National Cybersecurity
Most users have not installed security software on their smartphones, survey finds. (2012, January 5). Infosecurity. Retrieved from http://www.infosecurity-magazine.com/view/23002/most-users-have-not-installed-security-software-on-their-smartphones-survey-finds/
Nearly three-quarters of Americans have never installed data
protection applications or security software on their smartphones to
protect against data loss or malware, according to a survey sponsored by
the National Cyber Security Alliance (NCSA) and McAfee.
In addition, 70% of smartphone
owners surveyed said they feel their device is safe from hackers,
malware, and other types of cybercrime, according to a survey of 2,337 US adults conducted by Zogby International for NCSA and McAfee.
Norton, Q. (2011, December 26). Antisec hits private intel firm; millions of documents allegedly lifted. Wired. Retrieved from http://www.wired.com/threatlevel/2011/12/antisec-hits-private-intel-firm-million-of-docs-allegedly-lifted/
The Antisec wing of Anonymous revealed on Saturday that it had
compromised the servers of the private intelligence firm Strategic
Forecasting Inc. — allegedly seizing millions of internal documents and
thousands of credit card numbers from the company, more commonly known
as Stratfor. That would be a major breach of private information from any firm. But
this hack could prove particularly significant, because Stratfor serves
as an information-gathering resource and open source intelligence
analysis for both the U.S. military and for major corporations. [Related article from the New York Times.]
Rockwell, M. (2012, January 6). Energy Department launches cyber protection initiative for electrical grid. Government Security News. Retrived from http://www.gsnmagazine.com/node/25378
U.S. Energy Secretary Steven Chu unveiled an initiative on Jan. 5 to
further protect the electrical grid from cyber attacks, dubbed the
“Electric Sector Cyber security Risk Management Maturity” project. The
White House initiative, said Chu in a statement, is led by the
Department of Energy (DOE) in partnership with the Department of
Homeland Security (DHS) and will leverage private industry and public
sector experts to build on existing cyber security measures and
strategies to construct a more comprehensive and consistent approach to
protecting the nation’s energy delivery system.
Enterprise Cybersecurity
Jackson, S., Gold, S., & Vael, M. (2011, December 13). How to protect your organization from multi-vectored threats [recorded webinar]. Retrieved from http://www.infosecurity-magazine.com/webinar/279/how-to-protect-your-organisation-from-multivectored-threats/
Multi-layered
IT security used to be optimum method of raising the
bar on your IT security defences, but the advent of multi-vectored
threats, phishing and all manner of cyber-criminality means that a
consolidated approach is now the best option – especially now that the
latest appliances can be controlled from a single dashboard. But what
makes an effective strategy on consolidated security? And what is the
best planning approach? Join us for an informative 60-minute webinar in
which our panel of
experts will explain the best strategies for selecting and deploying the
latest appliance technologies, as well as how to augment existing
systems on an evolutionary – rather than revolutionary – approach.
Global Cybersecurity
& broadly applicable items
European Network and Information Security Agency. (2011, November). Analysis of cybersecurity aspects in the maritime sector. Retrieved from http://www.enisa.europa.eu/media/press-releases/first-eu-report-on-maritime-cyber-security
The maritime sector is critical for the European society. Recent statistics show that within Europe, 52%1 of the goods traffic in 2010 was carried by maritime transport, while only one decade ago this was only 45%. This continuous increase in dependency upon the maritime transport underlines its vital importance to our society and economy. As it can be observed in other economic sectors, maritime activity increasingly relies on Information Communication and Technology (ICT) in order to optimize its operations. ICT is increasingly used to enable essential maritime operations, from navigation to propulsion, from freight management to traffic control communications, etc. These last years have also shown that cyber threats are a growing menace, spreading in all industry sectors that progressively rely on ICT systems.
European Network and Information Security Agency. (2011, December 19). Economics of security: Facing the challenges. Retrieved from http://www.enisa.europa.eu/act/rm/files/EoS%20Final%20report
This ENISA report is part of the work conducted within the ENISA Work Programme 2011. Within this effort, ENISA has analysed economic drivers and barriers in a number of areas (including policy, research, technology and business) and has identified potential areas of improvement to boost security and resilience in public systems and networks and consequently to relevant products and services by taking into account the economic dimension. This effort contributes to the identification of topics in the area of Economics of Security in line with the efforts for boosting Europe’s economic performance and introduction of measures to reinforce the benefits of the single market as announced in the Digital Agenda for Europe.
Kapersky Lab. (2011, October-December). The mystery of Duqu (1, 2, 3, 4, 5, 6, 7). Retrieved from https://www.securelist.com
Detailed analysis of the Duqu trojan. The authors conclude that Duqu and Stuxnet were created by the same developer. [Related article from Infosecurity.]
