Reid intends to bring
comprehensive cybersecurity legislation to the Senate floor for debate
early next year. Cyber attacks and espionage are “causing billions
of dollars of damage to our economy and are severely compromising
critical national security capabilities,” Reid, a Nevada Democrat, wrote
in a letter yesterday to Senate Minority Leader Mitch McConnell, a
Kentucky Republican. The letter was released today by Reid’s office.
McCullagh, D. (2011, November 17). Sandia Labs: SOPA will "negatively impact" U.S. cybersecurity. CNET. Retrieved from http://news.cnet.com/8301-31921_3-57326956-281/sandia-labs-sopa-will-negatively-impact-u.s-cybersecurity/
Leonard Napolitano, Sandia's director of computer sciences and
information systems, warned in a letter that the legislation is
"unlikely to be effective" and will "negatively impact U.S. and global
cybersecurity and Internet functionality."
Napolitano sent a letter in response to a request for a critique of the
Stop Online Piracy Act, or SOPA, from Rep. Zoe Lofgren, a California
Democrat who represents the heart of Silicon Valley. Lofgren is leading opposition in the House of Representatives to SOPA.
Mills, E. (2011, November 17). Was U.S. water utility hacked last week? CNET. Retrieved from http://news.cnet.com/8301-27080_3-57327030-245/was-u.s-water-utility-hacked-last-week
Intruders compromised a water utility network last week and destroyed a
pump, according to a state government report cited by a critical
infrastructure security expert today. It appears that hackers
breached the network of a company that makes SCADA (supervisory control
and data acquisition) and stole customer usernames and passwords, said
Joe Weiss, managing partner of Applied Control Solutions. "There was
damage--the SCADA system was powered on and off, burning out a water
pump," he wrote in a brief blog post. The report did not identify the water utility attacked or the SCADA
software vendor compromised, Weiss said in an interview with CNET.
Rockwell, M. (2011, November 16). DOJ wants to prosecute cyber criminal activity under racketeering law. Government Security News. Retrieved from http://www.gsnmagazine.com/node/24997
The set of laws that has allowed federal prosecutors to bring down
traditional organized crime gangs should be applied to international
cyber crime rings, a top Department of Justice official told a
congressional committee on Nov. 15. The recommendation was one of several DoJ Deputy Section Chief Richard Downing said should be made to the Computer Fraud and Abuse Act
(CFAA) during a House Judiciary Subcommittee on Crime, Terrorism and
Homeland Security hearing on cyber security’s new frontiers. The
committee is considering updating the law.
Thaw, D. B.
(2011). Characterizing, classifying, and understanding information
security laws and regulations: Considerations for policymakers and
organizations protecting sensitive information assets. (Doctoral
dissertation). [Full text available in the Dissertations and Theses database.]
Current scholarly understanding of
information security regulation in the United States is limited.
Several competing mechanisms exist, many of which are untested in the
courts and before state regulators, and new mechanisms are being
proposed on a regular basis. Perhaps of even greater concern, the pace
at which technology and threats change far outpaces the abilities of
even the most sophisticated regulators. My
Ph.D. dissertation focuses on understanding these laws - how we can
classify them, what effects they have, and what are the implications of
these effects for organizations and professionals. I explore these
concepts through a mixed methods approach, utilizing both qualitative
semi-structured interviews and quantitative data on breach incidence.
Enterprise Cybersecurity
Wright, A. (2011). Hacking cars. Communications of the ACM, 54(11), 18-19. doi:10.1145/2018396.2018403 [Full text available in the IEEE Computer Society Digital Library database.]
Researchers have discovered important security flaws in modern
automobile systems. Will car thieves learn to pick locks with their
laptops?
Norway's oil, gas and defense industries hit by major data theft. (2011, November 18). Infosecurity. Retrieved from http://www.infosecurity-magazine.com/view/22125/norways-oil-gas-and-defense-industries-hit-by-major-data-theft/
The Norwegian National Security Authority, the NSN, said in a press
statement late yesterday that a number of industrial secrets had been
stolen and sent out digitally from Norway, but not further information
on the data thefts have been revealed. The Associated Press,
meanwhile, quotes the NSN agency as saying that more than 10 different
cyber attacks were discovered in the last year, but that the agency
feels that the number may have been much higher because other victims
might not have yet realised that their computers have been targeted. The
case, notes the newswire, may be significant as Norway's oil and gas
industry is ranked the third largest in the world, where 2.8 million
barrels are produced every day.
Global Cybersecurity
& broadly applicable items
Felt, A. P., Finifter, M., Chin, E., Hanna, S., & Wagner, D. (2011, October). A survey of mobile malware in the wild. Paper presented at the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Device, Chicago, IL. [Full text available in the IEEE Computer Society Digital Library database.]
Mobile malware is rapidly becoming a serious threat. In this paper, we
survey the current state of mobile malware in the wild. We analyze the
incentives behind 46 pieces of iOS, Android, and Symbian malware that
spread in the wild from 2009 to 2011. We also use this data set to
evaluate the effectiveness of techniques for preventing and identifying
mobile malware. After observing that 4 pieces of malware use root
exploits to mount sophisticated attacks on Android phones, we also
examine the incentives that cause non-malicious smartphone tinkerers to
publish root exploits and survey the availability of root exploits.
Hoffman, L. J., Burley, D., & Toregas, C. (2011, November 1). Thinking across stovepipes: Using a holistic development strategy to build the cybersecurity workforce. (Report GW-CSPRI-2011-8). Retrieved from http://www.cspri.seas.gwu.edu/Publications, Papers, and Research/Stovepipes GW CSPRI Report 2011 8.pdf
This
article proposes a holistic approach to developing the cybersecurity
workforce based on careful integration of workforce development
strategies into a plan that involves educators, career professionals,
employers, and policymakers. First, it motivates this by describing how
other fields such as medicine have successfully done this and arguing
that cyber security is, like medicine, inherently cross-disciplinary at
multiple levels of expertise and performance, making it similar in
complexity to the medical profession and thus a good candidate for some
of the solutions developed there. The article then focuses on one
element of a holistic strategy – education -- and discusses the findings
of a recent workshop on cybersecurity education. It then places those
findings in the context of the broader discussion and suggests some
practical steps. They encourage computer science educators, human
resources professionals, and the functional experts from disciplines
that will attract computer science graduates to think beyond their
“stovepiped” fields and collaborate so that holistic, integrated
solutions can be developed, accepted, and implemented.
Horwath, J. (2011, November 11). iPad security settings and risk review for iOS 4.X. Retrieved from http://www.sans.org/reading_room/whitepapers/apple/ipad-security-settings-risk-review-ios-4x_33826
Many
corporations are starting to investigate the us of mobile computing
devices by staff and field agents. The introduction of consumer devices
such as the iPad into the business world, brings a new set of risks and
concerns to a corporation. The settings defined in this document try to
balance a corporation’s regulatory and customer obligations to reduce
risk while still allowing the user population an enjoyable user
experience. The paper will investigate this problem from a deployment in
an effort to give sales and marketing a business edge.
