Archive for December, 2012

Subsidize private-sector cyber-security, study says

From: Ottawa Citizen

CSIS paper proposes helping protect critical infrastructure

By Jordan Press

The federal government should consider subsidizing IT security for businesses across the country in the name of national security, suggests a research paper from Canada’s spy agency.

The paper written for the Canadian Security Intelligence Service in March and posted online recently, makes the suggestion that to secure the networks running the country’s critical infrastructure, such as electricity grids and transport systems, the government could provide cash to companies to help them harden their defences against cyber-attacks.

Cyber defense techniques adopted in Iran’s ongoing naval drills

From: Xinhua

TEHRAN, Dec. 30 (Xinhua) — Iranian commander Rear Admiral Amir Rastegari said Sunday that Iran adopted cyber defense techniques and conducted coastal defense against hypothetical enemy forces on the third day of ongoing naval military exercises, Press TV reported.

On Friday, Iranian navy launched a six-day massive drill in its southern waters. The naval drills, dubbed Velayat 91, or Guardianship 91, are being carried out in the Strait of Hormuz, the Sea of Oman, the north of the Indian Ocean, the Gulf of Aden and the Bab-el-Mandeb Strait.

2012 & Beyond: Debate Over Online Privacy Legislation Continues

From: The Epoch Times

Two key pieces of legislation killed in Congress in 2012 will likely return full force in 2013—bringing with them fresh debates regarding online privacy.

The Stop Online Piracy Act (H.R. 3261), introduced by Rep. Lamar Smith (R-Tex.), which intended to end online piracy by blocking websites accused of copyright infringement, was shot down in January over concerns that its reach was too broad. However, according to leading First Amendment expert Floyd Abrams, the bill would have given the government better means to protect the intellectual property of Americans.

Oman leads cyber security strategy

From: Times of Oman

Muscat: The role of regional cooperation is pivotal in promoting and ensuring cyber security, experts opined unanimously, at a conference. The Organisation of Islamic Cooperation (OIC), Computer Emergency Response Team’s  annual conference called for regional alliances for possible partnerships and collaborations.

The conference was hosted by the Information Technology Authority’s (ITA), represented by the National Computer Emergency Readiness Team (OCERT).The one-day conference was held under the patronage of Dr. Abdullah bin Mohammed Al Saidi, Minister of Legal Affairs, with the presence of Ali bin Masoud Al Sunaidy, Chairman of the Board of ITA, Dr Salim Sultan Al Ruzaiqi, CEO of ITA, and delegates from more than 55 countries.

The EU’s Cloud Computing Initiative

Article by Loeb & Loeb LLP’s Advanced Media and Technology Group

The European Commission, in its communication titled “Unleashing the Potential of Cloud Computing in Europe,” recently announced a new strategy for cloud computing in the EU. According to the statement released by the EC, the strategy is designed to accelerate and increase the use of cloud computing across EU businesses and the public sector, and would result in the creation of 2.5 million new jobs and add an estimated 160 billion euros to the EU gross domestic product by 2020. The proposal aims to bring cloud computing services in line with the existing EU requirements for consumer privacy and personal data security under the EU’s Data Protection Directive and to encourage the adoption of the proposed revisions to those requirements, in order to address individuals’ concerns about the security of their personal data online – especially in the cloud.

Rethinking IT Security Architecture: Experts Question Wisdom Of Current ‘Layered’ Cyberdefense Strategies

From: Dark Reading

As attacks become more sophisticated and breaches abound, it’s time for enterprises to change their cybersecurity thinking from the ground up, experts say

By Tim Wilson

Layered security. Security integration. Defense in depth. For years now, cybersecurity professionals and vendors have been preaching sermons on the merits of an enterprise security strategy that mixes a variety of tools and technologies to create a complex barrier that hackers can’t penetrate. “Layered security” has become as much a part of industry parlance as authentication or encryption.

There’s just one problem: It isn’t working.

Enterprises Starved for Security Threat Data to Justify Budget Hikes

From: eWeek

By Robert Lemos

The vast majority of businesses use publicly released threat reports to create their security strategy and need better data, according to a survey by one security firm.

Looking to design their security strategies for the coming year, companies overwhelmingly make use of the annual threat reports compiled by security and Internet-service firms, research has found.

Nearly seven out of every eight companies use the global threat reports created by firms such as McAfee, Microsoft, Symantec and Verizonto guide their security strategies, according to a survey, conducted by security-services firm Solutionary.

Experts speak of a critically low safety of industrial IT systems

Editor’s Note:  Translation courtesy of CRE.

From: Cybersecurity.ru

Experts in IT security say that vulnerabilities in industrial complexes to control the equipment continues to be one of the weakest links in the security industry. Among Exodus Intelligence said that as part of their latest research specialists have found more than two dozen new vulnerabilities in the currently used SCADA-systems from different manufacturers. Today in Exodus say they will not provide specific information, as almost any of the problems manufacturers are not eliminated.

Union Government Decided Setting up 5-Year Project for Cyber Security of Critical Sectors (India)

From: Jagran Josh

The union government decided to set up five-year project for restoring the overall cyber security structure of critical sectors of India. This was decided in light of increasing number of cyber attacks as well as security threats that the Internet offers. In 2011, India suffered 13000 cyber incidents.

National Critical Information Infrastructure Protection Centre (NCIIPC) is responsible for the project. It is the nodal agency which is responsible for coordinating the cyber security operations related to critical infrastructures in India. NCIIPC prepared its 5-year plan for refurbishing as well as integrating the structure of cyber security in all critical structures like defence, telecommunication, transportation, power and water.

Attack cyber enemies before they attack us, says public

From: The Telegraph

Two in three people believe Britain should draw first blood in the cyber war and attack state or rogue hackers before they target this country.

By Tom Whitehead, Security Editor

The majority of the public believe pre-emptive strikes are justified if enemy states or hi-tech criminals pose a threat to national security.

Earlier this year, a committee of MPs and peers said Britain should declare cyber war on those who target the country through aggressive retaliatory strikes to destroy their operations.