December 23, 2011

[next update 1/6/12]

National Cybersecurity

Feds indict 55 people in New York cybercrime ring. (2011, December 20). Infosecurity. Retrieved from http://www.infosecurity-magazine.com/view/22803/feds-indict-55-people-in-new-york-cybercrime-ring/

The Manhattan District Attorney has indicted 55 individuals for operating a $2 million organized cybercrime ring that relied on corrupt employees at companies and institutions to steal personal information of victims.  The indicted individuals allegedly used the stolen information in a variety of schemes to defraud the victims who had their personal information stolen. The information included names, dates of birth, addresses, social security numbers, and financial account information. [More from the New York Times.]

Gorman, C. (2011, December 21). Chinese hackers hit U.S. Chamber. Wall Street Journal. Retrieved from http://online.wsj.com/article/SB10001424052970204058404577110541568535300.html

A group of hackers in China breached the computer defenses of America's top business-lobbying group and gained access to everything stored on its systems, including information about its three million members, according to several people familiar with the matter. The break-in at the U.S. Chamber of Commerce is one of the boldest known infiltrations in what has become a regular confrontation between U.S. companies and Chinese hackers. The complex operation, which involved at least 300 Internet addresses, was discovered and quietly shut down in May 2010. [More from the New York Times.]

Hawalt, S. (2011, December 21.) Rethinking DoD cybersecurity in a post-WikiLeaks world (G00218054). [Full text available in the Gartner database.]

WikiLeaks data breaches of classified and sensitive documents spurred the formation of a plethora of spinoff hacker groups. The U.S. Department of Defense (DoD) has improved data-handling processes and information security technologies. However, defense CIOs, military leaders and chief information security officers (CISOs) must now focus on finding the right level of sharing data in an improved classified security program in cyberspace.

Heilbraun, M. R., &  Brown, I. (2011). Cybersecurity policy and legislation in the 112th Congress. Intellectual Property and Technology Law Journal, 23(12), 14-20. [Full text available via UMUC Library OneSearch.] 

This article reviews current cybersecurity policy proposalsintended to enhance our nation’s security from a cyberattack and punish wrongdoing and recent proposals intended to set national data breach notification standards and develop public / private voluntary security standards.

Nationwide cybersecurity education initiative launched. (2011, December 22). Government Security News. Retrieved from http://www.gsnmagazine.com/node/25305

The Global Institute for Cybersecurity + Research announced on December 22 the planned launch next month of the National Critical Infrastructure Cybersecurity Education Initiative, a nationally coordinated public/private collaborative partnership aimed at developing cybersecurity education programs. The effort will involve the NIST National Initiative for Cybersecurity Education (NICE), DHS, the National Council of Information Sharing & Analysis Centers (ISACs), critical infrastructure owner/operators, federal sector-specific agencies, academia, security certification and technology organizations.

Pilkington, E., & Williams, M. (2011, December 18). Bradley Manning hearing told of security failings at Iraq base. Guardian. Retrieved from http://www.guardian.co.uk/world/2011/dec/18/bradley-manning-security-failings-iraq

The person in charge of ensuring the security of the computer network that Bradley Manning worked on in Iraq was officially admonished earlier this year for failing to accredit and certify the system.  Capt. Thomas Cherepko confirmed to Manning's pre-trial hearing in Fort Meade, Maryland, that he received a letter of admonishment in March. He was censured for having failed to submit a package of documents to his superiors – known as a Diacap – that would have verified the network met the defence department's minimum standards on computer security and was designed to have exposed any vulnerabilities. [Detailed liveblog of the Manning trial from the Guardian.]

United States. Senate. Committee on Appropriations. (2011, December 16). Summary: FY12 Homeland Security appropriations. Retrieved from http://goo.gl/ERf62

Department of Homeland Security receives $888 million for cybersecurity and infrastructure protection. [More from Infosecurity.]

Enterprise Cybersecurity

Enterprise security market to reach $23 billion worldwide in 2012. (2011, December 21). Infosecurity. Retrieved from http://www.infosecurity-magazine.com/view/22815/enterprise-security-market-to-reach-23-billion-worldwide-in-2012/

Total investment in enterprise security is expected to grow 8.7% year-on-year in 2012 to reach a market value of $22.9 billion worldwide, predicts market analysis firm Canalys. The anti-virus software market segment is expected to grow 6.8% year-on-year, accounting for 11.3% of the total enterprise security market in 2012, according to a Canalys forecast. Anti-virus software continues to drive revenue for resellers because it is the first step that most small and medium-sized businesses (SMBs) take to secure their infrastructure.

Global Cybersecurity

& broadly applicable items

Halpert, B. (2011). Auditing cloud computing: A security and privacy guide. Hoboken, NJ: John Wiley & Sons. [Full text e-book available in the Books 24x7 database.]

Provides information to assist in preparing for an audit addressing cloud computing security and privacy for both businesses and cloud based service providers.

Michaels, D. (2011, December 19). Defense firms bid on NATO cyberwar. Wall Street Journal. Retrieved from http://online.wsj.com/article/SB10001424052970203733304577102171947782202.html

The North Atlantic Treaty Organization on Monday will collect bids from some of the world's top defense companies, including Lockheed Martin Co. and Northrop Grumman Corp., to update and expand the alliance's cybersecurity abilities. The €32 million ($42 million) contract, although valued at less than the price of one fighter jet, holds great significance because it cements the alliance's role in protecting cutting-edge infrastructure, say NATO officials.

Perloth, N. (2011, December 23). Insurance against cyber attacks expected to boom. New York Times. Retrieved from http://bits.blogs.nytimes.com/2011/12/23/insurance-against-cyber-attacks-expected-to-boom/

Experts say that more companies will buy policies in the coming year because of new Security and Exchange Commission requirements. Last October, the S.E.C. issued a new guidance requiring that companies disclose “material” cyber attacks and their costs to shareholders. The guidance specifically requires companies to disclose a “description of relevant insurance coverage.”