[Next update 3/2/12]
National Cybersecurity
National Cybersecurity
Johnson,
N. B. (2012, February 21). NIST, Md. to operate joint cybersecurity
center. FederalTimes. Retrieved from
http://www.federaltimes.com/article/20120221/IT01/202210302/1035/IT01
The
federal government, in partnership with the state of Maryland and
Montgomery County, Md., will launch a National Cybersecurity Center of
Excellence that aims to speed industry's development of secure
information technology products. The National Institute of Standards and
Technology announced the agreement Tuesday through which NIST
researchers will share with industry solutions and standards they've
developed to improve cybersecurity. NIST's 2012 budget provides $10
million to launch and operate the center.
United
States. Congress. Senate. Committee on Homeland Security and Government
Affairs. (2012, February 16). Securing America's future: The
Cybersecurity Act of 2012. Retrieved from
http://www.hsgac.senate.gov/hearings/securing-americas-future-the-cybersecurity-act-of-2012
Video and transcripts of testimony from Sen. John McCain, Janet Napolitano, Tom Ridge, James A. Lewis, and others.
Enterprise Cybersecurity
BYOD problem: Criminal infiltration and data exfiltration. (2012, February 21). Infosecurity. Retrieved from http://www.infosecurity-magazine.com/view/24033/the-byod-problem-criminal-infiltration-and-data-exfiltration/
A solution to the growing ‘BYOD problem’ can be achieved by extending network access control at the servers to include mobile devices in the field by combining NAC and MDM. The ‘BYOD problem’ can be defined as twofold. Firstly, the increase in users’ own devices accessing corporate servers is an infiltration threat. Secondly, the habit of downloading sensitive data onto insecure and frequently lost and stolen mobile devices is an exfiltration threat. An IDC survey in July 2011 (2011 Consumerisation of IT Study: Closing the Consumerisation Gap) found that 40.7% of devices used to access business applications are the users’ own devices, including home PCs, smartphones and tablets. BYOD-facilitated infiltration and exfiltration are both rapidly growing problems.
Global Cybersecurity
& broadly applicable items
Jones, R. A., & Horowitz, B. (2012). A system-aware cyber security architecture. Systems Engineering, 15(2) [preprint]. [Full text can be requested at no cost from DocumentExpress.]
As exemplified in the 2010 Stuxnet attack on an Iranian nuclear facility, attackers have the capabilities to embed infections in equipment that is employed in nuclear power systems. In this paper, a new systems engineering focused approach for mitigating such risks is described. This approach involves the development of a security architectural formulation that integrates a set of reusable security services as an architectural solution that is an embedded component of the system to be protected. The System-Aware architectural approach embeds security components into the system to be protected. The architecture includes services that (1) collect and assess real-time security relevant measurements from the system being protected, (2) perform security analysis on those measurements, and (3) execute system security control actions as required. This architectural formulation results in a defense that is referred to as System-Aware Cyber Security. This includes (1) the integration of a diverse set of dynamically interchangeable redundant subsystems involving hardware and software components provided from multiple vendors to significantly increase the difficulty for adversaries by avoiding a monoculture environment, (2) the development of subsystems that are capable of rapidly changing their attack surface through hardware and software reconfiguration (configuration hopping) in response to perceived threats, (3) data consistency checking services (e.g., intelligent voting mechanisms) for isolating faults and permitting moving surface control actions to avoid operations in a compromised configuration, and (4) forensic analysis techniques for rapid post-attack categorization of whether a given fault is more likely the result of an infected embedded hardware or software component (i.e., cyber attack) or a natural failure. In this paper we present these key elements of the System-Aware Cyber Security architecture and show, including an application example, how they can be integrated to mitigate the risks of insider and supply chain attacks. In addition, this paper outlines an initial vision for a security analysis framework to compare alternative System-Aware security architectures. Finally, we summarize future research that is necessary to facilitate implementation across additional domains critical to the nation's interest.
Kapersky Labs. (2012, February 22). DDoS attacks in H2 2011. Retrieved from https://www.securelist.com/en/analysis/204792221/DDoS_attacks_in_H2_2011
Detailed analysis of high-profile DDoS attacks that occured in the second half of 2012.
