National Cybersecurity
A Pentagon pilot program that uses
classified National Security Agency data to protect the computer
networks of defense contractors has had some success but also has failed
to meet some expectations, according to a study commissioned by the
Defense Department.
Nakashima, E. (2012, January 12). Cyber defense effort is mixed, study finds. Washington Post. Retrieved from http://www.washingtonpost.com/world/national-security/cyber-defense-effort-is-mixed-study-finds/2012/01/11/gIQAAu0YtP_story.html
Perloth, N. (2012, January 12). Malicious software attacks security cards used by Pentagon. New York Times. Retrieved from http://bits.blogs.nytimes.com/2012/01/12/malicious-software-attacks-security-cards-used-by-pentagon/
Chinese
hackers have deployed a new cyber weapon that is aimed at
the Defense Department, the Department of Homeland Security, the State
Department and potentially a number of other United States government
agencies and businesses, security researchers say. Researchers at
AlienVault, a Campbell, Calif., security company, said on Thursday that
they had uncovered a new variant of some malicious software called Sykipot
that targets smart cards used by government employees to access
restricted servers and networks. Traces of Sykipot malware have been
found in cyberattacks dating back to 2006, but AlienVault’s researchers
say this is the first time Sykipot has compromised smart cards.
Sternstein, A. (2012, January 3). Cyber spies try probing U.S. drone plans. Nextgov. Retrieved from http://www.nextgov.com/nextgov/ng_20120103_5731.php
China-based hackers for months have been targeting federal agencies
and contractors through infected emails apparently to spy on the
Pentagon's drone strategy and other intelligence matters, according to
Internet security researchers. The reported espionage employed a tactic known as spear-phishing
where infiltrators, operating under the guise of a legitimate sender,
email specific victims a virus-laden file or link. In this case, the
hackers used email addresses from military and other government
organizations, Jaime Blasco, manager of AlienVault Labs, said Tuesday.
United States. Government Accountability Office. (2011, December). Critical infrastructure protection: Cybersecurity guidance Is available, but more can be done to promote its use (GAO-12-82). Retrieved from http://www.gao.gov/products/GAO-12-92
Reviews currently available guidance and makes recommendations for improving ease of application. [Related article from Infosecurity.]
Global Cybersecurity
& broadly applicable items
Carr, J. (2011). Inside cyber warfare (2nd ed.). Sebastapol. CA: O'Reilly Media. [E-book available in the Safari Books Online database.]
Inside Cyber Warfare provides fascinating and disturbing details
on how nations, groups, and individuals throughout the world use the
Internet as an attack platform to gain military, political, and economic
advantages over their adversaries. The second edition goes beyond the
headlines of attention-grabbing DDoS attacks and takes a deep look
inside recent cyber-conflicts, including the use of Stuxnet. It also
includes a Forward by Secretary Michael Chertoff and a guest essay by
Melissa Hathaway, among others.
Economist Intelligence Unit. (2012). Cyber power index: Measuring the drivers of cyber power across the G20 countries [online tool]. Retrieved from http://www.cyberhub.com/CyberPowerIndex
The purpose of the Cyber Power Index is to benchmark the
ability of the G20 countries to withstand cyber attacks and to deploy
the digital infrastructure needed for a productive economy. In doing so,
the index measures both the success of digital uptake and the degree to
which the economic and regulatory environment promotes national cyber
power. The index is developed as an interactive quantitative and
qualitative scoring model constructed from the following four
categories:
- Legal and Regulatory Framework
- Economic and Social Context
- Technology Infrastructure
- Industry Application
Malicious URLs being disguised by QR codes. (2012, January 12.) Infosecurity. Retrieved from http://www.infosecurity-magazine.com/view/23182/malicious-urls-being-disguised-by-qr-codes/
QR codes, a square pattern of black dots on a white background, are a
form of barcode originally developed to track automotive parts during
manufacture. Their fast readability, versatility and storage capacity
have made them popular in many areas, and not least within mobile
phones. “In many ways it was just a matter of time before we saw spam messages point to URLs that use embedded QR codes,” says Websense
researcher Elad Sharf. “The advantage QR codes have over bit.ly is that
it is a fast growing and marketing technology that currently has an
inherent level of trust and novelty for consumers.”
Nye, J. S., Jr. (2011, Winter). Nuclear lessons for cybersecurity? Strategic Studies Quarterly, 5(4), 18-38. Retrieved from http://www.au.af.mil/au/ssq/2011/winter/nye.pdf
After a short overview of the problem of cyber security . . . I will suggest several general lessons and then discuss a number of international lessons that can be learned from the nuclear experience. While the two technologies are vastly different, as I will argue below, there are nonetheless useful comparisons one can make of the ways in which governments learn to respond to technological revolutions.
Ren, K., Wang, C., & Wang, Q. (2011, January-February). Security challenges for the public cloud. IEEE Internet Computing, 16(1), 69-73. [Full text available in the IEEE Computer Science Digital Library database.]
Cloud computing represents today's most exciting computing paradigm
shift in information technology. However, security and privacy are
perceived as primary obstacles to its wide adoption. Here, the authors
outline several critical security challenges and motivate further
investigation of security solutions for a trustworthy public cloud
environment.
Song, D., Shi, E., Fischer, I., & Shankar, U. (2012, January). Cloud data protection for the masses. Computer, 45(1), 39-45. [Full text available in the IEEE Computer Science Digital Library database.]
Offering strong data protection to cloud users while enabling rich
applications is a challenging task. Researchers explore a new cloud
platform architecture called Data Protection as a Service, which
dramatically reduces the per-application development effort required to
offer data protection, while still allowing rapid development and
maintenance.