National Cybersecurity
FBI says hackers hit key services in three US cities. (2011, December 13). BBC News. Retrieved from http://www.bbc.co.uk/news/technology-16157883
The infrastructure systems of three US cities have been attacked, according to the Federal Bureau of Investigation. At a recent cybersecurity conference, Michael Welch, deputy
assistant director of the FBI's cyber division, said hackers had
accessed crucial water and power services. The hackers could theoretically have dumped sewage into a lake or shut off the power to a shopping mall, he said. Industrial control systems are becoming an increasing target for hackers.
Kravets, D. (2011, December 14). Carrier IQ explains secret monitoring software to FTC, FCC. Wired. Retrieved from http://www.wired.com/threatlevel/2011/12/carrieriq-ftc-fcc/
Carrier IQ, the embattled phone-monitoring software maker, said
Wednesday it had met this week with officials from the Federal
Communications Commission and the Federal Trade Commission “to educate
the two agencies about the functionality of its software and answer any
and all questions."
Nagesh, G. (2011, December 16). House cybersecurity bill would establish federal overseer. The Hill. Retrieved from http://thehill.com/blogs/hillicon-valley/technology/199929-house-members-introduce-cybersecurity-bill
Members of the House Homeland Security Committee introduced a cybersecurity bill on Thursday that would establish a quasi-governmental entity to oversee information-sharing with the private sector. Like
the other cybersecurity bills offered by the House GOP, the Promoting
and Enhancing Cybersecurity and Information Sharing Effectiveness
(PrECISE Act) encourages private firms to share information on cyber
threats but stops short of mandating new security standards for sectors
deemed critical to national security.
Peterson, S., & Faramarzi, P. (2011, December 15). Iran hijacked US drone, says Iranian engineer. Christian Science Monitor. Retrieved from http://www.csmonitor.com/World/Middle-East/2011/1215/Exclusive-Iran-hijacked-US-drone-says-Iranian-engineer
Iran
guided the CIA's "lost" stealth drone to an intact landing inside
hostile territory by exploiting a navigational weakness long-known to
the US military, according to an Iranian engineer now working on the
captured drone's systems inside Iran. Iranian electronic warfare
specialists were able to cut off
communications links of the American bat-wing RQ-170 Sentinel, says the
engineer, who works for one of many Iranian military
and civilian teams currently trying to unravel the drone’s stealth and
intelligence secrets, and who could not be named for his safety.
Singel, R. (2011, December 14). Congress authorizes Pentagon to wage internet war. Wired. Retrieved from http://www.wired.com/threatlevel/2011/12/internet-war-2/
The
House and Senate agreed to give the U.S. military the power to
conduct “offensive” strikes online — including clandestine attacks, via a
little-noticed provision in the military’s 2012 funding bill. The
power, which was included in the House version but not the Senate
version, was included in the final “reconciled” bill that is all but
guaranteed to pass into law.
Smith, D. F. (2011, December 14). AACC expanding cybersecurity training to new location in Severn. Broadneck Patch. Retrieved from http://broadneck.patch.com/articles/aacc-expanding-cybersecurity-training-to-new-location-in-severn
Anne Arundel Community College
(AACC) will be expanding to a new facility next year near Arundel
Mills, with classrooms that will focus on training in the burgeoning
cybersecurity field. The AACC Board of Trustees met on Tuesday to review and approve the
lease for the new location in the third-story office at 7556 Teague Rd.
in Severn. After hunting for two years, school officials said they
determined this location was the best fit for the college . . . Trustee Walter Hall said even if the college had to lose some money over this initiative, he considered it a strategic investment in a growing industry. “I think the issue is positioning the college to be at the forefront of a discipline that clearly the government is focusing on in Maryland,” Hall said. “This is exactly the kind of opportunity we should be allocating our resources in.”
United States. Department of Homeland Security. (2011, November). Blueprint for a secure cyber future: The cybersecurity strategy for the homeland security enterprise. Retrieved from http://www.dhs.gov/xlibrary/assets/nppd/blueprint-for-a-secure-cyber-future.pdf
The
Blueprint for a Secure Cyber Future builds on the Department of
Homeland Security Quadrennial Homeland Security Review Report’s
strategic framework by providing a clear path to create a safe, secure,
and resilient cyber environment for the homeland security enterprise.
With this guide, stakeholders at all levels of government, the private
sector, and our international partners can work together to develop the
cybersecurity capabilities that are key to our economy, national security,
and public health and safety. The Blueprint describes two areas of
action: Protecting our Critical Information Infrastructure Today and
Building a Stronger Cyber Ecosystem for Tomorrow. The Blueprint is
designed to protect our most vital systems and assets and, over time,
drive fundamental change in the way people and devices work together to
secure cyberspace. The integration of privacy and civil liberties
protections into the Department’s cybersecurity activities is
fundamental to safeguarding and securing cyberspace. [Related article from Government Computer News. More from Federal Computer Week.]
Enterprise Cybersecurity
Wheatman, J. (2011, December 15). Ten reasons security is overlooked in information governance, and how to fix it (G00226989). [Full text available in the Gartner database.]
Information
governance and other business-driven data initiatives continue to
advance; however, the management of the associated security continues to
be disconnected. This research highlights common reasons for the lack
of convergence, as well as 10 things enterprises can try to do to close
the gap as swiftly as possible.
Global Cybersecurity
& broadly applicable items
National Institute of Standards and Technology. (2011, December). Electronic authentication guideline (Special Publication 800-63-1). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-63-1/SP-800-63-1.pdf
This recommendation provides technical guidelines for Federal agencies implementing electronic authentication and is not intended to constrain the development or use o standards outside of this purpose. The recommendation covers remote authentication of users (such as employees, contractors, or private individuals) interacting with government IT systems over open networks. It defines technical requirements for each of four levels of assurance in the areas of identity proofing, registration, tokens, management processes, authentication protocols and related assertions.
Risky business: 70% of young employees ignore IT security policies. (2011, December 14). Infosecurity. Retrieved from http://www.infosecurity-magazine.com/view/22690/risky-business-70-of-young-employees-ignore-it-security-policies/
A disturbing 70% of young employees said they often ignore
the company’s IT security policies, according to a survey sponsored by
Cisco. The most common reason for
ignoring IT security policies was the belief that employees were not
doing anything wrong (33%). One in five (22%) cited the need to access
unauthorized programs and applications to get their job done, while 19%
admitted the policies are not enforced, according to a survey of 2,800 young people (age 21–29) in 14 countries conducted by InsightExpress on behalf of Cisco.