Tag Archives: cybersecurity

Another hub in the cybersecurity Network

Former Washington Gov. Gary Locke is slated to be appointed Secretary of Commerce:

Experience in technology policy will also be important for the next commerce secretary, Cantwell said, since he will have to appoint the next director of the National Institute of Standards and Technology, oversee the U.S. Patent and Trademark Office, and provide leadership on issues like cybersecurity.

The National Institute of Standards and Technology (NIST) does important stuff — like set standards and prescriptions such as the new guide on maintaining data security while teleworking.  This riveting 46 page how to is written in “broad language in order to be helpful to any group that engages in telework. (see NIST release)”

In the executive summary you will find the important steps any individual should take before connecting at home or at the local cafe.

  • Before implementing any of the recommendations or suggestions in the guide, users should back up all data and verify the validity of the backups. Readers with little or no experience configuring personal computers, consumer devices, or home networks should seek assistance in applying the recommendations. Every telework device’s existing configuration and environment is unique, so changing its configuration could have unforeseen consequences, including loss of data and loss of device or application functionality.
  • Before teleworking, users should understand not only their organization’s policies and requirements, but also appropriate ways of protecting the organization’s information that they may access.
  • Teleworkers should ensure that all the devices on their wired and wireless home networks are properly secured, as well as the home networks themselves.
  • Teleworkers who use their own desktop or laptop PCs for telework should secure their operating systems and primary applications.
  • Teleworkers who use their own consumer devices for telework should secure them based on the security recommendations from the devices’ manufacturers.
  • Teleworkers should consider the security state of a third-party device before using it for telework.

Each of the steps are reasonable — but who will invest the resources required to make those steps effective?

Standards are being published and have been published for some time.  Yet, breaches continue to occur.  So, is the current status of policy and policy outcomes optimal or do we need to create another paradigm for cybersecurity?

Advertisements

Leave a comment

Filed under broadband, cybersecurity, electronic medical records, federal cyber security, Policy

Darwinian View to Cybersecurity

Interesting….

Take A Darwinian Approach To A Dangerous World: Ecologist Preaches ‘Natural’ Security For Homeland Defense

ScienceDaily (2009-02-23) — Global society is undergoing rapid political and socioeconomic changes, to which our security measures must adapt. Fortunately, we’re surrounded by millions of examples of security measures from nature that do just that.

Leave a comment

Filed under Uncategorized

CyberSecurity Updates

Univ Florida – breach – 97,000 id’s

Norton unveils product to help parents manage children’s access to the web.  Has the market done what Government could not?

Citing a Rochester Institute of Technology study that found a huge gap between the percentage of parents versus children who report no online supervision, Symantec says that Online Family is intended to bridge that gap by “fostering communication” between parents and their kids. According to the RIT study, only 7 percent of parents think their children have no online supervision, while 66 percent of kids think they go unsupervised.

Perhaps this tool will alleviate this columnist’s fears (tip to Parry Aftab ) regarding making wireless available throught the house:

It’s not a matter of trust. It’s about trying to be a responsible online parent by keeping cyber-dangers away from vulnerable kids.

However, no matter how weak the signal, Mayhem Manor will have to keep logs for two years of all who access the internet should these proposals become law— primarily for law enforcement to help protect children from predators, the authors say:

“While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children,” U.S. Sen. John Cornyn, a Texas Republican, said at a press conference on Thursday. “Keeping our children safe requires cooperation on the local, state, federal, and family level.”

However, it seems that the Recording Industry, Motion Picture Industry, and publishers are salivating over this prospect to provide them names, instead of John Does, to occupy the banners of their lawsuits:

So would individuals and companies bringing civil lawsuits, including the Recording Industry Association of America and other large copyright holders, many of which have lobbied for similar data retention laws in other countries.

When filing lawsuits over suspected online piracy, lawyers for the RIAA and other plaintiffs typically have an Internet Protocol address they hope to link with someone’s identity. But if the network operator doesn’t retain the logs, the lawsuit can be derailed.