McAfee. (2012, February). McAfee threats report: Fourth quarter 2011. Retrieved from http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q4-2011.pdf
The final quarter of 2011 was one of significant ups and downs in the global threat landscape. The quarter serves as a microcosm for the entire year: 2011 delivered some of the most noteworthy events we have seen to date. High-profile attacks such as Duqu1 and the rise of Anonymous-centric hacktivism made 2011 a truly challenging year for the security business. The increasing attention on industrial control systems mated with growing hacktivist activities could lead to turbulent times in 2012. Looking back at the quarter several things jumped out. Growth in almost all areas of malware and spam declined, with the exception of mobile-based malware. Mobile malware rose during the quarter and recorded its busiest year to date. Android, once again, was the clear choice for malware writers. And although the release of new malware slowed, the total malware we’ve captured still managed to break the 75 million mark, a figure we predicted late in 2011.
McDermott, R. (2012, February). Emotion and security. Communications of the ACM, 55(2), 35-37. [Full text available in the ACM Digital Library database.]
Have you ever tried to convince someone to love you? Or has anyone ever tried to convince you to love them? A person can present the most logical and irrefutable arguments in the world about how well suited you are, how well you get along, how many critical values you share, and how complementary your interests and skills appear. The arguments may even be true. But the problem is you just don't feel it, so no amount of logic ever seems to overcome the lack of emotion. Conversely, if you feel the love, no amount of rational calculation can dissuade you, as the high divorce rate attests. Security is like that as well. There is a reality to it. But there is also a feeling, right or wrong, that undergirds it as well. And those emotions are susceptible to manipulation, both strategic and accidental.
Norton, Q. (2012, February 17). Anonymous promises regularly scheduled Friday attacks. Wired. Retrieved from http://www.wired.com/threatlevel/2012/02/anonymous-friday-attacks/
Anonymous, a group not known for discipline, is giving itself a weekly deadline, a new attack every Friday. Following the Tuesday compromise of the website of tear gas maker Combined Systems, Inc., the Antisec wing of Anonymous struck a Federal Trade Commission webserver which hosts three FTC websites, business.ftc.gov, consumer.gov and ncpw.gov, the National Consumer Protection Week partnership website. “We are already sitting on dozens of unreleased targets,” said an Antisec anon, who went on to describe an inventory of already compromised servers that could fill five months or more of #FFF releases. “Yes, each and every Friday we will be launching attacks… with the specific purpose of wiping as many corrupt corporate and government systems off our internet,” the anon continued.
Polunchenko, A. S., Tartakovsky, A. G., & Mukhopadhyay, N. (2012). Near-optimal change point detection with an application to cybersecurity [preprint]. Retrieved from http://arxiv.org/abs/1202.2849
We address the sequential change-point detection problem for the Gaussian model where baseline distribution is Gaussian with variance \sigma^2 and mean \mu such that \sigma^2=a\mu, where a>0 is a known constant; the change is in \mu from one known value to another. First, we carry out a comparative performance analysis of four detection procedures: the CUSUM procedure, the Shiryaev-Roberts (SR) procedure, and two its modifications - the Shiryaev-Roberts-Pollak and Shiryaev-Roberts-r procedures. The performance is benchmarked via Pollak's maximal average delay to detection and Shiryaev's stationary average delay to detection, each subject to a fixed average run length to false alarm. The analysis shows that in practically interesting cases the accuracy of asymptotic approximations is "reasonable" to "excellent". We also consider an application of change-point detection to cybersecurity - for rapid anomaly detection in computer networks. Using real network data we show that statistically traffic's intensity can be well-described by the proposed Gaussian model with \sigma^2=a\mu instead of the traditional Poisson model, which requires \sigma^2=\mu. By successively devising the SR and CUSUM procedures to "catch" a low-contrast network anomaly (caused by an ICMP reflector attack), we then show that the SR rule is quicker. We conclude that the SR procedure is a better cyber "watch dog" than the popular CUSUM procedure.
Souppaya, M., & Scarfone, K. (2012, February). Guidelines for securing wireless local area networks (WLANs): Recommendations of the National Institutes of Standards and Technology (NIST Special Publication 800-153). Retrieved from http://csrc.nist.gov/publications/nistpubs/800-153/sp800-153.pdf
The purpose of this publication is to provide organizations with recommendations for improving the security configuration and monitoring of their IEEE 802.11 wireless local area networks (WLANs) and their devices connecting to those networks. Recommendations . . . cover topics such as standardized WLAN security configurations, dual connected WLAN client devices, and security assessments and continuous monitoring.