McAfee Labs. (2011, December 28). 2012 threat predictions. Retrieved from http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2012.pdf
Predicting future threats can be a hit-or-miss exercise for a security research
organization. Certainly it is interesting to put on our wizard hats and prognosticate about what may happen in the coming months, but how much do threats really change each year? The past 12 months were a transformative year in many ways, but were these transformations revolutionary or evolutionary? We saw great changes in mobile threats, hacktivism, client-side exploitation, social-media exploitation, and targeted attacks. Many of these changes and trends will continue to influence the threats landscape for years to come.
Nordell, D. E. (2012, February). Terms of protection: The many faces of smart grid security. IEEE Power and Energy Magazine, 10(1), 18-23. Retrieved from http://magazine.ieee-pes.org/files/2011/12/10mpe01-nordell.pdf
A critical consideration in the development of smarter electrical grids
is to ensure best security practices. Few terms in the smart grid
vocabulary, however, are as overworked and overloaded (i.e., assigned
multiple definitions) as the word security. Such definitions range all
the way from ensuring reliability—keeping the lights on—to protecting
the confidentiality of customer information. This article will attempt
to explore these multiple definitions and find some common thread that
can help ensure the success of the pursuit of a smarter electrical grid
while maintaining security—in all of its various meanings.
O'Brien, K. J. (2011, December 25). Lax security exposes voice mail to hacking. New York Times. Retrieved from http://www.nytimes.com/2011/12/26/technology/26iht-hack26.html
It may be tempting to view the illegal interception of telephone voice
mails, a practice that has roiled Britain and the News Corp. media
empire of Rupert Murdoch, as an arcane tool employed by scofflaw
journalists with friends in Scotland Yard. But according to a study to be presented Tuesday, cellphone users in
Europe and the rest of the world may be just as vulnerable as the actor
Hugh Grant and other celebrities to having their personal voice mail
hacked — or worse — because of outdated mobile network security.
Saurabh, A. (2011). On cyber security for networked control systems (Doctoral dissertation). University of California, Berkeley, CA. [Full text available in the Dissertations and Theses database.]
The instrumentation of infrastructure systems by embedded sensors,
computation, and communication networks has enabled significant advances
in their management. Examples include monitoring of structural health,
traffic congestion, environmental hazards, and energy usage. The use of
homogeneous (especially, commercially available off-the-shelf)
information technology (IT) solutions makes infrastructure systems
subject to correlated hardware malfunctions and software bugs. Over the
past decade, many concerns have been raised about the vulnerabilities of
infrastructure systems to both random failures and security attacks.
Cyber-security of Supervisory Control and Data Acquisition (SCADA)
systems is especially important, because these systems are employed for
sensing and control of large physical infrastructures. So far, the
existing research in robust and fault-tolerant control does not account
for cyber attacks on networked control system (NCS) components. Also,
the existing research in computer security neither considers the attacks
targeting NCS components nor accounts for their interactions with the
physical system. The goal of this thesis is to bridge this gap by
focusing on (1) security threat assessment, (2) model-based attack
diagnosis, and (3) resilient control design.
Seo, H., & Choy, Y. (201 ). Criteria for comparing cyberwarfare ability. Lecture Notes in Electrical Engineering, 120, 111-120. Retrieved from http://goo.gl/FijPL
We are in cyber war age. New research tries [sic] are done in the area of
concept, weapons, capability, and so on for cyber war.
Most nations want to know the capability and vulnerable
areas for preparing cyber war. In order to get this object, we selected
criteria items for comparing nations’ cyberwar capability. A
few pilot nations’ capability information was gathered through
open information according to the proposed criteria. The
more exact interpretation and understanding for each nation’s capability
including vulnerable area can be caught with the proposed
criteria.
Stewart-Smith, H. (2012, January 4). Japan develops virus to counter cyber-attacks: But can it be used? ZDNet. Retrieved from http://www.zdnet.com/blog/asia/japan-develops-virus-to-counter-cyber-attacks-but-can-it-be-used/635
The Japanese Ministry of Defense has revealed its latest project to tackle hacking: a ’seek and destroy’ virus designed to track and disable the source of cyber-attacks. The project, launched in 2008,
cost $2.3 million over three years. Several companies competed for the
contract, but Fujitsu was eventually commissioned to develop the new
‘cyberweapon’. The virus has already undergone testing in a closed network environment. ... Unfortunately, Japan’s Ministry of Defense still has several hurdles to jump before this project can be utilised.
