Archive for April, 2012

‘Stand Your Cyberground’ Law: A Novel Proposal for Digital Security

From: The Atlantic

by Patrick Lin

Though problematic, authorizing industry victims to counterattack may prove a good stop-gap measure to remove the political risk of government intervention while still creating deterrence.

With the Cyber Intelligence Sharing and Protection Act (CISPA), we’re in a political tug-of-war over who should lead the security of our digital borders: should it be a civilian organization such as the Department of Homeland Security (DHS), or a military organization such as the Department of Defense (DoD)? I want to suggest a third option that government need not be involved–a solution that would avoid very difficult issues related to international humanitarian law (IHL) and therefore reduce the risk of an accidental cyberwar or worse. This option models itself on the (admittedly controversial) “Stand Your Ground” law that’s rooted in our basic right to self-defense, and it authorizes counter-cyberattacks by private companies, which have been the main victims of harmful cyberactivities by foreign actors to date.

Waging war against cyber threats

By Deborah M. Todd / Pittsburgh Post-Gazette

As U.S. government officials weigh the balance between individual privacy and a true public/private partnership against cybercrime, a Pittsburgh nonprofit dedicated to the fight again cyber-crooks has added a new member from the United Kingdom.

The National Cyber-Forensics & Training Alliance, a South Oakland-based nonprofit that uses public and private sector experts to help address cyber-crimes, announced Thursday that it has added the U.K.’s Serious Organised Crime Agency to its list of international partners. SOCA, considered the U.K. equivalent to the FBI, handles cases dealing with class A drugs, human trafficking, major gun crimes, fraud, money laundering and computer crime.

Cyber security message aimed at China


The extension of the ANZUS alliance into cyberspace in 2011 was aimed at cyber attacks from China, a new study says.

The Australia-US Ministerial (AUSMIN) meeting in San Francisco last September agreed to extend the ANZUS alliance into cyberspace, to address the threat of cyber attacks.

Under these new arrangements, Australia and the US will consult and determine appropriate options to address the threat of any cyber-attack that threatened the territorial integrity, political independence or security of either nation.

But just how that would work remains unclear, said Australian Strategic Policy Institute (ASPI) analyst Andrew Davies in one of a series of papers on the Australia-US cybersecurity agreement.

Chinese Espionage: The Risks Within U.S. Companies

From: Forbes

Peter J. Toren is a partner with Weisbrod, Matteis & Copley in Washington, D.C. Formerly a federal prosecutor with the Computer Crime & Intellectual Property Section of the Justice Department, he is also the author of Intellectual Property & Computer Crimes.

Over the past several months, Congress has heard from a slew of witnesses who have testified about the threat posed by foreign computer hackers, particularly from China, who penetrate U.S. companies’ computers and steal valuable data and intellectual property. FBI Director Robert Mueller testified that hacking could soon replace terrorism as the FBI’s primary concern. Gen. Keith Alexander, head of the military’s Cyber Command, characterized the losses caused by cybertheft as “the greatest transfer of wealth in history.”

National Initiative For Cybersecurity Education (NICE)

Cybersecurity education is essential for national security.  In response to this need, NICE has been established.  As NIST explains,

The National Initiative for Cybersecurity Education (NICE) has evolved from the Comprehensive National Cybersecurity Initiative, and extends its scope beyond the federal workplace to include civilians and students in kindergarten through post-graduate school. The goal of NICE is to establish an operational, sustainable and continually improving cybersecurity education program for the nation to use sound cyber practices that will enhance the nation’s security. 

Security Breaches Costing UK Billions

From: ITProPortal

70 per cent of large businesses hacked in the last year

The latest piece of research on security breaches in the UK highlights a number of alarming points, including the fact that one in seven large organisations has been hacked in the last year.

The 2012 Information Security Breaches Survey, authored by PwC in conjunction with Infosecurity Europe, questioned 447 UK businesses.

The figure of 70 per cent of companies having detected hackers within their systems is a record high since the survey began two decades ago.

Interview with SANS’ Ed Skoudis: America losing the cybersecurity war to hackers

From: ComputerWorld

As much as we don’t like to hear about it, America is not winning the cyberwar. Malicious hackers are winning and China has penetrated “every major U.S. company.” But there are elite cyber warriors who protect the world from cybercrime and the USA desperately needs more Cyber Guardians. In advance of the second annual Cyber Guardian information security training event in Baltimore next week, April 30 – May 7, 2012, I had an opportunity to interview Ed Skoudis about the SANS Cyber Guardian program.

DHS: Mike Locatis Named Assistant Secretary for Cybersecurity and Communications

From: DHS

By Mark Weatherford, Deputy Under Secretary for Cybersecurity

DHS today announced the appointment of Michael W. Locatis III as the new Assistant Secretary for Cybersecurity and Communications (CS&C) at the National Protection and Programs Directorate. Mike brings a wealth of experience in information management, cybersecurity and public safety communications at all levels of government. In his new role, Mike will work collaboratively with public, private and international partners to ensure a safe and secure cyberspace with a focus on protecting federal and critical infrastructure networks. Mike and his team will also coordinate and provide support for a resilient communications system for federal, state, local, tribal and territorial governments and critical infrastructure personnel.

Estonia Invites Japan to Join NATO’s Cyber Security Efforts

From: RIA Novosti

Estonia has urged Japan to deepen its collaboration with NATO on cyber defense and to take part in joint cyber defense exercises, the Estonian Defense Ministry said.

Estonia’s Permanent Secretary of the Ministry of Defense Mikk Marran, who is on a visit to Japan, met on Monday with Japan’s Vice Minister of Defense Hironori Kanazawa. The sides discussed various issues of military cooperation between Japan and NATO-member Estonia, focusing on cyber security.

“The structure of the Estonian and Japanese agencies involved in cyber defense is very similar; however, contacts between Estonian and Japanese cyber specialists to date have been few,” Marran said, inviting Japan to contribute to the work of NATO’s Cyber Defense Centre in Tallinn.

Hacktivism at risk as hackers turn on each other

Editor’s Note:  The notion that criminals have “credibility” to lose or any legitimacy whatsoever is absurd.

From: Sidney Morning Herald

A spate of hacking tools infected with malicious software, or malware, threatens to destroy the credibility of the growing hacktivist movement, writes Adam Turner.

Warnings from prominent members of the hacktivist group Anonymous not to trust hacking tools released under the group’s name serve as a timely warning for would-be hacktivists, warn online security experts.