Leave a comment

Filed under cybersecurity, policy tools, public failure, Uncategorized

Cyber Threats – A known surprise

Evidently, according to a Defense Science Board study, the Pentagon needs to address institutional change to deal with the new threat environment.  Interesting categorization of surpises as “surprise” surprises and “known” surprisies.

According to this report:

Among the “known surprises” are threats in the cyber realm, space and nuclear regimes. The study’s authors conclude that the US has made a start in dealing with the cyber threat “but we still have a large, difficult and costly way to go.” To mitigate those risks the chairman of the Joint Chiefs must initiate a series of exercises to gauge “what and how deep our vulnerabilities are.” Also, the services and combatant commands must improve the ability of critical information systems to resist attack.

so, where are the thought leaders on weaponizing cyber capabilities?

Of interest as a research target for lowering cyber risk: OR Applications for ISR

http://www.acq.osd.mil/dsb/reports/2009-01-Operations_Research.pdf

Leave a comment

Filed under cybersecurity

Intelligence ln Sentiment

How much easier would it be to manage risk in an organization if you were able to divine the mood of the staff?  Robert Scoble has this interesting comment from his talk with

**Facebook is, he told me, studying “sentiment” behavior. It hasn’t yet used that research in its public service yet, but is looking to figure out if people are having a good day or bad day. He said that already his teams are able to sense when nasty news, like stock prices are headed down, is underway. He also told me that the sentiment engine notices a lot of “going out” kinds of messages on Friday afternoon and then notices a lot of “hungover” messages on Saturday morning. He’s not sure where that research will lead. We talked about how sentiment analysis might lead to a new kind of news display in Facebook. Knowing whether a story is positive or negative would let Facebook pick a good selection of both kinds of news, or maybe even let you choose whether you want to see only “happy” news

Leave a comment

Filed under cybersecurity

Cybersecurity – Patriotism doesn’t always defend

Securityfix presents interesting analysis concerning conficker — seems the creators don’t mind soiling their native lands.

According to an analysis by Microsoft engineers, the original version of the Downadup (a.k.a. “Conficker”) worm will quit the installation process if the malware detects the host system is configured with a Ukrainian keyboard layout. However, the latest variant has no such restriction. Stats collected by Finnish computer security firm F-Secure show that Russia and Ukraine had the second and fifth-largest number of victims from the worm, 139,934 and 63,939, respectively, as of Tuesday, Jan. 20.

Leave a comment

Filed under cybersecurity

Cybersecurity – Market Failure or Public Values Failure or both?

The Center for Strategic and International Studies is delivering a report, “Securing CyberSpace for the 44th President,” which notes, among other things, :

“We believe that cyberspace cannot be secured without regulation,”

The report, which offers guidance to the Obama administration, is a strong indictment of government and private industry efforts to secure cyberspace to date. “The laissez-faire approach to cyber-security has failed,” Mr. Kellermann said.

So, the commission concludes the market has failed to secure cyberspace.  And, it has also concluded that current government policy has failed to secure cyberspace.

In the intro, the report reads:

We advocate a new approach to regulature that avoids both prescriptive mandates, which could add unnecessary costs and stifle innovation, and overreliance on market forces, which are ill-equipped to meet public safety and national security requirements.

So, we have reasons why the market fails with regards to cybersecurity.

Not surprisingly, DHS is defending itself against the Commissions’ criticism of how cybersecurity has been managed.

“To be fair, we are undertaking something not unlike the Manhattan Project,” Keehner said. “Billions of dollars are going into this effort. We’re the first to admit there is more work to be done, but the progress that we have made should not be discounted.”

For further reading — see presentations made at CSIS event called

Improving Cybersecurity : Recommendations from Private Sector Experts

Leave a comment

Filed under cybersecurity, Market Failure, Policy