National Cybersecurity
Clapper, J. R. (2012, January 31).
Unclassified statement for the record on the worldwide threat
assessment of the U.S. intelligence community for the Senate Select
Committee on Intelligence. Retrieved from http://intelligence.senate.gov/120131/clapper.pdf
Statement from the Director of National Intelligence in the 1/31/12 hearing "Current and Projected National Security Threats" [video].
Critical infrastructure firms woefully short on cybersecurity spending (2012, February 2). Infosecurity. Retrieved from http://www.infosecurity-magazine.com/view/23625/critical-infrastructure-firms-woefully-short-on-cybersecurity-spending/
US critical infrastructure companies would
need to spend nine times more on cybersecurity in order to prevent a
surprise digital assault, according to a new report by Bloomberg
Government and the Ponemon Institute.
The 172 US critical infrastructure organizations surveyed in the study
said that they currently spend $5.3 billion on cybersecurity. They
estimated that they would have to spend $46.6 billion over the next 12
to 18 months to reach a level of security where they could stop 95% of
cyberattacks.
House panel approves critical infrastructure cybersecurity bill. (2012, February 12). Infosecurity. Retrieved from http://www.infosecurity-magazine.com/view/23644/house-panel-approves-critical-infrastructure-cybersecurity-bill/
A US House panel has approved legislation that
would encourage critical infrastructure companies to adopt
cybersecurity best practices and would give the Department of Homeland
Security (DHS) responsibility for safeguarding critical infrastructure
cybersecurity.
The Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness (PRECISE) Act,
introduced by Rep. Dan Lungren (R-Calif.) and Rep. Peter King (R-N.Y.),
would require DHS to conduct an evaluation of cybersecurity risks to
critical infrastructure and determine the best mitigation methods.
Global Cybersecurity
& broadly applicable items
& broadly applicable items
Bachman, S. (2012). Hybrid threats, cyber warfare and NATO’s comprehensive approach for countering 21st century threats – mapping the new frontier of global risk and security management. Amicus Curiae, 88 (in press). Retrieved from http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1989808
Multimodal,
low intensity, kinetic as well as non-kinetic threats to international
peace and security including cyber war, low intensity asymmetric
conflict scenarios, global terrorism, piracy, transnational organized
crime, demographic challenges, resources security, retrenchment from
globalization and the proliferation of weapons of mass destruction were
identified by NATO as so called "Hybrid Threats" . . . This short article introduces the reader to a
new form of global threat scenario and the possibilities of response
and deterrence within their wider legal and political context.
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012, January). Computer security incident handling guide (draft 2): Recommendations of the National Institute of Standards and Technology (Special Publication 800-61). Retrieved from http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf
This publication seeks to help both established and newly formed incident response teams. This publication assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively. This revision of the publication, Revision 2, updates material throughout the publication to reflect the changes in threats and incidents. Unlike most threats several years ago, which tended to be short-lived and easy to notice, many of today’s threats are more stealthy, specifically designed to quietly, slowly spread to other hosts, gathering information over extended periods of time and eventually leading to exfiltration of sensitive data and other negative impacts. Identifying these threats in their early stages is key to preventing subsequent compromises, and sharing information among organizations regarding the signs of these threats is an increasingly effective way to identify them.
Don't trust satellite phones - the GMR-1 and GMR-2 ciphers have been broken. (2012, February 12). Cryptanalysis. Retrieved from http://cryptanalysis.eu/blog/2012/02/02/dont-trust-satellite-phones-the-gmr-1-and-gmr-2-ciphers-have-been-broken/
Analysis of the reverse engineering and breaking of the ciphers used in many satellite phone systems by Ruhr Universität Bochum researchers Benedikt Driessen and Ralf Hund. [More from Infosecurity.]
Geers, K. (2012). Strategic cyber defense - which way forward? Journal of Homeland Security and Emergency Management, 9(1), 1-10. Retrieved from http://www.ccdcoe.org/articles/2012/Geers_StrategicCyberDefense.pdf
Cyber security has evolved from a technical discipline to a strategic, geopolitical
concept. The question for national security thinkers today is not how to protect
one or even a thousand computers, but millions, including the “cyberspace”
around them. Strategic challenges require strategic solutions. This article considers four nation-state approaches to cyber attack mitigation.
Grauman, B. (2012, January 30). Cyber-security - the vexed question of global rules: An independent report on cyber-preparedness around the world. Retrieved from http://www.mcafee.com/us/resources/reports/rp-sda-cyber-security.pdf
This report is published as part of the Security & Defence Agenda's (SDA) cyber-security initiative. It is intended as a snapshot of current thinking around the world on the policy issues still to be resolved, and will form the basis of SDA debates and future research during 2012. [Related article from Government Security News.]
Menn, J. (2012, February 2). Key internet operator VeriSign hit by hackers. Reuters. Retrieved from http://www.reuters.com/article/2012/02/02/us-hacking-verisign-idUSTRE8110Z820120202
VeriSign Inc, the
company in charge of delivering people safely to more than half the
world's websites, has been hacked repeatedly by outsiders who stole
undisclosed information from the leading Internet infrastructure
company. The previously unreported
breaches occurred in 2010 at the Reston, Virginia-based company, which
is ultimately responsible for the integrity of Web addresses ending in
.com, .net and .gov
Upcoming webcast: Sachs, M. H. (2012, February 15). Top 10 tips to protect your organization from cyber attacks. Retrieved from http://msisac.cisecurity.org/webcast/2012-02/index.cfm
Multi-state Information Analysis and Awareness Center sponsored talk by Verizon's Vice President of National Security Policy. Free registration is required.
Stuttard, D., & Pinto, M. (2012). The web application hacker's handbook: Finding and exploiting security flaws (2nd ed.). Hoboken, NJ: John Wiley & Sons. [E-book available in the Books 24x7 database.]
Containing the most current attack
techniques and countermeasures, this practical book discusses the latest
step-by-step methods for attacking and defending the range of
ever-evolving web applications.
