Archive for January, 2013

Critical infrastructure security: Electric industry shows the path

From: SearchSecurity

Bob Violino

The U.S. government must do more to regulate cybersecurity practices, particularly in industries that own or operate critical infrastructure, said Brian Zimmet, a partner with law firm Venable LLP, which focuses on regulation and restructuring issues for electric utilities.

Zimmet believes owners and operators of such infrastructure, such as oil and gas pipelines, chemical refineries, transportation systems, financial institutions, hospitals, nuclear reactors, dams and agricultural infrastructure, will likely see more government oversight of their cybersecurity practices in the coming years. And there’s an obvious place to look for clues to what those changes may look like.

Estonia’s DM Stresses EU-NATO Cyber Cooperation

From: Defense News


BRUSSELS — Estonian Defense Minister Urmas Reinsalu strongly supported EU-NATO cyber defense cooperation at the Jan. 30 Global Cyber Security Conference here.

Noting that NATO had agreed on a policy in 2011 and the EU is about to come up with a cybersecurity strategy, he said it would be “unreasonable to duplicate efforts,” and called for a strategic-level vision of goals and measures.

Possible actions could include EU-NATO exchanges on standards and regulations plus cyber defense pooling and sharing, for example, in relation to cyber incident management. Joint platforms for cybersecurity exercises also could be explored, he said.

Data Security for Lawyers Traveling to China

From: Corporate Counsel

By Alan Cohen

For Western lawyers  working in China, doing business can require a curious combination of legal skills and 007-like stealth. Leave your laptop in your hotel room? Expect it to be searched. Call up a website to check the weather? You might load code that pulls data off your hard disk. Does your PC weigh more than it did when you left the States? That could be a homing device, implanted on the sly and now transmitting information about the merger your client is planning. It might sound like stuff from a James Bond movie. But the threats are real, say law firm technology chiefs—and worrisome.


From: Politico

The FTC chairman will receive a letter from Consumer Watchdog’s John Simpson today, calling for the agency to endorse legislation on a comprehensive “Do Not Track” standard. From the message: “You and your colleagues opted to rely on a self-regulatory process to implement Do Not Track, but alluded to the possibility of legislation if that process failed. Not surprisingly the self-regulatory effort to design Do Not Track is virtually dead in the water.” Simpson says enough is enough and wants to pull the plug on the W3C process. Read the full letter here:

FERMA Cites Survey Highlighting Company Neglect of Cyber Risks

From: Insurance Journal

“Many companies still do not devote sufficient attention to cyber risks, despite an increase in frequency, scope, and sophistication – and harsher penalties for lack of regulatory compliance and loss of sensitive data.” That’s the conclusion from research conducted in association with the Federation of European Risk Management Associations (FERMA) by Harvard Business Review (HBR) Analytic Services, corporate insurer Zurich and the public sector risk management organization PRIMO.

FERMA board member Julia Graham, who led FERMA’s participation in the project,  pointed out: “Too often I have seen well embedded principles and practices associated with risk management and risk financing discarded when the subjects of information security and specifically cyber security are considered.”

Oil and gas infrastructure cybersecurity spending to increase

From: Help Net Security

As a highly critical sector, the oil and gas infrastructure should be one of the most secure, both physically and digitally. This is not the case.

A multi-billion dollar industry, trading one of the most valuable commodities on the market, is connecting its industrial control systems full of unpatched vulnerabilities to the Internet, where cybercriminals roam in all impunity.
These systems are poorly protected against cyber threats – at best, they are secured with IT solutions which are ill-adapted to legacy control systems such as SCADA.

Russian authorities step up cybersecurity

From: Russia & India Report

Vitaly Petlevoi

The Kremlin is going to establish a state system to detect, prevent and respond to cyberattacks. Experts argue that the decree paves the way for a new cybersecurity business niche.

Russian president Vladimir Puitn authorized the Federal Security Service (FSB) to oversee the system, which is supposed to ensure the security of the informational infrastructure in Russia and in its diplomatic offices abroad, provide “situation forecasts,” render information resources virtually immune to attacks and identify the reasons behind attacks.

Doing evil with data: a beginner’s guide

From: FierceBigData

Why choose evil? It is not only much more fun, you get paid a lot more.

By Tim McElligott

The concept of evil has been co-opted by spiritualists and makers of horror  films to represent something otherworldly, an amoral force impressing its will  from beyond. But evil is often simply a choice. It is a choice among humans  deciding how they want to wield a new-found power or advantage. Big data  presents such an advantage and there will be those who choose to use it for  public and private benefit, and those who purposely choose to apply it in ways  that harm others and benefit only themselves.

Tim Berners-Lee calls data retention a ‘really, really bad idea’


Web inventor warns against Australian Government proposal.

Sir Tim Berners-Lee has warned against the Australian Government’s proposal to store individuals’ web browsing data, describing the scheme as one fraught with massive danger.

The proposal, spearheaded by Attorney-General Nicola Roxon, would require Australian internet service providers to retain communications data for up to two years.

It was pitched as a way of addressing authorities’ “eroding” ability to access communications data in investigations, as more conversations take place over VoIP and social media.

Google, Security Researcher Outline Data Privacy Protections


By Jennifer LeClaire

David Drummond, Google’s chief legal officer, said Google requires that government agencies conducting criminal investigations use a search warrant to compel the company to provide a user’s search query information and private content stored in a Google account, such as Gmail messages, documents, photos and YouTube videos.

It’s Data Privacy Day, a day when the world seeks to draw attention to how important it is to preserve online privacy and security. Google took the opportunity to share how it deals with government requests for user data Relevant Products/Services.